mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-22 20:59:19 +02:00
Enhancement of "redirect" function, adding support for MacOS
Added the function of "MacOS" FreeBSD firewall traffic forwarding and resolving destination address example: "inbounds": [ { "listen": "127.0.0.1", "port": 1122, "protocol": "dokodemo-door", "tag": "dokodemo", "settings": { "network": "tcp", "followRedirect": true, "userLevel": 0 }, "streamSettings": { "sockopt": { "tproxy": "Redirect" } } } ] 还原#1189 提交
This commit is contained in:
parent
59602db02d
commit
4140bcd11a
|
@ -72,13 +72,6 @@ func (w *tcpWorker) callback(conn stat.Connection) {
|
||||||
}
|
}
|
||||||
case internet.SocketConfig_TProxy:
|
case internet.SocketConfig_TProxy:
|
||||||
dest = net.DestinationFromAddr(conn.LocalAddr())
|
dest = net.DestinationFromAddr(conn.LocalAddr())
|
||||||
case internet.SocketConfig_PF:
|
|
||||||
d, err := net.OriginalDst(conn)
|
|
||||||
if err != nil {
|
|
||||||
newError("failed to get original destination").Base(err).WriteToLog(session.ExportIDToError(ctx))
|
|
||||||
} else {
|
|
||||||
dest = d
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if dest.IsValid() {
|
if dest.IsValid() {
|
||||||
ctx = session.ContextWithOutbound(ctx, &session.Outbound{
|
ctx = session.ContextWithOutbound(ctx, &session.Outbound{
|
||||||
|
|
|
@ -1,94 +0,0 @@
|
||||||
//go:build darwin
|
|
||||||
|
|
||||||
package net
|
|
||||||
|
|
||||||
import (
|
|
||||||
"net"
|
|
||||||
"os"
|
|
||||||
"syscall"
|
|
||||||
"unsafe"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
PfOut = 2
|
|
||||||
IOCOut = 0x40000000
|
|
||||||
IOCIn = 0x80000000
|
|
||||||
IOCInOut = IOCIn | IOCOut
|
|
||||||
IOCPARMMask = 0x1FFF
|
|
||||||
LEN = 4*16 + 4*4 + 4*1
|
|
||||||
// #define _IOC(inout,group,num,len) (inout | ((len & IOCPARMMask) << 16) | ((group) << 8) | (num))
|
|
||||||
// #define _IOWR(g,n,t) _IOC(IOCInOut, (g), (n), sizeof(t))
|
|
||||||
// #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook)
|
|
||||||
DIOCNATLOOK = IOCInOut | ((LEN & IOCPARMMask) << 16) | ('D' << 8) | 23
|
|
||||||
)
|
|
||||||
|
|
||||||
// OriginalDst uses ioctl to read original destination from /dev/pf
|
|
||||||
func OriginalDst(conn Conn) (Destination, error) {
|
|
||||||
f, err := os.Open("/dev/pf")
|
|
||||||
if err != nil {
|
|
||||||
return Destination{}, newError("failed to open device /dev/pf").Base(err)
|
|
||||||
}
|
|
||||||
defer f.Close()
|
|
||||||
|
|
||||||
fd := f.Fd()
|
|
||||||
nl := struct { // struct pfioc_natlook
|
|
||||||
saddr, daddr, rsaddr, rdaddr [16]byte
|
|
||||||
sxport, dxport, rsxport, rdxport [4]byte
|
|
||||||
af, proto, protoVariant, direction uint8
|
|
||||||
}{
|
|
||||||
af: syscall.AF_INET,
|
|
||||||
proto: syscall.IPPROTO_TCP,
|
|
||||||
direction: PfOut,
|
|
||||||
}
|
|
||||||
var raIP, laIP net.IP
|
|
||||||
var raPort, laPort int
|
|
||||||
la := conn.LocalAddr()
|
|
||||||
ra := conn.RemoteAddr()
|
|
||||||
switch la.(type) {
|
|
||||||
case *net.TCPAddr:
|
|
||||||
