feat(tun)!: replace netstack with smoltcp based impl (#886)

Author: ibigbug

.github/workflows/release.yml

@@ -4,9 +4,9 @@ on:
   workflow_dispatch:
     inputs:
       version_type:
-        description: 'Version bump type'
+        description: "Version bump type"
         required: true
-        default: 'minor'
+        default: "minor"
         type: choice
         options:
           - patch
@@ -48,7 +48,7 @@ jobs:
 
       - name: Commit version bump
         run: |
-          git add Cargo.toml clash/Cargo.toml clash_lib/Cargo.toml clash_doc/Cargo.toml clash_ffi/Cargo.toml Cargo.lock
+          git add Cargo.toml clash-bin/Cargo.toml clash-dns/Cargo.toml clash-doc/Cargo.toml clash-ffi/Cargo.toml clash-lib/Cargo.toml Cargo.lock
           git commit -m "chore: bump version to ${{ steps.version.outputs.version }}"
 
       - name: Create tag

Cargo.lock

@@ -1,12 +1,13 @@
 [workspace]
-resolver = "2"
+resolver = "3"
 
 members = [
     "clash-bin",
     "clash-lib",
     "clash-doc",
     "clash-ffi",
-    "clash-dns"
+    "clash-dns",
+    "clash-netstack"
 ]
 
 

Cargo.toml

@@ -1,7 +1,7 @@
 ---
 port: 8888
 
-log-level: trace
+log-level: warn
 
 ipv6: true
 

clash-bin/tests/data/config/tun.yaml

@@ -32,7 +32,7 @@ wireguard = ["dep:boringtun", "dep:smoltcp"]
 tproxy = ["tun"]
 tun = [
     "dep:tun-rs",
-    "dep:netstack-smoltcp",
+    "dep:watfaq-netstack",
     "dep:smoltcp",
 ]
 redir = []
@@ -121,7 +121,7 @@ chrono = { version = "0.4", features = ["serde"] }
 
 # TUN
 tun-rs = { version = "2", features = ["async", "async_framed"], optional = true }
-netstack-smoltcp = { git = "https://github.com/automesh-network/netstack-smoltcp", rev = "ab06bc3de566fc6485a238dd4c746bb3e4f79484", optional = true }
+watfaq-netstack = { path = "../clash-netstack", optional = true }
 smoltcp = { version = "0.12", default-features = false, features = ["std", "log", "medium-ip", "proto-ipv4", "proto-ipv6", "socket-udp", "socket-tcp"], optional = true }
 
 # WireGuard

clash-lib/Cargo.toml

@@ -1,40 +1,35 @@
-use std::{
-    fmt::{Debug, Display, Formatter},
-    net,
-    str::FromStr,
-    sync::Arc,
-    time::Duration,
-};
-
-use async_trait::async_trait;
-
-use futures::{TryFutureExt, future::BoxFuture};
-use hickory_client::client;
-use hickory_proto::{
-    ProtoError, runtime::iocompat::AsyncIoTokioAsStd,
-    rustls::tls_client_stream::tls_client_connect_with_future, tcp::TcpClientStream,
-    udp::UdpClientStream,
-};
-use rustls::ClientConfig;
-use tokio::{sync::RwLock, task::JoinHandle};
-use tracing::{info, instrument, trace, warn};
-
+use super::{ClashResolver, Client, runtime::DnsRuntimeProvider};
 use crate::{
     Error,
     app::net::{OutboundInterface, TUN_SOMARK},
     common::tls::{self, GLOBAL_ROOT_STORE},
     dns::{ThreadSafeDNSClient, dhcp::DhcpClient},
     proxy::utils::new_tcp_stream,
 };
+use anyhow::anyhow;
+use async_trait::async_trait;
+use futures::{TryFutureExt, future::BoxFuture};
+use hickory_client::client;
 use hickory_proto::{
-    DnsHandle,
+    DnsHandle, ProtoError,
     h2::HttpsClientStreamBuilder,
     op::Message,
+    runtime::iocompat::AsyncIoTokioAsStd,
+    rustls::tls_client_stream::tls_client_connect_with_future,
+    tcp::TcpClientStream,
+    udp::UdpClientStream,
     xfer::{DnsRequest, DnsRequestOptions, FirstAnswer},
 };
-use tokio::net::TcpStream as TokioTcpStream;
-
-use super::{ClashResolver, Client, runtime::DnsRuntimeProvider};
+use rustls::ClientConfig;
+use std::{
+    fmt::{Debug, Display, Formatter},
+    net,
+    str::FromStr,
+    sync::Arc,
+    time::Duration,
+};
+use tokio::{net::TcpStream as TokioTcpStream, sync::RwLock, task::JoinHandle};
+use tracing::{info, instrument, trace, warn};
 
 #[derive(Clone, Debug, PartialEq)]
 pub enum DNSNetMode {

clash-lib/src/app/dns/dns_client.rs

@@ -5,6 +5,7 @@ use crate::{
         dns_client::{DNSNetMode, DnsClient, Opts},
     },
 };
+use hickory_proto::rr::rdata::opt::EdnsCode;
 use std::sync::Arc;
 use tracing::{debug, warn};
 
@@ -76,5 +77,10 @@ pub fn build_dns_response_message(
         res.set_edns(edns);
     }
 
+    if let Some(edns) = res.extensions_mut() {
+        // Remove only padding options, keep everything else
+        edns.options_mut().remove(EdnsCode::Padding);
+    }
+
     res
 }

clash-lib/src/app/dns/helper.rs

@@ -1,19 +1,3 @@
-use async_trait::async_trait;
-use futures::{FutureExt, TryFutureExt};
-use rand::seq::IndexedRandom;
-use std::{
-    net,
-    sync::{
-        Arc,
-        atomic::{AtomicBool, Ordering::Relaxed},
-    },
-    time::{Duration, Instant},
-};
-use tokio::sync::RwLock;
-use tracing::{debug, error, instrument, trace, warn};
-
-use hickory_proto::{op, rr};
-
 use crate::{
     Error,
     app::{dns::helper::build_dns_response_message, profile::ThreadSafeCacheFile},
@@ -29,6 +13,21 @@ use crate::{
         helper::make_clients,
     },
 };
+use anyhow::anyhow;
+use async_trait::async_trait;
+use futures::{FutureExt, TryFutureExt};
+use hickory_proto::{op, rr};
+use rand::seq::IndexedRandom;
+use std::{
+    net,
+    sync::{
+        Arc,
+        atomic::{AtomicBool, Ordering::Relaxed},
+    },
+    time::{Duration, Instant},
+};
+use tokio::sync::RwLock;
+use tracing::{debug, error, instrument, trace, warn};
 
 pub struct EnhancedResolver {
     ipv6: AtomicBool,
@@ -314,7 +313,13 @@ impl EnhancedResolver {
                 }
             }
             trace!(q = q.to_string(), "querying resolver");
-            let res = self.exchange_no_cache(message).await;
+            let res = self.exchange_no_cache(message).await.map(|mut r| {
+                if let Some(edns) = r.extensions_mut() {
+                    // Remove only padding options, keep everything else
+                    edns.options_mut().remove(rr::rdata::opt::EdnsCode::Padding);
+                }
+                r
+            });
             trace!(q = q.to_string(), "query completed");
             res
         } else {

clash-lib/src/app/dns/resolver/enhanced.rs

@@ -1,13 +1,11 @@
+use super::DEFAULT_DNS_SERVER_TTL;
+use crate::app::dns::{ThreadSafeDNSResolver, helper::build_dns_response_message};
 use hickory_proto::{
     op::{Message, ResponseCode},
     rr::{RData, Record, rdata::A},
 };
 use tracing::debug;
 
-use crate::app::dns::{ThreadSafeDNSResolver, helper::build_dns_response_message};
-
-use super::DEFAULT_DNS_SERVER_TTL;
-
 pub async fn exchange_with_resolver<'a>(
     resolver: &'a ThreadSafeDNSResolver,
     req: &'a Message,

clash-lib/src/app/dns/server/handler.rs

@@ -1,6 +1,5 @@
 use crate::def::LogLevel;
-use std::{io::IsTerminal, sync::Once};
-
+use anyhow::anyhow;
 #[cfg(feature = "tracing")]
 use opentelemetry::trace::TracerProvider;
 #[cfg(feature = "tracing")]
@@ -11,6 +10,7 @@ use opentelemetry_semantic_conventions::{
     attribute::{DEPLOYMENT_ENVIRONMENT_NAME, SERVICE_VERSION},
 };
 use serde::Serialize;
+use std::{io::IsTerminal, sync::Once};
 use tokio::sync::broadcast::Sender;
 use tracing::level_filters::LevelFilter;
 #[cfg(feature = "tracing")]