Add checksum offload stub

.gitignore

@@ -1,3 +1,2 @@
 /.idea/
 /vendor/
-.DS_Store

go.mod

@@ -5,12 +5,13 @@ go 1.18
 require (
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-ole/go-ole v1.3.0
-	github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f
-	github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba
-	github.com/sagernet/sing v0.4.1
+	github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e
+	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97
+	github.com/sagernet/sing v0.3.0-beta.3
+	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
-	golang.org/x/net v0.26.0
-	golang.org/x/sys v0.21.0
+	golang.org/x/net v0.19.0
+	golang.org/x/sys v0.15.0
 )
 
 require (

go.sum

@@ -6,23 +6,25 @@ github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f h1:NkhuupzH5ch7b/Y/6ZHJWrnNLoiNnSJaow6DPb8VW2I=
-github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f/go.mod h1:KXmw+ouSJNOsuRpg4wgwwCQuunrGz4yoAqQjsLjc6N0=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba h1:EY5AS7CCtfmARNv2zXUOrsEMPFDGYxaw65JzA2p51Vk=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
-github.com/sagernet/sing v0.4.1 h1:zVlpE+7k7AFoC2pv6ReqLf0PIHjihL/jsBl5k05PQFk=
-github.com/sagernet/sing v0.4.1/go.mod h1:ieZHA/+Y9YZfXs2I3WtuwgyCZ6GPsIR7HdKb1SdEnls=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE=
+github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/sing v0.3.0-beta.3 h1:E2xBoJUducK/FE6EwMk95Rt2bkXeht9l1BTYRui+DXs=
+github.com/sagernet/sing v0.3.0-beta.3/go.mod h1:9pfuAH6mZfgnz/YjP6xu5sxx882rfyjpcrTdUpd6w3g=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

internal/winfw/winfw.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/go-ole/go-ole"
 	"github.com/go-ole/go-ole/oleutil"
+	"github.com/scjalliance/comshim"
 )
 
 // Firewall related API constants.
@@ -249,10 +250,7 @@ func FirewallRuleExistsByName(rules *ole.IDispatch, name string) (bool, error) {
 // then:
 // dispatch firewallAPIRelease(u, fwp)
 func firewallAPIInit() (*ole.IUnknown, *ole.IDispatch, error) {
-	err := ole.CoInitializeEx(0, ole.COINIT_MULTITHREADED)
-	if err != nil {
-		return nil, nil, fmt.Errorf("Failed to initialize COM: %s", err)
-	}
+	comshim.Add(1)
 
 	unknown, err := oleutil.CreateObject("HNetCfg.FwPolicy2")
 	if err != nil {
@@ -272,5 +270,5 @@ func firewallAPIInit() (*ole.IUnknown, *ole.IDispatch, error) {
 func firewallAPIRelease(u *ole.IUnknown, fwp *ole.IDispatch) {
 	fwp.Release()
 	u.Release()
-	ole.CoUninitialize()
+	comshim.Done()
 }

monitor_darwin.go

@@ -42,7 +42,7 @@ func (m *networkUpdateMonitor) loopUpdate() {
 		select {
 		case <-m.done:
 			return
-		default:
+		case <-time.After(time.Second):
 		}
 		err := m.loopUpdate0()
 		if err != nil {
@@ -57,31 +57,17 @@ func (m *networkUpdateMonitor) loopUpdate0() error {
 	if err != nil {
 		return err
 	}
-	err = unix.SetNonblock(routeSocket, true)
-	if err != nil {
-		unix.Close(routeSocket)
-		return err
-	}
 	routeSocketFile := os.NewFile(uintptr(routeSocket), "route")
-	defer routeSocketFile.Close()
 	m.routeSocketFile = routeSocketFile
 	m.loopUpdate1(routeSocketFile)
 	return nil
 }
 
 func (m *networkUpdateMonitor) loopUpdate1(routeSocketFile *os.File) {
+	defer routeSocketFile.Close()
 	buffer := buf.NewPacket()
 	defer buffer.Release()
-	done := make(chan struct{})
-	go func() {
-		select {
-		case <-m.done:
-			routeSocketFile.Close()
-		case <-done:
-		}
-	}()
 	n, err := routeSocketFile.Read(buffer.FreeBytes())
-	close(done)
 	if err != nil {
 		return
 	}
@@ -106,59 +92,57 @@ func (m *networkUpdateMonitor) Close() error {
 }
 
 func (m *defaultInterfaceMonitor) checkUpdate() error {
-	var (
-		defaultInterface *net.Interface
-		err              error
-	)
-	if m.options.UnderNetworkExtension {
-		defaultInterface, err = getDefaultInterfaceBySocket()
+	ribMessage, err := route.FetchRIB(unix.AF_UNSPEC, route.RIBTypeRoute, 0)
+	if err != nil {
+		return err
+	}
+	routeMessages, err := route.ParseRIB(route.RIBTypeRoute, ribMessage)
+	if err != nil {
+		return err
+	}
+	var defaultInterface *net.Interface
+	for _, rawRouteMessage := range routeMessages {
+		routeMessage := rawRouteMessage.(*route.RouteMessage)
+		if len(routeMessage.Addrs) <= unix.RTAX_NETMASK {
+			continue
+		}
+		destination, isIPv4Destination := routeMessage.Addrs[unix.RTAX_DST].(*route.Inet4Addr)
+		if !isIPv4Destination {
+			continue
+		}
+		if destination.IP != netip.IPv4Unspecified().As4() {
+			continue
+		}
+		mask, isIPv4Mask := routeMessage.Addrs[unix.RTAX_NETMASK].(*route.Inet4Addr)
+		if !isIPv4Mask {
+			continue
+		}
+		ones, _ := net.IPMask(mask.IP[:]).Size()
+		if ones != 0 {
+			continue
+		}
+		routeInterface, err := net.InterfaceByIndex(routeMessage.Index)
 		if err != nil {
 			return err
 		}
-	} else {
-		ribMessage, err := route.FetchRIB(unix.AF_UNSPEC, route.RIBTypeRoute, 0)
-		if err != nil {
-			return err
+		if routeMessage.Flags&unix.RTF_UP == 0 {
+			continue
 		}
-		routeMessages, err := route.ParseRIB(route.RIBTypeRoute, ribMessage)
-		if err != nil {
-			return err
+		if routeMessage.Flags&unix.RTF_GATEWAY == 0 {
+			continue
 		}
-		for _, rawRouteMessage := range routeMessages {
-			routeMessage := rawRouteMessage.(*route.RouteMessage)
-			if len(routeMessage.Addrs) <= unix.RTAX_NETMASK {
-				continue
-			}
-			destination, isIPv4Destination := routeMessage.Addrs[unix.RTAX_DST].(*route.Inet4Addr)
-			if !isIPv4Destination {
-				continue
-			}
-			if destination.IP != netip.IPv4Unspecified().As4() {
-				continue
-			}
-			mask, isIPv4Mask := routeMessage.Addrs[unix.RTAX_NETMASK].(*route.Inet4Addr)
-			if !isIPv4Mask {
-				continue
-			}
-			ones, _ := net.IPMask(mask.IP[:]).Size()
-			if ones != 0 {
-				continue
-			}
-			routeInterface, err := net.InterfaceByIndex(routeMessage.Index)
+		if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {
+			// continue
+		}
+		defaultInterface = routeInterface
+		break
+	}
+	if defaultInterface == nil {
+		if m.options.UnderNetworkExtension {
+			defaultInterface, err = getDefaultInterfaceBySocket()
 			if err != nil {
 				return err
 			}
-			if routeMessage.Flags&unix.RTF_UP == 0 {
-				continue
-			}
-			if routeMessage.Flags&unix.RTF_GATEWAY == 0 {
-				continue
-			}
-			if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {
-				// continue
-			}
-			defaultInterface = routeInterface
-			break
 		}
 	}
 	if defaultInterface == nil {
@@ -186,8 +170,6 @@ func getDefaultInterfaceBySocket() (*net.Interface, error) {
 		Port: 80,
 	})
 	result := make(chan netip.Addr, 1)
-	done := make(chan struct{})
-	defer close(done)
 	go func() {
 		for {
 			sockname, sockErr := unix.Getsockname(socketFd)
@@ -200,13 +182,8 @@ func getDefaultInterfaceBySocket() (*net.Interface, error) {
 			}
 			addr := netip.AddrFrom4(sockaddr.Addr)
 			if addr.IsUnspecified() {
-				select {
-				case <-done:
-					break
-				default:
-					time.Sleep(10 * time.Millisecond)
-					continue
-				}
+				time.Sleep(time.Millisecond)
+				continue
 			}
 			result <- addr
 			break
@@ -216,7 +193,7 @@ func getDefaultInterfaceBySocket() (*net.Interface, error) {
 	select {
 	case selectedAddr = <-result:
 	case <-time.After(time.Second):
-		return nil, nil
+		return nil, os.ErrDeadlineExceeded
 	}
 	interfaces, err := net.Interfaces()
 	if err != nil {

monitor_linux.go

@@ -4,7 +4,6 @@ import (
 	"os"
 	"runtime"
 	"sync"
-	"time"
 
