diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index c43e18aa..095c3e9a 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -53,9 +53,8 @@ "server_port": 8080 } }, - "experimental_fix_windows_firewall": false, - ... - // Listen Fields + + ... // Listen Fields } ``` @@ -181,10 +180,10 @@ Exclude users in route, but in range. Limit android users in route. -| Common user | ID | -|--------------|----| -| Main | 0 | -| Work Profile | 10 | +| Common user | ID | +|--------------|-----| +| Main | 0 | +| Work Profile | 10 | #### include_package @@ -202,12 +201,6 @@ Platform-specific settings, provided by client applications. System HTTP proxy settings. -#### experimental_fix_windows_firewall - -Automatically add Windows firewall rules in order for the system stack to work. - -This causes some start delays and does not work with existing firewall rules. - ### Listen Fields See [Listen Fields](/configuration/shared/listen) for details. diff --git a/docs/configuration/inbound/tun.zh.md b/docs/configuration/inbound/tun.zh.md index bcff1904..350c8d9a 100644 --- a/docs/configuration/inbound/tun.zh.md +++ b/docs/configuration/inbound/tun.zh.md @@ -53,9 +53,8 @@ "server_port": 8080 } }, - "experimental_fix_windows_firewall": false, - ... - // 监听字段 + + ... // 监听字段 } ``` @@ -179,8 +178,8 @@ TCP/IP 栈。 限制被路由的 Android 用户。 | 常用用户 | ID | -|------|----| -| 您 | 0 | +|--|-----| +| 您 | 0 | | 工作资料 | 10 | #### include_package @@ -199,12 +198,6 @@ TCP/IP 栈。 系统 HTTP 代理设置。 -#### experimental_fix_windows_firewall - -自动添加 Windows 防火墙规则,以使 system 栈正常工作。 - -这会导致一些启动延迟,并且无法与现有防火墙规则一起使用。 - ### 监听字段 参阅 [监听字段](/zh/configuration/shared/listen/)。 diff --git a/go.mod b/go.mod index 46b59ebb..9ec5f92e 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/sagernet/sing-shadowsocks v0.2.2-0.20230509053848-d83f8fe1194c github.com/sagernet/sing-shadowsocks2 v0.0.0-20230512030659-23bb92c1eb97 github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b - github.com/sagernet/sing-tun v0.1.5-0.20230509102026-91df97aee204 + github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 github.com/sagernet/tfo-go v0.0.0-20230303015439-ffcfd8c41cf9 @@ -59,6 +59,7 @@ require ( github.com/andybalholm/brotli v1.0.5 // indirect github.com/cloudflare/circl v1.2.1-0.20221019164342-6ab4dfed8f3c // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/golang/mock v1.6.0 // indirect github.com/golang/protobuf v1.5.2 // indirect @@ -80,6 +81,7 @@ require ( github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/sagernet/go-tun2socks v1.16.12-0.20220818015926-16cb67876a61 // indirect github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect + github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect diff --git a/go.sum b/go.sum index cdff2911..62859d2d 100644 --- a/go.sum +++ b/go.sum @@ -31,6 +31,8 @@ github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= github.com/go-chi/render v1.0.2 h1:4ER/udB0+fMWB2Jlf15RV3F4A2FDuYi/9f+lFttR/Lg= github.com/go-chi/render v1.0.2/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0= +github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= +github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gofrs/uuid/v5 v5.0.0 h1:p544++a97kEL+svbcFbCQVM9KFu0Yo25UoISXGNNH9M= @@ -123,8 +125,8 @@ github.com/sagernet/sing-shadowsocks2 v0.0.0-20230512030659-23bb92c1eb97 h1:Mc5d github.com/sagernet/sing-shadowsocks2 v0.0.0-20230512030659-23bb92c1eb97/go.mod h1:i6Eoor37Cy4JKBcelMMFfUVBNjqRYuvcqOBjUI3Zw80= github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b h1:ouW/6IDCrxkBe19YSbdCd7buHix7b+UZ6BM4Zz74XF4= github.com/sagernet/sing-shadowtls v0.1.2-0.20230417103049-4f682e05f19b/go.mod h1:oG8bPerYI6cZ74KquY3DvA7ynECyrILPBnce6wtBqeI= -github.com/sagernet/sing-tun v0.1.5-0.20230509102026-91df97aee204 h1:V8eGGmvyjRtFDNmarASZGsTyyXz/gc/zStSxW/knc9E= -github.com/sagernet/sing-tun v0.1.5-0.20230509102026-91df97aee204/go.mod h1:DD7Ce2Gt0GFc6I/1+Uw4D/aUlBsGqrQsC52CMK/V818= +github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e h1:fivkzQowiOPBafklJmNePBu/sr83rsY5SuSakvoJ2A0= +github.com/sagernet/sing-tun v0.1.5-0.20230520041100-b02f2529160e/go.mod h1:6yju6cNdTow38IZHwcbFA3lHnHeSd5HG/zCzHyaxScI= github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3 h1:BHOnxrbC929JonuKqFdJ7ZbDp7zs4oTlH5KFvKtWu9U= github.com/sagernet/sing-vmess v0.1.5-0.20230417103030-8c3070ae3fb3/go.mod h1:yKrAr+dqZd64DxBXCHWrYicp+n4qbqO73mtwv3dck8U= github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as= @@ -137,6 +139,8 @@ github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e h1:7uw2njHFGE+V github.com/sagernet/websocket v0.0.0-20220913015213-615516348b4e/go.mod h1:45TUl8+gH4SIKr4ykREbxKWTxkDlSzFENzctB1dVRRY= github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77 