From f10805dc135ea578e3bc4e5427f6e37b92791a20 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 02:13:50 +0800
Subject: [PATCH 01/12] init: tun support with sing-tun

---
 app/cmd/client.go          |  86 +++++++++++++++
 app/go.mod                 |  18 +++-
 app/go.sum                 |  39 +++++--
 app/internal/tun/log.go    |  62 +++++++++++
 app/internal/tun/server.go | 211 +++++++++++++++++++++++++++++++++++++
 go.work.sum                |   8 +-
 6 files changed, 404 insertions(+), 20 deletions(-)
 create mode 100644 app/internal/tun/log.go
 create mode 100644 app/internal/tun/server.go

diff --git a/app/cmd/client.go b/app/cmd/client.go
index 9a785d26bb..ba92fc7c2d 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -6,11 +6,14 @@ import (
 	"encoding/hex"
 	"errors"
 	"net"
+	"net/netip"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/apernet/hysteria/app/internal/tun"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
@@ -65,6 +68,7 @@ type clientConfig struct {
 	TCPTProxy     *tcpTProxyConfig      `mapstructure:"tcpTProxy"`
 	UDPTProxy     *udpTProxyConfig      `mapstructure:"udpTProxy"`
 	TCPRedirect   *tcpRedirectConfig    `mapstructure:"tcpRedirect"`
+	TUN           *tunConfig            `mapstructure:"tun"`
 }
 
 type clientConfigTransportUDP struct {
@@ -145,6 +149,14 @@ type tcpRedirectConfig struct {
 	Listen string `mapstructure:"listen"`
 }
 
+type tunConfig struct {
+	Name       string `mapstructure:"name"`
+	MTU        uint32 `mapstructure:"mtu"`
+	UDPTimeout int64  `mapstructure:"udpTimeout"`
+	Prefix4    string `mapstructure:"prefix4"`
+	Prefix6    string `mapstructure:"prefix6"`
+}
+
 func (c *clientConfig) fillServerAddr(hyConfig *client.Config) error {
 	if c.Server == "" {
 		return configError{Field: "server", Err: errors.New("server address is empty")}
@@ -459,6 +471,11 @@ func runClient(cmd *cobra.Command, args []string) {
 			return clientTCPRedirect(*config.TCPRedirect, c)
 		})
 	}
+	if config.TUN != nil {
+		runner.Add("TUN", func() error {
+			return clientTUN(*config.TUN, c)
+		})
+	}
 
 	runner.Run()
 }
@@ -656,6 +673,49 @@ func clientTCPRedirect(config tcpRedirectConfig, c client.Client) error {
 	return p.ListenAndServe(laddr)
 }
 
+func clientTUN(config tunConfig, c client.Client) error {
+	if config.Name == "" {
+		return configError{Field: "name", Err: errors.New("name is empty")}
+	}
+	if config.MTU == 0 {
+		config.MTU = 1500
+	}
+	if config.UDPTimeout == 0 {
+		config.UDPTimeout = 300
+	}
+	if config.Prefix4 == "" {
+		config.Prefix4 = "100.100.100.101/30"
+	}
+	prefix4, err := netip.ParsePrefix(config.Prefix4)
+	if err != nil {
+		return configError{Field: "prefix4", Err: err}
+	}
+	if config.Prefix6 == "" {
+		config.Prefix6 = "2001::ffff:ffff:ffff:fff0/127"
+	}
+	prefix6, err := netip.ParsePrefix(config.Prefix6)
+	if err != nil {
+		return configError{Field: "prefix6", Err: err}
+	}
+	server := &tun.Server{
+		HyClient:     c,
+		EventLogger:  &tunLogger{},
+		Logger:       logger,
+		IfName:       config.Name,
+		MTU:          config.MTU,
+		UDPTimeout:   config.UDPTimeout,
+		Inet4Address: []netip.Prefix{prefix4},
+		Inet6Address: []netip.Prefix{prefix6},
+	}
+	err = server.Start()
+	if err != nil {
+		return err
+	}
+	logger.Info("TUN listening", zap.String("interface", config.Name))
+	// Block forever as sing-tun routine is running in the background
+	select {}
+}
+
 // parseServerAddrString parses server address string.
 // Server address can be in either "host:port" or "host" format (in which case we assume port 443).
 func parseServerAddrString(addrStr string) (host, port, hostPort string) {
@@ -826,3 +886,29 @@ func (l *tcpRedirectLogger) Error(addr, reqAddr net.Addr, err error) {
 		logger.Error("TCP redirect error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()), zap.Error(err))
 	}
 }
+
+type tunLogger struct{}
+
+func (l *tunLogger) TCPRequest(addr, reqAddr string) {
+	logger.Debug("TUN TCP request", zap.String("addr", addr), zap.String("reqAddr", reqAddr))
+}
+
+func (l *tunLogger) TCPError(addr, reqAddr string, err error) {
+	if err == nil {
+		logger.Debug("TUN TCP closed", zap.String("addr", addr), zap.String("reqAddr", reqAddr))
+	} else {
+		logger.Error("TUN TCP error", zap.String("addr", addr), zap.String("reqAddr", reqAddr), zap.Error(err))
+	}
+}
+
+func (l *tunLogger) UDPRequest(addr string) {
+	logger.Debug("TUN UDP request", zap.String("addr", addr))
+}
+
+func (l *tunLogger) UDPError(addr string, err error) {
+	if err == nil {
+		logger.Debug("TUN UDP closed", zap.String("addr", addr))
+	} else {
+		logger.Error("TUN UDP error", zap.String("addr", addr), zap.Error(err))
+	}
+}
diff --git a/app/go.mod b/app/go.mod
index b2449d1d09..83be31e2a5 100644
--- a/app/go.mod
+++ b/app/go.mod
@@ -9,6 +9,8 @@ require (
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/mdp/qrterminal/v3 v3.1.1
 	github.com/mholt/acmez v1.0.4
+	github.com/sagernet/sing v0.3.2
+	github.com/sagernet/sing-tun v0.2.4
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.4
@@ -20,8 +22,10 @@ require (
 	github.com/apernet/quic-go v0.41.1-0.20240301003057-e18162de481d // indirect
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/google/btree v1.1.2 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -36,6 +40,9 @@ require (
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
+	github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e // indirect
+	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
+	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
@@ -43,15 +50,18 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect
+	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.3.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.11.1 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/app/go.sum b/app/go.sum
index cd4f24f6a2..a7ea0f608d 100644
--- a/app/go.sum
+++ b/app/go.sum
@@ -68,13 +68,15 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -106,6 +108,8 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
+github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -196,6 +200,16 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE=
+github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo=
+github.com/sagernet/sing v0.3.2/go.mod h1:qHySJ7u8po9DABtMYEkNBcOumx7ZZJf/fbv2sfTkNHE=
+github.com/sagernet/sing-tun v0.2.4 h1:+ko31GRYoSrucgssbdaTKBBI37s+eeqE2gsV5cGgDgk=
+github.com/sagernet/sing-tun v0.2.4/go.mod h1:GtKY1Sr2CCWLHPjVj9GZpBFZ/KoXOzVBSxXvmCCPxT4=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
 github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
 github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
@@ -229,6 +243,8 @@ github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRt
 github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf/go.mod h1:CLUSJbazqETbaR+i0YAhXBICV9TrKH93pziccMhmhpM=
 github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc3AHYbYs5I3PucJvRuw3SvbmlIRf+oM=
 github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM=
+github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
+github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -255,6 +271,8 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8
 go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -263,8 +281,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -340,8 +358,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -382,6 +400,7 @@ golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -405,10 +424,10 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@@ -425,6 +444,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
diff --git a/app/internal/tun/log.go b/app/internal/tun/log.go
new file mode 100644
index 0000000000..3afa7c40bc
--- /dev/null
+++ b/app/internal/tun/log.go
@@ -0,0 +1,62 @@
+package tun
+
+import (
+	"github.com/sagernet/sing/common/logger"
+	"go.uber.org/zap"
+)
+
+var _ logger.Logger = (*singLogger)(nil)
+
+type singLogger struct {
+	tag       string
+	zapLogger *zap.Logger
+}
+
+func (l *singLogger) Trace(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Debug(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Debug(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Debug(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Info(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Info(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Warn(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Warn(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Error(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Error(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Fatal(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Fatal(l.tag, zap.Any("args", args))
+}
+
+func (l *singLogger) Panic(args ...any) {
+	if l.zapLogger == nil {
+		return
+	}
+	l.zapLogger.Panic(l.tag, zap.Any("args", args))
+}
diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
new file mode 100644
index 0000000000..000fbb401d
--- /dev/null
+++ b/app/internal/tun/server.go
@@ -0,0 +1,211 @@
+package tun
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/netip"
+
+	"github.com/apernet/hysteria/core/client"
+	tun "github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/metadata"
+	"github.com/sagernet/sing/common/network"
+	"go.uber.org/zap"
+)
+
+type Server struct {
+	HyClient    client.Client
+	EventLogger EventLogger
+
+	// for debugging
+	Logger *zap.Logger
+
+	IfName     string
+	MTU        uint32
+	UDPTimeout int64 // in seconds
+
+	// required by system stack
+	Inet4Address []netip.Prefix
+	Inet6Address []netip.Prefix
+
+	tunIf    tun.Tun
+	tunStack tun.Stack
+}
+
+type EventLogger interface {
+	TCPRequest(addr, reqAddr string)
+	TCPError(addr, reqAddr string, err error)
+	UDPRequest(addr string)
+	UDPError(addr string, err error)
+}
+
+func (s *Server) Start() error {
+	tunOpts := tun.Options{
+		Name:         s.IfName,
+		Inet4Address: s.Inet4Address,
+		Inet6Address: s.Inet6Address,
+		MTU:          s.MTU,
+		GSO:          true,
+		Logger: &singLogger{
+			tag:       "tun",
+			zapLogger: s.Logger,
+		},
+	}
+	tunIf, err := tun.New(tunOpts)
+	if err != nil {
+		return fmt.Errorf("failed to create tun interface: %w", err)
+	}
+	s.tunIf = tunIf
+
+	tunStack, err := tun.NewStack("system", tun.StackOptions{
+		Context:    context.Background(),
+		Tun:        tunIf,
+		TunOptions: tunOpts,
+		UDPTimeout: s.UDPTimeout,
+		Handler:    &tunHandler{s},
+		Logger: &singLogger{
+			tag:       "tun-stack",
+			zapLogger: s.Logger,
+		},
+	})
+	if err != nil {
+		return fmt.Errorf("failed to create tun stack: %w", err)
+	}
+	s.tunStack = tunStack
+	err = tunStack.Start()
+	if err != nil {
+		return fmt.Errorf("failed to start tun stack: %w", err)
+	}
+	return nil
+}
+
+func (s *Server) Close() error {
+	var ifErr, stackErr error
+	if s.tunIf != nil {
+		ifErr = s.tunIf.Close()
+	}
+	if s.tunStack != nil {
+		stackErr = s.tunStack.Close()
+	}
+	return errors.Join(ifErr, stackErr)
+}
+
+type tunHandler struct {
+	*Server
+}
+
+var _ tun.Handler = (*tunHandler)(nil)
+
+func (t *tunHandler) NewConnection(ctx context.Context, conn net.Conn, m metadata.Metadata) error {
+	addr := m.Source.String()
+	reqAddr := m.Destination.String()
+	if t.EventLogger != nil {
+		t.EventLogger.TCPRequest(addr, reqAddr)
+	}
+	var closeErr error
+	defer func() {
+		if t.EventLogger != nil {
+			t.EventLogger.TCPError(addr, reqAddr, closeErr)
+		}
+	}()
+	rc, err := t.HyClient.TCP(reqAddr)
+	if err != nil {
+		closeErr = err
+		// the returned err is ignored by caller
+		return nil
+	}
+	defer rc.Close()
+
+	// start forwarding
+	copyErrChan := make(chan error, 3)
+	go func() {
+		<-ctx.Done()
+		copyErrChan <- ctx.Err()
+	}()
+	go func() {
+		_, copyErr := io.Copy(rc, conn)
+		copyErrChan <- copyErr
+	}()
+	go func() {
+		_, copyErr := io.Copy(conn, rc)
+		copyErrChan <- copyErr
+	}()
+	closeErr = <-copyErrChan
+	return nil
+}
+
+func (t *tunHandler) NewPacketConnection(ctx context.Context, conn network.PacketConn, m metadata.Metadata) error {
+	addr := m.Source.String()
+	if t.EventLogger != nil {
+		t.EventLogger.UDPRequest(addr)
+	}
+	var closeErr error
+	defer func() {
+		if t.EventLogger != nil {
+			t.EventLogger.UDPError(addr, closeErr)
+		}
+	}()
+	rc, err := t.HyClient.UDP()
+	if err != nil {
+		closeErr = err
+		// the returned err is simply called into NewError again
+		return nil
+	}
+	defer rc.Close()
+
+	// start forwarding
+	copyErrChan := make(chan error, 3)
+	go func() {
+		<-ctx.Done()
+		copyErrChan <- ctx.Err()
+	}()
+	// local <- remote
+	go func() {
+		for {
+			bs, from, err := rc.Receive()
+			if err != nil {
+				copyErrChan <- err
+				return
+			}
+			var fromAddr metadata.Socksaddr
+			if ap, perr := netip.ParseAddrPort(from); perr == nil {
+				fromAddr = metadata.SocksaddrFromNetIP(ap)
+			} else {
+				fromAddr.Fqdn = from
+			}
+			err = conn.WritePacket(buf.As(bs), fromAddr)
+			if err != nil {
+				copyErrChan <- err
+				return
+			}
+		}
+	}()
+	// local -> remote
+	go func() {
+		buffer := buf.NewPacket()
+		defer buffer.Release()
+
+		for {
+			buffer.Reset()
+			addr, err := conn.ReadPacket(buffer)
+			if err != nil {
+				copyErrChan <- err
+				return
+			}
+			err = rc.Send(buffer.Bytes(), addr.String())
+			if err != nil {
+				copyErrChan <- err
+				return
+			}
+		}
+	}()
+	closeErr = <-copyErrChan
+	return nil
+}
+
+func (t *tunHandler) NewError(ctx context.Context, err error) {
+	// unused
+}
diff --git a/go.work.sum b/go.work.sum
index ed76dd6ece..897e7c0acf 100644
--- a/go.work.sum
+++ b/go.work.sum
@@ -237,8 +237,6 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI=
@@ -264,14 +262,11 @@ golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
@@ -281,9 +276,8 @@ golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
 golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 4aec8166b362e93371246df4fb584f71308ded94 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 15:15:54 +0800
Subject: [PATCH 02/12] chore: switch to apernet sing-tun fork

