ping: Add gVisor destination

Author: nekohasekai

ping/destination_gvisor.go

@@ -0,0 +1,113 @@
+//go:build with_gvisor
+
+package ping
+
+import (
+	"context"
+	"net/netip"
+
+	"github.com/sagernet/gvisor/pkg/tcpip"
+	"github.com/sagernet/gvisor/pkg/tcpip/adapters/gonet"
+	"github.com/sagernet/gvisor/pkg/tcpip/header"
+	"github.com/sagernet/gvisor/pkg/tcpip/stack"
+	"github.com/sagernet/gvisor/pkg/waiter"
+	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/logger"
+)
+
+var _ tun.DirectRouteDestination = (*GVisorDestination)(nil)
+
+type GVisorDestination struct {
+	ctx      context.Context
+	logger   logger.ContextLogger
+	conn     *gonet.TCPConn
+	rewriter *Rewriter
+}
+
+func ConnectGVisor(
+	ctx context.Context, logger logger.ContextLogger,
+	sourceAddress, destinationAddress netip.Addr,
+	routeContext tun.DirectRouteContext,
+	stack *stack.Stack,
+	bindAddress4, bindAddress6 netip.Addr,
+) (*GVisorDestination, error) {
+	var (
+		bindAddress tcpip.Address
+		wq          waiter.Queue
+		endpoint    tcpip.Endpoint
+		gErr        tcpip.Error
+	)
+	if !destinationAddress.Is6() {
+		if !bindAddress4.IsValid() {
+			return nil, E.New("missing IPv4 interface address")
+		}
+		bindAddress = tun.AddressFromAddr(bindAddress4)
+		endpoint, gErr = stack.NewRawEndpoint(header.ICMPv4ProtocolNumber, header.IPv4ProtocolNumber, &wq, true)
+	} else {
+		if !bindAddress6.IsValid() {
+			return nil, E.New("missing IPv6 interface address")
+		}
+		bindAddress = tun.AddressFromAddr(bindAddress6)
+		endpoint, gErr = stack.NewRawEndpoint(header.ICMPv6ProtocolNumber, header.IPv6ProtocolNumber, &wq, true)
+	}
+	if gErr != nil {
+		return nil, gonet.TranslateNetstackError(gErr)
+	}
+	gErr = endpoint.Bind(tcpip.FullAddress{
+		NIC:  1,
+		Addr: bindAddress,
+	})
+	if gErr != nil {
+		return nil, gonet.TranslateNetstackError(gErr)
+	}
+	gErr = endpoint.Connect(tcpip.FullAddress{
+		NIC:  1,
+		Addr: tun.AddressFromAddr(destinationAddress),
+	})
+	if gErr != nil {
+		return nil, gonet.TranslateNetstackError(gErr)
+	}
+	endpoint.SocketOptions().SetHeaderIncluded(true)
+	rewriter := NewRewriter(bindAddress4, bindAddress6)
+	rewriter.CreateSession(tun.DirectRouteSession{Source: sourceAddress, Destination: destinationAddress}, routeContext)
+	destination := &GVisorDestination{
+		ctx:      ctx,
+		logger:   logger,
+		conn:     gonet.NewTCPConn(&wq, endpoint),
+		rewriter: rewriter,
+	}
+	go destination.loopRead()
+	return destination, nil
+}
+
+func (d *GVisorDestination) loopRead() {
+	for {
+		buffer := buf.NewPacket()
+		n, err := d.conn.Read(buffer.FreeBytes())
+		if err != nil {
+			buffer.Release()
+			if !E.IsClosed(err) {
+				d.logger.ErrorContext(d.ctx, E.Cause(err, "receive ICMP echo reply"))
+			}
+			return
+		}
+		buffer.Truncate(n)
+		_, err = d.rewriter.WriteBack(buffer.Bytes())
+		if err != nil {
+			d.logger.ErrorContext(d.ctx, E.Cause(err, "write ICMP echo reply"))
+		}
+		buffer.Release()
+	}
+}
+
+func (d *GVisorDestination) WritePacket(packet *buf.Buffer) error {
+	d.rewriter.RewritePacket(packet.Bytes())
+	return common.Error(d.conn.Write(packet.Bytes()))
+}
+
+func (d *GVisorDestination) Close() error {
+	return d.conn.Close()
+}

