SagerNet
diff --git a/‎go.mod‎
Lines changed: 6 additions & 5 deletions b/‎go.mod‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎go.sum‎
Lines changed: 12 additions & 10 deletions b/‎go.sum‎
Lines changed: 12 additions & 10 deletions
diff --git a/‎monitor_darwin.go‎
Lines changed: 3 additions & 3 deletions b/‎monitor_darwin.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎redirect.go‎
Lines changed: 20 additions & 7 deletions b/‎redirect.go‎
Lines changed: 20 additions & 7 deletions
diff --git a/‎redirect_iptables.go‎
Lines changed: 21 additions & 1 deletion b/‎redirect_iptables.go‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎redirect_linux.go‎
Lines changed: 33 additions & 2 deletions b/‎redirect_linux.go‎
Lines changed: 33 additions & 2 deletions
@@ -6,21 +6,22 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-ole/go-ole v1.3.0
 	github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f
-	github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba
-	github.com/sagernet/nftables v0.3.0-beta.2
-	github.com/sagernet/sing v0.5.0-alpha.9
+	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
+	github.com/sagernet/nftables v0.3.0-beta.4
+	github.com/sagernet/sing v0.5.0-alpha.10
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
 	golang.org/x/net v0.26.0
 	golang.org/x/sys v0.21.0
 )
 
 require (
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/mdlayher/netlink v1.7.2 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
-	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 )
@@ -5,8 +5,8 @@ github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
 github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
 github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
 github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
@@ -16,21 +16,23 @@ github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8Ku
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f h1:NkhuupzH5ch7b/Y/6ZHJWrnNLoiNnSJaow6DPb8VW2I=
 github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f/go.mod h1:KXmw+ouSJNOsuRpg4wgwwCQuunrGz4yoAqQjsLjc6N0=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba h1:EY5AS7CCtfmARNv2zXUOrsEMPFDGYxaw65JzA2p51Vk=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
-github.com/sagernet/nftables v0.3.0-beta.2 h1:yKqMl4Dpb6nKxAmlE6fXjJRlLO2c1f2wyNFBg4hBr8w=
-github.com/sagernet/nftables v0.3.0-beta.2/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
-github.com/sagernet/sing v0.5.0-alpha.9 h1:Mmg+LCbaKXBeQD/ttzi0/MQa3NcUyfadIgkGzhQW7o0=
-github.com/sagernet/sing v0.5.0-alpha.9/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
+github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
+github.com/sagernet/sing v0.5.0-alpha.10 h1:kuHl10gpjbKQAdQfyogQU3u0CVnpqC3wrAHe/+BFaXc=
+github.com/sagernet/sing v0.5.0-alpha.10/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 
@@ -154,9 +154,9 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {
 			if routeMessage.Flags&unix.RTF_GATEWAY == 0 {
 				continue
 			}
-			if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {
-				// continue
-			}
+			// if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {
+			//continue
+			//}
 			defaultInterface = routeInterface
 			break
 		}
 
@@ -3,20 +3,33 @@ package tun
 import (
 	"context"
 
+	"github.com/sagernet/sing/common/control"
 	"github.com/sagernet/sing/common/logger"
+
+	"go4.org/netipx"
+)
+
+const (
+	DefaultAutoRedirectInputMark  = 0x2023
+	DefaultAutoRedirectOutputMark = 0x2024
 )
 
 type AutoRedirect interface {
 	Start() error
 	Close() error
+	UpdateRouteAddressSet()
 }
 
 type AutoRedirectOptions struct {
-	TunOptions         *Options
-	Context            context.Context
-	Handler            Handler
-	Logger             logger.Logger
-	TableName          string
-	DisableNFTables    bool
-	CustomRedirectPort func() int
+	TunOptions             *Options
+	Context                context.Context
+	Handler                Handler
+	Logger                 logger.Logger
+	NetworkMonitor         NetworkUpdateMonitor
+	InterfaceFinder        control.InterfaceFinder
+	TableName              string
+	DisableNFTables        bool
+	CustomRedirectPort     func() int
+	RouteAddressSet        *[]*netipx.IPSet
+	RouteExcludeAddressSet *[]*netipx.IPSet
 }
@@ -29,8 +29,9 @@ func (r *autoRedirect) setupIPTables() error {
 }
 
