feat: enable fwmark (SO_MARK) for outgoing sockets#202
Conversation
|
I have merged some large refactors we've been working on recently; apologies for the merge conflicts, and thank you for this contribution! We may want to have some more dialer config options in future, so I suggest maybe a dialer:
fwmark: .../cc @fortuna to weigh in on that |
|
By the way, for your use case, have you considered using a firewall rule based on the PID? You can probably do things like: With It's also possible to use network namespaces. |
This already adds too much complexity for even simple routing logic. I made the changes to be linux-specific but it also opens room for other similar functionality in other platforms like freebsd's SO_USER_COOKIE. |
fortuna
left a comment
There was a problem hiding this comment.
Thanks for the changes. Looking good. I just have a few more tweaks.
|
Changes applied. |
|
@fortuna @sbruens I just gave you maintainer access to my fork and you are able to apply any of your concerns and code styles that fit best with the codebase. I may not be able to keep up with the rapid changes and requests in the codebase and this PR due to time constraints. Sorry for that and appreciate your work to land this feature. Thank you! |
Thanks for all your hard work on this @sabify. I finally found some time to pick this up and merge in the changes. @fortuna PTAL |
fortuna
left a comment
There was a problem hiding this comment.
Thanks for updating this! We should probably release it soon after
|
@sbruens Thanks for taking your time to land this feature. How is it possible to take control of this feature from outline server (CLI and/or GUI)? https://github.com/Jigsaw-Code/outline-server |
|
You can't right now. There is some work to be done to get this into
The first 2 seem feasible, but the latter requires more UX research and we may not want to expose such an advanced feature in the Manager anyway. |
|
feat: enable `fwmark` (`SO_MARK`) for outgoing sockets (OutlineFoundation#202)
* source_file * Add file source * Supporting adding keys from a source. * Add unit testing for cipher entry CRUD. * Pass sources through to runConfig. * Add a cipher entry from the source to per port cipherList * Make tests pass and add a test for a (deprecated) config example. * Change runConfig to runSource * Add feature to dynamically add configs to outline server. * Changing approach to minimal changes to runConfig * Reverting changes in main.go * Adds loadsource function. * Add cipher updater skeleton. * Add TODO for starting the SS service. * Implement loadSource() -- Create an initial config object from the first key. * server_test.go passes but with the deprecated config example yml file. * Remove shadowsocks.AddKey() and RemoveKey(). * Pass in an empty config to runConfig. We will need synchronization for CipherList though. * Use the new service config objects with listeners rather than the deprecated config. * Create AddCipher in CipherUpdater for a cleaner interface. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Cleanup * Refactor source handling * Added config_example_source.yml and updated source.go to use it. * feat: enable `fwmark` (`SO_MARK`) for outgoing sockets (OutlineFoundation#202) * feat: enable fwmark (SO_MARK) for outgoing sockets * fix: make fwmark linux-specific functionality * fix: minor improvements over handling fwmark * Use `transport.PacketListener` as interface. * Take the `syscall.RawConn` as input to `SetFwdmark()`. * Some cleanup. * Fix copyright dates for new files. * Fix the error types. * Revert changes to integration test. * Optimize removing a cipher entry when a key is removed. (OutlineFoundation#101) * Add fastAuth to tcp service
* source_file * Add file source * Supporting adding keys from a source. * Add unit testing for cipher entry CRUD. * Pass sources through to runConfig. * Add a cipher entry from the source to per port cipherList * Make tests pass and add a test for a (deprecated) config example. * Change runConfig to runSource * Add feature to dynamically add configs to outline server. * Changing approach to minimal changes to runConfig * Reverting changes in main.go * Adds loadsource function. * Add cipher updater skeleton. * Add TODO for starting the SS service. * Implement loadSource() -- Create an initial config object from the first key. * server_test.go passes but with the deprecated config example yml file. * Remove shadowsocks.AddKey() and RemoveKey(). * Pass in an empty config to runConfig. We will need synchronization for CipherList though. * Use the new service config objects with listeners rather than the deprecated config. * Create AddCipher in CipherUpdater for a cleaner interface. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Cleanup * Refactor source handling * Added config_example_source.yml and updated source.go to use it. * feat: enable `fwmark` (`SO_MARK`) for outgoing sockets (Jigsaw-Code#202) * feat: enable fwmark (SO_MARK) for outgoing sockets * fix: make fwmark linux-specific functionality * fix: minor improvements over handling fwmark * Use `transport.PacketListener` as interface. * Take the `syscall.RawConn` as input to `SetFwdmark()`. * Some cleanup. * Fix copyright dates for new files. * Fix the error types. * Revert changes to integration test. * Optimize removing a cipher entry when a key is removed. (Jigsaw-Code#101) * Add fastAuth to tcp service
No description provided.