From 5999b6262d9ed6504effe2549e1add7769064bc7 Mon Sep 17 00:00:00 2001 From: yaling888 <73897884+yaling888@users.noreply.github.com> Date: Mon, 11 Apr 2022 06:28:42 +0800 Subject: [PATCH] Chore: fix typos --- config/config.go | 2 +- dns/middleware.go | 17 ++++---- listener/http/proxy.go | 10 ++--- listener/http/utils.go | 2 +- listener/mitm/proxy.go | 90 +++++++++++++++++----------------------- listener/mitm/session.go | 11 +---- listener/mitm/utils.go | 5 +-- tunnel/tunnel.go | 16 ++++--- 8 files changed, 70 insertions(+), 83 deletions(-) diff --git a/config/config.go b/config/config.go index e86a5e42..12fac706 100644 --- a/config/config.go +++ b/config/config.go @@ -547,7 +547,7 @@ func parseHosts(cfg *RawConfig) (*trie.DomainTrie[netip.Addr], error) { } // add mitm.clash hosts - if err := tree.Insert("mitm.clash", netip.AddrFrom4([4]byte{8, 8, 9, 9})); err != nil { + if err := tree.Insert("mitm.clash", netip.AddrFrom4([4]byte{1, 2, 3, 4})); err != nil { log.Errorln("insert mitm.clash to host error: %s", err.Error()) } diff --git a/dns/middleware.go b/dns/middleware.go index 4091fa9e..eeb40c1d 100644 --- a/dns/middleware.go +++ b/dns/middleware.go @@ -30,28 +30,25 @@ func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[strin return next(ctx, r) } - qName := strings.TrimRight(q.Name, ".") - record := hosts.Search(qName) + host := strings.TrimRight(q.Name, ".") + + record := hosts.Search(host) if record == nil { return next(ctx, r) } ip := record.Data - if mapping != nil { - mapping.SetWithExpire(ip.Unmap().String(), qName, time.Now().Add(time.Second*5)) - } - msg := r.Copy() if ip.Is4() && q.Qtype == D.TypeA { rr := &D.A{} - rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 1} + rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 10} rr.A = ip.AsSlice() msg.Answer = []D.RR{rr} } else if ip.Is6() && q.Qtype == D.TypeAAAA { rr := &D.AAAA{} - rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 1} + rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 10} rr.AAAA = ip.AsSlice() msg.Answer = []D.RR{rr} @@ -59,6 +56,10 @@ func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[strin return next(ctx, r) } + if mapping != nil { + mapping.SetWithExpire(ip.Unmap().String(), host, time.Now().Add(time.Second*10)) + } + ctx.SetType(context.DNSTypeHost) msg.SetRcode(r, D.RcodeSuccess) msg.Authoritative = true diff --git a/listener/http/proxy.go b/listener/http/proxy.go index d29f80f5..bd39b8b4 100644 --- a/listener/http/proxy.go +++ b/listener/http/proxy.go @@ -70,11 +70,11 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache[string, RemoveExtraHTTPHostPort(request) if request.URL.Scheme == "" || request.URL.Host == "" { - resp = ResponseWith(request, http.StatusBadRequest) + resp = responseWith(request, http.StatusBadRequest) } else { resp, err = client.Do(request) if err != nil { - resp = ResponseWith(request, http.StatusBadGateway) + resp = responseWith(request, http.StatusBadGateway) } } @@ -103,7 +103,7 @@ func Authenticate(request *http.Request, cache *cache.Cache[string, bool]) *http if authenticator != nil { credential := parseBasicProxyAuthorization(request) if credential == "" { - resp := ResponseWith(request, http.StatusProxyAuthRequired) + resp := responseWith(request, http.StatusProxyAuthRequired) resp.Header.Set("Proxy-Authenticate", "Basic") return resp } @@ -117,14 +117,14 @@ func Authenticate(request *http.Request, cache *cache.Cache[string, bool]) *http if !authed { log.Infoln("Auth failed from %s", request.RemoteAddr) - return ResponseWith(request, http.StatusForbidden) + return responseWith(request, http.StatusForbidden) } } return nil } -func ResponseWith(request *http.Request, statusCode int) *http.Response { +func responseWith(request *http.Request, statusCode int) *http.Response { return &http.Response{ StatusCode: statusCode, Status: http.StatusText(statusCode), diff --git a/listener/http/utils.go b/listener/http/utils.go index 0e7c7535..94308f19 100644 --- a/listener/http/utils.go +++ b/listener/http/utils.go @@ -40,7 +40,7 @@ func RemoveExtraHTTPHostPort(req *http.Request) { host = req.URL.Host } - if pHost, port, err := net.SplitHostPort(host); err == nil && port == "80" { + if pHost, port, err := net.SplitHostPort(host); err == nil && (port == "80" || port == "443") { host = pHost } diff --git a/listener/mitm/proxy.go