add ipv6 support for tun

Author: wwqgtxx

core/src/main/golang/native/tun/tun.go

@@ -1,8 +1,11 @@
 package tun
 
 import (
+	"encoding/json"
 	"io"
+	"net"
 	"net/netip"
+	"strings"
 
 	C "github.com/metacubex/mihomo/constant"
 	LC "github.com/metacubex/mihomo/listener/config"
@@ -14,16 +17,49 @@ import (
 func Start(fd int, gateway, portal, dns string) (io.Closer, error) {
 	log.Debugln("TUN: fd = %d, gateway = %s, portal = %s, dns = %s", fd, gateway, portal, dns)
 
+	var prefix4 []netip.Prefix
+	var prefix6 []netip.Prefix
+	for _, gatewayStr := range strings.Split(gateway, ",") { // "172.19.0.1/30" or "172.19.0.1/30,fdfe:dcba:9876::1/126"
+		gatewayStr = strings.TrimSpace(gatewayStr)
+		if len(gatewayStr) == 0 {
+			continue
+		}
+		prefix, err := netip.ParsePrefix(gatewayStr)
+		if err != nil {
+			log.Errorln("TUN:", err)
+			return nil, err
+		}
+
+		if prefix.Addr().Is4() {
+			prefix4 = append(prefix4, prefix)
+		} else {
+			prefix6 = append(prefix6, prefix)
+		}
+	}
+
+	var dnsHijack []string
+	for _, dnsStr := range strings.Split(dns, ",") { // "172.19.0.2" or "0.0.0.0"
+		dnsStr = strings.TrimSpace(dnsStr)
+		if len(dnsStr) == 0 {
+			continue
+		}
+		dnsHijack = append(dnsHijack, net.JoinHostPort(dnsStr, "53"))
+	}
+
 	options := LC.Tun{
 		Enable:         true,
 		Device:         sing_tun.InterfaceName,
 		Stack:          C.TunSystem,
-		DNSHijack:      []string{dns + ":53"},                          // "172.19.0.2" or "0.0.0.0"
-		Inet4Address:   []netip.Prefix{netip.MustParsePrefix(gateway)}, // "172.19.0.1/30"
-		MTU:            9000,                                           // private const val TUN_MTU = 9000 in TunService.kt
+		DNSHijack:      dnsHijack,
+		Inet4Address:   prefix4,
+		Inet6Address:   prefix6,
+		MTU:            9000, // private const val TUN_MTU = 9000 in TunService.kt
 		FileDescriptor: fd,
 	}
 
+	tunOptions, _ := json.Marshal(options)
+	log.Debugln(string(tunOptions))
+
 	listener, err := sing_tun.New(options, tunnel.Tunnel)
 	if err != nil {
 		log.Errorln("TUN:", err)

design/src/main/java/com/github/kr328/clash/design/NetworkSettingsDesign.kt

@@ -77,6 +77,13 @@ class NetworkSettingsDesign(
                 configure = vpnDependencies::add,
             )
 
+            switch(
+                value = srvStore::allowIpv6,
+                title = R.string.allow_ipv6,
+                summary = R.string.allow_ipv6_summary,
+                configure = vpnDependencies::add,
+            )
+
             if (Build.VERSION.SDK_INT >= 29) {
                 switch(
                     value = srvStore::systemProxy,

design/src/main/res/values-zh/strings.xml

@@ -217,6 +217,8 @@
     <string name="geoip_fallback_code">GeoIP Fallback 区域代码</string>
     <string name="allow_bypass">允许应用绕过</string>
     <string name="allow_bypass_summary">允许其他应用绕过 VPN</string>
+    <string name="allow_ipv6">允许Ipv6</string>
+    <string name="allow_ipv6_summary">通过 VpnService 代理Ipv6流量</string>
     <string name="clash_meta_wiki">Clash Meta Wiki</string>
     <string name="meta_features">Meta Features</string>
     <string name="unified_delay">Unified Delay</string>

design/src/main/res/values/strings.xml

@@ -122,6 +122,8 @@
     <string name="block_loopback_summary">Block loopback connections</string>
     <string name="allow_bypass">Allow Bypass</string>
     <string name="allow_bypass_summary">Allows all apps to bypass this VPN connection</string>
+    <string name="allow_ipv6">Allow Ipv6</string>
+    <string name="allow_ipv6_summary">Allows ipv6 traffic via VpnService</string>
     <string name="system_proxy">System Proxy</string>
     <string name="system_proxy_summary">Attach http proxy to VpnService</string>
     <string name="access_control_mode">Access Control Mode</string>

service/src/main/java/com/github/kr328/clash/service/TunService.kt

@@ -132,17 +132,31 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
         val device = with(Builder()) {
             // Interface address
             addAddress(TUN_GATEWAY, TUN_SUBNET_PREFIX)
+            if (store.allowIpv6) {
+                addAddress(TUN_GATEWAY6, TUN_SUBNET_PREFIX6)
+            }
 
             // Route
             if (store.bypassPrivateNetwork) {
                 resources.getStringArray(R.array.bypass_private_route).map(::parseCIDR).forEach {
                     addRoute(it.ip, it.prefix)
                 }
+                if (store.allowIpv6) {
+                    resources.getStringArray(R.array.bypass_private_route6).map(::parseCIDR).forEach {
+                        addRoute(it.ip, it.prefix)
+                    }
+                }
 
                 // Route of virtual DNS
                 addRoute(TUN_DNS, 32)
+                if (store.allowIpv6) {
+                    addRoute(TUN_DNS6, 128)
+                }
             } else {
                 addRoute(NET_ANY, 0)
+                if (store.allowIpv6) {
+                    addRoute(NET_ANY6, 0)
+                }
             }
 
             // Access Control
@@ -171,6 +185,9 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
 
             // Virtual Dns Server
             addDnsServer(TUN_DNS)
+            if (store.allowIpv6) {
+                addDnsServer(TUN_DNS6)
+            }
 
             // Open MainActivity
             setConfigureIntent(
@@ -207,9 +224,9 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
             TunModule.TunDevice(
                 fd = establish()?.detachFd()
                     ?: throw NullPointerException("Establish VPN rejected by system"),
-                gateway = "$TUN_GATEWAY/$TUN_SUBNET_PREFIX",
-                portal = TUN_PORTAL,
-                dns = if (store.dnsHijacking) NET_ANY else TUN_DNS,
+                gateway = "$TUN_GATEWAY/$TUN_SUBNET_PREFIX" + if (store.allowIpv6) ",$TUN_GATEWAY6/$TUN_SUBNET_PREFIX6" else "",
+                portal = TUN_PORTAL + if (store.allowIpv6) ",$TUN_PORTAL6" else "",
+                dns = if (store.dnsHijacking) NET_ANY else (TUN_DNS + if (store.allowIpv6) ",$TUN_DNS6" else ""),
             )
         }
 
@@ -220,9 +237,14 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
         private const val TUN_MTU = 9000
         private const val TUN_SUBNET_PREFIX = 30
         private const val TUN_GATEWAY = "172.19.0.1"
+        private const val TUN_SUBNET_PREFIX6 = 126
+        private const val TUN_GATEWAY6 = "fdfe:dcba:9876::1"
         private const val TUN_PORTAL = "172.19.0.2"
+        private const val TUN_PORTAL6 = "fdfe:dcba:9876::2"
         private const val TUN_DNS = TUN_PORTAL
+        private const val TUN_DNS6 = TUN_PORTAL6
         private const val NET_ANY = "0.0.0.0"
+        private const val NET_ANY6 = "::"
 
         private val HTTP_PROXY_LOCAL_LIST: List<String> = listOf(
             "localhost",

service/src/main/java/com/github/kr328/clash/service/store/ServiceStore.kt

@@ -51,6 +51,11 @@ class ServiceStore(context: Context) {
         defaultValue = true
     )
 
+    var allowIpv6 by store.boolean(
+        key = "allow_ipv6",
+        defaultValue = false
+    )
+
     var dynamicNotification by store.boolean(
         key = "dynamic_notification",
         defaultValue = true

