diff --git a/app/proxyman/inbound/worker.go b/app/proxyman/inbound/worker.go index 57cebc84..5b227c06 100644 --- a/app/proxyman/inbound/worker.go +++ b/app/proxyman/inbound/worker.go @@ -72,13 +72,6 @@ func (w *tcpWorker) callback(conn stat.Connection) { } case internet.SocketConfig_TProxy: dest = net.DestinationFromAddr(conn.LocalAddr()) - case internet.SocketConfig_PF: - d, err := net.OriginalDst(conn) - if err != nil { - newError("failed to get original destination").Base(err).WriteToLog(session.ExportIDToError(ctx)) - } else { - dest = d - } } if dest.IsValid() { ctx = session.ContextWithOutbound(ctx, &session.Outbound{ diff --git a/common/net/destination-darwin.go b/common/net/destination-darwin.go deleted file mode 100644 index bd009a38..00000000 --- a/common/net/destination-darwin.go +++ /dev/null @@ -1,94 +0,0 @@ -//go:build darwin - -package net - -import ( - "net" - "os" - "syscall" - "unsafe" -) - -const ( - PfOut = 2 - IOCOut = 0x40000000 - IOCIn = 0x80000000 - IOCInOut = IOCIn | IOCOut - IOCPARMMask = 0x1FFF - LEN = 4*16 + 4*4 + 4*1 - // #define _IOC(inout,group,num,len) (inout | ((len & IOCPARMMask) << 16) | ((group) << 8) | (num)) - // #define _IOWR(g,n,t) _IOC(IOCInOut, (g), (n), sizeof(t)) - // #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook) - DIOCNATLOOK = IOCInOut | ((LEN & IOCPARMMask) << 16) | ('D' << 8) | 23 -) - -// OriginalDst uses ioctl to read original destination from /dev/pf -func OriginalDst(conn Conn) (Destination, error) { - f, err := os.Open("/dev/pf") - if err != nil { - return Destination{}, newError("failed to open device /dev/pf").Base(err) - } - defer f.Close() - - fd := f.Fd() - nl := struct { // struct pfioc_natlook - saddr, daddr, rsaddr, rdaddr [16]byte - sxport, dxport, rsxport, rdxport [4]byte - af, proto, protoVariant, direction uint8 - }{ - af: syscall.AF_INET, - proto: syscall.IPPROTO_TCP, - direction: PfOut, - } - var raIP, laIP net.IP - var raPort, laPort int - la := conn.LocalAddr() - ra := conn.RemoteAddr() - switch la.(type) { - case *net.TCPAddr: - raIP = ra.(*net.TCPAddr).IP - laIP = la.(*net.TCPAddr).IP - raPort = ra.(*net.TCPAddr).Port - laPort = la.(*net.TCPAddr).Port - case *net.UDPAddr: - raIP = ra.(*net.UDPAddr).IP - laIP = la.(*net.UDPAddr).IP - raPort = ra.(*net.UDPAddr).Port - laPort = la.(*net.UDPAddr).Port - } - if raIP.To4() != nil { - if laIP.IsUnspecified() { - laIP = net.ParseIP("127.0.0.1") - } - copy(nl.saddr[:net.IPv4len], raIP.To4()) - copy(nl.daddr[:net.IPv4len], laIP.To4()) - } - if raIP.To16() != nil && raIP.To4() == nil { - if laIP.IsUnspecified() { - laIP = net.ParseIP("::1") - } - copy(nl.saddr[:], raIP) - copy(nl.daddr[:], laIP) - } - nl.sxport[0], nl.sxport[1] = byte(raPort>>8), byte(raPort) - nl.dxport[0], nl.dxport[1] = byte(laPort>>8), byte(laPort) - if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, DIOCNATLOOK, uintptr(unsafe.Pointer(&nl))); errno != 0 { - return Destination{}, os.NewSyscallError("ioctl", err) - } - - odPort := nl.rdxport - var odIP net.IP - switch nl.af { - case syscall.AF_INET: - odIP = make(net.IP, net.IPv4len) - copy(odIP, nl.rdaddr[:net.IPv4len]) - case syscall.AF_INET6: - odIP = make(net.IP, net.IPv6len) - copy(odIP, nl.rdaddr[:]) - } - return Destination{ - Address: IPAddress(odIP), - Port: PortFromBytes(odPort[:2]), - Network: Network_TCP, - }, nil -} diff --git a/common/net/destination-other.go b/common/net/destination-other.go deleted file mode 100644 index 977116fd..00000000 --- a/common/net/destination-other.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build !darwin - -package net - -// OriginalDst uses ioctl to read original destination from /dev/pf -func OriginalDst(conn Conn) (Destination, error) { - return Destination{}, newError("This platform is not supported") -} diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go index 279a8453..30626a35 100644 --- a/infra/conf/transport_internet.go +++ b/infra/conf/transport_internet.go @@ -558,8 +558,6 @@ func (c *SocketConfig) Build() (*internet.SocketConfig, error) { tproxy = internet.SocketConfig_TProxy case "redirect": tproxy = internet.SocketConfig_Redirect - case "pf": - tproxy = internet.SocketConfig_PF default: tproxy = internet.SocketConfig_Off } diff --git a/transport/internet/config.pb.go b/transport/internet/config.pb.go index fc57fe46..b9c0b2fa 100644 --- a/transport/internet/config.pb.go +++ b/transport/internet/config.pb.go @@ -140,8 +140,6 @@ const ( SocketConfig_TProxy SocketConfig_TProxyMode = 1 // Redirect mode. SocketConfig_Redirect SocketConfig_TProxyMode = 2 - // PF mode. - SocketConfig_PF SocketConfig_TProxyMode = 3 ) // Enum value maps for SocketConfig_TProxyMode. @@ -150,13 +148,11 @@ var ( 0: "Off", 1: "TProxy", 2: "Redirect", - 3: "PF", } SocketConfig_TProxyMode_value = map[string]int32{ "Off": 0, "TProxy": 1, "Redirect": 2, - "PF": 3, } ) @@ -591,7 +587,7 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x12, 0x30, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x22, 0xc9, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, + 0x78, 0x79, 0x22, 0xc1, 0x04, 0x0a, 0x0c, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x61, 0x72, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x74, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x74, 0x66, 0x6f, 0x12, 0x48, 0x0a, 0x06, 0x74, 0x70, 0x72, @@ -624,27 +620,27 @@ var file_transport_internet_config_proto_rawDesc = []byte{ 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x2d, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x41, 0x6c, 0x69, 0x76, - 0x65, 0x49, 0x64, 0x6c, 0x65, 0x22, 0x37, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, + 0x65, 0x49, 0x64, 0x6c, 0x65, 0x22, 0x2f, 0x0a, 0x0a, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x66, 0x66, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, - 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x12, 0x06, 0x0a, 0x02, 0x50, 0x46, 0x10, 0x03, 0x2a, 0x5a, - 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, - 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, - 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, - 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, - 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, - 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, - 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, - 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, - 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, - 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, - 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, - 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x65, 0x63, 0x74, 0x10, 0x02, 0x2a, 0x5a, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x54, + 0x43, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, + 0x04, 0x4d, 0x4b, 0x43, 0x50, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x57, 0x65, 0x62, 0x53, 0x6f, + 0x63, 0x6b, 0x65, 0x74, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x04, + 0x12, 0x10, 0x0a, 0x0c, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, + 0x10, 0x05, 0x2a, 0x41, 0x0a, 0x0e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x53, 0x74, 0x72, 0x61, + 0x74, 0x65, 0x67, 0x79, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x53, 0x5f, 0x49, 0x53, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x55, 0x53, 0x45, 0x5f, 0x49, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, + 0x53, 0x45, 0x5f, 0x49, 0x50, 0x34, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x53, 0x45, 0x5f, + 0x49, 0x50, 0x36, 0x10, 0x03, 0x42, 0x67, 0x0a, 0x1b, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, + 0x79, 0x2e, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x50, 0x01, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, + 0x65, 0x2f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0xaa, 0x02, 0x17, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, + 0x73, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/transport/internet/config.proto b/transport/internet/config.proto index e44cb64d..92f70a8b 100644 --- a/transport/internet/config.proto +++ b/transport/internet/config.proto @@ -74,8 +74,6 @@ message SocketConfig { TProxy = 1; // Redirect mode. Redirect = 2; - // PF mode. - PF = 3; } // TProxy is for enabling TProxy socket option. diff --git a/transport/internet/sockopt_darwin.go b/transport/internet/sockopt_darwin.go index 2fae2632..87a524cb 100644 --- a/transport/internet/sockopt_darwin.go +++ b/transport/internet/sockopt_darwin.go @@ -1,7 +1,11 @@ package internet import ( + "github.com/xtls/xray-core/common/net" "golang.org/x/sys/unix" + "os" + "syscall" + "unsafe" ) const ( @@ -13,6 +17,83 @@ const ( sysTCP_KEEPINTVL = 0x101 // nolint: revive,stylecheck ) +const ( + PfOut = 2 + IOCOut = 0x40000000 + IOCIn = 0x80000000 + IOCInOut = IOCIn | IOCOut + IOCPARMMask = 0x1FFF + LEN = 4*16 + 4*4 + 4*1 + // #define _IOC(inout,group,num,len) (inout | ((len & IOCPARMMask) << 16) | ((group) << 8) | (num)) + // #define _IOWR(g,n,t) _IOC(IOCInOut, (g), (n), sizeof(t)) + // #define DIOCNATLOOK _IOWR('D', 23, struct pfioc_natlook) + DIOCNATLOOK = IOCInOut | ((LEN & IOCPARMMask) << 16) | ('D' << 8) | 23 +) + +// OriginalDst uses ioctl to read original destination from /dev/pf +func OriginalDst(la, ra net.Addr) (net.IP, int, error) { + f, err := os.Open("/dev/pf") + if err != nil { + return net.IP{}, -1, newError("failed to open device /dev/pf").Base(err) + } + defer f.Close() + fd := f.Fd() + nl := struct { // struct pfioc_natlook + saddr, daddr, rsaddr, rdaddr [16]byte + sxport, dxport, rsxport, rdxport [4]byte + af, proto, protoVariant, direction uint8 + }{ + af: syscall.AF_INET, + proto: syscall.IPPROTO_TCP, + direction: PfOut, + } + var raIP, laIP net.IP + var raPort, laPort int + switch la.(type) { + case *net.TCPAddr: + raIP = ra.(*net.TCPAddr).IP + laIP = la.(*net.TCPAddr).IP + raPort = ra.(*net.TCPAddr).Port + laPort = la.(*net.TCPAddr).Port + case *net.UDPAddr: + raIP = ra.(*net.UDPAddr).IP + laIP = la.(*net.UDPAddr).IP + raPort = ra.(*net.UDPAddr).Port + laPort = la.(*net.UDPAddr).Port + } + if raIP.To4() != nil { + if laIP.IsUnspecified() { + laIP = net.ParseIP("127.0.0.1") + } + copy(nl.saddr[:net.IPv4len], raIP.To4()) + copy(nl.daddr[:net.IPv4len], laIP.To4()) + } + if raIP.To16() != nil && raIP.To4() == nil { + if laIP.IsUnspecified() { + laIP = net.ParseIP("::1") + } + copy(nl.saddr[:], raIP) + copy(nl.daddr[:], laIP) + } + nl.sxport[0], nl.sxport[1] = byte(raPort>>8), byte(raPort) + nl.dxport[0], nl.dxport[1] = byte(laPort>>8), byte(laPort) + if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, DIOCNATLOOK, uintptr(unsafe.Pointer(&nl))); errno != 0 { + return net.IP{}, -1, os.NewSyscallError("ioctl", err) + } + + odPort := nl.rdxport + var odIP net.IP + switch nl.af { + case syscall.AF_INET: + odIP = make(net.IP, net.IPv4len) + copy(odIP, nl.rdaddr[:net.IPv4len]) + case syscall.AF_INET6: + odIP = make(net.IP, net.IPv6len) + copy(odIP, nl.rdaddr[:]) + } + return odIP, int(net.PortFromBytes(odPort[:2])), nil +} + func applyOutboundSocketOptions(network string, address string, fd uintptr, config *SocketConfig) error { if isTCPSocket(network) { tfo := config.ParseTFOValue() diff --git a/transport/internet/tcp/sockopt_darwin.go b/transport/internet/tcp/sockopt_darwin.go new file mode 100644 index 00000000..a1905cf4 --- /dev/null +++ b/transport/internet/tcp/sockopt_darwin.go @@ -0,0 +1,25 @@ +//go:build darwin +// +build darwin + +package tcp + +import ( + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/transport/internet" + "github.com/xtls/xray-core/transport/internet/stat" +) + +// GetOriginalDestination from tcp conn +func GetOriginalDestination(conn stat.Connection) (net.Destination, error) { + la := conn.LocalAddr() + ra := conn.RemoteAddr() + ip, port, err := internet.OriginalDst(la, ra) + if err != nil { + return net.Destination{}, newError("failed to get destination").Base(err) + } + dest := net.TCPDestination(net.IPAddress(ip), net.Port(port)) + if !dest.IsValid() { + return net.Destination{}, newError("failed to parse destination.") + } + return dest, nil +} diff --git a/transport/internet/tcp/sockopt_other.go b/transport/internet/tcp/sockopt_other.go index 7c722e1b..3f657354 100644 --- a/transport/internet/tcp/sockopt_other.go +++ b/transport/internet/tcp/sockopt_other.go @@ -1,5 +1,5 @@ -//go:build !linux && !freebsd -// +build !linux,!freebsd +//go:build !linux && !freebsd && !darwin +// +build !linux,!freebsd,!darwin package tcp diff --git a/transport/internet/udp/hub_darwin.go b/transport/internet/udp/hub_darwin.go new file mode 100644 index 00000000..fa965b3c --- /dev/null +++ b/transport/internet/udp/hub_darwin.go @@ -0,0 +1,46 @@ +//go:build darwin +// +build darwin + +package udp + +import ( + "bytes" + "encoding/gob" + "io" + + "github.com/xtls/xray-core/common/errors" + "github.com/xtls/xray-core/common/net" + "github.com/xtls/xray-core/transport/internet" +) + +// RetrieveOriginalDest from stored laddr, caddr +func RetrieveOriginalDest(oob []byte) net.Destination { + dec := gob.NewDecoder(bytes.NewBuffer(oob)) + var la, ra net.UDPAddr + dec.Decode(&la) + dec.Decode(&ra) + ip, port, err := internet.OriginalDst(&la, &ra) + if err != nil { + return net.Destination{} + } + return net.UDPDestination(net.IPAddress(ip), net.Port(port)) +} + +// ReadUDPMsg stores laddr, caddr for later use +func ReadUDPMsg(conn *net.UDPConn, payload []byte, oob []byte) (int, int, int, *net.UDPAddr, error) { + nBytes, addr, err := conn.ReadFromUDP(payload) + var buf bytes.Buffer + enc := gob.NewEncoder(&buf) + udpAddr, ok := conn.LocalAddr().(*net.UDPAddr) + if !ok { + return 0, 0, 0, nil, errors.New("invalid local address") + } + if addr == nil { + return 0, 0, 0, nil, errors.New("invalid remote address") + } + enc.Encode(udpAddr) + enc.Encode(addr) + var reader io.Reader = &buf + noob, _ := reader.Read(oob) + return nBytes, noob, 0, addr, err +} diff --git a/transport/internet/udp/hub_other.go b/transport/internet/udp/hub_other.go index 3765ba31..3a784183 100644 --- a/transport/internet/udp/hub_other.go +++ b/transport/internet/udp/hub_other.go @@ -1,5 +1,5 @@ -//go:build !linux && !freebsd -// +build !linux,!freebsd +//go:build !linux && !freebsd && !darwin +// +build !linux,!freebsd,!darwin package udp