switch core support

add nekobox_core linux: use sing-box for vpn
sibalma · Sep 24, 2022 · 9ebf6fe · 9ebf6fe
1 parent a083010
commit 9ebf6fe
Show file tree

Hide file tree

Showing 87 changed files with 3,433 additions and 1,840 deletions.
diff --git a/3rdparty/WinCommander.cpp b/3rdparty/WinCommander.cpp
@@ -100,16 +100,3 @@ uint WinCommander::runProcessElevated(const QString &path,
 #endif
     return result;
 }
-
-/*!
-Executes a command elevated specified by \apath , using paramters \aparameters.
-\n
-Parameter /aaWait decides if the function should return immediatelly after it's\n
-execution or wait for the exit of the launched process
-\n
-Returns the return value of the executed command
-*/
-uint WinCommander::runProcessElevated(const QString &path, const QString &parameters, const QString &workingDir,
-                                      bool hide, bool aWait) {
-    return runProcessElevated(path, QStringList() << parameters, workingDir, hide, aWait);
-}
diff --git a/3rdparty/WinCommander.hpp b/3rdparty/WinCommander.hpp
@@ -32,11 +32,6 @@ class WinCommander {
                                    const QStringList &parameters = QStringList(),
                                    const QString &workingDir = QString(),
                                    bool hide = false, bool aWait = true);
-
-    static uint runProcessElevated(const QString &path,
-                                   const QString &parameters = QString(),
-                                   const QString &workingDir = QString(),
-                                   bool hide = false, bool aWait = true);
 };
 
 #endif // WINCOMMANDER_H
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -113,7 +113,8 @@ set(PROJECT_SOURCES
         db/ProfileFilter.cpp
 
         fmt/AbstractBean.cpp
-        fmt/Bean2CoreObj.cpp
+        fmt/Bean2CoreObj_ray.cpp
+        fmt/Bean2CoreObj_box.cpp
         fmt/Bean2External.cpp
         fmt/Bean2Link.cpp
         fmt/InsecureHint.cpp

diff --git a/db/ConfigBuilder.cpp b/db/ConfigBuilder.cpp
diff --git a/db/ConfigBuilder.hpp b/db/ConfigBuilder.hpp
@@ -18,31 +18,37 @@ namespace NekoRay {
 
     class BuildConfigStatus {
     public:
+        QList<int> globalProfiles;
+
         QSharedPointer<BuildConfigResult> result;
+        QSharedPointer<ProxyEntity> ent;
+
+        // xxList is V2Ray format string list
 
         QJsonArray domainListDNSRemote;
         QJsonArray domainListDNSDirect;
         QJsonArray domainListRemote;
         QJsonArray domainListDirect;
         QJsonArray ipListRemote;
         QJsonArray ipListDirect;
-
         QJsonArray domainListBlock;
         QJsonArray ipListBlock;
 
-        QJsonArray routingRules;
-        QJsonObject hosts;
+        // config format
 
+        QJsonArray routingRules;
         QJsonArray inbounds;
         QJsonArray outbounds;
-
-        QList<int> globalProfiles;
-
-        ProxyEntity *currentEnt;
     };
 
     QSharedPointer<BuildConfigResult> BuildConfig(const QSharedPointer<ProxyEntity> &ent, bool forTest);
 
-    QString BuildChain(int chainId, const QList<QSharedPointer<ProxyEntity>> &ents,
-                       const QSharedPointer<BuildConfigStatus> &status);
+    QSharedPointer<BuildConfigResult> BuildConfigV2Ray(const QSharedPointer<ProxyEntity> &ent, bool forTest);
+
+    QSharedPointer<BuildConfigResult> BuildConfigSingBox(const QSharedPointer<ProxyEntity> &ent, bool forTest);
+
+    QString BuildChain(int chainId, const QSharedPointer<BuildConfigStatus> &status);
+
+    QString BuildChainInternal(int chainId, const QList<QSharedPointer<ProxyEntity>> &ents,
+                               const QSharedPointer<BuildConfigStatus> &status);
 }
diff --git a/db/TrafficLooper.cpp b/db/TrafficLooper.cpp
@@ -34,7 +34,7 @@ namespace NekoRay::traffic {
 
     QJsonArray TrafficLooper::get_connection_list() {
 #ifndef NKR_NO_GRPC
-        auto str = NekoRay::rpc::defaultClient->ListV2rayConnections();
+        auto str = NekoRay::rpc::defaultClient->ListConnections();
         QJsonDocument jsonDocument = QJsonDocument::fromJson(str.c_str());
         return jsonDocument.array();
 #else
@@ -61,7 +61,8 @@ namespace NekoRay::traffic {
         update_stats(bypass);
     }
 
-    [[noreturn]] void TrafficLooper::loop() {
+    void TrafficLooper::loop() {
+        if (IS_NEKO_BOX) return; // TODO upstream api
         while (true) {
             auto sleep_ms = dataStore->traffic_loop_interval;
             auto user_disabled = sleep_ms == 0;

diff --git a/db/TrafficLooper.hpp b/db/TrafficLooper.hpp
@@ -24,9 +24,8 @@ namespace NekoRay::traffic {
 
         void update_all();
 
-        [[noreturn]] void loop();
+        void loop();
     };
 
     extern TrafficLooper *trafficLooper;
 }
-
diff --git a/examples/vpn-run-root.sh b/examples/vpn-run-root.sh
@@ -9,57 +9,21 @@ fi
 
 [ -z $PORT ] && echo "Please set env PORT" && exit
 [ -z $TABLE_FWMARK ] && echo "Please set env TABLE_FWMARK" && exit
-[ -z $TUN_NAME ] && echo "Please set env TUN_NAME" && exit
-[ -z $USER_ID ] && echo "Please set env USER_ID" && exit
-[ -z $MTU ] && MTU=1500
 command -v pkill >/dev/null 2>&1 || exit
 
 BASEDIR=$(dirname "$0")
 cd $BASEDIR
 
 start() {
-  # add tun
-  ip tuntap add $TUN_NAME mode tun user $USER_ID || return
-  ip link set dev nekoray-tun mtu $MTU || return
-  ip link set dev $TUN_NAME up || return
-
-  # set ipv4 rule
-  ip addr add 172.19.0.1/30 dev $TUN_NAME || return
-  ip rule add table $TABLE_FWMARK || return
-  ip route add table $TABLE_FWMARK default dev $TUN_NAME || return
-
-  # set ipv6 rule
-  ip -6 rule add table $TABLE_FWMARK || return
-  if [ -z $ENABLE_IPV6 ]; then
-    ip -6 route add table $TABLE_FWMARK unreachable default || return
-  else
-    ip -6 addr add fdfe:dcba:9876::1/126 dev $TUN_NAME || return
-    ip -6 route add table $TABLE_FWMARK default dev $TUN_NAME || return
-  fi
-
   # set bypass: fwmark
   ip rule add fwmark $TABLE_FWMARK table main || return
   ip -6 rule add fwmark $TABLE_FWMARK table main || return
 
-  # set bypass: LAN
-  for local in $BYPASS_IPS; do
-    ip rule add to $local table main
-  done
-
   # for Tun2Socket
   iptables -I INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
   ip6tables -I INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
 
-  if [ ! -z $USE_NEKORAY ]; then
-    "./nekoray_core" tool protect --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
-  else
-    if [ -z "$PROTECT_LISTEN_PATH" ]; then
-      "./tun2socks" -device $TUN_NAME -proxy socks5://127.0.0.1:$PORT -interface lo
-    else
-      "./tun2socks" -device $TUN_NAME -proxy socks5://127.0.0.1:$PORT -interface lo --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
-      rm "$PROTECT_LISTEN_PATH"
-    fi
-  fi
+  "./nekobox_core" run -c "$CONFIG_PATH" --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
 }
 
