package/sing-tun
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-tun.git synced 2025-09-27 04:55:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

ping: Fix linux route rules

Browse Source
This commit is contained in:
世界
2025-08-26 14:29:48 +08:00
parent 4fb5702443
commit b5f3fecc25
2 changed files with 20 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
redirect_nftables.go
View File

@@ -143,12 +143,26 @@ func (r *autoRedirect) setupNFTables() error {
} }
} }
chainPreRoutingUDP := nft.AddChain(&nftables.Chain{ chainPreRoutingUDP := nft.AddChain(&nftables.Chain{
Name: "prerouting_udp", Name: "prerouting_udp_icmp",
Table: table, Table: table,
Hooknum: nftables.ChainHookPrerouting, Hooknum: nftables.ChainHookPrerouting,
Priority: nftables.ChainPriorityRef(*nftables.ChainPriorityNATDest + 2), Priority: nftables.ChainPriorityRef(*nftables.ChainPriorityNATDest + 2),
Type: nftables.ChainTypeFilter, Type: nftables.ChainTypeFilter,
}) })
ipProto := &nftables.Set{
Table: table,
Anonymous: true,
Constant: true,
KeyType: nftables.TypeInetProto,
}
err = nft.AddSet(ipProto, []nftables.SetElement{
{Key: []byte{unix.IPPROTO_UDP}},
{Key: []byte{unix.IPPROTO_ICMP}},
{Key: []byte{unix.IPPROTO_ICMPV6}},
})
if err != nil {
return err
}
nft.AddRule(&nftables.Rule{ nft.AddRule(&nftables.Rule{
Table: table, Table: table,
Chain: chainPreRoutingUDP, Chain: chainPreRoutingUDP,
@@ -157,10 +171,11 @@ func (r *autoRedirect) setupNFTables() error {
Key: expr.MetaKeyL4PROTO, Key: expr.MetaKeyL4PROTO,
Register: 1, Register: 1,
}, },
&expr.Cmp{ &expr.Lookup{
Op: expr.CmpOpNeq, SourceRegister: 1,
Register: 1, SetID: ipProto.ID,
Data: []byte{unix.IPPROTO_UDP}, SetName: ipProto.Name,
Invert: true,
}, },
&expr.Verdict{ &expr.Verdict{
Kind: expr.VerdictReturn, Kind: expr.VerdictReturn,

18
tun_linux.go
View File

@@ -816,14 +816,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
it.Family = unix.AF_INET it.Family = unix.AF_INET
rules = append(rules, it) rules = append(rules, it)
} }
if p4 && !t.options.StrictRoute {
it = netlink.NewRule()
it.Priority = priority
it.IPProto = syscall.IPPROTO_ICMP
it.Goto = nopPriority
it.Family = unix.AF_INET
rules = append(rules, it)
}
if p6 { if p6 {
it = netlink.NewRule() it = netlink.NewRule()
it.Priority = priority6 it.Priority = priority6
@@ -834,16 +826,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
it.Family = unix.AF_INET6 it.Family = unix.AF_INET6
rules = append(rules, it) rules = append(rules, it)
} }
if p6 && !t.options.StrictRoute {
it = netlink.NewRule()
it.Priority = priority6
it.IPProto = syscall.IPPROTO_ICMPV6
it.Goto = nopPriority
it.Family = unix.AF_INET6
rules = append(rules, it)
priority6++
}
} }
if p4 { if p4 {
it = netlink.NewRule() it = netlink.NewRule()