From 754c81e1b0696d3d840ef25ced6179c16ebb2872 Mon Sep 17 00:00:00 2001 From: xjdrew Date: Tue, 26 Dec 2023 15:59:49 +0800 Subject: [PATCH] feat: reload rule by manager --- CHANGELOG.md | 13 +++ README.md | 13 +-- cmd/kone/main.go | 19 ++-- config.go | 13 ++- dns_table.go | 13 ++- manager.go | 58 +++++++++- misc/example/example.ini | 239 --------------------------------------- one.go | 8 +- proxy/proxy.go | 5 - tcp_relay.go | 13 ++- tun.go | 1 + udp_relay.go | 17 +-- 12 files changed, 127 insertions(+), 285 deletions(-) create mode 100644 CHANGELOG.md delete mode 100644 misc/example/example.ini diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..fe97206 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,13 @@ +# 2023/12/26 +- [x] feat: upgrade to surge like config +- [x] feat: support windows 10 +- [x] tech: merge proxy code +- [x] feat: reload rule by manager: curl http://127.0.0.1:9200/reload + +# plan +- [ ] feat: default hijack dns query +- [ ] feat: show process name of network +- [ ] bug: traffic will be endless loop if proxy's ip use proxy by rule +- [ ] feat: support ss protocol +- [ ] feat: support IPv6 +- [ ] feat: update GEOIP database \ No newline at end of file diff --git a/README.md b/README.md index 4306a05..c6f9e28 100644 --- a/README.md +++ b/README.md @@ -26,16 +26,9 @@ The default web status port is 9200 , just visit http://localhost:9200/ to check ## Documents -* [how to use with Raspberry Pi (在树莓派上使用kone)](./misc/docs/how-to-use-with-raspberry-pi.md) -* [how to use kone in an ENT network (企业网中如何使用kone)](./misc/docs/kone-in-ent-network.md) -* [how to make gotunnel & kone work together(gotunnel和kone的珠联璧合)](./misc/docs/gotunnel-kone-work-together.md) +* [how to use with Raspberry Pi](./misc/docs/how-to-use-with-raspberry-pi.md) +* [how to use kone in an ENT network](./misc/docs/kone-in-ent-network.md) +* [how to make gotunnel & kone work together](./misc/docs/gotunnel-kone-work-together.md) ## License The MIT License (MIT) Copyright (c) 2016 xjdrew - -## todo -- [x] upgrade to surge like config -- [x] support windows 10 -- [ ] merge proxy code -- [ ] default hijack dns query -- [ ] show process name of network diff --git a/cmd/kone/main.go b/cmd/kone/main.go index b5b17ae..9c8cf29 100644 --- a/cmd/kone/main.go +++ b/cmd/kone/main.go @@ -18,18 +18,11 @@ var VERSION = "0.3-dev" var logger = logging.MustGetLogger("kone") -func InitLogger(debug bool) { - format := logging.MustStringFormatter( +func init() { + logging.SetFormatter(logging.MustStringFormatter( `%{color}%{time:06-01-02 15:04:05.000} %{level:.4s} @%{shortfile}%{color:reset} %{message}`, - ) - logging.SetFormatter(format) + )) logging.SetBackend(logging.NewLogBackend(os.Stdout, "", 0)) - - if debug { - logging.SetLevel(logging.DEBUG, "kone") - } else { - logging.SetLevel(logging.INFO, "kone") - } } func main() { @@ -43,7 +36,11 @@ func main() { os.Exit(1) } - InitLogger(*debug) + if *debug { + logging.SetLevel(logging.DEBUG, "kone") + } else { + logging.SetLevel(logging.INFO, "kone") + } configFile := *config if configFile == "" { diff --git a/config.go b/config.go index 462aca3..f2c0348 100644 --- a/config.go +++ b/config.go @@ -13,6 +13,10 @@ import ( "gopkg.in/ini.v1" ) +func init() { + ini.PrettyFormat = true +} + const ( HTTP_PROXY = "http_proxy" HTTPS_PROXY = "https_proxy" @@ -48,6 +52,9 @@ type RuleConfig struct { } type KoneConfig struct { + source interface{} // config source: file name or raw ini data + inif *ini.File // parsed ini file + General GeneralConfig Core CoreConfig Proxy map[string]string @@ -87,8 +94,9 @@ func (cfg *KoneConfig) check() (err error) { return nil } -func ParseConfig(filename interface{}) (*KoneConfig, error) { +func ParseConfig(source interface{}) (*KoneConfig, error) { cfg := new(KoneConfig) + cfg.source = source // set default value cfg.Core.Network = "10.192.0.1/16" @@ -107,11 +115,12 @@ func ParseConfig(filename interface{}) (*KoneConfig, error) { cfg.Core.DnsWriteTimeout = DnsDefaultWriteTimeout // decode config value - f, err := ini.LoadSources(ini.LoadOptions{AllowBooleanKeys: true, KeyValueDelimiters: "="}, filename) + f, err := ini.LoadSources(ini.LoadOptions{AllowBooleanKeys: true, KeyValueDelimiters: "="}, source) if err != nil { logger.Errorf("%v", err) return nil, err } + cfg.inif = f err = f.MapTo(cfg) if err != nil { diff --git a/dns_table.go b/dns_table.go index 4694d3f..132032b 100644 --- a/dns_table.go +++ b/dns_table.go @@ -156,11 +156,21 @@ func (c *DnsTable) clearExpiredNonProxyDomain(now time.Time) { for domain, expired := range c.nonProxyDomains { if expired.Before(now) { delete(c.nonProxyDomains, domain) - logger.Debugf("[dns] release non proxy domain: %s", domain) + logger.Debugf("[dns] release expired non proxy domain: %s", domain) } } } +func (c *DnsTable) ClearNonProxyDomain() { + c.npdLock.Lock() + defer c.npdLock.Unlock() + for domain := range c.nonProxyDomains { + delete(c.nonProxyDomains, domain) + logger.Debugf("[dns] release non proxy domain: %s", domain) + + } +} + func (c *DnsTable) clearExpiredDomain(now time.Time) { c.recordsLock.Lock() defer c.recordsLock.Unlock() @@ -189,6 +199,7 @@ func (c *DnsTable) Serve() error { tick := time.NewTicker(60 * time.Second) for now := range tick.C { c.clearExpiredDomain(now) + //TODO: is it necessary? c.clearExpiredNonProxyDomain(now) } return nil diff --git a/manager.go b/manager.go index 32059e0..a597b72 100644 --- a/manager.go +++ b/manager.go @@ -183,6 +183,24 @@ table th.title { {{template "footer" .}} {{end}} + + +{{define "config"}} +{{template "header" .}} +

Config

+ + + + + + + + +
Source
{{.Source}}
+{{template "footer" .}} +{{end}} ` // statistical data of every connection @@ -212,6 +230,7 @@ type TrafficRecord struct { type Manager struct { one *One + cfg *KoneConfig startTime time.Time // process start time listen string tmpl *template.Template @@ -255,6 +274,8 @@ func (m *Manager) indexHandle(w io.Writer, r *http.Request) error { "/website/", "/proxy/", "/dns/", + "/reload/", + "/config/", }, }) } @@ -343,6 +364,34 @@ func (m *Manager) dnsHandle(w io.Writer, r *http.Request) error { }) } +func (m *Manager) reloadHandle(w io.Writer, r *http.Request) error { + logger.Infof("[manager] reload config") + newcfg, err := ParseConfig(m.cfg.source) + if err != nil { + return err + } + + err = m.one.Reload(newcfg) + if err != nil { + return err + } + + m.cfg = newcfg + w.Write([]byte("reload succeed")) + return nil +} + +func (m *Manager) configHandle(w io.Writer, r *http.Request) error { + b := bytes.NewBuffer([]byte{}) + m.cfg.inif.WriteTo(b) + + return m.tmpl.ExecuteTemplate(w, "config", map[string]interface{}{ + "Title": "Config", + "RuleCount": len(m.cfg.Rule), + "Source": string(b.Bytes()), + }) +} + // statistical data api func (m *Manager) consumeData() { accumulate := func(s map[string]*TrafficRecord, name string, endpoint string, upload int64, download int64, now time.Time) { @@ -394,14 +443,16 @@ func (m *Manager) Serve() error { http.HandleFunc("/website/", handleWrapper(m.websiteHandle)) http.HandleFunc("/proxy/", handleWrapper(m.proxyHandle)) http.HandleFunc("/dns/", handleWrapper(m.dnsHandle)) + http.HandleFunc("/reload/", handleWrapper(m.reloadHandle)) + http.HandleFunc("/config/", handleWrapper(m.configHandle)) go m.consumeData() logger.Infof("[manager] listen on: %s", m.listen) return http.ListenAndServe(m.listen, nil) } -func NewManager(one *One, cfg GeneralConfig) *Manager { - if cfg.ManagerAddr == "" { +func NewManager(one *One, cfg *KoneConfig) *Manager { + if cfg.General.ManagerAddr == "" { return nil } @@ -441,8 +492,9 @@ func NewManager(one *One, cfg GeneralConfig) *Manager { return &Manager{ one: one, + cfg: cfg, startTime: time.Now(), - listen: cfg.ManagerAddr, + listen: cfg.General.ManagerAddr, dataCh: make(chan ConnData), hosts: make(map[string]*TrafficRecord), websites: make(map[string]*TrafficRecord), diff --git a/misc/example/example.ini b/misc/example/example.ini deleted file mode 100644 index 3699337..0000000 --- a/misc/example/example.ini +++ /dev/null @@ -1,239 +0,0 @@ -[general] -# outbound network interface -#out = eth0 - -# virtual network -# tun name, auto allocate if not set -# DEFAULT VALUE: "" -# tun = tun0 - -# inet addr/mask -# DEFAULT VALUE: 10.192.0.1/16 -# if a domain matches a pattern and the pattern uses proxy -# the domain will be hijacked to the virtual network -network = 10.192.0.1/16 - -# nat config -[tcp] -#listen-port = 82 -#nat-port-start = 10000 -#nat-port-end = 60000 - -[udp] -#listen-port = 82 -#nat-port-start = 10000 -#nat-port-end = 60000 - -[dns] -# DEFAULT VALUE: 53 -# dns-port = 53 - -# backend dns -# DEFAULT VALUE: 114.114.114.114, 223.5.5.5 -# nameserver = 114.114.114.114 -# nameserver = 223.5.5.5 - -# dns-ttl = 600 -# dns-packet-size = 4096 -# dns-read-timeout = 5 -# dns-write-timeout = 5 - -# set tun0 as default gate for this ip -[route] -# telegram -v = 91.108.0.0/16 -v = 149.154.0.0/16 - -# define a proxy named "A" -[proxy "A"] -url = http://example.com:3228 -default = yes - -# define a proxy named "B" -# [proxy "B"] -# url = socks5://example.com:2080 - -# define a pattern and outbound proxy -# if don't set proxy, packets will be sent to target directly -[pattern "direct-website"] -scheme = DOMAIN-SUFFIX -v = cn -v = 126.net -v = 163.com -v = appldnld.apple.com -v = adcdownload.apple.com -v = alicdn.com -v = amap.com -v = bdimg.com -v = bdstatic.com -v = cnbeta.com -v = cnzz.com -v = douban.com -v = gtimg.com -v = hao123.com -v = haosou.com -v = icloud-content.com -v = ifeng.com -v = iqiyi.com -v = jd.com -v = lcdn-registration.apple.com -v = ls.apple.com -v = netease.com -v = phobos.apple.com -v = qhimg.com -v = qq.com -v = sogou.com -v = sohu.com -v = soso.com -v = suning.com -v = swcdn.apple.com -v = tmall.com -v = tudou.com -v = weibo.com -v = xunlei.com -v = youku.com -v = zhihu.com - -[pattern "direct-website-keyword"] -scheme = DOMAIN-KEYWORD -v = 360buy -v = alipay -v = baidu -v = qiyi -v = sohu -v = taobao - -[pattern "proxy-website"] -proxy = A -scheme = DOMAIN-SUFFIX -v = appspot.com -v = t.co,Proxy -v = twimg.com -v = amazonaws.com -v = android.com -v = angularjs.org -v = akamaihd.net -v = bit.ly -v = bitbucket.org -v = blog.com -v = blogcdn.com -v = blogger.com -v = blogsmithmedia.com -v = box.net -v = bloomberg.com -v = chromium.org -v = cl.ly -v = cloudfront.net -v = cloudflare.com -v = cocoapods.org -v = crashlytics.com -v = dribbble.com -v = dropbox.com -v = dropboxstatic.com -v = dropboxusercontent.com -v = docker.com -v = duckduckgo.com -v = digicert.com -v = dnsimple.com -v = edgecastcdn.net -v = engadget.com -v = eurekavpt.com -v = fb.me -v = fbcdn.net -v = fc2.com -v = feedburner.com -v = fabric.io -v = flickr.com -v = fastly.net -v = ggpht.com -v = github.com -v = github.io -v = githubusercontent.com -v = golang.org -v = goo.gl -v = gstatic.com -v = godaddy.com -v = gravatar.com -v = imageshack.us -v = imgur.com -v = jshint.com -v = ift.tt -v = itunes.com -v = j.mp -v = kat.cr -v = linode.com -v = linkedin.com -v = licdn.com -v = lithium.com -v = megaupload.com -v = mobile01.com -v = modmyi.com -v = mzstatic.com -v = nytimes.com -v = name.com -v = openvpn.net -v = openwrt.org -v = ow.ly -v = pinboard.in -v = ssl-images-amazon.com -v = sstatic.net -v = stackoverflow.com -v = staticflickr.com -v = squarespace.com -v = symcd.com -v = symcb.com -v = symauth.com -v = ubnt.com -v = thepiratebay.org -v = tumblr.com -v = twitch.tv -v = wikipedia.com -v = wikipedia.org -v = wikimedia.org -v = wordpress.com -v = wsj.com -v = wsj.net -v = wp.com -v = vimeo.com -v = youtu.be -v = ytimg.com - -[pattern "proxy-website-keyword"] -proxy = A -scheme = DOMAIN-KEYWORD -v = google -v = gmail -v = facebook -v = instagram -v = twitter -v = youtube -v = blogspot - -[pattern "internal-ip"] -scheme = IP-CIDR -v = 10.0.0.0/8 -v = 127.0.0.1/8 -v = 172.16.0.0/16 -v = 192.168.0.0/16 - -[pattern "direct-country"] -scheme = IP-COUNTRY -v = CN - -[pattern "proxy-country"] -proxy = A -scheme = IP-COUNTRY -v = US -v = HK - -# rules define the order of checking pattern -[rule] -pattern = direct-website -pattern = direct-website-keyword -pattern = proxy-website -pattern = proxy-website-keyword -pattern = internal-ip -pattern = direct-country -# set to a proxy for domaines that don't match any pattern -# DEFAULT VALUE: "" -final = A diff --git a/one.go b/one.go index cbcbbd2..36489bb 100644 --- a/one.go +++ b/one.go @@ -55,6 +55,12 @@ func (one *One) Serve() { wg.Wait() } +func (one *One) Reload(cfg *KoneConfig) error { + one.rule = NewRule(cfg.Rule) + one.dnsTable.ClearNonProxyDomain() + return nil +} + func FromConfig(cfg *KoneConfig) (*One, error) { ip, subnet, _ := net.ParseCIDR(cfg.Core.Network) @@ -104,6 +110,6 @@ func FromConfig(cfg *KoneConfig) (*One, error) { } // new manager - one.manager = NewManager(one, cfg.General) + one.manager = NewManager(one, cfg) return one, nil } diff --git a/proxy/proxy.go b/proxy/proxy.go index e8be54b..115afa8 100644 --- a/proxy/proxy.go +++ b/proxy/proxy.go @@ -9,12 +9,8 @@ import ( "errors" "net" "net/url" - - "github.com/op/go-logging" ) -var logger = logging.MustGetLogger("kone") - // A Dialer is a means to establish a connection. type Dialer interface { // Dial connects to the given address via the proxy. @@ -29,7 +25,6 @@ var proxySchemes = make(map[string]func(*url.URL, Dialer) (Dialer, error)) // a URL with that scheme and a forwarding Dialer. Registered schemes are used // by FromURL. func registerDialerType(scheme string, f func(*url.URL, Dialer) (Dialer, error)) { - logger.Debugf("register proxy schema %s", scheme) proxySchemes[scheme] = f } diff --git a/tcp_relay.go b/tcp_relay.go index 98877d9..0f868fd 100644 --- a/tcp_relay.go +++ b/tcp_relay.go @@ -34,7 +34,7 @@ func (r *TCPRelay) realRemoteHost(conn net.Conn, connData *ConnData) (addr strin session := r.nat.getSession(remotePort) if session == nil { - logger.Errorf("[tcp] %s > %s no session", conn.LocalAddr(), remoteAddr) + logger.Errorf("[tcp relay] %s > %s no session", conn.LocalAddr(), remoteAddr) return } @@ -45,7 +45,7 @@ func (r *TCPRelay) realRemoteHost(conn net.Conn, connData *ConnData) (addr strin if one.dnsTable.IsLocalIP(dstIP) { // for dns hijacked traffic record := one.dnsTable.GetByIP(dstIP) if record == nil { - logger.Debugf("[tcp] %s:%d > %s:%d dns expired", session.srcIP, session.srcPort, dstIP, session.dstPort) + logger.Debugf("[tcp relay] %s:%d > %s:%d dns expired", session.srcIP, session.srcPort, dstIP, session.dstPort) return } @@ -61,7 +61,7 @@ func (r *TCPRelay) realRemoteHost(conn net.Conn, connData *ConnData) (addr strin connData.Proxy = proxy addr = fmt.Sprintf("%s:%d", host, session.dstPort) - logger.Debugf("[tcp] tunnel %s:%d > %s