mirror of
https://github.com/springzfx/cgproxy.git
synced 2026-03-15 09:32:09 +08:00
updated readme
This commit is contained in:
fancy
14
cgattach.cpp
14
cgattach.cpp
@@ -10,7 +10,7 @@
|
||||
#include <unistd.h>
|
||||
using namespace std;
|
||||
|
||||
void print_usage() { fprintf(stderr, "usage: cgattach <pid> <cgroup>\n"); }
|
||||
void print_usage() { fprintf(stdout, "usage: cgattach <pid> <cgroup>\n"); }
|
||||
|
||||
bool exist(string path) {
|
||||
struct stat st;
|
||||
@@ -25,8 +25,8 @@ bool validate(string pid, string cgroup) {
|
||||
bool cg_v = regex_match(cgroup, regex("^\\/[a-zA-Z0-9\\-_./@]*$"));
|
||||
if (pid_v && cg_v)
|
||||
return true;
|
||||
// cout<<pid_v<<" "<<cg_v<<endl;
|
||||
puts("paramater validate error\n");
|
||||
|
||||
fprintf(stderr, "paramater validate error\n");
|
||||
print_usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -35,12 +35,12 @@ int main(int argc, char *argv[]) {
|
||||
setuid(0);
|
||||
setgid(0);
|
||||
if (getuid() != 0 || getgid() != 0) {
|
||||
fprintf(stderr, "cgattach need setuid sticky bit\n");
|
||||
fprintf(stderr, "cgattach need suid sticky bit or run with root\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (argc != 3) {
|
||||
puts("only need 2 paramaters\n");
|
||||
fprintf(stderr, "only need 2 paramaters\n");
|
||||
print_usage();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -52,7 +52,7 @@ int main(int argc, char *argv[]) {
|
||||
string cgroup_target_path = cgroup_mount_point + cgroup_target;
|
||||
string cgroup_target_procs = cgroup_target_path + "/cgroup.procs";
|
||||
|
||||
// check if exist, we won't create it if not exist
|
||||
// check if exist, we will create it if not exist
|
||||
if (!exist(cgroup_target_path)) {
|
||||
if (mkdir(cgroup_target_path.c_str(),
|
||||
S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) == 0) {
|
||||
@@ -75,7 +75,7 @@ int main(int argc, char *argv[]) {
|
||||
procs << pid.c_str() << endl;
|
||||
procs.close();
|
||||
|
||||
// maybe there some write error, for example process pid not exist
|
||||
// maybe there some write error, for example process pid may not exist
|
||||
if (!procs) {
|
||||
fprintf(stderr, "write %s to %s failed, maybe process %s not exist\n",
|
||||
pid.c_str(), cgroup_target_procs.c_str(), pid.c_str());
|
||||
|
||||
@@ -25,16 +25,19 @@ It aslo supports global transparent proxy. See [Global transparent proxy](#globa
|
||||
|
||||
<!--te-->
|
||||
|
||||
|
||||
## Prerequest
|
||||
|
||||
- cgroup2
|
||||
|
||||
Why cgroup v2? Because simple, elegant and intuitive.
|
||||
|
||||
For now, linux default using cgroup v1 for compatibility, this project need cgroup v2, you need disable cgroup v1 and enable cgroup v2 in your system. see [Disabling v1 cgroups](https://wiki.archlinux.org/index.php/Cgroups#Disabling_v1_cgroups).
|
||||
|
||||
- TPROXY
|
||||
|
||||
A process listening on port (e.g. 12345) to accept iptables TPROXY, for example v2ray's dokodemo-door in tproxy mode.
|
||||
|
||||
Why not REDIRECT? Because REDIRECT only supports tcp and ipv4.
|
||||
|
||||
## How to install
|
||||
|
||||
@@ -105,7 +108,7 @@ sudo systemctl restart cgproxy.service
|
||||
|
||||
## Global transparent proxy
|
||||
|
||||
- First, set **cgroup_proxy=/** in `/etc/cgproxy.conf`, this will proxy all connection
|
||||
- First, set **cgroup_proxy="/"** in `/etc/cgproxy.conf`, this will proxy all connection
|
||||
|
||||
- Then, run your proxy software in cgroup_noproxy to allow direct to internet
|
||||
|
||||
|
||||
Reference in New Issue
Block a user