Skip to content
Snippets Groups Projects
Normal view Permalink
utils.go 2.25 KiB
Newer Older
  • Learn to ignore specific revisions
    • Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 
    // Copyright 2019 Path Network, Inc. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package main

import (
	"fmt"
	"net"
	"syscall"
)

type Protocol int

const (
	TCP Protocol = iota
	UDP
)

func CheckOriginAllowed(remoteIP net.IP) bool {
	if len(Opts.AllowedSubnets) == 0 {
		return true
	}

	for _, ipNet := range Opts.AllowedSubnets {
		if ipNet.Contains(remoteIP) {
			return true
		}
	}
	return false
}

func DialUpstreamControl(sport int) func(string, string, syscall.RawConn) error {
	return func(network, address string, c syscall.RawConn) error {
		var syscallErr error
		err := c.Control(func(fd uintptr) {
			if Opts.Protocol == "tcp" {
				syscallErr = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_SYNCNT, 2)
				if syscallErr != nil {
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    40 
    					syscallErr = fmt.Errorf("setsockopt(IPPROTO_TCP, TCP_SYNCTNT, 2): %w", syscallErr)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    41 42 43 44 45 46 
    					return
				}
			}

			syscallErr = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, syscall.IP_TRANSPARENT, 1)
			if syscallErr != nil {
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    47 
    				syscallErr = fmt.Errorf("setsockopt(IPPROTO_IP, IP_TRANSPARENT, 1): %w", syscallErr)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    48 49 50 51 52 
    				return
			}

			syscallErr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
			if syscallErr != nil {
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    53 
    				syscallErr = fmt.Errorf("setsockopt(SOL_SOCKET, SO_REUSEADDR, 1): %w", syscallErr)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    54 55 56 57 58 
    				return
			}

			if sport == 0 {
				ipBindAddressNoPort := 24
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    59 60 61 62 63 
    				syscallErr = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IP, ipBindAddressNoPort, 1)
				if syscallErr != nil {
					syscallErr = fmt.Errorf("setsockopt(SOL_SOCKET, IPPROTO_IP, %d): %w", Opts.Mark, syscallErr)
					return
				}
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    64 65 66 67 68 
    			}

			if Opts.Mark != 0 {
				syscallErr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, Opts.Mark)
				if syscallErr != nil {
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    69 
    					syscallErr = fmt.Errorf("setsockopt(SOL_SOCK, SO_MARK, %d): %w", Opts.Mark, syscallErr)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    70 71 72 73 74 
    					return
				}
			}

			if network == "tcp6" || network == "udp6" {
    Michael Gernoth's avatar
    Fix "protocol not available" for IPv6 connections  
    Michael Gernoth committed
    75 
    				syscallErr = syscall.SetsockoptInt(int(fd), syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY, 0)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    76 
    				if syscallErr != nil {
    Stefan Majer's avatar
    Remove all external dependencies (#23)  
    Stefan Majer committed
    77 
    					syscallErr = fmt.Errorf("setsockopt(IPPROTO_IP, IPV6_ONLY, 0): %w", syscallErr)
    Konrad Zemek's avatar
    Add UDP proxying.
    Konrad Zemek committed
    78 79 80 81 82 83 84 85 86 87 88 
    					return
				}
			}
		})

		if err != nil {
			return err
		}
		return syscallErr
	}
}