feat: setting up tproxy configure

2 years ago · ff1eb74e5c
5 changed files with 47 additions and 9 deletions
--- a/src/config.go
+++ b/src/config.go
@ -86,6 +86,7 @@ func loadConfig(rawConfig []byte) {
    }
    log.Info("DNS server -> ", dnsServer)

+    // TODO: load basic bypass -> ip -4/6 addr | grep -w "inet(6)" | awk '{print $2}'
    for _, address := range config.Network.ByPass { // bypass options
        if isIPv4(address, true) {
            v4Bypass = append(v4Bypass, address)
--- a/src/load.go
+++ b/src/load.go
@ -138,7 +138,7 @@ func saveConfig(configDir string, caption string, content string, overwrite bool
    }
 }

-func loadHttpProxy(tag string, port int, sniffObject sniffSettings) interface{} {
+func loadHttpConfig(tag string, port int, sniffObject sniffSettings) interface{} {
    type empty struct{}
    return inboundSettings{
        Tag:            tag,
@ -150,7 +150,7 @@ func loadHttpProxy(tag string, port int, sniffObject sniffSettings) interface{}
    }
 }

-func loadSocksProxy(tag string, port int, sniffObject sniffSettings) interface{} {
+func loadSocksConfig(tag string, port int, sniffObject sniffSettings) interface{} {
    type empty struct{}
    type socksSettings struct {
        UDP bool `json:"udp"`
@ -165,7 +165,7 @@ func loadSocksProxy(tag string, port int, sniffObject sniffSettings) interface{}
    }
 }

-func loadTProxy(tag string, port int, sniffObject sniffSettings) interface{} {
+func loadTProxyConfig(tag string, port int, sniffObject sniffSettings) interface{} {
    type tproxySettings struct {
        Network        string `json:"network"`
        FollowRedirect bool   `json:"followRedirect"`
@ -208,13 +208,13 @@ func loadProxy(configDir string, exposeDir string) {
        RouteOnly:    !enableRedirect,
        DestOverride: []string{"http", "tls"},
    }
-    inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxy("tproxy", v4TProxyPort, sniffObject))
-    inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxy("tproxy6", v6TProxyPort, sniffObject))
+    inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxyConfig("tproxy", v4TProxyPort, sniffObject))
+    inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxyConfig("tproxy6", v6TProxyPort, sniffObject))
    for tag, port := range httpInbounds {
-        inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadHttpProxy(tag, port, sniffObject))
+        inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadHttpConfig(tag, port, sniffObject))
    }
    for tag, port := range socksInbounds {
-        inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadSocksProxy(tag, port, sniffObject))
+        inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadSocksConfig(tag, port, sniffObject))
    }
    for _, addon := range addOnInbounds {
        inboundsObject.Inbounds = append(inboundsObject.Inbounds, addon)
--- a/src/main.go
+++ b/src/main.go
@ -6,6 +6,9 @@ import (
 )

 var logLevel = "warning"
+
+var v4RouteTable = 100
+var v6RouteTable = 106
 var v4TProxyPort = 7288
 var v6TProxyPort = 7289

@ -29,5 +32,6 @@ func main() {
    // TODO: load geo assets

    //loadDns()
-    loadNetwork()
+    //loadNetwork()
+    loadTProxy()
 }
--- a/src/network.go
+++ b/src/network.go
@ -3,6 +3,7 @@ package main
 import (
    log "github.com/sirupsen/logrus"
    "os"
+    "strconv"
 )

 func loadDns() {
@ -47,3 +48,33 @@ func loadNetwork() {
        runCommand([]string{"ip", "-6", "route", "add", "default", "via", v6Gateway})
    }
 }
+
+func loadTProxy() {
+    log.Info("Setting up TProxy of IPv4")
+    v4TableNum := strconv.Itoa(v4RouteTable)
+    runCommand([]string{"ip", "-4", "rule", "add", "fwmark", "1", "table", v4TableNum})
+    runCommand([]string{"ip", "-4", "route", "add", "local", "0.0.0.0/0", "dev", "lo", "table", v4TableNum})
+    runCommand([]string{"iptables", "-t", "mangle", "-N", "XPROXY"})
+    for _, cidr := range v4Bypass {
+        runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-d", cidr, "-j", "RETURN"})
+    }
+    runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-p", "tcp", "-j", "TPROXY",
+        "--on-port", strconv.Itoa(v4TProxyPort), "--tproxy-mark", "1"})
+    runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-p", "udp", "-j", "TPROXY",
+        "--on-port", strconv.Itoa(v4TProxyPort), "--tproxy-mark", "1"})
+    runCommand([]string{"iptables", "-t", "mangle", "-A", "PREROUTING", "-j", "XPROXY"})
+
+    log.Info("Setting up TProxy of IPv6")
+    v6TableNum := strconv.Itoa(v6RouteTable)
+    runCommand([]string{"ip", "-6", "rule", "add", "fwmark", "1", "table", v6TableNum})
+    runCommand([]string{"ip", "-6", "route", "add", "local", "::/0", "dev", "lo", "table", v6TableNum})
+    runCommand([]string{"ip6tables", "-t", "mangle", "-N", "XPROXY6"})
+    for _, cidr := range v6Bypass {
+        runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-d", cidr, "-j", "RETURN"})
+    }
+    runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-p", "tcp", "-j", "TPROXY",
+        "--on-port", strconv.Itoa(v6TProxyPort), "--tproxy-mark", "1"})
+    runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-p", "udp", "-j", "TPROXY",
+        "--on-port", strconv.Itoa(v6TProxyPort), "--tproxy-mark", "1"})
+    runCommand([]string{"ip6tables", "-t", "mangle", "-A", "PREROUTING", "-j", "XPROXY6"})
+}
--- a/test.yml
+++ b/test.yml
@ -27,5 +27,7 @@ network:
    address: fc00::2/64
  bypass:
    - 169.254.0.0/16
-    - fc00::/7
    - 224.0.0.0/3
+    - fc00::/7
+    - fe80::/10
+    - ff00::/8