glider/redir_linux.go

// getOrigDst:
// https://github.com/shadowsocks/go-shadowsocks2/blob/master/tcp_linux.go#L30

package main

import (
	"net"
	"syscall"
	"unsafe"

	"github.com/shadowsocks/go-shadowsocks2/socks"
)

const (
	SO_ORIGINAL_DST      = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
	IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
)

type redir struct {
	Proxy
	addr string
}

// RedirProxy returns a redirect proxy.
func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {
	s := &redir{
		Proxy: upProxy,
		addr:  addr,
	}

	return s, nil
}

// ListenAndServe redirected requests as a server.
func (s *redir) ListenAndServe() {
	l, err := net.Listen("tcp", s.addr)
	if err != nil {
		logf("failed to listen on %s: %v", s.addr, err)
		return
	}

	logf("listening TCP on %s", s.addr)

	for {
		c, err := l.Accept()
		if err != nil {
			logf("failed to accept: %v", err)
			continue
		}

		go func() {
			defer c.Close()

			if c, ok := c.(*net.TCPConn); ok {
				c.SetKeepAlive(true)
			}

			tgt, err := getOrigDst(c, false)
			if err != nil {
				logf("failed to get target address: %v", err)
				return
			}

			rc, err := s.GetProxy().Dial("tcp", tgt.String())
			if err != nil {
				logf("failed to connect to target: %v", err)
				return
			}
			defer rc.Close()

			logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)

			_, _, err = relay(c, rc)
			if err != nil {
				if err, ok := err.(net.Error); ok && err.Timeout() {
					return // ignore i/o timeout
				}
				logf("relay error: %v", err)
			}

		}()
	}
}

// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
func getorigdst(fd uintptr) (socks.Addr, error) {
	raw := syscall.RawSockaddrInet4{}
	siz := unsafe.Sizeof(raw)
	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
		return nil, err
	}

	addr := make([]byte, 1+net.IPv4len+2)
	addr[0] = socks.AtypIPv4
	copy(addr[1:1+net.IPv4len], raw.Addr[:])
	port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
	addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
	return addr, nil
}

// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
// NOTE: I haven't tried yet but it should work since Linux 3.8.
func ipv6_getorigdst(fd uintptr) (socks.Addr, error) {
	raw := syscall.RawSockaddrInet6{}
	siz := unsafe.Sizeof(raw)
	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
		return nil, err
	}

	addr := make([]byte, 1+net.IPv6len+2)
	addr[0] = socks.AtypIPv6
	copy(addr[1:1+net.IPv6len], raw.Addr[:])
	port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
	addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]
	return addr, nil
}
parse domain in dns request playload. (prepare for the forward rule and ipset management features.) 2017-07-26 18:56:24 +08:00			`// getOrigDst:`
			`// https://github.com/shadowsocks/go-shadowsocks2/blob/master/tcp_linux.go#L30`

			`package main`

			`import (`
			`"net"`
			`"syscall"`
			`"unsafe"`

			`"github.com/shadowsocks/go-shadowsocks2/socks"`
			`)`

			`const (`
			`SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h`
			`IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h`
			`)`

			`type redir struct {`
			`Proxy`
			`addr string`
			`}`

			`// RedirProxy returns a redirect proxy.`
			`func RedirProxy(addr string, upProxy Proxy) (Proxy, error) {`
			`s := &redir{`
			`Proxy: upProxy,`
			`addr: addr,`
			`}`

			`return s, nil`
			`}`

			`// ListenAndServe redirected requests as a server.`
			`func (s *redir) ListenAndServe() {`
			`l, err := net.Listen("tcp", s.addr)`
			`if err != nil {`
			`logf("failed to listen on %s: %v", s.addr, err)`
			`return`
			`}`

			`logf("listening TCP on %s", s.addr)`

			`for {`
			`c, err := l.Accept()`
			`if err != nil {`
			`logf("failed to accept: %v", err)`
			`continue`
			`}`

			`go func() {`
			`defer c.Close()`

			`if c, ok := c.(*net.TCPConn); ok {`
			`c.SetKeepAlive(true)`
			`}`

			`tgt, err := getOrigDst(c, false)`
			`if err != nil {`
			`logf("failed to get target address: %v", err)`
			`return`
			`}`

			`rc, err := s.GetProxy().Dial("tcp", tgt.String())`
			`if err != nil {`
			`logf("failed to connect to target: %v", err)`
			`return`
			`}`
			`defer rc.Close()`

			`logf("proxy-redir %s <-> %s", c.RemoteAddr(), tgt)`

			`_, _, err = relay(c, rc)`
			`if err != nil {`
			`if err, ok := err.(net.Error); ok && err.Timeout() {`
			`return // ignore i/o timeout`
			`}`
			`logf("relay error: %v", err)`
			`}`

			`}()`
			`}`
			`}`

			`// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c`
			`func getorigdst(fd uintptr) (socks.Addr, error) {`
			`raw := syscall.RawSockaddrInet4{}`
			`siz := unsafe.Sizeof(raw)`
			`if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {`
			`return nil, err`
			`}`

			`addr := make([]byte, 1+net.IPv4len+2)`
			`addr[0] = socks.AtypIPv4`
			`copy(addr[1:1+net.IPv4len], raw.Addr[:])`
			`port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian`
			`addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]`
			`return addr, nil`
			`}`

			`// Call ipv6_getorigdst() from linux/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c`
			`// NOTE: I haven't tried yet but it should work since Linux 3.8.`
			`func ipv6_getorigdst(fd uintptr) (socks.Addr, error) {`
			`raw := syscall.RawSockaddrInet6{}`
			`siz := unsafe.Sizeof(raw)`
			`if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {`
			`return nil, err`
			`}`

			`addr := make([]byte, 1+net.IPv6len+2)`
			`addr[0] = socks.AtypIPv6`
			`copy(addr[1:1+net.IPv6len], raw.Addr[:])`
			`port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian`
			`addr[1+net.IPv6len], addr[1+net.IPv6len+1] = port[0], port[1]`
			`return addr, nil`
			`}`