 func (r *autoRedirect) setupIPTablesForFamily(iptablesPath string) error {
-	tableNameOutput := r.tableName + "-output"
+	tableNameInput := r.tableName + "-input"
 	tableNameForward := r.tableName + "-forward"
+	tableNameOutput := r.tableName + "-output"
 	tableNamePreRouteing := r.tableName + "-prerouting"
 	redirectPort := r.redirectPort()
 	// OUTPUT
@@ -51,6 +52,25 @@ func (r *autoRedirect) setupIPTablesForFamily(iptablesPath string) error {
 	if r.androidSu {
 		return nil
 	}
+	// INPUT
+	err = r.runShell(iptablesPath, "-N", tableNameInput)
+	if err != nil {
+		return err
+	}
+	err = r.runShell(iptablesPath, "-A", tableNameInput,
+		"-i", r.tunOptions.Name, "-j", "ACCEPT")
+	if err != nil {
+		return err
+	}
+	err = r.runShell(iptablesPath, "-A", tableNameInput,
+		"-o", r.tunOptions.Name, "-j", "ACCEPT")
+	if err != nil {
+		return err
+	}
+	err = r.runShell(iptablesPath, "-I FORWARD -j", tableNameInput)
+	if err != nil {
+		return err
+	}
 	// FORWARD
 	err = r.runShell(iptablesPath, "-N", tableNameForward)
 	if err != nil {
 
@@ -6,12 +6,17 @@ import (
 	"os"
 	"os/exec"
 	"runtime"
+	"time"
 
 	"github.com/sagernet/nftables"
 	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/control"
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing/common/x/list"
+
+	"go4.org/netipx"
 )
 
 type autoRedirect struct {
@@ -20,6 +25,10 @@ type autoRedirect struct {
 	handler                Handler
 	logger                 logger.Logger
 	tableName              string
+	networkMonitor         NetworkUpdateMonitor
+	networkListener        *list.Element[NetworkUpdateCallback]
+	interfaceFinder        control.InterfaceFinder
+	localAddresses         []netip.Prefix
 	customRedirectPortFunc func() int
 	customRedirectPort     int
 	redirectServer         *redirectServer
@@ -30,6 +39,8 @@ type autoRedirect struct {
 	useNFTables            bool
 	androidSu              bool
 	suPath                 string
+	routeAddressSet        *[]*netipx.IPSet
+	routeExcludeAddressSet *[]*netipx.IPSet
 }
 
 func NewAutoRedirect(options AutoRedirectOptions) (AutoRedirect, error) {
@@ -38,9 +49,13 @@ func NewAutoRedirect(options AutoRedirectOptions) (AutoRedirect, error) {
 		ctx:                    options.Context,
 		handler:                options.Handler,
 		logger:                 options.Logger,
+		networkMonitor:         options.NetworkMonitor,
+		interfaceFinder:        options.InterfaceFinder,
 		tableName:              options.TableName,
 		useNFTables:            runtime.GOOS != "android" && !options.DisableNFTables,
 		customRedirectPortFunc: options.CustomRedirectPort,
+		routeAddressSet:        options.RouteAddressSet,
+		routeExcludeAddressSet: options.RouteExcludeAddressSet,
 	}
 	var err error
 	if runtime.GOOS == "android" {
@@ -116,11 +131,18 @@ func (r *autoRedirect) Start() error {
 		}
 		r.redirectServer = server
 	}
+	startAt := time.Now()
+	var err error
 	if r.useNFTables {
-		return r.setupNFTables()
+		err = r.setupNFTables()
 	} else {
-		return r.setupIPTables()
+		err = r.setupIPTables()
+	}
+	if err != nil {
+		return err
 	}
+	r.logger.Debug("auto-redirect configured in ", time.Since(startAt))
+	return nil
 }
 
 func (r *autoRedirect) Close() error {
@@ -134,6 +156,15 @@ func (r *autoRedirect) Close() error {
 	)
 }
 
+func (r *autoRedirect) UpdateRouteAddressSet() {
+	if r.useNFTables {
+		err := r.nftablesUpdateRouteAddressSet()
+		if err != nil {
+			r.logger.Error("update route address set: ", err)
+		}
+	}
+}
+
 func (r *autoRedirect) initializeNFTables() error {
 	nft, err := nftables.New()
 	if err != nil {
Original file line number	Diff line number	Diff line change
`@@ -154,9 +154,9 @@ func (m *defaultInterfaceMonitor) checkUpdate() error {`
`154`	`154`	`if routeMessage.Flags&unix.RTF_GATEWAY == 0 {`
`155`	`155`	`continue`
`156`	`156`	`}`
`157`		`- if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {`
`158`		`- // continue`
`159`		`- }`
	`157`	`+ // if routeMessage.Flags&unix.RTF_IFSCOPE != 0 {`
	`158`	`+ //continue`
	`159`	`+ //}`
`160`	`160`	`defaultInterface = routeInterface`
`161`	`161`	`break`
`162`	`162`	`}`