2016-10-12 10:11:13 -04:00
|
|
|
package router
|
2016-01-17 10:20:49 -05:00
|
|
|
|
|
|
|
|
import (
|
2017-01-26 14:46:44 -05:00
|
|
|
"context"
|
2018-07-16 07:47:00 -04:00
|
|
|
"strings"
|
2016-01-17 10:20:49 -05:00
|
|
|
|
2018-09-18 17:09:54 -04:00
|
|
|
"v2ray.com/core/common/session"
|
|
|
|
|
|
2018-07-16 07:47:00 -04:00
|
|
|
"v2ray.com/core/app/dispatcher"
|
2017-08-29 08:32:54 -04:00
|
|
|
"v2ray.com/core/common/net"
|
2017-01-26 14:46:44 -05:00
|
|
|
"v2ray.com/core/common/protocol"
|
2018-06-26 15:57:41 -04:00
|
|
|
"v2ray.com/core/common/strmatcher"
|
2016-10-18 17:01:39 -04:00
|
|
|
"v2ray.com/core/proxy"
|
2016-01-17 10:20:49 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Condition interface {
|
2017-01-26 14:46:44 -05:00
|
|
|
Apply(ctx context.Context) bool
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type ConditionChan []Condition
|
|
|
|
|
|
|
|
|
|
func NewConditionChan() *ConditionChan {
|
|
|
|
|
var condChan ConditionChan = make([]Condition, 0, 8)
|
|
|
|
|
return &condChan
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *ConditionChan) Add(cond Condition) *ConditionChan {
|
|
|
|
|
*v = append(*v, cond)
|
|
|
|
|
return v
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *ConditionChan) Apply(ctx context.Context) bool {
|
2016-11-27 15:39:09 -05:00
|
|
|
for _, cond := range *v {
|
2017-01-26 14:46:44 -05:00
|
|
|
if !cond.Apply(ctx) {
|
2016-01-17 10:20:49 -05:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *ConditionChan) Len() int {
|
|
|
|
|
return len(*v)
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2016-01-24 08:40:46 -05:00
|
|
|
type AnyCondition []Condition
|
|
|
|
|
|
|
|
|
|
func NewAnyCondition() *AnyCondition {
|
|
|
|
|
var anyCond AnyCondition = make([]Condition, 0, 8)
|
|
|
|
|
return &anyCond
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *AnyCondition) Add(cond Condition) *AnyCondition {
|
|
|
|
|
*v = append(*v, cond)
|
|
|
|
|
return v
|
2016-01-24 08:40:46 -05:00
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *AnyCondition) Apply(ctx context.Context) bool {
|
2016-11-27 15:39:09 -05:00
|
|
|
for _, cond := range *v {
|
2017-01-26 14:46:44 -05:00
|
|
|
if cond.Apply(ctx) {
|
2016-01-24 08:40:46 -05:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-27 15:39:09 -05:00
|
|
|
func (v *AnyCondition) Len() int {
|
|
|
|
|
return len(*v)
|
2016-01-24 08:40:46 -05:00
|
|
|
}
|
|
|
|
|
|
2018-06-26 15:57:41 -04:00
|
|
|
var matcherTypeMap = map[Domain_Type]strmatcher.Type{
|
|
|
|
|
Domain_Plain: strmatcher.Substr,
|
|
|
|
|
Domain_Regex: strmatcher.Regex,
|
|
|
|
|
Domain_Domain: strmatcher.Domain,
|
2018-08-21 15:30:32 -04:00
|
|
|
Domain_Full: strmatcher.Full,
|
2018-06-26 15:57:41 -04:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
func domainToMatcher(domain *Domain) (strmatcher.Matcher, error) {
|
2018-06-26 15:57:41 -04:00
|
|
|
matcherType, f := matcherTypeMap[domain.Type]
|
|
|
|
|
if !f {
|
2018-08-19 15:04:15 -04:00
|
|
|
return nil, newError("unsupported domain type", domain.Type)
|
2017-11-06 15:12:28 -05:00
|
|
|
}
|
2018-06-26 15:57:41 -04:00
|
|
|
|
|
|
|
|
matcher, err := matcherType.New(domain.Value)
|
|
|
|
|
if err != nil {
|
2018-08-19 15:04:15 -04:00
|
|
|
return nil, newError("failed to create domain matcher").Base(err)
|
2018-06-26 15:57:41 -04:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
return matcher, nil
|
2017-11-06 16:30:56 -05:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
type DomainMatcher struct {
|
|
|
|
|
matchers strmatcher.IndexMatcher
|
2017-11-06 16:30:56 -05:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
func NewDomainMatcher(domains []*Domain) (*DomainMatcher, error) {
|
2018-08-20 09:39:58 -04:00
|
|
|
g := new(strmatcher.MatcherGroup)
|
2018-08-19 15:04:15 -04:00
|
|
|
for _, d := range domains {
|
|
|
|
|
m, err := domainToMatcher(d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
g.Add(m)
|
2017-11-06 16:30:56 -05:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
return &DomainMatcher{
|
2018-08-29 17:00:01 -04:00
|
|
|
matchers: g,
|
2018-08-19 15:04:15 -04:00
|
|
|
}, nil
|
|
|
|
|
}
|
2017-11-06 16:30:56 -05:00
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
func (m *DomainMatcher) ApplyDomain(domain string) bool {
|
|
|
|
|
return m.matchers.Match(domain) > 0
|
2017-11-06 16:30:56 -05:00
|
|
|
}
|
|
|
|
|
|
2018-08-19 15:04:15 -04:00
|
|
|
func (m *DomainMatcher) Apply(ctx context.Context) bool {
|
2018-09-18 17:09:54 -04:00
|
|
|
outbound := session.OutboundFromContext(ctx)
|
|
|
|
|
if outbound == nil || !outbound.Target.IsValid() {
|
2017-02-09 16:49:38 -05:00
|
|
|
return false
|
|
|
|
|
}
|
2018-09-18 17:09:54 -04:00
|
|
|
dest := outbound.Target
|
2016-09-20 05:53:05 -04:00
|
|
|
if !dest.Address.Family().IsDomain() {
|
2016-01-17 10:20:49 -05:00
|
|
|
return false
|
|
|
|
|
}
|
2017-11-06 16:30:56 -05:00
|
|
|
return m.ApplyDomain(dest.Address.Domain())
|
2017-11-06 15:12:28 -05:00
|
|
|
}
|
|
|
|
|
|
2016-01-17 10:20:49 -05:00
|
|
|
type CIDRMatcher struct {
|
2016-10-18 17:01:39 -04:00
|
|
|
cidr *net.IPNet
|
|
|
|
|
onSource bool
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2016-10-18 17:01:39 -04:00
|
|
|
func NewCIDRMatcher(ip []byte, mask uint32, onSource bool) (*CIDRMatcher, error) {
|
2016-10-11 17:02:44 -04:00
|
|
|
cidr := &net.IPNet{
|
|
|
|
|
IP: net.IP(ip),
|
2017-05-17 07:24:53 -04:00
|
|
|
Mask: net.CIDRMask(int(mask), len(ip)*8),
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
return &CIDRMatcher{
|
2016-10-18 17:01:39 -04:00
|
|
|
cidr: cidr,
|
|
|
|
|
onSource: onSource,
|
2016-01-17 10:20:49 -05:00
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-18 17:09:54 -04:00
|
|
|
func sourceFromContext(ctx context.Context) net.Destination {
|
|
|
|
|
inbound := session.InboundFromContext(ctx)
|
|
|
|
|
if inbound == nil {
|
|
|
|
|
return net.Destination{}
|
|
|
|
|
}
|
|
|
|
|
return inbound.Source
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func targetFromContent(ctx context.Context) net.Destination {
|
|
|
|
|
outbound := session.OutboundFromContext(ctx)
|
|
|
|
|
if outbound == nil {
|
|
|
|
|
return net.Destination{}
|
|
|
|
|
}
|
|
|
|
|
return outbound.Target
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *CIDRMatcher) Apply(ctx context.Context) bool {
|
2017-01-28 03:04:29 -05:00
|
|
|
ips := make([]net.IP, 0, 4)
|
2017-11-15 06:55:47 -05:00
|
|
|
if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
|
|
|
|
|
resolvedIPs := resolver.Resolve()
|
|
|
|
|
for _, rip := range resolvedIPs {
|
2017-01-28 03:04:29 -05:00
|
|
|
if !rip.Family().IsIPv6() {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-01-27 15:19:46 -05:00
|
|
|
ips = append(ips, rip.IP())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-29 08:32:54 -04:00
|
|
|
var dest net.Destination
|
2016-11-27 15:39:09 -05:00
|
|
|
if v.onSource {
|
2018-09-18 17:09:54 -04:00
|
|
|
dest = sourceFromContext(ctx)
|
2017-01-26 14:46:44 -05:00
|
|
|
} else {
|
2018-09-18 17:09:54 -04:00
|
|
|
dest = targetFromContent(ctx)
|
2016-10-18 17:01:39 -04:00
|
|
|
}
|
2017-01-26 14:46:44 -05:00
|
|
|
|
2018-09-18 17:09:54 -04:00
|
|
|
if dest.IsValid() && dest.Address.Family().IsIPv6() {
|
2017-01-27 15:19:46 -05:00
|
|
|
ips = append(ips, dest.Address.IP())
|
2017-01-26 14:46:44 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, ip := range ips {
|
|
|
|
|
if v.cidr.Contains(ip) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type IPv4Matcher struct {
|
2017-08-29 08:32:54 -04:00
|
|
|
ipv4net *net.IPNetTable
|
2016-10-18 17:01:39 -04:00
|
|
|
onSource bool
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2017-08-29 08:32:54 -04:00
|
|
|
func NewIPv4Matcher(ipnet *net.IPNetTable, onSource bool) *IPv4Matcher {
|
2016-01-17 10:20:49 -05:00
|
|
|
return &IPv4Matcher{
|
2016-10-18 17:01:39 -04:00
|
|
|
ipv4net: ipnet,
|
|
|
|
|
onSource: onSource,
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *IPv4Matcher) Apply(ctx context.Context) bool {
|
2017-01-28 03:04:29 -05:00
|
|
|
ips := make([]net.IP, 0, 4)
|
2017-11-15 06:55:47 -05:00
|
|
|
if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
|
|
|
|
|
resolvedIPs := resolver.Resolve()
|
|
|
|
|
for _, rip := range resolvedIPs {
|
2017-01-28 03:04:29 -05:00
|
|
|
if !rip.Family().IsIPv4() {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2017-01-27 15:19:46 -05:00
|
|
|
ips = append(ips, rip.IP())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-29 08:32:54 -04:00
|
|
|
var dest net.Destination
|
2016-11-27 15:39:09 -05:00
|
|
|
if v.onSource {
|
2018-09-18 17:09:54 -04:00
|
|
|
dest = sourceFromContext(ctx)
|
2017-01-26 14:46:44 -05:00
|
|
|
} else {
|
2018-09-18 17:09:54 -04:00
|
|
|
dest = targetFromContent(ctx)
|
2016-10-18 17:01:39 -04:00
|
|
|
}
|
2017-01-27 14:38:01 -05:00
|
|
|
|
2018-09-18 17:09:54 -04:00
|
|
|
if dest.IsValid() && dest.Address.Family().IsIPv4() {
|
2017-01-27 15:19:46 -05:00
|
|
|
ips = append(ips, dest.Address.IP())
|
2017-01-26 14:46:44 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, ip := range ips {
|
|
|
|
|
if v.ipv4net.Contains(ip) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type PortMatcher struct {
|
2017-08-29 08:32:54 -04:00
|
|
|
port net.PortRange
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2017-08-29 08:32:54 -04:00
|
|
|
func NewPortMatcher(portRange net.PortRange) *PortMatcher {
|
2016-01-17 10:20:49 -05:00
|
|
|
return &PortMatcher{
|
|
|
|
|
port: portRange,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *PortMatcher) Apply(ctx context.Context) bool {
|
2018-09-18 17:09:54 -04:00
|
|
|
outbound := session.OutboundFromContext(ctx)
|
|
|
|
|
if outbound == nil || !outbound.Target.IsValid() {
|
2017-02-09 16:49:38 -05:00
|
|
|
return false
|
|
|
|
|
}
|
2018-09-18 17:09:54 -04:00
|
|
|
return v.port.Contains(outbound.Target.Port)
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type NetworkMatcher struct {
|
2017-08-29 08:32:54 -04:00
|
|
|
network *net.NetworkList
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
|
|
|
|
|
2017-08-29 08:32:54 -04:00
|
|
|
func NewNetworkMatcher(network *net.NetworkList) *NetworkMatcher {
|
2016-01-17 10:20:49 -05:00
|
|
|
return &NetworkMatcher{
|
|
|
|
|
network: network,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *NetworkMatcher) Apply(ctx context.Context) bool {
|
2018-09-18 17:09:54 -04:00
|
|
|
outbound := session.OutboundFromContext(ctx)
|
|
|
|
|
if outbound == nil || !outbound.Target.IsValid() {
|
2017-02-09 16:49:38 -05:00
|
|
|
return false
|
|
|
|
|
}
|
2018-09-18 17:09:54 -04:00
|
|
|
return v.network.HasNetwork(outbound.Target.Network)
|
2016-10-18 17:01:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type UserMatcher struct {
|
|
|
|
|
user []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewUserMatcher(users []string) *UserMatcher {
|
2017-05-08 05:48:41 -04:00
|
|
|
usersCopy := make([]string, 0, len(users))
|
|
|
|
|
for _, user := range users {
|
|
|
|
|
if len(user) > 0 {
|
|
|
|
|
usersCopy = append(usersCopy, user)
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-10-18 17:01:39 -04:00
|
|
|
return &UserMatcher{
|
2017-05-08 05:48:41 -04:00
|
|
|
user: usersCopy,
|
2016-10-18 17:01:39 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *UserMatcher) Apply(ctx context.Context) bool {
|
|
|
|
|
user := protocol.UserFromContext(ctx)
|
|
|
|
|
if user == nil {
|
2016-10-18 17:01:39 -04:00
|
|
|
return false
|
|
|
|
|
}
|
2016-11-27 15:39:09 -05:00
|
|
|
for _, u := range v.user {
|
2017-01-26 14:46:44 -05:00
|
|
|
if u == user.Email {
|
2016-10-18 17:01:39 -04:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
2016-01-17 10:20:49 -05:00
|
|
|
}
|
2016-11-13 15:23:34 -05:00
|
|
|
|
|
|
|
|
type InboundTagMatcher struct {
|
|
|
|
|
tags []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewInboundTagMatcher(tags []string) *InboundTagMatcher {
|
2017-05-08 05:48:41 -04:00
|
|
|
tagsCopy := make([]string, 0, len(tags))
|
|
|
|
|
for _, tag := range tags {
|
|
|
|
|
if len(tag) > 0 {
|
|
|
|
|
tagsCopy = append(tagsCopy, tag)
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-11-13 15:23:34 -05:00
|
|
|
return &InboundTagMatcher{
|
2017-05-08 05:48:41 -04:00
|
|
|
tags: tagsCopy,
|
2016-11-13 15:23:34 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-26 14:46:44 -05:00
|
|
|
func (v *InboundTagMatcher) Apply(ctx context.Context) bool {
|
2018-09-18 17:09:54 -04:00
|
|
|
inbound := session.InboundFromContext(ctx)
|
|
|
|
|
if inbound == nil || len(inbound.Tag) == 0 {
|
2016-11-13 15:23:34 -05:00
|
|
|
return false
|
|
|
|
|
}
|
2018-09-18 17:09:54 -04:00
|
|
|
tag := inbound.Tag
|
2016-11-27 15:39:09 -05:00
|
|
|
for _, t := range v.tags {
|
2017-01-26 14:46:44 -05:00
|
|
|
if t == tag {
|
2016-11-13 15:23:34 -05:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
2018-07-16 07:47:00 -04:00
|
|
|
|
|
|
|
|
type ProtocolMatcher struct {
|
|
|
|
|
protocols []string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewProtocolMatcher(protocols []string) *ProtocolMatcher {
|
|
|
|
|
pCopy := make([]string, 0, len(protocols))
|
|
|
|
|
|
|
|
|
|
for _, p := range protocols {
|
|
|
|
|
if len(p) > 0 {
|
|
|
|
|
pCopy = append(pCopy, p)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &ProtocolMatcher{
|
|
|
|
|
protocols: pCopy,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *ProtocolMatcher) Apply(ctx context.Context) bool {
|
|
|
|
|
result := dispatcher.SniffingResultFromContext(ctx)
|
|
|
|
|
|
|
|
|
|
if result == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protocol := result.Protocol()
|
|
|
|
|
for _, p := range m.protocols {
|
|
|
|
|
if strings.HasPrefix(protocol, p) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
