mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-03 02:08:45 +00:00
2b42699623
https://github.com/XTLS/Xray-core/pull/5872#issuecomment-4198514120 https://github.com/XTLS/Xray-core/pull/6168#issuecomment-4571606666 https://github.com/XTLS/Xray-core/pull/6168#issuecomment-4573294637 Example: https://github.com/XTLS/Xray-core/pull/6168#issue-4484980927 Closes https://github.com/XTLS/Xray-core/discussions/5879
363 lines
6.6 KiB
Go
363 lines
6.6 KiB
Go
package xicmp
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
goerrors "errors"
|
|
"fmt"
|
|
"io"
|
|
mathrand "math/rand"
|
|
"net"
|
|
"net/netip"
|
|
"sync"
|
|
"time"
|
|
_ "unsafe"
|
|
|
|
"github.com/xtls/xray-core/common"
|
|
"github.com/xtls/xray-core/common/errors"
|
|
"github.com/xtls/xray-core/transport/internet/finalmask"
|
|
"golang.org/x/net/icmp"
|
|
"golang.org/x/net/ipv4"
|
|
"golang.org/x/net/ipv6"
|
|
)
|
|
|
|
var pool = sync.Pool{
|
|
New: func() any {
|
|
return make([]byte, finalmask.UDPSize)
|
|
},
|
|
}
|
|
|
|
type packet struct {
|
|
p []byte
|
|
addr net.Addr
|
|
err error
|
|
}
|
|
|
|
type xicmpConnClient struct {
|
|
conn net.PacketConn
|
|
icmp4 *icmp.PacketConn
|
|
icmp6 *icmp.PacketConn
|
|
udp bool
|
|
ips []netip.Addr
|
|
clientID [8]byte
|
|
id int
|
|
seq int
|
|
readCh chan packet
|
|
closedCh chan struct{}
|
|
mu sync.Mutex
|
|
}
|
|
|
|
func NewConnClient(c *Config, raw net.PacketConn) (net.PacketConn, error) {
|
|
var icmp4, icmp6 *icmp.PacketConn
|
|
var err4, err6 error
|
|
if c.DGRAM {
|
|
icmp4, err4 = icmp.ListenPacket("udp4", "0.0.0.0")
|
|
icmp6, err6 = icmp.ListenPacket("udp6", "::")
|
|
} else {
|
|
icmp4, err4 = icmp.ListenPacket("ip4:icmp", "0.0.0.0")
|
|
icmp6, err6 = icmp.ListenPacket("ip6:ipv6-icmp", "::")
|
|
}
|
|
if err4 != nil || err6 != nil {
|
|
return nil, errors.Combine(err4, err6)
|
|
}
|
|
|
|
ips := make([]netip.Addr, 0, len(c.IPs))
|
|
for _, ip := range c.IPs {
|
|
ips = append(ips, netip.MustParseAddr(ip))
|
|
}
|
|
|
|
var clientID [8]byte
|
|
common.Must2(rand.Read(clientID[:]))
|
|
|
|
conn := &xicmpConnClient{
|
|
conn: raw,
|
|
icmp4: icmp4,
|
|
icmp6: icmp6,
|
|
udp: c.DGRAM,
|
|
ips: ips,
|
|
clientID: clientID,
|
|
id: mathrand.Intn(65536),
|
|
seq: 1,
|
|
readCh: make(chan packet),
|
|
closedCh: make(chan struct{}),
|
|
}
|
|
|
|
go conn.recv4()
|
|
go conn.recv6()
|
|
|
|
return conn, nil
|
|
}
|
|
|
|
func (c *xicmpConnClient) ring(a, b uint16) uint16 {
|
|
return min(a-b, b-a)
|
|
}
|
|
|
|
func (c *xicmpConnClient) closed() bool {
|
|
select {
|
|
case <-c.closedCh:
|
|
return true
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (c *xicmpConnClient) recv4() {
|
|
var b [finalmask.UDPSize]byte
|
|
|
|
for {
|
|
if c.closed() {
|
|
return
|
|
}
|
|
|
|
n, addr, err := c.icmp4.ReadFrom(b[:])
|
|
if err != nil {
|
|
var netErr net.Error
|
|
if goerrors.As(err, &netErr) && netErr.Timeout() {
|
|
select {
|
|
case c.readCh <- packet{
|
|
err: err,
|
|
}:
|
|
case <-c.closedCh:
|
|
return
|
|
}
|
|
}
|
|
continue
|
|
}
|
|
|
|
msg, err := icmp.ParseMessage(1, b[:n])
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
if msg.Type != ipv4.ICMPTypeEchoReply {
|
|
continue
|
|
}
|
|
|
|
echo, ok := msg.Body.(*icmp.Echo)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
// errors.LogDebug(context.Background(), "id ", echo.ID, " seq ", echo.Seq, " addr ", addr)
|
|
|
|
if !c.udp && echo.ID != c.id {
|
|
continue
|
|
}
|
|
|
|
if c.ring(uint16(echo.Seq), uint16(c.seq)) > 1000 {
|
|
continue
|
|
}
|
|
|
|
if len(echo.Data) > 8 && bytes.Equal(echo.Data[:8], c.clientID[:]) {
|
|
continue
|
|
}
|
|
|
|
p := pool.Get().([]byte)[:len(echo.Data)]
|
|
copy(p, echo.Data)
|
|
|
|
if !c.udp {
|
|
addr = &net.UDPAddr{IP: addr.(*net.IPAddr).IP}
|
|
}
|
|
|
|
select {
|
|
case c.readCh <- packet{
|
|
p: p,
|
|
addr: addr,
|
|
}:
|
|
case <-c.closedCh:
|
|
pool.Put(p)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func (c *xicmpConnClient) recv6() {
|
|
var b [finalmask.UDPSize]byte
|
|
|
|
for {
|
|
if c.closed() {
|
|
break
|
|
}
|
|
|
|
n, addr, err := c.icmp6.ReadFrom(b[:])
|
|
if err != nil {
|
|
var netErr net.Error
|
|
if goerrors.As(err, &netErr) && netErr.Timeout() {
|
|
select {
|
|
case c.readCh <- packet{
|
|
err: err,
|
|
}:
|
|
case <-c.closedCh:
|
|
return
|
|
}
|
|
}
|
|
continue
|
|
}
|
|
|
|
msg, err := icmp.ParseMessage(58, b[:n])
|
|
if err != nil {
|
|
continue
|
|
}
|
|
|
|
if msg.Type != ipv6.ICMPTypeEchoReply {
|
|
continue
|
|
}
|
|
|
|
echo, ok := msg.Body.(*icmp.Echo)
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
// errors.LogDebug(context.Background(), "id ", echo.ID, " seq ", echo.Seq, " addr ", addr)
|
|
|
|
if !c.udp && echo.ID != c.id {
|
|
continue
|
|
}
|
|
|
|
if c.ring(uint16(echo.Seq), uint16(c.seq)) > 1000 {
|
|
continue
|
|
}
|
|
|
|
if len(echo.Data) > 8 && bytes.Equal(echo.Data[:8], c.clientID[:]) {
|
|
continue
|
|
}
|
|
|
|
p := pool.Get().([]byte)[:len(echo.Data)]
|
|
copy(p, echo.Data)
|
|
|
|
if !c.udp {
|
|
addr = &net.UDPAddr{IP: addr.(*net.IPAddr).IP}
|
|
}
|
|
|
|
select {
|
|
case c.readCh <- packet{
|
|
p: p,
|
|
addr: addr,
|
|
}:
|
|
case <-c.closedCh:
|
|
pool.Put(p)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
func (c *xicmpConnClient) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
|
|
select {
|
|
case packet := <-c.readCh:
|
|
if packet.p != nil {
|
|
n = copy(p, packet.p)
|
|
pool.Put(packet.p)
|
|
}
|
|
return n, packet.addr, packet.err
|
|
case <-c.closedCh:
|
|
return 0, nil, io.EOF
|
|
}
|
|
}
|
|
|
|
func (c *xicmpConnClient) WriteTo(p []byte, addr net.Addr) (n int, err error) {
|
|
if len(p)+16 > finalmask.UDPSize {
|
|
errors.LogError(context.Background(), "drop packet to ", addr, " with size ", len(p))
|
|
return 0, nil
|
|
}
|
|
|
|
c.mu.Lock()
|
|
seq := c.seq
|
|
c.seq += 1
|
|
c.seq %= 65536
|
|
c.mu.Unlock()
|
|
|
|
ip := addr.(*net.UDPAddr).IP
|
|
if len(c.ips) > 0 {
|
|
ip = c.ips[mathrand.Intn(len(c.ips))].AsSlice()
|
|
}
|
|
|
|
if c.udp {
|
|
addr = &net.UDPAddr{IP: ip}
|
|
} else {
|
|
addr = &net.IPAddr{IP: ip}
|
|
}
|
|
|
|
b := pool.Get().([]byte)[:finalmask.UDPSize]
|
|
defer pool.Put(b)
|
|
|
|
copy(b[8:], c.clientID[:])
|
|
copy(b[16:], p)
|
|
|
|
if ip.To4() != nil {
|
|
b = marshal(b, ipv4.ICMPTypeEcho, c.id, seq, 8+len(p))
|
|
_, err = c.icmp4.WriteTo(b, addr)
|
|
} else {
|
|
b = marshal(b, ipv6.ICMPTypeEchoRequest, c.id, seq, 8+len(p))
|
|
_, err = c.icmp6.WriteTo(b, addr)
|
|
}
|
|
|
|
if err != nil {
|
|
errors.LogErrorInner(context.Background(), err, "xicmp write")
|
|
return 0, err
|
|
}
|
|
|
|
return len(p), nil
|
|
}
|
|
|
|
func (c *xicmpConnClient) Close() error {
|
|
c.mu.Lock()
|
|
defer c.mu.Unlock()
|
|
if c.closed() {
|
|
return nil
|
|
}
|
|
close(c.closedCh)
|
|
_ = c.icmp4.Close()
|
|
_ = c.icmp6.Close()
|
|
_ = c.conn.Close()
|
|
return nil
|
|
}
|
|
|
|
func (c *xicmpConnClient) LocalAddr() net.Addr {
|
|
return c.conn.LocalAddr()
|
|
}
|
|
|
|
func (c *xicmpConnClient) SetDeadline(t time.Time) error {
|
|
_ = c.icmp4.SetDeadline(t)
|
|
_ = c.icmp6.SetDeadline(t)
|
|
return nil
|
|
}
|
|
|
|
func (c *xicmpConnClient) SetReadDeadline(t time.Time) error {
|
|
_ = c.icmp4.SetReadDeadline(t)
|
|
_ = c.icmp6.SetReadDeadline(t)
|
|
return nil
|
|
}
|
|
|
|
func (c *xicmpConnClient) SetWriteDeadline(t time.Time) error {
|
|
_ = c.icmp4.SetWriteDeadline(t)
|
|
_ = c.icmp6.SetWriteDeadline(t)
|
|
return nil
|
|
}
|
|
|
|
//go:linkname checksum golang.org/x/net/icmp.checksum
|
|
func checksum(b []byte) uint16
|
|
|
|
func marshal(b []byte, typ icmp.Type, id, seq int, dataLen int) []byte {
|
|
is4 := false
|
|
switch typ := typ.(type) {
|
|
case ipv4.ICMPType:
|
|
is4 = true
|
|
b[0] = byte(typ)
|
|
case ipv6.ICMPType:
|
|
b[0] = byte(typ)
|
|
default:
|
|
panic(fmt.Sprintf("%T %v", typ, typ))
|
|
}
|
|
clear(b[1:4])
|
|
binary.BigEndian.PutUint16(b[4:], uint16(id))
|
|
binary.BigEndian.PutUint16(b[6:], uint16(seq))
|
|
if is4 {
|
|
s := checksum(b[:8+dataLen])
|
|
b[2] ^= byte(s)
|
|
b[3] ^= byte(s >> 8)
|
|
}
|
|
return b[:8+dataLen]
|
|
}
|