Skip to content

Commit cf07c81

Browse files
mokeyishmokeyish
committed
⬆️ upgrade surge-ping
1 parent 9de7f7d commit cf07c81

File tree

3 files changed

+140
-5
lines changed

3 files changed

+140
-5
lines changed

.gitignore

+4-1
Original file line numberDiff line numberDiff line change
@@ -20,4 +20,7 @@ dist
2020

2121
.idea/
2222

23-
etc/smartdns/smartdns.yaml
23+
etc/smartdns/smartdns.yaml
24+
25+
localhost.crt
26+
localhost.key

Cargo.toml

+1-2
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,6 @@ dns-over-https-rustls = [
4646
# hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns.git", rev = "41b6e33"}
4747
# hickory-server = { git = "https://github.com/hickory-dns/hickory-dns.git", rev = "41b6e33"}
4848
# rustls-native-certs = { git = "https://github.com/mokeyish/rustls-native-certs.git" }
49-
surge-ping = { git = "https://github.com/mokeyish/surge-ping.git", rev = "04c51d6" }
5049
hostname = { git = "https://github.com/mokeyish/hostname.git", branch = "dev" }
5150
enum_dispatch = { git = "https://gitlab.com/mokeyish/enum_dispatch.git", branch = "master"}
5251

@@ -90,7 +89,7 @@ rustls-native-certs = "0.6.2"
9089
lru = { version = "0.12", default-features = false}
9190
time = "0.3"
9291
chrono = "0.4"
93-
surge-ping = "0.7.4"
92+
surge-ping = "0.8.0"
9493
rand = "0.8.5"
9594
smallvec = "1.10.0"
9695
csv = "1.1"

src/infra/ping.rs

+135-2
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,129 @@ mod icmp {
289289

290290
use super::{do_agg, PingAddr, PingError, PingOptions, PingOutput};
291291

292+
mod auto_sock_type {
293+
use cfg_if::cfg_if;
294+
use socket2::Type;
295+
use surge_ping::ICMP;
296+
297+
cfg_if! {
298+
if #[cfg(any(target_os = "linux"))] {
299+
use once_cell::sync::Lazy;
300+
use socket2::{Domain, Protocol, Socket};
301+
use std::{io, net::IpAddr};
302+
303+
pub trait CheckAllowUnprivilegedIcmp {
304+
fn allow_unprivileged_icmp(&self) -> bool;
305+
}
306+
307+
308+
pub trait CheckAllowRawSocket {
309+
fn allow_raw_socket(&self) -> bool;
310+
}
311+
312+
impl CheckAllowUnprivilegedIcmp for ICMP {
313+
fn allow_unprivileged_icmp(&self) -> bool {
314+
match self {
315+
ICMP::V4 => *ALLOW_IPV4_UNPRIVILEGED_ICMP,
316+
ICMP::V6 => *ALLOW_IPV6_UNPRIVILEGED_ICMP
317+
}
318+
}
319+
}
320+
321+
impl CheckAllowRawSocket for ICMP {
322+
#[inline]
323+
fn allow_raw_socket(&self) -> bool {
324+
match self {
325+
ICMP::V4 => *ALLOW_IPV4_RAW_SOCKET,
326+
ICMP::V6 => *ALLOW_IPV6_RAW_SOCKET
327+
}
328+
}
329+
}
330+
331+
impl CheckAllowUnprivilegedIcmp for IpAddr {
332+
#[inline]
333+
fn allow_unprivileged_icmp(&self) -> bool {
334+
match self {
335+
IpAddr::V4(_) => *ALLOW_IPV4_UNPRIVILEGED_ICMP,
336+
IpAddr::V6(_) => *ALLOW_IPV6_UNPRIVILEGED_ICMP,
337+
}
338+
}
339+
}
340+
341+
impl CheckAllowRawSocket for IpAddr {
342+
#[inline]
343+
fn allow_raw_socket(&self) -> bool {
344+
match self {
345+
IpAddr::V4(_) => *ALLOW_IPV4_RAW_SOCKET,
346+
IpAddr::V6(_) => *ALLOW_IPV6_RAW_SOCKET,
347+
}
348+
}
349+
}
350+
351+
352+
353+
354+
pub static ALLOW_IPV4_UNPRIVILEGED_ICMP: Lazy<bool> = Lazy::new(|| {
355+
allow_unprivileged_icmp(Domain::IPV4, Protocol::ICMPV4)
356+
});
357+
358+
pub static ALLOW_IPV4_RAW_SOCKET: Lazy<bool> =
359+
Lazy::new(|| allow_raw_socket(Domain::IPV4, Protocol::ICMPV4));
360+
361+
362+
pub static ALLOW_IPV6_UNPRIVILEGED_ICMP: Lazy<bool> = Lazy::new(|| {
363+
allow_unprivileged_icmp(Domain::IPV6, Protocol::ICMPV6)
364+
});
365+
366+
pub static ALLOW_IPV6_RAW_SOCKET: Lazy<bool> =
367+
Lazy::new(|| allow_raw_socket(Domain::IPV6, Protocol::ICMPV6));
368+
369+
370+
fn allow_unprivileged_icmp(domain: Domain, proto: Protocol) -> bool {
371+
!is_permission_denied(Socket::new(domain, Type::DGRAM, Some(proto)))
372+
}
373+
374+
fn allow_raw_socket(domain: Domain, proto: Protocol) -> bool {
375+
!is_permission_denied(Socket::new(domain, Type::RAW, Some(proto)))
376+
}
377+
378+
#[inline]
379+
fn is_permission_denied(res: io::Result<Socket>) -> bool {
380+
matches!(res, Err(err) if matches!(err.kind(), std::io::ErrorKind::PermissionDenied))
381+
}
382+
383+
}
384+
385+
386+
}
387+
388+
#[allow(unused_variables)]
389+
pub fn detect(kind: ICMP) -> Type {
390+
cfg_if! {
391+
if #[cfg(any(target_os = "linux", target_os = "android"))] {
392+
393+
if kind.allow_unprivileged_icmp() {
394+
// enable by running: `sudo sysctl -w net.ipv4.ping_group_range='0 2147483647'`
395+
Type::DGRAM
396+
} else if kind.allow_raw_socket() {
397+
// enable by running: `sudo setcap CAP_NET_RAW+eip /path/to/program`
398+
Type::RAW
399+
} else {
400+
panic!("unpriviledged ping is disabled, please enable by setting `net.ipv4.ping_group_range` or setting `CAP_NET_RAW`")
401+
}
402+
} else if #[cfg(any(target_os = "macos"))] {
403+
// MacOS seems enable UNPRIVILEGED_ICMP by default.
404+
Type::DGRAM
405+
} else if #[cfg(any(target_os = "windows"))] {
406+
// Windows seems enable RAW_SOCKET by default.
407+
Type::RAW
408+
} else {
409+
Type::RAW
410+
}
411+
}
412+
}
413+
}
414+
292415
pub async fn ping(ipaddr: IpAddr, opts: PingOptions) -> Result<PingOutput, PingError> {
293416
let PingOptions {
294417
times,
@@ -300,8 +423,18 @@ mod icmp {
300423
let mut durations = Vec::new();
301424

302425
let client = match ipaddr {
303-
IpAddr::V4(_) => Client::new(&Config::default()),
304-
IpAddr::V6(_) => Client::new(&Config::builder().kind(ICMP::V6).build()),
426+
IpAddr::V4(_) => Client::new(
427+
&Config::builder()
428+
.kind(ICMP::V4)
429+
.sock_type_hint(auto_sock_type::detect(ICMP::V4))
430+
.build(),
431+
),
432+
IpAddr::V6(_) => Client::new(
433+
&Config::builder()
434+
.kind(ICMP::V6)
435+
.sock_type_hint(auto_sock_type::detect(ICMP::V6))
436+
.build(),
437+
),
305438
}?;
306439

307440
let mut pinger = client.pinger(ipaddr, PingIdentifier(random())).await;

0 commit comments

Comments
 (0)