history-museum/Clash.Meta
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Chore: fix typos

Browse Source
This commit is contained in:
yaling888 2022-04-11 06:28:42 +08:00
parent f036e06f6f
commit 5999b6262d
8 changed files with 70 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/config.go
View File

@ -547,7 +547,7 @@ func parseHosts(cfg *RawConfig) (*trie.DomainTrie[netip.Addr], error) {
} }
// add mitm.clash hosts // add mitm.clash hosts
if err := tree.Insert("mitm.clash", netip.AddrFrom4([4]byte{8, 8, 9, 9})); err != nil { if err := tree.Insert("mitm.clash", netip.AddrFrom4([4]byte{1, 2, 3, 4})); err != nil {
log.Errorln("insert mitm.clash to host error: %s", err.Error()) log.Errorln("insert mitm.clash to host error: %s", err.Error())
} }

17
dns/middleware.go
View File

@ -30,28 +30,25 @@ func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[strin
return next(ctx, r) return next(ctx, r)
} }
qName := strings.TrimRight(q.Name, ".") host := strings.TrimRight(q.Name, ".")
record := hosts.Search(qName)
record := hosts.Search(host)
if record == nil { if record == nil {
return next(ctx, r) return next(ctx, r)
} }
ip := record.Data ip := record.Data
if mapping != nil {
mapping.SetWithExpire(ip.Unmap().String(), qName, time.Now().Add(time.Second*5))
}
msg := r.Copy() msg := r.Copy()
if ip.Is4() && q.Qtype == D.TypeA { if ip.Is4() && q.Qtype == D.TypeA {
rr := &D.A{} rr := &D.A{}
rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 1} rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeA, Class: D.ClassINET, Ttl: 10}
rr.A = ip.AsSlice() rr.A = ip.AsSlice()
msg.Answer = []D.RR{rr} msg.Answer = []D.RR{rr}
} else if ip.Is6() && q.Qtype == D.TypeAAAA { } else if ip.Is6() && q.Qtype == D.TypeAAAA {
rr := &D.AAAA{} rr := &D.AAAA{}
rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 1} rr.Hdr = D.RR_Header{Name: q.Name, Rrtype: D.TypeAAAA, Class: D.ClassINET, Ttl: 10}
rr.AAAA = ip.AsSlice() rr.AAAA = ip.AsSlice()
msg.Answer = []D.RR{rr} msg.Answer = []D.RR{rr}
@ -59,6 +56,10 @@ func withHosts(hosts *trie.DomainTrie[netip.Addr], mapping *cache.LruCache[strin
return next(ctx, r) return next(ctx, r)
} }
if mapping != nil {
mapping.SetWithExpire(ip.Unmap().String(), host, time.Now().Add(time.Second*10))
}
ctx.SetType(context.DNSTypeHost) ctx.SetType(context.DNSTypeHost)
msg.SetRcode(r, D.RcodeSuccess) msg.SetRcode(r, D.RcodeSuccess)
msg.Authoritative = true msg.Authoritative = true

10
listener/http/proxy.go
View File

@ -70,11 +70,11 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache[string,
RemoveExtraHTTPHostPort(request) RemoveExtraHTTPHostPort(request)
if request.URL.Scheme == "" || request.URL.Host == "" { if request.URL.Scheme == "" || request.URL.Host == "" {
resp = ResponseWith(request, http.StatusBadRequest) resp = responseWith(request, http.StatusBadRequest)
} else { } else {
resp, err = client.Do(request) resp, err = client.Do(request)
if err != nil { if err != nil {
resp = ResponseWith(request, http.StatusBadGateway) resp = responseWith(request, http.StatusBadGateway)
} }
} }
@ -103,7 +103,7 @@ func Authenticate(request *http.Request, cache *cache.Cache[string, bool]) *http
if authenticator != nil { if authenticator != nil {
credential := parseBasicProxyAuthorization(request) credential := parseBasicProxyAuthorization(request)
if credential == "" { if credential == "" {
resp := ResponseWith(request, http.StatusProxyAuthRequired) resp := responseWith(request, http.StatusProxyAuthRequired)
resp.Header.Set("Proxy-Authenticate", "Basic") resp.Header.Set("Proxy-Authenticate", "Basic")
return resp return resp
} }
@ -117,14 +117,14 @@ func Authenticate(request *http.Request, cache *cache.Cache[string, bool]) *http
if !authed { if !authed {
log.Infoln("Auth failed from %s", request.RemoteAddr) log.Infoln("Auth failed from %s", request.RemoteAddr)
return ResponseWith(request, http.StatusForbidden) return responseWith(request, http.StatusForbidden)
} }
} }
return nil return nil
} }
func ResponseWith(request *http.Request, statusCode int) *http.Response { func responseWith(request *http.Request, statusCode int) *http.Response {
return &http.Response{ return &http.Response{
StatusCode: statusCode, StatusCode: statusCode,
Status: http.StatusText(statusCode), Status: http.StatusText(statusCode),

