1.4.5.2

2026-02-04 20:27:13 +08:00
commit 3b042d1dad
9410 changed files with 1488147 additions and 0 deletions
--- a/EdgeNode/internal/utils/netpackets/filter_interface.go
+++ b/EdgeNode/internal/utils/netpackets/filter_interface.go
@@ -0,0 +1,8 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus && packet
+
+package netpackets
+
+type FilterInterface interface {
+	FilterMeta(meta *PacketMeta)
+}
--- a/EdgeNode/internal/utils/netpackets/ignored_ip_list.go
+++ b/EdgeNode/internal/utils/netpackets/ignored_ip_list.go
@@ -0,0 +1,92 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus
+
+package netpackets
+
+import (
+	"github.com/TeaOSLab/EdgeNode/internal/utils/linkedlist"
+	"sync"
+)
+
+type IgnoredIPList struct {
+	mu sync.RWMutex
+
+	itemMap map[string]*linkedlist.Item[string] // linked => item
+	list    *linkedlist.List[string]
+
+	capacity int
+	lastIP   string
+}
+
+func NewIgnoredIPList(capacity int) *IgnoredIPList {
+	return &IgnoredIPList{
+		itemMap:  map[string]*linkedlist.Item[string]{},
+		list:     linkedlist.NewList[string](),
+		capacity: capacity,
+	}
+}
+
+func (this *IgnoredIPList) Add(ip string) {
+	this.mu.Lock()
+	defer this.mu.Unlock()
+
+	if this.lastIP == ip {
+		return
+	}
+	this.lastIP = ip
+
+	item, ok := this.itemMap[ip]
+	if !ok {
+		if this.capacity > 0 && len(this.itemMap) == this.capacity {
+			var firstItem = this.list.Shift()
+			if firstItem != nil {
+				delete(this.itemMap, firstItem.Value)
+			}
+		}
+
+		item = linkedlist.NewItem[string](ip)
+		this.itemMap[ip] = item
+	}
+	this.list.Push(item)
+}
+
+func (this *IgnoredIPList) Remove(ip string) {
+	this.mu.Lock()
+	defer this.mu.Unlock()
+
+	item, ok := this.itemMap[ip]
+	if ok {
+		delete(this.itemMap, ip)
+		this.list.Remove(item)
+	}
+}
+
+func (this *IgnoredIPList) Contains(ip string) bool {
+	this.mu.RLock()
+	defer this.mu.RUnlock()
+	_, ok := this.itemMap[ip]
+	return ok
+}
+
+func (this *IgnoredIPList) List(size int) (ipList []string) {
+	if size <= 0 {
+		return
+	}
+
+	this.mu.RLock()
+	defer this.mu.RUnlock()
+
+	this.list.RangeReverse(func(item *linkedlist.Item[string]) (goNext bool) {
+		ipList = append(ipList, item.Value)
+		size--
+		return size > 0
+	})
+
+	return
+}
+
+func (this *IgnoredIPList) Len() int {
+	this.mu.RLock()
+	defer this.mu.RUnlock()
+	return len(this.itemMap)
+}
--- a/EdgeNode/internal/utils/netpackets/ignored_ip_list_test.go
+++ b/EdgeNode/internal/utils/netpackets/ignored_ip_list_test.go
@@ -0,0 +1,71 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus
+
+package netpackets_test
+
+import (
+	"fmt"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/netpackets"
+	"github.com/iwind/TeaGo/assert"
+	"github.com/iwind/TeaGo/rands"
+	"runtime"
+	"testing"
+)
+
+func TestIgnoredIPList_Add(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	var list = netpackets.NewIgnoredIPList(10)
+	list.Add("192.168.2.1")
+	list.Add("192.168.2.2")
+	list.Add("192.168.2.3")
+
+	a.IsTrue(list.Contains("192.168.2.1"))
+	a.IsFalse(list.Contains("192.168.2.0"))
+
+	t.Log(list.List(0))
+	t.Log(list.List(2))
+	t.Log(list.List(4))
+}
+
+func TestIgnoredIPList_Add_Capacity(t *testing.T) {
+	var list = netpackets.NewIgnoredIPList(4)
+	list.Add("192.168.2.1")
+	list.Add("192.168.2.2")
+	list.Add("192.168.2.3")
+	list.Add("192.168.2.4")
+	list.Add("192.168.2.5")
+	list.Add("192.168.2.6")
