2018-06-26 16:15:48 +08:00
|
|
|
package redir
|
2017-07-26 18:56:24 +08:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net"
|
2018-06-26 16:15:48 +08:00
|
|
|
"net/url"
|
2020-09-14 20:56:37 +08:00
|
|
|
"strings"
|
2017-07-26 18:56:24 +08:00
|
|
|
"syscall"
|
|
|
|
|
"unsafe"
|
2018-06-26 16:15:48 +08:00
|
|
|
|
2022-01-08 15:05:55 +08:00
|
|
|
"github.com/nadoo/glider/pkg/log"
|
2018-06-26 16:15:48 +08:00
|
|
|
"github.com/nadoo/glider/proxy"
|
2017-07-26 18:56:24 +08:00
|
|
|
)
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// RedirProxy struct.
|
2018-08-12 12:37:25 +08:00
|
|
|
type RedirProxy struct {
|
2019-09-18 19:40:14 +08:00
|
|
|
proxy proxy.Proxy
|
|
|
|
|
addr string
|
|
|
|
|
ipv6 bool
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
proxy.RegisterServer("redir", NewRedirServer)
|
2018-09-17 19:22:36 +08:00
|
|
|
proxy.RegisterServer("redir6", NewRedir6Server)
|
2018-06-26 16:15:48 +08:00
|
|
|
}
|
|
|
|
|
|
2018-08-12 12:37:25 +08:00
|
|
|
// NewRedirProxy returns a redirect proxy.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewRedirProxy(s string, p proxy.Proxy, ipv6 bool) (*RedirProxy, error) {
|
2018-06-26 16:15:48 +08:00
|
|
|
u, err := url.Parse(s)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.F("parse err: %s", err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-12 12:37:25 +08:00
|
|
|
addr := u.Host
|
|
|
|
|
r := &RedirProxy{
|
2019-09-18 19:40:14 +08:00
|
|
|
proxy: p,
|
|
|
|
|
addr: addr,
|
|
|
|
|
ipv6: ipv6,
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return r, nil
|
2018-06-26 16:15:48 +08:00
|
|
|
}
|
|
|
|
|
|
2018-08-12 12:37:25 +08:00
|
|
|
// NewRedirServer returns a redir server.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewRedirServer(s string, p proxy.Proxy) (proxy.Server, error) {
|
|
|
|
|
return NewRedirProxy(s, p, false)
|
2018-09-04 20:26:40 +08:00
|
|
|
}
|
|
|
|
|
|
2018-09-17 19:16:17 +08:00
|
|
|
// NewRedir6Server returns a redir server for ipv6.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewRedir6Server(s string, p proxy.Proxy) (proxy.Server, error) {
|
|
|
|
|
return NewRedirProxy(s, p, true)
|
2017-07-26 18:56:24 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// ListenAndServe listens on server's addr and serves connections.
|
2018-11-25 13:18:15 +08:00
|
|
|
func (s *RedirProxy) ListenAndServe() {
|
2017-07-26 18:56:24 +08:00
|
|
|
l, err := net.Listen("tcp", s.addr)
|
|
|
|
|
if err != nil {
|
2021-12-11 12:19:40 +08:00
|
|
|
log.Fatalf("[redir] failed to listen on %s: %v", s.addr, err)
|
2017-07-26 18:56:24 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-28 23:20:04 +08:00
|
|
|
log.F("[redir] listening TCP on %s", s.addr)
|
2017-07-26 18:56:24 +08:00
|
|
|
|
|
|
|
|
for {
|
|
|
|
|
c, err := l.Accept()
|
|
|
|
|
if err != nil {
|
2018-06-28 23:20:04 +08:00
|
|
|
log.F("[redir] failed to accept: %v", err)
|
2017-07-26 18:56:24 +08:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-28 23:28:32 +08:00
|
|
|
go s.Serve(c)
|
2017-07-26 18:56:24 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// Serve serves connections.
|
2020-10-07 21:06:49 +08:00
|
|
|
func (s *RedirProxy) Serve(cc net.Conn) {
|
|
|
|
|
defer cc.Close()
|
2018-11-28 23:28:32 +08:00
|
|
|
|
2020-10-07 21:06:49 +08:00
|
|
|
c, ok := cc.(*net.TCPConn)
|
|
|
|
|
if !ok {
|
|
|
|
|
log.F("[redir] not a tcp connection, can not chain redir proxy")
|
|
|
|
|
return
|
2018-11-28 23:28:32 +08:00
|
|
|
}
|
|
|
|
|
|
2020-10-07 21:06:49 +08:00
|
|
|
c.SetKeepAlive(true)
|
2018-11-28 23:28:32 +08:00
|
|
|
tgt, err := getOrigDst(c, s.ipv6)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.F("[redir] failed to get target address: %v", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-04 19:19:00 +08:00
|
|
|
// loop request
|
|
|
|
|
if c.LocalAddr().String() == tgt.String() {
|
2019-03-05 22:30:22 +08:00
|
|
|
log.F("[redir] %s <-> %s, unallowed request to redir port", c.RemoteAddr(), tgt)
|
2019-03-04 19:19:00 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-28 15:18:19 +08:00
|
|
|
rc, dialer, err := s.proxy.Dial("tcp", tgt.String())
|
2018-11-28 23:28:32 +08:00
|
|
|
if err != nil {
|
2020-04-28 15:18:19 +08:00
|
|
|
log.F("[redir] %s <-> %s via %s, error in dial: %v", c.RemoteAddr(), tgt, dialer.Addr(), err)
|
2018-11-28 23:28:32 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
defer rc.Close()
|
|
|
|
|
|
2020-04-28 15:18:19 +08:00
|
|
|
log.F("[redir] %s <-> %s via %s", c.RemoteAddr(), tgt, dialer.Addr())
|
2018-11-28 23:28:32 +08:00
|
|
|
|
2020-10-01 22:38:34 +08:00
|
|
|
if err = proxy.Relay(c, rc); err != nil {
|
2020-09-14 20:56:37 +08:00
|
|
|
log.F("[redir] %s <-> %s via %s, relay error: %v", c.RemoteAddr(), tgt, dialer.Addr(), err)
|
|
|
|
|
// record remote conn failure only
|
|
|
|
|
if !strings.Contains(err.Error(), s.addr) {
|
|
|
|
|
s.proxy.Record(dialer, false)
|
|
|
|
|
}
|
2018-11-28 23:28:32 +08:00
|
|
|
}
|
2018-11-25 13:18:15 +08:00
|
|
|
}
|
|
|
|
|
|
2017-07-30 12:03:19 +08:00
|
|
|
// Get the original destination of a TCP connection.
|
2020-10-07 21:06:49 +08:00
|
|
|
func getOrigDst(c *net.TCPConn, ipv6 bool) (*net.TCPAddr, error) {
|
|
|
|
|
rc, err := c.SyscallConn()
|
2017-07-30 12:03:19 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-10-07 21:06:49 +08:00
|
|
|
var addr *net.TCPAddr
|
|
|
|
|
rc.Control(func(fd uintptr) {
|
|
|
|
|
if ipv6 {
|
2020-10-09 22:02:19 +08:00
|
|
|
addr, err = getorigdstIPv6(fd)
|
2020-10-07 21:06:49 +08:00
|
|
|
} else {
|
|
|
|
|
addr, err = getorigdst(fd)
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
return addr, err
|
2017-07-30 12:03:19 +08:00
|
|
|
}
|
|
|
|
|
|
2017-07-26 18:56:24 +08:00
|
|
|
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
|
2020-10-07 21:06:49 +08:00
|
|
|
func getorigdst(fd uintptr) (*net.TCPAddr, error) {
|
|
|
|
|
const _SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
|
|
|
|
|
var raw syscall.RawSockaddrInet4
|
2017-07-26 18:56:24 +08:00
|
|
|
siz := unsafe.Sizeof(raw)
|
2020-10-07 21:06:49 +08:00
|
|
|
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, _SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
|
2017-07-26 18:56:24 +08:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-10-07 21:06:49 +08:00
|
|
|
var addr net.TCPAddr
|
|
|
|
|
addr.IP = raw.Addr[:]
|
|
|
|
|
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // raw.Port is big-endian
|
|
|
|
|
addr.Port = int(port[0])<<8 | int(port[1])
|
|
|
|
|
return &addr, nil
|
2017-07-26 18:56:24 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
|
2020-10-07 21:06:49 +08:00
|
|
|
// NOTE: I haven't tried yet but it should work since Linux 3.8.
|
2020-10-09 22:02:19 +08:00
|
|
|
func getorigdstIPv6(fd uintptr) (*net.TCPAddr, error) {
|
2020-10-07 21:06:49 +08:00
|
|
|
const _IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
|
|
|
|
|
var raw syscall.RawSockaddrInet6
|
2017-07-26 18:56:24 +08:00
|
|
|
siz := unsafe.Sizeof(raw)
|
2020-10-07 21:06:49 +08:00
|
|
|
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, _IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
|
2017-07-26 18:56:24 +08:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-10-07 21:06:49 +08:00
|
|
|
var addr net.TCPAddr
|
|
|
|
|
addr.IP = raw.Addr[:]
|
|
|
|
|
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // raw.Port is big-endian
|
|
|
|
|
addr.Port = int(port[0])<<8 | int(port[1])
|
|
|
|
|
return &addr, nil
|
2017-07-26 18:56:24 +08:00
|
|
|
}
|
