Implement dns-hijack

nekohasekai · nekohasekai · commit 67409101f3c3 · 2024-10-23T16:57:17.000+08:00
diff --git a/cmd/sing-box/cmd_tools.go b/cmd/sing-box/cmd_tools.go
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"errors"
+	"os"
+
 	"github.com/sagernet/sing-box"
 	E "github.com/sagernet/sing/common/exceptions"
 	N "github.com/sagernet/sing/common/network"
@@ -23,7 +26,9 @@ func init() {
 func createPreStartedClient() (*box.Box, error) {
 	options, err := readConfigAndMerge()
 	if err != nil {
-		return nil, err
+		if !(errors.Is(err, os.ErrNotExist) && len(configDirectories) == 0 && len(configPaths) == 1) || configPaths[0] != "config.json" {
+			return nil, err
+		}
 	}
 	instance, err := box.New(box.Options{Options: options})
 	if err != nil {
diff --git a/go.mod b/go.mod
@@ -27,14 +27,14 @@ require (
 	github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3
 	github.com/sagernet/quic-go v0.48.0-beta.1
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.5.0-rc.4.0.20241022031908-cd17884118cb
-	github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241021154031-a59e0fbba3ce
+	github.com/sagernet/sing v0.5.0-rc.4.0.20241023053048-94f058276959
+	github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241023053951-feb6d5403f2a
 	github.com/sagernet/sing-mux v0.2.1-0.20241020175909-fe6153f7a9ec
 	github.com/sagernet/sing-quic v0.3.0-rc.1
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.1.4
-	github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241022132441-8ae8c915af9e
+	github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241023054150-3b5b396d06f7
 	github.com/sagernet/sing-vmess v0.1.12
 	github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7
 	github.com/sagernet/utls v1.6.7
@@ -55,8 +55,6 @@ require (
 	howett.net/plist v1.0.1
 )
 
-//replace github.com/sagernet/sing => ../sing
-
 require (
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/andybalholm/brotli v1.0.6 // indirect
diff --git a/go.sum b/go.sum
@@ -115,10 +115,10 @@ github.com/sagernet/quic-go v0.48.0-beta.1/go.mod h1:1WgdDIVD1Gybp40JTWketeSfKA/
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc=
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.2.18/go.mod h1:OL6k2F0vHmEzXz2KW19qQzu172FDgSbUSODylighuVo=
-github.com/sagernet/sing v0.5.0-rc.4.0.20241022031908-cd17884118cb h1:3IhGq2UmcbQfAcuqyE8RYKFapqEEa3eItS/MrZr+5l8=
-github.com/sagernet/sing v0.5.0-rc.4.0.20241022031908-cd17884118cb/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
-github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241021154031-a59e0fbba3ce h1:OfpxE5qnXMyU/9LtNgX4M7bGP11lJx4s+KZ3Sijb0HE=
-github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241021154031-a59e0fbba3ce/go.mod h1:TqLIelI+FAbVEdiTRolhGLOwvhVjY7oT+wezlOJUQ7M=
+github.com/sagernet/sing v0.5.0-rc.4.0.20241023053048-94f058276959 h1:8BzTt5cU8h6HK4CcRq1UQHKsgUi942GjO0by/ntFZIs=
+github.com/sagernet/sing v0.5.0-rc.4.0.20241023053048-94f058276959/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241023053951-feb6d5403f2a h1:jpAlbmZxc1LymZrmJacsvHI57Wito5xy8qASZJMWoOQ=
+github.com/sagernet/sing-dns v0.3.0-rc.2.0.20241023053951-feb6d5403f2a/go.mod h1:TqLIelI+FAbVEdiTRolhGLOwvhVjY7oT+wezlOJUQ7M=
 github.com/sagernet/sing-mux v0.2.1-0.20241020175909-fe6153f7a9ec h1:6Fd/VsEsw9qIjaGi1IBTZSb4b4v5JYtNcoiBtGsQC48=
 github.com/sagernet/sing-mux v0.2.1-0.20241020175909-fe6153f7a9ec/go.mod h1:RSwqqHwbtTOX3vs6ms8vMtBGH/0ZNyLm/uwt6TlmR84=
 github.com/sagernet/sing-quic v0.3.0-rc.1 h1:SlzL1yfEAKJyRduub8vzOVtbyTLAX7RZEEBZxO5utts=
@@ -129,8 +129,8 @@ github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wK
 github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ=
 github.com/sagernet/sing-shadowtls v0.1.4 h1:aTgBSJEgnumzFenPvc+kbD9/W0PywzWevnVpEx6Tw3k=
 github.com/sagernet/sing-shadowtls v0.1.4/go.mod h1:F8NBgsY5YN2beQavdgdm1DPlhaKQlaL6lpDdcBglGK4=
-github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241022132441-8ae8c915af9e h1:dKvwQKyNc6/tfwsCU3vlvZo1zwGC9ztsJ3qiQghhBpA=
-github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241022132441-8ae8c915af9e/go.mod h1:ZDv85YIANyV7ZTuHx9Vn3dBiEBjuOnebVrL7ccXC9CM=
+github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241023054150-3b5b396d06f7 h1:wWfRBSP8v0Gc9yUeMgoKCiG+LIs/+bYLWWwVVYSbGFI=
+github.com/sagernet/sing-tun v0.4.0-rc.4.0.20241023054150-3b5b396d06f7/go.mod h1:2v1L3BQKzoOpGuKMwC6pcs/5/Xb5PBqzqL6Lq88IoS8=
 github.com/sagernet/sing-vmess v0.1.12 h1:2gFD8JJb+eTFMoa8FIVMnknEi+vCSfaiTXTfEYAYAPg=
 github.com/sagernet/sing-vmess v0.1.12/go.mod h1:luTSsfyBGAc9VhtCqwjR+dt1QgqBhuYBCONB/POhF8I=
 github.com/sagernet/smux v0.0.0-20231208180855-7041f6ea79e7 h1:DImB4lELfQhplLTxeq2z31Fpv8CQqqrUwTbrIRumZqQ=
diff --git a/inbound/tun.go b/inbound/tun.go
@@ -35,8 +35,9 @@ type TUN struct {
 	router adapter.Router
 	logger log.ContextLogger
 	// Deprecated
-	inboundOptions              option.InboundOptions
-	tunOptions                  tun.Options
+	inboundOptions option.InboundOptions
+	tunOptions     tun.Options
+	// Deprecated
 	endpointIndependentNat      bool
 	udpTimeout                  time.Duration
 	stack                       string
@@ -316,7 +317,6 @@ func (t *TUN) Start() error {
 		Context:                t.ctx,
 		Tun:                    tunInterface,
 		TunOptions:             t.tunOptions,
-		EndpointIndependentNat: t.endpointIndependentNat,
 		UDPTimeout:             t.udpTimeout,
 		Handler:                t,
 		Logger:                 t.logger,
diff --git a/outbound/dns.go b/outbound/dns.go
@@ -5,6 +5,7 @@ import (
 	"encoding/binary"
 	"net"
 	"os"
+	"time"
 
 	"github.com/sagernet/sing-box/adapter"
 	C "github.com/sagernet/sing-box/constant"
@@ -50,14 +51,15 @@ func (d *DNS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter
 	metadata.Destination = M.Socksaddr{}
 	defer conn.Close()
 	for {
-		err := d.handleConnection(ctx, conn, metadata)
+		conn.SetReadDeadline(time.Now().Add(C.DNSTimeout))
+		err := HandleStreamDNSRequest(ctx, d.router, conn, metadata)
 		if err != nil {
 			return err
 		}
 	}
 }
 
-func (d *DNS) handleConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+func HandleStreamDNSRequest(ctx context.Context, router adapter.Router, conn net.Conn, metadata adapter.InboundContext) error {
 	var queryLength uint16
 	err := binary.Read(conn, binary.BigEndian, &queryLength)
 	if err != nil {
@@ -79,7 +81,7 @@ func (d *DNS) handleConnection(ctx context.Context, conn net.Conn, metadata adap
 	}
 	metadataInQuery := metadata
 	go func() error {
-		response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
+		response, err := router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
 		if err != nil {
 			return err
 		}
@@ -100,10 +102,14 @@ func (d *DNS) handleConnection(ctx context.Context, conn net.Conn, metadata adap
 
 // Deprecated
 func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	return NewDNSPacketConnection(ctx, d.router, conn, nil, metadata)
+}
+
+func NewDNSPacketConnection(ctx context.Context, router adapter.Router, conn N.PacketConn, cachedPackets []*N.PacketBuffer, metadata adapter.InboundContext) error {
 	metadata.Destination = M.Socksaddr{}
 	var reader N.PacketReader = conn
 	var counters []N.CountFunc
-	var cachedPackets []*N.PacketBuffer
+	cachedPackets = common.Reverse(cachedPackets)
 	for {
 		reader, counters = N.UnwrapCountPacketReader(reader, counters)
 		if cachedReader, isCached := reader.(N.CachedPacketReader); isCached {
@@ -115,7 +121,7 @@ func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metada
 		}
 		if readWaiter, created := bufio.CreatePacketReadWaiter(reader); created {
 			readWaiter.InitializeReadWaiter(N.ReadWaitOptions{})
-			return d.newPacketConnection(ctx, conn, readWaiter, counters, cachedPackets, metadata)
+			return newDNSPacketConnection(ctx, router, conn, readWaiter, counters, cachedPackets, metadata)
 		}
 		break
 	}
@@ -161,7 +167,7 @@ func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metada
 			}
 			metadataInQuery := metadata
 			go func() error {
-				response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
+				response, err := router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
 				if err != nil {
 					cancel(err)
 					return err
@@ -186,7 +192,7 @@ func (d *DNS) NewPacketConnection(ctx context.Context, conn N.PacketConn, metada
 	return group.Run(fastClose)
 }
 
-func (d *DNS) newPacketConnection(ctx context.Context, conn N.PacketConn, readWaiter N.PacketReadWaiter, readCounters []N.CountFunc, cached []*N.PacketBuffer, metadata adapter.InboundContext) error {
+func newDNSPacketConnection(ctx context.Context, router adapter.Router, conn N.PacketConn, readWaiter N.PacketReadWaiter, readCounters []N.CountFunc, cached []*N.PacketBuffer, metadata adapter.InboundContext) error {
 	fastClose, cancel := common.ContextWithCancelCause(ctx)
 	timeout := canceler.New(fastClose, cancel, C.DNSTimeout)
 	var group task.Group
@@ -206,11 +212,12 @@ func (d *DNS) newPacketConnection(ctx context.Context, conn N.PacketConn, readWa
 				}
 				err = message.Unpack(packet.Buffer.Bytes())
 				packet.Buffer.Release()
+				destination = packet.Destination
+				N.PutPacketBuffer(packet)
 				if err != nil {
 					cancel(err)
 					return err
 				}
-				destination = packet.Destination
 			} else {
 				buffer, destination, err = readWaiter.WaitReadPacket()
 				if err != nil {
@@ -230,7 +237,7 @@ func (d *DNS) newPacketConnection(ctx context.Context, conn N.PacketConn, readWa
 			}
 			metadataInQuery := metadata
 			go func() error {
-				response, err := d.router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
+				response, err := router.Exchange(adapter.WithContext(ctx, &metadataInQuery), &message)
 				if err != nil {
 					cancel(err)
 					return err
diff --git a/route/dns.go b/route/dns.go
@@ -0,0 +1,91 @@
+package route
+
+import (
+	"context"
+	"net"
+	"time"
+
+	"github.com/sagernet/sing-box/adapter"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/outbound"
+	"github.com/sagernet/sing-dns"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/udpnat2"
+
+	mDNS "github.com/miekg/dns"
+)
+
+func (r *Router) hijackDNSStream(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	metadata.Destination = M.Socksaddr{}
+	for {
+		conn.SetReadDeadline(time.Now().Add(C.DNSTimeout))
+		err := outbound.HandleStreamDNSRequest(ctx, r, conn, metadata)
+		if err != nil {
+			return err
+		}
+	}
+}
+
+func (r *Router) hijackDNSPacket(ctx context.Context, conn N.PacketConn, packetBuffers []*N.PacketBuffer, metadata adapter.InboundContext) {
+	if uConn, isUDPNAT2 := conn.(*udpnat.Conn); isUDPNAT2 {
+		metadata.Destination = M.Socksaddr{}
+		for _, packet := range packetBuffers {
+			buffer := packet.Buffer
+			destination := packet.Destination
+			N.PutPacketBuffer(packet)
+			go ExchangeDNSPacket(ctx, r, uConn, buffer, metadata, destination)
+		}
+		uConn.SetHandler(&dnsHijacker{
+			router:   r,
+			conn:     conn,
+			ctx:      ctx,
+			metadata: metadata,
+		})
+		return
+	}
+	err := outbound.NewDNSPacketConnection(ctx, r, conn, packetBuffers, metadata)
+	if err != nil && !E.IsClosedOrCanceled(err) {
+		r.dnsLogger.ErrorContext(ctx, E.Cause(err, "process packet connection"))
+	}
+}
+
+func ExchangeDNSPacket(ctx context.Context, router *Router, conn N.PacketConn, buffer *buf.Buffer, metadata adapter.InboundContext, destination M.Socksaddr) {
+	err := exchangeDNSPacket(ctx, router, conn, buffer, metadata, destination)
+	if err != nil && !E.IsClosedOrCanceled(err) {
+		router.dnsLogger.ErrorContext(ctx, E.Cause(err, "process packet connection"))
+	}
+}
+
+func exchangeDNSPacket(ctx context.Context, router *Router, conn N.PacketConn, buffer *buf.Buffer, metadata adapter.InboundContext, destination M.Socksaddr) error {
+	var message mDNS.Msg
+	err := message.Unpack(buffer.Bytes())
+	buffer.Release()
+	if err != nil {
+		return E.Cause(err, "unpack request")
+	}
+	response, err := router.Exchange(adapter.WithContext(ctx, &metadata), &message)
+	if err != nil {
+		return err
+	}
+	responseBuffer, err := dns.TruncateDNSMessage(&message, response, 1024)
+	if err != nil {
+		return err
+	}
+	err = conn.WritePacket(responseBuffer, destination)
+	responseBuffer.Release()
+	return err
+}
+
+type dnsHijacker struct {
+	router   *Router
+	conn     N.PacketConn
+	ctx      context.Context
+	metadata adapter.InboundContext
+}
+
+func (h *dnsHijacker) NewPacketEx(buffer *buf.Buffer, destination M.Socksaddr) {
+	go ExchangeDNSPacket(h.ctx, h.router, h.conn, buffer, h.metadata, destination)
+}
diff --git a/route/route.go b/route/route.go
diff --git a/route/rule/rule_action.go b/route/rule/rule_action.go