+	list.Add("192.168.2.7")
+	t.Log(list.List(10))
+	t.Log(list.Len(), "items")
+}
+
+func TestIgnoredIPList_Remove(t *testing.T) {
+	var list = netpackets.NewIgnoredIPList(10)
+	list.Add("192.168.2.1")
+	list.Add("192.168.2.2")
+	list.Add("192.168.2.3")
+	list.Remove("192.168.2.2")
+	t.Log(list.List(4))
+}
+
+func BenchmarkIgnoredIPList_Add(b *testing.B) {
+	runtime.GOMAXPROCS(1)
+
+	var genIPFunc = func() string {
+		return fmt.Sprintf("%d.%d.%d.%d", rands.Int(0, 255), rands.Int(0, 255), rands.Int(0, 255), rands.Int(0, 255))
+	}
+
+	var list = netpackets.NewIgnoredIPList(65535)
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			list.Add(genIPFunc())
+			list.Remove(genIPFunc())
+			list.Contains(genIPFunc())
+			if rands.Int(0, 100) == 0 {
+				list.List(1000)
+			}
+		}
+	})
+}
--- a/EdgeNode/internal/utils/netpackets/layer_type.go
+++ b/EdgeNode/internal/utils/netpackets/layer_type.go
@@ -0,0 +1,18 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus && packet
+
+package netpackets
+
+import (
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+)
+
+type LayerType = gopacket.LayerType
+
+var (
+	LayerTypeTCP    = layers.LayerTypeTCP
+	LayerTypeUDP    = layers.LayerTypeUDP
+	LayerTypeICMPv4 = layers.LayerTypeICMPv4
+	LayerTypeICMPv6 = layers.LayerTypeICMPv6
+)
--- a/EdgeNode/internal/utils/netpackets/listener.go
+++ b/EdgeNode/internal/utils/netpackets/listener.go
@@ -0,0 +1,293 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus && packet
+
+package netpackets
+
+import (
+	"encoding/binary"
+	"fmt"
+	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeNode/internal/utils"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcap"
+	"sort"
+	"strings"
+	"time"
+)
+
+const defaultBPFFilter = "(tcp or udp or icmp) and not net 127.0.0.1"
+
+type Listener struct {
+	filters        []FilterInterface
+	incomingHandle *pcap.Handle
+	bpfFilter      string
+
+	decodeDstIP bool
+
+	isClosed bool
+
+	outgoingIPList *IgnoredIPList
+	outgoingHandle *pcap.Handle
+
+	filterTicker *time.Ticker
+}
+
+func NewListener() *Listener {
+	return &Listener{
+		isClosed:       true,
+		outgoingIPList: NewIgnoredIPList(65535),
+	}
+}
+
+func (this *Listener) Start() error {
+	if !this.isClosed {
+		return nil
+	}
+
+	this.isClosed = false
+
+	go func() {
+		startErr := this.loopOutgoing()
+		if startErr != nil {
+			remotelogs.Error("NET_PACKET", "start outgoing packet listener failed: "+startErr.Error())
+		}
+	}()
+
+	go func() {
+		this.loopUpdateFilter()
+	}()
+
+	for { // 无限 for 是为了防止意外退出
+		err := this.loopIncoming()
+		if err != nil {
+			if this.isClosed {
+				return nil
+			}
+
+			return fmt.Errorf("start packet listener failed: %w", err)
+		}
+
+		if this.isClosed {
+			return nil
+		}
+	}
+}
+
+func (this *Listener) AddFilter(filter FilterInterface) {
+	this.filters = append(this.filters, filter)
+}
+
+func (this *Listener) SetBPF(bpfFilter string) {
+	this.bpfFilter = bpfFilter
+}
+
+func (this *Listener) DecodeDstIP() {
+	this.decodeDstIP = true
+}
+
+func (this *Listener) Stop() {
+	this.isClosed = true
+	this.incomingHandle.Close()
+	this.outgoingHandle.Close()
+}
+
+func (this *Listener) IsRunning() bool {
+	return this.incomingHandle != nil && !this.isClosed
+}
+
+func (this *Listener) loopIncoming() error {
+	const device = "any"
+	var err error
