config

Documentation

Index

• Constants
• Variables
• type Bypass
• type CGroupRoot
• type Config
  • func New(opts ...Opt) (ret *Config, err error)
• type DNSHijack
• type FireWallMark
• type Opt
  • func WithContent(raw []byte) Opt
  • func WithLogger(log *zap.SugaredLogger) Opt
• type Rule
  • func (r *Rule) String() string
• type TProxy

Constants

const DefaultConfig = `
version: 1
cgroup-root: AUTO
route-table: 400
rules:
  - match: \/.*
    direct: true
`

const (
	IPv4LocalhostStr = "127.0.0.1"
)

Variables

var (
	ErrCannotFoundCgroupv2Mount = errors.New("`cgroup2` mount point not found in /proc/mounts.")
)

Types

type Bypass

type Bypass []string

type CGroupRoot

type CGroupRoot string

type Config

type Config struct {
	Version string `yaml:"version" validate:"required,eq=1"`

	CgroupRoot CGroupRoot `yaml:"cgroup-root" validate:"required,dirpath|eq=AUTO"`
	// Bypass describes the bypass rules apply to all the TPROXY servers.
	// If the destination matched in Bypass, the traffic will not be touched.
	Bypass   Bypass             `yaml:"bypass" validate:"dive,ipv4|cidrv4|ipv6|cidrv6"`
	TProxies map[string]*TProxy `yaml:"tproxies" validate:"dive"`
	Rules    []Rule             `yaml:"rules" validate:"dive"`
	// The route table number cgtproxy will create to route TPROXY traffic.
	// This table will be removed when cgtproxy stopped.
	RouteTable int `yaml:"route-table" validate:"required"`
	// contains filtered or unexported fields
}

func New

func New(opts ...Opt) (ret *Config, err error)

type DNSHijack

type DNSHijack struct {
	IP   *string `yaml:"ip" validate:"ip4_addr"`
	Port uint16  `yaml:"port"`
	// If TCP is set to true,
	// tcp traffic will be hijacked, too,
	// when it's destination port is 53.
	TCP bool `yaml:"tcp"`
}

type FireWallMark

type FireWallMark uint32

type Opt

type Opt func(c *Config) (ret *Config, err error)

func WithContent

func WithContent(raw []byte) Opt

func WithLogger

func WithLogger(log *zap.SugaredLogger) Opt

type Rule

type Rule struct {
	// Match is an regex expression
	// to match an cgroup path relative to the root of cgroupfs.
	Match string `yaml:"match" validate:"required"`

	// TProxy means that the traffic comes from this cgroup
	// should be redirected to a TPROXY server.
	TProxy string `yaml:"tproxy" validate:"required_without_all=Drop Direct,excluded_with=Drop Direct"`
	// Drop means that the traffic comes from this cgroup will be dropped.
	Drop bool `yaml:"drop" validate:"required_without_all=TProxy Direct,excluded_with=TProxy Direct"`
	// Direct means that the traffic comes from this cgroup will not be touched.
	Direct bool `yaml:"direct" validate:"required_without_all=TProxy Drop,excluded_with=TProxy Drop"`
}

Rule describes a rule about how to handle traffic comes from a cgroup.

func (*Rule) String

func (r *Rule) String() string

type TProxy

type TProxy struct {
	Name   string `yaml:"-"`
	NoUDP  bool   `yaml:"no-udp"`
	NoIPv6 bool   `yaml:"no-ipv6"`
	Port   uint16 `yaml:"port" validate:"required"`
	// Mark is the fire wall mark used to identify the TPROXY server
	// and trigger reroute operation of netfliter
	// from OUTPUT to PREROUTING internally.
	// It **NOT** means that this TPROXY server
	// must send traffic with the fwmark.
	// This mark is designed to be changeable for user
	// to make sure this mark is not conflict
	// with any fire wall mark in use.
	Mark FireWallMark `yaml:"mark" validate:"required"`
	// DNSHijack will hijack the dns request traffic
	// should redirect to this TPROXY server,
	// and send them to directory to a dns server described in DNSHijack.
	// This option is for fake-ip.
	DNSHijack *DNSHijack `yaml:"dns-hijack"`
}

TProxy describes a TPROXY server.