V2bX/core/sing/hook.go

package sing

import (
	"context"
	"fmt"
	"net"
	"sync"
	"time"

	"github.com/InazumaV/V2bX/common/format"
	"github.com/InazumaV/V2bX/common/rate"
	"github.com/InazumaV/V2bX/common/task"

	"github.com/InazumaV/V2bX/limiter"

	"github.com/InazumaV/V2bX/common/counter"
	"github.com/sagernet/sing-box/adapter"
	"github.com/sagernet/sing-box/log"
	N "github.com/sagernet/sing/common/network"
)

var _ adapter.ConnectionTracker = (*HookServer)(nil)

type ConnEntry struct {
	Conn      net.Conn
	Timestamp time.Time
}

type HookServer struct {
	counter  sync.Map //map[string]*counter.TrafficCounter
	userconn sync.Map //map[string][]*ConnEntry
	Cleanup  *task.Task
}

func (h *HookServer) ModeList() []string {
	return nil
}

func NewHookServer() *HookServer {
	server := &HookServer{
		counter:  sync.Map{},
		userconn: sync.Map{},
	}
	server.Cleanup = &task.Task{
		Interval: 5 * time.Minute,
		Execute:  server.CleanupOldConnections,
	}
	return server
}

func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) net.Conn {
	l, err := limiter.GetLimiter(m.Inbound)
	if err != nil {
		log.Warn("get limiter for ", m.Inbound, " error: ", err)
		return conn
	}
	taguuid := format.UserTag(m.Inbound, m.User)
	ip := m.Source.Addr.String()
	if b, r := l.CheckLimit(taguuid, ip, true, true); r {
		conn.Close()
		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
		return conn
	} else if b != nil {
		conn = rate.NewConnRateLimiter(conn, b)
	}
	if l != nil {
		destStr := m.Destination.AddrString()
		protocol := m.Destination.Network()
		if l.CheckDomainRule(destStr) {
			log.Error(fmt.Sprintf(
				"User %s access domain %s reject by rule",
				m.User,
				destStr))
			conn.Close()
			return conn
		}
		if len(protocol) != 0 {
			if l.CheckProtocolRule(protocol) {
				log.Error(fmt.Sprintf(
					"User %s access protocol %s reject by rule",
					m.User,
					protocol))
				conn.Close()
				return conn
			}
		}
	}
	var t *counter.TrafficCounter
	if c, ok := h.counter.Load(m.Inbound); !ok {
		t = counter.NewTrafficCounter()
		h.counter.Store(m.Inbound, t)
	} else {
		t = c.(*counter.TrafficCounter)
	}

	conn = counter.NewConnCounter(conn, t.GetCounter(m.User))
	entry := &ConnEntry{
		Conn:      conn,
		Timestamp: time.Now(),
	}
	if conns, exist := h.userconn.Load(taguuid); exist {
		if connList, ok := conns.([]*ConnEntry); ok {
			h.userconn.Store(taguuid, append(connList, entry))
		} else {
			h.userconn.Delete(taguuid)
			h.userconn.Store(taguuid, []*ConnEntry{entry})
		}
	} else {
		h.userconn.Store(taguuid, []*ConnEntry{entry})
	}

	return conn
}

func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) N.PacketConn {
	l, err := limiter.GetLimiter(m.Inbound)
	if err != nil {
		log.Warn("get limiter for ", m.Inbound, " error: ", err)
		return conn
	}
	ip := m.Source.Addr.String()
	taguuid := format.UserTag(m.Inbound, m.User)
	if b, r := l.CheckLimit(taguuid, ip, false, false); r {
		conn.Close()
		log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")
		return conn
	} else if b != nil {
		//conn = rate.NewPacketConnCounter(conn, b)
	}
	if l != nil {
		destStr := m.Destination.AddrString()
		protocol := m.Destination.Network()
		if l.CheckDomainRule(destStr) {
			log.Error(fmt.Sprintf(
				"User %s access domain %s reject by rule",
				m.User,
				destStr))
			conn.Close()
			return conn
		}
		if len(protocol) != 0 {
			if l.CheckProtocolRule(protocol) {
				log.Error(fmt.Sprintf(
					"User %s access protocol %s reject by rule",
					m.User,
					protocol))
				conn.Close()
				return conn
			}
		}
	}
	var t *counter.TrafficCounter
	if c, ok := h.counter.Load(m.Inbound); !ok {
		t = counter.NewTrafficCounter()
		h.counter.Store(m.Inbound, t)
	} else {
		t = c.(*counter.TrafficCounter)
	}
	conn = counter.NewPacketConnCounter(conn, t.GetCounter(m.User))
	return conn
}

func (h *HookServer) CloseConnections(tag string, uuids []string) error {
	for _, uuid := range uuids {
		taguuid := format.UserTag(tag, uuid)
		v, ok := h.userconn.Load(taguuid)
		if !ok {
			continue
		}
		connList, ok := v.([]*ConnEntry)
		if !ok {
			h.userconn.Delete(taguuid)
			continue
		}

		for _, entry := range connList {
			err := entry.Conn.Close()
			if err != nil {
				log.Error("close conn error: ", err)
			}
		}
		h.userconn.Delete(taguuid)
	}
	return nil
}

func (h *HookServer) CleanupOldConnections() error {
	expiredTime := time.Now().Add(-time.Minute * 30)
	h.userconn.Range(func(key, value interface{}) bool {
		connList, ok := value.([]*ConnEntry)
		if !ok {
			h.userconn.Delete(key)
			return true
		}

		var activeConns []*ConnEntry
		for _, entry := range connList {
			if entry.Timestamp.After(expiredTime) {
				activeConns = append(activeConns, entry)
			}
		}

		if len(activeConns) == 0 {
			h.userconn.Delete(key)
		} else {
			h.userconn.Store(key, activeConns)
		}
		return true
	})
	return nil
}
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`package sing`

			`import (`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`"context"`
sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`"fmt"`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`"net"`
update sing-box support 2023-07-29 06:47:47 -04:00			`"sync"`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`"time"`
update sing-box support 2023-07-29 06:47:47 -04:00
修复xray内核vless协议bug，升级xray/sing内核 2024-03-13 09:15:04 -04:00			`"github.com/InazumaV/V2bX/common/format"`
update 2023-07-29 07:27:15 -04:00			`"github.com/InazumaV/V2bX/common/rate"`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`"github.com/InazumaV/V2bX/common/task"`
update sing-box support 2023-07-29 06:47:47 -04:00
update 2023-07-29 07:27:15 -04:00			`"github.com/InazumaV/V2bX/limiter"`
add singbox core(just started) 2023-07-27 21:13:11 -04:00
update 2023-07-29 07:27:15 -04:00			`"github.com/InazumaV/V2bX/common/counter"`
update singbox 2023-10-26 01:06:43 -04:00			`"github.com/sagernet/sing-box/adapter"`
			`"github.com/sagernet/sing-box/log"`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`N "github.com/sagernet/sing/common/network"`
			`)`

update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`var _ adapter.ConnectionTracker = (*HookServer)(nil)`
Fix:修复无法使用Sing-box内核urltest出口的问题 2024-07-14 11:33:54 -04:00
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`type ConnEntry struct {`
			`Conn net.Conn`
			`Timestamp time.Time`
			`}`

add singbox core(just started) 2023-07-27 21:13:11 -04:00			`type HookServer struct {`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`counter sync.Map //map[string]*counter.TrafficCounter`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`userconn sync.Map //map[string][]*ConnEntry`
			`Cleanup *task.Task`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`

update deps 2023-09-13 14:25:33 -04:00			`func (h *HookServer) ModeList() []string {`
			`return nil`
			`}`

sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`func NewHookServer() *HookServer {`
Fix:修复无法使用Sing-box内核urltest出口的问题 2024-07-14 11:33:54 -04:00			`server := &HookServer{`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`counter: sync.Map{},`
			`userconn: sync.Map{},`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`server.Cleanup = &task.Task{`
			`Interval: 5 * time.Minute,`
			`Execute: server.CleanupOldConnections,`
			`}`
Fix:修复无法使用Sing-box内核urltest出口的问题 2024-07-14 11:33:54 -04:00			`return server`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`

update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`func (h *HookServer) RoutedConnection(_ context.Context, conn net.Conn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) net.Conn {`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`l, err := limiter.GetLimiter(m.Inbound)`
update sing-box support 2023-07-29 06:47:47 -04:00			`if err != nil {`
update singbox 2023-10-26 01:06:43 -04:00			`log.Warn("get limiter for ", m.Inbound, " error: ", err)`
update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`return conn`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`taguuid := format.UserTag(m.Inbound, m.User)`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`ip := m.Source.Addr.String()`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`if b, r := l.CheckLimit(taguuid, ip, true, true); r {`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`conn.Close()`
update singbox 2023-10-26 01:06:43 -04:00			`log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")`
update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`return conn`
update sing-box support 2023-07-29 06:47:47 -04:00			`} else if b != nil {`
			`conn = rate.NewConnRateLimiter(conn, b)`
			`}`
sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`if l != nil {`
			`destStr := m.Destination.AddrString()`
			`protocol := m.Destination.Network()`
			`if l.CheckDomainRule(destStr) {`
			`log.Error(fmt.Sprintf(`
			`"User %s access domain %s reject by rule",`
			`m.User,`
			`destStr))`
			`conn.Close()`
			`return conn`
add conn clear for sing 2023-10-13 03:32:06 -04:00			`}`
sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`if len(protocol) != 0 {`
			`if l.CheckProtocolRule(protocol) {`
			`log.Error(fmt.Sprintf(`
			`"User %s access protocol %s reject by rule",`
			`m.User,`
			`protocol))`
			`conn.Close()`
			`return conn`
			`}`
add conn clear for sing 2023-10-13 03:32:06 -04:00			`}`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`var t *counter.TrafficCounter`
			`if c, ok := h.counter.Load(m.Inbound); !ok {`
			`t = counter.NewTrafficCounter()`
			`h.counter.Store(m.Inbound, t)`
update sing-box support 2023-07-29 06:47:47 -04:00			`} else {`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`t = c.(*counter.TrafficCounter)`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00
			`conn = counter.NewConnCounter(conn, t.GetCounter(m.User))`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`entry := &ConnEntry{`
			`Conn: conn,`
			`Timestamp: time.Now(),`
			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`if conns, exist := h.userconn.Load(taguuid); exist {`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`if connList, ok := conns.([]*ConnEntry); ok {`
			`h.userconn.Store(taguuid, append(connList, entry))`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`} else {`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`h.userconn.Delete(taguuid)`
			`h.userconn.Store(taguuid, []*ConnEntry{entry})`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`}`
			`} else {`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`h.userconn.Store(taguuid, []*ConnEntry{entry})`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`}`

			`return conn`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`

update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`func (h *HookServer) RoutedPacketConnection(_ context.Context, conn N.PacketConn, m adapter.InboundContext, _ adapter.Rule, _ adapter.Outbound) N.PacketConn {`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`l, err := limiter.GetLimiter(m.Inbound)`
			`if err != nil {`
update singbox 2023-10-26 01:06:43 -04:00			`log.Warn("get limiter for ", m.Inbound, " error: ", err)`
update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`return conn`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`}`
			`ip := m.Source.Addr.String()`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`taguuid := format.UserTag(m.Inbound, m.User)`
			`if b, r := l.CheckLimit(taguuid, ip, false, false); r {`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`conn.Close()`
update singbox 2023-10-26 01:06:43 -04:00			`log.Error("[", m.Inbound, "] ", "Limited ", m.User, " by ip or conn")`
update sing-box core v1.11 2024-12-12 16:22:44 -05:00			`return conn`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`} else if b != nil {`
BUG修复前不对UDP链接进行限速 2024-08-13 12:35:30 -04:00			`//conn = rate.NewPacketConnCounter(conn, b)`
change v2rayServer to clashServer, and complete limit for sing 2023-08-04 11:25:27 -04:00			`}`
sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`if l != nil {`
			`destStr := m.Destination.AddrString()`
			`protocol := m.Destination.Network()`
			`if l.CheckDomainRule(destStr) {`
			`log.Error(fmt.Sprintf(`
			`"User %s access domain %s reject by rule",`
			`m.User,`
			`destStr))`
			`conn.Close()`
			`return conn`
add conn clear for sing 2023-10-13 03:32:06 -04:00			`}`
sing内核支持面板rule规则 2025-01-10 02:33:05 -05:00			`if len(protocol) != 0 {`
			`if l.CheckProtocolRule(protocol) {`
			`log.Error(fmt.Sprintf(`
			`"User %s access protocol %s reject by rule",`
			`m.User,`
			`protocol))`
			`conn.Close()`
			`return conn`
			`}`
add conn clear for sing 2023-10-13 03:32:06 -04:00			`}`
			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`var t *counter.TrafficCounter`
			`if c, ok := h.counter.Load(m.Inbound); !ok {`
			`t = counter.NewTrafficCounter()`
			`h.counter.Store(m.Inbound, t)`
update sing-box support 2023-07-29 06:47:47 -04:00			`} else {`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`t = c.(*counter.TrafficCounter)`
			`}`
			`conn = counter.NewPacketConnCounter(conn, t.GetCounter(m.User))`
			`return conn`
			`}`

			`func (h *HookServer) CloseConnections(tag string, uuids []string) error {`
			`for _, uuid := range uuids {`
			`taguuid := format.UserTag(tag, uuid)`
			`v, ok := h.userconn.Load(taguuid)`
			`if !ok {`
			`continue`
			`}`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`connList, ok := v.([]*ConnEntry)`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`if !ok {`
			`h.userconn.Delete(taguuid)`
			`continue`
			`}`

test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00			`for _, entry := range connList {`
			`err := entry.Conn.Close()`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`if err != nil {`
			`log.Error("close conn error: ", err)`
			`}`
			`}`
			`h.userconn.Delete(taguuid)`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`
test: Singbox内核删除用户时尝试关闭该用户所有TCP会话 2025-03-05 05:54:06 -05:00			`return nil`
add singbox core(just started) 2023-07-27 21:13:11 -04:00			`}`
test: Singbox内核定期释放TCP会话列表内存 2025-03-06 01:57:56 -05:00
			`func (h *HookServer) CleanupOldConnections() error {`
			`expiredTime := time.Now().Add(-time.Minute * 30)`
			`h.userconn.Range(func(key, value interface{}) bool {`
			`connList, ok := value.([]*ConnEntry)`
			`if !ok {`
			`h.userconn.Delete(key)`
			`return true`
			`}`

			`var activeConns []*ConnEntry`
			`for _, entry := range connList {`
			`if entry.Timestamp.After(expiredTime) {`
			`activeConns = append(activeConns, entry)`
			`}`
			`}`

			`if len(activeConns) == 0 {`
			`h.userconn.Delete(key)`
			`} else {`
			`h.userconn.Store(key, activeConns)`
			`}`
			`return true`
			`})`
			`return nil`
			`}`