mirror of
https://github.com/MetaCubeX/mihomo.git
synced 2025-01-05 17:13:32 +08:00
feat: add sniffer port whitelist, when empty will add all ports
This commit is contained in:
parent
113d84b438
commit
03a014957f
44
common/utils/range.go
Normal file
44
common/utils/range.go
Normal file
@ -0,0 +1,44 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"golang.org/x/exp/constraints"
|
||||
)
|
||||
|
||||
type Range[T constraints.Ordered] struct {
|
||||
start T
|
||||
end T
|
||||
}
|
||||
|
||||
func NewRange[T constraints.Ordered](start, end T) *Range[T] {
|
||||
if start > end {
|
||||
return &Range[T]{
|
||||
start: end,
|
||||
end: start,
|
||||
}
|
||||
}
|
||||
|
||||
return &Range[T]{
|
||||
start: start,
|
||||
end: end,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *Range[T]) Contains(t T) bool {
|
||||
return t >= r.start && t <= r.end
|
||||
}
|
||||
|
||||
func (r *Range[T]) LeftContains(t T) bool {
|
||||
return t >= r.start && t < r.end
|
||||
}
|
||||
|
||||
func (r *Range[T]) RightContains(t T) bool {
|
||||
return t > r.start && t <= r.end
|
||||
}
|
||||
|
||||
func (r *Range[T]) Start() T {
|
||||
return r.start
|
||||
}
|
||||
|
||||
func (r *Range[T]) End() T {
|
||||
return r.end
|
||||
}
|
@ -2,11 +2,14 @@ package sniffer
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"github.com/Dreamacro/clash/component/trie"
|
||||
"net"
|
||||
"net/netip"
|
||||
"strconv"
|
||||
|
||||
"github.com/Dreamacro/clash/component/trie"
|
||||
|
||||
CN "github.com/Dreamacro/clash/common/net"
|
||||
"github.com/Dreamacro/clash/common/utils"
|
||||
"github.com/Dreamacro/clash/component/resolver"
|
||||
C "github.com/Dreamacro/clash/constant"
|
||||
"github.com/Dreamacro/clash/log"
|
||||
@ -26,6 +29,7 @@ type SnifferDispatcher struct {
|
||||
|
||||
foreDomain *trie.DomainTrie[bool]
|
||||
skipSNI *trie.DomainTrie[bool]
|
||||
portRanges *[]utils.Range[uint16]
|
||||
}
|
||||
|
||||
func (sd *SnifferDispatcher) TCPSniff(conn net.Conn, metadata *C.Metadata) {
|
||||
@ -35,6 +39,18 @@ func (sd *SnifferDispatcher) TCPSniff(conn net.Conn, metadata *C.Metadata) {
|
||||
}
|
||||
|
||||
if metadata.Host == "" || sd.foreDomain.Search(metadata.Host) != nil {
|
||||
port, err := strconv.ParseUint(metadata.DstPort, 10, 16)
|
||||
if err != nil {
|
||||
log.Debugln("[Sniffer] Dst port is error")
|
||||
return
|
||||
}
|
||||
|
||||
for _, portRange := range *sd.portRanges {
|
||||
if !portRange.Contains(uint16(port)) {
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if host, err := sd.sniffDomain(bufConn, metadata); err != nil {
|
||||
log.Debugln("[Sniffer] All sniffing sniff failed with from [%s:%s] to [%s:%s]", metadata.SrcIP, metadata.SrcPort, metadata.String(), metadata.DstPort)
|
||||
return
|
||||
@ -102,11 +118,13 @@ func NewCloseSnifferDispatcher() (*SnifferDispatcher, error) {
|
||||
return &dispatcher, nil
|
||||
}
|
||||
|
||||
func NewSnifferDispatcher(needSniffer []C.SnifferType, forceDomain *trie.DomainTrie[bool], skipSNI *trie.DomainTrie[bool]) (*SnifferDispatcher, error) {
|
||||
func NewSnifferDispatcher(needSniffer []C.SnifferType, forceDomain *trie.DomainTrie[bool],
|
||||
skipSNI *trie.DomainTrie[bool], ports *[]utils.Range[uint16]) (*SnifferDispatcher, error) {
|
||||
dispatcher := SnifferDispatcher{
|
||||
enable: true,
|
||||
foreDomain: forceDomain,
|
||||
skipSNI: skipSNI,
|
||||
portRanges: ports,
|
||||
}
|
||||
|
||||
for _, snifferName := range needSniffer {
|
||||
|
@ -4,16 +4,19 @@ import (
|
||||
"container/list"
|
||||
"errors"
|
||||
"fmt"
|
||||
R "github.com/Dreamacro/clash/rule"
|
||||
RP "github.com/Dreamacro/clash/rule/provider"
|
||||
"net"
|
||||
"net/netip"
|
||||
"net/url"
|
||||
"os"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/Dreamacro/clash/common/utils"
|
||||
R "github.com/Dreamacro/clash/rule"
|
||||
RP "github.com/Dreamacro/clash/rule/provider"
|
||||
|
||||
"github.com/Dreamacro/clash/adapter"
|
||||
"github.com/Dreamacro/clash/adapter/outbound"
|
||||
"github.com/Dreamacro/clash/adapter/outboundgroup"
|
||||
@ -127,6 +130,7 @@ type Sniffer struct {
|
||||
Reverses *trie.DomainTrie[bool]
|
||||
ForceDomain *trie.DomainTrie[bool]
|
||||
SkipSNI *trie.DomainTrie[bool]
|
||||
Ports *[]utils.Range[uint16]
|
||||
}
|
||||
|
||||
// Experimental config
|
||||
@ -224,6 +228,7 @@ type SnifferRaw struct {
|
||||
Reverse []string `yaml:"reverses" json:"reverses"`
|
||||
ForceDomain []string `yaml:"force-domain" json:"force-domain"`
|
||||
SkipSNI []string `yaml:"skip-sni" json:"skip-sni"`
|
||||
Ports []string `yaml:"port-whitelist" json:"port-whitelist"`
|
||||
}
|
||||
|
||||
// Parse config
|
||||
@ -298,6 +303,7 @@ func UnmarshalRawConfig(buf []byte) (*RawConfig, error) {
|
||||
Reverse: []string{},
|
||||
ForceDomain: []string{},
|
||||
SkipSNI: []string{},
|
||||
Ports: []string{},
|
||||
},
|
||||
Profile: Profile{
|
||||
StoreSelected: true,
|
||||
@ -914,6 +920,33 @@ func parseSniffer(snifferRaw SnifferRaw) (*Sniffer, error) {
|
||||
Force: snifferRaw.Force,
|
||||
}
|
||||
|
||||
ports := []utils.Range[uint16]{}
|
||||
if len(snifferRaw.Ports) == 0 {
|
||||
ports = append(ports, *utils.NewRange[uint16](0, 65535))
|
||||
} else {
|
||||
for _, portRange := range snifferRaw.Ports {
|
||||
portRaws := strings.Split(portRange, "-")
|
||||
if len(portRaws) > 1 {
|
||||
p, err := strconv.ParseUint(portRaws[0], 10, 16)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s format error", portRange)
|
||||
}
|
||||
|
||||
start := uint16(p)
|
||||
|
||||
p, err = strconv.ParseUint(portRaws[0], 10, 16)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("%s format error", portRange)
|
||||
}
|
||||
|
||||
end := uint16(p)
|
||||
ports = append(ports, *utils.NewRange(start, end))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sniffer.Ports = &ports
|
||||
|
||||
loadSniffer := make(map[C.SnifferType]struct{})
|
||||
|
||||
for _, snifferName := range snifferRaw.Sniffing {
|
||||
|
3
go.mod
3
go.mod
@ -21,7 +21,8 @@ require (
|
||||
go.uber.org/atomic v1.9.0
|
||||
go.uber.org/automaxprocs v1.5.1
|
||||
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
|
||||
golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2
|
||||
golang.org/x/exp v0.0.0-20220414153411-bcd21879b8fd
|
||||
golang.org/x/net v0.0.0-20220412020605-290c469a71a5
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
|
||||
golang.org/x/time v0.0.0-20220411224347-583f2d630306
|
||||
|
@ -222,7 +222,7 @@ func updateTun(tun *config.Tun, dns *config.DNS) {
|
||||
|
||||
func updateSniffer(sniffer *config.Sniffer) {
|
||||
if sniffer.Enable {
|
||||
dispatcher, err := SNI.NewSnifferDispatcher(sniffer.Sniffers, sniffer.ForceDomain, sniffer.SkipSNI)
|
||||
dispatcher, err := SNI.NewSnifferDispatcher(sniffer.Sniffers, sniffer.ForceDomain, sniffer.SkipSNI, sniffer.Ports)
|
||||
if err != nil {
|
||||
log.Warnln("initial sniffer failed, err:%v", err)
|
||||
}
|
||||
|
@ -5,20 +5,16 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/Dreamacro/clash/common/utils"
|
||||
C "github.com/Dreamacro/clash/constant"
|
||||
)
|
||||
|
||||
type portReal struct {
|
||||
portStart int
|
||||
portEnd int
|
||||
}
|
||||
|
||||
type Port struct {
|
||||
*Base
|
||||
adapter string
|
||||
port string
|
||||
isSource bool
|
||||
portList []portReal
|
||||
portList []utils.Range[uint16]
|
||||
}
|
||||
|
||||
func (p *Port) RuleType() C.RuleType {
|
||||
@ -45,17 +41,13 @@ func (p *Port) Payload() string {
|
||||
|
||||
func (p *Port) matchPortReal(portRef string) bool {
|
||||
port, _ := strconv.Atoi(portRef)
|
||||
var rs bool
|
||||
|
||||
for _, pr := range p.portList {
|
||||
if pr.portEnd == -1 {
|
||||
rs = port == pr.portStart
|
||||
} else {
|
||||
rs = port >= pr.portStart && port <= pr.portEnd
|
||||
}
|
||||
if rs {
|
||||
if pr.Contains(uint16(port)) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
@ -65,7 +57,7 @@ func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
||||
return nil, fmt.Errorf("%s, too many ports to use, maximum support 28 ports", errPayload.Error())
|
||||
}
|
||||
|
||||
var portList []portReal
|
||||
var portRange []utils.Range[uint16]
|
||||
for _, p := range ports {
|
||||
if p == "" {
|
||||
continue
|
||||
@ -84,23 +76,18 @@ func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
||||
|
||||
switch subPortsLen {
|
||||
case 1:
|
||||
portList = append(portList, portReal{int(portStart), -1})
|
||||
portRange = append(portRange, *utils.NewRange(uint16(portStart), uint16(portStart)))
|
||||
case 2:
|
||||
portEnd, err := strconv.ParseUint(strings.Trim(subPorts[1], "[ ]"), 10, 16)
|
||||
if err != nil {
|
||||
return nil, errPayload
|
||||
}
|
||||
|
||||
shouldReverse := portStart > portEnd
|
||||
if shouldReverse {
|
||||
portList = append(portList, portReal{int(portEnd), int(portStart)})
|
||||
} else {
|
||||
portList = append(portList, portReal{int(portStart), int(portEnd)})
|
||||
}
|
||||
portRange = append(portRange, *utils.NewRange(uint16(portStart), uint16(portEnd)))
|
||||
}
|
||||
}
|
||||
|
||||
if len(portList) == 0 {
|
||||
if len(portRange) == 0 {
|
||||
return nil, errPayload
|
||||
}
|
||||
|
||||
@ -109,7 +96,7 @@ func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
||||
adapter: adapter,
|
||||
port: port,
|
||||
isSource: isSource,
|
||||
portList: portList,
|
||||
portList: portRange,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user