依存関係をアップデート

Author: WinLinux1028

local_proxy/Cargo.toml

@@ -13,10 +13,10 @@ hyper = { version = "1", features = ["full"] }
 http-body-util = "0.1"
 hyper-util = { version = "0.1", features = ["full"] }
 once_cell = "1"
-base64 = "0.21"
+base64 = "0.22"
 async-trait = "0.1"
-tokio-rustls = "0.24"
-rustls-native-certs = "0.6"
+tokio-rustls = "0.26"
+rustls-native-certs = "0.8"
 serde = { version = "1", features = ["derive"] }
 json5 = "0.4"
 dns-parser = "0.8"

local_proxy/src/outbound/layer/tls.rs

@@ -11,11 +11,10 @@ use tokio_rustls::{rustls, TlsConnector};
 static CONNECTOR: Lazy<TlsConnector> = Lazy::new(|| {
     let mut certs = rustls::RootCertStore::empty();
     for cert in rustls_native_certs::load_native_certs().unwrap() {
-        let _ = certs.add(&rustls::Certificate(cert.0));
+        let _ = certs.add(cert);
     }
 
     let config = rustls::ClientConfig::builder()
-        .with_safe_defaults()
         .with_root_certificates(certs)
         .with_no_client_auth();
 
@@ -36,10 +35,7 @@ impl Layer for TlsClient {
     where
         RW: AsyncRead + AsyncWrite + Unpin + Send + 'static,
     {
-        Ok(Box::new(
-            CONNECTOR
-                .connect(addr.hostname.to_string().as_str().try_into()?, stream)
-                .await?,
-        ))
+        let addr = addr.hostname.to_string();
+        Ok(Box::new(CONNECTOR.connect(addr.try_into()?, stream).await?))
     }
 }

tproxy_tokio/Cargo.toml

@@ -6,12 +6,14 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+log = "0.4"
 cfg-if = "1"
 async-trait = "0.1"
 tokio = { version = "1", features = ["full"] }
+socket2 = { version = "0.5", features = ["all"] }
 libc = "0.2"
-socket2 = "0.5"
 once_cell = "1"
 
-[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd", target_os = "netbsd", target_os = "openbsd"))'.dependencies]
-nix = { version = "0.27", features = ["ioctl"] }
+# Just for the ioctl call macro
+[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd", target_os = "openbsd"))'.dependencies]
+nix = { version = "0.29", features = ["ioctl"] }

tproxy_tokio/src/lib.rs

@@ -17,32 +17,38 @@ pub enum RedirType {
     /// For not supported platforms
     NotSupported,
 
-    /// For Linux-like systems' Netfilter `REDIRECT`. Only for TCP connections.  
-    /// This is supported from Linux 2.4 Kernel. Document: <https://www.netfilter.org/documentation/index.html#documentation-howto>  
-    /// NOTE: Filter rule `REDIRECT` can only be applied to TCP connections.  
+    /// For Linux-like systems' Netfilter `REDIRECT`. Only for TCP connections.
+    ///
+    /// This is supported from Linux 2.4 Kernel. Document: <https://www.netfilter.org/documentation/index.html#documentation-howto>
+    ///
+    /// NOTE: Filter rule `REDIRECT` can only be applied to TCP connections.
     #[cfg(any(target_os = "linux", target_os = "android"))]
     Redirect,
 
-    /// For Linux-like systems' Netfilter TPROXY rule.  
-    /// NOTE: Filter rule `TPROXY` can be applied to TCP and UDP connections.  
+    /// For Linux-like systems' Netfilter TPROXY rule.
+    ///
+    /// NOTE: Filter rule `TPROXY` can be applied to TCP and UDP connections.
     #[cfg(any(target_os = "linux", target_os = "android"))]
     TProxy,
 
-    /// Packet Filter (pf)  
-    /// Supported by OpenBSD 3.0+, FreeBSD 5.3+, NetBSD 3.0+, Solaris 11.3+, macOS 10.7+, iOS, QNX  
-    /// Document: <https://www.freebsd.org/doc/handbook/firewalls-pf.html>  
+    /// Packet Filter (pf)
+    ///
+    /// Supported by OpenBSD 3.0+, FreeBSD 5.3+, NetBSD 3.0+, Solaris 11.3+, macOS 10.7+, iOS, QNX
+    ///
+    /// Document: <https://www.freebsd.org/doc/handbook/firewalls-pf.html>
     #[cfg(any(
-        target_os = "openbsd",
         target_os = "freebsd",
-        target_os = "netbsd",
+        target_os = "openbsd",
         target_os = "macos",
         target_os = "ios"
     ))]
     PacketFilter,
 
