dae/control/control_plane.go

864 lines
25 KiB
Go
Raw Normal View History

2023-01-23 18:54:21 +07:00
/*
* SPDX-License-Identifier: AGPL-3.0-only
2023-03-14 14:01:55 +07:00
* Copyright (c) 2022-2023, daeuniverse Organization <dae@v2raya.org>
2023-01-23 18:54:21 +07:00
*/
package control
import (
"context"
"fmt"
"net"
"net/netip"
"os"
"path/filepath"
"strconv"
"strings"
"sync"
"syscall"
"time"
"github.com/bits-and-blooms/bloom/v3"
"github.com/cilium/ebpf"
"github.com/cilium/ebpf/rlimit"
2023-03-14 14:01:55 +07:00
"github.com/daeuniverse/dae/common"
"github.com/daeuniverse/dae/common/assets"
2023-03-14 14:01:55 +07:00
"github.com/daeuniverse/dae/common/consts"
"github.com/daeuniverse/dae/common/netutils"
"github.com/daeuniverse/dae/component/dns"
"github.com/daeuniverse/dae/component/outbound"
"github.com/daeuniverse/dae/component/outbound/dialer"
"github.com/daeuniverse/dae/component/routing"
"github.com/daeuniverse/dae/config"
"github.com/daeuniverse/dae/pkg/config_parser"
internal "github.com/daeuniverse/dae/pkg/ebpf_internal"
2023-03-17 12:13:42 +07:00
"github.com/mohae/deepcopy"
2023-03-14 17:22:00 +07:00
"github.com/mzz2017/softwind/pool"
"github.com/mzz2017/softwind/protocol/direct"
"github.com/sirupsen/logrus"
"golang.org/x/net/dns/dnsmessage"
2023-01-23 18:54:21 +07:00
"golang.org/x/sys/unix"
)
type ControlPlane struct {
log *logrus.Logger
2023-02-27 12:29:42 +07:00
core *controlPlaneCore
deferFuncs []func() error
2023-02-07 20:11:12 +07:00
listenIp string
2023-01-23 18:54:21 +07:00
// TODO: add mutex?
outbounds []*outbound.DialerGroup
2023-01-23 18:54:21 +07:00
2023-02-25 01:38:21 +07:00
dnsController *DnsController
onceNetworkReady sync.Once
dialMode consts.DialMode
routingMatcher *RoutingMatcher
2023-03-30 22:28:45 +07:00
ctx context.Context
cancel context.CancelFunc
ready chan struct{}
2023-03-17 14:37:12 +07:00
muRealDomainSet sync.Mutex
realDomainSet *bloom.BloomFilter
wanInterface []string
lanInterface []string
2023-04-12 23:18:42 +07:00
sniffingTimeout time.Duration
2023-01-23 18:54:21 +07:00
}
2023-01-28 00:50:21 +07:00
func NewControlPlane(
log *logrus.Logger,
2023-02-27 12:29:42 +07:00
_bpf interface{},
2023-03-17 12:13:42 +07:00
dnsCache map[string]*DnsCache,
tagToNodeList map[string][]string,
2023-01-28 00:50:21 +07:00
groups []config.Group,
routingA *config.Routing,
global *config.Global,
2023-02-25 01:38:21 +07:00
dnsConfig *config.Dns,
externGeoDataDirs []string,
2023-03-01 10:36:08 +07:00
) (*ControlPlane, error) {
var err error
kernelVersion, e := internal.KernelVersion()
if e != nil {
return nil, fmt.Errorf("failed to get kernel version: %w", e)
}
2023-02-08 14:38:13 +07:00
/// Check linux kernel requirements.
// Check version from high to low to reduce the number of user upgrading kernel.
if requirement := consts.ChecksumFeatureVersion; kernelVersion.Less(requirement) {
return nil, fmt.Errorf("your kernel version %v does not support checksum related features; expect >=%v; upgrade your kernel and try again",
kernelVersion.String(),
requirement.String())
}
if requirement := consts.CgSocketCookieFeatureVersion; len(global.WanInterface) > 0 && kernelVersion.Less(requirement) {
return nil, fmt.Errorf("your kernel version %v does not support bind to WAN; expect >=%v; remove wan_interface in config file and try again",
kernelVersion.String(),
requirement.String())
}
if requirement := consts.SkAssignFeatureVersion; len(global.LanInterface) > 0 && kernelVersion.Less(requirement) {
return nil, fmt.Errorf("your kernel version %v does not support bind to LAN; expect >=%v; remove lan_interface in config file and try again",
2023-02-06 13:01:02 +07:00
kernelVersion.String(),
requirement.String())
}
2023-02-04 10:38:01 +07:00
if kernelVersion.Less(consts.BasicFeatureVersion) {
return nil, fmt.Errorf("your kernel version %v does not satisfy basic requirement; expect >=%v",
kernelVersion.String(),
consts.BasicFeatureVersion.String())
2023-02-04 10:38:01 +07:00
}
2023-02-27 12:29:42 +07:00
var deferFuncs []func() error
2023-02-08 14:38:13 +07:00
/// Allow the current process to lock memory for eBPF resources.
