auto-redirect: Fix uid rules

SagerNet · Aug 25, 2024 · c836de6 · c836de6
1 parent aecfc19
commit c836de6
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 23 deletions.
diff --git a/redirect_iptables.go b/redirect_iptables.go
@@ -129,11 +129,13 @@ func (r *autoRedirect) setupIPTablesForFamily(iptablesPath string) error {
 			return err
 		}
 	}
-	for _, uid := range r.tunOptions.ExcludeUID {
-		err = r.runShell(iptablesPath, "-t nat -A", tableNamePreRouteing,
-			"-m owner --uid-owner", uid, "-j RETURN")
-		if err != nil {
-			return err
+	for _, uidRange := range r.tunOptions.ExcludeUID {
+		for uid := uidRange.Start; uid <= uidRange.End; uid++ {
+			err = r.runShell(iptablesPath, "-t nat -A", tableNamePreRouteing,
+				"-m owner --uid-owner", uid, "-j RETURN")
+			if err != nil {
+				return err
+			}
 		}
 	}
 	if !r.tunOptions.EXP_DisableDNSHijack {

diff --git a/redirect_nftables_rules.go b/redirect_nftables_rules.go
@@ -249,19 +249,16 @@ func (r *autoRedirect) nftablesCreateExcludeRules(nft *nftables.Conn, table *nft
 				Table:     table,
 				Anonymous: true,
 				Constant:  true,
-				Interval:  true,
 				KeyType:   nftables.TypeUID,
 			}
 			err := nft.AddSet(includeUID, common.FlatMap(r.tunOptions.IncludeUID, func(it ranges.Range[uint32]) []nftables.SetElement {
-				return []nftables.SetElement{
-					{
-						Key: binaryutil.BigEndian.PutUint32(it.Start),
-					},
-					{
-						Key:         binaryutil.BigEndian.PutUint32(it.End + 1),
-						IntervalEnd: true,
-					},
+				var elements []nftables.SetElement
+				for uid := it.Start; uid <= it.End; uid++ {
+					elements = append(elements, nftables.SetElement{
+						Key: binaryutil.BigEndian.PutUint32(uid),
+					})
 				}
+				return elements
 			}))
 			if err != nil {
 				return err
@@ -290,19 +287,16 @@ func (r *autoRedirect) nftablesCreateExcludeRules(nft *nftables.Conn, table *nft
 				Table:     table,
 				Anonymous: true,
 				Constant:  true,
-				Interval:  true,
 				KeyType:   nftables.TypeUID,
 			}
 			err := nft.AddSet(excludeUID, common.FlatMap(r.tunOptions.ExcludeUID, func(it ranges.Range[uint32]) []nftables.SetElement {
-				return []nftables.SetElement{
-					{
-						Key: binaryutil.BigEndian.PutUint32(it.Start),
-					},
-					{
-						Key:         binaryutil.BigEndian.PutUint32(it.End + 1),
-						IntervalEnd: true,
-					},
+				var elements []nftables.SetElement
+				for uid := it.Start; uid <= it.End; uid++ {
+					elements = append(elements, nftables.SetElement{
+						Key: binaryutil.BigEndian.PutUint32(uid),
+					})
 				}
+				return elements
 			}))
 			if err != nil {
 				return err