winroute

null · null · commit 7a1060766e88 · 2026-04-03T15:42:49.000+08:00
diff --git a/go.mod b/go.mod
@@ -27,6 +27,7 @@ require (
 	golang.org/x/sys v0.42.0
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
 	golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb
+	golang.zx2c4.com/wireguard/windows v0.5.3
 	google.golang.org/grpc v1.79.3
 	google.golang.org/protobuf v1.36.11
 	gvisor.dev/gvisor v0.0.0-20260122175437-89a5d21be8f0
diff --git a/go.sum b/go.sum
@@ -131,6 +131,8 @@ golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeu
 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
 golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
+golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
+golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
diff --git a/infra/conf/tun.go b/infra/conf/tun.go
@@ -6,16 +6,18 @@ import (
 )
 
 type TunConfig struct {
-	Name      string `json:"name"`
-	MTU       uint32 `json:"MTU"`
-	UserLevel uint32 `json:"userLevel"`
+	Name      string   `json:"name"`
+	MTU       uint32   `json:"MTU"`
+	UserLevel uint32   `json:"userLevel"`
+	WinRoute  []string `json:"winRoute"`
 }
 
 func (v *TunConfig) Build() (proto.Message, error) {
 	config := &tun.Config{
 		Name:      v.Name,
 		MTU:       v.MTU,
 		UserLevel: v.UserLevel,
+		WinRoute:  v.WinRoute,
 	}
 
 	if v.Name == "" {
diff --git a/proxy/tun/config.pb.go b/proxy/tun/config.pb.go
diff --git a/proxy/tun/config.proto b/proxy/tun/config.proto
@@ -10,4 +10,5 @@ message Config {
   string name = 1;
   uint32 MTU = 2;
   uint32 user_level = 3;
+  repeated string win_route = 4;
 }
diff --git a/proxy/tun/handler.go b/proxy/tun/handler.go
@@ -60,8 +60,9 @@ func (t *Handler) Init(ctx context.Context, pm policy.Manager, dispatcher routin
 
 	tunName := t.config.Name
 	tunOptions := TunOptions{
-		Name: tunName,
-		MTU:  t.config.MTU,
+		Name:     tunName,
+		MTU:      t.config.MTU,
+		WinRoute: t.config.WinRoute,
 	}
 	tunInterface, err := NewTun(tunOptions)
 	if err != nil {
diff --git a/proxy/tun/tun.go b/proxy/tun/tun.go
@@ -8,6 +8,7 @@ type Tun interface {
 
 // TunOptions for tun interface implementation
 type TunOptions struct {
-	Name string
-	MTU  uint32
+	Name     string
+	MTU      uint32
+	WinRoute []string
 }
diff --git a/proxy/tun/tun_windows.go b/proxy/tun/tun_windows.go
@@ -5,10 +5,12 @@ package tun
 import (
 	"crypto/md5"
 	"errors"
+	"net/netip"
 	"unsafe"
 
 	"golang.org/x/sys/windows"
 	"golang.zx2c4.com/wintun"
+	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
 	"gvisor.dev/gvisor/pkg/buffer"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
@@ -70,20 +72,79 @@ func open(name string) (*wintun.Adapter, error) {
 	// generate a deterministic GUID from the adapter name
 	id := md5.Sum([]byte(name))
 	guid := (*windows.GUID)(unsafe.Pointer(&id[0]))
-	// try to open existing adapter by name
-	adapter, err := wintun.OpenAdapter(name)
-	if err == nil {
-		return adapter, nil
-	}
 	// try to create adapter anew
-	adapter, err = wintun.CreateAdapter(name, "Xray", guid)
+	adapter, err := wintun.CreateAdapter(name, "Xray", guid)
 	if err == nil {
 		return adapter, nil
 	}
 	return nil, err
 }
 
 func (t *WindowsTun) Start() error {
+	var has4, has6 bool
+	allowedIPs := make([]netip.Prefix, 0, len(t.options.WinRoute))
+	for _, route := range t.options.WinRoute {
+		allowedIPs = append(allowedIPs, netip.MustParsePrefix(route))
+	}
+	routesMap := make(map[winipcfg.RouteData]struct{})
+	for _, ip := range allowedIPs {
+		route := winipcfg.RouteData{
+			Destination: ip.Masked(),
+			Metric:      0,
+		}
+		if ip.Addr().Is4() {
+			has4 = true
+			route.NextHop = netip.IPv4Unspecified()
+		} else {
+			has6 = true
+			route.NextHop = netip.IPv6Unspecified()
+		}
+		routesMap[route] = struct{}{}
+	}
+	routesData := make([]*winipcfg.RouteData, 0, len(routesMap))
+	for route := range routesMap {
+		r := route
+		routesData = append(routesData, &r)
+	}
+	luid := winipcfg.LUID(t.adapter.LUID())
+	err := luid.SetRoutes(routesData)
+	if err != nil {
+		return err
+	}
+	if has4 {
+		ipif, err := luid.IPInterface(windows.AF_INET)
+		if err != nil {
+			return err
+		}
+		ipif.RouterDiscoveryBehavior = winipcfg.RouterDiscoveryDisabled
+		ipif.DadTransmits = 0
+		ipif.ManagedAddressConfigurationSupported = false
+		ipif.OtherStatefulConfigurationSupported = false
+		ipif.NLMTU = t.options.MTU
+		ipif.UseAutomaticMetric = false
+		ipif.Metric = 0
+		err = ipif.Set()
+		if err != nil {
+			return err
+		}
+	}
+	if has6 {
+		ipif, err := luid.IPInterface(windows.AF_INET6)
+		if err != nil {
+			return err
+		}
+		ipif.RouterDiscoveryBehavior = winipcfg.RouterDiscoveryDisabled
+		ipif.DadTransmits = 0
+		ipif.ManagedAddressConfigurationSupported = false
+		ipif.OtherStatefulConfigurationSupported = false
+		ipif.NLMTU = t.options.MTU
+		ipif.UseAutomaticMetric = false
+		ipif.Metric = 0
+		err = ipif.Set()
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -6,16 +6,18 @@ import (`
`6`	`6`	`)`
`7`	`7`
`8`	`8`	`type TunConfig struct {`
`9`		- Name string `json:"name"`
`10`		- MTU uint32 `json:"MTU"`
`11`		- UserLevel uint32 `json:"userLevel"`
	`9`	+ Name string `json:"name"`
	`10`	+ MTU uint32 `json:"MTU"`
	`11`	+ UserLevel uint32 `json:"userLevel"`
	`12`	+ WinRoute []string `json:"winRoute"`
`12`	`13`	`}`
`13`	`14`
`14`	`15`	`func (v *TunConfig) Build() (proto.Message, error) {`
`15`	`16`	`config := &tun.Config{`
`16`	`17`	`Name: v.Name,`
`17`	`18`	`MTU: v.MTU,`
`18`	`19`	`UserLevel: v.UserLevel,`
	`20`	`+ WinRoute: v.WinRoute,`
`19`	`21`	`}`
`20`	`22`
`21`	`23`	`if v.Name == "" {`
Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,5 @@ message Config {`
`10`	`10`	`string name = 1;`
`11`	`11`	`uint32 MTU = 2;`
`12`	`12`	`uint32 user_level = 3;`
	`13`	`+ repeated string win_route = 4;`
`13`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ type Tun interface {`
`8`	`8`
`9`	`9`	`// TunOptions for tun interface implementation`
`10`	`10`	`type TunOptions struct {`
`11`		`- Name string`
`12`		`- MTU uint32`
	`11`	`+ Name string`
	`12`	`+ MTU uint32`
	`13`	`+ WinRoute []string`
`13`	`14`	`}`