Struct shadowsocks_service::acl::AccessControl[−][src]

pub struct AccessControl { /* fields omitted */ }

Expand description

ACL rules

Sections

ACL File is formatted in sections, each section has a name with surrounded by brackets [ and ] followed by Rules line by line.

[SECTION-1]
RULE-1
RULE-2
RULE-3

[SECTION-2]
RULE-1
RULE-2
RULE-3

Available sections are

For local servers (sslocal, ssredir, …)
- [bypass_all] - ACL runs in BlackList mode.
- [proxy_all] - ACL runs in WhiteList mode.
- [bypass_list] - Rules for connecting directly
- [proxy_list] - Rules for connecting through proxies
For remote servers (ssserver)
- [reject_all] - ACL runs in BlackList mode.
- [accept_all] - ACL runs in WhiteList mode.
- [black_list] - Rules for rejecting
- [white_list] - Rules for allowing
- [outbound_block_list] - Rules for blocking outbound addresses.

Mode

Mode is the default ACL strategy for those addresses that are not in configuration file.

BlackList - Bypasses / Rejects all addresses except those in [proxy_list] or [white_list]
WhiltList - Proxies / Accepts all addresses except those in [bypass_list] or [black_list]

Rules

Rules can be either

CIDR form network addresses, like 10.9.0.32/16
IP addresses, like 127.0.0.1 or ::1
Regular Expression for matching hosts, like (^|\.)gmail\.com$
Domain with preceding | for exact matching, like |google.com
Domain with preceding || for matching with subdomains, like ||google.com

Implementations

impl AccessControl

pub fn load_from_file<P: AsRef<Path>>(p: P) -> Result<AccessControl>

Load ACL rules from a file

pub fn check_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

Some(true) if host is in white_list (should be proxied)
Some(false) if host is in black_list (should be bypassed)
None if host doesn’t match any rules

pub fn check_ascii_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if ASCII domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

Some(true) if host is in white_list (should be proxied)
Some(false) if host is in black_list (should be bypassed)
None if host doesn’t match any rules

pub fn is_ip_empty(&self) -> bool

If there are no IP rules

pub fn is_host_empty(&self) -> bool

If there are no domain name rules

pub fn check_ip_in_proxy_list(&self, ip: &IpAddr) -> bool

Check if IpAddr should be proxied

pub fn is_default_in_proxy_list(&self) -> bool

Default mode

Default behavior for hosts that are not configured

true - Proxied
false - Bypassed

pub async fn check_target_bypassed(
    &self,
    context: &Context,
    addr: &Address
) -> bool

Check if target address should be bypassed (for client)

This function may perform a DNS resolution

pub fn check_client_blocked(&self, addr: &SocketAddr) -> bool

Check if client address should be blocked (for server)

pub async fn check_outbound_blocked(
    &self,
    context: &Context,
    outbound: &Address
) -> bool

Check if outbound address is blocked (for server)

NOTE: Address::DomainName is only validated by regex rules, resolved addresses are checked in the lookup_outbound_then! macro

Trait Implementations

impl Clone for AccessControl

fn clone(&self) -> AccessControl

Returns a copy of the value. Read more

1.0.0[src]

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for AccessControl

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations

impl RefUnwindSafe for AccessControl

impl Send for AccessControl

impl Sync for AccessControl

impl Unpin for AccessControl

impl UnwindSafe for AccessControl

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

pub fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

pub fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

pub fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

pub fn from(t: T) -> T

Performs the conversion.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T where
U: From<T>,

pub fn into(self) -> U

Performs the conversion.

impl<T> ToOwned for T where
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

pub fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

pub fn clone_into(&self, target: &mut T)

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T where
V: MultiLane<T>,

pub fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self> where
S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more