ソースを参照

documentation: Add rule action

世界 11 ヶ月 前
コミット
0f7ffeed5c

+ 29 - 19
docs/configuration/dns/rule.md

@@ -2,6 +2,14 @@
 icon: material/new-box
 ---
 
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [action](#action)  
+    :material-alert: [server](#server)  
+    :material-alert: [disable_cache](#disable_cache)  
+    :material-alert: [rewrite_ttl](#rewrite_ttl)  
+    :material-alert: [client_subnet](#client_subnet)
+
 !!! quote "Changes in sing-box 1.10.0"
 
     :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)  
@@ -14,7 +22,7 @@ icon: material/new-box
     :material-plus: [geoip](#geoip)  
     :material-plus: [ip_cidr](#ip_cidr)  
     :material-plus: [ip_is_private](#ip_is_private)  
-    :material-plus: [client_subnet](#client_subnet)
+    :material-plus: [client_subnet](#client_subnet)  
     :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
 
 !!! quote "Changes in sing-box 1.8.0"
@@ -135,19 +143,15 @@ icon: material/new-box
         "outbound": [
           "direct"
         ],
-        "server": "local",
-        "disable_cache": false,
-        "rewrite_ttl": 100,
-        "client_subnet": "127.0.0.1/24"
+        "action": "route",
+        "server": "local"
       },
       {
         "type": "logical",
         "mode": "and",
         "rules": [],
-        "server": "local",
-        "disable_cache": false,
-        "rewrite_ttl": 100,
-        "client_subnet": "127.0.0.1/24"
+        "action": "route",
+        "server": "local"
       }
     ]
   }
@@ -354,29 +358,35 @@ Match outbound.
 
 `any` can be used as a value to match any outbound.
 
-#### server
+#### action
 
 ==Required==
 
-Tag of the target dns server.
+See [DNS Rule Actions](../rule_action/) for details.
+
+#### server
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Moved to [DNS Rule Action](../rule_action#route).
 
 #### disable_cache
 
-Disable cache and save cache in this query.
+!!! failure "Deprecated in sing-box 1.11.0"
 
-#### rewrite_ttl
+    Moved to [DNS Rule Action](../rule_action#route).
 
-Rewrite TTL in DNS responses.
+#### rewrite_ttl
 
-#### client_subnet
+!!! failure "Deprecated in sing-box 1.11.0"
 
-!!! question "Since sing-box 1.9.0"
+    Moved to [DNS Rule Action](../rule_action#route).
 
-Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
+#### client_subnet
 
-If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
+!!! failure "Deprecated in sing-box 1.11.0"
 
-Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
+    Moved to [DNS Rule Action](../rule_action#route).
 
 ### Address Filter Fields
 

+ 1 - 1
docs/configuration/dns/rule.zh.md

@@ -14,7 +14,7 @@ icon: material/new-box
     :material-plus: [geoip](#geoip)  
     :material-plus: [ip_cidr](#ip_cidr)  
     :material-plus: [ip_is_private](#ip_is_private)  
-    :material-plus: [client_subnet](#client_subnet)
+    :material-plus: [client_subnet](#client_subnet)  
     :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
 
 !!! quote "sing-box 1.8.0 中的更改"

+ 85 - 0
docs/configuration/dns/rule_action.md

@@ -0,0 +1,85 @@
+---
+icon: material/new-box
+---
+
+# DNS Rule Action
+
+!!! question "Since sing-box 1.11.0"
+
+### route
+
+```json
+{
+  "action": "route",  // default
+  "server": "",
+  
+  // for compatibility
+  "disable_cache": false,
+  "rewrite_ttl": 0,
+  "client_subnet": null
+}
+```
+
+`route` inherits the classic rule behavior of routing DNS requests to the specified server.
+
+#### server
+
+==Required==
+
+Tag of target server.
+
+#### disable_cache/rewrite_ttl/client_subnet
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Legacy route options is deprecated and will be removed in sing-box 1.12.0, check [Migration](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "disable_cache": false,
+  "rewrite_ttl": null,
+  "client_subnet": null
+}
+```
+
+#### disable_cache
+
+Disable cache and save cache in this query.
+
+#### rewrite_ttl
+
+Rewrite TTL in DNS responses.
+
+#### client_subnet
+
+Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
+
+If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
+
+Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default", // default
+  "no_drop": false
+}
+```
+
+`reject` reject DNS requests.
+
+#### method
+
+- `default`: Reply with NXDOMAIN.
+- `drop`: Drop the request.
+
+#### no_drop
+
+If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
+
+Not available when `method` is set to drop.

+ 86 - 0
docs/configuration/dns/rule_action.zh.md

@@ -0,0 +1,86 @@
+---
+icon: material/new-box
+---
+
+# DNS 规则动作
+
+!!! question "自 sing-box 1.11.0 起"
+
+### route
+
+```json
+{
+  "action": "route",  // 默认
+  "server": "",
+  
+  // 兼容性
+  "disable_cache": false,
+  "rewrite_ttl": 0,
+  "client_subnet": null
+}
+```
+
+`route` 继承了将 DNS 请求 路由到指定服务器的经典规则动作。
+
+#### server
+
+==必填==
+
+目标 DNS 服务器的标签。
+
+#### disable_cache/rewrite_ttl/client_subnet
+
+!!! failure "自 sing-box 1.11.0 起"
+
+    旧的路由选项已弃用,且将在 sing-box 1.12.0 中移除,参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions).
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "disable_cache": false,
+  "rewrite_ttl": null,
+  "client_subnet": null
+}
+```
+
+
+#### disable_cache
+
+在此查询中禁用缓存。
+
+#### rewrite_ttl
+
+重写 DNS 回应中的 TTL。
+
+#### client_subnet
+
+默认情况下,将带有指定 IP 前缀的 `edns0-subnet` OPT 附加记录附加到每个查询。
+
+如果值是 IP 地址而不是前缀,则会自动附加 `/32` 或 `/128`。
+
+将覆盖 `dns.client_subnet` 与 `servers.[].client_subnet`。
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default", // default
+  "no_drop": false
+}
+```
+
+`reject` 拒绝 DNS 请求。
+
+#### method
+
+- `default`: 返回 NXDOMAIN。
+- `drop`: 丢弃请求。
+
+#### no_drop
+
+如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。
+
+当 `method` 设为 `drop` 时不可用。

+ 8 - 2
docs/configuration/outbound/block.md

@@ -1,8 +1,14 @@
-`block` outbound closes all incoming requests.
+---
+icon: material/delete-clock
+---
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions). 
 
 ### Structure
 
-```json
+```json F
 {
   "type": "block",
   "tag": "block"

+ 9 - 1
docs/configuration/outbound/block.zh.md

@@ -1,3 +1,11 @@
+---
+icon: material/delete-clock
+---
+
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions). 
+
 `block` 出站关闭所有传入请求。
 
 ### 结构
@@ -11,4 +19,4 @@
 
 ### 字段
 
-无字段。
+无字段。

+ 8 - 0
docs/configuration/outbound/dns.md

@@ -1,3 +1,11 @@
+---
+icon: material/delete-clock
+---
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Legacy special outbounds are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-special-outbounds-to-rule-actions).
+
 `dns` outbound is a internal DNS server.
 
 ### Structure

+ 8 - 0
docs/configuration/outbound/dns.zh.md

@@ -1,3 +1,11 @@
+---
+icon: material/delete-clock
+---
+
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    旧的特殊出站已被弃用,且将在 sing-box 1.13.0 中被移除, 参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions). 
+
 `dns` 出站是一个内部 DNS 服务器。
 
 ### 结构

+ 16 - 3
docs/configuration/route/rule.md

@@ -1,7 +1,12 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [action](#action)  
+    :material-alert: [outbound](#outbound)
+
 !!! quote "Changes in sing-box 1.10.0"
 
     :material-plus: [client](#client)  
@@ -129,6 +134,7 @@ icon: material/alert-decagram
         "rule_set_ipcidr_match_source": false,
         "rule_set_ip_cidr_match_source": false,
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       },
       {
@@ -136,6 +142,7 @@ icon: material/alert-decagram
         "mode": "and",
         "rules": [],
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       }
     ]
@@ -357,11 +364,17 @@ Make `ip_cidr` in rule-sets match the source IP.
 
 Invert match result.
 
-#### outbound
+#### action
 
 ==Required==
 
-Tag of the target outbound.
+See [Rule Actions](../rule_action/) for details.
+
+#### outbound
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Moved to [Rule Action](../rule_action#route).
 
 ### Logical Fields
 

+ 16 - 3
docs/configuration/route/rule.zh.md

@@ -1,7 +1,12 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [action](#action)  
+    :material-alert: [outbound](#outbound)
+
 !!! quote "sing-box 1.10.0 中的更改"
 
     :material-plus: [client](#client)  
@@ -127,6 +132,7 @@ icon: material/alert-decagram
         "rule_set_ipcidr_match_source": false,
         "rule_set_ip_cidr_match_source": false,
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       },
       {
@@ -134,6 +140,7 @@ icon: material/alert-decagram
         "mode": "and",
         "rules": [],
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       }
     ]
@@ -355,11 +362,17 @@ icon: material/alert-decagram
 
 反选匹配结果。
 
-#### outbound
+#### action
 
 ==必填==
 
-目标出站的标签。
+参阅 [规则行动](../rule_action/)。
+
+#### outbound
+
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    已移动到 [规则行动](../rule_action#route).
 
 ### 逻辑字段
 

+ 139 - 0
docs/configuration/route/rule_action.md

@@ -0,0 +1,139 @@
+---
+icon: material/new-box
+---
+
+# Rule Action
+
+!!! question "Since sing-box 1.11.0"
+
+## Final actions
+
+### route
+
+```json
+{
+  "action": "route", // default
+  "outbound": ""
+}
+```
+
+`route` inherits the classic rule behavior of routing connection to the specified outbound.
+
+#### outbound
+
+==Required==
+
+Tag of target outbound.
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "udp_disable_domain_unmapping": false,
+  "udp_connect": false
+}
+```
+
+`route-options` set options for routing.
+
+#### udp_disable_domain_unmapping
+
+If enabled, for UDP proxy requests addressed to a domain,
+the original packet address will be sent in the response instead of the mapped domain.
+
+This option is used for compatibility with clients that
+do not support receiving UDP packets with domain addresses, such as Surge.
+
+#### udp_connect
+
+If enabled, attempts to connect UDP connection to the destination instead of listen.
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default", // default
+  "no_drop": false
+}
+```
+
+`reject` reject connections
+
+The specified method is used for reject tun connections if `sniff` action has not been performed yet.
+
+For non-tun connections and already established connections, will just be closed.
+
+#### method
+
+- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.
+- `drop`: Drop packets.
+
+#### no_drop
+
+If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
+
+Not available when `method` is set to drop.
+
+### hijack-dns
+
+```json
+{
+  "action": "hijack-dns"
+}
+```
+
+`hijack-dns` hijack DNS requests to the sing-box DNS module.
+
+## Non-final actions
+
+### sniff
+
+```json
+{
+  "action": "sniff",
+  "sniffer": [],
+  "timeout": ""
+}
+```
+
+`sniff` performs protocol sniffing on connections.
+
+For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing.
+
+#### sniffer
+
+Enabled sniffers.
+
+All sniffers enabled by default.
+
+Available protocol values an be found on in [Protocol Sniff](../sniff/)
+
+#### timeout
+
+Timeout for sniffing.
+
+`300ms` is used by default.
+
+### resolve
+
+```json
+{
+  "action": "resolve",
+  "strategy": "",
+  "server": ""
+}
+```
+
+`resolve` resolve request destination from domain to IP addresses.
+
+#### strategy
+
+DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.
+
+`dns.strategy` will be used by default.
+
+#### server
+
+Specifies DNS server tag to use instead of selecting through DNS routing.

+ 136 - 0
docs/configuration/route/rule_action.zh.md

@@ -0,0 +1,136 @@
+---
+icon: material/new-box
+---
+
+# 规则动作
+
+!!! question "自 sing-box 1.11.0 起"
+
+## 最终动作
+
+### route
+
+```json
+{
+  "action": "route", // 默认
+  "outbound": "",
+  "udp_disable_domain_unmapping": false
+}
+```
+
+`route` 继承了将连接路由到指定出站的经典规则动作。
+
+#### outbound
+
+==必填==
+
+目标出站的标签。
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "udp_disable_domain_unmapping": false,
+    "udp_connect": false
+}
+```
+
+#### udp_disable_domain_unmapping
+
+如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
+
+此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。
+
+#### udp_connect
+
+如果启用,将尝试将 UDP 连接 connect 到目标而不是 listen。
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default",  // 默认
+  "no_drop": false
+}
+```
+
+`reject` 拒绝连接。
+
+如果尚未执行 `sniff` 操作,则将使用指定方法拒绝 tun 连接。
+
+对于非 tun 连接和已建立的连接,将直接关闭。
+
+#### method
+
+- `default`: 对于 TCP 连接回复 RST,对于 UDP 包回复 ICMP 端口不可达。
+- `drop`: 丢弃数据包。
+
+#### no_drop
+
+如果未启用,则 30 秒内触发 50 次后,`method` 将被暂时覆盖为 `drop`。
+
+当 `method` 设为 `drop` 时不可用。
+
+### hijack-dns
+
+```json
+{
+  "action": "hijack-dns"
+}
+```
+
+`hijack-dns` 劫持 DNS 请求至 sing-box DNS 模块。
+
+## 非最终动作
+
+### sniff
+
+```json
+{
+  "action": "sniff",
+  "sniffer": [],
+  "timeout": ""
+}
+```
+
+`sniff` 对连接执行协议嗅探。
+
+对于已弃用的 `inbound.sniff` 选项,被视为在路由之前执行的 `sniff`。
+
+#### sniffer
+
+启用的探测器。
+
+默认启用所有探测器。
+
+可用的协议值可以在 [协议嗅探](../sniff/) 中找到。
+
+#### timeout
+
+探测超时时间。
+
+默认使用 300ms。
+
+### resolve
+
+```json
+{
+  "action": "resolve",
+  "strategy": "",
+  "server": ""
+}
+```
+
+`resolve` 将请求的目标从域名解析为 IP 地址。
+
+#### strategy
+
+DNS 解析策略,可用值有:`prefer_ipv4`、`prefer_ipv6`、`ipv4_only`、`ipv6_only`。
+
+默认使用 `dns.strategy`。
+
+#### server
+
+指定要使用的 DNS 服务器的标签,而不是通过 DNS 路由进行选择。

+ 33 - 1
docs/configuration/shared/listen.md

@@ -1,3 +1,15 @@
+---
+icon: material/delete-clock
+---
+
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-delete-clock: [sniff](#sniff)  
+    :material-delete-clock: [sniff_override_destination](#sniff_override_destination)  
+    :material-delete-clock: [sniff_timeout](#sniff_timeout)  
+    :material-delete-clock: [domain_strategy](#domain_strategy)  
+    :material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
+
 ### Structure
 
 ```json
@@ -68,24 +80,40 @@ Requires target inbound support, see [Injectable](/configuration/inbound/#fields
 
 #### sniff
 
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 Enable sniffing.
 
 See [Protocol Sniff](/configuration/route/sniff/) for details.
 
 #### sniff_override_destination
 
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Inbound fields are deprecated and will be removed in sing-box 1.13.0.
+
 Override the connection destination address with the sniffed domain.
 
 If the domain name is invalid (like tor), this will not work.
 
 #### sniff_timeout
 
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 Timeout for sniffing.
 
-300ms is used by default.
+`300ms` is used by default.
 
 #### domain_strategy
 
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
 
 If set, the requested domain name will be resolved to IP before routing.
@@ -94,6 +122,10 @@ If `sniff_override_destination` is in effect, its value will be taken as a fallb
 
 #### udp_disable_domain_unmapping
 
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Inbound fields are deprecated and will be removed in sing-box 1.13.0, check [Migration](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 If enabled, for UDP proxy requests addressed to a domain, 
 the original packet address will be sent in the response instead of the mapped domain.
 

+ 32 - 0
docs/configuration/shared/listen.zh.md

@@ -1,3 +1,15 @@
+---
+icon: material/delete-clock
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-delete-clock: [sniff](#sniff)  
+    :material-delete-clock: [sniff_override_destination](#sniff_override_destination)  
+    :material-delete-clock: [sniff_timeout](#sniff_timeout)  
+    :material-delete-clock: [domain_strategy](#domain_strategy)  
+    :material-delete-clock: [udp_disable_domain_unmapping](#udp_disable_domain_unmapping)
+
 ### 结构
 
