mirror of
https://github.com/SagerNet/sing-tun.git
synced 2025-04-03 20:07:40 +03:00
Add support for use with android VPNService
This commit is contained in:
世界
parent
185b6c880a
commit
197b599075
11 changed files with 153 additions and 35 deletions
2
go.mod
2
go.mod
|
|
@ -6,7 +6,7 @@ require (
|
|||
github.com/fsnotify/fsnotify v1.5.4
|
||||
github.com/sagernet/abx-go v0.0.0-20220819185957-dba1257d738e
|
||||
github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61
|
||||
github.com/sagernet/netlink v0.0.0-20220826133217-3fb4ff92ea17
|
||||
github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97
|
||||
github.com/sagernet/sing v0.0.0-20220819003212-2424b1e2fac1
|
||||
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
|
||||
golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -6,8 +6,8 @@ github.com/sagernet/abx-go v0.0.0-20220819185957-dba1257d738e h1:5CFRo8FJbCuf5s/
|
|||
github.com/sagernet/abx-go v0.0.0-20220819185957-dba1257d738e/go.mod h1:qbt0dWObotCfcjAJJ9AxtFPNSDUfZF+6dCpgKEOBn/g=
|
||||
github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA=
|
||||
github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms=
|
||||
github.com/sagernet/netlink v0.0.0-20220826133217-3fb4ff92ea17 h1:zvm6IrIgo4rLizJCHkH+SWUBhm+jyjjozX031QdAlj8=
|
||||
github.com/sagernet/netlink v0.0.0-20220826133217-3fb4ff92ea17/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
|
||||
github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
|
||||
github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
|
||||
github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
|
||||
github.com/sagernet/sing v0.0.0-20220819003212-2424b1e2fac1 h1:+YC0/ygsJc4Z8qhd7ypsbWgMSm+UWN+QK+PW7I19K4Q=
|
||||
github.com/sagernet/sing v0.0.0-20220819003212-2424b1e2fac1/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
|
||||
|
|
|
|||
13
monitor.go
13
monitor.go
|
|
@ -11,7 +11,12 @@ var ErrNoRoute = E.New("no route to internet")
|
|||
|
||||
type (
|
||||
NetworkUpdateCallback = func() error
|
||||
DefaultInterfaceUpdateCallback = func() error
|
||||
DefaultInterfaceUpdateCallback = func(event int) error
|
||||
)
|
||||
|
||||
const (
|
||||
EventInterfaceUpdate = 1
|
||||
EventAndroidVPNUpdate = 2
|
||||
)
|
||||
|
||||
type NetworkUpdateMonitor interface {
|
||||
|
|
@ -27,6 +32,12 @@ type DefaultInterfaceMonitor interface {
|
|||
Close() error
|
||||
DefaultInterfaceName(destination netip.Addr) string
|
||||
DefaultInterfaceIndex(destination netip.Addr) int
|
||||
OverrideAndroidVPN() bool
|
||||
AndroidVPNEnabled() bool
|
||||
RegisterCallback(callback DefaultInterfaceUpdateCallback) *list.Element[DefaultInterfaceUpdateCallback]
|
||||
UnregisterCallback(element *list.Element[DefaultInterfaceUpdateCallback])
|
||||
}
|
||||
|
||||
type DefaultInterfaceMonitorOptions struct {
|
||||
OverrideAndroidVPN bool
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,15 +11,29 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
|
|||
return err
|
||||
}
|
||||
|
||||
oldVPNEnabled := m.androidVPNEnabled
|
||||
var defaultTableIndex int
|
||||
var vpnEnabled bool
|
||||
for _, rule := range ruleList {
|
||||
if rule.Priority >= ruleStart && rule.Priority <= ruleEnd {
|
||||
continue
|
||||
}
|
||||
if rule.Mask == 0x20000 {
|
