router.go 35 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056
  1. package route
  2. import (
  3. "context"
  4. "errors"
  5. "net"
  6. "net/netip"
  7. "net/url"
  8. "os"
  9. "os/user"
  10. "strings"
  11. "time"
  12. "github.com/sagernet/sing-box/adapter"
  13. "github.com/sagernet/sing-box/common/conntrack"
  14. "github.com/sagernet/sing-box/common/dialer"
  15. "github.com/sagernet/sing-box/common/geoip"
  16. "github.com/sagernet/sing-box/common/geosite"
  17. "github.com/sagernet/sing-box/common/process"
  18. "github.com/sagernet/sing-box/common/sniff"
  19. C "github.com/sagernet/sing-box/constant"
  20. "github.com/sagernet/sing-box/experimental/libbox/platform"
  21. "github.com/sagernet/sing-box/log"
  22. "github.com/sagernet/sing-box/ntp"
  23. "github.com/sagernet/sing-box/option"
  24. "github.com/sagernet/sing-box/outbound"
  25. "github.com/sagernet/sing-box/transport/fakeip"
  26. "github.com/sagernet/sing-dns"
  27. mux "github.com/sagernet/sing-mux"
  28. "github.com/sagernet/sing-tun"
  29. "github.com/sagernet/sing-vmess"
  30. "github.com/sagernet/sing/common"
  31. "github.com/sagernet/sing/common/buf"
  32. "github.com/sagernet/sing/common/bufio"
  33. "github.com/sagernet/sing/common/bufio/deadline"
  34. "github.com/sagernet/sing/common/control"
  35. E "github.com/sagernet/sing/common/exceptions"
  36. F "github.com/sagernet/sing/common/format"
  37. M "github.com/sagernet/sing/common/metadata"
  38. N "github.com/sagernet/sing/common/network"
  39. serviceNTP "github.com/sagernet/sing/common/ntp"
  40. "github.com/sagernet/sing/common/uot"
  41. "github.com/sagernet/sing/service"
  42. "github.com/sagernet/sing/service/pause"
  43. )
  44. var _ adapter.Router = (*Router)(nil)
  45. type Router struct {
  46. ctx context.Context
  47. logger log.ContextLogger
  48. dnsLogger log.ContextLogger
  49. inboundByTag map[string]adapter.Inbound
  50. outbounds []adapter.Outbound
  51. outboundByTag map[string]adapter.Outbound
  52. rules []adapter.Rule
  53. defaultDetour string
  54. defaultOutboundForConnection adapter.Outbound
  55. defaultOutboundForPacketConnection adapter.Outbound
  56. needGeoIPDatabase bool
  57. needGeositeDatabase bool
  58. geoIPOptions option.GeoIPOptions
  59. geositeOptions option.GeositeOptions
  60. geoIPReader *geoip.Reader
  61. geositeReader *geosite.Reader
  62. geositeCache map[string]adapter.Rule
  63. dnsClient *dns.Client
  64. defaultDomainStrategy dns.DomainStrategy
  65. dnsRules []adapter.DNSRule
  66. defaultTransport dns.Transport
  67. transports []dns.Transport
  68. transportMap map[string]dns.Transport
  69. transportDomainStrategy map[dns.Transport]dns.DomainStrategy
  70. dnsReverseMapping *DNSReverseMapping
  71. fakeIPStore adapter.FakeIPStore
  72. interfaceFinder myInterfaceFinder
  73. autoDetectInterface bool
  74. defaultInterface string
  75. defaultMark int
  76. networkMonitor tun.NetworkUpdateMonitor
  77. interfaceMonitor tun.DefaultInterfaceMonitor
  78. packageManager tun.PackageManager
  79. processSearcher process.Searcher
  80. timeService *ntp.Service
  81. pauseManager pause.Manager
  82. clashServer adapter.ClashServer
  83. v2rayServer adapter.V2RayServer
  84. platformInterface platform.Interface
  85. needWIFIState bool
  86. wifiState adapter.WIFIState
  87. started bool
  88. }
  89. func NewRouter(
  90. ctx context.Context,
  91. logFactory log.Factory,
  92. options option.RouteOptions,
  93. dnsOptions option.DNSOptions,
  94. ntpOptions option.NTPOptions,
  95. inbounds []option.Inbound,
  96. platformInterface platform.Interface,
  97. ) (*Router, error) {
  98. router := &Router{
  99. ctx: ctx,
  100. logger: logFactory.NewLogger("router"),
  101. dnsLogger: logFactory.NewLogger("dns"),
  102. outboundByTag: make(map[string]adapter.Outbound),
  103. rules: make([]adapter.Rule, 0, len(options.Rules)),
  104. dnsRules: make([]adapter.DNSRule, 0, len(dnsOptions.Rules)),
  105. needGeoIPDatabase: hasRule(options.Rules, isGeoIPRule) || hasDNSRule(dnsOptions.Rules, isGeoIPDNSRule),
  106. needGeositeDatabase: hasRule(options.Rules, isGeositeRule) || hasDNSRule(dnsOptions.Rules, isGeositeDNSRule),
  107. geoIPOptions: common.PtrValueOrDefault(options.GeoIP),
  108. geositeOptions: common.PtrValueOrDefault(options.Geosite),
  109. geositeCache: make(map[string]adapter.Rule),
  110. defaultDetour: options.Final,
  111. defaultDomainStrategy: dns.DomainStrategy(dnsOptions.Strategy),
  112. autoDetectInterface: options.AutoDetectInterface,
  113. defaultInterface: options.DefaultInterface,
  114. defaultMark: options.DefaultMark,
  115. pauseManager: pause.ManagerFromContext(ctx),
  116. platformInterface: platformInterface,
  117. needWIFIState: hasRule(options.Rules, isWIFIRule) || hasDNSRule(dnsOptions.Rules, isWIFIDNSRule),
  118. }
  119. router.dnsClient = dns.NewClient(dns.ClientOptions{
  120. DisableCache: dnsOptions.DNSClientOptions.DisableCache,
  121. DisableExpire: dnsOptions.DNSClientOptions.DisableExpire,
  122. IndependentCache: dnsOptions.DNSClientOptions.IndependentCache,
  123. Logger: router.dnsLogger,
  124. })
  125. for i, ruleOptions := range options.Rules {
  126. routeRule, err := NewRule(router, router.logger, ruleOptions, true)
  127. if err != nil {
  128. return nil, E.Cause(err, "parse rule[", i, "]")
  129. }
  130. router.rules = append(router.rules, routeRule)
  131. }
  132. for i, dnsRuleOptions := range dnsOptions.Rules {
  133. dnsRule, err := NewDNSRule(router, router.logger, dnsRuleOptions, true)
  134. if err != nil {
  135. return nil, E.Cause(err, "parse dns rule[", i, "]")
  136. }
  137. router.dnsRules = append(router.dnsRules, dnsRule)
  138. }
  139. transports := make([]dns.Transport, len(dnsOptions.Servers))
  140. dummyTransportMap := make(map[string]dns.Transport)
  141. transportMap := make(map[string]dns.Transport)
  142. transportTags := make([]string, len(dnsOptions.Servers))
  143. transportTagMap := make(map[string]bool)
  144. transportDomainStrategy := make(map[dns.Transport]dns.DomainStrategy)
  145. for i, server := range dnsOptions.Servers {
  146. var tag string
  147. if server.Tag != "" {
  148. tag = server.Tag
  149. } else {
  150. tag = F.ToString(i)
  151. }
  152. if transportTagMap[tag] {
  153. return nil, E.New("duplicate dns server tag: ", tag)
  154. }
  155. transportTags[i] = tag
  156. transportTagMap[tag] = true
  157. }
  158. ctx = adapter.ContextWithRouter(ctx, router)
  159. for {
  160. lastLen := len(dummyTransportMap)
  161. for i, server := range dnsOptions.Servers {
  162. tag := transportTags[i]
  163. if _, exists := dummyTransportMap[tag]; exists {
  164. continue
  165. }
  166. var detour N.Dialer
  167. if server.Detour == "" {
  168. detour = dialer.NewRouter(router)
  169. } else {
  170. detour = dialer.NewDetour(router, server.Detour)
  171. }
  172. switch server.Address {
  173. case "local":
  174. default:
  175. serverURL, _ := url.Parse(server.Address)
  176. var serverAddress string
  177. if serverURL != nil {
  178. serverAddress = serverURL.Hostname()
  179. }
  180. if serverAddress == "" {
  181. serverAddress = server.Address
  182. }
  183. _, notIpAddress := netip.ParseAddr(serverAddress)
  184. if server.AddressResolver != "" {
  185. if !transportTagMap[server.AddressResolver] {
  186. return nil, E.New("parse dns server[", tag, "]: address resolver not found: ", server.AddressResolver)
  187. }
  188. if upstream, exists := dummyTransportMap[server.AddressResolver]; exists {
  189. detour = dns.NewDialerWrapper(detour, router.dnsClient, upstream, dns.DomainStrategy(server.AddressStrategy), time.Duration(server.AddressFallbackDelay))
  190. } else {
  191. continue
  192. }
  193. } else if notIpAddress != nil && strings.Contains(server.Address, ".") {
  194. return nil, E.New("parse dns server[", tag, "]: missing address_resolver")
  195. }
  196. }
  197. transport, err := dns.CreateTransport(tag, ctx, logFactory.NewLogger(F.ToString("dns/transport[", tag, "]")), detour, server.Address)
  198. if err != nil {
  199. return nil, E.Cause(err, "parse dns server[", tag, "]")
  200. }
  201. transports[i] = transport
  202. dummyTransportMap[tag] = transport
  203. if server.Tag != "" {
  204. transportMap[server.Tag] = transport
  205. }
  206. strategy := dns.DomainStrategy(server.Strategy)
  207. if strategy != dns.DomainStrategyAsIS {
  208. transportDomainStrategy[transport] = strategy
  209. }
  210. }
  211. if len(transports) == len(dummyTransportMap) {
  212. break
  213. }
  214. if lastLen != len(dummyTransportMap) {
  215. continue
  216. }
  217. unresolvedTags := common.MapIndexed(common.FilterIndexed(dnsOptions.Servers, func(index int, server option.DNSServerOptions) bool {
  218. _, exists := dummyTransportMap[transportTags[index]]
  219. return !exists
  220. }), func(index int, server option.DNSServerOptions) string {
  221. return transportTags[index]
  222. })
  223. if len(unresolvedTags) == 0 {
  224. panic(F.ToString("unexpected unresolved dns servers: ", len(transports), " ", len(dummyTransportMap), " ", len(transportMap)))
  225. }
  226. return nil, E.New("found circular reference in dns servers: ", strings.Join(unresolvedTags, " "))
  227. }
  228. var defaultTransport dns.Transport
  229. if dnsOptions.Final != "" {
  230. defaultTransport = dummyTransportMap[dnsOptions.Final]
  231. if defaultTransport == nil {
  232. return nil, E.New("default dns server not found: ", dnsOptions.Final)
  233. }
  234. }
  235. if defaultTransport == nil {
  236. if len(transports) == 0 {
  237. transports = append(transports, dns.NewLocalTransport("local", N.SystemDialer))
  238. }
  239. defaultTransport = transports[0]
  240. }
  241. router.defaultTransport = defaultTransport
  242. router.transports = transports
  243. router.transportMap = transportMap
  244. router.transportDomainStrategy = transportDomainStrategy
  245. if dnsOptions.ReverseMapping {
  246. router.dnsReverseMapping = NewDNSReverseMapping()
  247. }
  248. if fakeIPOptions := dnsOptions.FakeIP; fakeIPOptions != nil && dnsOptions.FakeIP.Enabled {
  249. var inet4Range netip.Prefix
  250. var inet6Range netip.Prefix
  251. if fakeIPOptions.Inet4Range != nil {
  252. inet4Range = *fakeIPOptions.Inet4Range
  253. }
  254. if fakeIPOptions.Inet6Range != nil {
  255. inet6Range = *fakeIPOptions.Inet6Range
  256. }
  257. router.fakeIPStore = fakeip.NewStore(ctx, router.logger, inet4Range, inet6Range)
  258. }
  259. usePlatformDefaultInterfaceMonitor := platformInterface != nil && platformInterface.UsePlatformDefaultInterfaceMonitor()
  260. needInterfaceMonitor := options.AutoDetectInterface || common.Any(inbounds, func(inbound option.Inbound) bool {
  261. return inbound.HTTPOptions.SetSystemProxy || inbound.MixedOptions.SetSystemProxy || inbound.TunOptions.AutoRoute
  262. })
  263. if !usePlatformDefaultInterfaceMonitor {
  264. networkMonitor, err := tun.NewNetworkUpdateMonitor(router.logger)
  265. if !((err != nil && !needInterfaceMonitor) || errors.Is(err, os.ErrInvalid)) {
  266. if err != nil {
  267. return nil, err
  268. }
  269. router.networkMonitor = networkMonitor
  270. networkMonitor.RegisterCallback(func() {
  271. _ = router.interfaceFinder.update()
  272. })
  273. interfaceMonitor, err := tun.NewDefaultInterfaceMonitor(router.networkMonitor, router.logger, tun.DefaultInterfaceMonitorOptions{
  274. OverrideAndroidVPN: options.OverrideAndroidVPN,
  275. UnderNetworkExtension: platformInterface != nil && platformInterface.UnderNetworkExtension(),
  276. })
  277. if err != nil {
  278. return nil, E.New("auto_detect_interface unsupported on current platform")
  279. }
  280. interfaceMonitor.RegisterCallback(router.notifyNetworkUpdate)
  281. router.interfaceMonitor = interfaceMonitor
  282. }
  283. } else {
  284. interfaceMonitor := platformInterface.CreateDefaultInterfaceMonitor(router.logger)
  285. interfaceMonitor.RegisterCallback(router.notifyNetworkUpdate)
  286. router.interfaceMonitor = interfaceMonitor
  287. }
  288. needFindProcess := hasRule(options.Rules, isProcessRule) || hasDNSRule(dnsOptions.Rules, isProcessDNSRule) || options.FindProcess
  289. needPackageManager := C.IsAndroid && platformInterface == nil && (needFindProcess || common.Any(inbounds, func(inbound option.Inbound) bool {
  290. return len(inbound.TunOptions.IncludePackage) > 0 || len(inbound.TunOptions.ExcludePackage) > 0
  291. }))
  292. if needPackageManager {
  293. packageManager, err := tun.NewPackageManager(router)
  294. if err != nil {
  295. return nil, E.Cause(err, "create package manager")
  296. }
  297. router.packageManager = packageManager
  298. }
  299. if needFindProcess {
  300. if platformInterface != nil {
  301. router.processSearcher = platformInterface
  302. } else {
  303. searcher, err := process.NewSearcher(process.Config{
  304. Logger: logFactory.NewLogger("router/process"),
  305. PackageManager: router.packageManager,
  306. })
  307. if err != nil {
  308. if err != os.ErrInvalid {
  309. router.logger.Warn(E.Cause(err, "create process searcher"))
  310. }
  311. } else {
  312. router.processSearcher = searcher
  313. }
  314. }
  315. }
  316. if ntpOptions.Enabled {
  317. timeService, err := ntp.NewService(ctx, router, logFactory.NewLogger("ntp"), ntpOptions)
  318. if err != nil {
  319. return nil, err
  320. }
  321. service.ContextWith[serviceNTP.TimeService](ctx, timeService)
  322. router.timeService = timeService
  323. }
  324. if platformInterface != nil && router.interfaceMonitor != nil && router.needWIFIState {
  325. router.interfaceMonitor.RegisterCallback(func(_ int) {
  326. router.updateWIFIState()
  327. })
  328. }
  329. return router, nil
  330. }
  331. func (r *Router) Initialize(inbounds []adapter.Inbound, outbounds []adapter.Outbound, defaultOutbound func() adapter.Outbound) error {
  332. inboundByTag := make(map[string]adapter.Inbound)
  333. for _, inbound := range inbounds {
  334. inboundByTag[inbound.Tag()] = inbound
  335. }
  336. outboundByTag := make(map[string]adapter.Outbound)
  337. for _, detour := range outbounds {
  338. outboundByTag[detour.Tag()] = detour
