Add loopback address support for tun

docs/configuration/inbound/tun.md

@@ -1,7 +1,11 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "Changes in sing-box 1.12.0"
+
+    :material-plus: [loopback_address](#loopback_address)
+
 !!! quote "Changes in sing-box 1.11.0"
 
     :material-delete-alert: [gso](#gso)  
@@ -56,9 +60,12 @@ icon: material/alert-decagram
   "auto_route": true,
   "iproute2_table_index": 2022,
   "iproute2_rule_index": 9000,
-  "auto_redirect": false,
+  "auto_redirect": true,
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
+  "loopback_address": [
+    "10.0.7.1"
+  ],
   "strict_route": true,
   "route_address": [
     "0.0.0.0/1",
@@ -66,7 +73,6 @@ icon: material/alert-decagram
     "::/1",
     "8000::/1"
   ],
-  
   "route_exclude_address": [
     "192.168.0.0/16",
     "fc00::/7"
@@ -117,7 +123,6 @@ icon: material/alert-decagram
       "match_domain": []
     }
   },
-
   // Deprecated
   "gso": false,
   "inet4_address": [
@@ -140,8 +145,8 @@ icon: material/alert-decagram
   "inet6_route_exclude_address": [
     "fc00::/7"
   ],
-  
-  ... // Listen Fields
+  ...
+  // Listen Fields
 }
 ```
 
@@ -273,6 +278,16 @@ Connection output mark used by `auto_redirect`.
 
 `0x2024` is used by default.
 
+#### loopback_address
+
+!!! question "Since sing-box 1.12.0"
+
+Loopback addresses make TCP connections to the specified address connect to the source address.
+
+Setting option value to `10.0.7.1` achieves the same behavior as SideStore/StosVPN.
+
+When `auto_redirect` is enabled, the same behavior can be achieved for LAN devices (not just local) as a gateway.
+
 #### strict_route
 
 Enforce strict routing rules when `auto_route` is enabled:

docs/configuration/inbound/tun.zh.md

@@ -1,7 +1,11 @@
 ---
-icon: material/alert-decagram
+icon: material/new-box
 ---
 
+!!! quote "sing-box 1.12.0 中的更改"
+
+    :material-plus: [loopback_address](#loopback_address)
+
 !!! quote "sing-box 1.11.0 中的更改"
 
     :material-delete-alert: [gso](#gso)  
@@ -56,9 +60,12 @@ icon: material/alert-decagram
   "auto_route": true,
   "iproute2_table_index": 2022,
   "iproute2_rule_index": 9000,
-  "auto_redirect": false,
+  "auto_redirect": true,
   "auto_redirect_input_mark": "0x2023",
   "auto_redirect_output_mark": "0x2024",
+  "loopback_address": [
+    "10.0.7.1"
+  ],
   "strict_route": true,
   "route_address": [
     "0.0.0.0/1",
@@ -270,6 +277,16 @@ tun 接口的 IPv6 前缀。
 
 默认使用 `0x2024`。
 
+#### loopback_address
+
+!!! question "自 sing-box 1.12.0 起"
+
+环回地址是用于使指向指定地址的 TCP 连接连接到来源地址的。
+
+将选项值设置为 `10.0.7.1` 可实现与 SideStore/StosVPN 相同的行为。
+
+当启用 `auto_redirect` 时，可以作为网关为局域网设备（而不仅仅是本地）实现相同的行为。
+
 #### strict_route
 
 当启用 `auto_route` 时，强制执行严格的路由规则：

option/tun.go

@@ -20,6 +20,7 @@ type TunInboundOptions struct {
 	AutoRedirect           bool                             `json:"auto_redirect,omitempty"`
 	AutoRedirectInputMark  FwMark                           `json:"auto_redirect_input_mark,omitempty"`
 	AutoRedirectOutputMark FwMark                           `json:"auto_redirect_output_mark,omitempty"`
+	LoopbackAddress        badoption.Listable[netip.Addr]   `json:"loopback_address,omitempty"`
 	StrictRoute            bool                             `json:"strict_route,omitempty"`
 	RouteAddress           badoption.Listable[netip.Prefix] `json:"route_address,omitempty"`
 	RouteAddressSet        badoption.Listable[string]       `json:"route_address_set,omitempty"`

protocol/tun/inbound.go

@@ -190,6 +190,8 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
 			IPRoute2RuleIndex:        ruleIndex,
 			AutoRedirectInputMark:    inputMark,
 			AutoRedirectOutputMark:   outputMark,
+			Inet4LoopbackAddress:     common.Filter(options.LoopbackAddress, netip.Addr.Is4),
+			Inet6LoopbackAddress:     common.Filter(options.LoopbackAddress, netip.Addr.Is6),
 			StrictRoute:              options.StrictRoute,
 			IncludeInterface:         options.IncludeInterface,
 			ExcludeInterface:         options.ExcludeInterface,