raIP = ra.(*net.TCPAddr).IP
|
|
||||||
laIP = la.(*net.TCPAddr).IP
|
|
||||||
raPort = ra.(*net.TCPAddr).Port
|
|
||||||
laPort = la.(*net.TCPAddr).Port
|
|
||||||
case *net.UDPAddr:
|
|
||||||
raIP = ra.(*net.UDPAddr).IP
|
|
||||||
laIP = la.(*net.UDPAddr).IP
|
|
||||||
raPort = ra.(*net.UDPAddr).Port
|
|
||||||
laPort = la.(*net.UDPAddr).Port
|
|
||||||
}
|
|
||||||
if raIP.To4() != nil {
|
|
||||||
if laIP.IsUnspecified() {
|
|
||||||
laIP = net.ParseIP("127.0.0.1")
|
|
||||||
}
|
|
||||||
copy(nl.saddr[:net.IPv4len], raIP.To4())
|
|
||||||
copy(nl.daddr[:net.IPv4len], laIP.To4())
|
|
||||||
}
|
|
||||||
if raIP.To16() != nil && raIP.To4() == nil {
|
|
||||||
if laIP.IsUnspecified() {
|
|
||||||
laIP = net.ParseIP("::1")
|
|
||||||
}
|
|
||||||
copy(nl.saddr[:], raIP)
|
|
||||||
copy(nl.daddr[:], laIP)
|
|
||||||
}
|
|
||||||
nl.sxport[0], nl.sxport[1] = byte(raPort>>8), byte(raPort)
|
|
||||||
nl.dxport[0], nl.dxport[1] = byte(laPort>>8), byte(laPort)
|
|
||||||
if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, DIOCNATLOOK, uintptr(unsafe.Pointer(&nl))); errno != 0 {
|
|
||||||
return Destination{}, os.NewSyscallError("ioctl", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
odPort := nl.rdxport
|
|
||||||
var odIP net.IP
|
|
||||||
switch nl.af {
|
|
||||||
case syscall.AF_INET:
|
|
||||||
odIP = make(net.IP, net.IPv4len)
|
|
||||||
copy(odIP, nl.rdaddr[:net.IPv4len])
|
|
||||||
case syscall.AF_INET6:
|
|
||||||
odIP = make(net.IP, net.IPv6len)
|
|
||||||
copy(odIP, nl.rdaddr[:])
|
|
||||||
}
|
|
||||||
return Destination{
|
|
||||||
Address: IPAddress(odIP),
|
|
||||||
Port: PortFromBytes(odPort[:2]),
|
|
||||||
Network: Network_TCP,
|
|
||||||
}, nil
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
//go:build !darwin
|
|
||||||
|
|
||||||
package net
|
|
||||||
|
|
||||||
// OriginalDst uses ioctl to read original destination from /dev/pf
|
|
||||||
func OriginalDst(conn Conn) (Destination, error) {
|
|
||||||
return Destination{}, newError("This platform is not supported")
|
|
||||||
}
|
|
|
@ -558,8 +558,6 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) {
|
||||||
tproxy = internet.SocketConfig_TProxy
|
tproxy = internet.SocketConfig_TProxy
|
||||||
case "redirect":
|
case "redirect":
|
||||||
tproxy = internet.SocketConfig_Redirect
|
tproxy = internet.SocketConfig_Redirect
|
||||||
case "pf":
|
|
||||||
tproxy = internet.SocketConfig_PF
|
|
||||||
default:
|
default:
|
||||||
tproxy = internet.SocketConfig_Off
|
tproxy = internet.SocketConfig_Off
|
||||||
}
|
}
|
||||||
|
|
|
@ -140,8 +140,6 @@ const (
|
||||||
SocketConfig_TProxy SocketConfig_TProxyMode = 1
|
SocketConfig_TProxy SocketConfig_TProxyMode = 1
|
||||||
// Redirect mode.
|
// Redirect mode.
|
||||||
SocketConfig_Redirect SocketConfig_TProxyMode = 2
|
SocketConfig_Redirect SocketConfig_TProxyMode = 2
|
||||||
// PF mode.
|
|
||||||
SocketConfig_PF SocketConfig_TProxyMode = 3
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Enum value maps for SocketConfig_TProxyMode.
|
// Enum value maps for SocketConfig_TProxyMode.
|
||||||
|
@ -150,13 +148,11 @@ var (
|
||||||
0: "Off",
|
0: "Off",
|
||||||
1: "TProxy",
|
1: "TProxy",
|
||||||
2: "Redirect",
|
2: "Redirect",
|
||||||
3: "PF",
|
|
||||||
}
|
}
|
||||||
SocketConfig_TProxyMode_value = map[string]int32{
|
SocketConfig_TProxyMode_value = map[string]int32{
|
||||||
"Off": 0,
|
"Off": 0,
|
||||||
"TProxy": 1,
|
"TProxy": 1,
|
||||||
"Redirect": 2,
|
"Redirect": 2,
|
||||||
"PF": 3,
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -591,7 +587,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{
|
||||||
0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79,
|
0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79,
|
||||||
0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74,
|
0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74,
|
||||||
0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f,
|
0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f,
|
||||||
0x78, 0x79, 0x22, 0xc9, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e,
|
0x78, 0x79, 0x22, 0xc1, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e,
|
||||||
0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28,
|
0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||||
0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02,
|
0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02,
|
||||||
0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72,
|
0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72,
|
||||||
|
@ -624,27 +620,27 @@ var file_transport_internet_config_proto_rawDesc = []byte{
|
||||||
0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2d, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65,
|
0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2d, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65,
|
||||||
0x65, 0x70, 0x5f, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x0b, 0x20,
|
0x65, 0x70, 0x5f, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x0b, 0x20,
|
||||||
0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76,
|
0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76,
|
||||||
0x65, 0x49, 0x64, 0x6c, 0x65, 0x22, 0x37, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d,
|
0x65, 0x49, 0x64, 0x6c, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d,
|
||||||
0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06,
|
0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06,
|
||||||
0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69,
|
0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69,
|
||||||
0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x50, 0x46, 0x10, 0x03, 0x2a, 0x5a,
|
0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70,
|
||||||
0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f,
|
0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54,
|
||||||
0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03,
|
0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a,
|
||||||
0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12,
|
0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f,
|
||||||
0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08,
|
0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04,
|
||||||
0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61,
|
0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74,
|
||||||
0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f,
|
0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61,
|
||||||
0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05,
|
0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12,
|
||||||
0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49,
|
0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55,
|
||||||
0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02,
|
0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f,
|
||||||
0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a,
|
0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61,
|
||||||
0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70,
|
0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65,
|
||||||
0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c,
|
0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
|
||||||
0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f,
|
0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72,
|
||||||
0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70,
|
0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65,
|
||||||
0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58,
|
0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e,
|
||||||
0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e,
|
0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06,
|
||||||
0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
|
@ -74,8 +74,6 @@ message SocketConfig {
|
||||||
TProxy = 1;
|
TProxy = 1;
|
||||||
// Redirect mode.
|
// Redirect mode.
|
||||||
Redirect = 2;
|
Redirect = 2;
|
||||||
// PF mode.
|
|
||||||
PF = 3;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TProxy is for enabling TProxy socket option.
|
// TProxy is for enabling TProxy socket option.
|
||||||
|
|
|
@ -1,7 +1,11 @@
|
||||||
package internet
|
package internet
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/xtls/xray-core/common/net"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
|
"os"
|
||||||
|
"syscall"
|
||||||
|
"unsafe"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -13,6 +17,83 @@ const (
|
||||||
sysTCP_KEEPINTVL = 0x101 // nolint: revive,stylecheck
|
sysTCP_KEEPINTVL = 0x101 // nolint: revive,stylecheck
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
PfOut = 2
|
||||||
|
IOCOut = 0x40000000
|
||||||
|
IOCIn = 0x80000000
|
||||||
|
IOCInOut = IOCIn | IOCOut
|
||||||
|
IOCPARMMask = 0x1FFF
|
||||||
|
LEN = 4*16 + 4*4 + 4*1
|
||||||
|
// #define _IOC(inout,group,num,len) (inout | ((len & IOCPARMMask) << 16) | ((group) << 8) | (num))
|
||||||
|
// #define _IOWR(g,n,t) _IOC(IOCInOut, (g), (n), sizeof(t))
|
||||||
|
// #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook)
|
||||||
|
DIOCNATLOOK = IOCInOut | ((LEN & IOCPARMMask) << 16) | ('D' << 8) | 23
|
||||||
|
)
|
||||||
|
|
||||||
|
// OriginalDst uses ioctl to read original destination from /dev/pf
|
||||||
|
func OriginalDst(la, ra net.Addr) (net.IP, int, error) {
|
||||||
|
f, err := os.Open("/dev/pf")
|
||||||
|
if err != nil {
|
||||||
|
return net.IP{}, -1, newError("failed to open device /dev/pf").Base(err)
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
fd := f.Fd()
|
||||||
|
nl := struct { // struct pfioc_natlook
|
||||||
|
saddr, daddr, rsaddr, rdaddr [16]byte
|
||||||
|
sxport, dxport, rsxport, rdxport [4]byte
|
||||||
|
af, proto, protoVariant, direction uint8
|
||||||
|
}{
|
||||||
|
af: syscall.AF_INET,
|
||||||
|
proto: syscall.IPPROTO_TCP,
|
||||||
|
direction: PfOut,
|
||||||
|
}
|
||||||
|
var raIP, laIP net.IP
|
||||||
|
var raPort, laPort int
|
||||||
|
switch la.(type) {
|
||||||
|
case *net.TCPAddr:
|
||||||
|
raIP = ra.(*net.TCPAddr).IP
|
||||||
|
laIP = la.(*net.TCPAddr).IP
|
||||||
|
raPort = ra.(*net.TCPAddr).Port
|
||||||
|
laPort = la.(*net.TCPAddr).Port
|
||||||
|
case *net.UDPAddr:
|
||||||
|
raIP = ra.(*net.UDPAddr).IP
|
||||||
|
laIP = la.(*net.UDPAddr).IP
|
||||||
|
raPort = ra.(*net.UDPAddr).Port
|
||||||
|
laPort = la.(*net.UDPAddr).Port
|
||||||
|
}
|
||||||
|
if raIP.To4() != nil {
|
||||||
|
if laIP.IsUnspecified() {
|
||||||
|
laIP = net.ParseIP("127.0.0.1")
|
||||||
|
}
|
||||||
|
copy(nl.saddr[:net.IPv4len], raIP.To4())
|
||||||
|
copy(nl.daddr[:net.IPv4len], laIP.To4())
|
||||||
|
}
|
||||||
|
if raIP.To16() != nil && raIP.To4() == nil {
|
||||||
|
if laIP.IsUnspecified() {
|
||||||
|
laIP = net.ParseIP("::1")
|
||||||
|
}
|
||||||
|
copy(nl.saddr[:], raIP)
|
||||||
|
copy(nl.daddr[:], laIP)
|
||||||
|
}
|
||||||
|
nl.sxport[0], nl.sxport[1] = byte(raPort>>8), byte(raPort)
|
||||||
|
nl.dxport[0], nl.dxport[1] = byte(laPort>>8), byte(laPort)
|
||||||
|
if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, DIOCNATLOOK, uintptr(unsafe.Pointer(&nl))); errno != 0 {
|
||||||
|
return net.IP{}, -1, os.NewSyscallError("ioctl", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
odPort := nl.rdxport
|
||||||
|
var odIP net.IP
|
||||||
|
switch nl.af {
|
||||||
|
case syscall.AF_INET:
|
||||||
|
odIP = make(net.IP, net.IPv4len)
|
||||||
|
copy(odIP, nl.rdaddr[:net.IPv4len])
|
||||||
|
case syscall.AF_INET6:
|
||||||
|
odIP = make(net.IP, net.IPv6len)
|
||||||
|
copy(odIP, nl.rdaddr[:])
|
||||||
|
}
|
||||||
|
return odIP, int(net.PortFromBytes(odPort[:2])), nil
|
||||||
|
}
|
||||||
|
|
||||||
func applyOutboundSocketOptions(network string, address string, fd uintptr, config *SocketConfig) error {
|
func applyOutboundSocketOptions(network string, address string, fd uintptr, config *SocketConfig) error {
|
||||||
if isTCPSocket(network) {
|
if isTCPSocket(network) {
|
||||||
tfo := config.ParseTFOValue()
|
tfo := config.ParseTFOValue()
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
//go:build darwin
|
||||||
|
// +build darwin
|
||||||
|
|
||||||
|
package tcp
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/xtls/xray-core/common/net"
|
||||||
|
"github.com/xtls/xray-core/transport/internet"
|
||||||
|
"github.com/xtls/xray-core/transport/internet/stat"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GetOriginalDestination from tcp conn
|
||||||
|
func GetOriginalDestination(conn stat.Connection) (net.Destination, error) {
|
||||||
|
la := conn.LocalAddr()
|
||||||
|
ra := conn.RemoteAddr()
|
||||||
|
ip, port, err := internet.OriginalDst(la, ra)
|
||||||
|
if err != nil {
|
||||||
|
return net.Destination{}, newError("failed to get destination").Base(err)
|
||||||
|
}
|
||||||
|
dest := net.TCPDestination(net.IPAddress(ip), net.Port(port))
|
||||||
|
if !dest.IsValid() {
|
||||||
|
return net.Destination{}, newError("failed to parse destination.")
|
||||||
|
}
|
||||||
|
return dest, nil
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
//go:build !linux && !freebsd
|
//go:build !linux && !freebsd && !darwin
|
||||||
// +build !linux,!freebsd
|
// +build !linux,!freebsd,!darwin
|
||||||
|
|
||||||
package tcp
|
package tcp
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
//go:build darwin
|
||||||
|
// +build darwin
|
||||||
|
|
||||||
|
package udp
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/gob"
|
||||||
|
"io"
|
||||||
|
|
||||||
|
"github.com/xtls/xray-core/common/errors"
|
||||||
|
"github.com/xtls/xray-core/common/net"
|
||||||
|
"github.com/xtls/xray-core/transport/internet"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RetrieveOriginalDest from stored laddr, caddr
|
||||||
|
func RetrieveOriginalDest(oob []byte) net.Destination {
|
||||||
|
dec := gob.NewDecoder(bytes.NewBuffer(oob))
|
||||||
|
var la, ra net.UDPAddr
|
||||||
|
dec.Decode(&la)
|
||||||
|
dec.Decode(&ra)
|
||||||
|
ip, port, err := internet.OriginalDst(&la, &ra)
|
||||||
|
if err != nil {
|
||||||
|
return net.Destination{}
|
||||||
|
}
|
||||||
|
return net.UDPDestination(net.IPAddress(ip), net.Port(port))
|
||||||
|
}
|
||||||
|
|
||||||
|
// ReadUDPMsg stores laddr, caddr for later use
|
||||||
|
func ReadUDPMsg(conn *net.UDPConn, payload []byte, oob []byte) (int, int, int, *net.UDPAddr, error) {
|
||||||
|
nBytes, addr, err := conn.ReadFromUDP(payload)
|
||||||
|
var buf bytes.Buffer
|
||||||
|
enc := gob.NewEncoder(&buf)
|
||||||
|
udpAddr, ok := conn.LocalAddr().(*net.UDPAddr)
|
||||||
|
if !ok {
|
||||||
|
return 0, 0, 0, nil, errors.New("invalid local address")
|
||||||
|
}
|
||||||
|
if addr == nil {
|
||||||
|
return 0, 0, 0, nil, errors.New("invalid remote address")
|
||||||
|
}
|
||||||
|
enc.Encode(udpAddr)
|
||||||
|
enc.Encode(addr)
|
||||||
|
var reader io.Reader = &buf
|
||||||
|
noob, _ := reader.Read(oob)
|
||||||
|
return nBytes, noob, 0, addr, err
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
//go:build !linux && !freebsd
|
//go:build !linux && !freebsd && !darwin
|
||||||
// +build !linux,!freebsd
|
// +build !linux,!freebsd,!darwin
|
||||||
|
|
||||||
package udp
|
package udp
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue