better way to bypass external ip

Asterisk4Magisk · Aug 10, 2024 · df25573 · df25573
1 parent 67f1d73
commit df25573
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 55 deletions.
diff --git a/main/common/const.go b/main/common/const.go
@@ -1,6 +1,9 @@
 package common
 
-import "github.com/coreos/go-iptables/iptables"
+import (
+	"github.com/coreos/go-iptables/iptables"
+	"net"
+)
 
 const (
 	CoreGid             = "3005"
@@ -20,18 +23,24 @@ const (
 )
 
 var (
-	Ipt, _   = iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	Ipt6, _  = iptables.NewWithProtocol(iptables.ProtocolIPv6)
-	IntraNet = []string{"0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16",
-		"172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.88.99.0/24", "192.168.0.0/16", "198.51.100.0/24",
-		"203.0.113.0/24", "224.0.0.0/4", "240.0.0.0/4", "255.255.255.255/32"}
-	IntraNet6 = []string{"::/128", "::1/128", "::ffff:0:0/96", "100::/64", "64:ff9b::/96", "2001::/32",
-		"2001:10::/28", "2001:20::/28", "2001:db8::/32", "2002::/16", "fc00::/7", "fe80::/10", "ff00::/8"}
-	ExternalIPv6 []string
+	Ipt, _    = iptables.NewWithProtocol(iptables.ProtocolIPv4)
+	Ipt6, _   = iptables.NewWithProtocol(iptables.ProtocolIPv6)
+	IntraNet  = []string{"0.0.0.0/8", "10.0.0.0/8", "100.0.0.0/8", "127.0.0.0/8", "169.254.0.0/16", "192.0.0.0/24", "192.0.2.0/24", "192.88.99.0/24", "192.168.0.0/16", "198.51.100.0/24", "203.0.113.0/24", "224.0.0.0/4", "240.0.0.0/4", "255.255.255.255/32"}
+	IntraNet6 = []string{"::/128", "::1/128", "::ffff:0:0/96", "100::/64", "64:ff9b::/96", "2001::/32", "2001:10::/28", "2001:20::/28", "2001:db8::/32", "2002::/16", "fe80::/10", "ff00::/8"}
+	UseDummy  = true
 )
 
 func init() {
-	if ext, err := getExternalIPv6Addr(); err == nil {
-		ExternalIPv6 = append(ExternalIPv6, ext...)
+	if addrs, err := net.InterfaceAddrs(); err == nil {
+		for _, address := range addrs {
+			if ipnet, ok := address.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
+				if ipnet.IP.To4() != nil {
+					IntraNet = append(IntraNet, ipnet.IP.String())
+				} else {
+					UseDummy = false
+					IntraNet6 = append(IntraNet6, ipnet.IP.String())
+				}
+			}
+		}
 	}
 }
diff --git a/main/common/network.go b/main/common/network.go
@@ -129,23 +129,6 @@ func CheckLocalDevice(dev string) bool {
 	return false
 }
 
-// getExternalIPv6Addr get external ipv6 address, which should bypass
-func getExternalIPv6Addr() ([]string, error) {
-	var ipv6Addrs []string
-	addrs, err := net.InterfaceAddrs()
-	if err != nil {
-		return nil, e.New("cannot get ip address from local interface, ", err).WithPrefix(tagNetwork)
-	}
-	for _, address := range addrs {
-		if ipnet, ok := address.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
-			if ipnet.IP.To4() == nil {
-				ipv6Addrs = append(ipv6Addrs, ipnet.IP.String())
-			}
-		}
-	}
-	return ipv6Addrs, nil
-}
-
 // DownloadFile download file from url, and save to filepath
 func DownloadFile(filepath string, url string) error {
 	// get file from url

diff --git a/main/proxies/tproxy/dummy.go b/main/proxies/tproxy/dummy.go
@@ -33,7 +33,7 @@ func removeDummyDevice() {
 	var errMsg bytes.Buffer
 	common.NewExternal(0, nil, &errMsg, "ip", "-6", "link", "set", common.DummyDevice, "down").Run()
 	if errMsg.Len() > 0 {
-		log.HandleDebug("set dummy up down: " + errMsg.String())
+		log.HandleDebug("set dummy down failed: " + errMsg.String())
 	}
 	errMsg.Reset()
 	common.NewExternal(0, nil, &errMsg, "ip", "-6", "link", "del", common.DummyDevice, "type", "dummy").Run()

diff --git a/main/proxies/tproxy/tproxy.go b/main/proxies/tproxy/tproxy.go
@@ -11,16 +11,6 @@ import (
 
 const tagTproxy = "tproxy"
 
-var useDummy bool
-
-func init() {
-	if len(common.ExternalIPv6) > 0 {
-		useDummy = false
-	} else {
-		useDummy = true
-	}
-}
-
 type Tproxy struct{}
 
 func (this *Tproxy) Enable() error {
@@ -101,7 +91,7 @@ func addRoute(ipv6 bool) error {
 			return e.New("add ip route failed, ", errMsg.String()).WithPrefix(tagTproxy)
 		}
 	} else {
-		if !useDummy {
+		if !common.UseDummy {
 			common.NewExternal(0, nil, &errMsg, "ip", "-6", "rule", "add", "fwmark", common.TproxyMarkId, "table", common.TproxyTableId).Run()
 			if errMsg.Len() > 0 {
 				return e.New("add ip rule failed, ", errMsg.String()).WithPrefix(tagTproxy)
@@ -162,7 +152,7 @@ func createProxyChain(ipv6 bool) error {
 		return e.New("create "+currentProto+" mangle chain PROXY failed, ", err).WithPrefix(tagTproxy)
 	}
 	// bypass dummy
-	if currentProto == "ipv6" && useDummy {
+	if currentProto == "ipv6" && common.UseDummy {
 		if err := currentIpt.Append("mangle", "PROXY", "-o", common.DummyDevice, "-j", "RETURN"); err != nil {
 			return e.New("ignore dummy interface "+common.DummyDevice+" on "+currentProto+" mangle chain PROXY failed, ", err).WithPrefix(tagTproxy)
 		}
@@ -186,13 +176,6 @@ func createProxyChain(ipv6 bool) error {
 				return e.New("bypass intraNet "+intraIp6+" on "+currentProto+" mangle chain PROXY failed, ", err).WithPrefix(tagTproxy)
 			}
 		}
-		if !useDummy {
-			for _, external := range common.ExternalIPv6 {
-				if err := currentIpt.Append("mangle", "PROXY", "-d", external+"/32", "-j", "RETURN"); err != nil {
-					return e.New("bypass externalIPv6 "+external+" on "+currentProto+" mangle chain PROXY failed, ", err).WithPrefix(tagTproxy)
-				}
-			}
-		}
 	}
 	// bypass Core itself
 	if err := currentIpt.Append("mangle", "PROXY", "-m", "owner", "--gid-owner", common.CoreGid, "-j", "RETURN"); err != nil {
@@ -309,13 +292,6 @@ func createMangleChain(ipv6 bool) error {
 				return e.New("bypass intraNet "+intraIp6+" on "+currentProto+" mangle chain XRAY failed, ", err).WithPrefix(tagTproxy)
 			}
 		}
-		if !useDummy {
-			for _, external := range common.ExternalIPv6 {
-				if err := currentIpt.Append("mangle", "XRAY", "-d", external+"/32", "-j", "RETURN"); err != nil {
-					return e.New("bypass externalIPv6 "+external+" on "+currentProto+" mangle chain XRAY failed, ", err).WithPrefix(tagTproxy)
-				}
-			}
-		}
 	}
 	// allow IntraList
 	for _, intra := range builds.Config.Proxy.IntraList {