sing-box/route/rule/rule_action.go

package rule

import (
	"context"
	"net/netip"
	"strings"
	"sync"
	"time"

	"github.com/sagernet/sing-box/adapter"
	"github.com/sagernet/sing-box/common/sniff"
	C "github.com/sagernet/sing-box/constant"
	"github.com/sagernet/sing-box/option"
	"github.com/sagernet/sing-dns"
	"github.com/sagernet/sing-tun"
	"github.com/sagernet/sing/common"
	E "github.com/sagernet/sing/common/exceptions"
	F "github.com/sagernet/sing/common/format"
	"github.com/sagernet/sing/common/logger"

	"golang.org/x/sys/unix"
)

func NewRuleAction(logger logger.ContextLogger, action option.RuleAction) (adapter.RuleAction, error) {
	switch action.Action {
	case C.RuleActionTypeRoute:
		return &RuleActionRoute{
			Outbound:                  action.RouteOptions.Outbound,
			UDPDisableDomainUnmapping: action.RouteOptions.UDPDisableDomainUnmapping,
		}, nil
	case C.RuleActionTypeReturn:
		return &RuleActionReturn{}, nil
	case C.RuleActionTypeReject:
		return &RuleActionReject{
			Method: action.RejectOptions.Method,
			NoDrop: action.RejectOptions.NoDrop,
			logger: logger,
		}, nil
	case C.RuleActionTypeHijackDNS:
		return &RuleActionHijackDNS{}, nil
	case C.RuleActionTypeSniff:
		sniffAction := &RuleActionSniff{
			snifferNames: action.SniffOptions.Sniffer,
			Timeout:      time.Duration(action.SniffOptions.Timeout),
		}
		return sniffAction, sniffAction.build()
	case C.RuleActionTypeResolve:
		return &RuleActionResolve{
			Strategy: dns.DomainStrategy(action.ResolveOptions.Strategy),
			Server:   action.ResolveOptions.Server,
		}, nil
	default:
		panic(F.ToString("unknown rule action: ", action.Action))
	}
}

func NewDNSRuleAction(logger logger.ContextLogger, action option.DNSRuleAction) adapter.RuleAction {
	switch action.Action {
	case C.RuleActionTypeRoute:
		return &RuleActionDNSRoute{
			Server:       action.RouteOptions.Server,
			DisableCache: action.RouteOptions.DisableCache,
			RewriteTTL:   action.RouteOptions.RewriteTTL,
			ClientSubnet: action.RouteOptions.ClientSubnet.Build(),
		}
	case C.RuleActionTypeReturn:
		return &RuleActionReturn{}
	case C.RuleActionTypeReject:
		return &RuleActionReject{
			Method: action.RejectOptions.Method,
			NoDrop: action.RejectOptions.NoDrop,
			logger: logger,
		}
	default:
		panic(F.ToString("unknown rule action: ", action.Action))
	}
}

type RuleActionRoute struct {
	Outbound                  string
	UDPDisableDomainUnmapping bool
}

func (r *RuleActionRoute) Type() string {
	return C.RuleActionTypeRoute
}

func (r *RuleActionRoute) String() string {
	return F.ToString("route(", r.Outbound, ")")
}

type RuleActionDNSRoute struct {
	Server       string
	DisableCache bool
	RewriteTTL   *uint32
	ClientSubnet netip.Prefix
}

func (r *RuleActionDNSRoute) Type() string {
	return C.RuleActionTypeRoute
}

func (r *RuleActionDNSRoute) String() string {
	return F.ToString("route(", r.Server, ")")
}

type RuleActionReturn struct{}

func (r *RuleActionReturn) Type() string {
	return C.RuleActionTypeReturn
}

func (r *RuleActionReturn) String() string {
	return "return"
}

type RuleActionReject struct {
	Method      string
	NoDrop      bool
	logger      logger.ContextLogger
	dropAccess  sync.Mutex
	dropCounter []time.Time
}

func (r *RuleActionReject) Type() string {
	return C.RuleActionTypeReject
}

func (r *RuleActionReject) String() string {
	if r.Method == C.RuleActionRejectMethodDefault {
		return "reject"
	}
	return F.ToString("reject(", r.Method, ")")
}

func (r *RuleActionReject) Error(ctx context.Context) error {
	var returnErr error
	switch r.Method {
	case C.RuleActionRejectMethodDefault:
		returnErr = unix.ECONNREFUSED
	case C.RuleActionRejectMethodDrop:
		return tun.ErrDrop
	default:
		panic(F.ToString("unknown reject method: ", r.Method))
	}
	r.dropAccess.Lock()
	defer r.dropAccess.Unlock()
	timeNow := time.Now()
	r.dropCounter = common.Filter(r.dropCounter, func(t time.Time) bool {
		return timeNow.Sub(t) <= 30*time.Second
	})
	r.dropCounter = append(r.dropCounter, timeNow)
	if len(r.dropCounter) > 50 {
		if ctx != nil {
			r.logger.DebugContext(ctx, "dropped due to flooding")
		}
		return tun.ErrDrop
	}
	return returnErr
}

type RuleActionHijackDNS struct{}

func (r *RuleActionHijackDNS) Type() string {
	return C.RuleActionTypeHijackDNS
}

func (r *RuleActionHijackDNS) String() string {
	return "hijack-dns"
}

type RuleActionSniff struct {
	snifferNames   []string
	StreamSniffers []sniff.StreamSniffer
	PacketSniffers []sniff.PacketSniffer
	Timeout        time.Duration
	// Deprecated
	OverrideDestination bool
}

func (r *RuleActionSniff) Type() string {
	return C.RuleActionTypeSniff
}

func (r *RuleActionSniff) build() error {
	for _, name := range r.snifferNames {
		switch name {
		case C.ProtocolTLS:
			r.StreamSniffers = append(r.StreamSniffers, sniff.TLSClientHello)
		case C.ProtocolHTTP:
			r.StreamSniffers = append(r.StreamSniffers, sniff.HTTPHost)
		case C.ProtocolQUIC:
			r.PacketSniffers = append(r.PacketSniffers, sniff.QUICClientHello)
		case C.ProtocolDNS:
			r.StreamSniffers = append(r.StreamSniffers, sniff.StreamDomainNameQuery)
			r.PacketSniffers = append(r.PacketSniffers, sniff.DomainNameQuery)
		case C.ProtocolSTUN:
			r.PacketSniffers = append(r.PacketSniffers, sniff.STUNMessage)
		case C.ProtocolBitTorrent:
			r.StreamSniffers = append(r.StreamSniffers, sniff.BitTorrent)
			r.PacketSniffers = append(r.PacketSniffers, sniff.UTP)
			r.PacketSniffers = append(r.PacketSniffers, sniff.UDPTracker)
		case C.ProtocolDTLS:
			r.PacketSniffers = append(r.PacketSniffers, sniff.DTLSRecord)
		case C.ProtocolSSH:
			r.StreamSniffers = append(r.StreamSniffers, sniff.SSH)
		case C.ProtocolRDP:
			r.StreamSniffers = append(r.StreamSniffers, sniff.RDP)
		default:
			return E.New("unknown sniffer: ", name)
		}
	}
	return nil
}

func (r *RuleActionSniff) String() string {
	if len(r.snifferNames) == 0 && r.Timeout == 0 {
		return "sniff"
	} else if len(r.snifferNames) > 0 && r.Timeout == 0 {
		return F.ToString("sniff(", strings.Join(r.snifferNames, ","), ")")
	} else if len(r.snifferNames) == 0 && r.Timeout > 0 {
		return F.ToString("sniff(", r.Timeout.String(), ")")
	} else {
		return F.ToString("sniff(", strings.Join(r.snifferNames, ","), ",", r.Timeout.String(), ")")
	}
}

type RuleActionResolve struct {
	Strategy dns.DomainStrategy
	Server   string
}

func (r *RuleActionResolve) Type() string {
	return C.RuleActionTypeResolve
}

func (r *RuleActionResolve) String() string {
	if r.Strategy == dns.DomainStrategyAsIS && r.Server == "" {
		return F.ToString("resolve")
	} else if r.Strategy != dns.DomainStrategyAsIS && r.Server == "" {
		return F.ToString("resolve(", option.DomainStrategy(r.Strategy).String(), ")")
	} else if r.Strategy == dns.DomainStrategyAsIS && r.Server != "" {
		return F.ToString("resolve(", r.Server, ")")
	} else {
		return F.ToString("resolve(", option.DomainStrategy(r.Strategy).String(), ",", r.Server, ")")
	}
}
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`package rule`

			`import (`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`"context"`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`"net/netip"`
			`"strings"`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`"sync"`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`"time"`

			`"github.com/sagernet/sing-box/adapter"`
			`"github.com/sagernet/sing-box/common/sniff"`
			`C "github.com/sagernet/sing-box/constant"`
			`"github.com/sagernet/sing-box/option"`
			`"github.com/sagernet/sing-dns"`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`"github.com/sagernet/sing-tun"`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`"github.com/sagernet/sing/common"`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`E "github.com/sagernet/sing/common/exceptions"`
			`F "github.com/sagernet/sing/common/format"`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`"github.com/sagernet/sing/common/logger"`

