Migrate to udpnat2 / Add PrepareConnection

2025-04-05 12:57:39 +03:00 · 2024-10-21 21:55:07 +08:00 · 2024-10-21 21:55:07 +08:00 · 9f258db173
commit 9f258db173
parent 89af5fb3e1
8 changed files with 127 additions and 90 deletions
--- a/go.mod
+++ b/go.mod
@ -5,10 +5,10 @@ go 1.20
 require (
 	github.com/go-ole/go-ole v1.3.0
 	github.com/sagernet/fswatch v0.1.1
-	github.com/sagernet/gvisor v0.0.0-20241019061641-46bad1ee6ecc
+	github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
 	github.com/sagernet/nftables v0.3.0-beta.4
-	github.com/sagernet/sing v0.5.0-rc.4.0.20241020060022-1270938dd44a
+	github.com/sagernet/sing v0.5.0-rc.4.0.20241021153852-cf58af1a4627
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
 	golang.org/x/net v0.26.0
--- a/go.sum
+++ b/go.sum
@ -16,14 +16,14 @@ github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8Ku
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
 github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
-github.com/sagernet/gvisor v0.0.0-20241019061641-46bad1ee6ecc h1:IvmeRstYX63O0QpLGJgVOaaM21ZIG0frJi6MT29Irtk=
+github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3 h1:RxEz7LhPNiF/gX/Hg+OXr5lqsM9iVAgmaK1L1vzlDRM=
-github.com/sagernet/gvisor v0.0.0-20241019061641-46bad1ee6ecc/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
+github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
 github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
-github.com/sagernet/sing v0.5.0-rc.4.0.20241020060022-1270938dd44a h1:6qlFfBvLZT/MhDpUr4cKY6RxYTnaCcFgOrJEnf/0+io=
+github.com/sagernet/sing v0.5.0-rc.4.0.20241021153852-cf58af1a4627 h1:wWRmqHPHfyWRPUIGsjAmYshvXF+pC/csl9pAmo/vGpo=
-github.com/sagernet/sing v0.5.0-rc.4.0.20241020060022-1270938dd44a/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.5.0-rc.4.0.20241021153852-cf58af1a4627/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
--- a/stack.go
+++ b/stack.go
@ -5,6 +5,7 @@ import (
 	"encoding/binary"
 	"net"
 	"net/netip"
 	"time"
 	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
@ -23,7 +24,7 @@ type StackOptions struct {
 	Tun                    Tun
 	TunOptions             Options
 	EndpointIndependentNat bool
-	UDPTimeout             int64
+	UDPTimeout             time.Duration
 	Handler                Handler
 	Logger                 logger.Logger
 	ForwarderBindInterface bool
--- a/stack_gvisor.go
+++ b/stack_gvisor.go
@ -5,6 +5,7 @@ package tun
 import (
 	"context"
 	"net/netip"
 	"os"
 	"time"
 	"github.com/sagernet/gvisor/pkg/tcpip"
@ -32,7 +33,7 @@ type GVisor struct {
 	ctx                    context.Context
 	tun                    GVisorTun
 	endpointIndependentNat bool
-	udpTimeout             int64
+	udpTimeout             time.Duration
 	broadcastAddr          netip.Addr
 	handler                Handler
 	logger                 logger.Logger
@ -85,13 +86,18 @@ func (t *GVisor) Start() error {
 			localAddr:  source.TCPAddr(),
 			remoteAddr: destination.TCPAddr(),
 		}
 		pErr := t.handler.PrepareConnection(source, destination)
 		if pErr != nil {
 			r.Complete(gWriteUnreachable(t.stack, r.Packet(), err) == os.ErrInvalid)
 			return
 		}
 		go t.handler.NewConnectionEx(t.ctx, conn, source, destination, nil)
 	})
 	ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, tcpForwarder.HandlePacket)
 	if !t.endpointIndependentNat {
-		udpForwarder := udp.NewForwarder(ipStack, func(request *udp.ForwarderRequest) {
+		udpForwarder := udp.NewForwarder(ipStack, func(r *udp.ForwarderRequest) {
 			var wq waiter.Queue
-			endpoint, err := request.CreateEndpoint(&wq)
+			endpoint, err := r.CreateEndpoint(&wq)
 			if err != nil {
 				return
 			}
@ -102,9 +108,15 @@ func (t *GVisor) Start() error {
 				endpoint.Abort()
 				return
 			}
 			go func() {
 			source := M.SocksaddrFromNet(lAddr)
 			destination := M.SocksaddrFromNet(rAddr)
 			pErr := t.handler.PrepareConnection(source, destination)
 			if pErr != nil {
 				gWriteUnreachable(t.stack, r.Packet(), pErr)
 				r.Packet().DecRef()
 				return
 			}
 			go func() {
 				ctx, conn := canceler.NewPacketConn(t.ctx, bufio.NewUnbindPacketConnWithAddr(udpConn, destination), time.Duration(t.udpTimeout)*time.Second)
 				t.handler.NewPacketConnectionEx(ctx, conn, source, destination, nil)
 			}()
--- a/stack_gvisor_udp.go
+++ b/stack_gvisor_udp.go
@ -8,6 +8,8 @@ import (
 	"net/netip"
 	"os"
 	"sync"
 	"time"
 	_ "unsafe"
 	"github.com/sagernet/gvisor/pkg/buffer"
 	"github.com/sagernet/gvisor/pkg/tcpip"
@ -19,59 +21,60 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/udpnat"
+	"github.com/sagernet/sing/common/udpnat2"
 )
 type UDPForwarder struct {
 	ctx     context.Context
 	stack   *stack.Stack
-	udpNat *udpnat.Service[netip.AddrPort]
+	handler Handler
-
+	udpNat  *udpnat.Service
 	// cache
 	cacheProto tcpip.NetworkProtocolNumber
 	cacheID    stack.TransportEndpointID
 }
-func NewUDPForwarder(ctx context.Context, stack *stack.Stack, handler Handler, udpTimeout int64) *UDPForwarder {
+func NewUDPForwarder(ctx context.Context, stack *stack.Stack, handler Handler, timeout time.Duration) *UDPForwarder {
-	return &UDPForwarder{
+	forwarder := &UDPForwarder{
 		ctx:     ctx,
 		stack:   stack,
-		udpNat: udpnat.NewEx[netip.AddrPort](udpTimeout, handler),
+		handler: handler,
 	}
 	forwarder.udpNat = udpnat.New(handler, forwarder.PreparePacketConnection, timeout)
 	return forwarder
 }
 func (f *UDPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.PacketBuffer) bool {
 	source := M.SocksaddrFrom(AddrFromAddress(id.RemoteAddress), id.RemotePort)
 	destination := M.SocksaddrFrom(AddrFromAddress(id.LocalAddress), id.LocalPort)
-	if source.IsIPv4() {
+	bufferRange := pkt.Data().AsRange()
-		f.cacheProto = header.IPv4ProtocolNumber
+	bufferSlices := make([][]byte, bufferRange.Size())
-	} else {
+	rangeIterate(bufferRange, func(view *buffer.View) {
-		f.cacheProto = header.IPv6ProtocolNumber
+		bufferSlices = append(bufferSlices, view.AsSlice())
 	}
 	gBuffer := pkt.Data().ToBuffer()
 	sBuffer := buf.NewSize(int(gBuffer.Size()))
 	gBuffer.Apply(func(view *buffer.View) {
 		sBuffer.Write(view.AsSlice())
 	})
-	f.cacheID = id
+	f.udpNat.NewPacket(bufferSlices, source, destination, pkt)
 	f.udpNat.NewPacketEx(
 		f.ctx,
 		source.AddrPort(),
 		sBuffer,
 		source,
 		destination,
 		f.newUDPConn,
 	)
 	return true
 }
-func (f *UDPForwarder) newUDPConn(natConn N.PacketConn) N.PacketWriter {
+//go:linkname rangeIterate github.com/sagernet/gvisor/pkg/tcpip/stack.Range.iterate
-	return &UDPBackWriter{
+func rangeIterate(r stack.Range, fn func(*buffer.View))
-		stack:         f.stack,
+
-		source:        f.cacheID.RemoteAddress,
+func (f *UDPForwarder) PreparePacketConnection(source M.Socksaddr, destination M.Socksaddr, userData any) (bool, context.Context, N.PacketWriter, N.CloseHandlerFunc) {
-		sourcePort:    f.cacheID.RemotePort,
+	pErr := f.handler.PrepareConnection(source, destination)
-		sourceNetwork: f.cacheProto,
+	if pErr != nil {
 		gWriteUnreachable(f.stack, userData.(*stack.PacketBuffer), pErr)
 		return false, nil, nil, nil
 	}
 	var sourceNetwork tcpip.NetworkProtocolNumber
 	if source.Addr.Is4() {
 		sourceNetwork = header.IPv4ProtocolNumber
 	} else {
 		sourceNetwork = header.IPv6ProtocolNumber
 	}
 	writer := &UDPBackWriter{
 		stack:         f.stack,
 		source:        AddressFromAddr(source.Addr),
 		sourcePort:    source.Port,
 		sourceNetwork: sourceNetwork,
 	}
 	return true, f.ctx, writer, nil
 }
 type UDPBackWriter struct {
--- a/stack_system.go
+++ b/stack_system.go
@ -15,7 +15,7 @@ import (
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
-	"github.com/sagernet/sing/common/udpnat"
+	"github.com/sagernet/sing/common/udpnat2"
 )
 var ErrIncludeAllNetworks = E.New("`system` and `mixed` stack are not available when `includeAllNetworks` is enabled. See https://github.com/SagerNet/sing-tun/issues/25")
@ -34,13 +34,13 @@ type System struct {
 	inet6ServerAddress netip.Addr
 	inet6Address       netip.Addr
 	broadcastAddr      netip.Addr
-	udpTimeout         int64
+	udpTimeout         time.Duration
 	tcpListener        net.Listener
 	tcpListener6       net.Listener
 	tcpPort            uint16
 	tcpPort6           uint16
 	tcpNat             *TCPNat
-	udpNat             *udpnat.Service[netip.AddrPort]
+	udpNat             *udpnat.Service
 	bindInterface      bool
 	interfaceFinder    control.InterfaceFinder
 	frontHeadroom      int
@ -151,8 +151,8 @@ func (s *System) start() error {
 		s.tcpPort6 = M.SocksaddrFromNet(tcpListener.Addr()).Port
 		go s.acceptLoop(tcpListener)
 	}
-	s.tcpNat = NewNat(s.ctx, time.Second*time.Duration(s.udpTimeout))
+	s.tcpNat = NewNat(s.ctx, s.udpTimeout)
-	s.udpNat = udpnat.NewEx[netip.AddrPort](s.udpTimeout, s.handler)
+	s.udpNat = udpnat.New(s.handler, s.preparePacketConnection, s.udpTimeout)
 	return nil
 }
@ -354,7 +354,11 @@ func (s *System) processIPv4TCP(packet clashtcpip.IPv4Packet, header clashtcpip.
 		packet.SetDestinationIP(session.Source.Addr())
 		header.SetDestinationPort(session.Source.Port())
 	} else {
-		natPort := s.tcpNat.Lookup(source, destination)
+		natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
 		if err != nil {
 			// TODO: implement rejects
 			return nil
 		}
 		packet.SetSourceIP(s.inet4Address)
 		header.SetSourcePort(natPort)
 		packet.SetDestinationIP(s.inet4ServerAddress)
@ -385,7 +389,11 @@ func (s *System) processIPv6TCP(packet clashtcpip.IPv6Packet, header clashtcpip.
 		packet.SetDestinationIP(session.Source.Addr())
 		header.SetDestinationPort(session.Source.Port())
 	} else {
-		natPort := s.tcpNat.Lookup(source, destination)
+		natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
 		if err != nil {
 			// TODO: implement rejects
 			return nil
 		}
 		packet.SetSourceIP(s.inet6Address)
 		header.SetSourcePort(natPort)
 		packet.SetDestinationIP(s.inet6ServerAddress)
@ -409,27 +417,12 @@ func (s *System) processIPv4UDP(packet clashtcpip.IPv4Packet, header clashtcpip.
 	if !header.Valid() {
 		return E.New("ipv4: udp: invalid packet")
 	}
-	source := netip.AddrPortFrom(packet.SourceIP(), header.SourcePort())
+	source := M.SocksaddrFrom(packet.SourceIP(), header.SourcePort())
-	destination := netip.AddrPortFrom(packet.DestinationIP(), header.DestinationPort())
+	destination := M.SocksaddrFrom(packet.DestinationIP(), header.DestinationPort())
-	if !destination.Addr().IsGlobalUnicast() {
+	if !destination.Addr.IsGlobalUnicast() {
 		return nil
 	}
-	data := buf.As(header.Payload())
+	s.udpNat.NewPacket([][]byte{header.Payload()}, source, destination, packet)
 	if data.Len() == 0 {
 		return nil
 	}
 	s.udpNat.NewPacketEx(s.ctx, source, data.ToOwned(), M.SocksaddrFromNetIP(source), M.SocksaddrFromNetIP(destination), func(natConn N.PacketConn) N.PacketWriter {
 		headerLen := packet.HeaderLen() + clashtcpip.UDPHeaderSize
 		headerCopy := make([]byte, headerLen)
 		copy(headerCopy, packet[:headerLen])
 		return &systemUDPPacketWriter4{
 			s.tun,
 			s.frontHeadroom + PacketOffset,
 			headerCopy,
 			source,
 			s.txChecksumOffload,
 		}
 	})
 	return nil
 }
@ -437,28 +430,48 @@ func (s *System) processIPv6UDP(packet clashtcpip.IPv6Packet, header clashtcpip.
 	if !header.Valid() {
 		return E.New("ipv6: udp: invalid packet")
 	}
-	source := netip.AddrPortFrom(packet.SourceIP(), header.SourcePort())
+	source := M.SocksaddrFrom(packet.SourceIP(), header.SourcePort())
-	destination := netip.AddrPortFrom(packet.DestinationIP(), header.DestinationPort())
+	destination := M.SocksaddrFrom(packet.DestinationIP(), header.DestinationPort())
-	if !destination.Addr().IsGlobalUnicast() {
+	if !destination.Addr.IsGlobalUnicast() {
 		return nil
 	}
-	data := buf.As(header.Payload())
+	s.udpNat.NewPacket([][]byte{header.Payload()}, source, destination, packet)
 	if data.Len() == 0 {
 	return nil
 }
 func (s *System) preparePacketConnection(source M.Socksaddr, destination M.Socksaddr, userData any) (bool, context.Context, N.PacketWriter, N.CloseHandlerFunc) {
 	pErr := s.handler.PrepareConnection(source, destination)
 	if pErr != nil {
 		// TODO: implement ICMP port unreachable
 		return false, nil, nil, nil
 	}
-	s.udpNat.NewPacketEx(s.ctx, source, data.ToOwned(), M.SocksaddrFromNetIP(source), M.SocksaddrFromNetIP(destination), func(natConn N.PacketConn) N.PacketWriter {
+	var writer N.PacketWriter
-		headerLen := len(packet) - int(header.Length()) + clashtcpip.UDPHeaderSize
+	if source.IsIPv4() {
 		packet := userData.(clashtcpip.IPv4Packet)
 		headerLen := packet.HeaderLen() + clashtcpip.UDPHeaderSize
 		headerCopy := make([]byte, headerLen)
 		copy(headerCopy, packet[:headerLen])
-		return &systemUDPPacketWriter6{
+		writer = &systemUDPPacketWriter4{
 			s.tun,
 			s.frontHeadroom + PacketOffset,
 			headerCopy,
-			source,
+			source.AddrPort(),
 			s.txChecksumOffload,
 		}
-	})
+	} else {
-	return nil
+		packet := userData.(clashtcpip.IPv6Packet)
 		headerLen := len(packet) - int(packet.PayloadLength()) + clashtcpip.UDPHeaderSize
 		headerCopy := make([]byte, headerLen)
 		copy(headerCopy, packet[:headerLen])
 		writer = &systemUDPPacketWriter6{
 			s.tun,
 			s.frontHeadroom + PacketOffset,
 			headerCopy,
 			source.AddrPort(),
 			s.txChecksumOffload,
 		}
 	}
 	return true, s.ctx, writer, nil
 }
 func (s *System) processIPv4ICMP(packet clashtcpip.IPv4Packet, header clashtcpip.ICMPPacket) error {
--- a/stack_system_nat.go
+++ b/stack_system_nat.go
@ -5,6 +5,8 @@ import (
 	"net/netip"
 	"sync"
 	"time"
 	M "github.com/sagernet/sing/common/metadata"
 )
 type TCPNat struct {
@ -68,12 +70,16 @@ func (n *TCPNat) LookupBack(port uint16) *TCPSession {
 	return session
 }
-func (n *TCPNat) Lookup(source netip.AddrPort, destination netip.AddrPort) uint16 {
+func (n *TCPNat) Lookup(source netip.AddrPort, destination netip.AddrPort, handler Handler) (uint16, error) {
 	n.addrAccess.RLock()
 	port, loaded := n.addrMap[source]
 	n.addrAccess.RUnlock()
 	if loaded {
-		return port
+		return port, nil
 	}
 	pErr := handler.PrepareConnection(M.SocksaddrFromNetIP(source), M.SocksaddrFromNetIP(destination))
 	if pErr != nil {
 		return 0, pErr
 	}
 	n.addrAccess.Lock()
 	nextPort := n.portIndex
@ -92,5 +98,5 @@ func (n *TCPNat) Lookup(source netip.AddrPort, destination netip.AddrPort) uint1
 		LastActive:  time.Now(),
 	}
 	n.portAccess.Unlock()
-	return nextPort
+	return nextPort, nil
 }
--- a/tun.go
+++ b/tun.go
@ -10,11 +10,13 @@ import (
 	F "github.com/sagernet/sing/common/format"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/sing/common/ranges"
 )
 type Handler interface {
 	PrepareConnection(source M.Socksaddr, destination M.Socksaddr) error
 	N.TCPConnectionHandlerEx
 	N.UDPConnectionHandlerEx
 }