Domů Procházet Nápověda
Registrovat se Přihlásit se
sequoia00
/
multinetspeeder
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Procházet zdrojové kódy

修改ipv6

Gogs před 2 týdny
rodič
84cde18542
revize
5a133ac7da
3 změnil soubory, kde provedl 43 přidání a 4 odebrání
Jednotné zobrazení Ukázat statistiku rozdílových dat
  1. 2 0
      scripts/rotate-log.py
  2. 36 4
      scripts/start-transparent.sh
  3. 5 0
      scripts/stop-transparent.sh

+ 2 - 0
scripts/rotate-log.py
Zobrazit soubor 

@@ -3,6 +3,7 @@ from __future__ import annotations
 
 
 
 import os
 
 import os
 
 import sys
 
 import sys
 
+import time
 
 from pathlib import Path
 
 from pathlib import Path
 
 
 
 
 
@@ -37,6 +38,7 @@ def main() -> int:
 
         chunk = stream.readline()
 
         chunk = stream.readline()
 
         if not chunk:
 
         if not chunk:
 
             break
 
             break
 
+        chunk = f"[{int(time.time() * 1000)}] ".encode() + chunk
 
         with log_path.open("ab") as handle:
 
         with log_path.open("ab") as handle:
 
             handle.write(chunk)
 
             handle.write(chunk)
 
         try:
 
         try:

+ 36 - 4
scripts/start-transparent.sh
Zobrazit soubor 

@@ -47,6 +47,7 @@ LISTEN_PORT="${MYNETSPEEDER_LISTEN_PORT:-19080}"
 
 RUNTIME_USER="${MYNETSPEEDER_USER:-mynetspeeder}"
 
 RUNTIME_USER="${MYNETSPEEDER_USER:-mynetspeeder}"
 
 PID_FILE="/var/run/mynetspeeder-edge.pid"
 
 PID_FILE="/var/run/mynetspeeder-edge.pid"
 
 SOCKS_PID_FILE="/var/run/mynetspeeder-socks.pid"
 
 SOCKS_PID_FILE="/var/run/mynetspeeder-socks.pid"
 
+IPTABLES_WATCHDOG_PID_FILE="/var/run/mynetspeeder-iptables-watchdog.pid"
 
 LOG_FILE="/var/log/mynetspeeder-edge.log"
 
 LOG_FILE="/var/log/mynetspeeder-edge.log"
 
 SOCKS_LOG_FILE="/var/log/mynetspeeder-socks.log"
 
 SOCKS_LOG_FILE="/var/log/mynetspeeder-socks.log"
 
 LOG_MAX_MB="${MYNETSPEEDER_LOG_MAX_MB:-50}"
 
 LOG_MAX_MB="${MYNETSPEEDER_LOG_MAX_MB:-50}"
 
@@ -111,6 +112,35 @@ ensure_rule() {
 
   fi
 
   fi
 
 }
 
 }
 
 
 
+ensure_first_rule() {
 
+  local cmd="$1"
 
+  local table="$2"
 
+  local chain="$3"
 
+  shift 3
 
+  if ! "$cmd" -t "$table" -C "$chain" "$@" >/dev/null 2>&1; then
 
+    "$cmd" -t "$table" -I "$chain" 1 "$@"
 
+  fi
 
+}
 
+
 
+start_iptables_watchdog() {
 
+  (
 
+    while true; do
 
+      sleep 5
 
+      ensure_first_rule iptables nat OUTPUT -p tcp -j "$CHAIN4" || true
 
+      if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
+        ensure_first_rule iptables nat OUTPUT -p udp -j "$CHAIN4" || true
 
+      fi
 
+      if [[ "${IP6_ENABLED:-0}" == "1" && "${IP6_NAT_SUPPORTED:-0}" == "1" ]]; then
 
+        ensure_first_rule ip6tables nat OUTPUT -p tcp -j "$CHAIN6" || true
 
+        if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
+          ensure_first_rule ip6tables nat OUTPUT -p udp -j "$CHAIN6" || true
 
+        fi
 
+      fi
 
+    done
 
+  ) >/dev/null 2>&1 &
 
+  echo $! > "$IPTABLES_WATCHDOG_PID_FILE"
 
+}
 
+
 
 add_exclusions_v4() {
 
 add_exclusions_v4() {
 
   iptables -t nat -A "$CHAIN4" -m addrtype --dst-type LOCAL -j RETURN
 
   iptables -t nat -A "$CHAIN4" -m addrtype --dst-type LOCAL -j RETURN
 
   for cidr in $SELF_EXCLUDE_V4; do
 
   for cidr in $SELF_EXCLUDE_V4; do
 
@@ -207,7 +237,7 @@ if [[ -n "$CAPTURE_UID" ]]; then
 
 else
 
 else
 
   iptables -t nat -A "$CHAIN4" -p tcp -j REDIRECT --to-ports "$LISTEN_PORT"
 
   iptables -t nat -A "$CHAIN4" -p tcp -j REDIRECT --to-ports "$LISTEN_PORT"
 
 fi
 
 fi
 
-ensure_rule iptables nat OUTPUT -p tcp -j "$CHAIN4"
 
+ensure_first_rule iptables nat OUTPUT -p tcp -j "$CHAIN4"
 
 if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
 if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
   add_udp_exclusions_v4
 
   add_udp_exclusions_v4
 
   if [[ -n "$CAPTURE_UID" ]]; then
 
   if [[ -n "$CAPTURE_UID" ]]; then
 
@@ -215,7 +245,7 @@ if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
   else
 
   else
 
     iptables -t nat -A "$CHAIN4" -p udp -j REDIRECT --to-ports "$LISTEN_PORT"
 
     iptables -t nat -A "$CHAIN4" -p udp -j REDIRECT --to-ports "$LISTEN_PORT"
 
   fi
 
   fi
 
-  ensure_rule iptables nat OUTPUT -p udp -j "$CHAIN4"
 
+  ensure_first_rule iptables nat OUTPUT -p udp -j "$CHAIN4"
 
 fi
 
 fi
 
 
 
 IP6_ENABLED=0
 
 IP6_ENABLED=0
 
@@ -226,21 +256,21 @@ if command -v ip6tables >/dev/null 2>&1; then
 
     IP6_NAT_SUPPORTED=1
 
     IP6_NAT_SUPPORTED=1
 
     ip6tables -t nat -N "$CHAIN6" 2>/dev/null || true
 
     ip6tables -t nat -N "$CHAIN6" 2>/dev/null || true
 
     ip6tables -t nat -F "$CHAIN6"
 
     ip6tables -t nat -F "$CHAIN6"
 
+    ensure_first_rule ip6tables nat OUTPUT -p tcp -j "$CHAIN6"
 
     add_exclusions_v6
 
     add_exclusions_v6
 
     if [[ -n "$CAPTURE_UID" ]]; then
 
     if [[ -n "$CAPTURE_UID" ]]; then
 
       ip6tables -t nat -A "$CHAIN6" -p tcp -m owner --uid-owner "$CAPTURE_UID" -j REDIRECT --to-ports "$LISTEN_PORT"
 
       ip6tables -t nat -A "$CHAIN6" -p tcp -m owner --uid-owner "$CAPTURE_UID" -j REDIRECT --to-ports "$LISTEN_PORT"
 
     else
 
     else
 
       ip6tables -t nat -A "$CHAIN6" -p tcp -j REDIRECT --to-ports "$LISTEN_PORT"
 
       ip6tables -t nat -A "$CHAIN6" -p tcp -j REDIRECT --to-ports "$LISTEN_PORT"
 
     fi
 
     fi
 
-    ensure_rule ip6tables nat OUTPUT -p tcp -j "$CHAIN6"
 
     if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
     if [[ "$UDP_CAPTURE_EFFECTIVE" == "1" ]]; then
 
