From ff1eb74e5c97d2473f63acf206a3b536c81e8814 Mon Sep 17 00:00:00 2001 From: dnomd343 Date: Mon, 15 Aug 2022 21:27:42 +0800 Subject: [PATCH] feat: setting up tproxy configure --- src/config.go | 1 + src/load.go | 14 +++++++------- src/main.go | 6 +++++- src/network.go | 31 +++++++++++++++++++++++++++++++ test.yml | 4 +++- 5 files changed, 47 insertions(+), 9 deletions(-) diff --git a/src/config.go b/src/config.go index 2e0acda..a15c876 100644 --- a/src/config.go +++ b/src/config.go @@ -86,6 +86,7 @@ func loadConfig(rawConfig []byte) { } log.Info("DNS server -> ", dnsServer) + // TODO: load basic bypass -> ip -4/6 addr | grep -w "inet(6)" | awk '{print $2}' for _, address := range config.Network.ByPass { // bypass options if isIPv4(address, true) { v4Bypass = append(v4Bypass, address) diff --git a/src/load.go b/src/load.go index 8237335..144de2d 100644 --- a/src/load.go +++ b/src/load.go @@ -138,7 +138,7 @@ func saveConfig(configDir string, caption string, content string, overwrite bool } } -func loadHttpProxy(tag string, port int, sniffObject sniffSettings) interface{} { +func loadHttpConfig(tag string, port int, sniffObject sniffSettings) interface{} { type empty struct{} return inboundSettings{ Tag: tag, @@ -150,7 +150,7 @@ func loadHttpProxy(tag string, port int, sniffObject sniffSettings) interface{} } } -func loadSocksProxy(tag string, port int, sniffObject sniffSettings) interface{} { +func loadSocksConfig(tag string, port int, sniffObject sniffSettings) interface{} { type empty struct{} type socksSettings struct { UDP bool `json:"udp"` @@ -165,7 +165,7 @@ func loadSocksProxy(tag string, port int, sniffObject sniffSettings) interface{} } } -func loadTProxy(tag string, port int, sniffObject sniffSettings) interface{} { +func loadTProxyConfig(tag string, port int, sniffObject sniffSettings) interface{} { type tproxySettings struct { Network string `json:"network"` FollowRedirect bool `json:"followRedirect"` @@ -208,13 +208,13 @@ func loadProxy(configDir string, exposeDir string) { RouteOnly: !enableRedirect, DestOverride: []string{"http", "tls"}, } - inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxy("tproxy", v4TProxyPort, sniffObject)) - inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxy("tproxy6", v6TProxyPort, sniffObject)) + inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxyConfig("tproxy", v4TProxyPort, sniffObject)) + inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadTProxyConfig("tproxy6", v6TProxyPort, sniffObject)) for tag, port := range httpInbounds { - inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadHttpProxy(tag, port, sniffObject)) + inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadHttpConfig(tag, port, sniffObject)) } for tag, port := range socksInbounds { - inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadSocksProxy(tag, port, sniffObject)) + inboundsObject.Inbounds = append(inboundsObject.Inbounds, loadSocksConfig(tag, port, sniffObject)) } for _, addon := range addOnInbounds { inboundsObject.Inbounds = append(inboundsObject.Inbounds, addon) diff --git a/src/main.go b/src/main.go index 3e683b0..c890703 100644 --- a/src/main.go +++ b/src/main.go @@ -6,6 +6,9 @@ import ( ) var logLevel = "warning" + +var v4RouteTable = 100 +var v6RouteTable = 106 var v4TProxyPort = 7288 var v6TProxyPort = 7289 @@ -29,5 +32,6 @@ func main() { // TODO: load geo assets //loadDns() - loadNetwork() + //loadNetwork() + loadTProxy() } diff --git a/src/network.go b/src/network.go index 9157cc0..83efb8c 100644 --- a/src/network.go +++ b/src/network.go @@ -3,6 +3,7 @@ package main import ( log "github.com/sirupsen/logrus" "os" + "strconv" ) func loadDns() { @@ -47,3 +48,33 @@ func loadNetwork() { runCommand([]string{"ip", "-6", "route", "add", "default", "via", v6Gateway}) } } + +func loadTProxy() { + log.Info("Setting up TProxy of IPv4") + v4TableNum := strconv.Itoa(v4RouteTable) + runCommand([]string{"ip", "-4", "rule", "add", "fwmark", "1", "table", v4TableNum}) + runCommand([]string{"ip", "-4", "route", "add", "local", "0.0.0.0/0", "dev", "lo", "table", v4TableNum}) + runCommand([]string{"iptables", "-t", "mangle", "-N", "XPROXY"}) + for _, cidr := range v4Bypass { + runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-d", cidr, "-j", "RETURN"}) + } + runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-p", "tcp", "-j", "TPROXY", + "--on-port", strconv.Itoa(v4TProxyPort), "--tproxy-mark", "1"}) + runCommand([]string{"iptables", "-t", "mangle", "-A", "XPROXY", "-p", "udp", "-j", "TPROXY", + "--on-port", strconv.Itoa(v4TProxyPort), "--tproxy-mark", "1"}) + runCommand([]string{"iptables", "-t", "mangle", "-A", "PREROUTING", "-j", "XPROXY"}) + + log.Info("Setting up TProxy of IPv6") + v6TableNum := strconv.Itoa(v6RouteTable) + runCommand([]string{"ip", "-6", "rule", "add", "fwmark", "1", "table", v6TableNum}) + runCommand([]string{"ip", "-6", "route", "add", "local", "::/0", "dev", "lo", "table", v6TableNum}) + runCommand([]string{"ip6tables", "-t", "mangle", "-N", "XPROXY6"}) + for _, cidr := range v6Bypass { + runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-d", cidr, "-j", "RETURN"}) + } + runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-p", "tcp", "-j", "TPROXY", + "--on-port", strconv.Itoa(v6TProxyPort), "--tproxy-mark", "1"}) + runCommand([]string{"ip6tables", "-t", "mangle", "-A", "XPROXY6", "-p", "udp", "-j", "TPROXY", + "--on-port", strconv.Itoa(v6TProxyPort), "--tproxy-mark", "1"}) + runCommand([]string{"ip6tables", "-t", "mangle", "-A", "PREROUTING", "-j", "XPROXY6"}) +} diff --git a/test.yml b/test.yml index 5f26ad4..569ce1b 100644 --- a/test.yml +++ b/test.yml @@ -27,5 +27,7 @@ network: address: fc00::2/64 bypass: - 169.254.0.0/16 - - fc00::/7 - 224.0.0.0/3 + - fc00::/7 + - fe80::/10 + - ff00::/8