mirror
/
gost-mirror
mirror of https://github.com/ginuerzh/gost
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add dns proxy server

pull/507/head
ginuerzh 7 years ago
parent
ae36ad0fdc
commit
8ec3d8cbcf
7 changed files with 642 additions and 106 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      cmd/gost/cfg.go
  2. 15
      cmd/gost/route.go
  3. 224
      dns.go
  4. 7
      go.mod
  5. 14
      go.sum
  6. 2
      node.go
  7. 474
      resolver.go

12
cmd/gost/cfg.go
View File

@ -223,9 +223,7 @@ func parseResolver(cfg string) gost.Resolver {
Addr: s, Addr: s,
Protocol: "https", Protocol: "https",
} }
if err := ns.Init(); err == nil { nss = append(nss, ns)
nss = append(nss, ns)
}
continue continue
} }
@ -234,18 +232,14 @@ func parseResolver(cfg string) gost.Resolver {
ns := gost.NameServer{ ns := gost.NameServer{
Addr: ss[0], Addr: ss[0],
} }
if err := ns.Init(); err == nil { nss = append(nss, ns)
nss = append(nss, ns)
}
} }
if len(ss) == 2 { if len(ss) == 2 {
ns := gost.NameServer{ ns := gost.NameServer{
Addr: ss[0], Addr: ss[0],
Protocol: ss[1], Protocol: ss[1],
} }
if err := ns.Init(); err == nil { nss = append(nss, ns)
nss = append(nss, ns)
}
} }
} }
return gost.NewResolver(0, nss...) return gost.NewResolver(0, nss...)

15
cmd/gost/route.go
View File

@ -477,6 +477,13 @@ func (r *route) GenRouters() ([]router, error) {
QueueSize: node.GetInt("queue"), QueueSize: node.GetInt("queue"),
}, },
) )
case "dns":
ln, err = gost.DNSListener(
node.Addr,
&gost.DNSOptions{
TCPMode: node.GetBool("tcp"),
},
)
default: default:
ln, err = gost.TCPListener(node.Addr) ln, err = gost.TCPListener(node.Addr)
} }
@ -518,6 +525,8 @@ func (r *route) GenRouters() ([]router, error) {
handler = gost.TunHandler() handler = gost.TunHandler()
case "tap": case "tap":
handler = gost.TapHandler() handler = gost.TapHandler()
case "dns", "dot", "doh":
handler = gost.DNSHandler(node.Remote)
default: default:
// start from 2.5, if remote is not empty, then we assume that it is a forward tunnel. // start from 2.5, if remote is not empty, then we assume that it is a forward tunnel.
if node.Remote != "" { if node.Remote != "" {
@ -540,10 +549,14 @@ func (r *route) GenRouters() ([]router, error) {
} }
node.Bypass = parseBypass(node.Get("bypass")) node.Bypass = parseBypass(node.Get("bypass"))
resolver := parseResolver(node.Get("dns"))
hosts := parseHosts(node.Get("hosts")) hosts := parseHosts(node.Get("hosts"))
ips := parseIP(node.Get("ip"), "") ips := parseIP(node.Get("ip"), "")
resolver := parseResolver(node.Get("dns"))
if resolver != nil {
resolver.Init(gost.ChainResolverOption(chain))
}
handler.Init( handler.Init(
gost.AddrHandlerOption(ln.Addr().String()), gost.AddrHandlerOption(ln.Addr().String()),
gost.ChainHandlerOption(chain), gost.ChainHandlerOption(chain),

