[][src]Struct shadowsocks::acl::AccessControl

pub struct AccessControl { /* fields omitted */ }

ACL rules

Sections

ACL File is formatted in sections, each section has a name with surrounded by brackets [ and ] followed by Rules line by line.

[SECTION-1]
RULE-1
RULE-2
RULE-3

[SECTION-2]
RULE-1
RULE-2
RULE-3

Available sections are

  • For local servers (sslocal, ssredir, ...)
    • [bypass_all] - ACL runs in BlackList mode.
    • [proxy_all] - ACL runs in WhiteList mode.
    • [bypass_list] - Rules for connecting directly
    • [proxy_list] - Rules for connecting through proxies
  • For remote servers (ssserver)
    • [reject_all] - ACL runs in BlackList mode.
    • [accept_all] - ACL runs in WhiteList mode.
    • [black_list] - Rules for rejecting
    • [white_list] - Rules for allowing
    • [outbound_block_list] - Rules for blocking outbound addresses.

Mode

Mode is the default ACL strategy for those addresses that are not in configuration file.

  • BlackList - Bypasses / Rejects all addresses except those in [proxy_list] or [white_list]
  • WhiltList - Proxies / Accepts all addresses except those in [bypass_list] or [black_list]

Rules

Rules can be either

  • CIDR form network addresses, like 10.9.0.32/16
  • IP addresses, like 127.0.0.1 or ::1
  • Regular Expression for matching hosts, like (^|\.)gmail\.com$

Implementations

impl AccessControl[src]

pub fn load_from_file<P: AsRef<Path>>(p: P) -> Result<AccessControl>[src]

Load ACL rules from a file

pub fn check_host_in_proxy_list(&self, host: &str) -> Option<bool>[src]

Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android's DNS relay)

Return

  • Some(true) if host is in white_list (should be proxied)
  • Some(false) if host is in black_list (should be bypassed)
  • None if host doesn't match any rules

pub fn is_ip_empty(&self) -> bool[src]

If there are no IP rules

pub fn is_host_empty(&self) -> bool[src]

If there are no domain name rules

pub fn check_ip_in_proxy_list(&self, ip: &IpAddr) -> bool[src]

Check if IpAddr should be proxied

pub fn is_default_in_proxy_list(&self) -> bool[src]

Default mode

Default behavor for hosts that are not configured

  • true - Proxied
  • false - Bypassed

pub async fn check_target_bypassed<'_, '_, '_>(
    &'_ self,
    context: &'_ Context,
    addr: &'_ Address
) -> bool[src]

Check if target address should be bypassed (for client)

This function may perform a DNS resolution

pub fn check_client_blocked(&self, addr: &SocketAddr) -> bool[src]

Check if client address should be blocked (for server)

pub async fn check_outbound_blocked<'_, '_, '_>(
    &'_ self,
    context: &'_ Context,
    outbound: &'_ Address
) -> bool[src]

Check if outbound address is blocked (for server)

NOTE: Address::DomainName is only validated by regex rules, resolved addresses are checked in the lookup_outbound_then! macro

Trait Implementations

impl Clone for AccessControl[src]

impl Debug for AccessControl[src]

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> CloneAny for T where
    T: Clone + Any

impl<T> DebugAny for T where
    T: Any + Debug

impl<T> From<T> for T[src]

impl<T> Instrument for T[src]

impl<T> Instrument for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T[src]

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<T> UnsafeAny for T where
    T: Any

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,