optimize: no need for rule table for wan and reject TCP to tproxy

2025-07-24 23:00:16 +07:00 · 2023-02-18 14:47:34 +08:00
parent de08c7c861
commit 7452abb158
4 changed files with 36 additions and 157 deletions
--- a/control/control_plane_core.go
+++ b/control/control_plane_core.go
@ -15,7 +15,6 @@ import (
 	internal "github.com/v2rayA/dae/pkg/ebpf_internal"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
-	"net"
 	"os"
 	"regexp"
 )
@ -116,116 +115,6 @@ func (c *ControlPlaneCore) delQdisc(ifname string) error {
 	return nil
 }

-func (c *ControlPlaneCore) setupRoutingPolicy() (err error) {
-	/// Insert ip rule / ip route.
-	const table = 2023
-
-	/** ip table
-	ip route add local default dev lo table 2023
-	ip -6 route add local default dev lo table 2023
-	*/
-	routes := []netlink.Route{{
-		Scope:     unix.RT_SCOPE_HOST,
-		LinkIndex: consts.LoopbackIfIndex,
-		Dst: &net.IPNet{
-			IP:   []byte{0, 0, 0, 0},
-			Mask: net.CIDRMask(0, 32),
-		},
-		Table: table,
-		Type:  unix.RTN_LOCAL,
-	}, {
-		Scope:     unix.RT_SCOPE_HOST,
-		LinkIndex: consts.LoopbackIfIndex,
-		Dst: &net.IPNet{
-			IP:   []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-			Mask: net.CIDRMask(0, 128),
-		},
-		Table: table,
-		Type:  unix.RTN_LOCAL,
-	}}
-	cleanRoutes := func() error {
-		var errs error
-		for _, route := range routes {
-			if e := netlink.RouteDel(&route); e != nil {
-				if errs != nil {
-					errs = fmt.Errorf("%w; %v", errs, e)
-				} else {
-					errs = e
-				}
-			}
-		}
-		if errs != nil {
-			return fmt.Errorf("IpRouteDel(lo): %w", errs)
-		}
-		return nil
-	}
-tryRouteAddAgain:
-	for _, route := range routes {
-		if err = netlink.RouteAdd(&route); err != nil {
-			if os.IsExist(err) {
-				_ = cleanRoutes()
-				goto tryRouteAddAgain
-			}
-			return fmt.Errorf("IpRouteAdd: %w", err)
-		}
-	}
-	c.deferFuncs = append(c.deferFuncs, cleanRoutes)
-
-	/** ip rule
-	ip rule add fwmark 0x8000000/0x8000000 table 2023
-	ip -6 rule add fwmark 0x8000000/0x8000000 table 2023
-	*/
-	rules := []netlink.Rule{{
-		SuppressIfgroup:   -1,
-		SuppressPrefixlen: -1,
-		Priority:          -1,
-		Goto:              -1,
-		Flow:              -1,
-		Family:            unix.AF_INET,
-		Table:             table,
-		Mark:              int(consts.TproxyMark),
-		Mask:              int(consts.TproxyMark),
-	}, {
-		SuppressIfgroup:   -1,
-		SuppressPrefixlen: -1,
-		Priority:          -1,
-		Goto:              -1,
-		Flow:              -1,
-		Family:            unix.AF_INET6,
-		Table:             table,
-		Mark:              int(consts.TproxyMark),
-		Mask:              int(consts.TproxyMark),
-	}}
-	cleanRules := func() error {
-		var errs error
-		for _, rule := range rules {
-			if e := netlink.RuleDel(&rule); e != nil {
-				if errs != nil {
-					errs = fmt.Errorf("%w; %v", errs, e)
-				} else {
-					errs = e
-				}
-			}
-		}
-		if errs != nil {
-			return fmt.Errorf("IpRuleDel: %w", errs)
-		}
-		return nil
-	}
-tryRuleAddAgain:
-	for _, rule := range rules {
-		if err = netlink.RuleAdd(&rule); err != nil {
-			if os.IsExist(err) {
-				_ = cleanRules()
-				goto tryRuleAddAgain
-			}
-			return fmt.Errorf("IpRuleAdd: %w", err)
-		}
-	}
-	c.deferFuncs = append(c.deferFuncs, cleanRules)
-	return nil
-}
-
 func (c *ControlPlaneCore) bindLan(ifname string) error {
 	c.log.Infof("Bind to LAN: %v", ifname)