Add ping proxy support

Author: nekohasekai

go.mod

@@ -6,14 +6,14 @@ require (
 	github.com/go-ole/go-ole v1.3.0
 	github.com/google/btree v1.1.3
 	github.com/sagernet/fswatch v0.1.1
-	github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff
+	github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
 	github.com/sagernet/nftables v0.3.0-beta.4
-	github.com/sagernet/sing v0.6.0-beta.2
+	github.com/sagernet/sing v0.6.1
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
-	golang.org/x/net v0.26.0
-	golang.org/x/sys v0.26.0
+	golang.org/x/net v0.35.0
+	golang.org/x/sys v0.30.0
 )
 
 require (

go.sum

@@ -16,28 +16,28 @@ github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8Ku
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/sagernet/fswatch v0.1.1 h1:YqID+93B7VRfqIH3PArW/XpJv5H4OLEVWDfProGoRQs=
 github.com/sagernet/fswatch v0.1.1/go.mod h1:nz85laH0mkQqJfaOrqPpkwtU1znMFNVTpT/5oRsVz/o=
-github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff h1:mlohw3360Wg1BNGook/UHnISXhUx4Gd/3tVLs5T0nSs=
-github.com/sagernet/gvisor v0.0.0-20241123041152-536d05261cff/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
+github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72 h1:Jgv6N59yiVMEwimTcFV1EVcu2Aa7R2Wh1ZAYNzWP2qA=
+github.com/sagernet/gvisor v0.0.0-20250217052116-ed66b6946f72/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNenDW2zaXr8I=
 github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
-github.com/sagernet/sing v0.6.0-beta.2 h1:Dcutp3kxrsZes9q3oTiHQhYYjQvDn5rwp1OI9fDLYwQ=
-github.com/sagernet/sing v0.6.0-beta.2/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.1 h1:mJ6e7Ir2wtCoGLbdnnXWBsNJu5YHtbXmv66inoE0zFA=
+github.com/sagernet/sing v0.6.1/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
 golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

internal/gtcpip/header/interfaces.go

@@ -86,6 +86,8 @@ type Network interface {
 	// SourceAddress returns the value of the "source address" field.
 	SourceAddress() tcpip.Address
 
+	SourceAddr() netip.Addr
+
 	// DestinationAddress returns the value of the "destination address"
 	// field.
 	DestinationAddress() tcpip.Address
@@ -98,6 +100,8 @@ type Network interface {
 	// SetSourceAddress sets the value of the "source address" field.
 	SetSourceAddress(tcpip.Address)
 
+	SetSourceAddr(netip.Addr)
+
 	// SetDestinationAddress sets the value of the "destination address"
 	// field.
 	SetDestinationAddress(tcpip.Address)

route_mapping.go

@@ -0,0 +1,48 @@
+package tun
+
+import (
+	"net/netip"
+	"time"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/contrab/freelru"
+	"github.com/sagernet/sing/contrab/maphash"
+)
+
+type DirectRouteSession struct {
+	// IPVersion uint8
+	// Network     uint8
+	Source      netip.Addr
+	Destination netip.Addr
+}
+
+type RouteMapping struct {
+	status freelru.Cache[DirectRouteSession, DirectRouteAction]
+}
+
+func NewRouteMapping(timeout time.Duration) *RouteMapping {
+	status := common.Must1(freelru.NewSharded[DirectRouteSession, DirectRouteAction](1024, maphash.NewHasher[DirectRouteSession]().Hash32))
+	status.SetHealthCheck(func(session DirectRouteSession, action DirectRouteAction) bool {
+		return !action.Timeout()
+	})
+	status.SetOnEvict(func(session DirectRouteSession, action DirectRouteAction) {
+		action.Close()
+	})
+	return &RouteMapping{status}
+}
+
+func (m *RouteMapping) Lookup(session DirectRouteSession, constructor func() DirectRouteAction) DirectRouteAction {
+	var created DirectRouteAction
+	action, updated, ok := m.status.GetAndRefreshOrAdd(session, func() (DirectRouteAction, bool) {
+		created = constructor()
+		return created, created != nil && !created.Timeout()
+	})
+	if !ok {
+		return created
+	}
+	if updated && action.Timeout() {
+		action = constructor()
+		m.status.Add(session, action)
+	}
+	return action
+}

