Fix auto_redirect fallback rule

2026-01-29 11:41:27 +08:00
parent e88ed52dbc
commit 1d02d635b9
2 changed files with 43 additions and 53 deletions
--- a/tun.go
+++ b/tun.go
@@ -63,47 +63,49 @@ type DarwinTUN interface {
 }

 const (
-	DefaultIPRoute2TableIndex = 2022
-	DefaultIPRoute2RuleIndex  = 9000
+	DefaultIPRoute2TableIndex                    = 2022
+	DefaultIPRoute2RuleIndex                     = 9000
+	DefaultIPRoute2AutoRedirectFallbackRuleIndex = 32768
 )

 type Options struct {
-	Name                     string
-	Inet4Address             []netip.Prefix
-	Inet6Address             []netip.Prefix
-	MTU                      uint32
-	GSO                      bool
-	AutoRoute                bool
-	InterfaceScope           bool
-	Inet4Gateway             netip.Addr
-	Inet6Gateway             netip.Addr
-	DNSServers               []netip.Addr
-	IPRoute2TableIndex       int
-	IPRoute2RuleIndex        int
-	AutoRedirectMarkMode     bool
-	AutoRedirectInputMark    uint32
-	AutoRedirectOutputMark   uint32
-	AutoRedirectResetMark    uint32
-	AutoRedirectNFQueue      uint16
-	ExcludeMPTCP             bool
-	Inet4LoopbackAddress     []netip.Addr
-	Inet6LoopbackAddress     []netip.Addr
-	StrictRoute              bool
-	Inet4RouteAddress        []netip.Prefix
-	Inet6RouteAddress        []netip.Prefix
-	Inet4RouteExcludeAddress []netip.Prefix
-	Inet6RouteExcludeAddress []netip.Prefix
-	IncludeInterface         []string
-	ExcludeInterface         []string
-	IncludeUID               []ranges.Range[uint32]
-	ExcludeUID               []ranges.Range[uint32]
-	IncludeAndroidUser       []int
-	IncludePackage           []string
-	ExcludePackage           []string
-	InterfaceFinder          control.InterfaceFinder
-	InterfaceMonitor         DefaultInterfaceMonitor
-	FileDescriptor           int
-	Logger                   logger.Logger
+	Name                                  string
+	Inet4Address                          []netip.Prefix
+	Inet6Address                          []netip.Prefix
+	MTU                                   uint32
+	GSO                                   bool
+	AutoRoute                             bool
+	InterfaceScope                        bool
+	Inet4Gateway                          netip.Addr
+	Inet6Gateway                          netip.Addr
+	DNSServers                            []netip.Addr
+	IPRoute2TableIndex                    int
+	IPRoute2RuleIndex                     int
+	IPRoute2AutoRedirectFallbackRuleIndex int
+	AutoRedirectMarkMode                  bool
+	AutoRedirectInputMark                 uint32
+	AutoRedirectOutputMark                uint32
+	AutoRedirectResetMark                 uint32
+	AutoRedirectNFQueue                   uint16
+	ExcludeMPTCP                          bool
+	Inet4LoopbackAddress                  []netip.Addr
+	Inet6LoopbackAddress                  []netip.Addr
+	StrictRoute                           bool
+	Inet4RouteAddress                     []netip.Prefix
+	Inet6RouteAddress                     []netip.Prefix
+	Inet4RouteExcludeAddress              []netip.Prefix
+	Inet6RouteExcludeAddress              []netip.Prefix
+	IncludeInterface                      []string
+	ExcludeInterface                      []string
+	IncludeUID                            []ranges.Range[uint32]
+	ExcludeUID                            []ranges.Range[uint32]
+	IncludeAndroidUser                    []int
+	IncludePackage                        []string
+	ExcludePackage                        []string
+	InterfaceFinder                       control.InterfaceFinder
+	InterfaceMonitor                      DefaultInterfaceMonitor
+	FileDescriptor                        int
+	Logger                                logger.Logger

 	// No work for TCP, do not use.
 	_TXChecksumOffload bool
--- a/tun_linux.go
+++ b/tun_linux.go
@@ -3,7 +3,6 @@ package tun
 import (
 	"errors"
 	"fmt"
-	"math/rand"
 	"net"
 	"net/netip"
 	"os"
@@ -284,16 +283,6 @@ func (t *NativeTun) Start() error {
 		return nil
 	}

-	if t.options.IPRoute2TableIndex == 0 {
-		for {
-			t.options.IPRoute2TableIndex = int(rand.Uint32())
-			routeList, fErr := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{Table: t.options.IPRoute2TableIndex}, netlink.RT_FILTER_TABLE)
-			if len(routeList) == 0 || fErr != nil {
-				break
-			}
-		}
-	}
-
 	err = t.setRoute(tunLink)
 	if err != nil {
 		_ = t.unsetRoute0(tunLink)
@@ -632,17 +621,16 @@ func (t *NativeTun) rules() []*netlink.Rule {
 		}
 		// Fallback rules after system default rules (32766: main, 32767: default)
 		// Only reached when main and default tables have no route
-		const fallbackPriority = 32768
 		if p4 {
 			it = netlink.NewRule()
-			it.Priority = fallbackPriority
+			it.Priority = t.options.IPRoute2AutoRedirectFallbackRuleIndex
 			it.Table = t.options.IPRoute2TableIndex
 			it.Family = unix.AF_INET
 			rules = append(rules, it)
 		}
 		if p6 {
 			it = netlink.NewRule()
-			it.Priority = fallbackPriority
+			it.Priority = t.options.IPRoute2AutoRedirectFallbackRuleIndex
 			it.Table = t.options.IPRoute2TableIndex
 			it.Family = unix.AF_INET6
 			rules = append(rules, it)
@@ -1020,7 +1008,7 @@ func (t *NativeTun) unsetRules() error {
 		for _, rule := range ruleList {
 			ruleStart := t.options.IPRoute2RuleIndex
 			ruleEnd := ruleStart + 10
-			if rule.Priority >= ruleStart && rule.Priority <= ruleEnd {
+			if rule.Priority >= ruleStart && rule.Priority <= ruleEnd || (t.options.AutoRedirectMarkMode && rule.Priority == t.options.IPRoute2AutoRedirectFallbackRuleIndex) {
 				ruleToDel := netlink.NewRule()
 				ruleToDel.Family = rule.Family
 				ruleToDel.Priority = rule.Priority