dae/component/control/udp.go

216 lines
6.7 KiB
Go
Raw Normal View History

2023-01-23 18:54:21 +07:00
/*
* SPDX-License-Identifier: AGPL-3.0-only
2023-01-28 12:56:06 +07:00
* Copyright (c) since 2022, v2rayA Organization <team@v2raya.org>
2023-01-23 18:54:21 +07:00
*/
package control
import (
"encoding/binary"
2023-02-04 19:53:29 +07:00
"errors"
2023-01-23 18:54:21 +07:00
"fmt"
2023-01-29 12:38:15 +07:00
"github.com/mzz2017/softwind/pool"
"github.com/sirupsen/logrus"
2023-01-23 19:01:24 +07:00
"github.com/v2rayA/dae/common/consts"
"github.com/v2rayA/dae/component/outbound/dialer"
2023-01-23 18:54:21 +07:00
"golang.org/x/net/dns/dnsmessage"
"net"
"net/netip"
"strings"
2023-01-23 18:54:21 +07:00
"time"
)
const (
DefaultNatTimeout = 3 * time.Minute
DnsNatTimeout = 17 * time.Second // RFC 5452
)
func ChooseNatTimeout(data []byte) (dmsg *dnsmessage.Message, timeout time.Duration) {
var dnsmsg dnsmessage.Message
if err := dnsmsg.Unpack(data); err == nil {
//log.Printf("DEBUG: lookup %v", dnsmsg.Questions[0].Name)
return &dnsmsg, DnsNatTimeout
}
return nil, DefaultNatTimeout
}
type AddrHdr struct {
Dest netip.AddrPort
Outbound uint8
}
func ParseAddrHdr(data []byte) (hdr *AddrHdr, dataOffset int, err error) {
ipSize := 16
dataOffset = consts.AddrHdrSize
if len(data) < dataOffset {
return nil, 0, fmt.Errorf("data is too short to parse AddrHdr")
}
destAddr, _ := netip.AddrFromSlice(data[:ipSize])
port := binary.BigEndian.Uint16(data[ipSize:])
outbound := data[ipSize+2]
return &AddrHdr{
Dest: netip.AddrPortFrom(destAddr, port),
Outbound: outbound,
}, dataOffset, nil
}
func (hdr *AddrHdr) ToBytesFromPool() []byte {
ipSize := 16
buf := pool.GetZero(consts.AddrHdrSize) // byte align to a multiple of 4
ip := hdr.Dest.Addr().As16()
copy(buf, ip[:])
binary.BigEndian.PutUint16(buf[ipSize:], hdr.Dest.Port())
buf[ipSize+2] = hdr.Outbound
return buf
}
func sendPktWithHdr(data []byte, from netip.AddrPort, lConn *net.UDPConn, to netip.AddrPort) error {
hdr := AddrHdr{
Dest: from,
Outbound: 0, // Do not care.
}
bHdr := hdr.ToBytesFromPool()
defer pool.Put(bHdr)
buf := pool.Get(len(bHdr) + len(data))
defer pool.Put(buf)
copy(buf, bHdr)
copy(buf[len(bHdr):], data)
//log.Println("from", from, "to", to)
_, err := lConn.WriteToUDPAddrPort(buf, to)
return err
}
2023-02-05 12:05:28 +07:00
func (c *ControlPlane) RelayToUDP(lConn *net.UDPConn, to netip.AddrPort, isDNS bool, dummyFrom *netip.AddrPort, validateRushAns bool) UdpHandler {
2023-01-23 18:54:21 +07:00
return func(data []byte, from netip.AddrPort) (err error) {
2023-02-05 12:05:28 +07:00
// Do not return conn-unrelated err in this func.
2023-01-23 18:54:21 +07:00
if isDNS {
2023-02-05 12:05:28 +07:00
data, err = c.DnsRespHandler(data, validateRushAns)
2023-01-23 18:54:21 +07:00
if err != nil {
2023-02-04 19:53:29 +07:00
if errors.Is(err, SuspectedRushAnswerError) {
// Reject DNS rush-answer.
2023-02-05 20:05:23 +07:00
c.log.WithFields(logrus.Fields{
"from": from,
}).Tracef("DNS rush-answer rejected")
2023-02-04 19:53:29 +07:00
return err
}
c.log.Debugf("DnsRespHandler: %v", err)
2023-02-05 12:05:28 +07:00
if data == nil {
return nil
}
2023-01-23 18:54:21 +07:00
}
}
2023-01-24 16:15:27 +07:00
if dummyFrom != nil {
from = *dummyFrom
}
2023-01-23 18:54:21 +07:00
return sendPktWithHdr(data, from, lConn, to)
}
}
func (c *ControlPlane) handlePkt(data []byte, lConn *net.UDPConn, lAddrPort netip.AddrPort, addrHdr *AddrHdr) (err error) {
switch consts.OutboundIndex(addrHdr.Outbound) {
case consts.OutboundDirect:
case consts.OutboundControlPlaneDirect:
2023-01-23 18:54:21 +07:00
addrHdr.Outbound = uint8(consts.OutboundDirect)
2023-02-04 16:20:42 +07:00
c.log.Tracef("outbound: %v => %v",
consts.OutboundControlPlaneDirect.String(),
2023-01-23 18:54:21 +07:00
consts.OutboundIndex(addrHdr.Outbound).String(),
)
default:
}
2023-01-30 14:50:55 +07:00
if int(addrHdr.Outbound) >= len(c.outbounds) {
return fmt.Errorf("outbound %v out of range", addrHdr.Outbound)
}
2023-01-23 18:54:21 +07:00
outbound := c.outbounds[addrHdr.Outbound]
dnsMessage, natTimeout := ChooseNatTimeout(data)
// We should cache DNS records and set record TTL to 0, in order to monitor the dns req and resp in real time.
