修订文档, sockopt 和 utils包的代码.

netLayer/addr.go

@@ -292,6 +292,10 @@ func (a *Addr) IsEmpty() bool {
 	return a.Name == "" && len(a.IP) == 0 && a.Network == "" && a.Port == 0
 }
 
+func (a *Addr) IsIpv6() bool {
+	return a.IP.To4() == nil
+}
+
 func (a *Addr) GetNetIPAddr() (na netip.Addr) {
 	if len(a.IP) < 1 {
 		return

netLayer/dial.go

@@ -100,7 +100,7 @@ func (addr Addr) DialWithOpt(sockopt *Sockopt) (net.Conn, error) {
 	}
 	dialer.Control = func(network, address string, c syscall.RawConn) error {
 		return c.Control(func(fd uintptr) {
-			SetSockOpt(int(fd), sockopt, addr.IsUDP())
+			SetSockOpt(int(fd), sockopt, addr.IsUDP(), addr.IsIpv6())
 
 		})
 	}

netLayer/listen.go

@@ -77,7 +77,7 @@ func ListenAndAccept(network, addr string, sockopt *Sockopt, acceptFunc func(net
 		}
 
 		if sockopt != nil {
-			SetSockOptForListener(tcplistener, sockopt, false)
+			SetSockOptForListener(tcplistener, sockopt, false, ta.IP.To4() == nil)
 		}
 
 		go loopAccept(tcplistener, acceptFunc)
@@ -138,7 +138,7 @@ func (addr Addr) ListenUDP_withOpt(sockopt *Sockopt) (net.PacketConn, error) {
 	var lc net.ListenConfig
 	lc.Control = func(network, address string, c syscall.RawConn) error {
 		return c.Control(func(fd uintptr) {
-			SetSockOpt(int(fd), sockopt, true)
+			SetSockOpt(int(fd), sockopt, true, addr.IsIpv6())
 		})
 	}
 	return lc.ListenPacket(context.Background(), "udp", addr.String())

netLayer/sockopt.go

@@ -23,13 +23,13 @@ type ConnWithFile interface {
 	File() (f *os.File, err error)
 }
 
-func SetSockOptForListener(tcplistener ListenerWithFile, sockopt *Sockopt, isudp bool) {
+func SetSockOptForListener(tcplistener ListenerWithFile, sockopt *Sockopt, isudp bool, isipv6 bool) {
 	fileDescriptorSource, err := tcplistener.File()
 	if err != nil {
 		return
 	}
 	defer fileDescriptorSource.Close()
-	SetSockOpt(int(fileDescriptorSource.Fd()), sockopt, isudp)
+	SetSockOpt(int(fileDescriptorSource.Fd()), sockopt, isudp, isipv6)
 }
 
 //SetSockOpt 是平台相关的.

netLayer/sockopt_linux.go

@@ -5,7 +5,7 @@ import (
 	"syscall"
 )
 
-func SetSockOpt(fd int, sockopt *Sockopt, isudp bool) {
+func SetSockOpt(fd int, sockopt *Sockopt, isudp bool, isipv6 bool) {
 	if sockopt == nil {
 		return
 	}
@@ -18,7 +18,7 @@ func SetSockOpt(fd int, sockopt *Sockopt, isudp bool) {
 		setTproxy(int(fd))
 
 		if isudp {
-			setTproxy_udp(int(fd))
+			setTproxy_udp(int(fd), isipv6)
 		}
 	}
 
@@ -28,12 +28,15 @@ func setTproxy(fd int) error {
 	return syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_TRANSPARENT, 1)
 }
 
-func setTproxy_udp(fd int) error {
+func setTproxy_udp(fd int, isipv6 bool) error {
 	err1 := syscall.SetsockoptInt(fd, syscall.SOL_IP, syscall.IP_RECVORIGDSTADDR, 1)
 	if err1 != nil {
 		return err1
 	}
-	return syscall.SetsockoptInt(int(fd), syscall.SOL_IPV6, unix.IPV6_RECVORIGDSTADDR, 1)
+	if isipv6 {
+		return syscall.SetsockoptInt(int(fd), syscall.SOL_IPV6, unix.IPV6_RECVORIGDSTADDR, 1)
+	}
+	return nil
 }
 
 func setSomark(fd int, somark int) error {

netLayer/sockopt_other.go

@@ -3,6 +3,5 @@
 
 package netLayer
 
-func SetSockOpt(fd int, sockopt *Sockopt, isudp bool) {
-
+func SetSockOpt(fd int, sockopt *Sockopt, isudp bool, isipv6 bool) {
 }

netLayer/tproxy/tproxy_linux.go

@@ -35,6 +35,62 @@ https://github.com/FarFetchd/simple_tproxy_example/blob/master/tproxy_captive_po
 同时，trojan-go还使用了
 https://github.com/cybozu-go/transocks/blob/master/original_dst_linux.go
 
+Iptables
+
+iptables配置教程：
+https://toutyrater.github.io/app/tproxy.html
+
+下面把该教程的重要部分搬过来。
+
+
+	ip rule add fwmark 1 table 100
+	ip route add local 0.0.0.0/0 dev lo table 100
+
+	iptables -t mangle -N V2RAY
+	iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN
+	iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN
+	iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN
+	iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p tcp -j RETURN
+	iptables -t mangle -A V2RAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
+	iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
+	iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
+	iptables -t mangle -A PREROUTING -j V2RAY
+
+	iptables -t mangle -N V2RAY_MASK
+	iptables -t mangle -A V2RAY_MASK -d 224.0.0.0/4 -j RETURN
+	iptables -t mangle -A V2RAY_MASK -d 255.255.255.255/32 -j RETURN
+	iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p tcp -j RETURN
+	iptables -t mangle -A V2RAY_MASK -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
+	iptables -t mangle -A V2RAY_MASK -j RETURN -m mark --mark 0xff
+	iptables -t mangle -A V2RAY_MASK -p udp -j MARK --set-mark 1
+	iptables -t mangle -A V2RAY_MASK -p tcp -j MARK --set-mark 1
+	iptables -t mangle -A OUTPUT -j V2RAY_MASK # 应用规则
+
+
+Persistant iptables
+
+单独设置iptables，重启后会消失. 下面是持久化方法
+
+	mkdir -p /etc/iptables && iptables-save > /etc/iptables/rules.v4
+
+	vi /etc/systemd/system/tproxyrule.service
+
+	[Unit]
+	Description=Tproxy rule
+	After=network.target
+	Wants=network.target
+
+	[Service]
+
+	Type=oneshot
+	ExecStart=/sbin/ip rule add fwmark 1 table 100 ; /sbin/ip route add local 0.0.0.0/0 dev lo table 100 ; /sbin/iptables-restore /etc/iptables/rules.v4
+
+	[Install]
+	WantedBy=multi-user.target
+
+
+	systemctl enable tproxyrule
+
 */
 package tproxy
 

netLayer/tproxy/udp_linux.go

@@ -11,6 +11,8 @@ import (
 	"unsafe"
 )
 
+//credit: https://github.com/LiamHaworth/go-tproxy/blob/master/tproxy_udp.go ,  which is under MIT License
+
 // ListenUDP will construct a new UDP listener
 // socket with the Linux IP_TRANSPARENT option
 // set on the underlying socket