From 1385b99b201709c5a939553c295e1757459f5249 Mon Sep 17 00:00:00 2001 From: mzz2017 <2017@duck.com> Date: Sat, 31 Aug 2024 22:27:55 +0800 Subject: [PATCH] feat: skip private by default and support --proxyprivate --- cmd/cmd.go | 12 ++++++++++ cmd/config.go | 12 ++++++---- config/config.go | 1 + tracer/stop_handler.go | 9 ++++---- tracer/tracer.go | 52 +++++++++++++++++++++++------------------- 5 files changed, 54 insertions(+), 32 deletions(-) diff --git a/cmd/cmd.go b/cmd/cmd.go index 7ef2ada..7670c7a 100644 --- a/cmd/cmd.go +++ b/cmd/cmd.go @@ -102,6 +102,16 @@ $ gg git clone https://github.com/mzz2017/gg.git`) if !noUDP && !dialer.SupportUDP() { log.Info("Your proxy server does not support UDP, so we will not redirect UDP traffic.") } + // Get proxy_private from argument first, then from configuration file. + var proxyPrivate bool + proxyPrivateFlag := cmd.Flags().Lookup("proxyprivate") + if proxyPrivateFlag != nil && proxyPrivateFlag.Changed { + if proxyPrivate, err = cmd.Flags().GetBool("proxyprivate"); err != nil { + logrus.Fatal("GetBool(proxyprivate):", err) + } + } else { + proxyPrivate = v.GetBool("proxy_private") + } ctx, cancel := context.WithCancel(context.Background()) defer cancel() t, err := tracer.New( @@ -111,6 +121,7 @@ $ gg git clone https://github.com/mzz2017/gg.git`) &os.ProcAttr{Files: []*os.File{os.Stdin, os.Stdout, os.Stderr}, Env: os.Environ()}, dialer, noUDP, + !proxyPrivate, log, ) if err != nil { @@ -145,6 +156,7 @@ func init() { rootCmd.PersistentFlags().StringP("node", "n", "", "node share-link of your modern proxy") rootCmd.PersistentFlags().StringP("subscription", "s", "", "subscription-link of your modern proxy") rootCmd.PersistentFlags().Bool("noudp", false, "do not redirect UDP traffic, even though the proxy server supports") + rootCmd.PersistentFlags().Bool("proxyprivate", false, "redirect traffic to private address") rootCmd.PersistentFlags().String("testnode", "true", "test the connectivity before connecting to the node") rootCmd.PersistentFlags().Bool("select", false, "manually select the node to connect from the subscription") rootCmd.AddCommand(configCmd) diff --git a/cmd/config.go b/cmd/config.go index 7a19058..851f639 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -3,17 +3,18 @@ package cmd import ( "bytes" "fmt" + "log" + "os" + "path/filepath" + "sort" + "strings" + "github.com/mzz2017/gg/common" "github.com/mzz2017/gg/config" "github.com/pelletier/go-toml" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/viper" - "log" - "os" - "path/filepath" - "sort" - "strings" ) var ( @@ -183,6 +184,7 @@ func getConfig(log *logrus.Logger, bindToConfig bool, newViper func() *viper.Vip if flagCmd != nil { v.BindPFlag("no_udp", flagCmd.PersistentFlags().Lookup("noudp")) + v.BindPFlag("proxy_private", flagCmd.PersistentFlags().Lookup("proxyprivate")) v.BindPFlag("test_node_before_use", flagCmd.PersistentFlags().Lookup("testnode")) if node, _ := flagCmd.PersistentFlags().GetString("node"); node != "" { //log.Warn("Please use --node only on trusted computers, because it may leave a record in command history.") diff --git a/config/config.go b/config/config.go index a1c690a..e96456a 100644 --- a/config/config.go +++ b/config/config.go @@ -18,6 +18,7 @@ type Params struct { Cache Cache `mapstructure:"cache"` NoUDP bool `mapstructure:"no_udp"` + ProxyPrivate bool `mapstructure:"proxy_private"` AllowInsecure bool `mapstructure:"allow_insecure"` TestNode bool `mapstructure:"test_node_before_use" default:"true"` diff --git a/tracer/stop_handler.go b/tracer/stop_handler.go index f6a8db9..c35f702 100644 --- a/tracer/stop_handler.go +++ b/tracer/stop_handler.go @@ -3,13 +3,14 @@ package tracer import ( "encoding/binary" "fmt" - "github.com/mzz2017/gg/proxy" "net" "net/netip" "reflect" "strconv" "syscall" "unsafe" + + "github.com/mzz2017/gg/proxy" ) func (t *Tracer) getArgsFromStorehouse(pid, inst int) ([]uint64, error) { @@ -324,10 +325,10 @@ func (t *Tracer) handleINet4(socketInfo *SocketMetadata, bSockAddr []byte) (sock return nil, nil } isDNS := network == "udp" && targetPort == 53 - if ip := netip.AddrFrom4(addr.Addr); (network == "tcp" || network == "udp") && ip.IsLoopback() && !isDNS { - // skip loopback + if ip := netip.AddrFrom4(addr.Addr); (network == "tcp" || network == "udp") && (ip.IsLoopback() || (t.ignorePrivateAddr && ip.IsPrivate())) && !isDNS { + // skip loopback/private // but only keep DNS packets sent to the port 53 - t.log.Tracef("skip loopback: %v", netip.AddrPortFrom(ip, binary.BigEndian.Uint16(addr.Port[:])).String()) + t.log.Tracef("skip loopback/private: %v", netip.AddrPortFrom(ip, binary.BigEndian.Uint16(addr.Port[:])).String()) return nil, nil } //logrus.Traceln("before", bSockAddr) diff --git a/tracer/tracer.go b/tracer/tracer.go index 83fd919..e03fef1 100644 --- a/tracer/tracer.go +++ b/tracer/tracer.go @@ -3,13 +3,14 @@ package tracer import ( "context" "fmt" - "github.com/mzz2017/gg/dialer" - "github.com/mzz2017/gg/proxy" - "github.com/sirupsen/logrus" "os" "runtime" "syscall" "time" + + "github.com/mzz2017/gg/dialer" + "github.com/mzz2017/gg/proxy" + "github.com/sirupsen/logrus" ) type SocketMetadata struct { @@ -20,29 +21,34 @@ type SocketMetadata struct { // Tracer is not thread-safe. type Tracer struct { - ctx context.Context - ignoreUDP bool - supportUDP bool - log *logrus.Logger - proxy *proxy.Proxy - proc *os.Process - storehouse Storehouse - socketInfo map[int]map[int]SocketMetadata - closed chan struct{} - exitCode int - exitErr error + ctx context.Context + ignoreUDP bool + ignorePrivateAddr bool + supportUDP bool + log *logrus.Logger + proxy *proxy.Proxy + proc *os.Process + storehouse Storehouse + socketInfo map[int]map[int]SocketMetadata + closed chan struct{} + exitCode int + exitErr error } -func New(ctx context.Context, name string, argv []string, attr *os.ProcAttr, dialer *dialer.Dialer, ignoreUDP bool, logger *logrus.Logger) (*Tracer, error) { +func New(ctx context.Context, name string, argv []string, attr *os.ProcAttr, dialer *dialer.Dialer, ignoreUDP bool, ignorePrivateAddr bool, logger *logrus.Logger) (*Tracer, error) { t := &Tracer{ - ctx: ctx, - log: logger, - supportUDP: dialer.SupportUDP(), - proxy: proxy.New(logger, dialer), - socketInfo: make(map[int]map[int]SocketMetadata), - storehouse: MakeStorehouse(), - closed: make(chan struct{}), - ignoreUDP: ignoreUDP, + ctx: ctx, + ignoreUDP: ignoreUDP, + ignorePrivateAddr: ignorePrivateAddr, + supportUDP: dialer.SupportUDP(), + log: logger, + proxy: proxy.New(logger, dialer), + proc: &os.Process{}, + storehouse: MakeStorehouse(), + socketInfo: make(map[int]map[int]SocketMetadata), + closed: make(chan struct{}), + exitCode: 0, + exitErr: nil, } go func() { if err := t.proxy.ListenAndServe(0); err != nil {