From 427e1a732caaf6a7bd8ef28268ffd3b592a79566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 14 Feb 2024 12:51:48 +0800 Subject: [PATCH 1/6] Update gVisor to 20240206.0 --- go.mod | 2 +- go.sum | 4 ++-- stack_gvisor.go | 2 +- stack_mixed.go | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 1ba140a..db4885f 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-ole/go-ole v1.3.0 - github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e + github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 github.com/sagernet/sing v0.3.2 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 diff --git a/go.sum b/go.sum index 60db3bd..8b1035b 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE= -github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw= +github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f h1:7hj/CcCkUiC6gfhX4D+QNyodmhfurW2L2Q4qzJ1bPnI= +github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f/go.mod h1:bLmnT/4M4+yKB6F7JtRsbUr+YJ64yXwFIygjyYDFQzQ= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo= diff --git a/stack_gvisor.go b/stack_gvisor.go index ca41a37..795d963 100644 --- a/stack_gvisor.go +++ b/stack_gvisor.go @@ -122,7 +122,7 @@ func (t *GVisor) Start() error { if err != nil { return } - udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint) + udpConn := gonet.NewUDPConn(&wq, endpoint) lAddr := udpConn.RemoteAddr() rAddr := udpConn.LocalAddr() if lAddr == nil || rAddr == nil { diff --git a/stack_mixed.go b/stack_mixed.go index 811e0fd..c1abbb7 100644 --- a/stack_mixed.go +++ b/stack_mixed.go @@ -56,7 +56,7 @@ func (m *Mixed) Start() error { if err != nil { return } - udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint) + udpConn := gonet.NewUDPConn(&wq, endpoint) lAddr := udpConn.RemoteAddr() rAddr := udpConn.LocalAddr() if lAddr == nil || rAddr == nil { From 4f18c37ca1e4a7bfa89dc92c95808d626afa72a6 Mon Sep 17 00:00:00 2001 From: clemon Date: Fri, 8 Mar 2024 11:56:38 +0800 Subject: [PATCH 2/6] init --- Makefile | 1 + monitor_freebsd.go | 170 +++++++++++ monitor_other.go | 2 +- monitor_shared.go | 2 +- tun_freebsd.go | 674 ++++++++++++++++++++++++++++++++++++++++++ tun_freebsd_gvisor.go | 123 ++++++++ tun_nondarwin.go | 2 +- tun_other.go | 2 +- 8 files changed, 972 insertions(+), 4 deletions(-) create mode 100644 monitor_freebsd.go create mode 100644 tun_freebsd.go create mode 100644 tun_freebsd_gvisor.go diff --git a/Makefile b/Makefile index 880626a..77a9afe 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ build: GOOS=linux GOARCH=386 go build -v -tags with_gvisor . GOOS=linux GOARCH=arm go build -v -tags with_gvisor . GOOS=windows GOARCH=amd64 go build -v -tags with_gvisor . + GOOS=freebsd GOARCH=amd64 go build -v -tags with_gvisor . fmt: @gofumpt -l -w . diff --git a/monitor_freebsd.go b/monitor_freebsd.go new file mode 100644 index 0000000..2e0aa7e --- /dev/null +++ b/monitor_freebsd.go @@ -0,0 +1,170 @@ +package tun + +import ( + "net" + "net/netip" + "sync" + "time" + + "github.com/sagernet/sing/common/buf" + "github.com/sagernet/sing/common/logger" + "github.com/sagernet/sing/common/x/list" + "golang.org/x/net/route" + "golang.org/x/sys/unix" +) + +var _ NetworkUpdateMonitor = (*networkUpdateMonitor)(nil) + +type networkUpdateMonitor struct { + access sync.Mutex + callbacks list.List[NetworkUpdateCallback] + + closeOnce sync.Once + done chan struct{} + logger logger.Logger +} + +func NewNetworkUpdateMonitor(logger logger.Logger) (NetworkUpdateMonitor, error) { + + return &networkUpdateMonitor{ + logger: logger, + done: make(chan struct{}), + }, nil +} + +// Close implements NetworkUpdateMonitor. +func (m *networkUpdateMonitor) Close() error { + m.closeOnce.Do(func() { + close(m.done) + }) + return nil +} + +// Start implements NetworkUpdateMonitor. +func (m *networkUpdateMonitor) Start() error { + go m.loopUpdate() + return nil +} + +func (m *networkUpdateMonitor) loopUpdate() { + + useSocket(unix.AF_ROUTE, unix.SOCK_RAW|unix.SOCK_CLOEXEC, unix.AF_UNSPEC, func(socketFd int) error { + + for { + select { + case <-m.done: + return nil + case <-time.After(time.Second): + } + err := m.updater(socketFd) + if err != nil { + m.logger.Error("listen network update: ", err) + return nil + } + } + + }) + +} + +func (m *networkUpdateMonitor) updater(socketFd int) error { + buffer := buf.NewPacket() + defer buffer.Release() + + n, err := unix.Read(socketFd, buffer.FreeBytes()) + if err != nil { + return err + } + buffer.Truncate(n) + + messages, err := route.ParseRIB(route.RIBTypeRoute, buffer.Bytes()) + if err != nil { + return err + } + + for _, message := range messages { + if _, isRouteMessage := message.(*route.RouteMessage); isRouteMessage { + m.emit() + return nil + } + } + return nil +} + +// checkUpdate find the first ipv4 default gateway, then emit event +func (m *defaultInterfaceMonitor) checkUpdate() error { + // TODO: ipv4 and ipv6 unix.AF_UNSPEC + ribMessage, err := route.FetchRIB(unix.AF_INET, route.RIBTypeRoute, 0) + if err != nil { + return err + } + routeMessages, err := route.ParseRIB(route.RIBTypeRoute, ribMessage) + if err != nil { + return err + } + + for _, rawRouteMessage := range routeMessages { + routeMessage := rawRouteMessage.(*route.RouteMessage) + + // TODO: ipv6 + // switch addr := routeMessage.Addrs[unix.AF_UNSPEC].(type) { + // case *route.Inet4Addr: + + // case *route.Inet6Addr: + + // } + + // dst addr of this route should be 0.0.0.0 + if destination, isIPv4Destination := routeMessage.Addrs[unix.RTAX_DST].(*route.Inet4Addr); !isIPv4Destination || destination.IP != netip.IPv4Unspecified().As4() { + continue + } + + // netmask should be vaild ipv4 addr + if mask, isIPv4Mask := routeMessage.Addrs[unix.RTAX_NETMASK].(*route.Inet4Addr); !isIPv4Mask { + continue + } else { + // netmask should be 0.0.0.0 + if ones, _ := net.IPMask(mask.IP[:]).Size(); ones != 0 { + continue + } + } + + // the route should be enabled && gateway && static + flag := unix.RTF_UP | unix.RTF_GATEWAY | unix.RTF_STATIC + if routeMessage.Flags&(flag) != flag { + continue + } + + // the interface of above route should not be loop dev + if routeInterface, err := net.InterfaceByIndex(routeMessage.Index); err != nil || routeInterface.Flags&net.FlagLoopback != 0 { + continue + } else { + + if routeInterface.Name == m.defaultInterfaceName && routeInterface.Index == m.defaultInterfaceIndex { + return nil + } + + // update default interface + m.defaultInterfaceName = routeInterface.Name + m.defaultInterfaceIndex = routeInterface.Index + m.emit(EventInterfaceUpdate) + + return nil + // msg, _ := json.MarshalIndent(routeMessage, "", " ") + // fmt.Printf("def routeMessage: %s\r\n", msg) + // fmt.Printf("def interface: %s\r\n", routeInterface.Name) + + } + } + + if m.options.UnderNetworkExtension { + // TODO: fallback of get default interface + m.logger.Warn("Not implemented: UnderNetworkExtension") + // defaultInterface, err = getDefaultInterfaceBySocket() + // if err != nil { + // return err + // } + } + + return ErrNoRoute +} diff --git a/monitor_other.go b/monitor_other.go index c6b447c..429c319 100644 --- a/monitor_other.go +++ b/monitor_other.go @@ -1,4 +1,4 @@ -//go:build !(linux || windows || darwin) +//go:build !(linux || windows || darwin || freebsd) package tun diff --git a/monitor_shared.go b/monitor_shared.go index 66c8f1a..a76d4ea 100644 --- a/monitor_shared.go +++ b/monitor_shared.go @@ -1,4 +1,4 @@ -//go:build linux || windows || darwin +//go:build linux || windows || darwin || freebsd package tun diff --git a/tun_freebsd.go b/tun_freebsd.go new file mode 100644 index 0000000..f17987f --- /dev/null +++ b/tun_freebsd.go @@ -0,0 +1,674 @@ +package tun + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + "net" + "net/netip" + "os" + "syscall" + "unsafe" + + "github.com/sagernet/sing/common" + "github.com/sagernet/sing/common/buf" + "github.com/sagernet/sing/common/bufio" + E "github.com/sagernet/sing/common/exceptions" + N "github.com/sagernet/sing/common/network" + "golang.org/x/net/route" + "golang.org/x/sys/unix" +) + +const IFHEADOffset = 4 +const PacketOffset = IFHEADOffset + +const ( + _TUNSIFHEAD = 0x80047460 + + _TUNSIFMODE = 0x8004745e + _TUNGIFNAME = 0x4020745d + _TUNSIFPID = 0x2000745f + + _SIOCGIFINFO_IN6 = 0xc048696c + _SIOCSIFINFO_IN6 = 0xc048696d + + _ND6_IFF_AUTO_LINKLOCAL = 0x20 + _ND6_IFF_NO_DAD = 0x100 + + // NOTE: SIOCSxxx deprecated + _SIOCAIFADDR_IN6 = 0x8088691b // netinet6/in6_var.h + _IN6_IFF_NODAD = 0x20 // netinet6/in6_var.h + _ND6_INFINITE_LIFETIME = 0xFFFFFFFF // netinet6/nd6.h +) + +var _ Tun = (*NativeTun)(nil) + +type NativeTun struct { + name string + tunFile *os.File + + fd int + mtu uint32 + unix.RawSockaddrInet6 + tunWriter N.VectorisedWriter + + inet4Address [4]byte + inet6Address [16]byte + + routeCleanFns []func() error +} + +func New(options Options) (Tun, error) { + if len(options.Name) > unix.IFNAMSIZ-1 { + return nil, errors.New("interface name too long") + } + + // See if interface already exists + if iface, _ := net.InterfaceByName(options.Name); iface != nil { + if err := destoryIf(options.Name); err != nil { + return nil, fmt.Errorf("unable able to destory already existed interface %s: %s", options.Name, err) + } + } + + tunFile, err := os.OpenFile("/dev/tun", unix.O_RDWR|unix.O_CLOEXEC, 0) + if err != nil { + return nil, err + } + + tun := &NativeTun{ + name: options.Name, + tunFile: tunFile, + fd: int(tunFile.Fd()), + mtu: options.MTU, + routeCleanFns: make([]func() error, 0), + } + + var assignedName string + if assignedName, err = fdevName(tun.tunFile); err != nil { + tunFile.Close() + destoryIf(assignedName) + return nil, err + } + + if err := enableIfHeadMode(tun.tunFile); err != nil { + tun.tunFile.Close() + destoryIf(assignedName) + return nil, err + } + + if err := setIfMode(tun.tunFile, syscall.IFF_POINTOPOINT|syscall.IFF_MULTICAST); err != nil { + tun.tunFile.Close() + destoryIf(assignedName) + return nil, err + } + + if err := disableLinkLocalV6(assignedName); err != nil { + tun.tunFile.Close() + destoryIf(assignedName) + return nil, err + } + + if len(options.Name) > 0 { + if err := setIfName(assignedName, options.Name); err != nil { + tun.tunFile.Close() + destoryIf(assignedName) + return nil, err + } + } + + if err := becomeCtrlProc(tun.tunFile); err != nil { + tun.tunFile.Close() + destoryIf(tun.name) + return nil, err + } + + err = unix.SetNonblock(tun.fd, true) + if err != nil { + tun.tunFile.Close() + destoryIf(tun.name) + return nil, err + } + + // update if name here? + if err := setMTU(tun.name, options.MTU); err != nil { + tun.tunFile.Close() + destoryIf(tun.name) + return nil, err + } + + if err := setIpV4(tun.name, options.Inet4Address); err != nil { + tun.tunFile.Close() + return nil, err + } + if len(options.Inet4Address) > 0 { + tun.inet4Address = options.Inet4Address[0].Addr().As4() + } + + if err := setIpV6(tun.name, options.Inet6Address); err != nil { + tun.tunFile.Close() + return nil, err + } + if len(options.Inet6Address) > 0 { + tun.inet6Address = options.Inet6Address[0].Addr().As16() + } + + // can work? + var ok bool + tun.tunWriter, ok = bufio.CreateVectorisedWriter(tun.tunFile) + if !ok { + panic("create vectorised writer") + } + + // same as darwin + if options.AutoRoute { + var routeRanges []netip.Prefix + routeRanges, _ = options.BuildAutoRouteRanges(false) + for _, routeRange := range routeRanges { + var fn func() error + if routeRange.Addr().Is4() { + fn, err = addRoute(routeRange, options.Inet4Address[0].Addr()) + } else { + fn, err = addRoute(routeRange, options.Inet6Address[0].Addr()) + } + if err != nil { + return nil, E.Cause(err, "add route: ", routeRange) + } + tun.routeCleanFns = append(tun.routeCleanFns, fn) + } + } + + if err := ifUp(tun.name); err != nil { + tun.tunFile.Close() + return nil, err + } + + return tun, nil +} + +// Read implements Tun. +func (t *NativeTun) Read(p []byte) (n int, err error) { + return t.tunFile.Read(p) +} + +// Write implements Tun. +func (t *NativeTun) Write(p []byte) (n int, err error) { + return t.tunFile.Write(p) +} + +// Close implements Tun. +func (t *NativeTun) Close() error { + + for _, fn := range t.routeCleanFns { + if err := fn(); err != nil { + // TODO: deal with undeleted route? + continue + } + } + + if err := t.tunFile.Close(); err != nil { + return err + } + + if err := destoryIf(t.name); err != nil { + return err + } + return nil +} + +var ( + packetHeader4 = [IFHEADOffset]byte{0x00, 0x00, 0x00, unix.AF_INET} + packetHeader6 = [IFHEADOffset]byte{0x00, 0x00, 0x00, unix.AF_INET6} +) + +// WriteVectorised implements Tun. work? +// buffers is full ip pkg without IFHEAD setted, before write add the 4 bytes header. +func (t *NativeTun) WriteVectorised(buffers []*buf.Buffer) error { + var packetHeader []byte + if buffers[0].Byte(0)>>4 == 4 { + packetHeader = packetHeader4[:] + } else { + packetHeader = packetHeader6[:] + } + return t.tunWriter.WriteVectorised(append([]*buf.Buffer{buf.As(packetHeader)}, buffers...)) +} + +func operateOnFd(theFile *os.File, fn func(fd uintptr)) error { + sysconn, err := theFile.SyscallConn() + if err != nil { + return fmt.Errorf("unable to find sysconn for tunfile: %s", err.Error()) + } + err = sysconn.Control(fn) + if err != nil { + return fmt.Errorf("unable to control sysconn for tunfile: %s", err.Error()) + } + return nil +} + +// useSocket from tun_darwin +func useSocket(domain, typ, proto int, block func(socketFd int) error) error { + socketFd, err := unix.Socket(domain, typ, proto) + if err != nil { + return err + } + defer unix.Close(socketFd) + return block(socketFd) +} + +func fdevName(theFile *os.File) (string, error) { + ifreq := struct { + Name [unix.IFNAMSIZ]byte + _ [16]byte + }{} + + var errno syscall.Errno + operateOnFd(theFile, func(fd uintptr) { + _, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _TUNGIFNAME, uintptr(unsafe.Pointer(&ifreq))) + }) + + if errno != 0 { + return "", fmt.Errorf("unable to get tun if name: %w", errno) + } + return unix.ByteSliceToString(ifreq.Name[:]), nil +} + +// enableIfHeadMode https://man.freebsd.org/cgi/man.cgi?query=tun&sektion=4 +func enableIfHeadMode(theFile *os.File) error { + ifheadmode := 1 + + var errno syscall.Errno + operateOnFd(theFile, func(fd uintptr) { + _, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _TUNSIFHEAD, uintptr(unsafe.Pointer(&ifheadmode))) + }) + + if errno != 0 { + return fmt.Errorf("unable to put into IFHEAD mode: %w", errno) + } + return nil +} + +// setIfMode TUNSIFMODE +func setIfMode(theFile *os.File, mode int) error { + ifflags := mode + var errno syscall.Errno + operateOnFd(theFile, func(fd uintptr) { + _, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, uintptr(_TUNSIFMODE), uintptr(unsafe.Pointer(&ifflags))) + }) + + if errno != 0 { + return fmt.Errorf("unable to set if mode %d: %w", mode, errno) + } + return nil +} + +func disableLinkLocalV6(name string) error { + // Disable link-local v6, not just because WireGuard doesn't do that anyway, but + // also because there are serious races with attaching and detaching LLv6 addresses + // in relation to interface lifetime within the FreeBSD kernel. + + // ND6 flag manipulation + ndireq := struct { + Name [unix.IFNAMSIZ]byte + Linkmtu uint32 + Maxmtu uint32 + Basereachable uint32 + Reachable uint32 + Retrans uint32 + Flags uint32 + Recalctm int + Chlim uint8 + Initialized uint8 + Randomseed0 [8]byte + Randomseed1 [8]byte + Randomid [8]byte + }{} + copy(ndireq.Name[:], name) + + return useSocket(unix.AF_INET6, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + var errno syscall.Errno + + _, _, errno = unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(_SIOCGIFINFO_IN6), uintptr(unsafe.Pointer(&ndireq))) + if errno != 0 { + return fmt.Errorf("unable to get ND6 flags for %s: %w", name, errno) + } + + ndireq.Flags = ndireq.Flags &^ _ND6_IFF_AUTO_LINKLOCAL + ndireq.Flags = ndireq.Flags | _ND6_IFF_NO_DAD + _, _, errno = unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(_SIOCSIFINFO_IN6), uintptr(unsafe.Pointer(&ndireq))) + if errno != 0 { + return fmt.Errorf("unable to set ND6 flags for %s: %w", name, errno) + } + return nil + }) + +} + +func setIfName(targetIfName, name string) error { + var newnp [unix.IFNAMSIZ]byte + copy(newnp[:], name) + + // Iface requests with a pointer + ifr := struct { + Name [unix.IFNAMSIZ]byte + Data uintptr + _ [16 - unsafe.Sizeof(uintptr(0))]byte + }{} + copy(ifr.Name[:], targetIfName) + ifr.Data = uintptr(unsafe.Pointer(&newnp[0])) + + return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCSIFNAME), uintptr(unsafe.Pointer(&ifr))) + if errno != 0 { + return fmt.Errorf("failed to rename %s to %s: %w", targetIfName, name, errno) + } + return nil + }) + +} + +func becomeCtrlProc(theFile *os.File) error { + var errno syscall.Errno + operateOnFd(theFile, func(fd uintptr) { + _, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _TUNSIFPID, uintptr(0)) + }) + if errno != 0 { + return fmt.Errorf("unable to become controlling TUN process: %w", errno) + } + return nil +} + +func setMTU(ifName string, n uint32) error { + + ifr := struct { + Name [unix.IFNAMSIZ]byte + MTU uint32 + _ [12]byte + }{} + copy(ifr.Name[:], ifName) + ifr.MTU = uint32(n) + + return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCSIFMTU), uintptr(unsafe.Pointer(&ifr))) + if errno != 0 { + return fmt.Errorf("failed to set MTU on %s: %w", ifName, errno) + } + return nil + }) + +} + +// getMTU get mtu of interface +func getMTU(ifName string) (int, error) { + + ifr := struct { + Name [unix.IFNAMSIZ]byte + MTU uint32 + _ [12]byte + }{} + copy(ifr.Name[:], ifName) + + err := useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCGIFMTU), uintptr(unsafe.Pointer(&ifr))) + if errno != 0 { + return fmt.Errorf("failed to get MTU on %s: %w", ifName, errno) + } + return nil + }) + + if err != nil { + return 0, err + } + + return int(*(*int32)(unsafe.Pointer(&ifr.MTU))), nil +} + +// setIpV4 set v4 ip for specific interface, but the +// ip will be removed if the tun dev was cloed +func setIpV4(ifName string, addresses []netip.Prefix) error { + + if len(addresses) <= 0 { + return nil + } + + return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + + for _, address := range addresses { + ifr := struct { + Name [unix.IFNAMSIZ]byte + Addr unix.RawSockaddrInet4 + BroadAddr unix.RawSockaddrInet4 + Mask unix.RawSockaddrInet4 + }{ + Addr: unix.RawSockaddrInet4{ + Family: unix.AF_INET, + Len: unix.SizeofSockaddrInet4, + Addr: address.Addr().As4(), + }, + BroadAddr: unix.RawSockaddrInet4{ + Family: unix.AF_INET, + Len: unix.SizeofSockaddrInet4, + Addr: broadAddr(address), + }, + Mask: unix.RawSockaddrInet4{ + Family: unix.AF_INET, + Len: unix.SizeofSockaddrInet4, + Addr: mustParseSubnetMask4(address), + }, + } + copy(ifr.Name[:], ifName) + + _, _, errno := unix.Syscall( + unix.SYS_IOCTL, + uintptr(socketFd), + uintptr(unix.SIOCAIFADDR), + uintptr(unsafe.Pointer(&ifr)), + ) + if errno != 0 { + return fmt.Errorf("failed to set v4 address on interface %s: %s", ifName, errno) + } + } + + return nil + }) + +} + +func setIpV6(ifName string, addresses []netip.Prefix) error { + if len(addresses) <= 0 { + return nil + } + + return useSocket(unix.AF_INET6, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + + for _, address := range addresses { + + // netinet6/in6_var.h: struct in6_addrlifetime + type addrLifetime6 struct { + Expire float64 + Preferred float64 + Vltime uint32 + Pltime uint32 + } + + // netinet6/in6_var.h: struct in6_aliasreq + in6_ifreq := struct { + Name [unix.IFNAMSIZ]byte + Addr unix.RawSockaddrInet6 + Mask unix.RawSockaddrInet6 + // Dstaddr contain the destination address of the point-to-point interface + Dstaddr unix.RawSockaddrInet6 + Flags uint32 + Lifetime addrLifetime6 + // Vhid uint32 + }{ + Addr: unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: address.Addr().As16(), + }, + Mask: unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: mustParseSubnetMask6(address), + }, + Flags: _IN6_IFF_NODAD, + Lifetime: addrLifetime6{ + Vltime: _ND6_INFINITE_LIFETIME, + Pltime: _ND6_INFINITE_LIFETIME, + }} + copy(in6_ifreq.Name[:], []byte(ifName)) + + if address.Bits() == 128 { + in6_ifreq.Dstaddr = unix.RawSockaddrInet6{ + Len: unix.SizeofSockaddrInet6, + Family: unix.AF_INET6, + Addr: address.Addr().Next().As16(), + } + } + + _, _, errno := unix.Syscall( + unix.SYS_IOCTL, + uintptr(socketFd), + uintptr(_SIOCAIFADDR_IN6), + uintptr(unsafe.Pointer(&in6_ifreq)), + ) + if errno != 0 { + return fmt.Errorf("failed to set v6 address on interface %s: %v", ifName, errno) + } + + } + + return nil + }) + +} + +func ifUp(ifName string) error { + + ifrFlags := struct { + Name [unix.IFNAMSIZ]byte + Flags uint16 + }{ + Flags: unix.IFF_UP | unix.IFF_RUNNING, + } + copy(ifrFlags.Name[:], ifName) + + return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + _, _, errno := unix.Syscall( + unix.SYS_IOCTL, + uintptr(socketFd), + uintptr(unix.SIOCSIFFLAGS), + uintptr(unsafe.Pointer(&ifrFlags)), + ) + if errno != 0 { + return fmt.Errorf("failed to activate %s interface: %v", ifName, errno) + } + + return nil + }) + +} + +func destoryIf(name string) error { + + var ifr [32]byte + copy(ifr[:], name) + + return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCIFDESTROY), uintptr(unsafe.Pointer(&ifr[0]))) + if errno != 0 { + return fmt.Errorf("failed to destroy interface %s: %w", name, errno) + } + + return nil + }) + +} + +func a4ToUint32(a4 [4]byte) uint32 { + + buffer := make([]byte, 4) + for i, v := range a4 { + buffer[i] = v + } + return binary.BigEndian.Uint32(buffer) +} + +func uint32ToA4(val uint32) (a4 [4]byte) { + buffer := new(bytes.Buffer) + binary.Write(buffer, binary.BigEndian, val) + var out [4]byte + for i, v := range buffer.Bytes() { + out[i] = v + } + return out +} + +func mustParseSubnetMask4(address netip.Prefix) [4]byte { + return netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), address.Addr().BitLen())).String()).As4() +} + +func mustParseSubnetMask6(address netip.Prefix) [16]byte { + return netip.MustParseAddr(net.IP(net.CIDRMask(address.Bits(), address.Addr().BitLen())).String()).As16() +} + +func networkAddr(address netip.Prefix) [4]byte { + networkAddrUint32 := a4ToUint32(address.Addr().As4()) & a4ToUint32(mustParseSubnetMask4(address)) + return uint32ToA4(networkAddrUint32) +} + +func broadAddr(address netip.Prefix) [4]byte { + broadAddrUint32 := a4ToUint32(networkAddr(address)) | (^a4ToUint32(mustParseSubnetMask4(address))) + return uint32ToA4(broadAddrUint32) +} + +func addRoute(destination netip.Prefix, gateway netip.Addr) (func() error, error) { + routeMessage := &route.RouteMessage{ + Type: unix.RTM_ADD, + Flags: unix.RTF_UP | unix.RTF_STATIC | unix.RTF_GATEWAY, + Version: unix.RTM_VERSION, + ID: uintptr(os.Getpid()), + Seq: 1, + } + if gateway.Is4() { + routeMessage.Addrs = []route.Addr{ + unix.RTAX_DST: &route.Inet4Addr{IP: destination.Addr().As4()}, + unix.RTAX_NETMASK: &route.Inet4Addr{IP: netip.MustParseAddr(net.IP(net.CIDRMask(destination.Bits(), 32)).String()).As4()}, + unix.RTAX_GATEWAY: &route.Inet4Addr{IP: gateway.As4()}, + } + } else { + routeMessage.Addrs = []route.Addr{ + unix.RTAX_DST: &route.Inet6Addr{IP: destination.Addr().As16()}, + unix.RTAX_NETMASK: &route.Inet6Addr{IP: netip.MustParseAddr(net.IP(net.CIDRMask(destination.Bits(), 128)).String()).As16()}, + unix.RTAX_GATEWAY: &route.Inet6Addr{IP: gateway.As16()}, + } + } + request, err := routeMessage.Marshal() + if err != nil { + return nil, err + } + + if err := useSocket(unix.AF_ROUTE, unix.SOCK_RAW, 0, func(socketFd int) error { + return common.Error(unix.Write(socketFd, request)) + }); err != nil { + return nil, err + } + + // for cleanup + return func() error { + routeMessage.Type = unix.RTM_DELETE + desc := fmt.Sprintf("to %s via %s", destination.String(), gateway.String()) + + request, err := routeMessage.Marshal() + if err != nil { + return err + } + err = useSocket(unix.AF_ROUTE, unix.SOCK_RAW, 0, func(socketFd int) error { + return common.Error(unix.Write(socketFd, request)) + }) + if err != nil { + return fmt.Errorf("unable to delete route %s: %s", desc, err) + } + return nil + }, nil +} diff --git a/tun_freebsd_gvisor.go b/tun_freebsd_gvisor.go new file mode 100644 index 0000000..45d5e38 --- /dev/null +++ b/tun_freebsd_gvisor.go @@ -0,0 +1,123 @@ +//go:build with_gvisor && freebsd + +package tun + +import ( + "github.com/metacubex/gvisor/pkg/buffer" + "github.com/metacubex/gvisor/pkg/tcpip" + "github.com/metacubex/gvisor/pkg/tcpip/header" + "github.com/metacubex/gvisor/pkg/tcpip/stack" + "github.com/sagernet/sing/common/bufio" +) + +var _ GVisorTun = (*NativeTun)(nil) + +func (t *NativeTun) NewEndpoint() (stack.LinkEndpoint, error) { + return &FreeBSDEndpoint{tun: t}, nil +} + +var _ stack.LinkEndpoint = (*FreeBSDEndpoint)(nil) + +type FreeBSDEndpoint struct { + tun *NativeTun + dispatcher stack.NetworkDispatcher +} + +func (e *FreeBSDEndpoint) Attach(dispatcher stack.NetworkDispatcher) { + if dispatcher == nil && e.dispatcher != nil { + e.dispatcher = nil + return + } + if dispatcher != nil && e.dispatcher == nil { + e.dispatcher = dispatcher + go e.dispatchLoop() + } +} + +func (e *FreeBSDEndpoint) dispatchLoop() { + packetBuffer := make([]byte, IFHEADOffset+e.tun.mtu) + for { + n, err := e.tun.tunFile.Read(packetBuffer) + if err != nil { + break + } + // remove IFHEAD here + packet := packetBuffer[IFHEADOffset:n] + var networkProtocol tcpip.NetworkProtocolNumber + switch header.IPVersion(packet) { + case header.IPv4Version: + networkProtocol = header.IPv4ProtocolNumber + if header.IPv4(packet).DestinationAddress().As4() == e.tun.inet4Address { + e.tun.tunFile.Write(packetBuffer[:n]) + continue + } + case header.IPv6Version: + networkProtocol = header.IPv6ProtocolNumber + if header.IPv6(packet).DestinationAddress().As16() == e.tun.inet6Address { + e.tun.tunFile.Write(packetBuffer[:n]) + continue + } + default: + e.tun.tunFile.Write(packetBuffer[:n]) + continue + } + pkt := stack.NewPacketBuffer(stack.PacketBufferOptions{ + Payload: buffer.MakeWithData(packetBuffer[IFHEADOffset:n]), + IsForwardedPacket: true, + }) + pkt.NetworkProtocolNumber = networkProtocol + dispatcher := e.dispatcher + if dispatcher == nil { + pkt.DecRef() + return + } + dispatcher.DeliverNetworkPacket(networkProtocol, pkt) + pkt.DecRef() + } +} + +func (e *FreeBSDEndpoint) IsAttached() bool { + return e.dispatcher != nil +} + +func (e *FreeBSDEndpoint) Wait() { +} + +func (e *FreeBSDEndpoint) Capabilities() stack.LinkEndpointCapabilities { + return stack.CapabilityRXChecksumOffload +} + +func (e *FreeBSDEndpoint) ARPHardwareType() header.ARPHardwareType { + return header.ARPHardwareNone +} + +func (e *FreeBSDEndpoint) AddHeader(buffer stack.PacketBufferPtr) { +} + +func (e *FreeBSDEndpoint) ParseHeader(ptr stack.PacketBufferPtr) bool { + return true +} + +func (e *FreeBSDEndpoint) MTU() uint32 { + return e.tun.mtu +} + +func (e *FreeBSDEndpoint) MaxHeaderLength() uint16 { + return 0 +} + +func (e *FreeBSDEndpoint) LinkAddress() tcpip.LinkAddress { + return "" +} + +func (e *FreeBSDEndpoint) WritePackets(packetBufferList stack.PacketBufferList) (int, tcpip.Error) { + var n int + for _, packet := range packetBufferList.AsSlice() { + _, err := bufio.WriteVectorised(e.tun, packet.AsSlices()) + if err != nil { + return n, &tcpip.ErrAborted{} + } + n++ + } + return n, nil +} diff --git a/tun_nondarwin.go b/tun_nondarwin.go index 0faa2c9..053b931 100644 --- a/tun_nondarwin.go +++ b/tun_nondarwin.go @@ -1,4 +1,4 @@ -//go:build !darwin +//go:build !darwin && !freebsd package tun diff --git a/tun_other.go b/tun_other.go index 1db48f9..432d26b 100644 --- a/tun_other.go +++ b/tun_other.go @@ -1,4 +1,4 @@ -//go:build !(linux || windows || darwin) +//go:build !(linux || windows || darwin || freebsd) package tun From bd87a33fa3d6576965ac73803ee44f23f29f49eb Mon Sep 17 00:00:00 2001 From: clemon Date: Fri, 8 Mar 2024 13:08:04 +0800 Subject: [PATCH 3/6] fix up: remove metacubex --- monitor_freebsd.go | 4 ---- tun_freebsd.go | 46 +++++++++++++++++++++---------------------- tun_freebsd_gvisor.go | 8 ++++---- 3 files changed, 26 insertions(+), 32 deletions(-) diff --git a/monitor_freebsd.go b/monitor_freebsd.go index 2e0aa7e..1aa3214 100644 --- a/monitor_freebsd.go +++ b/monitor_freebsd.go @@ -150,10 +150,6 @@ func (m *defaultInterfaceMonitor) checkUpdate() error { m.emit(EventInterfaceUpdate) return nil - // msg, _ := json.MarshalIndent(routeMessage, "", " ") - // fmt.Printf("def routeMessage: %s\r\n", msg) - // fmt.Printf("def interface: %s\r\n", routeInterface.Name) - } } diff --git a/tun_freebsd.go b/tun_freebsd.go index f17987f..e672496 100644 --- a/tun_freebsd.go +++ b/tun_freebsd.go @@ -3,7 +3,6 @@ package tun import ( "bytes" "encoding/binary" - "errors" "fmt" "net" "net/netip" @@ -61,19 +60,19 @@ type NativeTun struct { func New(options Options) (Tun, error) { if len(options.Name) > unix.IFNAMSIZ-1 { - return nil, errors.New("interface name too long") + return nil, E.New("tun name too long: ", options.Name) } // See if interface already exists if iface, _ := net.InterfaceByName(options.Name); iface != nil { if err := destoryIf(options.Name); err != nil { - return nil, fmt.Errorf("unable able to destory already existed interface %s: %s", options.Name, err) + return nil, E.New("unable able to destory already existed interface: ", options.Name) } } tunFile, err := os.OpenFile("/dev/tun", unix.O_RDWR|unix.O_CLOEXEC, 0) if err != nil { - return nil, err + return nil, E.New("unable able to open /dev/tun: ", err) } tun := &NativeTun{ @@ -267,7 +266,7 @@ func fdevName(theFile *os.File) (string, error) { }) if errno != 0 { - return "", fmt.Errorf("unable to get tun if name: %w", errno) + return "", os.NewSyscallError("TUNGIFNAME", errno) } return unix.ByteSliceToString(ifreq.Name[:]), nil } @@ -282,7 +281,7 @@ func enableIfHeadMode(theFile *os.File) error { }) if errno != 0 { - return fmt.Errorf("unable to put into IFHEAD mode: %w", errno) + return os.NewSyscallError("TUNSIFHEAD", errno) } return nil } @@ -296,7 +295,7 @@ func setIfMode(theFile *os.File, mode int) error { }) if errno != 0 { - return fmt.Errorf("unable to set if mode %d: %w", mode, errno) + return os.NewSyscallError("TUNSIFMODE", errno) } return nil } @@ -329,14 +328,14 @@ func disableLinkLocalV6(name string) error { _, _, errno = unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(_SIOCGIFINFO_IN6), uintptr(unsafe.Pointer(&ndireq))) if errno != 0 { - return fmt.Errorf("unable to get ND6 flags for %s: %w", name, errno) + return os.NewSyscallError("SIOCGIFINFO_IN6", errno) } ndireq.Flags = ndireq.Flags &^ _ND6_IFF_AUTO_LINKLOCAL ndireq.Flags = ndireq.Flags | _ND6_IFF_NO_DAD _, _, errno = unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(_SIOCSIFINFO_IN6), uintptr(unsafe.Pointer(&ndireq))) if errno != 0 { - return fmt.Errorf("unable to set ND6 flags for %s: %w", name, errno) + return os.NewSyscallError("SIOCSIFINFO_IN6", errno) } return nil }) @@ -359,7 +358,7 @@ func setIfName(targetIfName, name string) error { return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCSIFNAME), uintptr(unsafe.Pointer(&ifr))) if errno != 0 { - return fmt.Errorf("failed to rename %s to %s: %w", targetIfName, name, errno) + return os.NewSyscallError("SIOCSIFNAME", errno) } return nil }) @@ -372,7 +371,7 @@ func becomeCtrlProc(theFile *os.File) error { _, _, errno = unix.Syscall(unix.SYS_IOCTL, fd, _TUNSIFPID, uintptr(0)) }) if errno != 0 { - return fmt.Errorf("unable to become controlling TUN process: %w", errno) + return os.NewSyscallError("TUNSIFPID", errno) } return nil } @@ -390,7 +389,7 @@ func setMTU(ifName string, n uint32) error { return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCSIFMTU), uintptr(unsafe.Pointer(&ifr))) if errno != 0 { - return fmt.Errorf("failed to set MTU on %s: %w", ifName, errno) + return os.NewSyscallError("SIOCSIFMTU", errno) } return nil }) @@ -407,19 +406,18 @@ func getMTU(ifName string) (int, error) { }{} copy(ifr.Name[:], ifName) - err := useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { + if err := useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCGIFMTU), uintptr(unsafe.Pointer(&ifr))) if errno != 0 { - return fmt.Errorf("failed to get MTU on %s: %w", ifName, errno) + return os.NewSyscallError("SIOCGIFMTU", errno) } return nil - }) - - if err != nil { + }); err == nil { + return int(*(*int32)(unsafe.Pointer(&ifr.MTU))), nil + } else { return 0, err } - return int(*(*int32)(unsafe.Pointer(&ifr.MTU))), nil } // setIpV4 set v4 ip for specific interface, but the @@ -464,7 +462,7 @@ func setIpV4(ifName string, addresses []netip.Prefix) error { uintptr(unsafe.Pointer(&ifr)), ) if errno != 0 { - return fmt.Errorf("failed to set v4 address on interface %s: %s", ifName, errno) + return os.NewSyscallError("SIOCAIFADDR", errno) } } @@ -533,7 +531,7 @@ func setIpV6(ifName string, addresses []netip.Prefix) error { uintptr(unsafe.Pointer(&in6_ifreq)), ) if errno != 0 { - return fmt.Errorf("failed to set v6 address on interface %s: %v", ifName, errno) + return os.NewSyscallError("SIOCAIFADDR_IN6", errno) } } @@ -561,7 +559,7 @@ func ifUp(ifName string) error { uintptr(unsafe.Pointer(&ifrFlags)), ) if errno != 0 { - return fmt.Errorf("failed to activate %s interface: %v", ifName, errno) + return os.NewSyscallError("SIOCSIFFLAGS", errno) } return nil @@ -577,7 +575,7 @@ func destoryIf(name string) error { return useSocket(unix.AF_INET, unix.SOCK_DGRAM|unix.SOCK_CLOEXEC, 0, func(socketFd int) error { _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(socketFd), uintptr(unix.SIOCIFDESTROY), uintptr(unsafe.Pointer(&ifr[0]))) if errno != 0 { - return fmt.Errorf("failed to destroy interface %s: %w", name, errno) + return os.NewSyscallError("SIOCIFDESTROY", errno) } return nil @@ -661,13 +659,13 @@ func addRoute(destination netip.Prefix, gateway netip.Addr) (func() error, error request, err := routeMessage.Marshal() if err != nil { - return err + return E.New("route message marshal error: ", err) } err = useSocket(unix.AF_ROUTE, unix.SOCK_RAW, 0, func(socketFd int) error { return common.Error(unix.Write(socketFd, request)) }) if err != nil { - return fmt.Errorf("unable to delete route %s: %s", desc, err) + return E.New("unable to delete route ", desc, ": ", err) } return nil }, nil diff --git a/tun_freebsd_gvisor.go b/tun_freebsd_gvisor.go index 45d5e38..3e6b37f 100644 --- a/tun_freebsd_gvisor.go +++ b/tun_freebsd_gvisor.go @@ -3,10 +3,10 @@ package tun import ( - "github.com/metacubex/gvisor/pkg/buffer" - "github.com/metacubex/gvisor/pkg/tcpip" - "github.com/metacubex/gvisor/pkg/tcpip/header" - "github.com/metacubex/gvisor/pkg/tcpip/stack" + "github.com/sagernet/gvisor/pkg/buffer" + "github.com/sagernet/gvisor/pkg/tcpip" + "github.com/sagernet/gvisor/pkg/tcpip/header" + "github.com/sagernet/gvisor/pkg/tcpip/stack" "github.com/sagernet/sing/common/bufio" ) From 29ff4fd99172f6c3ea2565e15e686a5902355bd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Wed, 14 Feb 2024 12:51:48 +0800 Subject: [PATCH 4/6] Update gVisor to 20240206.0 --- go.mod | 2 +- go.sum | 4 ++-- stack_gvisor.go | 2 +- stack_mixed.go | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 1ba140a..db4885f 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-ole/go-ole v1.3.0 - github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e + github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 github.com/sagernet/sing v0.3.2 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 diff --git a/go.sum b/go.sum index 60db3bd..8b1035b 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE= -github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw= +github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f h1:7hj/CcCkUiC6gfhX4D+QNyodmhfurW2L2Q4qzJ1bPnI= +github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f/go.mod h1:bLmnT/4M4+yKB6F7JtRsbUr+YJ64yXwFIygjyYDFQzQ= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo= diff --git a/stack_gvisor.go b/stack_gvisor.go index ca41a37..795d963 100644 --- a/stack_gvisor.go +++ b/stack_gvisor.go @@ -122,7 +122,7 @@ func (t *GVisor) Start() error { if err != nil { return } - udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint) + udpConn := gonet.NewUDPConn(&wq, endpoint) lAddr := udpConn.RemoteAddr() rAddr := udpConn.LocalAddr() if lAddr == nil || rAddr == nil { diff --git a/stack_mixed.go b/stack_mixed.go index 811e0fd..c1abbb7 100644 --- a/stack_mixed.go +++ b/stack_mixed.go @@ -56,7 +56,7 @@ func (m *Mixed) Start() error { if err != nil { return } - udpConn := gonet.NewUDPConn(ipStack, &wq, endpoint) + udpConn := gonet.NewUDPConn(&wq, endpoint) lAddr := udpConn.RemoteAddr() rAddr := udpConn.LocalAddr() if lAddr == nil || rAddr == nil { From 8a4a81bdd8ab731107d7338863b3495fa78b0d75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 15 Mar 2024 16:10:21 +0800 Subject: [PATCH 5/6] Update gVisor to 20240212.0-65-g71212d503 --- go.mod | 8 ++++---- go.sum | 18 +++++++++--------- stack_gvisor_filter.go | 2 +- stack_gvisor_udp.go | 8 ++++---- tun_darwin_gvisor.go | 4 ++-- tun_windows_gvisor.go | 4 ++-- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index db4885f..5f6e967 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,13 @@ go 1.18 require ( github.com/fsnotify/fsnotify v1.7.0 github.com/go-ole/go-ole v1.3.0 - github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f + github.com/sagernet/gvisor v0.0.0-20240315080113-799fb6b6d311 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 - github.com/sagernet/sing v0.3.2 + github.com/sagernet/sing v0.3.6 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba - golang.org/x/net v0.21.0 - golang.org/x/sys v0.17.0 + golang.org/x/net v0.22.0 + golang.org/x/sys v0.18.0 ) require ( diff --git a/go.sum b/go.sum index 8b1035b..2670aa1 100644 --- a/go.sum +++ b/go.sum @@ -6,25 +6,25 @@ github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f h1:7hj/CcCkUiC6gfhX4D+QNyodmhfurW2L2Q4qzJ1bPnI= -github.com/sagernet/gvisor v0.0.0-20240214044702-a3d61928a32f/go.mod h1:bLmnT/4M4+yKB6F7JtRsbUr+YJ64yXwFIygjyYDFQzQ= +github.com/sagernet/gvisor v0.0.0-20240315080113-799fb6b6d311 h1:eUQ6kJZXK77xYZeeNrBb/7JMv0S0Wkk7EpmKUb3fsfc= +github.com/sagernet/gvisor v0.0.0-20240315080113-799fb6b6d311/go.mod h1:mDrXZSv401qiaFiiIUC59Zp4VG5f4nqXFqDmp5o3hYI= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= -github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo= -github.com/sagernet/sing v0.3.2/go.mod h1:qHySJ7u8po9DABtMYEkNBcOumx7ZZJf/fbv2sfTkNHE= +github.com/sagernet/sing v0.3.6 h1:dsEdYLKBQlrxUfw1a92x0VdPvR1/BOxQ+HIMyaoEJsQ= +github.com/sagernet/sing v0.3.6/go.mod h1:+60H3Cm91RnL9dpVGWDPHt0zTQImO9Vfqt9a4rSambI= github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg= github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M= go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/stack_gvisor_filter.go b/stack_gvisor_filter.go index 4b6ba98..fc6319e 100644 --- a/stack_gvisor_filter.go +++ b/stack_gvisor_filter.go @@ -32,7 +32,7 @@ type networkDispatcherFilter struct { writer N.VectorisedWriter } -func (w *networkDispatcherFilter) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt stack.PacketBufferPtr) { +func (w *networkDispatcherFilter) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) { var network header.Network if protocol == header.IPv4ProtocolNumber { if headerPackets, loaded := pkt.Data().PullUp(header.IPv4MinimumSize); loaded { diff --git a/stack_gvisor_udp.go b/stack_gvisor_udp.go index 74ce4b5..4fbb0de 100644 --- a/stack_gvisor_udp.go +++ b/stack_gvisor_udp.go @@ -42,7 +42,7 @@ func NewUDPForwarder(ctx context.Context, stack *stack.Stack, handler Handler, u } } -func (f *UDPForwarder) HandlePacket(id stack.TransportEndpointID, pkt stack.PacketBufferPtr) bool { +func (f *UDPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.PacketBuffer) bool { var upstreamMetadata M.Metadata upstreamMetadata.Source = M.SocksaddrFrom(AddrFromAddress(id.RemoteAddress), id.RemotePort) upstreamMetadata.Destination = M.SocksaddrFrom(AddrFromAddress(id.LocalAddress), id.LocalPort) @@ -174,7 +174,7 @@ func (c *gUDPConn) Close() error { return c.UDPConn.Close() } -func gWriteUnreachable(gStack *stack.Stack, packet stack.PacketBufferPtr, err error) (retErr error) { +func gWriteUnreachable(gStack *stack.Stack, packet *stack.PacketBuffer, err error) (retErr error) { if errors.Is(err, syscall.ENETUNREACH) { if packet.NetworkProtocolNumber == header.IPv4ProtocolNumber { return gWriteUnreachable4(gStack, packet, stack.RejectIPv4WithICMPNetUnreachable) @@ -197,7 +197,7 @@ func gWriteUnreachable(gStack *stack.Stack, packet stack.PacketBufferPtr, err er return nil } -func gWriteUnreachable4(gStack *stack.Stack, packet stack.PacketBufferPtr, icmpCode stack.RejectIPv4WithICMPType) error { +func gWriteUnreachable4(gStack *stack.Stack, packet *stack.PacketBuffer, icmpCode stack.RejectIPv4WithICMPType) error { err := gStack.NetworkProtocolInstance(header.IPv4ProtocolNumber).(stack.RejectIPv4WithHandler).SendRejectionError(packet, icmpCode, true) if err != nil { return wrapStackError(err) @@ -205,7 +205,7 @@ func gWriteUnreachable4(gStack *stack.Stack, packet stack.PacketBufferPtr, icmpC return nil } -func gWriteUnreachable6(gStack *stack.Stack, packet stack.PacketBufferPtr, icmpCode stack.RejectIPv6WithICMPType) error { +func gWriteUnreachable6(gStack *stack.Stack, packet *stack.PacketBuffer, icmpCode stack.RejectIPv6WithICMPType) error { err := gStack.NetworkProtocolInstance(header.IPv6ProtocolNumber).(stack.RejectIPv6WithHandler).SendRejectionError(packet, icmpCode, true) if err != nil { return wrapStackError(err) diff --git a/tun_darwin_gvisor.go b/tun_darwin_gvisor.go index a1f13ae..6d0ef4a 100644 --- a/tun_darwin_gvisor.go +++ b/tun_darwin_gvisor.go @@ -102,10 +102,10 @@ func (e *DarwinEndpoint) ARPHardwareType() header.ARPHardwareType { return header.ARPHardwareNone } -func (e *DarwinEndpoint) AddHeader(buffer stack.PacketBufferPtr) { +func (e *DarwinEndpoint) AddHeader(buffer *stack.PacketBuffer) { } -func (e *DarwinEndpoint) ParseHeader(ptr stack.PacketBufferPtr) bool { +func (e *DarwinEndpoint) ParseHeader(ptr *stack.PacketBuffer) bool { return true } diff --git a/tun_windows_gvisor.go b/tun_windows_gvisor.go index 5bea8d7..3bdf97d 100644 --- a/tun_windows_gvisor.go +++ b/tun_windows_gvisor.go @@ -99,10 +99,10 @@ func (e *WintunEndpoint) ARPHardwareType() header.ARPHardwareType { return header.ARPHardwareNone } -func (e *WintunEndpoint) AddHeader(buffer stack.PacketBufferPtr) { +func (e *WintunEndpoint) AddHeader(buffer *stack.PacketBuffer) { } -func (e *WintunEndpoint) ParseHeader(ptr stack.PacketBufferPtr) bool { +func (e *WintunEndpoint) ParseHeader(ptr *stack.PacketBuffer) bool { return true } From a760197c9b09adbd4d66dab45ff7ff4f8ba0a68e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Fri, 15 Mar 2024 16:11:02 +0800 Subject: [PATCH 6/6] Remove dependency on comshim --- go.mod | 1 - go.sum | 2 -- internal/winfw/winfw.go | 8 +++++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 5f6e967..61367e8 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,6 @@ require ( github.com/sagernet/gvisor v0.0.0-20240315080113-799fb6b6d311 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 github.com/sagernet/sing v0.3.6 - github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba golang.org/x/net v0.22.0 golang.org/x/sys v0.18.0 diff --git a/go.sum b/go.sum index 2670aa1..8b1390b 100644 --- a/go.sum +++ b/go.sum @@ -12,8 +12,6 @@ github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6E github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= github.com/sagernet/sing v0.3.6 h1:dsEdYLKBQlrxUfw1a92x0VdPvR1/BOxQ+HIMyaoEJsQ= github.com/sagernet/sing v0.3.6/go.mod h1:+60H3Cm91RnL9dpVGWDPHt0zTQImO9Vfqt9a4rSambI= -github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg= -github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= diff --git a/internal/winfw/winfw.go b/internal/winfw/winfw.go index 7798fcb..f8f17bb 100644 --- a/internal/winfw/winfw.go +++ b/internal/winfw/winfw.go @@ -12,7 +12,6 @@ import ( "github.com/go-ole/go-ole" "github.com/go-ole/go-ole/oleutil" - "github.com/scjalliance/comshim" ) // Firewall related API constants. @@ -250,7 +249,10 @@ func FirewallRuleExistsByName(rules *ole.IDispatch, name string) (bool, error) { // then: // dispatch firewallAPIRelease(u, fwp) func firewallAPIInit() (*ole.IUnknown, *ole.IDispatch, error) { - comshim.Add(1) + err := ole.CoInitializeEx(0, ole.COINIT_MULTITHREADED) + if err != nil { + return nil, nil, fmt.Errorf("Failed to initialize COM: %s", err) + } unknown, err := oleutil.CreateObject("HNetCfg.FwPolicy2") if err != nil { @@ -270,5 +272,5 @@ func firewallAPIInit() (*ole.IUnknown, *ole.IDispatch, error) { func firewallAPIRelease(u *ole.IUnknown, fwp *ole.IDispatch) { fwp.Release() u.Release() - comshim.Done() + ole.CoUninitialize() }