|
|
|
package router
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"regexp"
|
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"v2ray.com/core/common/net"
|
|
|
|
"v2ray.com/core/common/protocol"
|
|
|
|
"v2ray.com/core/proxy"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Condition interface {
|
|
|
|
Apply(ctx context.Context) bool
|
|
|
|
}
|
|
|
|
|
|
|
|
type ConditionChan []Condition
|
|
|
|
|
|
|
|
func NewConditionChan() *ConditionChan {
|
|
|
|
var condChan ConditionChan = make([]Condition, 0, 8)
|
|
|
|
return &condChan
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *ConditionChan) Add(cond Condition) *ConditionChan {
|
|
|
|
*v = append(*v, cond)
|
|
|
|
return v
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *ConditionChan) Apply(ctx context.Context) bool {
|
|
|
|
for _, cond := range *v {
|
|
|
|
if !cond.Apply(ctx) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *ConditionChan) Len() int {
|
|
|
|
return len(*v)
|
|
|
|
}
|
|
|
|
|
|
|
|
type AnyCondition []Condition
|
|
|
|
|
|
|
|
func NewAnyCondition() *AnyCondition {
|
|
|
|
var anyCond AnyCondition = make([]Condition, 0, 8)
|
|
|
|
return &anyCond
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *AnyCondition) Add(cond Condition) *AnyCondition {
|
|
|
|
*v = append(*v, cond)
|
|
|
|
return v
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *AnyCondition) Apply(ctx context.Context) bool {
|
|
|
|
for _, cond := range *v {
|
|
|
|
if cond.Apply(ctx) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *AnyCondition) Len() int {
|
|
|
|
return len(*v)
|
|
|
|
}
|
|
|
|
|
|
|
|
type timedResult struct {
|
|
|
|
timestamp time.Time
|
|
|
|
result bool
|
|
|
|
}
|
|
|
|
|
|
|
|
type CachableDomainMatcher struct {
|
|
|
|
sync.Mutex
|
|
|
|
matchers []domainMatcher
|
|
|
|
cache map[string]timedResult
|
|
|
|
lastScan time.Time
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewCachableDomainMatcher() *CachableDomainMatcher {
|
|
|
|
return &CachableDomainMatcher{
|
|
|
|
matchers: make([]domainMatcher, 0, 64),
|
|
|
|
cache: make(map[string]timedResult, 512),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *CachableDomainMatcher) Add(domain *Domain) error {
|
|
|
|
switch domain.Type {
|
|
|
|
case Domain_Plain:
|
|
|
|
m.matchers = append(m.matchers, NewPlainDomainMatcher(domain.Value))
|
|
|
|
case Domain_Regex:
|
|
|
|
rm, err := NewRegexpDomainMatcher(domain.Value)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
m.matchers = append(m.matchers, rm)
|
|
|
|
case Domain_Domain:
|
|
|
|
m.matchers = append(m.matchers, NewSubDomainMatcher(domain.Value))
|
|
|
|
default:
|
|
|
|
return newError("unknown domain type: ", domain.Type).AtError()
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *CachableDomainMatcher) applyInternal(domain string) bool {
|
|
|
|
for _, matcher := range m.matchers {
|
|
|
|
if matcher.Apply(domain) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
type cacheResult int
|
|
|
|
|
|
|
|
const (
|
|
|
|
cacheMiss cacheResult = iota
|
|
|
|
cacheHitTrue
|
|
|
|
cacheHitFalse
|
|
|
|
)
|
|
|
|
|
|
|
|
func (m *CachableDomainMatcher) findInCache(domain string) cacheResult {
