Browse Source

feat: add exclude options

v1.x.x
dnomd343 2 years ago
parent
commit
2700bc33d5
  1. 21
      cmd/config/decode.go
  2. 1
      cmd/config/main.go
  3. 2
      cmd/controller.go
  4. 1
      cmd/network/main.go
  5. 6
      cmd/network/tproxy.go

21
cmd/config/decode.go

@ -23,6 +23,7 @@ type RawConfig struct {
Network struct { Network struct {
DNS []string `yaml:"dns" json:"dns"` DNS []string `yaml:"dns" json:"dns"`
ByPass []string `yaml:"bypass" json:"bypass"` ByPass []string `yaml:"bypass" json:"bypass"`
Exclude []string `yaml:"exclude" json:"exclude"`
IPv4 NetConfig `yaml:"ipv4" json:"ipv4"` IPv4 NetConfig `yaml:"ipv4" json:"ipv4"`
IPv6 NetConfig `yaml:"ipv6" json:"ipv6"` IPv6 NetConfig `yaml:"ipv6" json:"ipv6"`
} `yaml:"network" json:"network"` } `yaml:"network" json:"network"`
@ -62,11 +63,25 @@ func decodeBypass(rawConfig *RawConfig, config *Config) {
} else if common.IsIPv6(address, true) || common.IsIPv6(address, false) { } else if common.IsIPv6(address, true) || common.IsIPv6(address, false) {
config.IPv6.Bypass = append(config.IPv6.Bypass, address) config.IPv6.Bypass = append(config.IPv6.Bypass, address)
} else { } else {
log.Panicf("Invalid bypass CIDR -> %s", address) log.Panicf("Invalid bypass IP or CIDR -> %s", address)
} }
} }
log.Debugf("IPv4 bypass CIDR -> %s", config.IPv4.Bypass) log.Debugf("IPv4 bypass -> %s", config.IPv4.Bypass)
log.Debugf("IPv6 bypass CIDR -> %s", config.IPv6.Bypass) log.Debugf("IPv6 bypass -> %s", config.IPv6.Bypass)
}
func decodeExclude(rawConfig *RawConfig, config *Config) {
for _, address := range rawConfig.Network.Exclude { // exclude options
if common.IsIPv4(address, true) || common.IsIPv4(address, false) {
config.IPv4.Exclude = append(config.IPv4.Exclude, address)
} else if common.IsIPv6(address, true) || common.IsIPv6(address, false) {
config.IPv6.Exclude = append(config.IPv6.Exclude, address)
} else {
log.Panicf("Invalid exclude IP or CIDR -> %s", address)
}
}
log.Debugf("IPv4 exclude -> %s", config.IPv4.Exclude)
log.Debugf("IPv6 exclude -> %s", config.IPv6.Exclude)
} }
func decodeIPv4(rawConfig *RawConfig, config *Config) { func decodeIPv4(rawConfig *RawConfig, config *Config) {

1
cmd/config/main.go

@ -33,6 +33,7 @@ func Load(configFile string, config *Config) {
rawConfig := configDecode(raw, path.Ext(configFile)) // decode configure content rawConfig := configDecode(raw, path.Ext(configFile)) // decode configure content
decodeDns(&rawConfig, config) decodeDns(&rawConfig, config)
decodeBypass(&rawConfig, config) decodeBypass(&rawConfig, config)
decodeExclude(&rawConfig, config)
decodeIPv4(&rawConfig, config) decodeIPv4(&rawConfig, config)
decodeIPv6(&rawConfig, config) decodeIPv6(&rawConfig, config)
decodeProxy(&rawConfig, config) decodeProxy(&rawConfig, config)

2
cmd/controller.go

@ -14,7 +14,6 @@ import (
"path" "path"
"strconv" "strconv"
"syscall" "syscall"
"time"
) )
func runProcess(env []string, command ...string) { func runProcess(env []string, command ...string) {
@ -79,7 +78,6 @@ func runRadvd(settings *config.Config) {
radvdCmd = append(radvdCmd, "--logmethod", "logfile") radvdCmd = append(radvdCmd, "--logmethod", "logfile")
radvdCmd = append(radvdCmd, "--logfile", path.Join(exposeDir, "log/radvd.log")) radvdCmd = append(radvdCmd, "--logfile", path.Join(exposeDir, "log/radvd.log"))
radvdCmd = append(radvdCmd, "--debug", strconv.Itoa(settings.Radvd.Log)) radvdCmd = append(radvdCmd, "--debug", strconv.Itoa(settings.Radvd.Log))
time.Sleep(time.Second) // radvd will crash on first boot without delay (enable debug), why???
} }
runProcess(nil, radvdCmd...) runProcess(nil, radvdCmd...)
} }

1
cmd/network/main.go

@ -12,6 +12,7 @@ type Config struct {
Address string Address string
Gateway string Gateway string
Bypass []string Bypass []string
Exclude []string
} }
var run = common.RunCommand var run = common.RunCommand

6
cmd/network/tproxy.go

@ -16,6 +16,9 @@ func loadV4TProxy(v4 *Config, v4SysCidr []string) {
for _, bypass := range v4Bypass { for _, bypass := range v4Bypass {
run("iptables", "-t", "mangle", "-A", "XPROXY", "-d", bypass, "-j", "RETURN") run("iptables", "-t", "mangle", "-A", "XPROXY", "-d", bypass, "-j", "RETURN")
} }
for _, exclude := range v4.Exclude {
run("iptables", "-t", "mangle", "-A", "XPROXY", "-s", exclude, "-j", "RETURN")
}
run("iptables", "-t", "mangle", "-A", "XPROXY", run("iptables", "-t", "mangle", "-A", "XPROXY",
"-p", "tcp", "-j", "TPROXY", "--on-port", strconv.Itoa(v4.TProxyPort), "--tproxy-mark", "1") "-p", "tcp", "-j", "TPROXY", "--on-port", strconv.Itoa(v4.TProxyPort), "--tproxy-mark", "1")
run("iptables", "-t", "mangle", "-A", "XPROXY", run("iptables", "-t", "mangle", "-A", "XPROXY",
@ -34,6 +37,9 @@ func loadV6TProxy(v6 *Config, v6SysCidr []string) {
for _, bypass := range v6Bypass { for _, bypass := range v6Bypass {
run("ip6tables", "-t", "mangle", "-A", "XPROXY6", "-d", bypass, "-j", "RETURN") run("ip6tables", "-t", "mangle", "-A", "XPROXY6", "-d", bypass, "-j", "RETURN")
} }
for _, exclude := range v6.Exclude {
run("ip6tables", "-t", "mangle", "-A", "XPROXY6", "-s", exclude, "-j", "RETURN")
}
run("ip6tables", "-t", "mangle", "-A", "XPROXY6", run("ip6tables", "-t", "mangle", "-A", "XPROXY6",
"-p", "tcp", "-j", "TPROXY", "--on-port", strconv.Itoa(v6.TProxyPort), "--tproxy-mark", "1") "-p", "tcp", "-j", "TPROXY", "--on-port", strconv.Itoa(v6.TProxyPort), "--tproxy-mark", "1")
run("ip6tables", "-t", "mangle", "-A", "XPROXY6", run("ip6tables", "-t", "mangle", "-A", "XPROXY6",

Loading…
Cancel
Save