Update On Fri May 24 20:29:34 CEST 2024

2025-12-24 13:28:37 +08:00 · 2024-05-24 20:29:35 +02:00
parent 731e52aa6b
commit 9adfb6d1a0
101 changed files with 1892 additions and 1099 deletions
--- a/echo/internal/constant/constant.go
+++ b/echo/internal/constant/constant.go
@@ -16,6 +16,8 @@ var (
 const (
 	DialTimeOut = 3 * time.Second

+	SniffTimeOut = 300 * time.Millisecond
+
 	SmuxGCDuration       = 30 * time.Second
 	SmuxMaxAliveDuration = 10 * time.Minute
 	SmuxMaxStreamCnt     = 5
--- a/echo/internal/relay/conf/cfg.go
+++ b/echo/internal/relay/conf/cfg.go
@@ -10,6 +10,11 @@ import (
 	"go.uber.org/zap"
 )

+const (
+	ProtocolHTTP = "http"
+	ProtocolTLS  = "tls"
+)
+
 type Config struct {
 	Listen        string   `json:"listen"`
 	ListenType    string   `json:"listen_type"`
@@ -17,8 +22,9 @@ type Config struct {
 	TCPRemotes    []string `json:"tcp_remotes"`
 	UDPRemotes    []string `json:"udp_remotes"`

-	Label         string `json:"label,omitempty"`
-	MaxConnection int    `json:"max_connection,omitempty"`
+	Label            string   `json:"label,omitempty"`
+	MaxConnection    int      `json:"max_connection,omitempty"`
+	BlockedProtocols []string `json:"blocked_protocols,omitempty"`
 }

 func (r *Config) Validate() error {
@@ -64,6 +70,12 @@ func (r *Config) Validate() error {
 	if len(r.UDPRemotes) > 0 {
 		zap.S().Warn("UDP RELAY WAS DISABLED FOR NOW, THIS FEATURE WILL BE AVAILABLE IN THE FUTURE")
 	}
+
+	for _, protocol := range r.BlockedProtocols {
+		if protocol != ProtocolHTTP && protocol != ProtocolTLS {
+			return fmt.Errorf("invalid blocked protocol:%s", protocol)
+		}
+	}
 	return nil
 }

--- a/echo/internal/transporter/base.go
+++ b/echo/internal/transporter/base.go
@@ -1,12 +1,18 @@
 package transporter

 import (
+	"context"
+	"fmt"
 	"net"

 	"github.com/Ehco1996/ehco/internal/cmgr"
 	"github.com/Ehco1996/ehco/internal/conn"
+	"github.com/Ehco1996/ehco/internal/constant"
 	"github.com/Ehco1996/ehco/internal/metrics"
 	"github.com/Ehco1996/ehco/internal/relay/conf"
+	"github.com/sagernet/sing-box/common/sniff"
+	"github.com/sagernet/sing/common/buf"
+	"github.com/sagernet/sing/common/bufio"

 	"github.com/Ehco1996/ehco/pkg/lb"
 	"go.uber.org/zap"
@@ -43,8 +49,34 @@ func (b *baseTransporter) RelayTCPConn(c net.Conn, handshakeF TCPHandShakeF) err

 	// check limit
 	if b.cfg.MaxConnection > 0 && b.cmgr.CountConnection(cmgr.ConnectionTypeActive) >= b.cfg.MaxConnection {
-		b.l.Warnf("Relay %s active connection count exceed limit", remote.Label)
 		c.Close()
+		return fmt.Errorf("relay:%s active connection count exceed limit %d", b.cfg.Label, b.cfg.MaxConnection)
+	}
+
+	// sniff protocol
+	if len(b.cfg.BlockedProtocols) > 0 {
+		buffer := buf.NewPacket()
+		ctx := context.TODO()
+		sniffMetadata, err := sniff.PeekStream(
+			ctx, c, buffer, constant.SniffTimeOut,
+			sniff.TLSClientHello, sniff.HTTPHost)
+		if err != nil {
+			b.l.Warnf("sniff error: %s", err)
+		}
+		if sniffMetadata != nil {
+			b.l.Infof("sniffed protocol: %s", sniffMetadata.Protocol)
+			for _, p := range b.cfg.BlockedProtocols {
+				if sniffMetadata.Protocol == p {
+					c.Close()
+					return fmt.Errorf("relay:%s want to  relay blocked protocol:%s", b.cfg.Label, sniffMetadata.Protocol)
+				}
+			}
+		}
+		if !buffer.IsEmpty() {
+			c = bufio.NewCachedConn(c, buffer)
+		} else {
+			buffer.Release()
+		}
 	}

 	clonedRemote := remote.Clone()