Export dialer

nekohasekai · nekohasekai · commit 41c84bf289c0 · 2025-02-16T12:16:54.000+08:00
diff --git a/go.mod b/go.mod
@@ -42,6 +42,7 @@ require (
 	github.com/prometheus/common v0.55.0
 	github.com/safchain/ethtool v0.3.0
 	github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3
+	github.com/sagernet/sing v0.6.1
 	github.com/sagernet/wireguard-go v0.0.1-beta.4
 	github.com/tailscale/certstore v0.1.1-0.20231202035212-d3fa0460f47e
 	github.com/tailscale/golang-x-crypto v0.0.0-20240604161659-3fde5e568aa4
@@ -72,7 +73,6 @@ require (
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/sagernet/sing v0.5.1 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	go.uber.org/goleak v1.3.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
diff --git a/go.sum b/go.sum
@@ -124,6 +124,8 @@ github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3 h1:RxEz7LhPNiF/gX/
 github.com/sagernet/gvisor v0.0.0-20241021032506-a4324256e4a3/go.mod h1:ehZwnT2UpmOWAHFL48XdBhnd4Qu4hN2O3Ji0us3ZHMw=
 github.com/sagernet/sing v0.5.1 h1:mhL/MZVq0TjuvHcpYcFtmSD1BFOxZ/+8ofbNZcg1k1Y=
 github.com/sagernet/sing v0.5.1/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
+github.com/sagernet/sing v0.6.1 h1:mJ6e7Ir2wtCoGLbdnnXWBsNJu5YHtbXmv66inoE0zFA=
+github.com/sagernet/sing v0.6.1/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak=
 github.com/sagernet/wireguard-go v0.0.1-beta.4 h1:8uyM5fxfEXdu4RH05uOK+v25i3lTNdCYMPSAUJ14FnI=
 github.com/sagernet/wireguard-go v0.0.1-beta.4/go.mod h1:jGXij2Gn2wbrWuYNUmmNhf1dwcZtvyAvQoe8Xd8MbUo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
@@ -492,6 +492,7 @@ func NewLocalBackend(logf logger.Logf, logID logid.PublicID, sys *tsd.System, lo
 		captiveCtx:            captiveCtx,
 		captiveCancel:         nil, // so that we start checkCaptivePortalLoop when Running
 		needsCaptiveDetection: make(chan bool),
+		lookupHook:            lookupHook,
 	}
 	mConn.SetNetInfoCallback(b.setNetInfo)
 
diff --git a/ipn/ipnserver/server.go b/ipn/ipnserver/server.go
@@ -194,7 +194,7 @@ func (s *Server) serveHTTP(w http.ResponseWriter, r *http.Request) {
 	defer onDone()
 
 	if strings.HasPrefix(r.URL.Path, "/localapi/") {
-		lah := localapi.NewHandler(lb, s.logf, s.backendLogID)
+		lah := localapi.NewHandler(lb, s.logf, s.backendLogID, s.netMon.Dialer())
 		if actor, ok := ci.(*actor); ok {
 			lah.PermitRead, lah.PermitWrite = actor.Permissions(lb.OperatorUserID())
 			lah.PermitCert = actor.CanFetchCerts()
diff --git a/ipn/localapi/localapi.go b/ipn/localapi/localapi.go
@@ -13,6 +13,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	N "github.com/sagernet/sing/common/network"
 	"io"
 	"maps"
 	"mime"
@@ -171,8 +172,8 @@ var (
 
 // NewHandler creates a new LocalAPI HTTP handler. All parameters except netMon
 // are required (if non-nil it's used to do faster interface lookups).
-func NewHandler(b *ipnlocal.LocalBackend, logf logger.Logf, logID logid.PublicID) *Handler {
-	return &Handler{b: b, logf: logf, backendLogID: logID, clock: tstime.StdClock{}}
+func NewHandler(b *ipnlocal.LocalBackend, logf logger.Logf, logID logid.PublicID, dialer N.Dialer) *Handler {
+	return &Handler{b: b, logf: logf, backendLogID: logID, clock: tstime.StdClock{}, dialer: dialer}
 }
 
 type Handler struct {
@@ -201,6 +202,8 @@ type Handler struct {
 	logf         logger.Logf
 	backendLogID logid.PublicID
 	clock        tstime.Clock
+
+	dialer N.Dialer
 }
 
 func (h *Handler) LocalBackend() *ipnlocal.LocalBackend {
@@ -835,7 +838,7 @@ func (h *Handler) serveDebugPortmap(w http.ResponseWriter, r *http.Request) {
 	})
 	defer c.Close()
 
-	netMon, err := netmon.New(logger.WithPrefix(logf, "monitor: "))
+	netMon, err := netmon.New(logger.WithPrefix(logf, "monitor: "), h.dialer)
 	if err != nil {
 		logf("error creating monitor: %v", err)
 		return
diff --git a/net/dnscache/dnscache.go b/net/dnscache/dnscache.go
@@ -285,14 +285,19 @@ func (r *Resolver) lookupIP(ctx context.Context, host string) (ip, ip6 netip.Add
 
 	lookupCtx, lookupCancel := context.WithTimeout(ctx, r.lookupTimeoutForHost(host))
 	defer lookupCancel()
-	ips, err := r.fwd().LookupNetIP(lookupCtx, "ip", host)
+	var ips []netip.Addr
+	if r.LookupHook != nil {
+		ips, err = r.LookupHook(lookupCtx, host)
+	} else {
+		ips, err = r.fwd().LookupNetIP(lookupCtx, "ip", host)
+	}
 	if err != nil || len(ips) == 0 {
 		if resolver, ok := r.cloudHostResolver(); ok {
 			r.dlogf("resolving %q via cloud resolver", host)
 			ips, err = resolver.LookupNetIP(lookupCtx, "ip", host)
 		}
 	}
-	if (err != nil || len(ips) == 0) && r.LookupIPFallback != nil {
+	if (err != nil || len(ips) == 0) && r.LookupIPFallback != nil && r.LookupHook == nil {
 		lookupCtx, lookupCancel := context.WithTimeout(ctx, 30*time.Second)
 		defer lookupCancel()
 		if err != nil {
diff --git a/net/netmon/export.go b/net/netmon/export.go
@@ -0,0 +1,9 @@
+package netmon
+
+import (
+	N "github.com/sagernet/sing/common/network"
+)
+
+func (m *Monitor) Dialer() N.Dialer {
+	return m.dialer
+}
diff --git a/net/netmon/netmon.go b/net/netmon/netmon.go
@@ -9,6 +9,7 @@ package netmon
 import (
 	"encoding/json"
 	"errors"
+	N "github.com/sagernet/sing/common/network"
 	"net/netip"
 	"runtime"
 	"sync"
@@ -73,6 +74,7 @@ type Monitor struct {
 	wallTimer  *time.Timer // nil until Started; re-armed AfterFunc per tick
 	lastWall   time.Time
 	timeJumped bool // whether we need to send a changed=true after a big time jump
+	dialer     N.Dialer
 }
 
 // ChangeFunc is a callback function registered with Monitor that's called when the
@@ -114,13 +116,14 @@ type ChangeDelta struct {
 // New instantiates and starts a monitoring instance.
 // The returned monitor is inactive until it's started by the Start method.
 // Use RegisterChangeCallback to get notified of network changes.
-func New(logf logger.Logf) (*Monitor, error) {
+func New(logf logger.Logf, dialer N.Dialer) (*Monitor, error) {
 	logf = logger.WithPrefix(logf, "monitor: ")
 	m := &Monitor{
 		logf:     logf,
 		change:   make(chan bool, 1),
 		stop:     make(chan struct{}),
 		lastWall: wallTime(),
+		dialer:   dialer,
 	}
 	st, err := m.interfaceStateUncached()
 	if err != nil {
diff --git a/net/netns/export.go b/net/netns/export.go
@@ -0,0 +1,20 @@
+package netns
+
+import (
+	"context"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"net"
+)
+
+type dialerWrapper struct {
+	N.Dialer
+}
+
+func (d dialerWrapper) Dial(network, address string) (net.Conn, error) {
+	return d.DialContext(context.Background(), network, address)
+}
+
+func (d dialerWrapper) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	return d.Dialer.DialContext(ctx, network, M.ParseSocksaddr(address))
+}
diff --git a/net/netns/netns.go b/net/netns/netns.go
@@ -87,6 +87,9 @@ func FromDialer(logf logger.Logf, netMon *netmon.Monitor, d *net.Dialer) Dialer
 	if netMon == nil {
 		panic("netns.FromDialer called with nil netMon")
 	}
+	if dialer := netMon.Dialer(); dialer != nil {
+		return dialerWrapper{dialer}
+	}
 	if disabled.Load() {
 		return d
 	}
diff --git a/net/tsdial/tsdial.go b/net/tsdial/tsdial.go
@@ -8,6 +8,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
 	"net"
 	"net/http"
 	"net/netip"
@@ -63,6 +65,8 @@ type Dialer struct {
 	// If nil, it's not used.
 	NetstackDialUDP func(context.Context, netip.AddrPort) (net.Conn, error)
 
+	Dialer N.Dialer
+
 	peerClientOnce sync.Once
 	peerClient     *http.Client
 
@@ -184,6 +188,7 @@ func (d *Dialer) SetNetMon(netMon *netmon.Monitor) {
 	}
 	d.netMon = netMon
 	d.netMonUnregister = d.netMon.RegisterChangeCallback(d.linkChanged)
+	d.Dialer = netMon.Dialer()
 }
 
 // NetMon returns the Dialer's network monitor.
@@ -379,11 +384,18 @@ func (d *Dialer) SystemDial(ctx context.Context, network, addr string) (net.Conn
 	if closed {
 		return nil, net.ErrClosed
 	}
-
-	d.netnsDialerOnce.Do(func() {
-		d.netnsDialer = netns.NewDialer(d.logf, d.netMon)
-	})
-	c, err := d.netnsDialer.DialContext(ctx, network, addr)
+	var (
+		c   net.Conn
+		err error
+	)
+	if d.Dialer != nil {
+		c, err = d.Dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
+	} else {
+		d.netnsDialerOnce.Do(func() {
+			d.netnsDialer = netns.NewDialer(d.logf, d.netMon)
+		})
+		c, err = d.netnsDialer.DialContext(ctx, network, addr)
+	}
 	if err != nil {
 		return nil, err
 	}
diff --git a/tsnet/tsnet.go b/tsnet/tsnet.go
@@ -11,6 +11,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	N "github.com/sagernet/sing/common/network"
 	"github.com/sagernet/tailscale/net/dnscache"
 	"io"
 	"log"
@@ -122,7 +123,8 @@ type Server struct {
 	// field at zero unless you know what you are doing.
 	Port uint16
 
-	LookupHook      dnscache.LookupHookFunc
+	Dialer     N.Dialer
+	LookupHook dnscache.LookupHookFunc
 
 	getCertForTesting func(*tls.ClientHelloInfo) (*tls.Certificate, error)
 
@@ -274,7 +276,7 @@ func (s *Server) Loopback() (addr string, proxyCred, localAPICred string, err er
 		// out the CONNECT code from tailscaled/proxy.go that uses
 		// httputil.ReverseProxy and adding auth support.
 		go func() {
-			lah := localapi.NewHandler(s.lb, s.logf, s.logid)
+			lah := localapi.NewHandler(s.lb, s.logf, s.logid, s.netMon.Dialer())
 			lah.PermitWrite = true
 			lah.PermitRead = true
 			lah.RequiredPassword = s.localAPICred
@@ -557,13 +559,13 @@ func (s *Server) start() (reterr error) {
 		return err
 	}
 
-	s.netMon, err = netmon.New(tsLogf)
+	s.netMon, err = netmon.New(tsLogf, s.Dialer)
 	if err != nil {
 		return err
 	}
 	closePool.add(s.netMon)
 
-	s.dialer = &tsdial.Dialer{Logf: tsLogf} // mutated below (before used)
+	s.dialer = &tsdial.Dialer{Logf: tsLogf, Dialer: s.Dialer} // mutated below (before used)
 	eng, err := wgengine.NewUserspaceEngine(tsLogf, wgengine.Config{
 		ListenPort:    s.Port,
 		NetMon:        s.netMon,
@@ -668,7 +670,7 @@ func (s *Server) start() (reterr error) {
 	//go s.printAuthURLLoop()
 
 	// Run the localapi handler, to allow fetching LetsEncrypt certs.
-	lah := localapi.NewHandler(lb, tsLogf, s.logid)
+	lah := localapi.NewHandler(lb, tsLogf, s.logid, s.netMon.Dialer())
 	lah.PermitWrite = true
 	lah.PermitRead = true
 
diff --git a/wgengine/userspace.go b/wgengine/userspace.go
@@ -357,7 +357,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
 	if conf.NetMon != nil {
 		e.netMon = conf.NetMon
 	} else {
-		mon, err := netmon.New(logf)
+		mon, err := netmon.New(logf, nil)
 		if err != nil {
 			return nil, err
 		}

Original file line number	Diff line number	Diff line change
`@@ -492,6 +492,7 @@ func NewLocalBackend(logf logger.Logf, logID logid.PublicID, sys *tsd.System, lo`
`492`	`492`	`captiveCtx: captiveCtx,`
`493`	`493`	`captiveCancel: nil, // so that we start checkCaptivePortalLoop when Running`
`494`	`494`	`needsCaptiveDetection: make(chan bool),`
	`495`	`+ lookupHook: lookupHook,`
`495`	`496`	`}`
`496`	`497`	`mConn.SetNetInfoCallback(b.setNetInfo)`
`497`	`498`
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,9 @@ func FromDialer(logf logger.Logf, netMon netmon.Monitor, d net.Dialer) Dialer`
`87`	`87`	`if netMon == nil {`
`88`	`88`	`panic("netns.FromDialer called with nil netMon")`
`89`	`89`	`}`
	`90`	`+ if dialer := netMon.Dialer(); dialer != nil {`
	`91`	`+ return dialerWrapper{dialer}`
	`92`	`+ }`
`90`	`93`	`if disabled.Load() {`
`91`	`94`	`return d`
`92`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -357,7 +357,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)`
`357`	`357`	`if conf.NetMon != nil {`
`358`	`358`	`e.netMon = conf.NetMon`
`359`	`359`	`} else {`
`360`		`- mon, err := netmon.New(logf)`
	`360`	`+ mon, err := netmon.New(logf, nil)`
`361`	`361`	`if err != nil {`
`362`	`362`	`return nil, err`
`363`	`363`	`}`