From 00d61333d324c651d06cc0ae304c424085f612d8 Mon Sep 17 00:00:00 2001
From: L-Trump <ltrump@163.com>
Date: Sat, 8 Mar 2025 01:08:21 +0800
Subject: [PATCH] allow proxy packets to be forwarded by system kernel

---
 easytier/locales/app.yml          | 3 +++
 easytier/src/common/config.rs     | 1 +
 easytier/src/common/global_ctx.rs | 7 +++++++
 easytier/src/easytier-core.rs     | 8 ++++++++
 easytier/src/instance/instance.rs | 4 +++-
 easytier/src/proto/common.proto   | 1 +
 6 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/easytier/locales/app.yml b/easytier/locales/app.yml
index e288bf7..d681204 100644
--- a/easytier/locales/app.yml
+++ b/easytier/locales/app.yml
@@ -96,6 +96,9 @@ core_clap:
   enable_exit_node:
     en: "allow this node to be an exit node"
     zh-CN: "允许此节点成为出口节点"
+  proxy_forward_by_system:
+    en: "forward packet to proxy networks via system kernel, disable internal nat for network proxy"
+    zh-CN: "通过系统内核转发子网代理数据包，禁用内置NAT"
   no_tun:
     en: "do not create TUN device, can use subnet proxy to access node"
     zh-CN: "不创建TUN设备，可以使用子网代理访问节点"
diff --git a/easytier/src/common/config.rs b/easytier/src/common/config.rs
index c559cf1..fb89a59 100644
--- a/easytier/src/common/config.rs
+++ b/easytier/src/common/config.rs
@@ -20,6 +20,7 @@ pub fn gen_default_flags() -> Flags {
         mtu: 1380,
         latency_first: false,
         enable_exit_node: false,
+        proxy_forward_by_system: false,
         no_tun: false,
         use_smoltcp: false,
         relay_network_whitelist: "*".to_string(),
diff --git a/easytier/src/common/global_ctx.rs b/easytier/src/common/global_ctx.rs
index 84e6ad9..caa723b 100644
--- a/easytier/src/common/global_ctx.rs
+++ b/easytier/src/common/global_ctx.rs
@@ -68,6 +68,7 @@ pub struct GlobalCtx {
     running_listeners: Mutex<Vec<url::Url>>,
 
     enable_exit_node: bool,
+    proxy_forward_by_system: bool,
     no_tun: bool,
 
     feature_flags: AtomicCell<PeerFeatureFlag>,
@@ -99,6 +100,7 @@ impl GlobalCtx {
         let stun_info_collection = Arc::new(StunInfoCollector::new_with_default_servers());
 
         let enable_exit_node = config_fs.get_flags().enable_exit_node;
+        let proxy_forward_by_system = config_fs.get_flags().proxy_forward_by_system;
         let no_tun = config_fs.get_flags().no_tun;
 
         let mut feature_flags = PeerFeatureFlag::default();
@@ -125,6 +127,7 @@ impl GlobalCtx {
             running_listeners: Mutex::new(Vec::new()),
 
             enable_exit_node,
+            proxy_forward_by_system,
             no_tun,
 
             feature_flags: AtomicCell::new(feature_flags),
@@ -273,6 +276,10 @@ impl GlobalCtx {
         self.enable_exit_node
     }
 
+    pub fn proxy_forward_by_system(&self) -> bool {
+        self.proxy_forward_by_system
+    }
+
     pub fn no_tun(&self) -> bool {
         self.no_tun
     }
diff --git a/easytier/src/easytier-core.rs b/easytier/src/easytier-core.rs
index 5ccdd4f..4a5749f 100644
--- a/easytier/src/easytier-core.rs
+++ b/easytier/src/easytier-core.rs
@@ -242,6 +242,13 @@ struct Cli {
     )]
     enable_exit_node: bool,
 
+    #[arg(
+        long,
+        help = t!("core_clap.proxy_forward_by_system").to_string(),
+        default_value = "false"
+    )]
+    proxy_forward_by_system: bool,
+
     #[arg(
         long,
         help = t!("core_clap.no_tun").to_string(),
@@ -560,6 +567,7 @@ impl TryFrom<&Cli> for TomlConfigLoader {
             f.mtu = mtu as u32;
         }
         f.enable_exit_node = cli.enable_exit_node;
+        f.proxy_forward_by_system = cli.proxy_forward_by_system;
         f.no_tun = cli.no_tun || cfg!(not(feature = "tun"));
         f.use_smoltcp = cli.use_smoltcp;
         if let Some(wl) = cli.relay_network_whitelist.as_ref() {
diff --git a/easytier/src/instance/instance.rs b/easytier/src/instance/instance.rs
index 7f1676b..9460f14 100644
--- a/easytier/src/instance/instance.rs
+++ b/easytier/src/instance/instance.rs
@@ -65,7 +65,9 @@ impl IpProxy {
     }
 
     async fn start(&self) -> Result<(), Error> {
-        if (self.global_ctx.get_proxy_cidrs().is_empty() || self.started.load(Ordering::Relaxed))
+        if (self.global_ctx.get_proxy_cidrs().is_empty()
+            || self.global_ctx.proxy_forward_by_system()
+            || self.started.load(Ordering::Relaxed))
             && !self.global_ctx.enable_exit_node()
             && !self.global_ctx.no_tun()
         {
diff --git a/easytier/src/proto/common.proto b/easytier/src/proto/common.proto
index 18c1701..7519860 100644
--- a/easytier/src/proto/common.proto
+++ b/easytier/src/proto/common.proto
@@ -29,6 +29,7 @@ message FlagsInConfig {
   bool disable_kcp_input = 19;
   // allow relay kcp packets (for public server, this can reduce the throughput)
   bool disable_relay_kcp = 20;
+  bool proxy_forward_by_system = 21;
 }
 
 message RpcDescriptor {