Merge c9e273e856 into 75c16f9b87

Currently ip.IsPrivate and netip.Addr.IsPrivate only matches a part of private IPs.

adapter/outbound/wireguard.go

@@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/metacubex/mihomo/common/atomic"
 	CN "github.com/metacubex/mihomo/common/net"
@@ -48,6 +49,10 @@ type WireGuard struct {
 	connectAddr   M.Socksaddr
 	localPrefixes []netip.Prefix
 
+	serverAddrMap   map[M.Socksaddr]netip.AddrPort
+	serverAddrTime  atomic.TypedValue[time.Time]
+	serverAddrMutex sync.Mutex
+
 	closeCh chan struct{} // for test
 }
 
@@ -67,6 +72,8 @@ type WireGuardOption struct {
 
 	RemoteDnsResolve bool     `proxy:"remote-dns-resolve,omitempty"`
 	Dns              []string `proxy:"dns,omitempty"`
+
+	RefreshServerIPInterval int `proxy:"refresh-server-ip-interval,omitempty"`
 }
 
 type WireGuardPeerOption struct {
@@ -287,6 +294,15 @@ func (w *WireGuard) resolve(ctx context.Context, address M.Socksaddr) (netip.Add
 }
 
 func (w *WireGuard) init(ctx context.Context) error {
+	err := w.init0(ctx)
+	if err != nil {
+		return err
+	}
+	w.updateServerAddr(ctx)
+	return nil
+}
+
+func (w *WireGuard) init0(ctx context.Context) error {
 	if w.initOk.Load() {
 		return nil
 	}
@@ -301,44 +317,118 @@ func (w *WireGuard) init(ctx context.Context) error {
 	}
 
