trying to make split tunneling

Update update's.json and changelog
2025-12-12 06:19:53 +05:00 · 2025-12-11 17:31:41 +03:00 · 2025-12-08 16:41:32 +00:00
6 changed files with 105 additions and 49 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1 @@
-Исправлен автозапуск
-Добавлена возможность прямого обращения к zapret
-Обновлен hosts-файл
+Список изменений:  1. Использование команды restart  2. Исправление customize.sh  3. Обновление hosts-файла
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -17,7 +17,6 @@ serde = { version = "1.0.228", features = ["derive"] }
 serde_json = "1.0.145"
 sysctl = "0.7.1"
 tokio = { version = "1.48.0", features = ["full"] }
-once_cell = "1.21.3"
 daemonize = "0.5.0"
 log = "0.4.28"
 pretty_env_logger = "0.5.0"
--- a/rust/crates/zaprett/src/iptables_rust.rs
+++ b/rust/crates/zaprett/src/iptables_rust.rs
@@ -1,45 +1,69 @@
 use std::error;
 use std::process::Command;

-pub fn setup_iptables_rules() -> Result<(), Box<dyn error::Error>> {
-    Command::new("iptables")
-        .arg("-t")
-        .arg("mangle")
-        .arg("-I")
-        .arg("POSTROUTING")
-        .arg("-j")
-        .arg("NFQUEUE")
-        .arg("--queue-num")
-        .arg("200")
-        .arg("--queue-bypass")
-        .status()
-        .expect("failed to add iptables rules");
+const TAG: &str = "zaprett";

-    Command::new("iptables")
-        .arg("-t")
-        .arg("mangle")
-        .arg("-I")
-        .arg("PREROUTING")
-        .arg("-j")
-        .arg("NFQUEUE")
-        .arg("--queue-num")
-        .arg("200")
-        .arg("--queue-bypass")
-        .status()
-        .expect("failed to add iptables rules");
+pub fn setup_iptables_rules(app_list_mode: &str, app_list_array: Vec<u32>) -> Result<(), Box<dyn error::Error>> {
+    match (app_list_mode, !app_list_array.is_empty()) {
+        ("whitelist", true) => {
+            todo!()
+        }
+        ("blacklist", true) => {
+            todo!()
+        }
+        _ => {
+            Command::new("iptables")
+                .arg("-t")
+                .arg("mangle")
+                .arg("-I")
+                .arg("POSTROUTING")
+                .arg("-j")
+                .arg("NFQUEUE")
+                .arg("--queue-num")
+                .arg("200")
+                .arg("--queue-bypass")
+                .arg("-m")
+                .arg("comment")
+                .arg("--comment")
+                .arg(TAG)
+                .status()
+                .expect("failed to add iptables rules");

-    Command::new("iptables")
-        .arg("-t")
-        .arg("filter")
-        .arg("-A")
-        .arg("FORWARD")
-        .arg("-j")
-        .arg("NFQUEUE")
-        .arg("--queue-num")
-        .arg("200")
-        .arg("--queue-bypass")
-        .status()
-        .expect("failed to add iptables rules");
+            Command::new("iptables")
+                .arg("-t")
+                .arg("mangle")
+                .arg("-I")
+                .arg("PREROUTING")
+                .arg("-j")
+                .arg("NFQUEUE")
+                .arg("--queue-num")
+                .arg("200")
+                .arg("--queue-bypass")
+                .arg("-m")
+                .arg("comment")
+                .arg("--comment")
+                .arg(TAG)
+                .status()
+                .expect("failed to add iptables rules");
+
+            Command::new("iptables")
+                .arg("-t")
+                .arg("filter")
+                .arg("-A")
+                .arg("FORWARD")
+                .arg("-j")
+                .arg("NFQUEUE")
+                .arg("--queue-num")
+                .arg("200")
+                .arg("--queue-bypass")
+                .arg("-m")
+                .arg("comment")
+                .arg("--comment")
+                .arg(TAG)
+                .status()
+                .expect("failed to add iptables rules");
+        }
+    }

    Ok(())
 }
--- a/rust/crates/zaprett/src/service.rs
+++ b/rust/crates/zaprett/src/service.rs
@@ -2,7 +2,7 @@ use crate::config::Config;
 use crate::daemon::daemonize_nfqws;
 use crate::iptables_rust::{clear_iptables_rules, setup_iptables_rules};
 use crate::{DEFAULT_START, MODULE_PATH, ZAPRETT_DIR_PATH};
-use anyhow::bail;
+use anyhow::{bail, Context};
 use log::info;
 use nix::sys::signal::{Signal, kill};
 use nix::unistd::{Pid, Uid};
@@ -10,6 +10,7 @@ use regex::Regex;
 use std::borrow::Cow;
 use std::io::ErrorKind;
 use std::path::Path;
+use std::process::Command;
 use sysctl::{Ctl, CtlValue, Sysctl};
 use sysinfo::{Pid as SysPid, System};
 use tokio::fs;
@@ -77,7 +78,23 @@ pub async fn start_service() -> anyhow::Result<()> {
    let ctl = Ctl::new("net.netfilter.nf_conntrack_tcp_be_liberal")?;
    ctl.set_value(CtlValue::String("1".into()))?;

-    setup_iptables_rules().expect("setup iptables rules");
+    let app_list_mode = config.app_list();
+    let mut apps_uid_array : Vec<u32> = Vec::new();
+    match app_list_mode.as_str() {
+        "whitelist" => {
+            for pkg in config.whitelist() {
+                apps_uid_array.push(get_uid(pkg)?)
+            }
+        }
+        "blacklist" => {
+            for pkg in config.blacklist() {
+                apps_uid_array.push(get_uid(pkg)?)
+            }
+        }
+        _ => ()
+    }
+
+    setup_iptables_rules(app_list_mode, apps_uid_array).expect("setup iptables rules");

    daemonize_nfqws(&strat_modified).await;
    println!("zaprett service started!");
@@ -136,3 +153,21 @@ pub async fn service_status() -> anyhow::Result<bool> {
    }
    Ok(false)
 }
+
+fn get_uid(pkg: &str)  -> anyhow::Result<u32>  {
+    let output = Command::new("dumpsys")
+        .arg("package")
+        .arg(pkg)
+        .output()
+        .context("failed to run dumpsys")?;
+    if !output.status.success() { bail!("dumpsys exited with code {}", output.status); }
+    let out = str::from_utf8(&output.stdout)
+        .context("dumpsys output is not valid UTF-8")?;
+
+    let regex = Regex::new(r"userId=(\d+)")?;
+
+    let caps = regex.captures(out).unwrap();
+    let uid: u32 = caps.get(1).unwrap().as_str().parse::<u32>()?;
+
+    Ok(uid)
+}
--- a/update-hosts.json
+++ b/update-hosts.json
@@ -1,6 +1,6 @@
 {
-  "version": "6.2",
-  "versionCode": 62,
-  "zipUrl": "https://github.com/egor-white/zaprett/releases/download/6.2.0/zaprett-hosts.zip",
+  "version": "6.3",
+  "versionCode": 63,
+  "zipUrl": "https://github.com/egor-white/zaprett/releases/download/6.3.0/zaprett-hosts.zip",
  "changelog": "https://raw.githubusercontent.com/egor-white/zaprett/refs/heads/main/changelog.md"
 }
--- a/update.json
+++ b/update.json
@@ -1,6 +1,6 @@
 {
-  "version": "6.2",
-  "versionCode": 62,
-  "zipUrl": "https://github.com/egor-white/zaprett/releases/download/6.2.0/zaprett.zip",
+  "version": "6.3",
+  "versionCode": 63,
+  "zipUrl": "https://github.com/egor-white/zaprett/releases/download/6.3.0/zaprett.zip",
  "changelog": "https://raw.githubusercontent.com/egor-white/zaprett/refs/heads/main/changelog.md"
 }
Author	SHA1	Message	Date
white	6efe9d8928	trying to make split tunneling	2025-12-11 17:31:41 +03:00
CherretGit	b12b6e1bb2	Update update's.json and changelog	2025-12-08 16:41:32 +00:00