From 0b25b5263a3cfb50f107d5356e97d7728ae2d837 Mon Sep 17 00:00:00 2001 From: springzfx Date: Sat, 23 May 2020 14:39:20 +0800 Subject: [PATCH] update man and readme --- config.json | 8 ++++---- man/cgnoproxy.1 | 6 ++++-- man/cgproxy.1 | 6 ++++-- man/cgproxyd.1 | 29 +++++++++++++++++++++++++++-- readme.md | 44 +++++++++++++++++++++++++++++++++++--------- 5 files changed, 74 insertions(+), 19 deletions(-) diff --git a/config.json b/config.json index 6e09866..4fe04be 100644 --- a/config.json +++ b/config.json @@ -1,13 +1,13 @@ { "port": 12345, - "program_noproxy": ["/usr/lib/v2ray/v2ray", "/usr/bin/qv2ray"], + "program_noproxy": ["v2ray", "qv2ray"], "program_proxy": [], "cgroup_noproxy": ["/system.slice/v2ray.service"], "cgroup_proxy": [], "enable_gateway": false, "enable_dns": true, - "enable_ipv4": true, - "enable_ipv6": true, + "enable_udp": true, "enable_tcp": true, - "enable_udp": true + "enable_ipv4": true, + "enable_ipv6": true } diff --git a/man/cgnoproxy.1 b/man/cgnoproxy.1 index ddf39f5..d71af15 100644 --- a/man/cgnoproxy.1 +++ b/man/cgnoproxy.1 @@ -3,11 +3,13 @@ .SH NAME cgnoproxy \- Run program without proxy .SH SYNOPSIS -cgnoproxy [--help] [--debug] +cgnoproxy --help +cgnoproxy [--debug] +cgnoproxy [--debug] --pid .SH ALIAS cgnoproxy = cgproxy --noproxy .SH DESCRIPTION -cgnoproxy send current running process pid to cgproxyd through unix socket, then pid is attached to non-proxied cgroup +cgnoproxy send current running process pid or specified pid to cgproxyd through unix socket, then pid is attached to non-proxied cgroup .SH EXAMPLES cgnoproxy sudo v2ray -config config_file .SH SEE ALSO diff --git a/man/cgproxy.1 b/man/cgproxy.1 index 1f9851b..2b6f86d 100644 --- a/man/cgproxy.1 +++ b/man/cgproxy.1 @@ -3,9 +3,11 @@ .SH NAME cgproxy \- Run program with proxy .SH SYNOPSIS -cgproxy [--help] [--debug] +cgproxy --help +cgproxy [--debug] +cgproxy [--debug] --pid .SH DESCRIPTION -cgproxy send current running process pid to cgproxyd through unix socket, then pid is attached to proxied cgroup +cgproxy send current running process pid or specified pid to cgproxyd through unix socket, then pid is attached to proxied cgroup .SH EXAMPLES cgproxy curl -vI https://www.google.com .SH SEE ALSO diff --git a/man/cgproxyd.1 b/man/cgproxyd.1 index fa8cb4a..ed1c121 100644 --- a/man/cgproxyd.1 +++ b/man/cgproxyd.1 @@ -3,20 +3,38 @@ .SH NAME cgproxyd \- Start a daemon with unix socket to accept control from cgproxy/cgnoproxy .SH SYNOPSIS -cgproxyd [--help] [--debug] +cgproxyd [--help] [--debug] [--execsnoop] .SH ALIAS cgproxyd = cgproxy --daemon +.SH OPTIONS +.B --execsnoop +.br +enable execsnoop to support program level proxy, need python-bcc installed to actually work .SH CONFIGURATION .I /etc/cgproxy/config.json .br .B port tproxy listenning port .br +program level proxy controll, need `python-bcc` installed to work: +.br +.RS +.B program_proxy +program need to be proxied +.br +.B program_noproxy +program that won't be proxied +.RE +.br +cgroup level proxy control: +.br +.RS .B cgroup_noproxy cgroup array that no need to proxy, /noproxy.slice is preserved. .br .B cgroup_proxy cgroup array that need to proxy, /proxy.slice is preserved. +.RE .br .B enable_gateway enable gateway proxy for local devices. @@ -24,7 +42,14 @@ enable gateway proxy for local devices. .B enable_dns enable dns to go to proxy. .br -.B enable_tcp enable_udp enable_ipv4 enable_ipv6 +.B enable_tcp +.br +.B enable_udp +.br +.B enable_ipv4 +.br +.B enable_ipv6 +.br .SH SEE ALSO cgproxyd(1), cgproxy(1), cgnoproxy(1) diff --git a/readme.md b/readme.md index b9712a4..eb17c96 100644 --- a/readme.md +++ b/readme.md @@ -87,28 +87,51 @@ Config file: **/etc/cgproxy/config.json** ```json { + "port": 12345, + "program_noproxy": ["v2ray", "qv2ray"], + "program_proxy": [ ], "cgroup_noproxy": ["/system.slice/v2ray.service"], - "cgroup_proxy": [], - "enable_dns": true, + "cgroup_proxy": [ ], "enable_gateway": false, - "enable_ipv4": true, - "enable_ipv6": true, - "enable_tcp": true, + "enable_dns": true, "enable_udp": true, - "port": 12345 + "enable_tcp": true, + "enable_ipv4": true, + "enable_ipv6": true } ``` - **port** tproxy listenning port -- **cgroup_noproxy** cgroup array that no need to proxy, `/noproxy.slice` is preserved -- **cgroup_proxy** cgroup array that need to proxy, `/proxy.slice` is preserved + +- program level proxy controll, need `python-bcc` installed to work + + - **program_proxy** program need to be proxied + - **program_noproxy** program that won't be proxied + +- cgroup level proxy control: + + - **cgroup_noproxy** cgroup array that no need to proxy, `/noproxy.slice` is preserved + - **cgroup_proxy** cgroup array that need to proxy, `/proxy.slice` is preserved + - **enable_gateway** enable gateway proxy for local devices + - **enable_dns** enable dns to go to proxy + - **enable_tcp** + - **enable_udp** + - **enable_ipv4** + - **enable_ipv6** +- options priority + + ``` + program_noproxy > program_proxy > cgroup_noproxy > cgroup_proxy + enable_ipv6 > enable_ipv4 > enable_tcp > enable_udp > enable_dns + ``` + **Note**: cgroup in configuration need to be exist, otherwise ignored If you changed config, remember to restart service @@ -146,7 +169,8 @@ sudo systemctl restart cgproxy.service - `cgnoproxy` run program wihout proxy, very useful in global transparent proxy ```bash - cgnoproxy [--debug] + cgnoproxy [--debug] + cgnoproxy [--debug] --pid ``` - `cgattach` attach specific process pid to specific cgroup which will create if not exist , cgroup can be only one level down exist cgroup, otherwise created fail. @@ -158,6 +182,8 @@ sudo systemctl restart cgproxy.service # example cgattch 9999 /proxy.slice ``` + +- For more detail command usage, see `man cgproxyd` `man cgproxy` `man cgnoproxy` ## NOTES