Feature: add block loopback connections

2021-05-28 11:32:21 +08:00
parent a222e90d1f
commit 5917b90837
14 changed files with 76 additions and 33 deletions
--- a/core/src/main/cpp/main.c
+++ b/core/src/main/cpp/main.c
@@ -98,15 +98,15 @@ Java_com_github_kr328_clash_core_bridge_Bridge_nativeNotifyInstalledAppChanged(J
 JNIEXPORT void JNICALL
 Java_com_github_kr328_clash_core_bridge_Bridge_nativeStartTun(JNIEnv *env, jobject thiz,
                                                              jint fd, jint mtu,
-                                                              jstring gateway, jstring dns,
+                                                              jstring dns, jstring blocking,
                                                              jobject cb) {
    TRACE_METHOD();

-    scoped_string _gateway = get_string(gateway);
+    scoped_string _blocking = get_string(blocking);
    scoped_string _dns = get_string(dns);
    jobject _interface = new_global(cb);

-    startTun(fd, mtu, _gateway, _dns, _interface);
+    startTun(fd, mtu, _dns, _blocking, _interface);
 }

 JNIEXPORT void JNICALL
--- a/core/src/main/golang/tun/tcp.go
+++ b/core/src/main/golang/tun/tcp.go
@@ -20,6 +20,7 @@ func (a *adapter) tcp() {
 	defer log.Infoln("[ATUN] TCP listener exited")
 	defer a.stack.Close()

+accept:
 	for {
 		conn, err := a.stack.TCP().Accept()
 		if err != nil {
@@ -34,9 +35,11 @@ func (a *adapter) tcp() {
 			continue
 		}

-		// drop all connections connect to gateway
-		if a.gateway.Contains(tAddr.IP) {
-			continue
+		// drop all connections connect to blocking list
+		for _, b := range a.blocking {
+			if b.Contains(tAddr.IP) {
+				continue accept
+			}
 		}

 		metadata := &C.Metadata{
--- a/core/src/main/golang/tun/tun.go
+++ b/core/src/main/golang/tun/tun.go
@@ -3,6 +3,7 @@ package tun
 import (
 	"net"
 	"os"
+	"strings"
 	"sync"
 	"syscall"

@@ -10,13 +11,13 @@ import (
 )

 type adapter struct {
-	device  *os.File
-	stack   tun2socket.Stack
-	gateway *net.IPNet
-	dns     net.IP
-	mtu     int
-	once    sync.Once
-	stop    func()
+	device   *os.File
+	stack    tun2socket.Stack
+	blocking []*net.IPNet
+	dns      net.IP
+	mtu      int
+	once     sync.Once
+	stop     func()
 }

 var lock sync.Mutex
@@ -27,7 +28,7 @@ func (a *adapter) close() {
 	_ = a.device.Close()
 }

-func Start(fd, mtu int, gateway, dns string, stop func()) error {
+func Start(fd, mtu int, dns string, blocking string, stop func()) error {
 	lock.Lock()
 	defer lock.Unlock()

@@ -46,16 +47,28 @@ func Start(fd, mtu int, gateway, dns string, stop func()) error {
 	}

 	dn := net.ParseIP(dns)
-	_, gw, _ := net.ParseCIDR(gateway)
+
+	var blk []*net.IPNet
+
+	for _, b := range strings.Split(blocking, ";") {
+		_, n, err := net.ParseCIDR(b)
+		if err != nil {
+			device.Close()
+
+			return err
+		}
+
+		blk = append(blk, n)
+	}

 	instance = &adapter{
-		device:  device,
-		stack:   stack,
-		gateway: gw,
-		dns:     dn,
-		mtu:     mtu,
-		once:    sync.Once{},
-		stop:    stop,
+		device:   device,
+		stack:    stack,
+		blocking: blk,
+		dns:      dn,
+		mtu:      mtu,
+		once:     sync.Once{},
+		stop:     stop,
 	}

 	go instance.rx()
--- a/core/src/main/golang/tun/udp.go
+++ b/core/src/main/golang/tun/udp.go
@@ -44,6 +44,7 @@ func (a *adapter) udp() {
 	defer log.Infoln("[ATUN] UDP receiver exited")
 	defer a.stack.Close()

+read:
 	for {
 		buf := pool.Get(a.mtu)

@@ -60,11 +61,11 @@ func (a *adapter) udp() {
 			continue
 		}

-		// drop all packets send to gateway
-		if a.gateway.Contains(tAddr.IP) {
-			pool.Put(buf)
-
-			continue
+		// drop all packet send to blocking list
+		for _, b := range a.blocking {
+			if b.Contains(tAddr.IP) {
+				continue read
+			}
 		}

 		pkt := &packet{
--- a/core/src/main/java/com/github/kr328/clash/core/Clash.kt
+++ b/core/src/main/java/com/github/kr328/clash/core/Clash.kt
@@ -61,12 +61,12 @@ object Clash {
    fun startTun(
        fd: Int,
        mtu: Int,
-        gateway: String,
        dns: String,
+        blocking: String,
        markSocket: (Int) -> Boolean,
        querySocketUid: (protocol: Int, source: InetSocketAddress, target: InetSocketAddress) -> Int
    ) {
-        Bridge.nativeStartTun(fd, mtu, gateway, dns, object : TunInterface {
+        Bridge.nativeStartTun(fd, mtu, dns, blocking, object : TunInterface {
            override fun markSocket(fd: Int) {
                markSocket(fd)
            }
--- a/core/src/main/java/com/github/kr328/clash/core/bridge/Bridge.kt
+++ b/core/src/main/java/com/github/kr328/clash/core/bridge/Bridge.kt
@@ -17,7 +17,7 @@ object Bridge {
    external fun nativeQueryTrafficTotal(): Long
    external fun nativeNotifyDnsChanged(dnsList: String)
    external fun nativeNotifyInstalledAppChanged(uidList: String)
-    external fun nativeStartTun(fd: Int, mtu: Int, gateway: String, dns: String, cb: TunInterface)
+    external fun nativeStartTun(fd: Int, mtu: Int, dns: String, blocking: String, cb: TunInterface)
    external fun nativeStopTun()
    external fun nativeStartHttp(listenAt: String): String?
    external fun nativeStopHttp()