2
listener/http/utils.go
View File

@ -40,7 +40,7 @@ func RemoveExtraHTTPHostPort(req *http.Request) {
host = req.URL.Host host = req.URL.Host
} }
if pHost, port, err := net.SplitHostPort(host); err == nil && port == "80" { if pHost, port, err := net.SplitHostPort(host); err == nil && (port == "80" || port == "443") {
host = pHost host = pHost
} }

84
listener/mitm/proxy.go
View File

@ -17,7 +17,7 @@ import (
"github.com/Dreamacro/clash/common/cache" "github.com/Dreamacro/clash/common/cache"
N "github.com/Dreamacro/clash/common/net" N "github.com/Dreamacro/clash/common/net"
C "github.com/Dreamacro/clash/constant" C "github.com/Dreamacro/clash/constant"
httpL "github.com/Dreamacro/clash/listener/http" H "github.com/Dreamacro/clash/listener/http"
) )
func HandleConn(c net.Conn, opt *Option, in chan<- C.ConnContext, cache *cache.Cache[string, bool]) { func HandleConn(c net.Conn, opt *Option, in chan<- C.ConnContext, cache *cache.Cache[string, bool]) {
@ -48,9 +48,12 @@ startOver:
readLoop: readLoop:
for { for {
_ = conn.SetDeadline(time.Now().Add(30 * time.Second)) // use SetDeadline instead of Proxy-Connection keep-alive err := conn.SetDeadline(time.Now().Add(30 * time.Second)) // use SetDeadline instead of Proxy-Connection keep-alive
if err != nil {
break readLoop
}
request, err := httpL.ReadRequest(conn.Reader()) request, err := H.ReadRequest(conn.Reader())
if err != nil { if err != nil {
handleError(opt, nil, err) handleError(opt, nil, err)
break readLoop break readLoop
@ -58,15 +61,15 @@ readLoop:
var response *http.Response var response *http.Response
session := NewSession(conn, request, response) session := newSession(conn, request, response)
source = parseSourceAddress(session.request, c, source) source = parseSourceAddress(session.request, c, source)
request.RemoteAddr = source.String() session.request.RemoteAddr = source.String()
if !trusted { if !trusted {
response = httpL.Authenticate(request, cache) session.response = H.Authenticate(session.request, cache)
trusted = response == nil trusted = session.response == nil
} }
if trusted { if trusted {
@ -84,19 +87,18 @@ readLoop:
break readLoop // close connection break readLoop // close connection
} }
buf := make([]byte, session.conn.(*N.BufferedConn).Buffered()) buff := make([]byte, session.conn.(*N.BufferedConn).Buffered())
_, _ = session.conn.Read(buf) _, _ = session.conn.Read(buff)
mc := &MultiReaderConn{ mrc := &multiReaderConn{
Conn: session.conn, Conn: session.conn,
reader: io.MultiReader(bytes.NewReader(b), bytes.NewReader(buf), session.conn), reader: io.MultiReader(bytes.NewReader(b), bytes.NewReader(buff), session.conn),
} }
// 22 is the TLS handshake. // TLS handshake.
// https://tools.ietf.org/html/rfc5246#section-6.2.1 if b[0] == 0x16 {
if b[0] == 22 {
// TODO serve by generic host name maybe better? // TODO serve by generic host name maybe better?
tlsConn := tls.Server(mc, opt.CertConfig.NewTLSConfigForHost(session.request.URL.Host)) tlsConn := tls.Server(mrc, opt.CertConfig.NewTLSConfigForHost(session.request.URL.Host))
// Handshake with the local client // Handshake with the local client
if err = tlsConn.Handshake(); err != nil { if err = tlsConn.Handshake(); err != nil {
@ -109,15 +111,17 @@ readLoop:
} }
// maybe it's the others encrypted connection // maybe it's the others encrypted connection
in <- inbound.NewHTTPS(request, mc) in <- inbound.NewHTTPS(session.request, mrc)
} }
// maybe it's a http connection // maybe it's a http connection
goto readLoop goto readLoop
} }
prepareRequest(c, session.request)
// hijack api // hijack api
if getHostnameWithoutPort(session.request) == opt.ApiHost { if session.request.URL.Host == opt.ApiHost {
if err = handleApiRequest(session, opt); err != nil { if err = handleApiRequest(session, opt); err != nil {
handleError(opt, session, err) handleError(opt, session, err)
break readLoop break readLoop
@ -125,8 +129,6 @@ readLoop:
return return
} }
prepareRequest(c, session.request)
// hijack custom request and write back custom response if necessary // hijack custom request and write back custom response if necessary
if opt.Handler != nil { if opt.Handler != nil {
newReq, newRes := opt.Handler.HandleRequest(session) newReq, newRes := opt.Handler.HandleRequest(session)
@ -144,12 +146,9 @@ readLoop:
} }
} }
httpL.RemoveHopByHopHeaders(session.request.Header)
httpL.RemoveExtraHTTPHostPort(request)
session.request.RequestURI = "" session.request.RequestURI = ""
if session.request.URL.Scheme == "" || session.request.URL.Host == "" { if session.request.URL.Host == "" {
session.response = session.NewErrorResponse(errors.New("invalid URL")) session.response = session.NewErrorResponse(errors.New("invalid URL"))
} else { } else {
client = newClientBySourceAndUserAgentIfNil(client, session.request, source, in) client = newClientBySourceAndUserAgentIfNil(client, session.request, source, in)
@ -162,6 +161,8 @@ readLoop:
session.response = session.NewErrorResponse(err) session.response = session.NewErrorResponse(err)
if errors.Is(err, ErrCertUnsupported) || strings.Contains(err.Error(), "x509: ") { if errors.Is(err, ErrCertUnsupported) || strings.Contains(err.Error(), "x509: ") {
// TODO block unsupported host? // TODO block unsupported host?
_ = writeResponse(session, false)
break readLoop
} }
} }
} }
@ -194,7 +195,7 @@ func writeResponseWithHandler(session *Session, opt *Option) error {
} }
func writeResponse(session *Session, keepAlive bool) error { func writeResponse(session *Session, keepAlive bool) error {
httpL.RemoveHopByHopHeaders(session.response.Header) H.RemoveHopByHopHeaders(session.response.Header)
if keepAlive { if keepAlive {
session.response.Header.Set("Connection", "keep-alive") session.response.Header.Set("Connection", "keep-alive")
@ -226,17 +227,15 @@ func handleApiRequest(session *Session, opt *Option) error {
return session.response.Write(session.conn) return session.response.Write(session.conn)
} }
b := `<!DOCTYPE HTML PUBLIC "- b := `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html> <html><head>
<head> <title>Clash MITM Proxy Services - 404 Not Found</title>
<title>Clash ManInTheMiddle Proxy Services - 404 Not Found</title> </head><body>
</head>
<body>
<h1>Not Found</h1> <h1>Not Found</h1>
<p>The requested URL %s was not found on this server.</p> <p>The requested URL %s was not found on this server.</p>
</body> </body></html>
</html>
` `
if opt.Handler != nil { if opt.Handler != nil {
if opt.Handler.HandleApiRequest(session) { if opt.Handler.HandleApiRequest(session) {
return nil return nil
@ -261,10 +260,7 @@ func handleApiRequest(session *Session, opt *Option) error {
func handleError(opt *Option, session *Session, err error) { func handleError(opt *Option, session *Session, err error) {
if opt.Handler != nil { if opt.Handler != nil {
opt.Handler.HandleError(session, err) opt.Handler.HandleError(session, err)
return
} }
// log.Errorln("[MITM] process mitm error: %v", err)
} }
func prepareRequest(conn net.Conn, request *http.Request) { func prepareRequest(conn net.Conn, request *http.Request) {
@ -277,7 +273,9 @@ func prepareRequest(conn net.Conn, request *http.Request) {
request.URL.Host = request.Host request.URL.Host = request.Host
} }
if request.URL.Scheme == "" {
request.URL.Scheme = "http" request.URL.Scheme = "http"
}
if tlsConn, ok := conn.(*tls.Conn); ok { if tlsConn, ok := conn.(*tls.Conn); ok {
cs := tlsConn.ConnectionState() cs := tlsConn.ConnectionState()
@ -289,6 +287,9 @@ func prepareRequest(conn net.Conn, request *http.Request) {
if request.Header.Get("Accept-Encoding") != "" { if request.Header.Get("Accept-Encoding") != "" {
request.Header.Set("Accept-Encoding", "gzip") request.Header.Set("Accept-Encoding", "gzip")
} }
H.RemoveHopByHopHeaders(request.Header)
H.RemoveExtraHTTPHostPort(request)
} }
func couldBeWithManInTheMiddleAttack(hostname string, opt *Option) bool { func couldBeWithManInTheMiddleAttack(hostname string, opt *Option) bool {
@ -303,19 +304,6 @@ func couldBeWithManInTheMiddleAttack(hostname string, opt *Option) bool {
return false return false
} }
func getHostnameWithoutPort(req *http.Request) string {
host := req.Host
if host == "" {
host = req.URL.Host
}
if pHost, _, err := net.SplitHostPort(host); err == nil {
host = pHost
}
return host
}
func parseSourceAddress(req *http.Request, c net.Conn, source net.Addr) net.Addr { func parseSourceAddress(req *http.Request, c net.Conn, source net.Addr) net.Addr {
if source != nil { if source != nil {
return source return source

11
listener/mitm/session.go
View File

@ -1,16 +1,11 @@
package mitm package mitm
import ( import (
"fmt"
"io" "io"
"net" "net"
"net/http" "net/http"
C "github.com/Dreamacro/clash/constant"
) )
var serverName = fmt.Sprintf("Clash server (%s)", C.Version)
type Session struct { type Session struct {
conn net.Conn conn net.Conn
request *http.Request request *http.Request
@ -37,16 +32,14 @@ func (s *Session) SetProperties(key string, val any) {
} }
func (s *Session) NewResponse(code int, body io.Reader) *http.Response { func (s *Session) NewResponse(code int, body io.Reader) *http.Response {
res := NewResponse(code, body, s.request) return NewResponse(code, body, s.request)
res.Header.Set("Server", serverName)
return res
} }
func (s *Session) NewErrorResponse(err error) *http.Response { func (s *Session) NewErrorResponse(err error) *http.Response {
return NewErrorResponse(s.request, err) return NewErrorResponse(s.request, err)
} }
func NewSession(conn net.Conn, request *http.Request, response *http.Response) *Session { func newSession(conn net.Conn, request *http.Request, response *http.Response) *Session {
return &Session{ return &Session{
conn: conn, conn: conn,
request: request, request: request,

5
listener/mitm/utils.go
View File

@ -14,12 +14,12 @@ import (
"golang.org/x/text/transform" "golang.org/x/text/transform"
) )
type MultiReaderConn struct { type multiReaderConn struct {
net.Conn net.Conn
reader io.Reader reader io.Reader
} }
func (c *MultiReaderConn) Read(buf []byte) (int, error) { func (c *multiReaderConn) Read(buf []byte) (int, error) {
return c.reader.Read(buf) return c.reader.Read(buf)
} }
@ -65,7 +65,6 @@ func NewErrorResponse(req *http.Request, err error) *http.Response {
w := fmt.Sprintf(`199 "clash" %q %q`, err.Error(), date) w := fmt.Sprintf(`199 "clash" %q %q`, err.Error(), date)
res.Header.Add("Warning", w) res.Header.Add("Warning", w)
res.Header.Set("Server", serverName)
return res return res
} }

16
tunnel/tunnel.go
View File

@ -181,7 +181,7 @@ func preHandleMetadata(metadata *C.Metadata) error {
return nil return nil
} }
func resolveMetadata(ctx C.PlainContext, metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) { func resolveMetadata(_ C.PlainContext, metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) {
switch mode { switch mode {
case Direct: case Direct:
proxy = proxies["DIRECT"] proxy = proxies["DIRECT"]
@ -217,7 +217,7 @@ func handleUDPConn(packet *inbound.PacketAdapter) {
handle := func() bool { handle := func() bool {
pc := natTable.Get(key) pc := natTable.Get(key)
if pc != nil { if pc != nil {
handleUDPToRemote(packet, pc, metadata) _ = handleUDPToRemote(packet, pc, metadata)
return true return true
} }
return false return false
@ -284,7 +284,9 @@ func handleUDPConn(packet *inbound.PacketAdapter) {
} }
func handleTCPConn(connCtx C.ConnContext) { func handleTCPConn(connCtx C.ConnContext) {
defer connCtx.Conn().Close() defer func(conn net.Conn) {
_ = conn.Close()
}(connCtx.Conn())
metadata := connCtx.Metadata() metadata := connCtx.Metadata()
if !metadata.Valid() { if !metadata.Valid() {
@ -302,7 +304,9 @@ func handleTCPConn(connCtx C.ConnContext) {
if MitmOutbound != nil && metadata.Type != C.MITM { if MitmOutbound != nil && metadata.Type != C.MITM {
if remoteConn, err1 := MitmOutbound.DialContext(ctx, metadata); err1 == nil { if remoteConn, err1 := MitmOutbound.DialContext(ctx, metadata); err1 == nil {
remoteConn = statistic.NewSniffing(remoteConn, metadata) remoteConn = statistic.NewSniffing(remoteConn, metadata)
defer remoteConn.Close() defer func(remoteConn C.Conn) {
_ = remoteConn.Close()
}(remoteConn)
handleSocket(connCtx, remoteConn) handleSocket(connCtx, remoteConn)
return return
@ -325,7 +329,9 @@ func handleTCPConn(connCtx C.ConnContext) {
return return
} }
remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule) remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule)
defer remoteConn.Close() defer func(remoteConn C.Conn) {
_ = remoteConn.Close()
}(remoteConn)
switch true { switch true {
case rule != nil: case rule != nil: