update redirect

e517a144 · nanahira · aaee2431 · e517a144 · e517a144 · e517a144
Commit e517a144 authored Aug 13, 2021 by nanahira
Showing with 19 additions and 10 deletions

ansible/scripts/switch-rules-up.sh.j2 ansible/scripts/switch-rules-up.sh.j2 +1 -1

ansible/scripts/utility.sh.j2 ansible/scripts/utility.sh.j2 +4 -3

src/inventory.ts src/inventory.ts +14 -6

No files found.
--- a/ansible/scripts/switch-rules-up.sh.j2
+++ b/ansible/scripts/switch-rules-up.sh.j2
@@ -18,7 +18,7 @@ interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 restore_mark_switch -A {{gw.selectionMark}}
 {% endif %}
-interface_switch_redirect -A {{gw.selectionMark}} {{gw.redirectPort}}
+interface_switch_redirect -A {{gw.selectionMark}} {{gw.redirectServerPort}}
 {% endif %}
 {% endfor %}

--- a/ansible/scripts/utility.sh.j2
+++ b/ansible/scripts/utility.sh.j2
@@ -71,7 +71,8 @@ interface_switch_oversea() {
 interface_switch_redirect() {
  OPTION=$1
  MARK=$2
-  REDIR_PORT=$3
+  REDIR_SERVER_PORT=$3
-  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i mc+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443,21,22,23,8080,8443 -j DNAT --to-destination {{address}}:$REDIR_PORT
+  REDIR_TARGET_PORTS=$4
-  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i ocs+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443,21,22,23,8080,8443 -j DNAT --to-destination {{address}}:$REDIR_PORT
+  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i mc+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports $REDIR_TARGET_PORTS -m multiport ! --dports {{allRedirectServerPorts}} -j DNAT --to-destination {{address}}:$REDIR_PORT
+  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i ocs+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports $REDIR_TARGET_PORTS -m multiport ! --dports {{allRedirectServerPorts}} -j DNAT --to-destination {{address}}:$REDIR_PORT
 }
--- a/src/inventory.ts
+++ b/src/inventory.ts
@@ -102,19 +102,23 @@ class InventoryBuilder {
    const gateways = await this.load('gateways2');
    for (let gateway of gateways) {
      gateway.isCN = this.hosts[gateway.router] && this.hosts[gateway.router].location.startsWith('CN');
-      gateway.hidden = !!gateway.hidden;
+      for (const boolField of ['hidden', 'redirectAllPorts']) {
+        gateway[boolField] = !!gateway[boolField]
+      }
      if (gateway.mark) {
        gateway.selectionMark = gateway.mark + 50;
-        gateway.redirectPort = gateway.mark + 60000;
+        gateway.redirectServerPort = gateway.mark + 60000;
      } else {
        gateway.selectionMark = 0;
-        gateway.redirectPort = 60100;
+        gateway.redirectServerPort = 60100;
      }
+      gateway.redirectTargetPorts = gateway.redirectAllPorts ? '1:65535' : this.vars.redirectTargetPorts.replace(/-/g, ':');
    }
    return gateways;
  }
  async main() {
+    this.vars = await this.loadUtilities();
    this.hosts = _.keyBy(await this.load('nextgen2'), 'name');
    this.gateways = _.mapValues(_.groupBy(await this.loadGateways(), 'router'), g => _.keyBy(g, 'isp'));
    this.gatewayGroups = await this.load('gateway groups') as GatewayGroup[];
@@ -139,7 +143,6 @@ class InventoryBuilder {
    if (process.env.LIMIT_LINKS) {
      this.linksLimit = process.env.LIMIT_LINKS.split(",");
    }
-    this.vars = await this.loadUtilities();
    const inventoryValue = { wg: { hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)])) } };
    await fs.promises.writeFile('result/inventory.yaml', YAML.stringify(inventoryValue));
    // console.log(Object.values(this.hosts));
@@ -263,13 +266,17 @@ class InventoryBuilder {
      };
    }
+    const redirectAvailableGateways = Object.values(this.gateways[host.name]).filter(gateway => !gateway.hidden);
    const gostConfig: GostConfig = {
-      Routes: Object.values(this.gateways[host.name]).filter(gateway => !gateway.hidden).map(gateway => ({
+      Routes: redirectAvailableGateways.map(gateway => ({
-        ServeNodes: [`red://${host.address}:${gateway.redirectPort}`],
+        ServeNodes: [`red://${host.address}:${gateway.redirectServerPort}`],
        Mark: gateway.selectionMark as number,
      }))
    };
+    const allRedirectServerPorts = redirectAvailableGateways.map(gateway => gateway.redirectServerPort).join(',');
    if (gostConfig.Routes.length) {
      host.gostConfig = gostConfig;
      host.dockerServices.services.gost = {
@@ -355,6 +362,7 @@ class InventoryBuilder {
      iptables_type: host.iptables || 'auto',
      gostConfig,
      installGost: !!gostConfig,
+      allRedirectServerPorts,
    };
  }