 ```json
@@ -69,24 +81,40 @@ UDP NAT 过期时间,以秒为单位。
 
 #### sniff
 
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 启用协议探测。
 
 参阅 [协议探测](/zh/configuration/route/sniff/)
 
 #### sniff_override_destination
 
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    入站字段已废弃且将在 sing-box 1.12.0 中被移除。
+
 用探测出的域名覆盖连接目标地址。
 
 如果域名无效(如 Tor),将不生效。
 
 #### sniff_timeout
 
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 探测超时时间。
 
 默认使用 300ms。
 
 #### domain_strategy
 
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 可选值: `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`。
 
 如果设置,请求的域名将在路由之前解析为 IP。
@@ -95,6 +123,10 @@ UDP NAT 过期时间,以秒为单位。
 
 #### udp_disable_domain_unmapping
 
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    入站字段已废弃且将在 sing-box 1.12.0 中被移除,参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
 如果启用,对于地址为域的 UDP 代理请求,将在响应中发送原始包地址而不是映射的域。
 
 此选项用于兼容不支持接收带有域地址的 UDP 包的客户端,如 Surge。

+ 28 - 2
docs/deprecated.md

@@ -4,6 +4,32 @@ icon: material/delete-alert
 
 # Deprecated Feature List
 
+## 1.11.0
+
+#### Legacy special outbounds
+
+Legacy special outbounds (`block` / `dns`) are deprecated
+and can be replaced by rule actions,
+check [Migration](../migration/#migrate-legacy-special-outbounds-to-rule-actions).
+
+Old fields will be removed in sing-box 1.13.0.
+
+#### Legacy inbound fields
+
+Legacy inbound fields (`inbound.<sniff/domain_strategy/...>` are deprecated
+and can be replaced by rule actions,
+check [Migration](../migration/#migrate-legacy-inbound-fields-to-rule-actions).
+
+Old fields will be removed in sing-box 1.13.0.
+
+#### Legacy DNS route options
+
+Legacy DNS route options (`disable_cache`, `rewrite_ttl`, `client_subnet`) are deprecated
+and can be replaced by rule actions,
+check [Migration](../migration/#migrate-legacy-dns-route-options-to-rule-actions).
+
+Old fields will be removed in sing-box 1.12.0.
+
 ## 1.10.0
 
 #### TUN address fields are merged
@@ -12,7 +38,7 @@ icon: material/delete-alert
 `inet4_route_address` and `inet6_route_address` are merged into `route_address`,
 `inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
 
-Old fields are deprecated and will be removed in sing-box 1.12.0.
+Old fields will be removed in sing-box 1.12.0.
 
 #### Match source rule items are renamed
 
@@ -32,7 +58,7 @@ check [Migration](/migration/#migrate-cache-file-from-clash-api-to-independent-o
 
 #### GeoIP
 
-GeoIP is deprecated and may be removed in sing-box 1.12.0.
+GeoIP is deprecated and will be removed in sing-box 1.12.0.
 
 The maxmind GeoIP National Database, as an IP classification database,
 is not entirely suitable for traffic bypassing,

+ 24 - 1
docs/deprecated.zh.md

@@ -4,6 +4,29 @@ icon: material/delete-alert
 
 # 废弃功能列表
 
+## 1.11.0
+
+#### 旧的特殊出站
+
+旧的特殊出站(`block` / `dns`)已废弃且可以通过规则动作替代,
+参阅 [迁移指南](/migration/#migrate-legacy-special-outbounds-to-rule-actions)。
+
+旧字段将在 sing-box 1.13.0 中被移除。
+
+#### 旧的入站字段
+
+旧的入站字段(`inbound.<sniff/domain_strategy/...>`)已废弃且可以通过规则动作替代,
+参阅 [迁移指南](/migration/#migrate-legacy-inbound-fields-to-rule-actions)。
+
+旧字段将在 sing-box 1.13.0 中被移除。
+
+#### 旧的 DNS 路由参数
+
+旧的 DNS 路由参数(`disable_cache`、`rewrite_ttl`、`client_subnet`)已废弃且可以通过规则动作替代,
+参阅 [迁移指南](/migration/#migrate-legacy-dns-route-options-to-rule-actions)。
+
+旧字段将在 sing-box 1.12.0 中被移除。
+
 ## 1.10.0
 
 #### Match source 规则项已重命名
@@ -17,7 +40,7 @@ icon: material/delete-alert
 `inet4_route_address` 和 `inet6_route_address` 已合并为 `route_address`,
 `inet4_route_exclude_address` 和 `inet6_route_exclude_address` 已合并为 `route_exclude_address`。
 
-旧字段已废弃,且将在 sing-box 1.11.0 中被移除。
+旧字段将在 sing-box 1.11.0 中被移除。
 
 #### 移除对 go1.18 和 go1.19 的支持
 

+ 206 - 2
docs/migration.md

@@ -2,6 +2,212 @@
 icon: material/arrange-bring-forward
 ---
 
+## 1.11.0
+
+### Migrate legacy special outbounds to rule actions
+
+Legacy special outbounds are deprecated and can be replaced by rule actions.
+
+!!! info "References"
+
+    [Rule Action](/configuration/route/rule_action/) / 
+    [Block](/configuration/outbound/block/) / 
+    [DNS](/configuration/outbound/dns)
+
+=== "Block"
+
+    === ":material-card-remove: Deprecated"
+    
+        ```json
+        {
+          "outbounds": [
+            {
+              "type": "block",
+              "tag": "block"
+            }
+          ],
+          "route": {
+            "rules": [
+              {
+                ...,
+                
+                "outbound": "block"
+              }
+            ]
+          }
+        }
+        ```
+
+    === ":material-card-multiple: New"
+    
+        ```json
+        {
+          "route": {
+            "rules": [
+              {
+                ...,
+                
+                "action": "reject"
+              }
+            ]
+          }
+        }
+        ```
+
+=== "DNS"
+
+    === ":material-card-remove: Deprecated"
+    
+        ```json
+        {
+          "inbound": [
+            {
+              ...,
+              
+              "sniff": true
+            }
+          ],
+          "outbounds": [
+            {
+              "tag": "dns",
+              "type": "dns"
+            }
+          ],
+          "route": {
+            "rules": [
+              {
+                "protocol": "dns",
+                "outbound": "dns"
+              }
+            ]
+          }
+        }
+        ```
+    
+    === ":material-card-multiple: New"
+    
+        ```json
+        {
+          "route": {
+            "rules": [
+              {
+                "action": "sniff"
+              },
+              {
+                "protocol": "dns",
+                "action": "hijack-dns"
+              }
+            ]
+          }
+        }
+        ```
+
+### Migrate legacy inbound fields to rule actions
+
+Inbound fields are deprecated and can be replaced by rule actions.
+
+!!! info "References"
+
+    [Listen Fields](/configuration/inbound/listen/) /
+    [Rule](/configuration/route/rule/) / 
+    [Rule Action](/configuration/route/rule_action/) / 
+    [DNS Rule](/configuration/dns/rule/) / 
+    [DNS Rule Action](/configuration/dns/rule_action/)
+
+=== ":material-card-remove: Deprecated"
+
+    ```json
+    {
+      "inbounds": [
+        {
+          "type": "mixed",
+          "sniff": true,
+          "sniff_timeout": "1s",
+          "domain_strategy": "prefer_ipv4"
+        }
+      ]
+    }
+    ```
+
+=== ":material-card-multiple: New"
+
+    ```json
+    {
+      "inbounds": [
+        {
+          "type": "mixed",
+          "tag": "in"
+        }
+      ],
+      "route": {
+        "rules": [
+          {
+            "inbound": "in",
+            "action": "resolve",
+            "strategy": "prefer_ipv4"
+          },
+          {
+            "inbound": "in",
+            "action": "sniff",
+            "timeout": "1s"
+          }
+        ]
+      }
+    }
+    ```
+
+### Migrate legacy DNS route options to rule actions
+
+Legacy DNS route options are deprecated and can be replaced by rule actions.
+
+!!! info "References"
+
+    [DNS Rule](/configuration/dns/rule/) / 
+    [DNS Rule Action](/configuration/dns/rule_action/)
+
+=== ":material-card-remove: Deprecated"
+
+    ```json
+    {
+      "dns": {
+        "rules": [
+          {
+            ...,
+            
+            "server": "local",
+            "disable_cache": true,
+            "rewrite_ttl": 600,
+            "client_subnet": "1.1.1.1/24"
+          }
+        ]
+      }
+    }
+    ```
+
+=== ":material-card-multiple: New"
+
+    ```json
+    {
+      "dns": {
+        "rules": [
+          {
+            ...,
+            
+            "action": "route-options",
+            "disable_cache": true,
+            "rewrite_ttl": 600,
+            "client_subnet": "1.1.1.1/24"
+          },
+          {
+            ...,
+            
+            "server": "local"
+          }
+        ]
+      }
+    }
+    ```
+
 ## 1.10.0
 
 ### TUN address fields are merged
@@ -10,8 +216,6 @@ icon: material/arrange-bring-forward
 `inet4_route_address` and `inet6_route_address` are merged into `route_address`,
 `inet4_route_exclude_address` and `inet6_route_exclude_address` are merged into `route_exclude_address`.
 
-Old fields are deprecated and will be removed in sing-box 1.11.0.
-
 !!! info "References"
 
     [TUN](/configuration/inbound/tun/)

+ 206 - 0
docs/migration.zh.md

@@ -2,6 +2,212 @@
 icon: material/arrange-bring-forward
 ---
 
+## 1.11.0
+
+### 迁移旧的特殊出站到规则动作
+
+旧的特殊出站已被弃用,且可以被规则动作替代。
+
+!!! info "参考"
+
+    [规则动作](/zh/configuration/route/rule_action/) /
+    [Block](/zh/configuration/outbound/block/) / 
+    [DNS](/zh/configuration/outbound/dns)
+
+=== "Block"
+
+    === ":material-card-remove: 弃用的"
+    
+        ```json
+        {
+          "outbounds": [
+            {
+              "type": "block",
+              "tag": "block"
+            }
+          ],
+          "route": {
+            "rules": [
+              {
+                ...,
+                
+                "outbound": "block"
+              }
+            ]
+          }
+        }
+        ```
+
+    === ":material-card-multiple: 新的"
+    
+        ```json
+        {
+          "route": {
+            "rules": [
+              {
+                ...,
+                
+                "action": "reject"
+              }
+            ]
+          }
+        }
+        ```
+
+=== "DNS"
+
+    === ":material-card-remove: 弃用的"
+    
+        ```json
+        {
+          "inbound": [
+            {
+              ...,
+              
+              "sniff": true
+            }
+          ],
+          "outbounds": [
+            {
+              "tag": "dns",
+              "type": "dns"
+            }
+          ],
+          "route": {
+            "rules": [
+              {
+                "protocol": "dns",
+                "outbound": "dns"
+              }
+            ]
+          }
+        }
+        ```
+    
+    === ":material-card-multiple: 新的"
+    
+        ```json
+        {
+          "route": {
+            "rules": [
+              {
+                "action": "sniff"
+              },
+              {
+                "protocol": "dns",
+                "action": "hijack-dns"
+              }
+            ]
+          }
+        }
+        ```
+
+### 迁移旧的入站字段到规则动作
+
+入站选项已被弃用,且可以被规则动作替代。
+
+!!! info "参考"
+
+    [监听字段](/zh/configuration/shared/listen/) /
+    [规则](/zh/configuration/route/rule/) /
+    [规则动作](/zh/configuration/route/rule_action/) /
+    [DNS 规则](/zh/configuration/dns/rule/) /
+    [DNS 规则动作](/zh/configuration/dns/rule_action/)
+
+=== ":material-card-remove: 弃用的"
+
+    ```json
+    {
+      "inbounds": [
+        {
+          "type": "mixed",
+          "sniff": true,
+          "sniff_timeout": "1s",
+          "domain_strategy": "prefer_ipv4"
+        }
+      ]
+    }
+    ```
+
+=== ":material-card-multiple: New"
+
+    ```json
+    {
+      "inbounds": [
+        {
+          "type": "mixed",
+          "tag": "in"
+        }
+      ],
+      "route": {
+        "rules": [
+          {
+            "inbound": "in",
+            "action": "resolve",
+            "strategy": "prefer_ipv4"
+          },
+          {
+            "inbound": "in",
+            "action": "sniff",
+            "timeout": "1s"
+          }
+        ]
+      }
+    }
+    ```
+
+### 迁移旧的 DNS 路由选项到规则动作
+
+旧的 DNS 路由选项已被弃用,且可以被规则动作替代。
+
+!!! info "参考"
+
+    [DNS 规则](/zh/configuration/dns/rule/) / 
+    [DNS 规则动作](/zh/configuration/dns/rule_action/)
+
+=== ":material-card-remove: 弃用的"
+
+    ```json
+    {
+      "dns": {
+        "rules": [
+          {
+            ...,
+            
+            "server": "local",
+            "disable_cache": true,
+            "rewrite_ttl": 600,
+            "client_subnet": "1.1.1.1/24"
+          }
+        ]
+      }
+    }
+    ```
+
+=== ":material-card-multiple: 新的"
+
+    ```json
+    {
+      "dns": {
+        "rules": [
+          {
+            ...,
+            
+            "action": "route-options",
+            "disable_cache": true,
+            "rewrite_ttl": 600,
+            "client_subnet": "1.1.1.1/24"
+          },
+          {
+            ...,
+            
+            "server": "local"
+          }
+        ]
+      }
+    }
+    ```
+
 ## 1.10.0
 
 ### TUN 地址字段已合并

+ 4 - 0
mkdocs.yml

@@ -82,6 +82,7 @@ nav:
           - configuration/dns/index.md
           - DNS Server: configuration/dns/server.md
           - DNS Rule: configuration/dns/rule.md
+          - DNS Rule Action: configuration/dns/rule_action.md
           - FakeIP: configuration/dns/fakeip.md
       - NTP:
           - configuration/ntp/index.md
@@ -90,6 +91,7 @@ nav:
           - GeoIP: configuration/route/geoip.md
           - Geosite: configuration/route/geosite.md
           - Route Rule: configuration/route/rule.md
+          - Rule Action: configuration/route/rule_action.md
           - Protocol Sniff: configuration/route/sniff.md
       - Rule Set:
           - configuration/rule-set/index.md
@@ -218,9 +220,11 @@ plugins:
             Log: 日志
             DNS Server: DNS 服务器
             DNS Rule: DNS 规则
+            DNS Rule Action: DNS 规则动作
 
             Route: 路由
             Route Rule: 路由规则
+            Rule Action: 规则动作
             Protocol Sniff: 协议探测
 
             Rule Set: 规则集

+ 1 - 1
option/inbound.go

@@ -34,7 +34,7 @@ func (h *Inbound) UnmarshalJSONContext(ctx context.Context, content []byte) erro
 	}
 	registry := service.FromContext[InboundOptionsRegistry](ctx)
 	if registry == nil {
-		return E.New("missing inbound options registry in context")
+		return E.New("missing Inbound fields registry in context")
 	}
 	options, loaded := registry.CreateOptions(h.Type)
 	if !loaded {

+ 0 - 6
option/rule_action.go

@@ -148,9 +148,6 @@ func (r *RouteActionOptions) UnmarshalJSON(data []byte) error {
 	if err != nil {
 		return err
 	}
-	if r.Outbound == "" {
-		return E.New("missing outbound")
-	}
 	return nil
 }
 
@@ -189,9 +186,6 @@ func (r *DNSRouteActionOptions) UnmarshalJSONContext(ctx context.Context, data [
 	if err != nil {
 		return err
 	}
-	if r.Server == "" {
-		return E.New("missing server")
-	}
 	if r.DisableCache || r.RewriteTTL != nil || r.ClientSubnet != nil {
 		deprecated.Report(ctx, deprecated.OptionLegacyDNSRouteOptions)
 	}

+ 1 - 1
route/route.go

@@ -76,7 +76,7 @@ func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata ad
 	metadata.Network = N.NetworkTCP
 	switch metadata.Destination.Fqdn {
 	case mux.Destination.Fqdn:
-		return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in inbound options instead.")
+		return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in Inbound fields instead.")
 	case vmess.MuxDestination.Fqdn:
 		return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
 	case uot.MagicAddress: