Refactor: vmess

Add support for vmess length masking/packetaddr/authenticated length Add support for zero/aes-128-cfb protcol
2022-06-14 13:21:22 +08:00
parent c968104a19
commit d8dc44e786
7 changed files with 152 additions and 86 deletions
--- a/adapter/outbound/vmess.go
+++ b/adapter/outbound/vmess.go
@ -5,17 +5,20 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
-	"github.com/Dreamacro/clash/common/convert"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"

+	"github.com/Dreamacro/clash/common/convert"
 	"github.com/Dreamacro/clash/component/dialer"
 	"github.com/Dreamacro/clash/component/resolver"
 	C "github.com/Dreamacro/clash/constant"
 	"github.com/Dreamacro/clash/transport/gun"
-	"github.com/Dreamacro/clash/transport/vmess"
+	clashVMess "github.com/Dreamacro/clash/transport/vmess"
+	"github.com/sagernet/sing-vmess"
+	"github.com/sagernet/sing-vmess/packetaddr"
+	M "github.com/sagernet/sing/common/metadata"
 )

 type Vmess struct {
@ -31,21 +34,23 @@ type Vmess struct {

 type VmessOption struct {
 	BasicOption
-	Name           string       `proxy:"name"`
-	Server         string       `proxy:"server"`
-	Port           int          `proxy:"port"`
-	UUID           string       `proxy:"uuid"`
-	AlterID        int          `proxy:"alterId"`
-	Cipher         string       `proxy:"cipher"`
-	UDP            bool         `proxy:"udp,omitempty"`
-	Network        string       `proxy:"network,omitempty"`
-	TLS            bool         `proxy:"tls,omitempty"`
-	SkipCertVerify bool         `proxy:"skip-cert-verify,omitempty"`
-	ServerName     string       `proxy:"servername,omitempty"`
-	HTTPOpts       HTTPOptions  `proxy:"http-opts,omitempty"`
-	HTTP2Opts      HTTP2Options `proxy:"h2-opts,omitempty"`
-	GrpcOpts       GrpcOptions  `proxy:"grpc-opts,omitempty"`
-	WSOpts         WSOptions    `proxy:"ws-opts,omitempty"`
+	Name                string       `proxy:"name"`
+	Server              string       `proxy:"server"`
+	Port                int          `proxy:"port"`
+	UUID                string       `proxy:"uuid"`
+	AlterID             int          `proxy:"alterId"`
+	Cipher              string       `proxy:"cipher"`
+	UDP                 bool         `proxy:"udp,omitempty"`
+	Network             string       `proxy:"network,omitempty"`
+	TLS                 bool         `proxy:"tls,omitempty"`
+	SkipCertVerify      bool         `proxy:"skip-cert-verify,omitempty"`
+	ServerName          string       `proxy:"servername,omitempty"`
+	HTTPOpts            HTTPOptions  `proxy:"http-opts,omitempty"`
+	HTTP2Opts           HTTP2Options `proxy:"h2-opts,omitempty"`
+	GrpcOpts            GrpcOptions  `proxy:"grpc-opts,omitempty"`
+	WSOpts              WSOptions    `proxy:"ws-opts,omitempty"`
+	PacketAddr          bool         `proxy:"packet-addr,omitempty"`
+	AuthenticatedLength bool         `proxy:"authenticated-length,omitempty"`

 	// TODO: compatible with VMESS WS older version configurations
 	WSHeaders map[string]string `proxy:"ws-headers,omitempty"`
@ -81,7 +86,7 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 	case "ws":

 		host, port, _ := net.SplitHostPort(v.addr)
-		wsOpts := &vmess.WebsocketConfig{
+		wsOpts := &clashVMess.WebsocketConfig{
 			Host:                host,
 			Port:                port,
 			Path:                v.option.WSOpts.Path,
@ -114,12 +119,12 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				convert.SetUserAgent(wsOpts.Headers)
 			}
 		}
-		c, err = vmess.StreamWebsocketConn(c, wsOpts)
+		c, err = clashVMess.StreamWebsocketConn(c, wsOpts)
 	case "http":
 		// readability first, so just copy default TLS logic
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
-			tlsOpts := &vmess.TLSConfig{
+			tlsOpts := &clashVMess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
@ -128,24 +133,24 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				tlsOpts.Host = v.option.ServerName
 			}

-			c, err = vmess.StreamTLSConn(c, tlsOpts)
+			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
 			if err != nil {
 				return nil, err
 			}
 		}

 		host, _, _ := net.SplitHostPort(v.addr)
-		httpOpts := &vmess.HTTPConfig{
+		httpOpts := &clashVMess.HTTPConfig{
 			Host:    host,
 			Method:  v.option.HTTPOpts.Method,
 			Path:    v.option.HTTPOpts.Path,
 			Headers: v.option.HTTPOpts.Headers,
 		}

-		c = vmess.StreamHTTPConn(c, httpOpts)
+		c = clashVMess.StreamHTTPConn(c, httpOpts)
 	case "h2":
 		host, _, _ := net.SplitHostPort(v.addr)
-		tlsOpts := vmess.TLSConfig{
+		tlsOpts := clashVMess.TLSConfig{
 			Host:           host,
 			SkipCertVerify: v.option.SkipCertVerify,
 			NextProtos:     []string{"h2"},
@ -155,24 +160,24 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 			tlsOpts.Host = v.option.ServerName
 		}

-		c, err = vmess.StreamTLSConn(c, &tlsOpts)
+		c, err = clashVMess.StreamTLSConn(c, &tlsOpts)
 		if err != nil {
 			return nil, err
 		}

-		h2Opts := &vmess.H2Config{
+		h2Opts := &clashVMess.H2Config{
 			Hosts: v.option.HTTP2Opts.Host,
 			Path:  v.option.HTTP2Opts.Path,
 		}

-		c, err = vmess.StreamH2Conn(c, h2Opts)
+		c, err = clashVMess.StreamH2Conn(c, h2Opts)
 	case "grpc":
 		c, err = gun.StreamGunWithConn(c, v.gunTLSConfig, v.gunConfig)
 	default:
 		// handle TLS
 		if v.option.TLS {
 			host, _, _ := net.SplitHostPort(v.addr)
-			tlsOpts := &vmess.TLSConfig{
+			tlsOpts := &clashVMess.TLSConfig{
 				Host:           host,
 				SkipCertVerify: v.option.SkipCertVerify,
 			}
@ -181,15 +186,18 @@ func (v *Vmess) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
 				tlsOpts.Host = v.option.ServerName
 			}

-			c, err = vmess.StreamTLSConn(c, tlsOpts)
+			c, err = clashVMess.StreamTLSConn(c, tlsOpts)
 		}
 	}

 	if err != nil {
 		return nil, err
 	}
-
-	return v.client.StreamConn(c, parseVmessAddr(metadata))
+	if metadata.NetWork == C.UDP {
+		return v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+	} else {
+		return v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
+	}
 }

 // DialContext implements C.ProxyAdapter
@ -202,7 +210,7 @@ func (v *Vmess) DialContext(ctx context.Context, metadata *C.Metadata, opts ...d
 		}
 		defer safeConnClose(c, err)

-		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
+		c, err = v.client.DialConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
 		if err != nil {
 			return nil, err
 		}
@ -232,6 +240,11 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		metadata.DstIP = ip
 	}

+	if v.option.PacketAddr {
+		metadata.Host = packetaddr.SeqPacketMagicAddress
+		metadata.DstPort = "443"
+	}
+
 	var c net.Conn
 	// gun transport
 	if v.transport != nil && len(opts) == 0 {
@ -241,7 +254,7 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		}
 		defer safeConnClose(c, err)

-		c, err = v.client.StreamConn(c, parseVmessAddr(metadata))
+		c, err = v.client.DialPacketConn(c, M.ParseSocksaddr(metadata.RemoteAddress()))
 	} else {
 		c, err = dialer.DialContext(ctx, "tcp", v.addr, v.Base.DialOptions(opts...)...)
 		if err != nil {
@ -257,11 +270,21 @@ func (v *Vmess) ListenPacketContext(ctx context.Context, metadata *C.Metadata, o
 		return nil, fmt.Errorf("new vmess client error: %v", err)
 	}

-	return v.ListenPacketOnStreamConn(c, metadata)
+	if v.option.PacketAddr {
+		return newPacketConn(packetaddr.NewBindClient(c), v), nil
+	} else if pc, ok := c.(net.PacketConn); ok {
+		return newPacketConn(pc, v), nil
+	}
+	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }

 // ListenPacketOnStreamConn implements C.ProxyAdapter
 func (v *Vmess) ListenPacketOnStreamConn(c net.Conn, metadata *C.Metadata) (_ C.PacketConn, err error) {
+	if v.option.PacketAddr {
+		return newPacketConn(packetaddr.NewBindClient(c), v), nil
+	} else if pc, ok := c.(net.PacketConn); ok {
+		return newPacketConn(pc, v), nil
+	}
 	return newPacketConn(&vmessPacketConn{Conn: c, rAddr: metadata.UDPAddr()}, v), nil
 }

@ -272,14 +295,11 @@ func (v *Vmess) SupportUOT() bool {

 func NewVmess(option VmessOption) (*Vmess, error) {
 	security := strings.ToLower(option.Cipher)
-	client, err := vmess.NewClient(vmess.Config{
-		UUID:     option.UUID,
-		AlterID:  uint16(option.AlterID),
-		Security: security,
-		HostName: option.Server,
-		Port:     strconv.Itoa(option.Port),
-		IsAead:   option.AlterID == 0,
-	})
+	var options []vmess.ClientOption
+	if option.AuthenticatedLength {
+		options = append(options, vmess.ClientWithAuthenticatedLength())
+	}
+	client, err := vmess.NewClient(option.UUID, security, option.AlterID, options...)
 	if err != nil {
 		return nil, err
 	}
@ -338,38 +358,9 @@ func NewVmess(option VmessOption) (*Vmess, error) {
 		v.gunConfig = gunConfig
 		v.transport = gun.NewHTTP2Client(dialFn, tlsConfig)
 	}
-
 	return v, nil
 }

-func parseVmessAddr(metadata *C.Metadata) *vmess.DstAddr {
-	var addrType byte
-	var addr []byte
-	switch metadata.AddrType {
-	case C.AtypIPv4:
-		addrType = byte(vmess.AtypIPv4)
-		addr = make([]byte, net.IPv4len)
-		copy(addr[:], metadata.DstIP.AsSlice())
-	case C.AtypIPv6:
-		addrType = byte(vmess.AtypIPv6)
-		addr = make([]byte, net.IPv6len)
-		copy(addr[:], metadata.DstIP.AsSlice())
-	case C.AtypDomainName:
-		addrType = byte(vmess.AtypDomainName)
-		addr = make([]byte, len(metadata.Host)+1)
-		addr[0] = byte(len(metadata.Host))
-		copy(addr[1:], []byte(metadata.Host))
-	}
-
-	port, _ := strconv.ParseUint(metadata.DstPort, 10, 16)
-	return &vmess.DstAddr{
-		UDP:      metadata.NetWork == C.UDP,
-		AddrType: addrType,
-		Addr:     addr,
-		Port:     uint(port),
-	}
-}
-
 type vmessPacketConn struct {
 	net.Conn
 	rAddr net.Addr