Add support for multi tun address prefix

2025-04-04 04:17:39 +03:00 · 2022-09-05 21:48:18 +08:00 · 2022-09-05 21:48:18 +08:00 · 2f5a02c140
commit 2f5a02c140
parent 197b599075
4 changed files with 192 additions and 138 deletions
--- a/tun.go
+++ b/tun.go
@ -32,8 +32,8 @@ type WinTun interface {

 type Options struct {
 	Name               string
-	Inet4Address       netip.Prefix
-	Inet6Address       netip.Prefix
+	Inet4Address       []netip.Prefix
+	Inet6Address       []netip.Prefix
 	MTU                uint32
 	AutoRoute          bool
 	StrictRoute        bool
--- a/tun_darwin.go
+++ b/tun_darwin.go
@ -45,10 +45,14 @@ func Open(options Options) (Tun, error) {
 		return nil, err
 	}
 	nativeTun := &NativeTun{
-		tunFile:      os.NewFile(uintptr(tunFd), "utun"),
-		mtu:          options.MTU,
-		inet4Address: string(options.Inet4Address.Addr().AsSlice()),
-		inet6Address: string(options.Inet6Address.Addr().AsSlice()),
+		tunFile: os.NewFile(uintptr(tunFd), "utun"),
+		mtu:     options.MTU,
+	}
+	if len(options.Inet4Address) > 0 {
+		nativeTun.inet4Address = string(options.Inet4Address[0].Addr().AsSlice())
+	}
+	if len(options.Inet6Address) > 0 {
+		nativeTun.inet6Address = string(options.Inet6Address[0].Addr().AsSlice())
 	}
 	var ok bool
 	nativeTun.tunWriter, ok = bufio.CreateVectorisedWriter(nativeTun.tunFile)
@ -155,83 +159,87 @@ func configure(tunFd int, ifIndex int, name string, options Options) error {
 	if err != nil {
 		return err
 	}
-	if options.Inet4Address.IsValid() {
-		ifReq := ifAliasReq{
-			Addr: unix.RawSockaddrInet4{
-				Len:    unix.SizeofSockaddrInet4,
-				Family: unix.AF_INET,
-				Addr:   options.Inet4Address.Addr().As4(),
-			},
-			Dstaddr: unix.RawSockaddrInet4{
-				Len:    unix.SizeofSockaddrInet4,
-				Family: unix.AF_INET,
-				Addr:   options.Inet4Address.Addr().As4(),
-			},
-			Mask: unix.RawSockaddrInet4{
-				Len:    unix.SizeofSockaddrInet4,
-				Family: unix.AF_INET,
-				Addr:   netip.MustParseAddr(net.IP(net.CIDRMask(options.Inet4Address.Bits(), 32)).String()).As4(),
-			},
-		}
-		copy(ifReq.Name[:], name)
-		err = useSocket(unix.AF_INET, unix.SOCK_DGRAM, 0, func(socketFd int) error {
-			if _, _, errno := unix.Syscall(
-				syscall.SYS_IOCTL,
-				uintptr(socketFd),
-				uintptr(unix.SIOCAIFADDR),
-				uintptr(unsafe.Pointer(&ifReq)),
-			); errno != 0 {
-				return os.NewSyscallError("SIOCAIFADDR", errno)
+	if len(options.Inet4Address) > 0 {
+		for _, address := range options.Inet4Address {
+			ifReq := ifAliasReq{
+				Addr: unix.RawSockaddrInet4{
+					Len:    unix.SizeofSockaddrInet4,
+					Family: unix.AF_INET,
+					Addr:   address.Addr().As4(),
+				},
+				Dstaddr: unix.RawSockaddrInet4{
+					Len:    unix.SizeofSockaddrInet4,
+					Family: unix.AF_INET,
+					Addr:   address.Addr().As4(),
+				},
+				Mask: unix.RawSockaddrInet4{
+					Len:    unix.SizeofSockaddrInet4,
+					Family: unix.AF_INET,
+					Addr:   netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), 32)).String()).As4(),
+				},
+			}
+			copy(ifReq.Name[:], name)
+			err = useSocket(unix.AF_INET, unix.SOCK_DGRAM, 0, func(socketFd int) error {
+				if _, _, errno := unix.Syscall(
+					syscall.SYS_IOCTL,
+					uintptr(socketFd),
+					uintptr(unix.SIOCAIFADDR),
+					uintptr(unsafe.Pointer(&ifReq)),
+				); errno != 0 {
+					return os.NewSyscallError("SIOCAIFADDR", errno)
+				}
+				return nil
+			})
+			if err != nil {
+				return err
 			}
-			return nil
-		})
-		if err != nil {
-			return err
 		}
 	}
-	if options.Inet6Address.IsValid() {
-		ifReq6 := ifAliasReq6{
-			Addr: unix.RawSockaddrInet6{
-				Len:    unix.SizeofSockaddrInet6,
-				Family: unix.AF_INET6,
-				Addr:   options.Inet6Address.Addr().As16(),
-			},
-			Mask: unix.RawSockaddrInet6{
-				Len:    unix.SizeofSockaddrInet6,
-				Family: unix.AF_INET6,
-				Addr:   netip.MustParseAddr(net.IP(net.CIDRMask(options.Inet6Address.Bits(), 128)).String()).As16(),
-			},
-			Flags: IN6_IFF_NODAD | IN6_IFF_SECURED,
-			Lifetime: addrLifetime6{
-				Vltime: ND6_INFINITE_LIFETIME,
-				Pltime: ND6_INFINITE_LIFETIME,
-			},
-		}
-		if options.Inet6Address.Bits() == 128 {
-			ifReq6.Dstaddr = unix.RawSockaddrInet6{
-				Len:    unix.SizeofSockaddrInet6,
-				Family: unix.AF_INET6,
-				Addr:   options.Inet6Address.Addr().Next().As16(),
+	if len(options.Inet6Address) > 0 {
+		for _, address := range options.Inet6Address {
+			ifReq6 := ifAliasReq6{
+				Addr: unix.RawSockaddrInet6{
+					Len:    unix.SizeofSockaddrInet6,
+					Family: unix.AF_INET6,
+					Addr:   address.Addr().As16(),
+				},
+				Mask: unix.RawSockaddrInet6{
+					Len:    unix.SizeofSockaddrInet6,
+					Family: unix.AF_INET6,
+					Addr:   netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), 128)).String()).As16(),
+				},
+				Flags: IN6_IFF_NODAD | IN6_IFF_SECURED,
+				Lifetime: addrLifetime6{
+					Vltime: ND6_INFINITE_LIFETIME,
+					Pltime: ND6_INFINITE_LIFETIME,
+				},
 			}
-		}
-		copy(ifReq6.Name[:], name)
-		err = useSocket(unix.AF_INET6, unix.SOCK_DGRAM, 0, func(socketFd int) error {
-			if _, _, errno := unix.Syscall(
-				syscall.SYS_IOCTL,
-				uintptr(socketFd),
-				uintptr(SIOCAIFADDR_IN6),
-				uintptr(unsafe.Pointer(&ifReq6)),
-			); errno != 0 {
-				return os.NewSyscallError("SIOCAIFADDR_IN6", errno)
+			if address.Bits() == 128 {
+				ifReq6.Dstaddr = unix.RawSockaddrInet6{
+					Len:    unix.SizeofSockaddrInet6,
+					Family: unix.AF_INET6,
+					Addr:   address.Addr().Next().As16(),
+				}
+			}
+			copy(ifReq6.Name[:], name)
+			err = useSocket(unix.AF_INET6, unix.SOCK_DGRAM, 0, func(socketFd int) error {
+				if _, _, errno := unix.Syscall(
+					syscall.SYS_IOCTL,
+					uintptr(socketFd),
+					uintptr(SIOCAIFADDR_IN6),
+					uintptr(unsafe.Pointer(&ifReq6)),
+				); errno != 0 {
+					return os.NewSyscallError("SIOCAIFADDR_IN6", errno)
+				}
+				return nil
+			})
+			if err != nil {
+				return err
 			}
-			return nil
-		})
-		if err != nil {
-			return err
 		}
 	}
 	if options.AutoRoute {
-		if options.Inet4Address.IsValid() {
+		if len(options.Inet4Address) > 0 {
 			for _, subnet := range []netip.Prefix{
 				netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 0, 0, 0}), 8),
 				netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 0, 0, 0}), 7),
@ -242,15 +250,15 @@ func configure(tunFd int, ifIndex int, name string, options Options) error {
 				netip.PrefixFrom(netip.AddrFrom4([4]byte{64, 0, 0, 0}), 2),
 				netip.PrefixFrom(netip.AddrFrom4([4]byte{128, 0, 0, 0}), 1),
 			} {
-				err = addRoute(subnet, options.Inet4Address.Addr())
+				err = addRoute(subnet, options.Inet4Address[0].Addr())
 				if err != nil {
 					return err
 				}
 			}
 		}
-		if options.Inet6Address.IsValid() {
+		if len(options.Inet6Address) > 0 {
 			subnet := netip.PrefixFrom(netip.AddrFrom16([16]byte{32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), 3)
-			err = addRoute(subnet, options.Inet6Address.Addr())
+			err = addRoute(subnet, options.Inet6Address[0].Addr())
 			if err != nil {
 				return err
 			}
--- a/tun_linux.go
+++ b/tun_linux.go
@ -101,19 +101,22 @@ func (t *NativeTun) configure(tunLink netlink.Link) error {
 		return err
 	}

-	if t.options.Inet4Address.IsValid() {
-		addr4, _ := netlink.ParseAddr(t.options.Inet4Address.String())
-		err = netlink.AddrAdd(tunLink, addr4)
-		if err != nil {
-			return err
+	if len(t.options.Inet4Address) > 0 {
+		for _, address := range t.options.Inet4Address {
+			addr4, _ := netlink.ParseAddr(address.String())
+			err = netlink.AddrAdd(tunLink, addr4)
+			if err != nil {
+				return err
+			}
 		}
 	}
-
-	if t.options.Inet6Address.IsValid() {
-		addr6, _ := netlink.ParseAddr(t.options.Inet6Address.String())
-		err = netlink.AddrAdd(tunLink, addr6)
-		if err != nil {
-			return err
+	if len(t.options.Inet6Address) > 0 {
+		for _, address := range t.options.Inet6Address {
+			addr6, _ := netlink.ParseAddr(address.String())
+			err = netlink.AddrAdd(tunLink, addr6)
+			if err != nil {
+				return err
+			}
 		}
 	}

@ -122,14 +125,20 @@ func (t *NativeTun) configure(tunLink netlink.Link) error {
 		return err
 	}

+	err = t.setRoute(tunLink)
+	if err != nil {
+		_ = t.unsetRoute0(tunLink)
+		return err
+	}
+
 	if t.options.AutoRoute {
-		err = t.unsetRoute0(tunLink)
+		err = t.unsetRules()
 		if err != nil {
 			return E.Cause(err, "cleanup rules")
 		}
-		err = t.setRoute(tunLink)
+		err = t.setRules()
 		if err != nil {
-			_ = t.unsetRoute0(tunLink)
+			_ = t.unsetRules()
 			return err
 		}
 		if runtime.GOOS == "android" {
@ -141,8 +150,9 @@ func (t *NativeTun) configure(tunLink netlink.Link) error {

 func (t *NativeTun) Close() error {
 	var errors []error
+	errors = append(errors, t.unsetRoute())
 	if t.options.AutoRoute {
-		errors = append(errors, t.unsetRoute())
+		errors = append(errors, t.unsetRules())
 	}
 	if t.interfaceCallback != nil {
 		t.options.InterfaceMonitor.UnregisterCallback(t.interfaceCallback)
@ -154,25 +164,57 @@ const tunTableIndex = 2022

 func (t *NativeTun) routes(tunLink netlink.Link) []netlink.Route {
 	var routes []netlink.Route
-	if t.options.Inet4Address.IsValid() {
-		routes = append(routes, netlink.Route{
-			Dst: &net.IPNet{
-				IP:   net.IPv4zero,
-				Mask: net.CIDRMask(0, 32),
-			},
-			LinkIndex: tunLink.Attrs().Index,
-			Table:     tunTableIndex,
-		})
+	if len(t.options.Inet4Address) > 0 {
+		for _, address := range t.options.Inet4Address {
+			if address.Bits() != 32 {
+				continue
+			}
+			routes = append(routes, netlink.Route{
+				Dst: &net.IPNet{
+					IP:   address.Addr().AsSlice(),
+					Mask: net.CIDRMask(address.Bits(), 32),
+				},
+				LinkIndex: tunLink.Attrs().Index,
+				Table:     unix.RT_TABLE_MAIN,
+				Scope:     unix.RT_SCOPE_LINK,
+			})
+		}
+		if t.options.AutoRoute {
+			routes = append(routes, netlink.Route{
+				Dst: &net.IPNet{
+					IP:   net.IPv4zero,
+					Mask: net.CIDRMask(0, 32),
+				},
+				LinkIndex: tunLink.Attrs().Index,
+				Table:     tunTableIndex,
+			})
+		}
 	}
-	if t.options.Inet6Address.IsValid() {
-		routes = append(routes, netlink.Route{
-			Dst: &net.IPNet{
-				IP:   net.IPv6zero,
-				Mask: net.CIDRMask(0, 128),
-			},
-			LinkIndex: tunLink.Attrs().Index,
-			Table:     tunTableIndex,
-		})
+	if len(t.options.Inet6Address) > 0 {
+		for _, address := range t.options.Inet6Address {
+			if address.Bits() != 128 {
+				continue
+			}
+			routes = append(routes, netlink.Route{
+				Dst: &net.IPNet{
+					IP:   address.Addr().AsSlice(),
+					Mask: net.CIDRMask(address.Bits(), 128),
+				},
+				LinkIndex: tunLink.Attrs().Index,
+				Table:     unix.RT_TABLE_MAIN,
+				Scope:     unix.RT_SCOPE_LINK,
+			})
+		}
+		if t.options.AutoRoute {
+			routes = append(routes, netlink.Route{
+				Dst: &net.IPNet{
+					IP:   net.IPv6zero,
+					Mask: net.CIDRMask(0, 128),
+				},
+				LinkIndex: tunLink.Attrs().Index,
+				Table:     tunTableIndex,
+			})
+		}
 	}
 	return routes
 }
@ -185,11 +227,11 @@ const (
 func (t *NativeTun) rules() []*netlink.Rule {
 	var p4, p6 bool
 	var pRule int
-	if t.options.Inet4Address.IsValid() {
+	if len(t.options.Inet4Address) > 0 {
 		p4 = true
 		pRule += 1
 	}
-	if t.options.Inet6Address.IsValid() {
+	if len(t.options.Inet6Address) > 0 {
 		p6 = true
 		pRule += 1
 	}
@ -281,12 +323,14 @@ func (t *NativeTun) rules() []*netlink.Rule {

 	if runtime.GOOS != "android" {
 		if p4 {
-			it = netlink.NewRule()
-			it.Priority = priority
-			it.Dst = t.options.Inet4Address.Masked()
-			it.Table = tunTableIndex
-			it.Family = unix.AF_INET
-			rules = append(rules, it)
+			for _, address := range t.options.Inet4Address {
+				it = netlink.NewRule()
+				it.Priority = priority
+				it.Dst = address.Masked()
+				it.Table = tunTableIndex
+				it.Family = unix.AF_INET
+				rules = append(rules, it)
+			}
 			priority++
 		}
 		/*if p6 {
@ -361,13 +405,15 @@ func (t *NativeTun) rules() []*netlink.Rule {
 			it.Family = unix.AF_INET
 			rules = append(rules, it)

-			it = netlink.NewRule()
-			it.Priority = priority
-			it.IifName = "lo"
-			it.Src = t.options.Inet4Address.Masked()
-			it.Table = tunTableIndex
-			it.Family = unix.AF_INET
-			rules = append(rules, it)
+			for _, address := range t.options.Inet4Address {
+				it = netlink.NewRule()
+				it.Priority = priority
+				it.IifName = "lo"
+				it.Src = address.Masked()
+				it.Table = tunTableIndex
+				it.Family = unix.AF_INET
+				rules = append(rules, it)
+			}
 		}
 		priority++
 	}
@ -426,7 +472,7 @@ func (t *NativeTun) setRoute(tunLink netlink.Link) error {
 			return E.Cause(err, "add route ", i)
 		}
 	}
-	return t.setRules()
+	return nil
 }

 func (t *NativeTun) setRules() error {
@ -451,7 +497,7 @@ func (t *NativeTun) unsetRoute0(tunLink netlink.Link) error {
 	for _, route := range t.routes(tunLink) {
 		_ = netlink.RouteDel(&route)
 	}
-	return t.unsetRules()
+	return nil
 }

 func (t *NativeTun) unsetRules() error {
--- a/tun_windows.go
+++ b/tun_windows.go
@ -57,41 +57,41 @@ func Open(options Options) (WinTun, error) {

 func (t *NativeTun) configure() error {
 	luid := winipcfg.LUID(t.adapter.LUID())
-	if t.options.Inet4Address.IsValid() {
-		err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET), []netip.Prefix{t.options.Inet4Address})
+	if len(t.options.Inet4Address) > 0 {
+		err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET), t.options.Inet4Address)
 		if err != nil {
 			return E.Cause(err, "set ipv4 address")
 		}
 	}
-	if t.options.Inet6Address.IsValid() {
-		err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET6), []netip.Prefix{t.options.Inet6Address})
+	if len(t.options.Inet6Address) > 0 {
+		err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET6), t.options.Inet6Address)
 		if err != nil {
 			return E.Cause(err, "set ipv6 address")
 		}
 	}
-	err := luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET), []netip.Addr{t.options.Inet4Address.Addr().Next()}, nil)
+	err := luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET), []netip.Addr{t.options.Inet4Address[0].Addr().Next()}, nil)
 	if err != nil {
 		return E.Cause(err, "set ipv4 dns")
 	}
-	err = luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET6), []netip.Addr{t.options.Inet6Address.Addr().Next()}, nil)
+	err = luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET6), []netip.Addr{t.options.Inet6Address[0].Addr().Next()}, nil)
 	if err != nil {
 		return E.Cause(err, "set ipv6 dns")
 	}
 	if t.options.AutoRoute {
-		if t.options.Inet4Address.IsValid() {
+		if len(t.options.Inet4Address) > 0 {
 			err = luid.AddRoute(netip.PrefixFrom(netip.IPv4Unspecified(), 0), netip.IPv4Unspecified(), 0)
 			if err != nil {
 				return E.Cause(err, "set ipv4 route")
 			}
 		}
-		if t.options.Inet6Address.IsValid() {
+		if len(t.options.Inet6Address) > 0 {
 			err = luid.AddRoute(netip.PrefixFrom(netip.IPv6Unspecified(), 0), netip.IPv6Unspecified(), 0)
 			if err != nil {
 				return E.Cause(err, "set ipv6 route")
 			}
 		}
 	}
-	if t.options.Inet4Address.IsValid() {
+	if len(t.options.Inet4Address) > 0 {
 		var inetIf *winipcfg.MibIPInterfaceRow
 		inetIf, err = luid.IPInterface(winipcfg.AddressFamily(windows.AF_INET))
 		if err != nil {
@ -112,7 +112,7 @@ func (t *NativeTun) configure() error {
 			return E.Cause(err, "set ipv4 options")
 		}
 	}
-	if t.options.Inet6Address.IsValid() {
+	if len(t.options.Inet6Address) > 0 {
 		var inet6If *winipcfg.MibIPInterfaceRow
 		inet6If, err = luid.IPInterface(winipcfg.AddressFamily(windows.AF_INET6))
 		if err != nil {