2019-02-01 19:08:21 +00:00
|
|
|
// +build !confonly
|
|
|
|
|
|
2016-10-12 14:11:13 +00:00
|
|
|
package router
|
2016-01-17 15:20:49 +00:00
|
|
|
|
|
|
|
|
import (
|
2018-07-16 11:47:00 +00:00
|
|
|
"strings"
|
2016-01-17 15:20:49 +00:00
|
|
|
|
2019-02-28 13:04:43 +00:00
|
|
|
"go.starlark.net/starlark"
|
|
|
|
|
"go.starlark.net/syntax"
|
|
|
|
|
|
2017-08-29 12:32:54 +00:00
|
|
|
"v2ray.com/core/common/net"
|
2018-06-26 19:57:41 +00:00
|
|
|
"v2ray.com/core/common/strmatcher"
|
2016-01-17 15:20:49 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Condition interface {
|
2019-02-28 08:28:55 +00:00
|
|
|
Apply(ctx *Context) bool
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type ConditionChan []Condition
|
|
|
|
|
|
|
|
|
|
func NewConditionChan() *ConditionChan {
|
|
|
|
|
var condChan ConditionChan = make([]Condition, 0, 8)
|
|
|
|
|
return &condChan
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 20:39:09 +00:00
|
|
|
func (v *ConditionChan) Add(cond Condition) *ConditionChan {
|
|
|
|
|
*v = append(*v, cond)
|
|
|
|
|
return v
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (v *ConditionChan) Apply(ctx *Context) bool {
|
2016-11-27 20:39:09 +00:00
|
|
|
for _, cond := range *v {
|
2017-01-26 19:46:44 +00:00
|
|
|
if !cond.Apply(ctx) {
|
2016-01-17 15:20:49 +00:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 20:39:09 +00:00
|
|
|
func (v *ConditionChan) Len() int {
|
|
|
|
|
return len(*v)
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
2018-06-26 19:57:41 +00:00
|
|
|
var matcherTypeMap = map[Domain_Type]strmatcher.Type{
|
|
|
|
|
Domain_Plain: strmatcher.Substr,
|
|
|
|
|
Domain_Regex: strmatcher.Regex,
|
|
|
|
|
Domain_Domain: strmatcher.Domain,
|
2018-08-21 19:30:32 +00:00
|
|
|
Domain_Full: strmatcher.Full,
|
2018-06-26 19:57:41 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
func domainToMatcher(domain *Domain) (strmatcher.Matcher, error) {
|
2018-06-26 19:57:41 +00:00
|
|
|
matcherType, f := matcherTypeMap[domain.Type]
|
|
|
|
|
if !f {
|
2018-08-19 19:04:15 +00:00
|
|
|
return nil, newError("unsupported domain type", domain.Type)
|
2017-11-06 20:12:28 +00:00
|
|
|
}
|
2018-06-26 19:57:41 +00:00
|
|
|
|
|
|
|
|
matcher, err := matcherType.New(domain.Value)
|
|
|
|
|
if err != nil {
|
2018-08-19 19:04:15 +00:00
|
|
|
return nil, newError("failed to create domain matcher").Base(err)
|
2018-06-26 19:57:41 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
return matcher, nil
|
2017-11-06 21:30:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
type DomainMatcher struct {
|
|
|
|
|
matchers strmatcher.IndexMatcher
|
2017-11-06 21:30:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
|
2018-08-20 13:39:58 +00:00
|
|
|
g := new(strmatcher.MatcherGroup)
|
2018-08-19 19:04:15 +00:00
|
|
|
for _, d := range domains {
|
|
|
|
|
m, err := domainToMatcher(d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
g.Add(m)
|
2017-11-06 21:30:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
return &DomainMatcher{
|
2018-08-29 21:00:01 +00:00
|
|
|
matchers: g,
|
2018-08-19 19:04:15 +00:00
|
|
|
}, nil
|
|
|
|
|
}
|
2017-11-06 21:30:56 +00:00
|
|
|
|
2018-08-19 19:04:15 +00:00
|
|
|
func (m *DomainMatcher) ApplyDomain(domain string) bool {
|
2020-08-11 05:31:04 +00:00
|
|
|
return len(m.matchers.Match(domain)) > 0
|
2017-11-06 21:30:56 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (m *DomainMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Outbound == nil || !ctx.Outbound.Target.IsValid() {
|
2017-02-09 21:49:38 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2019-02-28 08:28:55 +00:00
|
|
|
dest := ctx.Outbound.Target
|
2016-09-20 09:53:05 +00:00
|
|
|
if !dest.Address.Family().IsDomain() {
|
2016-01-17 15:20:49 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2017-11-06 21:30:56 +00:00
|
|
|
return m.ApplyDomain(dest.Address.Domain())
|
2017-11-06 20:12:28 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func getIPsFromSource(ctx *Context) []net.IP {
|
|
|
|
|
if ctx.Inbound == nil || !ctx.Inbound.Source.IsValid() {
|
|
|
|
|
return nil
|
2018-09-18 21:09:54 +00:00
|
|
|
}
|
2019-02-28 08:28:55 +00:00
|
|
|
dest := ctx.Inbound.Source
|
|
|
|
|
if dest.Address.Family().IsDomain() {
|
|
|
|
|
return nil
|
2018-09-18 21:09:54 +00:00
|
|
|
}
|
2019-02-28 08:28:55 +00:00
|
|
|
|
|
|
|
|
return []net.IP{dest.Address.IP()}
|
2018-09-18 21:09:54 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func getIPsFromTarget(ctx *Context) []net.IP {
|
|
|
|
|
return ctx.GetTargetIPs()
|
2018-12-04 19:36:51 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-01 08:10:41 +00:00
|
|
|
type MultiGeoIPMatcher struct {
|
2019-02-28 08:28:55 +00:00
|
|
|
matchers []*GeoIPMatcher
|
|
|
|
|
ipFunc func(*Context) []net.IP
|
2018-11-01 08:10:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewMultiGeoIPMatcher(geoips []*GeoIP, onSource bool) (*MultiGeoIPMatcher, error) {
|
|
|
|
|
var matchers []*GeoIPMatcher
|
|
|
|
|
for _, geoip := range geoips {
|
|
|
|
|
matcher, err := globalGeoIPContainer.Add(geoip)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
matchers = append(matchers, matcher)
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-04 19:36:51 +00:00
|
|
|
matcher := &MultiGeoIPMatcher{
|
|
|
|
|
matchers: matchers,
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 22:57:06 +00:00
|
|
|
if onSource {
|
2019-02-28 08:28:55 +00:00
|
|
|
matcher.ipFunc = getIPsFromSource
|
2018-11-07 22:57:06 +00:00
|
|
|
} else {
|
2019-02-28 08:28:55 +00:00
|
|
|
matcher.ipFunc = getIPsFromTarget
|
2018-11-07 22:57:06 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-04 19:36:51 +00:00
|
|
|
return matcher, nil
|
2018-11-01 08:10:41 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (m *MultiGeoIPMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
ips := m.ipFunc(ctx)
|
2018-11-01 08:10:41 +00:00
|
|
|
|
|
|
|
|
for _, ip := range ips {
|
|
|
|
|
for _, matcher := range m.matchers {
|
|
|
|
|
if matcher.Match(ip) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-17 15:20:49 +00:00
|
|
|
type PortMatcher struct {
|
2020-08-09 08:53:45 +00:00
|
|
|
port net.MemoryPortList
|
|
|
|
|
onSource bool
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
2020-08-09 08:53:45 +00:00
|
|
|
// NewPortMatcher create a new port matcher that can match source or destination port
|
|
|
|
|
func NewPortMatcher(list *net.PortList, onSource bool) *PortMatcher {
|
2016-01-17 15:20:49 +00:00
|
|
|
return &PortMatcher{
|
2020-08-09 08:53:45 +00:00
|
|
|
port: net.PortListFromProto(list),
|
|
|
|
|
onSource: onSource,
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (v *PortMatcher) Apply(ctx *Context) bool {
|
2020-08-09 08:53:45 +00:00
|
|
|
var port net.Port
|
|
|
|
|
if v.onSource {
|
|
|
|
|
if ctx.Inbound == nil || !ctx.Inbound.Source.IsValid() {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
port = ctx.Inbound.Source.Port
|
|
|
|
|
} else {
|
|
|
|
|
if ctx.Outbound == nil || !ctx.Outbound.Target.IsValid() {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
port = ctx.Outbound.Target.Port
|
2017-02-09 21:49:38 +00:00
|
|
|
}
|
2020-08-09 08:53:45 +00:00
|
|
|
return v.port.Contains(port)
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type NetworkMatcher struct {
|
2018-11-20 11:25:56 +00:00
|
|
|
list [8]bool
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-20 11:27:33 +00:00
|
|
|
func NewNetworkMatcher(network []net.Network) NetworkMatcher {
|
2018-11-20 11:25:56 +00:00
|
|
|
var matcher NetworkMatcher
|
2018-11-20 11:27:33 +00:00
|
|
|
for _, n := range network {
|
2018-11-20 11:25:56 +00:00
|
|
|
matcher.list[int(n)] = true
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
2018-11-20 11:25:56 +00:00
|
|
|
return matcher
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (v NetworkMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Outbound == nil || !ctx.Outbound.Target.IsValid() {
|
2017-02-09 21:49:38 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2019-02-28 08:28:55 +00:00
|
|
|
return v.list[int(ctx.Outbound.Target.Network)]
|
2016-10-18 21:01:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type UserMatcher struct {
|
|
|
|
|
user []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewUserMatcher(users []string) *UserMatcher {
|
2017-05-08 09:48:41 +00:00
|
|
|
usersCopy := make([]string, 0, len(users))
|
|
|
|
|
for _, user := range users {
|
|
|
|
|
if len(user) > 0 {
|
|
|
|
|
usersCopy = append(usersCopy, user)
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-10-18 21:01:39 +00:00
|
|
|
return &UserMatcher{
|
2017-05-08 09:48:41 +00:00
|
|
|
user: usersCopy,
|
