support forbidden iplist
This commit is contained in:
clowwindy
parent
f29bfb0cc7
commit
eb94bd1cc3
2 changed files with 14 additions and 1 deletions
|
|
@ -123,6 +123,10 @@ class TCPRelayHandler(object):
|
||||||
self._downstream_status = WAIT_STATUS_INIT
|
self._downstream_status = WAIT_STATUS_INIT
|
||||||
self._client_address = local_sock.getpeername()[:2]
|
self._client_address = local_sock.getpeername()[:2]
|
||||||
self._remote_address = None
|
self._remote_address = None
|
||||||
|
if 'forbidden_ip' in self._config:
|
||||||
|
self._forbidden_iplist = self._config['forbidden_ip']
|
||||||
|
else:
|
||||||
|
self._forbidden_iplist = None
|
||||||
if is_local:
|
if is_local:
|
||||||
self._chosen_server = self._get_a_server()
|
self._chosen_server = self._get_a_server()
|
||||||
fd_to_handlers[local_sock.fileno()] = self
|
fd_to_handlers[local_sock.fileno()] = self
|
||||||
|
|
@ -331,6 +335,10 @@ class TCPRelayHandler(object):
|
||||||
if len(addrs) == 0:
|
if len(addrs) == 0:
|
||||||
raise Exception("getaddrinfo failed for %s:%d" % (ip, port))
|
raise Exception("getaddrinfo failed for %s:%d" % (ip, port))
|
||||||
af, socktype, proto, canonname, sa = addrs[0]
|
af, socktype, proto, canonname, sa = addrs[0]
|
||||||
|
if self._forbidden_iplist:
|
||||||
|
if common.to_str(sa[0]) in self._forbidden_iplist:
|
||||||
|
raise Exception('IP %s is in forbidden list, reject' %
|
||||||
|
common.to_str(sa[0]))
|
||||||
remote_sock = socket.socket(af, socktype, proto)
|
remote_sock = socket.socket(af, socktype, proto)
|
||||||
self._remote_sock = remote_sock
|
self._remote_sock = remote_sock
|
||||||
self._fd_to_handlers[remote_sock.fileno()] = self
|
self._fd_to_handlers[remote_sock.fileno()] = self
|
||||||
|
|
@ -346,6 +354,7 @@ class TCPRelayHandler(object):
|
||||||
if result:
|
if result:
|
||||||
ip = result[1]
|
ip = result[1]
|
||||||
if ip:
|
if ip:
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self._stage = STAGE_CONNECTING
|
self._stage = STAGE_CONNECTING
|
||||||
remote_addr = ip
|
remote_addr = ip
|
||||||
|
|
|
||||||
|
|
@ -100,7 +100,8 @@ def get_config(is_local):
|
||||||
longopts = ['help', 'fast-open', 'pid-file=', 'log-file=']
|
longopts = ['help', 'fast-open', 'pid-file=', 'log-file=']
|
||||||
else:
|
else:
|
||||||
shortopts = 'hd:s:p:k:m:c:t:vq'
|
shortopts = 'hd:s:p:k:m:c:t:vq'
|
||||||
longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'workers=']
|
longopts = ['help', 'fast-open', 'pid-file=', 'log-file=', 'workers=',
|
||||||
|
'forbidden-ip=']
|
||||||
try:
|
try:
|
||||||
config_path = find_config()
|
config_path = find_config()
|
||||||
optlist, args = getopt.getopt(sys.argv[1:], shortopts, longopts)
|
optlist, args = getopt.getopt(sys.argv[1:], shortopts, longopts)
|
||||||
|
|
@ -146,6 +147,8 @@ def get_config(is_local):
|
||||||
config['fast_open'] = True
|
config['fast_open'] = True
|
||||||
elif key == '--workers':
|
elif key == '--workers':
|
||||||
config['workers'] = int(value)
|
config['workers'] = int(value)
|
||||||
|
elif key == '--forbidden-ip':
|
||||||
|
config['forbidden_ip'] = to_str(value).split(',')
|
||||||
elif key in ('-h', '--help'):
|
elif key in ('-h', '--help'):
|
||||||
if is_local:
|
if is_local:
|
||||||
print_local_help()
|
print_local_help()
|
||||||
|
|
@ -286,6 +289,7 @@ Proxy options:
|
||||||
-t TIMEOUT timeout in seconds, default: 300
|
-t TIMEOUT timeout in seconds, default: 300
|
||||||
--fast-open use TCP_FASTOPEN, requires Linux 3.7+
|
--fast-open use TCP_FASTOPEN, requires Linux 3.7+
|
||||||
--workers WORKERS number of workers, available on Unix/Linux
|
--workers WORKERS number of workers, available on Unix/Linux
|
||||||
|
--forbidden-ip IPLIST comma seperated IP list forbidden to connect
|
||||||
|
|
||||||
General options:
|
General options:
|
||||||
-d start/stop/restart daemon mode
|
-d start/stop/restart daemon mode
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue