Added ports ignoring

Author: shadowy-pycoder

README.md

@@ -107,7 +107,7 @@ You can download the binary for your platform from [Releases](https://github.com
 Example:
 
 ```shell
-GOHPTS_RELEASE=v1.10.5; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h
+GOHPTS_RELEASE=v1.10.6; wget -v https://github.com/shadowy-pycoder/go-http-proxy-to-socks/releases/download/$GOHPTS_RELEASE/gohpts-$GOHPTS_RELEASE-linux-amd64.tar.gz -O gohpts && tar xvzf gohpts && mv -f gohpts-$GOHPTS_RELEASE-linux-amd64 gohpts && ./gohpts -h
 ```
 
 Alternatively, you can install it using `go install` command (requires Go [1.24](https://go.dev/doc/install) or later):
@@ -180,6 +180,7 @@ Options:
   -auto     Automatically setup iptables for transparent proxy (requires elevated privileges)
   -arpspoof Enable ARP spoof proxy for selected targets (Example: "targets 10.0.0.1,10.0.0.5-10,192.168.1.*,192.168.10.0/24;fullduplex false;debug true")
   -mark     Set mark for each packet sent through transparent proxy (Default: redirect 0, tproxy 100)
+  -P        Comma separated list of ports to ignore when proxying traffic (Example: "22,80,443,9092")
 ```
 
 ### Configuration via CLI flags

cmd/gohpts/cli.go

@@ -67,6 +67,7 @@ const usageTproxy string = `
   -auto     Automatically setup iptables for transparent proxy (requires elevated privileges)
   -arpspoof Enable ARP spoof proxy for selected targets (Example: "targets 10.0.0.1,10.0.0.5-10,192.168.1.*,192.168.10.0/24;fullduplex false;debug true")
   -mark     Set mark for each packet sent through transparent proxy (Default: redirect 0, tproxy 100)
+  -P        Comma separated list of ports to ignore when proxying traffic (Example: "22,80,443,9092")
 `
 
 func root(args []string) error {
@@ -134,6 +135,12 @@ func root(args []string) error {
 			"",
 			"Enable ARP spoof proxy for selected targets",
 		)
+		flags.StringVar(
+			&conf.IgnoredPorts,
+			"P",
+			"",
+			`Comma separated list of ports to ignore when proxying traffic (Example: "22,80,443,9092")`,
+		)
 	}
 	flags.StringVar(&conf.LogFilePath, "logfile", "", "Log file path (Default: stdout)")
 	flags.BoolVar(&conf.Debug, "d", false, "Show logs in DEBUG mode")
@@ -202,6 +209,11 @@ func root(args []string) error {
 			return fmt.Errorf("-mark requires -t, -T or -Tu flag")
 		}
 	}
+	if seen["P"] {
+		if !seen["auto"] {
+			return fmt.Errorf("-P requires -auto flag")
+		}
+	}
 	if seen["f"] {
 		for _, da := range []string{"s", "u", "U", "c", "k", "l", "i"} {
 			if seen[da] {

colorize.go

@@ -30,7 +30,10 @@ var (
 	credsPattern = regexp.MustCompile(
 		`(?i)(?:"|')?(username|user|login|email|password|pass|pwd)(?:"|')?\s*[:=]\s*(?:"|')?([^\s"'&]+)`,
 	)
-	macPattern = regexp.MustCompile(`(?i)([a-z0-9_]+_[0-9a-f]{2}(?::[0-9a-f]{2}){2}|(?:[0-9a-f]{2}[:-]){5}[0-9a-f]{2})`)
+	macPattern   = regexp.MustCompile(`(?i)([a-z0-9_]+_[0-9a-f]{2}(?::[0-9a-f]{2}){2}|(?:[0-9a-f]{2}[:-]){5}[0-9a-f]{2})`)
+	portsPattern = regexp.MustCompile(
+		`^\s*(?:6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{0,4}|[1-9]\d{0,3})\s*(?:,\s*(?:6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{0,4}|[1-9]\d{0,3})\s*)*$`,
+	)
 )
 
 var rColors = []func(string) *colors.Color{

gohpts.go

@@ -75,6 +75,7 @@ type Config struct {
 	Auto           bool
 	Mark           uint
 	ARPSpoof       string
+	IgnoredPorts   string
 	LogFilePath    string
 	Debug          bool
 	JSON           bool
@@ -147,6 +148,7 @@ type proxyapp struct {
 	auto           bool
 	mark           uint
 	arpspoofer     *arpspoof.ARPSpoofer
+	ignoredPorts   string
 	user           string
 	pass           string
 	proxychain     chain
@@ -315,6 +317,15 @@ func New(conf *Config) *proxyapp {
 	if p.mark == 0 && p.tproxyMode == "tproxy" {
 		p.mark = 100
 	}
+	if conf.IgnoredPorts != "" {
+		if !p.auto {
+			p.logger.Fatal().Msg("Ignoring ports is only possible in auto configuration")
+		}
+		if !portsPattern.MatchString(conf.IgnoredPorts) {
+			p.logger.Fatal().Msg("Ignored ports must be a comma separated list of port numbers")
+		}
+		p.ignoredPorts = conf.IgnoredPorts
+	}
 	var addrHTTP, addrSOCKS, certFile, keyFile string
 	if conf.ServerConfPath != "" {
 		var sconf serverConfig

tproxy_linux.go

@@ -276,6 +276,18 @@ func (ts *tproxyServer) ApplyRedirectRules(opts map[string]string) {
 		if err := cmdInit.Run(); err != nil {
 			ts.p.logger.Fatal().Err(err).Msgf("[tcp %s] Failed while configuring iptables. Are you root?", ts.p.tproxyMode)
 		}
+		if ts.p.ignoredPorts != "" {
+			cmdInit1 := exec.Command("bash", "-c", fmt.Sprintf(`
+			%s
+		    iptables -t nat -A GOHPTS -p tcp -m multiport --dports %s -j RETURN
+		    iptables -t nat -A GOHPTS -p tcp -m multiport --sports %s -j RETURN
+			`, setex, ts.p.ignoredPorts, ts.p.ignoredPorts))
+			cmdInit1.Stdout = os.Stdout
+			cmdInit1.Stderr = os.Stderr
+			if err := cmdInit1.Run(); err != nil {
+				ts.p.logger.Fatal().Err(err).Msgf("[tcp %s] Failed while configuring iptables. Are you root?", ts.p.tproxyMode)
+			}
+		}
 		if ts.p.httpServerAddr != "" {
 			_, httpPort, _ := net.SplitHostPort(ts.p.httpServerAddr)
 			cmdHTTP := exec.Command("bash", "-c", fmt.Sprintf(`
@@ -375,6 +387,18 @@ func (ts *tproxyServer) ApplyRedirectRules(opts map[string]string) {
 		if err := cmdInit0.Run(); err != nil {
 			ts.p.logger.Fatal().Err(err).Msgf("[tcp %s] Failed while configuring iptables. Are you root?", ts.p.tproxyMode)
 		}
+		if ts.p.ignoredPorts != "" {
+			cmdInit1 := exec.Command("bash", "-c", fmt.Sprintf(`
+			%s
+		    iptables -t mangle -A GOHPTS -p tcp -m multiport --dports %s -j RETURN
+		    iptables -t mangle -A GOHPTS -p tcp -m multiport --sports %s -j RETURN
+			`, setex, ts.p.ignoredPorts, ts.p.ignoredPorts))
+			cmdInit1.Stdout = os.Stdout
+			cmdInit1.Stderr = os.Stderr
+			if err := cmdInit1.Run(); err != nil {
+				ts.p.logger.Fatal().Err(err).Msgf("[tcp %s] Failed while configuring iptables. Are you root?", ts.p.tproxyMode)
+			}
+		}
 		cmdDocker := exec.Command("bash", "-c", fmt.Sprintf(`
         %s
         if command -v docker >/dev/null 2>&1

tproxy_udp_linux.go

@@ -693,6 +693,18 @@ func (tsu *tproxyServerUDP) ApplyRedirectRules(opts map[string]string) {
 		if err := cmdInit0.Run(); err != nil {
 			tsu.p.logger.Fatal().Err(err).Msgf("[udp %s] Failed while configuring iptables. Are you root?", tsu.p.tproxyMode)
 		}
+		if tsu.p.ignoredPorts != "" {
+			cmdInit1 := exec.Command("bash", "-c", fmt.Sprintf(`
+			%s
+		    iptables -t mangle -A GOHPTS_UDP -p udp -m multiport --dports %s -j RETURN
+		    iptables -t mangle -A GOHPTS_UDP -p udp -m multiport --sports %s -j RETURN
+			`, setex, tsu.p.ignoredPorts, tsu.p.ignoredPorts))
+			cmdInit1.Stdout = os.Stdout
+			cmdInit1.Stderr = os.Stderr
+			if err := cmdInit1.Run(); err != nil {
+				tsu.p.logger.Fatal().Err(err).Msgf("[tcp %s] Failed while configuring iptables. Are you root?", tsu.p.tproxyMode)
+			}
+		}
 		cmdDocker := exec.Command("bash", "-c", fmt.Sprintf(`
         %s
         if command -v docker >/dev/null 2>&1

version.go

@@ -1,3 +1,3 @@
 package gohpts
 
-const Version string = "gohpts v1.10.5"
+const Version string = "gohpts v1.10.6"