chore: skip icmp forwarding when destination in tun interface addr range

2026-02-26 16:57:08 +00:00 · 2025-12-08 09:54:48 +08:00
parent 6b40072bc5
commit 17b8eb8772
3 changed files with 31 additions and 9 deletions
--- a/listener/sing_tun/dns.go
+++ b/listener/sing_tun/dns.go
@@ -18,17 +18,11 @@ import (
 	"github.com/metacubex/sing/common/network"
 )

-type ListenerHandler struct {
-	*sing.ListenerHandler
-	DnsAdds               []netip.AddrPort
-	DisableICMPForwarding bool
-}
-
 func (h *ListenerHandler) ShouldHijackDns(targetAddr netip.AddrPort) bool {
 	if targetAddr.Addr().IsLoopback() && targetAddr.Port() == 53 { // cause by system stack
 		return true
 	}
-	for _, addrPort := range h.DnsAdds {
+	for _, addrPort := range h.DnsAddrPorts {
 		if addrPort == targetAddr || (addrPort.Addr().IsUnspecified() && targetAddr.Port() == 53) {
 			return true
 		}
--- a/listener/sing_tun/prepare.go
+++ b/listener/sing_tun/prepare.go
@@ -2,6 +2,7 @@ package sing_tun

 import (
 	"context"
+	"net/netip"
 	"time"

 	"github.com/metacubex/mihomo/component/dialer"
@@ -17,7 +18,7 @@ import (
 func (h *ListenerHandler) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr, routeContext tun.DirectRouteContext, timeout time.Duration) (tun.DirectRouteDestination, error) {
 	switch network {
 	case N.NetworkICMP: // our fork only send those type to PrepareConnection now
-		if h.DisableICMPForwarding || resolver.IsFakeIP(destination.Addr) { // skip fakeip and if ICMP handling is disabled
+		if h.DisableICMPForwarding || h.skipPingForwardingByAddr(destination.Addr) { // skip if ICMP handling is disabled or other condition
 			log.Infoln("[ICMP] %s %s --> %s using fake ping echo", network, source, destination)
 			return nil, nil
 		}
@@ -32,3 +33,20 @@ func (h *ListenerHandler) PrepareConnection(network string, source M.Socksaddr,
 	}
 	return nil, nil
 }
+
+func (h *ListenerHandler) skipPingForwardingByAddr(addr netip.Addr) bool {
+	for _, prefix := range h.Inet4Address { // skip in interface ipv4 range
+		if prefix.Contains(addr) {
+			return true
+		}
+	}
+	for _, prefix := range h.Inet6Address { // skip in interface ipv6 range
+		if prefix.Contains(addr) {
+			return true
+		}
+	}
+	if resolver.IsFakeIP(addr) { // skip in fakeIp pool
+		return true
+	}
+	return false
+}
--- a/listener/sing_tun/server.go
+++ b/listener/sing_tun/server.go
@@ -67,6 +67,14 @@ type Listener struct {
 	dnsServerIp []string
 }

+type ListenerHandler struct {
+	*sing.ListenerHandler
+	DnsAddrPorts          []netip.AddrPort
+	Inet4Address          []netip.Prefix
+	Inet6Address          []netip.Prefix
+	DisableICMPForwarding bool
+}
+
 var emptyAddressSet = []*netipx.IPSet{{}}

 func CalculateInterfaceName(name string) (tunName string) {
@@ -268,7 +276,9 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis

 	handler := &ListenerHandler{
 		ListenerHandler:       h,
-		DnsAdds:               dnsAdds,
+		DnsAddrPorts:          dnsAdds,
+		Inet4Address:          options.Inet4Address,
+		Inet6Address:          options.Inet6Address,
 		DisableICMPForwarding: options.DisableICMPForwarding,
 	}
 	l = &Listener{