ping/rewriter.go

@@ -0,0 +1,142 @@
+package ping
+
+import (
+	"net/netip"
+	"sync"
+
+	"github.com/sagernet/sing-tun"
+	"github.com/sagernet/sing-tun/internal/gtcpip/header"
+)
+
+type Rewriter struct {
+	access         sync.RWMutex
+	sessions       map[tun.DirectRouteSession]tun.DirectRouteContext
+	source4Address map[uint16]netip.Addr
+	source6Address map[uint16]netip.Addr
+	inet4Address   netip.Addr
+	inet6Address   netip.Addr
+}
+
+func NewRewriter(inet4Address netip.Addr, inet6Address netip.Addr) *Rewriter {
+	return &Rewriter{
+		sessions:     make(map[tun.DirectRouteSession]tun.DirectRouteContext),
+		inet4Address: inet4Address,
+		inet6Address: inet6Address,
+	}
+}
+
+func (m *Rewriter) CreateSession(session tun.DirectRouteSession, context tun.DirectRouteContext) {
+	m.access.Lock()
+	m.sessions[session] = context
+	m.access.Unlock()
+}
+
+func (m *Rewriter) DeleteSession(session tun.DirectRouteSession) {
+	m.access.Lock()
+	delete(m.sessions, session)
+	m.access.Unlock()
+}
+
+func (m *Rewriter) RewritePacket(packet []byte) {
+	var ipHdr header.Network
+	var bindAddr netip.Addr
+	switch header.IPVersion(packet) {
+	case header.IPv4Version:
+		ipHdr = header.IPv4(packet)
+		bindAddr = m.inet4Address
+	case header.IPv6Version:
+		ipHdr = header.IPv6(packet)
+		bindAddr = m.inet6Address
+	default:
+		return
+	}
+	sourceAddr := ipHdr.SourceAddr()
+	ipHdr.SetSourceAddr(bindAddr)
+	if ipHdr4, isIPv4 := ipHdr.(header.IPv4); isIPv4 {
+		ipHdr4.SetChecksum(0)
+		ipHdr4.SetChecksum(^ipHdr4.CalculateChecksum())
+	}
+	switch ipHdr.TransportProtocol() {
+	case header.ICMPv4ProtocolNumber:
+		icmpHdr := header.ICMPv4(ipHdr.Payload())
+		m.access.Lock()
+		m.source4Address[icmpHdr.Ident()] = sourceAddr
+		m.access.Lock()
+	case header.ICMPv6ProtocolNumber:
+		icmpHdr := header.ICMPv6(ipHdr.Payload())
+		icmpHdr.SetChecksum(0)
+		icmpHdr.SetChecksum(header.ICMPv6Checksum(header.ICMPv6ChecksumParams{
+			Header: icmpHdr,
+			Src:    ipHdr.SourceAddressSlice(),
+			Dst:    ipHdr.DestinationAddressSlice(),
+		}))
+		m.access.Lock()
+		m.source6Address[icmpHdr.Ident()] = sourceAddr
+		m.access.Lock()
+	}
+}
+
+func (m *Rewriter) WriteBack(packet []byte) (bool, error) {
+	var ipHdr header.Network
+	var routeSession tun.DirectRouteSession
+	switch header.IPVersion(packet) {
+	case header.IPv4Version:
+		ipHdr = header.IPv4(packet)
+		routeSession.Destination = ipHdr.SourceAddr()
+	case header.IPv6Version:
+		ipHdr = header.IPv6(packet)
+		routeSession.Destination = ipHdr.SourceAddr()
+	default:
+		return false, nil
+	}
+	switch ipHdr.TransportProtocol() {
+	case header.ICMPv4ProtocolNumber:
+		icmpHdr := header.ICMPv4(ipHdr.Payload())
+		m.access.Lock()
+		ident := icmpHdr.Ident()
+		source, loaded := m.source4Address[ident]
+		if !loaded {
+			m.access.Unlock()
+			return false, nil
+		}
+		delete(m.source4Address, icmpHdr.Ident())
+		m.access.Lock()
+		routeSession.Source = source
+	case header.ICMPv6ProtocolNumber:
+		icmpHdr := header.ICMPv6(ipHdr.Payload())
+		m.access.Lock()
+		ident := icmpHdr.Ident()
+		source, loaded := m.source6Address[ident]
+		if !loaded {
+			m.access.Unlock()
+			return false, nil
+		}
+		delete(m.source6Address, icmpHdr.Ident())
+		m.access.Lock()
+		routeSession.Source = source
+	default:
+		return false, nil
+	}
+	m.access.RLock()
+	context, loaded := m.sessions[routeSession]
+	m.access.RUnlock()
+	if !loaded {
+		return false, nil
+	}
+	ipHdr.SetDestinationAddr(routeSession.Source)
+	if ipHdr4, isIPv4 := ipHdr.(header.IPv4); isIPv4 {
+		ipHdr4.SetChecksum(0)
+		ipHdr4.SetChecksum(^ipHdr4.CalculateChecksum())
+	}
+	switch ipHdr.TransportProtocol() {
+	case header.ICMPv6ProtocolNumber:
+		icmpHdr := header.ICMPv6(ipHdr.Payload())
+		icmpHdr.SetChecksum(0)
+		icmpHdr.SetChecksum(header.ICMPv6Checksum(header.ICMPv6ChecksumParams{
+			Header: icmpHdr,
+			Src:    ipHdr.SourceAddressSlice(),
+			Dst:    ipHdr.DestinationAddressSlice(),
+		}))
+	}
+	return true, context.WritePacket(packet)
+}

route_direct.go

@@ -0,0 +1,51 @@
+package tun
+
+import (
+	"net/netip"
+	"time"
+
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/contrab/freelru"
+	"github.com/sagernet/sing/contrab/maphash"
+)
+
+type DirectRouteDestination interface {
+	WritePacket(packet *buf.Buffer) error
+	Close() error
+}
+
+type DirectRouteSession struct {
+	// IPVersion uint8
+	// Network     uint8
+	Source      netip.Addr
+	Destination netip.Addr
+}
+
+type DirectRouteMapping struct {
+	mapping freelru.Cache[DirectRouteSession, DirectRouteDestination]
+}
+
+func NewDirectRouteMapping(timeout time.Duration) *DirectRouteMapping {
+	mapping := common.Must1(freelru.NewSharded[DirectRouteSession, DirectRouteDestination](1024, maphash.NewHasher[DirectRouteSession]().Hash32))
+	mapping.SetOnEvict(func(session DirectRouteSession, action DirectRouteDestination) {
+		action.Close()
+	})
+	mapping.SetLifetime(timeout)
+	return &DirectRouteMapping{mapping}
+}
+
+func (m *DirectRouteMapping) Lookup(session DirectRouteSession, constructor func() (DirectRouteDestination, error)) (DirectRouteDestination, error) {
+	var (
+		created DirectRouteDestination
+		err     error
+	)
+	action, _, ok := m.mapping.GetAndRefreshOrAdd(session, func() (DirectRouteDestination, bool) {
+		created, err = constructor()
+		return created, err == nil
+	})
+	if !ok {
+		return nil, err
+	}
+	return action, nil
+}