From 2a40eba0cad378e2da1122c90fb99a6a9b81e087 Mon Sep 17 00:00:00 2001
From: wwqgtxx <wwqgtxx@gmail.com>
Date: Tue, 8 Apr 2025 19:07:39 +0800
Subject: [PATCH] feat: tun add
 `exclude-src-port`,`exclude-src-port-range`,`exclude-dst-port` and
 `exclude-dst-port-range` on linux

---
 config/config.go            | 12 ++++++++----
 go.mod                      |  2 +-
 go.sum                      |  4 ++--
 listener/config/tun.go      |  6 ++++--
 listener/inbound/tun.go     | 12 ++++++++----
 listener/sing_tun/server.go | 19 ++++++++++++++-----
 6 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/config/config.go b/config/config.go
index 358e055a..165c8d70 100644
--- a/config/config.go
+++ b/config/config.go
@@ -279,8 +279,10 @@ type RawTun struct {
 	IncludeUIDRange        []string       `yaml:"include-uid-range" json:"include-uid-range,omitempty"`
 	ExcludeUID             []uint32       `yaml:"exclude-uid" json:"exclude-uid,omitempty"`
 	ExcludeUIDRange        []string       `yaml:"exclude-uid-range" json:"exclude-uid-range,omitempty"`
-	ExcludePort            []uint16       `yaml:"exclude-port" json:"exclude-port,omitempty"`
-	ExcludePortRange       []string       `yaml:"exclude-port-range" json:"exclude-port-range,omitempty"`
+	ExcludeSrcPort         []uint16       `yaml:"exclude-src-port" json:"exclude-src-port,omitempty"`
+	ExcludeSrcPortRange    []string       `yaml:"exclude-src-port-range" json:"exclude-src-port-range,omitempty"`
+	ExcludeDstPort         []uint16       `yaml:"exclude-dst-port" json:"exclude-dst-port,omitempty"`
+	ExcludeDstPortRange    []string       `yaml:"exclude-dst-port-range" json:"exclude-dst-port-range,omitempty"`
 	IncludeAndroidUser     []int          `yaml:"include-android-user" json:"include-android-user,omitempty"`
 	IncludePackage         []string       `yaml:"include-package" json:"include-package,omitempty"`
 	ExcludePackage         []string       `yaml:"exclude-package" json:"exclude-package,omitempty"`
@@ -1562,8 +1564,10 @@ func parseTun(rawTun RawTun, general *General) error {
 		IncludeUIDRange:        rawTun.IncludeUIDRange,
 		ExcludeUID:             rawTun.ExcludeUID,
 		ExcludeUIDRange:        rawTun.ExcludeUIDRange,
-		ExcludePort:            rawTun.ExcludePort,
-		ExcludePortRange:       rawTun.ExcludePortRange,
+		ExcludeSrcPort:         rawTun.ExcludeSrcPort,
+		ExcludeSrcPortRange:    rawTun.ExcludeSrcPortRange,
+		ExcludeDstPort:         rawTun.ExcludeDstPort,
+		ExcludeDstPortRange:    rawTun.ExcludeDstPortRange,
 		IncludeAndroidUser:     rawTun.IncludeAndroidUser,
 		IncludePackage:         rawTun.IncludePackage,
 		ExcludePackage:         rawTun.ExcludePackage,
diff --git a/go.mod b/go.mod
index 8a6ff594..3fd11a7d 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/metacubex/sing-quic v0.0.0-20250404030904-b2cc8aab562c
 	github.com/metacubex/sing-shadowsocks v0.2.8
 	github.com/metacubex/sing-shadowsocks2 v0.2.2
-	github.com/metacubex/sing-tun v0.4.6-0.20250407014348-50cddb7347dc
+	github.com/metacubex/sing-tun v0.4.6-0.20250408105608-48dbc456318f
 	github.com/metacubex/sing-vmess v0.1.14-0.20250228002636-abc39e113b82
