Add local redirect

nekohasekai · nekohasekai · commit 5d906c1df587 · 2025-06-09T18:51:28.000+08:00
diff --git a/stack.go b/stack.go
@@ -20,15 +20,17 @@ type Stack interface {
 }
 
 type StackOptions struct {
-	Context                context.Context
-	Tun                    Tun
-	TunOptions             Options
-	UDPTimeout             time.Duration
-	Handler                Handler
-	Logger                 logger.Logger
-	ForwarderBindInterface bool
-	IncludeAllNetworks     bool
-	InterfaceFinder        control.InterfaceFinder
+	Context                   context.Context
+	Tun                       Tun
+	TunOptions                Options
+	UDPTimeout                time.Duration
+	Inet4LocalRedirectAddress []netip.Addr
+	Inet6LocalRedirectAddress []netip.Addr
+	Handler                   Handler
+	Logger                    logger.Logger
+	ForwarderBindInterface    bool
+	IncludeAllNetworks        bool
+	InterfaceFinder           control.InterfaceFinder
 }
 
 func NewStack(
diff --git a/stack_gvisor.go b/stack_gvisor.go
@@ -26,14 +26,16 @@ const WithGVisor = true
 const DefaultNIC tcpip.NICID = 1
 
 type GVisor struct {
-	ctx           context.Context
-	tun           GVisorTun
-	udpTimeout    time.Duration
-	broadcastAddr netip.Addr
-	handler       Handler
-	logger        logger.Logger
-	stack         *stack.Stack
-	endpoint      stack.LinkEndpoint
+	ctx                       context.Context
+	tun                       GVisorTun
+	udpTimeout                time.Duration
+	inet4LocalRedirectAddress []netip.Addr
+	inet6LocalRedirectAddress []netip.Addr
+	broadcastAddr             netip.Addr
+	handler                   Handler
+	logger                    logger.Logger
+	stack                     *stack.Stack
+	endpoint                  stack.LinkEndpoint
 }
 
 type GVisorTun interface {
@@ -50,12 +52,14 @@ func NewGVisor(
 	}
 
 	gStack := &GVisor{
-		ctx:           options.Context,
-		tun:           gTun,
-		udpTimeout:    options.UDPTimeout,
-		broadcastAddr: BroadcastAddr(options.TunOptions.Inet4Address),
-		handler:       options.Handler,
-		logger:        options.Logger,
+		ctx:                       options.Context,
+		tun:                       gTun,
+		udpTimeout:                options.UDPTimeout,
+		inet4LocalRedirectAddress: options.Inet4LocalRedirectAddress,
+		inet6LocalRedirectAddress: options.Inet6LocalRedirectAddress,
+		broadcastAddr:             BroadcastAddr(options.TunOptions.Inet4Address),
+		handler:                   options.Handler,
+		logger:                    options.Logger,
 	}
 	return gStack, nil
 }
@@ -70,7 +74,7 @@ func (t *GVisor) Start() error {
 	if err != nil {
 		return err
 	}
-	ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, NewTCPForwarder(t.ctx, ipStack, t.handler).HandlePacket)
+	ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, NewTCPForwarderWithLocalRedirect(t.ctx, ipStack, t.handler, t.inet4LocalRedirectAddress, t.inet6LocalRedirectAddress, t.tun).HandlePacket)
 	ipStack.SetTransportProtocolHandler(udp.ProtocolNumber, NewUDPForwarder(t.ctx, ipStack, t.handler, t.udpTimeout).HandlePacket)
 	t.stack = ipStack
 	t.endpoint = linkEndpoint
diff --git a/stack_gvisor_tcp.go b/stack_gvisor_tcp.go
@@ -4,31 +4,75 @@ package tun
 
 import (
 	"context"
+	"net/netip"
 
