chore: support IN-PORT rule

This commit is contained in:
wwqgtxx 2022-11-11 23:36:06 +08:00
parent 64be213b66
commit b2d7149a95
13 changed files with 60 additions and 14 deletions

View file

@ -17,5 +17,9 @@ func NewHTTP(target socks5.Addr, source net.Addr, conn net.Conn) *context.ConnCo
metadata.SrcIP = ip metadata.SrcIP = ip
metadata.SrcPort = port metadata.SrcPort = port
} }
if ip, port, err := parseAddr(conn.LocalAddr().String()); err == nil {
metadata.InIP = ip
metadata.InPort = port
}
return context.NewConnContext(conn, metadata) return context.NewConnContext(conn, metadata)
} }

View file

@ -16,5 +16,9 @@ func NewHTTPS(request *http.Request, conn net.Conn) *context.ConnContext {
metadata.SrcIP = ip metadata.SrcIP = ip
metadata.SrcPort = port metadata.SrcPort = port
} }
if ip, port, err := parseAddr(conn.LocalAddr().String()); err == nil {
metadata.InIP = ip
metadata.InPort = port
}
return context.NewConnContext(conn, metadata) return context.NewConnContext(conn, metadata)
} }

View file

@ -25,6 +25,12 @@ func NewPacket(target socks5.Addr, packet C.UDPPacket, source C.Type) *PacketAda
metadata.SrcIP = ip metadata.SrcIP = ip
metadata.SrcPort = port metadata.SrcPort = port
} }
if p, ok := packet.(C.UDPPacketInAddr); ok {
if ip, port, err := parseAddr(p.InAddr().String()); err == nil {
metadata.InIP = ip
metadata.InPort = port
}
}
return &PacketAdapter{ return &PacketAdapter{
UDPPacket: packet, UDPPacket: packet,

View file

@ -22,6 +22,14 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
metadata.SrcPort = port metadata.SrcPort = port
} }
} }
localAddr := conn.LocalAddr()
// Filter when net.Addr interface is nil
if localAddr != nil {
if ip, port, err := parseAddr(localAddr.String()); err == nil {
metadata.InIP = ip
metadata.InPort = port
}
}
return context.NewConnContext(conn, metadata) return context.NewConnContext(conn, metadata)
} }

View file

@ -202,3 +202,7 @@ type UDPPacket interface {
// LocalAddr returns the source IP/Port of packet // LocalAddr returns the source IP/Port of packet
LocalAddr() net.Addr LocalAddr() net.Addr
} }
type UDPPacketInAddr interface {
InAddr() net.Addr
}

View file

@ -115,6 +115,8 @@ type Metadata struct {
DstIP netip.Addr `json:"destinationIP"` DstIP netip.Addr `json:"destinationIP"`
SrcPort string `json:"sourcePort"` SrcPort string `json:"sourcePort"`
DstPort string `json:"destinationPort"` DstPort string `json:"destinationPort"`
InIP netip.Addr `json:"inboundIP"`
InPort string `json:"inboundPort"`
Host string `json:"host"` Host string `json:"host"`
DNSMode DNSMode `json:"dnsMode"` DNSMode DNSMode `json:"dnsMode"`
Uid *int32 `json:"uid"` Uid *int32 `json:"uid"`

View file

@ -13,6 +13,7 @@ const (
SrcIPSuffix SrcIPSuffix
SrcPort SrcPort
DstPort DstPort
InPort
Process Process
ProcessPath ProcessPath
RuleSet RuleSet
@ -52,6 +53,8 @@ func (rt RuleType) String() string {
return "SrcPort" return "SrcPort"
case DstPort: case DstPort:
return "DstPort" return "DstPort"
case InPort:
return "InPort"
case Process: case Process:
return "Process" return "Process"
case ProcessPath: case ProcessPath:

View file

@ -35,3 +35,7 @@ func (c *packet) LocalAddr() net.Addr {
func (c *packet) Drop() { func (c *packet) Drop() {
pool.Put(c.bufRef) pool.Put(c.bufRef)
} }
func (c *packet) InAddr() net.Addr {
return c.pc.LocalAddr()
}

View file

@ -7,6 +7,7 @@ import (
) )
type packet struct { type packet struct {
pc net.PacketConn
lAddr *net.UDPAddr lAddr *net.UDPAddr
buf []byte buf []byte
} }
@ -35,3 +36,7 @@ func (c *packet) LocalAddr() net.Addr {
func (c *packet) Drop() { func (c *packet) Drop() {
pool.Put(c.buf) pool.Put(c.buf)
} }
func (c *packet) InAddr() net.Addr {
return c.pc.LocalAddr()
}

