feat: support redirect

after_script.sh

@@ -1,6 +0,0 @@
-iptables -t mangle -D PREROUTING -p tcp -m set --match-set GTUN-US dst -j TPROXY --tproxy-mark 1/1 --on-port 8524
-iptables -t mangle -D PREROUTING -p udp -m set --match-set GTUN-US dst -j TPROXY --tproxy-mark 1/1 --on-port 8524
-iptables -t mangle -D OUTPUT -m set --match-set GTUN-US dst -j MARK --set-mark 1
-ip rule del fwmark 1 lookup 100
-ip ro del local default dev lo table 100
-ipset destroy GTUN-US

before_script.sh

@@ -1,6 +0,0 @@
-ipset create GTUN-US hash:net
-iptables -t mangle -I PREROUTING -p tcp -m set --match-set GTUN-US dst -j TPROXY --tproxy-mark 1/1 --on-port 8524
-iptables -t mangle -I PREROUTING -p udp -m set --match-set GTUN-US dst -j TPROXY --tproxy-mark 1/1 --on-port 8524
-iptables -t mangle -I OUTPUT -m set --match-set GTUN-US dst -j MARK --set-mark 1
-ip rule add fwmark 1 lookup 100
-ip ro add local default dev lo table 100

build.sh

@@ -9,5 +9,6 @@ GOOS=linux go build -o bin/gtun/gtun-linux_amd64 cmd/gtun/*.go
 GOARCH=arm GOOS=linux go build -o bin/gtun/gtun-linux_arm  cmd/gtun/*.go
 echo "builded gtun...."
 
-cp before_script.sh bin/
+cp -r etc/gtun.yaml bin/gtun/
-cp after_script.sh bin/
+cp -r etc/gtund.yaml bin/gtund/
+cp install.sh bin/gtun/

build_image.sh

@@ -1,15 +0,0 @@
-WORKSPACE=`pwd`
-./build_exec.sh
-
-echo "building gtund docker image"
-cd docker-build/gtund
-cp $WORKSPACE/bin/gtund/gtund .
-docker build . -t gtund
-echo "builded gtund docker image"
-
-
-echo "building gtun docker image"
-cd $WORKSPACE/docker-build/gtun
-cp $WORKSPACE/bin/gtun/gtun-linux_amd64 .
-docker build . -t gtun
-echo "builded gtun docker image"

docker-build/gtun/Dockerfile

@@ -1,6 +0,0 @@
-FROM ubuntu:20.04
-COPY gtun-linux_amd64 /gtun
-COPY start.sh /
-RUN chmod +x start.sh && chmod +x gtun
-RUN mkdir /opt/logs
-CMD /start.sh

docker-build/gtun/docker-compose.yaml

@@ -1,49 +0,0 @@
-version: '3'
-services:     
-  gtun:
-    build: .
-    container_name: gtun
-    restart: always
-    network_mode: host
-    privileged: true
-    volumes:
-      - /opt/apps/logs:/opt/logs
-    environment:
-      TIME_ZONE: Asia/Shanghai
-      settings: |
-        settings:
-          CN:
-            route:
-              - trace_addr: ""
-                scheme: "kcp"
-                addr: ""
-                auth_key: ""
-            proxy:
-              "tproxy_tcp": |
-                {
-                  "read_timeout": 30,
-                  "write_timeout": 30,
-                  "listen_addr": ":8524",
-                  "rate_limit": 50,
-                  "region": "CN"
-                }
-              "tproxy_udp": |
-                {
-                  "read_timeout": 30,
-                  "write_timeout": 30,
-                  "session_timeout": 30,
-                  "listen_addr": ":8524",
-                  "rate_limit": 50,
-                  "region": "CN"
-                }
-              "tun_proxy": |
-                {
-                  "mtu": 1400,
-                  "region": "CN",
-                  "read_timeout": 10,
-                  "write_timeout": 10
-                }
-        log:
-          days: 5
-          level: Debug
-          path: gtun.log

docker-build/gtun/start.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-if [ "$TIME_ZONE" != "" ]; then
-    ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone
-fi
-
-#项目的配置文件
-if [ "$settings" != "" ]; then
-    echo "$settings" > /gtun.yaml
-fi
-
-/gtun -c /gtun.yaml

docker-build/gtund/Dockerfile

@@ -1,6 +0,0 @@
-FROM ubuntu:18.04
-COPY gtund /
-COPY start.sh /
-RUN chmod +x start.sh && chmod +x gtund
-RUN mkdir /opt/logs
-CMD /start.sh

docker-build/gtund/docker-compose.yaml

@@ -1,22 +0,0 @@
-version: '3'
-services:     
-  gtund:
-    build: .
-    container_name: gtund
-    restart: always
-    network_mode: host
-    volumes:
-      - /opt/apps/logs:/logs
-    environment:
-      TIME_ZONE: Asia/Shanghai
-      settings: |
-        server:
-          - listen: ":3002"
-            authKey: "rewrite with your auth key"
-            scheme: "kcp"
-            trace: ":3003"
-
-        log:
-          days: 5
-          level: "debug"
-          path: "gtund.log"

docker-build/gtund/start.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-if [ "$TIME_ZONE" != "" ]; then
-    ln -snf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime && echo $TIME_ZONE > /etc/timezone
-fi
-
-#项目的配置文件
-if [ "$settings" != "" ]; then
-    echo "$settings" > /gtund.yaml
-fi
-
-/gtund -c /gtund.yaml

etc/gtun.yaml

@@ -1,9 +1,10 @@
 settings:
   CN:
+    proxy_file: "https://www.ipdeny.com/ipblocks/data/countries/us.zone"
     route:
-      - trace_addr: ""
+      - trace_addr: ${CN_SERVER_IP}:${CN_SERVER_TRACE_PORT}
         scheme: "kcp"
-        addr: ""
+        addr: ${CN_SERVER_IP}:${CN_SERVER_PORT}
         auth_key: ""
     proxy:
       "tproxy_tcp": |
@@ -23,13 +24,6 @@ settings:
           "rate_limit": 50,
           "region": "CN"
         }
-      "tun_proxy": |
-        {
-          "mtu": 1400,
-          "region": "CN",
-          "read_timeout": 10,
-          "write_timeout": 10
-        }
 log:
   days: 5
   level: Debug

gtun/proxy/redirect.go

@@ -29,27 +29,52 @@ func initRedirect(proto, region, redirectPort string) {
 		logs.Warn("create ipset fail: %v %s", err, out)
 	}
 
+	out, err = utils.ExecCmd("ipset", []string{"-F", setName})
+	if err != nil {
+		logs.Warn("flush ipset fail: %v %s", err, out)
+	}
+
 	markID := allocateMarkID()
 	routeTable := allocateRouteTableID()
 
-	args := fmt.Sprintf("-t mangle -I PREROUTING -p %s -m set --match-set %s dst -j TPROXY --tproxy-mark %d/%d --on-port %s", proto, setName, markID, markID, redirectPort)
+	args := fmt.Sprintf("-t mangle -D PREROUTING -p %s -m set --match-set %s dst -j TPROXY --tproxy-mark %d/%d --on-port %s", proto, setName, markID, markID, redirectPort)
+	out, err = utils.ExecCmd("iptables", strings.Split(args, " "))
+	if err != nil {
+		logs.Warn("%s %s %s", args, err, out)
+	}
+	args = fmt.Sprintf("-t mangle -A PREROUTING -p %s -m set --match-set %s dst -j TPROXY --tproxy-mark %d/%d --on-port %s", proto, setName, markID, markID, redirectPort)
 	out, err = utils.ExecCmd("iptables", strings.Split(args, " "))
 	if err != nil {
 		logs.Warn("%s %s %s", args, err, out)
 	}
 
-	args = fmt.Sprintf("-t mangle -I OUTPUT -p %s -m set --match-set %s dst -j MARK --set-mark %d", proto, setName, markID)
+	args = fmt.Sprintf("-t mangle -D OUTPUT -p %s -m set --match-set %s dst -j MARK --set-mark %d", proto, setName, markID)
+	out, err = utils.ExecCmd("iptables", strings.Split(args, " "))
+	if err != nil {
+		logs.Warn("%s %s %s", args, err, out)
+	}
+	args = fmt.Sprintf("-t mangle -A OUTPUT -p %s -m set --match-set %s dst -j MARK --set-mark %d", proto, setName, markID)
 	out, err = utils.ExecCmd("iptables", strings.Split(args, " "))
 	if err != nil {
 		logs.Warn("%s %s %s", args, err, out)
 	}
 
+	args = fmt.Sprintf("rule del fwmark %d lookup %d", markID, routeTable)
+	out, err = utils.ExecCmd("ip", strings.Split(args, " "))
+	if err != nil {
+		logs.Warn("%s %s %s", args, err, out)
+	}
 	args = fmt.Sprintf("rule add fwmark %d lookup %d", markID, routeTable)
 	out, err = utils.ExecCmd("ip", strings.Split(args, " "))
 	if err != nil {
 		logs.Warn("%s %s %s", args, err, out)
 	}
 
+	args = fmt.Sprintf("ro del local default dev lo table %d", routeTable)
+	out, err = utils.ExecCmd("ip", strings.Split(args, " "))
+	if err != nil {
+		logs.Warn("%s %s %s", args, err, out)
+	}
 	args = fmt.Sprintf("ro add local default dev lo table %d", routeTable)
 	out, err = utils.ExecCmd("ip", strings.Split(args, " "))
 	if err != nil {

gtun/proxy/types.go

@@ -6,7 +6,10 @@ import (
 	"fmt"
 	"github.com/ICKelin/gtun/internal/logs"
 	"github.com/ICKelin/gtun/internal/utils"
+	"net/http"
 	"os"
+	"strings"
+	"time"
 )
 
 var errRegistered = fmt.Errorf("already registered")
@@ -70,27 +73,58 @@ func AddApp(region, appName string) error {
 }
 
 func AddFromFile(region, file string) {
+	ips := loadIPs(file)
+
+	for _, ip := range ips {
+		AddIP(region, ip)
+	}
+}
+
+func loadIPs(file string) []string {
 	if len(file) <= 0 {
-		return
+		return nil
 	}
 
+	ips := make([]string, 0)
+	var br *bufio.Reader
+	if strings.HasPrefix(file, "http://") || strings.HasPrefix(file, "https://") {
+		// load from url
+		req, err := http.NewRequest("GET", file, nil)
+		if err != nil {
+			logs.Warn("load file fail: %v", err)
+			return nil
+		}
+
+		cli := http.Client{
+			Timeout: time.Second * 120,
+		}
+
+		resp, err := cli.Do(req)
+		if err != nil {
+			logs.Warn("load file fail: %v", err)
+			return nil
+		}
+
+		defer resp.Body.Close()
+		br = bufio.NewReader(resp.Body)
+	} else {
+		// load from file
 		fp, err := os.Open(file)
 		if err != nil {
 			logs.Warn("open rule file fail: %v", err)
-		return
+			return nil
 		}
 		defer fp.Close()
+		br = bufio.NewReader(fp)
+	}
 
-	br := bufio.NewReader(fp)
 	for {
 		line, _, err := br.ReadLine()
 		if err != nil {
 			break
 		}
+		ips = append(ips, string(line))
+	}
 
-		err = AddIP(region, string(line))
+	return ips
-		if err != nil {
-			logs.Warn("add %s %s proxy fail: %v", region, string(line), err)
-		}
-	}
 }

install.sh

@@ -0,0 +1,9 @@
+echo "add no proxy address"
+ipset create GTUN-NOPROXY hash:net
+iptables -t mangle -I PREROUTING -m set --match-set GTUN-NOPROXY dst -j ACCEPT
+iptables -t mangle -I OUTPUT -m set --match-set GTUN-NOPROXY dst -j ACCEPT
+
+echo "start gtun"
+nohup ./gtun-linux-amd64 -c gtun.yaml &
+
+echo "start success."

uninstall.sh

@@ -0,0 +1,7 @@
+echo "add no proxy address"
+iptables -t mangle -D PREROUTING -m set --match-set GTUN-NOPROXY dst -j ACCEPT
+iptables -t mangle -D OUTPUT -m set --match-set GTUN-NOPROXY dst -j ACCEPT
+ipset destroy GTUN-NOPROXY
+
+echo "stop gtun"
+killall gtun-linux_amd64