SagerNet/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-04-05 04:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix Windows firewall rules and allow to disable firewall manipulation

Browse source
This commit is contained in:
dyhkwong 2025-03-04 15:04:28 +08:00
parent c8c2984261
commit e94baeac0c
3 changed files with 34 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

35
stack_system.go
View file

@ -46,6 +46,7 @@ type System struct {
interfaceFinder control.InterfaceFinder interfaceFinder control.InterfaceFinder
frontHeadroom int frontHeadroom int
txChecksumOffload bool txChecksumOffload bool
disableFirewallFix bool
} }
type Session struct { type Session struct {
@ -57,18 +58,19 @@ type Session struct {
func NewSystem(options StackOptions) (Stack, error) { func NewSystem(options StackOptions) (Stack, error) {
stack := &System{ stack := &System{
ctx: options.Context, ctx: options.Context,
tun: options.Tun, tun: options.Tun,
tunName: options.TunOptions.Name, tunName: options.TunOptions.Name,
mtu: int(options.TunOptions.MTU), mtu: int(options.TunOptions.MTU),
udpTimeout: options.UDPTimeout, udpTimeout: options.UDPTimeout,
handler: options.Handler, handler: options.Handler,
logger: options.Logger, logger: options.Logger,
inet4Prefixes: options.TunOptions.Inet4Address, inet4Prefixes: options.TunOptions.Inet4Address,
inet6Prefixes: options.TunOptions.Inet6Address, inet6Prefixes: options.TunOptions.Inet6Address,
broadcastAddr: BroadcastAddr(options.TunOptions.Inet4Address), broadcastAddr: BroadcastAddr(options.TunOptions.Inet4Address),
bindInterface: options.ForwarderBindInterface, bindInterface: options.ForwarderBindInterface,
interfaceFinder: options.InterfaceFinder, interfaceFinder: options.InterfaceFinder,
disableFirewallFix: options.TunOptions.EXP_DisableFirewallFix,
} }
if len(options.TunOptions.Inet4Address) > 0 { if len(options.TunOptions.Inet4Address) > 0 {
if !HasNextAddress(options.TunOptions.Inet4Address[0], 1) { if !HasNextAddress(options.TunOptions.Inet4Address[0], 1) {
@ -107,9 +109,12 @@ func (s *System) Start() error {
} }
func (s *System) start() error { func (s *System) start() error {
err := fixWindowsFirewall() var err error
if err != nil { if !s.disableFirewallFix {
return E.Cause(err, "fix windows firewall for system stack") err = fixWindowsFirewall()
if err != nil {
s.logger.Error(E.Cause(err, "fix windows firewall for system stack"))
}
} }
var listener net.ListenConfig var listener net.ListenConfig
if s.bindInterface { if s.bindInterface {

14
stack_system_windows.go
View file

@ -15,15 +15,25 @@ func fixWindowsFirewall() error {
if err != nil { if err != nil {
return err return err
} }
rule := winfw.FWRule{ _, err = winfw.FirewallRuleAddAdvanced(winfw.FWRule{
Name: "sing-tun (" + absPath + ")", Name: "sing-tun (" + absPath + ")",
ApplicationName: absPath, ApplicationName: absPath,
Enabled: true, Enabled: true,
Protocol: winfw.NET_FW_IP_PROTOCOL_TCP, Protocol: winfw.NET_FW_IP_PROTOCOL_TCP,
Direction: winfw.NET_FW_RULE_DIR_IN, Direction: winfw.NET_FW_RULE_DIR_IN,
Action: winfw.NET_FW_ACTION_ALLOW, Action: winfw.NET_FW_ACTION_ALLOW,
})
if err != nil {
return err
} }
_, err = winfw.FirewallRuleAddAdvanced(rule) _, err = winfw.FirewallRuleAddAdvanced(winfw.FWRule{
Name: "sing-tun UDP (" + absPath + ")",
ApplicationName: absPath,
Enabled: true,
Protocol: winfw.NET_FW_IP_PROTOCOL_UDP,
Direction: winfw.NET_FW_RULE_DIR_IN,
Action: winfw.NET_FW_ACTION_ALLOW,
})
return err return err
} }

3
tun.go
View file

@ -87,7 +87,8 @@ type Options struct {
_TXChecksumOffload bool _TXChecksumOffload bool
// For library usages. // For library usages.
EXP_DisableDNSHijack bool EXP_DisableDNSHijack bool
EXP_DisableFirewallFix bool
} }
func (o *Options) Inet4GatewayAddr() netip.Addr { func (o *Options) Inet4GatewayAddr() netip.Addr {