mirrors/Exclave
0
0
Fork 0
mirror of https://github.com/dyhkwong/Exclave.git synced 2026-04-21 06:32:42 +00:00
Code Wiki Activity
Page: Route
Pages
Configuration Group Home Route Settings _Experiments _实验 分组 设置 路由 配置
2 Route
dyhkwong edited this page 2026-01-02 17:09:31 +08:00
Table of Contents

Route

For details on how to write rules, see V2Ray Documentation Routing RuleObject. If it is an array, the format is one per line.

Domain strategy

See domainStrategy of V2Ray Documentation Routing RoutingObject. Because of how TUN works, domain strategy is only used for the cases of fake DNS enabled, "Override destination" enabled, traffic from SOCKS and HTTP proxy inbounds. Otherwise there is no difference among these domain strategies at all.

Custom route assets

The update source of geoip.dat and geosite.dat can be modified in "Settings". Custom route assets can be added and managed in "Route - Manage route assets".

Routing rule and DNS

Domains in "proxy" rules use remote DNS and domains in "bypass" rules use direct DNS. Remote DNS is used for domains with no rules matched. V2Ray DNS module only supports domain rules, and does not match in order (v2fly/v2ray-core#1855, v2fly/v2ray-core#1558). Non-domain rules will not applied to DNS.

"servers": [
  {
    "address": "remote DNS",
    "domains": [
      "domains in proxy rules"
    ]
  },
  {
    "address": "direct DNS",
    "domains": [
      "domains in bypass rules"
    ]
  }
]

Relationship between domain rules and IP rules

The relationship between each attribute of a rule is "with" rather than "or". Therefore, you normally should not write domain name rules and IP rules in the same rule.

Routing rules based on network type

USB network requires Android 12. Satellite network requires Android 15.

Routing rule based on Wi-Fi SSID

It is necessary to enable location service and set location permission to "always allow".

One per line. Because of design flaw, line break (\n) in SSID needs to be escaped to \n, and \ needs to be escaped to \\.

Routing rule based on application

Let the specified routing rule only applied to specified apps. Routing rules based on application only take effect under VPN mode.

Apps without the "have full network access" permission (android.permission.internet) are not shown. e.g. Gemini (com.google.android.apps.bard) does not declare Internet permission and it connects to the Internet through the app named "Google" (com.google.android.googlequicksearchbox). You should search for "Google" rather than "Gemini".

"Routing rule based on application" is actually "routing rule based on UID". The owner of traffic from applications with the same UID (android:sharedUserId) is the same UID. Therefore, selecting one of these applications in the user interface will automatically select all others.

Many "Android" devices from China modified the declare-only "query all packages" (android.permission.QUERY_ALL_PACKAGES) permission and break the normal behavior of software. You may need to manually grant the so-called "get installed apps" (or other similar names, com.android.permission.GET_INSTALLED_APPS) runtime permission in system settings or other locations.

Use as a blocker

It is strongly advise AGAINST using this software or any other proxy software as a blocker. The domain filtering function of a typical proxy software (including this software) can be easily bypassed, as how those tricks against a real firewall work. For the same UDP socket, a typical proxy software (including this software) routes packets based solely on the destination address of the first packet. Changing the routing for subsequent packets would require breaking NAT mapping behavior and NAT filtering behavior; to allow only a single destination address, it would require sacrificing NAT behavior and implementing a behavior like the connect() socket instead of the bind()socket. More importantly, using proxy software as a blocker to create self-censorship contradicts the fundamental purpose of proxy software, which is to bypass censorship.

  • Although this UDP routing issue does not exist in the original V2Ray (not this software) without "packetEncoding" enabled, the UDP NAT behavior of the original V2Ray is not so-called "Symmetric NAT". It treats all sent destination addresses and all received source addresses as the same address, but it will send data to the incorrect destination address and incorrectly identity the source address of the received data. This makes it a neither fish nor fowl NAT behavior that does not belong to any defined NAT type, leading to other routing issues. The original V2Ray with "packetEncoding" enabled invalidates the issue at the cost of domain-based or IP-based or port-based routing rules ineffective for traffic with "packetEncoding" enabled, thus any UDP routing issues are eliminated.

Home

主页

Exclave wiki by dyhkwong is marked CC0 1.0 Universal. To view a copy of this mark, visit https://creativecommons.org/publicdomain/zero/1.0/.