TUN inbound: Reply fake pong to ICMP ping#6015
Conversation
There was a problem hiding this comment.
Pull request overview
Adds ICMP echo (ping) support to the TUN inbound by intercepting ICMP packets in the gVisor stack, forwarding echo requests via OS sockets, and injecting normalized echo replies back into the stack. This extends TUN inbound protocol coverage beyond TCP/UDP while documenting new limitations and platform requirements.
Changes:
- Register ICMPv4/ICMPv6 transport handlers in the gVisor-based TUN stack and implement echo request/reply forwarding + reply injection.
- Introduce a new
proxy/tun/icmppackage providing packet parsing/rewriting and platform-specific socket selection (datagram vs raw) with permission/error handling. - Add unit tests for ICMP packet helpers and platform socket/permission behavior; update TUN README to document ICMP echo support and constraints.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| proxy/tun/stack_gvisor_icmp_handler.go | New ICMP echo handler/forwarder and raw reply injection into gVisor stack |
| proxy/tun/stack_gvisor.go | Enable gVisor ICMP transport protocols and register ICMP protocol handlers |
| proxy/tun/icmp/packet.go | ICMP echo parse/match/normalize and checksum/identifier rewrite helpers |
| proxy/tun/icmp/packet_test.go | Unit tests for packet parsing, matching, normalization, and checksum rewriting |
| proxy/tun/icmp/socket_common.go | Cross-platform socket candidate selection and controller application utilities |
| proxy/tun/icmp/socket_platform_nonwindows.go | Datagram ICMP socket creation for non-Windows platforms |
| proxy/tun/icmp/socket_platform_linuxandroid.go | Linux/Android candidate ordering, permission detection, and synthetic-reply skip logic |
| proxy/tun/icmp/socket_platform_linuxandroid_test.go | Tests for Linux/Android permission detection and skip logic |
| proxy/tun/icmp/socket_platform_apple.go | Apple platform socket candidate selection and local-skip logic |
| proxy/tun/icmp/socket_platform_windows.go | Windows raw-socket candidate selection and permission hinting |
| proxy/tun/icmp/socket_platform_windows_test.go | Tests for Windows socket candidate selection and permission detection |
| proxy/tun/icmp/socket_other.go | Fallback behavior for other platforms |
| proxy/tun/README.md | Document ICMP echo support and platform-specific operational requirements/limitations |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
golang不是有一个 x/net/icmp ? |
|
关于这个,我的计划是 #5178 (comment) 不过非 VLESS 的其它代理协议出站还是需要 echo,其实很简单,翻译一下我用 C 写的那个极简版 XTLS/badvpn@c440609 |
|
所以,结论是朝哪个方向改呢? |
|
|
|
改好了。重新跑了一趟全平台测试,功能上没问题。 |
|
TUN 的其它功能你也测了没啥问题吧, |
|
今天用了 我先看看,有时间的话可以优化一下。有些调用从 GUI 开发的角度来看,意义不大,比如 Apple 平台和 Android 平台的
|
RPRX
changed the title
AI coding by Copilot / gpt-5.4 xhigh.
Only ICMP echo, not full support.
Well tested on iOS, macOS, Android, Windows and Linux.
Just
fake pong, the rewriting of XTLS/badvpn@c440609