Skip to content

Commit

Permalink
feat: skip private by default and support --proxyprivate
Browse files Browse the repository at this point in the history
  • Loading branch information
mzz2017 committed Aug 31, 2024
1 parent 640a432 commit 1385b99
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 32 deletions.
12 changes: 12 additions & 0 deletions cmd/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,16 @@ $ gg git clone https://github.com/mzz2017/gg.git`)
if !noUDP && !dialer.SupportUDP() {
log.Info("Your proxy server does not support UDP, so we will not redirect UDP traffic.")
}
// Get proxy_private from argument first, then from configuration file.
var proxyPrivate bool
proxyPrivateFlag := cmd.Flags().Lookup("proxyprivate")
if proxyPrivateFlag != nil && proxyPrivateFlag.Changed {
if proxyPrivate, err = cmd.Flags().GetBool("proxyprivate"); err != nil {
logrus.Fatal("GetBool(proxyprivate):", err)
}
} else {
proxyPrivate = v.GetBool("proxy_private")
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
t, err := tracer.New(
Expand All @@ -111,6 +121,7 @@ $ gg git clone https://github.com/mzz2017/gg.git`)
&os.ProcAttr{Files: []*os.File{os.Stdin, os.Stdout, os.Stderr}, Env: os.Environ()},
dialer,
noUDP,
!proxyPrivate,
log,
)
if err != nil {
Expand Down Expand Up @@ -145,6 +156,7 @@ func init() {
rootCmd.PersistentFlags().StringP("node", "n", "", "node share-link of your modern proxy")
rootCmd.PersistentFlags().StringP("subscription", "s", "", "subscription-link of your modern proxy")
rootCmd.PersistentFlags().Bool("noudp", false, "do not redirect UDP traffic, even though the proxy server supports")
rootCmd.PersistentFlags().Bool("proxyprivate", false, "redirect traffic to private address")
rootCmd.PersistentFlags().String("testnode", "true", "test the connectivity before connecting to the node")
rootCmd.PersistentFlags().Bool("select", false, "manually select the node to connect from the subscription")
rootCmd.AddCommand(configCmd)
Expand Down
12 changes: 7 additions & 5 deletions cmd/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,18 @@ package cmd
import (
"bytes"
"fmt"
"log"
"os"
"path/filepath"
"sort"
"strings"

"github.com/mzz2017/gg/common"
"github.com/mzz2017/gg/config"
"github.com/pelletier/go-toml"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"log"
"os"
"path/filepath"
"sort"
"strings"
)

var (
Expand Down Expand Up @@ -183,6 +184,7 @@ func getConfig(log *logrus.Logger, bindToConfig bool, newViper func() *viper.Vip

if flagCmd != nil {
v.BindPFlag("no_udp", flagCmd.PersistentFlags().Lookup("noudp"))
v.BindPFlag("proxy_private", flagCmd.PersistentFlags().Lookup("proxyprivate"))
v.BindPFlag("test_node_before_use", flagCmd.PersistentFlags().Lookup("testnode"))
if node, _ := flagCmd.PersistentFlags().GetString("node"); node != "" {
//log.Warn("Please use --node only on trusted computers, because it may leave a record in command history.")
Expand Down
1 change: 1 addition & 0 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ type Params struct {
Cache Cache `mapstructure:"cache"`

NoUDP bool `mapstructure:"no_udp"`
ProxyPrivate bool `mapstructure:"proxy_private"`
AllowInsecure bool `mapstructure:"allow_insecure"`

TestNode bool `mapstructure:"test_node_before_use" default:"true"`
Expand Down
9 changes: 5 additions & 4 deletions tracer/stop_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ package tracer
import (
"encoding/binary"
"fmt"
"github.com/mzz2017/gg/proxy"
"net"
"net/netip"
"reflect"
"strconv"
"syscall"
"unsafe"

"github.com/mzz2017/gg/proxy"
)

func (t *Tracer) getArgsFromStorehouse(pid, inst int) ([]uint64, error) {
Expand Down Expand Up @@ -324,10 +325,10 @@ func (t *Tracer) handleINet4(socketInfo *SocketMetadata, bSockAddr []byte) (sock
return nil, nil
}
isDNS := network == "udp" && targetPort == 53
if ip := netip.AddrFrom4(addr.Addr); (network == "tcp" || network == "udp") && ip.IsLoopback() && !isDNS {
// skip loopback
if ip := netip.AddrFrom4(addr.Addr); (network == "tcp" || network == "udp") && (ip.IsLoopback() || (t.ignorePrivateAddr && ip.IsPrivate())) && !isDNS {
// skip loopback/private
// but only keep DNS packets sent to the port 53
t.log.Tracef("skip loopback: %v", netip.AddrPortFrom(ip, binary.BigEndian.Uint16(addr.Port[:])).String())
t.log.Tracef("skip loopback/private: %v", netip.AddrPortFrom(ip, binary.BigEndian.Uint16(addr.Port[:])).String())
return nil, nil
}
//logrus.Traceln("before", bSockAddr)
Expand Down
52 changes: 29 additions & 23 deletions tracer/tracer.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ package tracer
import (
"context"
"fmt"
"github.com/mzz2017/gg/dialer"
"github.com/mzz2017/gg/proxy"
"github.com/sirupsen/logrus"
"os"
"runtime"
"syscall"
"time"

"github.com/mzz2017/gg/dialer"
"github.com/mzz2017/gg/proxy"
"github.com/sirupsen/logrus"
)

type SocketMetadata struct {
Expand All @@ -20,29 +21,34 @@ type SocketMetadata struct {

// Tracer is not thread-safe.
type Tracer struct {
ctx context.Context
ignoreUDP bool
supportUDP bool
log *logrus.Logger
proxy *proxy.Proxy
proc *os.Process
storehouse Storehouse
socketInfo map[int]map[int]SocketMetadata
closed chan struct{}
exitCode int
exitErr error
ctx context.Context
ignoreUDP bool
ignorePrivateAddr bool
supportUDP bool
log *logrus.Logger
proxy *proxy.Proxy
proc *os.Process
storehouse Storehouse
socketInfo map[int]map[int]SocketMetadata
closed chan struct{}
exitCode int
exitErr error
}

func New(ctx context.Context, name string, argv []string, attr *os.ProcAttr, dialer *dialer.Dialer, ignoreUDP bool, logger *logrus.Logger) (*Tracer, error) {
func New(ctx context.Context, name string, argv []string, attr *os.ProcAttr, dialer *dialer.Dialer, ignoreUDP bool, ignorePrivateAddr bool, logger *logrus.Logger) (*Tracer, error) {
t := &Tracer{
ctx: ctx,
log: logger,
supportUDP: dialer.SupportUDP(),
proxy: proxy.New(logger, dialer),
socketInfo: make(map[int]map[int]SocketMetadata),
storehouse: MakeStorehouse(),
closed: make(chan struct{}),
ignoreUDP: ignoreUDP,
ctx: ctx,
ignoreUDP: ignoreUDP,
ignorePrivateAddr: ignorePrivateAddr,
supportUDP: dialer.SupportUDP(),
log: logger,
proxy: proxy.New(logger, dialer),
proc: &os.Process{},
storehouse: MakeStorehouse(),
socketInfo: make(map[int]map[int]SocketMetadata),
closed: make(chan struct{}),
exitCode: 0,
exitErr: nil,
}
go func() {
if err := t.proxy.ListenAndServe(0); err != nil {
Expand Down

0 comments on commit 1385b99

Please sign in to comment.