sd

2025-12-10 02:17:54 +03:00
parent 811773e009
commit c237112077
11 changed files with 327 additions and 49 deletions
--- a/backend/modules/nfproxy/firegex.py
+++ b/backend/modules/nfproxy/firegex.py
@@ -99,6 +99,8 @@ class FiregexInterceptor:
    
    async def _start_binary(self):
        proxy_binary_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../cpproxy"))
+        # Determine match mode based on protocol
+        match_mode = "stream" if self.srv.proto in ["tcp", "http"] else "block"
        self.process = await asyncio.create_subprocess_exec(
            proxy_binary_path, stdin=asyncio.subprocess.DEVNULL,
            stdout=asyncio.subprocess.PIPE,
@@ -106,7 +108,9 @@ class FiregexInterceptor:
            env={
                "NTHREADS": os.getenv("NTHREADS","1"),
                "FIREGEX_NFQUEUE_FAIL_OPEN": "1" if self.srv.fail_open else "0",
-                "FIREGEX_NFPROXY_SOCK": self.sock_path
+                "FIREGEX_NFPROXY_SOCK": self.sock_path,
+                "MATCH_MODE": match_mode,
+                "PROTOCOL": self.srv.proto
            },
        )
        nicenessify(-10, self.process.pid)
--- a/backend/modules/nfproxy/nftables.py
+++ b/backend/modules/nfproxy/nftables.py
@@ -6,6 +6,8 @@ def convert_protocol_to_l4(proto:str):
        return "tcp"
    elif proto == "http":
        return "tcp"
+    elif proto == "udp":
+        return "udp"
    else:
        raise Exception("Invalid protocol")

--- a/backend/routers/nfproxy.py
+++ b/backend/routers/nfproxy.py
@@ -65,7 +65,7 @@ db = SQLite('db/nft-pyfilters.db', {
        'status': 'VARCHAR(100) NOT NULL',
        'port': 'INT NOT NULL CHECK(port > 0 and port < 65536)',
        'name': 'VARCHAR(100) NOT NULL UNIQUE',
-        'proto': 'VARCHAR(3) NOT NULL CHECK (proto IN ("tcp", "http"))',
+        'proto': 'VARCHAR(4) NOT NULL CHECK (proto IN ("tcp", "http", "udp"))',
        'l4_proto': 'VARCHAR(3) NOT NULL CHECK (l4_proto IN ("tcp", "udp"))',
        'ip_int': 'VARCHAR(100) NOT NULL',
        'fail_open': 'BOOLEAN NOT NULL CHECK (fail_open IN (0, 1)) DEFAULT 1',
@@ -305,7 +305,7 @@ async def add_new_service(form: ServiceAddForm):
        form.ip_int = ip_parse(form.ip_int)
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid address")
-    if form.proto not in ["tcp", "http"]:
+    if form.proto not in ["tcp", "http", "udp"]:
        raise HTTPException(status_code=400, detail="Invalid protocol")
    srv_id = None
    try: