windows: clean up dead code, comments, and fix goroutine leak

- Remove unused routeAddressSet/routeExcludeAddressSet fields and netipx import
- Remove dead Metadata field from connEntry (already in Context)
- Remove WHAT comments per project code-comment rules
- Fix goroutine leak in connMetadataTable.cleanupLoop (add done channel)
- Cache os.Getpid() as selfPID field to avoid repeated syscalls

Author: nekohasekai

internal/winipcfg/winipcfg.go

@@ -134,7 +134,6 @@ func GetAnycastIPAddressTable(family AddressFamily) ([]MibAnycastIPAddressRow, e
 //
 
 //sys	getIPForwardTable2(family AddressFamily, table **mibIPforwardTable2) (ret error) = iphlpapi.GetIpForwardTable2
-//sys	getBestRoute2(interfaceLUID *LUID, interfaceIndex uint32, sourceAddress *RawSockaddrInet, destinationAddress *RawSockaddrInet, sortOptions uint32, bestRoute *MibIPforwardRow2, bestSourceAddress *RawSockaddrInet) (ret error) = iphlpapi.GetBestRoute2
 //sys	initializeIPForwardEntry(route *MibIPforwardRow2) = iphlpapi.InitializeIpForwardEntry
 //sys	getIPForwardEntry2(route *MibIPforwardRow2) (ret error) = iphlpapi.GetIpForwardEntry2
 //sys	setIPForwardEntry2(route *MibIPforwardRow2) (ret error) = iphlpapi.SetIpForwardEntry2
@@ -154,18 +153,6 @@ func GetIPForwardTable2(family AddressFamily) ([]MibIPforwardRow2, error) {
 	return t, nil
 }
 
-// GetBestRoute2 function retrieves the best route for the specified destination IP address on the local computer.
-// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-getbestroute2
-func GetBestRoute2(interfaceLUID *LUID, interfaceIndex uint32, sourceAddress *RawSockaddrInet, destinationAddress *RawSockaddrInet, sortOptions uint32) (*MibIPforwardRow2, *RawSockaddrInet, error) {
-	bestRoute := &MibIPforwardRow2{}
-	bestSourceAddress := &RawSockaddrInet{}
-	err := getBestRoute2(interfaceLUID, interfaceIndex, sourceAddress, destinationAddress, sortOptions, bestRoute, bestSourceAddress)
-	if err != nil {
-		return nil, nil, err
-	}
-	return bestRoute, bestSourceAddress, nil
-}
-
 //
 // Notifications-related functions
 //

internal/winipcfg/zwinipcfg_windows.go

@@ -57,6 +57,9 @@ func (s *redirectServer) Start() error {
 
 func (s *redirectServer) Close() error {
 	s.inShutdown.Store(true)
+	if s.connTable != nil {
+		s.connTable.Close()
+	}
 	if s.listener != nil {
 		return s.listener.Close()
 	}
@@ -104,12 +107,10 @@ func (s *redirectServer) loopIn() {
 	}
 }
 
-// connMetadataTable maps source address → connection metadata.
-// Entries are populated by pre-match workers before sending redirect verdicts,
-// and consumed by the redirect server upon accepting connections.
 type connMetadataTable struct {
 	mu      sync.Mutex
 	entries map[connKey]*connEntry
+	done    chan struct{}
 }
 
 type connKey struct {
@@ -120,7 +121,6 @@ type connKey struct {
 type connEntry struct {
 	Destination M.Socksaddr
 	Context     context.Context
-	Metadata    *AutoRedirectMetadata
 	IsDNS       bool
 	DNSServer   M.Socksaddr
 	CreatedAt   time.Time
@@ -129,31 +129,38 @@ type connEntry struct {
 func newConnMetadataTable() *connMetadataTable {
 	t := &connMetadataTable{
 		entries: make(map[connKey]*connEntry),
+		done:    make(chan struct{}),
 	}
 	go t.cleanupLoop()
 	return t
 }
 
-func (t *connMetadataTable) Store(src M.Socksaddr, dst M.Socksaddr, ctx context.Context, metadata *AutoRedirectMetadata) {
+func (t *connMetadataTable) Close() {
+	select {
+	case <-t.done:
+	default:
+		close(t.done)
+	}
+}
+
+func (t *connMetadataTable) Store(src M.Socksaddr, dst M.Socksaddr, ctx context.Context) {
 	key := connKey{Addr: src.Addr, Port: src.Port}
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	t.entries[key] = &connEntry{
 		Destination: dst,
 		Context:     ctx,
-		Metadata:    metadata,
 		CreatedAt:   time.Now(),
 	}
 }
 
-func (t *connMetadataTable) StoreDNS(src M.Socksaddr, originalDst M.Socksaddr, dnsServer M.Socksaddr, ctx context.Context, metadata *AutoRedirectMetadata) {
+func (t *connMetadataTable) StoreDNS(src M.Socksaddr, originalDst M.Socksaddr, dnsServer M.Socksaddr, ctx context.Context) {
 	key := connKey{Addr: src.Addr, Port: src.Port}
 	t.mu.Lock()
 	defer t.mu.Unlock()
 	t.entries[key] = &connEntry{
 		Destination: originalDst,
 		Context:     ctx,
-		Metadata:    metadata,
 		IsDNS:       true,
 		DNSServer:   dnsServer,
 		CreatedAt:   time.Now(),
@@ -192,14 +199,19 @@ func (t *connMetadataTable) Lookup(src M.Socksaddr) (*connEntry, bool) {
 func (t *connMetadataTable) cleanupLoop() {
 	ticker := time.NewTicker(10 * time.Second)
 	defer ticker.Stop()
-	for range ticker.C {
-		t.mu.Lock()
-		now := time.Now()
-		for key, entry := range t.entries {
-			if now.Sub(entry.CreatedAt) > 30*time.Second {
-				delete(t.entries, key)
+	for {
+		select {
+		case <-t.done:
+			return
+		case <-ticker.C:
+			t.mu.Lock()
+			now := time.Now()
+			for key, entry := range t.entries {
+				if now.Sub(entry.CreatedAt) > 30*time.Second {
+					delete(t.entries, key)
+				}
 			}
+			t.mu.Unlock()
 		}
-		t.mu.Unlock()
 	}
 }

redirect_server_windows.go

@@ -21,7 +21,6 @@ import (
 	M "github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/common/x/list"
 
-	"go4.org/netipx"
 	"golang.org/x/sys/windows"
 )
 
@@ -35,11 +34,10 @@ type autoRedirect struct {
 	networkMonitor         NetworkUpdateMonitor
 	networkListener        *list.Element[NetworkUpdateCallback]
 	interfaceFinder        control.InterfaceFinder
-	driverManager          *winredirect.Manager
-	redirectServer         *redirectServer
-	routeAddressSet        *[]*netipx.IPSet
-	routeExcludeAddressSet *[]*netipx.IPSet
+	driverManager  *winredirect.Manager
+	redirectServer *redirectServer
 
+	selfPID    uint32
 	enableIPv4 bool
 	enableIPv6 bool
 
@@ -63,15 +61,14 @@ func NewAutoRedirect(options AutoRedirectOptions) (AutoRedirect, error) {
 		logger:                 options.Logger,
 		errorHandler:           options.ErrorHandler,
 		networkMonitor:         options.NetworkMonitor,
-		interfaceFinder:        options.InterfaceFinder,
-		routeAddressSet:        options.RouteAddressSet,
-		routeExcludeAddressSet: options.RouteExcludeAddressSet,
-		workerCount:            1,
+		interfaceFinder: options.InterfaceFinder,
+		workerCount:    1,
 	}
 	return r, nil
 }
 
 func (r *autoRedirect) Start() error {
+	r.selfPID = uint32(os.Getpid())
 	r.enableIPv4 = len(r.tunOptions.Inet4Address) > 0
 	r.enableIPv6 = len(r.tunOptions.Inet6Address) > 0
 	if !r.enableIPv4 && !r.enableIPv6 {
@@ -142,7 +139,7 @@ func (r *autoRedirect) startRedirect() error {
 	redirectPort := M.AddrPortFromNet(server.listener.Addr()).Port()
 	err = manager.SetConfig(&winredirect.Config{
 		RedirectPort: redirectPort,
-		ProxyPID:     uint32(os.Getpid()),
+		ProxyPID:     r.selfPID,
 		TunGUID:      tunGUID,
 	})
 	if err != nil {
@@ -173,9 +170,6 @@ func (r *autoRedirect) Close() error {
 }
 
 func (r *autoRedirect) UpdateRouteAddressSet() {
-	// Dynamic route address sets are updated via pointer indirection.
-	// The IPSet pointers are swapped atomically by the caller.
-	// No driver communication needed — all filtering is in Go.
 }
 
 func (r *autoRedirect) preMatchWorker() {
@@ -233,38 +227,33 @@ func (r *autoRedirect) evaluateConnection(conn *winredirect.PendingConn) uint32
 	src := pendingConnSrc(conn)
 
 	// Proxy process outbound connections must never be redirected back into itself.
-	if conn.ProcessID == uint32(os.Getpid()) {
+	if conn.ProcessID == r.selfPID {
 		return winredirect.VerdictBypass
 	}
 
-	// 1. Loopback destinations
 	if dst.Addr.IsLoopback() {
 		return winredirect.VerdictBypass
 	}
 
-	// DNS hijack: port 53 from local network → redirect to DNS server
 	if !r.tunOptions.EXP_DisableDNSHijack && dst.Port == 53 {
 		if r.isLocalAddress(src.Addr) {
 			dnsServer := r.dnsServerForFamily(dst.Addr)
 			if dnsServer.IsValid() {
 				metadata := r.resolveMetadata(conn)
 				ctx := r.newConnContext(metadata)
-				r.redirectServer.connTable.StoreDNS(src, dst, M.SocksaddrFrom(dnsServer, 53), ctx, metadata)
+				r.redirectServer.connTable.StoreDNS(src, dst, M.SocksaddrFrom(dnsServer, 53), ctx)
 				return winredirect.VerdictRedirect
 			}
 		}
 	}
 
-	// Strict route: reject disabled address family
 	if r.tunOptions.StrictRoute && r.isDisabledFamily(dst.Addr) {
 		return winredirect.VerdictDrop
 	}
 
-	// Resolve PID → process path
 	metadata := r.resolveMetadata(conn)
 	ctx := r.newConnContext(metadata)
 
-	// PrepareConnection (NFQUEUE equivalent)
 	_, err := r.handler.PrepareConnection(ctx, "tcp", src, dst, nil, 0)
 	if errors.Is(err, ErrDrop) {
 		return winredirect.VerdictDrop
@@ -276,8 +265,7 @@ func (r *autoRedirect) evaluateConnection(conn *winredirect.PendingConn) uint32
 		r.logger.Warn("prepare connection fallback to redirect: ", err)
 	}
 
-	// Store metadata for redirect server
-	r.redirectServer.connTable.Store(src, dst, ctx, metadata)
+	r.redirectServer.connTable.Store(src, dst, ctx)
 
 	return winredirect.VerdictRedirect
 }