Fix auto_redirect fallback rule
This commit is contained in:
世界
78
tun.go
78
tun.go
@@ -63,47 +63,49 @@ type DarwinTUN interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
DefaultIPRoute2TableIndex = 2022
|
DefaultIPRoute2TableIndex = 2022
|
||||||
DefaultIPRoute2RuleIndex = 9000
|
DefaultIPRoute2RuleIndex = 9000
|
||||||
|
DefaultIPRoute2AutoRedirectFallbackRuleIndex = 32768
|
||||||
)
|
)
|
||||||
|
|
||||||
type Options struct {
|
type Options struct {
|
||||||
Name string
|
Name string
|
||||||
Inet4Address []netip.Prefix
|
Inet4Address []netip.Prefix
|
||||||
Inet6Address []netip.Prefix
|
Inet6Address []netip.Prefix
|
||||||
MTU uint32
|
MTU uint32
|
||||||
GSO bool
|
GSO bool
|
||||||
AutoRoute bool
|
AutoRoute bool
|
||||||
InterfaceScope bool
|
InterfaceScope bool
|
||||||
Inet4Gateway netip.Addr
|
Inet4Gateway netip.Addr
|
||||||
Inet6Gateway netip.Addr
|
Inet6Gateway netip.Addr
|
||||||
DNSServers []netip.Addr
|
DNSServers []netip.Addr
|
||||||
IPRoute2TableIndex int
|
IPRoute2TableIndex int
|
||||||
IPRoute2RuleIndex int
|
IPRoute2RuleIndex int
|
||||||
AutoRedirectMarkMode bool
|
IPRoute2AutoRedirectFallbackRuleIndex int
|
||||||
AutoRedirectInputMark uint32
|
AutoRedirectMarkMode bool
|
||||||
AutoRedirectOutputMark uint32
|
AutoRedirectInputMark uint32
|
||||||
AutoRedirectResetMark uint32
|
AutoRedirectOutputMark uint32
|
||||||
AutoRedirectNFQueue uint16
|
AutoRedirectResetMark uint32
|
||||||
ExcludeMPTCP bool
|
AutoRedirectNFQueue uint16
|
||||||
Inet4LoopbackAddress []netip.Addr
|
ExcludeMPTCP bool
|
||||||
Inet6LoopbackAddress []netip.Addr
|
Inet4LoopbackAddress []netip.Addr
|
||||||
StrictRoute bool
|
Inet6LoopbackAddress []netip.Addr
|
||||||
Inet4RouteAddress []netip.Prefix
|
StrictRoute bool
|
||||||
Inet6RouteAddress []netip.Prefix
|
Inet4RouteAddress []netip.Prefix
|
||||||
Inet4RouteExcludeAddress []netip.Prefix
|
Inet6RouteAddress []netip.Prefix
|
||||||
Inet6RouteExcludeAddress []netip.Prefix
|
Inet4RouteExcludeAddress []netip.Prefix
|
||||||
IncludeInterface []string
|
Inet6RouteExcludeAddress []netip.Prefix
|
||||||
ExcludeInterface []string
|
IncludeInterface []string
|
||||||
IncludeUID []ranges.Range[uint32]
|
ExcludeInterface []string
|
||||||
ExcludeUID []ranges.Range[uint32]
|
IncludeUID []ranges.Range[uint32]
|
||||||
IncludeAndroidUser []int
|
ExcludeUID []ranges.Range[uint32]
|
||||||
IncludePackage []string
|
IncludeAndroidUser []int
|
||||||
ExcludePackage []string
|
IncludePackage []string
|
||||||
InterfaceFinder control.InterfaceFinder
|
ExcludePackage []string
|
||||||
InterfaceMonitor DefaultInterfaceMonitor
|
InterfaceFinder control.InterfaceFinder
|
||||||
FileDescriptor int
|
InterfaceMonitor DefaultInterfaceMonitor
|
||||||
Logger logger.Logger
|
FileDescriptor int
|
||||||
|
Logger logger.Logger
|
||||||
|
|
||||||
// No work for TCP, do not use.
|
// No work for TCP, do not use.
|
||||||
_TXChecksumOffload bool
|
_TXChecksumOffload bool
|
||||||
|
|||||||
18
tun_linux.go
18
tun_linux.go
@@ -3,7 +3,6 @@ package tun
|
|||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
|
||||||
"net"
|
"net"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
"os"
|
"os"
|
||||||
@@ -284,16 +283,6 @@ func (t *NativeTun) Start() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if t.options.IPRoute2TableIndex == 0 {
|
|
||||||
for {
|
|
||||||
t.options.IPRoute2TableIndex = int(rand.Uint32())
|
|
||||||
routeList, fErr := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{Table: t.options.IPRoute2TableIndex}, netlink.RT_FILTER_TABLE)
|
|
||||||
if len(routeList) == 0 || fErr != nil {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err = t.setRoute(tunLink)
|
err = t.setRoute(tunLink)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = t.unsetRoute0(tunLink)
|
_ = t.unsetRoute0(tunLink)
|
||||||
@@ -632,17 +621,16 @@ func (t *NativeTun) rules() []*netlink.Rule {
|
|||||||
}
|
}
|
||||||
// Fallback rules after system default rules (32766: main, 32767: default)
|
// Fallback rules after system default rules (32766: main, 32767: default)
|
||||||
// Only reached when main and default tables have no route
|
// Only reached when main and default tables have no route
|
||||||
const fallbackPriority = 32768
|
|
||||||
if p4 {
|
if p4 {
|
||||||
it = netlink.NewRule()
|
it = netlink.NewRule()
|
||||||
it.Priority = fallbackPriority
|
it.Priority = t.options.IPRoute2AutoRedirectFallbackRuleIndex
|
||||||
it.Table = t.options.IPRoute2TableIndex
|
it.Table = t.options.IPRoute2TableIndex
|
||||||
it.Family = unix.AF_INET
|
it.Family = unix.AF_INET
|
||||||
rules = append(rules, it)
|
rules = append(rules, it)
|
||||||
}
|
}
|
||||||
if p6 {
|
if p6 {
|
||||||
it = netlink.NewRule()
|
it = netlink.NewRule()
|
||||||
it.Priority = fallbackPriority
|
it.Priority = t.options.IPRoute2AutoRedirectFallbackRuleIndex
|
||||||
it.Table = t.options.IPRoute2TableIndex
|
it.Table = t.options.IPRoute2TableIndex
|
||||||
it.Family = unix.AF_INET6
|
it.Family = unix.AF_INET6
|
||||||
rules = append(rules, it)
|
rules = append(rules, it)
|
||||||
@@ -1020,7 +1008,7 @@ func (t *NativeTun) unsetRules() error {
|
|||||||
for _, rule := range ruleList {
|
for _, rule := range ruleList {
|
||||||
ruleStart := t.options.IPRoute2RuleIndex
|
ruleStart := t.options.IPRoute2RuleIndex
|
||||||
ruleEnd := ruleStart + 10
|
ruleEnd := ruleStart + 10
|
||||||
if rule.Priority >= ruleStart && rule.Priority <= ruleEnd {
|
if rule.Priority >= ruleStart && rule.Priority <= ruleEnd || (t.options.AutoRedirectMarkMode && rule.Priority == t.options.IPRoute2AutoRedirectFallbackRuleIndex) {
|
||||||
ruleToDel := netlink.NewRule()
|
ruleToDel := netlink.NewRule()
|
||||||
ruleToDel.Family = rule.Family
|
ruleToDel.Family = rule.Family
|
||||||
ruleToDel.Priority = rule.Priority
|
ruleToDel.Priority = rule.Priority
|
||||||
|
|||||||
Reference in New Issue
Block a user