-    /// IPFW  
-    /// Supported by FreeBSD, macOS 10.6- (Have been removed completely on macOS 10.10)  
-    /// Document: https://www.freebsd.org/doc/handbook/firewalls-ipfw.html  
+    /// IPFW
+    ///
+    /// Supported by FreeBSD, macOS 10.6- (Have been removed completely on macOS 10.10)
+    ///
+    /// Document: https://www.freebsd.org/doc/handbook/firewalls-ipfw.html
     #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios"))]
     IpFirewall,
 }
@@ -56,46 +62,127 @@ impl RedirType {
             }
 
             /// Available TCP transparent proxy types
+            #[doc(hidden)]
             pub fn tcp_available_types() -> &'static [&'static str] {
                 const AVAILABLE_TYPES: &[&str] = &[RedirType::Redirect.name(), RedirType::TProxy.name()];
                 AVAILABLE_TYPES
             }
-        } else if #[cfg(any(target_os = "openbsd", target_os = "freebsd"))] {
+
+            /// Default UDP transparent proxy solution on this platform
+            pub const fn udp_default() -> RedirType {
+                RedirType::TProxy
+            }
+
+            /// Available UDP transparent proxy types
+            #[doc(hidden)]
+            pub fn udp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[RedirType::TProxy.name()];
+                AVAILABLE_TYPES
+            }
+        } else if #[cfg(any(target_os = "freebsd"))] {
             /// Default TCP transparent proxy solution on this platform
             pub fn tcp_default() -> RedirType {
                 RedirType::PacketFilter
             }
 
             /// Available TCP transparent proxy types
+            #[doc(hidden)]
             pub fn tcp_available_types() -> &'static [&'static str] {
                 const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name(), RedirType::IpFirewall.name()];
                 AVAILABLE_TYPES
             }
-        } else if #[cfg(any(target_os = "netbsd", target_os = "macos", target_os = "ios"))] {
+
+            /// Default UDP transparent proxy solution on this platform
+            pub fn udp_default() -> RedirType {
+                RedirType::PacketFilter
+            }
+
+            /// Available UDP transparent proxy types
+            #[doc(hidden)]
+            pub const fn udp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name(), RedirType::IpFirewall.name()];
+                AVAILABLE_TYPES
+            }
+        } else if #[cfg(target_os = "openbsd")] {
             /// Default TCP transparent proxy solution on this platform
             pub fn tcp_default() -> RedirType {
                 RedirType::PacketFilter
             }
 
             /// Available TCP transparent proxy types
+            #[doc(hidden)]
+            pub fn tcp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name()];
+                AVAILABLE_TYPES
+            }
+
+            /// Default UDP transparent proxy solution on this platform
+            pub fn udp_default() -> RedirType {
+                RedirType::PacketFilter
+            }
+
+            /// Available UDP transparent proxy types
+            #[doc(hidden)]
+            pub const fn udp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name()];
+                AVAILABLE_TYPES
+            }
+        } else if #[cfg(any(target_os = "macos", target_os = "ios"))] {
+            /// Default TCP transparent proxy solution on this platform
+            pub fn tcp_default() -> RedirType {
+                RedirType::PacketFilter
+            }
+
+            /// Available TCP transparent proxy types
+            #[doc(hidden)]
             pub const fn tcp_available_types() -> &'static [&'static str] {
                 const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name(), RedirType::IpFirewall.name()];
                 AVAILABLE_TYPES
             }
+
+            /// Default UDP transparent proxy solution on this platform
+            pub fn udp_default() -> RedirType {
+                RedirType::PacketFilter
+            }
+
+            /// Available UDP transparent proxy types
+            #[doc(hidden)]
+            pub const fn udp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[RedirType::PacketFilter.name()];
+                AVAILABLE_TYPES
+            }
         } else {
             /// Default TCP transparent proxy solution on this platform
             pub fn tcp_default() -> RedirType {
                 RedirType::NotSupported
             }
 
