Batyka/zaprett
1
0
Fork 0
mirror of https://github.com/egor-white/zaprett.git synced 2025-12-12 14:29:51 +05:00
Code Issues Packages Projects Releases 1 Wiki Activity

Compare commits

base: Batyka:main
Branches Tags
Batyka:main Batyka:split-tunneling
Batyka:6.3.0 Batyka:6.2.0 Batyka:6.0.0 Batyka:5.2.0 Batyka:5.1.0 Batyka:5.0.0 Batyka:4.9.0 Batyka:4.8.0 Batyka:4.7.0 Batyka:4.6.0 Batyka:4.5.0 Batyka:4.4.0 Batyka:4.3.0 Batyka:4.2.0 Batyka:4.1.0 Batyka:4.0.0 Batyka:3.9.0 Batyka:3.8.0 Batyka:3.7.0 Batyka:3.6.0 Batyka:3.5.0 Batyka:3.4.0 Batyka:3.3.0 Batyka:3.2.0 Batyka:3.1.0 Batyka:3.0.0 Batyka:2.9.0 Batyka:2.8.0 Batyka:2.7.0 Batyka:2.1.0 Batyka:2.2.0 Batyka:2.3.0 Batyka:2.4.0 Batyka:2.5.0 Batyka:2.6.0 Batyka:2.0.0
..
compare: Batyka:split-tunneling
Branches Tags
Batyka:split-tunneling Batyka:main
Batyka:6.3.0 Batyka:6.2.0 Batyka:6.0.0 Batyka:5.2.0 Batyka:5.1.0 Batyka:5.0.0 Batyka:4.9.0 Batyka:4.8.0 Batyka:4.7.0 Batyka:4.6.0 Batyka:4.5.0 Batyka:4.4.0 Batyka:4.3.0 Batyka:4.2.0 Batyka:4.1.0 Batyka:4.0.0 Batyka:3.9.0 Batyka:3.8.0 Batyka:3.7.0 Batyka:3.6.0 Batyka:3.5.0 Batyka:3.4.0 Batyka:3.3.0 Batyka:3.2.0 Batyka:3.1.0 Batyka:3.0.0 Batyka:2.9.0 Batyka:2.8.0 Batyka:2.7.0 Batyka:2.1.0 Batyka:2.2.0 Batyka:2.3.0 Batyka:2.4.0 Batyka:2.5.0 Batyka:2.6.0 Batyka:2.0.0

1 Commits
main ... split-tunn

Author SHA1 Message Date
white
6efe9d8928 trying to make split tunneling 2025-12-11 17:31:41 +03:00
3 changed files with 98 additions and 40 deletions
Expand all files Collapse all files

1
rust/Cargo.toml
View File

@@ -17,7 +17,6 @@ serde = { version = "1.0.228", features = ["derive"] }
serde_json = "1.0.145"
sysctl = "0.7.1"
tokio = { version = "1.48.0", features = ["full"] }
once_cell = "1.21.3"
daemonize = "0.5.0"
log = "0.4.28"
pretty_env_logger = "0.5.0"

98
rust/crates/zaprett/src/iptables_rust.rs
View File

@@ -1,45 +1,69 @@
use std::error;
use std::process::Command;
pub fn setup_iptables_rules() -> Result<(), Box<dyn error::Error>> {
Command::new("iptables")
.arg("-t")
.arg("mangle")
.arg("-I")
.arg("POSTROUTING")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.status()
.expect("failed to add iptables rules");
const TAG: &str = "zaprett";
Command::new("iptables")
.arg("-t")
.arg("mangle")
.arg("-I")
.arg("PREROUTING")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.status()
.expect("failed to add iptables rules");
pub fn setup_iptables_rules(app_list_mode: &str, app_list_array: Vec<u32>) -> Result<(), Box<dyn error::Error>> {
match (app_list_mode, !app_list_array.is_empty()) {
("whitelist", true) => {
todo!()
}
("blacklist", true) => {
todo!()
}
_ => {
Command::new("iptables")
.arg("-t")
.arg("mangle")
.arg("-I")
.arg("POSTROUTING")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.arg("-m")
.arg("comment")
.arg("--comment")
.arg(TAG)
.status()
.expect("failed to add iptables rules");
Command::new("iptables")
.arg("-t")
.arg("filter")
.arg("-A")
.arg("FORWARD")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.status()
.expect("failed to add iptables rules");
Command::new("iptables")
.arg("-t")
.arg("mangle")
.arg("-I")
.arg("PREROUTING")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.arg("-m")
.arg("comment")
.arg("--comment")
.arg(TAG)
.status()
.expect("failed to add iptables rules");
Command::new("iptables")
.arg("-t")
.arg("filter")
.arg("-A")
.arg("FORWARD")
.arg("-j")
.arg("NFQUEUE")
.arg("--queue-num")
.arg("200")
.arg("--queue-bypass")
.arg("-m")
.arg("comment")
.arg("--comment")
.arg(TAG)
.status()
.expect("failed to add iptables rules");
}
}
Ok(())
}

39
rust/crates/zaprett/src/service.rs
View File

@@ -2,7 +2,7 @@ use crate::config::Config;
use crate::daemon::daemonize_nfqws;
use crate::iptables_rust::{clear_iptables_rules, setup_iptables_rules};
use crate::{DEFAULT_START, MODULE_PATH, ZAPRETT_DIR_PATH};
use anyhow::bail;
use anyhow::{bail, Context};
use log::info;
use nix::sys::signal::{Signal, kill};
use nix::unistd::{Pid, Uid};
@@ -10,6 +10,7 @@ use regex::Regex;
use std::borrow::Cow;
use std::io::ErrorKind;
use std::path::Path;
use std::process::Command;
use sysctl::{Ctl, CtlValue, Sysctl};
use sysinfo::{Pid as SysPid, System};
use tokio::fs;
@@ -77,7 +78,23 @@ pub async fn start_service() -> anyhow::Result<()> {
let ctl = Ctl::new("net.netfilter.nf_conntrack_tcp_be_liberal")?;
ctl.set_value(CtlValue::String("1".into()))?;
setup_iptables_rules().expect("setup iptables rules");
let app_list_mode = config.app_list();
let mut apps_uid_array : Vec<u32> = Vec::new();
match app_list_mode.as_str() {
"whitelist" => {
for pkg in config.whitelist() {
apps_uid_array.push(get_uid(pkg)?)
}
}
"blacklist" => {
for pkg in config.blacklist() {
apps_uid_array.push(get_uid(pkg)?)
}
}
_ => ()
}
setup_iptables_rules(app_list_mode, apps_uid_array).expect("setup iptables rules");
daemonize_nfqws(&strat_modified).await;
println!("zaprett service started!");
@@ -136,3 +153,21 @@ pub async fn service_status() -> anyhow::Result<bool> {
}
Ok(false)
}
fn get_uid(pkg: &str) -> anyhow::Result<u32> {
let output = Command::new("dumpsys")
.arg("package")
.arg(pkg)
.output()
.context("failed to run dumpsys")?;
if !output.status.success() { bail!("dumpsys exited with code {}", output.status); }
let out = str::from_utf8(&output.stdout)
.context("dumpsys output is not valid UTF-8")?;
let regex = Regex::new(r"userId=(\d+)")?;
let caps = regex.captures(out).unwrap();
let uid: u32 = caps.get(1).unwrap().as_str().parse::<u32>()?;
Ok(uid)
}