Add exclude route support for tun

2025-06-13 21:54:13 +08:00 · 2023-10-30 12:00:00 +08:00 · 2023-10-30 12:00:00 +08:00 · e0fb6c6485
commit e0fb6c6485
parent 77ad6b0b7c
8 changed files with 85 additions and 44 deletions
--- a/docs/configuration/inbound/tun.md
+++ b/docs/configuration/inbound/tun.md
@ -22,6 +22,12 @@
    "::/1",
    "8000::/1"
  ],
+  "inet4_route_exclude_address": [
+    "192.168.0.0/16"
+  ],
+  "inet6_route_exclude_address": [
+    "fc00::/7"
+  ],
  "endpoint_independent_nat": false,
  "stack": "system",
  "include_interface": [
@ -130,6 +136,14 @@ Use custom routes instead of default when `auto_route` is enabled.

 Use custom routes instead of default when `auto_route` is enabled.

+#### inet4_route_exclude_address
+
+Exclude custom routes when `auto_route` is enabled.
+
+#### inet6_route_exclude_address
+
+Exclude custom routes when `auto_route` is enabled.
+
 #### endpoint_independent_nat

 !!! info ""
--- a/docs/configuration/inbound/tun.zh.md
+++ b/docs/configuration/inbound/tun.zh.md
@ -22,6 +22,12 @@
    "::/1",
    "8000::/1"
  ],
+  "inet4_route_exclude_address": [
+    "192.168.0.0/16"
+  ],
+  "inet6_route_exclude_address": [
+    "fc00::/7"
+  ],
  "endpoint_independent_nat": false,
  "stack": "system",
  "include_interface": [
@ -131,6 +137,14 @@ tun 接口的 IPv6 前缀。

 启用 `auto_route` 时使用自定义路由而不是默认路由。

+#### inet4_route_exclude_address
+
+启用 `auto_route` 时排除自定义路由。
+
+#### inet6_route_exclude_address
+
+启用 `auto_route` 时排除自定义路由。
+
 #### endpoint_independent_nat

 启用独立于端点的 NAT。
--- a/experimental/libbox/service.go
+++ b/experimental/libbox/service.go
@ -115,7 +115,11 @@ func (w *platformInterfaceWrapper) OpenTun(options *tun.Options, platformOptions
 	if len(options.IncludeAndroidUser) > 0 {
 		return nil, E.New("android: unsupported android_user option")
 	}
-	tunFd, err := w.iif.OpenTun(&tunOptions{options, platformOptions})
+	routeRanges, err := options.BuildAutoRouteRanges()
+	if err != nil {
+		return nil, err
+	}
+	tunFd, err := w.iif.OpenTun(&tunOptions{options, routeRanges, platformOptions})
 	if err != nil {
 		return nil, err
 	}
--- a/experimental/libbox/tun.go
+++ b/experimental/libbox/tun.go
@ -60,6 +60,7 @@ var _ TunOptions = (*tunOptions)(nil)

 type tunOptions struct {
 	*tun.Options
+	routeRanges []netip.Prefix
 	option.TunPlatformOptions
 }

@ -91,11 +92,15 @@ func (o *tunOptions) GetStrictRoute() bool {
 }

 func (o *tunOptions) GetInet4RouteAddress() RoutePrefixIterator {
-	return mapRoutePrefix(o.Inet4RouteAddress)
+	return mapRoutePrefix(common.Filter(o.routeRanges, func(it netip.Prefix) bool {
+		return it.Addr().Is4()
+	}))
 }

 func (o *tunOptions) GetInet6RouteAddress() RoutePrefixIterator {
-	return mapRoutePrefix(o.Inet6RouteAddress)
+	return mapRoutePrefix(common.Filter(o.routeRanges, func(it netip.Prefix) bool {
+		return it.Addr().Is6()
+	}))
 }

 func (o *tunOptions) GetIncludePackage() StringIterator {
--- a/go.mod
+++ b/go.mod
@ -33,7 +33,7 @@ require (
 	github.com/sagernet/sing-shadowsocks v0.2.5
 	github.com/sagernet/sing-shadowsocks2 v0.1.4
 	github.com/sagernet/sing-shadowtls v0.1.4
-	github.com/sagernet/sing-tun v0.1.17-0.20231104000141-150b1162316c
+	github.com/sagernet/sing-tun v0.1.17-0.20231104000158-fb98efb75ca7
 	github.com/sagernet/sing-vmess v0.1.8
 	github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37
 	github.com/sagernet/tfo-go v0.0.0-20230816093905-5a5c285d44a6
--- a/go.sum
+++ b/go.sum
@ -128,8 +128,8 @@ github.com/sagernet/sing-shadowsocks2 v0.1.4 h1:vht2M8t3m5DTgXR2j24KbYOygG5aOp+M
 github.com/sagernet/sing-shadowsocks2 v0.1.4/go.mod h1:Mgdee99NxxNd5Zld3ixIs18yVs4x2dI2VTDDE1N14Wc=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.1.17-0.20231104000141-150b1162316c h1:ImeHV8svNieQhubImBFMpr0TvCt4+MEnDq0Ca/PKznc=
-github.com/sagernet/sing-tun v0.1.17-0.20231104000141-150b1162316c/go.mod h1:w2+S+uWE94E/pQWSDdDdMIjwAEb645kuGPunr6ZllUg=
+github.com/sagernet/sing-tun v0.1.17-0.20231104000158-fb98efb75ca7 h1:nrjFCUNEsDZSZlxmE+tq8OuInjXI08vNfcSJ66gTbCs=
+github.com/sagernet/sing-tun v0.1.17-0.20231104000158-fb98efb75ca7/go.mod h1:4ACZp3C6TDSy1rsMrfwtSyLrKPtm9Wm2eKHwhYIojbU=
 github.com/sagernet/sing-vmess v0.1.8 h1:XVWad1RpTy9b5tPxdm5MCU8cGfrTGdR8qCq6HV2aCNc=
 github.com/sagernet/sing-vmess v0.1.8/go.mod h1:vhx32UNzTDUkNwOyIjcZQohre1CaytquC5mPplId8uA=
 github.com/sagernet/smux v0.0.0-20230312102458-337ec2a5af37 h1:HuE6xSwco/Xed8ajZ+coeYLmioq0Qp1/Z2zczFaV8as=
--- a/inbound/tun.go
+++ b/inbound/tun.go
@ -81,6 +81,8 @@ func NewTun(ctx context.Context, router adapter.Router, logger log.ContextLogger
 			ExcludeInterface:         options.ExcludeInterface,
 			Inet4RouteAddress:        options.Inet4RouteAddress,
 			Inet6RouteAddress:        options.Inet6RouteAddress,
+			Inet4RouteExcludeAddress: options.Inet4RouteExcludeAddress,
+			Inet6RouteExcludeAddress: options.Inet6RouteExcludeAddress,
 			IncludeUID:               includeUID,
 			ExcludeUID:               excludeUID,
 			IncludeAndroidUser:       options.IncludeAndroidUser,
--- a/option/tun.go
+++ b/option/tun.go
@ -11,6 +11,8 @@ type TunInboundOptions struct {
 	StrictRoute              bool                   `json:"strict_route,omitempty"`
 	Inet4RouteAddress        Listable[netip.Prefix] `json:"inet4_route_address,omitempty"`
 	Inet6RouteAddress        Listable[netip.Prefix] `json:"inet6_route_address,omitempty"`
+	Inet4RouteExcludeAddress Listable[netip.Prefix] `json:"inet4_route_exclude_address,omitempty"`
+	Inet6RouteExcludeAddress Listable[netip.Prefix] `json:"inet6_route_exclude_address,omitempty"`
 	IncludeInterface         Listable[string]       `json:"include_interface,omitempty"`
 	ExcludeInterface         Listable[string]       `json:"exclude_interface,omitempty"`
 	IncludeUID               Listable[uint32]       `json:"include_uid,omitempty"`