sing-box/route/route.go

657 lines
21 KiB
Go
Raw Normal View History

2024-10-21 15:38:34 +00:00
package route
import (
"context"
"errors"
"net"
"net/netip"
"os"
"os/user"
"strings"
"time"
"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/common/conntrack"
"github.com/sagernet/sing-box/common/process"
"github.com/sagernet/sing-box/common/sniff"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing-box/route/rule"
"github.com/sagernet/sing-dns"
"github.com/sagernet/sing-mux"
"github.com/sagernet/sing-vmess"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/bufio"
"github.com/sagernet/sing/common/bufio/deadline"
E "github.com/sagernet/sing/common/exceptions"
F "github.com/sagernet/sing/common/format"
M "github.com/sagernet/sing/common/metadata"
N "github.com/sagernet/sing/common/network"
"github.com/sagernet/sing/common/uot"
)
// Deprecated: use RouteConnectionEx instead.
func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
return r.routeConnection(ctx, conn, metadata, nil)
}
func (r *Router) RouteConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
err := r.routeConnection(ctx, conn, metadata, onClose)
if err != nil {
N.CloseOnHandshakeFailure(conn, onClose, err)
if E.IsClosedOrCanceled(err) {
r.logger.DebugContext(ctx, "connection closed: ", err)
} else {
r.logger.ErrorContext(ctx, err)
}
}
}
func (r *Router) routeConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) error {
if r.pauseManager.IsDevicePaused() {
return E.New("reject connection to ", metadata.Destination, " while device paused")
}
2024-11-23 14:34:02 +00:00
//nolint:staticcheck
2024-10-21 15:38:34 +00:00
if metadata.InboundDetour != "" {
if metadata.LastInbound == metadata.InboundDetour {
return E.New("routing loop on detour: ", metadata.InboundDetour)
}
2024-11-20 03:32:02 +00:00
detour, loaded := r.inbound.Get(metadata.InboundDetour)
2024-11-10 04:11:21 +00:00
if !loaded {
2024-10-21 15:38:34 +00:00
return E.New("inbound detour not found: ", metadata.InboundDetour)
}
injectable, isInjectable := detour.(adapter.TCPInjectableInbound)
if !isInjectable {
return E.New("inbound detour is not TCP injectable: ", metadata.InboundDetour)
}
metadata.LastInbound = metadata.Inbound
metadata.Inbound = metadata.InboundDetour
metadata.InboundDetour = ""
injectable.NewConnectionEx(ctx, conn, metadata, onClose)
return nil
}
conntrack.KillerCheck()
metadata.Network = N.NetworkTCP
switch metadata.Destination.Fqdn {
case mux.Destination.Fqdn:
2024-11-06 11:02:55 +00:00
return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in Inbound fields instead.")
2024-10-21 15:38:34 +00:00
case vmess.MuxDestination.Fqdn:
return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
case uot.MagicAddress:
return E.New("global UoT not supported since sing-box v1.7.0.")
case uot.LegacyMagicAddress:
return E.New("global UoT (legacy) not supported since sing-box v1.7.0.")
}
if deadline.NeedAdditionalReadDeadline(conn) {
conn = deadline.NewConn(conn)
}
2024-11-06 09:30:40 +00:00
selectedRule, _, buffers, _, err := r.matchRule(ctx, &metadata, false, conn, nil)
2024-10-21 15:38:34 +00:00
if err != nil {
return err
}
2024-11-10 08:46:59 +00:00
var selectedOutbound adapter.Outbound
2024-10-21 15:38:34 +00:00
if selectedRule != nil {
switch action := selectedRule.Action().(type) {
case *rule.RuleActionRoute:
2024-11-10 08:46:59 +00:00
var loaded bool
2024-11-20 03:32:02 +00:00
selectedOutbound, loaded = r.outbound.Outbound(action.Outbound)
2024-10-21 15:38:34 +00:00
if !loaded {
buf.ReleaseMulti(buffers)
return E.New("outbound not found: ", action.Outbound)
}
2024-11-06 09:30:40 +00:00
if !common.Contains(selectedOutbound.Network(), N.NetworkTCP) {
buf.ReleaseMulti(buffers)
return E.New("TCP is not supported by outbound: ", selectedOutbound.Tag())
}
2024-10-21 15:38:34 +00:00
case *rule.RuleActionReject:
buf.ReleaseMulti(buffers)
2024-11-06 09:23:00 +00:00
N.CloseOnHandshakeFailure(conn, onClose, action.Error(ctx))
2024-10-21 15:38:34 +00:00
return nil
2024-10-23 05:44:08 +00:00
case *rule.RuleActionHijackDNS:
for _, buffer := range buffers {
conn = bufio.NewCachedConn(conn, buffer)
}
r.hijackDNSStream(ctx, conn, metadata)
return nil
2024-10-21 15:38:34 +00:00
}
}
2024-11-06 09:30:40 +00:00
if selectedRule == nil {
2024-11-20 03:32:02 +00:00
defaultOutbound := r.outbound.Default()
2024-11-10 04:11:21 +00:00
if !common.Contains(defaultOutbound.Network(), N.NetworkTCP) {
2024-10-21 15:38:34 +00:00
buf.ReleaseMulti(buffers)
2024-11-10 04:11:21 +00:00
return E.New("TCP is not supported by default outbound: ", defaultOutbound.Tag())
2024-10-21 15:38:34 +00:00
}
2024-11-10 08:46:59 +00:00
selectedOutbound = defaultOutbound
2024-10-21 15:38:34 +00:00
}
2024-11-06 09:30:40 +00:00
2024-10-21 15:38:34 +00:00
for _, buffer := range buffers {
conn = bufio.NewCachedConn(conn, buffer)
}
2024-11-10 08:46:59 +00:00
if r.tracker != nil {
conn = r.tracker.RoutedConnection(ctx, conn, metadata, selectedRule, selectedOutbound)
2024-10-21 15:38:34 +00:00
}
2024-11-24 06:45:40 +00:00
if outboundHandler, isHandler := selectedOutbound.(adapter.ConnectionHandlerEx); isHandler {
outboundHandler.NewConnectionEx(ctx, conn, metadata, onClose)
} else {
r.connection.NewConnection(ctx, selectedOutbound, conn, metadata, onClose)
2024-10-21 15:38:34 +00:00
}
return nil
}
func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
err := r.routePacketConnection(ctx, conn, metadata, nil)
if err != nil {
conn.Close()
if E.IsClosedOrCanceled(err) {
r.logger.DebugContext(ctx, "connection closed: ", err)
} else {
r.logger.ErrorContext(ctx, err)
}
}
return nil
}
func (r *Router) RoutePacketConnectionEx(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
err := r.routePacketConnection(ctx, conn, metadata, onClose)
if err != nil {
N.CloseOnHandshakeFailure(conn, onClose, err)
if E.IsClosedOrCanceled(err) {
r.logger.DebugContext(ctx, "connection closed: ", err)
} else {
r.logger.ErrorContext(ctx, err)
}
} else if onClose != nil {
onClose(nil)
}
}
func (r *Router) routePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) error {
if r.pauseManager.IsDevicePaused() {
return E.New("reject packet connection to ", metadata.Destination, " while device paused")
}
2024-11-23 14:34:02 +00:00
//nolint:staticcheck
2024-10-21 15:38:34 +00:00
if metadata.InboundDetour != "" {
if metadata.LastInbound == metadata.InboundDetour {
return E.New("routing loop on detour: ", metadata.InboundDetour)
}