2016-10-18 21:01:39 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (v *UserMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Inbound == nil {
|
2018-10-15 06:36:50 +00:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
user := ctx.Inbound.User
|
2017-01-26 19:46:44 +00:00
|
|
|
if user == nil {
|
2016-10-18 21:01:39 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2016-11-27 20:39:09 +00:00
|
|
|
for _, u := range v.user {
|
2017-01-26 19:46:44 +00:00
|
|
|
if u == user.Email {
|
2016-10-18 21:01:39 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
2016-01-17 15:20:49 +00:00
|
|
|
}
|
2016-11-13 20:23:34 +00:00
|
|
|
|
|
|
|
|
type InboundTagMatcher struct {
|
|
|
|
|
tags []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewInboundTagMatcher(tags []string) *InboundTagMatcher {
|
2017-05-08 09:48:41 +00:00
|
|
|
tagsCopy := make([]string, 0, len(tags))
|
|
|
|
|
for _, tag := range tags {
|
|
|
|
|
if len(tag) > 0 {
|
|
|
|
|
tagsCopy = append(tagsCopy, tag)
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-11-13 20:23:34 +00:00
|
|
|
return &InboundTagMatcher{
|
2017-05-08 09:48:41 +00:00
|
|
|
tags: tagsCopy,
|
2016-11-13 20:23:34 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (v *InboundTagMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Inbound == nil || len(ctx.Inbound.Tag) == 0 {
|
2016-11-13 20:23:34 +00:00
|
|
|
return false
|
|
|
|
|
}
|
2019-02-28 08:28:55 +00:00
|
|
|
tag := ctx.Inbound.Tag
|
2016-11-27 20:39:09 +00:00
|
|
|
for _, t := range v.tags {
|
2017-01-26 19:46:44 +00:00
|
|
|
if t == tag {
|
2016-11-13 20:23:34 +00:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
2018-07-16 11:47:00 +00:00
|
|
|
|
|
|
|
|
type ProtocolMatcher struct {
|
|
|
|
|
protocols []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewProtocolMatcher(protocols []string) *ProtocolMatcher {
|
|
|
|
|
pCopy := make([]string, 0, len(protocols))
|
|
|
|
|
|
|
|
|
|
for _, p := range protocols {
|
|
|
|
|
if len(p) > 0 {
|
|
|
|
|
pCopy = append(pCopy, p)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &ProtocolMatcher{
|
|
|
|
|
protocols: pCopy,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
func (m *ProtocolMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Content == nil {
|
2018-07-16 11:47:00 +00:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:28:55 +00:00
|
|
|
protocol := ctx.Content.Protocol
|
2018-07-16 11:47:00 +00:00
|
|
|
for _, p := range m.protocols {
|
|
|
|
|
if strings.HasPrefix(protocol, p) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
2019-02-28 13:04:43 +00:00
|
|
|
|
|
|
|
|
type AttributeMatcher struct {
|
|
|
|
|
program *starlark.Program
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewAttributeMatcher(code string) (*AttributeMatcher, error) {
|
|
|
|
|
starFile, err := syntax.Parse("attr.star", "satisfied=("+code+")", 0)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, newError("attr rule").Base(err)
|
|
|
|
|
}
|
|
|
|
|
p, err := starlark.FileProgram(starFile, func(name string) bool {
|
2020-04-15 01:19:52 +00:00
|
|
|
return name == "attrs"
|
2019-02-28 13:04:43 +00:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &AttributeMatcher{
|
|
|
|
|
program: p,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *AttributeMatcher) Match(attrs map[string]interface{}) bool {
|
|
|
|
|
attrsDict := new(starlark.Dict)
|
|
|
|
|
for key, value := range attrs {
|
|
|
|
|
var starValue starlark.Value
|
|
|
|
|
switch value := value.(type) {
|
|
|
|
|
case string:
|
|
|
|
|
starValue = starlark.String(value)
|
|
|
|
|
}
|
|
|
|
|
if starValue != nil {
|
|
|
|
|
attrsDict.SetKey(starlark.String(key), starValue)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
predefined := make(starlark.StringDict)
|
|
|
|
|
predefined["attrs"] = attrsDict
|
|
|
|
|
|
|
|
|
|
thread := &starlark.Thread{
|
|
|
|
|
Name: "matcher",
|
|
|
|
|
}
|
|
|
|
|
results, err := m.program.Init(thread, predefined)
|
|
|
|
|
if err != nil {
|
|
|
|
|
newError("attr matcher").Base(err).WriteToLog()
|
|
|
|
|
}
|
|
|
|
|
satisfied := results["satisfied"]
|
|
|
|
|
return satisfied != nil && bool(satisfied.Truth())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *AttributeMatcher) Apply(ctx *Context) bool {
|
|
|
|
|
if ctx.Content == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return m.Match(ctx.Content.Attributes)
|
|
|
|
|
}
|