+	"github.com/sagernet/gvisor/pkg/tcpip"
+	"github.com/sagernet/gvisor/pkg/tcpip/header"
 	"github.com/sagernet/gvisor/pkg/tcpip/stack"
 	"github.com/sagernet/gvisor/pkg/tcpip/transport/tcp"
+	"github.com/sagernet/sing-tun/internal/gtcpip/checksum"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/bufio"
 	M "github.com/sagernet/sing/common/metadata"
 	N "github.com/sagernet/sing/common/network"
 )
 
 type TCPForwarder struct {
-	ctx       context.Context
-	stack     *stack.Stack
-	handler   Handler
-	forwarder *tcp.Forwarder
+	ctx                       context.Context
+	stack                     *stack.Stack
+	handler                   Handler
+	inet4LocalRedirectAddress []tcpip.Address
+	inet6LocalRedirectAddress []tcpip.Address
+	tun                       GVisorTun
+	forwarder                 *tcp.Forwarder
 }
 
 func NewTCPForwarder(ctx context.Context, stack *stack.Stack, handler Handler) *TCPForwarder {
+	return NewTCPForwarderWithLocalRedirect(ctx, stack, handler, nil, nil, nil)
+}
+
+func NewTCPForwarderWithLocalRedirect(ctx context.Context, stack *stack.Stack, handler Handler, inet4LocalRedirectAddress []netip.Addr, inet6LocalRedirectAddress []netip.Addr, tun GVisorTun) *TCPForwarder {
 	forwarder := &TCPForwarder{
-		ctx:     ctx,
-		stack:   stack,
-		handler: handler,
+		ctx:                       ctx,
+		stack:                     stack,
+		handler:                   handler,
+		inet4LocalRedirectAddress: common.Map(inet4LocalRedirectAddress, AddressFromAddr),
+		inet6LocalRedirectAddress: common.Map(inet6LocalRedirectAddress, AddressFromAddr),
+		tun:                       tun,
 	}
 	forwarder.forwarder = tcp.NewForwarder(stack, 0, 1024, forwarder.Forward)
 	return forwarder
 }
 
 func (f *TCPForwarder) HandlePacket(id stack.TransportEndpointID, pkt *stack.PacketBuffer) bool {
+	for _, inet4LocalRedirectAddress := range f.inet4LocalRedirectAddress {
+		if id.LocalAddress == inet4LocalRedirectAddress {
+			ipHdr := pkt.Network().(header.IPv4)
+			ipHdr.SetDestinationAddressWithChecksumUpdate(ipHdr.SourceAddress())
+			ipHdr.SetSourceAddressWithChecksumUpdate(inet4LocalRedirectAddress)
+			tcpHdr := header.TCP(pkt.TransportHeader().Slice())
+			tcpHdr.SetChecksum(0)
+			tcpHdr.SetChecksum(^checksum.Checksum(tcpHdr.Payload(), tcpHdr.CalculateChecksum(
+				header.PseudoHeaderChecksum(header.TCPProtocolNumber, ipHdr.SourceAddress(), ipHdr.DestinationAddress(), ipHdr.PayloadLength()),
+			)))
+			bufio.WriteVectorised(f.tun, pkt.AsSlices())
+			return true
+		}
+	}
+	for _, inet6LocalRedirectAddress := range f.inet6LocalRedirectAddress {
+		if id.LocalAddress == inet6LocalRedirectAddress {
+			ipHdr := pkt.Network().(header.IPv6)
+			ipHdr.SetDestinationAddress(ipHdr.SourceAddress())
+			ipHdr.SetSourceAddress(inet6LocalRedirectAddress)
+			tcpHdr := header.TCP(pkt.TransportHeader().Slice())
+			tcpHdr.SetChecksum(0)
+			tcpHdr.SetChecksum(^checksum.Checksum(tcpHdr.Payload(), tcpHdr.CalculateChecksum(
+				header.PseudoHeaderChecksum(header.TCPProtocolNumber, ipHdr.SourceAddress(), ipHdr.DestinationAddress(), ipHdr.PayloadLength()),
+			)))
+			bufio.WriteVectorised(f.tun, pkt.AsSlices())
+			return true
+		}
+	}
 	return f.forwarder.HandlePacket(id, pkt)
 }
 
