extern/EtherGuard-VPN
1
0
Fork 0
mirror of https://github.com/KusakabeShi/EtherGuard-VPN.git synced 2025-02-16 15:29:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fwmark

Browse Source
This commit is contained in:
KusakabeSi 2024-01-12 04:02:39 +00:00
parent a96db9e8cf
commit d78d3335f8
5 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
conn/bind_linux.go
View File

@ -58,6 +58,7 @@ type LinuxSocketBind struct {
// mu guards sock4 and sock6 and the associated fds.
// As long as someone holds mu (read or write), the associated fds are valid.
mu sync.RWMutex
fwmark uint32
sock4 int
sock6 int
use4 bool
@ -65,15 +66,15 @@ type LinuxSocketBind struct {
}
func NewLinuxSocketBind() Bind { return &LinuxSocketBind{sock4: -1, sock6: -1, use4: true, use6: true} }
func NewLinuxSocketBindAf(use4 bool, use6 bool) Bind {
return &LinuxSocketBind{sock4: -1, sock6: -1, use4: use4, use6: use6}
func NewLinuxSocketBindAf(use4 bool, use6 bool, fwmark uint32) Bind {
return &LinuxSocketBind{sock4: -1, sock6: -1, use4: use4, use6: use6, fwmark: fwmark}
}
func NewDefaultBind(Af EnabledAf, bindmode string) Bind {
func NewDefaultBind(Af EnabledAf, bindmode string, fwmark uint32) Bind {
if bindmode == "std" {
return NewStdNetBindAf(Af.IPv4, Af.IPv6)
return NewStdNetBindAf(Af.IPv4, Af.IPv6, fwmark)
}
return NewLinuxSocketBindAf(Af.IPv4, Af.IPv6)
return NewLinuxSocketBindAf(Af.IPv4, Af.IPv6, fwmark)
}
var _ Endpoint = (*LinuxSocketEndpoint)(nil)
@ -185,6 +186,9 @@ again:
if len(fns) == 0 {
return nil, 0, syscall.EAFNOSUPPORT
}
if bind.fwmark != 0 {
bind.setMark(bind.fwmark)
}
return fns, port, nil
}
@ -192,6 +196,10 @@ func (bind *LinuxSocketBind) SetMark(value uint32) error {
bind.mu.RLock()
defer bind.mu.RUnlock()
return bind.setMark(value)
}
func (bind *LinuxSocketBind) setMark(value uint32) error {
if bind.sock6 != -1 {
err := unix.SetsockoptInt(
bind.sock6,

7
conn/bind_std.go
View File

@ -20,15 +20,16 @@ type StdNetBind struct {
mu sync.Mutex // protects following fields
ipv4 *net.UDPConn
ipv6 *net.UDPConn
fwmark uint32
blackhole4 bool
blackhole6 bool
use4 bool
use6 bool
}
func NewStdNetBind() Bind { return &StdNetBind{use4: true, use6: true} }
func NewStdNetBindAf(use4 bool, use6 bool) Bind {
return &StdNetBind{use4: use4, use6: use6}
func NewStdNetBind() Bind { return &StdNetBind{use4: true, use6: true, fwmark: 0} }
func NewStdNetBindAf(use4 bool, use6 bool, fwmark uint32) Bind {
return &StdNetBind{use4: use4, use6: use6, fwmark: fwmark}
}
type StdNetEndpoint net.UDPAddr

4
main_edge.go
View File

@ -125,7 +125,7 @@ func Edge(configPath string, useUAPI bool, printExample bool, bindmode string) (
IPv6: !econfig.DisableAf.IPv6,
}
the_device := device.NewDevice(thetap, econfig.NodeID, conn.NewDefaultBind(EnabledAf, bindmode), logger, graph, false, configPath, &econfig, nil, nil, Version)
the_device := device.NewDevice(thetap, econfig.NodeID, conn.NewDefaultBind(EnabledAf, bindmode, econfig.FwMark), logger, graph, false, configPath, &econfig, nil, nil, Version)
defer the_device.Close()
pk, err := device.Str2PriKey(econfig.PrivKey)
if err != nil {
@ -133,7 +133,7 @@ func Edge(configPath string, useUAPI bool, printExample bool, bindmode string) (
return err
}
the_device.SetPrivateKey(pk)
the_device.IpcSet("fwmark=0\n")
the_device.IpcSet("fwmark=" + fmt.Sprint(econfig.FwMark) + "\n")
the_device.IpcSet("listen_port=" + strconv.Itoa(econfig.ListenPort) + "\n")
the_device.IpcSet("replace_peers=true\n")
for _, peerconf := range econfig.Peers {

8
main_super.go
View File

@ -144,10 +144,10 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
}
}
thetap4, _ := tap.CreateDummyTAP()
httpobj.http_device4 = device.NewDevice(thetap4, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf4, bindmode), logger4, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
httpobj.http_device4 = device.NewDevice(thetap4, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf4, bindmode, sconfig.FwMark), logger4, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
defer httpobj.http_device4.Close()
thetap6, _ := tap.CreateDummyTAP()
httpobj.http_device6 = device.NewDevice(thetap6, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf6, bindmode), logger6, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
httpobj.http_device6 = device.NewDevice(thetap6, mtypes.NodeID_SuperNode, conn.NewDefaultBind(conn.EnabledAf6, bindmode, sconfig.FwMark), logger6, httpobj.http_graph, true, configPath, nil, &sconfig, httpobj.http_super_chains, Version)
defer httpobj.http_device6.Close()
if sconfig.PrivKeyV4 != "" {
pk4, err := device.Str2PriKey(sconfig.PrivKeyV4)
@ -156,7 +156,7 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
return err
}
httpobj.http_device4.SetPrivateKey(pk4)
httpobj.http_device4.IpcSet("fwmark=0\n")
httpobj.http_device4.IpcSet("fwmark=" + fmt.Sprint(sconfig.FwMark) + "\n")
httpobj.http_device4.IpcSet("listen_port=" + strconv.Itoa(sconfig.ListenPort) + "\n")
httpobj.http_device4.IpcSet("replace_peers=true\n")
}
@ -168,7 +168,7 @@ func Super(configPath string, useUAPI bool, printExample bool, bindmode string)
return err
}
httpobj.http_device6.SetPrivateKey(pk6)
httpobj.http_device6.IpcSet("fwmark=0\n")
httpobj.http_device6.IpcSet("fwmark=" + fmt.Sprint(sconfig.FwMark) + "\n")
httpobj.http_device6.IpcSet("listen_port=" + strconv.Itoa(sconfig.ListenPort) + "\n")
httpobj.http_device6.IpcSet("replace_peers=true\n")
}

2
mtypes/config.go
View File

@ -23,6 +23,7 @@ type EdgeConfig struct {
Interface InterfaceConf `yaml:"Interface"`
NodeID Vertex `yaml:"NodeID"`
NodeName string `yaml:"NodeName"`
FwMark uint32 `yaml:"FwMark"`
PostScript string `yaml:"PostScript"`
DefaultTTL uint8 `yaml:"DefaultTTL"`
L2FIBTimeout float64 `yaml:"L2FIBTimeout"`
@ -39,6 +40,7 @@ type EdgeConfig struct {
type SuperConfig struct {
NodeName string `yaml:"NodeName"`
FwMark uint32 `yaml:"FwMark"`
PostScript string `yaml:"PostScript"`
PrivKeyV4 string `yaml:"PrivKeyV4"`
PrivKeyV6 string `yaml:"PrivKeyV6"`