diff --git a/adapter/inbound.go b/adapter/inbound.go index 2532caed..d874d833 100644 --- a/adapter/inbound.go +++ b/adapter/inbound.go @@ -21,6 +21,7 @@ type InboundContext struct { Destination M.Socksaddr Domain string Protocol string + User string Outbound string // cache diff --git a/common/settings/proxy_windows.go b/common/settings/proxy_windows.go index 71e79f8e..f5fbca14 100644 --- a/common/settings/proxy_windows.go +++ b/common/settings/proxy_windows.go @@ -1,111 +1,14 @@ package settings import ( - "os" - "syscall" - "unsafe" - F "github.com/sagernet/sing/common/format" - - "golang.org/x/sys/windows" + "github.com/sagernet/sing/common/wininet" ) -var ( - modwininet = windows.NewLazySystemDLL("settings.dll") - procInternetSetOptionW = modwininet.NewProc("InternetSetOptionW") -) - -const ( - internetOptionPerConnectionOption = 75 - internetOptionSettingsChanged = 39 - internetOptionRefresh = 37 - internetOptionProxySettingsChanged = 95 -) - -const ( - internetPerConnFlags = 1 - internetPerConnProxyServer = 2 - internetPerConnProxyBypass = 3 - internetPerConnAutoconfigUrl = 4 - internetPerConnAutodiscoveryFlags = 5 - internetPerConnAutoconfigSecondaryUrl = 6 - internetPerConnAutoconfigReloadDelayMins = 7 - internetPerConnAutoconfigLastDetectTime = 8 - internetPerConnAutoconfigLastDetectUrl = 9 - internetPerConnFlagsUi = 10 - internetOptionProxyUsername = 43 - internetOptionProxyPassword = 44 -) - -const ( - proxyTypeDirect = 1 - proxyTypeProxy = 2 - proxyTypeAutoProxyUrl = 4 - proxyTypeAutoDetect = 8 -) - -type internetPerConnOptionList struct { - dwSize uint32 - pszConnection uintptr - dwOptionCount uint32 - dwOptionError uint32 - pOptions uintptr -} - -type internetPerConnOption struct { - dwOption uint32 - value [8]byte -} - -func internetSetOption(option uintptr, lpBuffer uintptr, dwBufferSize uintptr) error { - r0, _, err := syscall.SyscallN(procInternetSetOptionW.Addr(), 0, option, lpBuffer, dwBufferSize) - if r0 != 1 { - return err - } - return nil -} - -func setOptions(options ...internetPerConnOption) error { - var optionList internetPerConnOptionList - optionList.dwSize = uint32(unsafe.Sizeof(optionList)) - optionList.dwOptionCount = uint32(len(options)) - optionList.dwOptionError = 0 - optionList.pOptions = uintptr(unsafe.Pointer(&options[0])) - err := internetSetOption(internetOptionPerConnectionOption, uintptr(unsafe.Pointer(&optionList)), uintptr(optionList.dwSize)) - if err != nil { - return os.NewSyscallError("InternetSetOption(Direct)", err) - } - err = internetSetOption(internetOptionSettingsChanged, 0, 0) - if err != nil { - return os.NewSyscallError("InternetSetOption(SettingsChanged)", err) - } - err = internetSetOption(internetOptionProxySettingsChanged, 0, 0) - if err != nil { - return os.NewSyscallError("InternetSetOption(ProxySettingsChanged)", err) - } - err = internetSetOption(internetOptionRefresh, 0, 0) - if err != nil { - return os.NewSyscallError("InternetSetOption(Refresh)", err) - } - return nil -} - func ClearSystemProxy() error { - var flagsOption internetPerConnOption - flagsOption.dwOption = internetPerConnFlags - *((*uint32)(unsafe.Pointer(&flagsOption.value))) = proxyTypeDirect | proxyTypeAutoDetect - return setOptions(flagsOption) + return wininet.ClearSystemProxy() } func SetSystemProxy(port uint16, mixed bool) error { - var flagsOption internetPerConnOption - flagsOption.dwOption = internetPerConnFlags - *((*uint32)(unsafe.Pointer(&flagsOption.value))) = proxyTypeProxy | proxyTypeDirect - var proxyOption internetPerConnOption - proxyOption.dwOption = internetPerConnProxyServer - *((*uintptr)(unsafe.Pointer(&proxyOption.value))) = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr(F.ToString("http://127.0.0.1:", port)))) - var bypassOption internetPerConnOption - bypassOption.dwOption = internetPerConnProxyBypass - *((*uintptr)(unsafe.Pointer(&bypassOption.value))) = uintptr(unsafe.Pointer(windows.StringToUTF16Ptr("local"))) - return setOptions(flagsOption, proxyOption, bypassOption) + return wininet.SetSystemProxy(F.ToString("http://127.0.0.1:", port), "local") } diff --git a/docs/configuration/dns/rule.md b/docs/configuration/dns/rule.md index e322ed4b..074bb2fc 100644 --- a/docs/configuration/dns/rule.md +++ b/docs/configuration/dns/rule.md @@ -9,6 +9,10 @@ "mixed-in" ], "network": "tcp", + "user": [ + "usera", + "userb" + ], "protocol": [ "tls", "http", @@ -80,6 +84,14 @@ Tags of [inbound](../inbound). `tcp` or `udp`. +#### user + +Username, see each inbound for details. + +#### protocol + +Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details. + #### domain Match full domain. diff --git a/docs/configuration/inbound/direct.md b/docs/configuration/inbound/direct.md index 25ee5507..ceb72c3b 100644 --- a/docs/configuration/inbound/direct.md +++ b/docs/configuration/inbound/direct.md @@ -47,9 +47,7 @@ Enable tcp fast open for listener. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/http.md b/docs/configuration/inbound/http.md index 3435e992..e169f8aa 100644 --- a/docs/configuration/inbound/http.md +++ b/docs/configuration/inbound/http.md @@ -51,9 +51,7 @@ Enable tcp fast open for listener. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/mixed.md b/docs/configuration/inbound/mixed.md index cdf38ed4..192434c3 100644 --- a/docs/configuration/inbound/mixed.md +++ b/docs/configuration/inbound/mixed.md @@ -51,9 +51,7 @@ Enable tcp fast open for listener. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/redirect.md b/docs/configuration/inbound/redirect.md index 7b1c8202..8ed7c502 100644 --- a/docs/configuration/inbound/redirect.md +++ b/docs/configuration/inbound/redirect.md @@ -8,6 +8,7 @@ { "type": "redirect", "tag": "redirect-in", + "listen": "::", "listen_port": 5353, "sniff": false, @@ -36,9 +37,7 @@ Listen port. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/shadowsocks.md b/docs/configuration/inbound/shadowsocks.md index 163f4e59..0672d410 100644 --- a/docs/configuration/inbound/shadowsocks.md +++ b/docs/configuration/inbound/shadowsocks.md @@ -47,9 +47,7 @@ Enable tcp fast open for listener. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/socks.md b/docs/configuration/inbound/socks.md index a14c011e..65d4abaa 100644 --- a/docs/configuration/inbound/socks.md +++ b/docs/configuration/inbound/socks.md @@ -49,9 +49,7 @@ Enable tcp fast open for listener. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/tproxy.md b/docs/configuration/inbound/tproxy.md index 11eba34a..2d11bee5 100644 --- a/docs/configuration/inbound/tproxy.md +++ b/docs/configuration/inbound/tproxy.md @@ -40,9 +40,7 @@ Listen port. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md index 75be2b6e..183b49e3 100644 --- a/docs/configuration/inbound/tun.md +++ b/docs/configuration/inbound/tun.md @@ -59,9 +59,7 @@ Hijack TCP/UDP DNS requests to the built-in DNS adapter. Enable sniffing. -Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP. - -This does not break zero copy, like splice. +See [Sniff](/configuration/route/sniff/) for details. #### sniff_override_destination diff --git a/docs/configuration/route/rule.md b/docs/configuration/route/rule.md index 7df53b56..848cc7cc 100644 --- a/docs/configuration/route/rule.md +++ b/docs/configuration/route/rule.md @@ -9,6 +9,10 @@ "mixed-in" ], "network": "tcp", + "user": [ + "usera", + "userb" + ], "protocol": [ "tls", "http", @@ -79,6 +83,14 @@ Tags of [inbound](../inbound). +#### user + +Username, see each inbound for details. + +#### protocol + +Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details. + #### network `tcp` or `udp`. diff --git a/docs/configuration/route/sniff.md b/docs/configuration/route/sniff.md new file mode 100644 index 00000000..73593d82 --- /dev/null +++ b/docs/configuration/route/sniff.md @@ -0,0 +1,10 @@ +If enabled in the inbound, the protocol and domain name (if present) of by the connection can be sniffed. + +#### Supported Protocols + +| Network | Protocol | Domain Name | +|:---------:|:----------:|:-------------:| +| TCP | HTTP | Host | +| TCP | TLS | Server Name | +| UDP | QUIC | Server Name | +| UDP | STUN | / | \ No newline at end of file diff --git a/go.mod b/go.mod index e6d6eb61..ff8f4369 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/goccy/go-json v0.9.10 github.com/logrusorgru/aurora v2.0.3+incompatible github.com/oschwald/maxminddb-golang v1.9.0 - github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10 + github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34 github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619 - github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7 + github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f github.com/spf13/cobra v1.5.0 github.com/stretchr/testify v1.8.0 diff --git a/go.sum b/go.sum index f41a51a7..928c92cf 100644 --- a/go.sum +++ b/go.sum @@ -25,12 +25,12 @@ github.com/oschwald/maxminddb-golang v1.9.0/go.mod h1:TK+s/Z2oZq0rSl4PSeAEoP0bgm github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10 h1:CQSsVgvVT6KcYNQASP4jnPTg7epSxHGI3MS011LIXkA= -github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10/go.mod h1:3ZmoGNg/nNJTyHAZFNRSPaXpNIwpDvyIiAUd0KIWV5c= +github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34 h1:1kFruA2QzuH2R6txJXEDSasfdxzsjNyzC4Z1kZjMkHg= +github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34/go.mod h1:GbtQfZSpmtD3cXeD1qX2LCMwY8dH+bnnInDTqd92IsM= github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619 h1:oHbOmq1WS0XaZmXp6WpxzyB2xeyRIA1/L8EJKuNntfY= github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619/go.mod h1:y2fpvoxukw3G7eApIZwkcpcG/NE4AB8pCQI0Qd8rMqk= -github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7 h1:7xQvlMSxNWphQ4t+7fHfR4OnkH23GukLIjImnM1CMLA= -github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7/go.mod h1:NtHwPOk1wEOPdjjsjtrYoaQuXtlDCrx0mrcWBrNE0sA= +github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f h1:F6yiuKbBoXgWiuoP7R0YA14pDEl3emxA1mL7M16Q7gc= +github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f/go.mod h1:cDrLwa3zwY8AaW6a4sjipn4xgdIr3CT8TPqSW6iFOi0= github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f h1:o3YN4sFC7lQznAwutagPqBb23hal7MkgVq/VEvd7Vug= github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f/go.mod h1:p7QbUBs2ejf6UQsiHyy1xGAWOk9JWQjZTHy8pOmkWmo= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= diff --git a/inbound/http.go b/inbound/http.go index 48650aa4..ac12500f 100644 --- a/inbound/http.go +++ b/inbound/http.go @@ -11,6 +11,7 @@ import ( "github.com/sagernet/sing-box/option" "github.com/sagernet/sing/common/auth" M "github.com/sagernet/sing/common/metadata" + N "github.com/sagernet/sing/common/network" "github.com/sagernet/sing/protocol/http" ) @@ -40,5 +41,25 @@ func NewHTTP(ctx context.Context, router adapter.Router, logger log.ContextLogge } func (h *HTTP) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - return http.HandleConnection(ctx, conn, std_bufio.NewReader(conn), h.authenticator, h.upstreamHandler(metadata), M.Metadata{}) + return http.HandleConnection(ctx, conn, std_bufio.NewReader(conn), h.authenticator, h.upstreamUserHandler(metadata), M.Metadata{}) +} + +func (a *myInboundAdapter) upstreamUserHandler(metadata adapter.InboundContext) adapter.UpstreamHandlerAdapter { + return adapter.NewUpstreamHandler(metadata, a.newUserConnection, a.streamUserPacketConnection, a) +} + +func (a *myInboundAdapter) newUserConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { + user, loaded := auth.UserFromContext[string](ctx) + if !loaded { + a.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination) + return a.router.RouteConnection(ctx, conn, metadata) + } + metadata.User = user + a.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination) + return a.router.RouteConnection(ctx, conn, metadata) +} + +func (a *myInboundAdapter) streamUserPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { + a.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + return a.router.RoutePacketConnection(ctx, conn, metadata) } diff --git a/inbound/mixed.go b/inbound/mixed.go index 7f172c03..d81559ed 100644 --- a/inbound/mixed.go +++ b/inbound/mixed.go @@ -52,8 +52,8 @@ func (h *Mixed) NewConnection(ctx context.Context, conn net.Conn, metadata adapt } switch headerType { case socks4.Version, socks5.Version: - return socks.HandleConnection0(ctx, conn, headerType, h.authenticator, h.upstreamHandler(metadata), M.Metadata{}) + return socks.HandleConnection0(ctx, conn, headerType, h.authenticator, h.upstreamUserHandler(metadata), M.Metadata{}) } reader := std_bufio.NewReader(bufio.NewCachedReader(conn, buf.As([]byte{headerType}))) - return http.HandleConnection(ctx, conn, reader, h.authenticator, h.upstreamHandler(metadata), M.Metadata{}) + return http.HandleConnection(ctx, conn, reader, h.authenticator, h.upstreamUserHandler(metadata), M.Metadata{}) } diff --git a/inbound/shadowsocks.go b/inbound/shadowsocks.go index eee3a268..b1c221f4 100644 --- a/inbound/shadowsocks.go +++ b/inbound/shadowsocks.go @@ -77,5 +77,17 @@ func (h *Shadowsocks) NewConnection(ctx context.Context, conn net.Conn, metadata } func (h *Shadowsocks) NewPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata adapter.InboundContext) error { - return h.service.NewPacket(adapter.WithContext(log.ContextWithNewID(ctx), &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) + return h.service.NewPacket(adapter.WithContext(ctx, &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) +} + +func (h *Shadowsocks) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { + h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination) + return h.router.RouteConnection(ctx, conn, metadata) +} + +func (h *Shadowsocks) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { + ctx = log.ContextWithNewID(ctx) + h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source) + h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + return h.router.RoutePacketConnection(ctx, conn, metadata) } diff --git a/inbound/shadowsocks_multi.go b/inbound/shadowsocks_multi.go index bb521186..b724a45b 100644 --- a/inbound/shadowsocks_multi.go +++ b/inbound/shadowsocks_multi.go @@ -3,14 +3,15 @@ package inbound import ( "context" "net" + "os" "github.com/sagernet/sing-box/adapter" C "github.com/sagernet/sing-box/constant" "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" - "github.com/sagernet/sing-shadowsocks" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" "github.com/sagernet/sing/common" + "github.com/sagernet/sing/common/auth" "github.com/sagernet/sing/common/buf" F "github.com/sagernet/sing/common/format" N "github.com/sagernet/sing/common/network" @@ -72,24 +73,34 @@ func (h *ShadowsocksMulti) NewConnection(ctx context.Context, conn net.Conn, met } func (h *ShadowsocksMulti) NewPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata adapter.InboundContext) error { - return h.service.NewPacket(adapter.WithContext(log.ContextWithNewID(ctx), &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) + return h.service.NewPacket(adapter.WithContext(ctx, &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) } func (h *ShadowsocksMulti) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - userCtx := ctx.(*shadowsocks.UserContext[int]) - user := h.users[userCtx.User].Name + userIndex, loaded := auth.UserFromContext[int](ctx) + if !loaded { + return os.ErrInvalid + } + user := h.users[userIndex].Name if user == "" { - user = F.ToString(userCtx.User) + user = F.ToString(userIndex) + } else { + metadata.User = user } h.logger.InfoContext(ctx, "[", user, "] inbound connection to ", metadata.Destination) return h.router.RouteConnection(ctx, conn, metadata) } func (h *ShadowsocksMulti) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { - userCtx := ctx.(*shadowsocks.UserContext[int]) - user := h.users[userCtx.User].Name + userIndex, loaded := auth.UserFromContext[int](ctx) + if !loaded { + return os.ErrInvalid + } + user := h.users[userIndex].Name if user == "" { - user = F.ToString(userCtx.User) + user = F.ToString(userIndex) + } else { + metadata.User = user } ctx = log.ContextWithNewID(ctx) h.logger.InfoContext(ctx, "[", user, "] inbound packet connection from ", metadata.Source) diff --git a/inbound/shadowsocks_relay.go b/inbound/shadowsocks_relay.go index 13f56c89..8cecaa24 100644 --- a/inbound/shadowsocks_relay.go +++ b/inbound/shadowsocks_relay.go @@ -3,14 +3,15 @@ package inbound import ( "context" "net" + "os" "github.com/sagernet/sing-box/adapter" C "github.com/sagernet/sing-box/constant" "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" - "github.com/sagernet/sing-shadowsocks" "github.com/sagernet/sing-shadowsocks/shadowaead_2022" "github.com/sagernet/sing/common" + "github.com/sagernet/sing/common/auth" "github.com/sagernet/sing/common/buf" F "github.com/sagernet/sing/common/format" N "github.com/sagernet/sing/common/network" @@ -72,24 +73,34 @@ func (h *ShadowsocksRelay) NewConnection(ctx context.Context, conn net.Conn, met } func (h *ShadowsocksRelay) NewPacket(ctx context.Context, conn N.PacketConn, buffer *buf.Buffer, metadata adapter.InboundContext) error { - return h.service.NewPacket(adapter.WithContext(log.ContextWithNewID(ctx), &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) + return h.service.NewPacket(adapter.WithContext(ctx, &metadata), conn, buffer, adapter.UpstreamMetadata(metadata)) } func (h *ShadowsocksRelay) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - userCtx := ctx.(*shadowsocks.UserContext[int]) - destination := h.destinations[userCtx.User].Name + destinationIndex, loaded := auth.UserFromContext[int](ctx) + if !loaded { + return os.ErrInvalid + } + destination := h.destinations[destinationIndex].Name if destination == "" { - destination = F.ToString(userCtx.User) + destination = F.ToString(destinationIndex) + } else { + metadata.User = destination } h.logger.InfoContext(ctx, "[", destination, "] inbound connection to ", metadata.Destination) return h.router.RouteConnection(ctx, conn, metadata) } func (h *ShadowsocksRelay) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error { - userCtx := ctx.(*shadowsocks.UserContext[int]) - destination := h.destinations[userCtx.User].Name + destinationIndex, loaded := auth.UserFromContext[int](ctx) + if !loaded { + return os.ErrInvalid + } + destination := h.destinations[destinationIndex].Name if destination == "" { - destination = F.ToString(userCtx.User) + destination = F.ToString(destinationIndex) + } else { + metadata.User = destination } ctx = log.ContextWithNewID(ctx) h.logger.InfoContext(ctx, "[", destination, "] inbound packet connection from ", metadata.Source) diff --git a/inbound/socks.go b/inbound/socks.go index b837efb9..452d064e 100644 --- a/inbound/socks.go +++ b/inbound/socks.go @@ -38,5 +38,5 @@ func NewSocks(ctx context.Context, router adapter.Router, logger log.ContextLogg } func (h *Socks) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error { - return socks.HandleConnection(ctx, conn, h.authenticator, h.upstreamHandler(metadata), M.Metadata{}) + return socks.HandleConnection(ctx, conn, h.authenticator, h.upstreamUserHandler(metadata), M.Metadata{}) } diff --git a/mkdocs.yml b/mkdocs.yml index 9c9e6712..8620f839 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -61,6 +61,7 @@ nav: - GeoIP: configuration/route/geoip.md - Geosite: configuration/route/geosite.md - Route Rule: configuration/route/rule.md + - Protocol Sniff: configuration/route/sniff.md - Examples: - examples/index.md - Shadowsocks Server: examples/ss-server.md diff --git a/option/dns.go b/option/dns.go index c39aef05..f7ef5738 100644 --- a/option/dns.go +++ b/option/dns.go @@ -91,6 +91,7 @@ func (r *DNSRule) UnmarshalJSON(bytes []byte) error { type DefaultDNSRule struct { Inbound Listable[string] `json:"inbound,omitempty"` Network string `json:"network,omitempty"` + User Listable[string] `json:"user,omitempty"` Protocol Listable[string] `json:"protocol,omitempty"` Domain Listable[string] `json:"domain,omitempty"` DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` @@ -114,6 +115,7 @@ func (r DefaultDNSRule) IsValid() bool { func (r DefaultDNSRule) Equals(other DefaultDNSRule) bool { return common.ComparableSliceEquals(r.Inbound, other.Inbound) && r.Network == other.Network && + common.ComparableSliceEquals(r.User, other.User) && common.ComparableSliceEquals(r.Protocol, other.Protocol) && common.ComparableSliceEquals(r.Domain, other.Domain) && common.ComparableSliceEquals(r.DomainSuffix, other.DomainSuffix) && diff --git a/option/route.go b/option/route.go index 728c5b12..badaf3e8 100644 --- a/option/route.go +++ b/option/route.go @@ -89,6 +89,7 @@ type DefaultRule struct { Inbound Listable[string] `json:"inbound,omitempty"` IPVersion int `json:"ip_version,omitempty"` Network string `json:"network,omitempty"` + User Listable[string] `json:"user,omitempty"` Protocol Listable[string] `json:"protocol,omitempty"` Domain Listable[string] `json:"domain,omitempty"` DomainSuffix Listable[string] `json:"domain_suffix,omitempty"` @@ -114,6 +115,7 @@ func (r DefaultRule) Equals(other DefaultRule) bool { return common.ComparableSliceEquals(r.Inbound, other.Inbound) && r.IPVersion == other.IPVersion && r.Network == other.Network && + common.ComparableSliceEquals(r.User, other.User) && common.ComparableSliceEquals(r.Protocol, other.Protocol) && common.ComparableSliceEquals(r.Domain, other.Domain) && common.ComparableSliceEquals(r.DomainSuffix, other.DomainSuffix) && diff --git a/route/rule.go b/route/rule.go index 2fb2d52f..1647815c 100644 --- a/route/rule.go +++ b/route/rule.go @@ -82,8 +82,13 @@ func NewDefaultRule(router adapter.Router, logger log.ContextLogger, options opt return nil, E.New("invalid network: ", options.Network) } } + if len(options.User) > 0 { + item := NewUserItem(options.User) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } if len(options.Protocol) > 0 { - item := NewProtocolItem(options.Protocol) + item := NewUserItem(options.Protocol) rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } diff --git a/route/rule_dns.go b/route/rule_dns.go index 88b78da7..8635a1d1 100644 --- a/route/rule_dns.go +++ b/route/rule_dns.go @@ -66,8 +66,13 @@ func NewDefaultDNSRule(router adapter.Router, logger log.ContextLogger, options return nil, E.New("invalid network: ", options.Network) } } + if len(options.User) > 0 { + item := NewUserItem(options.User) + rule.items = append(rule.items, item) + rule.allItems = append(rule.allItems, item) + } if len(options.Protocol) > 0 { - item := NewProtocolItem(options.Protocol) + item := NewUserItem(options.Protocol) rule.items = append(rule.items, item) rule.allItems = append(rule.allItems, item) } diff --git a/route/rule_user.go b/route/rule_user.go new file mode 100644 index 00000000..43d9f48d --- /dev/null +++ b/route/rule_user.go @@ -0,0 +1,37 @@ +package route + +import ( + "strings" + + "github.com/sagernet/sing-box/adapter" + F "github.com/sagernet/sing/common/format" +) + +var _ RuleItem = (*UserItem)(nil) + +type UserItem struct { + users []string + userMap map[string]bool +} + +func NewUserItem(users []string) *UserItem { + userMap := make(map[string]bool) + for _, protocol := range users { + userMap[protocol] = true + } + return &UserItem{ + users: users, + userMap: userMap, + } +} + +func (r *UserItem) Match(metadata *adapter.InboundContext) bool { + return r.userMap[metadata.User] +} + +func (r *UserItem) String() string { + if len(r.users) == 1 { + return F.ToString("user=", r.users[0]) + } + return F.ToString("user=[", strings.Join(r.users, " "), "]") +} diff --git a/test/box_test.go b/test/box_test.go index 514e3e0e..4f1366ba 100644 --- a/test/box_test.go +++ b/test/box_test.go @@ -46,15 +46,15 @@ func startInstance(t *testing.T, options option.Options) { func testSuit(t *testing.T, clientPort uint16, testPort uint16) { dialer := socks.NewClient(N.SystemDialer, M.ParseSocksaddrHostPort("127.0.0.1", clientPort), socks.Version5, "", "") - dialTCP := func() (net.Conn, error) { - return dialer.DialContext(context.Background(), "tcp", M.ParseSocksaddrHostPort("127.0.0.1", testPort)) + dialTCP := func(port uint16) (net.Conn, error) { + return dialer.DialContext(context.Background(), "tcp", M.ParseSocksaddrHostPort("127.0.0.1", port)) } - dialUDP := func() (net.PacketConn, error) { - return dialer.ListenPacket(context.Background(), M.ParseSocksaddrHostPort("127.0.0.1", testPort)) + dialUDP := func(port uint16) (net.PacketConn, error) { + return dialer.ListenPacket(context.Background(), M.ParseSocksaddrHostPort("127.0.0.1", port)) } - require.NoError(t, testPingPongWithConn(t, testPort, dialTCP)) - require.NoError(t, testLargeDataWithConn(t, testPort, dialTCP)) - require.NoError(t, testPingPongWithPacketConn(t, testPort, dialUDP)) - require.NoError(t, testLargeDataWithPacketConn(t, testPort, dialUDP)) + require.NoError(t, testPingPongWithConn(t, dialTCP)) + require.NoError(t, testLargeDataWithConn(t, dialTCP)) + require.NoError(t, testPingPongWithPacketConn(t, dialUDP)) + require.NoError(t, testLargeDataWithPacketConn(t, dialUDP)) require.NoError(t, testPacketConnTimeout(t, dialUDP)) } diff --git a/test/clash_test.go b/test/clash_test.go index e2a81aff..47a09036 100644 --- a/test/clash_test.go +++ b/test/clash_test.go @@ -152,14 +152,15 @@ func newLargeDataPair() (chan hashPair, chan hashPair, func(t *testing.T) error) return pingCh, pongCh, test } -func testPingPongWithConn(t *testing.T, port uint16, cc func() (net.Conn, error)) error { +func testPingPongWithConn(t *testing.T, cc func(port uint16) (net.Conn, error)) error { + port := mkPort(t) l, err := listen("tcp", ":"+F.ToString(port)) if err != nil { return err } defer l.Close() - c, err := cc() + c, err := cc(port) if err != nil { return err } @@ -198,7 +199,9 @@ func testPingPongWithConn(t *testing.T, port uint16, cc func() (net.Conn, error) return test(t) } -func testPingPongWithPacketConn(t *testing.T, port uint16, pcc func() (net.PacketConn, error)) error { +func testPingPongWithPacketConn(t *testing.T, pcc func(port uint16) (net.PacketConn, error)) error { + port := mkPort(t) + l, err := listenPacket("udp", ":"+F.ToString(port)) require.NoError(t, err) defer l.Close() @@ -219,7 +222,7 @@ func testPingPongWithPacketConn(t *testing.T, port uint16, pcc func() (net.Packe } }() - pc, err := pcc() + pc, err := pcc(port) if err != nil { return err } @@ -246,7 +249,8 @@ type hashPair struct { recvHash map[int][]byte } -func testLargeDataWithConn(t *testing.T, port uint16, cc func() (net.Conn, error)) error { +func testLargeDataWithConn(t *testing.T, cc func(port uint16) (net.Conn, error)) error { + port := mkPort(t) l, err := listen("tcp", ":"+F.ToString(port)) require.NoError(t, err) defer l.Close() @@ -275,7 +279,7 @@ func testLargeDataWithConn(t *testing.T, port uint16, cc func() (net.Conn, error return hashMap, nil } - c, err := cc() + c, err := cc(port) if err != nil { return err } @@ -343,7 +347,8 @@ func testLargeDataWithConn(t *testing.T, port uint16, cc func() (net.Conn, error return test(t) } -func testLargeDataWithPacketConn(t *testing.T, port uint16, pcc func() (net.PacketConn, error)) error { +func testLargeDataWithPacketConn(t *testing.T, pcc func(port uint16) (net.PacketConn, error)) error { + port := mkPort(t) l, err := listenPacket("udp", ":"+F.ToString(port)) require.NoError(t, err) defer l.Close() @@ -409,7 +414,7 @@ func testLargeDataWithPacketConn(t *testing.T, port uint16, pcc func() (net.Pack } }() - pc, err := pcc() + pc, err := pcc(port) if err != nil { return err } @@ -444,8 +449,8 @@ func testLargeDataWithPacketConn(t *testing.T, port uint16, pcc func() (net.Pack return test(t) } -func testPacketConnTimeout(t *testing.T, pcc func() (net.PacketConn, error)) error { - pc, err := pcc() +func testPacketConnTimeout(t *testing.T, pcc func(port uint16) (net.PacketConn, error)) error { + pc, err := pcc(mkPort(t)) if err != nil { return err } diff --git a/test/go.mod b/test/go.mod index e527e150..5a721365 100644 --- a/test/go.mod +++ b/test/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/docker/docker v20.10.17+incompatible github.com/docker/go-connections v0.4.0 - github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10 + github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34 github.com/sagernet/sing-box v0.0.0 github.com/stretchr/testify v1.8.0 golang.org/x/net v0.0.0-20220708220712-1185a9018129 @@ -33,7 +33,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619 // indirect - github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7 // indirect + github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f // indirect github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/vishvananda/netlink v1.1.0 // indirect diff --git a/test/go.sum b/test/go.sum index e0e4feff..e9d94e29 100644 --- a/test/go.sum +++ b/test/go.sum @@ -52,12 +52,12 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10 h1:CQSsVgvVT6KcYNQASP4jnPTg7epSxHGI3MS011LIXkA= -github.com/sagernet/sing v0.0.0-20220716021830-bd79d31e3b10/go.mod h1:3ZmoGNg/nNJTyHAZFNRSPaXpNIwpDvyIiAUd0KIWV5c= +github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34 h1:1kFruA2QzuH2R6txJXEDSasfdxzsjNyzC4Z1kZjMkHg= +github.com/sagernet/sing v0.0.0-20220717063925-00f98eb6bc34/go.mod h1:GbtQfZSpmtD3cXeD1qX2LCMwY8dH+bnnInDTqd92IsM= github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619 h1:oHbOmq1WS0XaZmXp6WpxzyB2xeyRIA1/L8EJKuNntfY= github.com/sagernet/sing-dns v0.0.0-20220711062726-c64e938e4619/go.mod h1:y2fpvoxukw3G7eApIZwkcpcG/NE4AB8pCQI0Qd8rMqk= -github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7 h1:7xQvlMSxNWphQ4t+7fHfR4OnkH23GukLIjImnM1CMLA= -github.com/sagernet/sing-shadowsocks v0.0.0-20220716012931-952ae62e05d7/go.mod h1:NtHwPOk1wEOPdjjsjtrYoaQuXtlDCrx0mrcWBrNE0sA= +github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f h1:F6yiuKbBoXgWiuoP7R0YA14pDEl3emxA1mL7M16Q7gc= +github.com/sagernet/sing-shadowsocks v0.0.0-20220717063942-45a2ad9cd41f/go.mod h1:cDrLwa3zwY8AaW6a4sjipn4xgdIr3CT8TPqSW6iFOi0= github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f h1:o3YN4sFC7lQznAwutagPqBb23hal7MkgVq/VEvd7Vug= github.com/sagernet/sing-tun v0.0.0-20220717030718-f53aabff275f/go.mod h1:p7QbUBs2ejf6UQsiHyy1xGAWOk9JWQjZTHy8pOmkWmo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=