service/src/main/res/values/arrays.xml

@@ -77,4 +77,140 @@
         <item>255.255.255.252/31</item>
         <item>255.255.255.254/32</item>
     </string-array>
+    <!-- exclude ::/127, fc00::/7, fe80::/10, ff00::/8 -->
+    <string-array name="bypass_private_route6" translatable="false">
+        <item>::2/127</item>
+        <item>::4/126</item>
+        <item>::8/125</item>
+        <item>::10/124</item>
+        <item>::20/123</item>
+        <item>::40/122</item>
+        <item>::80/121</item>
+        <item>::100/120</item>
+        <item>::200/119</item>
+        <item>::400/118</item>
+        <item>::800/117</item>
+        <item>::1000/116</item>
+        <item>::2000/115</item>
+        <item>::4000/114</item>
+        <item>::8000/113</item>
+        <item>::1:0/112</item>
+        <item>::2:0/111</item>
+        <item>::4:0/110</item>
+        <item>::8:0/109</item>
+        <item>::10:0/108</item>
+        <item>::20:0/107</item>
+        <item>::40:0/106</item>
+        <item>::80:0/105</item>
+        <item>::100:0/104</item>
+        <item>::200:0/103</item>
+        <item>::400:0/102</item>
+        <item>::800:0/101</item>
+        <item>::1000:0/100</item>
+        <item>::2000:0/99</item>
+        <item>::4000:0/98</item>
+        <item>::8000:0/97</item>
+        <item>::1:0:0/96</item>
+        <item>::2:0:0/95</item>
+        <item>::4:0:0/94</item>
+        <item>::8:0:0/93</item>
+        <item>::10:0:0/92</item>
+        <item>::20:0:0/91</item>
+        <item>::40:0:0/90</item>
+        <item>::80:0:0/89</item>
+        <item>::100:0:0/88</item>
+        <item>::200:0:0/87</item>
+        <item>::400:0:0/86</item>
+        <item>::800:0:0/85</item>
+        <item>::1000:0:0/84</item>
+        <item>::2000:0:0/83</item>
+        <item>::4000:0:0/82</item>
+        <item>::8000:0:0/81</item>
+        <item>::1:0:0:0/80</item>
+        <item>::2:0:0:0/79</item>
+        <item>::4:0:0:0/78</item>
+        <item>::8:0:0:0/77</item>
+        <item>::10:0:0:0/76</item>
+        <item>::20:0:0:0/75</item>
+        <item>::40:0:0:0/74</item>
+        <item>::80:0:0:0/73</item>
+        <item>::100:0:0:0/72</item>
+        <item>::200:0:0:0/71</item>
+        <item>::400:0:0:0/70</item>
+        <item>::800:0:0:0/69</item>
+        <item>::1000:0:0:0/68</item>
+        <item>::2000:0:0:0/67</item>
+        <item>::4000:0:0:0/66</item>
+        <item>::8000:0:0:0/65</item>
+        <item>0:0:0:1::/64</item>
+        <item>0:0:0:2::/63</item>
+        <item>0:0:0:4::/62</item>
+        <item>0:0:0:8::/61</item>
+        <item>0:0:0:10::/60</item>
+        <item>0:0:0:20::/59</item>
+        <item>0:0:0:40::/58</item>
+        <item>0:0:0:80::/57</item>
+        <item>0:0:0:100::/56</item>
+        <item>0:0:0:200::/55</item>
+        <item>0:0:0:400::/54</item>
+        <item>0:0:0:800::/53</item>
+        <item>0:0:0:1000::/52</item>
+        <item>0:0:0:2000::/51</item>
+        <item>0:0:0:4000::/50</item>
+        <item>0:0:0:8000::/49</item>
+        <item>0:0:1::/48</item>
+        <item>0:0:2::/47</item>
+        <item>0:0:4::/46</item>
+        <item>0:0:8::/45</item>
+        <item>0:0:10::/44</item>
+        <item>0:0:20::/43</item>
+        <item>0:0:40::/42</item>
+        <item>0:0:80::/41</item>
+        <item>0:0:100::/40</item>
+        <item>0:0:200::/39</item>
+        <item>0:0:400::/38</item>
+        <item>0:0:800::/37</item>
+        <item>0:0:1000::/36</item>
+        <item>0:0:2000::/35</item>
+        <item>0:0:4000::/34</item>
+        <item>0:0:8000::/33</item>
+        <item>0:1::/32</item>
+        <item>0:2::/31</item>
+        <item>0:4::/30</item>
+        <item>0:8::/29</item>
+        <item>0:10::/28</item>
+        <item>0:20::/27</item>
+        <item>0:40::/26</item>
+        <item>0:80::/25</item>
+        <item>0:100::/24</item>
+        <item>0:200::/23</item>
+        <item>0:400::/22</item>
+        <item>0:800::/21</item>
+        <item>0:1000::/20</item>
+        <item>0:2000::/19</item>
+        <item>0:4000::/18</item>
+        <item>0:8000::/17</item>
+        <item>1::/16</item>
+        <item>2::/15</item>
+        <item>4::/14</item>
+        <item>8::/13</item>
+        <item>10::/12</item>
+        <item>20::/11</item>
+        <item>40::/10</item>
+        <item>80::/9</item>
+        <item>100::/8</item>
+        <item>200::/7</item>
+        <item>400::/6</item>
+        <item>800::/5</item>
+        <item>1000::/4</item>
+        <item>2000::/3</item>
+        <item>4000::/2</item>
+        <item>8000::/2</item>
+        <item>c000::/3</item>
+        <item>e000::/4</item>
+        <item>f000::/5</item>
+        <item>f800::/6</item>
+        <item>fe00::/9</item>
+        <item>fec0::/10</item>
+    </string-array>
 </resources>