-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: enable fwmark
(SO_MARK
) for outgoing sockets
#202
base: master
Are you sure you want to change the base?
Conversation
I have merged some large refactors we've been working on recently; apologies for the merge conflicts, and thank you for this contribution! We may want to have some more dialer config options in future, so I suggest maybe a dialer:
fwmark: ... /cc @fortuna to weigh in on that |
By the way, for your use case, have you considered using a firewall rule based on the PID? You can probably do things like:
With It's also possible to use network namespaces. |
This already adds too much complexity for even simple routing logic. I made the changes to be linux-specific but it also opens room for other similar functionality in other platforms like freebsd's SO_USER_COOKIE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes. Looking good. I just have a few more tweaks.
Changes applied. |
@@ -243,7 +249,8 @@ func (s *SSServer) runConfig(config Config) (func() error, error) { | |||
ciphers := service.NewCipherList() | |||
ciphers.Update(cipherList) | |||
|
|||
sh := s.NewShadowsocksStreamHandler(ciphers) | |||
tcpDialer := service.MakeValidatingTCPStreamDialer(onet.RequirePublicIP, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this take serviceConfig.Dialer.Fwmark?
dialer := service.MakeTargetPacketListener(config.Dialer.Fwmark) | ||
return s.NewShadowsocksPacketHandler(ciphers, dialer), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
dialer := service.MakeTargetPacketListener(config.Dialer.Fwmark) | |
return s.NewShadowsocksPacketHandler(ciphers, dialer), nil | |
listener := service.MakeTargetPacketListener(config.Dialer.Fwmark) | |
return s.NewShadowsocksPacketHandler(ciphers, listener), nil |
@@ -259,7 +266,8 @@ func (s *SSServer) runConfig(config Config) (func() error, error) { | |||
return err | |||
} | |||
slog.Info("UDP service started.", "address", pc.LocalAddr().String()) | |||
ph := s.NewShadowsocksPacketHandler(ciphers) | |||
udpDialer := service.MakeTargetPacketListener(0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, shouldn't it take the fwmark?
"syscall" | ||
) | ||
|
||
func SetFwmark(fd uintptr, fwmark uint) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take the syscall.RawConn
as input instead of the fd
to make it easier to use and remove the duplication.
@fortuna @sbruens I just gave you maintainer access to my fork and you are able to apply any of your concerns and code styles that fit best with the codebase. I may not be able to keep up with the rapid changes and requests in the codebase and this PR due to time constraints. Sorry for that and appreciate your work to land this feature. Thank you! |
No description provided.