|
|
|
|
m.Lock()
|
|
|
|
defer m.Unlock()
|
|
|
|
|
|
|
|
r, f := m.cache[domain]
|
|
|
|
if !f {
|
|
|
|
return cacheMiss
|
|
|
|
}
|
|
|
|
r.timestamp = time.Now()
|
|
|
|
m.cache[domain] = r
|
|
|
|
|
|
|
|
if r.result {
|
|
|
|
return cacheHitTrue
|
|
|
|
}
|
|
|
|
return cacheHitFalse
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *CachableDomainMatcher) ApplyDomain(domain string) bool {
|
|
|
|
if len(m.matchers) < 64 {
|
|
|
|
return m.applyInternal(domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
cr := m.findInCache(domain)
|
|
|
|
|
|
|
|
if cr == cacheHitTrue {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
if cr == cacheHitFalse {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
r := m.applyInternal(domain)
|
|
|
|
m.Lock()
|
|
|
|
defer m.Unlock()
|
|
|
|
|
|
|
|
m.cache[domain] = timedResult{
|
|
|
|
result: r,
|
|
|
|
timestamp: time.Now(),
|
|
|
|
}
|
|
|
|
|
|
|
|
now := time.Now()
|
|
|
|
if len(m.cache) > 256 && now.Sub(m.lastScan)/time.Second > 5 {
|
|
|
|
remove := make([]string, 0, 128)
|
|
|
|
|
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
for k, v := range m.cache {
|
|
|
|
if now.Sub(v.timestamp)/time.Second > 60 {
|
|
|
|
remove = append(remove, k)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, v := range remove {
|
|
|
|
delete(m.cache, v)
|
|
|
|
}
|
|
|
|
m.lastScan = now
|
|
|
|
}
|
|
|
|
|
|
|
|
return r
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *CachableDomainMatcher) Apply(ctx context.Context) bool {
|
|
|
|
dest, ok := proxy.TargetFromContext(ctx)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if !dest.Address.Family().IsDomain() {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return m.ApplyDomain(dest.Address.Domain())
|
|
|
|
}
|
|
|
|
|
|
|
|
type domainMatcher interface {
|
|
|
|
Apply(domain string) bool
|
|
|
|
}
|
|
|
|
|
|
|
|
type PlainDomainMatcher string
|
|
|
|
|
|
|
|
func NewPlainDomainMatcher(pattern string) PlainDomainMatcher {
|
|
|
|
return PlainDomainMatcher(pattern)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v PlainDomainMatcher) Apply(domain string) bool {
|
|
|
|
return strings.Contains(domain, string(v))
|
|
|
|
}
|
|
|
|
|
|
|
|
type RegexpDomainMatcher struct {
|
|
|
|
pattern *regexp.Regexp
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewRegexpDomainMatcher(pattern string) (*RegexpDomainMatcher, error) {
|
|
|
|
r, err := regexp.Compile(pattern)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &RegexpDomainMatcher{
|
|
|
|
pattern: r,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *RegexpDomainMatcher) Apply(domain string) bool {
|
|
|
|
return v.pattern.MatchString(strings.ToLower(domain))
|
|
|
|
}
|
|
|
|
|
|
|
|
type SubDomainMatcher string
|
|
|
|
|
|
|
|
func NewSubDomainMatcher(p string) SubDomainMatcher {
|
|
|
|
return SubDomainMatcher(p)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m SubDomainMatcher) Apply(domain string) bool {
|
|
|
|
pattern := string(m)
|
|
|
|
if !strings.HasSuffix(domain, pattern) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return len(domain) == len(pattern) || domain[len(domain)-len(pattern)-1] == '.'
|
|
|
|
}
|
|
|
|
|
|
|
|
type CIDRMatcher struct {
|
|
|
|
cidr *net.IPNet
|
|
|
|
onSource bool
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewCIDRMatcher(ip []byte, mask uint32, onSource bool) (*CIDRMatcher, error) {
|
|
|
|
cidr := &net.IPNet{
|
|
|
|
IP: net.IP(ip),
|
|
|
|
Mask: net.CIDRMask(int(mask), len(ip)*8),
|
|
|
|
}
|
|
|
|
return &CIDRMatcher{
|
|
|
|
cidr: cidr,
|
|
|
|
onSource: onSource,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *CIDRMatcher) Apply(ctx context.Context) bool {
|
|
|
|
ips := make([]net.IP, 0, 4)
|
|
|
|
if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
|
|
|
|
resolvedIPs := resolver.Resolve()
|
|
|
|
for _, rip := range resolvedIPs {
|
|
|
|
if !rip.Family().IsIPv6() {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
ips = append(ips, rip.IP())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var dest net.Destination
|
|
|
|
var ok bool
|
|
|
|
if v.onSource {
|
|
|
|
dest, ok = proxy.SourceFromContext(ctx)
|
|
|
|
} else {
|
|
|
|
dest, ok = proxy.TargetFromContext(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok && dest.Address.Family().IsIPv6() {
|
|
|
|
ips = append(ips, dest.Address.IP())
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, ip := range ips {
|
|
|
|
if v.cidr.Contains(ip) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
type IPv4Matcher struct {
|
|
|
|
ipv4net *net.IPNetTable
|
|
|
|
onSource bool
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewIPv4Matcher(ipnet *net.IPNetTable, onSource bool) *IPv4Matcher {
|
|
|
|
return &IPv4Matcher{
|
|
|
|
ipv4net: ipnet,
|
|
|
|
onSource: onSource,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *IPv4Matcher) Apply(ctx context.Context) bool {
|
|
|
|
ips := make([]net.IP, 0, 4)
|
|
|
|
if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
|
|
|
|
resolvedIPs := resolver.Resolve()
|
|
|
|
for _, rip := range resolvedIPs {
|
|
|
|
if !rip.Family().IsIPv4() {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
ips = append(ips, rip.IP())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var dest net.Destination
|
|
|
|
var ok bool
|
|
|
|
if v.onSource {
|
|
|
|
dest, ok = proxy.SourceFromContext(ctx)
|
|
|
|
} else {
|
|
|
|
dest, ok = proxy.TargetFromContext(ctx)
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok && dest.Address.Family().IsIPv4() {
|
|
|
|
ips = append(ips, dest.Address.IP())
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, ip := range ips {
|
|
|
|
if v.ipv4net.Contains(ip) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
type PortMatcher struct {
|
|
|
|
port net.PortRange
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewPortMatcher(portRange net.PortRange) *PortMatcher {
|
|
|
|
return &PortMatcher{
|
|
|
|
port: portRange,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *PortMatcher) Apply(ctx context.Context) bool {
|
|
|
|
dest, ok := proxy.TargetFromContext(ctx)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return v.port.Contains(dest.Port)
|
|
|
|
}
|
|
|
|
|
|
|
|
type NetworkMatcher struct {
|
|
|
|
network *net.NetworkList
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewNetworkMatcher(network *net.NetworkList) *NetworkMatcher {
|
|
|
|
return &NetworkMatcher{
|
|
|
|
network: network,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *NetworkMatcher) Apply(ctx context.Context) bool {
|
|
|
|
dest, ok := proxy.TargetFromContext(ctx)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return v.network.HasNetwork(dest.Network)
|
|
|
|
}
|
|
|
|
|
|
|
|
type UserMatcher struct {
|
|
|
|
user []string
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewUserMatcher(users []string) *UserMatcher {
|
|
|
|
usersCopy := make([]string, 0, len(users))
|
|
|
|
for _, user := range users {
|
|
|
|
if len(user) > 0 {
|
|
|
|
usersCopy = append(usersCopy, user)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return &UserMatcher{
|
|
|
|
user: usersCopy,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *UserMatcher) Apply(ctx context.Context) bool {
|
|
|
|
user := protocol.UserFromContext(ctx)
|
|
|
|
if user == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
for _, u := range v.user {
|
|
|
|
if u == user.Email {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
type InboundTagMatcher struct {
|
|
|
|
tags []string
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewInboundTagMatcher(tags []string) *InboundTagMatcher {
|
|
|
|
tagsCopy := make([]string, 0, len(tags))
|
|
|
|
for _, tag := range tags {
|
|
|
|
if len(tag) > 0 {
|
|
|
|
tagsCopy = append(tagsCopy, tag)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return &InboundTagMatcher{
|
|
|
|
tags: tagsCopy,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (v *InboundTagMatcher) Apply(ctx context.Context) bool {
|
|
|
|
tag, ok := proxy.InboundTagFromContext(ctx)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, t := range v.tags {
|
|
|
|
if t == tag {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|