From c695bc1da023af0334ae51a9800b5aa2c200d74e Mon Sep 17 00:00:00 2001 From: black-desk Date: Sat, 17 Jun 2023 14:31:30 +0800 Subject: [PATCH] refact: remove repeater Signed-off-by: black-desk --- internal/config/alloc.go | 75 ------------- internal/config/check.go | 135 ++++------------------- internal/config/config.go | 68 ++---------- internal/config/config_test.go | 2 - internal/config/default.go | 2 +- internal/config/error.go | 25 ----- internal/config/string.go | 3 - internal/consts/consts.go | 2 + internal/core/providers.go | 6 - internal/core/repeater/repeater.go | 16 --- internal/core/rulemanager/rulemanager.go | 4 - internal/core/rulemanager/run.go | 2 +- internal/core/run.go | 28 ----- internal/core/table/method.go | 8 +- internal/core/wire.go | 5 - internal/core/wire_gen.go | 9 -- test/data/wrong_ports.yaml | 28 ----- 17 files changed, 40 insertions(+), 378 deletions(-) delete mode 100644 internal/config/alloc.go delete mode 100644 internal/core/repeater/repeater.go delete mode 100644 test/data/wrong_ports.yaml diff --git a/internal/config/alloc.go b/internal/config/alloc.go deleted file mode 100644 index f114e24..0000000 --- a/internal/config/alloc.go +++ /dev/null @@ -1,75 +0,0 @@ -package config - -import ( - . "github.com/black-desk/cgtproxy/internal/log" - . "github.com/black-desk/lib/go/errwrap" -) - -func (c *ConfigV1) allocPorts(begin, end uint16) (err error) { - defer Wrap(&err, "Failed to allocate mark for proxy.") - - for name := range c.Proxies { - p := c.Proxies[name] - - if p.TProxy != nil { - panic("this should never happened") - } - - p.TProxy = &TProxy{ - Name: "repeater-" + name, - NoUDP: !p.UDP, - NoIPv6: p.NoIPv6, - Addr: &c.Repeater.Listens[0], - Port: 0, // NOTE(black_desk): alloc later - } - - c.TProxies["repeater-"+name] = p.TProxy - - Log.Debugw("Create tproxy for proxy.", - "tproxy", p.TProxy.Name, "proxy", name, - ) - } - - for _, tp := range c.TProxies { - - if tp.Port != 0 { - continue - } - - if begin >= end { - err = ErrTooFewPorts - return - } - - tp.Port = begin - Log.Debugw("Allocate port for tproxy.", - "tproxy", tp, - ) - - begin++ - } - - return -} - -func (c *ConfigV1) allocMarks(begin, end int) (err error) { - for _, tp := range c.TProxies { - if tp.Mark != 0 { - continue - } - - if begin >= end { - err = ErrTooFewMarks - return - } - - tp.Mark = RerouteMark(begin) - - Log.Debugw("Allocate mark for tproxy.", - "tproxy", tp, - ) - - begin++ - } - return -} diff --git a/internal/config/check.go b/internal/config/check.go index 6f33a94..47f68d5 100644 --- a/internal/config/check.go +++ b/internal/config/check.go @@ -2,10 +2,6 @@ package config import ( "fmt" - "math/rand" - "regexp" - "strconv" - "strings" "github.com/black-desk/cgtproxy/internal/consts" . "github.com/black-desk/cgtproxy/internal/log" @@ -24,129 +20,38 @@ func (c *ConfigV1) check() (err error) { return } - { - if c.CgroupRoot == "AUTO" { - var cgroupRoot CgroupRoot - cgroupRoot, err = getCgroupRoot() - if err != nil { - return - } - - c.CgroupRoot = cgroupRoot - - Log.Infow( - "Cgroup mount point auto detection done.", - "cgroup root", cgroupRoot, - ) - } - } - - { - if c.RouteTable == 0 { - c.RouteTable = rand.Int() - } - } - - { - if c.Rules == nil { - Log.Warnw("No rules in config.") - } - } - - { - if c.Proxies == nil { - c.Proxies = map[string]*Proxy{} - } - - if c.TProxies == nil { - c.TProxies = map[string]*TProxy{} - } - - for name := range c.TProxies { - tp := c.TProxies[name] - if tp.Name == "" { - tp.Name = name - } - - if strings.HasSuffix(tp.Name, "-MARK") { - err = &ErrBadProxyName{ - Actual: tp.Name, - } - Wrap(&err) - return - } - } - } - - if c.Repeater != nil { - var ( - begin uint64 - end uint64 - ) - - begin, end, err = parseRange(c.Repeater.TProxyPorts) + if c.CgroupRoot == "AUTO" { + var cgroupRoot CgroupRoot + cgroupRoot, err = getCgroupRoot() if err != nil { return } - err = c.allocPorts(uint16(begin), uint16(end)) - if err != nil { - return - } - } + c.CgroupRoot = cgroupRoot - { - var ( - begin uint64 - end uint64 + Log.Infow( + "Cgroup mount point auto detection done.", + "cgroup root", cgroupRoot, ) - - begin, end, err = parseRange(c.Marks) - if err != nil { - return - } - - err = c.allocMarks(int(begin), int(end)) - if err != nil { - return - } } - return -} - -func parseRange(str string) (begin uint64, end uint64, err error) { - defer Wrap(&err, "Failed to parse range.") - - rangeExp := regexp.MustCompile(consts.PortsPattern) - - matchs := rangeExp.FindStringSubmatch(str) - - if len(matchs) != 3 { - err = &ErrBadRange{ - Actual: str, - } - Wrap(&err) - - return + if c.Rules == nil { + Log.Warnw("No rules in config.") } - begin, err = strconv.ParseUint(matchs[1], 10, 16) - if err != nil { - Wrap(&err, - "Failed to parse range begin from %s.", - matchs[0], - ) - return + if c.TProxies == nil { + c.TProxies = map[string]*TProxy{} } - end, err = strconv.ParseUint(matchs[2], 10, 16) - if err != nil { - Wrap(&err, - "Failed to parse range end from %s.", - matchs[1], - ) - return + for name := range c.TProxies { + tp := c.TProxies[name] + if tp.Name == "" { + tp.Name = name + } + if tp.DNSHijack != nil && tp.DNSHijack.Addr == nil { + addr := consts.IPv4LocalhostStr + tp.DNSHijack.Addr = &addr + } } return diff --git a/internal/config/config.go b/internal/config/config.go index 92f1108..3e07da4 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -5,27 +5,23 @@ type Config struct { } type ConfigV1 struct { - Version uint8 `yaml:"version" validate:"required,eq=1"` - Repeater *Repeater `yaml:"repeater"` + Version uint8 `yaml:"version" validate:"required,eq=1"` - Proxies map[string]*Proxy `yaml:"proxies" validate:"dive"` - TProxies map[string]*TProxy `yaml:"tproxies" validate:"dive"` - - Rules []Rule `yaml:"rules" validate:"dive"` - Bypass *Bypass `yaml:"bypass"` - CgroupRoot CgroupRoot `yaml:"cgroup-root" validate:"required,dirpath|eq=AUTO"` - RouteTable int `yaml:"route-table"` - Marks string `yaml:"marks" validate:"required"` + CgroupRoot CgroupRoot `yaml:"cgroup-root" validate:"required,dirpath|eq=AUTO"` + Bypass *Bypass `yaml:"bypass"` + TProxies map[string]*TProxy `yaml:"tproxies" validate:"dive"` + Rules []Rule `yaml:"rules" validate:"dive"` + RouteTable int `yaml:"route-table" validate:"required"` } type CgroupRoot string -type RerouteMark uint32 +type FireWallMark uint32 // Bypass describes the bypass rules apply to all the TPROXY servers. // If the destination matched in Bypass, the traffic will not be touched. type Bypass struct { - IPV4 []string `yaml:"ipv4" validate:"dive,ipv4"` - IPV6 []string `yaml:"ipv6" validate:"dive,ipv6"` + IPV4 []string `yaml:"ipv4" validate:"dive,ipv4|cidrv4"` + IPV6 []string `yaml:"ipv6" validate:"dive,ipv6|cidrv6"` } // Rule describes a rule about how to handle traffic comes from a cgroup. @@ -37,11 +33,6 @@ type Rule struct { // TProxy means that the traffic comes from this cgroup // should be redirected to a TPROXY server. TProxy string `yaml:"tproxy" validate:"required_without_all=Proxy Drop Direct,excluded_with=Proxy Drop Direct"` - // Proxy means that the traffic comes from this cgroup - // should be redirected to a proxy server. - // - // NOTE: This is not implemented yet. - Proxy string `yaml:"proxy" validate:"required_without_all=TProxy Drop Direct,excluded_with=TProxy Drop Direct"` // Drop means that the traffic comes from this cgroup will be dropped. Drop bool `yaml:"drop" validate:"required_without_all=TProxy Proxy Direct,excluded_with=TProxy Proxy Direct"` // Direct means that the traffic comes from this cgroup will not be touched. @@ -54,14 +45,13 @@ type TProxy struct { NoUDP bool `yaml:"no-udp"` NoIPv6 bool `yaml:"no-ipv6"` // NOTE: This field is not used yet. - Addr *string `yaml:"addr" validate:"hostname|ip"` Port uint16 `yaml:"port" validate:"required"` // Mark is the fwmark used to identify the TPROXY server. // It **NOT** means that this TPROXY server // must send traffic with the fwmark. // This mark cgtproxy use internally designed to be changeable // to void fwmark confliction with other program using nftables. - Mark RerouteMark `yaml:"mark"` + Mark FireWallMark `yaml:"mark" validate:"required"` // DNSHijack will hijack the dns request traffic // should redirect to this TPROXY server, // and send them to directory to a dns server described in DNSHijack. @@ -70,43 +60,9 @@ type TProxy struct { } type DNSHijack struct { - Addr string `yaml:"addr" validate:"ip4_addr"` - Port uint16 `yaml:"port"` + Addr *string `yaml:"addr" validate:"ip4_addr"` + Port uint16 `yaml:"port"` // If TCP is set to true, // tcp traffic to any 53 port will be hijacked too. TCP bool `yaml:"tcp"` } - -// Repeater is configuration for a builtin TPROXY server, -// it is required if you have any entry in Proxies. -// -// NOTE: This is unimplemented yet. -type Repeater struct { - // Listens is a list of ip which this TPROXY server will listen on. - Listens []string `yaml:"listens" validate:"required,dive,ip"` - // TProxyPorts is a string like [20000,21000) - // describe a range of ports which this TPROXY server will use. - TProxyPorts string `yaml:"tproxy-ports" validate:"required"` -} - -// Proxy is describes a proxy server. -// If any of Proxy is configurated, -// the repeater is required to be configured too. -// -// NOTE: This is not implemented yet. -type Proxy struct { - Protocol string `yaml:"protocol" validate:"required,eq=http|eq=https|eq=socks|eq=socks4|eq=socks5"` - Addr string `yaml:"addr" validate:"required,hostname|ip"` - Port uint16 `yaml:"port" validate:"required"` - Auth *Auth `yaml:"auth"` - UDP bool `yaml:"udp"` - NoIPv6 bool `yaml:"no-ipv6"` - - TProxy *TProxy `yaml:"-"` -} - -// Auth describes a proxy server's authentication. -type Auth struct { - User string `yaml:"user" validate:"required"` - Passwd string `yaml:"passwd" validate:"required"` -} diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 1e05d15..1b3c0b0 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -80,8 +80,6 @@ var _ = Describe("Configuration", func() { WithFmt("../../test/data/wrong_type.yaml"), ContextTableEntry("../../test/data/validation_fail.yaml", validator.ValidationErrors{}). WithFmt("../../test/data/validation_fail.yaml"), - ContextTableEntry("../../test/data/wrong_ports.yaml", new(ErrBadRange)). - WithFmt("../../test/data/wrong_ports.yaml"), ) }) diff --git a/internal/config/default.go b/internal/config/default.go index c199525..f93e4d0 100644 --- a/internal/config/default.go +++ b/internal/config/default.go @@ -3,7 +3,7 @@ package config const DefaultConfig = ` version: 1 cgroup-root: AUTO -marks: '[3000,3100)' +route-table: 400 rules: - match: \/.* direct: true diff --git a/internal/config/error.go b/internal/config/error.go index 883cc59..522d6ba 100644 --- a/internal/config/error.go +++ b/internal/config/error.go @@ -2,9 +2,6 @@ package config import ( "errors" - "fmt" - - "github.com/black-desk/cgtproxy/internal/consts" ) var ( @@ -12,25 +9,3 @@ var ( ErrTooFewMarks = errors.New("Too few marks for tproxy") ErrCannotFoundCgroupv2Mount = errors.New("`cgroup2` mount point not found in /proc/mounts.") ) - -type ErrBadRange struct { - Actual string -} - -func (e *ErrBadRange) Error() string { - return fmt.Sprintf( - "A `range` must be a string match %s, but we got %s.", - consts.PortsPattern, e.Actual, - ) -} - -type ErrBadProxyName struct { - Actual string -} - -func (e *ErrBadProxyName) Error() string { - return fmt.Sprintf( - "Proxy name must not end with -MARK, but we got %s.", - e.Actual, - ) -} diff --git a/internal/config/string.go b/internal/config/string.go index ef7870c..e176a9f 100644 --- a/internal/config/string.go +++ b/internal/config/string.go @@ -9,9 +9,6 @@ func (r *Rule) String() string { return fmt.Sprintf("rule [ match: %s | DROP ]", r.Match) } else if r.Direct { return fmt.Sprintf("rule [ match: %s | DIRECT ]", r.Match) - } else if r.Proxy != "" { - return fmt.Sprintf("rule [ match: %s | PROXY %s ]", - r.Match, r.Proxy) } else if r.TProxy != "" { return fmt.Sprintf("rule [ match: %s | TPROXY %s ]", r.Match, r.TProxy) diff --git a/internal/consts/consts.go b/internal/consts/consts.go index 3c9e9d8..b23fd02 100644 --- a/internal/consts/consts.go +++ b/internal/consts/consts.go @@ -11,4 +11,6 @@ https://github.com/black-desk/cgtproxy PortsPattern = `^\[(\d+),(\d+)\)$` NftTableName = "cgtproxy" + + IPv4LocalhostStr = "127.0.0.1" ) diff --git a/internal/core/providers.go b/internal/core/providers.go index 724f474..2512161 100644 --- a/internal/core/providers.go +++ b/internal/core/providers.go @@ -5,7 +5,6 @@ import ( "github.com/black-desk/cgtproxy/internal/config" "github.com/black-desk/cgtproxy/internal/core/monitor" - "github.com/black-desk/cgtproxy/internal/core/repeater" "github.com/black-desk/cgtproxy/internal/core/rulemanager" "github.com/black-desk/cgtproxy/internal/core/table" "github.com/black-desk/cgtproxy/internal/core/watcher" @@ -151,10 +150,6 @@ func provideRuleManager( return } -func provideRepeater() (*repeater.Repeater, error) { - return repeater.New() -} - var ( _monitorOnce sync.Once _monitor *monitor.Monitor @@ -199,7 +194,6 @@ var set = wire.NewSet( provideOutputChan, provideTable, provideRuleManager, - provideRepeater, provideMonitor, provideCgroupRoot, provideBypass, diff --git a/internal/core/repeater/repeater.go b/internal/core/repeater/repeater.go deleted file mode 100644 index 71d5ea1..0000000 --- a/internal/core/repeater/repeater.go +++ /dev/null @@ -1,16 +0,0 @@ -package repeater - -import "context" - -type Repeater struct { -} - -type Opt func(r *Repeater) (ret *Repeater, err error) - -func New(opts ...Opt) (ret *Repeater, err error) { - panic("Unimplemented") -} - -func (r *Repeater) Run(ctx context.Context) (err error) { - panic("Unimplemented") -} diff --git a/internal/core/rulemanager/rulemanager.go b/internal/core/rulemanager/rulemanager.go index 560469c..d4efe86 100644 --- a/internal/core/rulemanager/rulemanager.go +++ b/internal/core/rulemanager/rulemanager.go @@ -53,10 +53,6 @@ func New(opts ...Opt) (ret *RuleManager, err error) { matcher.target.Op = table.TargetDirect } else if m.cfg.Rules[i].Drop { matcher.target.Op = table.TargetDrop - } else if m.cfg.Rules[i].Proxy != "" { - matcher.target.Op = table.TargetTProxy - matcher.target.Chain = - m.cfg.Proxies[m.cfg.Rules[i].Proxy].TProxy.Name } else if m.cfg.Rules[i].TProxy != "" { matcher.target.Op = table.TargetTProxy matcher.target.Chain = diff --git a/internal/core/rulemanager/run.go b/internal/core/rulemanager/run.go index 48ecacc..ab2b691 100644 --- a/internal/core/rulemanager/run.go +++ b/internal/core/rulemanager/run.go @@ -80,7 +80,7 @@ func (m *RuleManager) removeNftableRules() { return } -func (m *RuleManager) addRule(mark config.RerouteMark) (err error) { +func (m *RuleManager) addRule(mark config.FireWallMark) (err error) { defer Wrap(&err, "Failed to add route rule.") Log.Infow("Adding route rule.", diff --git a/internal/core/run.go b/internal/core/run.go index 888130e..5220a2c 100644 --- a/internal/core/run.go +++ b/internal/core/run.go @@ -7,7 +7,6 @@ import ( "syscall" "github.com/black-desk/cgtproxy/internal/core/monitor" - "github.com/black-desk/cgtproxy/internal/core/repeater" "github.com/black-desk/cgtproxy/internal/core/rulemanager" "github.com/black-desk/cgtproxy/internal/core/watcher" . "github.com/black-desk/cgtproxy/internal/log" @@ -21,7 +20,6 @@ func (c *Core) Run() (err error) { c.pool.Go(c.runWatcher) c.pool.Go(c.runMonitor) c.pool.Go(c.runRuleManager) - c.pool.Go(c.runRepeater) return c.pool.Wait() } @@ -85,32 +83,6 @@ func (c *Core) runRuleManager(ctx context.Context) (err error) { return ctx.Err() } -func (c *Core) runRepeater(ctx context.Context) (err error) { - if c.cfg.Repeater == nil { - return - } - - defer Log.Debugw("Repeater exited.") - - var r *repeater.Repeater - r, err = injectedRepeater(c) - if err != nil { - Wrap(&err) - Log.Panicw("Failed to create repeater.", - "error", err, - ) - } - - Log.Debugw("Start network traffic repeater.") - - err = r.Run(ctx) - if err != nil { - return - } - - return ctx.Err() -} - func (c *Core) runWatcher(ctx context.Context) (err error) { defer Log.Debugw("Watcher exited.") diff --git a/internal/core/table/method.go b/internal/core/table/method.go index b4be246..b91e5a2 100644 --- a/internal/core/table/method.go +++ b/internal/core/table/method.go @@ -366,7 +366,7 @@ func (t *Table) addTproxyChainForTProxy( } func (t *Table) updateMarkTproxyMap( - conn *nftables.Conn, mark config.RerouteMark, chain string, + conn *nftables.Conn, mark config.FireWallMark, chain string, ) ( err error, ) { @@ -389,7 +389,7 @@ func (t *Table) updateMarkTproxyMap( } func (t *Table) updateMarkDNSMap( - conn *nftables.Conn, mark config.RerouteMark, chain string, + conn *nftables.Conn, mark config.FireWallMark, chain string, ) ( err error, ) { @@ -455,7 +455,7 @@ func (t *Table) addDNSChainForTproxy( }, &expr.Immediate{ // immediate reg 1 xxx Register: 1, - Data: net.ParseIP(tp.DNSHijack.Addr).To4(), + Data: net.ParseIP(*tp.DNSHijack.Addr).To4(), }, &expr.Immediate{ // immediate reg 2 xxx Register: 2, @@ -505,7 +505,7 @@ func (t *Table) addDNSChainForTproxy( }, &expr.Immediate{ // immediate reg 1 xxx Register: 1, - Data: net.ParseIP(tp.DNSHijack.Addr).To4(), + Data: net.ParseIP(*tp.DNSHijack.Addr).To4(), }, &expr.Immediate{ // immediate reg 2 xxx Register: 2, diff --git a/internal/core/wire.go b/internal/core/wire.go index e0b4d2a..72b2876 100644 --- a/internal/core/wire.go +++ b/internal/core/wire.go @@ -5,7 +5,6 @@ package core import ( "github.com/black-desk/cgtproxy/internal/core/monitor" - "github.com/black-desk/cgtproxy/internal/core/repeater" "github.com/black-desk/cgtproxy/internal/core/rulemanager" "github.com/black-desk/cgtproxy/internal/core/watcher" "github.com/google/wire" @@ -19,10 +18,6 @@ func injectedRuleManager(*Core) (*rulemanager.RuleManager, error) { panic(wire.Build(set)) } -func injectedRepeater(*Core) (*repeater.Repeater, error) { - panic(wire.Build(set)) -} - func injectedWatcher(*Core) (*watcher.Watcher, error) { panic(wire.Build(set)) } diff --git a/internal/core/wire_gen.go b/internal/core/wire_gen.go index d14b440..caccae5 100644 --- a/internal/core/wire_gen.go +++ b/internal/core/wire_gen.go @@ -8,7 +8,6 @@ package core import ( "github.com/black-desk/cgtproxy/internal/core/monitor" - "github.com/black-desk/cgtproxy/internal/core/repeater" "github.com/black-desk/cgtproxy/internal/core/rulemanager" "github.com/black-desk/cgtproxy/internal/core/watcher" ) @@ -52,14 +51,6 @@ func injectedRuleManager(core *Core) (*rulemanager.RuleManager, error) { return ruleManager, nil } -func injectedRepeater(core *Core) (*repeater.Repeater, error) { - repeaterRepeater, err := provideRepeater() - if err != nil { - return nil, err - } - return repeaterRepeater, nil -} - func injectedWatcher(core *Core) (*watcher.Watcher, error) { config, err := provideConfig(core) if err != nil { diff --git a/test/data/wrong_ports.yaml b/test/data/wrong_ports.yaml deleted file mode 100644 index c318964..0000000 --- a/test/data/wrong_ports.yaml +++ /dev/null @@ -1,28 +0,0 @@ -version: 1 -cgroup-root: AUTO -marks: '[100,300)' - -tproxies: - clash: - port: 7893 - addr: 127.0.0.1 - -proxies: - proxy1: - udp: true - port: 1080 - protocol: socks - addr: 127.0.0.1 - -rules: - - match: /user.slice/user-1000.slice/user@1000.service/app.slice/* - tproxy: clash - - match: /user.slice/user-1001.slice/user@1001.service/app.slice/* - proxy: proxy1 - - match: /user.slice/user-1002.slice/user@1002.service/app.slice/* - proxy: proxy1 - -repeater: - listens: - - 127.0.0.1 - tproxy-ports: "[[13030,13040)"