 	"github.com/sagernet/netlink"
 	E "github.com/sagernet/sing/common/exceptions"
@@ -68,9 +67,6 @@ func (m *networkUpdateMonitor) Start() error {
 }
 
 func (m *networkUpdateMonitor) loopUpdate() {
-	const minDuration = time.Second
-	timer := time.NewTimer(minDuration)
-	defer timer.Stop()
 	for {
 		select {
 		case <-m.close:
@@ -79,12 +75,6 @@ func (m *networkUpdateMonitor) loopUpdate() {
 		case <-m.linkUpdate:
 		}
 		m.emit()
-		select {
-		case <-m.close:
-			return
-		case <-timer.C:
-			timer.Reset(minDuration)
-		}
 	}
 }
 

monitor_shared.go

@@ -42,9 +42,7 @@ type defaultInterfaceMonitor struct {
 	defaultInterfaceName  string
 	defaultInterfaceIndex int
 	androidVPNEnabled     bool
-	noRoute               bool
 	networkMonitor        NetworkUpdateMonitor
-	checkUpdateTimer      *time.Timer
 	element               *list.Element[NetworkUpdateCallback]
 	access                sync.Mutex
 	callbacks             list.List[DefaultInterfaceUpdateCallback]
@@ -73,30 +71,16 @@ func (m *defaultInterfaceMonitor) Start() error {
 }
 
 func (m *defaultInterfaceMonitor) delayCheckUpdate() {
-	if m.checkUpdateTimer == nil {
-		m.checkUpdateTimer = time.AfterFunc(time.Second, m.postCheckUpdate)
-	} else {
-		m.checkUpdateTimer.Reset(time.Second)
-	}
-}
-
-func (m *defaultInterfaceMonitor) postCheckUpdate() {
+	time.Sleep(time.Second)
 	err := m.updateInterfaces()
 	if err != nil {
 		m.logger.Error("update interfaces: ", err)
 	}
 	err = m.checkUpdate()
 	if errors.Is(err, ErrNoRoute) {
-		if !m.noRoute {
-			m.noRoute = true
-			m.defaultInterfaceName = ""
-			m.defaultInterfaceIndex = -1
-			m.emit(EventNoRoute)
-		}
-	} else if err != nil {
-		m.logger.Error("check interface: ", err)
-	} else {
-		m.noRoute = false
+		m.defaultInterfaceName = ""
+		m.defaultInterfaceIndex = -1
+		m.emit(EventNoRoute)
 	}
 }
 
@@ -143,6 +127,9 @@ func (m *defaultInterfaceMonitor) DefaultInterfaceName(destination netip.Addr) s
 			}
 		}
 	}
+	if m.defaultInterfaceIndex == -1 {
+		m.checkUpdate()
+	}
 	return m.defaultInterfaceName
 }
 
@@ -154,6 +141,9 @@ func (m *defaultInterfaceMonitor) DefaultInterfaceIndex(destination netip.Addr)
 			}
 		}
 	}
+	if m.defaultInterfaceIndex == -1 {
+		m.checkUpdate()
+	}
 	return m.defaultInterfaceIndex
 }
 
@@ -165,6 +155,9 @@ func (m *defaultInterfaceMonitor) DefaultInterface(destination netip.Addr) (stri
 			}
 		}
 	}
+	if m.defaultInterfaceIndex == -1 {
+		m.checkUpdate()
+	}
 	return m.defaultInterfaceName, m.defaultInterfaceIndex
 }
 

stack.go

@@ -25,7 +25,6 @@ type StackOptions struct {
 	Handler                Handler
 	Logger                 logger.Logger
 	ForwarderBindInterface bool
-	IncludeAllNetworks     bool
 	InterfaceFinder        control.InterfaceFinder
 }
 
@@ -35,9 +34,7 @@ func NewStack(
 ) (Stack, error) {
 	switch stack {
 	case "":
-		if options.IncludeAllNetworks {
-			return NewGVisor(options)
-		} else if WithGVisor && !options.TunOptions.GSO {
+		if WithGVisor && !options.TunOptions.GSO {
 			return NewMixed(options)
 		} else {
 			return NewSystem(options)
@@ -45,14 +42,8 @@ func NewStack(
 	case "gvisor":
 		return NewGVisor(options)
 	case "mixed":
-		if options.IncludeAllNetworks {
-			return nil, ErrIncludeAllNetworks
-		}
 		return NewMixed(options)
 	case "system":
-		if options.IncludeAllNetworks {
-			return nil, ErrIncludeAllNetworks
-		}
 		return NewSystem(options)
 	default:
 		return nil, E.New("unknown stack: ", stack)

stack_gvisor.go

@@ -122,7 +122,7 @@ func (t *GVisor) Start() error {
 			if err != nil {
 				return
 			}
-			udpConn := gonet.NewUDPConn(&wq, endpoint)
+			udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint)
 			lAddr := udpConn.RemoteAddr()
 			rAddr := udpConn.LocalAddr()
 			if lAddr == nil || rAddr == nil {

stack_gvisor_filter.go

@@ -32,7 +32,7 @@ type networkDispatcherFilter struct {
 	writer           N.VectorisedWriter
 }
 
-func (w *networkDispatcherFilter) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
+func (w *networkDispatcherFilter) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt stack.PacketBufferPtr) {
 	var network header.Network
 	if protocol == header.IPv4ProtocolNumber {
 		if headerPackets, loaded := pkt.Data().PullUp(header.IPv4MinimumSize); loaded {

stack_gvisor_udp.go

@@ -42,7 +42,7 @@ func NewUDPForwarder(ctx context.Context, stack *stack.Stack, handler Handler, u
 	}
 }
 
-func (f *UDPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.PacketBuffer) bool {
+func (f *UDPForwarder) HandlePacket(id stack.TransportEndpointID, pkt stack.PacketBufferPtr) bool {
 	var upstreamMetadata M.Metadata
 	upstreamMetadata.Source = M.SocksaddrFrom(AddrFromAddress(id.RemoteAddress), id.RemotePort)
 	upstreamMetadata.Destination = M.SocksaddrFrom(AddrFromAddress(id.LocalAddress), id.LocalPort)
@@ -174,7 +174,7 @@ func (c *gUDPConn) Close() error {
 	return c.UDPConn.Close()
 }
 
-func gWriteUnreachable(gStack *stack.Stack, packet *stack.PacketBuffer, err error) (retErr error) {
+func gWriteUnreachable(gStack *stack.Stack, packet stack.PacketBufferPtr, err error) (retErr error) {
 	if errors.Is(err, syscall.ENETUNREACH) {
 		if packet.NetworkProtocolNumber == header.IPv4ProtocolNumber {
 			return gWriteUnreachable4(gStack, packet, stack.RejectIPv4WithICMPNetUnreachable)
@@ -197,7 +197,7 @@ func gWriteUnreachable(gStack *stack.Stack, packet *stack.PacketBuffer, err erro
 	return nil
 }
 
-func gWriteUnreachable4(gStack *stack.Stack, packet *stack.PacketBuffer, icmpCode stack.RejectIPv4WithICMPType) error {
+func gWriteUnreachable4(gStack *stack.Stack, packet stack.PacketBufferPtr, icmpCode stack.RejectIPv4WithICMPType) error {
 	err := gStack.NetworkProtocolInstance(header.IPv4ProtocolNumber).(stack.RejectIPv4WithHandler).SendRejectionError(packet, icmpCode, true)
 	if err != nil {
 		return wrapStackError(err)
@@ -205,7 +205,7 @@ func gWriteUnreachable4(gStack *stack.Stack, packet *stack.PacketBuffer, icmpCod
 	return nil
 }
 
-func gWriteUnreachable6(gStack *stack.Stack, packet *stack.PacketBuffer, icmpCode stack.RejectIPv6WithICMPType) error {
+func gWriteUnreachable6(gStack *stack.Stack, packet stack.PacketBufferPtr, icmpCode stack.RejectIPv6WithICMPType) error {
 	err := gStack.NetworkProtocolInstance(header.IPv6ProtocolNumber).(stack.RejectIPv6WithHandler).SendRejectionError(packet, icmpCode, true)
 	if err != nil {
 		return wrapStackError(err)

stack_mixed.go

@@ -56,7 +56,7 @@ func (m *Mixed) Start() error {
 			if err != nil {
 				return
 			}
-			udpConn := gonet.NewUDPConn(&wq, endpoint)
+			udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint)
 			lAddr := udpConn.RemoteAddr()
 			rAddr := udpConn.LocalAddr()
 			if lAddr == nil || rAddr == nil {

stack_system.go

@@ -18,8 +18,6 @@ import (
 	"github.com/sagernet/sing/common/udpnat"
 )
 
-var ErrIncludeAllNetworks = E.New("`system` and `mixed` stack are not available when `includeAllNetworks` is enabled. See https://github.com/SagerNet/sing-tun/issues/25")
-
 type System struct {
 	ctx                context.Context
 	tun                Tun
@@ -113,9 +111,9 @@ func (s *System) start() error {
 	var listener net.ListenConfig
 	if s.bindInterface {
 		listener.Control = control.Append(listener.Control, func(network, address string, conn syscall.RawConn) error {
-			bindErr := control.BindToInterface0(s.interfaceFinder, conn, network, address, s.tunName, -1, true)
-			if bindErr != nil {
-				s.logger.Warn("bind forwarder to interface: ", bindErr)
+			err := control.BindToInterface(s.interfaceFinder, s.tunName, -1)(network, address, conn)
+			if err != nil {
+				s.logger.Warn("bind forwarder to interface: ", err)
 			}
 			return nil
 		})

tun.go

@@ -85,7 +85,7 @@ func CalculateInterfaceName(name string) (tunName string) {
 	for _, netInterface := range interfaces {
 		if strings.HasPrefix(netInterface.Name, tunName) {
 			index, parseErr := strconv.ParseInt(netInterface.Name[len(tunName):], 10, 16)
-			if parseErr == nil && int(index) >= tunIndex {
+			if parseErr == nil {
 				tunIndex = int(index) + 1
 			}
 		}

tun_darwin_gvisor.go

@@ -102,10 +102,10 @@ func (e *DarwinEndpoint) ARPHardwareType() header.ARPHardwareType {
 	return header.ARPHardwareNone
 }
 
-func (e *DarwinEndpoint) AddHeader(buffer *stack.PacketBuffer) {
+func (e *DarwinEndpoint) AddHeader(buffer stack.PacketBufferPtr) {
 }
 
-func (e *DarwinEndpoint) ParseHeader(ptr *stack.PacketBuffer) bool {
+func (e *DarwinEndpoint) ParseHeader(ptr stack.PacketBufferPtr) bool {
 	return true
 }
 

tun_linux.go

@@ -136,13 +136,11 @@ func (t *NativeTun) BatchSize() int {
 	if !t.gsoEnabled {
 		return 1
 	}
-	/* // Not works on some devices: https://github.com/SagerNet/sing-box/issues/1605
 	batchSize := int(gsoMaxSize/t.options.MTU) * 2
 	if batchSize > idealBatchSize {
 		batchSize = idealBatchSize
 	}
-	return batchSize*/
-	return idealBatchSize
+	return batchSize
 }
 
 func (t *NativeTun) BatchRead(buffers [][]byte, offset int, readN []int) (n int, err error) {
@@ -273,7 +271,7 @@ func (t *NativeTun) configure(tunLink netlink.Link) error {
 		_ = setChecksumOffload(t.options.Name, unix.ETHTOOL_SRXCSUM)
 	}
 
-	if t.options._TXChecksumOffload {
+	if !t.options._TXChecksumOffload {
 		var txChecksumOffload bool
 		txChecksumOffload, err = checkChecksumOffload(t.options.Name, unix.ETHTOOL_GTXCSUM)
 		if err != nil {
@@ -452,6 +450,14 @@ func (t *NativeTun) rules() []*netlink.Rule {
 				it.Family = unix.AF_INET
 				rules = append(rules, it)
 				priority++
+
+				it = netlink.NewRule()
+				it.Priority = priority
+				it.OifName = includeInterface
+				it.Goto = matchPriority
+				it.Family = unix.AF_INET
+				rules = append(rules, it)
+				priority++
 			}
 			if p6 {
 				it = netlink.NewRule()
@@ -461,6 +467,14 @@ func (t *NativeTun) rules() []*netlink.Rule {
 				it.Family = unix.AF_INET6
 				rules = append(rules, it)
 				priority6++
+
+				it = netlink.NewRule()
+				it.Priority = priority6
+				it.OifName = includeInterface
+				it.Goto = matchPriority
+				it.Family = unix.AF_INET6
+				rules = append(rules, it)
+				priority6++
 			}
 		}
 		if p4 {
@@ -501,6 +515,14 @@ func (t *NativeTun) rules() []*netlink.Rule {
 				it.Family = unix.AF_INET
 				rules = append(rules, it)
 				priority++
+
+				it = netlink.NewRule()
+				it.Priority = priority
+				it.OifName = excludeInterface
+				it.Goto = nopPriority
+				it.Family = unix.AF_INET
+				rules = append(rules, it)
+				priority++
 			}
 			if p6 {
 				it = netlink.NewRule()
@@ -510,6 +532,14 @@ func (t *NativeTun) rules() []*netlink.Rule {
 				it.Family = unix.AF_INET6
 				rules = append(rules, it)
 				priority6++
+
+				it = netlink.NewRule()
+				it.Priority = priority6
+				it.OifName = excludeInterface
+				it.Goto = nopPriority
+				it.Family = unix.AF_INET6
+				rules = append(rules, it)
+				priority6++
 			}
 		}
 	}
@@ -572,34 +602,16 @@ func (t *NativeTun) rules() []*netlink.Rule {
 				rules = append(rules, it)
 			}
 			priority++
-
+		}
+		/*if p6 {
 			it = netlink.NewRule()
 			it.Priority = priority
-			it.Table = t.options.TableIndex
-			it.SuppressPrefixlen = 0
-			it.Family = unix.AF_INET
-			rules = append(rules, it)
-			priority++
-		}
-		if p6 {
-			it = netlink.NewRule()
-			it.Priority = priority6
-			it.Table = t.options.TableIndex
-			it.SuppressPrefixlen = 0
+			it.Dst = t.options.Inet6Address.Masked()
+			it.Table = tunTableIndex
 			it.Family = unix.AF_INET6
 			rules = append(rules, it)
-			priority6++
-		}
-		if p4 && !t.options.StrictRoute {
-			it = netlink.NewRule()
-			it.Priority = priority
-			it.Invert = true
-			it.Dport = netlink.NewRulePortRange(53, 53)
-			it.Table = unix.RT_TABLE_MAIN
-			it.SuppressPrefixlen = 0
-			it.Family = unix.AF_INET
-			rules = append(rules, it)
-
+		}*/
+		if p4 {
 			it = netlink.NewRule()
 			it.Priority = priority
 			it.IPProto = syscall.IPPROTO_ICMP
@@ -608,7 +620,26 @@ func (t *NativeTun) rules() []*netlink.Rule {
 			rules = append(rules, it)
 			priority++
 		}
-		if p6 && !t.options.StrictRoute {
+		if p6 {
+			it = netlink.NewRule()
+			it.Priority = priority6
+			it.IPProto = syscall.IPPROTO_ICMPV6
+			it.Goto = nopPriority
+			it.Family = unix.AF_INET6
+			rules = append(rules, it)
+			priority6++
+		}
+		if p4 {
+			it = netlink.NewRule()
+			it.Priority = priority
+			it.Invert = true
+			it.Dport = netlink.NewRulePortRange(53, 53)
+			it.Table = unix.RT_TABLE_MAIN
+			it.SuppressPrefixlen = 0
+			it.Family = unix.AF_INET
+			rules = append(rules, it)
+		}
+		if p6 {
 			it = netlink.NewRule()
 			it.Priority = priority6
 			it.Invert = true
@@ -617,14 +648,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
 			it.SuppressPrefixlen = 0
 			it.Family = unix.AF_INET6
 			rules = append(rules, it)
-
-			it = netlink.NewRule()
-			it.Priority = priority6
-			it.IPProto = syscall.IPPROTO_ICMPV6
-			it.Goto = nopPriority
-			it.Family = unix.AF_INET6
-			rules = append(rules, it)
-			priority6++
 		}
 	}
 
@@ -827,9 +850,9 @@ func (t *NativeTun) setSearchDomainForSystemdResolved() {
 	if len(t.options.Inet6Address) > 0 {
 		dnsServer = append(dnsServer, t.options.Inet6Address[0].Addr().Next())
 	}
-	go shell.Exec(ctlPath, "domain", t.options.Name, "~.").Run()
+	shell.Exec(ctlPath, "domain", t.options.Name, "~.").Start()
 	if t.options.AutoRoute {
-		go shell.Exec(ctlPath, "default-route", t.options.Name, "true").Run()
-		go shell.Exec(ctlPath, append([]string{"dns", t.options.Name}, common.Map(dnsServer, netip.Addr.String)...)...).Run()
+		shell.Exec(ctlPath, "default-route", t.options.Name, "true").Start()
+		shell.Exec(ctlPath, append([]string{"dns", t.options.Name}, common.Map(dnsServer, netip.Addr.String)...)...).Start()
 	}
 }

tun_rules.go

@@ -109,13 +109,6 @@ func (o *Options) BuildAutoRouteRanges(underNetworkExtension bool) ([]netip.Pref
 		var inet4Ranges []netip.Prefix
 		if len(o.Inet4RouteAddress) > 0 {
 			inet4Ranges = o.Inet4RouteAddress
-			if runtime.GOOS == "darwin" {
-				for _, address := range o.Inet4Address {
-					if address.Bits() < 32 {
-						inet4Ranges = append(inet4Ranges, address.Masked())
-					}
-				}
-			}
 		} else if autoRouteUseSubRanges && !underNetworkExtension {
 			inet4Ranges = []netip.Prefix{
 				netip.PrefixFrom(netip.AddrFrom4([4]byte{0: 1}), 8),
@@ -151,13 +144,6 @@ func (o *Options) BuildAutoRouteRanges(underNetworkExtension bool) ([]netip.Pref
 		var inet6Ranges []netip.Prefix
 		if len(o.Inet6RouteAddress) > 0 {
 			inet6Ranges = o.Inet6RouteAddress
-			if runtime.GOOS == "darwin" {
-				for _, address := range o.Inet6Address {
-					if address.Bits() < 32 {
-						inet6Ranges = append(inet6Ranges, address.Masked())
-					}
-				}
-			}
 		} else if autoRouteUseSubRanges && !underNetworkExtension {
 			inet6Ranges = []netip.Prefix{
 				netip.PrefixFrom(netip.AddrFrom16([16]byte{0: 1}), 8),

tun_windows.go

@@ -9,6 +9,7 @@ import (
 	"net/netip"
 	"os"
 	"sync"
+	"sync/atomic"
 	"time"
 	"unsafe"
 
@@ -16,7 +17,6 @@ import (
 	"github.com/sagernet/sing-tun/internal/winsys"
 	"github.com/sagernet/sing-tun/internal/wintun"
 	"github.com/sagernet/sing/common"
-	"github.com/sagernet/sing/common/atomic"
 	"github.com/sagernet/sing/common/buf"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/windnsapi"
@@ -34,7 +34,7 @@ type NativeTun struct {
 	rate        rateJuggler
 	running     sync.WaitGroup
 	closeOnce   sync.Once
-	close       atomic.Int32
+	close       int32
 	fwpmSession uintptr
 }
 
