From 6557464c97564b4f56aabc6483f2f87f6d9054aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Sat, 9 Dec 2023 20:33:39 +0800 Subject: [PATCH] Update gVisor to 20231204.0 & Update wireguard-go & Add GSO support for TUN/WireGuard --- docs/clients/android/features.md | 2 + docs/clients/apple/features.md | 46 ++++++++-------- docs/configuration/inbound/tun.md | 61 ++++++++++++++++----- docs/configuration/inbound/tun.zh.md | 56 +++++++++++++++---- docs/configuration/outbound/wireguard.md | 39 ++++++++++++- docs/configuration/outbound/wireguard.zh.md | 39 ++++++++++++- docs/installation/build-from-source.md | 26 ++++----- docs/installation/build-from-source.zh.md | 30 +++++----- go.mod | 11 ++-- go.sum | 26 ++++----- inbound/tun.go | 11 ++-- option/tun.go | 2 + option/wireguard.go | 2 + outbound/wireguard.go | 2 +- transport/wireguard/device_system.go | 42 ++++++++------ 15 files changed, 273 insertions(+), 122 deletions(-) diff --git a/docs/clients/android/features.md b/docs/clients/android/features.md index 2702e6fa..346976cc 100644 --- a/docs/clients/android/features.md +++ b/docs/clients/android/features.md @@ -18,6 +18,8 @@ SFA provides an unprivileged TUN implementation through Android VpnService. | `inet4_address` | :material-check: | / | | `inet6_address` | :material-check: | / | | `mtu` | :material-check: | / | +| `gso` | :material-close: | No permission | +| `gso_max_size` | :material-close: | No permission | | `auto_route` | :material-check: | / | | `strict_route` | :material-close: | Not implemented | | `inet4_route_address` | :material-check: | / | diff --git a/docs/clients/apple/features.md b/docs/clients/apple/features.md index 95143d98..7c7b8c9b 100644 --- a/docs/clients/apple/features.md +++ b/docs/clients/apple/features.md @@ -14,28 +14,30 @@ SFI/SFM/SFT allows you to run sing-box through NetworkExtension with Application SFI/SFM/SFT provides an unprivileged TUN implementation through NetworkExtension. -| TUN inbound option | Available | Note | -|-------------------------------|-----------|-------------------| -| `interface_name` | ✖️ | Managed by Darwin | -| `inet4_address` | ✔️ | / | -| `inet6_address` | ✔️ | / | -| `mtu` | ✔️ | / | -| `auto_route` | ✔️ | / | -| `strict_route` | ✖️ | Not implemented | -| `inet4_route_address` | ✔️ | / | -| `inet6_route_address` | ✔️ | / | -| `inet4_route_exclude_address` | ✔️ | / | -| `inet6_route_exclude_address` | ✔️ | / | -| `endpoint_independent_nat` | ✔️ | / | -| `stack` | ✔️ | / | -| `include_interface` | ✖️ | Not implemented | -| `exclude_interface` | ✖️ | Not implemented | -| `include_uid` | ✖️ | Not implemented | -| `exclude_uid` | ✖️ | Not implemented | -| `include_android_user` | ✖️ | Not implemented | -| `include_package` | ✖️ | Not implemented | -| `exclude_package` | ✖️ | Not implemented | -| `platform` | ✔️ | / | +| TUN inbound option | Available | Note | +|-------------------------------|-------------------|-------------------| +| `interface_name` | :material-close:️ | Managed by Darwin | +| `inet4_address` | :material-check: | / | +| `inet6_address` | :material-check: | / | +| `mtu` | :material-check: | / | +| `gso` | :material-close: | Not implemented | +| `gso_max_size` | :material-close: | Not implemented | +| `auto_route` | :material-check: | / | +| `strict_route` | :material-close:️ | Not implemented | +| `inet4_route_address` | :material-check: | / | +| `inet6_route_address` | :material-check: | / | +| `inet4_route_exclude_address` | :material-check: | / | +| `inet6_route_exclude_address` | :material-check: | / | +| `endpoint_independent_nat` | :material-check: | / | +| `stack` | :material-check: | / | +| `include_interface` | :material-close:️ | Not implemented | +| `exclude_interface` | :material-close:️ | Not implemented | +| `include_uid` | :material-close:️ | Not implemented | +| `exclude_uid` | :material-close:️ | Not implemented | +| `include_android_user` | :material-close:️ | Not implemented | +| `include_package` | :material-close:️ | Not implemented | +| `exclude_package` | :material-close:️ | Not implemented | +| `platform` | :material-check: | / | | Route/DNS rule option | Available | Note | |-----------------------|------------------|-----------------------| diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 00c5e050..d899bccd 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -1,3 +1,13 @@ +--- +icon: material/alert-decagram +--- + +!!! quote "Changes in sing-box 1.8.0" + + :material-plus: [gso](#gso) + :material-plus: [gso_max_size](#gso_max_size) + :material-alert-decagram: [stack](#stack) + !!! quote "" Only supported on Linux, Windows and macOS. @@ -12,6 +22,8 @@ "inet4_address": "172.19.0.1/30", "inet6_address": "fdfe:dcba:9876::1/126", "mtu": 9000, + "gso": false, + "gso_max_size": 65536, "auto_route": true, "strict_route": true, "inet4_route_address": [ @@ -98,6 +110,28 @@ IPv6 prefix for the tun interface. The maximum transmission unit. +#### gso + +!!! question "Since sing-box 1.8.0" + +!!! quote "" + + Only supported on Linux. + +Enable generic segmentation offload. + +#### gso_max_size + +!!! question "Since sing-box 1.8.0" + +!!! quote "" + + Only supported on Linux. + +Maximum GSO packet size. + +`65536` is used by default. + #### auto_route Set the default route to the Tun. @@ -160,18 +194,19 @@ UDP NAT expiration time in seconds, default is 300 (5 minutes). #### stack +!!! quote "Changes in sing-box 1.8.0" + + :material-delete-alert: The legacy LWIP stack has been deprecated and removed. + TCP/IP stack. -| Stack | Description | Status | -|--------|----------------------------------------------------------------------------------|-------------------| -| system | Sometimes better performance | recommended | -| gVisor | Better compatibility, based on [google/gvisor](https://github.com/google/gvisor) | recommended | -| mixed | Mixed `system` TCP stack and `gVisor` UDP stack | recommended | -| LWIP | Based on [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | upstream archived | +| Stack | Description | +|----------|-------------------------------------------------------------------------------------------------------| +| `system` | Perform L3 to L4 translation using the system network stack | +| `gvisor` | Perform L3 to L4 translation using [gVisor](https://github.com/google/gvisor)'s virtual network stack | +| `mixed` | Mixed `system` TCP stack and `gvisor` UDP stack | -!!! warning "" - - LWIP stacks is not included by default, see [Installation](/installation/build-from-source/#build-tags). +Defaults to the `mixed` stack if the gVisor build tag is enabled, otherwise defaults to the `system` stack. #### include_interface @@ -217,10 +252,10 @@ Exclude users in route, but in range. Limit android users in route. -| Common user | ID | -|--------------|-----| -| Main | 0 | -| Work Profile | 10 | +| Common user | ID | +|--------------|----| +| Main | 0 | +| Work Profile | 10 | #### include_package diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index d22009c2..e030587e 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -1,3 +1,13 @@ +--- +icon: material/alert-decagram +--- + +!!! quote "sing-box 1.8.0 中的更改" + + :material-plus: [gso](#gso) + :material-plus: [gso_max_size](#gso_max_size) + :material-alert-decagram: [stack](#stack) + !!! quote "" 仅支持 Linux、Windows 和 macOS。 @@ -12,6 +22,8 @@ "inet4_address": "172.19.0.1/30", "inet6_address": "fdfe:dcba:9876::1/126", "mtu": 9000, + "gso": false, + "gso_max_size": 65536, "auto_route": true, "strict_route": true, "inet4_route_address": [ @@ -98,6 +110,28 @@ tun 接口的 IPv6 前缀。 最大传输单元。 +#### gso + +!!! question "自 sing-box 1.8.0 起" + +!!! quote "" + + 仅支持 Linux。 + +启用通用分段卸载。 + +#### gso_max_size + +!!! question "自 sing-box 1.8.0 起" + +!!! quote "" + + 仅支持 Linux。 + +通用分段卸载包的最大大小。 + +默认使用 `65536`。 + #### auto_route 设置到 Tun 的默认路由。 @@ -157,17 +191,19 @@ UDP NAT 过期时间,以秒为单位,默认为 300(5 分钟)。 #### stack +!!! quote "sing-box 1.8.0 中的更改" + + :material-delete-alert: 旧的 LWIP 栈已被弃用并移除。 + TCP/IP 栈。 -| 栈 | 描述 | 状态 | -|-------------|--------------------------------------------------------------------------|-------| -| system (默认) | 有时性能更好 | 推荐 | -| gVisor | 兼容性较好,基于 [google/gvisor](https://github.com/google/gvisor) | 推荐 | -| LWIP | 基于 [eycorsican/go-tun2socks](https://github.com/eycorsican/go-tun2socks) | 上游已存档 | +| 栈 | 描述 | +|--------|------------------------------------------------------------------| +| system | 基于系统网络栈执行 L3 到 L4 转换 | +| gVisor | 基于 [gVisor](https://github.com/google/gvisor) 虚拟网络栈执行 L3 到 L4 转换 | +| mixed | 混合 `system` TCP 栈与 `gvisor` UDP 栈 | -!!! warning "" - - 默认安装不包含 LWIP 栈,参阅 [安装](/zh/installation/build-from-source/#_5)。 +默认使用 `mixed` 栈如果 gVisor 构建标记已启用,否则默认使用 `system` 栈。 #### include_interface @@ -214,8 +250,8 @@ TCP/IP 栈。 限制被路由的 Android 用户。 | 常用用户 | ID | -|--|-----| -| 您 | 0 | +|------|----| +| 您 | 0 | | 工作资料 | 10 | #### include_package diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md index 3fefb7a4..53c39c2c 100644 --- a/docs/configuration/outbound/wireguard.md +++ b/docs/configuration/outbound/wireguard.md @@ -1,3 +1,12 @@ +--- +icon: material/new-box +--- + +!!! quote "Changes in sing-box 1.8.0" + + :material-plus: [gso](#gso) + :material-plus: [gso_max_size](#gso_max_size) + ### Structure ```json @@ -8,6 +17,8 @@ "server": "127.0.0.1", "server_port": 1080, "system_interface": false, + "gso": false, + "gso_max_size": 65536, "interface_name": "wg0", "local_address": [ "10.0.0.2/32" @@ -52,15 +63,37 @@ The server port. #### system_interface -Use system tun support. +Use system interface. -Requires privilege and cannot conflict with system interfaces. +Requires privilege and cannot conflict with exists system interfaces. Forced if gVisor not included in the build. #### interface_name -Custom device name when `system_interface` enabled. +Custom interface name for system interface. + +#### gso + +!!! question "Since sing-box 1.8.0" + +!!! quote "" + + Only supported on Linux. + +Enable generic segmentation offload for system interface. + +#### gso_max_size + +!!! question "Since sing-box 1.8.0" + +!!! quote "" + + Only supported on Linux. + +Maximum GSO packet size. + +`65536` is used by default. #### local_address diff --git a/docs/configuration/outbound/wireguard.zh.md b/docs/configuration/outbound/wireguard.zh.md index 150dda6d..b416e932 100644 --- a/docs/configuration/outbound/wireguard.zh.md +++ b/docs/configuration/outbound/wireguard.zh.md @@ -1,3 +1,12 @@ +--- +icon: material/new-box +--- + +!!! quote "sing-box 1.8.0 中的更改" + + :material-plus: [gso](#gso) + :material-plus: [gso_max_size](#gso_max_size) + ### 结构 ```json @@ -8,6 +17,8 @@ "server": "127.0.0.1", "server_port": 1080, "system_interface": false, + "gso": false, + "gso_max_size": 65536, "interface_name": "wg0", "local_address": [ "10.0.0.2/32" @@ -40,15 +51,37 @@ #### system_interface -使用系统 tun 支持。 +使用系统设备。 -需要特权且不能与系统接口冲突。 +需要特权且不能与已有系统接口冲突。 如果 gVisor 未包含在构建中,则强制执行。 #### interface_name -启用 `system_interface` 时的自定义设备名称。 +为系统接口自定义设备名称。 + +#### gso + +!!! question "自 sing-box 1.8.0 起" + +!!! quote "" + + 仅支持 Linux。 + +为系统接口启用通用分段卸载。 + +#### gso_max_size + +!!! question "自 sing-box 1.8.0 起" + +!!! quote "" + + 仅支持 Linux。 + +通用分段卸载包的最大大小。 + +默认使用 `65536`。 #### local_address diff --git a/docs/installation/build-from-source.md b/docs/installation/build-from-source.md index 3f729373..5caa4fad 100644 --- a/docs/installation/build-from-source.md +++ b/docs/installation/build-from-source.md @@ -55,18 +55,18 @@ go build -tags "tag_a tag_b" ./cmd/sing-box | Build Tag | Enabled by default | Description | |------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `with_quic` | ✔ | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | -| `with_grpc` | ✖️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | -| `with_dhcp` | ✔ | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | -| `with_wireguard` | ✔ | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | -| `with_ech` | ✔ | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | -| `with_utls` | ✔ | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | -| `with_reality_server` | ✔ | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | -| `with_acme` | ✔ | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | -| `with_clash_api` | ✔ | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | -| `with_v2ray_api` | ✖️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | -| `with_gvisor` | ✔ | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | -| `with_embedded_tor` (CGO required) | ✖️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | -| `with_lwip` (CGO required) | ✖️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | +| `with_quic` | :material-check: | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | +| `with_grpc` | :material-close:️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | +| `with_dhcp` | :material-check: | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | +| `with_wireguard` | :material-check: | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | +| `with_ech` | :material-check: | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | +| `with_utls` | :material-check: | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | +| `with_reality_server` | :material-check: | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | +| `with_acme` | :material-check: | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | +| `with_clash_api` | :material-check: | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | +| `with_v2ray_api` | :material-close:️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | +| `with_gvisor` | :material-check: | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | +| `with_embedded_tor` (CGO required) | :material-close:️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | +| `with_lwip` (CGO required) | :material-close:️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | It is not recommended to change the default build tag list unless you really know what you are adding. diff --git a/docs/installation/build-from-source.zh.md b/docs/installation/build-from-source.zh.md index e67a2f94..d96196f1 100644 --- a/docs/installation/build-from-source.zh.md +++ b/docs/installation/build-from-source.zh.md @@ -53,21 +53,21 @@ go build -tags "tag_a tag_b" ./cmd/sing-box ## :material-folder-settings: 构建标记 -| 构建标记 | 默认启动 | 说明 | -|------------------------------------|------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `with_quic` | ✔ | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | -| `with_grpc` | ✖️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | -| `with_dhcp` | ✔ | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | -| `with_wireguard` | ✔ | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | -| `with_ech` | ✔ | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | -| `with_utls` | ✔ | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | -| `with_reality_server` | ✔ | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | -| `with_acme` | ✔ | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | -| `with_clash_api` | ✔ | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | -| `with_v2ray_api` | ✖️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | -| `with_gvisor` | ✔ | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | -| `with_embedded_tor` (CGO required) | ✖️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | -| `with_lwip` (CGO required) | ✖️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | +| 构建标记 | 默认启动 | 说明 | +|------------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `with_quic` | :material-check: | Build with QUIC support, see [QUIC and HTTP3 DNS transports](/configuration/dns/server), [Naive inbound](/configuration/inbound/naive), [Hysteria Inbound](/configuration/inbound/hysteria), [Hysteria Outbound](/configuration/outbound/hysteria) and [V2Ray Transport#QUIC](/configuration/shared/v2ray-transport#quic). | +| `with_grpc` | :material-close:️ | Build with standard gRPC support, see [V2Ray Transport#gRPC](/configuration/shared/v2ray-transport#grpc). | +| `with_dhcp` | :material-check: | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server). | +| `with_wireguard` | :material-check: | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard). | +| `with_ech` | :material-check: | Build with TLS ECH extension support for TLS outbound, see [TLS](/configuration/shared/tls#ech). | +| `with_utls` | :material-check: | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | +| `with_reality_server` | :material-check: | Build with reality TLS server support, see [TLS](/configuration/shared/tls). | +| `with_acme` | :material-check: | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls). | +| `with_clash_api` | :material-check: | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | +| `with_v2ray_api` | :material-close:️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | +| `with_gvisor` | :material-check: | Build with gVisor support, see [Tun inbound](/configuration/inbound/tun#stack) and [WireGuard outbound](/configuration/outbound/wireguard#system_interface). | +| `with_embedded_tor` (CGO required) | :material-close:️ | Build with embedded Tor support, see [Tor outbound](/configuration/outbound/tor). | +| `with_lwip` (CGO required) | :material-close:️ | Build with LWIP Tun stack support, see [Tun inbound](/configuration/inbound/tun#stack). | 除非您确实知道您正在启用什么,否则不建议更改默认构建标签列表。 diff --git a/go.mod b/go.mod index 58fe7a87..b1443e51 100644 --- a/go.mod +++ b/go.mod @@ -23,22 +23,22 @@ require ( github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a github.com/sagernet/cloudflare-tls v0.0.0-20231208171750-a4483c1b7cd1 github.com/sagernet/gomobile v0.1.0 - github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 + github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e github.com/sagernet/quic-go v0.40.0 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 - github.com/sagernet/sing v0.2.19-0.20231208110306-a3ce328ce759 + github.com/sagernet/sing v0.2.19-0.20231209022445-766839c00099 github.com/sagernet/sing-dns v0.1.11 github.com/sagernet/sing-mux v0.1.6-0.20231207143704-9f6c20fb5266 github.com/sagernet/sing-quic v0.1.6-0.20231207143711-eb3cbf9ed054 github.com/sagernet/sing-shadowsocks v0.2.6 github.com/sagernet/sing-shadowsocks2 v0.1.6-0.20231207143709-50439739601a github.com/sagernet/sing-shadowtls v0.1.4 - github.com/sagernet/sing-tun v0.1.23-0.20231207143707-82a810316e14 + github.com/sagernet/sing-tun v0.1.23-0.20231209160014-bbd52875baa2 github.com/sagernet/sing-vmess v0.1.8 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6 github.com/sagernet/utls v1.5.4 - github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f + github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 @@ -79,7 +79,6 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/qtls-go1-20 v0.4.1 // indirect - github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -90,7 +89,7 @@ require ( golang.org/x/exp v0.0.0-20231127185646-65229373498e // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.4.0 // indirect + golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.16.