269 lines
6.5 KiB
Go
269 lines
6.5 KiB
Go
package mysql
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net"
|
|
"os"
|
|
"sync"
|
|
|
|
"github.com/sagernet/sing-box/adapter"
|
|
"github.com/sagernet/sing-box/adapter/outbound"
|
|
"github.com/sagernet/sing-box/common/dialer"
|
|
C "github.com/sagernet/sing-box/constant"
|
|
"github.com/sagernet/sing-box/log"
|
|
"github.com/sagernet/sing-box/option"
|
|
"github.com/sagernet/sing/common"
|
|
"github.com/sagernet/sing/common/bufio"
|
|
E "github.com/sagernet/sing/common/exceptions"
|
|
"github.com/sagernet/sing/common/logger"
|
|
M "github.com/sagernet/sing/common/metadata"
|
|
N "github.com/sagernet/sing/common/network"
|
|
"github.com/sagernet/smux"
|
|
|
|
"github.com/go-mysql-org/go-mysql/client"
|
|
)
|
|
|
|
func RegisterOutbound(registry *outbound.Registry) {
|
|
outbound.Register[option.MySQLOutboundOptions](registry, C.TypeMySQL, NewOutbound)
|
|
}
|
|
|
|
var _ adapter.InterfaceUpdateListener = (*Outbound)(nil)
|
|
|
|
type Outbound struct {
|
|
outbound.Adapter
|
|
ctx context.Context
|
|
logger logger.ContextLogger
|
|
dialer N.Dialer
|
|
serverAddr M.Socksaddr
|
|
username string
|
|
password string
|
|
tlsConfig *tls.Config
|
|
|
|
sessionAccess sync.Mutex
|
|
session *smux.Session
|
|
sessionConn net.Conn
|
|
}
|
|
|
|
func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.MySQLOutboundOptions) (adapter.Outbound, error) {
|
|
outboundDialer, err := dialer.New(ctx, options.DialerOptions, options.ServerIsDomain())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
outbound := &Outbound{
|
|
Adapter: outbound.NewAdapterWithDialerOptions(C.TypeMySQL, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
|
|
ctx: ctx,
|
|
logger: logger,
|
|
dialer: outboundDialer,
|
|
serverAddr: options.ServerOptions.Build(),
|
|
username: options.Username,
|
|
password: options.Password,
|
|
}
|
|
|
|
if outbound.serverAddr.Port == 0 {
|
|
outbound.serverAddr.Port = 3306
|
|
}
|
|
|
|
if outbound.username == "" {
|
|
outbound.username = "root"
|
|
}
|
|
|
|
// Build TLS config for MySQL client handshake
|
|
if options.TLS != nil && options.TLS.Enabled {
|
|
outbound.tlsConfig = &tls.Config{
|
|
InsecureSkipVerify: options.TLS.Insecure,
|
|
ServerName: options.TLS.ServerName,
|
|
}
|
|
if outbound.tlsConfig.ServerName == "" {
|
|
outbound.tlsConfig.ServerName = options.Server
|
|
}
|
|
} else {
|
|
// Default: use insecure TLS (since this is for tunneling, not real MySQL)
|
|
outbound.tlsConfig = &tls.Config{
|
|
InsecureSkipVerify: true,
|
|
}
|
|
}
|
|
|
|
return outbound, nil
|
|
}
|
|
|
|
func (h *Outbound) getSession() (*smux.Session, error) {
|
|
h.sessionAccess.Lock()
|
|
defer h.sessionAccess.Unlock()
|
|
|
|
if h.session != nil && !h.session.IsClosed() {
|
|
return h.session, nil
|
|
}
|
|
|
|
// Dial TCP connection to server
|
|
conn, err := h.dialer.DialContext(h.ctx, N.NetworkTCP, h.serverAddr)
|
|
if err != nil {
|
|
return nil, E.Cause(err, "dial server")
|
|
}
|
|
|
|
// Perform MySQL handshake with TLS
|
|
mysqlConn, err := client.ConnectWithDialer(
|
|
h.ctx,
|
|
"tcp",
|
|
h.serverAddr.String(),
|
|
h.username,
|
|
h.password,
|
|
"",
|
|
func(ctx context.Context, network, address string) (net.Conn, error) {
|
|
// Return the already-established connection
|
|
return conn, nil
|
|
},
|
|
func(c *client.Conn) error {
|
|
c.SetTLSConfig(h.tlsConfig)
|
|
return nil
|
|
},
|
|
)
|
|
if err != nil {
|
|
conn.Close()
|
|
return nil, E.Cause(err, "MySQL handshake")
|
|
}
|
|
|
|
// After MySQL handshake, the underlying connection is TLS-encrypted.
|
|
// Get the underlying net.Conn.
|
|
tlsConn := mysqlConn.Conn.Conn
|
|
|
|
// Create smux session over the TLS connection
|
|
session, err := smux.Client(tlsConn, smuxConfig())
|
|
if err != nil {
|
|
tlsConn.Close()
|
|
return nil, E.Cause(err, "create mux session")
|
|
}
|
|
|
|
h.session = session
|
|
h.sessionConn = tlsConn
|
|
|
|
go func() {
|
|
// When session is closed, clean up
|
|
<-session.CloseChan()
|
|
h.sessionAccess.Lock()
|
|
if h.session == session {
|
|
h.session = nil
|
|
h.sessionConn = nil
|
|
}
|
|
h.sessionAccess.Unlock()
|
|
tlsConn.Close()
|
|
}()
|
|
|
|
return session, nil
|
|
}
|
|
|
|
func (h *Outbound) openStream(ctx context.Context, command byte, destination M.Socksaddr) (net.Conn, error) {
|
|
session, err := h.getSession()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
stream, err := session.OpenStream()
|
|
if err != nil {
|
|
// Session might be stale, try once more with a new session
|
|
h.sessionAccess.Lock()
|
|
if h.session == session {
|
|
h.session = nil
|
|
if h.sessionConn != nil {
|
|
h.sessionConn.Close()
|
|
h.sessionConn = nil
|
|
}
|
|
}
|
|
h.sessionAccess.Unlock()
|
|
|
|
session, err = h.getSession()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
stream, err = session.OpenStream()
|
|
if err != nil {
|
|
return nil, E.Cause(err, "open mux stream")
|
|
}
|
|
}
|
|
|
|
// Write stream header: command + destination
|
|
_, err = stream.Write([]byte{command})
|
|
if err != nil {
|
|
stream.Close()
|
|
return nil, E.Cause(err, "write stream header command")
|
|
}
|
|
err = M.SocksaddrSerializer.WriteAddrPort(stream, destination)
|
|
if err != nil {
|
|
stream.Close()
|
|
return nil, E.Cause(err, "write stream header destination")
|
|
}
|
|
|
|
return stream, nil
|
|
}
|
|
|
|
func (h *Outbound) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
|
|
switch N.NetworkName(network) {
|
|
case N.NetworkTCP:
|
|
h.logger.InfoContext(ctx, "outbound connection to ", destination)
|
|
return h.openStream(ctx, commandTCP, destination)
|
|
case N.NetworkUDP:
|
|
h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
|
|
conn, err := h.openStream(ctx, commandUDP, destination)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return bufio.NewBindPacketConn(&packetConn{conn}, destination), nil
|
|
default:
|
|
return nil, E.New("unsupported network: ", network)
|
|
}
|
|
}
|
|
|
|
func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
|
|
h.logger.InfoContext(ctx, "outbound packet connection to ", destination)
|
|
conn, err := h.openStream(ctx, commandUDP, destination)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &packetConn{conn}, nil
|
|
}
|
|
|
|
func (h *Outbound) InterfaceUpdated() {
|
|
h.sessionAccess.Lock()
|
|
defer h.sessionAccess.Unlock()
|
|
if h.session != nil {
|
|
h.session.Close()
|
|
h.session = nil
|
|
}
|
|
if h.sessionConn != nil {
|
|
h.sessionConn.Close()
|
|
h.sessionConn = nil
|
|
}
|
|
}
|
|
|
|
func (h *Outbound) Close() error {
|
|
h.sessionAccess.Lock()
|
|
defer h.sessionAccess.Unlock()
|
|
var err error
|
|
if h.session != nil {
|
|
err = h.session.Close()
|
|
h.session = nil
|
|
}
|
|
if h.sessionConn != nil {
|
|
common.Close(h.sessionConn)
|
|
h.sessionConn = nil
|
|
}
|
|
return err
|
|
}
|
|
|
|
// packetConn wraps a net.Conn as a net.PacketConn for UDP-over-TCP
|
|
type packetConn struct {
|
|
net.Conn
|
|
}
|
|
|
|
func (c *packetConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
|
|
n, err = c.Conn.Read(p)
|
|
return
|
|
}
|
|
|
|
func (c *packetConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
|
|
return c.Conn.Write(p)
|
|
}
|
|
|
|
var _ = os.ErrInvalid // keep import
|