From da21a8f77f31b295e77e1b55e9ef408ca3bf9402 Mon Sep 17 00:00:00 2001
From: LjhAUMEM <llnu14702@gmail.com>
Date: Wed, 10 Jun 2026 04:53:55 +0800
Subject: [PATCH] TUN & WireGuard inbounds: Ignore b.UDP's domain when
 receiving it from outbound (#6285)

Fixes https://github.com/XTLS/Xray-core/issues/6279
---
 proxy/tun/udp_fullcone.go | 30 +++++++++++++++++++-----------
 proxy/wireguard/tun.go    | 34 +++++++++++++++++++++-------------
 2 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/proxy/tun/udp_fullcone.go b/proxy/tun/udp_fullcone.go
index ab59e97f..1a1cb084 100644
--- a/proxy/tun/udp_fullcone.go
+++ b/proxy/tun/udp_fullcone.go
@@ -98,18 +98,22 @@ type udpConn struct {
 }
 
 func (c *udpConn) ReadMultiBuffer() (buf.MultiBuffer, error) {
-	e, ok := <-c.egress
-	if !ok {
-		return nil, io.EOF
-	}
+	for {
+		e, ok := <-c.egress
+		if !ok {
+			return nil, io.EOF
+		}
 
-	b := buf.New()
-	if _, err := b.Write(e.data); err != nil {
-		return nil, err
-	}
-	b.UDP = e.dest
+		b := buf.New()
+		if _, err := b.Write(e.data); err != nil {
+			errors.LogErrorInner(context.Background(), err, "drop packet to ", e.dest, " with size ", len(e.data))
+			b.Release()
+			continue
+		}
+		b.UDP = e.dest
 
-	return buf.MultiBuffer{b}, nil
+		return buf.MultiBuffer{b}, nil
+	}
 }
 
 // Read packets from the connection
@@ -129,7 +133,11 @@ func (c *udpConn) WriteMultiBuffer(mb buf.MultiBuffer) error {
 	for i, b := range mb {
 		dst := c.dst
 		if b.UDP != nil {
-			dst = *b.UDP
+			if b.UDP.Address.Family().IsDomain() {
+				errors.LogError(context.Background(), "impossible domain packet ", b.UDP, " reply via original target ", dst)
+			} else {
+				dst = *b.UDP
+			}
 		}
 		err := c.handler.writePacket(b.Bytes(), dst, c.src)
 		if err != nil {
diff --git a/proxy/wireguard/tun.go b/proxy/wireguard/tun.go
index 2f9c1ab1..971ce89e 100644
--- a/proxy/wireguard/tun.go
+++ b/proxy/wireguard/tun.go
@@ -345,19 +345,23 @@ type udpConn struct {
 }
 
 func (c *udpConn) ReadMultiBuffer() (buf.MultiBuffer, error) {
-	q, ok := <-c.queue
-	if !ok {
-		return nil, io.EOF
+	for {
+		q, ok := <-c.queue
+		if !ok {
+			return nil, io.EOF
+		}
+
+		b := buf.New()
+		if _, err := b.Write(q.p); err != nil {
+			errors.LogErrorInner(context.Background(), err, "drop packet to ", q.dest, " with size ", len(q.p))
+			b.Release()
+			continue
+		}
+
+		b.UDP = q.dest
+
+		return buf.MultiBuffer{b}, nil
 	}
-
-	b := buf.New()
-	if _, err := b.Write(q.p); err != nil {
-		return nil, err
-	}
-
-	b.UDP = q.dest
-
-	return buf.MultiBuffer{b}, nil
 }
 
 func (c *udpConn) Read(p []byte) (int, error) {
@@ -376,7 +380,11 @@ func (c *udpConn) WriteMultiBuffer(mb buf.MultiBuffer) error {
 	for i, b := range mb {
 		dst := c.dst
 		if b.UDP != nil {
-			dst = *b.UDP
+			if b.UDP.Address.Family().IsDomain() {
+				errors.LogError(context.Background(), "impossible domain packet ", b.UDP, " reply via original target ", dst)
+			} else {
+				dst = *b.UDP
+			}
 		}
 		err := c.writeFunc(b.Bytes(), dst, c.src)
 		if err != nil {