Add local ret direct address support for tun

Author: nekohasekai

docs/configuration/inbound/tun.md

@@ -1,7 +1,11 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "Changes in sing-box 1.12.0"
+
+    :material-plus: [local_redirect_address](#local_redirect_address)
+
 !!! quote "Changes in sing-box 1.11.0"
 
     :material-delete-alert: [gso](#gso)  
@@ -56,17 +60,19 @@ icon: material/alert-decagram
   "auto_route": true,
   "iproute2_table_index": 2022,
   "iproute2_rule_index": 9000,
-  "auto_redirect": false,
+  "auto_redirect": true,
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
+  "local_redirect_address": [
+    "10.0.7.1"
+  ],
   "strict_route": true,
   "route_address": [
     "0.0.0.0/1",
     "128.0.0.0/1",
     "::/1",
     "8000::/1"
   ],
-  
   "route_exclude_address": [
     "192.168.0.0/16",
     "fc00::/7"
@@ -117,7 +123,6 @@ icon: material/alert-decagram
       "match_domain": []
     }
   },
-
   // Deprecated
   "gso": false,
   "inet4_address": [
@@ -140,8 +145,8 @@ icon: material/alert-decagram
   "inet6_route_exclude_address": [
     "fc00::/7"
   ],
-  
-  ... // Listen Fields
+  ...
+  // Listen Fields
 }
 ```
 
@@ -273,6 +278,16 @@ Connection output mark used by `auto_redirect`.
 
 `0x2024` is used by default.
 
+#### local_redirect_address
+
+!!! question "Since sing-box 1.12.0"
+
+Local redirect addresses are loopback addresses to make TCP connections to the specified address connect to the original address.
+
+Setting option value to `10.0.7.1` achieves the same behavior as SideStore/StosVPN.
+
+When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway.
+
 #### strict_route
 
 Enforce strict routing rules when `auto_route` is enabled:

docs/configuration/inbound/tun.zh.md

@@ -1,7 +1,11 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "sing-box 1.12.0 中的更改"
+
+    :material-plus: [local_redirect_address](#local_redirect_address)
+
 !!! quote "sing-box 1.11.0 中的更改"
 
     :material-delete-alert: [gso](#gso)  
@@ -59,6 +63,9 @@ icon: material/alert-decagram
   "auto_redirect": false,
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
+  "local_redirect_address": [
+    "10.0.7.1"
+  ],
   "strict_route": true,
   "route_address": [
     "0.0.0.0/1",
@@ -270,6 +277,16 @@ tun 接口的 IPv6 前缀。
 
 默认使用 `0x2024`。
 
+#### local_redirect_address
+
+!!! question "自 sing-box 1.12.0 起"
+
+本地重定向地址是用于使指向指定地址的 TCP 连接连接到原始地址的环回地址。
+
+将选项值设置为 `10.0.7.1` 可实现与 SideStore/StosVPN 相同的行为。
+
+当启用 `auto_redirect` 时，可以作为网关为局域网设备（而不仅仅是本地）实现相同的行为。
+
 #### strict_route
 
 当启用 `auto_route` 时，强制执行严格的路由规则：

go.mod

@@ -34,7 +34,7 @@ require (
 	github.com/sagernet/sing-shadowsocks v0.2.8
 	github.com/sagernet/sing-shadowsocks2 v0.2.1
 	github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11
-	github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210
+	github.com/sagernet/sing-tun v0.6.6-0.20250610080513-c30e60e95c09
 	github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88
 	github.com/sagernet/smux v1.5.34-mod.2
 	github.com/sagernet/tailscale v1.80.3-mod.5

go.sum

@@ -180,8 +180,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.1 h1:dWV9OXCeFPuYGHb6IRqlSptVnSzOelnq
 github.com/sagernet/sing-shadowsocks2 v0.2.1/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w=
 github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA=
-github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210 h1:6H4BZaTqKI3YcDMyTV3E576LuJM4S4wY99xoq2T1ECw=
-github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
+github.com/sagernet/sing-tun v0.6.6-0.20250610080513-c30e60e95c09 h1:8gS+1fPyq4tYw15MLsGWnYMlWq39O6hDIHWlrdwaCas=
+github.com/sagernet/sing-tun v0.6.6-0.20250610080513-c30e60e95c09/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE=
 github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88 h1:0pVm8sPOel+BoiCddW3pV3cKDKEaSioVTYDdTSKjyFI=
 github.com/sagernet/sing-vmess v0.2.4-0.20250605032146-38cc72672c88/go.mod h1:IL8Rr+EGwuqijszZkNrEFTQDKhilEpkqFqOlvdpS6/w=
 github.com/sagernet/smux v1.5.34-mod.2 h1:gkmBjIjlJ2zQKpLigOkFur5kBKdV6bNRoFu2WkltRQ4=

option/tun.go

@@ -20,6 +20,7 @@ type TunInboundOptions struct {
 	AutoRedirect           bool                             `json:"auto_redirect,omitempty"`
 	AutoRedirectInputMark  FwMark                           `json:"auto_redirect_input_mark,omitempty"`
 	AutoRedirectOutputMark FwMark                           `json:"auto_redirect_output_mark,omitempty"`
+	LocalRedirectAddress   badoption.Listable[netip.Addr]   `json:"local_redirect_address,omitempty"`
 	StrictRoute            bool                             `json:"strict_route,omitempty"`
 	RouteAddress           badoption.Listable[netip.Prefix] `json:"route_address,omitempty"`
 	RouteAddressSet        badoption.Listable[string]       `json:"route_address_set,omitempty"`

protocol/tun/inbound.go

@@ -181,28 +181,30 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 		logger:         logger,
 		inboundOptions: options.InboundOptions,
 		tunOptions: tun.Options{
-			Name:                     options.InterfaceName,
-			MTU:                      tunMTU,
-			Inet4Address:             inet4Address,
-			Inet6Address:             inet6Address,
-			AutoRoute:                options.AutoRoute,
-			IPRoute2TableIndex:       tableIndex,
-			IPRoute2RuleIndex:        ruleIndex,
-			AutoRedirectInputMark:    inputMark,
-			AutoRedirectOutputMark:   outputMark,
-			StrictRoute:              options.StrictRoute,
-			IncludeInterface:         options.IncludeInterface,
-			ExcludeInterface:         options.ExcludeInterface,
-			Inet4RouteAddress:        inet4RouteAddress,
-			Inet6RouteAddress:        inet6RouteAddress,
-			Inet4RouteExcludeAddress: inet4RouteExcludeAddress,
-			Inet6RouteExcludeAddress: inet6RouteExcludeAddress,
-			IncludeUID:               includeUID,
-			ExcludeUID:               excludeUID,
-			IncludeAndroidUser:       options.IncludeAndroidUser,
-			IncludePackage:           options.IncludePackage,
-			ExcludePackage:           options.ExcludePackage,
-			InterfaceMonitor:         networkManager.InterfaceMonitor(),
+			Name:                      options.InterfaceName,
+			MTU:                       tunMTU,
+			Inet4Address:              inet4Address,
+			Inet6Address:              inet6Address,
+			AutoRoute:                 options.AutoRoute,
+			IPRoute2TableIndex:        tableIndex,
+			IPRoute2RuleIndex:         ruleIndex,
+			AutoRedirectInputMark:     inputMark,
+			AutoRedirectOutputMark:    outputMark,
+			Inet4LocalRedirectAddress: common.Filter(options.LocalRedirectAddress, netip.Addr.Is4),
+			Inet6LocalRedirectAddress: common.Filter(options.LocalRedirectAddress, netip.Addr.Is6),
+			StrictRoute:               options.StrictRoute,
+			IncludeInterface:          options.IncludeInterface,
+			ExcludeInterface:          options.ExcludeInterface,
+			Inet4RouteAddress:         inet4RouteAddress,
+			Inet6RouteAddress:         inet6RouteAddress,
+			Inet4RouteExcludeAddress:  inet4RouteExcludeAddress,
+			Inet6RouteExcludeAddress:  inet6RouteExcludeAddress,
+			IncludeUID:                includeUID,
+			ExcludeUID:                excludeUID,
+			IncludeAndroidUser:        options.IncludeAndroidUser,
+			IncludePackage:            options.IncludePackage,
+			ExcludePackage:            options.ExcludePackage,
+			InterfaceMonitor:          networkManager.InterfaceMonitor(),
 		},
 		udpTimeout:        udpTimeout,
 		stack:             options.Stack,