feat: Add options to switch IPv4/IPv6 support

Author: MikeWang000000

include/globvar.h

@@ -28,6 +28,8 @@ struct fh_context {
     int sockfd;
     FILE *logfp;
 
+    /* -4 */ int use_ipv4;
+    /* -6 */ int use_ipv6;
     /* -d */ int daemon;
     /* -f */ int skipfw;
     /* -h */ const char *hostname;

src/globvar.c

@@ -27,6 +27,8 @@ struct fh_context g_ctx = {.exit = 0,
                            .sockfd = -1,
                            .logfp = NULL,
 
+                           /* -4 */ .use_ipv4 = 0,
+                           /* -6 */ .use_ipv6 = 0,
                            /* -d */ .daemon = 0,
                            /* -f */ .skipfw = 0,
                            /* -h */ .hostname = NULL,

src/mainfun.c

@@ -50,6 +50,8 @@ static void print_usage(const char *name)
             "Usage: %s [options]\n"
             "\n"
             "Options:\n"
+            "  -4                 enable IPv4\n"
+            "  -6                 enable IPv6\n"
             "  -d                 run as a daemon\n"
             "  -f                 skip firewall rules\n"
             "  -h <hostname>      hostname for obfuscation (required)\n"
@@ -74,15 +76,24 @@ int main(int argc, char *argv[])
 {
     unsigned long long tmp;
     int res, opt, exitcode;
+    char *ipproto_info;
 
     if (!argc || !argv[0]) {
         return EXIT_FAILURE;
     }
 
     exitcode = EXIT_FAILURE;
 
-    while ((opt = getopt(argc, argv, "dfh:i:km:n:r:st:w:x:z")) != -1) {
+    while ((opt = getopt(argc, argv, "46dfh:i:km:n:r:st:w:x:z")) != -1) {
         switch (opt) {
+            case '4':
+                g_ctx.use_ipv4 = 1;
+                break;
+
+            case '6':
+                g_ctx.use_ipv6 = 1;
+                break;
+
             case 'd':
                 g_ctx.daemon = 1;
                 break;
@@ -200,6 +211,10 @@ int main(int argc, char *argv[])
         return res < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
     }
 
+    if (!g_ctx.use_ipv4 && !g_ctx.use_ipv6) {
+        g_ctx.use_ipv4 = g_ctx.use_ipv6 = 1;
+    }
+
     if (!g_ctx.fwmask) {
         g_ctx.fwmask = g_ctx.fwmark;
     } else if ((g_ctx.fwmark & g_ctx.fwmask) != g_ctx.fwmark) {
@@ -278,8 +293,15 @@ int main(int argc, char *argv[])
         EE("WARNING: setpriority(): %s", strerror(errno));
     }
 
-    E("listening on %s, netfilter queue number %" PRIu32 "...", g_ctx.iface,
-      g_ctx.nfqnum);
+    if (g_ctx.use_ipv4 && !g_ctx.use_ipv6) {
+        ipproto_info = " (IPv4 only)";
+    } else if (!g_ctx.use_ipv4 && g_ctx.use_ipv6) {
+        ipproto_info = " (IPv6 only)";
+    } else {
+        ipproto_info = "";
+    }
+    E("listening on %s%s, netfilter queue number %" PRIu32 "...", g_ctx.iface,
+      ipproto_info, g_ctx.nfqnum);
 
     /*
         Main Loop

src/nfqueue.c

@@ -210,14 +210,14 @@ static int callback(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
     }
 
     ethertype = ntohs(ph->hw_protocol);
-    if (ethertype == ETHERTYPE_IP) {
+    if (g_ctx.use_ipv4 && ethertype == ETHERTYPE_IP) {
         res = fh_pkt4_parse(pkt_data, pkt_len, saddr, daddr, &tcph,
                             &tcp_payload_len);
         if (res < 0) {
             EE(T(fh_pkt4_parse));
             goto ret_accept;
         }
-    } else if (ethertype == ETHERTYPE_IPV6) {
+    } else if (g_ctx.use_ipv6 && ethertype == ETHERTYPE_IPV6) {
         res = fh_pkt6_parse(pkt_data, pkt_len, saddr, daddr, &tcph,
                             &tcp_payload_len);
         if (res < 0) {

src/nfrules.c

@@ -54,28 +54,36 @@ int fh_nfrules_setup(void)
     }
 
     if (g_ctx.use_iptables) {
-        res = fh_ipt4_setup();
-        if (res < 0) {
-            E(T(fh_ipt4_setup));
-            return -1;
+        if (g_ctx.use_ipv4) {
+            res = fh_ipt4_setup();
+            if (res < 0) {
+                E(T(fh_ipt4_setup));
+                return -1;
+            }
         }
 
-        res = fh_ipt6_setup();
-        if (res < 0) {
-            E(T(fh_ipt6_setup));
-            return -1;
+        if (g_ctx.use_ipv6) {
+            res = fh_ipt6_setup();
+            if (res < 0) {
+                E(T(fh_ipt6_setup));
+                return -1;
+            }
         }
     } else {
-        res = fh_nft4_setup();
-        if (res < 0) {
-            E(T(fh_nft4_setup));
-            return -1;
+        if (g_ctx.use_ipv4) {
+            res = fh_nft4_setup();
+            if (res < 0) {
+                E(T(fh_nft4_setup));
+                return -1;
+            }
         }
 
-        res = fh_nft6_setup();
-        if (res < 0) {
-            E(T(fh_nft6_setup));
-            return -1;
+        if (g_ctx.use_ipv6) {
+            res = fh_nft6_setup();
+            if (res < 0) {
+                E(T(fh_nft6_setup));
+                return -1;
+            }
         }
     }
 
@@ -90,10 +98,20 @@ void fh_nfrules_cleanup(void)
     }
 
     if (g_ctx.use_iptables) {
-        fh_ipt4_cleanup();
-        fh_ipt6_cleanup();
+        if (g_ctx.use_ipv4) {
+            fh_ipt4_cleanup();
+        }
+
+        if (g_ctx.use_ipv6) {
+            fh_ipt6_cleanup();
+        }
     } else {
-        fh_nft4_cleanup();
-        fh_nft6_cleanup();
+        if (g_ctx.use_ipv4) {
+            fh_nft4_cleanup();
+        }
+
+        if (g_ctx.use_ipv6) {
+            fh_nft6_cleanup();
+        }
     }
 }