			`"golang.org/x/sys/unix"`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`)`

Remove unused reject methods 2024-11-06 17:23:00 +08:00			`func NewRuleAction(logger logger.ContextLogger, action option.RuleAction) (adapter.RuleAction, error) {`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`switch action.Action {`
			`case C.RuleActionTypeRoute:`
			`return &RuleActionRoute{`
			`Outbound: action.RouteOptions.Outbound,`
			`UDPDisableDomainUnmapping: action.RouteOptions.UDPDisableDomainUnmapping,`
			`}, nil`
			`case C.RuleActionTypeReturn:`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`return &RuleActionReturn{}, nil`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`case C.RuleActionTypeReject:`
			`return &RuleActionReject{`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`Method: action.RejectOptions.Method,`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`NoDrop: action.RejectOptions.NoDrop,`
			`logger: logger,`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`}, nil`
			`case C.RuleActionTypeHijackDNS:`
			`return &RuleActionHijackDNS{}, nil`
			`case C.RuleActionTypeSniff:`
			`sniffAction := &RuleActionSniff{`
			`snifferNames: action.SniffOptions.Sniffer,`
			`Timeout: time.Duration(action.SniffOptions.Timeout),`
			`}`
			`return sniffAction, sniffAction.build()`
			`case C.RuleActionTypeResolve:`
			`return &RuleActionResolve{`
			`Strategy: dns.DomainStrategy(action.ResolveOptions.Strategy),`
			`Server: action.ResolveOptions.Server,`
			`}, nil`
			`default:`
			`panic(F.ToString("unknown rule action: ", action.Action))`
			`}`
			`}`

Remove unused reject methods 2024-11-06 17:23:00 +08:00			`func NewDNSRuleAction(logger logger.ContextLogger, action option.DNSRuleAction) adapter.RuleAction {`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`switch action.Action {`
			`case C.RuleActionTypeRoute:`
			`return &RuleActionDNSRoute{`
			`Server: action.RouteOptions.Server,`
			`DisableCache: action.RouteOptions.DisableCache,`
			`RewriteTTL: action.RouteOptions.RewriteTTL,`
			`ClientSubnet: action.RouteOptions.ClientSubnet.Build(),`
			`}`
			`case C.RuleActionTypeReturn:`
			`return &RuleActionReturn{}`
			`case C.RuleActionTypeReject:`
			`return &RuleActionReject{`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`Method: action.RejectOptions.Method,`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`NoDrop: action.RejectOptions.NoDrop,`
			`logger: logger,`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`}`
			`default:`
			`panic(F.ToString("unknown rule action: ", action.Action))`
			`}`
			`}`

			`type RuleActionRoute struct {`
			`Outbound string`
			`UDPDisableDomainUnmapping bool`
			`}`

			`func (r *RuleActionRoute) Type() string {`
			`return C.RuleActionTypeRoute`
			`}`

			`func (r *RuleActionRoute) String() string {`
			`return F.ToString("route(", r.Outbound, ")")`
			`}`

			`type RuleActionDNSRoute struct {`
			`Server string`
			`DisableCache bool`
			`RewriteTTL *uint32`
			`ClientSubnet netip.Prefix`
			`}`

			`func (r *RuleActionDNSRoute) Type() string {`
			`return C.RuleActionTypeRoute`
			`}`

			`func (r *RuleActionDNSRoute) String() string {`
			`return F.ToString("route(", r.Server, ")")`
			`}`

			`type RuleActionReturn struct{}`

			`func (r *RuleActionReturn) Type() string {`
			`return C.RuleActionTypeReturn`
			`}`

			`func (r *RuleActionReturn) String() string {`
			`return "return"`
			`}`

			`type RuleActionReject struct {`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`Method string`
			`NoDrop bool`
			`logger logger.ContextLogger`
			`dropAccess sync.Mutex`
			`dropCounter []time.Time`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`}`

			`func (r *RuleActionReject) Type() string {`
			`return C.RuleActionTypeReject`
			`}`

			`func (r *RuleActionReject) String() string {`
			`if r.Method == C.RuleActionRejectMethodDefault {`
			`return "reject"`
			`}`
			`return F.ToString("reject(", r.Method, ")")`
			`}`

Remove unused reject methods 2024-11-06 17:23:00 +08:00			`func (r *RuleActionReject) Error(ctx context.Context) error {`
			`var returnErr error`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`switch r.Method {`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`case C.RuleActionRejectMethodDefault:`
			`returnErr = unix.ECONNREFUSED`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`case C.RuleActionRejectMethodDrop:`
			`return tun.ErrDrop`
			`default:`
			`panic(F.ToString("unknown reject method: ", r.Method))`
			`}`
Remove unused reject methods 2024-11-06 17:23:00 +08:00			`r.dropAccess.Lock()`
			`defer r.dropAccess.Unlock()`
			`timeNow := time.Now()`
			`r.dropCounter = common.Filter(r.dropCounter, func(t time.Time) bool {`
			`return timeNow.Sub(t) <= 30*time.Second`
			`})`
			`r.dropCounter = append(r.dropCounter, timeNow)`
			`if len(r.dropCounter) > 50 {`
			`if ctx != nil {`
			`r.logger.DebugContext(ctx, "dropped due to flooding")`
			`}`
			`return tun.ErrDrop`
			`}`
			`return returnErr`
Implement TCP and ICMP rejects 2024-10-22 21:28:22 +08:00			`}`

Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`type RuleActionHijackDNS struct{}`

			`func (r *RuleActionHijackDNS) Type() string {`
			`return C.RuleActionTypeHijackDNS`
			`}`

			`func (r *RuleActionHijackDNS) String() string {`
			`return "hijack-dns"`
			`}`

			`type RuleActionSniff struct {`
			`snifferNames []string`
			`StreamSniffers []sniff.StreamSniffer`
			`PacketSniffers []sniff.PacketSniffer`
			`Timeout time.Duration`
			`// Deprecated`
			`OverrideDestination bool`
			`}`

			`func (r *RuleActionSniff) Type() string {`
			`return C.RuleActionTypeSniff`
			`}`

			`func (r *RuleActionSniff) build() error {`
Implement dns-hijack 2024-10-23 13:44:08 +08:00			`for _, name := range r.snifferNames {`
			`switch name {`
			`case C.ProtocolTLS:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.TLSClientHello)`
			`case C.ProtocolHTTP:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.HTTPHost)`
			`case C.ProtocolQUIC:`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.QUICClientHello)`
			`case C.ProtocolDNS:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.StreamDomainNameQuery)`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.DomainNameQuery)`
			`case C.ProtocolSTUN:`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.STUNMessage)`
			`case C.ProtocolBitTorrent:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.BitTorrent)`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.UTP)`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.UDPTracker)`
			`case C.ProtocolDTLS:`
			`r.PacketSniffers = append(r.PacketSniffers, sniff.DTLSRecord)`
			`case C.ProtocolSSH:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.SSH)`
			`case C.ProtocolRDP:`
			`r.StreamSniffers = append(r.StreamSniffers, sniff.RDP)`
			`default:`
			`return E.New("unknown sniffer: ", name)`
Crazy sekai overturns the small pond 2024-10-21 23:38:34 +08:00			`}`
			`}`
			`return nil`
			`}`

			`func (r *RuleActionSniff) String() string {`
			`if len(r.snifferNames) == 0 && r.Timeout == 0 {`
			`return "sniff"`
			`} else if len(r.snifferNames) > 0 && r.Timeout == 0 {`
			`return F.ToString("sniff(", strings.Join(r.snifferNames, ","), ")")`
			`} else if len(r.snifferNames) == 0 && r.Timeout > 0 {`
			`return F.ToString("sniff(", r.Timeout.String(), ")")`
			`} else {`
			`return F.ToString("sniff(", strings.Join(r.snifferNames, ","), ",", r.Timeout.String(), ")")`
			`}`
			`}`

			`type RuleActionResolve struct {`
			`Strategy dns.DomainStrategy`
			`Server string`
			`}`

			`func (r *RuleActionResolve) Type() string {`
			`return C.RuleActionTypeResolve`
			`}`

			`func (r *RuleActionResolve) String() string {`
			`if r.Strategy == dns.DomainStrategyAsIS && r.Server == "" {`
			`return F.ToString("resolve")`
			`} else if r.Strategy != dns.DomainStrategyAsIS && r.Server == "" {`
			`return F.ToString("resolve(", option.DomainStrategy(r.Strategy).String(), ")")`
			`} else if r.Strategy == dns.DomainStrategyAsIS && r.Server != "" {`
			`return F.ToString("resolve(", r.Server, ")")`
			`} else {`
			`return F.ToString("resolve(", option.DomainStrategy(r.Strategy).String(), ",", r.Server, ")")`
			`}`
			`}`