mirror of
https://github.com/springzfx/cgproxy.git
synced 2026-02-09 21:14:57 +08:00
allow array input for cgroup_proxy and cgroup_noproxy
This commit is contained in:
fancy
@@ -1,7 +1,8 @@
|
||||
cmake_minimum_required(VERSION 3.10)
|
||||
set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED ON)
|
||||
set(CMAKE_BUILD_TYPE DEBUG)
|
||||
# set(CMAKE_BUILD_TYPE DEBUG)
|
||||
set(CMAKE_BUILD_TYPE RELEASE)
|
||||
add_compile_options(-Wno-return-type)
|
||||
|
||||
project(cgproxy VERSION 3.7)
|
||||
|
||||
27
cgproxy.conf
27
cgproxy.conf
@@ -1,26 +1,47 @@
|
||||
## cgroup transparent proxy
|
||||
## see how to configure, https://github.com/springzfx/cgproxy
|
||||
|
||||
###################################################################################
|
||||
## any process in cgroup_proxy will be proxied, and cgroup_noproxy the opposite
|
||||
## note, cgroup must start with slash '/'
|
||||
# cgroup_proxy="/" # for global tproxy
|
||||
# cgroup_noproxy="/system.slice/v2ray.service" # for v2ray service
|
||||
## the value can be string or bash array
|
||||
## for array, only the first element will be created if not exist
|
||||
## and the rest elements will not, so won't be applied
|
||||
|
||||
### global proxy with v2ray service
|
||||
#cgroup_proxy="/"
|
||||
#cgroup_noproxy=("/noproxy.slice" "/system.slice/v2ray.service")
|
||||
|
||||
### global proxy with manual `cgnoporxy qv2ray`
|
||||
#cgroup_proxy="/"
|
||||
#cgroup_noproxy="/noproxy.slice"
|
||||
|
||||
### default
|
||||
cgroup_proxy="/proxy.slice"
|
||||
cgroup_noproxy="/noproxy.slice"
|
||||
|
||||
|
||||
###################################################################################
|
||||
## allow as gateway for local network
|
||||
enable_gateway=false
|
||||
|
||||
|
||||
###################################################################################
|
||||
## listening port of another proxy process, for example v2ray
|
||||
port=12345
|
||||
|
||||
## if you set to false, it's traffic won't go through proxy, but still can go direct to internet
|
||||
|
||||
###################################################################################
|
||||
## if you set to false, it's traffic won't go through proxy,
|
||||
## but still can go direct to internet
|
||||
enable_dns=true
|
||||
enable_tcp=true
|
||||
enable_udp=true
|
||||
enable_ipv4=true
|
||||
enable_ipv6=true
|
||||
|
||||
|
||||
###################################################################################
|
||||
## do not modify this if you don't known what you are doing
|
||||
table=100
|
||||
fwmark=0x01
|
||||
|
||||
@@ -69,7 +69,6 @@ for i in "$@"
|
||||
do
|
||||
case $i in
|
||||
stop)
|
||||
iptables -t mangle -L TPROXY_PRE &> /dev/null || exit 0
|
||||
echo "stopping tproxy iptables"
|
||||
iptables -t mangle -D PREROUTING -j TPROXY_PRE
|
||||
iptables -t mangle -D OUTPUT -j TPROXY_OUT
|
||||
@@ -99,7 +98,6 @@ case $i in
|
||||
--config=*)
|
||||
config=${i#*=}
|
||||
source $config
|
||||
shift
|
||||
;;
|
||||
--help)
|
||||
print_help
|
||||
@@ -136,8 +134,12 @@ iptables -t mangle -A TPROXY_OUT -p icmp -j RETURN
|
||||
iptables -t mangle -A TPROXY_OUT -m connmark --mark $make_newin -j RETURN
|
||||
iptables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
|
||||
iptables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
|
||||
iptables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_noproxy -j RETURN
|
||||
iptables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-mark $fwmark
|
||||
for cg in ${cgroup_noproxy[@]}; do
|
||||
iptables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j RETURN
|
||||
done
|
||||
for cg in ${cgroup_proxy[@]}; do
|
||||
iptables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j MARK --set-mark $fwmark
|
||||
done
|
||||
iptables -t mangle -A OUTPUT -j TPROXY_OUT
|
||||
|
||||
#ipv6#
|
||||
@@ -163,8 +165,12 @@ ip6tables -t mangle -A TPROXY_OUT -p icmpv6 -j RETURN
|
||||
ip6tables -t mangle -A TPROXY_OUT -m connmark --mark $make_newin -j RETURN
|
||||
ip6tables -t mangle -A TPROXY_OUT -m addrtype --dst-type LOCAL -j RETURN
|
||||
ip6tables -t mangle -A TPROXY_OUT -m addrtype ! --dst-type UNICAST -j RETURN
|
||||
ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_noproxy -j RETURN
|
||||
ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cgroup_proxy -j MARK --set-mark $fwmark
|
||||
for cg in ${cgroup_noproxy[@]}; do
|
||||
ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j RETURN
|
||||
done
|
||||
for cg in ${cgroup_proxy[@]}; do
|
||||
ip6tables -t mangle -A TPROXY_OUT -m cgroup --path $cg -j MARK --set-mark $fwmark
|
||||
done
|
||||
ip6tables -t mangle -A OUTPUT -j TPROXY_OUT
|
||||
|
||||
## allow to disable, order is important
|
||||
@@ -199,8 +205,8 @@ ip6tables -t mangle -I TPROXY_PRE -m addrtype ! --src-type LOCAL -m conntrack --
|
||||
|
||||
## message for user
|
||||
cat << DOC
|
||||
noproxy cgroup: $cgroup_noproxy
|
||||
proxied cgroup: $cgroup_proxy
|
||||
noproxy cgroup: ${cgroup_noproxy[@]}
|
||||
proxied cgroup: ${cgroup_proxy[@]}
|
||||
DOC
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user