v2ray-core/app/router/condition.go

package router

import (
	"context"
	"regexp"
	"strings"
	"sync"
	"time"

	"v2ray.com/core/common/net"
	"v2ray.com/core/common/protocol"
	"v2ray.com/core/proxy"
)

type Condition interface {
	Apply(ctx context.Context) bool
}

type ConditionChan []Condition

func NewConditionChan() *ConditionChan {
	var condChan ConditionChan = make([]Condition, 0, 8)
	return &condChan
}

func (v *ConditionChan) Add(cond Condition) *ConditionChan {
	*v = append(*v, cond)
	return v
}

func (v *ConditionChan) Apply(ctx context.Context) bool {
	for _, cond := range *v {
		if !cond.Apply(ctx) {
			return false
		}
	}
	return true
}

func (v *ConditionChan) Len() int {
	return len(*v)
}

type AnyCondition []Condition

func NewAnyCondition() *AnyCondition {
	var anyCond AnyCondition = make([]Condition, 0, 8)
	return &anyCond
}

func (v *AnyCondition) Add(cond Condition) *AnyCondition {
	*v = append(*v, cond)
	return v
}

func (v *AnyCondition) Apply(ctx context.Context) bool {
	for _, cond := range *v {
		if cond.Apply(ctx) {
			return true
		}
	}
	return false
}

func (v *AnyCondition) Len() int {
	return len(*v)
}

type timedResult struct {
	timestamp time.Time
	result    bool
}

type CachableDomainMatcher struct {
	sync.Mutex
	matchers []domainMatcher
	cache    map[string]timedResult
	lastScan time.Time
}

func NewCachableDomainMatcher() *CachableDomainMatcher {
	return &CachableDomainMatcher{
		matchers: make([]domainMatcher, 0, 64),
		cache:    make(map[string]timedResult, 512),
	}
}

func (m *CachableDomainMatcher) Add(domain *Domain) error {
	switch domain.Type {
	case Domain_Plain:
		m.matchers = append(m.matchers, NewPlainDomainMatcher(domain.Value))
	case Domain_Regex:
		rm, err := NewRegexpDomainMatcher(domain.Value)
		if err != nil {
			return err
		}
		m.matchers = append(m.matchers, rm)
	case Domain_Domain:
		m.matchers = append(m.matchers, NewSubDomainMatcher(domain.Value))
	default:
		return newError("unknown domain type: ", domain.Type).AtError()
	}
	return nil
}

func (m *CachableDomainMatcher) applyInternal(domain string) bool {
	for _, matcher := range m.matchers {
		if matcher.Apply(domain) {
			return true
		}
	}

	return false
}

type cacheResult int

const (
	cacheMiss cacheResult = iota
	cacheHitTrue
	cacheHitFalse
)

func (m *CachableDomainMatcher) findInCache(domain string) cacheResult {
	m.Lock()
	defer m.Unlock()

	r, f := m.cache[domain]
	if !f {
		return cacheMiss
	}
	r.timestamp = time.Now()
	m.cache[domain] = r

	if r.result {
		return cacheHitTrue
	}
	return cacheHitFalse
}

func (m *CachableDomainMatcher) ApplyDomain(domain string) bool {
	if len(m.matchers) < 64 {
		return m.applyInternal(domain)
	}

	cr := m.findInCache(domain)

	if cr == cacheHitTrue {
		return true
	}

	if cr == cacheHitFalse {
		return false
	}

	r := m.applyInternal(domain)
	m.Lock()
	defer m.Unlock()

	m.cache[domain] = timedResult{
		result:    r,
		timestamp: time.Now(),
	}

	now := time.Now()
	if len(m.cache) > 256 && now.Sub(m.lastScan)/time.Second > 5 {
		remove := make([]string, 0, 128)

		now := time.Now()

		for k, v := range m.cache {
			if now.Sub(v.timestamp)/time.Second > 60 {
				remove = append(remove, k)
			}
		}
		for _, v := range remove {
			delete(m.cache, v)
		}
		m.lastScan = now
	}

	return r
}

func (m *CachableDomainMatcher) Apply(ctx context.Context) bool {
	dest, ok := proxy.TargetFromContext(ctx)
	if !ok {
		return false
	}

	if !dest.Address.Family().IsDomain() {
		return false
	}
	return m.ApplyDomain(dest.Address.Domain())
}

type domainMatcher interface {
	Apply(domain string) bool
}

type PlainDomainMatcher string

func NewPlainDomainMatcher(pattern string) PlainDomainMatcher {
	return PlainDomainMatcher(pattern)
}

func (v PlainDomainMatcher) Apply(domain string) bool {
	return strings.Contains(domain, string(v))
}

type RegexpDomainMatcher struct {
	pattern *regexp.Regexp
}

func NewRegexpDomainMatcher(pattern string) (*RegexpDomainMatcher, error) {
	r, err := regexp.Compile(pattern)
	if err != nil {
		return nil, err
	}
	return &RegexpDomainMatcher{
		pattern: r,
	}, nil
}

func (v *RegexpDomainMatcher) Apply(domain string) bool {
	return v.pattern.MatchString(strings.ToLower(domain))
}

type SubDomainMatcher string

func NewSubDomainMatcher(p string) SubDomainMatcher {
	return SubDomainMatcher(p)
}

func (m SubDomainMatcher) Apply(domain string) bool {
	pattern := string(m)
	if !strings.HasSuffix(domain, pattern) {
		return false
	}
	return len(domain) == len(pattern) || domain[len(domain)-len(pattern)-1] == '.'
}

type CIDRMatcher struct {
	cidr     *net.IPNet
	onSource bool
}

func NewCIDRMatcher(ip []byte, mask uint32, onSource bool) (*CIDRMatcher, error) {
	cidr := &net.IPNet{
		IP:   net.IP(ip),
		Mask: net.CIDRMask(int(mask), len(ip)*8),
	}
	return &CIDRMatcher{
		cidr:     cidr,
		onSource: onSource,
	}, nil
}

func (v *CIDRMatcher) Apply(ctx context.Context) bool {
	ips := make([]net.IP, 0, 4)
	if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
		resolvedIPs := resolver.Resolve()
		for _, rip := range resolvedIPs {
			if !rip.Family().IsIPv6() {
				continue
			}
			ips = append(ips, rip.IP())
		}
	}

	var dest net.Destination
	var ok bool
	if v.onSource {
		dest, ok = proxy.SourceFromContext(ctx)
	} else {
		dest, ok = proxy.TargetFromContext(ctx)
	}

	if ok && dest.Address.Family().IsIPv6() {
		ips = append(ips, dest.Address.IP())
	}

	for _, ip := range ips {
		if v.cidr.Contains(ip) {
			return true
		}
	}
	return false
}

type IPv4Matcher struct {
	ipv4net  *net.IPNetTable
	onSource bool
}

func NewIPv4Matcher(ipnet *net.IPNetTable, onSource bool) *IPv4Matcher {
	return &IPv4Matcher{
		ipv4net:  ipnet,
		onSource: onSource,
	}
}

func (v *IPv4Matcher) Apply(ctx context.Context) bool {
	ips := make([]net.IP, 0, 4)
	if resolver, ok := proxy.ResolvedIPsFromContext(ctx); ok {
		resolvedIPs := resolver.Resolve()
		for _, rip := range resolvedIPs {
			if !rip.Family().IsIPv4() {
				continue
			}
			ips = append(ips, rip.IP())
		}
	}

	var dest net.Destination
	var ok bool
	if v.onSource {
		dest, ok = proxy.SourceFromContext(ctx)
	} else {
		dest, ok = proxy.TargetFromContext(ctx)
	}

	if ok && dest.Address.Family().IsIPv4() {
		ips = append(ips, dest.Address.IP())
	}

	for _, ip := range ips {
		if v.ipv4net.Contains(ip) {
			return true
		}
	}
	return false
}

type PortMatcher struct {
	port net.PortRange
}

func NewPortMatcher(portRange net.PortRange) *PortMatcher {
	return &PortMatcher{
		port: portRange,
	}
}

func (v *PortMatcher) Apply(ctx context.Context) bool {
	dest, ok := proxy.TargetFromContext(ctx)
	if !ok {
		return false
	}
	return v.port.Contains(dest.Port)
}

type NetworkMatcher struct {
	network *net.NetworkList
}

func NewNetworkMatcher(network *net.NetworkList) *NetworkMatcher {
	return &NetworkMatcher{
		network: network,
	}
}

func (v *NetworkMatcher) Apply(ctx context.Context) bool {
	dest, ok := proxy.TargetFromContext(ctx)
	if !ok {
		return false
	}
	return v.network.HasNetwork(dest.Network)
}

type UserMatcher struct {
	user []string
}

func NewUserMatcher(users []string) *UserMatcher {
	usersCopy := make([]string, 0, len(users))
	for _, user := range users {
		if len(user) > 0 {
			usersCopy = append(usersCopy, user)
		}
	}
	return &UserMatcher{
		user: usersCopy,
	}
}

func (v *UserMatcher) Apply(ctx context.Context) bool {
	user := protocol.UserFromContext(ctx)
	if user == nil {
		return false
	}
	for _, u := range v.user {
		if u == user.Email {
			return true
		}
	}
	return false
}

type InboundTagMatcher struct {
	tags []string
}

func NewInboundTagMatcher(tags []string) *InboundTagMatcher {
	tagsCopy := make([]string, 0, len(tags))
	for _, tag := range tags {
		if len(tag) > 0 {
			tagsCopy = append(tagsCopy, tag)
		}
	}
	return &InboundTagMatcher{
		tags: tagsCopy,
	}
}

func (v *InboundTagMatcher) Apply(ctx context.Context) bool {
	tag, ok := proxy.InboundTagFromContext(ctx)
	if !ok {
		return false
	}

	for _, t := range v.tags {
		if t == tag {
			return true
		}
	}
	return false
}