expose table, fwmark, mark_newin to config

cgroup-tproxy.sh

@@ -69,9 +69,12 @@ get_available_route_table(){
 }
 
 ## mark/route things
-table=10007 # just a prime number
-fwmark=0x9973
-make_newin=0x9967
+[ -z ${table+x} ]       && table=10007 # just a prime number
+[ -z ${fwmark+x} ]      && fwmark=0x9973
+[ -z ${mark_newin+x} ]  && mark_newin=0x9967
+
+
+# echo "table: $table fwmark: $fwmark, mark_newin: $mark_newin"
 
 ## cgroup things
 cgroup_mount_point=$(findmnt -t cgroup2 -n -o TARGET)
@@ -154,7 +157,7 @@ iptables -t mangle -A PREROUTING -j TPROXY_PRE
 
 iptables -t mangle -N TPROXY_OUT
 iptables -t mangle -A TPROXY_OUT -p icmp -j RETURN
-iptables -t mangle -A TPROXY_OUT -m connmark --mark  $make_newin -j RETURN
+iptables -t mangle -A TPROXY_OUT -m connmark --mark  $mark_newin -j RETURN
 iptables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
 iptables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
 for cg in ${cgroup_noproxy[@]}; do
@@ -185,7 +188,7 @@ ip6tables -t mangle -A PREROUTING -j TPROXY_PRE
 
 ip6tables -t mangle -N TPROXY_OUT
 ip6tables -t mangle -A TPROXY_OUT -p icmpv6 -j RETURN
-ip6tables -t mangle -A TPROXY_OUT -m connmark --mark  $make_newin -j RETURN
+ip6tables -t mangle -A TPROXY_OUT -m connmark --mark  $mark_newin -j RETURN
 ip6tables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
 ip6tables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
 for cg in ${cgroup_noproxy[@]}; do
@@ -223,8 +226,8 @@ $enable_gateway || ip6tables -t mangle -I TPROXY_PRE -m addrtype ! --src-type LO
 
 ## make sure following rules are the first in chain TPROXY_PRE to mark new incoming connection or gateway proxy connection
 ## so must put at last to insert first
-iptables  -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --ctstate NEW -j CONNMARK --set-mark $make_newin
-ip6tables -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --ctstate NEW -j CONNMARK --set-mark $make_newin
+iptables  -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --ctstate NEW -j CONNMARK --set-mark $mark_newin
+ip6tables -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --ctstate NEW -j CONNMARK --set-mark $mark_newin
 
 ## message for user
 # cat << DOC

config.json

@@ -1,4 +1,6 @@
 {
+    "comment":"For usgae, see https://github.com/springzfx/cgproxy",
+
     "port": 12345,
     "program_noproxy": ["v2ray", "qv2ray"],
     "program_proxy": [],
@@ -9,5 +11,8 @@
     "enable_udp": true,
     "enable_tcp": true,
     "enable_ipv4": true,
-    "enable_ipv6": true
+    "enable_ipv6": true,
+    "table": 10007,
+    "fwmark": 39283,
+    "mark_newin": 39271
 }

readme.md

@@ -1,6 +1,6 @@
 
 
-# Transparent Proxy powered with cgroup v2
+# Transparent Proxy powered by cgroup v2
 
 
 
@@ -95,16 +95,20 @@ Config file: **/etc/cgproxy/config.json**
 {
     "port": 12345,
     "program_noproxy": ["v2ray", "qv2ray"],
-    "program_proxy": [ ],
+    "program_proxy": [],
     "cgroup_noproxy": ["/system.slice/v2ray.service"],
-    "cgroup_proxy": [ ],
+    "cgroup_proxy": [],
     "enable_gateway": false,
     "enable_dns": true,
     "enable_udp": true,
     "enable_tcp": true,
     "enable_ipv4": true,
-    "enable_ipv6": true
+    "enable_ipv6": true,
+    "table": 10007,
+    "fwmark": 39283,
+    "mark_newin": 39271
 }
+
 ```
 
 - **port** tproxy listenning port
@@ -131,11 +135,14 @@ Config file: **/etc/cgproxy/config.json**
 
 - **enable_ipv6**
 
+- **table**, **fwmark**, **mark_newin**  you can specify iptables and route table related parameter in case conflict.
+
 - options priority
 
   ```
   program_noproxy > program_proxy > cgroup_noproxy > cgroup_proxy
   enable_ipv6 > enable_ipv4 > enable_tcp > enable_udp > enable_dns
+  ommand cgproxy and cgnoproxy always have highest priority
   ```
 
 **Note**: cgroup in configuration need to be exist, otherwise ignored

src/cgproxyd.hpp

@@ -300,7 +300,10 @@ public:
 
     assignStaticInstance();
 
-    config.loadFromFile(DEFAULT_CONFIG_FILE);
+    if (config.loadFromFile(DEFAULT_CONFIG_FILE)!=SUCCESS) {
+      error("load config file failed");
+      return -1;
+    }
     applyConfig();
 
     if (enable_socketserver) startSocketListeningThread();
@@ -311,6 +314,7 @@ public:
 
     return 0;
   }
+
   int applyConfig() {
     system(TPROXY_IPTABLS_CLEAN);
     config.print_summary();

src/config.cpp

@@ -32,6 +32,9 @@ void Config::toEnv() {
   setenv("enable_udp", to_str(enable_udp).c_str(), 1);
   setenv("enable_ipv4", to_str(enable_ipv4).c_str(), 1);
   setenv("enable_ipv6", to_str(enable_ipv6).c_str(), 1);
+  setenv("table", to_str(table).c_str(), 1);
+  setenv("fwmark", to_str(fwmark).c_str(), 1);
+  setenv("mark_newin", to_str(mark_newin).c_str(), 1);
 }
 
 int Config::saveToFile(const string f) {
@@ -56,6 +59,9 @@ string Config::toJsonStr() {
   add2json(enable_udp);
   add2json(enable_ipv4);
   add2json(enable_ipv6);
+  add2json(table);
+  add2json(fwmark);
+  add2json(mark_newin);
   return j.dump();
 }
 
@@ -89,6 +95,9 @@ int Config::loadFromJsonStr(const string js) {
   tryassign(enable_udp);
   tryassign(enable_ipv4);
   tryassign(enable_ipv6);
+  tryassign(table);
+  tryassign(fwmark);
+  tryassign(mark_newin);
 
   // e.g. v2ray -> /usr/bin/v2ray -> /usr/lib/v2ray/v2ray
   toRealProgramPath(program_noproxy);
@@ -109,7 +118,7 @@ bool Config::validateJsonStr(const string js) {
   bool status = true;
   const set<string> boolset = {"enable_gateway", "enable_dns",  "enable_tcp",
                                "enable_udp",     "enable_ipv4", "enable_ipv6"};
-  const set<string> allowset = {"program_proxy", "program_noproxy"};
+  const set<string> allowset = {"program_proxy", "program_noproxy", "comment", "table", "fwmark", "mark_newin"};
   for (auto &[key, value] : j.items()) {
     if (key == "cgroup_proxy" || key == "cgroup_noproxy") {
       if (value.is_string() && !validCgroup((string)value)) status = false;
@@ -139,6 +148,7 @@ void Config::print_summary() {
   info("proxied program: %s", join2str(program_proxy).c_str());
   info("noproxy cgroup: %s", join2str(cgroup_noproxy).c_str());
   info("proxied cgroup: %s", join2str(cgroup_proxy).c_str());
+  info("table: %d, fwmark: %d, mark_newin: %d", table, fwmark, mark_newin);
 }
 
 void Config::toRealProgramPath(vector<string> &v) {

src/config.h

@@ -25,6 +25,11 @@ public:
   bool enable_ipv4 = true;
   bool enable_ipv6 = true;
 
+  // for iptables
+  int table=10007;
+  int fwmark=0x9973;
+  int mark_newin=0x9967;
+
   void toEnv();
   int saveToFile(const string f);
   string toJsonStr();