mirror of
https://github.com/SagerNet/sing-tun.git
synced 2025-04-04 20:37:43 +03:00
Skip generate nftables output chain if lo in excluded interface list
This commit is contained in:
世界
parent
85f5f2dd58
commit
1048b277ea
1 changed files with 35 additions and 32 deletions
|
|
@ -42,43 +42,46 @@ func (r *autoRedirect) setupNFTables() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
chainOutput := nft.AddChain(&nftables.Chain{
|
skipOutput := len(r.tunOptions.IncludeInterface) > 0 && !common.Contains(r.tunOptions.IncludeInterface, "lo") || common.Contains(r.tunOptions.ExcludeInterface, "lo")
|
||||||
Name: "output",
|
if !skipOutput {
|
||||||
Table: table,
|
chainOutput := nft.AddChain(&nftables.Chain{
|
||||||
Hooknum: nftables.ChainHookOutput,
|
Name: "output",
|
||||||
Priority: nftables.ChainPriorityMangle,
|
|
||||||
Type: nftables.ChainTypeNAT,
|
|
||||||
})
|
|
||||||
if r.tunOptions.AutoRedirectMarkMode {
|
|
||||||
err = r.nftablesCreateExcludeRules(nft, table, chainOutput)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
r.nftablesCreateUnreachable(nft, table, chainOutput)
|
|
||||||
r.nftablesCreateRedirect(nft, table, chainOutput)
|
|
||||||
|
|
||||||
chainOutputUDP := nft.AddChain(&nftables.Chain{
|
|
||||||
Name: "output_udp",
|
|
||||||
Table: table,
|
Table: table,
|
||||||
Hooknum: nftables.ChainHookOutput,
|
Hooknum: nftables.ChainHookOutput,
|
||||||
Priority: nftables.ChainPriorityMangle,
|
Priority: nftables.ChainPriorityMangle,
|
||||||
Type: nftables.ChainTypeRoute,
|
Type: nftables.ChainTypeNAT,
|
||||||
})
|
})
|
||||||
err = r.nftablesCreateExcludeRules(nft, table, chainOutputUDP)
|
if r.tunOptions.AutoRedirectMarkMode {
|
||||||
if err != nil {
|
err = r.nftablesCreateExcludeRules(nft, table, chainOutput)
|
||||||
return err
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
r.nftablesCreateUnreachable(nft, table, chainOutput)
|
||||||
|
r.nftablesCreateRedirect(nft, table, chainOutput)
|
||||||
|
|
||||||
|
chainOutputUDP := nft.AddChain(&nftables.Chain{
|
||||||
|
Name: "output_udp",
|
||||||
|
Table: table,
|
||||||
|
Hooknum: nftables.ChainHookOutput,
|
||||||
|
Priority: nftables.ChainPriorityMangle,
|
||||||
|
Type: nftables.ChainTypeRoute,
|
||||||
|
})
|
||||||
|
err = r.nftablesCreateExcludeRules(nft, table, chainOutputUDP)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
r.nftablesCreateUnreachable(nft, table, chainOutputUDP)
|
||||||
|
r.nftablesCreateMark(nft, table, chainOutputUDP)
|
||||||
|
} else {
|
||||||
|
r.nftablesCreateRedirect(nft, table, chainOutput, &expr.Meta{
|
||||||
|
Key: expr.MetaKeyOIFNAME,
|
||||||
|
Register: 1,
|
||||||
|
}, &expr.Cmp{
|
||||||
|
Op: expr.CmpOpEq,
|
||||||
|
Register: 1,
|
||||||
|
Data: nftablesIfname(r.tunOptions.Name),
|
||||||
|
})
|
||||||
}
|
}
|
||||||
r.nftablesCreateUnreachable(nft, table, chainOutputUDP)
|
|
||||||
r.nftablesCreateMark(nft, table, chainOutputUDP)
|
|
||||||
} else {
|
|
||||||
r.nftablesCreateRedirect(nft, table, chainOutput, &expr.Meta{
|
|
||||||
Key: expr.MetaKeyOIFNAME,
|
|
||||||
Register: 1,
|
|
||||||
}, &expr.Cmp{
|
|
||||||
Op: expr.CmpOpEq,
|
|
||||||
Register: 1,
|
|
||||||
Data: nftablesIfname(r.tunOptions.Name),
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
chainPreRouting := nft.AddChain(&nftables.Chain{
|
chainPreRouting := nft.AddChain(&nftables.Chain{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue