File tree 3 files changed +23
-2
lines changed
crates/shadowsocks-service/src/server 3 files changed +23
-2
lines changed Original file line number Diff line number Diff line change 11//! Shadowsocks Local Server Context
22
3- use std:: sync:: Arc ;
3+ use std:: { net :: SocketAddr , sync:: Arc } ;
44
55use shadowsocks:: {
66 config:: ServerType ,
@@ -100,6 +100,14 @@ impl ServiceContext {
100100 }
101101 }
102102
103+ /// Check if client should be blocked
104+ pub fn check_client_blocked ( & self , addr : & SocketAddr ) -> bool {
105+ match self . acl {
106+ None => false ,
107+ Some ( ref acl) => acl. check_client_blocked ( addr) ,
108+ }
109+ }
110+
103111 /// Try to connect IPv6 addresses first if hostname could be resolved to both IPv4 and IPv6
104112pub fn set_ipv6_first ( & mut self , ipv6_first : bool ) {
105113 let context = Arc :: get_mut ( & mut self . context ) . expect ( "cannot set ipv6_first on a shared context" ) ;
Original file line number Diff line number Diff line change @@ -61,6 +61,11 @@ impl TcpServer {
6161 }
6262 } ;
6363
64+ if self . context . check_client_blocked ( & peer_addr) {
65+ warn ! ( "access denied from {} by ACL rules" , peer_addr) ;
66+ continue ;
67+ }
68+
6469 let client = TcpServerClient {
6570 context : self . context . clone ( ) ,
6671 method : svr_cfg. method ( ) ,
Original file line number Diff line number Diff line change @@ -112,8 +112,16 @@ impl UdpServer {
112112 }
113113 } ;
114114
115+ if self . context . check_client_blocked ( & peer_addr) {
116+ warn ! (
117+ "udp client {} outbound {} access denied by ACL rules" ,
118+ peer_addr, target_addr
119+ ) ;
120+ continue ;
121+ }
122+
115123 if self . context . check_outbound_blocked ( & target_addr) . await {
116- error ! ( "udp client {} outbound {} blocked by ACL rules" , peer_addr, target_addr) ;
124+ warn ! ( "udp client {} outbound {} blocked by ACL rules" , peer_addr, target_addr) ;
117125 continue ;
118126 }
119127
You can’t perform that action at this time.
0 commit comments