 	github.com/metacubex/sing-wireguard v0.0.0-20241126021510-0827d417b589
 	github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422
diff --git a/go.sum b/go.sum
index a2c1ff6c..3a725875 100644
--- a/go.sum
+++ b/go.sum
@@ -121,8 +121,8 @@ github.com/metacubex/sing-shadowsocks v0.2.8 h1:wIhlaigswzjPw4hej75sEvWte3QR0+AJ
 github.com/metacubex/sing-shadowsocks v0.2.8/go.mod h1:X3x88XtJpBxG0W0/ECOJL6Ib0SJ3xdniAkU/6/RMWU0=
 github.com/metacubex/sing-shadowsocks2 v0.2.2 h1:eaf42uVx4Lr21S6MDYs0ZdTvGA0GEhDpb9no4+gdXPo=
 github.com/metacubex/sing-shadowsocks2 v0.2.2/go.mod h1:BhOug03a/RbI7y6hp6q+6ITM1dXjnLTmeWBHSTwvv2Q=
-github.com/metacubex/sing-tun v0.4.6-0.20250407014348-50cddb7347dc h1:Zn0Fst8C/uBJmwXArUMN7b9yQJXJY9S0nRJtTiYIq6Q=
-github.com/metacubex/sing-tun v0.4.6-0.20250407014348-50cddb7347dc/go.mod h1:V0N4rr0dWPBEE20ESkTXdbtx2riQYcb6YtwC5w/9wl0=
+github.com/metacubex/sing-tun v0.4.6-0.20250408105608-48dbc456318f h1:l+G+z6JzcTleAN8aoBq2JODex0jE6ufmjogfOScp+Ew=
+github.com/metacubex/sing-tun v0.4.6-0.20250408105608-48dbc456318f/go.mod h1:V0N4rr0dWPBEE20ESkTXdbtx2riQYcb6YtwC5w/9wl0=
 github.com/metacubex/sing-vmess v0.1.14-0.20250228002636-abc39e113b82 h1:zZp5uct9+/0Hb1jKGyqDjCU4/72t43rs7qOq3Rc9oU8=
 github.com/metacubex/sing-vmess v0.1.14-0.20250228002636-abc39e113b82/go.mod h1:nE7Mdzj/QUDwgRi/8BASPtsxtIFZTHA4Yst5GgwbGCQ=
 github.com/metacubex/sing-wireguard v0.0.0-20241126021510-0827d417b589 h1:Z6bNy0HLTjx6BKIkV48sV/yia/GP8Bnyb5JQuGgSGzg=
diff --git a/listener/config/tun.go b/listener/config/tun.go
index 88e8116a..760741cc 100644
--- a/listener/config/tun.go
+++ b/listener/config/tun.go
@@ -50,8 +50,10 @@ type Tun struct {
 	IncludeUIDRange        []string       `yaml:"include-uid-range" json:"include-uid-range,omitempty"`
 	ExcludeUID             []uint32       `yaml:"exclude-uid" json:"exclude-uid,omitempty"`
 	ExcludeUIDRange        []string       `yaml:"exclude-uid-range" json:"exclude-uid-range,omitempty"`
-	ExcludePort            []uint16       `yaml:"exclude-port" json:"exclude-port,omitempty"`
-	ExcludePortRange       []string       `yaml:"exclude-port-range" json:"exclude-port-range,omitempty"`
+	ExcludeSrcPort         []uint16       `yaml:"exclude-src-port" json:"exclude-src-port,omitempty"`
+	ExcludeSrcPortRange    []string       `yaml:"exclude-src-port-range" json:"exclude-src-port-range,omitempty"`
+	ExcludeDstPort         []uint16       `yaml:"exclude-dst-port" json:"exclude-dst-port,omitempty"`
+	ExcludeDstPortRange    []string       `yaml:"exclude-dst-port-range" json:"exclude-dst-port-range,omitempty"`
 	IncludeAndroidUser     []int          `yaml:"include-android-user" json:"include-android-user,omitempty"`
 	IncludePackage         []string       `yaml:"include-package" json:"include-package,omitempty"`
 	ExcludePackage         []string       `yaml:"exclude-package" json:"exclude-package,omitempty"`
diff --git a/listener/inbound/tun.go b/listener/inbound/tun.go
index 84eb7b11..270bf3fa 100644
--- a/listener/inbound/tun.go
+++ b/listener/inbound/tun.go
@@ -39,8 +39,10 @@ type TunOption struct {
 	IncludeUIDRange        []string `inbound:"include-uid-range,omitempty"`
 	ExcludeUID             []uint32 `inbound:"exclude-uid,omitempty"`
 	ExcludeUIDRange        []string `inbound:"exclude-uid-range,omitempty"`
-	ExcludePort            []uint16 `yaml:"exclude-port" json:"exclude-port,omitempty"`
-	ExcludePortRange       []string `yaml:"exclude-port-range" json:"exclude-port-range,omitempty"`
+	ExcludeSrcPort         []uint16 `inbound:"exclude-src-port,omitempty"`
+	ExcludeSrcPortRange    []string `inbound:"exclude-src-port-range,omitempty"`
+	ExcludeDstPort         []uint16 `inbound:"exclude-dst-port,omitempty"`
+	ExcludeDstPortRange    []string `inbound:"exclude-dst-port-range,omitempty"`
 	IncludeAndroidUser     []int    `inbound:"include-android-user,omitempty"`
 	IncludePackage         []string `inbound:"include-package,omitempty"`
 	ExcludePackage         []string `inbound:"exclude-package,omitempty"`
@@ -139,8 +141,10 @@ func NewTun(options *TunOption) (*Tun, error) {
 			IncludeUIDRange:        options.IncludeUIDRange,
 			ExcludeUID:             options.ExcludeUID,
 			ExcludeUIDRange:        options.ExcludeUIDRange,
-			ExcludePort:            options.ExcludePort,
-			ExcludePortRange:       options.ExcludePortRange,
+			ExcludeSrcPort:         options.ExcludeSrcPort,
+			ExcludeSrcPortRange:    options.ExcludeSrcPortRange,
+			ExcludeDstPort:         options.ExcludeDstPort,
+			ExcludeDstPortRange:    options.ExcludeDstPortRange,
 			IncludeAndroidUser:     options.IncludeAndroidUser,
 			IncludePackage:         options.IncludePackage,
 			ExcludePackage:         options.ExcludePackage,
diff --git a/listener/sing_tun/server.go b/listener/sing_tun/server.go
index ab9476b6..df5ea0c5 100644
--- a/listener/sing_tun/server.go
+++ b/listener/sing_tun/server.go
@@ -212,12 +212,20 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis
 			return nil, E.Cause(err, "parse exclude_uid_range")
 		}
 	}
-	excludePort := uidToRange(options.ExcludePort)
-	if len(options.ExcludePortRange) > 0 {
+	excludeSrcPort := uidToRange(options.ExcludeSrcPort)
+	if len(options.ExcludeSrcPortRange) > 0 {
 		var err error
-		excludePort, err = parseRange(excludePort, options.ExcludePortRange)
+		excludeSrcPort, err = parseRange(excludeSrcPort, options.ExcludeSrcPortRange)
 		if err != nil {
-			return nil, E.Cause(err, "parse exclude_port_range")
+			return nil, E.Cause(err, "parse exclude_src_port_range")
+		}
+	}
+	excludeDstPort := uidToRange(options.ExcludeDstPort)
+	if len(options.ExcludeDstPortRange) > 0 {
+		var err error
+		excludeDstPort, err = parseRange(excludeDstPort, options.ExcludeDstPortRange)
+		if err != nil {
+			return nil, E.Cause(err, "parse exclude_dst_port_range")
 		}
 	}
 
@@ -348,7 +356,8 @@ func New(options LC.Tun, tunnel C.Tunnel, additions ...inbound.Addition) (l *Lis
 		ExcludeInterface:         options.ExcludeInterface,
 		IncludeUID:               includeUID,
 		ExcludeUID:               excludeUID,
-		ExcludePort:              excludePort,
+		ExcludeSrcPort:           excludeSrcPort,
+		ExcludeDstPort:           excludeDstPort,
 		IncludeAndroidUser:       options.IncludeAndroidUser,
 		IncludePackage:           options.IncludePackage,
 		ExcludePackage:           options.ExcludePackage,