clash/listener/redir/tcp_linux.go

package redir

import (
	"encoding/binary"
	"errors"
	"net"
	"net/netip"
	"syscall"
	"unsafe"

	"github.com/Dreamacro/clash/transport/socks5"

	"golang.org/x/sys/unix"
)

const (
	SO_ORIGINAL_DST      = 80 // from linux/include/uapi/linux/netfilter_ipv4.h
	IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
)

func parserPacket(conn net.Conn) (socks5.Addr, error) {
	c, ok := conn.(*net.TCPConn)
	if !ok {
		return nil, errors.New("only work with TCP connection")
	}

	rc, err := c.SyscallConn()
	if err != nil {
		return nil, err
	}

	var addr netip.AddrPort

	rc.Control(func(fd uintptr) {
		if ip4 := c.LocalAddr().(*net.TCPAddr).IP.To4(); ip4 != nil {
			addr, err = getorigdst(fd)
		} else {
			addr, err = getorigdst6(fd)
		}
	})

	return socks5.AddrFromStdAddrPort(addr), err
}

// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
func getorigdst(fd uintptr) (netip.AddrPort, error) {
	addr := unix.RawSockaddrInet4{}
	size := uint32(unsafe.Sizeof(addr))
	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&addr)), uintptr(unsafe.Pointer(&size)), 0); err != nil {
		return netip.AddrPort{}, err
	}
	port := binary.BigEndian.Uint16((*(*[2]byte)(unsafe.Pointer(&addr.Port)))[:])
	return netip.AddrPortFrom(netip.AddrFrom4(addr.Addr), port), nil
}

func getorigdst6(fd uintptr) (netip.AddrPort, error) {
	addr := unix.RawSockaddrInet6{}
	size := uint32(unsafe.Sizeof(addr))
	if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&addr)), uintptr(unsafe.Pointer(&size)), 0); err != nil {
		return netip.AddrPort{}, err
	}
	port := binary.BigEndian.Uint16((*(*[2]byte)(unsafe.Pointer(&addr.Port)))[:])
	return netip.AddrPortFrom(netip.AddrFrom16(addr.Addr), port), nil
}
New: redir proxy 2018-08-11 20:00:34 +00:00			`package redir`

			`import (`
Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`"encoding/binary"`
New: redir proxy 2018-08-11 20:00:34 +00:00			`"errors"`
			`"net"`
Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`"net/netip"`
New: redir proxy 2018-08-11 20:00:34 +00:00			`"syscall"`
			`"unsafe"`

Fix: build broken 2021-05-13 14:39:33 +00:00			`"github.com/Dreamacro/clash/transport/socks5"`
Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00
			`"golang.org/x/sys/unix"`
New: redir proxy 2018-08-11 20:00:34 +00:00			`)`

			`const (`
			`SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv4.h`
			`IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h`
			`)`

Feature: support outbound socks5 udp 2019-04-25 05:48:47 +00:00			`func parserPacket(conn net.Conn) (socks5.Addr, error) {`
New: redir proxy 2018-08-11 20:00:34 +00:00			`c, ok := conn.(*net.TCPConn)`
			`if !ok {`
			`return nil, errors.New("only work with TCP connection")`
			`}`

			`rc, err := c.SyscallConn()`
			`if err != nil {`
			`return nil, err`
			`}`

Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`var addr netip.AddrPort`
New: redir proxy 2018-08-11 20:00:34 +00:00
			`rc.Control(func(fd uintptr) {`
Feature: REDIRECT support IPv6 (#2473) 2022-12-22 11:25:30 +00:00			`if ip4 := c.LocalAddr().(*net.TCPAddr).IP.To4(); ip4 != nil {`
			`addr, err = getorigdst(fd)`
			`} else {`
			`addr, err = getorigdst6(fd)`
			`}`
New: redir proxy 2018-08-11 20:00:34 +00:00			`})`

Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`return socks5.AddrFromStdAddrPort(addr), err`
New: redir proxy 2018-08-11 20:00:34 +00:00			`}`

			`// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c`
Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`func getorigdst(fd uintptr) (netip.AddrPort, error) {`
			`addr := unix.RawSockaddrInet4{}`
			`size := uint32(unsafe.Sizeof(addr))`
			`if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&addr)), uintptr(unsafe.Pointer(&size)), 0); err != nil {`
			`return netip.AddrPort{}, err`
New: redir proxy 2018-08-11 20:00:34 +00:00			`}`
Chore: improve redir getorigdst 2022-12-22 04:00:56 +00:00			`port := binary.BigEndian.Uint16((([2]byte)(unsafe.Pointer(&addr.Port)))[:])`
			`return netip.AddrPortFrom(netip.AddrFrom4(addr.Addr), port), nil`
New: redir proxy 2018-08-11 20:00:34 +00:00			`}`
Feature: REDIRECT support IPv6 (#2473) 2022-12-22 11:25:30 +00:00
			`func getorigdst6(fd uintptr) (netip.AddrPort, error) {`
			`addr := unix.RawSockaddrInet6{}`
			`size := uint32(unsafe.Sizeof(addr))`
			`if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&addr)), uintptr(unsafe.Pointer(&size)), 0); err != nil {`
			`return netip.AddrPort{}, err`
			`}`
			`port := binary.BigEndian.Uint16((([2]byte)(unsafe.Pointer(&addr.Port)))[:])`
			`return netip.AddrPortFrom(netip.AddrFrom16(addr.Addr), port), nil`
			`}`