Skip to content
Yuhaiin Docs

TProxy

[!NOTE] This document is partially generated by AI.

TProxy (Transparent Proxy) is a Linux-specific feature used to intercept packets at the network layer without modifying their destination IP addresses. in yuhaiin, this is an inbound-only protocol.

Network Support

Section titled “Network Support”
  • TCP: Supported (Intercepted and proxied).
  • UDP: Supported (Intercepted and proxied).
    • NAT Type: Full-Cone NAT.

Inbound Configuration

Section titled “Inbound Configuration”

The tproxy block contains settings for binding and specific interception behaviors:

Configuration Fields

Section titled “Configuration Fields”
  • host (string): The local address and port where the TProxy listener will bind (e.g., 0.0.0.0:60080).
  • dns_hijacking (bool): If enabled, the TProxy server will attempt to intercept and handle DNS queries passing through it.
  • force_fakeip (bool): Forces the use of Fake-IP for traffic intercepted via TProxy.

Listener Configuration

Section titled “Listener Configuration”

A TProxy inbound must be paired with a tcpudp listener.

Example Configuration

Section titled “Example Configuration”
{
  "name": "Linux-TProxy",
  "enabled": true,
  "tcpudp": { "host": "127.0.0.1:60080" },
  "tproxy": {
    "host": "127.0.0.1:60080",
    "dns_hijacking": true,
    "force_fakeip": false
  }
}

Developer Details

Section titled “Developer Details”

Mechanism

Section titled “Mechanism”

TProxy works by using Linux iptables/nftables rules to redirect traffic to a local port. The application then uses the IP_TRANSPARENT socket option to accept these connections while preserving the original destination address.

Support

Section titled “Support”

This protocol is only functional on Linux. It is commonly used for router-level transparent proxying.

Implementation

Section titled “Implementation”

Found in pkg/net/proxy/tproxy.