b/listener/mitm/proxy.go index a0d3bab6..88fef3db 100644 --- a/listener/mitm/proxy.go +++ b/listener/mitm/proxy.go @@ -17,7 +17,7 @@ import ( "github.com/Dreamacro/clash/common/cache" N "github.com/Dreamacro/clash/common/net" C "github.com/Dreamacro/clash/constant" - httpL "github.com/Dreamacro/clash/listener/http" + H "github.com/Dreamacro/clash/listener/http" ) func HandleConn(c net.Conn, opt *Option, in chan<- C.ConnContext, cache *cache.Cache[string, bool]) { @@ -48,9 +48,12 @@ startOver: readLoop: for { - _ = conn.SetDeadline(time.Now().Add(30 * time.Second)) // use SetDeadline instead of Proxy-Connection keep-alive + err := conn.SetDeadline(time.Now().Add(30 * time.Second)) // use SetDeadline instead of Proxy-Connection keep-alive + if err != nil { + break readLoop + } - request, err := httpL.ReadRequest(conn.Reader()) + request, err := H.ReadRequest(conn.Reader()) if err != nil { handleError(opt, nil, err) break readLoop @@ -58,15 +61,15 @@ readLoop: var response *http.Response - session := NewSession(conn, request, response) + session := newSession(conn, request, response) source = parseSourceAddress(session.request, c, source) - request.RemoteAddr = source.String() + session.request.RemoteAddr = source.String() if !trusted { - response = httpL.Authenticate(request, cache) + session.response = H.Authenticate(session.request, cache) - trusted = response == nil + trusted = session.response == nil } if trusted { @@ -84,19 +87,18 @@ readLoop: break readLoop // close connection } - buf := make([]byte, session.conn.(*N.BufferedConn).Buffered()) - _, _ = session.conn.Read(buf) + buff := make([]byte, session.conn.(*N.BufferedConn).Buffered()) + _, _ = session.conn.Read(buff) - mc := &MultiReaderConn{ + mrc := &multiReaderConn{ Conn: session.conn, - reader: io.MultiReader(bytes.NewReader(b), bytes.NewReader(buf), session.conn), + reader: io.MultiReader(bytes.NewReader(b), bytes.NewReader(buff), session.conn), } - // 22 is the TLS handshake. - // https://tools.ietf.org/html/rfc5246#section-6.2.1 - if b[0] == 22 { + // TLS handshake. + if b[0] == 0x16 { // TODO serve by generic host name maybe better? - tlsConn := tls.Server(mc, opt.CertConfig.NewTLSConfigForHost(session.request.URL.Host)) + tlsConn := tls.Server(mrc, opt.CertConfig.NewTLSConfigForHost(session.request.URL.Host)) // Handshake with the local client if err = tlsConn.Handshake(); err != nil { @@ -109,15 +111,17 @@ readLoop: } // maybe it's the others encrypted connection - in <- inbound.NewHTTPS(request, mc) + in <- inbound.NewHTTPS(session.request, mrc) } // maybe it's a http connection goto readLoop } + prepareRequest(c, session.request) + // hijack api - if getHostnameWithoutPort(session.request) == opt.ApiHost { + if session.request.URL.Host == opt.ApiHost { if err = handleApiRequest(session, opt); err != nil { handleError(opt, session, err) break readLoop @@ -125,8 +129,6 @@ readLoop: return } - prepareRequest(c, session.request) - // hijack custom request and write back custom response if necessary if opt.Handler != nil { newReq, newRes := opt.Handler.HandleRequest(session) @@ -144,12 +146,9 @@ readLoop: } } - httpL.RemoveHopByHopHeaders(session.request.Header) - httpL.RemoveExtraHTTPHostPort(request) - session.request.RequestURI = "" - if session.request.URL.Scheme == "" || session.request.URL.Host == "" { + if session.request.URL.Host == "" { session.response = session.NewErrorResponse(errors.New("invalid URL")) } else { client = newClientBySourceAndUserAgentIfNil(client, session.request, source, in) @@ -162,6 +161,8 @@ readLoop: session.response = session.NewErrorResponse(err) if errors.Is(err, ErrCertUnsupported) || strings.Contains(err.Error(), "x509: ") { // TODO block unsupported host? + _ = writeResponse(session, false) + break readLoop } } } @@ -194,7 +195,7 @@ func writeResponseWithHandler(session *Session, opt *Option) error { } func writeResponse(session *Session, keepAlive bool) error { - httpL.RemoveHopByHopHeaders(session.response.Header) + H.RemoveHopByHopHeaders(session.response.Header) if keepAlive { session.response.Header.Set("Connection", "keep-alive") @@ -226,17 +227,15 @@ func handleApiRequest(session *Session, opt *Option) error { return session.response.Write(session.conn) } - b := ` - - Clash ManInTheMiddle Proxy Services - 404 Not Found - - -

Not Found

-

The requested URL %s was not found on this server.

- - + b := ` + +Clash MITM Proxy Services - 404 Not Found + +

Not Found

+

The requested URL %s was not found on this server.

+ ` + if opt.Handler != nil { if opt.Handler.HandleApiRequest(session) { return nil @@ -261,10 +260,7 @@ func handleApiRequest(session *Session, opt *Option) error { func handleError(opt *Option, session *Session, err error) { if opt.Handler != nil { opt.Handler.HandleError(session, err) - return } - - // log.Errorln("[MITM] process mitm error: %v", err) } func prepareRequest(conn net.Conn, request *http.Request) { @@ -277,7 +273,9 @@ func prepareRequest(conn net.Conn, request *http.Request) { request.URL.Host = request.Host } - request.URL.Scheme = "http" + if request.URL.Scheme == "" { + request.URL.Scheme = "http" + } if tlsConn, ok := conn.(*tls.Conn); ok { cs := tlsConn.ConnectionState() @@ -289,6 +287,9 @@ func prepareRequest(conn net.Conn, request *http.Request) { if request.Header.Get("Accept-Encoding") != "" { request.Header.Set("Accept-Encoding", "gzip") } + + H.RemoveHopByHopHeaders(request.Header) + H.RemoveExtraHTTPHostPort(request) } func couldBeWithManInTheMiddleAttack(hostname string, opt *Option) bool { @@ -303,19 +304,6 @@ func couldBeWithManInTheMiddleAttack(hostname string, opt *Option) bool { return false } -func getHostnameWithoutPort(req *http.Request) string { - host := req.Host - if host == "" { - host = req.URL.Host - } - - if pHost, _, err := net.SplitHostPort(host); err == nil { - host = pHost - } - - return host -} - func parseSourceAddress(req *http.Request, c net.Conn, source net.Addr) net.Addr { if source != nil { return source diff --git a/listener/mitm/session.go b/listener/mitm/session.go index 2572d879..42c7faf7 100644 --- a/listener/mitm/session.go +++ b/listener/mitm/session.go @@ -1,16 +1,11 @@ package mitm import ( - "fmt" "io" "net" "net/http" - - C "github.com/Dreamacro/clash/constant" ) -var serverName = fmt.Sprintf("Clash server (%s)", C.Version) - type Session struct { conn net.Conn request *http.Request @@ -37,16 +32,14 @@ func (s *Session) SetProperties(key string, val any) { } func (s *Session) NewResponse(code int, body io.Reader) *http.Response { - res := NewResponse(code, body, s.request) - res.Header.Set("Server", serverName) - return res + return NewResponse(code, body, s.request) } func (s *Session) NewErrorResponse(err error) *http.Response { return NewErrorResponse(s.request, err) } -func NewSession(conn net.Conn, request *http.Request, response *http.Response) *Session { +func newSession(conn net.Conn, request *http.Request, response *http.Response) *Session { return &Session{ conn: conn, request: request, diff --git a/listener/mitm/utils.go b/listener/mitm/utils.go index 7d681d42..8ca8054d 100644 --- a/listener/mitm/utils.go +++ b/listener/mitm/utils.go @@ -14,12 +14,12 @@ import ( "golang.org/x/text/transform" ) -type MultiReaderConn struct { +type multiReaderConn struct { net.Conn reader io.Reader } -func (c *MultiReaderConn) Read(buf []byte) (int, error) { +func (c *multiReaderConn) Read(buf []byte) (int, error) { return c.reader.Read(buf) } @@ -65,7 +65,6 @@ func NewErrorResponse(req *http.Request, err error) *http.Response { w := fmt.Sprintf(`199 "clash" %q %q`, err.Error(), date) res.Header.Add("Warning", w) - res.Header.Set("Server", serverName) return res } diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go index d2cb95be..e16782a7 100644 --- a/tunnel/tunnel.go +++ b/tunnel/tunnel.go @@ -181,7 +181,7 @@ func preHandleMetadata(metadata *C.Metadata) error { return nil } -func resolveMetadata(ctx C.PlainContext, metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) { +func resolveMetadata(_ C.PlainContext, metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) { switch mode { case Direct: proxy = proxies["DIRECT"] @@ -217,7 +217,7 @@ func handleUDPConn(packet *inbound.PacketAdapter) { handle := func() bool { pc := natTable.Get(key) if pc != nil { - handleUDPToRemote(packet, pc, metadata) + _ = handleUDPToRemote(packet, pc, metadata) return true } return false @@ -284,7 +284,9 @@ func handleUDPConn(packet *inbound.PacketAdapter) { } func handleTCPConn(connCtx C.ConnContext) { - defer connCtx.Conn().Close() + defer func(conn net.Conn) { + _ = conn.Close() + }(connCtx.Conn()) metadata := connCtx.Metadata() if !metadata.Valid() { @@ -302,7 +304,9 @@ func handleTCPConn(connCtx C.ConnContext) { if MitmOutbound != nil && metadata.Type != C.MITM { if remoteConn, err1 := MitmOutbound.DialContext(ctx, metadata); err1 == nil { remoteConn = statistic.NewSniffing(remoteConn, metadata) - defer remoteConn.Close() + defer func(remoteConn C.Conn) { + _ = remoteConn.Close() + }(remoteConn) handleSocket(connCtx, remoteConn) return @@ -325,7 +329,9 @@ func handleTCPConn(connCtx C.ConnContext) { return } remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule) - defer remoteConn.Close() + defer func(remoteConn C.Conn) { + _ = remoteConn.Close() + }(remoteConn) switch true { case rule != nil: