documentation: Add rule action

docs/configuration/route/rule.md

@@ -1,7 +1,12 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [action](#action)  
+    :material-alert: [outbound](#outbound)
+
 !!! quote "Changes in sing-box 1.10.0"
 
     :material-plus: [client](#client)  
@@ -129,6 +134,7 @@ icon: material/alert-decagram
         "rule_set_ipcidr_match_source": false,
         "rule_set_ip_cidr_match_source": false,
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       },
       {
@@ -136,6 +142,7 @@ icon: material/alert-decagram
         "mode": "and",
         "rules": [],
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       }
     ]
@@ -357,11 +364,17 @@ Make `ip_cidr` in rule-sets match the source IP.
 
 Invert match result.
 
-#### outbound
+#### action
 
 ==Required==
 
-Tag of the target outbound.
+See [Rule Actions](../rule_action/) for details.
+
+#### outbound
+
+!!! failure "Deprecated in sing-box 1.11.0"
+
+    Moved to [Rule Action](../rule_action#route).
 
 ### Logical Fields
 

docs/configuration/route/rule.zh.md

@@ -1,7 +1,12 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [action](#action)  
+    :material-alert: [outbound](#outbound)
+
 !!! quote "sing-box 1.10.0 中的更改"
 
     :material-plus: [client](#client)  
@@ -127,6 +132,7 @@ icon: material/alert-decagram
         "rule_set_ipcidr_match_source": false,
         "rule_set_ip_cidr_match_source": false,
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       },
       {
@@ -134,6 +140,7 @@ icon: material/alert-decagram
         "mode": "and",
         "rules": [],
         "invert": false,
+        "action": "route",
         "outbound": "direct"
       }
     ]
@@ -355,11 +362,17 @@ icon: material/alert-decagram
 
 反选匹配结果。
 
-#### outbound
+#### action
 
 ==必填==
 
-目标出站的标签。
+参阅 [规则行动](../rule_action/)。
+
+#### outbound
+
+!!! failure "已在 sing-box 1.11.0 废弃"
+
+    已移动到 [规则行动](../rule_action#route).
 
 ### 逻辑字段
 

docs/configuration/route/rule_action.md

@@ -0,0 +1,139 @@
+---
+icon: material/new-box
+---
+
+# Rule Action
+
+!!! question "Since sing-box 1.11.0"
+
+## Final actions
+
+### route
+
+```json
+{
+  "action": "route", // default
+  "outbound": ""
+}
+```
+
+`route` inherits the classic rule behavior of routing connection to the specified outbound.
+
+#### outbound
+
+==Required==
+
+Tag of target outbound.
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "udp_disable_domain_unmapping": false,
+  "udp_connect": false
+}
+```
+
+`route-options` set options for routing.
+
+#### udp_disable_domain_unmapping
+
+If enabled, for UDP proxy requests addressed to a domain,
+the original packet address will be sent in the response instead of the mapped domain.
+
+This option is used for compatibility with clients that
+do not support receiving UDP packets with domain addresses, such as Surge.
+
+#### udp_connect
+
+If enabled, attempts to connect UDP connection to the destination instead of listen.
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default", // default
+  "no_drop": false
+}
+```
+
+`reject` reject connections
+
+The specified method is used for reject tun connections if `sniff` action has not been performed yet.
+
+For non-tun connections and already established connections, will just be closed.
+
+#### method
+
+- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.
+- `drop`: Drop packets.
+
+#### no_drop
+
+If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
+
+Not available when `method` is set to drop.
+
+### hijack-dns
+
+```json
+{
+  "action": "hijack-dns"
+}
+```
+
+`hijack-dns` hijack DNS requests to the sing-box DNS module.
+
+## Non-final actions
+
+### sniff
+
+```json
+{
+  "action": "sniff",
+  "sniffer": [],
+  "timeout": ""
+}
+```
+
+`sniff` performs protocol sniffing on connections.
+
+For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing.
+
+#### sniffer
+
+Enabled sniffers.
+
+All sniffers enabled by default.
+
+Available protocol values an be found on in [Protocol Sniff](../sniff/)
+
+#### timeout
+
+Timeout for sniffing.
+
+`300ms` is used by default.
+
+### resolve
+
+```json
+{
+  "action": "resolve",
+  "strategy": "",
+  "server": ""
+}
+```
+
+`resolve` resolve request destination from domain to IP addresses.
+
+#### strategy
+
+DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.
+
+`dns.strategy` will be used by default.
+
+#### server
+
+Specifies DNS server tag to use instead of selecting through DNS routing.

docs/configuration/route/rule_action.zh.md

@@ -0,0 +1,136 @@
+---
+icon: material/new-box
+---
+
+# 规则动作
+
+!!! question "自 sing-box 1.11.0 起"
+
+## 最终动作
+
+### route
+
+```json
+{
+  "action": "route", // 默认
+  "outbound": "",
+  "udp_disable_domain_unmapping": false
+}
+```
+
+`route` 继承了将连接路由到指定出站的经典规则动作。
+
+#### outbound
+
+==必填==
+
+目标出站的标签。
+
+### route-options
+
+```json
+{
+  "action": "route-options",
+  "udp_disable_domain_unmapping": false,
+    "udp_connect": false
+}
+```
+
+#### udp_disable_domain_unmapping
+
+如果启用，对于地址为域的 UDP 代理请求，将在响应中发送原始包地址而不是映射的域。
+
+此选项用于兼容不支持接收带有域地址的 UDP 包的客户端，如 Surge。
+
+#### udp_connect
+
+如果启用，将尝试将 UDP 连接 connect 到目标而不是 listen。
+
+### reject
+
+```json
+{
+  "action": "reject",
+  "method": "default",  // 默认
+  "no_drop": false
+}
+```
+
+`reject` 拒绝连接。
+
+如果尚未执行 `sniff` 操作，则将使用指定方法拒绝 tun 连接。
+
+对于非 tun 连接和已建立的连接，将直接关闭。
+
+#### method
+
+- `default`: 对于 TCP 连接回复 RST，对于 UDP 包回复 ICMP 端口不可达。
+- `drop`: 丢弃数据包。
+
+#### no_drop
+
+如果未启用，则 30 秒内触发 50 次后，`method` 将被暂时覆盖为 `drop`。
+
+当 `method` 设为 `drop` 时不可用。
+
+### hijack-dns
+
+```json
+{
+  "action": "hijack-dns"
+}
+```
+
+`hijack-dns` 劫持 DNS 请求至 sing-box DNS 模块。
+
+## 非最终动作
+
+### sniff
+
+```json
+{
+  "action": "sniff",
+  "sniffer": [],
+  "timeout": ""
+}
+```
+
+`sniff` 对连接执行协议嗅探。
+
+对于已弃用的 `inbound.sniff` 选项，被视为在路由之前执行的 `sniff`。
+
+#### sniffer
+
+启用的探测器。
+
+默认启用所有探测器。
+
+可用的协议值可以在 [协议嗅探](../sniff/) 中找到。
+
+#### timeout
+
+探测超时时间。
+
+默认使用 300ms。
+
+### resolve
+
+```json
+{
+  "action": "resolve",
+  "strategy": "",
+  "server": ""
+}
+```
+
+`resolve` 将请求的目标从域名解析为 IP 地址。
+
+#### strategy
+
+DNS 解析策略，可用值有：`prefer_ipv4`、`prefer_ipv6`、`ipv4_only`、`ipv6_only`。
+
+默认使用 `dns.strategy`。
+
+#### server
+
+指定要使用的 DNS 服务器的标签，而不是通过 DNS 路由进行选择。