Split platform-specific code, add PreferIPv4, reduce protect log noise

- Move detectDefaultInterface/makeBindToDeviceFunc to box_linux.go with no-op stubs in box_other.go (fixes macOS/Android build) - Enable PreferIPv4 in DNS resolver config - Reduce protect() log verbosity: only log failures, not every call
2026-04-02 02:42:20 +08:00
parent ed8dba5038
commit 6db7098a7b
5 changed files with 45 additions and 32 deletions
--- a/box.go
+++ b/box.go
@@ -4,9 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"os/exec"
-	"strings"
-	"syscall"
 	"time"

 	minidns "github.com/netkits-dev/mini-dns"
@@ -372,28 +369,6 @@ func (b *Box) Close() error {
 var _ N.Dialer = (adapter.Outbound)(nil)

 // detectDefaultInterface returns the name of the default route interface (e.g. "enp1s0").
-func detectDefaultInterface() string {
-	out, err := exec.Command("ip", "route", "show", "default").Output()
-	if err != nil {
-		return ""
-	}
-	fields := strings.Fields(string(out))
-	for i, f := range fields {
-		if f == "dev" && i+1 < len(fields) {
-			return fields[i+1]
-		}
-	}
-	return ""
-}
-
-// makeBindToDeviceFunc returns a ProtectFunc that binds sockets to the given interface,
-// preventing them from being routed through TUN.
-func makeBindToDeviceFunc(ifName string) func(fd int) {
-	return func(fd int) {
-		syscall.SetsockoptString(fd, syscall.SOL_SOCKET, syscall.SO_BINDTODEVICE, ifName)
-	}
-}
-
 func (b *Box) findTailscale() *tailscale.Outbound {
 	if b == nil || b.outbound == nil {
 		return nil
--- a/box_linux.go
+++ b/box_linux.go
@@ -0,0 +1,29 @@
+//go:build linux
+
+package main
+
+import (
+	"os/exec"
+	"strings"
+	"syscall"
+)
+
+func detectDefaultInterface() string {
+	out, err := exec.Command("ip", "route", "show", "default").Output()
+	if err != nil {
+		return ""
+	}
+	fields := strings.Fields(string(out))
+	for i, f := range fields {
+		if f == "dev" && i+1 < len(fields) {
+			return fields[i+1]
+		}
+	}
+	return ""
+}
+
+func makeBindToDeviceFunc(ifName string) func(fd int) {
+	return func(fd int) {
+		syscall.SetsockoptString(fd, syscall.SOL_SOCKET, syscall.SO_BINDTODEVICE, ifName)
+	}
+}
--- a/box_other.go
+++ b/box_other.go
@@ -0,0 +1,7 @@
+//go:build !linux
+
+package main
+
+func detectDefaultInterface() string { return "" }
+
+func makeBindToDeviceFunc(ifName string) func(fd int) { return nil }
--- a/dns/resolver.go
+++ b/dns/resolver.go
@@ -62,7 +62,8 @@ func NewResolver(opts ResolverOptions) *Resolver {
 			Prefetch:   true,
 			ServeStale: true,
 		},
-		Pollution: minidns.PollutionConfig{BogonFilter: true},
+		Pollution:  minidns.PollutionConfig{BogonFilter: true},
+		PreferIPv4: true,
 	}

 	// Append shortcut local rules
--- a/ffi_android.go
+++ b/ffi_android.go
@@ -171,17 +171,18 @@ func Java_com_sing_vpn_MiniSing_nativeStart(env *C.JNIEnv, cls C.jclass, jconfig
 	log.Println("[ffi] setting protect functions")
 	dialer.ProtectFunc = func(fd int) {
 		ok := ProtectFd(fd)
-		log.Printf("[ffi] protect(%d) = %v", fd, ok)
+		if !ok {
+			log.Printf("[ffi] protect(%d) FAILED", fd)
+		}
 	}

 	// Also register with tailscale's netns — tsnet uses its own dialer
 	netns.SetAndroidProtectFunc(func(fd int) error {
-		ok := ProtectFd(fd)
-		log.Printf("[ffi] ts-protect(%d) = %v", fd, ok)
-		if ok {
-			return nil
+		if !ProtectFd(fd) {
+			log.Printf("[ffi] ts-protect(%d) FAILED", fd)
+			return fmt.Errorf("protect(%d) failed", fd)
 		}
-		return fmt.Errorf("protect(%d) failed", fd)
+		return nil
 	})

 	log.Println("[ffi] creating box")