 stop() {
@@ -68,13 +32,8 @@ stop() {
   done
   iptables -D INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
   ip6tables -D INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
-  ip rule del table $TABLE_FWMARK
   ip rule del fwmark $TABLE_FWMARK
-  ip route del table $TABLE_FWMARK default
-  ip -6 rule del table $TABLE_FWMARK
   ip -6 rule del fwmark $TABLE_FWMARK
-  ip -6 route del table $TABLE_FWMARK default
-  ip link del $TUN_NAME
 }
 
 if [ "$1" != "stop" ]; then

diff --git a/fmt/AbstractBean.hpp b/fmt/AbstractBean.hpp
@@ -3,7 +3,6 @@
 #include "main/NekoRay.hpp"
 
 namespace NekoRay::fmt {
-
     struct CoreObjOutboundBuildResult {
     public:
         QJsonObject outbound;
@@ -47,7 +46,9 @@ namespace NekoRay::fmt {
 
         virtual bool NeedExternal() { return false; };
 
-        virtual CoreObjOutboundBuildResult BuildCoreObj() { return {}; };
+        virtual CoreObjOutboundBuildResult BuildCoreObjV2Ray() { return {}; };
+
+        virtual CoreObjOutboundBuildResult BuildCoreObjSingBox() { return {}; };
 
         virtual ExternalBuildResult BuildExternal(int mapping_port, int socks_port) { return {}; };
 
@@ -58,5 +59,4 @@ namespace NekoRay::fmt {
     };
 
     QString DisplayInsecureHint(const QSharedPointer<AbstractBean> &);
-
 }
diff --git a/fmt/Bean2CoreObj_box.cpp b/fmt/Bean2CoreObj_box.cpp
@@ -0,0 +1,151 @@
+#include "db/ProxyEntity.hpp"
+#include "fmt/includes.h"
+
+namespace NekoRay::fmt {
+    void V2rayStreamSettings::BuildStreamSettingsSingBox(QJsonObject *outbound) {
+        // https://sing-box.sagernet.org/configuration/shared/v2ray-transport
+
+        if (network != "tcp") {
+            QJsonObject transport{
+                    {"type", network.replace("h2", "http")},
+            };
+            if (network == "ws") {
+                if (!path.isEmpty()) transport["path"] = path;
+                if (!host.isEmpty()) transport["headers"] = QJsonObject{{"Host", host}};
+                if (ws_early_data_length > 0) {
+                    transport["max_early_data"] = ws_early_data_length;
+                    transport["early_data_header_name"] = ws_early_data_name;
+                }
+            } else if (network == "http") {
+                if (!path.isEmpty()) transport["path"] = path;
+                if (!host.isEmpty()) transport["host"] = QList2QJsonArray(host.split(","));
+            } else if (network == "grpc") {
+                if (!path.isEmpty()) transport["service_name"] = path;
+            }
+            outbound->insert("transport", transport);
+        }
+
+        // 对应字段 tls
+        if (security == "tls") {
+            QJsonObject tls{{"enabled", true}};
+            if (allow_insecure || dataStore->skip_cert) tls["insecure"] = true;
+            if (!sni.trimmed().isEmpty()) tls["server_name"] = sni;
+            if (!certificate.trimmed().isEmpty()) {
+                tls["certificate"] = certificate.trimmed();
+            }
+            if (!alpn.trimmed().isEmpty()) {
+                tls["alpn"] = QList2QJsonArray(alpn.split(","));
+            }
+            outbound->insert("tls", tls);
+        }
+
+        if (!packet_encoding.isEmpty()) {
+            outbound->insert("packet_encoding", packet_encoding);
+        }
+    }
+
+    CoreObjOutboundBuildResult SocksHttpBean::BuildCoreObjSingBox() {
+        CoreObjOutboundBuildResult result;
+
+        QJsonObject outbound;
+        outbound["type"] = socks_http_type == type_HTTP ? "http" : "socks";
+        outbound["server"] = serverAddress;
+        outbound["server_port"] = serverPort;
+
+        QJsonArray users;
+        QJsonObject user;
+        user["username"] = username;
+        user["password"] = password;
+        users.push_back(user);
+        if (!username.isEmpty() && !password.isEmpty()) outbound["users"] = users;
+
+        stream->BuildStreamSettingsSingBox(&outbound);
+        result.outbound = outbound;
+        return result;
+    }
+
+    CoreObjOutboundBuildResult ShadowSocksBean::BuildCoreObjSingBox() {
+        CoreObjOutboundBuildResult result;
+
+        QJsonObject outbound{{"type", "shadowsocks"}};
+        outbound["server"] = serverAddress;
+        outbound["server_port"] = serverPort;
+        outbound["method"] = method;
+        outbound["password"] = password;
+
+        if (!plugin.trimmed().isEmpty()) {
+            outbound["plugin"] = SubStrBefore(plugin, ";");
+            outbound["plugin_opts"] = SubStrAfter(plugin, ";");
+        }
+
+        stream->BuildStreamSettingsSingBox(&outbound);
+        result.outbound = outbound;
+        return result;
+    }
+
+    CoreObjOutboundBuildResult VMessBean::BuildCoreObjSingBox() {
+        CoreObjOutboundBuildResult result;
+        QJsonObject outbound{
+                {"type",        "vmess"},
+                {"server",      serverAddress},
+                {"server_port", serverPort},
+                {"uuid",        uuid},
+                {"alter_id",    aid},
+                {"security",    security},
+        };
+
+        stream->BuildStreamSettingsSingBox(&outbound);
+        result.outbound = outbound;
+        return result;
+    }
+
+    CoreObjOutboundBuildResult TrojanVLESSBean::BuildCoreObjSingBox() {
+        CoreObjOutboundBuildResult result;
+        QJsonObject outbound{
+                {"type",        proxy_type == proxy_VLESS ? "vless" : "trojan"},
+                {"server",      serverAddress},
+                {"server_port", serverPort},
+        };
+
+        QJsonObject settings;
+        if (proxy_type == proxy_VLESS) {
+            outbound["uuid"] = password;
+        } else {
+            outbound["password"] = password;
+        }
+
+        stream->BuildStreamSettingsSingBox(&outbound);
+        result.outbound = outbound;
+        return result;
+    }
+
+    CoreObjOutboundBuildResult CustomBean::BuildCoreObjSingBox() {
+        CoreObjOutboundBuildResult result;
+
+        if (core == "hysteria") {
+            QJsonObject outbound{{"type", "hysteria"}};
+            outbound["server"] = serverAddress;
+            outbound["server_port"] = serverPort;
+            auto hy = QString2QJsonObject(config_simple);
+            QJSONOBJECT_COPY(hy, outbound, "up")
+            QJSONOBJECT_COPY(hy, outbound, "down")
+            QJSONOBJECT_COPY(hy, outbound, "up_mbps")
+            QJSONOBJECT_COPY(hy, outbound, "down_mbps")
+            QJSONOBJECT_COPY(hy, outbound, "obfs")
+            QJSONOBJECT_COPY(hy, outbound, "auth")
+            QJSONOBJECT_COPY(hy, outbound, "auth_str")
+            QJSONOBJECT_COPY(hy, outbound, "recv_window_conn")
+            QJSONOBJECT_COPY(hy, outbound, "recv_window_client")
+            QJSONOBJECT_COPY(hy, outbound, "disable_mtu_discovery")
+            QJsonObject tls{{"enabled", true}};
+            QJSONOBJECT_COPY(hy, tls, "server_name")
+            QJSONOBJECT_COPY(hy, tls, "alpn")
+            QJSONOBJECT_COPY(hy, tls, "insecure")
+            QJSONOBJECT_COPY2(hy, tls, "ca", "certificate_path")
+            outbound["tls"] = tls;
+            result.outbound = outbound;
+        }
+
+        return result;
+    }
+}