2024-11-20 03:32:02 +00:00
detour, loaded := r.inbound.Get(metadata.InboundDetour)
2024-11-10 04:11:21 +00:00
if !loaded {
2024-10-21 15:38:34 +00:00
return E.New("inbound detour not found: ", metadata.InboundDetour)
}
injectable, isInjectable := detour.(adapter.UDPInjectableInbound)
if !isInjectable {
return E.New("inbound detour is not UDP injectable: ", metadata.InboundDetour)
}
metadata.LastInbound = metadata.Inbound
metadata.Inbound = metadata.InboundDetour
metadata.InboundDetour = ""
injectable.NewPacketConnectionEx(ctx, conn, metadata, onClose)
return nil
}
conntrack.KillerCheck()
// TODO: move to UoT
metadata.Network = N.NetworkUDP
// Currently we don't have deadline usages for UDP connections
/*if deadline.NeedAdditionalReadDeadline(conn) {
conn = deadline.NewPacketConn(bufio.NewNetPacketConn(conn))
}*/
2024-11-06 09:30:40 +00:00
selectedRule, _, _, packetBuffers, err := r.matchRule(ctx, &metadata, false, nil, conn)
2024-10-21 15:38:34 +00:00
if err != nil {
return err
}
2024-11-10 08:46:59 +00:00
var selectedOutbound adapter.Outbound
2024-10-21 15:38:34 +00:00
var selectReturn bool
if selectedRule != nil {
switch action := selectedRule.Action().(type) {
case *rule.RuleActionRoute:
2024-11-10 08:46:59 +00:00
var loaded bool
2024-11-20 03:32:02 +00:00
selectedOutbound, loaded = r.outbound.Outbound(action.Outbound)
2024-10-21 15:38:34 +00:00
if !loaded {
2024-10-23 05:44:08 +00:00
N.ReleaseMultiPacketBuffer(packetBuffers)
2024-10-21 15:38:34 +00:00
return E.New("outbound not found: ", action.Outbound)
}
2024-11-06 09:30:40 +00:00
if !common.Contains(selectedOutbound.Network(), N.NetworkUDP) {
N.ReleaseMultiPacketBuffer(packetBuffers)
return E.New("UDP is not supported by outbound: ", selectedOutbound.Tag())
}
2024-10-21 15:38:34 +00:00
case *rule.RuleActionReject:
2024-10-23 05:44:08 +00:00
N.ReleaseMultiPacketBuffer(packetBuffers)
2024-11-06 09:23:00 +00:00
N.CloseOnHandshakeFailure(conn, onClose, action.Error(ctx))
2024-10-21 15:38:34 +00:00
return nil
2024-10-23 05:44:08 +00:00
case *rule.RuleActionHijackDNS:
r.hijackDNSPacket(ctx, conn, packetBuffers, metadata)
return nil
2024-10-21 15:38:34 +00:00
}
}
if selectedRule == nil || selectReturn {
2024-11-20 03:32:02 +00:00
defaultOutbound := r.outbound.Default()
2024-11-10 04:11:21 +00:00
if !common.Contains(defaultOutbound.Network(), N.NetworkUDP) {
2024-10-23 05:44:08 +00:00
N.ReleaseMultiPacketBuffer(packetBuffers)
2024-11-10 04:11:21 +00:00
return E.New("UDP is not supported by outbound: ", defaultOutbound.Tag())
2024-10-21 15:38:34 +00:00
}
2024-11-10 08:46:59 +00:00
selectedOutbound = defaultOutbound
2024-10-21 15:38:34 +00:00
}
2024-10-23 05:44:08 +00:00
for _, buffer := range packetBuffers {
conn = bufio.NewCachedPacketConn(conn, buffer.Buffer, buffer.Destination)
N.PutPacketBuffer(buffer)
2024-10-21 15:38:34 +00:00
}
2024-11-10 08:46:59 +00:00
if r.tracker != nil {
conn = r.tracker.RoutedPacketConnection(ctx, conn, metadata, selectedRule, selectedOutbound)
2024-10-21 15:38:34 +00:00
}
if metadata.FakeIP {
conn = bufio.NewNATPacketConn(bufio.NewNetPacketConn(conn), metadata.OriginDestination, metadata.Destination)
}
2024-11-24 06:45:40 +00:00
if outboundHandler, isHandler := selectedOutbound.(adapter.PacketConnectionHandlerEx); isHandler {
outboundHandler.NewPacketConnectionEx(ctx, conn, metadata, onClose)
} else {
r.connection.NewPacketConnection(ctx, selectedOutbound, conn, metadata, onClose)
2024-10-21 15:38:34 +00:00
}
return nil
}
2024-10-22 13:28:22 +00:00
func (r *Router) PreMatch(metadata adapter.InboundContext) error {
2024-11-06 09:30:40 +00:00
selectedRule, _, _, _, err := r.matchRule(r.ctx, &metadata, true, nil, nil)
2024-10-22 13:28:22 +00:00
if err != nil {
return err
}
if selectedRule == nil {
return nil
}
rejectAction, isReject := selectedRule.Action().(*rule.RuleActionReject)
if !isReject {
return nil
}
2024-11-23 14:34:02 +00:00
return rejectAction.Error(context.Background())
2024-10-22 13:28:22 +00:00
}
2024-10-21 15:38:34 +00:00
func (r *Router) matchRule(
2024-10-22 13:28:22 +00:00
ctx context.Context, metadata *adapter.InboundContext, preMatch bool,
2024-11-06 09:30:40 +00:00
inputConn net.Conn, inputPacketConn N.PacketConn,
2024-10-23 05:44:08 +00:00
) (
selectedRule adapter.Rule, selectedRuleIndex int,
buffers []*buf.Buffer, packetBuffers []*N.PacketBuffer, fatalErr error,
) {
2024-10-21 15:38:34 +00:00
if r.processSearcher != nil && metadata.ProcessInfo == nil {
var originDestination netip.AddrPort
if metadata.OriginDestination.IsValid() {
originDestination = metadata.OriginDestination.AddrPort()
} else if metadata.Destination.IsIP() {
originDestination = metadata.Destination.AddrPort()
}
processInfo, fErr := process.FindProcessInfo(r.processSearcher, ctx, metadata.Network, metadata.Source.AddrPort(), originDestination)
if fErr != nil {
r.logger.InfoContext(ctx, "failed to search process: ", fErr)
} else {
if processInfo.ProcessPath != "" {
r.logger.InfoContext(ctx, "found process path: ", processInfo.ProcessPath)
} else if processInfo.PackageName != "" {
r.logger.InfoContext(ctx, "found package name: ", processInfo.PackageName)
} else if processInfo.UserId != -1 {
if /*needUserName &&*/ true {
osUser, _ := user.LookupId(F.ToString(processInfo.UserId))
if osUser != nil {
processInfo.User = osUser.Username
}
}
if processInfo.User != "" {
r.logger.InfoContext(ctx, "found user: ", processInfo.User)
} else {
r.logger.InfoContext(ctx, "found user id: ", processInfo.UserId)
}
}
metadata.ProcessInfo = processInfo
}
}
if r.fakeIPStore != nil && r.fakeIPStore.Contains(metadata.Destination.Addr) {
domain, loaded := r.fakeIPStore.Lookup(metadata.Destination.Addr)
if !loaded {
fatalErr = E.New("missing fakeip record, try to configure experimental.cache_file")
return
}
metadata.OriginDestination = metadata.Destination
metadata.Destination = M.Socksaddr{
Fqdn: domain,
Port: metadata.Destination.Port,
}
metadata.FakeIP = true
r.logger.DebugContext(ctx, "found fakeip domain: ", domain)
}
if r.dnsReverseMapping != nil && metadata.Domain == "" {
domain, loaded := r.dnsReverseMapping.Query(metadata.Destination.Addr)
if loaded {
metadata.Domain = domain
r.logger.DebugContext(ctx, "found reserve mapped domain: ", metadata.Domain)
}
}
if metadata.Destination.IsIPv4() {
metadata.IPVersion = 4
} else if metadata.Destination.IsIPv6() {
metadata.IPVersion = 6
}
//nolint:staticcheck
if metadata.InboundOptions != common.DefaultValue[option.InboundOptions]() {
2024-10-22 13:28:22 +00:00
if !preMatch && metadata.InboundOptions.SniffEnabled {
2024-10-23 05:44:08 +00:00
newBuffer, newPackerBuffers, newErr := r.actionSniff(ctx, metadata, &rule.RuleActionSniff{
2024-10-21 15:38:34 +00:00
OverrideDestination: metadata.InboundOptions.SniffOverrideDestination,
Timeout: time.Duration(metadata.InboundOptions.SniffTimeout),
}, inputConn, inputPacketConn)
if newErr != nil {
fatalErr = newErr
return
}
2024-10-23 05:44:08 +00:00
if newBuffer != nil {
buffers = []*buf.Buffer{newBuffer}
} else if len(newPackerBuffers) > 0 {
packetBuffers = newPackerBuffers
}
2024-10-21 15:38:34 +00:00
}
if dns.DomainStrategy(metadata.InboundOptions.DomainStrategy) != dns.DomainStrategyAsIS {
fatalErr = r.actionResolve(ctx, metadata, &rule.RuleActionResolve{
Strategy: dns.DomainStrategy(metadata.InboundOptions.DomainStrategy),
})
if fatalErr != nil {
return
}
}
if metadata.InboundOptions.UDPDisableDomainUnmapping {
metadata.UDPDisableDomainUnmapping = true
}
metadata.InboundOptions = option.InboundOptions{}
}
match:
2024-11-06 09:30:40 +00:00
for currentRuleIndex, currentRule := range r.rules {
metadata.ResetRuleCache()
if !currentRule.Match(metadata) {
continue
2024-10-21 15:38:34 +00:00
}
2024-10-22 13:28:22 +00:00
if !preMatch {
2024-10-23 05:44:08 +00:00
ruleDescription := currentRule.String()
if ruleDescription != "" {
r.logger.DebugContext(ctx, "match[", currentRuleIndex, "] ", currentRule, " => ", currentRule.Action())
} else {
r.logger.DebugContext(ctx, "match[", currentRuleIndex, "] => ", currentRule.Action())
}
2024-10-22 13:28:22 +00:00
} else {
switch currentRule.Action().Type() {
2024-11-06 09:30:40 +00:00
case C.RuleActionTypeReject:
2024-10-23 05:44:08 +00:00
ruleDescription := currentRule.String()
if ruleDescription != "" {
r.logger.DebugContext(ctx, "pre-match[", currentRuleIndex, "] ", currentRule, " => ", currentRule.Action())
} else {
r.logger.DebugContext(ctx, "pre-match[", currentRuleIndex, "] => ", currentRule.Action())
}
2024-10-22 13:28:22 +00:00
}
}
var routeOptions *rule.RuleActionRouteOptions
2024-10-21 15:38:34 +00:00
switch action := currentRule.Action().(type) {
2024-11-06 09:30:40 +00:00
case *rule.RuleActionRoute:
routeOptions = &action.RuleActionRouteOptions
2024-11-06 09:30:40 +00:00
case *rule.RuleActionRouteOptions:
routeOptions = action
}
if routeOptions != nil {
// TODO: add nat
if (routeOptions.OverrideAddress.IsValid() || routeOptions.OverridePort > 0) && !metadata.RouteOriginalDestination.IsValid() {
metadata.RouteOriginalDestination = metadata.Destination
}
if routeOptions.OverrideAddress.IsValid() {
metadata.Destination = M.Socksaddr{
Addr: routeOptions.OverrideAddress.Addr,
Port: metadata.Destination.Port,
Fqdn: routeOptions.OverrideAddress.Fqdn,
}
}
if routeOptions.OverridePort > 0 {
metadata.Destination = M.Socksaddr{
Addr: metadata.Destination.Addr,
Port: routeOptions.OverridePort,
Fqdn: metadata.Destination.Fqdn,
}
}
2024-12-14 16:45:41 +00:00
if routeOptions.NetworkStrategy != nil {
metadata.NetworkStrategy = routeOptions.NetworkStrategy
}
if len(routeOptions.NetworkType) > 0 {
metadata.NetworkType = routeOptions.NetworkType
}
if len(routeOptions.FallbackNetworkType) > 0 {
metadata.FallbackNetworkType = routeOptions.FallbackNetworkType
}
if routeOptions.FallbackDelay != 0 {
metadata.FallbackDelay = routeOptions.FallbackDelay
}
2024-11-20 03:32:02 +00:00
if routeOptions.UDPDisableDomainUnmapping {
metadata.UDPDisableDomainUnmapping = true
}
if routeOptions.UDPConnect {
metadata.UDPConnect = true
}
2024-11-24 06:45:40 +00:00
if routeOptions.UDPTimeout > 0 {
metadata.UDPTimeout = routeOptions.UDPTimeout
}
}
switch action := currentRule.Action().(type) {
2024-10-21 15:38:34 +00:00
case *rule.RuleActionSniff:
2024-10-22 13:28:22 +00:00
if !preMatch {
2024-10-23 05:44:08 +00:00
newBuffer, newPacketBuffers, newErr := r.actionSniff(ctx, metadata, action, inputConn, inputPacketConn)
2024-10-22 13:28:22 +00:00
if newErr != nil {
fatalErr = newErr
return
}
2024-10-23 05:44:08 +00:00
if newBuffer != nil {
buffers = append(buffers, newBuffer)
} else if len(newPacketBuffers) > 0 {
packetBuffers = append(packetBuffers, newPacketBuffers...)
}
2024-10-22 13:28:22 +00:00
} else {
selectedRule = currentRule
selectedRuleIndex = currentRuleIndex
break match
2024-10-21 15:38:34 +00:00
}
case *rule.RuleActionResolve:
fatalErr = r.actionResolve(ctx, metadata, action)
if fatalErr != nil {
return
}
2024-11-06 09:30:40 +00:00
}
actionType := currentRule.Action().Type()
if actionType == C.RuleActionTypeRoute ||
actionType == C.RuleActionTypeReject ||
actionType == C.RuleActionTypeHijackDNS ||
(actionType == C.RuleActionTypeSniff && preMatch) {
2024-10-21 15:38:34 +00:00
selectedRule = currentRule
selectedRuleIndex = currentRuleIndex
break match
}
}
2024-12-10 12:36:09 +00:00
if !preMatch && inputPacketConn != nil && !metadata.Destination.IsFqdn() && !metadata.Destination.Addr.IsGlobalUnicast() {
var timeout time.Duration
if metadata.InboundType == C.TypeSOCKS {
timeout = C.TCPTimeout
}
newBuffer, newPacketBuffers, newErr := r.actionSniff(ctx, metadata, &rule.RuleActionSniff{Timeout: timeout}, inputConn, inputPacketConn)
2024-10-21 15:38:34 +00:00
if newErr != nil {
fatalErr = newErr
return
}
2024-10-23 05:44:08 +00:00
if newBuffer != nil {
buffers = append(buffers, newBuffer)
} else if len(newPacketBuffers) > 0 {
packetBuffers = append(packetBuffers, newPacketBuffers...)
}
2024-10-21 15:38:34 +00:00
}
return
}
func (r *Router) actionSniff(
ctx context.Context, metadata *adapter.InboundContext, action *rule.RuleActionSniff,
inputConn net.Conn, inputPacketConn N.PacketConn,
2024-10-23 05:44:08 +00:00
) (buffer *buf.Buffer, packetBuffers []*N.PacketBuffer, fatalErr error) {
2024-10-21 15:38:34 +00:00
if sniff.Skip(metadata) {
return
2024-10-23 05:44:08 +00:00
} else if inputConn != nil {
sniffBuffer := buf.NewPacket()
var streamSniffers []sniff.StreamSniffer
if len(action.StreamSniffers) > 0 {
streamSniffers = action.StreamSniffers
} else {
streamSniffers = []sniff.StreamSniffer{
sniff.TLSClientHello,
sniff.HTTPHost,
sniff.StreamDomainNameQuery,
sniff.BitTorrent,
sniff.SSH,
sniff.RDP,
}
}
2024-10-21 15:38:34 +00:00
err := sniff.PeekStream(
ctx,
metadata,
inputConn,
2024-10-23 05:44:08 +00:00
sniffBuffer,
2024-10-21 15:38:34 +00:00
action.Timeout,
2024-10-23 05:44:08 +00:00
streamSniffers...,
2024-10-21 15:38:34 +00:00
)
if err == nil {
//goland:noinspection GoDeprecation
if action.OverrideDestination && M.IsDomainName(metadata.Domain) {
metadata.Destination = M.Socksaddr{
Fqdn: metadata.Domain,
Port: metadata.Destination.Port,
}
}
if metadata.Domain != "" && metadata.Client != "" {
r.logger.DebugContext(ctx, "sniffed protocol: ", metadata.Protocol, ", domain: ", metadata.Domain, ", client: ", metadata.Client)
} else if metadata.Domain != "" {
r.logger.DebugContext(ctx, "sniffed protocol: ", metadata.Protocol, ", domain: ", metadata.Domain)
} else {
r.logger.DebugContext(ctx, "sniffed protocol: ", metadata.Protocol)
}
}
2024-10-23 05:44:08 +00:00
if !sniffBuffer.IsEmpty() {
buffer = sniffBuffer
2024-10-21 15:38:34 +00:00
} else {
2024-10-23 05:44:08 +00:00
sniffBuffer.Release()
2024-10-21 15:38:34 +00:00
}
2024-10-23 05:44:08 +00:00
} else if inputPacketConn != nil {
2024-10-21 15:38:34 +00:00
for {
var (
2024-10-23 05:44:08 +00:00
sniffBuffer = buf.NewPacket()
2024-10-21 15:38:34 +00:00
destination M.Socksaddr
done = make(chan struct{})
err error
)
go func() {
sniffTimeout := C.ReadPayloadTimeout
if action.Timeout > 0 {
sniffTimeout = action.Timeout
}
inputPacketConn.SetReadDeadline(time.Now().Add(sniffTimeout))
2024-10-23 05:44:08 +00:00
destination, err = inputPacketConn.ReadPacket(sniffBuffer)
2024-10-21 15:38:34 +00:00
inputPacketConn.SetReadDeadline(time.Time{})
close(done)
}()
select {
case <-done:
case <-ctx.Done():
inputPacketConn.Close()
fatalErr = ctx.Err()
return
}
if err != nil {
2024-10-23 05:44:08 +00:00
sniffBuffer.Release()
2024-10-21 15:38:34 +00:00
if !errors.Is(err, os.ErrDeadlineExceeded) {
fatalErr = err
return
}
} else {
2024-12-10 12:36:09 +00:00
if !metadata.Destination.Addr.IsGlobalUnicast() {
2024-10-21 15:38:34 +00:00
metadata.Destination = destination
}
2024-10-23 05:44:08 +00:00
if len(packetBuffers) > 0 {
2024-10-21 15:38:34 +00:00
err = sniff.PeekPacket(
ctx,
metadata,
2024-10-23 05:44:08 +00:00
sniffBuffer.Bytes(),
2024-10-21 15:38:34 +00:00
sniff.QUICClientHello,
)
} else {
2024-10-23 05:44:08 +00:00
var packetSniffers []sniff.PacketSniffer
if len(action.PacketSniffers) > 0 {
packetSniffers = action.PacketSniffers
} else {
packetSniffers = []sniff.PacketSniffer{
sniff.DomainNameQuery,
sniff.QUICClientHello,
sniff.STUNMessage,
sniff.UTP,
sniff.UDPTracker,
sniff.DTLSRecord,
}
}
2024-10-21 15:38:34 +00:00
err = sniff.PeekPacket(
ctx, metadata,
2024-10-23 05:44:08 +00:00
sniffBuffer.Bytes(),
packetSniffers...,
2024-10-21 15:38:34 +00:00
)
}
2024-10-23 05:44:08 +00:00
packetBuffer := N.NewPacketBuffer()
*packetBuffer = N.PacketBuffer{
Buffer: sniffBuffer,
Destination: destination,
}
packetBuffers = append(packetBuffers, packetBuffer)
if E.IsMulti(err, sniff.ErrClientHelloFragmented) && len(packetBuffers) == 0 {
2024-10-21 15:38:34 +00:00
r.logger.DebugContext(ctx, "attempt to sniff fragmented QUIC client hello")
continue
}
if metadata.Protocol != "" {
//goland:noinspection GoDeprecation
if action.OverrideDestination && M.IsDomainName(metadata.Domain) {
metadata.Destination = M.Socksaddr{
Fqdn: metadata.Domain,
Port: metadata.Destination.Port,
}
}
if metadata.Domain != "" && metadata.Client != "" {
r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol, ", domain: ", metadata.Domain, ", client: ", metadata.Client)
} else if metadata.Domain != "" {
r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol, ", domain: ", metadata.Domain)
} else if metadata.Client != "" {
r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol, ", client: ", metadata.Client)
} else {
r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol)
}
}
}
break
}
}
return
}
func (r *Router) actionResolve(ctx context.Context, metadata *adapter.InboundContext, action *rule.RuleActionResolve) error {
if metadata.Destination.IsFqdn() {
2024-10-22 14:01:28 +00:00
metadata.DNSServer = action.Server
2024-10-21 15:38:34 +00:00
addresses, err := r.Lookup(adapter.WithContext(ctx, metadata), metadata.Destination.Fqdn, action.Strategy)
if err != nil {
return err
}
metadata.DestinationAddresses = addresses
r.dnsLogger.DebugContext(ctx, "resolved [", strings.Join(F.MapToString(metadata.DestinationAddresses), " "), "]")
if metadata.Destination.IsIPv4() {
metadata.IPVersion = 4
} else if metadata.Destination.IsIPv6() {
metadata.IPVersion = 6
}
}
return nil
}