Merge c9e273e856 into 50d60cb004

Currently ip.IsPrivate and netip.Addr.IsPrivate only matches a part of private IPs.

adapter/outbound/direct.go

@@ -10,6 +10,7 @@ import (
 	"github.com/metacubex/mihomo/component/loopback"
 	"github.com/metacubex/mihomo/component/resolver"
 	C "github.com/metacubex/mihomo/constant"
+	"github.com/metacubex/mihomo/constant/features"
 )
 
 type Direct struct {
@@ -24,8 +25,10 @@ type DirectOption struct {
 
 // DialContext implements C.ProxyAdapter
 func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
-	if err := d.loopBack.CheckConn(metadata); err != nil {
-		return nil, err
+	if !features.CMFA {
+		if err := d.loopBack.CheckConn(metadata); err != nil {
+			return nil, err
+		}
 	}
 	opts = append(opts, dialer.WithResolver(resolver.DefaultResolver))
 	c, err := dialer.DialContext(ctx, "tcp", metadata.RemoteAddress(), d.Base.DialOptions(opts...)...)
@@ -38,8 +41,10 @@ func (d *Direct) DialContext(ctx context.Context, metadata *C.Metadata, opts ...
 
 // ListenPacketContext implements C.ProxyAdapter
 func (d *Direct) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
-	if err := d.loopBack.CheckPacketConn(metadata); err != nil {
-		return nil, err
+	if !features.CMFA {
+		if err := d.loopBack.CheckPacketConn(metadata); err != nil {
+			return nil, err
+		}
 	}
 	// net.UDPConn.WriteTo only working with *net.UDPAddr, so we need a net.UDPAddr
 	if !metadata.Resolved() {

common/nnip/netip.go

@@ -6,6 +6,28 @@ import (
 	"net/netip"
 )
 
+// Private IP CIDRs
+var privateIPCIDRs = []string{
+	"0.0.0.0/8",
+	"10.0.0.0/8",
+	"100.64.0.0/10",
+	"127.0.0.0/8",
+	"169.254.0.0/16",
+	"172.16.0.0/12",
+	"192.0.0.0/24",
+	"192.0.2.0/24",
+	"192.88.99.0/24",
+	"192.168.0.0/16",
+	"198.18.0.0/15",
+	"198.51.100.0/24",
+	"203.0.113.0/24",
+	"224.0.0.0/3",
+	"::/127",
+	"fc00::/7",
+	"fe80::/10",
+	"ff00::/8",
+}
+
 // IpToAddr converts the net.IP to netip.Addr.
 // If slice's length is not 4 or 16, IpToAddr returns netip.Addr{}
 func IpToAddr(slice net.IP) netip.Addr {
@@ -51,3 +73,18 @@ func UnMasked(p netip.Prefix) netip.Addr {
 	}
 	return addr
 }
+
+// IsPrivateIP returns whether IP is private
+// If IP is private, return true, else return false
+func IsPrivateIP(ip netip.Addr) bool {
+	for _, network := range privateIPCIDRs {
+		_, subnet, err := net.ParseCIDR(network)
+		if err != nil {
+			continue
+		}
+		if subnet.Contains(ip.AsSlice()) {
+			return true
+		}
+	}
+	return false
+}

dns/filters.go

@@ -4,6 +4,7 @@ import (
 	"net/netip"
 	"strings"
 
+	"github.com/metacubex/mihomo/common/nnip"
 	"github.com/metacubex/mihomo/component/geodata"
 	"github.com/metacubex/mihomo/component/geodata/router"
 	"github.com/metacubex/mihomo/component/mmdb"
@@ -26,7 +27,7 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 	if !C.GeodataMode {
 		codes := mmdb.IPInstance().LookupCode(ip.AsSlice())
 		for _, code := range codes {
-			if !strings.EqualFold(code, gf.code) && !ip.IsPrivate() {
+			if !strings.EqualFold(code, gf.code) && !nnip.IsPrivateIP(ip) {
 				return true
 			}
 		}
@@ -35,13 +36,13 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 
 	if geoIPMatcher == nil {
 		var err error
-		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher("CN")
+		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher(gf.code)
 		if err != nil {
 			log.Errorln("[GeoIPFilter] LoadGeoIPMatcher error: %s", err.Error())
 			return false
 		}
 	}
-	return !geoIPMatcher.Match(ip)
+	return !geoIPMatcher.Match(ip) && !nnip.IsPrivateIP(ip)
 }
 
 type ipnetFilter struct {

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
 	github.com/mdlayher/netlink v1.7.2
 	github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759
-	github.com/metacubex/quic-go v0.44.1-0.20240521004242-fcd70d587e22
+	github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e
 	github.com/metacubex/randv2 v0.2.0
 	github.com/metacubex/sing-quic v0.0.0-20240518034124-7696d3f7da72
 	github.com/metacubex/sing-shadowsocks v0.2.6

go.sum

@@ -104,8 +104,8 @@ github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759 h1:cjd4biTvO
 github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759/go.mod h1:UHOv2xu+RIgLwpXca7TLrXleEd4oR3sPatW6IF8wU88=
 github.com/metacubex/gvisor v0.0.0-20240320004321-933faba989ec h1:HxreOiFTUrJXJautEo8rnE1uKTVGY8wtZepY1Tii/Nc=
 github.com/metacubex/gvisor v0.0.0-20240320004321-933faba989ec/go.mod h1:8BVmQ+3cxjqzWElafm24rb2Ae4jRI6vAXNXWqWjfrXw=
-github.com/metacubex/quic-go v0.44.1-0.20240521004242-fcd70d587e22 h1:hsQ0b2A509b6ubnLtLOcUgZ8vOb+d/667zVEJ1T2fao=
-github.com/metacubex/quic-go v0.44.1-0.20240521004242-fcd70d587e22/go.mod h1:88wAATpevav4xdy5N8oejQ2cbbI6EcLYEklFeo+qywA=
+github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e h1:bLYn3GuRvWDcBDAkIv5kUYIhzHwafDVq635BuybnKqI=
+github.com/metacubex/quic-go v0.45.1-0.20240610004319-163fee60637e/go.mod h1:Yza2H7Ax1rxWPUcJx0vW+oAt9EsPuSiyQFhFabUPzwU=
 github.com/metacubex/randv2 v0.2.0 h1:uP38uBvV2SxYfLj53kuvAjbND4RUDfFJjwr4UigMiLs=
 github.com/metacubex/randv2 v0.2.0/go.mod h1:kFi2SzrQ5WuneuoLLCMkABtiBu6VRrMrWFqSPyj2cxY=
 github.com/metacubex/sing v0.0.0-20240518125217-e63d65a914d1 h1:7hDHLTmjgtRoAp59STwPQpe5Pinwi4cWex+FB3Ohvco=