From 0b045288033d970fe648548e724c7a3565521894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Tue, 10 Mar 2026 17:54:23 +0800 Subject: [PATCH] tailscaile: Fix using TUN auto redirect with tailscale system interface --- go.mod | 2 +- go.sum | 4 +-- protocol/tailscale/endpoint.go | 34 +++++++++++++++--------- protocol/tailscale/protect_android.go | 18 ------------- protocol/tailscale/protect_nonandroid.go | 8 ------ 5 files changed, 24 insertions(+), 42 deletions(-) delete mode 100644 protocol/tailscale/protect_android.go delete mode 100644 protocol/tailscale/protect_nonandroid.go diff --git a/go.mod b/go.mod index a77d9d3db..0f6661ab2 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/sagernet/sing-tun v0.8.2 github.com/sagernet/sing-vmess v0.2.8-0.20250909125414-3aed155119a1 github.com/sagernet/smux v1.5.50-sing-box-mod.1 - github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310072802-158edadd59bd + github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310090001-e76c5dd4bd45 github.com/sagernet/wireguard-go v0.0.2-beta.1.0.20260224074747-506b7631853c github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 github.com/spf13/cobra v1.10.2 diff --git a/go.sum b/go.sum index 1d3eb5856..5d5c37608 100644 --- a/go.sum +++ b/go.sum @@ -254,8 +254,8 @@ github.com/sagernet/sing-vmess v0.2.8-0.20250909125414-3aed155119a1 h1:aSwUNYUkV github.com/sagernet/sing-vmess v0.2.8-0.20250909125414-3aed155119a1/go.mod h1:P11scgTxMxVVQ8dlM27yNm3Cro40mD0+gHbnqrNGDuY= github.com/sagernet/smux v1.5.50-sing-box-mod.1 h1:XkJcivBC9V4wBjiGXIXZ229aZCU1hzcbp6kSkkyQ478= github.com/sagernet/smux v1.5.50-sing-box-mod.1/go.mod h1:NjhsCEWedJm7eFLyhuBgIEzwfhRmytrUoiLluxs5Sk8= -github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310072802-158edadd59bd h1:WUVQsTUCr0OEWXoB6uPXaqup7SjMUFOkOHe0XBcpLn4= -github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310072802-158edadd59bd/go.mod h1:m87GAn4UcesHQF3leaPFEINZETO5za1LGn1GJdNDgNc= +github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310090001-e76c5dd4bd45 h1:J/Yn7XspzVcfSgKD30Tv3m6lqp64HwftBL6XnZMQiBI= +github.com/sagernet/tailscale v1.92.4-sing-box-1.13-mod.6.0.20260310090001-e76c5dd4bd45/go.mod h1:m87GAn4UcesHQF3leaPFEINZETO5za1LGn1GJdNDgNc= github.com/sagernet/wireguard-go v0.0.2-beta.1.0.20260224074747-506b7631853c h1:f9cXNB+IOOPnR8DOLMTpr42jf7naxh5Un5Y09BBf5Cg= github.com/sagernet/wireguard-go v0.0.2-beta.1.0.20260224074747-506b7631853c/go.mod h1:WUxgxUDZoCF2sxVmW+STSxatP02Qn3FcafTiI2BLtE0= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc= diff --git a/protocol/tailscale/endpoint.go b/protocol/tailscale/endpoint.go index 49d7428c6..730106c7a 100644 --- a/protocol/tailscale/endpoint.go +++ b/protocol/tailscale/endpoint.go @@ -48,6 +48,7 @@ import ( "github.com/sagernet/tailscale/ipn" tsDNS "github.com/sagernet/tailscale/net/dns" "github.com/sagernet/tailscale/net/netmon" + "github.com/sagernet/tailscale/net/netns" "github.com/sagernet/tailscale/net/tsaddr" tsTUN "github.com/sagernet/tailscale/net/tstun" "github.com/sagernet/tailscale/tsnet" @@ -288,9 +289,6 @@ func (t *Endpoint) Start(stage adapter.StartStage) error { } }), nil }) - if runtime.GOOS == "android" { - setAndroidProtectFunc(t.platformInterface) - } } if t.systemInterface { mtu := t.systemInterfaceMTU @@ -336,9 +334,22 @@ func (t *Endpoint) Start(stage adapter.StartStage) error { t.systemDialer = systemDialer t.server.TunDevice = wgTunDevice t.server.RouterWrapper = func(inner router.Router) router.Router { - return &exitRouteFilteringRouter{Router: inner} + return &addressOnlyRouter{Router: inner} } } + if mark := t.network.AutoRedirectOutputMark(); mark > 0 { + controlFunc := t.network.AutoRedirectOutputMarkFunc() + if bindFunc := t.network.AutoDetectInterfaceFunc(); bindFunc != nil { + controlFunc = control.Append(controlFunc, bindFunc) + } + netns.SetControlFunc(controlFunc) + } else if runtime.GOOS == "android" && t.platformInterface != nil { + netns.SetControlFunc(func(network, address string, c syscall.RawConn) error { + return control.Raw(c, func(fd uintptr) error { + return t.platformInterface.AutoDetectInterfaceControl(int(fd)) + }) + }) + } err := t.server.Start() if err != nil { if t.systemTun != nil { @@ -464,9 +475,7 @@ func (t *Endpoint) watchState() { func (t *Endpoint) Close() error { netmon.RegisterInterfaceGetter(nil) - if runtime.GOOS == "android" { - setAndroidProtectFunc(nil) - } + netns.SetControlFunc(nil) if t.fallbackTCPCloser != nil { t.fallbackTCPCloser() t.fallbackTCPCloser = nil @@ -841,16 +850,15 @@ func (c *dnsConfigurtor) Close() error { return nil } -type exitRouteFilteringRouter struct { +type addressOnlyRouter struct { router.Router } -func (r *exitRouteFilteringRouter) Set(config *router.Config) error { +func (r *addressOnlyRouter) Set(config *router.Config) error { if config != nil { - config = config.Clone() - config.Routes = common.Filter(config.Routes, func(prefix netip.Prefix) bool { - return !tsaddr.IsExitRoute(prefix) - }) + config = &router.Config{ + LocalAddrs: config.LocalAddrs, + } } return r.Router.Set(config) } diff --git a/protocol/tailscale/protect_android.go b/protocol/tailscale/protect_android.go deleted file mode 100644 index 63be868d7..000000000 --- a/protocol/tailscale/protect_android.go +++ /dev/null @@ -1,18 +0,0 @@ -//go:build with_gvisor - -package tailscale - -import ( - "github.com/sagernet/sing-box/adapter" - "github.com/sagernet/tailscale/net/netns" -) - -func setAndroidProtectFunc(platformInterface adapter.PlatformInterface) { - if platformInterface != nil { - netns.SetAndroidProtectFunc(func(fd int) error { - return platformInterface.AutoDetectInterfaceControl(fd) - }) - } else { - netns.SetAndroidProtectFunc(nil) - } -} diff --git a/protocol/tailscale/protect_nonandroid.go b/protocol/tailscale/protect_nonandroid.go deleted file mode 100644 index c2f39f1fc..000000000 --- a/protocol/tailscale/protect_nonandroid.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build with_gvisor && !android - -package tailscale - -import "github.com/sagernet/sing-box/adapter" - -func setAndroidProtectFunc(platformInterface adapter.PlatformInterface) { -}