View file

@ -81,6 +81,7 @@ func NewUDP(addr string, in chan<- *inbound.PacketAdapter) (*UDPListener, error)
func handlePacketConn(pc net.PacketConn, in chan<- *inbound.PacketAdapter, buf []byte, lAddr *net.UDPAddr, rAddr *net.UDPAddr) { func handlePacketConn(pc net.PacketConn, in chan<- *inbound.PacketAdapter, buf []byte, lAddr *net.UDPAddr, rAddr *net.UDPAddr) {
target := socks5.ParseAddrToSocksAddr(rAddr) target := socks5.ParseAddrToSocksAddr(rAddr)
pkt := &packet{ pkt := &packet{
pc: pc,
lAddr: lAddr, lAddr: lAddr,
buf: buf, buf: buf,
} }

View file

@ -13,22 +13,23 @@ type Port struct {
*Base *Base
adapter string adapter string
port string port string
isSource bool ruleType C.RuleType
portList []utils.Range[uint16] portList []utils.Range[uint16]
} }
func (p *Port) RuleType() C.RuleType { func (p *Port) RuleType() C.RuleType {
if p.isSource { return p.ruleType
return C.SrcPort
}
return C.DstPort
} }
func (p *Port) Match(metadata *C.Metadata) (bool, string) { func (p *Port) Match(metadata *C.Metadata) (bool, string) {
if p.isSource { targetPort := metadata.DstPort
return p.matchPortReal(metadata.SrcPort), p.adapter switch p.ruleType {
case C.InPort:
targetPort = metadata.InPort
case C.SrcPort:
targetPort = metadata.SrcPort
} }
return p.matchPortReal(metadata.DstPort), p.adapter return p.matchPortReal(targetPort), p.adapter
} }
func (p *Port) Adapter() string { func (p *Port) Adapter() string {
@ -51,7 +52,7 @@ func (p *Port) matchPortReal(portRef string) bool {
return false return false
} }
func NewPort(port string, adapter string, isSource bool) (*Port, error) { func NewPort(port string, adapter string, ruleType C.RuleType) (*Port, error) {
ports := strings.Split(port, "/") ports := strings.Split(port, "/")
if len(ports) > 28 { if len(ports) > 28 {
return nil, fmt.Errorf("%s, too many ports to use, maximum support 28 ports", errPayload.Error()) return nil, fmt.Errorf("%s, too many ports to use, maximum support 28 ports", errPayload.Error())
@ -95,7 +96,7 @@ func NewPort(port string, adapter string, isSource bool) (*Port, error) {
Base: &Base{}, Base: &Base{},
adapter: adapter, adapter: adapter,
port: port, port: port,
isSource: isSource, ruleType: ruleType,
portList: portRange, portList: portRange,
}, nil }, nil
} }

View file

@ -33,9 +33,11 @@ func ParseRule(tp, payload, target string, params []string, subRules *map[string
case "SRC-IP-SUFFIX": case "SRC-IP-SUFFIX":
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true) parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
case "SRC-PORT": case "SRC-PORT":
parsed, parseErr = RC.NewPort(payload, target, true) parsed, parseErr = RC.NewPort(payload, target, C.SrcPort)
case "DST-PORT": case "DST-PORT":
parsed, parseErr = RC.NewPort(payload, target, false) parsed, parseErr = RC.NewPort(payload, target, C.DstPort)
case "IN-PORT":
parsed, parseErr = RC.NewPort(payload, target, C.InPort)
case "PROCESS-NAME": case "PROCESS-NAME":
parsed, parseErr = RC.NewProcess(payload, target, true) parsed, parseErr = RC.NewProcess(payload, target, true)
case "PROCESS-PATH": case "PROCESS-PATH":

View file

@ -32,9 +32,11 @@ func ParseRule(tp, payload, target string, params []string, subRules *map[string
case "SRC-IP-SUFFIX": case "SRC-IP-SUFFIX":
parsed, parseErr = RC.NewIPSuffix(payload, target, true, true) parsed, parseErr = RC.NewIPSuffix(payload, target, true, true)
case "SRC-PORT": case "SRC-PORT":
parsed, parseErr = RC.NewPort(payload, target, true) parsed, parseErr = RC.NewPort(payload, target, C.SrcPort)
case "DST-PORT": case "DST-PORT":
parsed, parseErr = RC.NewPort(payload, target, false) parsed, parseErr = RC.NewPort(payload, target, C.DstPort)
case "IN-PORT":
parsed, parseErr = RC.NewPort(payload, target, C.InPort)
case "PROCESS-NAME": case "PROCESS-NAME":
parsed, parseErr = RC.NewProcess(payload, target, true) parsed, parseErr = RC.NewProcess(payload, target, true)
case "PROCESS-PATH": case "PROCESS-PATH":