+      ensure_first_rule ip6tables nat OUTPUT -p udp -j "$CHAIN6"
 
       add_udp_exclusions_v6
 
       add_udp_exclusions_v6
 
       if [[ -n "$CAPTURE_UID" ]]; then
 
       if [[ -n "$CAPTURE_UID" ]]; then
 
         ip6tables -t nat -A "$CHAIN6" -p udp -m owner --uid-owner "$CAPTURE_UID" -j REDIRECT --to-ports "$LISTEN_PORT"
 
         ip6tables -t nat -A "$CHAIN6" -p udp -m owner --uid-owner "$CAPTURE_UID" -j REDIRECT --to-ports "$LISTEN_PORT"
 
       else
 
       else
 
         ip6tables -t nat -A "$CHAIN6" -p udp -j REDIRECT --to-ports "$LISTEN_PORT"
 
         ip6tables -t nat -A "$CHAIN6" -p udp -j REDIRECT --to-ports "$LISTEN_PORT"
 
       fi
 
       fi
 
-      ensure_rule ip6tables nat OUTPUT -p udp -j "$CHAIN6"
 
     fi
 
     fi
 
   else
 
   else
 
     echo "ipv6 nat unavailable: ip6tables nat table not supported, skip ipv6 transparent rules"
 
     echo "ipv6 nat unavailable: ip6tables nat table not supported, skip ipv6 transparent rules"
 
@@ -263,6 +293,8 @@ if [[ "$IP6_ENABLED" == "1" && "$IP6_NAT_SUPPORTED" == "1" ]]; then
 
   fi
 
   fi
 
 fi
 
 fi
 
 
 
+start_iptables_watchdog
 
+
 
 echo "mynetspeeder transparent mode started on ${LISTEN_HOST}:${LISTEN_PORT}"
 
 echo "mynetspeeder transparent mode started on ${LISTEN_HOST}:${LISTEN_PORT}"
 
 echo "kernel mode: $KERNEL_MODE"
 
 echo "kernel mode: $KERNEL_MODE"
 
 echo "iptables backend: $IPTABLES_BACKEND"
 
 echo "iptables backend: $IPTABLES_BACKEND"

+ 5 - 0
scripts/stop-transparent.sh
Zobrazit soubor 

@@ -5,6 +5,7 @@ CHAIN4="MYNETSPEEDER"
 
 CHAIN6="MYNETSPEEDER6"
 
 CHAIN6="MYNETSPEEDER6"
 
 PID_FILE="/var/run/mynetspeeder-edge.pid"
 
 PID_FILE="/var/run/mynetspeeder-edge.pid"
 
 SOCKS_PID_FILE="/var/run/mynetspeeder-socks.pid"
 
 SOCKS_PID_FILE="/var/run/mynetspeeder-socks.pid"
 
+IPTABLES_WATCHDOG_PID_FILE="/var/run/mynetspeeder-iptables-watchdog.pid"
 
 
 
 if [[ $EUID -ne 0 ]]; then
 
 if [[ $EUID -ne 0 ]]; then
 
   echo "need root"
 
   echo "need root"
 
@@ -19,6 +20,10 @@ if [[ -f "$SOCKS_PID_FILE" ]]; then
 
   kill "$(cat "$SOCKS_PID_FILE")" 2>/dev/null || true
 
   kill "$(cat "$SOCKS_PID_FILE")" 2>/dev/null || true
 
   rm -f "$SOCKS_PID_FILE"
 
   rm -f "$SOCKS_PID_FILE"
 
 fi
 
 fi
 
+if [[ -f "$IPTABLES_WATCHDOG_PID_FILE" ]]; then
 
+  kill "$(cat "$IPTABLES_WATCHDOG_PID_FILE")" 2>/dev/null || true
 
+  rm -f "$IPTABLES_WATCHDOG_PID_FILE"
 
+fi
 
 pkill -f 'python3 -m mynetspeeder edge' || true
 
 pkill -f 'python3 -m mynetspeeder edge' || true
 
 pkill -f 'python3 -m mynetspeeder socks' || true
 
 pkill -f 'python3 -m mynetspeeder socks' || true