Optimize Linux process finder

common/process/searcher.go

@@ -14,6 +14,7 @@ import (
 
 type Searcher interface {
 	FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*adapter.ConnectionOwner, error)
+	Close() error
 }
 
 var ErrNotFound = E.New("process not found")

common/process/searcher_android.go

@@ -18,8 +18,16 @@ func NewSearcher(config Config) (Searcher, error) {
 	return &androidSearcher{config.PackageManager}, nil
 }
 
+func (s *androidSearcher) Close() error {
+	return nil
+}
+
 func (s *androidSearcher) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*adapter.ConnectionOwner, error) {
-	_, uid, err := resolveSocketByNetlink(network, source, destination)
+	family, protocol, err := socketDiagSettings(network, source)
+	if err != nil {
+		return nil, err
+	}
+	_, uid, err := querySocketDiagOnce(family, protocol, source)
 	if err != nil {
 		return nil, err
 	}

common/process/searcher_darwin.go

@@ -24,6 +24,10 @@ func NewSearcher(_ Config) (Searcher, error) {
 	return &darwinSearcher{}, nil
 }
 
+func (d *darwinSearcher) Close() error {
+	return nil
+}
+
 func (d *darwinSearcher) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*adapter.ConnectionOwner, error) {
 	processName, err := findProcessName(network, source.Addr(), int(source.Port()))
 	if err != nil {

common/process/searcher_linux.go

@@ -4,33 +4,82 @@ package process
 
 import (
 	"context"
+	"errors"
 	"net/netip"
+	"syscall"
+	"time"
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/log"
+	E "github.com/sagernet/sing/common/exceptions"
 )
 
 var _ Searcher = (*linuxSearcher)(nil)
 
 type linuxSearcher struct {
-	logger log.ContextLogger
+	logger           log.ContextLogger
+	diagConns        [4]*socketDiagConn
+	processPathCache *uidProcessPathCache
 }
 
 func NewSearcher(config Config) (Searcher, error) {
-	return &linuxSearcher{config.Logger}, nil
+	searcher := &linuxSearcher{
+		logger:           config.Logger,
+		processPathCache: newUIDProcessPathCache(time.Second),
+	}
+	for _, family := range []uint8{syscall.AF_INET, syscall.AF_INET6} {
+		for _, protocol := range []uint8{syscall.IPPROTO_TCP, syscall.IPPROTO_UDP} {
+			searcher.diagConns[socketDiagConnIndex(family, protocol)] = newSocketDiagConn(family, protocol)
+		}
+	}
+	return searcher, nil
+}
+
+func (s *linuxSearcher) Close() error {
+	var errs []error
+	for _, conn := range s.diagConns {
+		if conn == nil {
+			continue
+		}
+		errs = append(errs, conn.Close())
+	}
+	return E.Errors(errs...)
 }
 
 func (s *linuxSearcher) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*adapter.ConnectionOwner, error) {
-	inode, uid, err := resolveSocketByNetlink(network, source, destination)
+	inode, uid, err := s.resolveSocketByNetlink(network, source, destination)
 	if err != nil {
 		return nil, err
 	}
-	processPath, err := resolveProcessNameByProcSearch(inode, uid)
+	processInfo := &adapter.ConnectionOwner{
+		UserId: int32(uid),
+	}
+	processPath, err := s.processPathCache.findProcessPath(inode, uid)
 	if err != nil {
 		s.logger.DebugContext(ctx, "find process path: ", err)
+	} else {
+		processInfo.ProcessPath = processPath
 	}
-	return &adapter.ConnectionOwner{
+	return processInfo, nil
-		UserId:      int32(uid),
+}
-		ProcessPath: processPath,
+
-	}, nil
+func (s *linuxSearcher) resolveSocketByNetlink(network string, source netip.AddrPort, destination netip.AddrPort) (inode, uid uint32, err error) {
+	family, protocol, err := socketDiagSettings(network, source)
+	if err != nil {
+		return 0, 0, err
+	}
+	conn := s.diagConns[socketDiagConnIndex(family, protocol)]
+	if conn == nil {
+		return 0, 0, E.New("missing socket diag connection for family=", family, " protocol=", protocol)
+	}
+	if destination.IsValid() && source.Addr().BitLen() == destination.Addr().BitLen() {
+		inode, uid, err = conn.query(source, destination)
+		if err == nil {
+			return inode, uid, nil
+		}
+		if !errors.Is(err, ErrNotFound) {
+			return 0, 0, err
+		}
+	}
+	return querySocketDiagOnce(family, protocol, source)
 }

common/process/searcher_linux_shared.go

@@ -3,43 +3,67 @@
 package process
 
 import (
-	"bytes"
 	"encoding/binary"
-	"fmt"
+	"errors"
-	"net"
 	"net/netip"
 	"os"
-	"path"
+	"path/filepath"
 	"strings"
+	"sync"
 	"syscall"
+	"time"
 	"unicode"
-	"unsafe"
 
-	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/contrab/freelru"
+	"github.com/sagernet/sing/contrab/maphash"
 )
 
-// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62
-var nativeEndian = func() binary.ByteOrder {
-	var x uint32 = 0x01020304
-	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
-		return binary.BigEndian
-	}
-
-	return binary.LittleEndian
-}()
-
 const (
-	sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48
+	sizeOfSocketDiagRequestData = 56
-	socketDiagByFamily      = 20
+	sizeOfSocketDiagRequest     = syscall.SizeofNlMsghdr + sizeOfSocketDiagRequestData
-	pathProc                = "/proc"
+	socketDiagResponseMinSize   = 72
+	socketDiagByFamily          = 20
+	pathProc                    = "/proc"
 )
 
-func resolveSocketByNetlink(network string, source netip.AddrPort, destination netip.AddrPort) (inode, uid uint32, err error) {
+type socketDiagConn struct {
-	var family uint8
+	access   sync.Mutex
-	var protocol uint8
+	family   uint8
+	protocol uint8
+	fd       int
+}
 
+type uidProcessPathCache struct {
+	cache freelru.Cache[uint32, *uidProcessPaths]
+}
+
+type uidProcessPaths struct {
+	entries map[uint32]string
+}
+
+func newSocketDiagConn(family, protocol uint8) *socketDiagConn {
+	return &socketDiagConn{
+		family:   family,
+		protocol: protocol,
+		fd:       -1,
+	}
+}
+
+func socketDiagConnIndex(family, protocol uint8) int {
+	index := 0
+	if protocol == syscall.IPPROTO_UDP {
+		index += 2
+	}
+	if family == syscall.AF_INET6 {
+		index++
+	}
+	return index
+}
+
+func socketDiagSettings(network string, source netip.AddrPort) (family, protocol uint8, err error) {
 	switch network {
 	case N.NetworkTCP:
 		protocol = syscall.IPPROTO_TCP
@@ -48,151 +72,308 @@ func resolveSocketByNetlink(network string, source netip.AddrPort, destination n
 	default:
 		return 0, 0, os.ErrInvalid
 	}
-
+	switch {
-	if source.Addr().Is4() {
+	case source.Addr().Is4():
 		family = syscall.AF_INET
-	} else {
+	case source.Addr().Is6():
 		family = syscall.AF_INET6
+	default:
+		return 0, 0, os.ErrInvalid
 	}
-
+	return family, protocol, nil
-	req := packSocketDiagRequest(family, protocol, source)
-
-	socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG)
-	if err != nil {
-		return 0, 0, E.Cause(err, "dial netlink")
-	}
-	defer syscall.Close(socket)
-
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
-	syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
-
-	err = syscall.Connect(socket, &syscall.SockaddrNetlink{
-		Family: syscall.AF_NETLINK,
-		Pad:    0,
-		Pid:    0,
-		Groups: 0,
-	})
-	if err != nil {
-		return
-	}
-
-	_, err = syscall.Write(socket, req)
-	if err != nil {
-		return 0, 0, E.Cause(err, "write netlink request")
-	}
-
-	buffer := buf.New()
-	defer buffer.Release()
-
-	n, err := syscall.Read(socket, buffer.FreeBytes())
-	if err != nil {
-		return 0, 0, E.Cause(err, "read netlink response")
-	}
-
-	buffer.Truncate(n)
-
-	messages, err := syscall.ParseNetlinkMessage(buffer.Bytes())
-	if err != nil {
-		return 0, 0, E.Cause(err, "parse netlink message")
-	} else if len(messages) == 0 {
-		return 0, 0, E.New("unexcepted netlink response")
-	}
-
-	message := messages[0]
-	if message.Header.Type&syscall.NLMSG_ERROR != 0 {
-		return 0, 0, E.New("netlink message: NLMSG_ERROR")
-	}
-
-	inode, uid = unpackSocketDiagResponse(&messages[0])
-	return
 }
 
-func packSocketDiagRequest(family, protocol byte, source netip.AddrPort) []byte {
+func newUIDProcessPathCache(ttl time.Duration) *uidProcessPathCache {
-	s := make([]byte, 16)
+	cache := common.Must1(freelru.NewSharded[uint32, *uidProcessPaths](64, maphash.NewHasher[uint32]().Hash32))
-	copy(s, source.Addr().AsSlice())
+	cache.SetLifetime(ttl)
-
+	return &uidProcessPathCache{cache: cache}
-	buf := make([]byte, sizeOfSocketDiagRequest)
-
-	nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest)
-	nativeEndian.PutUint16(buf[4:6], socketDiagByFamily)
-	nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP)
-	nativeEndian.PutUint32(buf[8:12], 0)
-	nativeEndian.PutUint32(buf[12:16], 0)
-
-	buf[16] = family
-	buf[17] = protocol
-	buf[18] = 0
-	buf[19] = 0
-	nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF)
-
-	binary.BigEndian.PutUint16(buf[24:26], source.Port())
-	binary.BigEndian.PutUint16(buf[26:28], 0)
-
-	copy(buf[28:44], s)
-	copy(buf[44:60], net.IPv6zero)
-
-	nativeEndian.PutUint32(buf[60:64], 0)
-	nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF)
-
-	return buf
 }
 
-func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid uint32) {
+func (c *uidProcessPathCache) findProcessPath(targetInode, uid uint32) (string, error) {
-	if len(msg.Data) < 72 {
+	if cached, ok := c.cache.Get(uid); ok {
-		return 0, 0
+		if processPath, found := cached.entries[targetInode]; found {
+			return processPath, nil
+		}
 	}
-
+	processPaths, err := buildProcessPathByUIDCache(uid)
-	data := msg.Data
-
-	uid = nativeEndian.Uint32(data[64:68])
-	inode = nativeEndian.Uint32(data[68:72])
-
-	return
-}
-
-func resolveProcessNameByProcSearch(inode, uid uint32) (string, error) {
-	files, err := os.ReadDir(pathProc)
 	if err != nil {
 		return "", err
 	}
+	c.cache.Add(uid, &uidProcessPaths{entries: processPaths})
+	processPath, found := processPaths[targetInode]
+	if !found {
+		return "", E.New("process of uid(", uid, "), inode(", targetInode, ") not found")
+	}
+	return processPath, nil
+}
 
+func (c *socketDiagConn) Close() error {
+	c.access.Lock()
+	defer c.access.Unlock()
+	return c.closeLocked()
+}
+
+func (c *socketDiagConn) query(source netip.AddrPort, destination netip.AddrPort) (inode, uid uint32, err error) {
+	c.access.Lock()
+	defer c.access.Unlock()
+	request := packSocketDiagRequest(c.family, c.protocol, source, destination, false)
+	for attempt := 0; attempt < 2; attempt++ {
+		err = c.ensureOpenLocked()
+		if err != nil {
+			return 0, 0, E.Cause(err, "dial netlink")
+		}
+		inode, uid, err = querySocketDiag(c.fd, request)
+		if err == nil || errors.Is(err, ErrNotFound) {
+			return inode, uid, err
+		}
+		if !shouldRetrySocketDiag(err) {
+			return 0, 0, err
+		}
+		_ = c.closeLocked()
+	}
+	return 0, 0, err
+}
+
+func querySocketDiagOnce(family, protocol uint8, source netip.AddrPort) (inode, uid uint32, err error) {
+	fd, err := openSocketDiag()
+	if err != nil {
+		return 0, 0, E.Cause(err, "dial netlink")
+	}
+	defer syscall.Close(fd)
+	return querySocketDiag(fd, packSocketDiagRequest(family, protocol, source, netip.AddrPort{}, true))
+}
+
+func (c *socketDiagConn) ensureOpenLocked() error {
+	if c.fd != -1 {
+		return nil
+	}
+	fd, err := openSocketDiag()
+	if err != nil {
+		return err
+	}
+	c.fd = fd
+	return nil
+}
+
+func openSocketDiag() (int, error) {
+	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM|syscall.SOCK_CLOEXEC, syscall.NETLINK_INET_DIAG)
+	if err != nil {
+		return -1, err
+	}
+	timeout := &syscall.Timeval{Usec: 100}
+	if err = syscall.SetsockoptTimeval(fd, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, timeout); err != nil {
+		syscall.Close(fd)
+		return -1, err
+	}
+	if err = syscall.SetsockoptTimeval(fd, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, timeout); err != nil {
+		syscall.Close(fd)
+		return -1, err
+	}
+	if err = syscall.Connect(fd, &syscall.SockaddrNetlink{
+		Family: syscall.AF_NETLINK,
+		Pid:    0,
+		Groups: 0,
+	}); err != nil {
+		syscall.Close(fd)
+		return -1, err
+	}
+	return fd, nil
+}
+
+func (c *socketDiagConn) closeLocked() error {
+	if c.fd == -1 {
+		return nil
+	}
+	err := syscall.Close(c.fd)
+	c.fd = -1
+	return err
+}
+
+func packSocketDiagRequest(family, protocol byte, source netip.AddrPort, destination netip.AddrPort, dump bool) []byte {
+	request := make([]byte, sizeOfSocketDiagRequest)
+
+	binary.NativeEndian.PutUint32(request[0:4], sizeOfSocketDiagRequest)
+	binary.NativeEndian.PutUint16(request[4:6], socketDiagByFamily)
+	flags := uint16(syscall.NLM_F_REQUEST)
+	if dump {
+		flags |= syscall.NLM_F_DUMP
+	}
+	binary.NativeEndian.PutUint16(request[6:8], flags)
+	binary.NativeEndian.PutUint32(request[8:12], 0)
+	binary.NativeEndian.PutUint32(request[12:16], 0)
+
+	request[16] = family
+	request[17] = protocol
+	request[18] = 0
+	request[19] = 0
+	if dump {
+		binary.NativeEndian.PutUint32(request[20:24], 0xFFFFFFFF)
+	}
+	requestSource := source
+	requestDestination := destination
+	if protocol == syscall.IPPROTO_UDP && !dump && destination.IsValid() {
+		// udp_dump_one expects the exact-match endpoints reversed for historical reasons.
+		requestSource, requestDestination = destination, source
+	}
+	binary.BigEndian.PutUint16(request[24:26], requestSource.Port())
+	binary.BigEndian.PutUint16(request[26:28], requestDestination.Port())
+	if family == syscall.AF_INET6 {
+		copy(request[28:44], requestSource.Addr().AsSlice())
+		if requestDestination.IsValid() {
+			copy(request[44:60], requestDestination.Addr().AsSlice())
+		}
+	} else {
+		copy(request[28:32], requestSource.Addr().AsSlice())
+		if requestDestination.IsValid() {
+			copy(request[44:48], requestDestination.Addr().AsSlice())
+		}
+	}
+	binary.NativeEndian.PutUint32(request[60:64], 0)
+	binary.NativeEndian.PutUint64(request[64:72], 0xFFFFFFFFFFFFFFFF)
+	return request
+}
+
+func querySocketDiag(fd int, request []byte) (inode, uid uint32, err error) {
+	_, err = syscall.Write(fd, request)
+	if err != nil {
+		return 0, 0, E.Cause(err, "write netlink request")
+	}
+	buffer := make([]byte, 64<<10)
+	n, err := syscall.Read(fd, buffer)
+	if err != nil {
+		return 0, 0, E.Cause(err, "read netlink response")
+	}
+	messages, err := syscall.ParseNetlinkMessage(buffer[:n])
+	if err != nil {
+		return 0, 0, E.Cause(err, "parse netlink message")
+	}
+	return unpackSocketDiagMessages(messages)
+}
+
+func unpackSocketDiagMessages(messages []syscall.NetlinkMessage) (inode, uid uint32, err error) {
+	for _, message := range messages {
+		switch message.Header.Type {
+		case syscall.NLMSG_DONE:
+			continue
+		case syscall.NLMSG_ERROR:
+			err = unpackSocketDiagError(&message)
+			if err != nil {
+				return 0, 0, err
+			}
+		case socketDiagByFamily:
+			inode, uid = unpackSocketDiagResponse(&message)
+			if inode != 0 || uid != 0 {
+				return inode, uid, nil
+			}
+		}
+	}
+	return 0, 0, ErrNotFound
+}
+
+func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid uint32) {
+	if len(msg.Data) < socketDiagResponseMinSize {
+		return 0, 0
+	}
+	uid = binary.NativeEndian.Uint32(msg.Data[64:68])
+	inode = binary.NativeEndian.Uint32(msg.Data[68:72])
+	return inode, uid
+}
+
+func unpackSocketDiagError(msg *syscall.NetlinkMessage) error {
+	if len(msg.Data) < 4 {
+		return E.New("netlink message: NLMSG_ERROR")
+	}
+	errno := int32(binary.NativeEndian.Uint32(msg.Data[:4]))
+	if errno == 0 {
+		return nil
+	}
+	if errno < 0 {
+		errno = -errno
+	}
+	sysErr := syscall.Errno(errno)
+	switch sysErr {
+	case syscall.ENOENT, syscall.ESRCH:
+		return ErrNotFound
+	default:
+		return E.New("netlink message: ", sysErr)
+	}
+}
+
+func shouldRetrySocketDiag(err error) bool {
+	return err != nil && !errors.Is(err, ErrNotFound)
+}
+
+func buildProcessPathByUIDCache(uid uint32) (map[uint32]string, error) {
+	files, err := os.ReadDir(pathProc)
+	if err != nil {
+		return nil, err
+	}
 	buffer := make([]byte, syscall.PathMax)
-	socket := []byte(fmt.Sprintf("socket:[%d]", inode))
+	processPaths := make(map[uint32]string)
-
+	for _, file := range files {
-	for _, f := range files {
+		if !file.IsDir() || !isPid(file.Name()) {
-		if !f.IsDir() || !isPid(f.Name()) {
 			continue
 		}
-
+		info, err := file.Info()
-		info, err := f.Info()
 		if err != nil {
-			return "", err
+			if isIgnorableProcError(err) {
+				continue
+			}
+			return nil, err
 		}
 		if info.Sys().(*syscall.Stat_t).Uid != uid {
 			continue
 		}
-
+		processPath := filepath.Join(pathProc, file.Name())
-		processPath := path.Join(pathProc, f.Name())
+		fdPath := filepath.Join(processPath, "fd")
-		fdPath := path.Join(processPath, "fd")
+		exePath, err := os.Readlink(filepath.Join(processPath, "exe"))
-
+		if err != nil {
+			if isIgnorableProcError(err) {
+				continue
+			}
+			return nil, err
+		}
 		fds, err := os.ReadDir(fdPath)
 		if err != nil {
 			continue
 		}
-
 		for _, fd := range fds {
-			n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer)
+			n, err := syscall.Readlink(filepath.Join(fdPath, fd.Name()), buffer)
 			if err != nil {
 				continue
 			}
-
+			inode, ok := parseSocketInode(buffer[:n])
-			if bytes.Equal(buffer[:n], socket) {
+			if !ok {
-				return os.Readlink(path.Join(processPath, "exe"))
+				continue
+			}
+			if _, loaded := processPaths[inode]; !loaded {
+				processPaths[inode] = exePath
 			}
 		}
 	}
+	return processPaths, nil
+}
 
-	return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
+func isIgnorableProcError(err error) bool {
+	return os.IsNotExist(err) || os.IsPermission(err)
+}
+
+func parseSocketInode(link []byte) (uint32, bool) {
+	const socketPrefix = "socket:["
+	if len(link) <= len(socketPrefix) || string(link[:len(socketPrefix)]) != socketPrefix || link[len(link)-1] != ']' {
+		return 0, false
+	}
+	var inode uint64
+	for _, char := range link[len(socketPrefix) : len(link)-1] {
+		if char < '0' || char > '9' {
+			return 0, false
+		}
+		inode = inode*10 + uint64(char-'0')
+		if inode > uint64(^uint32(0)) {
+			return 0, false
+		}
+	}
+	return uint32(inode), true
 }
 
 func isPid(s string) bool {

common/process/searcher_linux_shared_test.go

@@ -0,0 +1,60 @@
+//go:build linux
+
+package process
+
+import (
+	"net"
+	"net/netip"
+	"os"
+	"syscall"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestQuerySocketDiagUDPExact(t *testing.T) {
+	t.Parallel()
+	server, err := net.ListenUDP("udp4", &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0})
+	require.NoError(t, err)
+	defer server.Close()
+
+	client, err := net.DialUDP("udp4", nil, server.LocalAddr().(*net.UDPAddr))
+	require.NoError(t, err)
+	defer client.Close()
+
+	err = client.SetDeadline(time.Now().Add(time.Second))
+	require.NoError(t, err)
+	_, err = client.Write([]byte{0})
+	require.NoError(t, err)
+
+	err = server.SetReadDeadline(time.Now().Add(time.Second))
+	require.NoError(t, err)
+	buffer := make([]byte, 1)
+	_, _, err = server.ReadFromUDP(buffer)
+	require.NoError(t, err)
+
+	source := addrPortFromUDPAddr(t, client.LocalAddr())
+	destination := addrPortFromUDPAddr(t, client.RemoteAddr())
+
+	fd, err := openSocketDiag()
+	require.NoError(t, err)
+	defer syscall.Close(fd)
+
+	inode, uid, err := querySocketDiag(fd, packSocketDiagRequest(syscall.AF_INET, syscall.IPPROTO_UDP, source, destination, false))
+	require.NoError(t, err)
+	require.NotZero(t, inode)
+	require.EqualValues(t, os.Getuid(), uid)
+}
+
+func addrPortFromUDPAddr(t *testing.T, addr net.Addr) netip.AddrPort {
+	t.Helper()
+
+	udpAddr, ok := addr.(*net.UDPAddr)
+	require.True(t, ok)
+
+	ip, ok := netip.AddrFromSlice(udpAddr.IP)
+	require.True(t, ok)
+
+	return netip.AddrPortFrom(ip.Unmap(), uint16(udpAddr.Port))
+}

common/process/searcher_windows.go

@@ -28,6 +28,10 @@ func initWin32API() error {
 	return winiphlpapi.LoadExtendedTable()
 }
 
+func (s *windowsSearcher) Close() error {
+	return nil
+}
+
 func (s *windowsSearcher) FindProcessInfo(ctx context.Context, network string, source netip.AddrPort, destination netip.AddrPort) (*adapter.ConnectionOwner, error) {
 	pid, err := winiphlpapi.FindPid(network, source)
 	if err != nil {

route/platform_searcher.go

@@ -43,3 +43,7 @@ func (s *platformSearcher) FindProcessInfo(ctx context.Context, network string,
 
 	return s.platform.FindConnectionOwner(request)
 }
+
+func (s *platformSearcher) Close() error {
+	return nil
+}

route/router.go

@@ -196,6 +196,13 @@ func (r *Router) Close() error {
 		})
 		monitor.Finish()
 	}
+	if r.processSearcher != nil {
+		monitor.Start("close process searcher")
+		err = E.Append(err, r.processSearcher.Close(), func(err error) error {
+			return E.Cause(err, "close process searcher")
+		})
+		monitor.Finish()
+	}
 	return err
 }