||||
vpnEnabled = true
|
||||
if m.options.OverrideAndroidVPN {
|
||||
defaultTableIndex = rule.Table
|
||||
break
|
||||
}
|
||||
}
|
||||
if rule.Mask == 0xFFFF {
|
||||
defaultTableIndex = rule.Table
|
||||
break
|
||||
}
|
||||
}
|
||||
m.androidVPNEnabled = vpnEnabled
|
||||
|
||||
if defaultTableIndex == 0 {
|
||||
return E.Extend(ErrNoRoute, "no rule 0xFFFF")
|
||||
return ErrNoRoute
|
||||
}
|
||||
|
||||
routes, err := netlink.RouteListFiltered(netlink.FAMILY_ALL, &netlink.Route{Table: defaultTableIndex}, netlink.RT_FILTER_TABLE)
|
||||
|
|
@ -43,10 +57,16 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
|
|||
m.defaultInterfaceName = link.Attrs().Name
|
||||
m.defaultInterfaceIndex = link.Attrs().Index
|
||||
|
||||
if oldInterface == m.defaultInterfaceName && oldIndex == m.defaultInterfaceIndex {
|
||||
return nil
|
||||
var event int
|
||||
if oldInterface != m.defaultInterfaceName || oldIndex != m.defaultInterfaceIndex {
|
||||
event |= EventInterfaceUpdate
|
||||
}
|
||||
if oldVPNEnabled != m.androidVPNEnabled {
|
||||
event |= EventAndroidVPNUpdate
|
||||
}
|
||||
if event != 0 {
|
||||
m.emit(event)
|
||||
}
|
||||
|
||||
m.emit()
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
|
|||
if oldInterface == m.defaultInterfaceName && oldIndex == m.defaultInterfaceIndex {
|
||||
return nil
|
||||
}
|
||||
m.emit()
|
||||
m.emit(EventInterfaceUpdate)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
|
|||
if oldInterface == m.defaultInterfaceName && oldIndex == m.defaultInterfaceIndex {
|
||||
return nil
|
||||
}
|
||||
m.emit()
|
||||
m.emit(EventInterfaceUpdate)
|
||||
return nil
|
||||
}
|
||||
return E.New("no route to internet")
|
||||
|
|
|
|||
|
|
@ -12,6 +12,6 @@ func NewNetworkUpdateMonitor(errorHandler E.Handler) (NetworkUpdateMonitor, erro
|
|||
return nil, os.ErrInvalid
|
||||
}
|
||||
|
||||
func NewDefaultInterfaceMonitor(networkMonitor NetworkUpdateMonitor) (DefaultInterfaceMonitor, error) {
|
||||
func NewDefaultInterfaceMonitor(networkMonitor NetworkUpdateMonitor, options DefaultInterfaceMonitorOptions) (DefaultInterfaceMonitor, error) {
|
||||
return nil, os.ErrInvalid
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,9 +44,11 @@ func (m *networkUpdateMonitor) NewError(ctx context.Context, err error) {
|
|||
}
|
||||
|
||||
type defaultInterfaceMonitor struct {
|
||||
options DefaultInterfaceMonitorOptions
|
||||
networkAddresses []networkAddress
|
||||
defaultInterfaceName string
|
||||
defaultInterfaceIndex int
|
||||
androidVPNEnabled bool
|
||||
networkMonitor NetworkUpdateMonitor
|
||||
element *list.Element[NetworkUpdateCallback]
|
||||
access sync.Mutex
|
||||
|
|
@ -59,8 +61,9 @@ type networkAddress struct {
|
|||
addresses []netip.Prefix
|
||||
}
|
||||
|
||||
func NewDefaultInterfaceMonitor(networkMonitor NetworkUpdateMonitor) (DefaultInterfaceMonitor, error) {
|
||||
func NewDefaultInterfaceMonitor(networkMonitor NetworkUpdateMonitor, options DefaultInterfaceMonitorOptions) (DefaultInterfaceMonitor, error) {
|
||||
return &defaultInterfaceMonitor{
|
||||
options: options,
|
||||
networkMonitor: networkMonitor,
|
||||
}, nil
|
||||
}
|
||||
|
|
@ -140,6 +143,14 @@ func (m *defaultInterfaceMonitor) DefaultInterfaceIndex(destination netip.Addr)
|
|||
return m.defaultInterfaceIndex
|
||||
}
|
||||
|
||||
func (m *defaultInterfaceMonitor) OverrideAndroidVPN() bool {
|
||||
return m.options.OverrideAndroidVPN
|
||||
}
|
||||
|
||||
func (m *defaultInterfaceMonitor) AndroidVPNEnabled() bool {
|
||||
return m.androidVPNEnabled
|
||||
}
|
||||
|
||||
func (m *defaultInterfaceMonitor) RegisterCallback(callback DefaultInterfaceUpdateCallback) *list.Element[DefaultInterfaceUpdateCallback] {
|
||||
m.access.Lock()
|
||||
defer m.access.Unlock()
|
||||
|
|
@ -152,12 +163,12 @@ func (m *defaultInterfaceMonitor) UnregisterCallback(element *list.Element[Defau
|
|||
m.callbacks.Remove(element)
|
||||
}
|
||||
|
||||
func (m *defaultInterfaceMonitor) emit() {
|
||||
func (m *defaultInterfaceMonitor) emit(event int) {
|
||||
m.access.Lock()
|
||||
callbacks := m.callbacks.Array()
|
||||
m.access.Unlock()
|
||||
for _, callback := range callbacks {
|
||||
err := callback()
|
||||
err := callback(event)
|
||||
if err != nil {
|
||||
m.networkMonitor.NewError(context.Background(), err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,6 +103,6 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
m.emit()
|
||||
m.emit(EventInterfaceUpdate)
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
7
tun.go
7
tun.go
|
|
@ -42,10 +42,13 @@ type Options struct {
|
|||
IncludeAndroidUser []int
|
||||
IncludePackage []string
|
||||
ExcludePackage []string
|
||||
InterfaceMonitor DefaultInterfaceMonitor
|
||||
}
|
||||
|
||||
func DefaultInterfaceName() (tunName string) {
|
||||
if runtime.GOOS == "darwin" {
|
||||
func CalculateInterfaceName(name string) (tunName string) {
|
||||
if name != "" {
|
||||
tunName = name
|
||||
} else if runtime.GOOS == "darwin" {
|
||||
tunName = "utun"
|
||||
} else {
|
||||
tunName = "tun"
|
||||
|
|
|
|||
109
tun_linux.go
109
tun_linux.go
|
|
@ -10,14 +10,16 @@ import (
|
|||
"github.com/sagernet/netlink"
|
||||
E "github.com/sagernet/sing/common/exceptions"
|
||||
"github.com/sagernet/sing/common/rw"
|
||||
"github.com/sagernet/sing/common/x/list"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
type NativeTun struct {
|
||||
tunFd int
|
||||
tunFile *os.File
|
||||
options Options
|
||||
tunFd int
|
||||
tunFile *os.File
|
||||
interfaceCallback *list.Element[DefaultInterfaceUpdateCallback]
|
||||
options Options
|
||||
}
|
||||
|
||||
func Open(options Options) (Tun, error) {
|
||||
|
|
@ -121,12 +123,18 @@ func (t *NativeTun) configure(tunLink netlink.Link) error {
|
|||
}
|
||||
|
||||
if t.options.AutoRoute {
|
||||
_ = t.unsetRoute0(tunLink)
|
||||
err = t.unsetRoute0(tunLink)
|
||||
if err != nil {
|
||||
return E.Cause(err, "cleanup rules")
|
||||
}
|
||||
err = t.setRoute(tunLink)
|
||||
if err != nil {
|
||||
_ = t.unsetRoute0(tunLink)
|
||||
return err
|
||||
}
|
||||
if runtime.GOOS == "android" {
|
||||
t.interfaceCallback = t.options.InterfaceMonitor.RegisterCallback(t.routeUpdate)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -136,6 +144,9 @@ func (t *NativeTun) Close() error {
|
|||
if t.options.AutoRoute {
|
||||
errors = append(errors, t.unsetRoute())
|
||||
}
|
||||
if t.interfaceCallback != nil {
|
||||
t.options.InterfaceMonitor.UnregisterCallback(t.interfaceCallback)
|
||||
}
|
||||
return E.Errors(append(errors, t.tunFile.Close())...)
|
||||
}
|
||||
|
||||
|
|
@ -166,6 +177,11 @@ func (t *NativeTun) routes(tunLink netlink.Link) []netlink.Route {
|
|||
return routes
|
||||
}
|
||||
|
||||
const (
|
||||
ruleStart = 9000
|
||||
ruleEnd = ruleStart + 10
|
||||
)
|
||||
|
||||
func (t *NativeTun) rules() []*netlink.Rule {
|
||||
var p4, p6 bool
|
||||
var pRule int
|
||||
|
|
@ -185,9 +201,9 @@ func (t *NativeTun) rules() []*netlink.Rule {
|
|||
var it *netlink.Rule
|
||||
|
||||
excludeRanges := t.options.ExcludedRanges()
|
||||
priority := 9000
|
||||
priority := ruleStart
|
||||
priority6 := priority
|
||||
nopPriority := priority + 10
|
||||
nopPriority := ruleEnd
|
||||
|
||||
for _, excludeRange := range excludeRanges {
|
||||
if p4 {
|
||||
|
|
@ -216,6 +232,34 @@ func (t *NativeTun) rules() []*netlink.Rule {
|
|||
}
|
||||
}
|
||||
|
||||
if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() {
|
||||
const protectedFromVPN = 0x20000
|
||||
if p6 || t.options.StrictRoute {
|
||||
it = netlink.NewRule()
|
||||
if t.options.InterfaceMonitor.OverrideAndroidVPN() {
|
||||
it.Mark = protectedFromVPN
|
||||
}
|
||||
it.Mask = protectedFromVPN
|
||||
it.Priority = priority
|
||||
it.Family = unix.AF_INET
|
||||
it.Goto = nopPriority
|
||||
rules = append(rules, it)
|
||||
priority++
|
||||
}
|
||||
if p6 || t.options.StrictRoute {
|
||||
it = netlink.NewRule()
|
||||
if t.options.InterfaceMonitor.OverrideAndroidVPN() {
|
||||
it.Mark = protectedFromVPN
|
||||
}
|
||||
it.Mask = protectedFromVPN
|
||||
it.Family = unix.AF_INET6
|
||||
it.Priority = priority6
|
||||
it.Goto = nopPriority
|
||||
rules = append(rules, it)
|
||||
priority6++
|
||||
}
|
||||
}
|
||||
|
||||
if t.options.StrictRoute {
|
||||
if !p4 {
|
||||
it = netlink.NewRule()
|
||||
|
|
@ -382,6 +426,10 @@ func (t *NativeTun) setRoute(tunLink netlink.Link) error {
|
|||
return E.Cause(err, "add route ", i)
|
||||
}
|
||||
}
|
||||
return t.setRules()
|
||||
}
|
||||
|
||||
func (t *NativeTun) setRules() error {
|
||||
for i, rule := range t.rules() {
|
||||
err := netlink.RuleAdd(rule)
|
||||
if err != nil {
|
||||
|
|
@ -400,18 +448,43 @@ func (t *NativeTun) unsetRoute() error {
|
|||
}
|
||||
|
||||
func (t *NativeTun) unsetRoute0(tunLink netlink.Link) error {
|
||||
var errors []error
|
||||
for _, route := range t.routes(tunLink) {
|
||||
err := netlink.RouteDel(&route)
|
||||
if err != nil {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
_ = netlink.RouteDel(&route)
|
||||
}
|
||||
for _, rule := range t.rules() {
|
||||
err := netlink.RuleDel(rule)
|
||||
if err != nil {
|
||||
errors = append(errors, err)
|
||||
}
|
||||
}
|
||||
return E.Errors(errors...)
|
||||
return t.unsetRules()
|
||||
}
|
||||
|
||||
func (t *NativeTun) unsetRules() error {
|
||||
ruleList, err := netlink.RuleList(netlink.FAMILY_ALL)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, rule := range ruleList {
|
||||
if rule.Priority >= ruleStart && rule.Priority <= ruleEnd {
|
||||
ruleToDel := netlink.NewRule()
|
||||
ruleToDel.Family = rule.Family
|
||||
ruleToDel.Priority = rule.Priority
|
||||
err = netlink.RuleDel(ruleToDel)
|
||||
if err != nil {
|
||||
return E.Cause(err, "unset rule ", rule.Priority, " for ", rule.Family)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (t *NativeTun) resetRules() error {
|
||||
t.unsetRules()
|
||||
return t.setRules()
|
||||
}
|
||||
|
||||
func (t *NativeTun) routeUpdate(event int) error {
|
||||
if event&EventAndroidVPNUpdate == 0 {
|
||||
return nil
|
||||
}
|
||||
err := t.resetRules()
|
||||
if err != nil {
|
||||
return E.Cause(err, "reset route")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue