Skip generate nftables output chain if lo in excluded interface list

2025-04-03 03:47:39 +03:00 · 2024-06-17 13:29:56 +08:00 · 2024-06-17 13:29:56 +08:00 · 1048b277ea
commit 1048b277ea
parent 85f5f2dd58
1 changed files with 35 additions and 32 deletions
--- a/redirect_nftables.go
+++ b/redirect_nftables.go
@ -42,43 +42,46 @@ func (r *autoRedirect) setupNFTables() error {
 		return err
 	}

-	chainOutput := nft.AddChain(&nftables.Chain{
-		Name:     "output",
-		Table:    table,
-		Hooknum:  nftables.ChainHookOutput,
-		Priority: nftables.ChainPriorityMangle,
-		Type:     nftables.ChainTypeNAT,
-	})
-	if r.tunOptions.AutoRedirectMarkMode {
-		err = r.nftablesCreateExcludeRules(nft, table, chainOutput)
-		if err != nil {
-			return err
-		}
-		r.nftablesCreateUnreachable(nft, table, chainOutput)
-		r.nftablesCreateRedirect(nft, table, chainOutput)
-
-		chainOutputUDP := nft.AddChain(&nftables.Chain{
-			Name:     "output_udp",
+	skipOutput := len(r.tunOptions.IncludeInterface) > 0 && !common.Contains(r.tunOptions.IncludeInterface, "lo") || common.Contains(r.tunOptions.ExcludeInterface, "lo")
+	if !skipOutput {
+		chainOutput := nft.AddChain(&nftables.Chain{
+			Name:     "output",
 			Table:    table,
 			Hooknum:  nftables.ChainHookOutput,
 			Priority: nftables.ChainPriorityMangle,
-			Type:     nftables.ChainTypeRoute,
+			Type:     nftables.ChainTypeNAT,
 		})
-		err = r.nftablesCreateExcludeRules(nft, table, chainOutputUDP)
-		if err != nil {
-			return err
+		if r.tunOptions.AutoRedirectMarkMode {
+			err = r.nftablesCreateExcludeRules(nft, table, chainOutput)
+			if err != nil {
+				return err
+			}
+			r.nftablesCreateUnreachable(nft, table, chainOutput)
+			r.nftablesCreateRedirect(nft, table, chainOutput)
+
+			chainOutputUDP := nft.AddChain(&nftables.Chain{
+				Name:     "output_udp",
+				Table:    table,
+				Hooknum:  nftables.ChainHookOutput,
+				Priority: nftables.ChainPriorityMangle,
+				Type:     nftables.ChainTypeRoute,
+			})
+			err = r.nftablesCreateExcludeRules(nft, table, chainOutputUDP)
+			if err != nil {
+				return err
+			}
+			r.nftablesCreateUnreachable(nft, table, chainOutputUDP)
+			r.nftablesCreateMark(nft, table, chainOutputUDP)
+		} else {
+			r.nftablesCreateRedirect(nft, table, chainOutput, &expr.Meta{
+				Key:      expr.MetaKeyOIFNAME,
+				Register: 1,
+			}, &expr.Cmp{
+				Op:       expr.CmpOpEq,
+				Register: 1,
+				Data:     nftablesIfname(r.tunOptions.Name),
+			})
 		}
-		r.nftablesCreateUnreachable(nft, table, chainOutputUDP)
-		r.nftablesCreateMark(nft, table, chainOutputUDP)
-	} else {
-		r.nftablesCreateRedirect(nft, table, chainOutput, &expr.Meta{
-			Key:      expr.MetaKeyOIFNAME,
-			Register: 1,
-		}, &expr.Cmp{
-			Op:       expr.CmpOpEq,
-			Register: 1,
-			Data:     nftablesIfname(r.tunOptions.Name),
-		})
 	}

 	chainPreRouting := nft.AddChain(&nftables.Chain{