2023-01-28 00:50:21 +07:00
if err = rlimit.RemoveMemlock(); err != nil {
2023-01-23 18:54:21 +07:00
return nil, fmt.Errorf("rlimit.RemoveMemlock:%v", err)
}
pinPath := filepath.Join(consts.BpfPinRoot, consts.AppName)
2023-02-07 22:05:30 +07:00
if err = os.MkdirAll(pinPath, 0755); err != nil && !os.IsExist(err) {
2023-02-13 10:08:19 +07:00
if os.IsNotExist(err) {
2023-03-13 13:25:14 +07:00
log.Warnln("Perhaps you are in a container environment (such as lxc). If so, please use higher virtualization (kvm/qemu).")
2023-02-13 10:08:19 +07:00
}
2023-02-07 21:29:50 +07:00
return nil, err
}
2023-01-27 01:10:27 +07:00
2023-02-08 14:38:13 +07:00
/// Load pre-compiled programs and maps into the kernel.
2023-03-17 12:13:42 +07:00
if _bpf == nil {
log.Infof("Loading eBPF programs and maps into the kernel...")
log.Infof("The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure.")
2023-03-17 12:13:42 +07:00
}
2023-02-27 12:29:42 +07:00
//var bpf bpfObjects
2023-02-07 20:33:38 +07:00
var ProgramOptions = ebpf.ProgramOptions{
KernelTypes: nil,
}
2023-02-04 17:18:06 +07:00
if log.Level == logrus.PanicLevel {
2023-02-07 20:33:38 +07:00
ProgramOptions.LogLevel = ebpf.LogLevelBranch | ebpf.LogLevelStats
// ProgramOptions.LogLevel = ebpf.LogLevelInstruction | ebpf.LogLevelStats
}
2023-02-08 14:38:13 +07:00
collectionOpts := &ebpf.CollectionOptions{
2023-01-23 18:54:21 +07:00
Maps: ebpf.MapOptions{
PinPath: pinPath,
},
Programs: ProgramOptions,
2023-01-23 18:54:21 +07:00
}
2023-02-27 12:29:42 +07:00
var bpf *bpfObjects
if _bpf != nil {
if _bpf, ok := _bpf.(*bpfObjects); ok {
bpf = _bpf
} else {
return nil, fmt.Errorf("unexpected bpf type: %T", _bpf)
}
} else {
bpf = new(bpfObjects)
if err = fullLoadBpfObjects(log, bpf, &loadBpfOptions{
PinPath: pinPath,
CollectionOptions: collectionOpts,
}); err != nil {
if log.Level == logrus.PanicLevel {
log.Panicln(err)
}
return nil, fmt.Errorf("load eBPF objects: %w", err)
}
}
log.Infof("Loaded eBPF programs and maps")
2023-02-27 12:29:42 +07:00
// outboundId2Name can be modified later.
outboundId2Name := make(map[uint8]string)
core := newControlPlaneCore(
log,
bpf,
outboundId2Name,
&kernelVersion,
_bpf != nil,
)
defer func() {
if err != nil {
// Flip back.
core.Flip()
_ = core.Close()
}
}()
2023-01-27 01:10:27 +07:00
// Write params.
2023-02-27 12:29:42 +07:00
if err = core.bpf.ParamMap.Update(consts.ControlPlanePidKey, uint32(os.Getpid()), ebpf.UpdateAny); err != nil {
return nil, err
}
2023-01-28 14:47:43 +07:00
/// Bind to links. Binding should be advance of dialerGroups to avoid un-routable old connection.
// Add clsact qdisc
for _, ifname := range common.Deduplicate(append(append([]string{}, global.LanInterface...), global.WanInterface...)) {
_ = core.addQdisc(ifname)
}
// Bind to LAN
if len(global.LanInterface) > 0 {
if err = core.setupRoutingPolicy(); err != nil {
return nil, err
}
if global.AutoConfigKernelParameter {
_ = SetIpv4forward("1")
}
global.LanInterface = common.Deduplicate(global.LanInterface)
for _, ifname := range global.LanInterface {
if global.AutoConfigKernelParameter {
SetSendRedirects(ifname, "0")
SetForwarding(ifname, "1")
}
if err = core.bindLan(ifname); err != nil {
return nil, fmt.Errorf("bindLan: %v: %w", ifname, err)
}
}
}
// Bind to WAN
if len(global.WanInterface) > 0 {
if err = core.setupSkPidMonitor(); err != nil {
return nil, err
}
for _, ifname := range global.WanInterface {
if err = core.bindWan(ifname); err != nil {
return nil, fmt.Errorf("bindWan: %v: %w", ifname, err)
}
}
}
2023-02-08 14:38:13 +07:00
/// DialerGroups (outbounds).
if global.AllowInsecure {
log.Warnln("AllowInsecure is enabled, but it is not recommended. Please make sure you have to turn it on.")
}
2023-01-28 00:50:21 +07:00
option := &dialer.GlobalOption{
Log: log,
TcpCheckOptionRaw: dialer.TcpCheckOptionRaw{Raw: global.TcpCheckUrl, Log: log, Method: global.TcpCheckHttpMethod},
CheckDnsOptionRaw: dialer.CheckDnsOptionRaw{Raw: global.UdpCheckDns},
CheckInterval: global.CheckInterval,
CheckTolerance: global.CheckTolerance,
2023-02-25 01:38:21 +07:00
CheckDnsTcp: true,
AllowInsecure: global.AllowInsecure,
TlsImplementation: global.TlsImplementation,
UtlsImitate: global.UtlsImitate,
2023-01-28 00:50:21 +07:00
}
2023-01-23 18:54:21 +07:00
outbounds := []*outbound.DialerGroup{
2023-01-28 00:50:21 +07:00
outbound.NewDialerGroup(option, consts.OutboundDirect.String(),
[]*dialer.Dialer{dialer.NewDirectDialer(option, true)},
2023-01-23 18:54:21 +07:00
outbound.DialerSelectionPolicy{
Policy: consts.DialerSelectionPolicy_Fixed,
FixedIndex: 0,
}, core.OutboundAliveChangeCallback(0)),
2023-01-28 00:50:21 +07:00
outbound.NewDialerGroup(option, consts.OutboundBlock.String(),
[]*dialer.Dialer{dialer.NewBlockDialer(option, func() { /*Dialer Outbound*/ })},
2023-01-23 18:54:21 +07:00
outbound.DialerSelectionPolicy{
2023-01-27 01:10:27 +07:00
Policy: consts.DialerSelectionPolicy_Fixed,
FixedIndex: 0,
}, core.OutboundAliveChangeCallback(1)),
2023-01-23 18:54:21 +07:00
}
2023-01-28 00:50:21 +07:00
// Filter out groups.
dialerSet := outbound.NewDialerSetFromLinks(option, tagToNodeList)
2023-02-27 12:29:42 +07:00
deferFuncs = append(deferFuncs, dialerSet.Close)
2023-01-28 00:50:21 +07:00
for _, group := range groups {
2023-01-28 14:47:43 +07:00
// Parse policy.
2023-02-25 01:38:21 +07:00
policy, err := outbound.NewDialerSelectionPolicyFromGroupParam(&group)
2023-01-28 14:47:43 +07:00
if err != nil {
return nil, fmt.Errorf("failed to create group %v: %w", group.Name, err)
}
// Filter nodes with user given filters.
2023-02-25 01:38:21 +07:00
dialers, err := dialerSet.Filter(group.Filter)
2023-01-28 00:50:21 +07:00
if err != nil {
return nil, fmt.Errorf(`failed to create group "%v": %w`, group.Name, err)
}
2023-01-28 14:47:43 +07:00
// Convert node links to dialers.
log.Infof(`Group "%v" node list:`, group.Name)
for _, d := range dialers {
2023-02-28 20:25:15 +07:00
log.Infoln("\t" + d.Property().Name)
// We only activate check of nodes that have a group.
d.ActivateCheck()
2023-01-28 14:47:43 +07:00
}
if len(dialers) == 0 {
log.Infoln("\t<Empty>")
2023-01-28 00:50:21 +07:00
}
2023-01-28 14:47:43 +07:00
// Create dialer group and append it to outbounds.
dialerGroup := outbound.NewDialerGroup(option, group.Name, dialers, *policy, core.OutboundAliveChangeCallback(uint8(len(outbounds))))
2023-01-28 00:50:21 +07:00
outbounds = append(outbounds, dialerGroup)
}
2023-02-08 14:38:13 +07:00
/// Routing.
2023-01-23 18:54:21 +07:00
// Generate outboundName2Id from outbounds.
if len(outbounds) > int(consts.OutboundUserDefinedMax) {
2023-01-23 18:54:21 +07:00
return nil, fmt.Errorf("too many outbounds")
}
outboundName2Id := make(map[string]uint8)
for i, o := range outbounds {
if _, exist := outboundName2Id[o.Name]; exist {
return nil, fmt.Errorf("duplicated outbound name: %v", o.Name)
}
2023-01-23 18:54:21 +07:00
outboundName2Id[o.Name] = uint8(i)
outboundId2Name[uint8(i)] = o.Name
2023-01-23 18:54:21 +07:00
}
2023-02-25 01:38:21 +07:00
// Apply rules optimizers.
locationFinder := assets.NewLocationFinder(externGeoDataDirs)
2023-01-28 00:50:21 +07:00
var rules []*config_parser.RoutingRule
if rules, err = routing.ApplyRulesOptimizers(routingA.Rules,
&routing.AliasOptimizer{},
&routing.DatReaderOptimizer{Logger: log, LocationFinder: locationFinder},
&routing.MergeAndSortRulesOptimizer{},
&routing.DeduplicateParamsOptimizer{},
); err != nil {
2023-02-01 13:08:01 +07:00
return nil, fmt.Errorf("ApplyRulesOptimizers error:\n%w", err)
}
2023-02-18 22:09:06 +07:00
routingA.Rules = nil // Release.
2023-01-29 10:19:58 +07:00
if log.IsLevelEnabled(logrus.DebugLevel) {
var debugBuilder strings.Builder
for _, rule := range rules {
debugBuilder.WriteString(rule.String(true, false, false) + "\n")
}
log.Debugf("RoutingA:\n%vfallback: %v\n", debugBuilder.String(), routingA.Fallback)
}
2023-02-25 01:38:21 +07:00
// Parse rules and build.
2023-02-27 12:29:42 +07:00
builder, err := NewRoutingMatcherBuilder(log, rules, outboundName2Id, core.bpf, routingA.Fallback)
2023-02-25 01:38:21 +07:00
if err != nil {
return nil, fmt.Errorf("NewRoutingMatcherBuilder: %w", err)
2023-01-23 18:54:21 +07:00
}
if err = builder.BuildKernspace(log); err != nil {
return nil, fmt.Errorf("RoutingMatcherBuilder.BuildKernspace: %w", err)
}
2023-02-25 01:38:21 +07:00
routingMatcher, err := builder.BuildUserspace(core.bpf.LpmArrayMap)
if err != nil {
return nil, fmt.Errorf("RoutingMatcherBuilder.BuildUserspace: %w", err)
2023-01-23 18:54:21 +07:00
}
2023-03-17 12:13:42 +07:00
2023-02-25 01:38:21 +07:00
/// Dial mode.
dialMode, err := consts.ParseDialMode(global.DialMode)
2023-02-25 01:38:21 +07:00
if err != nil {
return nil, err
}
2023-04-12 23:18:42 +07:00
sniffingTimeout := global.SniffingTimeout
if dialMode == consts.DialMode_Ip {
sniffingTimeout = 0
}
2023-03-30 22:28:45 +07:00
ctx, cancel := context.WithCancel(context.Background())
2023-03-01 10:36:08 +07:00
plane := &ControlPlane{
log: log,
core: core,
deferFuncs: deferFuncs,
listenIp: "0.0.0.0",
outbounds: outbounds,
dnsController: nil,
onceNetworkReady: sync.Once{},
dialMode: dialMode,
routingMatcher: routingMatcher,
2023-03-30 22:28:45 +07:00
ctx: ctx,
cancel: cancel,
ready: make(chan struct{}),
2023-03-17 14:37:12 +07:00
muRealDomainSet: sync.Mutex{},
realDomainSet: bloom.NewWithEstimates(2048, 0.001),
lanInterface: global.LanInterface,
wanInterface: global.WanInterface,
2023-04-12 23:18:42 +07:00
sniffingTimeout: sniffingTimeout,
}
defer func() {
if err != nil {
2023-03-30 22:28:45 +07:00
cancel()
}
}()
2023-02-09 23:29:23 +07:00
2023-02-25 01:38:21 +07:00
/// DNS upstream.
dnsUpstream, err := dns.New(dnsConfig, &dns.NewOption{
Logger: log,
LocationFinder: locationFinder,
2023-03-01 10:36:08 +07:00
UpstreamReadyCallback: plane.dnsUpstreamReadyCallback,
2023-02-25 01:38:21 +07:00
})
if err != nil {
return nil, err
}
/// Dns controller.
2023-03-01 10:36:08 +07:00
if plane.dnsController, err = NewDnsController(dnsUpstream, &DnsControllerOption{
2023-02-25 01:38:21 +07:00
Log: log,
CacheAccessCallback: func(cache *DnsCache) (err error) {
// Write mappings into eBPF map:
// IP record (from dns lookup) -> domain routing
if err = core.BatchUpdateDomainRouting(cache); err != nil {
return fmt.Errorf("BatchUpdateDomainRouting: %w", err)
}
return nil
},
NewCache: func(fqdn string, answers []dnsmessage.Resource, deadline time.Time) (cache *DnsCache, err error) {
return &DnsCache{
2023-03-01 10:36:08 +07:00
DomainBitmap: plane.routingMatcher.domainMatcher.MatchDomainBitmap(fqdn),
2023-02-25 01:38:21 +07:00
Answers: answers,
Deadline: deadline,
}, nil
},
2023-03-01 10:36:08 +07:00
BestDialerChooser: plane.chooseBestDnsDialer,
2023-04-07 22:06:04 +07:00
IpVersionPrefer: dnsConfig.IpVersionPrefer,
}); err != nil {
return nil, err
}
2023-03-17 12:13:42 +07:00
// Refresh domain routing cache with new routing.
2023-04-07 22:06:04 +07:00
if dnsCache != nil && len(dnsCache) > 0 {
2023-03-17 12:13:42 +07:00
for cacheKey, cache := range dnsCache {
2023-04-07 22:06:04 +07:00
// Also refresh out-dated routing because kernel map items have no expiration.
2023-03-17 12:13:42 +07:00
lastDot := strings.LastIndex(cacheKey, ".")
if lastDot == -1 || lastDot == len(cacheKey)-1 {
// Not a valid key.
log.Warnln("Invalid cache key:", cacheKey)
continue
}
host := cacheKey[:lastDot]
typ := cacheKey[lastDot+1:]
_ = plane.dnsController.UpdateDnsCache(host, typ, cache.Answers, cache.Deadline)
}
2023-04-07 22:06:04 +07:00
} else if _bpf != nil {
// Is reloading, and dnsCache == nil.
// Remove all map items.
// Normally, it is due to the change of ip version preference.
var key [4]uint32
var val bpfDomainRouting
iter := core.bpf.DomainRoutingMap.Iterate()
for iter.Next(&key, &val) {
_ = core.bpf.DomainRoutingMap.Delete(&key)
}
2023-03-17 12:13:42 +07:00
}
// Init immediately to avoid DNS leaking in the very beginning because param control_plane_dns_routing will
// be set in callback.
if err = dnsUpstream.CheckUpstreamsFormat(); err != nil {
return nil, err
}
go dnsUpstream.InitUpstreams()
2023-03-01 10:36:08 +07:00
close(plane.ready)
return plane, nil
}
2023-02-27 12:29:42 +07:00
// EjectBpf will resect bpf from destroying life-cycle of control plane.
func (c *ControlPlane) EjectBpf() *bpfObjects {
return c.core.EjectBpf()
}
func (c *ControlPlane) InjectBpf(bpf *bpfObjects) {
c.core.InjectBpf(bpf)
}
2023-02-27 12:29:42 +07:00
2023-03-17 12:13:42 +07:00
func (c *ControlPlane) CloneDnsCache() map[string]*DnsCache {
c.dnsController.dnsCacheMu.Lock()
defer c.dnsController.dnsCacheMu.Unlock()
return deepcopy.Copy(c.dnsController.dnsCache).(map[string]*DnsCache)
}
func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err error) {
// Waiting for ready.
select {
2023-03-30 22:28:45 +07:00
case <-c.ctx.Done():
return nil
case <-c.ready:
}
/// Notify dialers to check.
2023-02-25 01:38:21 +07:00
c.onceNetworkReady.Do(func() {
for _, out := range c.outbounds {
for _, d := range out.Dialers {
d.NotifyCheck()
}
2023-02-06 15:22:07 +07:00
}
2023-02-25 01:38:21 +07:00
})
if dnsUpstream == nil {
return nil
}
/// Updates dns cache to support domain routing for hostname of dns_upstream.
2023-02-25 01:38:21 +07:00
// Ten years later.
deadline := time.Now().Add(time.Hour * 24 * 365 * 10)
fqdn := dnsUpstream.Hostname
if !strings.HasSuffix(fqdn, ".") {
fqdn = fqdn + "."
}
if dnsUpstream.Ip4.IsValid() {
typ := dnsmessage.TypeA
answers := []dnsmessage.Resource{{
Header: dnsmessage.ResourceHeader{
Name: dnsmessage.MustNewName(fqdn),
Type: typ,
Class: dnsmessage.ClassINET,
TTL: 0, // Must be zero.
},
Body: &dnsmessage.AResource{
A: dnsUpstream.Ip4.As4(),
},
}}
2023-03-17 12:13:42 +07:00
if err = c.dnsController.UpdateDnsCache(dnsUpstream.Hostname, typ.String(), answers, deadline); err != nil {
return err
}
2023-02-25 01:38:21 +07:00
}
2023-02-25 01:38:21 +07:00
if dnsUpstream.Ip6.IsValid() {
typ := dnsmessage.TypeAAAA
answers := []dnsmessage.Resource{{
Header: dnsmessage.ResourceHeader{
Name: dnsmessage.MustNewName(fqdn),
Type: typ,
Class: dnsmessage.ClassINET,
TTL: 0, // Must be zero.
},
Body: &dnsmessage.AAAAResource{
AAAA: dnsUpstream.Ip6.As16(),
},
}}
2023-03-17 12:13:42 +07:00
if err = c.dnsController.UpdateDnsCache(dnsUpstream.Hostname, typ.String(), answers, deadline); err != nil {
return err
2023-02-06 15:22:07 +07:00
}
2023-01-27 01:10:27 +07:00
}
return nil
2023-01-23 18:54:21 +07:00
}
func (c *ControlPlane) ChooseDialTarget(outbound consts.OutboundIndex, dst netip.AddrPort, domain string) (dialTarget string, shouldReroute bool) {
dialMode := consts.DialMode_Ip
2023-02-17 00:07:27 +07:00
if !outbound.IsReserved() && domain != "" {
switch c.dialMode {
case consts.DialMode_Domain:
if cache := c.dnsController.LookupDnsRespCache(domain, common.AddrToDnsType(dst.Addr())); cache != nil {
// Has A/AAAA records. It is a real domain.
2023-02-26 19:33:50 +07:00
dialMode = consts.DialMode_Domain
} else {
2023-03-17 12:13:42 +07:00
// Check if the domain is in real-domain set (bloom filter).
2023-03-17 14:37:12 +07:00
c.muRealDomainSet.Lock()
if c.realDomainSet.TestString(domain) {
2023-03-17 14:37:12 +07:00
c.muRealDomainSet.Unlock()
dialMode = consts.DialMode_Domain
} else {
2023-03-17 14:37:12 +07:00
c.muRealDomainSet.Unlock()
// Lookup A/AAAA to make sure it is a real domain.
ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
defer cancel()
2023-03-17 14:37:12 +07:00
// TODO: use DNS controller and re-route by control plane.
systemDns, err := netutils.SystemDns()
if err == nil {
if ip46, err := netutils.ResolveIp46(ctx, direct.SymmetricDirect, systemDns, domain, false, true); err == nil && (ip46.Ip4.IsValid() || ip46.Ip6.IsValid()) {
2023-03-17 14:37:12 +07:00
// Has A/AAAA records. It is a real domain.
dialMode = consts.DialMode_Domain
2023-03-17 14:37:12 +07:00
// Add it to real-domain set.
c.muRealDomainSet.Lock()
c.realDomainSet.AddString(domain)
c.muRealDomainSet.Unlock()
// Should use this domain to reroute
shouldReroute = true
}
}
}
2023-02-17 00:07:27 +07:00
}
2023-03-14 17:22:00 +07:00
case consts.DialMode_DomainCao:
fallthrough
2023-02-17 00:07:27 +07:00
case consts.DialMode_DomainPlus:
2023-02-26 19:33:50 +07:00
dialMode = consts.DialMode_Domain
}
}
2023-02-17 00:07:27 +07:00
2023-02-26 19:33:50 +07:00
switch dialMode {
case consts.DialMode_Ip:
dialTarget = dst.String()
case consts.DialMode_Domain:
if strings.HasPrefix(domain, "[") && strings.HasSuffix(domain, "]") {
// Sniffed domain may be like `[2606:4700:20::681a:d1f]`. We should remove the brackets.
domain = domain[1 : len(domain)-1]
}
2023-02-27 12:29:42 +07:00
if _, err := netip.ParseAddr(domain); err == nil {
// domain is IPv4 or IPv6 (has colon)
dialTarget = net.JoinHostPort(domain, strconv.Itoa(int(dst.Port())))
} else if _, _, err := net.SplitHostPort(domain); err == nil {
// domain is already domain:port
dialTarget = domain
} else {
dialTarget = net.JoinHostPort(domain, strconv.Itoa(int(dst.Port())))
}
c.log.WithFields(logrus.Fields{
"from": dst.String(),
"to": dialTarget,
}).Debugln("Rewrite dial target to domain")
}
return dialTarget, shouldReroute
}
2023-02-27 12:29:42 +07:00
type Listener struct {
tcpListener net.Listener
packetConn net.PacketConn
port uint16
}
func (l *Listener) Close() error {
var (
err error
err2 error
)
if err, err2 = l.tcpListener.Close(), l.packetConn.Close(); err2 != nil {
if err == nil {
err = err2
} else {
err = fmt.Errorf("%w: %v", err, err2)
}
2023-01-23 18:54:21 +07:00
}
2023-02-27 12:29:42 +07:00
return err
}
func (c *ControlPlane) Serve(readyChan chan<- bool, listener *Listener) (err error) {
sentReady := false
defer func() {
if !sentReady {
readyChan <- false
}
}()
2023-02-27 12:29:42 +07:00
udpConn := listener.packetConn.(*net.UDPConn)
/// Serve.
// TCP socket.
2023-02-27 12:29:42 +07:00
tcpFile, err := listener.tcpListener.(*net.TCPListener).File()
if err != nil {
return fmt.Errorf("failed to retrieve copy of the underlying TCP connection file")
}
c.deferFuncs = append(c.deferFuncs, func() error {
return tcpFile.Close()
})
if err := c.core.bpf.ListenSocketMap.Update(consts.ZeroKey, uint64(tcpFile.Fd()), ebpf.UpdateAny); err != nil {
return err
}
// UDP socket.
udpFile, err := udpConn.File()
if err != nil {
return fmt.Errorf("failed to retrieve copy of the underlying UDP connection file")
}
c.deferFuncs = append(c.deferFuncs, func() error {
return udpFile.Close()
})
if err := c.core.bpf.ListenSocketMap.Update(consts.OneKey, uint64(udpFile.Fd()), ebpf.UpdateAny); err != nil {
return err
}
// Port.
2023-02-27 12:29:42 +07:00
if err := c.core.bpf.ParamMap.Update(consts.BigEndianTproxyPortKey, uint32(common.Htons(listener.port)), ebpf.UpdateAny); err != nil {
2023-01-23 18:54:21 +07:00
return err
}
sentReady = true
readyChan <- true
2023-01-23 18:54:21 +07:00
go func() {
for {
2023-02-27 12:29:42 +07:00
select {
2023-03-30 22:28:45 +07:00
case <-c.ctx.Done():
2023-02-27 12:29:42 +07:00
return
default:
}
lconn, err := listener.tcpListener.Accept()
2023-01-23 18:54:21 +07:00
if err != nil {
if !strings.Contains(err.Error(), "use of closed network connection") {
c.log.Errorf("Error when accept: %v", err)
}
break
}
2023-02-27 12:29:42 +07:00
go func(lconn net.Conn) {
2023-01-23 18:54:21 +07:00
if err := c.handleConn(lconn); err != nil {
c.log.Warnln("handleConn:", err)
}
2023-02-27 12:29:42 +07:00
}(lconn)
2023-01-23 18:54:21 +07:00
}
}()
go func() {
for {
2023-02-27 12:29:42 +07:00
select {
2023-03-30 22:28:45 +07:00
case <-c.ctx.Done():
2023-02-27 12:29:42 +07:00
return
default:
}
2023-03-25 12:52:52 +07:00
var buf [EthernetMtu]byte
var oob [120]byte // Size for original dest
n, oobn, _, src, err := udpConn.ReadMsgUDPAddrPort(buf[:], oob[:])
2023-01-23 18:54:21 +07:00
if err != nil {
if !strings.Contains(err.Error(), "use of closed network connection") {
c.log.Errorf("ReadFromUDPAddrPort: %v, %v", src.String(), err)
2023-01-23 18:54:21 +07:00
}
break
}
2023-02-19 21:16:59 +07:00
newBuf := pool.Get(n)
copy(newBuf, buf[:n])
go func(data []byte, src netip.AddrPort) {
defer pool.Put(data)
var realDst netip.AddrPort
var routingResult *bpfRoutingResult
2023-02-19 21:16:59 +07:00
pktDst := RetrieveOriginalDest(oob[:oobn])
routingResult, err := c.core.RetrieveRoutingResult(src, pktDst, unix.IPPROTO_UDP)
2023-02-07 20:11:12 +07:00
if err != nil {
2023-02-19 21:16:59 +07:00
// WAN. Old method.
2023-02-21 15:28:09 +07:00
lastErr := err
2023-02-19 21:16:59 +07:00
addrHdr, dataOffset, err := ParseAddrHdr(data)
if err != nil {
2023-02-21 15:28:09 +07:00
c.log.Warnf("No AddrPort presented: %v, %v", lastErr, err)
2023-02-19 21:16:59 +07:00
return
}
2023-03-02 20:09:24 +07:00
n := copy(data, data[dataOffset:])
data = data[:n]
routingResult = &addrHdr.RoutingResult
__ip := common.Ipv6Uint32ArrayToByteSlice(addrHdr.Ip)
_ip, _ := netip.AddrFromSlice(__ip)
// Comment it because them SHOULD equal.
//src = netip.AddrPortFrom(_ip, src.Port())
realDst = netip.AddrPortFrom(_ip, addrHdr.Port)
2023-02-19 21:16:59 +07:00
} else {
realDst = pktDst
2023-02-07 20:11:12 +07:00
}
2023-02-25 01:38:21 +07:00
if e := c.handlePkt(udpConn, data, common.ConvergeAddrPort(src), common.ConvergeAddrPort(pktDst), common.ConvergeAddrPort(realDst), routingResult); e != nil {
2023-01-23 18:54:21 +07:00
c.log.Warnln("handlePkt:", e)
}
2023-02-19 21:16:59 +07:00
}(newBuf, src)
2023-01-23 18:54:21 +07:00
}
}()
2023-03-30 22:28:45 +07:00
<-c.ctx.Done()
2023-01-23 18:54:21 +07:00
return nil
}
func (c *ControlPlane) ListenAndServe(readyChan chan<- bool, port uint16) (listener *Listener, err error) {
2023-02-27 12:29:42 +07:00
// Listen.
var listenConfig = net.ListenConfig{
Control: func(network, address string, c syscall.RawConn) error {
return dialer.TproxyControl(c)
},
}
listenAddr := net.JoinHostPort(c.listenIp, strconv.Itoa(int(port)))
tcpListener, err := listenConfig.Listen(context.TODO(), "tcp", listenAddr)
if err != nil {
return nil, fmt.Errorf("listenTCP: %w", err)
}
packetConn, err := listenConfig.ListenPacket(context.TODO(), "udp", listenAddr)
if err != nil {
_ = tcpListener.Close()
return nil, fmt.Errorf("listenUDP: %w", err)
}
listener = &Listener{
tcpListener: tcpListener,
packetConn: packetConn,
port: port,
}
defer func() {
if err != nil {
_ = listener.Close()
}
}()
// Serve
if err = c.Serve(readyChan, listener); err != nil {
2023-02-27 12:29:42 +07:00
return nil, fmt.Errorf("failed to serve: %w", err)
}
return listener, nil
}
2023-02-25 01:38:21 +07:00
func (c *ControlPlane) chooseBestDnsDialer(
req *udpRequest,
dnsUpstream *dns.Upstream,
) (*dialArgument, error) {
/// Choose the best l4proto+ipversion dialer, and change taregt DNS to the best ipversion DNS upstream for DNS request.
// Get available ipversions and l4protos for DNS upstream.
ipversions, l4protos := dnsUpstream.SupportedNetworks()
var (
bestLatency time.Duration
l4proto consts.L4ProtoStr
ipversion consts.IpVersionStr
bestDialer *dialer.Dialer
bestOutbound *outbound.DialerGroup
bestTarget netip.AddrPort
dialMark uint32
)
// Get the min latency path.
networkType := dialer.NetworkType{
IsDns: true,
}
for _, ver := range ipversions {
for _, proto := range l4protos {
networkType.L4Proto = proto
networkType.IpVersion = ver
var dAddr netip.Addr
switch ver {
case consts.IpVersionStr_4:
dAddr = dnsUpstream.Ip4
case consts.IpVersionStr_6:
dAddr = dnsUpstream.Ip6
default:
return nil, fmt.Errorf("unexpected ipversion: %v", ver)
}
outboundIndex, mark, _, err := c.Route(req.realSrc, netip.AddrPortFrom(dAddr, dnsUpstream.Port), dnsUpstream.Hostname, proto.ToL4ProtoType(), req.routingResult)
2023-02-25 01:38:21 +07:00
if err != nil {
return nil, err
}
if int(outboundIndex) >= len(c.outbounds) {
return nil, fmt.Errorf("bad outbound index: %v", outboundIndex)
}
dialerGroup := c.outbounds[outboundIndex]
d, latency, err := dialerGroup.Select(&networkType)
if err != nil {
continue
}
//if c.log.IsLevelEnabled(logrus.TraceLevel) {
// c.log.WithFields(logrus.Fields{
// "name": d.Name(),
// "latency": latency,
// "network": networkType.String(),
// "outbound": dialerGroup.Name,
// }).Traceln("Choice")
//}
if bestDialer == nil || latency < bestLatency {
bestDialer = d
bestOutbound = dialerGroup
bestLatency = latency
l4proto = proto
ipversion = ver
dialMark = mark
if bestLatency == 0 {
break
}
}
}
}
if bestDialer == nil {
return nil, fmt.Errorf("no proper dialer for DNS upstream: %v", dnsUpstream.String())
}
switch ipversion {
case consts.IpVersionStr_4:
bestTarget = netip.AddrPortFrom(dnsUpstream.Ip4, dnsUpstream.Port)
case consts.IpVersionStr_6:
bestTarget = netip.AddrPortFrom(dnsUpstream.Ip6, dnsUpstream.Port)
}
if c.log.IsLevelEnabled(logrus.TraceLevel) {
c.log.WithFields(logrus.Fields{
"ipversions": ipversions,
"l4protos": l4protos,
"upstream": dnsUpstream.String(),
"choose": string(l4proto) + "+" + string(ipversion),
"use": bestTarget.String(),
}).Traceln("Choose DNS path")
}
2023-02-25 01:38:21 +07:00
return &dialArgument{
l4proto: l4proto,
ipversion: ipversion,
bestDialer: bestDialer,
bestOutbound: bestOutbound,
bestTarget: bestTarget,
mark: dialMark,
}, nil
}
2023-01-23 18:54:21 +07:00
func (c *ControlPlane) Close() (err error) {
// Invoke defer funcs in reverse order.
for i := len(c.deferFuncs) - 1; i >= 0; i-- {
if e := c.deferFuncs[i](); e != nil {
// Combine errors.
if err != nil {
err = fmt.Errorf("%w; %v", err, e)
} else {
err = e
}
}
}
2023-03-30 22:28:45 +07:00
c.cancel()
return c.core.Close()
2023-01-23 18:54:21 +07:00
}