allow loopback src address in listener (#1730)

2026-05-15 18:35:47 +00:00 · 2026-01-01 00:41:56 +08:00
parent 7c563153ae
commit 4e651a72f7
7 changed files with 99 additions and 52 deletions
@@ -298,6 +298,30 @@ impl UdpProxy {
            udp::UdpPacket::new(ipv4.payload())?
        };

+        // TODO: should it be async.
+        let dst_socket = if Some(ipv4.get_destination())
+            == self.global_ctx.get_ipv4().as_ref().map(Ipv4Inet::address)
+        {
+            if self
+                .global_ctx
+                .is_port_in_running_listeners(udp_packet.get_destination(), true)
+                && self
+                    .global_ctx
+                    .is_ip_in_same_network(&std::net::IpAddr::V4(ipv4.get_source()))
+            {
+                tracing::debug!(
+                    dst_port = udp_packet.get_destination(),
+                    "dst socket is in running listeners, ignore it"
+                );
+                return Some(());
+            }
+            format!("127.0.0.1:{}", udp_packet.get_destination())
+                .parse()
+                .unwrap()
+        } else {
+            SocketAddr::new(real_dst_ip.into(), udp_packet.get_destination())
+        };
+
        tracing::trace!(
            ?packet,
            ?ipv4,
@@ -339,17 +363,6 @@ impl UdpProxy {

        nat_entry.mark_active();

-        // TODO: should it be async.
-        let dst_socket = if Some(ipv4.get_destination())
-            == self.global_ctx.get_ipv4().as_ref().map(Ipv4Inet::address)
-        {
-            format!("127.0.0.1:{}", udp_packet.get_destination())
-                .parse()
-                .unwrap()
-        } else {
-            SocketAddr::new(real_dst_ip.into(), udp_packet.get_destination())
-        };
-
        let send_ret = {
            let _g = self.global_ctx.net_ns.guard();
            nat_entry