Merge branch 'Dev' into Meta

# Conflicts:
#	config/config.go
This commit is contained in:
gVisor bot 2022-02-05 19:30:12 +08:00
commit 496738bb07
64 changed files with 1536 additions and 438 deletions

44
.github/workflows/dev.yml vendored Normal file
View file

@ -0,0 +1,44 @@
name: Dev
on: [push]
jobs:
dev-build:
if: ${{ !contains(github.event.head_commit.message, '[Skip CI]') }}
runs-on: ubuntu-latest
steps:
- name: Get latest go version
id: version
run: |
echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g')
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: ${{ steps.version.outputs.go_version }}
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Cache go module
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
# - name: Get dependencies, run test
# run: |
# go test ./...
- name: Build
if: success()
env:
NAME: Clash.Meta
BINDIR: bin
run: make -j releases
- name: Upload Dev
uses: softprops/action-gh-release@v1
if: ${{ env.GIT_BRANCH != 'Meta' && success() }}
with:
tag_name: develop
files: bin/*
prerelease: true

2
.gitignore vendored
View file

@ -23,3 +23,5 @@ vendor
# test suite
test/config/cache*
/output
/.vscode

View file

@ -1,6 +1,10 @@
NAME=Clash.Meta
BINDIR=bin
VERSION=$(shell git describe --tags || echo "unknown version")
BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
VERSION=$(shell git describe --tags || echo "unknown version" )
ifeq ($(BRANCH),Dev)
VERSION=develop-$(shell git rev-parse --short HEAD)
endif
BUILDTIME=$(shell date -u)
AUTOIPTABLES=Enable
GOBUILD=CGO_ENABLED=0 go build -trimpath -ldflags '-X "github.com/Dreamacro/clash/constant.Version=$(VERSION)" \
@ -38,7 +42,11 @@ WINDOWS_ARCH_LIST = \
windows-arm32v7
all: linux-arm64-AutoIptables linux-amd64-AutoIptables linux-arm64 linux-amd64 darwin-amd64 darwin-arm64 windows-amd64 windows-386 # Most used
all:linux-amd64-AutoIptables linux-amd64\
linux-arm64 linux-arm64-AutoIptables linux-armv7\
darwin-amd64 darwin-arm64\
windows-amd64 windows-386 \
linux-mips-hardfloat linux-mips-softfloat linux-mips64 linux-mips64le linux-mipsle-hardfloat linux-mipsle-softfloat# Most used
docker:
$(GOBUILD) -o $(BINDIR)/$(NAME)-$@
@ -141,4 +149,4 @@ all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST)
releases: $(gz_releases) $(zip_releases)
clean:
rm $(BINDIR)/*
rm $(BINDIR)/*

View file

@ -20,3 +20,26 @@ func NewSocket(target socks5.Addr, conn net.Conn, source C.Type) *context.ConnCo
return context.NewConnContext(conn, metadata)
}
func NewInner(conn net.Conn, dst string, host string) *context.ConnContext {
metadata := &C.Metadata{}
metadata.NetWork = C.TCP
metadata.Type = C.INNER
metadata.DNSMode = C.DNSMapping
metadata.Host = host
metadata.AddrType = C.AtypDomainName
metadata.Process = C.ClashName
if ip, port, err := parseAddr(dst); err == nil {
metadata.DstPort = port
if host == "" {
metadata.DstIP = ip
if ip.To4() == nil {
metadata.AddrType = C.AtypIPv6
} else {
metadata.AddrType = C.AtypIPv4
}
}
}
return context.NewConnContext(conn, metadata)
}

View file

@ -44,3 +44,13 @@ func NewDirect() *Direct {
},
}
}
func NewCompatible() *Direct {
return &Direct{
Base: &Base{
name: "COMPATIBLE",
tp: C.Compatible,
udp: true,
},
}
}

View file

@ -27,6 +27,7 @@ type SnellOption struct {
Server string `proxy:"server"`
Port int `proxy:"port"`
Psk string `proxy:"psk"`
UDP bool `proxy:"udp,omitempty"`
Version int `proxy:"version,omitempty"`
ObfsOpts map[string]interface{} `proxy:"obfs-opts,omitempty"`
}
@ -85,6 +86,24 @@ func (s *Snell) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
return NewConn(c, s), err
}
// ListenPacketContext implements C.ProxyAdapter
func (s *Snell) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.PacketConn, error) {
c, err := dialer.DialContext(ctx, "tcp", s.addr, s.Base.DialOptions(opts...)...)
if err != nil {
return nil, err
}
tcpKeepAlive(c)
c = streamConn(c, streamOption{s.psk, s.version, s.addr, s.obfsOption})
err = snell.WriteUDPHeader(c, s.version)
if err != nil {
return nil, err
}
pc := snell.PacketConn(c)
return newPacketConn(pc, s), nil
}
func NewSnell(option SnellOption) (*Snell, error) {
addr := net.JoinHostPort(option.Server, strconv.Itoa(option.Port))
psk := []byte(option.Psk)
@ -106,7 +125,13 @@ func NewSnell(option SnellOption) (*Snell, error) {
if option.Version == 0 {
option.Version = snell.DefaultSnellVersion
}
if option.Version != snell.Version1 && option.Version != snell.Version2 {
switch option.Version {
case snell.Version1, snell.Version2:
if option.UDP {
return nil, fmt.Errorf("snell version %d not support UDP", option.Version)
}
case snell.Version3:
default:
return nil, fmt.Errorf("snell version error: %d", option.Version)
}
@ -115,6 +140,7 @@ func NewSnell(option SnellOption) (*Snell, error) {
name: option.Name,
addr: addr,
tp: C.Snell,
udp: option.UDP,
iface: option.Interface,
},
psk: psk,

View file

@ -1,6 +1,7 @@
package outboundgroup
import (
"github.com/Dreamacro/clash/tunnel"
"regexp"
"time"
@ -21,6 +22,7 @@ func getProvidersProxies(providers []provider.ProxyProvider, touch bool, filter
proxies = append(proxies, provider.Proxies()...)
}
}
var filterReg *regexp.Regexp = nil
matchedProxies := []C.Proxy{}
if len(filter) > 0 {
@ -30,10 +32,18 @@ func getProvidersProxies(providers []provider.ProxyProvider, touch bool, filter
matchedProxies = append(matchedProxies, p)
}
}
//if no proxy matched, means bad filter, return all proxies
if len(matchedProxies) > 0 {
proxies = matchedProxies
return matchedProxies
} else {
return append([]C.Proxy{}, tunnel.Proxies()["COMPATIBLE"])
}
} else {
if len(proxies) == 0 {
return append(proxies, tunnel.Proxies()["COMPATIBLE"])
} else {
return proxies
}
}
return proxies
}

View file

@ -66,18 +66,20 @@ func (f *Fallback) onDialFailed() {
f.failedTime.Store(now)
f.failedTimes.Store(1)
} else {
if f.failedTime.Load()-time.Now().UnixMilli() > 5*1000 {
if f.failedTime.Load()-time.Now().UnixMilli() > 5*time.Second.Milliseconds() {
f.failedTimes.Store(-1)
f.failedTime.Store(-1)
} else {
f.failedTimes.Inc()
failedCount := f.failedTimes.Load()
failedCount := f.failedTimes.Inc()
log.Warnln("%s failed count: %d", f.Name(), failedCount)
if failedCount > 5 {
log.Debugln("%s failed multiple times.", f.Name())
if failedCount >= 5 {
log.Warnln("because %s failed multiple times, active health check", f.Name())
for _, proxyProvider := range f.providers {
go proxyProvider.HealthCheck()
}
f.failedTimes.Store(-1)
f.failedTime.Store(-1)
}
}
}
@ -95,10 +97,11 @@ func (f *Fallback) SupportUDP() bool {
// MarshalJSON implements C.ProxyAdapter
func (f *Fallback) MarshalJSON() ([]byte, error) {
var all []string
all := make([]string, 0)
for _, proxy := range f.proxies(false) {
all = append(all, proxy.Name())
}
return json.Marshal(map[string]interface{}{
"type": f.Type().String(),
"now": f.Now(),

View file

@ -150,10 +150,12 @@ func (lb *LoadBalance) proxies(touch bool) []C.Proxy {
// MarshalJSON implements C.ProxyAdapter
func (lb *LoadBalance) MarshalJSON() ([]byte, error) {
var all []string
all := make([]string, 0)
for _, proxy := range lb.proxies(false) {
all = append(all, proxy.Name())
}
return json.Marshal(map[string]interface{}{
"type": lb.Type().String(),
"all": all,

View file

@ -23,7 +23,7 @@ type Relay struct {
func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (C.Conn, error) {
var proxies []C.Proxy
for _, proxy := range r.proxies(metadata, true) {
if proxy.Type() != C.Direct {
if proxy.Type() != C.Direct && proxy.Type() != C.Compatible {
proxies = append(proxies, proxy)
}
}
@ -69,10 +69,12 @@ func (r *Relay) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
// MarshalJSON implements C.ProxyAdapter
func (r *Relay) MarshalJSON() ([]byte, error) {
var all []string
all := make([]string, 0)
for _, proxy := range r.rawProxies(false) {
all = append(all, proxy.Name())
}
return json.Marshal(map[string]interface{}{
"type": r.Type().String(),
"all": all,

View file

@ -50,7 +50,8 @@ func (s *Selector) SupportUDP() bool {
// MarshalJSON implements C.ProxyAdapter
func (s *Selector) MarshalJSON() ([]byte, error) {
var all []string
all := make([]string, 0)
for _, proxy := range getProvidersProxies(s.providers, false, s.filter) {
all = append(all, proxy.Name())
}
@ -99,7 +100,6 @@ func (s *Selector) selectedProxy(touch bool) C.Proxy {
}
func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider) *Selector {
selected := providers[0].Proxies()[0].Name()
return &Selector{
Base: outbound.NewBase(outbound.BaseOption{
Name: option.Name,
@ -109,7 +109,7 @@ func NewSelector(option *GroupCommonOption, providers []provider.ProxyProvider)
}),
single: singledo.NewSingle(defaultGetProxiesDuration),
providers: providers,
selected: selected,
selected: "COMPATIBLE",
disableUDP: option.DisableUDP,
filter: option.Filter,
}

View file

@ -125,10 +125,12 @@ func (u *URLTest) SupportUDP() bool {
// MarshalJSON implements C.ProxyAdapter
func (u *URLTest) MarshalJSON() ([]byte, error) {
var all []string
all := make([]string, 0)
for _, proxy := range u.proxies(false) {
all = append(all, proxy.Name())
}
return json.Marshal(map[string]interface{}{
"type": u.Type().String(),
"now": u.Now(),
@ -147,14 +149,16 @@ func (u *URLTest) onDialFailed() {
u.failedTimes.Store(-1)
u.failedTime.Store(-1)
} else {
u.failedTimes.Inc()
failedCount := u.failedTimes.Load()
failedCount := u.failedTimes.Inc()
log.Warnln("%s failed count: %d", u.Name(), failedCount)
if failedCount > 5 {
log.Debugln("%s failed multiple times.", u.Name())
if failedCount >= 5 {
log.Warnln("because %s failed multiple times, active health check", u.Name())
for _, proxyProvider := range u.providers {
go proxyProvider.HealthCheck()
}
u.failedTimes.Store(-1)
u.failedTime.Store(-1)
}
}
}

View file

@ -102,6 +102,7 @@ func (f *fetcher) Update() (interface{}, bool, error) {
hash := md5.Sum(buf)
if bytes.Equal(f.hash[:], hash[:]) {
f.updatedAt = &now
os.Chtimes(f.vehicle.Path(), now, now)
return nil, true, nil
}

View file

@ -67,6 +67,10 @@ func (pp *proxySetProvider) Initial() error {
}
pp.onUpdate(elm)
if pp.healthCheck.auto() {
go pp.healthCheck.process()
}
return nil
}
@ -102,10 +106,6 @@ func NewProxySetProvider(name string, interval time.Duration, filter string, veh
return nil, fmt.Errorf("invalid filter regex: %w", err)
}
if hc.auto() {
go hc.process()
}
pd := &proxySetProvider{
proxies: []C.Proxy{},
healthCheck: hc,
@ -190,6 +190,10 @@ func (cp *compatibleProvider) Update() error {
}
func (cp *compatibleProvider) Initial() error {
if cp.healthCheck.auto() {
go cp.healthCheck.process()
}
return nil
}
@ -219,10 +223,6 @@ func NewCompatibleProvider(name string, proxies []C.Proxy, hc *HealthCheck) (*Co
return nil, errors.New("provider need one proxy at least")
}
if hc.auto() {
go hc.process()
}
pd := &compatibleProvider{
name: name,
proxies: proxies,

View file

@ -2,6 +2,7 @@ package provider
import (
"context"
"github.com/Dreamacro/clash/listener/inner"
"io"
"net"
"net/http"
@ -10,7 +11,6 @@ import (
"time"
netHttp "github.com/Dreamacro/clash/common/net"
"github.com/Dreamacro/clash/component/dialer"
types "github.com/Dreamacro/clash/constant/provider"
)
@ -77,7 +77,8 @@ func (h *HTTPVehicle) Read() ([]byte, error) {
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
return dialer.DialContext(ctx, network, address)
conn := inner.HandleTcp(address, uri.Hostname())
return conn, nil
},
}

View file

@ -0,0 +1,56 @@
package collections
import "sync"
type (
stack struct {
top *node
length int
lock *sync.RWMutex
}
node struct {
value interface{}
prev *node
}
)
// NewStack Create a new stack
func NewStack() *stack {
return &stack{nil, 0, &sync.RWMutex{}}
}
// Len Return the number of items in the stack
func (this *stack) Len() int {
return this.length
}
// Peek View the top item on the stack
func (this *stack) Peek() interface{} {
if this.length == 0 {
return nil
}
return this.top.value
}
// Pop the top item of the stack and return it
func (this *stack) Pop() interface{} {
this.lock.Lock()
defer this.lock.Unlock()
if this.length == 0 {
return nil
}
n := this.top
this.top = n.prev
this.length--
return n.value
}
// Push a value onto the top of the stack
func (this *stack) Push(value interface{}) {
this.lock.Lock()
defer this.lock.Unlock()
n := &node{value, this.top}
this.top = n
this.length++
}

46
common/net/tcpip.go Normal file
View file

@ -0,0 +1,46 @@
package net
import (
"fmt"
"net"
"strings"
)
func SplitNetworkType(s string) (string, string, error) {
var (
shecme string
hostPort string
)
result := strings.Split(s, "://")
if len(result) == 2 {
shecme = result[0]
hostPort = result[1]
} else if len(result) == 1 {
hostPort = result[0]
} else {
return "", "", fmt.Errorf("tcp/udp style error")
}
if len(shecme) == 0 {
shecme = "udp"
}
if shecme != "tcp" && shecme != "udp" {
return "", "", fmt.Errorf("scheme should be tcp:// or udp://")
} else {
return shecme, hostPort, nil
}
}
func SplitHostPort(s string) (host, port string, hasPort bool, err error) {
temp := s
hasPort = true
if !strings.Contains(s, ":") && !strings.Contains(s, "]:") {
temp += ":0"
hasPort = false
}
host, port, err = net.SplitHostPort(temp)
return
}

View file

@ -109,13 +109,13 @@ func (t *DomainTrie) search(node *Node, parts []string) *Node {
}
if c := node.getChild(parts[len(parts)-1]); c != nil {
if n := t.search(c, parts[:len(parts)-1]); n != nil {
if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != nil {
return n
}
}
if c := node.getChild(wildcard); c != nil {
if n := t.search(c, parts[:len(parts)-1]); n != nil {
if n := t.search(c, parts[:len(parts)-1]); n != nil && n.Data != nil {
return n
}
}

View file

@ -97,3 +97,11 @@ func TestTrie_Boundary(t *testing.T) {
assert.NotNil(t, tree.Insert("..dev", localIP))
assert.Nil(t, tree.Search("dev"))
}
func TestTrie_WildcardBoundary(t *testing.T) {
tree := New()
tree.Insert("+.*", localIP)
tree.Insert("stun.*.*.*", localIP)
assert.NotNil(t, tree.Search("example.com"))
}

View file

@ -2,8 +2,8 @@ package trie
// Node is the trie's node
type Node struct {
Data interface{}
children map[string]*Node
Data interface{}
}
func (n *Node) getChild(s string) *Node {

View file

@ -4,6 +4,8 @@ import (
"container/list"
"errors"
"fmt"
R "github.com/Dreamacro/clash/rule"
RP "github.com/Dreamacro/clash/rule/provider"
"net"
"net/url"
"os"
@ -24,7 +26,6 @@ import (
providerTypes "github.com/Dreamacro/clash/constant/provider"
"github.com/Dreamacro/clash/dns"
"github.com/Dreamacro/clash/log"
R "github.com/Dreamacro/clash/rule"
T "github.com/Dreamacro/clash/tunnel"
"gopkg.in/yaml.v2"
@ -209,7 +210,7 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
Enable: false,
Stack: "gvisor",
DnsHijack: []string{"198.18.0.2:53"},
AutoRoute: true,
AutoRoute: false,
},
DNS: RawDNS{
Enable: false,
@ -228,8 +229,8 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
"1.0.0.1",
},
NameServer: []string{
"https://8.8.8.8/dns-query",
"https://1.0.0.1/dns-query",
"223.5.5.5",
"119.29.29",
},
FakeIPFilter: []string{
"dns.msftnsci.com",
@ -350,6 +351,7 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
proxies["DIRECT"] = adapter.NewProxy(outbound.NewDirect())
proxies["REJECT"] = adapter.NewProxy(outbound.NewReject())
proxies["COMPATIBLE"] = adapter.NewProxy(outbound.NewCompatible())
proxyList = append(proxyList, "DIRECT", "REJECT")
// parse proxy
@ -396,13 +398,6 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
providersMap[name] = pd
}
for _, rp := range providersMap {
log.Infoln("Start initial provider %s", rp.Name())
if err := rp.Initial(); err != nil {
return nil, nil, fmt.Errorf("initial proxy provider %s error: %w", rp.Name(), err)
}
}
// parse proxy group
for idx, mapping := range groupsConfig {
group, err := outboundgroup.ParseProxyGroup(mapping, proxies, providersMap)
@ -418,18 +413,6 @@ func parseProxies(cfg *RawConfig) (proxies map[string]C.Proxy, providersMap map[
proxies[groupName] = adapter.NewProxy(group)
}
// initial compatible provider
for _, pd := range providersMap {
if pd.VehicleType() != providerTypes.Compatible {
continue
}
log.Infoln("Start initial compatible provider %s", pd.Name())
if err := pd.Initial(); err != nil {
return nil, nil, err
}
}
var ps []C.Proxy
for _, v := range proxyList {
ps = append(ps, proxies[v])
@ -502,20 +485,13 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
// parse rule provider
for name, mapping := range cfg.RuleProvider {
rp, err := R.ParseRuleProvider(name, mapping)
rp, err := RP.ParseRuleProvider(name, mapping)
if err != nil {
return nil, nil, err
}
ruleProviders[name] = &rp
R.SetRuleProvider(rp)
}
for _, ruleProvider := range ruleProviders {
log.Infoln("Start initial provider %s", (*ruleProvider).Name())
if err := (*ruleProvider).Initial(); err != nil {
return nil, nil, fmt.Errorf("initial rule provider %s error: %w", (*ruleProvider).Name(), err)
}
RP.SetRuleProvider(rp)
}
var rules []C.Rule
@ -536,24 +512,29 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
continue
}
switch l := len(rule); {
case l == 2:
target = rule[1]
case l == 3:
if ruleName == "MATCH" {
payload = ""
if ruleName == "NOT" || ruleName == "OR" || ruleName == "AND" {
payload = strings.Join(rule[1:len(rule)-1], ",")
target = rule[len(rule)-1]
} else {
switch l := len(rule); {
case l == 2:
target = rule[1]
params = rule[2:]
break
case l == 3:
if ruleName == "MATCH" {
payload = ""
target = rule[1]
params = rule[2:]
break
}
payload = rule[1]
target = rule[2]
case l >= 4:
payload = rule[1]
target = rule[2]
params = rule[3:]
default:
return nil, nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
}
payload = rule[1]
target = rule[2]
case l >= 4:
payload = rule[1]
target = rule[2]
params = rule[3:]
default:
return nil, nil, fmt.Errorf("rules[%d] [%s] error: format invalid", idx, line)
}
if _, ok := proxies[target]; mode != T.Script && !ok {
@ -562,6 +543,11 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, map[strin
params = trimArr(params)
if ruleName == "GEOSITE" {
if err := initGeoSite(); err != nil {
return nil, nil, fmt.Errorf("can't initial GeoSite: %w", err)
}
}
parsed, parseErr := R.ParseRule(ruleName, payload, target, params)
if parseErr != nil {
return nil, nil, fmt.Errorf("rules[%d] [%s] error: %s", idx, line, parseErr.Error())
@ -699,6 +685,11 @@ func parseFallbackIPCIDR(ips []string) ([]*net.IPNet, error) {
func parseFallbackGeoSite(countries []string, rules []C.Rule) ([]*router.DomainMatcher, error) {
var sites []*router.DomainMatcher
if len(countries) > 0 {
if err := initGeoSite(); err != nil {
return nil, fmt.Errorf("can't initial GeoSite: %w", err)
}
}
for _, country := range countries {
found := false

View file

@ -50,23 +50,6 @@ func initMMDB() error {
return nil
}
//func downloadGeoIP(path string) (err error) {
// resp, err := http.Get("https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat")
// if err != nil {
// return
// }
// defer resp.Body.Close()
//
// f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, 0644)
// if err != nil {
// return err
// }
// defer f.Close()
// _, err = io.Copy(f, resp.Body)
//
// return err
//}
func downloadGeoSite(path string) (err error) {
resp, err := http.Get("https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat")
if err != nil {
@ -84,22 +67,9 @@ func downloadGeoSite(path string) (err error) {
return err
}
//
//func initGeoIP() error {
// if _, err := os.Stat(C.Path.GeoIP()); os.IsNotExist(err) {
// log.Infoln("Can't find GeoIP.dat, start download")
// if err := downloadGeoIP(C.Path.GeoIP()); err != nil {
// return fmt.Errorf("can't download GeoIP.dat: %s", err.Error())
// }
// log.Infoln("Download GeoIP.dat finish")
// }
//
// return nil
//}
func initGeoSite() error {
if _, err := os.Stat(C.Path.GeoSite()); os.IsNotExist(err) {
log.Infoln("Can't find GeoSite.dat, start download")
log.Infoln("Need GeoSite but can't find GeoSite.dat, start download")
if err := downloadGeoSite(C.Path.GeoSite()); err != nil {
return fmt.Errorf("can't download GeoSite.dat: %s", err.Error())
}
@ -139,9 +109,5 @@ func Init(dir string) error {
return fmt.Errorf("can't initial MMDB: %w", err)
}
// initial GeoSite
if err := initGeoSite(); err != nil {
return fmt.Errorf("can't initial GeoSite: %w", err)
}
return nil
}

View file

@ -13,7 +13,7 @@ import (
const (
Direct AdapterType = iota
Reject
Compatible
Shadowsocks
ShadowsocksR
Snell
@ -33,6 +33,7 @@ const (
const (
DefaultTCPTimeout = 5 * time.Second
DefaultUDPTimeout = DefaultTCPTimeout
DefaultTLSTimeout = DefaultTCPTimeout
)
type Connection interface {
@ -128,7 +129,8 @@ func (at AdapterType) String() string {
return "Direct"
case Reject:
return "Reject"
case Compatible:
return "Compatible"
case Shadowsocks:
return "Shadowsocks"
case ShadowsocksR:

View file

@ -24,6 +24,7 @@ const (
REDIR
TPROXY
TUN
INNER
)
type NetWork int
@ -59,6 +60,8 @@ func (t Type) String() string {
return "TProxy"
case TUN:
return "Tun"
case INNER:
return "Inner"
default:
return "Unknown"
}
@ -94,6 +97,10 @@ func (m *Metadata) SourceDetail() string {
if m.Process != "" {
return fmt.Sprintf("%s(%s)", m.SourceAddress(), m.Process)
} else {
if m.Type == INNER {
return fmt.Sprintf("[Clash]")
}
return fmt.Sprintf("%s", m.SourceAddress())
}
}

View file

@ -14,7 +14,12 @@ const (
Process
Script
RuleSet
Network
Combination
MATCH
AND
OR
NOT
)
type RuleType int
@ -47,6 +52,14 @@ func (rt RuleType) String() string {
return "Match"
case RuleSet:
return "RuleSet"
case Network:
return "Network"
case AND:
return "AND"
case OR:
return "OR"
case NOT:
return "NOT"
default:
return "Unknown"
}

View file

@ -5,4 +5,5 @@ var (
Version = "1.9.0"
BuildTime = "unknown time"
AutoIptables string
ClashName = "Clash.Meta"
)

View file

@ -60,6 +60,10 @@ func ReCreateServer(addr string, resolver *Resolver, mapper *ResolverEnhancer) {
address = ""
}
if addr == "" {
return
}
var err error
defer func() {
if err != nil {

View file

@ -2,7 +2,6 @@ package executor
import (
"fmt"
"github.com/Dreamacro/clash/listener/tproxy"
"net"
"os"
"runtime"
@ -10,6 +9,8 @@ import (
"strings"
"sync"
"github.com/Dreamacro/clash/listener/tproxy"
"github.com/Dreamacro/clash/adapter"
"github.com/Dreamacro/clash/adapter/outboundgroup"
"github.com/Dreamacro/clash/component/auth"
@ -74,15 +75,17 @@ func ApplyConfig(cfg *config.Config, force bool) {
defer mux.Unlock()
updateUsers(cfg.Users)
updateHosts(cfg.Hosts)
updateProxies(cfg.Proxies, cfg.Providers)
updateRules(cfg.Rules, cfg.RuleProviders)
updateHosts(cfg.Hosts)
updateProfile(cfg)
updateIPTables(cfg.DNS, cfg.General, cfg.Tun)
updateDNS(cfg.DNS, cfg.Tun)
updateGeneral(cfg.General, cfg.Tun, force)
updateTun(cfg.Tun)
updateExperimental(cfg)
loadProvider(cfg.RuleProviders, cfg.Providers)
updateProfile(cfg)
}
func GetGeneral() *config.General {
@ -175,6 +178,38 @@ func updateRules(rules []C.Rule, ruleProviders map[string]*provider.RuleProvider
tunnel.UpdateRules(rules, ruleProviders)
}
func loadProvider(ruleProviders map[string]*provider.RuleProvider, proxyProviders map[string]provider.ProxyProvider) {
load := func(pv provider.Provider) {
if pv.VehicleType() == provider.Compatible {
log.Infoln("Start initial compatible provider %s", pv.Name())
} else {
log.Infoln("Start initial provider %s", (pv).Name())
}
if err := (pv).Initial(); err != nil {
switch pv.Type() {
case provider.Proxy:
{
log.Warnln("initial proxy provider %s error: %v", (pv).Name(), err)
}
case provider.Rule:
{
log.Warnln("initial rule provider %s error: %v", (pv).Name(), err)
}
}
}
}
for _, proxyProvider := range proxyProviders {
load(proxyProvider)
}
for _, ruleProvider := range ruleProviders {
load(*ruleProvider)
}
}
func updateGeneral(general *config.General, Tun *config.Tun, force bool) {
tunnel.SetMode(general.Mode)
resolver.DisableIPv6 = !general.IPv6

16
hub/route/script.go Normal file
View file

@ -0,0 +1,16 @@
package route
import (
"github.com/go-chi/chi/v5"
"net/http"
)
func scriptRouter() http.Handler {
r := chi.NewRouter()
r.Get("/", getScript)
return r
}
func getScript(writer http.ResponseWriter, request *http.Request) {
writer.WriteHeader(http.StatusMethodNotAllowed)
}

View file

@ -72,6 +72,7 @@ func Start(addr string, secret string) {
r.Mount("/connections", connectionRouter())
r.Mount("/providers/proxies", proxyProviderRouter())
r.Mount("/providers/rules", ruleProviderRouter())
r.Mount("/script", scriptRouter())
})
if uiPath != "" {

20
listener/inner/tcp.go Normal file
View file

@ -0,0 +1,20 @@
package inner
import (
"github.com/Dreamacro/clash/adapter/inbound"
C "github.com/Dreamacro/clash/constant"
"net"
)
var tcpIn chan<- C.ConnContext
func New(in chan<- C.ConnContext) {
tcpIn = in
}
func HandleTcp(dst string, host string) net.Conn {
conn1, conn2 := net.Pipe()
context := inbound.NewInner(conn2, dst, host)
tcpIn <- context
return conn1
}

View file

@ -2,6 +2,7 @@ package proxy
import (
"fmt"
"github.com/Dreamacro/clash/listener/inner"
"net"
"runtime"
"strconv"
@ -124,6 +125,7 @@ func ReCreateSocks(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P
log.Errorln("Start SOCKS server error: %s", err.Error())
}
}()
inner.New(tcpIn)
addr := genAddr(bindAddress, port, allowLan)

