Add NDIS inbound

2026-06-27 04:39:02 +03:00 · 2025-01-03 18:34:07 +08:00
parent e483c909b4
commit 79d3649a8b
32 changed files with 1339 additions and 572 deletions
--- a/protocol/ndis/inbound.go
+++ b/protocol/ndis/inbound.go
@@ -0,0 +1,203 @@
+//go:build windows
+
+package ndis
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"time"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/adapter/inbound"
+	"github.com/sagernet/sing-box/common/conntrack"
+	"github.com/sagernet/sing-box/common/taskmonitor"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/x/list"
+	"github.com/sagernet/sing/service"
+
+	"github.com/wiresock/ndisapi-go"
+	"go4.org/netipx"
+)
+
+func RegisterInbound(registry *inbound.Registry) {
+	inbound.Register[option.NDISInboundOptions](registry, C.TypeNDIS, NewInbound)
+}
+
+type Inbound struct {
+	inbound.Adapter
+	ctx                         context.Context
+	router                      adapter.Router
+	logger                      log.ContextLogger
+	api                         *ndisapi.NdisApi
+	tracker                     conntrack.Tracker
+	routeAddress                []netip.Prefix
+	routeExcludeAddress         []netip.Prefix
+	routeRuleSet                []adapter.RuleSet
+	routeRuleSetCallback        []*list.Element[adapter.RuleSetUpdateCallback]
+	routeExcludeRuleSet         []adapter.RuleSet
+	routeExcludeRuleSetCallback []*list.Element[adapter.RuleSetUpdateCallback]
+	stack                       *Stack
+}
+
+func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.NDISInboundOptions) (adapter.Inbound, error) {
+	api, err := ndisapi.NewNdisApi()
+	if err != nil {
+		return nil, E.Cause(err, "create NDIS API")
+	}
+	//if !api.IsDriverLoaded() {
+	//	return nil, E.New("missing NDIS driver")
+	//}
+	networkManager := service.FromContext[adapter.NetworkManager](ctx)
+	trackerOut := service.FromContext[conntrack.Tracker](ctx)
+	var udpTimeout time.Duration
+	if options.UDPTimeout != 0 {
+		udpTimeout = time.Duration(options.UDPTimeout)
+	} else {
+		udpTimeout = C.UDPTimeout
+	}
+	var (
+		routeRuleSet        []adapter.RuleSet
+		routeExcludeRuleSet []adapter.RuleSet
+	)
+	for _, routeAddressSet := range options.RouteAddressSet {
+		ruleSet, loaded := router.RuleSet(routeAddressSet)
+		if !loaded {
+			return nil, E.New("parse route_address_set: rule-set not found: ", routeAddressSet)
+		}
+		ruleSet.IncRef()
+		routeRuleSet = append(routeRuleSet, ruleSet)
+	}
+	for _, routeExcludeAddressSet := range options.RouteExcludeAddressSet {
+		ruleSet, loaded := router.RuleSet(routeExcludeAddressSet)
+		if !loaded {
+			return nil, E.New("parse route_exclude_address_set: rule-set not found: ", routeExcludeAddressSet)
+		}
+		ruleSet.IncRef()
+		routeExcludeRuleSet = append(routeExcludeRuleSet, ruleSet)
+	}
+	trackerIn := conntrack.NewDefaultTracker(false, 0)
+	return &Inbound{
+		Adapter:             inbound.NewAdapter(C.TypeNDIS, tag),
+		ctx:                 ctx,
+		router:              router,
+		logger:              logger,
+		api:                 api,
+		tracker:             trackerIn,
+		routeRuleSet:        routeRuleSet,
+		routeExcludeRuleSet: routeExcludeRuleSet,
+		stack: &Stack{
+			ctx:                 ctx,
+			logger:              logger,
+			network:             networkManager,
+			trackerIn:           trackerIn,
+			trackerOut:          trackerOut,
+			api:                 api,
+			udpTimeout:          udpTimeout,
+			routeAddress:        options.RouteAddress,
+			routeExcludeAddress: options.RouteExcludeAddress,
+		},
+	}, nil
+}
+
+func (t *Inbound) Start(stage adapter.StartStage) error {
+	switch stage {
+	case adapter.StartStateStart:
+		monitor := taskmonitor.New(t.logger, C.StartTimeout)
+		var (
+			routeAddressSet        []*netipx.IPSet
+			routeExcludeAddressSet []*netipx.IPSet
+		)
+		for _, routeRuleSet := range t.routeRuleSet {
+			ipSets := routeRuleSet.ExtractIPSet()
+			if len(ipSets) == 0 {
+				t.logger.Warn("route_address_set: no destination IP CIDR rules found in rule-set: ", routeRuleSet.Name())
+			}
+			t.routeRuleSetCallback = append(t.routeRuleSetCallback, routeRuleSet.RegisterCallback(t.updateRouteAddressSet))
+			routeRuleSet.DecRef()
+			routeAddressSet = append(routeAddressSet, ipSets...)
+		}
+		for _, routeExcludeRuleSet := range t.routeExcludeRuleSet {
+			ipSets := routeExcludeRuleSet.ExtractIPSet()
+			if len(ipSets) == 0 {
+				t.logger.Warn("route_exclude_address_set: no destination IP CIDR rules found in rule-set: ", routeExcludeRuleSet.Name())
+			}
+			t.routeExcludeRuleSetCallback = append(t.routeExcludeRuleSetCallback, routeExcludeRuleSet.RegisterCallback(t.updateRouteAddressSet))
+			routeExcludeRuleSet.DecRef()
+			routeExcludeAddressSet = append(routeExcludeAddressSet, ipSets...)
+		}
+		t.stack.routeAddressSet = routeAddressSet
+		t.stack.routeExcludeAddressSet = routeExcludeAddressSet
+		monitor.Start("starting NDIS stack")
+		t.stack.handler = t
+		err := t.stack.Start()
+		monitor.Finish()
+		if err != nil {
+			return E.Cause(err, "starting NDIS stack")
+		}
+	}
+	return nil
+}
+
+func (t *Inbound) Close() error {
+	if t.api != nil {
+		t.stack.Close()
+		t.api.Close()
+	}
+	return nil
+}
+
+func (t *Inbound) PrepareConnection(network string, source M.Socksaddr, destination M.Socksaddr) error {
+	return t.router.PreMatch(adapter.InboundContext{
+		Inbound:     t.Tag(),
+		InboundType: C.TypeNDIS,
+		Network:     network,
+		Source:      source,
+		Destination: destination,
+	})
+}
+
+func (t *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
+	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
+	metadata.Inbound = t.Tag()
+	metadata.InboundType = C.TypeNDIS
+	metadata.Source = source
+	metadata.Destination = destination
+	t.logger.InfoContext(ctx, "inbound connection from ", metadata.Source)
+	t.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
+	done, err := t.tracker.NewConnEx(conn)
+	if err != nil {
+		t.logger.ErrorContext(ctx, E.Cause(err, "track inbound connection"))
+		return
+	}
+	t.router.RouteConnectionEx(ctx, conn, metadata, N.AppendClose(onClose, done))
+}
+
+func (t *Inbound) NewPacketConnectionEx(ctx context.Context, conn N.PacketConn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) {
+	ctx = log.ContextWithNewID(ctx)
+	var metadata adapter.InboundContext
+	metadata.Inbound = t.Tag()
+	metadata.InboundType = C.TypeNDIS
+	metadata.Source = source
+	metadata.Destination = destination
+	t.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
+	t.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
+	done, err := t.tracker.NewPacketConnEx(conn)
+	if err != nil {
+		t.logger.ErrorContext(ctx, E.Cause(err, "track inbound connection"))
+		return
+	}
+	t.router.RoutePacketConnectionEx(ctx, conn, metadata, N.AppendClose(onClose, done))
+}
+
+func (t *Inbound) updateRouteAddressSet(it adapter.RuleSet) {
+	t.stack.routeAddressSet = common.FlatMap(t.routeRuleSet, adapter.RuleSet.ExtractIPSet)
+	t.stack.routeExcludeAddressSet = common.FlatMap(t.routeExcludeRuleSet, adapter.RuleSet.ExtractIPSet)
+}