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect diff --git a/go.sum b/go.sum index 753c0c0c..6787ff0d 100644 --- a/go.sum +++ b/go.sum @@ -98,22 +98,19 @@ github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a h1:+NkI2670SQpQWvkk github.com/sagernet/bbolt v0.0.0-20231014093535-ea5cb2fe9f0a/go.mod h1:63s7jpZqcDAIpj8oI/1v4Izok+npJOHACFCU6+huCkM= github.com/sagernet/cloudflare-tls v0.0.0-20231208171750-a4483c1b7cd1 h1:YbmpqPQEMdlk9oFSKYWRqVuu9qzNiOayIonKmv1gCXY= github.com/sagernet/cloudflare-tls v0.0.0-20231208171750-a4483c1b7cd1/go.mod h1:J2yAxTFPDjrDPhuAi9aWFz2L3ox9it4qAluBBbN0H5k= -github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 h1:5+m7c6AkmAylhauulqN/c5dnh8/KssrE9c93TQrXldA= -github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61/go.mod h1:QUQ4RRHD6hGGHdFMEtR8T2P6GS6R3D/CXKdaYHKKXms= github.com/sagernet/gomobile v0.1.0 h1:ItkfnW1zyI6FLSZbe2+xhI030065Jx6zDgZSDvbXlBU= github.com/sagernet/gomobile v0.1.0/go.mod h1:Pqq2+ZVvs10U7xK+UwJgwYWUykewi8H6vlslAO73n9E= -github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930 h1:dSPgjIw0CT6ISLeEh8Q20dZMBMFCcEceo23+LncRcNQ= -github.com/sagernet/gvisor v0.0.0-20231119034329-07cfb6aaf930/go.mod h1:JpKHkOYgh4wLwrX2BhH3ZIvCvazCkTnPeEcmigZJfHY= +github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE= +github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE= github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM= github.com/sagernet/quic-go v0.40.0 h1:DvQNPb72lzvNQDe9tcUyHTw8eRv6PLtM2mNYmdlzUMo= github.com/sagernet/quic-go v0.40.0/go.mod h1:VqtdhlbkeeG5Okhb3eDMb/9o0EoglReHunNT9ukrJAI= github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc= github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU= -github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo= -github.com/sagernet/sing v0.2.19-0.20231208110306-a3ce328ce759 h1:BZfmPnZ2n0zD0YZb7UnAAaZ0Ib5riPgKvl5Jasz3LA4= -github.com/sagernet/sing v0.2.19-0.20231208110306-a3ce328ce759/go.mod h1:Ce5LNojQOgOiWhiD8pPD6E9H7e2KgtOe3Zxx4Ou5u80= +github.com/sagernet/sing v0.2.19-0.20231209022445-766839c00099 h1:q/efB3NAhVolSoBe0oDc7eZ7/72+OZITWVwn0o92Hp0= +github.com/sagernet/sing v0.2.19-0.20231209022445-766839c00099/go.mod h1:Ce5LNojQOgOiWhiD8pPD6E9H7e2KgtOe3Zxx4Ou5u80= github.com/sagernet/sing-dns v0.1.11 h1:PPrMCVVrAeR3f5X23I+cmvacXJ+kzuyAsBiWyUKhGSE= github.com/sagernet/sing-dns v0.1.11/go.mod h1:zJ/YjnYB61SYE+ubMcMqVdpaSvsyQ2iShQGO3vuLvvE= github.com/sagernet/sing-mux v0.1.6-0.20231207143704-9f6c20fb5266 h1:QqwwUyEfmOuoGVTZ2cYvUJEeSWlzunvQLRmv+9B41uk= @@ -126,20 +123,18 @@ github.com/sagernet/sing-shadowsocks2 v0.1.6-0.20231207143709-50439739601a h1:uY github.com/sagernet/sing-shadowsocks2 v0.1.6-0.20231207143709-50439739601a/go.mod h1:pjeylQ4ApvpEH7B4PUBrdyJf4xmQkg8BaIzT5fI2fR0= github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k= github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4= -github.com/sagernet/sing-tun v0.1.23-0.20231207143707-82a810316e14 h1:79d3jw/nlhy3VAIoRvMxRjcOUh7e0D8Mx0cuaBrdIC4= -github.com/sagernet/sing-tun v0.1.23-0.20231207143707-82a810316e14/go.mod h1:ygdUHhVv4ZEsu0+4rAbAAoHqzqrhvhVNxrbMryapDwI= +github.com/sagernet/sing-tun v0.1.23-0.20231209160014-bbd52875baa2 h1:8MFG9aMBRgvuluRFrBHzodgYqaycgMcSxz59+bdqgE4= +github.com/sagernet/sing-tun v0.1.23-0.20231209160014-bbd52875baa2/go.mod h1:kVYyl3GWgGfkBWwHNIjFHrC9mnbib2JydNoUMrTR1i0= github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc= github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA= github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ= github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7/go.mod h1:FP9X2xjT/Az1EsG/orYYoC+5MojWnuI7hrffz8fGwwo= github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6 h1:z3SJQhVyU63FT26Wn/UByW6b7q8QKB0ZkPqsyqcz2PI= github.com/sagernet/tfo-go v0.0.0-20231209031829-7b5343ac1dc6/go.mod h1:73xRZuxwkFk4aiLw28hG8W6o9cr2UPrGL9pdY2UTbvY= -github.com/sagernet/utls v0.0.0-20231209034649-676def3c9a3c h1:COjvpHbY2cL/yPA4bWOwejdX/8zATtcyp+8wCByGhys= -github.com/sagernet/utls v0.0.0-20231209034649-676def3c9a3c/go.mod h1:CTGxPWExIloRipK3XFpYv0OVyhO8kk3XCGW/ieyTh1s= github.com/sagernet/utls v1.5.4 h1:KmsEGbB2dKUtCNC+44NwAdNAqnqQ6GA4pTO0Yik56co= github.com/sagernet/utls v1.5.4/go.mod h1:CTGxPWExIloRipK3XFpYv0OVyhO8kk3XCGW/ieyTh1s= -github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f h1:Kvo8w8Y9lzFGB/7z09MJ3TR99TFtfI/IuY87Ygcycho= -github.com/sagernet/wireguard-go v0.0.0-20230807125731-5d4a7ef2dc5f/go.mod h1:mySs0abhpc/gLlvhoq7HP1RzOaRmIXVeZGCh++zoApk= +github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e h1:iGH0RMv2FzELOFNFQtvsxH7NPmlo7X5JizEK51UCojo= +github.com/sagernet/wireguard-go v0.0.0-20231209092712-9a439356a62e/go.mod h1:YbL4TKHRR6APYQv3U2RGfwLDpPYSyWz6oUlpISBEzBE= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854/go.mod h1:LtfoSK3+NG57tvnVEHgcuBW9ujgE8enPSgzgwStwCAA= github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg= @@ -189,7 +184,6 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -202,8 +196,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY= -golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= diff --git a/inbound/tun.go b/inbound/tun.go index f37e0825..4aa11f69 100644 --- a/inbound/tun.go +++ b/inbound/tun.go @@ -43,6 +43,10 @@ func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger if tunMTU == 0 { tunMTU = 9000 } + gsoMaxSize := options.GSOMaxSize + if gsoMaxSize == 0 { + gsoMaxSize = 65536 + } var udpTimeout int64 if options.UDPTimeout != 0 { udpTimeout = options.UDPTimeout @@ -74,6 +78,8 @@ func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger tunOptions: tun.Options{ Name: options.InterfaceName, MTU: tunMTU, + GSO: options.GSO, + GSOMaxSize: gsoMaxSize, Inet4Address: options.Inet4Address, Inet6Address: options.Inet6Address, AutoRoute: options.AutoRoute, @@ -167,10 +173,7 @@ func (t *Tun) Start() error { t.tunStack, err = tun.NewStack(t.stack, tun.StackOptions{ Context: t.ctx, Tun: tunInterface, - MTU: t.tunOptions.MTU, - Name: t.tunOptions.Name, - Inet4Address: t.tunOptions.Inet4Address, - Inet6Address: t.tunOptions.Inet6Address, + TunOptions: t.tunOptions, EndpointIndependentNat: t.endpointIndependentNat, UDPTimeout: t.udpTimeout, Handler: t, diff --git a/option/tun.go b/option/tun.go index 306d4541..51e8f915 100644 --- a/option/tun.go +++ b/option/tun.go @@ -5,6 +5,8 @@ import "net/netip" type TunInboundOptions struct { InterfaceName string `json:"interface_name,omitempty"` MTU uint32 `json:"mtu,omitempty"` + GSO bool `json:"gso,omitempty"` + GSOMaxSize uint32 `json:"gso_max_size,omitempty"` Inet4Address Listable[netip.Prefix] `json:"inet4_address,omitempty"` Inet6Address Listable[netip.Prefix] `json:"inet6_address,omitempty"` AutoRoute bool `json:"auto_route,omitempty"` diff --git a/option/wireguard.go b/option/wireguard.go index 5ede7a61..78d7d1f3 100644 --- a/option/wireguard.go +++ b/option/wireguard.go @@ -5,6 +5,8 @@ import "net/netip" type