refactor: remove whitelist check from packet rewrite

2025-12-16 16:57:08 +00:00 · 2025-11-14 15:25:32 +08:00 · 2025-11-14 15:25:32 +08:00 · 4805c91803
commit 4805c91803
parent 79b183548a
2 changed files with 11 additions and 29 deletions
--- a/src/internal/rewrite/packet.go
+++ b/src/internal/rewrite/packet.go
@ -10,10 +10,9 @@ import (

 // RewriteResult contains the result of TCP rewriting
 type RewriteResult struct {
-	Modified    bool // Whether the packet was modified
-	HasUA       bool // Whether User-Agent was found
-	InCache     bool // Whether destination address is in cache
-	InWhitelist bool // Whether User-Agent was in whitelist
+	Modified bool // Whether the packet was modified
+	HasUA    bool // Whether User-Agent was found
+	InCache  bool // Whether destination address is in cache
 }

 // shouldRewriteUA checks if the given User-Agent should be rewritten
@ -68,18 +67,18 @@ func (r *Rewriter) buildReplacement(srcAddr, dstAddr string, originalUA string,

 // RewritePacketUserAgent rewrites User-Agent in a raw packet payload in-place
 // Returns metadata about the operation
-func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr string) (hasUA, modified, inWhitelist bool) {
+func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr string) (hasUA, modified bool) {
 	// Find all User-Agent positions
 	positions, unterm := findUserAgentInPayload(payload)

 	if unterm {
 		log.LogInfoWithAddr(srcAddr, dstAddr, "Unterminated User-Agent found, not rewriting")
-		return true, false, false
+		return true, false
 	}

 	if len(positions) == 0 {
 		log.LogDebugWithAddr(srcAddr, dstAddr, "No User-Agent found in payload")
-		return false, false, false
+		return false, false
 	}

 	// Replace each User-Agent value in-place
@ -95,17 +94,6 @@ func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr strin

 		log.LogInfoWithAddr(srcAddr, dstAddr, fmt.Sprintf("Original User-Agent: %s", originalUA))

-		// Check whitelist first
-		if r.inWhitelist(originalUA) {
-			log.LogInfoWithAddr(srcAddr, dstAddr, fmt.Sprintf("User-Agent in whitelist, not rewriting: %s", originalUA))
-			statistics.AddPassThroughRecord(&statistics.PassThroughRecord{
-				SrcAddr:  srcAddr,
-				DestAddr: dstAddr,
-				UA:       originalUA,
-			})
-			return true, false, true
-		}
-
 		// Check if should rewrite
 		if !r.shouldRewriteUA(srcAddr, dstAddr, originalUA) {
 			statistics.AddPassThroughRecord(&statistics.PassThroughRecord{
@ -113,7 +101,7 @@ func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr strin
 				DestAddr: dstAddr,
 				UA:       originalUA,
 			})
-			return true, false, false
+			return true, false
 		}

 		// Build replacement with regex matching
@ -123,7 +111,7 @@ func (r *Rewriter) RewritePacketUserAgent(payload []byte, srcAddr, dstAddr strin
 			modified = true
 		}
 	}
-	return true, modified, false
+	return true, modified
 }

 // RewriteTCP rewrites the TCP packet's User-Agent if applicable
@ -133,11 +121,9 @@ func (r *Rewriter) RewriteTCP(tcp *layers.TCP, srcAddr, dstAddr string) *Rewrite
 		return &RewriteResult{Modified: false}
 	}

-	hasUA, modified, inWhitelist := r.RewritePacketUserAgent(tcp.Payload, srcAddr, dstAddr)
-
+	hasUA, modified := r.RewritePacketUserAgent(tcp.Payload, srcAddr, dstAddr)
 	return &RewriteResult{
-		Modified:    modified,
-		HasUA:       hasUA,
-		InWhitelist: inWhitelist,
+		Modified: modified,
+		HasUA:    hasUA,
 	}
 }
--- a/src/internal/server/nfqueue/nfqueue_linux.go
+++ b/src/internal/server/nfqueue/nfqueue_linux.go
@ -141,10 +141,6 @@ func (s *Server) getNextMark(packet *netfilter.Packet, result *rewrite.RewriteRe
 		return true, s.NotHTTPCtMark
 	}

-	if result.InWhitelist {
-		return true, s.NotHTTPCtMark
-	}
-
 	if result.Modified {
 		return true, s.HTTPCtMark
 	}