View file

@ -1,13 +1,5 @@
package dev
import (
"bytes"
"os/exec"
"runtime"
"github.com/Dreamacro/clash/log"
)
// TunDevice is cross-platform tun interface
type TunDevice interface {
Name() string
@ -18,54 +10,3 @@ type TunDevice interface {
Read(buff []byte) (int, error)
Write(buff []byte) (int, error)
}
func SetLinuxAutoRoute() {
log.Infoln("Tun adapter auto setting global route")
addLinuxSystemRoute("0")
//addLinuxSystemRoute("1")
//addLinuxSystemRoute("2/7")
//addLinuxSystemRoute("4/6")
//addLinuxSystemRoute("8/5")
//addLinuxSystemRoute("16/4")
//addLinuxSystemRoute("32/3")
//addLinuxSystemRoute("64/2")
//addLinuxSystemRoute("128.0/1")
//addLinuxSystemRoute("198.18.0/16")
}
func RemoveLinuxAutoRoute() {
log.Infoln("Tun adapter removing global route")
delLinuxSystemRoute("0")
//delLinuxSystemRoute("1")
//delLinuxSystemRoute("2/7")
//delLinuxSystemRoute("4/6")
//delLinuxSystemRoute("8/5")
//delLinuxSystemRoute("16/4")
//delLinuxSystemRoute("32/3")
//delLinuxSystemRoute("64/2")
//delLinuxSystemRoute("128.0/1")
//delLinuxSystemRoute("198.18.0/16")
}
func addLinuxSystemRoute(net string) {
if runtime.GOOS != "darwin" && runtime.GOOS != "linux" {
return
}
cmd := exec.Command("route", "add", "-net", net, "meta")
var stderr bytes.Buffer
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
log.Errorln("[auto route] Failed to add system route: %s: %s , cmd: %s", err.Error(), stderr.String(), cmd.String())
}
}
func delLinuxSystemRoute(net string) {
if runtime.GOOS != "darwin" && runtime.GOOS != "linux" {
return
}
cmd := exec.Command("route", "delete", "-net", net, "meta")
_ = cmd.Run()
//if err := cmd.Run(); err != nil {
// log.Errorln("[auto route]Failed to delete system route: %s, cmd: %s", err.Error(), cmd.String())
//}
}

View file

@ -5,11 +5,13 @@ package dev
import (
"bytes"
"errors"
"fmt"
"github.com/Dreamacro/clash/log"
"net"
"os"
"os/exec"
"regexp"
"strings"
"sync"
"syscall"
"unsafe"
@ -176,7 +178,7 @@ func OpenTunDevice(tunAddress string, autoRoute bool) (TunDevice, error) {
}
if autoRoute {
SetLinuxAutoRoute()
setAutoRoute(tunAddress)
}
return tun, nil
@ -280,7 +282,7 @@ func (t *tunDarwin) IsClose() bool {
func (t *tunDarwin) Close() error {
t.stopOnce.Do(func() {
if t.autoRoute {
RemoveLinuxAutoRoute()
resetAutoRoute(t.tunAddress)
}
t.closed = true
t.tunFile.Close()
@ -480,15 +482,60 @@ func (t *tunDarwin) attachLinkLocal() error {
// GetAutoDetectInterface get ethernet interface
func GetAutoDetectInterface() (string, error) {
cmd := exec.Command("bash", "-c", "netstat -rnf inet | grep 'default' | awk -F ' ' 'NR==1{print $6}' | xargs echo -n")
var out bytes.Buffer
cmd.Stdout = &out
err := cmd.Run()
if err != nil {
cmd := exec.Command("route", "-n", "get", "default")
if result, err := cmd.Output(); err != nil {
return "", err
} else {
resultString := string(result)
reg, err := regexp.Compile("(interface:)(.*)")
if err != nil {
return "", err
}
matchResult := reg.FindStringSubmatch(resultString)
interfaceName := strings.TrimSpace(matchResult[len(matchResult)-1])
return interfaceName, nil
}
}
func setAutoRoute(tunGateway string) {
addRoute("1", tunGateway)
addRoute("2/7", tunGateway)
addRoute("4/6", tunGateway)
addRoute("8/5", tunGateway)
addRoute("16/4", tunGateway)
addRoute("32/3", tunGateway)
addRoute("64/2", tunGateway)
addRoute("128.0/1", tunGateway)
addRoute("198.18.0/16", tunGateway)
}
func resetAutoRoute(tunGateway string) {
delRoute("1", tunGateway)
delRoute("2/7", tunGateway)
delRoute("4/6", tunGateway)
delRoute("8/5", tunGateway)
delRoute("16/4", tunGateway)
delRoute("32/3", tunGateway)
delRoute("64/2", tunGateway)
delRoute("128.0/1", tunGateway)
delRoute("198.18.0/16", tunGateway)
}
func addRoute(net, name string) {
cmd := exec.Command("route", "add", "-net", net, name)
var stderr bytes.Buffer
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
log.Errorln("[auto route] Failed to add system route: %s: %s , cmd: %s", err.Error(), stderr.String(), cmd.String())
}
}
func delRoute(net, name string) {
cmd := exec.Command("route", "delete", "-net", net, name)
var stderr bytes.Buffer
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
log.Errorln("[auto route] Failed to delete system route: %s: %s , cmd: %s", err.Error(), stderr.String(), cmd.String())
}
if out.Len() == 0 {
return "", errors.New("interface not found by default route")
}
return out.String(), nil
}

View file

@ -7,6 +7,7 @@ import (
"bytes"
"errors"
"fmt"
"github.com/Dreamacro/clash/log"
"net/url"
"os"
"os/exec"
@ -38,7 +39,7 @@ type tunLinux struct {
// OpenTunDevice return a TunDevice according a URL
func OpenTunDevice(tunAddress string, autoRoute bool) (TunDevice, error) {
deviceURL, _ := url.Parse("dev://meta")
deviceURL, _ := url.Parse("dev://utun")
mtu, _ := strconv.ParseInt(deviceURL.Query().Get("mtu"), 0, 32)
t := &tunLinux{
@ -62,8 +63,9 @@ func OpenTunDevice(tunAddress string, autoRoute bool) (TunDevice, error) {
}
if autoRoute {
SetLinuxAutoRoute()
addRoute(tunAddress)
}
return dev, nil
case "fd":
fd, err := strconv.ParseInt(deviceURL.Host, 10, 32)
@ -76,7 +78,7 @@ func OpenTunDevice(tunAddress string, autoRoute bool) (TunDevice, error) {
return nil, err
}
if autoRoute {
SetLinuxAutoRoute()
log.Warnln("linux unsupported automatic route")
}
return dev, nil
}
@ -105,9 +107,6 @@ func (t *tunLinux) IsClose() bool {
func (t *tunLinux) Close() error {
t.stopOnce.Do(func() {
if t.autoRoute {
RemoveLinuxAutoRoute()
}
t.closed = true
t.tunFile.Close()
})
@ -330,3 +329,21 @@ func GetAutoDetectInterface() (string, error) {
}
return out.String(), nil
}
func addRoute(gateway string) {
cmd := exec.Command("route", "add", "default", "gw", gateway)
var stderr bytes.Buffer
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
log.Errorln("[auto route] Failed to add system route: %s: %s , cmd: %s", err.Error(), stderr.String(), cmd.String())
}
}
func delRoute(gateway string) {
cmd := exec.Command("ip", "route", "delete", "gw")
var stderr bytes.Buffer
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
log.Errorln("[auto route] Failed to delete system route: %s: %s , cmd: %s", err.Error(), stderr.String(), cmd.String())
}
}

View file

@ -34,10 +34,10 @@ import (
const nicID tcpip.NICID = 1
type gvisorAdapter struct {
device dev.TunDevice
ipstack *stack.Stack
dnsServers []*DNSServer
udpIn chan<- *inbound.PacketAdapter
device dev.TunDevice
ipstack *stack.Stack
dnsServer *DNSServer
udpIn chan<- *inbound.PacketAdapter
stackName string
autoRoute bool
@ -47,7 +47,7 @@ type gvisorAdapter struct {
writeHandle *channel.NotificationHandle
}
// GvisorAdapter create GvisorAdapter
// NewAdapter GvisorAdapter create GvisorAdapter
func NewAdapter(device dev.TunDevice, conf config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.TunAdapter, error) {
ipstack := stack.New(stack.Options{
NetworkProtocols: []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
@ -132,7 +132,7 @@ func (t *gvisorAdapter) AutoRoute() bool {
// Close close the TunAdapter
func (t *gvisorAdapter) Close() {
t.StopAllDNSServer()
t.StopDNSServer()
if t.ipstack != nil {
t.ipstack.Close()
}

View file

@ -2,13 +2,14 @@ package gvisor
import (
"fmt"
"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
"net"
Common "github.com/Dreamacro/clash/common/net"
"github.com/Dreamacro/clash/dns"
"github.com/Dreamacro/clash/log"
D "github.com/miekg/dns"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
"gvisor.dev/gvisor/pkg/tcpip/buffer"
"gvisor.dev/gvisor/pkg/tcpip/header"
"gvisor.dev/gvisor/pkg/tcpip/network/ipv4"
@ -23,15 +24,33 @@ var (
ipv6Zero = tcpip.Address(net.IPv6zero.To16())
)
type ListenerWrap struct {
net.Listener
listener net.Listener
}
func (l *ListenerWrap) Accept() (conn net.Conn, err error) {
conn, err = l.listener.Accept()
log.Debugln("[DNS] hijack tcp:%s", l.Addr())
return
}
func (l *ListenerWrap) Close() error {
return l.listener.Close()
}
func (l *ListenerWrap) Addr() net.Addr {
return l.listener.Addr()
}
// DNSServer is DNS Server listening on tun devcice
type DNSServer struct {
*dns.Server
resolver *dns.Resolver
stack *stack.Stack
tcpListener net.Listener
udpEndpoint *dnsEndpoint
udpEndpointID *stack.TransportEndpointID
dnsServers []*dns.Server
tcpListeners []net.Listener
resolver *dns.Resolver
stack *stack.Stack
udpEndpoints []*dnsEndpoint
udpEndpointIDs []*stack.TransportEndpointID
tcpip.NICID
}
@ -66,6 +85,7 @@ func (e *dnsEndpoint) HandlePacket(id stack.TransportEndpointID, pkt *stack.Pack
var msg D.Msg
msg.Unpack(pkt.Data().AsRange().ToOwnedView())
writer := dnsResponseWriter{s: e.stack, pkt: pkt, id: id}
log.Debugln("[DNS] hijack udp:%s:%d", id.LocalAddress.String(), id.LocalPort)
go e.server.ServeDNS(&writer, &msg)
}
@ -129,167 +149,276 @@ func (w *dnsResponseWriter) Close() error {
}
// CreateDNSServer create a dns server on given netstack
func CreateDNSServer(s *stack.Stack, resolver *dns.Resolver, mapper *dns.ResolverEnhancer, ip net.IP, port int, nicID tcpip.NICID) (*DNSServer, error) {
var v4 bool
func CreateDNSServer(s *stack.Stack, resolver *dns.Resolver, mapper *dns.ResolverEnhancer, dnsHijack []net.Addr, nicID tcpip.NICID) (*DNSServer, error) {
var err error
address := tcpip.FullAddress{NIC: nicID, Port: uint16(port)}
var protocol tcpip.NetworkProtocolNumber
if ip.To4() != nil {
v4 = true
address.Addr = tcpip.Address(ip.To4())
protocol = ipv4.ProtocolNumber
} else {
v4 = false
address.Addr = tcpip.Address(ip.To16())
protocol = ipv6.ProtocolNumber
}
protocolAddr := tcpip.ProtocolAddress{
Protocol: protocol,
AddressWithPrefix: address.Addr.WithPrefix(),
}
// netstack will only reassemble IP fragments when its' dest ip address is registered in NIC.endpoints
if err := s.AddProtocolAddress(nicID, protocolAddr, stack.AddressProperties{}); err != nil {
log.Errorln("AddProtocolAddress(%d, %+v, {}): %s", nicID, protocolAddr, err)
}
if address.Addr == ipv4Zero || address.Addr == ipv6Zero {
address.Addr = ""
}
handler := dns.NewHandler(resolver, mapper)
serverIn := &dns.Server{}
serverIn.SetHandler(handler)
// UDP DNS
id := &stack.TransportEndpointID{
LocalAddress: address.Addr,
LocalPort: uint16(port),
RemotePort: 0,
RemoteAddress: "",
}
// TransportEndpoint for DNS
endpoint := &dnsEndpoint{
stack: s,
uniqueID: s.UniqueID(),
server: serverIn,
}
if tcpiperr := s.RegisterTransportEndpoint(
[]tcpip.NetworkProtocolNumber{
ipv4.ProtocolNumber,
ipv6.ProtocolNumber,
},
udp.ProtocolNumber,
*id,
endpoint,
ports.Flags{LoadBalanced: true}, // it's actually the SO_REUSEPORT. Not sure it take effect.
nicID); tcpiperr != nil {
log.Errorln("Unable to start UDP DNS on tun: %v", tcpiperr.String())
}
// TCP DNS
var tcpListener net.Listener
if v4 {
tcpListener, err = gonet.ListenTCP(s, address, ipv4.ProtocolNumber)
} else {
tcpListener, err = gonet.ListenTCP(s, address, ipv6.ProtocolNumber)
}
if err != nil {
return nil, fmt.Errorf("can not listen on tun: %v", err)
tcpDnsArr := make([]net.TCPAddr, 0, len(dnsHijack))
udpDnsArr := make([]net.UDPAddr, 0, len(dnsHijack))
for _, d := range dnsHijack {
switch d.(type) {
case *net.TCPAddr:
{
tcpDnsArr = append(tcpDnsArr, *d.(*net.TCPAddr))
break
}
case *net.UDPAddr:
{
udpDnsArr = append(udpDnsArr, *d.(*net.UDPAddr))
break
}
}
}
endpoints, ids := hijackUdpDns(udpDnsArr, s, serverIn)
tcpListeners, dnsServers := hijackTcpDns(tcpDnsArr, s, serverIn)
server := &DNSServer{
Server: serverIn,
resolver: resolver,
stack: s,
tcpListener: tcpListener,
udpEndpoint: endpoint,
udpEndpointID: id,
NICID: nicID,
resolver: resolver,
stack: s,
udpEndpoints: endpoints,
udpEndpointIDs: ids,
NICID: nicID,
tcpListeners: tcpListeners,
}
server.SetHandler(handler)
server.Server.Server = &D.Server{Listener: tcpListener, Handler: server}
go func() {
server.ActivateAndServe()
}()
server.dnsServers = dnsServers
return server, err
}
func hijackUdpDns(dnsArr []net.UDPAddr, s *stack.Stack, serverIn *dns.Server) ([]*dnsEndpoint, []*stack.TransportEndpointID) {
endpoints := make([]*dnsEndpoint, len(dnsArr))
ids := make([]*stack.TransportEndpointID, len(dnsArr))
for i, dns := range dnsArr {
port := dns.Port
ip := dns.IP
address := tcpip.FullAddress{NIC: nicID, Port: uint16(port)}
var protocol tcpip.NetworkProtocolNumber
if ip.To4() != nil {
address.Addr = tcpip.Address(ip.To4())
protocol = ipv4.ProtocolNumber
} else {
address.Addr = tcpip.Address(ip.To16())
protocol = ipv6.ProtocolNumber
}
protocolAddr := tcpip.ProtocolAddress{
Protocol: protocol,
AddressWithPrefix: address.Addr.WithPrefix(),
}
// netstack will only reassemble IP fragments when its' dest ip address is registered in NIC.endpoints
if err := s.AddProtocolAddress(nicID, protocolAddr, stack.AddressProperties{}); err != nil {
log.Errorln("AddProtocolAddress(%d, %+v, {}): %s", nicID, protocolAddr, err)
}
if address.Addr == ipv4Zero || address.Addr == ipv6Zero {
address.Addr = ""
}
// UDP DNS
id := &stack.TransportEndpointID{
LocalAddress: address.Addr,
LocalPort: uint16(port),
RemotePort: 0,
RemoteAddress: "",
}
// TransportEndpoint for DNS
endpoint := &dnsEndpoint{
stack: s,
uniqueID: s.UniqueID(),
server: serverIn,
}
if tcpiperr := s.RegisterTransportEndpoint(
[]tcpip.NetworkProtocolNumber{
ipv4.ProtocolNumber,
ipv6.ProtocolNumber,
},
udp.ProtocolNumber,
*id,
endpoint,
ports.Flags{LoadBalanced: true}, // it's actually the SO_REUSEPORT. Not sure it take effect.
nicID); tcpiperr != nil {
log.Errorln("Unable to start UDP DNS on tun: %v", tcpiperr.String())
}
ids[i] = id
endpoints[i] = endpoint
}
return endpoints, ids
}
func hijackTcpDns(dnsArr []net.TCPAddr, s *stack.Stack, serverIn *dns.Server) ([]net.Listener, []*dns.Server) {
tcpListeners := make([]net.Listener, len(dnsArr))
dnsServers := make([]*dns.Server, len(dnsArr))
for i, dnsAddr := range dnsArr {
var tcpListener net.Listener
var v4 bool
var err error
port := dnsAddr.Port
ip := dnsAddr.IP
address := tcpip.FullAddress{NIC: nicID, Port: uint16(port)}
if ip.To4() != nil {
address.Addr = tcpip.Address(ip.To4())
v4 = true
} else {
address.Addr = tcpip.Address(ip.To16())
v4 = false
}
if v4 {
tcpListener, err = gonet.ListenTCP(s, address, ipv4.ProtocolNumber)
} else {
tcpListener, err = gonet.ListenTCP(s, address, ipv6.ProtocolNumber)
}
if err != nil {
log.Errorln("can not listen on tun: %v, hijack tcp[%s] failed", err, dnsAddr)
} else {
tcpListeners[i] = tcpListener
server := &D.Server{Listener: &ListenerWrap{
listener: tcpListener,
}, Handler: serverIn}
dnsServer := dns.Server{}
dnsServer.Server = server
go dnsServer.ActivateAndServe()
dnsServers[i] = &dnsServer
}
}
//
//for _, listener := range tcpListeners {
// server := &D.Server{Listener: listener, Handler: serverIn}
//
// dnsServers = append(dnsServers, &dnsServer)
// go dnsServer.ActivateAndServe()
//}
return tcpListeners, dnsServers
}
// Stop stop the DNS Server on tun
func (s *DNSServer) Stop() {
// shutdown TCP DNS Server
s.Server.Shutdown()
// remove TCP endpoint from stack
if s.Listener != nil {
s.Listener.Close()
if s == nil {
return
}
for i := 0; i < len(s.udpEndpointIDs); i++ {
ep := s.udpEndpoints[i]
id := s.udpEndpointIDs[i]
// remove udp endpoint from stack
s.stack.UnregisterTransportEndpoint(
[]tcpip.NetworkProtocolNumber{
ipv4.ProtocolNumber,
ipv6.ProtocolNumber,
},
udp.ProtocolNumber,
*id,
ep,
ports.Flags{LoadBalanced: true}, // should match the RegisterTransportEndpoint
s.NICID)
}
for _, server := range s.dnsServers {
server.Shutdown()
}
for _, listener := range s.tcpListeners {
listener.Close()
}
// remove udp endpoint from stack
s.stack.UnregisterTransportEndpoint(
[]tcpip.NetworkProtocolNumber{
ipv4.ProtocolNumber,
ipv6.ProtocolNumber,
},
udp.ProtocolNumber,
*s.udpEndpointID,
s.udpEndpoint,
ports.Flags{LoadBalanced: true}, // should match the RegisterTransportEndpoint
s.NICID)
}
// DnsHijack return the listening address of DNS Server
func (t *gvisorAdapter) DnsHijack() []string {
results := make([]string, len(t.dnsServers))
for i, dnsServer := range t.dnsServers {
id := dnsServer.udpEndpointID
results[i] = fmt.Sprintf("%s:%d", id.LocalAddress.String(), id.LocalPort)
dnsHijackArr := make([]string, len(t.dnsServer.udpEndpoints))
for _, id := range t.dnsServer.udpEndpointIDs {
dnsHijackArr = append(dnsHijackArr, fmt.Sprintf("%s:%d", id.LocalAddress.String(), id.LocalPort))
}
return results
return dnsHijackArr
}
func (t *gvisorAdapter) StopAllDNSServer() {
for _, dnsServer := range t.dnsServers {
dnsServer.Stop()
}
func (t *gvisorAdapter) StopDNSServer() {
t.dnsServer.Stop()
log.Debugln("tun DNS server stoped")
t.dnsServers = nil
t.dnsServer = nil
}
// ReCreateDNSServer recreate the DNS Server on tun
func (t *gvisorAdapter) ReCreateDNSServer(resolver *dns.Resolver, mapper *dns.ResolverEnhancer, addrs []string) error {
t.StopAllDNSServer()
func (t *gvisorAdapter) ReCreateDNSServer(resolver *dns.Resolver, mapper *dns.ResolverEnhancer, dnsHijackArr []string) error {
t.StopDNSServer()
if resolver == nil {
return fmt.Errorf("failed to create DNS server on tun: resolver not provided")
}
if len(addrs) == 0 {
if len(dnsHijackArr) == 0 {
return fmt.Errorf("failed to create DNS server on tun: len(addrs) == 0")
}
for _, addr := range addrs {
var err error
_, port, err := net.SplitHostPort(addr)
if port == "0" || port == "" || err != nil {
return nil
}
var err error
var addrs []net.Addr
for _, addr := range dnsHijackArr {
var (
addrType string
hostPort string
)
udpAddr, err := net.ResolveUDPAddr("udp", addr)
addrType, hostPort, err = Common.SplitNetworkType(addr)
if err != nil {
return err
}
server, err := CreateDNSServer(t.ipstack, resolver, mapper, udpAddr.IP, udpAddr.Port, nicID)
if err != nil {
return err
var (
host, port string
hasPort bool
)
host, port, hasPort, err = Common.SplitHostPort(hostPort)
if !hasPort {
port = "53"
}
t.dnsServers = append(t.dnsServers, server)
log.Infoln("Tun DNS server listening at: %s, fake ip enabled: %v", addr, mapper.FakeIPEnabled())
switch addrType {
case "udp", "":
{
var udpDNS *net.UDPAddr
udpDNS, err = net.ResolveUDPAddr("udp", net.JoinHostPort(host, port))
if err != nil {
return err
}
addrs = append(addrs, udpDNS)
break
}
case "tcp":
{
var tcpDNS *net.TCPAddr
tcpDNS, err = net.ResolveTCPAddr("tcp", net.JoinHostPort(host, port))
if err != nil {
return err
}
addrs = append(addrs, tcpDNS)
break
}
default:
err = fmt.Errorf("unspported dns scheme:%s", addrType)
}
}
server, err := CreateDNSServer(t.ipstack, resolver, mapper, addrs, nicID)
if err != nil {
return err
}
t.dnsServer = server
return nil
}

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"errors"
@ -22,7 +22,7 @@ func HasNoResolve(params []string) bool {
return false
}
func findNetwork(params []string) C.NetWork {
func FindNetwork(params []string) C.NetWork {
for _, p := range params {
if p == "tcp" {
return C.TCP
@ -33,7 +33,7 @@ func findNetwork(params []string) C.NetWork {
return C.ALLNet
}
func findSourceIPs(params []string) []*net.IPNet {
func FindSourceIPs(params []string) []*net.IPNet {
var ips []*net.IPNet
for _, p := range params {
if p == noResolve || len(p) < 7 {

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"strings"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"strings"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"strings"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
C "github.com/Dreamacro/clash/constant"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"strings"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"fmt"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"net"

View file

@ -0,0 +1,53 @@
package common
import (
"fmt"
C "github.com/Dreamacro/clash/constant"
"strings"
)
type NetworkType struct {
network C.NetWork
adapter string
}
func NewNetworkType(network, adapter string) (*NetworkType, error) {
ntType := new(NetworkType)
ntType.adapter = adapter
switch strings.ToUpper(network) {
case "TCP":
ntType.network = C.TCP
break
case "UDP":
ntType.network = C.UDP
break
default:
return nil, fmt.Errorf("unsupported network type, only TCP/UDP")
}
return ntType, nil
}
func (n *NetworkType) RuleType() C.RuleType {
return C.Network
}
func (n *NetworkType) Match(metadata *C.Metadata) bool {
return n.network == metadata.NetWork
}
func (n *NetworkType) Adapter() string {
return n.adapter
}
func (n *NetworkType) Payload() string {
return n.network.String()
}
func (n *NetworkType) ShouldResolveIP() bool {
return false
}
func (n *NetworkType) RuleExtra() *C.RuleExtra {
return nil
}

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"fmt"

View file

@ -1,4 +1,4 @@
package rules
package common
import (
"fmt"
@ -35,26 +35,28 @@ func (ps *Process) Match(metadata *C.Metadata) bool {
}
key := fmt.Sprintf("%s:%s:%s", metadata.NetWork.String(), metadata.SrcIP.String(), metadata.SrcPort)
cached, hit := processCache.Get(key)
if !hit {
srcPort, err := strconv.Atoi(metadata.SrcPort)
if err != nil {
processCache.Set(key, "")
return false
if strings.TrimSpace(metadata.Process) == "" {
cached, hit := processCache.Get(key)
if !hit {
srcPort, err := strconv.Atoi(metadata.SrcPort)
if err != nil {
processCache.Set(key, "")
return false
}
name, err := process.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
if err != nil {
log.Debugln("[Rule] find process name %s error: %s", C.Process.String(), err.Error())
}
processCache.Set(key, name)
cached = name
}
name, err := process.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
if err != nil {
log.Debugln("[Rule] find process name %s error: %s", C.Process.String(), err.Error())
}
processCache.Set(key, name)
cached = name
metadata.Process = cached.(string)
}
metadata.Process = cached.(string)
return strings.EqualFold(metadata.Process, ps.process)
}

58
rule/logic/and.go Normal file
View file

@ -0,0 +1,58 @@
package logic
import C "github.com/Dreamacro/clash/constant"
type AND struct {
rules []C.Rule
payload string
adapter string
needIP bool
}
func NewAND(payload string, adapter string) (*AND, error) {
and := &AND{payload: payload, adapter: adapter}
rules, err := parseRuleByPayload(payload)
if err != nil {
return nil, err
}
and.rules = rules
for _, rule := range rules {
if rule.ShouldResolveIP() {
and.needIP = true
break
}
}
return and, nil
}
func (A *AND) RuleType() C.RuleType {
return C.AND
}
func (A *AND) Match(metadata *C.Metadata) bool {
for _, rule := range A.rules {
if !rule.Match(metadata) {
return false
}
}
return true
}
func (A *AND) Adapter() string {
return A.adapter
}
func (A *AND) Payload() string {
return A.payload
}
func (A *AND) ShouldResolveIP() bool {
return A.needIP
}
func (A *AND) RuleExtra() *C.RuleExtra {
return nil
}

168
rule/logic/common.go Normal file
View file

@ -0,0 +1,168 @@
package logic
import (
"fmt"
"github.com/Dreamacro/clash/common/collections"
C "github.com/Dreamacro/clash/constant"
RC "github.com/Dreamacro/clash/rule/common"
"github.com/Dreamacro/clash/rule/provider"
"regexp"
"strings"
)
func parseRuleByPayload(payload string) ([]C.Rule, error) {
regex, err := regexp.Compile("\\(.*\\)")
if err != nil {
return nil, err
}
if regex.MatchString(payload) {
subAllRanges, err := format(payload)
if err != nil {
return nil, err
}
rules := make([]C.Rule, 0, len(subAllRanges))
subRanges := findSubRuleRange(payload, subAllRanges)
for _, subRange := range subRanges {
subPayload := payload[subRange.start+1 : subRange.end]
rule, err := payloadToRule(subPayload)
if err != nil {
return nil, err
}
rules = append(rules, rule)
}
return rules, nil
}
return nil, fmt.Errorf("payload format error")
}
func containRange(r Range, preStart, preEnd int) bool {
return preStart < r.start && preEnd > r.end
}
func payloadToRule(subPayload string) (C.Rule, error) {
splitStr := strings.SplitN(subPayload, ",", 2)
tp := splitStr[0]
payload := splitStr[1]
if tp == "NOT" || tp == "OR" || tp == "AND" {
return parseRule(tp, payload, nil)
}
param := strings.Split(payload, ",")
return parseRule(tp, param[0], param[1:])
}
func parseRule(tp, payload string, params []string) (C.Rule, error) {
var (
parseErr error
parsed C.Rule
)
switch tp {
case "DOMAIN":
parsed = RC.NewDomain(payload, "", nil)
case "DOMAIN-SUFFIX":
parsed = RC.NewDomainSuffix(payload, "", nil)
case "DOMAIN-KEYWORD":
parsed = RC.NewDomainKeyword(payload, "", nil)
case "GEOSITE":
parsed, parseErr = RC.NewGEOSITE(payload, "", nil)
case "GEOIP":
noResolve := RC.HasNoResolve(params)
parsed, parseErr = RC.NewGEOIP(payload, "", noResolve, nil)
case "IP-CIDR", "IP-CIDR6":
noResolve := RC.HasNoResolve(params)
parsed, parseErr = RC.NewIPCIDR(payload, "", nil, RC.WithIPCIDRNoResolve(noResolve))
case "SRC-IP-CIDR":
parsed, parseErr = RC.NewIPCIDR(payload, "", nil, RC.WithIPCIDRSourceIP(true), RC.WithIPCIDRNoResolve(true))
case "SRC-PORT":
parsed, parseErr = RC.NewPort(payload, "", true, nil)
case "DST-PORT":
parsed, parseErr = RC.NewPort(payload, "", false, nil)
case "PROCESS-NAME":
parsed, parseErr = RC.NewProcess(payload, "", nil)
case "RULE-SET":
parsed, parseErr = provider.NewRuleSet(payload, "", nil)
case "NOT":
parsed, parseErr = NewNOT(payload, "")
case "AND":
parsed, parseErr = NewAND(payload, "")
case "OR":
parsed, parseErr = NewOR(payload, "")
case "NETWORK":
parsed, parseErr = RC.NewNetworkType(payload, "")
default:
parseErr = fmt.Errorf("unsupported rule type %s", tp)
}
return parsed, parseErr
}
type Range struct {
start int
end int
index int
}
func format(payload string) ([]Range, error) {
stack := collections.NewStack()
num := 0
subRanges := make([]Range, 0)
for i, c := range payload {
if c == '(' {
sr := Range{
start: i,
index: num,
}
num++
stack.Push(sr)
} else if c == ')' {
sr := stack.Pop().(Range)
sr.end = i
subRanges = append(subRanges, sr)
}
}
if stack.Len() != 0 {
return nil, fmt.Errorf("format error is missing )")
}
sortResult := make([]Range, len(subRanges))
for _, sr := range subRanges {
sortResult[sr.index] = sr
}
return sortResult, nil
}
func findSubRuleRange(payload string, ruleRanges []Range) []Range {
payloadLen := len(payload)
subRuleRange := make([]Range, 0)
for _, rr := range ruleRanges {
if rr.start == 0 && rr.end == payloadLen-1 {
// 最大范围跳过
continue
}
containInSub := false
for _, r := range subRuleRange {
if containRange(rr, r.start, r.end) {
// The subRuleRange contains a range of rr, which is the next level node of the tree
containInSub = true
break
}
}
if !containInSub {
subRuleRange = append(subRuleRange, rr)
}
}
return subRuleRange
}

51
rule/logic/not.go Normal file
View file

@ -0,0 +1,51 @@
package logic
import (
"fmt"
C "github.com/Dreamacro/clash/constant"
)
type NOT struct {
rule C.Rule
payload string
adapter string
}
func NewNOT(payload string, adapter string) (*NOT, error) {
not := &NOT{payload: payload, adapter: adapter}
rule, err := parseRuleByPayload(payload)
if err != nil {
return nil, err
}
if len(rule) < 1 {
return nil, fmt.Errorf("the parsed rule is empty")
}
not.rule = rule[0]
return not, nil
}
func (not *NOT) RuleType() C.RuleType {
return C.NOT
}
func (not *NOT) Match(metadata *C.Metadata) bool {
return !not.rule.Match(metadata)
}
func (not *NOT) Adapter() string {
return not.adapter
}
func (not *NOT) Payload() string {
return not.payload
}
func (not *NOT) ShouldResolveIP() bool {
return not.rule.ShouldResolveIP()
}
func (not *NOT) RuleExtra() *C.RuleExtra {
return nil
}

58
rule/logic/or.go Normal file
View file

@ -0,0 +1,58 @@
package logic
import C "github.com/Dreamacro/clash/constant"
type OR struct {
rules []C.Rule
payload string
adapter string
needIP bool
}
func (or *OR) RuleType() C.RuleType {
return C.OR
}
func (or *OR) Match(metadata *C.Metadata) bool {
for _, rule := range or.rules {
if rule.Match(metadata) {
return true
}
}
return false
}
func (or *OR) Adapter() string {
return or.adapter
}
func (or *OR) Payload() string {
return or.payload
}
func (or *OR) ShouldResolveIP() bool {
return or.needIP
}
func (or *OR) RuleExtra() *C.RuleExtra {
return nil
}
func NewOR(payload string, adapter string) (*OR, error) {
or := &OR{payload: payload, adapter: adapter}
rules, err := parseRuleByPayload(payload)
if err != nil {
return nil, err
}
or.rules = rules
for _, rule := range rules {
if rule.ShouldResolveIP() {
or.needIP = true
break
}
}
return or, nil
}

View file

@ -1,12 +1,11 @@
package rules
package rule
import (
"fmt"
"github.com/Dreamacro/clash/adapter/provider"
"github.com/Dreamacro/clash/common/structure"
C "github.com/Dreamacro/clash/constant"
P "github.com/Dreamacro/clash/constant/provider"
"time"
RC "github.com/Dreamacro/clash/rule/common"
"github.com/Dreamacro/clash/rule/logic"
RP "github.com/Dreamacro/clash/rule/provider"
)
func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
@ -16,81 +15,48 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
)
ruleExtra := &C.RuleExtra{
Network: findNetwork(params),
SourceIPs: findSourceIPs(params),
Network: RC.FindNetwork(params),
SourceIPs: RC.FindSourceIPs(params),
}
switch tp {
case "DOMAIN":
parsed = NewDomain(payload, target, ruleExtra)
parsed = RC.NewDomain(payload, target, ruleExtra)
case "DOMAIN-SUFFIX":
parsed = NewDomainSuffix(payload, target, ruleExtra)
parsed = RC.NewDomainSuffix(payload, target, ruleExtra)
case "DOMAIN-KEYWORD":
parsed = NewDomainKeyword(payload, target, ruleExtra)
parsed = RC.NewDomainKeyword(payload, target, ruleExtra)
case "GEOSITE":
parsed, parseErr = NewGEOSITE(payload, target, ruleExtra)
parsed, parseErr = RC.NewGEOSITE(payload, target, ruleExtra)
case "GEOIP":
noResolve := HasNoResolve(params)
parsed, parseErr = NewGEOIP(payload, target, noResolve, ruleExtra)
noResolve := RC.HasNoResolve(params)
parsed, parseErr = RC.NewGEOIP(payload, target, noResolve, ruleExtra)
case "IP-CIDR", "IP-CIDR6":
noResolve := HasNoResolve(params)
parsed, parseErr = NewIPCIDR(payload, target, ruleExtra, WithIPCIDRNoResolve(noResolve))
noResolve := RC.HasNoResolve(params)
parsed, parseErr = RC.NewIPCIDR(payload, target, ruleExtra, RC.WithIPCIDRNoResolve(noResolve))
case "SRC-IP-CIDR":
parsed, parseErr = NewIPCIDR(payload, target, ruleExtra, WithIPCIDRSourceIP(true), WithIPCIDRNoResolve(true))
parsed, parseErr = RC.NewIPCIDR(payload, target, ruleExtra, RC.WithIPCIDRSourceIP(true), RC.WithIPCIDRNoResolve(true))
case "SRC-PORT":
parsed, parseErr = NewPort(payload, target, true, ruleExtra)
parsed, parseErr = RC.NewPort(payload, target, true, ruleExtra)
case "DST-PORT":
parsed, parseErr = NewPort(payload, target, false, ruleExtra)
parsed, parseErr = RC.NewPort(payload, target, false, ruleExtra)
case "PROCESS-NAME":
parsed, parseErr = NewProcess(payload, target, ruleExtra)
parsed, parseErr = RC.NewProcess(payload, target, ruleExtra)
case "MATCH":
parsed = NewMatch(target, ruleExtra)
parsed = RC.NewMatch(target, ruleExtra)
case "RULE-SET":
parsed, parseErr = NewRuleSet(payload, target, ruleExtra)
parsed, parseErr = RP.NewRuleSet(payload, target, ruleExtra)
case "NETWORK":
parsed, parseErr = RC.NewNetworkType(payload, target)
case "AND":
parsed, parseErr = logic.NewAND(payload, target)
case "OR":
parsed, parseErr = logic.NewOR(payload, target)
case "NOT":
parsed, parseErr = logic.NewNOT(payload, target)
default:
parseErr = fmt.Errorf("unsupported rule type %s", tp)
}
return parsed, parseErr
}
type ruleProviderSchema struct {
Type string `provider:"type"`
Behavior string `provider:"behavior"`
Path string `provider:"path"`
URL string `provider:"url,omitempty"`
Interval int `provider:"interval,omitempty"`
}
func ParseRuleProvider(name string, mapping map[string]interface{}) (P.RuleProvider, error) {
schema := &ruleProviderSchema{}
decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
if err := decoder.Decode(mapping, schema); err != nil {
return nil, err
}
var behavior P.RuleType
switch schema.Behavior {
case "domain":
behavior = P.Domain
case "ipcidr":
behavior = P.IPCIDR
case "classical":
behavior = P.Classical
default:
return nil, fmt.Errorf("unsupported behavior type: %s", schema.Behavior)
}
path := C.Path.Resolve(schema.Path)
var vehicle P.Vehicle
switch schema.Type {
case "file":
vehicle = provider.NewFileVehicle(path)
case "http":
vehicle = provider.NewHTTPVehicle(schema.URL, path)
default:
return nil, fmt.Errorf("unsupported vehicle type: %s", schema.Type)
}
return NewRuleSetProvider(name, behavior, time.Duration(uint(schema.Interval))*time.Second, vehicle), nil
}

View file

@ -1,4 +1,4 @@
package rules
package provider
import (
"bytes"

90
rule/provider/parse.go Normal file
View file

@ -0,0 +1,90 @@
package provider
import (
"fmt"
"github.com/Dreamacro/clash/adapter/provider"
"github.com/Dreamacro/clash/common/structure"
C "github.com/Dreamacro/clash/constant"
P "github.com/Dreamacro/clash/constant/provider"
RC "github.com/Dreamacro/clash/rule/common"
"time"
)
type ruleProviderSchema struct {
Type string `provider:"type"`
Behavior string `provider:"behavior"`
Path string `provider:"path"`
URL string `provider:"url,omitempty"`
Interval int `provider:"interval,omitempty"`
}
func ParseRuleProvider(name string, mapping map[string]interface{}) (P.RuleProvider, error) {
schema := &ruleProviderSchema{}
decoder := structure.NewDecoder(structure.Option{TagName: "provider", WeaklyTypedInput: true})
if err := decoder.Decode(mapping, schema); err != nil {
return nil, err
}
var behavior P.RuleType
switch schema.Behavior {
case "domain":
behavior = P.Domain
case "ipcidr":
behavior = P.IPCIDR
case "classical":
behavior = P.Classical
default:
return nil, fmt.Errorf("unsupported behavior type: %s", schema.Behavior)
}
path := C.Path.Resolve(schema.Path)
var vehicle P.Vehicle
switch schema.Type {
case "file":
vehicle = provider.NewFileVehicle(path)
case "http":
vehicle = provider.NewHTTPVehicle(schema.URL, path)
default:
return nil, fmt.Errorf("unsupported vehicle type: %s", schema.Type)
}
return NewRuleSetProvider(name, behavior, time.Duration(uint(schema.Interval))*time.Second, vehicle), nil
}
func parseRule(tp, payload, target string, params []string) (C.Rule, error) {
var (
parseErr error
parsed C.Rule
)
ruleExtra := &C.RuleExtra{
Network: RC.FindNetwork(params),
SourceIPs: RC.FindSourceIPs(params),
}
switch tp {
case "DOMAIN":
parsed = RC.NewDomain(payload, target, ruleExtra)
case "DOMAIN-SUFFIX":
parsed = RC.NewDomainSuffix(payload, target, ruleExtra)
case "DOMAIN-KEYWORD":
parsed = RC.NewDomainKeyword(payload, target, ruleExtra)
case "GEOSITE":
parsed, parseErr = RC.NewGEOSITE(payload, target, ruleExtra)
case "IP-CIDR", "IP-CIDR6":
noResolve := RC.HasNoResolve(params)
parsed, parseErr = RC.NewIPCIDR(payload, target, ruleExtra, RC.WithIPCIDRNoResolve(noResolve))
case "SRC-IP-CIDR":
parsed, parseErr = RC.NewIPCIDR(payload, target, ruleExtra, RC.WithIPCIDRSourceIP(true), RC.WithIPCIDRNoResolve(true))
case "SRC-PORT":
parsed, parseErr = RC.NewPort(payload, target, true, ruleExtra)
case "DST-PORT":
parsed, parseErr = RC.NewPort(payload, target, false, ruleExtra)
case "PROCESS-NAME":
parsed, parseErr = RC.NewProcess(payload, target, ruleExtra)
default:
parseErr = fmt.Errorf("unsupported rule type %s", tp)
}
return parsed, parseErr
}

View file

@ -1,4 +1,4 @@
package rules
package provider
import (
"encoding/json"
@ -75,6 +75,10 @@ func (rp *ruleSetProvider) Behavior() P.RuleType {
}
func (rp *ruleSetProvider) Match(metadata *C.Metadata) bool {
if rp.count == 0 {
return false
}
switch rp.behavior {
case P.Domain:
return rp.DomainRules.Search(metadata.Host) != nil
@ -201,7 +205,7 @@ func handleClassicalRules(rules []string) (interface{}, error) {
return nil, errors.New("error rule type")
}
r, err := ParseRule(ruleType, rule, "", params)
r, err := parseRule(ruleType, rule, "", params)
if err != nil {
return nil, err
}

View file

@ -1,4 +1,4 @@
package rules
package provider
import (
"fmt"

View file

@ -32,7 +32,7 @@ const (
ImageVmess = "v2fly/v2fly-core:latest"
ImageTrojan = "trojangfw/trojan:latest"
ImageTrojanGo = "p4gefau1t/trojan-go:latest"
ImageSnell = "icpz/snell-server:latest"
ImageSnell = "ghcr.io/icpz/snell-server:latest"
ImageXray = "teddysun/xray:latest"
)

View file

@ -120,6 +120,42 @@ func TestClash_Snell(t *testing.T) {
testSuit(t, proxy)
}
func TestClash_Snellv3(t *testing.T) {
cfg := &container.Config{
Image: ImageSnell,
ExposedPorts: defaultExposedPorts,
Cmd: []string{"-c", "/config.conf"},
}
hostCfg := &container.HostConfig{
PortBindings: defaultPortBindings,
Binds: []string{fmt.Sprintf("%s:/config.conf", C.Path.Resolve("snell.conf"))},
}
id, err := startContainer(cfg, hostCfg, "snell")
if err != nil {
assert.FailNow(t, err.Error())
}
t.Cleanup(func() {
cleanContainer(id)
})
proxy, err := outbound.NewSnell(outbound.SnellOption{
Name: "snell",
Server: localIP.String(),
Port: 10002,
Psk: "password",
UDP: true,
Version: 3,
})
if err != nil {
assert.FailNow(t, err.Error())
}
time.Sleep(waitTime)
testSuit(t, proxy)
}
func Benchmark_Snell(b *testing.B) {
cfg := &container.Config{
Image: ImageSnell,

View file

@ -5,6 +5,7 @@ package gun
import (
"bufio"
"context"
"crypto/tls"
"encoding/binary"
"errors"
@ -17,6 +18,7 @@ import (
"time"
"github.com/Dreamacro/clash/common/pool"
C "github.com/Dreamacro/clash/constant"
"go.uber.org/atomic"
"golang.org/x/net/http2"
@ -173,7 +175,11 @@ func NewHTTP2Client(dialFn DialFn, tlsConfig *tls.Config) *http2.Transport {
}
cn := tls.Client(pconn, cfg)
if err := cn.Handshake(); err != nil {
// fix tls handshake not timeout
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
defer cancel()
if err := cn.HandshakeContext(ctx); err != nil {
pconn.Close()
return nil, err
}

View file

@ -6,8 +6,10 @@ import (
"fmt"
"io"
"net"
"sync"
"github.com/Dreamacro/clash/common/pool"
"github.com/Dreamacro/clash/transport/socks5"
"github.com/Dreamacro/go-shadowsocks2/shadowaead"
)
@ -15,13 +17,19 @@ import (
const (
Version1 = 1
Version2 = 2
Version3 = 3
DefaultSnellVersion = Version1
// max packet length
maxLength = 0x3FFF
)
const (
CommandPing byte = 0
CommandConnect byte = 1
CommandConnectV2 byte = 5
CommandPing byte = 0
CommandConnect byte = 1
CommandConnectV2 byte = 5
CommandUDP byte = 6
CommondUDPForward byte = 1
CommandTunnel byte = 0
CommandPong byte = 1
@ -100,6 +108,16 @@ func WriteHeader(conn net.Conn, host string, port uint, version int) error {
return nil
}
func WriteUDPHeader(conn net.Conn, version int) error {
if version < Version3 {
return errors.New("unsupport UDP version")
}
// version, command, clientID length
_, err := conn.Write([]byte{Version, CommandUDP, 0x00})
return err
}
// HalfClose works only on version2
func HalfClose(conn net.Conn) error {
if _, err := conn.Write(endSignal); err != nil {
@ -114,10 +132,147 @@ func HalfClose(conn net.Conn) error {
func StreamConn(conn net.Conn, psk []byte, version int) *Snell {
var cipher shadowaead.Cipher
if version == Version2 {
if version != Version1 {
cipher = NewAES128GCM(psk)
} else {
cipher = NewChacha20Poly1305(psk)
}
return &Snell{Conn: shadowaead.NewConn(conn, cipher)}
}
func PacketConn(conn net.Conn) net.PacketConn {
return &packetConn{
Conn: conn,
}
}
func writePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
buf := pool.GetBuffer()
defer pool.PutBuffer(buf)
// compose snell UDP address format (refer: icpz/snell-server-reversed)
// a brand new wheel to replace socks5 address format, well done Yachen
buf.WriteByte(CommondUDPForward)
switch socks5Addr[0] {
case socks5.AtypDomainName:
hostLen := socks5Addr[1]
buf.Write(socks5Addr[1 : 1+1+hostLen+2])
case socks5.AtypIPv4:
buf.Write([]byte{0x00, 0x04})
buf.Write(socks5Addr[1 : 1+net.IPv4len+2])
case socks5.AtypIPv6:
buf.Write([]byte{0x00, 0x06})
buf.Write(socks5Addr[1 : 1+net.IPv6len+2])
}
buf.Write(payload)
_, err := w.Write(buf.Bytes())
if err != nil {
return 0, err
}
return len(payload), nil
}
func WritePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
if len(payload) <= maxLength {
return writePacket(w, socks5Addr, payload)
}
offset := 0
total := len(payload)
for {
cursor := offset + maxLength
if cursor > total {
cursor = total
}
n, err := writePacket(w, socks5Addr, payload[offset:cursor])
if err != nil {
return offset + n, err
}
offset = cursor
if offset == total {
break
}
}
return total, nil
}
func ReadPacket(r io.Reader, payload []byte) (net.Addr, int, error) {
buf := pool.Get(pool.UDPBufferSize)
defer pool.Put(buf)
n, err := r.Read(buf)
headLen := 1
if err != nil {
return nil, 0, err
}
if n < headLen {
return nil, 0, errors.New("insufficient UDP length")
}
// parse snell UDP response address format
switch buf[0] {
case 0x04:
headLen += net.IPv4len + 2
if n < headLen {
err = errors.New("insufficient UDP length")
break
}
buf[0] = socks5.AtypIPv4
case 0x06:
headLen += net.IPv6len + 2
if n < headLen {
err = errors.New("insufficient UDP length")
break
}
buf[0] = socks5.AtypIPv6
default:
err = errors.New("ip version invalid")
}
if err != nil {
return nil, 0, err
}
addr := socks5.SplitAddr(buf[0:])
if addr == nil {
return nil, 0, errors.New("remote address invalid")
}
uAddr := addr.UDPAddr()
length := len(payload)
if n-headLen < length {
length = n - headLen
}
copy(payload[:], buf[headLen:headLen+length])
return uAddr, length, nil
}
type packetConn struct {
net.Conn
rMux sync.Mutex
wMux sync.Mutex
}
func (pc *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
pc.wMux.Lock()
defer pc.wMux.Unlock()
return WritePacket(pc, socks5.ParseAddr(addr.String()), b)
}
func (pc *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
pc.rMux.Lock()
defer pc.rMux.Unlock()
addr, n, err := ReadPacket(pc.Conn, b)
if err != nil {
return 0, nil, err
}
return n, addr, nil
}

View file

@ -1,6 +1,7 @@
package trojan
import (
"context"
"crypto/sha256"
"crypto/tls"
"encoding/binary"
@ -12,6 +13,7 @@ import (
"sync"
"github.com/Dreamacro/clash/common/pool"
C "github.com/Dreamacro/clash/constant"
"github.com/Dreamacro/clash/transport/socks5"
"github.com/Dreamacro/clash/transport/vmess"
)
@ -68,7 +70,11 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
}
tlsConn := tls.Client(conn, tlsConfig)
if err := tlsConn.Handshake(); err != nil {
// fix tls handshake not timeout
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
defer cancel()
if err := tlsConn.HandshakeContext(ctx); err != nil {
return nil, err
}

View file

@ -1,8 +1,11 @@
package vmess
import (
"context"
"crypto/tls"
"net"
C "github.com/Dreamacro/clash/constant"
)
type TLSConfig struct {
@ -19,6 +22,10 @@ func StreamTLSConn(conn net.Conn, cfg *TLSConfig) (net.Conn, error) {
}
tlsConn := tls.Client(conn, tlsConfig)
err := tlsConn.Handshake()
// fix tls handshake not timeout
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
defer cancel()
err := tlsConn.HandshakeContext(ctx)
return tlsConn, err
}

View file

@ -3,6 +3,7 @@ package tunnel
import (
"context"
"fmt"
R "github.com/Dreamacro/clash/rule/common"
"net"
"runtime"
"sync"
@ -15,7 +16,6 @@ import (
"github.com/Dreamacro/clash/constant/provider"
icontext "github.com/Dreamacro/clash/context"
"github.com/Dreamacro/clash/log"
R "github.com/Dreamacro/clash/rule"
"github.com/Dreamacro/clash/tunnel/statistic"
)