---
 app/cmd/client.go          |  7 +------
 app/go.mod                 |  5 +----
 app/go.sum                 | 12 ++++--------
 app/internal/tun/log.go    | 18 ++++++++++++++++++
 app/internal/tun/server.go | 31 ++++++-------------------------
 go.work.sum                |  9 +++++++++
 6 files changed, 39 insertions(+), 43 deletions(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index ba92fc7c2d..5c6868d509 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -707,13 +707,8 @@ func clientTUN(config tunConfig, c client.Client) error {
 		Inet4Address: []netip.Prefix{prefix4},
 		Inet6Address: []netip.Prefix{prefix6},
 	}
-	err = server.Start()
-	if err != nil {
-		return err
-	}
 	logger.Info("TUN listening", zap.String("interface", config.Name))
-	// Block forever as sing-tun routine is running in the background
-	select {}
+	return server.Serve()
 }
 
 // parseServerAddrString parses server address string.
diff --git a/app/go.mod b/app/go.mod
index 83be31e2a5..d9f598ee17 100644
--- a/app/go.mod
+++ b/app/go.mod
@@ -6,11 +6,11 @@ require (
 	github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f
 	github.com/apernet/hysteria/core v0.0.0-00010101000000-000000000000
 	github.com/apernet/hysteria/extras v0.0.0-00010101000000-000000000000
+	github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/mdp/qrterminal/v3 v3.1.1
 	github.com/mholt/acmez v1.0.4
 	github.com/sagernet/sing v0.3.2
-	github.com/sagernet/sing-tun v0.2.4
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.4
@@ -25,7 +25,6 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/google/btree v1.1.2 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -40,7 +39,6 @@ require (
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e // indirect
 	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
 	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
@@ -61,7 +59,6 @@ require (
 	golang.org/x/net v0.21.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.11.1 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/app/go.sum b/app/go.sum
index a7ea0f608d..fe0b7346de 100644
--- a/app/go.sum
+++ b/app/go.sum
@@ -42,6 +42,10 @@ github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f h1:uVh0qpEslrWjg
 github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f/go.mod h1:xkkq9D4ygcldQQhKS/w9CadiCKwCngU7K9E3DaKahpM=
 github.com/apernet/quic-go v0.41.1-0.20240301003057-e18162de481d h1:K1DMSNtPcaZ/lihYmOHnjThNfUX7cD6SNuVRFnVLVmI=
 github.com/apernet/quic-go v0.41.1-0.20240301003057-e18162de481d/go.mod h1:4GInxO6ypy63J2NaO5rQx1wRp6K8YHI6zqLG+VswU6I=
+github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e h1:yFDb2wKpWQmzi/c7FEFMgpJfOW36wldmOxAAkJkxOtA=
+github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
+github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd h1:2EOhAnrNARO2xt7doxlV8+6c6W0hi48hFHiqhlYqtDM=
+github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -108,8 +112,6 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -200,14 +202,10 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e h1:DOkjByVeAR56dkszjnMZke4wr7yM/1xHaJF3G9olkEE=
-github.com/sagernet/gvisor v0.0.0-20231209105102-8d27a30e436e/go.mod h1:fLxq/gtp0qzkaEwywlRRiGmjOK5ES/xUzyIKIFP2Asw=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
 github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
 github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo=
 github.com/sagernet/sing v0.3.2/go.mod h1:qHySJ7u8po9DABtMYEkNBcOumx7ZZJf/fbv2sfTkNHE=
-github.com/sagernet/sing-tun v0.2.4 h1:+ko31GRYoSrucgssbdaTKBBI37s+eeqE2gsV5cGgDgk=
-github.com/sagernet/sing-tun v0.2.4/go.mod h1:GtKY1Sr2CCWLHPjVj9GZpBFZ/KoXOzVBSxXvmCCPxT4=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
 github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
 github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
@@ -444,8 +442,6 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
diff --git a/app/internal/tun/log.go b/app/internal/tun/log.go
index 3afa7c40bc..b475f8fbbf 100644
--- a/app/internal/tun/log.go
+++ b/app/internal/tun/log.go
@@ -1,6 +1,8 @@
 package tun
 
 import (
+	"runtime/debug"
+
 	"github.com/sagernet/sing/common/logger"
 	"go.uber.org/zap"
 )
@@ -12,10 +14,19 @@ type singLogger struct {
 	zapLogger *zap.Logger
 }
 
+func extractSingExceptions(args []any) {
+	for i, arg := range args {
+		if err, ok := arg.(error); ok {
+			args[i] = err.Error()
+		}
+	}
+}
+
 func (l *singLogger) Trace(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Debug(l.tag, zap.Any("args", args))
 }
 
@@ -23,6 +34,7 @@ func (l *singLogger) Debug(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Debug(l.tag, zap.Any("args", args))
 }
 
@@ -30,6 +42,7 @@ func (l *singLogger) Info(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Info(l.tag, zap.Any("args", args))
 }
 
@@ -37,6 +50,7 @@ func (l *singLogger) Warn(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Warn(l.tag, zap.Any("args", args))
 }
 
@@ -44,13 +58,16 @@ func (l *singLogger) Error(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Error(l.tag, zap.Any("args", args))
+	debug.PrintStack()
 }
 
 func (l *singLogger) Fatal(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Fatal(l.tag, zap.Any("args", args))
 }
 
@@ -58,5 +75,6 @@ func (l *singLogger) Panic(args ...any) {
 	if l.zapLogger == nil {
 		return
 	}
+	extractSingExceptions(args)
 	l.zapLogger.Panic(l.tag, zap.Any("args", args))
 }
diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
index 000fbb401d..452a42fa41 100644
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@@ -2,14 +2,13 @@ package tun
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"net"
 	"net/netip"
 
 	"github.com/apernet/hysteria/core/client"
-	tun "github.com/sagernet/sing-tun"
+	tun "github.com/apernet/sing-tun"
 	"github.com/sagernet/sing/common/buf"
 	"github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/network"
@@ -30,9 +29,6 @@ type Server struct {
 	// required by system stack
 	Inet4Address []netip.Prefix
 	Inet6Address []netip.Prefix
-
-	tunIf    tun.Tun
-	tunStack tun.Stack
 }
 
 type EventLogger interface {
@@ -42,7 +38,7 @@ type EventLogger interface {
 	UDPError(addr string, err error)
 }
 
-func (s *Server) Start() error {
+func (s *Server) Serve() error {
 	tunOpts := tun.Options{
 		Name:         s.IfName,
 		Inet4Address: s.Inet4Address,
@@ -58,9 +54,9 @@ func (s *Server) Start() error {
 	if err != nil {
 		return fmt.Errorf("failed to create tun interface: %w", err)
 	}
-	s.tunIf = tunIf
+	defer tunIf.Close()
 
-	tunStack, err := tun.NewStack("system", tun.StackOptions{
+	tunStack, err := tun.NewSystem(tun.StackOptions{
 		Context:    context.Background(),
 		Tun:        tunIf,
 		TunOptions: tunOpts,
@@ -74,23 +70,8 @@ func (s *Server) Start() error {
 	if err != nil {
 		return fmt.Errorf("failed to create tun stack: %w", err)
 	}
-	s.tunStack = tunStack
-	err = tunStack.Start()
-	if err != nil {
-		return fmt.Errorf("failed to start tun stack: %w", err)
-	}
-	return nil
-}
-
-func (s *Server) Close() error {
-	var ifErr, stackErr error
-	if s.tunIf != nil {
-		ifErr = s.tunIf.Close()
-	}
-	if s.tunStack != nil {
-		stackErr = s.tunStack.Close()
-	}
-	return errors.Join(ifErr, stackErr)
+	defer tunStack.Close()
+	return tunStack.(tun.StackRunner).Run()
 }
 
 type tunHandler struct {
diff --git a/go.work.sum b/go.work.sum
index 897e7c0acf..62f146ce78 100644
--- a/go.work.sum
+++ b/go.work.sum
@@ -26,6 +26,8 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999 h1:OR8VhtwhcAI3U48/rzBsVOuHi0zDPzYI1xASVcdSgR8=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802 h1:1BDTz0u9nC3//pOCMdNH+CiXJVYJh5UQNCOBG7jbELc=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
@@ -53,6 +55,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHH
 github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415 h1:q1oJaUPdmpDm/VyXosjgPgr6wS7c5iV2p0PwJD73bUI=
+github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad h1:EmNYJhPYy0pOFjCx2PrgtaBXmee0iUX9hLlxE1xHOJE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
@@ -237,6 +241,8 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
+golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE=
+golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI=
@@ -276,6 +282,7 @@ golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
 golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -318,6 +325,8 @@ grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 h1:tmXTu+dfa+d9Evp8NpJdgOy6+rt8/
 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8=
+honnef.co/go/tools v0.4.5 h1:YGD4H+SuIOOqsyoLOpZDWcieM28W47/zRO7f+9V3nvo=
+honnef.co/go/tools v0.4.5/go.mod h1:GUV+uIBCLpdf0/v6UhHHG/yzI/z6qPskBeQCjcNB96k=
 rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
 rsc.io/quote/v3 v3.1.0 h1:9JKUTTIUgS6kzR9mK1YuGKv6Nl+DijDNIc0ghT58FaY=
 rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4=