@@ -334,13 +334,13 @@ func (t *NativeTun) ReadPacket() ([]byte, func(), error) {
 	t.running.Add(1)
 	defer t.running.Done()
 retry:
-	if t.close.Load() == 1 {
+	if atomic.LoadInt32(&t.close) == 1 {
 		return nil, nil, os.ErrClosed
 	}
 	start := nanotime()
-	shouldSpin := t.rate.current.Load() >= spinloopRateThreshold && uint64(start-t.rate.nextStartTime.Load()) <= rateMeasurementGranularity*2
+	shouldSpin := atomic.LoadUint64(&t.rate.current) >= spinloopRateThreshold && uint64(start-atomic.LoadInt64(&t.rate.nextStartTime)) <= rateMeasurementGranularity*2
 	for {
-		if t.close.Load() == 1 {
+		if atomic.LoadInt32(&t.close) == 1 {
 			return nil, nil, os.ErrClosed
 		}
 		packet, err := t.session.ReceivePacket()
@@ -369,13 +369,13 @@ func (t *NativeTun) ReadFunc(block func(b []byte)) error {
 	t.running.Add(1)
 	defer t.running.Done()
 retry:
-	if t.close.Load() == 1 {
+	if atomic.LoadInt32(&t.close) == 1 {
 		return os.ErrClosed
 	}
 	start := nanotime()
-	shouldSpin := t.rate.current.Load() >= spinloopRateThreshold && uint64(start-t.rate.nextStartTime.Load()) <= rateMeasurementGranularity*2
+	shouldSpin := atomic.LoadUint64(&t.rate.current) >= spinloopRateThreshold && uint64(start-atomic.LoadInt64(&t.rate.nextStartTime)) <= rateMeasurementGranularity*2
 	for {
-		if t.close.Load() == 1 {
+		if atomic.LoadInt32(&t.close) == 1 {
 			return os.ErrClosed
 		}
 		packet, err := t.session.ReceivePacket()
@@ -405,7 +405,7 @@ retry:
 func (t *NativeTun) Write(p []byte) (n int, err error) {
 	t.running.Add(1)
 	defer t.running.Done()
-	if t.close.Load() == 1 {
+	if atomic.LoadInt32(&t.close) == 1 {
 		return 0, os.ErrClosed
 	}
 	t.rate.update(uint64(len(p)))
@@ -427,7 +427,7 @@ func (t *NativeTun) Write(p []byte) (n int, err error) {
 func (t *NativeTun) write(packetElementList [][]byte) (n int, err error) {
 	t.running.Add(1)
 	defer t.running.Done()
-	if t.close.Load() == 1 {
+	if atomic.LoadInt32(&t.close) == 1 {
 		return 0, os.ErrClosed
 	}
 	var packetSize int
@@ -461,7 +461,7 @@ func (t *NativeTun) WriteVectorised(buffers []*buf.Buffer) error {
 func (t *NativeTun) Close() error {
 	var err error
 	t.closeOnce.Do(func() {
-		t.close.Store(1)
+		atomic.StoreInt32(&t.close, 1)
 		windows.SetEvent(t.readWait)
 		t.running.Wait()
 		t.session.End()
@@ -491,24 +491,24 @@ func procyield(cycles uint32)
 func nanotime() int64
 
 type rateJuggler struct {
-	current       atomic.Uint64
-	nextByteCount atomic.Uint64
-	nextStartTime atomic.Int64
-	changing      atomic.Int32
+	current       uint64
+	nextByteCount uint64
+	nextStartTime int64
+	changing      int32
 }
 
 func (rate *rateJuggler) update(packetLen uint64) {
 	now := nanotime()
-	total := rate.nextByteCount.Add(packetLen)
-	period := uint64(now - rate.nextStartTime.Load())
+	total := atomic.AddUint64(&rate.nextByteCount, packetLen)
+	period := uint64(now - atomic.LoadInt64(&rate.nextStartTime))
 	if period >= rateMeasurementGranularity {
-		if !rate.changing.CompareAndSwap(0, 1) {
+		if !atomic.CompareAndSwapInt32(&rate.changing, 0, 1) {
 			return
 		}
-		rate.nextStartTime.Store(now)
-		rate.current.Store(total * uint64(time.Second/time.Nanosecond) / period)
-		rate.nextByteCount.Store(0)
-		rate.changing.Store(0)
+		atomic.StoreInt64(&rate.nextStartTime, now)
+		atomic.StoreUint64(&rate.current, total*uint64(time.Second/time.Nanosecond)/period)
+		atomic.StoreUint64(&rate.nextByteCount, 0)
+		atomic.StoreInt32(&rate.changing, 0)
 	}
 }
 

tun_windows_gvisor.go

@@ -99,10 +99,10 @@ func (e *WintunEndpoint) ARPHardwareType() header.ARPHardwareType {
 	return header.ARPHardwareNone
 }
 
-func (e *WintunEndpoint) AddHeader(buffer *stack.PacketBuffer) {
+func (e *WintunEndpoint) AddHeader(buffer stack.PacketBufferPtr) {
 }
 
-func (e *WintunEndpoint) ParseHeader(ptr *stack.PacketBuffer) bool {
+func (e *WintunEndpoint) ParseHeader(ptr stack.PacketBufferPtr) bool {
 	return true
 }