ping: Increate mapping capacity

ping: Fix linux route rules
2025-09-26 20:51:13 +08:00 · 2025-08-26 14:41:14 +08:00 · 2025-08-26 14:30:21 +08:00
3 changed files with 22 additions and 24 deletions
--- a/redirect_nftables.go
+++ b/redirect_nftables.go
@@ -143,12 +143,26 @@ func (r *autoRedirect) setupNFTables() error {
 			}
 		}
 		chainPreRoutingUDP := nft.AddChain(&nftables.Chain{
-			Name:     "prerouting_udp",
+			Name:     "prerouting_udp_icmp",
 			Table:    table,
 			Hooknum:  nftables.ChainHookPrerouting,
 			Priority: nftables.ChainPriorityRef(*nftables.ChainPriorityNATDest + 2),
 			Type:     nftables.ChainTypeFilter,
 		})
+		ipProto := &nftables.Set{
+			Table:     table,
+			Anonymous: true,
+			Constant:  true,
+			KeyType:   nftables.TypeInetProto,
+		}
+		err = nft.AddSet(ipProto, []nftables.SetElement{
+			{Key: []byte{unix.IPPROTO_UDP}},
+			{Key: []byte{unix.IPPROTO_ICMP}},
+			{Key: []byte{unix.IPPROTO_ICMPV6}},
+		})
+		if err != nil {
+			return err
+		}
 		nft.AddRule(&nftables.Rule{
 			Table: table,
 			Chain: chainPreRoutingUDP,
@@ -157,10 +171,11 @@ func (r *autoRedirect) setupNFTables() error {
 					Key:      expr.MetaKeyL4PROTO,
 					Register: 1,
 				},
-				&expr.Cmp{
-					Op:       expr.CmpOpNeq,
-					Register: 1,
-					Data:     []byte{unix.IPPROTO_UDP},
+				&expr.Lookup{
+					SourceRegister: 1,
+					SetID:          ipProto.ID,
+					SetName:        ipProto.Name,
+					Invert:         true,
 				},
 				&expr.Verdict{
 					Kind: expr.VerdictReturn,
--- a/route_direct.go
+++ b/route_direct.go
@@ -1,6 +1,7 @@
 package tun

 import (
+	"math"
 	"net/netip"
 	"time"

@@ -29,7 +30,7 @@ type DirectRouteMapping struct {
 }

 func NewDirectRouteMapping(timeout time.Duration) *DirectRouteMapping {
-	mapping := common.Must1(freelru.NewSharded[DirectRouteSession, DirectRouteDestination](1024, maphash.NewHasher[DirectRouteSession]().Hash32))
+	mapping := common.Must1(freelru.NewSharded[DirectRouteSession, DirectRouteDestination](math.MaxUint16, maphash.NewHasher[DirectRouteSession]().Hash32))
 	mapping.SetHealthCheck(func(session DirectRouteSession, action DirectRouteDestination) bool {
 		if action != nil {
 			return !action.IsClosed()
--- a/tun_linux.go
+++ b/tun_linux.go
@@ -816,14 +816,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
 			it.Family = unix.AF_INET
 			rules = append(rules, it)
 		}
-		if p4 && !t.options.StrictRoute {
-			it = netlink.NewRule()
-			it.Priority = priority
-			it.IPProto = syscall.IPPROTO_ICMP
-			it.Goto = nopPriority
-			it.Family = unix.AF_INET
-			rules = append(rules, it)
-		}
 		if p6 {
 			it = netlink.NewRule()
 			it.Priority = priority6
@@ -834,16 +826,6 @@ func (t *NativeTun) rules() []*netlink.Rule {
 			it.Family = unix.AF_INET6
 			rules = append(rules, it)
 		}
-
-		if p6 && !t.options.StrictRoute {
-			it = netlink.NewRule()
-			it.Priority = priority6
-			it.IPProto = syscall.IPPROTO_ICMPV6
-			it.Goto = nopPriority
-			it.Family = unix.AF_INET6
-			rules = append(rules, it)
-			priority6++
-		}
 	}
 	if p4 {
 		it = netlink.NewRule()
Author	SHA1	Message	Date
世界	a24ab73aca	ping: Increate mapping capacity	2025-08-26 14:41:14 +08:00
世界	b5f3fecc25	ping: Fix linux route rules	2025-08-26 14:30:21 +08:00