add sni matcher

Author: mrhaoxx

tls/sni.go

@@ -0,0 +1,28 @@
+package tls
+
+import (
+	"crypto/tls"
+
+	tcp "github.com/mrhaoxx/OpenNG/tcp"
+	utils "github.com/mrhaoxx/OpenNG/utils"
+)
+
+type SniMatcher struct {
+	Snis    utils.GroupRegexp
+	Rewrite string
+}
+
+func (m *SniMatcher) Handle(c *tcp.Conn) tcp.SerRet {
+	hellov, ok := c.Load(tcp.KeyTLS)
+
+	if !ok {
+		return tcp.Continue
+	}
+	hello := hellov.(*tls.ClientHelloInfo)
+	if m.Snis == nil || m.Snis.MatchString(hello.ServerName) {
+		c.IdentifiyProtocol(m.Rewrite)
+		return tcp.Upgrade
+	}
+
+	return tcp.Continue
+}

ui/builtin.go

@@ -200,6 +200,23 @@ var refs_assertions = map[string]Assert{
 			},
 		},
 	},
+	"builtin::tls::snimatcher": {
+		Type:     "map",
+		Required: true,
+		Sub: AssertMap{
+			"snis": {
+				Type: "list",
+				Desc: "list of server name patterns to match",
+				Sub: AssertMap{
+					"_": {Type: "string"},
+				},
+			},
+			"rewrite": {
+				Type: "string",
+				Desc: "protocol rewrite string",
+			},
+		},
+	},
 	"builtin::http::midware": {
 		Type:     "map",
 		Required: true,
@@ -1878,6 +1895,26 @@ var refs = map[string]Inst{
 	"builtin::net::interface::sys": func(*ArgNode) (any, error) {
 		return &net.SysInterface{}, nil
 	},
+	"builtin::tls::snimatcher": func(spec *ArgNode) (any, error) {
+		snis := spec.MustGet("snis").ToStringList()
+		rewrite := spec.MustGet("rewrite").ToString()
+
+		var hosts utils.GroupRegexp = nil
+		if len(snis) > 0 {
+			for _, sni := range snis {
+				r, err := regexp2.Compile(sni, regexp2.RE2)
+				if err != nil {
+					return nil, err
+				}
+				hosts = append(hosts, r)
+			}
+		}
+
+		return &tls.SniMatcher{
+			Snis:    hosts,
+			Rewrite: rewrite,
+		}, nil
+	},
 }
 
 func Register(name string, inst Inst, assert Assert) {