proxy %q", session.srcIP, session.srcPort, addr, proxy) + logger.Debugf("[tcp relay] tunnel %s:%d > %s proxy %q", session.srcIP, session.srcPort, addr, proxy) return } @@ -108,19 +108,20 @@ func (r *TCPRelay) Serve() error { addr := &net.TCPAddr{IP: r.relayIP, Port: int(r.relayPort)} ln, err := net.ListenTCP("tcp", addr) if err != nil { + logger.Errorf("[tcp relay] listen failed: %v", err) return err } - logger.Infof("[tcp] listen on %v", addr) + logger.Infof("[tcp relay] listen on %v", addr) for { conn, err := ln.AcceptTCP() if err != nil { - logger.Errorf("acceept failed temporary: %v", err) + logger.Errorf("[tcp relay] acceept failed temporary: %v", err) time.Sleep(time.Second) //prevent log storms continue } - logger.Debugf("[tcp] new connection [%s > %s]", conn.RemoteAddr(), conn.LocalAddr()) + logger.Debugf("[tcp relay] new connection [%s > %s]", conn.RemoteAddr(), conn.LocalAddr()) go r.handleConn(conn) } } diff --git a/tun.go b/tun.go index a5c22c0..34c0126 100644 --- a/tun.go +++ b/tun.go @@ -28,6 +28,7 @@ func (tun *TunDriver) Serve() error { for { n, err := ifce.Read(buffer) if err != nil { + logger.Errorf("[tun] read failed: %v", err) return err } diff --git a/udp_relay.go b/udp_relay.go index 08ea7f6..ee5529b 100644 --- a/udp_relay.go +++ b/udp_relay.go @@ -77,7 +77,7 @@ func (r *UDPRelay) grabTunnel(localConn *net.UDPConn, cliaddr *net.UDPAddr) *UDP srvaddr := &net.UDPAddr{IP: record.RealIP, Port: int(session.dstPort)} remoteConn, err := net.DialUDP("udp", nil, srvaddr) if err != nil { - logger.Errorf("[udp] connect to %s failed: %v", srvaddr, err) + logger.Errorf("[udp relay] connect to %s failed: %v", srvaddr, err) return nil } tunnel = &UDPTunnel{ @@ -88,16 +88,16 @@ func (r *UDPRelay) grabTunnel(localConn *net.UDPConn, cliaddr *net.UDPAddr) *UDP remoteConn: remoteConn, } - logger.Debugf("[udp] %s:%d > %v: new tunnel", session.srcIP, session.srcPort, srvaddr) + logger.Debugf("[udp relay] %s:%d > %v: new tunnel", session.srcIP, session.srcPort, srvaddr) r.tunnels[addr] = tunnel go func() { err := tunnel.Pump() if err != nil { - logger.Debugf("[udp] pump to %v failed: %v", tunnel.remoteConn.RemoteAddr(), err) + logger.Debugf("[udp relay] pump to %v failed: %v", tunnel.remoteConn.RemoteAddr(), err) } tunnel.remoteConn.Close() - logger.Debugf("[udp] %s:%d > %v: destroy tunnel", tunnel.session.srcIP, tunnel.session.srcPort, srvaddr) + logger.Debugf("[udp relay] %s:%d > %v: destroy tunnel", tunnel.session.srcIP, tunnel.session.srcPort, srvaddr) r.lock.Lock() delete(r.tunnels, addr) @@ -111,12 +111,12 @@ func (r *UDPRelay) grabTunnel(localConn *net.UDPConn, cliaddr *net.UDPAddr) *UDP func (r *UDPRelay) handlePacket(localConn *net.UDPConn, cliaddr *net.UDPAddr, packet []byte) { tunnel := r.grabTunnel(localConn, cliaddr) if tunnel == nil { - logger.Errorf("[udp] %v > %v: grap tunnel failed", cliaddr, localConn.LocalAddr()) + logger.Errorf("[udp relay %v > %v: grap tunnel failed", cliaddr, localConn.LocalAddr()) return } _, err := tunnel.Write(packet) if err != nil { - logger.Debugf("[udp] %v", err) + logger.Debugf("[udp relay] tunnel write failed: %v", err) } } @@ -124,6 +124,7 @@ func (r *UDPRelay) Serve() error { addr := &net.UDPAddr{IP: r.relayIP, Port: int(r.relayPort)} conn, err := net.ListenUDP("udp", addr) if err != nil { + logger.Errorf("[udp relay] listen failed: %v", err) return err } @@ -131,7 +132,9 @@ func (r *UDPRelay) Serve() error { b := make([]byte, MTU) n, cliaddr, err := conn.ReadFromUDP(b) if err != nil { - return err + logger.Errorf("[udp relay] acceept failed temporary: %v", err) + time.Sleep(time.Second) //prevent log storms + continue } go r.handlePacket(conn, cliaddr, b[:n]) }