Feature: add block loopback connections

2026-05-09 18:11:26 +08:00 · 2021-05-28 11:32:21 +08:00
parent a222e90d1f
commit 5917b90837
14 changed files with 76 additions and 33 deletions
--- a/service/src/main/java/com/github/kr328/clash/service/TunService.kt
+++ b/service/src/main/java/com/github/kr328/clash/service/TunService.kt
@@ -216,11 +216,16 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
                }
            }

+            val blocking = mutableListOf("$TUN_GATEWAY/$TUN_SUBNET_PREFIX")
+            if (store.blockLoopback) {
+                blocking.add(NET_SUBNET_LOOPBACK)
+            }
+
            TunModule.TunDevice(
                fd = establish()?.detachFd()
                    ?: throw NullPointerException("Establish VPN rejected by system"),
                mtu = TUN_MTU,
-                gateway = "$TUN_GATEWAY/$TUN_SUBNET_PREFIX",
+                blocking = blocking.joinToString(";"),
                dns = if (store.dnsHijacking) NET_ANY else TUN_DNS,
            )
        }
@@ -234,5 +239,6 @@ class TunService : VpnService(), CoroutineScope by CoroutineScope(Dispatchers.De
        private const val TUN_GATEWAY = "172.19.0.1"
        private const val TUN_DNS = "172.19.0.2"
        private const val NET_ANY = "0.0.0.0"
+        private const val NET_SUBNET_LOOPBACK = "127.0.0.0/8"
    }
 }
--- a/service/src/main/java/com/github/kr328/clash/service/clash/module/TunModule.kt
+++ b/service/src/main/java/com/github/kr328/clash/service/clash/module/TunModule.kt
@@ -16,7 +16,7 @@ class TunModule(private val vpn: VpnService) : Module<Unit>(vpn) {
    data class TunDevice(
        val fd: Int,
        val mtu: Int,
-        val gateway: String,
+        val blocking: String,
        val dns: String,
    )

@@ -57,8 +57,8 @@ class TunModule(private val vpn: VpnService) : Module<Unit>(vpn) {
        Clash.startTun(
            fd = device.fd,
            mtu = device.mtu,
-            gateway = device.gateway,
            dns = device.dns,
+            blocking = device.blocking,
            markSocket = vpn::protect,
            querySocketUid = this::queryUid
        )
--- a/service/src/main/java/com/github/kr328/clash/service/store/ServiceStore.kt
+++ b/service/src/main/java/com/github/kr328/clash/service/store/ServiceStore.kt
@@ -46,6 +46,11 @@ class ServiceStore(context: Context) {
        defaultValue = false
    )

+    var blockLoopback by store.boolean(
+        key = "block_loopback",
+        defaultValue = true
+    )
+
    var dynamicNotification by store.boolean(
        key = "dynamic_notification",
        defaultValue = true