router

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2024 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrRejected = errors.New("rejected")

ErrRejected is a special error that indicates the request is rejected.

Functions

This section is empty.

Types

type Config added in v1.2.0 

type Config struct {
	DefaultTCPClientName  string             `json:"defaultTCPClientName"`
	DefaultUDPClientName  string             `json:"defaultUDPClientName"`
	GeoLite2CountryDbPath string             `json:"geoLite2CountryDbPath"`
	DomainSets            []domainset.Config `json:"domainSets"`
	PrefixSets            []prefixset.Config `json:"prefixSets"`
	Routes                []RouteConfig      `json:"routes"`
}

Config is the configuration for a Router.

func (*Config) Router added in v1.2.0 

func (rc *Config) Router(logger *zap.Logger, resolvers []dns.SimpleResolver, resolverMap map[string]dns.SimpleResolver, tcpClientMap map[string]zerocopy.TCPClient, udpClientMap map[string]zerocopy.UDPClient, serverIndexByName map[string]int) (r *Router, err error)

Router creates a router from the RouterConfig.

type Criterion added in v1.5.0 

type Criterion interface {
	// Meet returns whether the request meets the criterion.
	Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)
}

Criterion is used by Route to determine whether a request matches the route.

type CriterionGroupOR added in v1.5.0 

type CriterionGroupOR struct {
	Criteria []Criterion
}

CriterionGroupOR groups multiple criteria together with OR logic.

func (*CriterionGroupOR) AddCriterion added in v1.5.0 

func (g *CriterionGroupOR) AddCriterion(criterion Criterion, invert bool)

AddCriterion adds a criterion to the group.

func (CriterionGroupOR) AppendTo added in v1.5.0 

func (g CriterionGroupOR) AppendTo(criteria []Criterion) []Criterion

AppendTo appends the group to the criterion slice. When there are more than one criterion in the group, the group itself is appended. When there is only one criterion in the group, the criterion is appended directly. When there are no criteria in the group, the criterion slice is returned unchanged.

func (CriterionGroupOR) Criterion added in v1.5.0 

func (g CriterionGroupOR) Criterion() Criterion

Criterion returns a single criterion that represents the group, or nil if the group is empty.

func (CriterionGroupOR) Meet added in v1.5.0 

func (g CriterionGroupOR) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet returns whether the request meets any of the criteria.

type DestDomainCriterion added in v1.5.0 

type DestDomainCriterion []domainset.DomainSet

DestDomainCriterion restricts the destination domain.

func (DestDomainCriterion) Meet added in v1.5.0 

func (c DestDomainCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestDomainExpectedIPCriterion added in v1.5.0 

type DestDomainExpectedIPCriterion struct {
	// contains filtered or unexported fields
}

DestDomainExpectedIPCriterion restricts the destination domain and its resolved IP address.

func (DestDomainExpectedIPCriterion) Meet added in v1.5.0 

func (c DestDomainExpectedIPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestGeoIPCountryCriterion added in v1.5.0 

type DestGeoIPCountryCriterion struct {
	// contains filtered or unexported fields
}

DestGeoIPCountryCriterion restricts the destination IP address by GeoIP country.

func (DestGeoIPCountryCriterion) Meet added in v1.5.0 

func (c DestGeoIPCountryCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestIPCriterion added in v1.5.0 

type DestIPCriterion netipx.IPSet

DestIPCriterion restricts the destination IP address.

func (*DestIPCriterion) Meet added in v1.5.0 

func (c *DestIPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestPortCriterion added in v1.5.0 

type DestPortCriterion uint16

DestPortCriterion restricts the destination port.

func (DestPortCriterion) Meet added in v1.5.0 

func (c DestPortCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestPortRangeSetCriterion added in v1.7.0 

type DestPortRangeSetCriterion portset.PortRangeSet

DestPortRangeSetCriterion restricts the destination port to ports in a port range set.

func (DestPortRangeSetCriterion) Meet added in v1.7.0 

func (c DestPortRangeSetCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestPortSetCriterion added in v1.7.0 

type DestPortSetCriterion portset.PortSet

DestPortSetCriterion restricts the destination port to ports in a port set.

func (*DestPortSetCriterion) Meet added in v1.7.0 

func (c *DestPortSetCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestResolvedGeoIPCountryCriterion added in v1.5.0 

type DestResolvedGeoIPCountryCriterion struct {
	// contains filtered or unexported fields
}

DestResolvedGeoIPCountryCriterion restricts the destination IP address or the destination domain's resolved IP address by GeoIP country.

func (DestResolvedGeoIPCountryCriterion) Meet added in v1.5.0 

func (c DestResolvedGeoIPCountryCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type DestResolvedIPCriterion added in v1.5.0 

type DestResolvedIPCriterion struct {
	// contains filtered or unexported fields
}

DestResolvedIPCriterion restricts the destination IP address or the destination domain's resolved IP address.

func (DestResolvedIPCriterion) Meet added in v1.5.0 

func (c DestResolvedIPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type InvertedCriterion added in v1.5.0 

type InvertedCriterion struct {
	Inner Criterion
}

InvertedCriterion is like the inner criterion, but inverted.

func (InvertedCriterion) Meet added in v1.5.0 

func (c InvertedCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type NetworkTCPCriterion added in v1.5.0 

type NetworkTCPCriterion struct{}

NetworkTCPCriterion restricts the network to TCP.

func (NetworkTCPCriterion) Meet added in v1.5.0 

func (NetworkTCPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type NetworkUDPCriterion added in v1.5.0 

type NetworkUDPCriterion struct{}

NetworkUDPCriterion restricts the network to UDP.

func (NetworkUDPCriterion) Meet added in v1.5.0 

func (NetworkUDPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type RequestInfo added in v1.6.0 

type RequestInfo struct {
	ServerIndex    int
	Username       string
	SourceAddrPort netip.AddrPort
	TargetAddr     conn.Addr
}

RequestInfo contains information about a request that can be met by one or more criteria.

type Route 

type Route struct {
	// contains filtered or unexported fields
}

Route controls which client a request is routed to.

func (*Route) AddCriterion added in v1.5.0 

func (r *Route) AddCriterion(criterion Criterion, invert bool)

AddCriterion adds a criterion to the route.

func (*Route) Match added in v1.5.0 

func (r *Route) Match(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Match returns whether the request matches the route.

func (*Route) String added in v1.5.0 

func (r *Route) String() string

String returns the name of the route.

func (*Route) TCPClient added in v1.5.0 

func (r *Route) TCPClient() (zerocopy.TCPClient, error)

TCPClient returns the TCP client to use for the request.

func (*Route) UDPClient added in v1.5.0 

func (r *Route) UDPClient() (zerocopy.UDPClient, error)

UDPClient returns the UDP client to use for the request.

type RouteConfig 

type RouteConfig struct {
	// Name of this route. Used in logs to identify matched routes.
	Name string `json:"name"`

	// Apply this route to "tcp" or "udp" only. If empty, match all requests.
	Network string `json:"network"`

	// Route matched requests to this client. Must not be empty.
	Client string `json:"client"`

	// When matching a domain target to IP prefixes, use this resolver to resolve the domain name.
	// If unspecified, use all resolvers by order.
	Resolver string `json:"resolver"`

	// Match requests from these servers. If empty, match all requests.
	FromServers []string `json:"fromServers"`

	// Match requests from these users. If empty, match all requests.
	FromUsers []string `json:"fromUsers"`

	// Match requests from these ports. If empty, match all requests.
	FromPorts []uint16 `json:"fromPorts"`

	// Match requests from these ports and port ranges. If empty, match all requests.
	FromPortRanges string `json:"fromPortRanges"`

	// Match requests from IP addresses in these prefixes. If empty, match all requests.
	FromPrefixes []netip.Prefix `json:"fromPrefixes"`

	// Match requests from IP addresses in these prefix sets. If empty, match all requests.
	FromPrefixSets []string `json:"fromPrefixSets"`

	// Match requests from IP addresses in these countries. If empty, match all requests.
	FromGeoIPCountries []string `json:"fromGeoIPCountries"`

	// Match requests to these ports. If empty, match all requests.
	ToPorts []uint16 `json:"toPorts"`

	// Match requests to these ports and port ranges. If empty, match all requests.
	ToPortRanges string `json:"toPortRanges"`

	// Match requests to these domain targets. If empty, match all requests.
	ToDomains []string `json:"toDomains"`

	// Match requests to domains in these domain sets. If empty, match all requests.
	ToDomainSets []string `json:"toDomainSets"`

	// Require the matched domain target to resolve to IP addresses in these prefixes.
	ToMatchedDomainExpectedPrefixes []netip.Prefix `json:"toMatchedDomainExpectedPrefixes"`

	// Require the matched domain target to resolve to IP addresses in these prefix sets.
	ToMatchedDomainExpectedPrefixSets []string `json:"toMatchedDomainExpectedPrefixSets"`

	// Require the matched domain target to resolve to IP addresses in these countries.
	ToMatchedDomainExpectedGeoIPCountries []string `json:"toMatchedDomainExpectedGeoIPCountries"`

	// Match requests to IP addresses in these prefixes. If empty, match all requests.
	ToPrefixes []netip.Prefix `json:"toPrefixes"`

	// Match requests to IP addresses in these prefix sets. If empty, match all requests.
	ToPrefixSets []string `json:"toPrefixSets"`

	// Match requests to IP addresses in these countries. If empty, match all requests.
	ToGeoIPCountries []string `json:"toGeoIPCountries"`

	// Do not resolve destination domains to match IP rules.
	DisableNameResolutionForIPRules bool `json:"disableNameResolutionForIPRules"`

	// Invert source server matching logic. Match requests from all servers except those in FromServers.
	InvertFromServers bool `json:"invertFromServers"`

	// Invert source user matching logic. Match requests from all users except those in FromUsers.
	InvertFromUsers bool `json:"invertFromUsers"`

	// Invert source IP prefix matching logic. Match requests from all IP prefixes except those in FromPrefixes or FromPrefixSets.
	InvertFromPrefixes bool `json:"invertFromPrefixes"`

	// Invert source GeoIP country matching logic. Match requests from all countries except those in FromGeoIPCountries.
	InvertFromGeoIPCountries bool `json:"invertFromGeoIPCountries"`

	// Invert source port matching logic. Match requests from all ports except those in FromPorts.
	InvertFromPorts bool `json:"invertFromPorts"`

	// Invert destination domain matching logic. Match requests to all domains except those in ToDomains or ToDomainSets.
	InvertToDomains bool `json:"invertToDomains"`

	// Invert destination domain expected prefix matching logic. Match requests to all domains except those whose resolved IP addresses are in ToMatchedDomainExpectedPrefixes or ToMatchedDomainExpectedPrefixSets.
	InvertToMatchedDomainExpectedPrefixes bool `json:"invertToMatchedDomainExpectedPrefixes"`

	// Invert destination domain expected GeoIP country matching logic. Match requests to all domains except those whose resolved IP addresses are in ToMatchedDomainExpectedGeoIPCountries.
	InvertToMatchedDomainExpectedGeoIPCountries bool `json:"invertToMatchedDomainExpectedGeoIPCountries"`

	// Invert destination IP prefix matching logic. Match requests to all IP prefixes except those in ToPrefixes or ToPrefixSets.
	InvertToPrefixes bool `json:"invertToPrefixes"`

	// Invert destination GeoIP country matching logic. Match requests to all countries except those in ToGeoIPCountries.
	InvertToGeoIPCountries bool `json:"invertToGeoIPCountries"`

	// Invert destination port matching logic. Match requests to all ports except those in ToPorts.
	InvertToPorts bool `json:"invertToPorts"`
}

RouteConfig is a routing rule.

func (*RouteConfig) Route 

func (rc *RouteConfig) Route(geoip *geoip2.Reader, logger *zap.Logger, resolvers []dns.SimpleResolver, resolverMap map[string]dns.SimpleResolver, tcpClientMap map[string]zerocopy.TCPClient, udpClientMap map[string]zerocopy.UDPClient, serverIndexByName map[string]int, domainSetMap map[string]domainset.DomainSet, prefixSetMap map[string]*netipx.IPSet) (Route, error)

Route creates a route from the RouteConfig.

type Router 

type Router struct {
	// contains filtered or unexported fields
}

Router looks up the destination client for requests received by servers.

func (*Router) Close added in v1.5.0 

func (r *Router) Close() error

Close closes the router.

func (*Router) GetTCPClient 

func (r *Router) GetTCPClient(ctx context.Context, requestInfo RequestInfo) (zerocopy.TCPClient, error)

GetTCPClient returns the zerocopy.TCPClient for a TCP request received by server from sourceAddrPort to targetAddr.

func (*Router) GetUDPClient 

func (r *Router) GetUDPClient(ctx context.Context, requestInfo RequestInfo) (zerocopy.UDPClient, error)

GetUDPClient returns the zerocopy.UDPClient for a UDP session received by server. The first received packet of the session is from sourceAddrPort to targetAddr.

type SourceGeoIPCountryCriterion added in v1.5.0 

type SourceGeoIPCountryCriterion struct {
	// contains filtered or unexported fields
}

SourceGeoIPCountryCriterion restricts the source IP address by GeoIP country.

func (SourceGeoIPCountryCriterion) Meet added in v1.5.0 

func (c SourceGeoIPCountryCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourceIPCriterion added in v1.5.0 

type SourceIPCriterion netipx.IPSet

SourceIPCriterion restricts the source IP address.

func (*SourceIPCriterion) Meet added in v1.5.0 

func (c *SourceIPCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourcePortCriterion added in v1.5.0 

type SourcePortCriterion uint16

SourcePortCriterion restricts the source port.

func (SourcePortCriterion) Meet added in v1.5.0 

func (c SourcePortCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourcePortRangeSetCriterion added in v1.7.0 

type SourcePortRangeSetCriterion portset.PortRangeSet

SourcePortRangeSetCriterion restricts the source port to ports in a port range set.

func (SourcePortRangeSetCriterion) Meet added in v1.7.0 

func (c SourcePortRangeSetCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourcePortSetCriterion added in v1.7.0 

type SourcePortSetCriterion portset.PortSet

SourcePortSetCriterion restricts the source port to ports in a port set.

func (*SourcePortSetCriterion) Meet added in v1.7.0 

func (c *SourcePortSetCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourceServerCriterion added in v1.5.0 

type SourceServerCriterion bitset.BitSet

SourceServerCriterion restricts the source server.

func (SourceServerCriterion) Meet added in v1.5.0 

func (c SourceServerCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

type SourceUserCriterion added in v1.6.0 

type SourceUserCriterion []string

SourceUserCriterion restricts the source user.

func (SourceUserCriterion) Meet added in v1.6.0 

func (c SourceUserCriterion) Meet(ctx context.Context, network protocol, requestInfo RequestInfo) (bool, error)

Meet implements the Criterion Meet method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.