Merge remote-tracking branch 'upstream/dns-geo-reverse-match' into dns-geo

JimhHan · JimhHan · commit 16017304b826 · 2021-04-09T18:48:44.000+08:00
diff --git a/common/matcher/domain/conf/domain.go b/common/matcher/domain/conf/domain.go
@@ -44,20 +44,36 @@ func ParseDomainRule(domain string) ([]*dm.Domain, error) {
 	domainRule := new(dm.Domain)
 	switch {
 	case strings.HasPrefix(domain, "regexp:"):
+		regexpVal := domain[7:]
+		if len(regexpVal) == 0 {
+			return nil, newError("empty regexp type of rule: ", domain)
+		}
 		domainRule.Type = dm.MatchingType_Regex
-		domainRule.Value = domain[7:]
+		domainRule.Value = regexpVal
 
 	case strings.HasPrefix(domain, "domain:"):
+		domainName := domain[7:]
+		if len(domainName) == 0 {
+			return nil, newError("empty domain type of rule: ", domain)
+		}
 		domainRule.Type = dm.MatchingType_Subdomain
-		domainRule.Value = domain[7:]
+		domainRule.Value = domainName
 
 	case strings.HasPrefix(domain, "full:"):
+		fullVal := domain[5:]
+		if len(fullVal) == 0 {
+			return nil, newError("empty full domain type of rule: ", domain)
+		}
 		domainRule.Type = dm.MatchingType_Full
-		domainRule.Value = domain[5:]
+		domainRule.Value = fullVal
 
 	case strings.HasPrefix(domain, "keyword:"):
+		keywordVal := domain[8:]
+		if len(keywordVal) == 0 {
+			return nil, newError("empty keyword type of rule: ", domain)
+		}
 		domainRule.Type = dm.MatchingType_Keyword
-		domainRule.Value = domain[8:]
+		domainRule.Value = keywordVal
 
 	case strings.HasPrefix(domain, "dotless:"):
 		domainRule.Type = dm.MatchingType_Regex
diff --git a/common/matcher/geoip/conf.go b/common/matcher/geoip/conf.go
@@ -92,21 +92,28 @@ func find(data, code []byte) []byte {
 	}
 }
 
-func ParaseIPList(ips []string) ([]*GeoIP, error) {
+func ParseIPList(ips []string) ([]*GeoIP, error) {
 	var geoipList []*GeoIP
 	var customCidrs []*CIDR
 
 	for _, ip := range ips {
 		if strings.HasPrefix(ip, "geoip:") {
 			country := ip[6:]
+			isReverseMatch := false
+			if strings.HasPrefix(country, "!") {
+				country = country[1:]
+				isReverseMatch = true
+			}
+
 			geoipc, err := LoadGeoIP(strings.ToUpper(country))
 			if err != nil {
 				return nil, newError("failed to load GeoIP: ", country).Base(err)
 			}
 
 			geoipList = append(geoipList, &GeoIP{
-				CountryCode: strings.ToUpper(country),
-				Cidr:        geoipc,
+				CountryCode:  strings.ToUpper(country),
+				Cidr:         geoipc,
+				ReverseMatch: isReverseMatch,
 			})
 			continue
 		}
@@ -129,14 +136,24 @@ func ParaseIPList(ips []string) ([]*GeoIP, error) {
 
 			filename := kv[0]
 			country := kv[1]
+			if len(filename) == 0 || len(country) == 0 {
+				return nil, newError("empty filename or empty country in rule")
+			}
+
+			isReverseMatch := false
+			if strings.HasPrefix(country, "!") {
+				country = country[1:]
+				isReverseMatch = true
+			}
 			geoipc, err := LoadIPFile(filename, strings.ToUpper(country))
 			if err != nil {
 				return nil, newError("failed to load IPs: ", country, " from ", filename).Base(err)
 			}
 
 			geoipList = append(geoipList, &GeoIP{
-				CountryCode: strings.ToUpper(filename + "_" + country),
-				Cidr:        geoipc,
+				CountryCode:  strings.ToUpper(filename + "_" + country),
+				Cidr:         geoipc,
+				ReverseMatch: isReverseMatch,
 			})
 
 			continue
diff --git a/common/matcher/geoip/geoip.go b/common/matcher/geoip/geoip.go
@@ -15,11 +15,16 @@ type ipv6 struct {
 }
 
 type GeoIPMatcher struct {
-	countryCode string
-	ip4         []uint32
-	prefix4     []uint8
-	ip6         []ipv6
-	prefix6     []uint8
+	countryCode  string
+	reverseMatch bool
+	ip4          []uint32
+	prefix4      []uint8
+	ip6          []ipv6
+	prefix6      []uint8
+}
+
+func (m *GeoIPMatcher) SetReverseMatch(isReverseMatch bool) {
+	m.reverseMatch = isReverseMatch
 }
 
 func normalize4(ip uint32, prefix uint8) uint32 {
@@ -149,8 +154,17 @@ func (m *GeoIPMatcher) match6(ip ipv6) bool {
 func (m *GeoIPMatcher) Match(ip net.IP) bool {
 	switch len(ip) {
 	case 4:
+		if m.reverseMatch {
+			return !m.match4(binary.BigEndian.Uint32(ip))
+		}
 		return m.match4(binary.BigEndian.Uint32(ip))
 	case 16:
+		if m.reverseMatch {
+			return !m.match6(ipv6{
+				a: binary.BigEndian.Uint64(ip[0:8]),
+				b: binary.BigEndian.Uint64(ip[8:16]),
+			})
+		}
 		return m.match6(ipv6{
 			a: binary.BigEndian.Uint64(ip[0:8]),
 			b: binary.BigEndian.Uint64(ip[8:16]),
@@ -170,14 +184,15 @@ type GeoIPMatcherContainer struct {
 func (c *GeoIPMatcherContainer) Add(geoip *GeoIP) (*GeoIPMatcher, error) {
 	if len(geoip.CountryCode) > 0 {
 		for _, m := range c.matchers {
-			if m.countryCode == geoip.CountryCode {
+			if m.countryCode == geoip.CountryCode && m.reverseMatch == geoip.ReverseMatch {
 				return m, nil
 			}
 		}
 	}
 
 	m := &GeoIPMatcher{
-		countryCode: geoip.CountryCode,
+		countryCode:  geoip.CountryCode,
+		reverseMatch: geoip.ReverseMatch,
 	}
 	if err := m.Init(geoip.Cidr); err != nil {
 		return nil, err
diff --git a/common/matcher/geoip/geoip.pb.go b/common/matcher/geoip/geoip.pb.go
diff --git a/common/matcher/geoip/geoip.proto b/common/matcher/geoip/geoip.proto
@@ -18,6 +18,7 @@ message CIDR {
 message GeoIP {
   string country_code = 1;
   repeated CIDR cidr = 2;
+  bool reverse_match =3;
 }
 
 message GeoIPList {
diff --git a/common/matcher/geoip/geoip_test.go b/common/matcher/geoip/geoip_test.go
@@ -5,12 +5,12 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/golang/protobuf/proto"
 	"github.com/xtls/xray-core/common"
 	. "github.com/xtls/xray-core/common/matcher/geoip"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/platform"
 	"github.com/xtls/xray-core/common/platform/filesystem"
+	"google.golang.org/protobuf/proto"
 )
 
 func init() {
@@ -20,11 +20,31 @@ func init() {
 	if _, err := os.Stat(platform.GetAssetLocation("geoip.dat")); err != nil && os.IsNotExist(err) {
 		common.Must(filesystem.CopyFile(platform.GetAssetLocation("geoip.dat"), filepath.Join(wd, "..", "..", "..", "resources", "geoip.dat")))
 	}
+	if _, err := os.Stat(platform.GetAssetLocation("geoiptestrouter.dat")); err != nil && os.IsNotExist(err) {
+		common.Must(filesystem.CopyFile(platform.GetAssetLocation("geoiptestrouter.dat"), filepath.Join(wd, "..", "..", "..", "resources", "geoip.dat")))
+	}
 	if _, err := os.Stat(platform.GetAssetLocation("geosite.dat")); err != nil && os.IsNotExist(err) {
 		common.Must(filesystem.CopyFile(platform.GetAssetLocation("geosite.dat"), filepath.Join(wd, "..", "..", "..", "resources", "geosite.dat")))
 	}
 }
 
+func TestParseIPList(t *testing.T) {
+	ips := []string{
+		"geoip:us",
+		"geoip:cn",
+		"geoip:!cn",
+		"ext:geoiptestrouter.dat:!cn",
+		"ext:geoiptestrouter.dat:ca",
+		"ext-ip:geoiptestrouter.dat:!cn",
+		"ext-ip:geoiptestrouter.dat:!ca",
+	}
+
+	_, err := ParseIPList(ips)
+	if err != nil {
+		t.Fatalf("Failed to parse geoip list, got %s", err)
+	}
+}
+
 func TestGeoIPMatcherContainer(t *testing.T) {
 	container := &GeoIPMatcherContainer{}
 
@@ -123,6 +143,42 @@ func TestGeoIPMatcher(t *testing.T) {
 	}
 }
 
+func TestGeoIPReverseMatcher(t *testing.T) {
+	cidrList := CIDRList{
+		{Ip: []byte{8, 8, 8, 8}, Prefix: 32},
+		{Ip: []byte{91, 108, 4, 0}, Prefix: 16},
+	}
+	matcher := &GeoIPMatcher{}
+	matcher.SetReverseMatch(true) // Reverse match
+	common.Must(matcher.Init(cidrList))
+
+	testCases := []struct {
+		Input  string
+		Output bool
+	}{
+		{
+			Input:  "8.8.8.8",
+			Output: false,
+		},
+		{
+			Input:  "2001:cdba::3257:9652",
+			Output: true,
+		},
+		{
+			Input:  "91.108.255.254",
+			Output: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		ip := net.ParseAddress(testCase.Input).IP()
+		actual := matcher.Match(ip)
+		if actual != testCase.Output {
+			t.Error("expect input", testCase.Input, "to be", testCase.Output, ", but actually", actual)
+		}
+	}
+}
+
 func TestGeoIPMatcher4CN(t *testing.T) {
 	ips, err := loadGeoIP("CN")
 	common.Must(err)
diff --git a/common/matcher/geosite/attribute.go b/common/matcher/geosite/attribute.go
@@ -1,5 +1,7 @@
 package geosite
 
+import "strings"
+
 type AttributeList struct {
 	matcher []AttributeMatcher
 }
@@ -25,7 +27,7 @@ type BooleanMatcher string
 
 func (m BooleanMatcher) Match(domain *Domain) bool {
 	for _, attr := range domain.Attribute {
-		if attr.Key == string(m) {
+		if strings.EqualFold(attr.GetKey(), string(m)) {
 			return true
 		}
 	}
diff --git a/infra/conf/dns.go b/infra/conf/dns.go
@@ -74,7 +74,7 @@ func (c *NameServerConfig) Build() (*dns.NameServer, error) {
 		})
 	}
 
-	geoipList, err := geoip.ParaseIPList(c.ExpectIPs)
+	geoipList, err := geoip.ParseIPList(c.ExpectIPs)
 	if err != nil {
 		return nil, newError("invalid IP rule: ", c.ExpectIPs).Base(err)
 	}
diff --git a/infra/conf/router.go b/infra/conf/router.go
diff --git a/infra/conf/xray.go b/infra/conf/xray.go

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ message CIDR {`
`18`	`18`	`message GeoIP {`
`19`	`19`	`string country_code = 1;`
`20`	`20`	`repeated CIDR cidr = 2;`
	`21`	`+ bool reverse_match =3;`
`21`	`22`	`}`
`22`	`23`
`23`	`24`	`message GeoIPList {`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`package geosite`
`2`	`2`
	`3`	`+import "strings"`
	`4`	`+`
`3`	`5`	`type AttributeList struct {`
`4`	`6`	`matcher []AttributeMatcher`
`5`	`7`	`}`
`@@ -25,7 +27,7 @@ type BooleanMatcher string`
`25`	`27`
`26`	`28`	`func (m BooleanMatcher) Match(domain *Domain) bool {`
`27`	`29`	`for _, attr := range domain.Attribute {`
`28`		`- if attr.Key == string(m) {`
	`30`	`+ if strings.EqualFold(attr.GetKey(), string(m)) {`
`29`	`31`	`return true`
`30`	`32`	`}`
`31`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func (c NameServerConfig) Build() (dns.NameServer, error) {`
`74`	`74`	`})`
`75`	`75`	`}`
`76`	`76`
`77`		`- geoipList, err := geoip.ParaseIPList(c.ExpectIPs)`
	`77`	`+ geoipList, err := geoip.ParseIPList(c.ExpectIPs)`
`78`	`78`	`if err != nil {`
`79`	`79`	`return nil, newError("invalid IP rule: ", c.ExpectIPs).Base(err)`
`80`	`80`	`}`