             /// Available TCP transparent proxy types
+            #[doc(hidden)]
             pub const fn tcp_available_types() -> &'static [&'static str] {
                 const AVAILABLE_TYPES: &[&str] = &[];
                 AVAILABLE_TYPES
             }
+
+            /// Default UDP transparent proxy solution on this platform
+            pub fn udp_default() -> RedirType {
+                RedirType::NotSupported
+            }
+
+            /// Available UDP transparent proxy types
+            #[doc(hidden)]
+            pub const fn udp_available_types() -> &'static [&'static str] {
+                const AVAILABLE_TYPES: &[&str] = &[];
+                AVAILABLE_TYPES
+            }
         }
     }
 
+    /// Check if transparent proxy is supported on this platform
+    pub fn is_supported(self) -> bool {
+        self != RedirType::NotSupported
+    }
+
     /// Name of redirect type (transparent proxy type)
     pub const fn name(self) -> &'static str {
         match self {
@@ -109,9 +196,8 @@ impl RedirType {
             RedirType::TProxy => "tproxy",
 
             #[cfg(any(
-                target_os = "openbsd",
                 target_os = "freebsd",
-                target_os = "netbsd",
+                target_os = "openbsd",
                 target_os = "macos",
                 target_os = "ios"
             ))]
@@ -153,21 +239,14 @@ impl FromStr for RedirType {
             "tproxy" => Ok(RedirType::TProxy),
 
             #[cfg(any(
-                target_os = "openbsd",
                 target_os = "freebsd",
-                target_os = "netbsd",
-                target_os = "solaris",
+                target_os = "openbsd",
                 target_os = "macos",
                 target_os = "ios",
             ))]
             "pf" => Ok(RedirType::PacketFilter),
 
-            #[cfg(any(
-                target_os = "freebsd",
-                target_os = "macos",
-                target_os = "ios",
-                target_os = "dragonfly"
-            ))]
+            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios",))]
             "ipfw" => Ok(RedirType::IpFirewall),
 
             _ => Err(InvalidRedirType),

tproxy_tokio/src/tcp/bsd/mod.rs

@@ -13,25 +13,24 @@ use socket2::Protocol;
 
 #[async_trait]
 impl TcpListenerRedirExt for TcpListener {
-    async fn bind_redir(ty: RedirType, addr: SocketAddr) -> Result<TcpListener, Error> {
+    async fn bind_redir(ty: RedirType, addr: SocketAddr) -> io::Result<TcpListener> {
         match ty {
             #[cfg(any(
-                target_os = "openbsd",
                 target_os = "freebsd",
-                target_os = "netbsd",
+                target_os = "openbsd",
                 target_os = "macos",
-                target_os = "ios",
+                target_os = "ios"
             ))]
             RedirType::PacketFilter => {}
 
-            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios",))]
+            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios"))]
             RedirType::IpFirewall => {}
 
             _ => {
                 return Err(Error::new(
                     ErrorKind::InvalidInput,
                     "not supported tcp transparent proxy type",
-                ))
+                ));
             }
         }
 
@@ -45,30 +44,26 @@ impl TcpListenerRedirExt for TcpListener {
 impl TcpStreamRedirExt for TcpStream {
     fn destination_addr(&self, ty: RedirType) -> io::Result<SocketAddr> {
         match ty {
-            #[cfg(any(
-                target_os = "openbsd",
-                target_os = "freebsd",
-                target_os = "netbsd",
-                target_os = "macos",
-                target_os = "ios",
-            ))]
-            RedirType::Redirect => {
+            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios"))]
+            RedirType::PacketFilter => {
                 let peer_addr = self.peer_addr()?;
                 let bind_addr = self.local_addr()?;
 
                 pf::PF.natlook(&bind_addr, &peer_addr, Protocol::TCP)
             }
-
-            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios",))]
+            #[cfg(target_os = "openbsd")]
+            // in OpenBSD, we can get TCP destination address with getsockname()
+            RedirType::PacketFilter => self.local_addr(),
+            #[cfg(any(target_os = "freebsd", target_os = "macos", target_os = "ios"))]
             RedirType::IpFirewall => {
+                // ## IPFW
+                //
                 // For IPFW, uses getsockname() to retrieve destination address
+                //
                 // FreeBSD: https://www.freebsd.org/doc/handbook/firewalls-ipfw.html
                 self.local_addr()
             }
-            _ => Err(Error::new(
-                ErrorKind::InvalidInput,
-                "not supported tcp transparent proxy type",
-            )),
+            _ => unreachable!("not supported tcp transparent proxy type"),
         }
     }
 }