fwmark

2024-11-21 14:53:08 +01:00 · 2024-01-12 04:02:39 +00:00 · 2024-01-12 04:02:39 +00:00 · d78d3335f8
commit d78d3335f8
parent a96db9e8cf
5 changed files with 30 additions and 19 deletions
--- a/conn/bind_linux.go
+++ b/conn/bind_linux.go
@ -57,23 +57,24 @@ func (endpoint *LinuxSocketEndpoint) dst6() *unix.SockaddrInet6 {
 type LinuxSocketBind struct {
 	// mu guards sock4 and sock6 and the associated fds.
 	// As long as someone holds mu (read or write), the associated fds are valid.
-	mu    sync.RWMutex
-	sock4 int
-	sock6 int
-	use4  bool
-	use6  bool
+	mu     sync.RWMutex
+	fwmark uint32
+	sock4  int
+	sock6  int
+	use4   bool
+	use6   bool
 }

 func NewLinuxSocketBind() Bind { return &LinuxSocketBind{sock4: -1, sock6: -1, use4: true, use6: true} }
-func NewLinuxSocketBindAf(use4 bool, use6 bool) Bind {
-	return &LinuxSocketBind{sock4: -1, sock6: -1, use4: use4, use6: use6}
+func NewLinuxSocketBindAf(use4 bool, use6 bool, fwmark uint32) Bind {
+	return &LinuxSocketBind{sock4: -1, sock6: -1, use4: use4, use6: use6, fwmark: fwmark}
 }

-func NewDefaultBind(Af EnabledAf, bindmode string) Bind {
+func NewDefaultBind(Af EnabledAf, bindmode string, fwmark uint32) Bind {
 	if bindmode == "std" {
-		return NewStdNetBindAf(Af.IPv4, Af.IPv6)
+		return NewStdNetBindAf(Af.IPv4, Af.IPv6, fwmark)
 	}
-	return NewLinuxSocketBindAf(Af.IPv4, Af.IPv6)
+	return NewLinuxSocketBindAf(Af.IPv4, Af.IPv6, fwmark)
 }

 var _ Endpoint = (*LinuxSocketEndpoint)(nil)
@ -185,6 +186,9 @@ again:
 	if len(fns) == 0 {
 		return nil, 0, syscall.EAFNOSUPPORT
 	}
+	if bind.fwmark != 0 {
+		bind.setMark(bind.fwmark)
+	}
 	return fns, port, nil
 }

@ -192,6 +196,10 @@ func (bind *LinuxSocketBind) SetMark(value uint32) error {
 	bind.mu.RLock()
 	defer bind.mu.RUnlock()

+	return bind.setMark(value)
+}
+
+func (bind *LinuxSocketBind) setMark(value uint32) error {
 	if bind.sock6 != -1 {
 		err := unix.SetsockoptInt(
 			bind.sock6,
--- a/conn/bind_std.go
+++ b/conn/bind_std.go
@ -20,15 +20,16 @@ type StdNetBind struct {
 	mu         sync.Mutex // protects following fields
 	ipv4       *net.UDPConn
 	ipv6       *net.UDPConn
+	fwmark     uint32
 	blackhole4 bool
 	blackhole6 bool
 	use4       bool
 	use6       bool
 }

-func NewStdNetBind() Bind { return &StdNetBind{use4: true, use6: true} }
-func NewStdNetBindAf(use4 bool, use6 bool) Bind {
-	return &StdNetBind{use4: use4, use6: use6}
+func NewStdNetBind() Bind { return &StdNetBind{use4: true, use6: true, fwmark: 0} }
+func NewStdNetBindAf(use4 bool, use6 bool, fwmark uint32) Bind {
+	return &StdNetBind{use4: use4, use6: use6, fwmark: fwmark}
 }

 type StdNetEndpoint net.UDPAddr
--- a/main_edge.go
+++ b/main_edge.go
@ -125,7 +125,7 @@ func Edge(configPath string, useUAPI bool, printExample bool, bindmode string) (
 		IPv6: !econfig.DisableAf.IPv6,
 	}

-	the_device := device.NewDevice(thetap, econfig.NodeID, conn.NewDefaultBind(EnabledAf, bindmode), logger, graph, false, configPath, &econfig, nil, nil, Version)
+	the_device := device.NewDevice(thetap, econfig.NodeID, conn.NewDefaultBind(EnabledAf, bindmode, econfig.FwMark), logger, graph, false, configPath, &econfig, nil, nil, Version)
 	defer the_device.Close()
 	pk, err := device.Str2PriKey(econfig.PrivKey)
 	if err != nil {
@ -133,7 +133,7 @@ func Edge(configPath string, useUAPI bool, printExample bool, bindmode string) (
 		return err
 	}
 	the_device.SetPrivateKey(pk)
-	the_device.IpcSet("fwmark=0\n")
+	the_device.IpcSet("fwmark=" + fmt.Sprint(econfig.FwMark) + "\n")
 	the_device.IpcSet("listen_port=" + strconv.Itoa(econfig.ListenPort) + "\n")
 	the_device.IpcSet("replace_peers=true\n")
 	for _, peerconf := range econfig.Peers {
--- a/main_super.go
+++ b/main_super.go
@ -144,10 +144,10 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
 		}
 	}
 	thetap4, _ := tap.CreateDummyTAP()
-	httpobj.http_device4 = device.NewDevice(thetap4, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf4, bindmode), logger4, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
+	httpobj.http_device4 = device.NewDevice(thetap4, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf4, bindmode, sconfig.FwMark), logger4, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
 	defer httpobj.http_device4.Close()
 	thetap6, _ := tap.CreateDummyTAP()
-	httpobj.http_device6 = device.NewDevice(thetap6, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf6, bindmode), logger6, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
+	httpobj.http_device6 = device.NewDevice(thetap6, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf6, bindmode, sconfig.FwMark), logger6, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
 	defer httpobj.http_device6.Close()
 	if sconfig.PrivKeyV4 != "" {
 		pk4, err := device.Str2PriKey(sconfig.PrivKeyV4)
@ -156,7 +156,7 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
 			return err
 		}
 		httpobj.http_device4.SetPrivateKey(pk4)
-		httpobj.http_device4.IpcSet("fwmark=0\n")
+		httpobj.http_device4.IpcSet("fwmark=" + fmt.Sprint(sconfig.FwMark) + "\n")
 		httpobj.http_device4.IpcSet("listen_port=" + strconv.Itoa(sconfig.ListenPort) + "\n")
 		httpobj.http_device4.IpcSet("replace_peers=true\n")
 	}
@ -168,7 +168,7 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
 			return err
 		}
 		httpobj.http_device6.SetPrivateKey(pk6)
-		httpobj.http_device6.IpcSet("fwmark=0\n")
+		httpobj.http_device6.IpcSet("fwmark=" + fmt.Sprint(sconfig.FwMark) + "\n")
 		httpobj.http_device6.IpcSet("listen_port=" + strconv.Itoa(sconfig.ListenPort) + "\n")
 		httpobj.http_device6.IpcSet("replace_peers=true\n")
 	}
--- a/mtypes/config.go
+++ b/mtypes/config.go
@ -23,6 +23,7 @@ type EdgeConfig struct {
 	Interface             InterfaceConf    `yaml:"Interface"`
 	NodeID                Vertex           `yaml:"NodeID"`
 	NodeName              string           `yaml:"NodeName"`
+	FwMark                uint32           `yaml:"FwMark"`
 	PostScript            string           `yaml:"PostScript"`
 	DefaultTTL            uint8            `yaml:"DefaultTTL"`
 	L2FIBTimeout          float64          `yaml:"L2FIBTimeout"`
@ -39,6 +40,7 @@ type EdgeConfig struct {

 type SuperConfig struct {
 	NodeName                string                  `yaml:"NodeName"`
+	FwMark                  uint32                  `yaml:"FwMark"`
 	PostScript              string                  `yaml:"PostScript"`
 	PrivKeyV4               string                  `yaml:"PrivKeyV4"`
 	PrivKeyV6               string                  `yaml:"PrivKeyV6"`