isDns := dnsMessage != nil
2023-01-24 16:15:27 +07:00
var dummyFrom *netip.AddrPort
dest := addrHdr.Dest
2023-01-23 18:54:21 +07:00
if isDns {
if resp := c.LookupDnsRespCache(dnsMessage); resp != nil {
2023-02-04 19:53:29 +07:00
// Send cache to client directly.
2023-01-24 16:15:27 +07:00
if err = sendPktWithHdr(resp, dest, lConn, lAddrPort); err != nil {
2023-01-23 18:54:21 +07:00
return fmt.Errorf("failed to write cached DNS resp: %w", err)
}
if c.log.IsLevelEnabled(logrus.DebugLevel) && len(dnsMessage.Questions) > 0 {
q := dnsMessage.Questions[0]
c.log.Tracef("UDP(DNS) %v <-[%v]-> Cache: %v %v",
RefineSourceToShow(lAddrPort, dest.Addr()), outbound.Name, strings.ToLower(q.Name.String()), q.Type,
)
}
2023-01-23 18:54:21 +07:00
return nil
2023-02-04 19:53:29 +07:00
}
2023-02-04 19:53:29 +07:00
// Need to make a DNS request.
c.log.Tracef("Modify dns target %v to upstream: %v", RefineAddrPortToShow(dest), c.dnsUpstream)
// Modify dns target to upstream.
// NOTICE: Routing was calculated in advance by the eBPF program.
dummyFrom = &addrHdr.Dest
dest = c.dnsUpstream
// Flip dns question to reduce dns pollution.
FlipDnsQuestionCase(dnsMessage)
// Make sure there is additional record OPT in the request to filter DNS rush-answer in the response process.
// Because rush-answer has no resp OPT. We can distinguish them from multiple responses.
// Note that additional record OPT may not be supported by home router either.
_, _ = EnsureAdditionalOpt(dnsMessage, true)
// Re-pack DNS packet.
if data, err = dnsMessage.Pack(); err != nil {
return fmt.Errorf("pack flipped dns packet: %w", err)
}
}
2023-02-05 12:05:28 +07:00
// We only validate rush-ans when outbound is direct and pkt does not send to a home device.
// Because additional record OPT may not be supported by home router.
// So se should trust home devices even if they make rush-answer (or looks like).
validateRushAns := addrHdr.Outbound == uint8(consts.OutboundDirect) && !dest.Addr().IsPrivate()
ue, err := DefaultUdpEndpointPool.GetOrCreate(lAddrPort, &UdpEndpointOptions{
2023-02-05 12:05:28 +07:00
Handler: c.RelayToUDP(lConn, lAddrPort, isDns, dummyFrom, validateRushAns),
NatTimeout: natTimeout,
DialerFunc: func() (*dialer.Dialer, error) {
newDialer, err := outbound.Select()
if err != nil {
return nil, fmt.Errorf("failed to select dialer from group %v: %w", outbound.Name, err)
}
return newDialer, nil
},
Target: dest,
})
if err != nil {
return fmt.Errorf("failed to GetOrCreate: %w", err)
}
// This is real dialer.
d := ue.Dialer
if isDns && c.log.IsLevelEnabled(logrus.DebugLevel) && len(dnsMessage.Questions) > 0 {
q := dnsMessage.Questions[0]
c.log.WithFields(logrus.Fields{
"l4proto": "UDP(DNS)",
"outbound": outbound.Name,
"dialer": d.Name(),
"qname": strings.ToLower(q.Name.String()),
"qtype": q.Type,
}).Infof("%v <-> %v",
RefineSourceToShow(lAddrPort, dest.Addr()), RefineAddrPortToShow(dest),
)
2023-01-23 18:54:21 +07:00
} else {
// TODO: Set-up ip to domain mapping and show domain if possible.
2023-02-04 14:02:44 +07:00
c.log.WithFields(logrus.Fields{
"l4proto": "UDP",
"outbound": outbound.Name,
"dialer": d.Name(),
2023-02-04 14:02:44 +07:00
}).Infof("%v <-> %v",
RefineSourceToShow(lAddrPort, dest.Addr()), RefineAddrPortToShow(dest),
2023-01-23 18:54:21 +07:00
)
}
//log.Printf("WriteToUDPAddrPort->%v", dest)
2023-01-24 16:15:27 +07:00
_, err = ue.WriteToUDPAddrPort(data, dest)
2023-01-23 18:54:21 +07:00
if err != nil {
return fmt.Errorf("failed to write UDP packet req: %w", err)
}
return nil
}