refactor(intra): use outline-sdk as the network stack (#125)

This PR replaces the `go-tun2socks/core` with `outline-sdk/*` in the Intra project, and removes the dependency on `tunnel.Tunnel`, making the `intra` package a standalone Go package that can be copied to other locations, such as the [Intra repository](https://github.com/Jigsaw-Code/Intra).

I kept the signatures of all exported interfaces the same. We can refactor them after we move the code to the Intra repository.

Related PR: Jigsaw-Code/outline-sdk#66

Author: jyyi1

go.mod

@@ -5,19 +5,19 @@ go 1.18
 require (
 	github.com/Jigsaw-Code/choir v1.0.1
 	github.com/Jigsaw-Code/getsni v1.0.0
-	github.com/Jigsaw-Code/outline-sdk v0.0.2
+	github.com/Jigsaw-Code/outline-sdk v0.0.7
 	github.com/crazy-max/xgo v0.26.0
 	github.com/eycorsican/go-tun2socks v1.16.11
-	golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c
-	golang.org/x/net v0.8.0
-	golang.org/x/sys v0.6.0
+	golang.org/x/mobile v0.0.0-20230906132913-2077a3224571
+	golang.org/x/net v0.15.0
+	golang.org/x/sys v0.12.0
 )
 
 require (
 	github.com/shadowsocks/go-shadowsocks2 v0.1.5 // indirect
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
-	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	golang.org/x/crypto v0.13.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
 )

go.sum

@@ -2,8 +2,8 @@ github.com/Jigsaw-Code/choir v1.0.1 h1:WeRt6aTn5L+MtRNqRJ+J1RKgoO8CyXXt1dtZghy2K
 github.com/Jigsaw-Code/choir v1.0.1/go.mod h1:c4Wd1y1PeCajZbKZV+ZmcFGMDoduyqMCEMHW5iqzWXI=
 github.com/Jigsaw-Code/getsni v1.0.0 h1:OUTIu7wTBi/7DMX+RkZrN7XhU3UDevTEsAWK4gsqSwE=
 github.com/Jigsaw-Code/getsni v1.0.0/go.mod h1:Ps0Ec3fVMKLyAItVbMKoQFq1lDjtFQXZ+G5nRNNh/QE=
-github.com/Jigsaw-Code/outline-sdk v0.0.2 h1:uCuyJMaWj57IYEG/Hdml8YMdk9chU60ZkSxJXBhyGHU=
-github.com/Jigsaw-Code/outline-sdk v0.0.2/go.mod h1:hhlKz0+r9wSDFT8usvN8Zv/BFToCIFAUn1P2Qk8G2CM=
+github.com/Jigsaw-Code/outline-sdk v0.0.7 h1:WlFaV1tFpIQ/pflrKwrQuNIP3kJpgh7yJuqiTb54sGA=
+github.com/Jigsaw-Code/outline-sdk v0.0.7/go.mod h1:hhlKz0+r9wSDFT8usvN8Zv/BFToCIFAUn1P2Qk8G2CM=
 github.com/crazy-max/xgo v0.26.0 h1:vK4OfeXJoDGvnjlzdTCgPbeWLKENbzj84DTpU/VRonM=
 github.com/crazy-max/xgo v0.26.0/go.mod h1:m/aqfKaN/cYzfw+Pzk7Mk0tkmShg3/rCS4Zdhdugi4o=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -21,25 +21,25 @@ github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c h1:Gk61ECugwEHL6IiyyNLXNzmu8XslmRP2dS0xjIYhbb4=
-golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c/go.mod h1:aAjjkJNdrh3PMckS4B10TGS2nag27cbKR1y2BpUxsiY=
-golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
-golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/mobile v0.0.0-20230906132913-2077a3224571 h1:QDvQ2KLFHHQWRID6IkZOBf6uLIh9tZ0G+mw61pFQxuo=
+golang.org/x/mobile v0.0.0-20230906132913-2077a3224571/go.mod h1:wEyOn6VvNW7tcf+bW/wBz1sehi2s2BZ4TimyR7qZen4=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20191021144547-ec77196f6094/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

intra/android/init.go

@@ -0,0 +1,27 @@
+package tun2socks
+
+// Copyright 2019 The Outline Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import (
+	"runtime/debug"
+
+	"github.com/eycorsican/go-tun2socks/common/log"
+)
+
+func init() {
+	// Conserve memory by increasing garbage collection frequency.
+	debug.SetGCPercent(10)
+	log.SetLevel(log.WARN)
+}

