Struct socks_hub::AccessControl

pub struct AccessControl { /* private fields */ }

ACL rules

Sections

ACL File is formatted in sections, each section has a name with surrounded by brackets [ and ] followed by Rules line by line.

[SECTION-1]
RULE-1
RULE-2
RULE-3

[SECTION-2]
RULE-1
RULE-2
RULE-3

Available sections are

• For local servers (sslocal, ssredir, …)
  • [bypass_all] - ACL runs in BlackList mode.
  • [proxy_all] - ACL runs in WhiteList mode.
  • [bypass_list] - Rules for connecting directly
  • [proxy_list] - Rules for connecting through proxies
• For remote servers (ssserver)
  • [reject_all] - ACL runs in BlackList mode.
  • [accept_all] - ACL runs in WhiteList mode.
  • [black_list] - Rules for rejecting
  • [white_list] - Rules for allowing
  • [outbound_block_list] - Rules for blocking outbound addresses.

Mode

Mode is the default ACL strategy for those addresses that are not in configuration file.

• BlackList - Bypasses / Rejects all addresses except those in [proxy_list] or [white_list]
• WhiteList - Proxies / Accepts all addresses except those in [bypass_list] or [black_list]

Rules

Rules can be either

• CIDR form network addresses, like 10.9.0.32/16
• IP addresses, like 127.0.0.1 or ::1
• Regular Expression for matching hosts, like (^|\.)gmail\.com$
• Domain with preceding | for exact matching, like |google.com
• Domain with preceding || for matching with subdomains, like ||google.com

Implementations

impl AccessControl

pub fn load_from_file<P: AsRef<Path>>(p: P) -> Result<AccessControl>

Load ACL rules from a file

pub fn file_path(&self) -> &Path

Get ACL file path

pub fn check_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

• Some(true) if host is in white_list (should be proxied)
• Some(false) if host is in black_list (should be bypassed)
• None if host doesn’t match any rules

pub fn check_ascii_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if ASCII domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

• Some(true) if host is in white_list (should be proxied)
• Some(false) if host is in black_list (should be bypassed)
• None if host doesn’t match any rules

pub fn is_ip_empty(&self) -> bool

If there are no IP rules

pub fn is_host_empty(&self) -> bool

If there are no domain name rules

pub fn check_ip_in_proxy_list(&self, ip: &IpAddr) -> bool

Check if IpAddr should be proxied

pub fn is_default_in_proxy_list(&self) -> bool

Default mode

Default behavior for hosts that are not configured

• true - Proxied
• false - Bypassed

pub async fn check_target_bypassed(&self, addr: &Address) -> bool

Check if target address should be bypassed (for client)

This function may perform a DNS resolution

pub fn check_client_blocked(&self, addr: &SocketAddr) -> bool

Check if client address should be blocked (for server)

pub async fn check_outbound_blocked(&self, outbound: &Address) -> bool

Check if outbound address is blocked (for server)

NOTE: Address::DomainAddress is only validated by regex rules, resolved addresses are checked in the lookup_outbound_then! macro

Trait Implementations

impl Clone for AccessControl

fn clone(&self) -> AccessControl

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AccessControl

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.