Fix missing `rule_set_ipcidr_match_source` item in DNS rules

docs/configuration/dns/rule.md

@@ -8,6 +8,7 @@ icon: material/new-box
     :material-plus: [ip_cidr](#ip_cidr)  
     :material-plus: [ip_is_private](#ip_is_private)  
     :material-plus: [client_subnet](#client_subnet)
+    :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
 
 !!! quote "Changes in sing-box 1.8.0"
 
@@ -116,6 +117,7 @@ icon: material/new-box
           "geoip-cn",
           "geosite-cn"
         ],
+        "rule_set_ipcidr_match_source": false,
         "invert": false,
         "outbound": [
           "direct"
@@ -303,6 +305,12 @@ Match WiFi BSSID.
 
 Match [Rule Set](/configuration/route/#rule_set).
 
+#### rule_set_ipcidr_match_source
+
+!!! question "Since sing-box 1.9.0"
+
+Make `ipcidr` in rule sets match the source IP.
+
 #### invert
 
 Invert match result.

docs/configuration/dns/rule.zh.md

@@ -8,6 +8,7 @@ icon: material/new-box
     :material-plus: [ip_cidr](#ip_cidr)  
     :material-plus: [ip_is_private](#ip_is_private)  
     :material-plus: [client_subnet](#client_subnet)
+    :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
 
 !!! quote "sing-box 1.8.0 中的更改"
 
@@ -116,6 +117,7 @@ icon: material/new-box
           "geoip-cn",
           "geosite-cn"
         ],
+        "rule_set_ipcidr_match_source": false,
         "invert": false,
         "outbound": [
           "direct"
@@ -301,6 +303,12 @@ DNS 查询类型。值可以为整数或者类型名称字符串。
 
 匹配[规则集](/zh/configuration/route/#rule_set)。
 
+#### rule_set_ipcidr_match_source
+
+!!! question "自 sing-box 1.9.0 起"
+
+使规则集中的 `ipcidr` 规则匹配源 IP。
+
 #### invert
 
 反选匹配结果。

docs/configuration/route/rule.md

@@ -105,6 +105,7 @@
           "geoip-cn",
           "geosite-cn"
         ],
+        "rule_set_ipcidr_match_source": false,
         "invert": false,
         "outbound": "direct"
       },

docs/configuration/route/rule.zh.md

@@ -103,6 +103,7 @@
           "geoip-cn",
           "geosite-cn"
         ],
+        "rule_set_ipcidr_match_source": false,
         "invert": false,
         "outbound": "direct"
       },

docs/configuration/rule-set/headless-rule.md

@@ -124,7 +124,7 @@ Match source IP CIDR.
 
 !!! info ""
 
-    `ip_cidr` is an alias for `source_ip_cidr` when the Rule Set is used in DNS rules or `rule_set_ipcidr_match_source` enabled in route rules.
+    `ip_cidr` is an alias for `source_ip_cidr` when `rule_set_ipcidr_match_source` enabled in route/DNS rules.
 
 Match IP CIDR.
 

option/rule_dns.go

@@ -65,42 +65,43 @@ func (r DNSRule) IsValid() bool {
 }
 
 type DefaultDNSRule struct {
-	Inbound           Listable[string]       `json:"inbound,omitempty"`
-	IPVersion         int                    `json:"ip_version,omitempty"`
-	QueryType         Listable[DNSQueryType] `json:"query_type,omitempty"`
-	Network           Listable[string]       `json:"network,omitempty"`
-	AuthUser          Listable[string]       `json:"auth_user,omitempty"`
-	Protocol          Listable[string]       `json:"protocol,omitempty"`
-	Domain            Listable[string]       `json:"domain,omitempty"`
-	DomainSuffix      Listable[string]       `json:"domain_suffix,omitempty"`
-	DomainKeyword     Listable[string]       `json:"domain_keyword,omitempty"`
-	DomainRegex       Listable[string]       `json:"domain_regex,omitempty"`
-	Geosite           Listable[string]       `json:"geosite,omitempty"`
-	SourceGeoIP       Listable[string]       `json:"source_geoip,omitempty"`
-	GeoIP             Listable[string]       `json:"geoip,omitempty"`
-	IPCIDR            Listable[string]       `json:"ip_cidr,omitempty"`
-	IPIsPrivate       bool                   `json:"ip_is_private,omitempty"`
-	SourceIPCIDR      Listable[string]       `json:"source_ip_cidr,omitempty"`
-	SourceIPIsPrivate bool                   `json:"source_ip_is_private,omitempty"`
-	SourcePort        Listable[uint16]       `json:"source_port,omitempty"`
-	SourcePortRange   Listable[string]       `json:"source_port_range,omitempty"`
-	Port              Listable[uint16]       `json:"port,omitempty"`
-	PortRange         Listable[string]       `json:"port_range,omitempty"`
-	ProcessName       Listable[string]       `json:"process_name,omitempty"`
-	ProcessPath       Listable[string]       `json:"process_path,omitempty"`
-	PackageName       Listable[string]       `json:"package_name,omitempty"`
-	User              Listable[string]       `json:"user,omitempty"`
-	UserID            Listable[int32]        `json:"user_id,omitempty"`
-	Outbound          Listable[string]       `json:"outbound,omitempty"`
-	ClashMode         string                 `json:"clash_mode,omitempty"`
-	WIFISSID          Listable[string]       `json:"wifi_ssid,omitempty"`
-	WIFIBSSID         Listable[string]       `json:"wifi_bssid,omitempty"`
-	RuleSet           Listable[string]       `json:"rule_set,omitempty"`
-	Invert            bool                   `json:"invert,omitempty"`
-	Server            string                 `json:"server,omitempty"`
-	DisableCache      bool                   `json:"disable_cache,omitempty"`
-	RewriteTTL        *uint32                `json:"rewrite_ttl,omitempty"`
-	ClientSubnet      *ListenAddress         `json:"client_subnet,omitempty"`
+	Inbound                  Listable[string]       `json:"inbound,omitempty"`
+	IPVersion                int                    `json:"ip_version,omitempty"`
+	QueryType                Listable[DNSQueryType] `json:"query_type,omitempty"`
+	Network                  Listable[string]       `json:"network,omitempty"`
+	AuthUser                 Listable[string]       `json:"auth_user,omitempty"`
+	Protocol                 Listable[string]       `json:"protocol,omitempty"`
+	Domain                   Listable[string]       `json:"domain,omitempty"`
+	DomainSuffix             Listable[string]       `json:"domain_suffix,omitempty"`
+	DomainKeyword            Listable[string]       `json:"domain_keyword,omitempty"`
+	DomainRegex              Listable[string]       `json:"domain_regex,omitempty"`
+	Geosite                  Listable[string]       `json:"geosite,omitempty"`
+	SourceGeoIP              Listable[string]       `json:"source_geoip,omitempty"`
+	GeoIP                    Listable[string]       `json:"geoip,omitempty"`
+	IPCIDR                   Listable[string]       `json:"ip_cidr,omitempty"`
+	IPIsPrivate              bool                   `json:"ip_is_private,omitempty"`
+	SourceIPCIDR             Listable[string]       `json:"source_ip_cidr,omitempty"`
+	SourceIPIsPrivate        bool                   `json:"source_ip_is_private,omitempty"`
+	SourcePort               Listable[uint16]       `json:"source_port,omitempty"`
+	SourcePortRange          Listable[string]       `json:"source_port_range,omitempty"`
+	Port                     Listable[uint16]       `json:"port,omitempty"`
+	PortRange                Listable[string]       `json:"port_range,omitempty"`
+	ProcessName              Listable[string]       `json:"process_name,omitempty"`
+	ProcessPath              Listable[string]       `json:"process_path,omitempty"`
+	PackageName              Listable[string]       `json:"package_name,omitempty"`
+	User                     Listable[string]       `json:"user,omitempty"`
+	UserID                   Listable[int32]        `json:"user_id,omitempty"`
+	Outbound                 Listable[string]       `json:"outbound,omitempty"`
+	ClashMode                string                 `json:"clash_mode,omitempty"`
+	WIFISSID                 Listable[string]       `json:"wifi_ssid,omitempty"`
+	WIFIBSSID                Listable[string]       `json:"wifi_bssid,omitempty"`
+	RuleSet                  Listable[string]       `json:"rule_set,omitempty"`
+	RuleSetIPCIDRMatchSource bool                   `json:"rule_set_ipcidr_match_source,omitempty"`
+	Invert                   bool                   `json:"invert,omitempty"`
+	Server                   string                 `json:"server,omitempty"`
+	DisableCache             bool                   `json:"disable_cache,omitempty"`
+	RewriteTTL               *uint32                `json:"rewrite_ttl,omitempty"`
+	ClientSubnet             *ListenAddress         `json:"client_subnet,omitempty"`
 }
 
 func (r DefaultDNSRule) IsValid() bool {

route/rule_dns.go

@@ -219,7 +219,7 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options
 		rule.allItems = append(rule.allItems, item)
 	}
 	if len(options.RuleSet) > 0 {
-		item := NewRuleSetItem(router, options.RuleSet, false)
+		item := NewRuleSetItem(router, options.RuleSet, options.RuleSetIPCIDRMatchSource)
 		rule.items = append(rule.items, item)
 		rule.allItems = append(rule.allItems, item)
 	}
@@ -247,7 +247,7 @@ func (r *DefaultDNSRule) WithAddressLimit() bool {
 		if !isRuleSet {
 			continue
 		}
-		if ruleSet.ContainsIPCIDRRule() {
+		if ruleSet.ContainsDestinationIPCIDRRule() {
 			return true
 		}
 	}

route/rule_item_rule_set.go

@@ -47,7 +47,10 @@ func (r *RuleSetItem) Match(metadata *adapter.InboundContext) bool {
 	return false
 }
 
-func (r *RuleSetItem) ContainsIPCIDRRule() bool {
+func (r *RuleSetItem) ContainsDestinationIPCIDRRule() bool {
+	if r.ipcidrMatchSource {
+		return false
+	}
 	return common.Any(r.setList, func(ruleSet adapter.RuleSet) bool {
 		return ruleSet.Metadata().ContainsIPCIDRRule
 	})