Add resolver for outbound dialer

common/dialer/default.go

@@ -0,0 +1,56 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"time"
+
+	"github.com/sagernet/sing/common/control"
+	M "github.com/sagernet/sing/common/metadata"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/option"
+
+	"github.com/database64128/tfo-go"
+)
+
+type DefaultDialer struct {
+	tfo.Dialer
+	net.ListenConfig
+}
+
+func NewDefault(options option.DialerOptions) *DefaultDialer {
+	var dialer net.Dialer
+	var listener net.ListenConfig
+	if options.BindInterface != "" {
+		dialer.Control = control.Append(dialer.Control, control.BindToInterface(options.BindInterface))
+		listener.Control = control.Append(listener.Control, control.BindToInterface(options.BindInterface))
+	}
+	if options.RoutingMark != 0 {
+		dialer.Control = control.Append(dialer.Control, control.RoutingMark(options.RoutingMark))
+		listener.Control = control.Append(listener.Control, control.RoutingMark(options.RoutingMark))
+	}
+	if options.ReuseAddr {
+		listener.Control = control.Append(listener.Control, control.ReuseAddr())
+	}
+	if options.ProtectPath != "" {
+		dialer.Control = control.Append(dialer.Control, ProtectPath(options.ProtectPath))
+		listener.Control = control.Append(listener.Control, ProtectPath(options.ProtectPath))
+	}
+	if options.ConnectTimeout != 0 {
+		dialer.Timeout = time.Duration(options.ConnectTimeout) * time.Second
+	}
+	return &DefaultDialer{tfo.Dialer{Dialer: dialer, DisableTFO: !options.TCPFastOpen}, listener}
+}
+
+func (d *DefaultDialer) DialContext(ctx context.Context, network string, address M.Socksaddr) (net.Conn, error) {
+	return d.Dialer.DialContext(ctx, network, address.String())
+}
+
+func (d *DefaultDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	return d.ListenConfig.ListenPacket(ctx, C.NetworkUDP, "")
+}
+
+func (d *DefaultDialer) Upstream() any {
+	return &d.Dialer
+}

common/dialer/detour.go

@@ -0,0 +1,62 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"sync"
+
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+
+	"github.com/sagernet/sing-box/adapter"
+)
+
+type DetourDialer struct {
+	router   adapter.Router
+	detour   string
+	dialer   N.Dialer
+	initOnce sync.Once
+	initErr  error
+}
+
+func NewDetour(router adapter.Router, detour string) N.Dialer {
+	return &DetourDialer{router: router, detour: detour}
+}
+
+func (d *DetourDialer) Start() error {
+	_, err := d.Dialer()
+	return err
+}
+
+func (d *DetourDialer) Dialer() (N.Dialer, error) {
+	d.initOnce.Do(func() {
+		var loaded bool
+		d.dialer, loaded = d.router.Outbound(d.detour)
+		if !loaded {
+			d.initErr = E.New("outbound detour not found: ", d.detour)
+		}
+	})
+	return d.dialer, d.initErr
+}
+
+func (d *DetourDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	dialer, err := d.Dialer()
+	if err != nil {
+		return nil, err
+	}
+	return dialer.DialContext(ctx, network, destination)
+}
+
+func (d *DetourDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	dialer, err := d.Dialer()
+	if err != nil {
+		return nil, err
+	}
+	return dialer.ListenPacket(ctx, destination)
+}
+
+func (d *DetourDialer) Upstream() any {
+	detour, _ := d.Dialer()
+	return detour
+}

common/dialer/dialer.go

@@ -0,0 +1,28 @@
+package dialer
+
+import (
+	"github.com/sagernet/sing/common"
+	N "github.com/sagernet/sing/common/network"
+
+	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/option"
+)
+
+func New(router adapter.Router, options option.DialerOptions) N.Dialer {
+	domainStrategy := C.DomainStrategy(options.DomainStrategy)
+	var dialer N.Dialer
+	if options.Detour == "" {
+		dialer = NewDefault(options)
+		dialer = NewResolveDialer(router, dialer, domainStrategy)
+	} else {
+		dialer = NewDetour(router, options.Detour)
+		if domainStrategy != C.DomainStrategyAsIS {
+			dialer = NewResolveDialer(router, dialer, domainStrategy)
+		}
+	}
+	if options.OverrideOptions.IsValid() {
+		dialer = NewOverride(dialer, common.PtrValueOrDefault(options.OverrideOptions))
+	}
+	return dialer
+}

common/dialer/override.go

@@ -0,0 +1,70 @@
+package dialer
+
+import (
+	"context"
+	"crypto/tls"
+	"net"
+
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/uot"
+
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/option"
+)
+
+var _ N.Dialer = (*OverrideDialer)(nil)
+
+type OverrideDialer struct {
+	upstream   N.Dialer
+	tlsEnabled bool
+	tlsConfig  tls.Config
+	uotEnabled bool
+}
+
+func NewOverride(upstream N.Dialer, options option.OverrideStreamOptions) N.Dialer {
+	return &OverrideDialer{
+		upstream,
+		options.TLS,
+		tls.Config{
+			ServerName:         options.TLSServerName,
+			InsecureSkipVerify: options.TLSInsecure,
+		},
+		options.UDPOverTCP,
+	}
+}
+
+func (d *OverrideDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	switch network {
+	case C.NetworkTCP:
+		conn, err := d.upstream.DialContext(ctx, C.NetworkTCP, destination)
+		if err != nil {
+			return nil, err
+		}
+		return tls.Client(conn, &d.tlsConfig), nil
+	case C.NetworkUDP:
+		if d.uotEnabled {
+			tcpConn, err := d.upstream.DialContext(ctx, C.NetworkTCP, destination)
+			if err != nil {
+				return nil, err
+			}
+			return uot.NewClientConn(tcpConn), nil
+		}
+	}
+	return d.upstream.DialContext(ctx, network, destination)
+}
+
+func (d *OverrideDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	if d.uotEnabled {
+		tcpConn, err := d.upstream.DialContext(ctx, C.NetworkTCP, destination)
+		if err != nil {
+			return nil, err
+		}
+		return uot.NewClientConn(tcpConn), nil
+	}
+	return d.upstream.ListenPacket(ctx, destination)
+}
+
+func (d *OverrideDialer) Upstream() any {
+	return d.upstream
+}

common/dialer/protect.go

@@ -0,0 +1,46 @@
+//go:build android || with_protect
+
+package dialer
+
+import (
+	"syscall"
+
+	"github.com/sagernet/sing/common/control"
+	E "github.com/sagernet/sing/common/exceptions"
+)
+
+func sendAncillaryFileDescriptors(protectPath string, fileDescriptors []int) error {
+	socket, err := syscall.Socket(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
+	if err != nil {
+		return E.Cause(err, "open protect socket")
+	}
+	defer syscall.Close(socket)
+	err = syscall.Connect(socket, &syscall.SockaddrUnix{Name: protectPath})
+	if err != nil {
+		return E.Cause(err, "connect protect path")
+	}
+	oob := syscall.UnixRights(fileDescriptors...)
+	dummy := []byte{1}
+	err = syscall.Sendmsg(socket, dummy, oob, nil, 0)
+	if err != nil {
+		return err
+	}
+	n, err := syscall.Read(socket, dummy)
+	if err != nil {
+		return err
+	}
+	if n != 1 {
+		return E.New("failed to protect fd")
+	}
+	return nil
+}
+
+func ProtectPath(protectPath string) control.Func {
+	return func(network, address string, conn syscall.RawConn) error {
+		var innerErr error
+		err := conn.Control(func(fd uintptr) {
+			innerErr = sendAncillaryFileDescriptors(protectPath, []int{int(fd)})
+		})
+		return E.Errors(innerErr, err)
+	}
+}

common/dialer/protect_stub.go

@@ -0,0 +1,9 @@
+//go:build !android && !with_protect
+
+package dialer
+
+import "github.com/sagernet/sing/common/control"
+
+func ProtectPath(protectPath string) control.Func {
+	return nil
+}

common/dialer/resolve.go

@@ -0,0 +1,84 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/netip"
+
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+
+	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
+)
+
+type ResolveDialer struct {
+	dialer   N.Dialer
+	router   adapter.Router
+	strategy C.DomainStrategy
+}
+
+func NewResolveDialer(router adapter.Router, dialer N.Dialer, strategy C.DomainStrategy) *ResolveDialer {
+	return &ResolveDialer{
+		dialer,
+		router,
+		strategy,
+	}
+}
+
+func (d *ResolveDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	if !destination.IsFqdn() {
+		return d.dialer.DialContext(ctx, network, destination)
+	}
+	var addresses []netip.Addr
+	var err error
+	if d.strategy == C.DomainStrategyAsIS {
+		addresses, err = d.router.LookupDefault(ctx, destination.Fqdn)
+	} else {
+		addresses, err = d.router.Lookup(ctx, destination.Fqdn, d.strategy)
+	}
+	if err != nil {
+		return nil, err
+	}
+	var conn net.Conn
+	var connErrors []error
+	for _, address := range addresses {
+		conn, err = d.dialer.DialContext(ctx, network, M.SocksaddrFromAddrPort(address, destination.Port))
+		if err != nil {
+			connErrors = append(connErrors, err)
+		}
+		return conn, nil
+	}
+	return nil, E.Errors(connErrors...)
+}
+
+func (d *ResolveDialer) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	if !destination.IsFqdn() {
+		return d.dialer.ListenPacket(ctx, destination)
+	}
+	var addresses []netip.Addr
+	var err error
+	if d.strategy == C.DomainStrategyAsIS {
+		addresses, err = d.router.LookupDefault(ctx, destination.Fqdn)
+	} else {
+		addresses, err = d.router.Lookup(ctx, destination.Fqdn, d.strategy)
+	}
+	if err != nil {
+		return nil, err
+	}
+	var conn net.PacketConn
+	var connErrors []error
+	for _, address := range addresses {
+		conn, err = d.dialer.ListenPacket(ctx, M.SocksaddrFromAddrPort(address, destination.Port))
+		if err != nil {
+			connErrors = append(connErrors, err)
+		}
+		return conn, nil
+	}
+	return nil, E.Errors(connErrors...)
+}
+
+func (d *ResolveDialer) Upstream() any {
+	return d.dialer
+}

common/domain/matcher_test.go

@@ -1,14 +1,16 @@
-package domain
+package domain_test
 
 import (
 	"testing"
 
+	"github.com/sagernet/sing-box/common/domain"
+
 	"github.com/stretchr/testify/require"
 )
 
 func TestMatch(t *testing.T) {
 	r := require.New(t)
-	matcher := NewMatcher([]string{"domain.com"}, []string{"suffix.com", ".suffix.org"})
+	matcher := domain.NewMatcher([]string{"domain.com"}, []string{"suffix.com", ".suffix.org"})
 	r.True(matcher.Match("domain.com"))
 	r.False(matcher.Match("my.domain.com"))
 	r.True(matcher.Match("suffix.com"))

common/sniff/quic_test.go

@@ -1,23 +1,25 @@
-package sniff
+package sniff_test
 
 import (
 	"context"
 	"encoding/hex"
 	"testing"
 
+	"github.com/sagernet/sing-box/common/sniff"
+
 	"github.com/stretchr/testify/require"
 )
 
 func TestSniffQUICv1(t *testing.T) {
 	pkt, err := hex.DecodeString("cc0000000108d2dc7bad02241f5003796e71004215a71bfcb05159416c724be418537389acdd9a4047306283dcb4d7a9cad5cc06322042d204da67a8dbaa328ab476bb428b48fd001501863afd203f8d4ef085629d664f1a734a65969a47e4a63d4e01a21f18c1d90db0c027180906dc135f9ae421bb8617314c8d54c175fef3d3383d310d0916ebcbd6eed9329befbbb109d8fd4af1d2cf9d6adce8e6c1260a7f8256e273e326da0aa7cc148d76e7a08489dc9d52ade89c027cbc3491ada46417c2c04e2ca768e9a7dd6aa00c594e48b678927325da796817693499bb727050cb3baf3d3291a397c3a8d868e8ec7b8f7295e347455c9dadbe2252ae917ac793d958c7fb8a3d2cdb34e3891eb4286f18617556ff7216dd60256aa5b1d11ff4753459fc5f9dedf11d483a26a0835dc6cd50e1c1f54f86e8f1e502821183cd874f6447a74e818bf3445c7795acf4559d1c1fac474911d2ead5c8d23e4aa4f67afb66efe305a30a0b5d825679b31ddc186cbea936535795c7e8c378c87b8c5adc065154d15bae8f85ac8fec2da40c3aa623b682a065440831555011d7647cde44446a0fb4cf5892f2c088ae1920643094be72e3c499fe8d265caf939e8ab607a5b9317917d2a32a812e8a0e6a2f84721bbb5984ffd242838f705d13f4cfb249bc6a5c80d58ac2595edf56648ec3fe21d787573c253a79805252d6d81e26d367d4ff29ef66b5fe8992086af7bada8cad10b82a7c0dc406c5b6d0c5ec3c583e767f759ce08cad6c3c8f91e5a8")
 	require.NoError(t, err)
-	metadata, err := QUICClientHello(context.Background(), pkt)
+	metadata, err := sniff.QUICClientHello(context.Background(), pkt)
 	require.NoError(t, err)
 	require.Equal(t, metadata.Domain, "cloudflare-quic.com")
 }
 
 func FuzzSniffQUIC(f *testing.F) {
 	f.Fuzz(func(t *testing.T, data []byte) {
-		QUICClientHello(context.Background(), data)
+		sniff.QUICClientHello(context.Background(), data)
 	})
 }