SagerNet/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-04-05 21:07:43 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add [include/exclude]_interface iproute2 options

Browse source
This commit is contained in:
世界 2023-08-20 15:48:48 +08:00
parent 10d98f2679
commit 824b903ebd
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
2 changed files with 106 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tun.go
View file

@ -41,6 +41,8 @@ type Options struct {
StrictRoute bool StrictRoute bool
Inet4RouteAddress []netip.Prefix Inet4RouteAddress []netip.Prefix
Inet6RouteAddress []netip.Prefix Inet6RouteAddress []netip.Prefix
IncludeInterface []string
ExcludeInterface []string
IncludeUID []ranges.Range[uint32] IncludeUID []ranges.Range[uint32]
ExcludeUID []ranges.Range[uint32] ExcludeUID []ranges.Range[uint32]
IncludeAndroidUser []int IncludeAndroidUser []int

104
tun_linux.go
View file

@ -323,6 +323,110 @@ func (t *NativeTun) rules() []*netlink.Rule {
priority6++ priority6++
} }
} }
if len(t.options.IncludeInterface) > 0 {
matchPriority := priority + 2*len(t.options.IncludeInterface) + 1
for _, includeInterface := range t.options.IncludeInterface {
if p4 {
it = netlink.NewRule()
it.Priority = priority
it.IifName = includeInterface
it.Goto = matchPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
it = netlink.NewRule()
it.Priority = priority
it.OifName = includeInterface
it.Goto = matchPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
}
if p6 {
it = netlink.NewRule()
it.Priority = priority6
it.IifName = includeInterface
it.Goto = matchPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
it = netlink.NewRule()
it.Priority = priority6
it.OifName = includeInterface
it.Goto = matchPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
}
}
if p4 {
it = netlink.NewRule()
it.Priority = priority
it.Family = unix.AF_INET
it.Goto = nopPriority
rules = append(rules, it)
priority++
it = netlink.NewRule()
it.Priority = matchPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
}
if p6 {
it = netlink.NewRule()
it.Priority = priority6
it.Family = unix.AF_INET6
it.Goto = nopPriority
rules = append(rules, it)
priority6++
it = netlink.NewRule()
it.Priority = matchPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
}
} else if len(t.options.ExcludeInterface) > 0 {
for _, excludeInterface := range t.options.ExcludeInterface {
if p4 {
it = netlink.NewRule()
it.Priority = priority
it.IifName = excludeInterface
it.Goto = nopPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
it = netlink.NewRule()
it.Priority = priority
it.OifName = excludeInterface
it.Goto = nopPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
}
if p6 {
it = netlink.NewRule()
it.Priority = priority6
it.IifName = excludeInterface
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
it = netlink.NewRule()
it.Priority = priority6
it.OifName = excludeInterface
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
}
}
}
if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() { if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() {
const protectedFromVPN = 0x20000 const protectedFromVPN = 0x20000