 	w.bind.ResetReservedForEndpoint()
-	ipcConf := "private_key=" + w.option.PrivateKey
+	w.serverAddrMap = make(map[M.Socksaddr]netip.AddrPort)
+	ipcConf, err := w.genIpcConf(ctx, false)
+	if err != nil {
+		// !!! do not set initErr here !!!
+		// let us can retry domain resolve in next time
+		return err
+	}
+
+	if debug.Enabled {
+		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", w.option.Name, ipcConf))
+	}
+	err = w.device.IpcSet(ipcConf)
+	if err != nil {
+		w.initErr = E.Cause(err, "setup wireguard")
+		return w.initErr
+	}
+	w.serverAddrTime.Store(time.Now())
+
+	err = w.tunDevice.Start()
+	if err != nil {
+		w.initErr = err
+		return w.initErr
+	}
+
+	w.initOk.Store(true)
+	return nil
+}
+
+func (w *WireGuard) updateServerAddr(ctx context.Context) {
+	if w.option.RefreshServerIPInterval != 0 && time.Since(w.serverAddrTime.Load()) > time.Second*time.Duration(w.option.RefreshServerIPInterval) {
+		if w.serverAddrMutex.TryLock() {
+			defer w.serverAddrMutex.Unlock()
+			ipcConf, err := w.genIpcConf(ctx, true)
+			if err != nil {
+				log.Warnln("[WG](%s)UpdateServerAddr failed to generate wireguard ipc conf: %s", w.option.Name, err)
+				return
+			}
+			err = w.device.IpcSet(ipcConf)
+			if err != nil {
+				log.Warnln("[WG](%s)UpdateServerAddr failed to update wireguard ipc conf: %s", w.option.Name, err)
+				return
+			}
+			w.serverAddrTime.Store(time.Now())
+		}
+	}
+}
+
+func (w *WireGuard) genIpcConf(ctx context.Context, updateOnly bool) (string, error) {
+	ipcConf := ""
+	if !updateOnly {
+		ipcConf += "private_key=" + w.option.PrivateKey + "\n"
+	}
 	if len(w.option.Peers) > 0 {
 		for i, peer := range w.option.Peers {
-			ipcConf += "\npublic_key=" + peer.PublicKey
-			destination, err := w.resolve(ctx, peer.Addr())
+			peerAddr := peer.Addr()
+			destination, err := w.resolve(ctx, peerAddr)
 			if err != nil {
-				// !!! do not set initErr here !!!
-				// let us can retry domain resolve in next time
-				return E.Cause(err, "resolve endpoint domain for peer ", i)
+				return "", E.Cause(err, "resolve endpoint domain for peer ", i)
 			}
+			if w.serverAddrMap[peerAddr] != destination {
+				w.serverAddrMap[peerAddr] = destination
+			} else if updateOnly {
+				continue
+			}
+
 			if len(w.option.Peers) == 1 { // must call SetConnectAddr if isConnect == true
 				w.bind.SetConnectAddr(destination)
 			}
-			ipcConf += "\nendpoint=" + destination.String()
-			if peer.PreSharedKey != "" {
-				ipcConf += "\npreshared_key=" + peer.PreSharedKey
-			}
-			for _, allowedIP := range peer.AllowedIPs {
-				ipcConf += "\nallowed_ip=" + allowedIP
+			ipcConf += "public_key=" + peer.PublicKey + "\n"
+			if updateOnly {
+				ipcConf += "update_only=true\n"
 			}
+			ipcConf += "endpoint=" + destination.String() + "\n"
 			if len(peer.Reserved) > 0 {
 				var reserved [3]uint8
 				copy(reserved[:], w.option.Reserved)
 				w.bind.SetReservedForEndpoint(destination, reserved)
 			}
+			if updateOnly {
+				continue
+			}
+			if peer.PreSharedKey != "" {
+				ipcConf += "preshared_key=" + peer.PreSharedKey + "\n"
+			}
+			for _, allowedIP := range peer.AllowedIPs {
+				ipcConf += "allowed_ip=" + allowedIP + "\n"
+			}
+			if w.option.PersistentKeepalive != 0 {
+				ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
+			}
 		}
 	} else {
-		ipcConf += "\npublic_key=" + w.option.PublicKey
 		destination, err := w.resolve(ctx, w.connectAddr)
 		if err != nil {
-			// !!! do not set initErr here !!!
-			// let us can retry domain resolve in next time
-			return E.Cause(err, "resolve endpoint domain")
+			return "", E.Cause(err, "resolve endpoint domain")
+		}
+		if w.serverAddrMap[w.connectAddr] != destination {
+			w.serverAddrMap[w.connectAddr] = destination
+		} else if updateOnly {
+			return "", nil
 		}
 		w.bind.SetConnectAddr(destination) // must call SetConnectAddr if isConnect == true
-		ipcConf += "\nendpoint=" + destination.String()
+		ipcConf += "public_key=" + w.option.PublicKey + "\n"
+		if updateOnly {
+			ipcConf += "update_only=true\n"
+		}
+		ipcConf += "endpoint=" + destination.String() + "\n"
+		if updateOnly {
+			return ipcConf, nil
+		}
 		if w.option.PreSharedKey != "" {
-			ipcConf += "\npreshared_key=" + w.option.PreSharedKey
+			ipcConf += "preshared_key=" + w.option.PreSharedKey + "\n"
 		}
 		var has4, has6 bool
 		for _, address := range w.localPrefixes {
@@ -349,34 +439,17 @@ func (w *WireGuard) init(ctx context.Context) error {
 			}
 		}
 		if has4 {
-			ipcConf += "\nallowed_ip=0.0.0.0/0"
+			ipcConf += "allowed_ip=0.0.0.0/0\n"
 		}
 		if has6 {
-			ipcConf += "\nallowed_ip=::/0"
+			ipcConf += "allowed_ip=::/0\n"
+		}
+
+		if w.option.PersistentKeepalive != 0 {
+			ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
 		}
 	}
-
-	if w.option.PersistentKeepalive != 0 {
-		ipcConf += fmt.Sprintf("\npersistent_keepalive_interval=%d", w.option.PersistentKeepalive)
-	}
-
-	if debug.Enabled {
-		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", w.option.Name, ipcConf))
-	}
-	err := w.device.IpcSet(ipcConf)
-	if err != nil {
-		w.initErr = E.Cause(err, "setup wireguard")
-		return w.initErr
-	}
-
-	err = w.tunDevice.Start()
-	if err != nil {
-		w.initErr = err
-		return w.initErr
-	}
-
-	w.initOk.Store(true)
-	return nil
+	return ipcConf, nil
 }
 
 func closeWireGuard(w *WireGuard) {

common/nnip/netip.go

@@ -6,6 +6,28 @@ import (
 	"net/netip"
 )
 
+// Private IP CIDRs
+var privateIPCIDRs = []string{
+	"0.0.0.0/8",
+	"10.0.0.0/8",
+	"100.64.0.0/10",
+	"127.0.0.0/8",
+	"169.254.0.0/16",
+	"172.16.0.0/12",
+	"192.0.0.0/24",
+	"192.0.2.0/24",
+	"192.88.99.0/24",
+	"192.168.0.0/16",
+	"198.18.0.0/15",
+	"198.51.100.0/24",
+	"203.0.113.0/24",
+	"224.0.0.0/3",
+	"::/127",
+	"fc00::/7",
+	"fe80::/10",
+	"ff00::/8",
+}
+
 // IpToAddr converts the net.IP to netip.Addr.
 // If slice's length is not 4 or 16, IpToAddr returns netip.Addr{}
 func IpToAddr(slice net.IP) netip.Addr {
@@ -51,3 +73,18 @@ func UnMasked(p netip.Prefix) netip.Addr {
 	}
 	return addr
 }
+
+// IsPrivateIP returns whether IP is private
+// If IP is private, return true, else return false
+func IsPrivateIP(ip netip.Addr) bool {
+	for _, network := range privateIPCIDRs {
+		_, subnet, err := net.ParseCIDR(network)
+		if err != nil {
+			continue
+		}
+		if subnet.Contains(ip.AsSlice()) {
+			return true
+		}
+	}
+	return false
+}

dns/dialer.go

@@ -0,0 +1,12 @@
+package dns
+
+// export functions from tunnel module
+
+import "github.com/metacubex/mihomo/tunnel"
+
+const RespectRules = tunnel.DnsRespectRules
+
+type dialHandler = tunnel.DnsDialHandler
+
+var getDialHandler = tunnel.GetDnsDialHandler
+var listenPacket = tunnel.DnsListenPacket

dns/filters.go

@@ -4,6 +4,7 @@ import (
 	"net/netip"
 	"strings"
 
+	"github.com/metacubex/mihomo/common/nnip"
 	"github.com/metacubex/mihomo/component/geodata"
 	"github.com/metacubex/mihomo/component/geodata/router"
 	"github.com/metacubex/mihomo/component/mmdb"
@@ -26,7 +27,7 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 	if !C.GeodataMode {
 		codes := mmdb.IPInstance().LookupCode(ip.AsSlice())
 		for _, code := range codes {
-			if !strings.EqualFold(code, gf.code) && !ip.IsPrivate() {
+			if !strings.EqualFold(code, gf.code) && !nnip.IsPrivateIP(ip) {
 				return true
 			}
 		}
@@ -35,13 +36,13 @@ func (gf *geoipFilter) Match(ip netip.Addr) bool {
 
 	if geoIPMatcher == nil {
 		var err error
-		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher("CN")
+		geoIPMatcher, _, err = geodata.LoadGeoIPMatcher(gf.code)
 		if err != nil {
 			log.Errorln("[GeoIPFilter] LoadGeoIPMatcher error: %s", err.Error())
 			return false
 		}
 	}
-	return !geoIPMatcher.Match(ip)
+	return !geoIPMatcher.Match(ip) && !nnip.IsPrivateIP(ip)
 }
 
 type ipnetFilter struct {

dns/util.go

@@ -10,15 +10,10 @@ import (
 	"strings"
 	"time"
 
-	N "github.com/metacubex/mihomo/common/net"
 	"github.com/metacubex/mihomo/common/nnip"
 	"github.com/metacubex/mihomo/common/picker"
-	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/resolver"
-	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/log"
-	"github.com/metacubex/mihomo/tunnel"
-	"github.com/metacubex/mihomo/tunnel/statistic"
 
 	D "github.com/miekg/dns"
 	"github.com/samber/lo"
@@ -175,158 +170,6 @@ func msgToDomain(msg *D.Msg) string {
 	return ""
 }
 
-const RespectRules = "RULES"
-
-type dialHandler func(ctx context.Context, network, addr string) (net.Conn, error)
-
-func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string, opts ...dialer.Option) dialHandler {
-	return func(ctx context.Context, network, addr string) (net.Conn, error) {
-		if len(proxyName) == 0 && proxyAdapter == nil {
-			opts = append(opts, dialer.WithResolver(r))
-			return dialer.DialContext(ctx, network, addr, opts...)
-		} else {
-			metadata := &C.Metadata{
-				NetWork: C.TCP,
-				Type:    C.INNER,
-			}
-			err := metadata.SetRemoteAddress(addr) // tcp can resolve host by remote
-			if err != nil {
-				return nil, err
-			}
-			if !strings.Contains(network, "tcp") {
-				metadata.NetWork = C.UDP
-				if !metadata.Resolved() {
-					// udp must resolve host first
-					dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
-					if err != nil {
-						return nil, err
-					}
-					metadata.DstIP = dstIP
-				}
-			}
-
-			var rule C.Rule
-			if proxyAdapter == nil {
-				if proxyName == RespectRules {
-					if !metadata.Resolved() {
-						// resolve here before ResolveMetadata to avoid its inner resolver.ResolveIP
-						dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
-						if err != nil {
-							return nil, err
-						}
-						metadata.DstIP = dstIP
-					}
-					proxyAdapter, rule, err = tunnel.ResolveMetadata(metadata)
-					if err != nil {
-						return nil, err
-					}
-				} else {
-					var ok bool
-					proxyAdapter, ok = tunnel.Proxies()[proxyName]
-					if !ok {
-						opts = append(opts, dialer.WithInterface(proxyName))
-					}
-				}
-			}
-
-			if strings.Contains(network, "tcp") {
-				if proxyAdapter == nil {
-					opts = append(opts, dialer.WithResolver(r))
-					return dialer.DialContext(ctx, network, addr, opts...)
-				}
-
-				if proxyAdapter.IsL3Protocol(metadata) { // L3 proxy should resolve domain before to avoid loopback
-					if !metadata.Resolved() {
-						dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
-						if err != nil {
-							return nil, err
-						}
-						metadata.DstIP = dstIP
-					}
-					metadata.Host = "" // clear host to avoid double resolve in proxy
-				}
-
-				conn, err := proxyAdapter.DialContext(ctx, metadata, opts...)
-				if err != nil {
-					return nil, err
-				}
-
-				conn = statistic.NewTCPTracker(conn, statistic.DefaultManager, metadata, rule, 0, 0, false)
-
-				return conn, nil
-			} else {
-				if proxyAdapter == nil {
-					return dialer.DialContext(ctx, network, addr, opts...)
-				}
-
-				if !proxyAdapter.SupportUDP() {
-					return nil, fmt.Errorf("proxy adapter [%s] UDP is not supported", proxyAdapter)
-				}
-
-				packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
-				if err != nil {
-					return nil, err
-				}
-
-				packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
-
-				return N.NewBindPacketConn(packetConn, metadata.UDPAddr()), nil
-			}
-		}
-	}
-}
-
-func listenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName string, network string, addr string, r *Resolver, opts ...dialer.Option) (net.PacketConn, error) {
-	metadata := &C.Metadata{
-		NetWork: C.UDP,
-	}
-	err := metadata.SetRemoteAddress(addr)
-	if err != nil {
-		return nil, err
-	}
-	if !metadata.Resolved() {
-		// udp must resolve host first
-		dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
-		if err != nil {
-			return nil, err
-		}
-		metadata.DstIP = dstIP
-	}
-
-	var rule C.Rule
-	if proxyAdapter == nil {
-		if proxyName == RespectRules {
-			proxyAdapter, rule, err = tunnel.ResolveMetadata(metadata)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			var ok bool
-			proxyAdapter, ok = tunnel.Proxies()[proxyName]
-			if !ok {
-				opts = append(opts, dialer.WithInterface(proxyName))
-			}
-		}
-	}
-
-	if proxyAdapter == nil {
-		return dialer.NewDialer(opts...).ListenPacket(ctx, network, "", netip.AddrPortFrom(metadata.DstIP, metadata.DstPort))
-	}
-
-	if !proxyAdapter.SupportUDP() {
-		return nil, fmt.Errorf("proxy adapter [%s] UDP is not supported", proxyAdapter)
-	}
-
-	packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
-
-	return packetConn, nil
-}
-
 func batchExchange(ctx context.Context, clients []dnsClient, m *D.Msg) (msg *D.Msg, cache bool, err error) {
 	cache = true
 	fast, ctx := picker.WithTimeout[*D.Msg](ctx, resolver.DefaultDNSTimeout)

docs/config.yaml

@@ -728,6 +728,7 @@ proxies: # socks5
     # dialer-proxy: "ss1"
     # remote-dns-resolve: true # 强制 dns 远程解析，默认值为 false
     # dns: [ 1.1.1.1, 8.8.8.8 ] # 仅在 remote-dns-resolve 为 true 时生效
+    # refresh-server-ip-interval: 60 # 重新解析server ip的间隔，单位为秒，默认值为0即仅第一次链接时解析server域名，仅应在server域名对应的IP会发生变化时启用该选项（如家宽ddns）
     # 如果 peers 不为空，该段落中的 allowed-ips 不可为空；前面段落的 server,port,public-key,pre-shared-key 均会被忽略，但 private-key 会被保留且只能在顶层指定
     # peers:
     #   - server: 162.159.192.1

tunnel/dns_dialer.go

@@ -0,0 +1,176 @@
+package tunnel
+
+// WARNING: all function in this file should only be using in dns module
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/netip"
+	"strings"
+
+	N "github.com/metacubex/mihomo/common/net"
+	"github.com/metacubex/mihomo/component/dialer"
+	"github.com/metacubex/mihomo/component/resolver"
+	C "github.com/metacubex/mihomo/constant"
+	"github.com/metacubex/mihomo/tunnel/statistic"
+)
+
+const DnsRespectRules = "RULES"
+
+type DnsDialHandler func(ctx context.Context, network, addr string) (net.Conn, error)
+
+func GetDnsDialHandler(r resolver.Resolver, proxyAdapter C.ProxyAdapter, proxyName string, opts ...dialer.Option) DnsDialHandler {
+	return func(ctx context.Context, network, addr string) (net.Conn, error) {
+		if len(proxyName) == 0 && proxyAdapter == nil {
+			opts = append(opts, dialer.WithResolver(r))
+			return dialer.DialContext(ctx, network, addr, opts...)
+		} else {
+			metadata := &C.Metadata{
+				NetWork: C.TCP,
+				Type:    C.INNER,
+			}
+			err := metadata.SetRemoteAddress(addr) // tcp can resolve host by remote
+			if err != nil {
+				return nil, err
+			}
+			if !strings.Contains(network, "tcp") {
+				metadata.NetWork = C.UDP
+				if !metadata.Resolved() {
+					// udp must resolve host first
+					dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
+					if err != nil {
+						return nil, err
+					}
+					metadata.DstIP = dstIP
+				}
+			}
+
+			var rule C.Rule
+			if proxyAdapter == nil {
+				if proxyName == DnsRespectRules {
+					if !metadata.Resolved() {
+						// resolve here before resolveMetadata to avoid its inner resolver.ResolveIP
+						dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
+						if err != nil {
+							return nil, err
+						}
+						metadata.DstIP = dstIP
+					}
+					proxyAdapter, rule, err = resolveMetadata(metadata)
+					if err != nil {
+						return nil, err
+					}
+				} else {
+					var ok bool
+					proxyAdapter, ok = Proxies()[proxyName]
+					if !ok {
+						opts = append(opts, dialer.WithInterface(proxyName))
+					}
+				}
+			}
+
+			if strings.Contains(network, "tcp") {
+				if proxyAdapter == nil {
+					opts = append(opts, dialer.WithResolver(r))
+					return dialer.DialContext(ctx, network, addr, opts...)
+				}
+
+				if proxyAdapter.IsL3Protocol(metadata) { // L3 proxy should resolve domain before to avoid loopback
+					if !metadata.Resolved() {
+						dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
+						if err != nil {
+							return nil, err
+						}
+						metadata.DstIP = dstIP
+					}
+					metadata.Host = "" // clear host to avoid double resolve in proxy
+				}
+
+				conn, err := proxyAdapter.DialContext(ctx, metadata, opts...)
+				if err != nil {
+					logMetadataErr(metadata, rule, proxyAdapter, err)
+					return nil, err
+				}
+				logMetadata(metadata, rule, conn)
+
+				conn = statistic.NewTCPTracker(conn, statistic.DefaultManager, metadata, rule, 0, 0, false)
+
+				return conn, nil
+			} else {
+				if proxyAdapter == nil {
+					return dialer.DialContext(ctx, network, addr, opts...)
+				}
+
+				if !proxyAdapter.SupportUDP() {
+					return nil, fmt.Errorf("proxy adapter [%s] UDP is not supported", proxyAdapter)
+				}
+
+				packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
+				if err != nil {
+					logMetadataErr(metadata, rule, proxyAdapter, err)
+					return nil, err
+				}
+				logMetadata(metadata, rule, packetConn)
+
+				packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
+
+				return N.NewBindPacketConn(packetConn, metadata.UDPAddr()), nil
+			}
+		}
+	}
+}
+
+func DnsListenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName string, network string, addr string, r resolver.Resolver, opts ...dialer.Option) (net.PacketConn, error) {
+	metadata := &C.Metadata{
+		NetWork: C.UDP,
+		Type:    C.INNER,
+	}
+	err := metadata.SetRemoteAddress(addr)
+	if err != nil {
+		return nil, err
+	}
+	if !metadata.Resolved() {
+		// udp must resolve host first
+		dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
+		if err != nil {
+			return nil, err
+		}
+		metadata.DstIP = dstIP
+	}
+
+	var rule C.Rule
+	if proxyAdapter == nil {
+		if proxyName == DnsRespectRules {
+			proxyAdapter, rule, err = resolveMetadata(metadata)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			var ok bool
+			proxyAdapter, ok = Proxies()[proxyName]
+			if !ok {
+				opts = append(opts, dialer.WithInterface(proxyName))
+			}
+		}
+	}
+
+	if proxyAdapter == nil {
+		return dialer.NewDialer(opts...).ListenPacket(ctx, network, "", netip.AddrPortFrom(metadata.DstIP, metadata.DstPort))
+	}
+
+	if !proxyAdapter.SupportUDP() {
+		return nil, fmt.Errorf("proxy adapter [%s] UDP is not supported", proxyAdapter)
+	}
+
+	packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
+	if err != nil {
+		logMetadataErr(metadata, rule, proxyAdapter, err)
+		return nil, err
+	}
+	logMetadata(metadata, rule, packetConn)
+
+	packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
+
+	return packetConn, nil
+}

tunnel/tunnel.go

@@ -8,6 +8,7 @@ import (
 	"net/netip"
 	"path/filepath"
 	"runtime"
+	"strings"
 	"sync"
 	"time"
 
@@ -278,7 +279,7 @@ func preHandleMetadata(metadata *C.Metadata) error {
 	return nil
 }
 
-func ResolveMetadata(metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) {
+func resolveMetadata(metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) {
 	if metadata.SpecialProxy != "" {
 		var exist bool
 		proxy, exist = proxies[metadata.SpecialProxy]
@@ -375,7 +376,7 @@ func handleUDPConn(packet C.PacketAdapter) {
 			cond.Broadcast()
 		}()
 
-		proxy, rule, err := ResolveMetadata(metadata)
+		proxy, rule, err := resolveMetadata(metadata)
 		if err != nil {
 			log.Warnln("[UDP] Parse metadata failed: %s", err.Error())
 			return
@@ -386,43 +387,18 @@ func handleUDPConn(packet C.PacketAdapter) {
 		rawPc, err := retry(ctx, func(ctx context.Context) (C.PacketConn, error) {
 			return proxy.ListenPacketContext(ctx, metadata.Pure())
 		}, func(err error) {
-			if rule == nil {
-				log.Warnln(
-					"[UDP] dial %s %s --> %s error: %s",
-					proxy.Name(),
-					metadata.SourceDetail(),
-					metadata.RemoteAddress(),
-					err.Error(),
-				)
-			} else {
-				log.Warnln("[UDP] dial %s (match %s/%s) %s --> %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
-			}
+			logMetadataErr(metadata, rule, proxy, err)
 		})
 		if err != nil {
 			return
 		}
+		logMetadata(metadata, rule, rawPc)
 
 		pc := statistic.NewUDPTracker(rawPc, statistic.DefaultManager, metadata, rule, 0, 0, true)
 
-		switch true {
-		case metadata.SpecialProxy != "":
-			log.Infoln("[UDP] %s --> %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
-		case rule != nil:
-			if rule.Payload() != "" {
-				log.Infoln("[UDP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), rawPc.Chains().String())
-				if rawPc.Chains().Last() == "REJECT-DROP" {
-					pc.Close()
-					return
-				}
-			} else {
-				log.Infoln("[UDP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.Payload(), rawPc.Chains().String())
-			}
-		case mode == Global:
-			log.Infoln("[UDP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
-		case mode == Direct:
-			log.Infoln("[UDP] %s --> %s using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
-		default:
-			log.Infoln("[UDP] %s --> %s doesn't match any rule using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
+		if rawPc.Chains().Last() == "REJECT-DROP" {
+			pc.Close()
+			return
 		}
 
 		oAddrPort := metadata.AddrPort()
@@ -486,7 +462,7 @@ func handleTCPConn(connCtx C.ConnContext) {
 		}()
 	}
 
-	proxy, rule, err := ResolveMetadata(metadata)
+	proxy, rule, err := resolveMetadata(metadata)
 	if err != nil {
 		log.Warnln("[Metadata] parse failed: %s", err.Error())
 		return
@@ -539,48 +515,18 @@ func handleTCPConn(connCtx C.ConnContext) {
 		}
 		return
 	}, func(err error) {
-		if rule == nil {
-			log.Warnln(
-				"[TCP] dial %s %s --> %s error: %s",
-				proxy.Name(),
-				metadata.SourceDetail(),
-				metadata.RemoteAddress(),
-				err.Error(),
-			)
-		} else {
-			log.Warnln("[TCP] dial %s (match %s/%s) %s --> %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
-		}
+		logMetadataErr(metadata, rule, proxy, err)
 	})
 	if err != nil {
 		return
 	}
+	logMetadata(metadata, rule, remoteConn)
 
 	remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule, 0, int64(peekLen), true)
 	defer func(remoteConn C.Conn) {
 		_ = remoteConn.Close()
 	}(remoteConn)
 
-	switch true {
-	case metadata.SpecialProxy != "":
-		log.Infoln("[TCP] %s --> %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
-	case rule != nil:
-		if rule.Payload() != "" {
-			log.Infoln("[TCP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), remoteConn.Chains().String())
-		} else {
-			log.Infoln("[TCP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.RuleType().String(), remoteConn.Chains().String())
-		}
-	case mode == Global:
-		log.Infoln("[TCP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
-	case mode == Direct:
-		log.Infoln("[TCP] %s --> %s using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
-	default:
-		log.Infoln(
-			"[TCP] %s --> %s doesn't match any rule using DIRECT",
-			metadata.SourceDetail(),
-			metadata.RemoteAddress(),
-		)
-	}
-
 	_ = conn.SetReadDeadline(time.Now()) // stop unfinished peek
 	peekMutex.Lock()
 	defer peekMutex.Unlock()
@@ -588,6 +534,33 @@ func handleTCPConn(connCtx C.ConnContext) {
 	handleSocket(conn, remoteConn)
 }
 
+func logMetadataErr(metadata *C.Metadata, rule C.Rule, proxy C.ProxyAdapter, err error) {
+	if rule == nil {
+		log.Warnln("[%s] dial %s %s --> %s error: %s", strings.ToUpper(metadata.NetWork.String()), proxy.Name(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
+	} else {
+		log.Warnln("[%s] dial %s (match %s/%s) %s --> %s error: %s", strings.ToUpper(metadata.NetWork.String()), proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
+	}
+}
+
+func logMetadata(metadata *C.Metadata, rule C.Rule, remoteConn C.Connection) {
+	switch {
+	case metadata.SpecialProxy != "":
+		log.Infoln("[%s] %s --> %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
+	case rule != nil:
+		if rule.Payload() != "" {
+			log.Infoln("[%s] %s --> %s match %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), remoteConn.Chains().String())
+		} else {
+			log.Infoln("[%s] %s --> %s match %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), rule.RuleType().String(), remoteConn.Chains().String())
+		}
+	case mode == Global:
+		log.Infoln("[%s] %s --> %s using GLOBAL", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress())
+	case mode == Direct:
+		log.Infoln("[%s] %s --> %s using DIRECT", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress())
+	default:
+		log.Infoln("[%s] %s --> %s doesn't match any rule using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), remoteConn.Chains().Last())
+	}
+}
+
 func shouldResolveIP(rule C.Rule, metadata *C.Metadata) bool {
 	return rule.ShouldResolveIP() && metadata.Host != "" && !metadata.DstIP.IsValid()
 }