pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-02-08 05:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rewriteTo

Browse Source
This commit is contained in:
Owen
2025-11-25 11:29:41 -05:00
parent 61b9615aea
commit da04746781
3 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
clients/clients.go
View File

@@ -37,6 +37,7 @@ type WgConfig struct {
type Target struct {
SourcePrefix string `json:"sourcePrefix"`
DestPrefix string `json:"destPrefix"`
RewriteTo string `json:"rewriteTo,omitempty"`
PortRange []PortRange `json:"portRange,omitempty"`
}
@@ -472,6 +473,15 @@ func (s *WireGuardService) ensureTargets(targets []Target) error {
return fmt.Errorf("invalid CIDR %s: %v", target.DestPrefix, err)
}
var rewriteTo netip.Prefix
if target.RewriteTo != "" {
rewriteTo, err = netip.ParsePrefix(target.RewriteTo)
if err != nil {
logger.Info("Invalid CIDR %s: %v", target.RewriteTo, err)
continue
}
}
var portRanges []netstack2.PortRange
for _, pr := range target.PortRange {
portRanges = append(portRanges, netstack2.PortRange{
@@ -480,7 +490,7 @@ func (s *WireGuardService) ensureTargets(targets []Target) error {
})
}
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, portRanges)
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, rewriteTo, portRanges)
logger.Info("Added target subnet from %s to %s with port ranges: %v", target.SourcePrefix, target.DestPrefix, target.PortRange)
}
@@ -864,6 +874,15 @@ func (s *WireGuardService) handleAddTarget(msg websocket.WSMessage) {
continue
}
var rewriteTo netip.Prefix
if target.RewriteTo != "" {
rewriteTo, err = netip.ParsePrefix(target.RewriteTo)
if err != nil {
logger.Info("Invalid CIDR %s: %v", target.RewriteTo, err)
continue
}
}
var portRanges []netstack2.PortRange
for _, pr := range target.PortRange {
portRanges = append(portRanges, netstack2.PortRange{
@@ -872,7 +891,7 @@ func (s *WireGuardService) handleAddTarget(msg websocket.WSMessage) {
})
}
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, portRanges)
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, rewriteTo, portRanges)
logger.Info("Added target subnet from %s to %s with port ranges: %v", target.SourcePrefix, target.DestPrefix, target.PortRange)
}
@@ -979,6 +998,15 @@ func (s *WireGuardService) handleUpdateTarget(msg websocket.WSMessage) {
continue
}
var rewriteTo netip.Prefix
if target.RewriteTo != "" {
rewriteTo, err = netip.ParsePrefix(target.RewriteTo)
if err != nil {
logger.Info("Invalid CIDR %s: %v", target.RewriteTo, err)
continue
}
}
var portRanges []netstack2.PortRange
for _, pr := range target.PortRange {
portRanges = append(portRanges, netstack2.PortRange{
@@ -987,7 +1015,7 @@ func (s *WireGuardService) handleUpdateTarget(msg websocket.WSMessage) {
})
}
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, portRanges)
s.tnet.AddProxySubnetRule(sourcePrefix, destPrefix, rewriteTo, portRanges)
logger.Info("Added target subnet from %s to %s with port ranges: %v", target.SourcePrefix, target.DestPrefix, target.PortRange)
}
}

8
netstack2/proxy.go
View File

@@ -27,6 +27,7 @@ type PortRange struct {
type SubnetRule struct {
SourcePrefix netip.Prefix // Source IP prefix (who is sending)
DestPrefix netip.Prefix // Destination IP prefix (where it's going)
RewriteTo netip.Prefix // Optional rewrite address for destination
PortRanges []PortRange // empty slice means all ports allowed
}
@@ -51,7 +52,7 @@ func NewSubnetLookup() *SubnetLookup {
// AddSubnet adds a subnet rule with source and destination prefixes and optional port restrictions
// If portRanges is nil or empty, all ports are allowed for this subnet
func (sl *SubnetLookup) AddSubnet(sourcePrefix, destPrefix netip.Prefix, portRanges []PortRange) {
func (sl *SubnetLookup) AddSubnet(sourcePrefix, destPrefix, rewriteTo netip.Prefix, portRanges []PortRange) {
sl.mu.Lock()
defer sl.mu.Unlock()
@@ -63,6 +64,7 @@ func (sl *SubnetLookup) AddSubnet(sourcePrefix, destPrefix netip.Prefix, portRan
sl.rules[key] = &SubnetRule{
SourcePrefix: sourcePrefix,
DestPrefix: destPrefix,
RewriteTo: rewriteTo,
PortRanges: portRanges,
}
}
@@ -200,11 +202,11 @@ func NewProxyHandler(options ProxyHandlerOptions) (*ProxyHandler, error) {
// sourcePrefix: The IP prefix of the peer sending the data
// destPrefix: The IP prefix of the destination
// If portRanges is nil or empty, all ports are allowed for this subnet
func (p *ProxyHandler) AddSubnetRule(sourcePrefix, destPrefix netip.Prefix, portRanges []PortRange) {
func (p *ProxyHandler) AddSubnetRule(sourcePrefix, destPrefix, rewriteTo netip.Prefix, portRanges []PortRange) {
if p == nil || !p.enabled {
return
}
p.subnetLookup.AddSubnet(sourcePrefix, destPrefix, portRanges)
p.subnetLookup.AddSubnet(sourcePrefix, destPrefix, rewriteTo, portRanges)
}
// RemoveSubnetRule removes a subnet from the proxy handler

4
netstack2/tun.go
View File

@@ -350,10 +350,10 @@ func (net *Net) ListenUDP(laddr *net.UDPAddr) (*gonet.UDPConn, error) {
// AddProxySubnetRule adds a subnet rule to the proxy handler
// If portRanges is nil or empty, all ports are allowed for this subnet
func (net *Net) AddProxySubnetRule(sourcePrefix, destPrefix netip.Prefix, portRanges []PortRange) {
func (net *Net) AddProxySubnetRule(sourcePrefix, destPrefix, rewriteTo netip.Prefix, portRanges []PortRange) {
tun := (*netTun)(net)
if tun.proxyHandler != nil {
tun.proxyHandler.AddSubnetRule(sourcePrefix, destPrefix, portRanges)
tun.proxyHandler.AddSubnetRule(sourcePrefix, destPrefix, rewriteTo, portRanges)
}
}