chore: support IN-PORT rule
This commit is contained in:
parent
64be213b66
commit
b2d7149a95
13 changed files with 60 additions and 14 deletions
|
@ -17,5 +17,9 @@ func NewHTTP(target socks5.Addr, source net.Addr, conn net.Conn) *context.ConnCo
|
||||||
metadata.SrcIP = ip
|
metadata.SrcIP = ip
|
||||||
metadata.SrcPort = port
|
metadata.SrcPort = port
|
||||||
}
|
}
|
||||||
|
if ip, port, err := parseAddr(conn.LocalAddr().String()); err == nil {
|
||||||
|
metadata.InIP = ip
|
||||||
|
metadata.InPort = port
|
||||||
|
}
|
||||||
return context.NewConnContext(conn, metadata)
|
return context.NewConnContext(conn, metadata)
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,5 +16,9 @@ func NewHTTPS(request *http.Request, conn net.Conn) *context.ConnContext {
|
||||||
metadata.SrcIP = ip
|
metadata.SrcIP = ip
|
||||||
metadata.SrcPort = port
|
metadata.SrcPort = port
|
||||||
}
|
}
|
||||||
|
if ip, port, err := parseAddr(conn.LocalAddr().String()); err == nil {
|
||||||
|
metadata.InIP = ip
|
||||||
|
metadata.InPort = port
|
||||||
|
}
|
||||||
return context.NewConnContext(conn, metadata)
|
return context.NewConnContext(conn, metadata)
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,12 @@ func NewPacket(target socks5.Addr, packet C.UDPPacket, source C.Type) *PacketAda
|
||||||
metadata.SrcIP = ip
|
metadata.SrcIP = ip
|
||||||
metadata.SrcPort = port
|
metadata.SrcPort = port
|
||||||
}
|
}
|
||||||
|
if p, ok := packet.(C.UDPPacketInAddr); ok {
|
||||||
|
if ip, port, err := parseAddr(p.InAddr().String()); err == nil {
|
||||||
|
metadata.InIP = ip
|
||||||
|
metadata.InPort = port
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &PacketAdapter{
|
return &PacketAdapter{
|
||||||
UDPPacket: packet,
|
UDPPacket: packet,
|
||||||
|
|
|
@ -22,6 +22,14 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
|
||||||
metadata.SrcPort = port
|
metadata.SrcPort = port
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
localAddr := conn.LocalAddr()
|
||||||
|
// Filter when net.Addr interface is nil
|
||||||
|
if localAddr != nil {
|
||||||
|
if ip, port, err := parseAddr(localAddr.String()); err == nil {
|
||||||
|
metadata.InIP = ip
|
||||||
|
metadata.InPort = port
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return context.NewConnContext(conn, metadata)
|
return context.NewConnContext(conn, metadata)
|
||||||
}
|
}
|
||||||
|
|
|
@ -202,3 +202,7 @@ type UDPPacket interface {
|
||||||
// LocalAddr returns the source IP/Port of packet
|
// LocalAddr returns the source IP/Port of packet
|
||||||
LocalAddr() net.Addr
|
LocalAddr() net.Addr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type UDPPacketInAddr interface {
|
||||||
|
InAddr() net.Addr
|
||||||
|
}
|
||||||
|
|
|
@ -115,6 +115,8 @@ type Metadata struct {
|
||||||
DstIP netip.Addr `json:"destinationIP"`
|
DstIP netip.Addr `json:"destinationIP"`
|
||||||
SrcPort string `json:"sourcePort"`
|
SrcPort string `json:"sourcePort"`
|
||||||
DstPort string `json:"destinationPort"`
|
DstPort string `json:"destinationPort"`
|
||||||
|
InIP netip.Addr `json:"inboundIP"`
|
||||||
|
InPort string `json:"inboundPort"`
|
||||||
Host string `json:"host"`
|
Host string `json:"host"`
|
||||||
DNSMode DNSMode `json:"dnsMode"`
|
DNSMode DNSMode `json:"dnsMode"`
|
||||||
Uid *int32 `json:"uid"`
|
Uid *int32 `json:"uid"`
|
||||||
|
|
|
@ -13,6 +13,7 @@ const (
|
||||||
SrcIPSuffix
|
SrcIPSuffix
|
||||||
SrcPort
|
SrcPort
|
||||||
DstPort
|
DstPort
|
||||||
|
InPort
|
||||||
Process
|
Process
|
||||||
ProcessPath
|
ProcessPath
|
||||||
RuleSet
|
RuleSet
|
||||||
|
@ -52,6 +53,8 @@ func (rt RuleType) String() string {
|
||||||
return "SrcPort"
|
return "SrcPort"
|
||||||
case DstPort:
|
case DstPort:
|
||||||
return "DstPort"
|
return "DstPort"
|
||||||
|
case InPort:
|
||||||
|
return "InPort"
|
||||||
case Process:
|
case Process:
|
||||||
return "Process"
|
return "Process"
|
||||||
case ProcessPath:
|
case ProcessPath:
|
||||||
|
|
|
@ -35,3 +35,7 @@ func (c *packet) LocalAddr() net.Addr {
|
||||||
func (c *packet) Drop() {
|
func (c *packet) Drop() {
|
||||||
pool.Put(c.bufRef)
|
pool.Put(c.bufRef)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *packet) InAddr() net.Addr {
|
||||||
|
return c.pc.LocalAddr()
|
||||||
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type packet struct {
|
type packet struct {
|
||||||
|
pc net.PacketConn
|
||||||
lAddr *net.UDPAddr
|
lAddr *net.UDPAddr
|
||||||
buf []byte
|
buf []byte
|
||||||
}
|
}
|
||||||
|
@ -35,3 +36,7 @@ func (c *packet) LocalAddr() net.Addr {
|
||||||
func (c *packet) Drop() {
|
func (c *packet) Drop() {
|
||||||
pool.Put(c.buf)
|
pool.Put(c.buf)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *packet) InAddr() net.Addr {
|
||||||
|
return c.pc.LocalAddr()
|
||||||
|
}
|
||||||
|
|
|
@ -81,6 +81,7 @@ func NewUDP(addr string, in chan<- *inbound.PacketAdapter) (*UDPListener, error)
|
||||||
func handlePacketConn(pc net.PacketConn, in chan<- *inbound.PacketAdapter, buf []byte, lAddr *net.UDPAddr, rAddr *net.UDPAddr) {
|
func handlePacketConn(pc net.PacketConn, in chan<- *inbound.PacketAdapter, buf []byte, lAddr *net.UDPAddr, rAddr *net.UDPAddr) {
|
||||||
target := socks5.ParseAddrToSocksAddr(rAddr)
|
target := socks5.ParseAddrToSocksAddr(rAddr)
|
||||||
pkt := &packet{
|
pkt := &packet{
|
||||||
|
pc: pc,
|
||||||
lAddr: lAddr,
|
lAddr: lAddr,
|
||||||
buf: buf,
|
buf: buf,
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,22 +13,23 @@ type Port struct {
|
||||||
*Base
|
*Base
|
||||||
adapter string
|
adapter string
|
||||||
port string
|
port string
|
||||||
isSource bool
|
ruleType C.RuleType
|
||||||
portList []utils.Range[uint16]
|
portList []utils.Range[uint16]
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Port) RuleType() C.RuleType {
|
func (p *Port) RuleType() C.RuleType {
|
||||||
if p.isSource {
|
return p.ruleType
|
||||||
return C.SrcPort
|
|
||||||
}
|
|
||||||
return C.DstPort
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Port) Match(metadata *C.Metadata) (bool, string) {
|
func (p *Port) Match(metadata *C.Metadata) (bool, string) {
|
||||||
if p.isSource {
|
targetPort := metadata.DstPort
|
||||||
return p.matchPortReal(metadata.SrcPort), p.adapter
|
switch p.ruleType {
|
||||||
|
case C.InPort:
|
||||||
|
targetPort = metadata.InPort
|
||||||
|
case C.SrcPort:
|
||||||
|
targetPort = metadata.SrcPort
|
||||||
}
|
}
|
||||||
return p.matchPortReal(metadata.DstPort), p.adapter
|
return p.matchPortReal(targetPort), p.adapter
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Port) Adapter() string {
|
func (p *Port) Adapter() string {
|
||||||
|
@ -51,7 +52,7 @@ func (p *Port) matchPortReal(portRef string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
func NewPort(port string, adapter string, ruleType C.RuleType) (*Port, error) {
|
||||||
ports := strings.Split(port, "/")
|
ports := strings.Split(port, "/")
|
||||||
if len(ports) > 28 {
|
if len(ports) > 28 {
|
||||||
return nil, fmt.Errorf("%s, too many ports to use, maximum support 28 ports", errPayload.Error())
|
return nil, fmt.Errorf("%s, too many ports to use, maximum support 28 ports", errPayload.Error())
|
||||||
|
@ -95,7 +96,7 @@ func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
||||||
Base: &Base{},
|
Base: &Base{},
|
||||||
adapter: adapter,
|
adapter: adapter,
|
||||||
port: port,
|
port: port,
|
||||||
isSource: isSource,
|
ruleType: ruleType,
|
||||||
portList: portRange,
|
portList: portRange,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,9 +33,11 @@ func ParseRule(tp, payload, target string, params []string, subRules *map[string
|
||||||
case "SRC-IP-SUFFIX":
|
case "SRC-IP-SUFFIX":
|
||||||
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
|
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
|
||||||
case "SRC-PORT":
|
case "SRC-PORT":
|
||||||
parsed, parseErr = RC.NewPort(payload, target, true)
|
parsed, parseErr = RC.NewPort(payload, target, C.SrcPort)
|
||||||
case "DST-PORT":
|
case "DST-PORT":
|
||||||
parsed, parseErr = RC.NewPort(payload, target, false)
|
parsed, parseErr = RC.NewPort(payload, target, C.DstPort)
|
||||||
|
case "IN-PORT":
|
||||||
|
parsed, parseErr = RC.NewPort(payload, target, C.InPort)
|
||||||
case "PROCESS-NAME":
|
case "PROCESS-NAME":
|
||||||
parsed, parseErr = RC.NewProcess(payload, target, true)
|
parsed, parseErr = RC.NewProcess(payload, target, true)
|
||||||
case "PROCESS-PATH":
|
case "PROCESS-PATH":
|
||||||
|
|
|
@ -32,9 +32,11 @@ func ParseRule(tp, payload, target string, params []string, subRules *map[string
|
||||||
case "SRC-IP-SUFFIX":
|
case "SRC-IP-SUFFIX":
|
||||||
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
|
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
|
||||||
case "SRC-PORT":
|
case "SRC-PORT":
|
||||||
parsed, parseErr = RC.NewPort(payload, target, true)
|
parsed, parseErr = RC.NewPort(payload, target, C.SrcPort)
|
||||||
case "DST-PORT":
|
case "DST-PORT":
|
||||||
parsed, parseErr = RC.NewPort(payload, target, false)
|
parsed, parseErr = RC.NewPort(payload, target, C.DstPort)
|
||||||
|
case "IN-PORT":
|
||||||
|
parsed, parseErr = RC.NewPort(payload, target, C.InPort)
|
||||||
case "PROCESS-NAME":
|
case "PROCESS-NAME":
|
||||||
parsed, parseErr = RC.NewProcess(payload, target, true)
|
parsed, parseErr = RC.NewProcess(payload, target, true)
|
||||||
case "PROCESS-PATH":
|
case "PROCESS-PATH":
|
||||||
|
|
Loading…
Reference in a new issue