From 0cde4f405fe517c132f130fcc72f839f94af08c3 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 15:48:57 +0800
Subject: [PATCH 03/12] feat(tun): use time.Duration for timeout config

matches timeout config of other inbounds
---
 app/cmd/client.go          | 17 +++++++++--------
 app/internal/tun/server.go |  8 ++++----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index 5c6868d509..dca5ab0f42 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -150,11 +150,11 @@ type tcpRedirectConfig struct {
 }
 
 type tunConfig struct {
-	Name       string `mapstructure:"name"`
-	MTU        uint32 `mapstructure:"mtu"`
-	UDPTimeout int64  `mapstructure:"udpTimeout"`
-	Prefix4    string `mapstructure:"prefix4"`
-	Prefix6    string `mapstructure:"prefix6"`
+	Name    string        `mapstructure:"name"`
+	MTU     uint32        `mapstructure:"mtu"`
+	Timeout time.Duration `mapstructure:"timeout"`
+	Prefix4 string        `mapstructure:"prefix4"`
+	Prefix6 string        `mapstructure:"prefix6"`
 }
 
 func (c *clientConfig) fillServerAddr(hyConfig *client.Config) error {
@@ -680,8 +680,9 @@ func clientTUN(config tunConfig, c client.Client) error {
 	if config.MTU == 0 {
 		config.MTU = 1500
 	}
-	if config.UDPTimeout == 0 {
-		config.UDPTimeout = 300
+	timeout := int64(config.Timeout.Seconds())
+	if timeout == 0 {
+		timeout = 300
 	}
 	if config.Prefix4 == "" {
 		config.Prefix4 = "100.100.100.101/30"
@@ -703,7 +704,7 @@ func clientTUN(config tunConfig, c client.Client) error {
 		Logger:       logger,
 		IfName:       config.Name,
 		MTU:          config.MTU,
-		UDPTimeout:   config.UDPTimeout,
+		Timeout:      timeout,
 		Inet4Address: []netip.Prefix{prefix4},
 		Inet6Address: []netip.Prefix{prefix6},
 	}
diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
index 452a42fa41..f1816e1b7a 100644
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@@ -22,9 +22,9 @@ type Server struct {
 	// for debugging
 	Logger *zap.Logger
 
-	IfName     string
-	MTU        uint32
-	UDPTimeout int64 // in seconds
+	IfName  string
+	MTU     uint32
+	Timeout int64 // in seconds, also applied to TCP in system stack
 
 	// required by system stack
 	Inet4Address []netip.Prefix
@@ -60,7 +60,7 @@ func (s *Server) Serve() error {
 		Context:    context.Background(),
 		Tun:        tunIf,
 		TunOptions: tunOpts,
-		UDPTimeout: s.UDPTimeout,
+		UDPTimeout: s.Timeout,
 		Handler:    &tunHandler{s},
 		Logger: &singLogger{
 			tag:       "tun-stack",

From 38d9248acd54f65f7fb11c7e2f910537beb62af3 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 16:56:26 +0800
Subject: [PATCH 04/12] rm(tun): debug.PrintStack() in logger

---
 app/internal/tun/log.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/app/internal/tun/log.go b/app/internal/tun/log.go
index b475f8fbbf..b30309d28d 100644
--- a/app/internal/tun/log.go
+++ b/app/internal/tun/log.go
@@ -1,8 +1,6 @@
 package tun
 
 import (
-	"runtime/debug"
-
 	"github.com/sagernet/sing/common/logger"
 	"go.uber.org/zap"
 )
@@ -60,7 +58,6 @@ func (l *singLogger) Error(args ...any) {
 	}
 	extractSingExceptions(args)
 	l.zapLogger.Error(l.tag, zap.Any("args", args))
-	debug.PrintStack()
 }
 
 func (l *singLogger) Fatal(args ...any) {

From 92ed8f5e6a66d7a83fb10f627f79ca10e2414266 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 19:38:43 +0800
Subject: [PATCH 05/12] chore(tun): enable ForwarderBindInterface

---
 app/internal/tun/server.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
index f1816e1b7a..5953647bc5 100644
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@@ -7,6 +7,8 @@ import (
 	"net"
 	"net/netip"
 
+	"github.com/sagernet/sing/common/control"
+
 	"github.com/apernet/hysteria/core/client"
 	tun "github.com/apernet/sing-tun"
 	"github.com/sagernet/sing/common/buf"
@@ -66,6 +68,8 @@ func (s *Server) Serve() error {
 			tag:       "tun-stack",
 			zapLogger: s.Logger,
 		},
+		ForwarderBindInterface: true,
+		InterfaceFinder:        &interfaceFinder{},
 	})
 	if err != nil {
 		return fmt.Errorf("failed to create tun stack: %w", err)
@@ -190,3 +194,23 @@ func (t *tunHandler) NewPacketConnection(ctx context.Context, conn network.Packe
 func (t *tunHandler) NewError(ctx context.Context, err error) {
 	// unused
 }
+
+type interfaceFinder struct{}
+
+var _ control.InterfaceFinder = (*interfaceFinder)(nil)
+
+func (f *interfaceFinder) InterfaceIndexByName(name string) (int, error) {
+	ifce, err := net.InterfaceByName(name)
+	if err != nil {
+		return -1, err
+	}
+	return ifce.Index, nil
+}
+
+func (f *interfaceFinder) InterfaceNameByIndex(index int) (string, error) {
+	ifce, err := net.InterfaceByIndex(index)
+	if err != nil {
+		return "", err
+	}
+	return ifce.Name, nil
+}

From 91406ab0f9c4c004dc9cc3ecaefc8defbba6db46 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Tue, 19 Mar 2024 20:34:42 +0800
Subject: [PATCH 06/12] chore(tun): use /126 length in default prefix6

---
 app/cmd/client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index dca5ab0f42..755032e85a 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -692,7 +692,7 @@ func clientTUN(config tunConfig, c client.Client) error {
 		return configError{Field: "prefix4", Err: err}
 	}
 	if config.Prefix6 == "" {
-		config.Prefix6 = "2001::ffff:ffff:ffff:fff0/127"
+		config.Prefix6 = "2001::ffff:ffff:ffff:fff1/126"
 	}
 	prefix6, err := netip.ParsePrefix(config.Prefix6)
 	if err != nil {

From 2e93c12cdc384d9195a1dd5050e676f912b40555 Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Wed, 20 Mar 2024 13:45:12 +0800
Subject: [PATCH 07/12] feat(tun): export sing-tun auto route config

---
 app/cmd/client.go          | 63 ++++++++++++++++++++++++++++++++------
 app/go.mod                 |  2 +-
 app/go.sum                 |  2 ++
 app/internal/tun/server.go | 24 ++++++++++++---
 4 files changed, 75 insertions(+), 16 deletions(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index 755032e85a..42c5a3aedc 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"net"
 	"net/netip"
 	"os"
@@ -153,8 +154,17 @@ type tunConfig struct {
 	Name    string        `mapstructure:"name"`
 	MTU     uint32        `mapstructure:"mtu"`
 	Timeout time.Duration `mapstructure:"timeout"`
-	Prefix4 string        `mapstructure:"prefix4"`
-	Prefix6 string        `mapstructure:"prefix6"`
+	Address struct {
+		IPv4 string `mapstructure:"ipv4"`
+		IPv6 string `mapstructure:"ipv6"`
+	} `mapstructure:"address"`
+	Route *struct {
+		Strict      bool     `mapstructure:"strict"`
+		IPv4        []string `mapstructure:"ipv4"`
+		IPv6        []string `mapstructure:"ipv6"`
+		IPv4Exclude []string `mapstructure:"ipv4Exclude"`
+		IPv6Exclude []string `mapstructure:"ipv6Exclude"`
+	} `mapstructure:"route"`
 }
 
 func (c *clientConfig) fillServerAddr(hyConfig *client.Config) error {
@@ -684,19 +694,19 @@ func clientTUN(config tunConfig, c client.Client) error {
 	if timeout == 0 {
 		timeout = 300
 	}
-	if config.Prefix4 == "" {
-		config.Prefix4 = "100.100.100.101/30"
+	if config.Address.IPv4 == "" {
+		config.Address.IPv4 = "100.100.100.101/30"
 	}
-	prefix4, err := netip.ParsePrefix(config.Prefix4)
+	prefix4, err := netip.ParsePrefix(config.Address.IPv4)
 	if err != nil {
-		return configError{Field: "prefix4", Err: err}
+		return configError{Field: "address.ipv4", Err: err}
 	}
-	if config.Prefix6 == "" {
-		config.Prefix6 = "2001::ffff:ffff:ffff:fff1/126"
+	if config.Address.IPv6 == "" {
+		config.Address.IPv6 = "2001::ffff:ffff:ffff:fff1/126"
 	}
-	prefix6, err := netip.ParsePrefix(config.Prefix6)
+	prefix6, err := netip.ParsePrefix(config.Address.IPv6)
 	if err != nil {
-		return configError{Field: "prefix6", Err: err}
+		return configError{Field: "address.ipv6", Err: err}
 	}
 	server := &tun.Server{
 		HyClient:     c,
@@ -708,6 +718,39 @@ func clientTUN(config tunConfig, c client.Client) error {
 		Inet4Address: []netip.Prefix{prefix4},
 		Inet6Address: []netip.Prefix{prefix6},
 	}
+	if config.Route != nil {
+		server.AutoRoute = true
+		server.StructRoute = config.Route.Strict
+
+		parsePrefixes := func(field string, s []string) ([]netip.Prefix, error) {
+			var prefixes []netip.Prefix
+			for i, s := range s {
+				p, err := netip.ParsePrefix(s)
+				if err != nil {
+					return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+				}
+				prefixes = append(prefixes, p)
+			}
+			return prefixes, nil
+		}
+
+		server.Inet4RouteAddress, err = parsePrefixes("route.ipv4", config.Route.IPv4)
+		if err != nil {
+			return err
+		}
+		server.Inet6RouteAddress, err = parsePrefixes("route.ipv6", config.Route.IPv6)
+		if err != nil {
+			return err
+		}
+		server.Inet4RouteExcludeAddress, err = parsePrefixes("route.ipv4Exclude", config.Route.IPv4Exclude)
+		if err != nil {
+			return err
+		}
+		server.Inet6RouteExcludeAddress, err = parsePrefixes("route.ipv6Exclude", config.Route.IPv6Exclude)
+		if err != nil {
+			return err
+		}
+	}
 	logger.Info("TUN listening", zap.String("interface", config.Name))
 	return server.Serve()
 }
diff --git a/app/go.mod b/app/go.mod
index d9f598ee17..8beb77be7c 100644
--- a/app/go.mod
+++ b/app/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f
 	github.com/apernet/hysteria/core v0.0.0-00010101000000-000000000000
 	github.com/apernet/hysteria/extras v0.0.0-00010101000000-000000000000
-	github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd
+	github.com/apernet/sing-tun v0.2.5-0.20240320024814-b1e6f9d4930f
 	github.com/caddyserver/certmagic v0.17.2
 	github.com/mdp/qrterminal/v3 v3.1.1
 	github.com/mholt/acmez v1.0.4
diff --git a/app/go.sum b/app/go.sum
index fe0b7346de..9f92233c01 100644
--- a/app/go.sum
+++ b/app/go.sum
@@ -46,6 +46,8 @@ github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e h1:yFDb2wKpWQmz
 github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd h1:2EOhAnrNARO2xt7doxlV8+6c6W0hi48hFHiqhlYqtDM=
 github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
+github.com/apernet/sing-tun v0.2.5-0.20240320024814-b1e6f9d4930f h1:IK/7rFSnRRLXCjcuWreyPzfPEfZd2Xz9v2+RsFoodbs=
+github.com/apernet/sing-tun v0.2.5-0.20240320024814-b1e6f9d4930f/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
index 5953647bc5..03ddc56038 100644
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@@ -31,6 +31,14 @@ type Server struct {
 	// required by system stack
 	Inet4Address []netip.Prefix
 	Inet6Address []netip.Prefix
+
+	// auto route
+	AutoRoute                bool
+	StructRoute              bool
+	Inet4RouteAddress        []netip.Prefix
+	Inet6RouteAddress        []netip.Prefix
+	Inet4RouteExcludeAddress []netip.Prefix
+	Inet6RouteExcludeAddress []netip.Prefix
 }
 
 type EventLogger interface {
@@ -42,11 +50,17 @@ type EventLogger interface {
 
 func (s *Server) Serve() error {
 	tunOpts := tun.Options{
-		Name:         s.IfName,
-		Inet4Address: s.Inet4Address,
-		Inet6Address: s.Inet6Address,
-		MTU:          s.MTU,
-		GSO:          true,
+		Name:                     s.IfName,
+		Inet4Address:             s.Inet4Address,
+		Inet6Address:             s.Inet6Address,
+		MTU:                      s.MTU,
+		GSO:                      true,
+		AutoRoute:                s.AutoRoute,
+		StrictRoute:              s.StructRoute,
+		Inet4RouteAddress:        s.Inet4RouteAddress,
+		Inet6RouteAddress:        s.Inet6RouteAddress,
+		Inet4RouteExcludeAddress: s.Inet4RouteExcludeAddress,
+		Inet6RouteExcludeAddress: s.Inet6RouteExcludeAddress,
 		Logger: &singLogger{
 			tag:       "tun",
 			zapLogger: s.Logger,

From b287020daa691adad2b2e4915b87c04aef3f6d7d Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Wed, 20 Mar 2024 22:09:03 +0800
Subject: [PATCH 08/12] chore(tun): show error on unsupported platform

---
 app/cmd/client.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index 42c5a3aedc..79afd59d81 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -9,6 +9,8 @@ import (
 	"net"
 	"net/netip"
 	"os"
+	"runtime"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -684,6 +686,10 @@ func clientTCPRedirect(config tcpRedirectConfig, c client.Client) error {
 }
 
 func clientTUN(config tunConfig, c client.Client) error {
+	supportedPlatforms := []string{"linux", "darwin", "windows", "android"}
+	if !slices.Contains(supportedPlatforms, runtime.GOOS) {
+		logger.Error("TUN is not supported on this platform", zap.String("platform", runtime.GOOS))
+	}
 	if config.Name == "" {
 		return configError{Field: "name", Err: errors.New("name is empty")}
 	}

From 87bbf17bc5e7a6a4b54270bb02ce25b48514ea12 Mon Sep 17 00:00:00 2001
From: Toby <tobyxdd@gmail.com>
Date: Fri, 22 Mar 2024 13:32:24 -0700
Subject: [PATCH 09/12] chore: go mod tidy

---
 app/go.sum    |  4 ----
 core/go.mod   |  6 +++---
 core/go.sum   | 12 ++++++------
 extras/go.mod |  6 +++---
 extras/go.sum | 12 ++++++------
 5 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/app/go.sum b/app/go.sum
index 9f92233c01..56696ccaf0 100644
--- a/app/go.sum
+++ b/app/go.sum
@@ -42,10 +42,6 @@ github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f h1:uVh0qpEslrWjg
 github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f/go.mod h1:xkkq9D4ygcldQQhKS/w9CadiCKwCngU7K9E3DaKahpM=
 github.com/apernet/quic-go v0.41.1-0.20240301003057-e18162de481d h1:K1DMSNtPcaZ/lihYmOHnjThNfUX7cD6SNuVRFnVLVmI=
 github.com/apernet/quic-go v0.41.1-0.20240301003057-e18162de481d/go.mod h1:4GInxO6ypy63J2NaO5rQx1wRp6K8YHI6zqLG+VswU6I=
-github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e h1:yFDb2wKpWQmzi/c7FEFMgpJfOW36wldmOxAAkJkxOtA=
-github.com/apernet/sing-tun v0.2.5-0.20240319051541-59e6f4bd5d1e/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
-github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd h1:2EOhAnrNARO2xt7doxlV8+6c6W0hi48hFHiqhlYqtDM=
-github.com/apernet/sing-tun v0.2.5-0.20240319071017-94362fc6c4cd/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/apernet/sing-tun v0.2.5-0.20240320024814-b1e6f9d4930f h1:IK/7rFSnRRLXCjcuWreyPzfPEfZd2Xz9v2+RsFoodbs=
 github.com/apernet/sing-tun v0.2.5-0.20240320024814-b1e6f9d4930f/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
diff --git a/core/go.mod b/core/go.mod
index d9d3fd995f..76bc92775e 100644
--- a/core/go.mod
+++ b/core/go.mod
@@ -21,10 +21,10 @@ require (
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	go.uber.org/mock v0.3.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.11.1 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
diff --git a/core/go.sum b/core/go.sum
index b51f59b4e7..7b21427b8c 100644
--- a/core/go.sum
+++ b/core/go.sum
@@ -45,17 +45,17 @@ go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
 go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
 golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
diff --git a/extras/go.mod b/extras/go.mod
index dbaccf58bb..3bb0dcde0c 100644
--- a/extras/go.mod
+++ b/extras/go.mod
@@ -9,8 +9,8 @@ require (
 	github.com/miekg/dns v1.1.55
 	github.com/stretchr/testify v1.8.4
 	github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301
-	golang.org/x/crypto v0.17.0
-	golang.org/x/net v0.17.0
+	golang.org/x/crypto v0.19.0
+	golang.org/x/net v0.21.0
 	google.golang.org/protobuf v1.33.0
 )
 
@@ -28,7 +28,7 @@ require (
 	go.uber.org/mock v0.3.0 // indirect
 	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.11.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/extras/go.sum b/extras/go.sum
index 61762b3eda..c635709cd5 100644
--- a/extras/go.sum
+++ b/extras/go.sum
@@ -58,8 +58,8 @@ go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
 go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
 golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -70,8 +70,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -84,8 +84,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

From dc8fe45a1a450a8bf35c273f1503d5af6c648497 Mon Sep 17 00:00:00 2001
From: Toby <tobyxdd@gmail.com>
Date: Fri, 22 Mar 2024 15:50:58 -0700
Subject: [PATCH 10/12] chore: adjust imports

---
 app/cmd/client.go          | 3 +--
 app/internal/tun/server.go | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index 79afd59d81..ce7b2baad1 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -15,8 +15,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/apernet/hysteria/app/internal/tun"
-
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
@@ -26,6 +24,7 @@ import (
 	"github.com/apernet/hysteria/app/internal/redirect"
 	"github.com/apernet/hysteria/app/internal/socks5"
 	"github.com/apernet/hysteria/app/internal/tproxy"
+	"github.com/apernet/hysteria/app/internal/tun"
 	"github.com/apernet/hysteria/app/internal/url"
 	"github.com/apernet/hysteria/app/internal/utils"
 	"github.com/apernet/hysteria/core/client"
diff --git a/app/internal/tun/server.go b/app/internal/tun/server.go
index 03ddc56038..4ae53938eb 100644
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@@ -7,14 +7,14 @@ import (
 	"net"
 	"net/netip"
 
-	"github.com/sagernet/sing/common/control"
-
-	"github.com/apernet/hysteria/core/client"
 	tun "github.com/apernet/sing-tun"
 	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/control"
 	"github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/network"
 	"go.uber.org/zap"
+
+	"github.com/apernet/hysteria/core/client"
 )
 
 type Server struct {

From aab104ae2e282ae1ee20fff2367596d731dd8eda Mon Sep 17 00:00:00 2001
From: Toby <tobyxdd@gmail.com>
Date: Fri, 22 Mar 2024 16:20:03 -0700
Subject: [PATCH 11/12] feat: update config test

---
 app/cmd/client_test.go   | 22 ++++++++++++++++++++++
 app/cmd/client_test.yaml | 14 ++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/app/cmd/client_test.go b/app/cmd/client_test.go
index faee251db9..c586949e9e 100644
--- a/app/cmd/client_test.go
+++ b/app/cmd/client_test.go
@@ -88,6 +88,28 @@ func TestClientConfig(t *testing.T) {
 		TCPRedirect: &tcpRedirectConfig{
 			Listen: "127.0.0.1:3500",
 		},
+		TUN: &tunConfig{
+			Name:    "hytun",
+			MTU:     1500,
+			Timeout: 60 * time.Second,
+			Address: struct {
+				IPv4 string `mapstructure:"ipv4"`
+				IPv6 string `mapstructure:"ipv6"`
+			}{IPv4: "100.100.100.101/30", IPv6: "2001::ffff:ffff:ffff:fff1/126"},
+			Route: &struct {
+				Strict      bool     `mapstructure:"strict"`
+				IPv4        []string `mapstructure:"ipv4"`
+				IPv6        []string `mapstructure:"ipv6"`
+				IPv4Exclude []string `mapstructure:"ipv4Exclude"`
+				IPv6Exclude []string `mapstructure:"ipv6Exclude"`
+			}{
+				Strict:      true,
+				IPv4:        []string{"0.0.0.0/0"},
+				IPv6:        []string{"2000::/3"},
+				IPv4Exclude: []string{"192.0.2.1/32"},
+				IPv6Exclude: []string{"2001:db8::1/128"},
+			},
+		},
 	})
 }
 
diff --git a/app/cmd/client_test.yaml b/app/cmd/client_test.yaml
index 3e2f4aaa4d..4f919df0b9 100644
--- a/app/cmd/client_test.yaml
+++ b/app/cmd/client_test.yaml
@@ -65,3 +65,17 @@ udpTProxy:
 
 tcpRedirect:
   listen: 127.0.0.1:3500
+
+tun:
+  name: "hytun"
+  mtu: 1500
+  timeout: 1m
+  address:
+    ipv4: 100.100.100.101/30
+    ipv6: 2001::ffff:ffff:ffff:fff1/126
+  route:
+    strict: true
+    ipv4: [0.0.0.0/0]
+    ipv6: ["2000::/3"]
+    ipv4Exclude: [192.0.2.1/32]
+    ipv6Exclude: ["2001:db8::1/128"]

From 6374ea11c4e706d585a369c9f069e41e0e0b792e Mon Sep 17 00:00:00 2001
From: Haruue <i@haruue.moe>
Date: Sat, 23 Mar 2024 11:13:43 +0800
Subject: [PATCH 12/12] feat(tun): allow omit pfxlen in full len pfx route

---
 app/cmd/client.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/cmd/client.go b/app/cmd/client.go
index ce7b2baad1..e3cf756734 100644
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@@ -727,12 +727,22 @@ func clientTUN(config tunConfig, c client.Client) error {
 		server.AutoRoute = true
 		server.StructRoute = config.Route.Strict
 
-		parsePrefixes := func(field string, s []string) ([]netip.Prefix, error) {
+		parsePrefixes := func(field string, ss []string) ([]netip.Prefix, error) {
 			var prefixes []netip.Prefix
-			for i, s := range s {
-				p, err := netip.ParsePrefix(s)
-				if err != nil {
-					return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+			for i, s := range ss {
+				var p netip.Prefix
+				if strings.Contains(s, "/") {
+					var err error
+					p, err = netip.ParsePrefix(s)
+					if err != nil {
+						return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+					}
+				} else {
+					pa, err := netip.ParseAddr(s)
+					if err != nil {
+						return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+					}
+					p = netip.PrefixFrom(pa, pa.BitLen())
 				}
 				prefixes = append(prefixes, p)
 			}