The bypass value is IP/CIDR now

Cargo.toml

@@ -31,7 +31,7 @@ socks5-impl = { version = "0.5" }
 thiserror = "1.0"
 tokio = { version = "1", features = ["full"] }
 tokio-util = "0.7"
-tproxy-config = { version = "4.0.2", features = ["log"] }
+tproxy-config = { version = "5.0.0", features = ["log"] }
 trust-dns-proto = "0.23"
 tun2 = { version = "1.3", features = ["async"] }
 udp-stream = { version = "0.0", default-features = false }

README.md

@@ -61,7 +61,7 @@ Apart from SOCKS5, SOCKS4 and HTTP are supported.
 
 Note that if your proxy is a non-global IP address (e.g. because the proxy is provided by some tunneling tool running
 locally), you will additionally need to provide the public IP address of the server through which the traffic is
-actually tunneled. In such a case, the tool will tell you to specify the address through `--bypass <IP>` if you
+actually tunneled. In such a case, the tool will tell you to specify the address through `--bypass <IP/CIDR>` if you
 wish to make use of the automated setup feature.
 
 ## Manual Setup
@@ -134,7 +134,8 @@ Options:
                                See `capabilities(7)`
   -d, --dns <strategy>         DNS handling strategy [default: direct] [possible values: virtual, over-tcp, direct]
       --dns-addr <IP>          DNS resolver address [default: 8.8.8.8]
-  -b, --bypass <IP>            IPs used in routing setup which should bypass the tunnel
+  -b, --bypass <IP/CIDR>       IPs used in routing setup which should bypass the tunnel, in the form of IP or IP/CIDR.
+                               Multiple IPs can be specified, e.g. --bypass 3.4.5.0/24 --bypass 5.6.7.8
       --tcp-timeout <seconds>  TCP timeout in seconds [default: 600]
       --udp-timeout <seconds>  UDP timeout in seconds [default: 10]
   -v, --verbosity <level>      Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace]

src/args.rs

@@ -1,5 +1,6 @@
 use crate::{Error, Result};
 use socks5_impl::protocol::UserKey;
+use tproxy_config::IpCidr;
 
 #[cfg(target_os = "linux")]
 use std::ffi::OsString;
@@ -62,9 +63,11 @@ pub struct Args {
     #[arg(long, value_name = "IP", default_value = "8.8.8.8")]
     pub dns_addr: IpAddr,
 
-    /// IPs used in routing setup which should bypass the tunnel
+    /// IPs used in routing setup which should bypass the tunnel,
-    #[arg(short, long, value_name = "IP")]
+    /// in the form of IP or IP/CIDR. Multiple IPs can be specified,
-    pub bypass: Vec<IpAddr>,
+    /// e.g. --bypass 3.4.5.0/24 --bypass 5.6.7.8
+    #[arg(short, long, value_name = "IP/CIDR")]
+    pub bypass: Vec<IpCidr>,
 
     /// TCP timeout in seconds
     #[arg(long, value_name = "seconds", default_value = "600")]
@@ -158,7 +161,7 @@ impl Args {
         self
     }
 
-    pub fn bypass(&mut self, bypass: IpAddr) -> &mut Self {
+    pub fn bypass(&mut self, bypass: IpCidr) -> &mut Self {
         self.bypass.push(bypass);
         self
     }

src/desktop_api.rs

@@ -16,7 +16,7 @@ static TUN_QUIT: std::sync::Mutex<Option<tokio_util::sync::CancellationToken>> =
 /// Parameters:
 /// - proxy_url: the proxy url, e.g. "socks5://127.0.0.1:1080"
 /// - tun: the tun device name, e.g. "utun5"
-/// - bypass: the bypass ip, e.g. "123.45.67.89"
+/// - bypass: the bypass IP/CIDR, e.g. "123.45.67.0/24"
 /// - dns_strategy: the dns strategy, see ArgDns enum
 /// - root_privilege: whether to run with root privilege
 /// - verbosity: the verbosity level, see ArgVerbosity enum