SagerNet/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-04-04 20:37:43 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve iproute2 rules

Browse source
This commit is contained in:
世界 2024-05-30 22:25:26 +08:00
parent 9939b78c88
commit ad763519ff
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
1 changed files with 56 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

22
tun_linux.go
View file

@ -516,7 +516,7 @@ func (t *NativeTun) rules() []*netlink.Rule {
if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() { if runtime.GOOS == "android" && t.options.InterfaceMonitor.AndroidVPNEnabled() {
const protectedFromVPN = 0x20000 const protectedFromVPN = 0x20000
if p4 || t.options.StrictRoute { if p4 {
it = netlink.NewRule() it = netlink.NewRule()
if t.options.InterfaceMonitor.OverrideAndroidVPN() { if t.options.InterfaceMonitor.OverrideAndroidVPN() {
it.Mark = protectedFromVPN it.Mark = protectedFromVPN
@ -528,7 +528,7 @@ func (t *NativeTun) rules() []*netlink.Rule {
rules = append(rules, it) rules = append(rules, it)
priority++ priority++
} }
if p6 || t.options.StrictRoute { if p6 {
it = netlink.NewRule() it = netlink.NewRule()
if t.options.InterfaceMonitor.OverrideAndroidVPN() { if t.options.InterfaceMonitor.OverrideAndroidVPN() {
it.Mark = protectedFromVPN it.Mark = protectedFromVPN
@ -627,15 +627,15 @@ func (t *NativeTun) rules() []*netlink.Rule {
priority6++ priority6++
} }
} }
if p4 { if p4 {
if t.options.StrictRoute {
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority it.Priority = priority
it.Table = t.options.TableIndex it.IifName = t.options.Name
it.Goto = nopPriority
it.Family = unix.AF_INET it.Family = unix.AF_INET
rules = append(rules, it) rules = append(rules, it)
} else { priority++
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority it.Priority = priority
it.Invert = true it.Invert = true
@ -661,11 +661,9 @@ func (t *NativeTun) rules() []*netlink.Rule {
it.Family = unix.AF_INET it.Family = unix.AF_INET
rules = append(rules, it) rules = append(rules, it)
} }
}
priority++ priority++
} }
if p6 { if p6 {
if !t.options.StrictRoute {
for _, address := range t.options.Inet6Address { for _, address := range t.options.Inet6Address {
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority6 it.Priority = priority6
@ -677,6 +675,13 @@ func (t *NativeTun) rules() []*netlink.Rule {
} }
priority6++ priority6++
it = netlink.NewRule()
it.Priority = priority6
it.IifName = t.options.Name
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority6 it.Priority = priority6
it.IifName = "lo" it.IifName = "lo"
@ -694,7 +699,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
rules = append(rules, it) rules = append(rules, it)
priority6++ priority6++
}
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority6 it.Priority = priority6