mirrors/hysteria
1
0
Fork 0
mirror of https://github.com/apernet/hysteria.git synced 2025-04-05 05:27:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'apernet:master' into master

Browse source
This commit is contained in:
Xboard 2023-11-24 22:23:09 +08:00 committed by GitHub
commit abe1d79b46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 167 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

18
core/client/client.go
View file

@ -172,13 +172,13 @@ func (c *clientImpl) openStream() (quic.Stream, error) {
func (c *clientImpl) TCP(addr string) (net.Conn, error) { func (c *clientImpl) TCP(addr string) (net.Conn, error) {
stream, err := c.openStream() stream, err := c.openStream()
if err != nil { if err != nil {
return nil, maybeWrapQUICClosedError(err) return nil, wrapIfConnectionClosed(err)
} }
// Send request // Send request
err = protocol.WriteTCPRequest(stream, addr) err = protocol.WriteTCPRequest(stream, addr)
if err != nil { if err != nil {
_ = stream.Close() _ = stream.Close()
return nil, maybeWrapQUICClosedError(err) return nil, wrapIfConnectionClosed(err)
} }
if c.config.FastOpen { if c.config.FastOpen {
// Don't wait for the response when fast open is enabled. // Don't wait for the response when fast open is enabled.
@ -195,7 +195,7 @@ func (c *clientImpl) TCP(addr string) (net.Conn, error) {
ok, msg, err := protocol.ReadTCPResponse(stream) ok, msg, err := protocol.ReadTCPResponse(stream)
if err != nil { if err != nil {
_ = stream.Close() _ = stream.Close()
return nil, maybeWrapQUICClosedError(err) return nil, wrapIfConnectionClosed(err)
} }
if !ok { if !ok {
_ = stream.Close() _ = stream.Close()
@ -222,12 +222,14 @@ func (c *clientImpl) Close() error {
return nil return nil
} }
// maybeWrapQUICClosedError checks if the error returned by quic-go // wrapIfConnectionClosed checks if the error returned by quic-go
// indicates that the QUIC connection is permanently closed, // indicates that the QUIC connection has been permanently closed,
// and if so, wraps it with coreErrs.ClosedError. // and if so, wraps the error with coreErrs.ClosedError.
func maybeWrapQUICClosedError(err error) error { // PITFALL: sometimes quic-go has "internal errors" that are not net.Error,
// but we still need to treat them as ClosedError.
func wrapIfConnectionClosed(err error) error {
netErr, ok := err.(net.Error) netErr, ok := err.(net.Error)
if ok && !netErr.Temporary() { if !ok || !netErr.Temporary() {
return coreErrs.ClosedError{Err: err} return coreErrs.ClosedError{Err: err}
} else { } else {
return err return err

15
extras/outbounds/acl/compile.go
View file

@ -236,6 +236,17 @@ func compileHostMatcher(addr string, geoLoader GeoLoader) (hostMatcher, string)
} }
return m, "" return m, ""
} }
if strings.HasPrefix(addr, "suffix:") {
// Domain suffix matcher
suffix := addr[7:]
if len(suffix) == 0 {
return nil, "empty domain suffix"
}
return &domainMatcher{
Pattern: suffix,
Mode: domainMatchSuffix,
}, ""
}
if strings.Contains(addr, "/") { if strings.Contains(addr, "/") {
// CIDR matcher // CIDR matcher
_, ipnet, err := net.ParseCIDR(addr) _, ipnet, err := net.ParseCIDR(addr)
@ -252,13 +263,13 @@ func compileHostMatcher(addr string, geoLoader GeoLoader) (hostMatcher, string)
// Wildcard domain matcher // Wildcard domain matcher
return &domainMatcher{ return &domainMatcher{
Pattern: addr, Pattern: addr,
Wildcard: true, Mode: domainMatchWildcard,
}, "" }, ""
} }
// Nothing else matched, treat it as a non-wildcard domain // Nothing else matched, treat it as a non-wildcard domain
return &domainMatcher{ return &domainMatcher{
Pattern: addr, Pattern: addr,
Wildcard: false, Mode: domainMatchExact,
}, "" }, ""
} }

36
extras/outbounds/acl/compile_test.go
View file

@ -22,7 +22,7 @@ func (l *testGeoLoader) LoadGeoSite() (map[string]*v2geo.GeoSite, error) {
} }
func TestCompile(t *testing.T) { func TestCompile(t *testing.T) {
ob1, ob2, ob3, ob4 := 1, 2, 3, 4 ob1, ob2, ob3, ob4, ob5 := 1, 2, 3, 4, 5
rules := []TextRule{ rules := []TextRule{
{ {
Outbound: "ob1", Outbound: "ob1",
@ -84,12 +84,19 @@ func TestCompile(t *testing.T) {
ProtoPort: "*/*", ProtoPort: "*/*",
HijackAddress: "", HijackAddress: "",
}, },
{
Outbound: "ob5",
Address: "suffix:microsoft.com",
ProtoPort: "*/*",
HijackAddress: "",
},
} }
comp, err := Compile[int](rules, map[string]int{ comp, err := Compile[int](rules, map[string]int{
"ob1": ob1, "ob1": ob1,
"ob2": ob2, "ob2": ob2,
"ob3": ob3, "ob3": ob3,
"ob4": ob4, "ob4": ob4,
"ob5": ob5,
}, 100, &testGeoLoader{}) }, 100, &testGeoLoader{})
assert.NoError(t, err) assert.NoError(t, err)
@ -208,6 +215,33 @@ func TestCompile(t *testing.T) {
wantOutbound: 0, // no match default wantOutbound: 0, // no match default
wantIP: nil, wantIP: nil,
}, },
{
host: HostInfo{
Name: "microsoft.com",
},
proto: ProtocolTCP,
port: 6000,
wantOutbound: ob5,
wantIP: nil,
},
{
host: HostInfo{
Name: "real.microsoft.com",
},
proto: ProtocolUDP,
port: 5353,
wantOutbound: ob5,
wantIP: nil,
},
{
host: HostInfo{
Name: "fakemicrosoft.com",
},
proto: ProtocolTCP,
port: 5000,
wantOutbound: 0, // no match default
wantIP: nil,
},
} }
for _, test := range tests { for _, test := range tests {

21
extras/outbounds/acl/matchers.go
View file

@ -2,10 +2,17 @@ package acl
import ( import (
"net" "net"
"strings"
"golang.org/x/net/idna" "golang.org/x/net/idna"
) )
const (
domainMatchExact = uint8(iota)
domainMatchWildcard
domainMatchSuffix
)
type hostMatcher interface { type hostMatcher interface {
Match(HostInfo) bool Match(HostInfo) bool
} }
@ -28,7 +35,7 @@ func (m *cidrMatcher) Match(host HostInfo) bool {
type domainMatcher struct { type domainMatcher struct {
Pattern string Pattern string
Wildcard bool Mode uint8
} }
func (m *domainMatcher) Match(host HostInfo) bool { func (m *domainMatcher) Match(host HostInfo) bool {
@ -36,10 +43,16 @@ func (m *domainMatcher) Match(host HostInfo) bool {
if err != nil { if err != nil {
name = host.Name name = host.Name
} }
if m.Wildcard { switch m.Mode {
return deepMatchRune([]rune(name), []rune(m.Pattern)) case domainMatchExact:
}
return name == m.Pattern return name == m.Pattern
case domainMatchWildcard:
return deepMatchRune([]rune(name), []rune(m.Pattern))
case domainMatchSuffix:
return name == m.Pattern || strings.HasSuffix(name, "."+m.Pattern)
default:
return false // Invalid mode
}
} }
func deepMatchRune(str, pattern []rune) bool { func deepMatchRune(str, pattern []rune) bool {

90
extras/outbounds/acl/matchers_test.go
View file

@ -143,7 +143,7 @@ func Test_cidrMatcher_Match(t *testing.T) {
func Test_domainMatcher_Match(t *testing.T) { func Test_domainMatcher_Match(t *testing.T) {
type fields struct { type fields struct {
Pattern string Pattern string
Wildcard bool Mode uint8
} }
tests := []struct { tests := []struct {
name string name string
@ -155,7 +155,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "non-wildcard match", name: "non-wildcard match",
fields: fields{ fields: fields{
Pattern: "example.com", Pattern: "example.com",
Wildcard: false, Mode: domainMatchExact,
}, },
host: HostInfo{ host: HostInfo{
Name: "example.com", Name: "example.com",
@ -166,7 +166,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "non-wildcard IDN match", name: "non-wildcard IDN match",
fields: fields{ fields: fields{
Pattern: "政府.中国", Pattern: "政府.中国",
Wildcard: false, Mode: domainMatchExact,
}, },
host: HostInfo{ host: HostInfo{
Name: "xn--mxtq1m.xn--fiqs8s", Name: "xn--mxtq1m.xn--fiqs8s",
@ -177,7 +177,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "non-wildcard no match", name: "non-wildcard no match",
fields: fields{ fields: fields{
Pattern: "example.com", Pattern: "example.com",
Wildcard: false, Mode: domainMatchExact,
}, },
host: HostInfo{ host: HostInfo{
Name: "example.org", Name: "example.org",
@ -188,7 +188,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "non-wildcard IDN no match", name: "non-wildcard IDN no match",
fields: fields{ fields: fields{
Pattern: "政府.中国", Pattern: "政府.中国",
Wildcard: false, Mode: domainMatchExact,
}, },
host: HostInfo{ host: HostInfo{
Name: "xn--mxtq1m.xn--yfro4i67o", Name: "xn--mxtq1m.xn--yfro4i67o",
@ -199,7 +199,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard match 1", name: "wildcard match 1",
fields: fields{ fields: fields{
Pattern: "*.example.com", Pattern: "*.example.com",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "www.example.com", Name: "www.example.com",
@ -210,7 +210,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard match 2", name: "wildcard match 2",
fields: fields{ fields: fields{
Pattern: "example*.com", Pattern: "example*.com",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "example2.com", Name: "example2.com",
@ -221,7 +221,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard IDN match 1", name: "wildcard IDN match 1",
fields: fields{ fields: fields{
Pattern: "战狼*.com", Pattern: "战狼*.com",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "xn--2-x14by21c.com", Name: "xn--2-x14by21c.com",
@ -232,7 +232,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard IDN match 2", name: "wildcard IDN match 2",
fields: fields{ fields: fields{
Pattern: "*大学*", Pattern: "*大学*",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "xn--xkry9kk1bz66a.xn--ses554g", Name: "xn--xkry9kk1bz66a.xn--ses554g",
@ -243,7 +243,7 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard no match", name: "wildcard no match",
fields: fields{ fields: fields{
Pattern: "*.example.com", Pattern: "*.example.com",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "example.com", Name: "example.com",
@ -254,18 +254,82 @@ func Test_domainMatcher_Match(t *testing.T) {
name: "wildcard IDN no match", name: "wildcard IDN no match",
fields: fields{ fields: fields{
Pattern: "*呵呵*", Pattern: "*呵呵*",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "xn--6qqt7juua.cn", Name: "xn--6qqt7juua.cn",
}, },
want: false, want: false,
}, },
{
name: "suffix match 1",
fields: fields{
Pattern: "apple.com",
Mode: domainMatchSuffix,
},
host: HostInfo{
Name: "apple.com",
},
want: true,
},
{
name: "suffix match 2",
fields: fields{
Pattern: "apple.com",
Mode: domainMatchSuffix,
},
host: HostInfo{
Name: "store.apple.com",
},
want: true,
},
{
name: "suffix IDN match 1",
fields: fields{
Pattern: "中国",
Mode: domainMatchSuffix,
},
host: HostInfo{
Name: "中国",
},
want: true,
},
{
name: "suffix IDN match 2",
fields: fields{
Pattern: "中国",
Mode: domainMatchSuffix,
},
host: HostInfo{
Name: "天安门.中国",
},
want: true,
},
{
name: "suffix no match",
fields: fields{
Pattern: "news.com",
},
host: HostInfo{
Name: "fakenews.com",
},
want: false,
},
{
name: "suffix IDN no match",
fields: fields{
Pattern: "冲浪",
},
host: HostInfo{
Name: "666.网上冲浪",
},
want: false,
},
{ {
name: "empty", name: "empty",
fields: fields{ fields: fields{
Pattern: "*.example.com", Pattern: "*.example.com",
Wildcard: true, Mode: domainMatchWildcard,
}, },
host: HostInfo{ host: HostInfo{
Name: "", Name: "",
@ -277,7 +341,7 @@ func Test_domainMatcher_Match(t *testing.T) {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
m := &domainMatcher{ m := &domainMatcher{
Pattern: tt.fields.Pattern, Pattern: tt.fields.Pattern,
Wildcard: tt.fields.Wildcard, Mode: tt.fields.Mode,
} }
if got := m.Match(tt.host); got != tt.want { if got := m.Match(tt.host); got != tt.want {
t.Errorf("Match() = %v, want %v", got, tt.want) t.Errorf("Match() = %v, want %v", got, tt.want)