Struct shadowsocks_service::acl::AccessControl [−][src]
ACL rules
Sections
ACL File is formatted in sections, each section has a name with surrounded by brackets [
and ]
followed by Rules line by line.
[SECTION-1]
RULE-1
RULE-2
RULE-3
[SECTION-2]
RULE-1
RULE-2
RULE-3
Available sections are
- For local servers (
sslocal
,ssredir
, …)[bypass_all]
- ACL runs inBlackList
mode.[proxy_all]
- ACL runs inWhiteList
mode.[bypass_list]
- Rules for connecting directly[proxy_list]
- Rules for connecting through proxies
- For remote servers (
ssserver
)[reject_all]
- ACL runs inBlackList
mode.[accept_all]
- ACL runs inWhiteList
mode.[black_list]
- Rules for rejecting[white_list]
- Rules for allowing[outbound_block_list]
- Rules for blocking outbound addresses.
Mode
Mode is the default ACL strategy for those addresses that are not in configuration file.
BlackList
- Bypasses / Rejects all addresses except those in[proxy_list]
or[white_list]
WhiltList
- Proxies / Accepts all addresses except those in[bypass_list]
or[black_list]
Rules
Rules can be either
- CIDR form network addresses, like
10.9.0.32/16
- IP addresses, like
127.0.0.1
or::1
- Regular Expression for matching hosts, like
(^|\.)gmail\.com$
Implementations
impl AccessControl
[src]
pub fn load_from_file<P: AsRef<Path>>(p: P) -> Result<AccessControl>
[src]
Load ACL rules from a file
pub fn check_host_in_proxy_list(&self, host: &str) -> Option<bool>
[src]
Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)
Return
Some(true)
ifhost
is inwhite_list
(should be proxied)Some(false)
ifhost
is inblack_list
(should be bypassed)None
ifhost
doesn’t match any rules
pub fn is_ip_empty(&self) -> bool
[src]
If there are no IP rules
pub fn is_host_empty(&self) -> bool
[src]
If there are no domain name rules
pub fn check_ip_in_proxy_list(&self, ip: &IpAddr) -> bool
[src]
Check if IpAddr
should be proxied
pub fn is_default_in_proxy_list(&self) -> bool
[src]
Default mode
Default behavor for hosts that are not configured
true
- Proxiedfalse
- Bypassed
pub async fn check_target_bypassed(
&self,
context: &Context,
addr: &Address
) -> bool
[src]
&self,
context: &Context,
addr: &Address
) -> bool
Check if target address should be bypassed (for client)
This function may perform a DNS resolution
pub fn check_client_blocked(&self, addr: &SocketAddr) -> bool
[src]
Check if client address should be blocked (for server)
pub async fn check_outbound_blocked(
&self,
context: &Context,
outbound: &Address
) -> bool
[src]
&self,
context: &Context,
outbound: &Address
) -> bool
Check if outbound address is blocked (for server)
NOTE: Address::DomainName
is only validated by regex rules,
resolved addresses are checked in the lookup_outbound_then!
macro
Trait Implementations
impl Clone for AccessControl
[src]
fn clone(&self) -> AccessControl
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Debug for AccessControl
[src]
Auto Trait Implementations
impl RefUnwindSafe for AccessControl
impl Send for AccessControl
impl Sync for AccessControl
impl Unpin for AccessControl
impl UnwindSafe for AccessControl
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Any for T where
T: Any,
T: Any,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> CloneAny for T where
T: Clone + Any,
T: Clone + Any,
impl<T> CloneAny for T where
T: Clone + Any,
T: Clone + Any,
pub fn clone_any(&self) -> Box<dyn CloneAny + 'static, Global>
pub fn clone_any_send(&self) -> Box<dyn CloneAny + 'static + Send, Global> where
T: Send,
T: Send,
pub fn clone_any_sync(&self) -> Box<dyn CloneAny + 'static + Sync, Global> where
T: Sync,
T: Sync,
pub fn clone_any_send_sync(
&self
) -> Box<dyn CloneAny + 'static + Sync + Send, Global> where
T: Send + Sync,
&self
) -> Box<dyn CloneAny + 'static + Sync + Send, Global> where
T: Send + Sync,
impl<T> DebugAny for T where
T: Any + Debug,
T: Any + Debug,
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> UnsafeAny for T where
T: Any,
T: Any,
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
V: MultiLane<T>,