Struct shadowsocks_service::acl::AccessControl [−][src]
pub struct AccessControl { /* fields omitted */ }
Expand description
ACL rules
Sections
ACL File is formatted in sections, each section has a name with surrounded by brackets [
and ]
followed by Rules line by line.
[SECTION-1]
RULE-1
RULE-2
RULE-3
[SECTION-2]
RULE-1
RULE-2
RULE-3
Available sections are
- For local servers (
sslocal
,ssredir
, …)[bypass_all]
- ACL runs inBlackList
mode.[proxy_all]
- ACL runs inWhiteList
mode.[bypass_list]
- Rules for connecting directly[proxy_list]
- Rules for connecting through proxies
- For remote servers (
ssserver
)[reject_all]
- ACL runs inBlackList
mode.[accept_all]
- ACL runs inWhiteList
mode.[black_list]
- Rules for rejecting[white_list]
- Rules for allowing[outbound_block_list]
- Rules for blocking outbound addresses.
Mode
Mode is the default ACL strategy for those addresses that are not in configuration file.
BlackList
- Bypasses / Rejects all addresses except those in[proxy_list]
or[white_list]
WhiltList
- Proxies / Accepts all addresses except those in[bypass_list]
or[black_list]
Rules
Rules can be either
- CIDR form network addresses, like
10.9.0.32/16
- IP addresses, like
127.0.0.1
or::1
- Regular Expression for matching hosts, like
(^|\.)gmail\.com$
- Domain with preceding
|
for exact matching, like|google.com
- Domain with preceding
||
for matching with subdomains, like||google.com
Implementations
Load ACL rules from a file
Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)
Return
Some(true)
ifhost
is inwhite_list
(should be proxied)Some(false)
ifhost
is inblack_list
(should be bypassed)None
ifhost
doesn’t match any rules
Check if ASCII domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)
Return
Some(true)
ifhost
is inwhite_list
(should be proxied)Some(false)
ifhost
is inblack_list
(should be bypassed)None
ifhost
doesn’t match any rules
If there are no IP rules
If there are no domain name rules
Check if IpAddr
should be proxied
Default mode
Default behavior for hosts that are not configured
true
- Proxiedfalse
- Bypassed
Check if target address should be bypassed (for client)
This function may perform a DNS resolution
Check if client address should be blocked (for server)
Check if outbound address is blocked (for server)
NOTE: Address::DomainName
is only validated by regex rules,
resolved addresses are checked in the lookup_outbound_then!
macro
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for AccessControl
impl Send for AccessControl
impl Sync for AccessControl
impl Unpin for AccessControl
impl UnwindSafe for AccessControl
Blanket Implementations
Mutably borrows from an owned value. Read more
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more