+	this.incomingHandle, err = pcap.OpenLive(device, 128, false /** ignore collision domain **/, pcap.BlockForever)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		this.incomingHandle.Close()
+	}()
+
+	err = this.incomingHandle.SetDirection(pcap.DirectionIn)
+	if err != nil {
+		return err
+	}
+
+	if len(this.bpfFilter) > 0 {
+		err = this.incomingHandle.SetBPFFilter(this.bpfFilter)
+	} else {
+		this.bpfFilter = defaultBPFFilter
+		err = this.incomingHandle.SetBPFFilter(defaultBPFFilter)
+	}
+	if err != nil {
+		return err
+	}
+
+	var meta = &PacketMeta{}
+
+	var packetSource = gopacket.NewPacketSource(this.incomingHandle, this.incomingHandle.LinkType())
+	packetSource.NoCopy = true
+	packetSource.Lazy = true
+
+	var filters = this.filters
+	var countFilters = len(filters)
+
+	for packet := range packetSource.Packets() {
+		var networkLayer = packet.NetworkLayer()
+		if networkLayer == nil {
+			continue
+		}
+
+		var networkFlow = networkLayer.NetworkFlow()
+
+		var src = networkFlow.Src()
+
+		meta.SrcIP = src.String()
+
+		// ignore outgoing ip
+		if this.outgoingIPList.Contains(meta.SrcIP) {
+			continue
+		}
+
+		if this.decodeDstIP {
+			meta.DstIP = networkFlow.Dst().String()
+		}
+		meta.Length = packet.Metadata().Length
+
+		var transportLayer = packet.TransportLayer()
+		if transportLayer == nil {
+			meta.SrcPort = 0
+			meta.DstPort = 0
+
+			switch x := networkLayer.(type) {
+			case *layers.IPv4:
+				meta.LayerType = x.NextLayerType()
+			case *layers.IPv6:
+				meta.LayerType = x.NextLayerType()
+			}
+
+			// call filters
+			if countFilters == 1 {
+				filters[0].FilterMeta(meta)
+			} else {
+				for _, filter := range filters {
+					filter.FilterMeta(meta)
+				}
+			}
+
+			continue
+		}
+
+		var transportFlow = transportLayer.TransportFlow()
+		meta.SrcPort = int(binary.BigEndian.Uint16(transportFlow.Src().Raw()))
+		meta.LayerType = transportLayer.LayerType()
+		meta.DstPort = int(binary.BigEndian.Uint16(transportFlow.Dst().Raw()))
+
+		// call filters
+		if countFilters == 1 {
+			filters[0].FilterMeta(meta)
+		} else {
+			for _, filter := range filters {
+				filter.FilterMeta(meta)
+			}
+		}
+	}
+
+	return nil
+}
+
+func (this *Listener) loopOutgoing() error {
+	const device = "any"
+	var err error
+	this.outgoingHandle, err = pcap.OpenLive(device, 128, true /** ignore collision domain **/, pcap.BlockForever)
+
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		this.outgoingHandle.Close()
+	}()
+
+	err = this.outgoingHandle.SetDirection(pcap.DirectionOut)
+	if err != nil {
+		return err
+	}
+
+	err = this.outgoingHandle.SetBPFFilter("tcp and tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) = 0")
+	if err != nil {
+		return err
+	}
+
+	var packetSource = gopacket.NewPacketSource(this.outgoingHandle, this.outgoingHandle.LinkType())
+	packetSource.NoCopy = true
+	packetSource.Lazy = true
+
+	for packet := range packetSource.Packets() {
+		var networkLayer = packet.NetworkLayer()
+		if networkLayer == nil {
+			continue
+		}
+
+		var networkFlow = networkLayer.NetworkFlow()
+		var dstIP = networkFlow.Dst().String()
+		this.outgoingIPList.Add(dstIP)
+	}
+
+	return nil
+}
+
+func (this *Listener) loopUpdateFilter() {
+	if this.filterTicker != nil {
+		return
+	}
+
+	this.filterTicker = time.NewTicker(1 * time.Second)
+	var lastIPList []string
+	for range this.filterTicker.C {
+		if this.isClosed {
+			continue