WireGuardOutboundOptions struct { DialerOptions SystemInterface bool `json:"system_interface,omitempty"` + GSO bool `json:"gso,omitempty"` + GSOMaxSize uint32 `json:"gso_max_size,omitempty"` InterfaceName string `json:"interface_name,omitempty"` LocalAddress Listable[netip.Prefix] `json:"local_address"` PrivateKey string `json:"private_key"` diff --git a/outbound/wireguard.go b/outbound/wireguard.go index e645f056..1a5e5dc5 100644 --- a/outbound/wireguard.go +++ b/outbound/wireguard.go @@ -163,7 +163,7 @@ func NewWireGuard(ctx context.Context, router adapter.Router, logger log.Context if !options.SystemInterface && tun.WithGVisor { wireTunDevice, err = wireguard.NewStackDevice(options.LocalAddress, mtu) } else { - wireTunDevice, err = wireguard.NewSystemDevice(router, options.InterfaceName, options.LocalAddress, mtu) + wireTunDevice, err = wireguard.NewSystemDevice(router, options.InterfaceName, options.LocalAddress, mtu, options.GSO, options.GSOMaxSize) } if err != nil { return nil, E.Cause(err, "create WireGuard device") diff --git a/transport/wireguard/device_system.go b/transport/wireguard/device_system.go index 98626404..e70c3f35 100644 --- a/transport/wireguard/device_system.go +++ b/transport/wireguard/device_system.go @@ -2,6 +2,7 @@ package wireguard import ( "context" + "errors" "net" "net/netip" "os" @@ -19,16 +20,17 @@ import ( var _ Device = (*SystemDevice)(nil) type SystemDevice struct { - dialer N.Dialer - device tun.Tun - name string - mtu int - events chan wgTun.Event - addr4 netip.Addr - addr6 netip.Addr + dialer N.Dialer + device tun.Tun + frontHeadroom int + name string + mtu int + events chan wgTun.Event + addr4 netip.Addr + addr6 netip.Addr } -func NewSystemDevice(router adapter.Router, interfaceName string, localPrefixes []netip.Prefix, mtu uint32) (*SystemDevice, error) { +func NewSystemDevice(router adapter.Router, interfaceName string, localPrefixes []netip.Prefix, mtu uint32, gso bool, gsoMaxsize uint32) (*SystemDevice, error) { var inet4Addresses []netip.Prefix var inet6Addresses []netip.Prefix for _, prefixes := range localPrefixes { @@ -41,11 +43,16 @@ func NewSystemDevice(router adapter.Router, interfaceName string, localPrefixes if interfaceName == "" { interfaceName = tun.CalculateInterfaceName("wg") } + if gsoMaxsize == 0 { + gsoMaxsize = 65536 + } tunInterface, err := tun.New(tun.Options{ Name: interfaceName, Inet4Address: inet4Addresses, Inet6Address: inet6Addresses, MTU: mtu, + GSO: gso, + GSOMaxSize: gsoMaxsize, }) if err != nil { return nil, err @@ -62,12 +69,13 @@ func NewSystemDevice(router adapter.Router, interfaceName string, localPrefixes dialer: common.Must1(dialer.NewDefault(router, option.DialerOptions{ BindInterface: interfaceName, })), - device: tunInterface, - name: interfaceName, - mtu: int(mtu), - events: make(chan wgTun.Event), - addr4: inet4Address, - addr6: inet6Address, + device: tunInterface, + frontHeadroom: tunInterface.FrontHeadroom(), + name: interfaceName, + mtu: int(mtu), + events: make(chan wgTun.Event), + addr4: inet4Address, + addr6: inet6Address, }, nil } @@ -97,16 +105,18 @@ func (w *SystemDevice) File() *os.File { } func (w *SystemDevice) Read(bufs [][]byte, sizes []int, offset int) (count int, err error) { - sizes[0], err = w.device.Read(bufs[0][offset-tun.PacketOffset:]) + sizes[0], err = w.device.Read(bufs[0][offset-w.frontHeadroom:]) if err == nil { count = 1 + } else if errors.Is(err, tun.ErrTooManySegments) { + err = wgTun.ErrTooManySegments } return } func (w *SystemDevice) Write(bufs [][]byte, offset int) (count int, err error) { for _, b := range bufs { - _, err = w.device.Write(b[offset:]) + _, err = w.device.Write(b[offset-w.frontHeadroom:]) if err != nil { return }