feature: #61 - Port filter on outgoing connections via 'ignored_ports…

…' configuration value
Project-Faster · Sep 25, 2024 · 488914c · 488914c
1 parent 7ed4a84
commit 488914c
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 18 deletions.
diff --git a/docs/user-manual.md b/docs/user-manual.md
@@ -36,15 +36,17 @@ goals are to:
 
 \bigskip
 
-The acceleration of the TCP connections is accomplished on the client side by redirecting, in one of two ways, those connections that would have normally be sent over the high latency network:
+The acceleration of the TCP connections is accomplished on the client side by redirecting, with following methods, those connections that would have normally be sent over the high latency network:
 
 1. WinDivert Driver (*Windows Only*)
 
-2. Local Proxy
+2. IPtables redirect (*Linux Only*)
+
+3. Local Proxy
 
 \bigskip
 
-Both methods do seamlessly bridge, in the form of QUIC streams, the TCP connections originated on the local machine through to a QUIC tunnel which is received on the server machine.
+The methods do seamlessly bridge, in the form of QUIC streams, the TCP connections originated on the local machine through to a QUIC tunnel which is received on the server machine.
 
 \bigskip
 
@@ -79,7 +81,7 @@ The benefits of using the QUIC protocol over UDP are too numerous to list here,
 
 \newpage
 
-QPep supports different backend implementations of the QUIC protocol at the moment:
+QPep supports different backend implementations of the QUIC protocol currently:
 
 * _[Quicly](https://github.com/h2o/quicly)_ : Through the [Quicly-Go](https://github.com/Project-Faster/quicly-go) wrapper, which supports the new SEARCH CCA slowstart implementation
 
@@ -112,8 +114,6 @@ Refer to https://github.com/Project-Faster/qpep/releases to download the latest
 ### Windows
 
 > Before proceding be sure to have Administrator rights for your local machine
->
-> QPep currently only supports client mode on windows currently
 
 Once obtained the install.msi file, open it and you'll be greeted by the intro screen:
 
@@ -187,10 +187,7 @@ are created in the installation directory.
 
 #### Notes on redirection
 
-On Linux platform, setting the `prefer_proxy: true` value will not work as on the other platforms, proxy settings on Linux cannot
-be set dynamically.
-
-This implies that only `prefer_proxy: false` is actually useful and should be set as such.
+On Linux platform, setting the `prefer_proxy: true` parameter has no effect as only the iptables diverter is usable dynamically.
 
 
 \newpage
@@ -245,6 +242,8 @@ analytics:
   topic: data-topic
 
 limits:
+  ignored_ports:
+    - 3389      # example exclude RDP in TCP mode
   incoming:
     - 192.168.1.100: 100K
   outgoing:
@@ -343,7 +342,9 @@ Parameters used to configure the support for sending performance statistics to m
 
 #### Limits
 
-Allows to set speed limits for incoming and outgoing connections.
+Allows to set limits for incoming and outgoing connections.
+
+* **ignored_ports** : List of ports to ignore in redirection (implicitly contains port 53 for DNS)
 
 * **incoming** : Map composed by key / value pairs where the key is the address of the incoming connection and the value is the bytes per second specification (eg. 100K)
 
@@ -439,7 +440,7 @@ From left to right:
 Based on these parameters we can draft the two configurations for the client and the server.
 
 
-Client configuraiton
+Client configuration
 ------
 
 A possible configuration file `qpep.yml` for the client would be:

diff --git a/workers/client/client.go b/workers/client/client.go
@@ -5,6 +5,7 @@ import (
 	"github.com/parvit/qpep/shared/logger"
 	"github.com/parvit/qpep/workers/gateway"
 	"net"
+	"runtime"
 	"runtime/debug"
 	"strconv"
 	"sync"
@@ -275,6 +276,11 @@ func validateConfiguration() {
 
 	configuration.AssertParamNumeric("auto-redirected interfaces", len(clientAdditional.RedirectedInterfaces), 0, 256)
 
+	if runtime.GOOS != "windows" {
+		logger.Info("Platform forced prefer_proxy to true\n")
+		configGeneral.PreferProxy = true
+	}
+
 	// validation ok
 	logger.Info("Client configuration validation OK\n")
 }
diff --git a/workers/client/client_network_linux_test.go b/workers/client/client_network_linux_test.go
@@ -126,7 +126,7 @@ func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferDiverterKeepRedirec
 	return
 
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_OK
 	})
@@ -249,7 +249,7 @@ func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferProxySwitchToProxy_
 		}
 	})
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_OK
 	})
@@ -279,7 +279,7 @@ func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferProxySwitchToProxy_
 		}
 	})
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_ERROR_FAILED
 	})

diff --git a/workers/client/client_network_windows_test.go b/workers/client/client_network_windows_test.go
@@ -120,7 +120,7 @@ func (s *ClientNetworkSuite) TestInitialCheckConnection_PreferProxy() {
 
 func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferDiverterKeepRedirect() {
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_OK
 	})
@@ -231,7 +231,7 @@ func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferProxySwitchToProxy_
 		}
 	})
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_OK
 	})
@@ -258,7 +258,7 @@ func (s *ClientNetworkSuite) TestFailedCheckConnection_PreferProxySwitchToProxy_
 		}
 	})
 	var calledInit = false
-	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64) int {
+	monkey.Patch(windivert.InitializeWinDivertEngine, func(string, string, int, int, int, int64, []int) int {
 		calledInit = true
 		return windivert.DIVERT_ERROR_FAILED
 	})