auto-redirect: Add route address set support for nftables

Author: nekohasekai

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-ole/go-ole v1.3.0
 	github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f
-	github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba
+	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
 	github.com/sagernet/nftables v0.3.0-beta.2
 	github.com/sagernet/sing v0.5.0-alpha.9
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba

go.sum

@@ -16,8 +16,8 @@ github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8Ku
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f h1:NkhuupzH5ch7b/Y/6ZHJWrnNLoiNnSJaow6DPb8VW2I=
 github.com/sagernet/gvisor v0.0.0-20240428053021-e691de28565f/go.mod h1:KXmw+ouSJNOsuRpg4wgwwCQuunrGz4yoAqQjsLjc6N0=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba h1:EY5AS7CCtfmARNv2zXUOrsEMPFDGYxaw65JzA2p51Vk=
-github.com/sagernet/netlink v0.0.0-20240523065131-45e60152f9ba/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=
+github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/nftables v0.3.0-beta.2 h1:yKqMl4Dpb6nKxAmlE6fXjJRlLO2c1f2wyNFBg4hBr8w=
 github.com/sagernet/nftables v0.3.0-beta.2/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8=
 github.com/sagernet/sing v0.5.0-alpha.9 h1:Mmg+LCbaKXBeQD/ttzi0/MQa3NcUyfadIgkGzhQW7o0=

redirect.go

@@ -4,19 +4,24 @@ import (
 	"context"
 
 	"github.com/sagernet/sing/common/logger"
+
+	"go4.org/netipx"
 )
 
 type AutoRedirect interface {
 	Start() error
 	Close() error
+	UpdateRouteAddressSet() error
 }
 
 type AutoRedirectOptions struct {
-	TunOptions         *Options
-	Context            context.Context
-	Handler            Handler
-	Logger             logger.Logger
-	TableName          string
-	DisableNFTables    bool
-	CustomRedirectPort func() int
+	TunOptions             *Options
+	Context                context.Context
+	Handler                Handler
+	Logger                 logger.Logger
+	TableName              string
+	DisableNFTables        bool
+	CustomRedirectPort     func() int
+	RouteAddressSet        *[]*netipx.IPSet
+	RouteExcludeAddressSet *[]*netipx.IPSet
 }

redirect_linux.go

@@ -12,6 +12,8 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/logger"
 	M "github.com/sagernet/sing/common/metadata"
+
+	"go4.org/netipx"
 )
 
 type autoRedirect struct {
@@ -30,6 +32,8 @@ type autoRedirect struct {
 	useNFTables            bool
 	androidSu              bool
 	suPath                 string
+	routeAddressSet        *[]*netipx.IPSet
+	routeExcludeAddressSet *[]*netipx.IPSet
 }
 
 func NewAutoRedirect(options AutoRedirectOptions) (AutoRedirect, error) {
@@ -41,6 +45,8 @@ func NewAutoRedirect(options AutoRedirectOptions) (AutoRedirect, error) {
 		tableName:              options.TableName,
 		useNFTables:            runtime.GOOS != "android" && !options.DisableNFTables,
 		customRedirectPortFunc: options.CustomRedirectPort,
+		routeAddressSet:        options.RouteAddressSet,
+		routeExcludeAddressSet: options.RouteExcludeAddressSet,
 	}
 	var err error
 	if runtime.GOOS == "android" {
@@ -134,6 +140,14 @@ func (r *autoRedirect) Close() error {
 	)
 }
 
+func (r *autoRedirect) UpdateRouteAddressSet() error {
+	if r.useNFTables {
+		return r.nftablesUpdateRouteAddressSet()
+	} else {
+		return nil
+	}
+}
+
 func (r *autoRedirect) initializeNFTables() error {
 	nft, err := nftables.New()
 	if err != nil {