mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-24 01:21:30 +00:00
Independent source_ip_is_private
and ip_is_private
rules
This commit is contained in:
parent
bb70e8267e
commit
3a9b787a6e
|
@ -78,7 +78,9 @@ type DefaultRule struct {
|
||||||
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
|
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
|
||||||
GeoIP Listable[string] `json:"geoip,omitempty"`
|
GeoIP Listable[string] `json:"geoip,omitempty"`
|
||||||
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
|
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
|
||||||
|
SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"`
|
||||||
IPCIDR Listable[string] `json:"ip_cidr,omitempty"`
|
IPCIDR Listable[string] `json:"ip_cidr,omitempty"`
|
||||||
|
IPIsPrivate bool `json:"ip_is_private,omitempty"`
|
||||||
SourcePort Listable[uint16] `json:"source_port,omitempty"`
|
SourcePort Listable[uint16] `json:"source_port,omitempty"`
|
||||||
SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
|
SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
|
||||||
Port Listable[uint16] `json:"port,omitempty"`
|
Port Listable[uint16] `json:"port,omitempty"`
|
||||||
|
|
|
@ -65,37 +65,38 @@ func (r DNSRule) IsValid() bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
type DefaultDNSRule struct {
|
type DefaultDNSRule struct {
|
||||||
Inbound Listable[string] `json:"inbound,omitempty"`
|
Inbound Listable[string] `json:"inbound,omitempty"`
|
||||||
IPVersion int `json:"ip_version,omitempty"`
|
IPVersion int `json:"ip_version,omitempty"`
|
||||||
QueryType Listable[DNSQueryType] `json:"query_type,omitempty"`
|
QueryType Listable[DNSQueryType] `json:"query_type,omitempty"`
|
||||||
Network Listable[string] `json:"network,omitempty"`
|
Network Listable[string] `json:"network,omitempty"`
|
||||||
AuthUser Listable[string] `json:"auth_user,omitempty"`
|
AuthUser Listable[string] `json:"auth_user,omitempty"`
|
||||||
Protocol Listable[string] `json:"protocol,omitempty"`
|
Protocol Listable[string] `json:"protocol,omitempty"`
|
||||||
Domain Listable[string] `json:"domain,omitempty"`
|
Domain Listable[string] `json:"domain,omitempty"`
|
||||||
DomainSuffix Listable[string] `json:"domain_suffix,omitempty"`
|
DomainSuffix Listable[string] `json:"domain_suffix,omitempty"`
|
||||||
DomainKeyword Listable[string] `json:"domain_keyword,omitempty"`
|
DomainKeyword Listable[string] `json:"domain_keyword,omitempty"`
|
||||||
DomainRegex Listable[string] `json:"domain_regex,omitempty"`
|
DomainRegex Listable[string] `json:"domain_regex,omitempty"`
|
||||||
Geosite Listable[string] `json:"geosite,omitempty"`
|
Geosite Listable[string] `json:"geosite,omitempty"`
|
||||||
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
|
SourceGeoIP Listable[string] `json:"source_geoip,omitempty"`
|
||||||
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
|
SourceIPCIDR Listable[string] `json:"source_ip_cidr,omitempty"`
|
||||||
SourcePort Listable[uint16] `json:"source_port,omitempty"`
|
SourceIPIsPrivate bool `json:"source_ip_is_private,omitempty"`
|
||||||
SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
|
SourcePort Listable[uint16] `json:"source_port,omitempty"`
|
||||||
Port Listable[uint16] `json:"port,omitempty"`
|
SourcePortRange Listable[string] `json:"source_port_range,omitempty"`
|
||||||
PortRange Listable[string] `json:"port_range,omitempty"`
|
Port Listable[uint16] `json:"port,omitempty"`
|
||||||
ProcessName Listable[string] `json:"process_name,omitempty"`
|
PortRange Listable[string] `json:"port_range,omitempty"`
|
||||||
ProcessPath Listable[string] `json:"process_path,omitempty"`
|
ProcessName Listable[string] `json:"process_name,omitempty"`
|
||||||
PackageName Listable[string] `json:"package_name,omitempty"`
|
ProcessPath Listable[string] `json:"process_path,omitempty"`
|
||||||
User Listable[string] `json:"user,omitempty"`
|
PackageName Listable[string] `json:"package_name,omitempty"`
|
||||||
UserID Listable[int32] `json:"user_id,omitempty"`
|
User Listable[string] `json:"user,omitempty"`
|
||||||
Outbound Listable[string] `json:"outbound,omitempty"`
|
UserID Listable[int32] `json:"user_id,omitempty"`
|
||||||
ClashMode string `json:"clash_mode,omitempty"`
|
Outbound Listable[string] `json:"outbound,omitempty"`
|
||||||
WIFISSID Listable[string] `json:"wifi_ssid,omitempty"`
|
ClashMode string `json:"clash_mode,omitempty"`
|
||||||
WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"`
|
WIFISSID Listable[string] `json:"wifi_ssid,omitempty"`
|
||||||
RuleSet Listable[string] `json:"rule_set,omitempty"`
|
WIFIBSSID Listable[string] `json:"wifi_bssid,omitempty"`
|
||||||
Invert bool `json:"invert,omitempty"`
|
RuleSet Listable[string] `json:"rule_set,omitempty"`
|
||||||
Server string `json:"server,omitempty"`
|
Invert bool `json:"invert,omitempty"`
|
||||||
DisableCache bool `json:"disable_cache,omitempty"`
|
Server string `json:"server,omitempty"`
|
||||||
RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"`
|
DisableCache bool `json:"disable_cache,omitempty"`
|
||||||
|
RewriteTTL *uint32 `json:"rewrite_ttl,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r DefaultDNSRule) IsValid() bool {
|
func (r DefaultDNSRule) IsValid() bool {
|
||||||
|
|
|
@ -120,6 +120,11 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt
|
||||||
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
||||||
rule.allItems = append(rule.allItems, item)
|
rule.allItems = append(rule.allItems, item)
|
||||||
}
|
}
|
||||||
|
if options.SourceIPIsPrivate {
|
||||||
|
item := NewIPIsPrivateItem(true)
|
||||||
|
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
||||||
|
rule.allItems = append(rule.allItems, item)
|
||||||
|
}
|
||||||
if len(options.IPCIDR) > 0 {
|
if len(options.IPCIDR) > 0 {
|
||||||
item, err := NewIPCIDRItem(false, options.IPCIDR)
|
item, err := NewIPCIDRItem(false, options.IPCIDR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -128,6 +133,11 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt
|
||||||
rule.destinationAddressItems = append(rule.destinationAddressItems, item)
|
rule.destinationAddressItems = append(rule.destinationAddressItems, item)
|
||||||
rule.allItems = append(rule.allItems, item)
|
rule.allItems = append(rule.allItems, item)
|
||||||
}
|
}
|
||||||
|
if options.IPIsPrivate {
|
||||||
|
item := NewIPIsPrivateItem(false)
|
||||||
|
rule.destinationAddressItems = append(rule.destinationAddressItems, item)
|
||||||
|
rule.allItems = append(rule.allItems, item)
|
||||||
|
}
|
||||||
if len(options.SourcePort) > 0 {
|
if len(options.SourcePort) > 0 {
|
||||||
item := NewPortItem(true, options.SourcePort)
|
item := NewPortItem(true, options.SourcePort)
|
||||||
rule.sourcePortItems = append(rule.sourcePortItems, item)
|
rule.sourcePortItems = append(rule.sourcePortItems, item)
|
||||||
|
|
|
@ -119,6 +119,11 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options
|
||||||
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
||||||
rule.allItems = append(rule.allItems, item)
|
rule.allItems = append(rule.allItems, item)
|
||||||
}
|
}
|
||||||
|
if options.SourceIPIsPrivate {
|
||||||
|
item := NewIPIsPrivateItem(true)
|
||||||
|
rule.sourceAddressItems = append(rule.sourceAddressItems, item)
|
||||||
|
rule.allItems = append(rule.allItems, item)
|
||||||
|
}
|
||||||
if len(options.SourcePort) > 0 {
|
if len(options.SourcePort) > 0 {
|
||||||
item := NewPortItem(true, options.SourcePort)
|
item := NewPortItem(true, options.SourcePort)
|
||||||
rule.sourcePortItems = append(rule.sourcePortItems, item)
|
rule.sourcePortItems = append(rule.sourcePortItems, item)
|
||||||
|
|
44
route/rule_item_ip_is_private.go
Normal file
44
route/rule_item_ip_is_private.go
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
package route
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/netip"
|
||||||
|
|
||||||
|
"github.com/sagernet/sing-box/adapter"
|
||||||
|
N "github.com/sagernet/sing/common/network"
|
||||||
|
)
|
||||||
|
|
||||||
|
var _ RuleItem = (*IPIsPrivateItem)(nil)
|
||||||
|
|
||||||
|
type IPIsPrivateItem struct {
|
||||||
|
isSource bool
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewIPIsPrivateItem(isSource bool) *IPIsPrivateItem {
|
||||||
|
return &IPIsPrivateItem{isSource}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *IPIsPrivateItem) Match(metadata *adapter.InboundContext) bool {
|
||||||
|
var destination netip.Addr
|
||||||
|
if r.isSource {
|
||||||
|
destination = metadata.Source.Addr
|
||||||
|
} else {
|
||||||
|
destination = metadata.Destination.Addr
|
||||||
|
}
|
||||||
|
if destination.IsValid() && !N.IsPublicAddr(destination) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
for _, destinationAddress := range metadata.DestinationAddresses {
|
||||||
|
if !N.IsPublicAddr(destinationAddress) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *IPIsPrivateItem) String() string {
|
||||||
|
if r.isSource {
|
||||||
|
return "source_ip_is_private=true"
|
||||||
|
} else {
|
||||||
|
return "ip_is_private=true"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue