1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-11-10 06:16:53 -05:00
v2fly/proxy/vmess/inbound/inbound.go

400 lines
11 KiB
Go
Raw Normal View History

package inbound
2015-09-10 18:24:18 -04:00
//go:generate go run github.com/v2fly/v2ray-core/v5/common/errors/errorgen
2017-04-08 19:43:25 -04:00
2015-09-10 18:24:18 -04:00
import (
2017-01-13 17:42:39 -05:00
"context"
2016-05-30 18:21:41 -04:00
"io"
2018-02-09 05:32:12 -05:00
"strings"
2017-02-13 07:10:43 -05:00
"sync"
2017-01-31 06:42:05 -05:00
"time"
core "github.com/v2fly/v2ray-core/v5"
"github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/errors"
"github.com/v2fly/v2ray-core/v5/common/log"
"github.com/v2fly/v2ray-core/v5/common/net"
"github.com/v2fly/v2ray-core/v5/common/platform"
"github.com/v2fly/v2ray-core/v5/common/protocol"
"github.com/v2fly/v2ray-core/v5/common/serial"
"github.com/v2fly/v2ray-core/v5/common/session"
"github.com/v2fly/v2ray-core/v5/common/signal"
"github.com/v2fly/v2ray-core/v5/common/task"
"github.com/v2fly/v2ray-core/v5/common/uuid"
feature_inbound "github.com/v2fly/v2ray-core/v5/features/inbound"
"github.com/v2fly/v2ray-core/v5/features/policy"
"github.com/v2fly/v2ray-core/v5/features/routing"
"github.com/v2fly/v2ray-core/v5/proxy/vmess"
"github.com/v2fly/v2ray-core/v5/proxy/vmess/encoding"
"github.com/v2fly/v2ray-core/v5/transport/internet"
2015-09-10 18:24:18 -04:00
)
2016-02-25 08:38:41 -05:00
type userByEmail struct {
2018-02-09 05:32:12 -05:00
sync.Mutex
2018-08-26 18:11:32 -04:00
cache map[string]*protocol.MemoryUser
2016-09-17 18:41:21 -04:00
defaultLevel uint32
2016-02-25 08:38:41 -05:00
defaultAlterIDs uint16
}
2018-02-09 05:43:23 -05:00
func newUserByEmail(config *DefaultConfig) *userByEmail {
2016-02-25 08:38:41 -05:00
return &userByEmail{
2018-08-26 18:11:32 -04:00
cache: make(map[string]*protocol.MemoryUser),
2016-02-25 08:38:41 -05:00
defaultLevel: config.Level,
2016-09-24 17:11:58 -04:00
defaultAlterIDs: uint16(config.AlterId),
2016-02-25 08:38:41 -05:00
}
}
2018-08-26 18:11:32 -04:00
func (v *userByEmail) addNoLock(u *protocol.MemoryUser) bool {
2018-02-09 05:32:12 -05:00
email := strings.ToLower(u.Email)
_, found := v.cache[email]
2018-02-09 05:32:12 -05:00
if found {
return false
}
v.cache[email] = u
2018-02-09 05:32:12 -05:00
return true
}
2018-08-26 18:11:32 -04:00
func (v *userByEmail) Add(u *protocol.MemoryUser) bool {
2018-02-09 05:32:12 -05:00
v.Lock()
defer v.Unlock()
return v.addNoLock(u)
}
2018-08-26 18:11:32 -04:00
func (v *userByEmail) Get(email string) (*protocol.MemoryUser, bool) {
2018-02-09 05:32:12 -05:00
email = strings.ToLower(email)
v.Lock()
defer v.Unlock()
user, found := v.cache[email]
2016-02-25 08:38:41 -05:00
if !found {
2018-02-09 05:32:12 -05:00
id := uuid.New()
2018-08-26 18:11:32 -04:00
rawAccount := &vmess.Account{
2018-02-09 05:32:12 -05:00
Id: id.String(),
AlterId: uint32(v.defaultAlterIDs),
}
2018-08-26 18:11:32 -04:00
account, err := rawAccount.AsAccount()
common.Must(err)
user = &protocol.MemoryUser{
2018-02-09 05:32:12 -05:00
Level: v.defaultLevel,
Email: email,
2018-08-26 18:11:32 -04:00
Account: account,
2016-02-25 08:38:41 -05:00
}
2018-02-09 05:32:12 -05:00
v.cache[email] = user
2016-02-25 08:38:41 -05:00
}
return user, found
}
2018-02-09 05:32:12 -05:00
func (v *userByEmail) Remove(email string) bool {
email = strings.ToLower(email)
v.Lock()
defer v.Unlock()
if _, found := v.cache[email]; !found {
return false
}
delete(v.cache, email)
return true
}
2017-02-13 07:16:37 -05:00
// Handler is an inbound connection handler that handles messages in VMess protocol.
type Handler struct {
2018-10-11 16:34:31 -04:00
policyManager policy.Manager
inboundHandlerManager feature_inbound.Manager
clients *vmess.TimedUserValidator
2016-02-25 08:38:41 -05:00
usersByEmail *userByEmail
2016-06-01 16:45:12 -04:00
detours *DetourConfig
2017-02-12 10:53:23 -05:00
sessionHistory *encoding.SessionHistory
secure bool
2015-09-10 18:24:18 -04:00
}
2017-11-25 09:20:59 -05:00
// New creates a new VMess inbound handler.
2017-02-13 07:16:37 -05:00
func New(ctx context.Context, config *Config) (*Handler, error) {
2018-02-21 11:05:29 -05:00
v := core.MustFromContext(ctx)
handler := &Handler{
2018-10-21 04:27:13 -04:00
policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager),
inboundHandlerManager: v.GetFeature(feature_inbound.ManagerType()).(feature_inbound.Manager),
2018-02-08 09:39:46 -05:00
clients: vmess.NewTimedUserValidator(protocol.DefaultIDHash),
detours: config.Detour,
2018-02-09 05:43:23 -05:00
usersByEmail: newUserByEmail(config.GetDefaultValue()),
2018-02-07 10:35:22 -05:00
sessionHistory: encoding.NewSessionHistory(),
secure: config.SecureEncryptionOnly,
}
2018-01-31 07:23:23 -05:00
for _, user := range config.User {
2018-08-26 18:11:32 -04:00
mUser, err := user.ToMemoryUser()
if err != nil {
return nil, newError("failed to get VMess user").Base(err)
}
if err := handler.AddUser(ctx, mUser); err != nil {
2018-01-31 07:23:23 -05:00
return nil, newError("failed to initiate user").Base(err)
}
}
return handler, nil
}
2018-02-08 09:39:46 -05:00
// Close implements common.Closable.
func (h *Handler) Close() error {
2018-12-04 08:17:08 -05:00
return errors.Combine(
h.clients.Close(),
h.sessionHistory.Close(),
common.Close(h.usersByEmail))
2018-02-08 09:39:46 -05:00
}
2017-02-13 07:16:37 -05:00
// Network implements proxy.Inbound.Network().
2018-11-20 10:58:26 -05:00
func (*Handler) Network() []net.Network {
2020-10-29 03:30:38 -04:00
return []net.Network{net.Network_TCP, net.Network_UNIX}
2017-01-14 18:57:06 -05:00
}
2018-08-26 18:11:32 -04:00
func (h *Handler) GetUser(email string) *protocol.MemoryUser {
2017-11-25 09:20:59 -05:00
user, existing := h.usersByEmail.Get(email)
2016-02-25 08:38:41 -05:00
if !existing {
2017-11-25 09:20:59 -05:00
h.clients.Add(user)
2016-02-25 08:38:41 -05:00
}
return user
2016-01-08 18:10:57 -05:00
}
2018-08-26 18:11:32 -04:00
func (h *Handler) AddUser(ctx context.Context, user *protocol.MemoryUser) error {
2018-02-09 05:43:23 -05:00
if len(user.Email) > 0 && !h.usersByEmail.Add(user) {
2018-02-09 05:32:12 -05:00
return newError("User ", user.Email, " already exists.")
}
2018-01-31 07:23:23 -05:00
return h.clients.Add(user)
}
2018-02-05 17:38:24 -05:00
func (h *Handler) RemoveUser(ctx context.Context, email string) error {
if email == "" {
2018-02-09 05:43:23 -05:00
return newError("Email must not be empty.")
}
2018-02-09 05:32:12 -05:00
if !h.usersByEmail.Remove(email) {
return newError("User ", email, " not found.")
}
h.clients.Remove(email)
return nil
2018-02-05 17:38:24 -05:00
}
2018-08-31 09:50:13 -04:00
func transferResponse(timer signal.ActivityUpdater, session *encoding.ServerSession, request *protocol.RequestHeader, response *protocol.ResponseHeader, input buf.Reader, output *buf.BufferedWriter) error {
2016-12-29 16:17:12 -05:00
session.EncodeResponseHeader(response, output)
bodyWriter, err := session.EncodeResponseBody(request, output)
if err != nil {
return newError("failed to start decoding response").Base(err)
}
2018-03-28 16:23:24 -04:00
{
// Optimize for small response packet
data, err := input.ReadMultiBuffer()
if err != nil {
return err
}
2016-12-29 16:17:12 -05:00
2018-03-28 16:23:24 -04:00
if err := bodyWriter.WriteMultiBuffer(data); err != nil {
return err
}
2017-01-06 05:59:51 -05:00
}
2016-12-29 16:17:12 -05:00
2018-08-31 09:50:13 -04:00
if err := output.SetBuffered(false); err != nil {
return err
2016-12-29 16:17:12 -05:00
}
2017-04-27 16:30:48 -04:00
if err := buf.Copy(input, bodyWriter, buf.UpdateActivity(timer)); err != nil {
2017-01-06 05:59:51 -05:00
return err
}
account := request.User.Account.(*vmess.MemoryAccount)
if request.Option.Has(protocol.RequestOptionChunkStream) && !account.NoTerminationSignal {
2017-11-09 16:33:15 -05:00
if err := bodyWriter.WriteMultiBuffer(buf.MultiBuffer{}); err != nil {
2016-12-29 16:17:12 -05:00
return err
}
}
return nil
}
2018-09-17 05:57:56 -04:00
func isInsecureEncryption(s protocol.SecurityType) bool {
return s == protocol.SecurityType_NONE || s == protocol.SecurityType_LEGACY || s == protocol.SecurityType_UNKNOWN
}
2017-02-13 07:16:37 -05:00
// Process implements proxy.Inbound.Process().
func (h *Handler) Process(ctx context.Context, network net.Network, connection internet.Connection, dispatcher routing.Dispatcher) error {
sessionPolicy := h.policyManager.ForLevel(0)
if err := connection.SetReadDeadline(time.Now().Add(sessionPolicy.Timeouts.Handshake)); err != nil {
return newError("unable to set read deadline").Base(err).AtWarning()
2017-05-30 11:33:41 -04:00
}
2017-05-23 19:35:05 -04:00
reader := &buf.BufferedReader{Reader: buf.NewReader(connection)}
svrSession := encoding.NewServerSession(h.clients, h.sessionHistory)
svrSession.SetAEADForced(aeadForced)
request, err := svrSession.DecodeRequestHeader(reader)
2015-09-10 18:24:18 -04:00
if err != nil {
2016-12-04 03:10:47 -05:00
if errors.Cause(err) != io.EOF {
2017-12-19 15:28:12 -05:00
log.Record(&log.AccessMessage{
From: connection.RemoteAddr(),
To: "",
Status: log.AccessRejected,
Reason: err,
})
2018-01-18 05:35:04 -05:00
err = newError("invalid request from ", connection.RemoteAddr()).Base(err).AtInfo()
2016-05-30 18:21:41 -04:00
}
return err
2015-09-10 18:24:18 -04:00
}
2017-05-17 15:13:01 -04:00
2018-09-17 05:57:56 -04:00
if h.secure && isInsecureEncryption(request.Security) {
log.Record(&log.AccessMessage{
From: connection.RemoteAddr(),
To: "",
Status: log.AccessRejected,
Reason: "Insecure encryption",
Email: request.User.Email,
})
return newError("client is using insecure encryption: ", request.Security)
}
2018-04-04 15:32:54 -04:00
if request.Command != protocol.RequestCommandMux {
2019-06-12 01:04:34 -04:00
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
2018-04-04 15:32:54 -04:00
From: connection.RemoteAddr(),
To: request.Destination(),
Status: log.AccessAccepted,
Reason: "",
Email: request.User.Email,
2018-04-04 15:32:54 -04:00
})
}
2017-12-19 15:28:12 -05:00
newError("received request for ", request.Destination()).WriteToLog(session.ExportIDToError(ctx))
2015-09-10 18:24:18 -04:00
if err := connection.SetReadDeadline(time.Time{}); err != nil {
newError("unable to set back read deadline").Base(err).WriteToLog(session.ExportIDToError(ctx))
}
2017-01-31 10:49:59 -05:00
2018-10-15 02:36:50 -04:00
inbound := session.InboundFromContext(ctx)
if inbound == nil {
panic("no inbound metadata")
}
inbound.User = request.User
sessionPolicy = h.policyManager.ForLevel(request.User.Level)
2017-03-31 15:10:33 -04:00
2017-11-14 18:36:14 -05:00
ctx, cancel := context.WithCancel(ctx)
timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)
2018-05-25 06:08:28 -04:00
2018-10-11 16:34:31 -04:00
ctx = policy.ContextWithBufferPolicy(ctx, sessionPolicy.Buffer)
2018-04-16 18:31:10 -04:00
link, err := dispatcher.Dispatch(ctx, request.Destination())
if err != nil {
2017-04-09 03:49:19 -04:00
return newError("failed to dispatch request to ", request.Destination()).Base(err)
}
2018-04-11 10:45:09 -04:00
requestDone := func() error {
defer timer.SetTimeout(sessionPolicy.Timeouts.DownlinkOnly)
2018-08-31 09:50:13 -04:00
bodyReader, err := svrSession.DecodeRequestBody(request, reader)
if err != nil {
return newError("failed to start decoding").Base(err)
}
2018-08-31 09:50:13 -04:00
if err := buf.Copy(bodyReader, link.Writer, buf.UpdateActivity(timer)); err != nil {
return newError("failed to transfer request").Base(err)
}
return nil
2018-04-11 10:45:09 -04:00
}
2018-04-11 10:45:09 -04:00
responseDone := func() error {
2018-12-04 08:17:08 -05:00
defer timer.SetTimeout(sessionPolicy.Timeouts.UplinkOnly)
2017-11-09 16:33:15 -05:00
writer := buf.NewBufferedWriter(buf.NewWriter(connection))
2017-05-23 19:35:05 -04:00
defer writer.Flush()
response := &protocol.ResponseHeader{
2017-11-25 09:20:59 -05:00
Command: h.generateCommand(ctx, request),
2017-05-23 19:35:05 -04:00
}
return transferResponse(timer, svrSession, request, response, link.Reader, writer)
2018-04-11 10:45:09 -04:00
}
2016-05-12 20:20:07 -04:00
2021-05-19 17:28:52 -04:00
requestDonePost := task.OnSuccess(requestDone, task.Close(link.Writer))
2018-12-06 05:35:02 -05:00
if err := task.Run(ctx, requestDonePost, responseDone); err != nil {
2018-12-31 15:25:10 -05:00
common.Interrupt(link.Reader)
common.Interrupt(link.Writer)
2017-04-09 03:49:19 -04:00
return newError("connection ends").Base(err)
2016-06-10 19:37:33 -04:00
}
2015-09-18 06:31:42 -04:00
return nil
}
2017-11-25 09:20:59 -05:00
func (h *Handler) generateCommand(ctx context.Context, request *protocol.RequestHeader) protocol.ResponseCommand {
if h.detours != nil {
tag := h.detours.To
if h.inboundHandlerManager != nil {
handler, err := h.inboundHandlerManager.GetHandler(ctx, tag)
if err != nil {
newError("failed to get detour handler: ", tag).Base(err).AtWarning().WriteToLog(session.ExportIDToError(ctx))
return nil
}
proxyHandler, port, availableMin := handler.GetRandomInboundProxy()
2017-02-13 07:16:37 -05:00
inboundHandler, ok := proxyHandler.(*Handler)
if ok && inboundHandler != nil {
if availableMin > 255 {
availableMin = 255
}
newError("pick detour handler for port ", port, " for ", availableMin, " minutes.").AtDebug().WriteToLog(session.ExportIDToError(ctx))
user := inboundHandler.GetUser(request.User.Email)
if user == nil {
return nil
}
2018-10-18 03:25:58 -04:00
account := user.Account.(*vmess.MemoryAccount)
return &protocol.CommandSwitchAccount{
Port: port,
2018-08-26 18:11:32 -04:00
ID: account.ID.UUID(),
AlterIds: uint16(len(account.AlterIDs)),
Level: user.Level,
ValidMin: byte(availableMin),
}
}
}
}
return nil
2015-09-10 18:24:18 -04:00
}
2016-06-14 16:54:08 -04:00
2021-05-19 17:28:52 -04:00
var (
aeadForced = false
aeadForced2022 = false
)
2016-06-14 16:54:08 -04:00
func init() {
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
return New(ctx, config.(*Config))
}))
2021-09-04 16:16:13 -04:00
common.Must(common.RegisterConfig((*SimplifiedConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
simplifiedServer := config.(*SimplifiedConfig)
fullConfig := &Config{
User: func() (users []*protocol.User) {
for _, v := range simplifiedServer.Users {
account := &vmess.Account{Id: v}
users = append(users, &protocol.User{
Account: serial.ToTypedMessage(account),
})
}
return
}(),
}
return common.CreateObject(ctx, fullConfig)
2021-09-04 16:16:13 -04:00
}))
defaultFlagValue := "true_by_default_2022"
isAeadForced := platform.NewEnvFlag("v2ray.vmess.aead.forced").GetValue(func() string { return defaultFlagValue })
if isAeadForced == "true" {
aeadForced = true
}
if isAeadForced == "true_by_default_2022" {
aeadForced = true
aeadForced2022 = true
}
2015-09-10 18:24:18 -04:00
}