+		}
+
+		var ipList = this.outgoingIPList.List(512) // 基于bfp长度的限制，这里数量不能太多
+		sort.Strings(ipList)
+		if this.equalStrings(lastIPList, ipList) {
+			continue
+		}
+
+		lastIPList = ipList
+
+		// apply
+		var incomingHandle = this.incomingHandle
+		if incomingHandle != nil {
+			var rules = []string{}
+			for _, ip := range ipList {
+				rules = append(rules, "not src host "+ip)
+			}
+			var newBPFFilter = this.bpfFilter + " and " + strings.Join(rules, " and ")
+			if utils.IsDebugEnv() {
+				remotelogs.Debug("NET_PACKET", "set new BPF filter: "+newBPFFilter)
+			}
+			err := incomingHandle.SetBPFFilter(newBPFFilter)
+			if err != nil {
+				remotelogs.Error("NET_PACKET", "set new BPF filter failed: "+err.Error())
+			}
+		}
+	}
+}
+
+func (this *Listener) equalStrings(s1 []string, s2 []string) bool {
+	var l = len(s1)
+	if len(s2) != l {
+		return false
+	}
+	if l == 0 {
+		return true
+	}
+	for i := 0; i < l; i++ {
+		if s1[i] != s2[i] {
+			return false
+		}
+	}
+	return true
+}
--- a/EdgeNode/internal/utils/netpackets/listener_test.go
+++ b/EdgeNode/internal/utils/netpackets/listener_test.go
@@ -0,0 +1,105 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus && packet
+
+package netpackets_test
+
+import (
+	"encoding/binary"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/netpackets"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/testutils"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/iwind/TeaGo/types"
+	"log"
+	"os"
+	"testing"
+	"time"
+)
+
+type testFilter struct {
+}
+
+func (this *testFilter) FilterMeta(meta *netpackets.PacketMeta) {
+	log.Println(meta.LayerType.String() + " " + meta.SrcIP + ":" + types.String(meta.SrcPort) + " => " + meta.DstIP + ":" + types.String(meta.DstPort) + " " + types.String(meta.Length) + "bytes")
+}
+
+func TestListener_Start(t *testing.T) {
+	if !testutils.IsSingleTesting() {
+		if os.Getgid() > 0 {
+			return
+		}
+	}
+
+	var listener = netpackets.NewListener()
+	listener.AddFilter(&testFilter{})
+
+	go func() {
+		time.Sleep(10 * time.Second)
+		t.Log("stopping ...")
+		listener.Stop()
+	}()
+
+	t.Log("starting ...")
+	err := listener.Start()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestListener_DecodePacket_UDP(t *testing.T) {
+	var packetData = []byte{69, 0, 0, 134, 140, 133, 0, 0, 118, 17, 16, 79, 223, 5, 5, 5, 192, 168, 2, 224, 0, 53, 232, 163, 0, 114, 0, 0, 69, 42, 129, 128, 0, 1, 0, 3, 0, 0, 0, 0, 6, 115, 116, 97, 116, 105, 99, 7, 111, 115, 99, 104, 105, 110, 97, 3, 110, 101, 116, 0, 0, 1, 0, 1, 192, 12, 0, 5, 0, 1, 0, 0, 0, 1, 0, 25, 10, 115, 116, 97, 116, 105, 99, 45, 111, 115, 99, 2, 98, 48, 5, 97, 105, 99, 100, 110, 3, 99, 111, 109, 0, 192, 48, 0, 5, 0, 1, 0, 0, 0, 1, 0, 5, 2, 118, 109, 192, 62, 192, 85, 0, 1, 0, 1, 0, 0, 0, 1, 0, 4, 218, 28, 104, 157}
+
+	var packet = gopacket.NewPacket(packetData, layers.LayerTypeIPv4, gopacket.DecodeOptions{})
+	var networkFlow = packet.NetworkLayer().NetworkFlow()
+
+	t.Log(networkFlow)
+
+	t.Log(packet.Metadata().Length)
+	t.Log(packet.TransportLayer().TransportFlow())
+}
+
+func TestListener_DecodePacket_TCP(t *testing.T) {
+	var packetData = []byte{69, 8, 0, 64, 6, 51, 64, 0, 52, 6, 188, 222, 74, 91, 117, 187, 192, 168, 2, 224, 1, 187, 225, 226, 137, 198, 251, 25, 221, 137, 133, 93, 176, 16, 1, 245, 224, 6, 0, 0, 1, 1, 8, 10, 30, 187, 162, 175, 35, 215, 100, 174, 1, 1, 5, 10, 221, 137, 133, 68, 221, 137, 133, 93}
+
+	var packet = gopacket.NewPacket(packetData, layers.LayerTypeIPv4, gopacket.DecodeOptions{})
+	var networkFlow = packet.NetworkLayer().NetworkFlow()
+	t.Log(networkFlow.Src().Raw(), len(networkFlow.Src().Raw()))
+
+	t.Log(networkFlow)
+
+	t.Log(packet.Metadata().Length)
+	t.Log(packet.TransportLayer().TransportFlow())
+}
+
+func BenchmarkListener_DecodePacket(b *testing.B) {
+	var packetData = []byte{69, 0, 0, 134, 140, 133, 0, 0, 118, 17, 16, 79, 223, 5, 5, 5, 192, 168, 2, 224, 0, 53, 232, 163, 0, 114, 0, 0, 69, 42, 129, 128, 0, 1, 0, 3, 0, 0, 0, 0, 6, 115, 116, 97, 116, 105, 99, 7, 111, 115, 99, 104, 105, 110, 97, 3, 110, 101, 116, 0, 0, 1, 0, 1, 192, 12, 0, 5, 0, 1, 0, 0, 0, 1, 0, 25, 10, 115, 116, 97, 116, 105, 99, 45, 111, 115, 99, 2, 98, 48, 5, 97, 105, 99, 100, 110, 3, 99, 111, 109, 0, 192, 48, 0, 5, 0, 1, 0, 0, 0, 1, 0, 5, 2, 118, 109, 192, 62, 192, 85, 0, 1, 0, 1, 0, 0, 0, 1, 0, 4, 218, 28, 104, 157}
+
+	var decodeOptions = gopacket.DecodeOptions{
+		Lazy:   true,
+		NoCopy: true,
+		//SkipDecodeRecovery: true,
+	}
+
+	for i := 0; i < b.N; i++ {
+		var packet = gopacket.NewPacket(packetData, layers.LayerTypeIPv4, decodeOptions)
+
+		var networkFlow = packet.NetworkLayer().NetworkFlow()
+		var src = networkFlow.Src()
+		var dest = networkFlow.Dst()
+
+		_ = netpackets.IsLocalRawIPv4(src.Raw())
+		_ = netpackets.IsLocalRawIPv4(dest.Raw())
+
+		_ = src.String()
+		_ = dest.String()
+
+		_ = packet.Metadata().Length
+
+		var transportFlow = packet.TransportLayer().TransportFlow()
+		//_ = transportFlow.Src().String()
+		//_ = transportFlow.Dst().String()
+
+		_ = int(binary.BigEndian.Uint16(transportFlow.Src().Raw()))
+		_ = int(binary.BigEndian.Uint16(transportFlow.Dst().Raw()))
+	}
+}
--- a/EdgeNode/internal/utils/netpackets/packet_meta.go
+++ b/EdgeNode/internal/utils/netpackets/packet_meta.go
@@ -0,0 +1,13 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build plus && packet
+
+package netpackets
+
+type PacketMeta struct {
+	LayerType LayerType
+	SrcIP     string
+	SrcPort   int
+	DstIP     string
+	DstPort   int
+	Length    int
+}
--- a/EdgeNode/internal/utils/netpackets/utils.go
+++ b/EdgeNode/internal/utils/netpackets/utils.go
@@ -0,0 +1,18 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package netpackets
+
+// IsLocalRawIPv4 使用原始IP数据判断是否为本地IPv4
+func IsLocalRawIPv4(ip []byte) bool {
+	if len(ip) != 4 {
+		return false
+	}
+	if ip[0] == 127 ||
+		ip[0] == 10 ||
+		(ip[0] == 172 && ip[1]&0xf0 == 16) ||
+		(ip[0] == 192 && ip[1] == 168) {
+		return true
+	}
+
+	return false
+}
--- a/EdgeNode/internal/utils/netpackets/utils_test.go
+++ b/EdgeNode/internal/utils/netpackets/utils_test.go
@@ -0,0 +1,21 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package netpackets_test
+
+import (
+	"github.com/TeaOSLab/EdgeNode/internal/utils/netpackets"
+	"github.com/iwind/TeaGo/assert"
+	"net"
+	"testing"
+)
+
+func TestIsLocalRawIPv4(t *testing.T) {
+	var a = assert.NewAssertion(t)
+
+	a.IsTrue(netpackets.IsLocalRawIPv4(net.ParseIP("192.168.2.100").To4()))
+	a.IsTrue(netpackets.IsLocalRawIPv4(net.ParseIP("127.0.0.1").To4()))
+	a.IsTrue(netpackets.IsLocalRawIPv4(net.ParseIP("172.16.0.1").To4()))
+	a.IsTrue(netpackets.IsLocalRawIPv4(net.ParseIP("10.0.0.1").To4()))
+
+	a.IsFalse(netpackets.IsLocalRawIPv4(net.ParseIP("1.2.3.4").To4()))
+}