intra/android/tun.go

@@ -0,0 +1,38 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tun2socks
+
+import (
+	"errors"
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+func makeTunFile(fd int) (*os.File, error) {
+	if fd < 0 {
+		return nil, errors.New("must provide a valid TUN file descriptor")
+	}
+	// Make a copy of `fd` so that os.File's finalizer doesn't close `fd`.
+	newfd, err := unix.Dup(fd)
+	if err != nil {
+		return nil, err
+	}
+	file := os.NewFile(uintptr(newfd), "")
+	if file == nil {
+		return nil, errors.New("failed to open TUN file descriptor")
+	}
+	return file, nil
+}

intra/android/tun2socks.go

@@ -15,67 +15,96 @@
 package tun2socks
 
 import (
-	"runtime/debug"
+	"errors"
+	"io"
+	"io/fs"
+	"log"
+	"os"
 	"strings"
 
 	"github.com/Jigsaw-Code/outline-go-tun2socks/intra"
 	"github.com/Jigsaw-Code/outline-go-tun2socks/intra/doh"
 	"github.com/Jigsaw-Code/outline-go-tun2socks/intra/protect"
-	"github.com/Jigsaw-Code/outline-go-tun2socks/tunnel"
-	"github.com/eycorsican/go-tun2socks/common/log"
+	"github.com/Jigsaw-Code/outline-sdk/network"
 )
 
-func init() {
-	// Conserve memory by increasing garbage collection frequency.
-	debug.SetGCPercent(10)
-	log.SetLevel(log.WARN)
-}
-
 // ConnectIntraTunnel reads packets from a TUN device and applies the Intra routing
 // rules.  Currently, this only consists of redirecting DNS packets to a specified
 // server; all other data flows directly to its destination.
 //
 // `fd` is the TUN device.  The IntraTunnel acquires an additional reference to it, which
-//     is released by IntraTunnel.Disconnect(), so the caller must close `fd` _and_ call
-//     Disconnect() in order to close the TUN device.
+//
+//	is released by IntraTunnel.Disconnect(), so the caller must close `fd` _and_ call
+//	Disconnect() in order to close the TUN device.
+//
 // `fakedns` is the DNS server that the system believes it is using, in "host:port" style.
-//   The port is normally 53.
+//
+//	The port is normally 53.
+//
 // `udpdns` and `tcpdns` are the location of the actual DNS server being used.  For DNS
-//   tunneling in Intra, these are typically high-numbered ports on localhost.
+//
+//	tunneling in Intra, these are typically high-numbered ports on localhost.
+//
 // `dohdns` is the initial DoH transport.  It must not be `nil`.
 // `protector` is a wrapper for Android's VpnService.protect() method.
-// `listener` will be provided with a summary of each TCP and UDP socket when it is closed.
+// `eventListener` will be provided with a summary of each TCP and UDP socket when it is closed.
 //
 // Throws an exception if the TUN file descriptor cannot be opened, or if the tunnel fails to
 // connect.
-func ConnectIntraTunnel(fd int, fakedns string, dohdns doh.Transport, protector protect.Protector, listener intra.Listener) (intra.Tunnel, error) {
-	tun, err := tunnel.MakeTunFile(fd)
+func ConnectIntraTunnel(
+	fd int, fakedns string, dohdns doh.Transport, protector protect.Protector, eventListener intra.Listener,
+) (*intra.Tunnel, error) {
+	tun, err := makeTunFile(fd)
 	if err != nil {
 		return nil, err
 	}
-	dialer := protect.MakeDialer(protector)
-	config := protect.MakeListenConfig(protector)
-	t, err := intra.NewTunnel(fakedns, dohdns, tun, dialer, config, listener)
+	t, err := intra.NewTunnel(fakedns, dohdns, tun, protector, eventListener)
 	if err != nil {
 		return nil, err
 	}
-	go tunnel.ProcessInputPackets(t, tun)
+	go copyUntilEOF(t, tun)
+	go copyUntilEOF(tun, t)
 	return t, nil
 }
 
 // NewDoHTransport returns a DNSTransport that connects to the specified DoH server.
 // `url` is the URL of a DoH server (no template, POST-only).  If it is nonempty, it
-//   overrides `udpdns` and `tcpdns`.
+//
+//	overrides `udpdns` and `tcpdns`.
+//
 // `ips` is an optional comma-separated list of IP addresses for the server.  (This
-//   wrapper is required because gomobile can't make bindings for []string.)
+//
+//	wrapper is required because gomobile can't make bindings for []string.)
+//
 // `protector` is the socket protector to use for all external network activity.
 // `auth` will provide a client certificate if required by the TLS server.
-// `listener` will be notified after each DNS query succeeds or fails.
-func NewDoHTransport(url string, ips string, protector protect.Protector, auth doh.ClientAuth, listener intra.Listener) (doh.Transport, error) {
+// `eventListener` will be notified after each DNS query succeeds or fails.
+func NewDoHTransport(
+	url string, ips string, protector protect.Protector, auth doh.ClientAuth, eventListener intra.Listener,
+) (doh.Transport, error) {
 	split := []string{}
 	if len(ips) > 0 {
 		split = strings.Split(ips, ",")
 	}
 	dialer := protect.MakeDialer(protector)
-	return doh.NewTransport(url, split, dialer, auth, listener)
+	return doh.NewTransport(url, split, dialer, auth, eventListener)
+}
+
+func copyUntilEOF(dst, src io.ReadWriteCloser) {
+	log.Printf("[debug] start relaying traffic [%s] -> [%s]", src, dst)
+	defer log.Printf("[debug] stop relaying traffic [%s] -> [%s]", src, dst)
+
+	const commonMTU = 1500
+	buf := make([]byte, commonMTU)
+	defer dst.Close()
+	for {
+		_, err := io.CopyBuffer(dst, src, buf)
+		if err == nil || isErrClosed(err) {
+			return
+		}
+	}
+}
+
+func isErrClosed(err error) bool {
+	return errors.Is(err, os.ErrClosed) || errors.Is(err, fs.ErrClosed) || errors.Is(err, network.ErrClosed)
 }

intra/ip.go

@@ -0,0 +1,23 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package intra
+
+import "net/netip"
+
+// isEquivalentAddrPort checks if addr1 and addr2 are equivalent. More specifically, it will treat
+// "ffff::127.0.0.1" (IPv4-in-6) and "127.0.0.1" (IPv4) as equivalent, even though they are "!=" in Go.
+func isEquivalentAddrPort(addr1, addr2 netip.AddrPort) bool {
+	return addr1.Addr().Unmap() == addr2.Addr().Unmap() && addr1.Port() == addr2.Port()
+}

intra/ip_test.go

@@ -0,0 +1,76 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package intra
+
+import (
+	"net/netip"
+	"testing"
+)
+
+func TestIsEquivalentAddrPort(t *testing.T) {
+	cases := []struct {
+		in1, in2 netip.AddrPort
+		want     bool
+		msg      string
+	}{
+		{
+			in1:  netip.MustParseAddrPort("12.34.56.78:80"),
+			in2:  netip.AddrPortFrom(netip.AddrFrom4([4]byte{12, 34, 56, 78}), 80),
+			want: true,
+		},
+		{
+			in1:  netip.MustParseAddrPort("[fe80::1234:5678]:443"),
+			in2:  netip.AddrPortFrom(netip.AddrFrom16([16]byte{0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x12, 0x34, 0x56, 0x78}), 443),
+			want: true,
+		},
+		{
+			in1:  netip.MustParseAddrPort("0.0.0.0:80"),
+			in2:  netip.MustParseAddrPort("127.0.0.1:80"),
+			want: false,
+		},
+		{
+			in1:  netip.AddrPortFrom(netip.IPv6Unspecified(), 80),
+			in2:  netip.AddrPortFrom(netip.IPv6Loopback(), 80),
+			want: false,
+		},
+		{
+			in1:  netip.MustParseAddrPort("127.0.0.1:38880"),
+			in2:  netip.MustParseAddrPort("127.0.0.1:38888"),
+			want: false,
+		},
+		{
+			in1:  netip.MustParseAddrPort("[2001:db8:85a3:8d3:1319:8a2e:370:7348]:33443"),
+			in2:  netip.MustParseAddrPort("[2001:db8:85a3:8d3:1319:8a2e:370:7348]:33444"),
+			want: false,
+		},
+		{
+			in1:  netip.MustParseAddrPort("127.0.0.1:8080"),
+			in2:  netip.MustParseAddrPort("[::ffff:127.0.0.1]:8080"),
+			want: true,
+		},
+		{
+			in1:  netip.AddrPortFrom(netip.IPv6Loopback(), 80),
+			in2:  netip.MustParseAddrPort("127.0.0.1:80"),
+			want: false,
+		},
+	}
+
+	for _, tc := range cases {
+		actual := isEquivalentAddrPort(tc.in1, tc.in2)
+		if actual != tc.want {
+			t.Fatalf(`"%v" == "%v"? want %v, actual %v`, tc.in1, tc.in2, tc.want, actual)
+		}
+	}
+}