  339. }
  340. var defaultOutboundForConnection adapter.Outbound
  341. var defaultOutboundForPacketConnection adapter.Outbound
  342. if r.defaultDetour != "" {
  343. detour, loaded := outboundByTag[r.defaultDetour]
  344. if !loaded {
  345. return E.New("default detour not found: ", r.defaultDetour)
  346. }
  347. if common.Contains(detour.Network(), N.NetworkTCP) {
  348. defaultOutboundForConnection = detour
  349. }
  350. if common.Contains(detour.Network(), N.NetworkUDP) {
  351. defaultOutboundForPacketConnection = detour
  352. }
  353. }
  354. var index, packetIndex int
  355. if defaultOutboundForConnection == nil {
  356. for i, detour := range outbounds {
  357. if common.Contains(detour.Network(), N.NetworkTCP) {
  358. index = i
  359. defaultOutboundForConnection = detour
  360. break
  361. }
  362. }
  363. }
  364. if defaultOutboundForPacketConnection == nil {
  365. for i, detour := range outbounds {
  366. if common.Contains(detour.Network(), N.NetworkUDP) {
  367. packetIndex = i
  368. defaultOutboundForPacketConnection = detour
  369. break
  370. }
  371. }
  372. }
  373. if defaultOutboundForConnection == nil || defaultOutboundForPacketConnection == nil {
  374. detour := defaultOutbound()
  375. if defaultOutboundForConnection == nil {
  376. defaultOutboundForConnection = detour
  377. }
  378. if defaultOutboundForPacketConnection == nil {
  379. defaultOutboundForPacketConnection = detour
  380. }
  381. outbounds = append(outbounds, detour)
  382. outboundByTag[detour.Tag()] = detour
  383. }
  384. if defaultOutboundForConnection != defaultOutboundForPacketConnection {
  385. var description string
  386. if defaultOutboundForConnection.Tag() != "" {
  387. description = defaultOutboundForConnection.Tag()
  388. } else {
  389. description = F.ToString(index)
  390. }
  391. var packetDescription string
  392. if defaultOutboundForPacketConnection.Tag() != "" {
  393. packetDescription = defaultOutboundForPacketConnection.Tag()
  394. } else {
  395. packetDescription = F.ToString(packetIndex)
  396. }
  397. r.logger.Info("using ", defaultOutboundForConnection.Type(), "[", description, "] as default outbound for connection")
  398. r.logger.Info("using ", defaultOutboundForPacketConnection.Type(), "[", packetDescription, "] as default outbound for packet connection")
  399. }
  400. r.inboundByTag = inboundByTag
  401. r.outbounds = outbounds
  402. r.defaultOutboundForConnection = defaultOutboundForConnection
  403. r.defaultOutboundForPacketConnection = defaultOutboundForPacketConnection
  404. r.outboundByTag = outboundByTag
  405. for i, rule := range r.rules {
  406. if _, loaded := outboundByTag[rule.Outbound()]; !loaded {
  407. return E.New("outbound not found for rule[", i, "]: ", rule.Outbound())
  408. }
  409. }
  410. return nil
  411. }
  412. func (r *Router) Outbounds() []adapter.Outbound {
  413. return r.outbounds
  414. }
  415. func (r *Router) Start() error {
  416. if r.needGeoIPDatabase {
  417. err := r.prepareGeoIPDatabase()
  418. if err != nil {
  419. return err
  420. }
  421. }
  422. if r.needGeositeDatabase {
  423. err := r.prepareGeositeDatabase()
  424. if err != nil {
  425. return err
  426. }
  427. }
  428. if r.interfaceMonitor != nil {
  429. err := r.interfaceMonitor.Start()
  430. if err != nil {
  431. return err
  432. }
  433. }
  434. if r.networkMonitor != nil {
  435. err := r.networkMonitor.Start()
  436. if err != nil {
  437. return err
  438. }
  439. }
  440. if r.packageManager != nil {
  441. err := r.packageManager.Start()
  442. if err != nil {
  443. return err
  444. }
  445. }
  446. if r.needGeositeDatabase {
  447. for _, rule := range r.rules {
  448. err := rule.UpdateGeosite()
  449. if err != nil {
  450. r.logger.Error("failed to initialize geosite: ", err)
  451. }
  452. }
  453. for _, rule := range r.dnsRules {
  454. err := rule.UpdateGeosite()
  455. if err != nil {
  456. r.logger.Error("failed to initialize geosite: ", err)
  457. }
  458. }
  459. err := common.Close(r.geositeReader)
  460. if err != nil {
  461. return err
  462. }
  463. r.geositeCache = nil
  464. r.geositeReader = nil
  465. }
  466. if r.needWIFIState {
  467. r.updateWIFIState()
  468. }
  469. for i, rule := range r.rules {
  470. err := rule.Start()
  471. if err != nil {
  472. return E.Cause(err, "initialize rule[", i, "]")
  473. }
  474. }
  475. for i, rule := range r.dnsRules {
  476. err := rule.Start()
  477. if err != nil {
  478. return E.Cause(err, "initialize DNS rule[", i, "]")
  479. }
  480. }
  481. if r.fakeIPStore != nil {
  482. err := r.fakeIPStore.Start()
  483. if err != nil {
  484. return err
  485. }
  486. }
  487. for i, transport := range r.transports {
  488. err := transport.Start()
  489. if err != nil {
  490. return E.Cause(err, "initialize DNS server[", i, "]")
  491. }
  492. }
  493. if r.timeService != nil {
  494. err := r.timeService.Start()
  495. if err != nil {
  496. return E.Cause(err, "initialize time service")
  497. }
  498. }
  499. return nil
  500. }
  501. func (r *Router) Close() error {
  502. var err error
  503. for i, rule := range r.rules {
  504. r.logger.Trace("closing rule[", i, "]")
  505. err = E.Append(err, rule.Close(), func(err error) error {
  506. return E.Cause(err, "close rule[", i, "]")
  507. })
  508. }
  509. for i, rule := range r.dnsRules {
  510. r.logger.Trace("closing dns rule[", i, "]")
  511. err = E.Append(err, rule.Close(), func(err error) error {
  512. return E.Cause(err, "close dns rule[", i, "]")
  513. })
  514. }
  515. for i, transport := range r.transports {
  516. r.logger.Trace("closing transport[", i, "] ")
  517. err = E.Append(err, transport.Close(), func(err error) error {
  518. return E.Cause(err, "close dns transport[", i, "]")
  519. })
  520. }
  521. if r.geoIPReader != nil {
  522. r.logger.Trace("closing geoip reader")
  523. err = E.Append(err, r.geoIPReader.Close(), func(err error) error {
  524. return E.Cause(err, "close geoip reader")
  525. })
  526. }
  527. if r.interfaceMonitor != nil {
  528. r.logger.Trace("closing interface monitor")
  529. err = E.Append(err, r.interfaceMonitor.Close(), func(err error) error {
  530. return E.Cause(err, "close interface monitor")
  531. })
  532. }
  533. if r.networkMonitor != nil {
  534. r.logger.Trace("closing network monitor")
  535. err = E.Append(err, r.networkMonitor.Close(), func(err error) error {
  536. return E.Cause(err, "close network monitor")
  537. })
  538. }
  539. if r.packageManager != nil {
  540. r.logger.Trace("closing package manager")
  541. err = E.Append(err, r.packageManager.Close(), func(err error) error {
  542. return E.Cause(err, "close package manager")
  543. })
  544. }
  545. if r.timeService != nil {
  546. r.logger.Trace("closing time service")
  547. err = E.Append(err, r.timeService.Close(), func(err error) error {
  548. return E.Cause(err, "close time service")
  549. })
  550. }
  551. if r.fakeIPStore != nil {
  552. r.logger.Trace("closing fakeip store")
  553. err = E.Append(err, r.fakeIPStore.Close(), func(err error) error {
  554. return E.Cause(err, "close fakeip store")
  555. })
  556. }
  557. return err
  558. }
  559. func (r *Router) PostStart() error {
  560. r.started = true
  561. return nil
  562. }
  563. func (r *Router) Outbound(tag string) (adapter.Outbound, bool) {
  564. outbound, loaded := r.outboundByTag[tag]
  565. return outbound, loaded
  566. }
  567. func (r *Router) DefaultOutbound(network string) adapter.Outbound {
  568. if network == N.NetworkTCP {
  569. return r.defaultOutboundForConnection
  570. } else {
  571. return r.defaultOutboundForPacketConnection
  572. }
  573. }
  574. func (r *Router) FakeIPStore() adapter.FakeIPStore {
  575. return r.fakeIPStore
  576. }
  577. func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
  578. if metadata.InboundDetour != "" {
  579. if metadata.LastInbound == metadata.InboundDetour {
  580. return E.New("routing loop on detour: ", metadata.InboundDetour)
  581. }
  582. detour := r.inboundByTag[metadata.InboundDetour]
  583. if detour == nil {
  584. return E.New("inbound detour not found: ", metadata.InboundDetour)
  585. }
  586. injectable, isInjectable := detour.(adapter.InjectableInbound)
  587. if !isInjectable {
  588. return E.New("inbound detour is not injectable: ", metadata.InboundDetour)
  589. }
  590. if !common.Contains(injectable.Network(), N.NetworkTCP) {
  591. return E.New("inject: TCP unsupported")
  592. }
  593. metadata.LastInbound = metadata.Inbound
  594. metadata.Inbound = metadata.InboundDetour
  595. metadata.InboundDetour = ""
  596. err := injectable.NewConnection(ctx, conn, metadata)
  597. if err != nil {
  598. return E.Cause(err, "inject ", detour.Tag())
  599. }
  600. return nil
  601. }
  602. conntrack.KillerCheck()
  603. metadata.Network = N.NetworkTCP
  604. switch metadata.Destination.Fqdn {
  605. case mux.Destination.Fqdn:
  606. return E.New("global multiplex is deprecated since sing-box v1.7.0, enable multiplex in inbound options instead.")
  607. case vmess.MuxDestination.Fqdn:
  608. return E.New("global multiplex (v2ray legacy) not supported since sing-box v1.7.0.")
  609. case uot.MagicAddress:
  610. return E.New("global UoT not supported since sing-box v1.7.0.")
  611. case uot.LegacyMagicAddress:
  612. return E.New("global UoT (legacy) not supported since sing-box v1.7.0.")
  613. }
  614. if r.fakeIPStore != nil && r.fakeIPStore.Contains(metadata.Destination.Addr) {
  615. domain, loaded := r.fakeIPStore.Lookup(metadata.Destination.Addr)
  616. if !loaded {
  617. return E.New("missing fakeip context")
  618. }
  619. metadata.OriginDestination = metadata.Destination
  620. metadata.Destination = M.Socksaddr{
  621. Fqdn: domain,
  622. Port: metadata.Destination.Port,
  623. }
  624. metadata.FakeIP = true
  625. r.logger.DebugContext(ctx, "found fakeip domain: ", domain)
  626. }
  627. if deadline.NeedAdditionalReadDeadline(conn) {
  628. conn = deadline.NewConn(conn)
  629. }
  630. if metadata.InboundOptions.SniffEnabled {
  631. buffer := buf.NewPacket()
  632. buffer.FullReset()
  633. sniffMetadata, err := sniff.PeekStream(ctx, conn, buffer, time.Duration(metadata.InboundOptions.SniffTimeout), sniff.StreamDomainNameQuery, sniff.TLSClientHello, sniff.HTTPHost)
  634. if sniffMetadata != nil {
  635. metadata.Protocol = sniffMetadata.Protocol
  636. metadata.Domain = sniffMetadata.Domain
  637. if metadata.InboundOptions.SniffOverrideDestination && M.IsDomainName(metadata.Domain) {
  638. metadata.Destination = M.Socksaddr{
  639. Fqdn: metadata.Domain,
  640. Port: metadata.Destination.Port,
  641. }
  642. }
  643. if metadata.Domain != "" {
  644. r.logger.DebugContext(ctx, "sniffed protocol: ", metadata.Protocol, ", domain: ", metadata.Domain)
  645. } else {
  646. r.logger.DebugContext(ctx, "sniffed protocol: ", metadata.Protocol)
  647. }
  648. } else if err != nil {
  649. r.logger.TraceContext(ctx, "sniffed no protocol: ", err)
  650. }
  651. if !buffer.IsEmpty() {
  652. conn = bufio.NewCachedConn(conn, buffer)
  653. } else {
  654. buffer.Release()
  655. }
  656. }
  657. if r.dnsReverseMapping != nil && metadata.Domain == "" {
  658. domain, loaded := r.dnsReverseMapping.Query(metadata.Destination.Addr)
  659. if loaded {
  660. metadata.Domain = domain
  661. r.logger.DebugContext(ctx, "found reserve mapped domain: ", metadata.Domain)
  662. }
  663. }
  664. if metadata.Destination.IsFqdn() && dns.DomainStrategy(metadata.InboundOptions.DomainStrategy) != dns.DomainStrategyAsIS {
  665. addresses, err := r.Lookup(adapter.WithContext(ctx, &metadata), metadata.Destination.Fqdn, dns.DomainStrategy(metadata.InboundOptions.DomainStrategy))
  666. if err != nil {
  667. return err
  668. }
  669. metadata.DestinationAddresses = addresses
  670. r.dnsLogger.DebugContext(ctx, "resolved [", strings.Join(F.MapToString(metadata.DestinationAddresses), " "), "]")
  671. }
  672. if metadata.Destination.IsIPv4() {
  673. metadata.IPVersion = 4
  674. } else if metadata.Destination.IsIPv6() {
  675. metadata.IPVersion = 6
  676. }
  677. ctx, matchedRule, detour, err := r.match(ctx, &metadata, r.defaultOutboundForConnection)
  678. if err != nil {
  679. return err
  680. }
  681. if !common.Contains(detour.Network(), N.NetworkTCP) {
  682. return E.New("missing supported outbound, closing connection")
  683. }
  684. if r.clashServer != nil {
  685. trackerConn, tracker := r.clashServer.RoutedConnection(ctx, conn, metadata, matchedRule)
  686. defer tracker.Leave()
  687. conn = trackerConn
  688. }
  689. if r.v2rayServer != nil {
  690. if statsService := r.v2rayServer.StatsService(); statsService != nil {
  691. conn = statsService.RoutedConnection(metadata.Inbound, detour.Tag(), metadata.User, conn)
  692. }
  693. }
  694. return detour.NewConnection(ctx, conn, metadata)
  695. }
  696. func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
  697. if metadata.InboundDetour != "" {
  698. if metadata.LastInbound == metadata.InboundDetour {
  699. return E.New("routing loop on detour: ", metadata.InboundDetour)
  700. }
  701. detour := r.inboundByTag[metadata.InboundDetour]
  702. if detour == nil {
  703. return E.New("inbound detour not found: ", metadata.InboundDetour)
  704. }
  705. injectable, isInjectable := detour.(adapter.InjectableInbound)
  706. if !isInjectable {
  707. return E.New("inbound detour is not injectable: ", metadata.InboundDetour)
  708. }
  709. if !common.Contains(injectable.Network(), N.NetworkUDP) {
  710. return E.New("inject: UDP unsupported")
  711. }
  712. metadata.LastInbound = metadata.Inbound
  713. metadata.Inbound = metadata.InboundDetour
  714. metadata.InboundDetour = ""
  715. err := injectable.NewPacketConnection(ctx, conn, metadata)
  716. if err != nil {
  717. return E.Cause(err, "inject ", detour.Tag())
  718. }
  719. return nil
  720. }
  721. conntrack.KillerCheck()
  722. metadata.Network = N.NetworkUDP
  723. if r.fakeIPStore != nil && r.fakeIPStore.Contains(metadata.Destination.Addr) {
  724. domain, loaded := r.fakeIPStore.Lookup(metadata.Destination.Addr)
  725. if !loaded {
  726. return E.New("missing fakeip context")
  727. }
  728. metadata.OriginDestination = metadata.Destination
  729. metadata.Destination = M.Socksaddr{
  730. Fqdn: domain,
  731. Port: metadata.Destination.Port,
  732. }
  733. metadata.FakeIP = true
  734. r.logger.DebugContext(ctx, "found fakeip domain: ", domain)
  735. }
  736. // Currently we don't have deadline usages for UDP connections
  737. /*if deadline.NeedAdditionalReadDeadline(conn) {
  738. conn = deadline.NewPacketConn(bufio.NewNetPacketConn(conn))
  739. }*/
  740. if metadata.InboundOptions.SniffEnabled || metadata.Destination.Addr.IsUnspecified() {
  741. buffer := buf.NewPacket()
  742. buffer.FullReset()
  743. destination, err := conn.ReadPacket(buffer)
  744. if err != nil {
  745. buffer.Release()
  746. return err
  747. }
  748. if metadata.Destination.Addr.IsUnspecified() {
  749. metadata.Destination = destination
  750. }
  751. if metadata.InboundOptions.SniffEnabled {
  752. sniffMetadata, _ := sniff.PeekPacket(ctx, buffer.Bytes(), sniff.DomainNameQuery, sniff.QUICClientHello, sniff.STUNMessage)
  753. if sniffMetadata != nil {
  754. metadata.Protocol = sniffMetadata.Protocol
  755. metadata.Domain = sniffMetadata.Domain
  756. if metadata.InboundOptions.SniffOverrideDestination && M.IsDomainName(metadata.Domain) {
  757. metadata.Destination = M.Socksaddr{
  758. Fqdn: metadata.Domain,
  759. Port: metadata.Destination.Port,
  760. }
  761. }
  762. if metadata.Domain != "" {
  763. r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol, ", domain: ", metadata.Domain)
  764. } else {
  765. r.logger.DebugContext(ctx, "sniffed packet protocol: ", metadata.Protocol)
  766. }
  767. }
  768. }
  769. conn = bufio.NewCachedPacketConn(conn, buffer, destination)
  770. }
  771. if r.dnsReverseMapping != nil && metadata.Domain == "" {
  772. domain, loaded := r.dnsReverseMapping.Query(metadata.Destination.Addr)
  773. if loaded {
  774. metadata.Domain = domain
  775. r.logger.DebugContext(ctx, "found reserve mapped domain: ", metadata.Domain)
  776. }
  777. }
  778. if metadata.Destination.IsFqdn() && dns.DomainStrategy(metadata.InboundOptions.DomainStrategy) != dns.DomainStrategyAsIS {
  779. addresses, err := r.Lookup(adapter.WithContext(ctx, &metadata), metadata.Destination.Fqdn, dns.DomainStrategy(metadata.InboundOptions.DomainStrategy))
  780. if err != nil {
  781. return err
  782. }
  783. metadata.DestinationAddresses = addresses
  784. r.dnsLogger.DebugContext(ctx, "resolved [", strings.Join(F.MapToString(metadata.DestinationAddresses), " "), "]")
  785. }
  786. if metadata.Destination.IsIPv4() {
  787. metadata.IPVersion = 4
  788. } else if metadata.Destination.IsIPv6() {
  789. metadata.IPVersion = 6
  790. }
  791. ctx, matchedRule, detour, err := r.match(ctx, &metadata, r.defaultOutboundForPacketConnection)
  792. if err != nil {
  793. return err
  794. }
  795. if !common.Contains(detour.Network(), N.NetworkUDP) {
  796. return E.New("missing supported outbound, closing packet connection")
  797. }
  798. if r.clashServer != nil {
  799. trackerConn, tracker := r.clashServer.RoutedPacketConnection(ctx, conn, metadata, matchedRule)
  800. defer tracker.Leave()
  801. conn = trackerConn
  802. }
  803. if r.v2rayServer != nil {
  804. if statsService := r.v2rayServer.StatsService(); statsService != nil {
  805. conn = statsService.RoutedPacketConnection(metadata.Inbound, detour.Tag(), metadata.User, conn)
  806. }
  807. }
  808. if metadata.FakeIP {
  809. conn = bufio.NewNATPacketConn(bufio.NewNetPacketConn(conn), metadata.OriginDestination, metadata.Destination)
  810. }
  811. return detour.NewPacketConnection(ctx, conn, metadata)
  812. }
  813. func (r *Router) match(ctx context.Context, metadata *adapter.InboundContext, defaultOutbound adapter.Outbound) (context.Context, adapter.Rule, adapter.Outbound, error) {
  814. matchRule, matchOutbound := r.match0(ctx, metadata, defaultOutbound)
  815. if contextOutbound, loaded := outbound.TagFromContext(ctx); loaded {
  816. if contextOutbound == matchOutbound.Tag() {
  817. return nil, nil, nil, E.New("connection loopback in outbound/", matchOutbound.Type(), "[", matchOutbound.Tag(), "]")
  818. }
  819. }
  820. ctx = outbound.ContextWithTag(ctx, matchOutbound.Tag())
  821. return ctx, matchRule, matchOutbound, nil
  822. }
  823. func (r *Router) match0(ctx context.Context, metadata *adapter.InboundContext, defaultOutbound adapter.Outbound) (adapter.Rule, adapter.Outbound) {
  824. if r.processSearcher != nil {
  825. var originDestination netip.AddrPort
  826. if metadata.OriginDestination.IsValid() {
  827. originDestination = metadata.OriginDestination.AddrPort()
  828. } else if metadata.Destination.IsIP() {
  829. originDestination = metadata.Destination.AddrPort()
  830. }
  831. processInfo, err := process.FindProcessInfo(r.processSearcher, ctx, metadata.Network, metadata.Source.AddrPort(), originDestination)
  832. if err != nil {
  833. r.logger.InfoContext(ctx, "failed to search process: ", err)
  834. } else {
  835. if processInfo.ProcessPath != "" {
  836. r.logger.InfoContext(ctx, "found process path: ", processInfo.ProcessPath)
  837. } else if processInfo.PackageName != "" {
  838. r.logger.InfoContext(ctx, "found package name: ", processInfo.PackageName)
  839. } else if processInfo.UserId != -1 {
  840. if /*needUserName &&*/ true {
  841. osUser, _ := user.LookupId(F.ToString(processInfo.UserId))
  842. if osUser != nil {
  843. processInfo.User = osUser.Username
  844. }
  845. }
  846. if processInfo.User != "" {
  847. r.logger.InfoContext(ctx, "found user: ", processInfo.User)
  848. } else {
  849. r.logger.InfoContext(ctx, "found user id: ", processInfo.UserId)
  850. }
  851. }
  852. metadata.ProcessInfo = processInfo
  853. }
  854. }
  855. for i, rule := range r.rules {
  856. if rule.Match(metadata) {
  857. detour := rule.Outbound()
  858. r.logger.DebugContext(ctx, "match[", i, "] ", rule.String(), " => ", detour)
  859. if outbound, loaded := r.Outbound(detour); loaded {
  860. return rule, outbound
  861. }
  862. r.logger.ErrorContext(ctx, "outbound not found: ", detour)
  863. }
  864. }
  865. return nil, defaultOutbound
  866. }
  867. func (r *Router) InterfaceFinder() control.InterfaceFinder {
  868. return &r.interfaceFinder
  869. }
  870. func (r *Router) UpdateInterfaces() error {
  871. if r.platformInterface == nil || !r.platformInterface.UsePlatformInterfaceGetter() {
  872. return r.interfaceFinder.update()
  873. } else {
  874. interfaces, err := r.platformInterface.Interfaces()
  875. if err != nil {
  876. return err
  877. }
  878. r.interfaceFinder.updateInterfaces(common.Map(interfaces, func(it platform.NetworkInterface) net.Interface {
  879. return net.Interface{
  880. Name: it.Name,
  881. Index: it.Index,
  882. MTU: it.MTU,
  883. }
  884. }))
  885. return nil
  886. }
  887. }
  888. func (r *Router) AutoDetectInterface() bool {
  889. return r.autoDetectInterface
  890. }
  891. func (r *Router) AutoDetectInterfaceFunc() control.Func {
  892. if r.platformInterface != nil && r.platformInterface.UsePlatformAutoDetectInterfaceControl() {
  893. return r.platformInterface.AutoDetectInterfaceControl()
  894. } else {
  895. return control.BindToInterfaceFunc(r.InterfaceFinder(), func(network string, address string) (interfaceName string, interfaceIndex int, err error) {
  896. remoteAddr := M.ParseSocksaddr(address).Addr
  897. if C.IsLinux {
  898. interfaceName, interfaceIndex = r.InterfaceMonitor().DefaultInterface(remoteAddr)
  899. if interfaceIndex == -1 {
  900. err = tun.ErrNoRoute
  901. }
  902. } else {
  903. interfaceIndex = r.InterfaceMonitor().DefaultInterfaceIndex(remoteAddr)
  904. if interfaceIndex == -1 {
  905. err = tun.ErrNoRoute
  906. }
  907. }
  908. return
  909. })
  910. }
  911. }
  912. func (r *Router) DefaultInterface() string {
  913. return r.defaultInterface
  914. }
  915. func (r *Router) DefaultMark() int {
  916. return r.defaultMark
  917. }
  918. func (r *Router) Rules() []adapter.Rule {
  919. return r.rules
  920. }
  921. func (r *Router) WIFIState() adapter.WIFIState {
  922. return r.wifiState
  923. }
  924. func (r *Router) NetworkMonitor() tun.NetworkUpdateMonitor {
  925. return r.networkMonitor
  926. }
  927. func (r *Router) InterfaceMonitor() tun.DefaultInterfaceMonitor {
  928. return r.interfaceMonitor
  929. }
  930. func (r *Router) PackageManager() tun.PackageManager {
  931. return r.packageManager
  932. }
  933. func (r *Router) ClashServer() adapter.ClashServer {
  934. return r.clashServer
  935. }
  936. func (r *Router) SetClashServer(server adapter.ClashServer) {
  937. r.clashServer = server
  938. }
  939. func (r *Router) V2RayServer() adapter.V2RayServer {
  940. return r.v2rayServer
  941. }
  942. func (r *Router) SetV2RayServer(server adapter.V2RayServer) {
  943. r.v2rayServer = server
  944. }
  945. func (r *Router) OnPackagesUpdated(packages int, sharedUsers int) {
  946. r.logger.Info("updated packages list: ", packages, " packages, ", sharedUsers, " shared users")
  947. }
  948. func (r *Router) NewError(ctx context.Context, err error) {
  949. common.Close(err)
  950. if E.IsClosedOrCanceled(err) {
  951. r.logger.DebugContext(ctx, "connection closed: ", err)
  952. return
  953. }
  954. r.logger.ErrorContext(ctx, err)
  955. }
  956. func (r *Router) notifyNetworkUpdate(event int) {
  957. if event == tun.EventNoRoute {
  958. r.pauseManager.NetworkPause()
  959. r.logger.Error("missing default interface")
  960. } else {
  961. r.pauseManager.NetworkWake()
  962. if C.IsAndroid && r.platformInterface == nil {
  963. var vpnStatus string
  964. if r.interfaceMonitor.AndroidVPNEnabled() {
  965. vpnStatus = "enabled"
  966. } else {
  967. vpnStatus = "disabled"
  968. }
  969. r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()), ", vpn ", vpnStatus)
  970. } else {
  971. r.logger.Info("updated default interface ", r.interfaceMonitor.DefaultInterfaceName(netip.IPv4Unspecified()), ", index ", r.interfaceMonitor.DefaultInterfaceIndex(netip.IPv4Unspecified()))
  972. }
  973. }
  974. if !r.started {
  975. return
  976. }
  977. _ = r.ResetNetwork()
  978. }
  979. func (r *Router) ResetNetwork() error {
  980. conntrack.Close()
  981. for _, outbound := range r.outbounds {
  982. listener, isListener := outbound.(adapter.InterfaceUpdateListener)
  983. if isListener {
  984. listener.InterfaceUpdated()
  985. }
  986. }
  987. for _, transport := range r.transports {
  988. transport.Reset()
  989. }
  990. return nil
  991. }
  992. func (r *Router) updateWIFIState() {
  993. if r.platformInterface == nil {
  994. return
  995. }
  996. state := r.platformInterface.ReadWIFIState()
  997. if state != r.wifiState {
  998. r.wifiState = state
  999. r.logger.Info("updated WIFI state: SSID=", state.SSID, ", BSSID=", state.BSSID)
  1000. }
  1001. }