SagerNet/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-04-02 19:37:40 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve iproute2 rules

Browse source
This commit is contained in:
世界 2024-05-30 22:25:26 +08:00
parent 9939b78c88
commit ad763519ff
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
1 changed files with 56 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

108
tun_linux.go
View file

@ -516,7 +516,7 @@ func (t *NativeTun) rules() []*netlink.Rule {
if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() {
const protectedFromVPN = 0x20000
if p4 || t.options.StrictRoute {
if p4 {
it = netlink.NewRule()
if t.options.InterfaceMonitor.OverrideAndroidVPN() {
it.Mark = protectedFromVPN
@ -528,7 +528,7 @@ func (t *NativeTun) rules() []*netlink.Rule {
rules = append(rules, it)
priority++
}
if p6 || t.options.StrictRoute {
if p6 {
it = netlink.NewRule()
if t.options.InterfaceMonitor.OverrideAndroidVPN() {
it.Mark = protectedFromVPN
@ -627,74 +627,78 @@ func (t *NativeTun) rules() []*netlink.Rule {
priority6++
}
}
if p4 {
if t.options.StrictRoute {
it = netlink.NewRule()
it.Priority = priority
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
} else {
it = netlink.NewRule()
it.Priority = priority
it.Invert = true
it.IifName = "lo"
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
it = netlink.NewRule()
it.Priority = priority
it.IifName = t.options.Name
it.Goto = nopPriority
it.Family = unix.AF_INET
rules = append(rules, it)
priority++
it = netlink.NewRule()
it.Priority = priority
it.Invert = true
it.IifName = "lo"
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
it = netlink.NewRule()
it.Priority = priority
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.IPv4Unspecified(), 32)
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
for _, address := range t.options.Inet4Address {
it = netlink.NewRule()
it.Priority = priority
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.IPv4Unspecified(), 32)
it.Src = address.Masked()
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
for _, address := range t.options.Inet4Address {
it = netlink.NewRule()
it.Priority = priority
it.IifName = "lo"
it.Src = address.Masked()
it.Table = t.options.TableIndex
it.Family = unix.AF_INET
rules = append(rules, it)
}
}
priority++
}
if p6 {
if !t.options.StrictRoute {
for _, address := range t.options.Inet6Address {
it = netlink.NewRule()
it.Priority = priority6
it.IifName = "lo"
it.Src = address.Masked()
it.Table = t.options.TableIndex
it.Family = unix.AF_INET6
rules = append(rules, it)
}
priority6++
for _, address := range t.options.Inet6Address {
it = netlink.NewRule()
it.Priority = priority6
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.IPv6Unspecified(), 1)
it.Goto = nopPriority
it.Src = address.Masked()
it.Table = t.options.TableIndex
it.Family = unix.AF_INET6
rules = append(rules, it)
it = netlink.NewRule()
it.Priority = priority6
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.AddrFrom16([16]byte{0: 128}), 1)
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
}
priority6++
it = netlink.NewRule()
it.Priority = priority6
it.IifName = t.options.Name
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
it = netlink.NewRule()
it.Priority = priority6
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.IPv6Unspecified(), 1)
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
it = netlink.NewRule()
it.Priority = priority6
it.IifName = "lo"
it.Src = netip.PrefixFrom(netip.AddrFrom16([16]byte{0: 128}), 1)
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
it = netlink.NewRule()
it.Priority = priority6