224
dns.go
View File

@ -0,0 +1,224 @@
package gost
import (
"bytes"
"context"
"errors"
"net"
"strconv"
"time"
"github.com/go-log/log"
"github.com/miekg/dns"
)
type dnsHandler struct {
options *HandlerOptions
}
// DNSHandler creates a Handler for DNS server.
func DNSHandler(raddr string, opts ...HandlerOption) Handler {
h := &dnsHandler{}
for _, opt := range opts {
opt(h.options)
}
return h
}
func (h *dnsHandler) Init(opts ...HandlerOption) {
if h.options == nil {
h.options = &HandlerOptions{}
}
for _, opt := range opts {
opt(h.options)
}
}
func (h *dnsHandler) Handle(conn net.Conn) {
defer conn.Close()
b := mPool.Get().([]byte)
defer mPool.Put(b)
n, err := conn.Read(b)
if err != nil {
log.Logf("[dns] %s - %s: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
}
mq := &dns.Msg{}
if err = mq.Unpack(b[:n]); err != nil {
log.Logf("[dns] %s - %s request unpack: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
return
}
log.Logf("[dns] %s -> %s: %s", conn.RemoteAddr(), conn.LocalAddr(), h.dumpMsgHeader(mq))
if Debug {
log.Logf("[dns] %s >>> %s: %s", conn.RemoteAddr(), conn.LocalAddr(), mq.String())
}
start := time.Now()
reply, err := h.options.Resolver.Exchange(context.Background(), b[:n])
if err != nil {
log.Logf("[dns] %s - %s exchange: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
return
}
rtt := time.Since(start)
mr := &dns.Msg{}
if err = mr.Unpack(reply); err != nil {
log.Logf("[dns] %s - %s reply unpack: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
return
}
log.Logf("[dns] %s <- %s: %s [%s]",
conn.RemoteAddr(), conn.LocalAddr(), h.dumpMsgHeader(mr), rtt)
if Debug {
log.Logf("[dns] %s <<< %s: %s", conn.RemoteAddr(), conn.LocalAddr(), mr.String())
}
if _, err = conn.Write(reply); err != nil {
log.Logf("[dns] %s - %s reply unpack: %v", conn.RemoteAddr(), conn.LocalAddr(), err)
}
}
func (h *dnsHandler) dumpMsgHeader(m *dns.Msg) string {
buf := new(bytes.Buffer)
buf.WriteString(m.MsgHdr.String() + " ")
buf.WriteString("QUERY: " + strconv.Itoa(len(m.Question)) + ", ")
buf.WriteString("ANSWER: " + strconv.Itoa(len(m.Answer)) + ", ")
buf.WriteString("AUTHORITY: " + strconv.Itoa(len(m.Ns)) + ", ")
buf.WriteString("ADDITIONAL: " + strconv.Itoa(len(m.Extra)))
return buf.String()
}
type DNSOptions struct {
TCPMode bool
UDPSize int
ReadTimeout time.Duration
WriteTimeout time.Duration
}
type dnsListener struct {
addr net.Addr
server *dns.Server
connChan chan net.Conn
errc chan error
}
func DNSListener(addr string, options *DNSOptions) (Listener, error) {
if options == nil {
options = &DNSOptions{}
}
ln := &dnsListener{
connChan: make(chan net.Conn, 128),
errc: make(chan error, 1),
}
var nets string
var err error
if options.TCPMode {
nets = "tcp"
ln.addr, err = net.ResolveTCPAddr("tcp", addr)
} else {
nets = "udp"
ln.addr, err = net.ResolveUDPAddr("udp", addr)
}
if err != nil {
return nil, err
}
ln.server = &dns.Server{
Addr: addr,
Net: nets,
}
dns.HandleFunc(".", ln.handleRequest)
go func() {
if err := ln.server.ListenAndServe(); err != nil {
ln.errc <- err
return
}
}()
select {
case err := <-ln.errc:
return nil, err
default:
}
return ln, nil
}
func (l *dnsListener) handleRequest(w dns.ResponseWriter, m *dns.Msg) {
if w == nil || m == nil {
return
}
conn := &dnsServerConn{
mq: make(chan []byte, 1),
ResponseWriter: w,
}
buf := mPool.Get().([]byte)
defer mPool.Put(buf)
buf = buf[:0]
b, err := m.PackBuffer(buf)
if err != nil {
log.Logf("[dns] %s: %v", l.addr, err)
return
}
conn.mq <- b
select {
case l.connChan <- conn:
default:
log.Logf("[dns] %s: connection queue is full", l.addr)
}
}
func (l *dnsListener) Accept() (conn net.Conn, err error) {
select {
case conn = <-l.connChan:
case err = <-l.errc:
}
return
}
func (l *dnsListener) Close() error {
return l.server.Shutdown()
}
func (l *dnsListener) Addr() net.Addr {
return l.addr
}
type dnsServerConn struct {
mq chan []byte
dns.ResponseWriter
}
func (c *dnsServerConn) Read(b []byte) (n int, err error) {
var mb []byte
select {
case mb = <-c.mq:
default:
}
n = copy(b, mb)
return
}
func (c *dnsServerConn) SetDeadline(t time.Time) error {
return &net.OpError{Op: "set", Net: "dns", Source: nil, Addr: nil, Err: errors.New("deadline not supported")}
}
func (c *dnsServerConn) SetReadDeadline(t time.Time) error {
return &net.OpError{Op: "set", Net: "dns", Source: nil, Addr: nil, Err: errors.New("deadline not supported")}
}
func (c *dnsServerConn) SetWriteDeadline(t time.Time) error {
return &net.OpError{Op: "set", Net: "dns", Source: nil, Addr: nil, Err: errors.New("deadline not supported")}
}