route_nat.go

@@ -0,0 +1,109 @@
+package tun
+
+import (
+	"net/netip"
+	"sync"
+
+	"github.com/sagernet/sing-tun/internal/gtcpip/checksum"
+	"github.com/sagernet/sing-tun/internal/gtcpip/header"
+)
+
+type NatMapping struct {
+	access    sync.RWMutex
+	sessions  map[DirectRouteSession]DirectRouteContext
+	ipRewrite bool
+}
+
+func NewNatMapping(ipRewrite bool) *NatMapping {
+	return &NatMapping{
+		sessions:  make(map[DirectRouteSession]DirectRouteContext),
+		ipRewrite: ipRewrite,
+	}
+}
+
+func (m *NatMapping) CreateSession(session DirectRouteSession, context DirectRouteContext) {
+	if m.ipRewrite {
+		session.Source = netip.Addr{}
+	}
+	m.access.Lock()
+	m.sessions[session] = context
+	m.access.Unlock()
+}
+
+func (m *NatMapping) DeleteSession(session DirectRouteSession) {
+	if m.ipRewrite {
+		session.Source = netip.Addr{}
+	}
+	m.access.Lock()
+	delete(m.sessions, session)
+	m.access.Unlock()
+}
+
+func (m *NatMapping) WritePacket(packet []byte) (bool, error) {
+	var routeSession DirectRouteSession
+	switch header.IPVersion(packet) {
+	case header.IPv4Version:
+		ipHdr := header.IPv4(packet)
+		routeSession.Source = ipHdr.DestinationAddr()
+		routeSession.Destination = ipHdr.SourceAddr()
+	case header.IPv6Version:
+		ipHdr := header.IPv6(packet)
+		routeSession.Source = ipHdr.DestinationAddr()
+		routeSession.Destination = ipHdr.SourceAddr()
+	default:
+		return false, nil
+	}
+	m.access.RLock()
+	context, loaded := m.sessions[routeSession]
+	m.access.RUnlock()
+	if !loaded {
+		return false, nil
+	}
+	return true, context.WritePacket(packet)
+}
+
+type NatWriter struct {
+	inet4Address netip.Addr
+	inet6Address netip.Addr
+}
+
+func NewNatWriter(inet4Address netip.Addr, inet6Address netip.Addr) *NatWriter {
+	return &NatWriter{
+		inet4Address: inet4Address,
+		inet6Address: inet6Address,
+	}
+}
+
+func (w *NatWriter) RewritePacket(packet []byte) {
+	var ipHdr header.Network
+	var bindAddr netip.Addr
+	switch header.IPVersion(packet) {
+	case header.IPv4Version:
+		ipHdr = header.IPv4(packet)
+		bindAddr = w.inet4Address
+	case header.IPv6Version:
+		ipHdr = header.IPv6(packet)
+		bindAddr = w.inet6Address
+	default:
+		return
+	}
+	ipHdr.SetSourceAddr(bindAddr)
+	switch ipHdr.TransportProtocol() {
+	case header.ICMPv4ProtocolNumber:
+		icmpHdr := header.ICMPv4(packet)
+		icmpHdr.SetChecksum(0)
+		icmpHdr.SetChecksum(header.ICMPv4Checksum(icmpHdr[:header.ICMPv4MinimumSize], checksum.Checksum(icmpHdr.Payload(), 0)))
+	case header.ICMPv6ProtocolNumber:
+		icmpHdr := header.ICMPv6(packet)
+		icmpHdr.SetChecksum(0)
+		icmpHdr.SetChecksum(header.ICMPv6Checksum(header.ICMPv6ChecksumParams{
+			Header: icmpHdr,
+			Src:    ipHdr.SourceAddress(),
+			Dst:    ipHdr.DestinationAddress(),
+		}))
+	}
+	if ipHdr4, isIPv4 := ipHdr.(header.IPv4); isIPv4 {
+		ipHdr4.SetChecksum(0)
+		ipHdr4.SetChecksum(^ipHdr4.CalculateChecksum())
+	}
+}

route_nat_gvisor.go

@@ -0,0 +1,49 @@
+//go:build with_gvisor
+
+package tun
+
+import (
+	"github.com/sagernet/gvisor/pkg/tcpip"
+	"github.com/sagernet/gvisor/pkg/tcpip/header"
+	stack "github.com/sagernet/gvisor/pkg/tcpip/stack"
+	"github.com/sagernet/sing/common/buf"
+)
+
+type DirectRouteDestination interface {
+	DirectRouteAction
+	WritePacket(packet *buf.Buffer) error
+	WritePacketBuffer(packetBuffer *stack.PacketBuffer) error
+}
+
+func (w *NatWriter) RewritePacketBuffer(packetBuffer *stack.PacketBuffer) {
+	var bindAddr tcpip.Address
+	if packetBuffer.NetworkProtocolNumber == header.IPv4ProtocolNumber {
+		bindAddr = AddressFromAddr(w.inet4Address)
+	} else {
+		bindAddr = AddressFromAddr(w.inet6Address)
+	}
+	/*var ipHdr header.Network
+	switch packetBuffer.NetworkProtocolNumber {
+	case header.IPv4ProtocolNumber:
+		ipHdr = header.IPv4(packetBuffer.NetworkHeader().Slice())
+	case header.IPv6ProtocolNumber:
+		ipHdr = header.IPv6(packetBuffer.NetworkHeader().Slice())
+	default:
+		return
+	}*/
+	ipHdr := packetBuffer.Network()
+	oldAddr := ipHdr.SourceAddress()
+	if checksumHdr, needChecksum := ipHdr.(header.ChecksummableNetwork); needChecksum {
+		checksumHdr.SetSourceAddressWithChecksumUpdate(bindAddr)
+	} else {
+		ipHdr.SetSourceAddress(bindAddr)
+	}
+	switch packetBuffer.TransportProtocolNumber {
+	case header.TCPProtocolNumber:
+		tcpHdr := header.TCP(packetBuffer.TransportHeader().Slice())
+		tcpHdr.UpdateChecksumPseudoHeaderAddress(oldAddr, bindAddr, true)
+	case header.UDPProtocolNumber:
+		udpHdr := header.UDP(packetBuffer.TransportHeader().Slice())
+		udpHdr.UpdateChecksumPseudoHeaderAddress(oldAddr, bindAddr, true)
+	}
+}

route_nat_non_gvisor.go

@@ -0,0 +1,12 @@
+//go:build !with_gvisor
+
+package tun
+
+import (
+	"github.com/sagernet/sing/common/buf"
+)
+
+type DirectRouteDestination interface {
+	DirectRouteAction
+	WritePacket(packet *buf.Buffer) error
+}

stack_gvisor.go

@@ -72,6 +72,9 @@ func (t *GVisor) Start() error {
 	}
 	ipStack.SetTransportProtocolHandler(tcp.ProtocolNumber, NewTCPForwarder(t.ctx, ipStack, t.handler).HandlePacket)
 	ipStack.SetTransportProtocolHandler(udp.ProtocolNumber, NewUDPForwarder(t.ctx, ipStack, t.handler, t.udpTimeout).HandlePacket)
+	icmpForwarder := NewICMPForwarder(t.ctx, ipStack, t.handler, t.udpTimeout)
+	ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber4, icmpForwarder.HandlePacket)
+	ipStack.SetTransportProtocolHandler(icmp.ProtocolNumber6, icmpForwarder.HandlePacket)
 	t.stack = ipStack
 	t.endpoint = linkEndpoint
 	return nil