默认加白出口ip

bjdgyc · Feb 19, 2024 · 29a3e4b · 29a3e4b
1 parent d73816a
commit 29a3e4b
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 15 deletions.
diff --git a/server/base/cfg.go b/server/base/cfg.go
@@ -81,7 +81,8 @@ type ServerConfig struct {
 	Compression     bool `json:"compression"`       // bool
 	NoCompressLimit int  `json:"no_compress_limit"` // int
 
-	DisplayError bool `json:"display_error"`
+	DisplayError    bool `json:"display_error"`
+	ExcludeExportIp bool `json:"exclude_export_ip"`
 }
 
 func initServerCfg() {

diff --git a/server/base/config.go b/server/base/config.go
@@ -48,7 +48,7 @@ var configs = []config{
 	{Typ: cfgStr, Name: "ipv4_start", Usage: "IPV4开始地址", ValStr: "192.168.90.100"},
 	{Typ: cfgStr, Name: "ipv4_end", Usage: "IPV4结束", ValStr: "192.168.90.200"},
 	{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
-	{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
+	{Typ: cfgStr, Name: "default_domain", Usage: "客户端dns的默认搜索域", ValStr: ""},
 
 	{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
 	{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
@@ -69,6 +69,7 @@ var configs = []config{
 	{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
 
 	{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
+	{Typ: cfgBool, Name: "exclude_export_ip", Usage: "排除出口ip路由(出口ip不加密传输)", ValBool: true},
 }
 
 var envs = map[string]string{}
diff --git a/server/conf/server-sample.toml b/server/conf/server-sample.toml
@@ -69,7 +69,7 @@ mobile_dpd = 22
 #设置最大传输单元
 mtu = 1460
 
-# 要发布的默认域
+# 客户端dns的默认搜索域
 default_domain = "example.com"
 #default_domain = "example.com abc.example.com"
 

diff --git a/server/handler/link_tunnel.go b/server/handler/link_tunnel.go
@@ -66,6 +66,8 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	cstpBaseMtu := r.Header.Get("X-CSTP-Base-MTU")
 	masterSecret := r.Header.Get("X-DTLS-Master-Secret")
 	localIp := r.Header.Get("X-Cstp-Local-Address-Ip4")
+	// 出口ip
+	exportIp4 := r.Header.Get("X-Cstp-Remote-Address-Ip4")
 	mobile := r.Header.Get("X-Cstp-License")
 
 	cSess.SetMtu(cstpMtu)
@@ -96,14 +98,6 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
 	base.Trace("dtlsCiphersuite", dtlsCiphersuite)
 
-	// 压缩
-	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
-		HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
-	}
-	if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
-		HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
-	}
-
 	// 返回客户端数据
 	HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
 	HttpSetHeader(w, "X-CSTP-Version", "1")
@@ -113,11 +107,19 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	HttpSetHeader(w, "X-CSTP-Netmask", sessdata.IpPool.Ipv4Mask.String()) // 子网掩码
 	HttpSetHeader(w, "X-CSTP-Hostname", hn)                               // 机器名称
 	HttpSetHeader(w, "X-CSTP-Base-MTU", cstpBaseMtu)
-	// 要发布的默认域
+	// 客户端dns的默认搜索域
 	if base.Cfg.DefaultDomain != "" {
 		HttpSetHeader(w, "X-CSTP-Default-Domain", base.Cfg.DefaultDomain)
 	}
 
+	// 压缩
+	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
+		HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
+	}
+	if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
+		HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
+	}
+
 	// 设置用户策略
 	SetUserPolicy(cSess.Username, cSess.Group)
 
@@ -136,10 +138,14 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 		}
 		HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
 	}
-	// 不允许的路由  X-Cstp-Remote-Address-Ip4:
+	// 不允许的路由
 	for _, v := range cSess.Group.RouteExclude {
 		HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
 	}
+	// 排除出口ip路由(出口ip不加密传输)
+	if base.Cfg.ExcludeExportIp && exportIp4 != "" {
+		HttpAddHeader(w, "X-CSTP-Split-Exclude", exportIp4+"/255.255.255.255")
+	}
 
 	HttpSetHeader(w, "X-CSTP-Lease-Duration", "1209600") // ip地址租期
 	HttpSetHeader(w, "X-CSTP-Session-Timeout", "none")

diff --git a/server/handler/server.go b/server/handler/server.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"net/http/httputil"
 	"os"
 	"time"
 
@@ -116,8 +117,10 @@ func initRoute() http.Handler {
 
 func notFound(w http.ResponseWriter, r *http.Request) {
 	// fmt.Println(r.RemoteAddr)
-	// hu, _ := httputil.DumpRequest(r, true)
-	// fmt.Println("NotFound: ", string(hu))
+	if base.GetLogLevel() == base.LogLevelTrace {
+		hd, _ := httputil.DumpRequest(r, true)
+		base.Trace("NotFound: ", string(hd))
+	}
 
 	w.WriteHeader(http.StatusNotFound)
 	fmt.Fprintln(w, "404 page not found")