h1:g6QtRWQ2dKX7EQP++1JLNtw4C2TNxd4/ov8YUpOPOSo= github.com/sagernet/wireguard-go v0.0.0-20230420044414-a7bac1754e77/go.mod h1:pJDdXzZIwJ+2vmnT0TKzmf8meeum+e2mTDSehw79eE0= +github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg= +github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -192,6 +196,7 @@ golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/inbound/tun.go b/inbound/tun.go index d5ebd2f5..e5342355 100644 --- a/inbound/tun.go +++ b/inbound/tun.go @@ -38,7 +38,6 @@ type Tun struct { tunStack tun.Stack platformInterface platform.Interface platformOptions option.TunPlatformOptions - fixWindowsFirewall bool } func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.TunInboundOptions, platformInterface platform.Interface) (*Tun, error) { @@ -96,7 +95,6 @@ func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger stack: options.Stack, platformInterface: platformInterface, platformOptions: common.PtrValueOrDefault(options.Platform), - fixWindowsFirewall: options.ExperimentalFixWindowsFirewall, }, nil } @@ -168,20 +166,19 @@ func (t *Tun) Start() error { tunRouter = t } t.tunStack, err = tun.NewStack(t.stack, tun.StackOptions{ - Context: t.ctx, - Tun: tunInterface, - MTU: t.tunOptions.MTU, - Name: t.tunOptions.Name, - Inet4Address: t.tunOptions.Inet4Address, - Inet6Address: t.tunOptions.Inet6Address, - EndpointIndependentNat: t.endpointIndependentNat, - UDPTimeout: t.udpTimeout, - Router: tunRouter, - Handler: t, - Logger: t.logger, - ForwarderBindInterface: t.platformInterface != nil, - InterfaceFinder: t.router.InterfaceFinder(), - ExperimentalFixWindowsFirewall: t.fixWindowsFirewall, + Context: t.ctx, + Tun: tunInterface, + MTU: t.tunOptions.MTU, + Name: t.tunOptions.Name, + Inet4Address: t.tunOptions.Inet4Address, + Inet6Address: t.tunOptions.Inet6Address, + EndpointIndependentNat: t.endpointIndependentNat, + UDPTimeout: t.udpTimeout, + Router: tunRouter, + Handler: t, + Logger: t.logger, + ForwarderBindInterface: t.platformInterface != nil, + InterfaceFinder: t.router.InterfaceFinder(), }) if err != nil { return err diff --git a/option/tun.go b/option/tun.go index dc99f134..731b6eed 100644 --- a/option/tun.go +++ b/option/tun.go @@ -1,25 +1,24 @@ package option type TunInboundOptions struct { - InterfaceName string `json:"interface_name,omitempty"` - MTU uint32 `json:"mtu,omitempty"` - Inet4Address Listable[ListenPrefix] `json:"inet4_address,omitempty"` - Inet6Address Listable[ListenPrefix] `json:"inet6_address,omitempty"` - AutoRoute bool `json:"auto_route,omitempty"` - StrictRoute bool `json:"strict_route,omitempty"` - Inet4RouteAddress Listable[ListenPrefix] `json:"inet4_route_address,omitempty"` - Inet6RouteAddress Listable[ListenPrefix] `json:"inet6_route_address,omitempty"` - IncludeUID Listable[uint32] `json:"include_uid,omitempty"` - IncludeUIDRange Listable[string] `json:"include_uid_range,omitempty"` - ExcludeUID Listable[uint32] `json:"exclude_uid,omitempty"` - ExcludeUIDRange Listable[string] `json:"exclude_uid_range,omitempty"` - IncludeAndroidUser Listable[int] `json:"include_android_user,omitempty"` - IncludePackage Listable[string] `json:"include_package,omitempty"` - ExcludePackage Listable[string] `json:"exclude_package,omitempty"` - EndpointIndependentNat bool `json:"endpoint_independent_nat,omitempty"` - UDPTimeout int64 `json:"udp_timeout,omitempty"` - Stack string `json:"stack,omitempty"` - ExperimentalFixWindowsFirewall bool `json:"experimental_fix_windows_firewall,omitempty"` - Platform *TunPlatformOptions `json:"platform,omitempty"` + InterfaceName string `json:"interface_name,omitempty"` + MTU uint32 `json:"mtu,omitempty"` + Inet4Address Listable[ListenPrefix] `json:"inet4_address,omitempty"` + Inet6Address Listable[ListenPrefix] `json:"inet6_address,omitempty"` + AutoRoute bool `json:"auto_route,omitempty"` + StrictRoute bool `json:"strict_route,omitempty"` + Inet4RouteAddress Listable[ListenPrefix] `json:"inet4_route_address,omitempty"` + Inet6RouteAddress Listable[ListenPrefix] `json:"inet6_route_address,omitempty"` + IncludeUID Listable[uint32] `json:"include_uid,omitempty"` + IncludeUIDRange Listable[string] `json:"include_uid_range,omitempty"` + ExcludeUID Listable[uint32] `json:"exclude_uid,omitempty"` + ExcludeUIDRange Listable[string] `json:"exclude_uid_range,omitempty"` + IncludeAndroidUser Listable[int] `json:"include_android_user,omitempty"` + IncludePackage Listable[string] `json:"include_package,omitempty"` + ExcludePackage Listable[string] `json:"exclude_package,omitempty"` + EndpointIndependentNat bool `json:"endpoint_independent_nat,omitempty"` + UDPTimeout int64 `json:"udp_timeout,omitempty"` + Stack string `json:"stack,omitempty"` + Platform *TunPlatformOptions `json:"platform,omitempty"` InboundOptions }