diff --git a/stack_system.go b/stack_system.go
@@ -22,30 +22,32 @@ import (
 var ErrIncludeAllNetworks = E.New("`system` and `mixed` stack are not available when `includeAllNetworks` is enabled. See https://github.com/SagerNet/sing-tun/issues/25")
 
 type System struct {
-	ctx                context.Context
-	tun                Tun
-	tunName            string
-	mtu                int
-	handler            Handler
-	logger             logger.Logger
-	inet4Prefixes      []netip.Prefix
-	inet6Prefixes      []netip.Prefix
-	inet4ServerAddress netip.Addr
-	inet4Address       netip.Addr
-	inet6ServerAddress netip.Addr
-	inet6Address       netip.Addr
-	broadcastAddr      netip.Addr
-	udpTimeout         time.Duration
-	tcpListener        net.Listener
-	tcpListener6       net.Listener
-	tcpPort            uint16
-	tcpPort6           uint16
-	tcpNat             *TCPNat
-	udpNat             *udpnat.Service
-	bindInterface      bool
-	interfaceFinder    control.InterfaceFinder
-	frontHeadroom      int
-	txChecksumOffload  bool
+	ctx                       context.Context
+	tun                       Tun
+	tunName                   string
+	mtu                       int
+	handler                   Handler
+	logger                    logger.Logger
+	inet4Prefixes             []netip.Prefix
+	inet6Prefixes             []netip.Prefix
+	inet4ServerAddress        netip.Addr
+	inet4Address              netip.Addr
+	inet6ServerAddress        netip.Addr
+	inet6Address              netip.Addr
+	broadcastAddr             netip.Addr
+	udpTimeout                time.Duration
+	inet4LocalRedirectAddress []netip.Addr
+	inet6LocalRedirectAddress []netip.Addr
+	tcpListener               net.Listener
+	tcpListener6              net.Listener
+	tcpPort                   uint16
+	tcpPort6                  uint16
+	tcpNat                    *TCPNat
+	udpNat                    *udpnat.Service
+	bindInterface             bool
+	interfaceFinder           control.InterfaceFinder
+	frontHeadroom             int
+	txChecksumOffload         bool
 }
 
 type Session struct {
@@ -57,18 +59,20 @@ type Session struct {
 
 func NewSystem(options StackOptions) (Stack, error) {
 	stack := &System{
-		ctx:             options.Context,
-		tun:             options.Tun,
-		tunName:         options.TunOptions.Name,
-		mtu:             int(options.TunOptions.MTU),
-		udpTimeout:      options.UDPTimeout,
-		handler:         options.Handler,
-		logger:          options.Logger,
-		inet4Prefixes:   options.TunOptions.Inet4Address,
-		inet6Prefixes:   options.TunOptions.Inet6Address,
-		broadcastAddr:   BroadcastAddr(options.TunOptions.Inet4Address),
-		bindInterface:   options.ForwarderBindInterface,
-		interfaceFinder: options.InterfaceFinder,
+		ctx:                       options.Context,
+		tun:                       options.Tun,
+		tunName:                   options.TunOptions.Name,
+		mtu:                       int(options.TunOptions.MTU),
+		udpTimeout:                options.UDPTimeout,
+		inet4LocalRedirectAddress: options.Inet4LocalRedirectAddress,
+		inet6LocalRedirectAddress: options.Inet6LocalRedirectAddress,
+		handler:                   options.Handler,
+		logger:                    options.Logger,
+		inet4Prefixes:             options.TunOptions.Inet4Address,
+		inet6Prefixes:             options.TunOptions.Inet6Address,
+		broadcastAddr:             BroadcastAddr(options.TunOptions.Inet4Address),
+		bindInterface:             options.ForwarderBindInterface,
+		interfaceFinder:           options.InterfaceFinder,
 	}
 	if len(options.TunOptions.Inet4Address) > 0 {
 		if !HasNextAddress(options.TunOptions.Inet4Address[0], 1) {
@@ -352,18 +356,29 @@ func (s *System) processIPv4TCP(ipHdr header.IPv4, tcpHdr header.TCP) (bool, err
 		ipHdr.SetDestinationAddr(session.Source.Addr())
 		tcpHdr.SetDestinationPort(session.Source.Port())
 	} else {
-		natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
-		if err != nil {
-			if err == ErrDrop {
-				return false, nil
-			} else {
-				return false, s.resetIPv4TCP(ipHdr, tcpHdr)
+		var localRedirect bool
+		for _, inet4LocalRedirectAddress := range s.inet4LocalRedirectAddress {
+			if destination.Addr() == inet4LocalRedirectAddress {
+				ipHdr.SetDestinationAddr(ipHdr.SourceAddr())
+				ipHdr.SetSourceAddr(inet4LocalRedirectAddress)
+				localRedirect = true
+				break
+			}
+		}
+		if !localRedirect {
+			natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
+			if err != nil {
+				if err == ErrDrop {
+					return false, nil
+				} else {
+					return false, s.resetIPv4TCP(ipHdr, tcpHdr)
+				}
 			}
+			ipHdr.SetSourceAddr(s.inet4Address)
+			tcpHdr.SetSourcePort(natPort)
+			ipHdr.SetDestinationAddr(s.inet4ServerAddress)
+			tcpHdr.SetDestinationPort(s.tcpPort)
 		}
-		ipHdr.SetSourceAddr(s.inet4Address)
-		tcpHdr.SetSourcePort(natPort)
-		ipHdr.SetDestinationAddr(s.inet4ServerAddress)
-		tcpHdr.SetDestinationPort(s.tcpPort)
 	}
 	if !s.txChecksumOffload {
 		tcpHdr.SetChecksum(0)
@@ -439,18 +454,29 @@ func (s *System) processIPv6TCP(ipHdr header.IPv6, tcpHdr header.TCP) (bool, err
 		ipHdr.SetDestinationAddr(session.Source.Addr())
 		tcpHdr.SetDestinationPort(session.Source.Port())
 	} else {
-		natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
-		if err != nil {
-			if err == ErrDrop {
-				return false, nil
-			} else {
-				return false, s.resetIPv6TCP(ipHdr, tcpHdr)
+		var localRedirect bool
+		for _, inet6LocalRedirectAddress := range s.inet6LocalRedirectAddress {
+			if destination.Addr() == inet6LocalRedirectAddress {
+				ipHdr.SetDestinationAddr(ipHdr.SourceAddr())
+				ipHdr.SetSourceAddr(inet6LocalRedirectAddress)
+				localRedirect = true
+				break
+			}
+		}
+		if !localRedirect {
+			natPort, err := s.tcpNat.Lookup(source, destination, s.handler)
+			if err != nil {
+				if err == ErrDrop {
+					return false, nil
+				} else {
+					return false, s.resetIPv6TCP(ipHdr, tcpHdr)
+				}
 			}
+			ipHdr.SetSourceAddr(s.inet6Address)
+			tcpHdr.SetSourcePort(natPort)
+			ipHdr.SetDestinationAddr(s.inet6ServerAddress)
+			tcpHdr.SetDestinationPort(s.tcpPort6)
 		}
-		ipHdr.SetSourceAddr(s.inet6Address)
-		tcpHdr.SetSourcePort(natPort)
-		ipHdr.SetDestinationAddr(s.inet6ServerAddress)
-		tcpHdr.SetDestinationPort(s.tcpPort6)
 	}
 	if !s.txChecksumOffload {
 		tcpHdr.SetChecksum(0)
