example: add biglist to ruleset_simple.lua

Signed-off-by: He Xian <[email protected]>
hexian000 · Nov 10, 2024 · 1f58d51 · 1f58d51
1 parent 1076d98
commit 1f58d51
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 20 deletions.
diff --git a/example/ruleset.lua b/example/ruleset.lua
@@ -31,11 +31,11 @@ end
 local API_ENDPOINT = "api.neosocksd.internal:80"
 local INTERNAL_DOMAIN = ".internal"
 
--- 1. _G.redirect*: match the raw request "host:port"
+-- 1. _G.redirect*: handle requests as a string
 -- in {matcher, action, optional log tag}
 -- matching stops after a match is found
 
--- _G.redirect_name: for requests with name string
+-- _G.redirect_name: handle domain name requests in "host:port"
 _G.redirect_name = {
     -- rule.redirect(addr, proxy1, proxy2, ...)
     { match.exact("peer0.lan:22"),         rule.redirect("host-gateway:22"),       "ssh" },
@@ -56,7 +56,7 @@ _G.redirect_name = {
     -- otherwise, go to _G.route_default
 }
 
--- _G.redirect: for requests with IPv4 address
+-- _G.redirect: handle IPv4 requests in "ip:port"
 _G.redirect = {
     -- redirect TCP DNS to local cache
     { match.exact("1.1.1.1:53"), rule.redirect("127.0.0.53:53") },
@@ -66,10 +66,13 @@ _G.redirect = {
     -- go to _G.route
 }
 
--- _G.redirect6: for requests with IPv6 address
+-- _G.redirect6: handle IPv6 requests in "[ipv6]:port"
 _G.redirect6 = {
+    -- redirect TCP DNS to local cache
+    { match.exact("[2606:4700:4700::1111]:53"), rule.redirect("127.0.0.53:53") },
+    { match.exact("[2606:4700:4700::1001]:53"), rule.redirect("127.0.0.53:53") },
     -- global condition
-    { is_disabled, rule.reject(), "off" },
+    { is_disabled,                              rule.reject(),                 "off" },
     -- go to _G.route6
 }
 
@@ -84,7 +87,7 @@ _G.hosts = {
 -- jump to region2 through region1 proxy
 local proxy_region2 = rule.proxy("socks4a://192.168.32.1:1080", "socks4a://192.168.33.1:1080")
 
--- 3. _G.route*: match the IP address
+-- 3. _G.route*: handle requests by IP address (faster subnet matching)
 _G.route = {
     -- reject loopback or link-local
     { inet.subnet("127.0.0.0/8"),     rule.reject() },

diff --git a/example/ruleset_simple.lua b/example/ruleset_simple.lua
@@ -3,34 +3,39 @@ _G.libruleset    = require("libruleset")
 
 -- [[ configurations ]] --
 
--- 1. _G.redirect*: match the full request "host:port"
+-- 1. _G.redirect*: handle requests as a string
 -- in {matcher, action, optional log tag}
 -- matching stops after a match is found
 
--- _G.redirect_name: for requests with name string
+-- _G.redirect_name: handle domain name requests in "host:port"
 _G.redirect_name = {
     -- access mDNS sites directly
-    { match.domain(".local"),        rule.direct() },
+    { match.domain(".local"),              rule.direct() },
     -- loopback
-    { match.exact("server.lan:22"),  rule.redirect("127.0.0.1:22"), "ssh" },
-    { match.exact("server.lan:80"),  rule.redirect("127.0.0.1:80"), "web" },
-    { match.exact("server.lan:443"), rule.reject(),                 "web" },
+    { match.exact("server.lan:22"),        rule.redirect("127.0.0.1:22"),          "ssh" },
+    { match.exact("server.lan:80"),        rule.redirect("127.0.0.1:80"),          "web" },
+    { match.exact("server.lan:443"),       rule.reject(),                          "web" },
     -- self assignment
-    { match.host("server.lan"),      rule.redirect("127.0.0.1:"),   "localhost" },
+    { match.host("server.lan"),            rule.redirect("127.0.0.1:"),            "localhost" },
+    -- dynamically loaded big domains list
+    { composite.maybe(_G, "biglist_name"), rule.proxy("socks4a://proxy.lan:1080"), "biglist" },
     -- if in _G.hosts, go to _G.route/_G.route6
     -- otherwise, go to _G.route_default
 }
 
--- _G.redirect: for requests with IPv4 address
+-- _G.redirect: handle IPv4 requests in "ip:port"
 _G.redirect      = {
     -- redirect TCP DNS to local cache
     { match.exact("1.1.1.1:53"), rule.redirect("127.0.0.53:53") },
     { match.exact("1.0.0.1:53"), rule.redirect("127.0.0.53:53") },
     -- go to _G.route
 }
 
--- _G.redirect6: for requests with IPv6 address
+-- _G.redirect6: handle IPv6 requests in "[ipv6]:port"
 _G.redirect6     = {
+    -- redirect TCP DNS to local cache
+    { match.exact("[2606:4700:4700::1111]:53"), rule.redirect("127.0.0.53:53") },
+    { match.exact("[2606:4700:4700::1001]:53"), rule.redirect("127.0.0.53:53") },
     -- go to _G.route6
 }
 
@@ -39,13 +44,15 @@ _G.hosts         = {
     ["site1.lan"] = "192.168.1.100",
 }
 
--- 3. _G.route*: match the IP address
+-- 3. _G.route*: handle requests by IP address (faster subnet matching)
 _G.route         = {
     -- reject loopback or link-local
-    { inet.subnet("127.0.0.0/8"),    rule.reject() },
-    { inet.subnet("169.254.0.0/16"), rule.reject() },
+    { inet.subnet("127.0.0.0/8"),     rule.reject() },
+    { inet.subnet("169.254.0.0/16"),  rule.reject() },
     -- access lan addresses directly
-    { inet.subnet("192.168.0.0/16"), rule.direct(), "lan" },
+    { inet.subnet("192.168.0.0/16"),  rule.direct(), "lan" },
+    -- dynamically loaded big IP ranges list
+    { composite.maybe(_G, "biglist"), rule.direct(), "biglist" },
     -- go to _G.route_default
 }
 
@@ -55,12 +62,14 @@ _G.route6        = {
     { inet6.subnet("fe80::/10"),              rule.reject() },
     { inet6.subnet("::ffff:127.0.0.0/104"),   rule.reject() },
     { inet6.subnet("::ffff:169.254.0.0/112"), rule.reject() },
+    -- dynamically loaded big IP ranges list
+    { composite.maybe(_G, "biglist6"),        rule.direct(), "biglist" },
     -- go to _G.route_default
 }
 
 -- 4. the global default applies to all unmatched requests
 -- in {action, optional log tag}
-_G.route_default = { rule.proxy("socks5://user:pass@internet-gateway.lan:1080"), "internet" }
+_G.route_default = { rule.proxy("socks5://user:[email protected]:1080"), "wan" }
 
 local function main(...)
     pcall(collectgarbage, "generational")