Add support for the DROP target.

yuguorui · Apr 19, 2022 · c166745 · c166745
1 parent e3d2596
commit c166745
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 6 deletions.
diff --git a/src/rules.rs b/src/rules.rs
@@ -271,6 +271,12 @@ impl RouteTable {
 
         let proxy_url = outbound.url.as_ref().unwrap();
         match proxy_url.scheme() {
+            "drop" => {
+                return Err(std::io::Error::new(
+                    std::io::ErrorKind::PermissionDenied,
+                    "Connection dropped",
+                ));
+            }
             "socks" | "socks5" => {
                 let socks_server = format!(
                     "{}:{}",

diff --git a/src/settings.rs b/src/settings.rs
@@ -11,6 +11,7 @@ use crate::rules::{RouteTable, RULE_DOMAIN_SUFFIX_TAG};
 use crate::utils::{BoomHashSet, ToV6Net};
 
 const DIRECT_OUTBOUND_NAME: &str = "DIRECT";
+const DROP_OUTBOUND_NAME: &str = "DROP";
 const DEFAULT_IPTABLES_PROXY_MARK: u32 = 0xff42;
 const DEFAULT_IPTABLES_DIRECT_MARK: u32 = 0xff43;
 const DEFAULT_IPTABLES_PROXY_CHAIN_NAME: &str = "rfor-proxy";
@@ -97,11 +98,19 @@ impl Settings {
             route.add_empty_rule(name, url, Some(bind_range));
         }
 
-        /* 3. Populate the DIRECT rule. */
+        /* 3. Populate the DIRECT/DROP rule. */
         if route.get_outbound_by_name(DIRECT_OUTBOUND_NAME).is_none() {
             route.add_empty_rule(DIRECT_OUTBOUND_NAME.to_owned(), None, None);
         }
 
+        if route.get_outbound_by_name(DROP_OUTBOUND_NAME).is_none() {
+            route.add_empty_rule(
+                DROP_OUTBOUND_NAME.to_owned(),
+                Some("drop://0.0.0.0".parse().unwrap()),
+                None,
+            );
+        }
+
         /* 4. Parse the actual rules. */
         parse_route_rules(&mut s, &mut route)?;
 

diff --git a/src/utils.rs b/src/utils.rs
@@ -131,14 +131,26 @@ where
 }
 
 pub async fn transfer_tcp(in_sock: &mut TcpStream, rt_context: RouteContext) -> Result<()> {
-    let mut out_sock = SETTINGS
+    let mut out_sock = match SETTINGS
         .read()
         .await
         .outbounds
         .get_tcp_sock(&rt_context)
-        .await?;
+        .await {
+            Ok(sock) => sock,
+            Err(err) => {
+                match err.kind() {
+                    std::io::ErrorKind::PermissionDenied => {
+                        return Ok(());
+                    },
+                    _ => {
+                        return Err(err.into());
+                    }
+                }
+            },
+        };
 
-    out_sock.set_nodelay(true).unwrap();
+    out_sock.set_nodelay(true)?;
     // let _ = tokio::io::copy_bidirectional(in_sock, &mut out_sock).await;
     let _ = _copy_bidirectional(in_sock, &mut out_sock).await;
 
@@ -147,9 +159,9 @@ pub async fn transfer_tcp(in_sock: &mut TcpStream, rt_context: RouteContext) ->
 
 /*
  * _copy_bidirectional is a zero-copy implementation of io::copy_bidirectional.
- * 
+ *
  * It uses a pipe to transfer data between the two sockets. The original implementation comes from
- * [midori](https://github.com/zephyrchien/midori/blob/master/src/io/zero_copy.rs), 
+ * [midori](https://github.com/zephyrchien/midori/blob/master/src/io/zero_copy.rs),
  * but removed the unsafe code.
  */
 async fn _copy_bidirectional(inbound: &mut TcpStream, outbound: &mut TcpStream) -> Result<()> {