From 2f5a02c140a22b06f2759eb41d8a6415a80c4a5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Mon, 5 Sep 2022 21:48:18 +0800 Subject: [PATCH] Add support for multi tun address prefix --- tun.go | 4 +- tun_darwin.go | 160 ++++++++++++++++++++++++++----------------------- tun_linux.go | 146 ++++++++++++++++++++++++++++---------------- tun_windows.go | 20 +++---- 4 files changed, 192 insertions(+), 138 deletions(-) diff --git a/tun.go b/tun.go index a44da10..314c298 100644 --- a/tun.go +++ b/tun.go @@ -32,8 +32,8 @@ type WinTun interface { type Options struct { Name string - Inet4Address netip.Prefix - Inet6Address netip.Prefix + Inet4Address []netip.Prefix + Inet6Address []netip.Prefix MTU uint32 AutoRoute bool StrictRoute bool diff --git a/tun_darwin.go b/tun_darwin.go index cb2cfdb..2e0b6a8 100644 --- a/tun_darwin.go +++ b/tun_darwin.go @@ -45,10 +45,14 @@ func Open(options Options) (Tun, error) { return nil, err } nativeTun := &NativeTun{ - tunFile: os.NewFile(uintptr(tunFd), "utun"), - mtu: options.MTU, - inet4Address: string(options.Inet4Address.Addr().AsSlice()), - inet6Address: string(options.Inet6Address.Addr().AsSlice()), + tunFile: os.NewFile(uintptr(tunFd), "utun"), + mtu: options.MTU, + } + if len(options.Inet4Address) > 0 { + nativeTun.inet4Address = string(options.Inet4Address[0].Addr().AsSlice()) + } + if len(options.Inet6Address) > 0 { + nativeTun.inet6Address = string(options.Inet6Address[0].Addr().AsSlice()) } var ok bool nativeTun.tunWriter, ok = bufio.CreateVectorisedWriter(nativeTun.tunFile) @@ -155,83 +159,87 @@ func configure(tunFd int, ifIndex int, name string, options Options) error { if err != nil { return err } - if options.Inet4Address.IsValid() { - ifReq := ifAliasReq{ - Addr: unix.RawSockaddrInet4{ - Len: unix.SizeofSockaddrInet4, - Family: unix.AF_INET, - Addr: options.Inet4Address.Addr().As4(), - }, - Dstaddr: unix.RawSockaddrInet4{ - Len: unix.SizeofSockaddrInet4, - Family: unix.AF_INET, - Addr: options.Inet4Address.Addr().As4(), - }, - Mask: unix.RawSockaddrInet4{ - Len: unix.SizeofSockaddrInet4, - Family: unix.AF_INET, - Addr: netip.MustParseAddr(net.IP(net.CIDRMask(options.Inet4Address.Bits(), 32)).String()).As4(), - }, - } - copy(ifReq.Name[:], name) - err = useSocket(unix.AF_INET, unix.SOCK_DGRAM, 0, func(socketFd int) error { - if _, _, errno := unix.Syscall( - syscall.SYS_IOCTL, - uintptr(socketFd), - uintptr(unix.SIOCAIFADDR), - uintptr(unsafe.Pointer(&ifReq)), - ); errno != 0 { - return os.NewSyscallError("SIOCAIFADDR", errno) + if len(options.Inet4Address) > 0 { + for _, address := range options.Inet4Address { + ifReq := ifAliasReq{ + Addr: unix.RawSockaddrInet4{ + Len: unix.SizeofSockaddrInet4, + Family: unix.AF_INET, + Addr: address.Addr().As4(), + }, + Dstaddr: unix.RawSockaddrInet4{ + Len: unix.SizeofSockaddrInet4, + Family: unix.AF_INET, + Addr: address.Addr().As4(), + }, + Mask: unix.RawSockaddrInet4{ + Len: unix.SizeofSockaddrInet4, + Family: unix.AF_INET, + Addr: netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), 32)).String()).As4(), + }, + } + copy(ifReq.Name[:], name) + err = useSocket(unix.AF_INET, unix.SOCK_DGRAM, 0, func(socketFd int) error { + if _, _, errno := unix.Syscall( + syscall.SYS_IOCTL, + uintptr(socketFd), + uintptr(unix.SIOCAIFADDR), + uintptr(unsafe.Pointer(&ifReq)), + ); errno != 0 { + return os.NewSyscallError("SIOCAIFADDR", errno) + } + return nil + }) + if err != nil { + return err } - return nil - }) - if err != nil { - return err } } - if options.Inet6Address.IsValid() { - ifReq6 := ifAliasReq6{ - Addr: unix.RawSockaddrInet6{ - Len: unix.SizeofSockaddrInet6, - Family: unix.AF_INET6, - Addr: options.Inet6Address.Addr().As16(), - }, - Mask: unix.RawSockaddrInet6{ - Len: unix.SizeofSockaddrInet6, - Family: unix.AF_INET6, - Addr: netip.MustParseAddr(net.IP(net.CIDRMask(options.Inet6Address.Bits(), 128)).String()).As16(), - }, - Flags: IN6_IFF_NODAD | IN6_IFF_SECURED, - Lifetime: addrLifetime6{ - Vltime: ND6_INFINITE_LIFETIME, - Pltime: ND6_INFINITE_LIFETIME, - }, - } - if options.Inet6Address.Bits() == 128 { - ifReq6.Dstaddr = unix.RawSockaddrInet6{ - Len: unix.SizeofSockaddrInet6, - Family: unix.AF_INET6, - Addr: options.Inet6Address.Addr().Next().As16(), + if len(options.Inet6Address) > 0 { + for _, address := range options.Inet6Address { + ifReq6 := ifAliasReq6{ + Addr: unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: address.Addr().As16(), + }, + Mask: unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), 128)).String()).As16(), + }, + Flags: IN6_IFF_NODAD | IN6_IFF_SECURED, + Lifetime: addrLifetime6{ + Vltime: ND6_INFINITE_LIFETIME, + Pltime: ND6_INFINITE_LIFETIME, + }, } - } - copy(ifReq6.Name[:], name) - err = useSocket(unix.AF_INET6, unix.SOCK_DGRAM, 0, func(socketFd int) error { - if _, _, errno := unix.Syscall( - syscall.SYS_IOCTL, - uintptr(socketFd), - uintptr(SIOCAIFADDR_IN6), - uintptr(unsafe.Pointer(&ifReq6)), - ); errno != 0 { - return os.NewSyscallError("SIOCAIFADDR_IN6", errno) + if address.Bits() == 128 { + ifReq6.Dstaddr = unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: address.Addr().Next().As16(), + } + } + copy(ifReq6.Name[:], name) + err = useSocket(unix.AF_INET6, unix.SOCK_DGRAM, 0, func(socketFd int) error { + if _, _, errno := unix.Syscall( + syscall.SYS_IOCTL, + uintptr(socketFd), + uintptr(SIOCAIFADDR_IN6), + uintptr(unsafe.Pointer(&ifReq6)), + ); errno != 0 { + return os.NewSyscallError("SIOCAIFADDR_IN6", errno) + } + return nil + }) + if err != nil { + return err } - return nil - }) - if err != nil { - return err } } if options.AutoRoute { - if options.Inet4Address.IsValid() { + if len(options.Inet4Address) > 0 { for _, subnet := range []netip.Prefix{ netip.PrefixFrom(netip.AddrFrom4([4]byte{1, 0, 0, 0}), 8), netip.PrefixFrom(netip.AddrFrom4([4]byte{2, 0, 0, 0}), 7), @@ -242,15 +250,15 @@ func configure(tunFd int, ifIndex int, name string, options Options) error { netip.PrefixFrom(netip.AddrFrom4([4]byte{64, 0, 0, 0}), 2), netip.PrefixFrom(netip.AddrFrom4([4]byte{128, 0, 0, 0}), 1), } { - err = addRoute(subnet, options.Inet4Address.Addr()) + err = addRoute(subnet, options.Inet4Address[0].Addr()) if err != nil { return err } } } - if options.Inet6Address.IsValid() { + if len(options.Inet6Address) > 0 { subnet := netip.PrefixFrom(netip.AddrFrom16([16]byte{32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}), 3) - err = addRoute(subnet, options.Inet6Address.Addr()) + err = addRoute(subnet, options.Inet6Address[0].Addr()) if err != nil { return err } diff --git a/tun_linux.go b/tun_linux.go index 6833763..dbb1b00 100644 --- a/tun_linux.go +++ b/tun_linux.go @@ -101,19 +101,22 @@ func (t *NativeTun) configure(tunLink netlink.Link) error { return err } - if t.options.Inet4Address.IsValid() { - addr4, _ := netlink.ParseAddr(t.options.Inet4Address.String()) - err = netlink.AddrAdd(tunLink, addr4) - if err != nil { - return err + if len(t.options.Inet4Address) > 0 { + for _, address := range t.options.Inet4Address { + addr4, _ := netlink.ParseAddr(address.String()) + err = netlink.AddrAdd(tunLink, addr4) + if err != nil { + return err + } } } - - if t.options.Inet6Address.IsValid() { - addr6, _ := netlink.ParseAddr(t.options.Inet6Address.String()) - err = netlink.AddrAdd(tunLink, addr6) - if err != nil { - return err + if len(t.options.Inet6Address) > 0 { + for _, address := range t.options.Inet6Address { + addr6, _ := netlink.ParseAddr(address.String()) + err = netlink.AddrAdd(tunLink, addr6) + if err != nil { + return err + } } } @@ -122,14 +125,20 @@ func (t *NativeTun) configure(tunLink netlink.Link) error { return err } + err = t.setRoute(tunLink) + if err != nil { + _ = t.unsetRoute0(tunLink) + return err + } + if t.options.AutoRoute { - err = t.unsetRoute0(tunLink) + err = t.unsetRules() if err != nil { return E.Cause(err, "cleanup rules") } - err = t.setRoute(tunLink) + err = t.setRules() if err != nil { - _ = t.unsetRoute0(tunLink) + _ = t.unsetRules() return err } if runtime.GOOS == "android" { @@ -141,8 +150,9 @@ func (t *NativeTun) configure(tunLink netlink.Link) error { func (t *NativeTun) Close() error { var errors []error + errors = append(errors, t.unsetRoute()) if t.options.AutoRoute { - errors = append(errors, t.unsetRoute()) + errors = append(errors, t.unsetRules()) } if t.interfaceCallback != nil { t.options.InterfaceMonitor.UnregisterCallback(t.interfaceCallback) @@ -154,25 +164,57 @@ const tunTableIndex = 2022 func (t *NativeTun) routes(tunLink netlink.Link) []netlink.Route { var routes []netlink.Route - if t.options.Inet4Address.IsValid() { - routes = append(routes, netlink.Route{ - Dst: &net.IPNet{ - IP: net.IPv4zero, - Mask: net.CIDRMask(0, 32), - }, - LinkIndex: tunLink.Attrs().Index, - Table: tunTableIndex, - }) + if len(t.options.Inet4Address) > 0 { + for _, address := range t.options.Inet4Address { + if address.Bits() != 32 { + continue + } + routes = append(routes, netlink.Route{ + Dst: &net.IPNet{ + IP: address.Addr().AsSlice(), + Mask: net.CIDRMask(address.Bits(), 32), + }, + LinkIndex: tunLink.Attrs().Index, + Table: unix.RT_TABLE_MAIN, + Scope: unix.RT_SCOPE_LINK, + }) + } + if t.options.AutoRoute { + routes = append(routes, netlink.Route{ + Dst: &net.IPNet{ + IP: net.IPv4zero, + Mask: net.CIDRMask(0, 32), + }, + LinkIndex: tunLink.Attrs().Index, + Table: tunTableIndex, + }) + } } - if t.options.Inet6Address.IsValid() { - routes = append(routes, netlink.Route{ - Dst: &net.IPNet{ - IP: net.IPv6zero, - Mask: net.CIDRMask(0, 128), - }, - LinkIndex: tunLink.Attrs().Index, - Table: tunTableIndex, - }) + if len(t.options.Inet6Address) > 0 { + for _, address := range t.options.Inet6Address { + if address.Bits() != 128 { + continue + } + routes = append(routes, netlink.Route{ + Dst: &net.IPNet{ + IP: address.Addr().AsSlice(), + Mask: net.CIDRMask(address.Bits(), 128), + }, + LinkIndex: tunLink.Attrs().Index, + Table: unix.RT_TABLE_MAIN, + Scope: unix.RT_SCOPE_LINK, + }) + } + if t.options.AutoRoute { + routes = append(routes, netlink.Route{ + Dst: &net.IPNet{ + IP: net.IPv6zero, + Mask: net.CIDRMask(0, 128), + }, + LinkIndex: tunLink.Attrs().Index, + Table: tunTableIndex, + }) + } } return routes } @@ -185,11 +227,11 @@ const ( func (t *NativeTun) rules() []*netlink.Rule { var p4, p6 bool var pRule int - if t.options.Inet4Address.IsValid() { + if len(t.options.Inet4Address) > 0 { p4 = true pRule += 1 } - if t.options.Inet6Address.IsValid() { + if len(t.options.Inet6Address) > 0 { p6 = true pRule += 1 } @@ -281,12 +323,14 @@ func (t *NativeTun) rules() []*netlink.Rule { if runtime.GOOS != "android" { if p4 { - it = netlink.NewRule() - it.Priority = priority - it.Dst = t.options.Inet4Address.Masked() - it.Table = tunTableIndex - it.Family = unix.AF_INET - rules = append(rules, it) + for _, address := range t.options.Inet4Address { + it = netlink.NewRule() + it.Priority = priority + it.Dst = address.Masked() + it.Table = tunTableIndex + it.Family = unix.AF_INET + rules = append(rules, it) + } priority++ } /*if p6 { @@ -361,13 +405,15 @@ func (t *NativeTun) rules() []*netlink.Rule { it.Family = unix.AF_INET rules = append(rules, it) - it = netlink.NewRule() - it.Priority = priority - it.IifName = "lo" - it.Src = t.options.Inet4Address.Masked() - it.Table = tunTableIndex - it.Family = unix.AF_INET - rules = append(rules, it) + for _, address := range t.options.Inet4Address { + it = netlink.NewRule() + it.Priority = priority + it.IifName = "lo" + it.Src = address.Masked() + it.Table = tunTableIndex + it.Family = unix.AF_INET + rules = append(rules, it) + } } priority++ } @@ -426,7 +472,7 @@ func (t *NativeTun) setRoute(tunLink netlink.Link) error { return E.Cause(err, "add route ", i) } } - return t.setRules() + return nil } func (t *NativeTun) setRules() error { @@ -451,7 +497,7 @@ func (t *NativeTun) unsetRoute0(tunLink netlink.Link) error { for _, route := range t.routes(tunLink) { _ = netlink.RouteDel(&route) } - return t.unsetRules() + return nil } func (t *NativeTun) unsetRules() error { diff --git a/tun_windows.go b/tun_windows.go index ddb5e62..34d73b7 100644 --- a/tun_windows.go +++ b/tun_windows.go @@ -57,41 +57,41 @@ func Open(options Options) (WinTun, error) { func (t *NativeTun) configure() error { luid := winipcfg.LUID(t.adapter.LUID()) - if t.options.Inet4Address.IsValid() { - err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET), []netip.Prefix{t.options.Inet4Address}) + if len(t.options.Inet4Address) > 0 { + err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET), t.options.Inet4Address) if err != nil { return E.Cause(err, "set ipv4 address") } } - if t.options.Inet6Address.IsValid() { - err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET6), []netip.Prefix{t.options.Inet6Address}) + if len(t.options.Inet6Address) > 0 { + err := luid.SetIPAddressesForFamily(winipcfg.AddressFamily(windows.AF_INET6), t.options.Inet6Address) if err != nil { return E.Cause(err, "set ipv6 address") } } - err := luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET), []netip.Addr{t.options.Inet4Address.Addr().Next()}, nil) + err := luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET), []netip.Addr{t.options.Inet4Address[0].Addr().Next()}, nil) if err != nil { return E.Cause(err, "set ipv4 dns") } - err = luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET6), []netip.Addr{t.options.Inet6Address.Addr().Next()}, nil) + err = luid.SetDNS(winipcfg.AddressFamily(windows.AF_INET6), []netip.Addr{t.options.Inet6Address[0].Addr().Next()}, nil) if err != nil { return E.Cause(err, "set ipv6 dns") } if t.options.AutoRoute { - if t.options.Inet4Address.IsValid() { + if len(t.options.Inet4Address) > 0 { err = luid.AddRoute(netip.PrefixFrom(netip.IPv4Unspecified(), 0), netip.IPv4Unspecified(), 0) if err != nil { return E.Cause(err, "set ipv4 route") } } - if t.options.Inet6Address.IsValid() { + if len(t.options.Inet6Address) > 0 { err = luid.AddRoute(netip.PrefixFrom(netip.IPv6Unspecified(), 0), netip.IPv6Unspecified(), 0) if err != nil { return E.Cause(err, "set ipv6 route") } } } - if t.options.Inet4Address.IsValid() { + if len(t.options.Inet4Address) > 0 { var inetIf *winipcfg.MibIPInterfaceRow inetIf, err = luid.IPInterface(winipcfg.AddressFamily(windows.AF_INET)) if err != nil { @@ -112,7 +112,7 @@ func (t *NativeTun) configure() error { return E.Cause(err, "set ipv4 options") } } - if t.options.Inet6Address.IsValid() { + if len(t.options.Inet6Address) > 0 { var inet6If *winipcfg.MibIPInterfaceRow inet6If, err = luid.IPInterface(winipcfg.AddressFamily(windows.AF_INET6)) if err != nil {