refactor: extract session/netcfg/tunnel, add mac/dhcp/policy-route flags

- Split cmd/softether-go into main.go (flags, reconnect loop) and session.go (session lifecycle, DHCP orchestration) - Extract network config to pkg/netcfg (TAP config, routing, DNS, policy routes) - Move frame bridging to pkg/client/tunnel.go as Bridge() method - Add -mac, -dhcp, -policy-route-table CLI flags - Add SetMAC() to pkg/tap for deterministic DHCP assignments - Update all docs to reflect new structure and flags Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-06-06 16:43:12 +05:30 · 2026-06-06 16:43:12 +05:30 · 17c1063e1f
commit 17c1063e1f
parent 846ed96ff4
10 changed files with 495 additions and 332 deletions
--- a/docs/structure.md
+++ b/docs/structure.md
@ -3,17 +3,20 @@
 ```
 softether-go/
 ├── cmd/softether-go/
-│   └── main.go              CLI entry point
+│   ├── main.go              Flag parsing, TAP setup, reconnect loop
+│   └── session.go           Session lifecycle, DHCP orchestration
 ├── pkg/
 │   ├── client/
 │   │   ├── client.go        SoftEther handshake and session
-│   │   ├── tunnel.go        TCP block framing and keepalive
+│   │   ├── tunnel.go        TCP block framing, keepalive, frame bridging
 │   │   └── crypto.go        SHA-0 and password hashing
 │   ├── protocol/
-│   │   ├── http.go          HTTP transport layer
+│   │   ├── http.go          TLS connection, HTTP transport layer
 │   │   └── pack.go          Pack binary serialization
 │   ├── dhcp/
 │   │   └── dhcp.go          DHCP client (raw Ethernet frames)
+│   ├── netcfg/
+│   │   └── netcfg.go        TAP configuration, routing, DNS management
 │   └── tap/
 │       └── tap.go           Linux TAP device management
 ├── docs/                    Documentation
@ -27,18 +30,17 @@ softether-go/

 ### `cmd/softether-go`

-CLI entry point. Handles flag parsing, signal handling, and the reconnection loop. On each session:
- Connects to the server
- Runs DHCP through the tunnel
- Configures the TAP interface (IP, routes, DNS)
- Bridges Ethernet frames between the TAP device and the VPN tunnel
- Cleans up on disconnect and retries
+CLI entry point, split into two files:
+
+**`main.go`** — flag parsing, TAP device creation, MAC configuration, signal handling, and the reconnect loop. Calls `runSession` for each connection attempt.
+
+**`session.go`** — one VPN session lifecycle: connect to server, start bridge, run DHCP, configure TAP (IP/routes/DNS/policy routing), and wait for disconnect or signal. Also contains `runDHCP` which orchestrates the DHCP exchange through the tunnel.

 ### `pkg/client`

 **`client.go`** — implements the SoftEther handshake: TLS connect, signature upload, hello/auth/welcome pack exchange. Exports `Connect(Config) (*Session, error)` and the `Config`/`Session` types.

-**`tunnel.go`** — TCP block framing after the HTTP handshake. `ReadFrames()` reads batches of Ethernet frames from the server. `WriteFrames()` sends batches. `StartKeepalive()` sends periodic keepalive packets (every 3s) to prevent server timeout.
+**`tunnel.go`** — TCP block framing after the HTTP handshake completes. `ReadFrames()` reads batches of Ethernet frames from the server. `WriteFrames()` sends batches. `Bridge()` runs bidirectional frame forwarding between the tunnel and a TAP device, with an optional `FrameHandler` callback for intercepting frames (used by DHCP). `StartKeepalive()` sends periodic keepalive packets (every 3s).

 **`crypto.go`** — SHA-0 implementation (differs from SHA-1 only in the message schedule — no left-rotate). `HashPassword()` produces `SHA0(password)`. `SecurePassword()` produces `SHA0(hashed + serverRandom)`.

@ -52,6 +54,10 @@ CLI entry point. Handles flag parsing, signal handling, and the reconnection loo

 **`dhcp.go`** — DHCP client that constructs complete Ethernet/IP/UDP/DHCP frames. The full DHCP exchange (DISCOVER → OFFER → REQUEST → ACK) runs through the VPN tunnel's frame transport. Parses lease information including classless static routes (option 121/249, RFC 3442).

+### `pkg/netcfg`
+
+**`netcfg.go`** — network configuration for the VPN tunnel. `ConfigureTAP()` sets IP address, routes, and DNS on the TAP interface from a DHCP lease. `ConfigurePolicyRoute()` sets up policy routing for asymmetric return paths. `AddServerRoute()` adds a host route to the VPN server via the current default gateway. `ResolveHost()` resolves hostnames to IPv4.
+
 ### `pkg/tap`

-**`tap.go`** — Linux TAP (Layer 2) device management via `/dev/net/tun`. Opens TAP devices with `IFF_TAP | IFF_NO_PI`, reads/writes raw Ethernet frames. Provides `MAC()` to get the hardware address and `SetUp()` to bring the interface up.
+**`tap.go`** — Linux TAP (Layer 2) device management via `/dev/net/tun`. Opens TAP devices with `IFF_TAP | IFF_NO_PI`, reads/writes raw Ethernet frames. Provides `MAC()` and `SetMAC()` for hardware address management, and `SetUp()` to bring the interface up.