AccessControl

Struct AccessControl

pub struct AccessControl { /* private fields */ }

Expand description

ACL rules

§Sections

ACL File is formatted in sections, each section has a name with surrounded by brackets [ and ] followed by Rules line by line.

[SECTION-1]
RULE-1
RULE-2
RULE-3

[SECTION-2]
RULE-1
RULE-2
RULE-3

Available sections are

For local servers (sslocal, ssredir, …)
- [bypass_all] - ACL runs in BlackList mode.
- [proxy_all] - ACL runs in WhiteList mode.
- [bypass_list] - Rules for connecting directly
- [proxy_list] - Rules for connecting through proxies
For remote servers (ssserver)
- [reject_all] - ACL runs in BlackList mode.
- [accept_all] - ACL runs in WhiteList mode.
- [black_list] - Rules for rejecting
- [white_list] - Rules for allowing
- [outbound_block_list] - Rules for blocking outbound addresses.

§Mode

Mode is the default ACL strategy for those addresses that are not in configuration file.

BlackList - Bypasses / Rejects all addresses except those in [proxy_list] or [white_list]
WhiteList - Proxies / Accepts all addresses except those in [bypass_list] or [black_list]

§Rules

Rules can be either

CIDR form network addresses, like 10.9.0.32/16
IP addresses, like 127.0.0.1 or ::1
Regular Expression for matching hosts, like (^|\.)gmail\.com$
Domain with preceding | for exact matching, like |google.com
Domain with preceding || for matching with subdomains, like ||google.com

Implementations§

impl AccessControl

pub fn load_from_file<P: AsRef<Path>>(p: P) -> Result<AccessControl>

Load ACL rules from a file

pub fn file_path(&self) -> &Path

Get ACL file path

pub fn check_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

Some(true) if host is in white_list (should be proxied)
Some(false) if host is in black_list (should be bypassed)
None if host doesn’t match any rules

pub fn check_ascii_host_in_proxy_list(&self, host: &str) -> Option<bool>

Check if ASCII domain name is in proxy_list. If so, it should be resolved from remote (for Android’s DNS relay)

Return

Some(true) if host is in white_list (should be proxied)
Some(false) if host is in black_list (should be bypassed)
None if host doesn’t match any rules

pub fn is_ip_empty(&self) -> bool

If there are no IP rules

pub fn is_host_empty(&self) -> bool

If there are no domain name rules

pub fn check_ip_in_proxy_list(&self, ip: &IpAddr) -> bool

Check if IpAddr should be proxied

pub fn is_default_in_proxy_list(&self) -> bool

Default mode

Default behavior for hosts that are not configured

true - Proxied
false - Bypassed

pub async fn check_target_bypassed(&self, addr: &Address) -> bool

Check if target address should be bypassed (for client)

This function may perform a DNS resolution

pub fn check_client_blocked(&self, addr: &SocketAddr) -> bool

Check if client address should be blocked (for server)

pub async fn check_outbound_blocked(&self, outbound: &Address) -> bool

Check if outbound address is blocked (for server)

NOTE: Address::DomainAddress is only validated by regex rules, resolved addresses are checked in the lookup_outbound_then! macro

Trait Implementations§

impl Clone for AccessControl

fn clone(&self) -> AccessControl

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for AccessControl

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl Freeze for AccessControl

impl RefUnwindSafe for AccessControl

impl Send for AccessControl

impl Sync for AccessControl

impl Unpin for AccessControl

impl UnwindSafe for AccessControl

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<T> ErasedDestructor for T
where T: 'static,