diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
index 11a052dd5..0bc15c66d 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
@@ -180,7 +180,7 @@ if has_xray then
o = s_xray:option(Flag, "sniffing_override_dest", translate("Override the connection destination address"))
o.default = 0
- o.description = translate("Override the connection destination address with the sniffed domain.
When enabled, traffic will match only by domain, ignoring IP rules.
If using shunt nodes, configure the domain shunt rules correctly.")
+ o.description = translate("Override the connection destination address with the sniffed domain.
Otherwise use sniffed domain for routing only.
If using shunt nodes, configure the domain shunt rules correctly.")
local domains_excluded = string.format("/usr/share/%s/rules/domains_excluded", appname)
o = s_xray:option(TextValue, "excluded_domains", translate("Excluded Domains"), translate("If the traffic sniffing result is in this list, the destination address will not be overridden."))
diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua
index 3c9907758..05a9f1ddb 100644
--- a/luci-app-passwall/luasrc/passwall/util_xray.lua
+++ b/luci-app-passwall/luasrc/passwall/util_xray.lua
@@ -612,8 +612,15 @@ function gen_config(var)
port = tonumber(local_socks_port),
protocol = "socks",
settings = {auth = "noauth", udp = true},
- sniffing = {enabled = true, destOverride = {"http", "tls", "quic"}}
+ sniffing = {
+ enabled = xray_settings.sniffing_override_dest == "1" or node.protocol == "_shunt"
+ }
}
+ if inbound.sniffing.enabled == true then
+ inbound.sniffing.destOverride = {"http", "tls", "quic"}
+ inbound.sniffing.routeOnly = xray_settings.sniffing_override_dest ~= "1" or nil
+ inbound.sniffing.domainsExcluded = xray_settings.sniffing_override_dest == "1" and get_domain_excluded() or nil
+ end
if local_socks_username and local_socks_password and local_socks_username ~= "" and local_socks_password ~= "" then
inbound.settings.auth = "password"
inbound.settings.accounts = {
@@ -649,13 +656,15 @@ function gen_config(var)
settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}},
sniffing = {
- enabled = xray_settings.sniffing_override_dest == "1" or node.protocol == "_shunt",
- destOverride = {"http", "tls", "quic"},
- metadataOnly = false,
- routeOnly = node.protocol == "_shunt" and xray_settings.sniffing_override_dest ~= "1" or nil,
- domainsExcluded = xray_settings.sniffing_override_dest == "1" and get_domain_excluded() or nil
+ enabled = xray_settings.sniffing_override_dest == "1" or node.protocol == "_shunt"
}
}
+ if inbound.sniffing.enabled == true then
+ inbound.sniffing.destOverride = {"http", "tls", "quic", (remote_dns_fake) and "fakedns"}
+ inbound.sniffing.metadataOnly = false
+ inbound.sniffing.routeOnly = xray_settings.sniffing_override_dest ~= "1" or nil
+ inbound.sniffing.domainsExcluded = xray_settings.sniffing_override_dest == "1" and get_domain_excluded() or nil
+ end
if tcp_redir_port then
local tcp_inbound = api.clone(inbound)
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index a32f413fe..610fe9bca 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -1645,6 +1645,9 @@ msgstr "握手服务器"
msgid "Handshake Server Port"
msgstr "握手服务器端口"
+msgid "Override the connection destination address with the sniffed domain.
Otherwise use sniffed domain for routing only.
If using shunt nodes, configure the domain shunt rules correctly."
+msgstr "用探测出的域名覆盖连接目标地址。
否则仅将探测得到的域名用于路由。
如使用分流节点,请正确设置域名分流规则。"
+
msgid "Override the connection destination address with the sniffed domain.
When enabled, traffic will match only by domain, ignoring IP rules.
If using shunt nodes, configure the domain shunt rules correctly."
msgstr "用探测出的域名覆盖连接目标地址。
启用后仅使用域名进行流量匹配,将忽略IP规则。
如使用分流节点,请正确设置域名分流规则。"