7
go.mod
View File

@ -27,7 +27,7 @@ require (
github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f // indirect github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f // indirect
github.com/lucas-clemente/quic-go v0.10.0 github.com/lucas-clemente/quic-go v0.10.0
github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced // indirect github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced // indirect
github.com/miekg/dns v1.1.3 github.com/miekg/dns v1.1.27
github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8 github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8
github.com/onsi/ginkgo v1.7.0 // indirect github.com/onsi/ginkgo v1.7.0 // indirect
github.com/onsi/gomega v1.4.3 // indirect github.com/onsi/gomega v1.4.3 // indirect
@ -40,9 +40,8 @@ require (
github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b // indirect github.com/templexxx/xor v0.0.0-20181023030647-4e92f724b73b // indirect
github.com/tjfoc/gmsm v1.0.1 // indirect github.com/tjfoc/gmsm v1.0.1 // indirect
github.com/xtaci/tcpraw v1.2.25 github.com/xtaci/tcpraw v1.2.25
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 golang.org/x/net v0.0.0-20190923162816-aa69164e4478
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
gopkg.in/gorilla/websocket.v1 v1.4.0 gopkg.in/gorilla/websocket.v1 v1.4.0
gopkg.in/xtaci/kcp-go.v4 v4.3.2 gopkg.in/xtaci/kcp-go.v4 v4.3.2
gopkg.in/xtaci/smux.v1 v1.0.7 gopkg.in/xtaci/smux.v1 v1.0.7

14
go.sum
View File

@ -58,6 +58,8 @@ github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cce
github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced/go.mod h1:NCcRLrOTZbzhZvixZLlERbJtDtYsmMw8Jc4vS8Z0g58= github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced/go.mod h1:NCcRLrOTZbzhZvixZLlERbJtDtYsmMw8Jc4vS8Z0g58=
github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM= github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM=
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8 h1:4WFQEfEJ7zaHYViIVM2Cd6tnQOOhiEHbmQtlcV7aOpc= github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8 h1:4WFQEfEJ7zaHYViIVM2Cd6tnQOOhiEHbmQtlcV7aOpc=
github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8/go.mod h1:G95Wwn625/q6JCCytI4VR/a5VtPwrtI0B+Q1Gi38QLA= github.com/milosgajdos83/tenus v0.0.0-20190415114537-1f3ed00ae7d8/go.mod h1:G95Wwn625/q6JCCytI4VR/a5VtPwrtI0B+Q1Gi38QLA=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@ -88,23 +90,35 @@ golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664 h1:YbZJ76lQ1BqNhVe7dKTSB6
golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190130090550-b01c7a725664/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3 h1:ulvT7fqt0yHWzpJwI57MezWnYDVpCAYBVuYst/L+fAY= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3 h1:ulvT7fqt0yHWzpJwI57MezWnYDVpCAYBVuYst/L+fAY=
golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c= golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c=
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67 h1:1Fzlr8kkDLQwqMP8GxrhptBLqZG/EDpiATneiZHY998= golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67 h1:1Fzlr8kkDLQwqMP8GxrhptBLqZG/EDpiATneiZHY998=
golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=

2
node.go
View File

@ -84,6 +84,7 @@ func ParseNode(s string) (node Node, err error) {
case "ohttp": // obfs-http case "ohttp": // obfs-http
case "tun", "tap": // tun/tap device case "tun", "tap": // tun/tap device
case "ftcp": // fake TCP case "ftcp": // fake TCP
case "dns", "dot", "doh":
default: default:
node.Transport = "tcp" node.Transport = "tcp"
} }
@ -97,6 +98,7 @@ func ParseNode(s string) (node Node, err error) {
case "redirect": // TCP transparent proxy case "redirect": // TCP transparent proxy
case "tun", "tap": // tun/tap device case "tun", "tap": // tun/tap device
case "ftcp": // fake TCP case "ftcp": // fake TCP
case "dns", "dot", "doh":
default: default:
node.Protocol = "" node.Protocol = ""
} }

474
resolver.go
View File

@ -17,7 +17,6 @@ import (
"github.com/go-log/log" "github.com/go-log/log"
"github.com/miekg/dns" "github.com/miekg/dns"
"golang.org/x/net/http2"
) )
var ( var (
@ -25,18 +24,23 @@ var (
DefaultResolverTimeout = 5 * time.Second DefaultResolverTimeout = 5 * time.Second
) )
// Resolver is a name resolver for domain name. type nameServerOptions struct {
// It contains a list of name servers. timeout time.Duration
type Resolver interface { chain *Chain
// Resolve returns a slice of that host's IPv4 and IPv6 addresses.
Resolve(host string) ([]net.IP, error)
} }
// ReloadResolver is resolover that support live reloading. type NameServerOption func(*nameServerOptions)
type ReloadResolver interface {
Resolver func TimeoutNameServerOption(timeout time.Duration) NameServerOption {
Reloader return func(opts *nameServerOptions) {
Stoppable opts.timeout = timeout
}
}
func ChainNameServerOption(chain *Chain) NameServerOption {
return func(opts *nameServerOptions) {
opts.chain = chain
}
} }
// NameServer is a name server. // NameServer is a name server.
@ -45,26 +49,23 @@ type NameServer struct {
Addr string Addr string
Protocol string Protocol string
Hostname string // for TLS handshake verification Hostname string // for TLS handshake verification
Timeout time.Duration
exchanger Exchanger exchanger Exchanger
options nameServerOptions
} }
// Init initializes the name server. // Init initializes the name server.
func (ns *NameServer) Init() error { func (ns *NameServer) Init(opts ...NameServerOption) error {
timeout := ns.Timeout for _, opt := range opts {
if timeout <= 0 { opt(&ns.options)
timeout = DefaultResolverTimeout
} }
switch strings.ToLower(ns.Protocol) { switch strings.ToLower(ns.Protocol) {
case "tcp": case "tcp":
ns.exchanger = &dnsExchanger{ ns.exchanger = NewDNSTCPExchanger(
endpoint: ns.Addr, ns.Addr,
client: &dns.Client{ TimeoutExchangerOption(ns.options.timeout),
Net: "tcp", ChainExchangerOption(ns.options.chain),
Timeout: timeout, )
},
}
case "tls": case "tls":
cfg := &tls.Config{ cfg := &tls.Config{
ServerName: ns.Hostname, ServerName: ns.Hostname,
@ -72,51 +73,39 @@ func (ns *NameServer) Init() error {
if cfg.ServerName == "" { if cfg.ServerName == "" {
cfg.InsecureSkipVerify = true cfg.InsecureSkipVerify = true
} }
ns.exchanger = NewDoTExchanger(
ns.exchanger = &dnsExchanger{ ns.Addr, cfg,
endpoint: ns.Addr, TimeoutExchangerOption(ns.options.timeout),
client: &dns.Client{ ChainExchangerOption(ns.options.chain),
Net: "tcp-tls", )
Timeout: timeout,
TLSConfig: cfg,
},
}
case "https": case "https":
u, err := url.Parse(ns.Addr) u, err := url.Parse(ns.Addr)
if err != nil { if err != nil {
return err return err
} }
cfg := &tls.Config{ServerName: u.Hostname()} cfg := &tls.Config{ServerName: u.Hostname()}
transport := &http.Transport{ if cfg.ServerName == "" {
TLSClientConfig: cfg, cfg.InsecureSkipVerify = true
DisableCompression: true,
MaxIdleConns: 1,
}
http2.ConfigureTransport(transport)
ns.exchanger = &dohExchanger{
endpoint: u,
client: &http.Client{
Transport: transport,
Timeout: timeout,
},
} }
ns.exchanger = NewDoHExchanger(
u, cfg,
TimeoutExchangerOption(ns.options.timeout),
ChainExchangerOption(ns.options.chain),
)
case "udp": case "udp":
fallthrough fallthrough
default: default:
ns.exchanger = &dnsExchanger{ ns.exchanger = NewDNSExchanger(
endpoint: ns.Addr, ns.Addr,
client: &dns.Client{ TimeoutExchangerOption(ns.options.timeout),
Net: "udp", ChainExchangerOption(ns.options.chain),
Timeout: timeout, )
},
}
} }
return nil return nil
} }
func (ns NameServer) String() string { func (ns *NameServer) String() string {
addr := ns.Addr addr := ns.Addr
prot := ns.Protocol prot := ns.Protocol
if _, port, _ := net.SplitHostPort(addr); port == "" { if _, port, _ := net.SplitHostPort(addr); port == "" {
@ -128,15 +117,48 @@ func (ns NameServer) String() string {
return fmt.Sprintf("%s/%s", addr, prot) return fmt.Sprintf("%s/%s", addr, prot)
} }
type resolverOptions struct {
chain *Chain
}
type ResolverOption func(*resolverOptions)
func ChainResolverOption(chain *Chain) ResolverOption {
return func(opts *resolverOptions) {
opts.chain = chain
}
}
// Resolver is a name resolver for domain name.
// It contains a list of name servers.
type Resolver interface {
// Init initializes the Resolver instance.
Init(opts ...ResolverOption) error
// Resolve returns a slice of that host's IPv4 and IPv6 addresses.
Resolve(host string) ([]net.IP, error)
// Exchange performs a synchronous query,
// It sends the message query and waits for a reply.
Exchange(ctx context.Context, query []byte) (reply []byte, err error)
}
// ReloadResolver is resolover that support live reloading.
type ReloadResolver interface {
Resolver
Reloader
Stoppable
}
type resolver struct { type resolver struct {
Servers []NameServer Servers []NameServer
mCache *sync.Map mCache *sync.Map
TTL time.Duration TTL time.Duration
timeout time.Duration
period time.Duration period time.Duration
domain string domain string
stopped chan struct{} stopped chan struct{}
mux sync.RWMutex mux sync.RWMutex
prefer string // ipv4 or ipv6 prefer string // ipv4 or ipv6
options resolverOptions
} }
// NewResolver create a new Resolver with the given name servers and resolution timeout. // NewResolver create a new Resolver with the given name servers and resolution timeout.
@ -154,6 +176,34 @@ func newResolver(ttl time.Duration, servers ...NameServer) *resolver {
} }
} }
func (r *resolver) Init(opts ...ResolverOption) error {
if r == nil {
return nil
}
r.mux.Lock()
defer r.mux.Unlock()
for _, opt := range opts {
opt(&r.options)
}
var nss []NameServer
for _, ns := range r.Servers {
if err := ns.Init( // init all name servers
ChainNameServerOption(r.options.chain),
TimeoutNameServerOption(r.timeout),
); err != nil {
continue // ignore invalid name servers
}
nss = append(nss, ns)
}
r.Servers = nss
return nil
}
func (r *resolver) copyServers() []NameServer { func (r *resolver) copyServers() []NameServer {
var servers []NameServer var servers []NameServer
for i := range r.Servers { for i := range r.Servers {
@ -196,12 +246,12 @@ func (r *resolver) Resolve(host string) (ips []net.IP, err error) {
for _, ns := range servers { for _, ns := range servers {
ips, ttl, err = r.resolve(ns.exchanger, host) ips, ttl, err = r.resolve(ns.exchanger, host)
if err != nil { if err != nil {
log.Logf("[resolver] %s via %s : %s", host, ns, err) log.Logf("[resolver] %s via %s : %s", host, ns.String(), err)
continue continue
} }
if Debug { if Debug {
log.Logf("[resolver] %s via %s %v(ttl: %v)", host, ns, ips, ttl) log.Logf("[resolver] %s via %s %v(ttl: %v)", host, ns.String(), ips, ttl)
} }
if len(ips) > 0 { if len(ips) > 0 {
break break
@ -233,10 +283,24 @@ func (r *resolver) resolve(ex Exchanger, host string) (ips []net.IP, ttl time.Du
} }
func (*resolver) resolveIPs(ctx context.Context, ex Exchanger, query *dns.Msg) (ips []net.IP, ttl time.Duration, err error) { func (*resolver) resolveIPs(ctx context.Context, ex Exchanger, query *dns.Msg) (ips []net.IP, ttl time.Duration, err error) {
mr, err := ex.Exchange(ctx, query) // buf := mPool.Get().([]byte)
// defer mPool.Put(buf)
// buf = buf[:0]
// mq, err := query.PackBuffer(buf)
mq, err := query.Pack()
if err != nil { if err != nil {
return return
} }
reply, err := ex.Exchange(ctx, mq)
if err != nil {
return
}
mr := &dns.Msg{}
if err = mr.Unpack(reply); err != nil {
return
}
for _, ans := range mr.Answer { for _, ans := range mr.Answer {
if ar, _ := ans.(*dns.AAAA); ar != nil { if ar, _ := ans.(*dns.AAAA); ar != nil {
ips = append(ips, ar.AAAA) ips = append(ips, ar.AAAA)
@ -250,6 +314,25 @@ func (*resolver) resolveIPs(ctx context.Context, ex Exchanger, query *dns.Msg) (
return return
} }
func (r *resolver) Exchange(ctx context.Context, query []byte) (reply []byte, err error) {
if r == nil {
return
}
var servers []NameServer
r.mux.RLock()
servers = r.copyServers()
r.mux.RUnlock()
for _, ns := range servers {
reply, err = ns.exchanger.Exchange(ctx, query)
if err == nil {
return
}
}
return
}
type resolverCacheItem struct { type resolverCacheItem struct {
IPs []net.IP IPs []net.IP
ts int64 ts int64
@ -352,11 +435,7 @@ func (r *resolver) Reload(rd io.Reader) error {
if strings.HasPrefix(ns.Addr, "https") { if strings.HasPrefix(ns.Addr, "https") {
ns.Protocol = "https" ns.Protocol = "https"
} }
ns.Timeout = timeout nss = append(nss, ns)
if err := ns.Init(); err == nil {
nss = append(nss, ns)
}
} }
} }
@ -366,12 +445,15 @@ func (r *resolver) Reload(rd io.Reader) error {
r.mux.Lock() r.mux.Lock()
r.TTL = ttl r.TTL = ttl
r.timeout = timeout
r.domain = domain r.domain = domain
r.period = period r.period = period
r.prefer = prefer r.prefer = prefer
r.Servers = nss r.Servers = nss
r.mux.Unlock() r.mux.Unlock()
r.Init()
return nil return nil
} }
@ -425,62 +507,270 @@ func (r *resolver) String() string {
// Exchanger is an interface for DNS synchronous query. // Exchanger is an interface for DNS synchronous query.
type Exchanger interface { type Exchanger interface {
Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg, error) Exchange(ctx context.Context, query []byte) ([]byte, error)
}
type exchangerOptions struct {
chain *Chain
timeout time.Duration
}
type ExchangerOption func(opts *exchangerOptions)
func ChainExchangerOption(chain *Chain) ExchangerOption {
return func(opts *exchangerOptions) {
opts.chain = chain
}
}
func TimeoutExchangerOption(timeout time.Duration) ExchangerOption {
return func(opts *exchangerOptions) {
opts.timeout = timeout
}
} }
type dnsExchanger struct { type dnsExchanger struct {
endpoint string addr string
client *dns.Client options exchangerOptions
}
func NewDNSExchanger(addr string, opts ...ExchangerOption) Exchanger {
var options exchangerOptions
for _, opt := range opts {
opt(&options)
}
if _, port, _ := net.SplitHostPort(addr); port == "" {
addr = net.JoinHostPort(addr, "53")
}
return &dnsExchanger{
addr: addr,
options: options,
}
} }
func (ex *dnsExchanger) Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg, error) { func (ex *dnsExchanger) dial(ctx context.Context, network, address string) (conn net.Conn, err error) {
ep := ex.endpoint if ex.options.chain.IsEmpty() {
if _, port, _ := net.SplitHostPort(ep); port == "" { d := &net.Dialer{
ep = net.JoinHostPort(ep, "53") Timeout: ex.options.timeout,
}
return d.DialContext(ctx, network, address)
}
raddr, err := net.ResolveUDPAddr(network, address)
if err != nil {
return
} }
mr, _, err := ex.client.Exchange(query, ep) cc, err := getSOCKS5UDPTunnel(ex.options.chain, nil)
return mr, err conn = &udpTunnelConn{Conn: cc, raddr: raddr}
return
} }
type dohExchanger struct { func (ex *dnsExchanger) Exchange(ctx context.Context, query []byte) ([]byte, error) {
endpoint *url.URL c, err := ex.dial(ctx, "udp", ex.addr)
client *http.Client if err != nil {
return nil, err
}
mq := &dns.Msg{}
if err = mq.Unpack(query); err != nil {
return nil, err
}
conn := &dns.Conn{
Conn: c,
}
if err = conn.WriteMsg(mq); err != nil {
return nil, err
}
mr, err := conn.ReadMsg()
if err != nil {
return nil, err
}
return mr.Pack()
}
type dnsTCPExchanger struct {
addr string
options exchangerOptions
}
func NewDNSTCPExchanger(addr string, opts ...ExchangerOption) Exchanger {
var options exchangerOptions
for _, opt := range opts {
opt(&options)
}
if _, port, _ := net.SplitHostPort(addr); port == "" {
addr = net.JoinHostPort(addr, "53")
}
return &dnsTCPExchanger{
addr: addr,
options: options,
}
}
func (ex *dnsTCPExchanger) dial(ctx context.Context, network, address string) (conn net.Conn, err error) {
if ex.options.chain.IsEmpty() {
d := &net.Dialer{
Timeout: ex.options.timeout,
}
return d.DialContext(ctx, network, address)
}
return ex.options.chain.Dial(address, TimeoutChainOption(ex.options.timeout))
} }
// reference: https://github.com/cloudflare/cloudflared/blob/master/tunneldns/https_upstream.go#L54 func (ex *dnsTCPExchanger) Exchange(ctx context.Context, query []byte) ([]byte, error) {
func (ex *dohExchanger) Exchange(ctx context.Context, query *dns.Msg) (*dns.Msg, error) { c, err := ex.dial(ctx, "tcp", ex.addr)
queryBuf, err := query.Pack()
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to pack DNS query: %s", err) return nil, err
}
conn := &dns.Conn{
Conn: c,
}
if _, err = conn.Write(query); err != nil {
return nil, err
} }
// No content negotiation for now, use DNS wire format mr, err := conn.ReadMsg()
buf, backendErr := ex.exchangeWireformat(queryBuf) if err != nil {
if backendErr == nil { log.Log("[dns] exchange", err)
response := &dns.Msg{} return nil, err
if err := response.Unpack(buf); err != nil { }
return nil, fmt.Errorf("failed to unpack DNS response from body: %s", err)
return mr.Pack()
}
type dotExchanger struct {
addr string
tlsConfig *tls.Config
options exchangerOptions
}
func NewDoTExchanger(addr string, tlsConfig *tls.Config, opts ...ExchangerOption) Exchanger {
var options exchangerOptions
for _, opt := range opts {
opt(&options)
}
if _, port, _ := net.SplitHostPort(addr); port == "" {
addr = net.JoinHostPort(addr, "53")
}
if tlsConfig == nil {
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
return &dotExchanger{
addr: addr,
tlsConfig: tlsConfig,
options: options,
}
}
func (ex *dotExchanger) dial(ctx context.Context, network, address string) (conn net.Conn, err error) {
if ex.options.chain.IsEmpty() {
d := &net.Dialer{
Timeout: ex.options.timeout,
} }
conn, err = d.DialContext(ctx, network, address)
} else {
conn, err = ex.options.chain.Dial(address, TimeoutChainOption(ex.options.timeout))
}
if err == nil {
conn = tls.Client(conn, ex.tlsConfig)
}
return
}
response.Id = query.Id func (ex *dotExchanger) Exchange(ctx context.Context, query []byte) ([]byte, error) {
return response, nil c, err := ex.dial(ctx, "tcp", ex.addr)
if err != nil {
return nil, err
} }
return nil, backendErr conn := &dns.Conn{
Conn: c,
}
if _, err = conn.Write(query); err != nil {
return nil, err
}
mr, err := conn.ReadMsg()
if err != nil {
return nil, err
}
return mr.Pack()
} }
// Perform message exchange with the default UDP wireformat defined in current draft type dohExchanger struct {
// https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https endpoint *url.URL
func (ex *dohExchanger) exchangeWireformat(msg []byte) ([]byte, error) { client *http.Client
req, err := http.NewRequest("POST", ex.endpoint.String(), bytes.NewBuffer(msg)) options exchangerOptions
}
func NewDoHExchanger(urlStr *url.URL, tlsConfig *tls.Config, opts ...ExchangerOption) Exchanger {
var options exchangerOptions
for _, opt := range opts {
opt(&options)
}
ex := &dohExchanger{
endpoint: urlStr,
options: options,
}
ex.client = &http.Client{
Timeout: options.timeout,
Transport: &http.Transport{
// Proxy: ProxyFromEnvironment,
TLSClientConfig: tlsConfig,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: options.timeout,
ExpectContinueTimeout: 1 * time.Second,
DialContext: ex.dialContext,
},
}
return ex
}
func (ex *dohExchanger) dialContext(ctx context.Context, network, address string) (conn net.Conn, err error) {
if ex.options.chain.IsEmpty() {
d := &net.Dialer{
Timeout: ex.options.timeout,
}
return d.DialContext(ctx, network, address)
}
return ex.options.chain.Dial(address, TimeoutChainOption(ex.options.timeout))
}
func (ex *dohExchanger) Exchange(ctx context.Context, query []byte) ([]byte, error) {
req, err := http.NewRequestWithContext(ctx, "POST", ex.endpoint.String(), bytes.NewBuffer(query))
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create an HTTPS request: %s", err) return nil, fmt.Errorf("failed to create an HTTPS request: %s", err)
} }
req.Header.Add("Content-Type", "application/dns-udpwireformat") // req.Header.Add("Content-Type", "application/dns-udpwireformat")
req.Header.Add("Content-Type", "application/dns-message")
req.Host = ex.endpoint.Hostname() req.Host = ex.endpoint.Hostname()
resp, err := ex.client.Do(req) client := ex.client
if client == nil {
client = http.DefaultClient
}
resp, err := client.Do(req)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to perform an HTTPS request: %s", err) return nil, fmt.Errorf("failed to perform an HTTPS request: %s", err)
} }

Write Preview
Loading…
Cancel
Save