1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
package socket
import (
"encoding/binary"
"errors"
"fmt"
"golang.org/x/sys/unix"
"net"
"strconv"
"syscall"
"unsafe"
)
func be16toh(n uint16) uint16 {
b := (*[2]byte)(unsafe.Pointer(&n))
return binary.BigEndian.Uint16(b[:])
}
func getsockopt(s int, level, name int, ptr unsafe.Pointer, size int) error {
tmpsize := uint32(size)
_, _, errno := unix.Syscall6(unix.SYS_GETSOCKOPT,
uintptr(s),
uintptr(level),
uintptr(name),
uintptr(ptr),
uintptr(unsafe.Pointer(&tmpsize)),
0)
if errno != 0 {
return fmt.Errorf("getsockopt: %w", errno)
}
return nil
}
func ioctl(fd int, req int, ptr unsafe.Pointer) error {
_, _, errno := unix.Syscall(unix.SYS_IOCTL,
uintptr(fd),
uintptr(req),
uintptr(ptr))
if errno != 0 {
return fmt.Errorf("ioctl: %w", errno)
}
return nil
}
func getRawConn(conn interface{}) (syscall.RawConn, error) {
switch c := conn.(type) {
case *net.TCPConn:
return c.SyscallConn()
case *net.TCPListener:
return c.SyscallConn()
default:
return nil, errors.New("unknown connection type")
}
}
func withConnControl(conn interface{}, f func(fd int) error) (err error) {
var c syscall.RawConn
var ferr error
c, err = getRawConn(conn)
if err != nil {
return
}
err = c.Control(func(fd uintptr) {
ferr = f(int(fd))
})
if ferr != nil {
err = ferr
}
return
}
func getSocketDomain(fd int) (int, error) {
return unix.GetsockoptInt(fd, unix.SOL_SOCKET, unix.SO_DOMAIN)
}
func getSocketOriginalDst(fd int, sa *unix.RawSockaddrAny) error {
const SO_ORIGINAL_DST = 80
p, n := unsafe.Pointer(sa), int(unsafe.Sizeof(*sa))
family, err := getSocketDomain(fd)
if err != nil {
return err
}
switch family {
case unix.AF_INET6:
err := getsockopt(fd, unix.SOL_IPV6, SO_ORIGINAL_DST, p, n)
if !errors.Is(err, unix.ENOENT) {
return err
}
// skipped check for ipv4 encoded as ipv6 address
fallthrough
case unix.AF_INET:
return getsockopt(fd, unix.SOL_IP, SO_ORIGINAL_DST, p, n)
default:
return errors.New("unknown address family")
}
}
func getConnOriginalAddr(conn net.Conn, addr *string) error {
var sa unix.RawSockaddrAny
f := func(fd int) error {
return getSocketOriginalDst(fd, &sa)
}
if err := withConnControl(conn, f); err != nil {
return fmt.Errorf("get-original-addr: %w", err)
}
var host net.IP
var port uint16
switch sa.Addr.Family {
case unix.AF_INET:
sin := (*unix.RawSockaddrInet4)(unsafe.Pointer(&sa))
host, port = sin.Addr[:], sin.Port
case unix.AF_INET6:
sin := (*unix.RawSockaddrInet6)(unsafe.Pointer(&sa))
host, port = sin.Addr[:], sin.Port
default:
return errors.New("get-original-addr: unknown address family")
}
*addr = net.JoinHostPort(host.String(), strconv.Itoa(int(be16toh(port))))
return nil
}
func setSocketTransparent(fd int) error {
family, err := getSocketDomain(fd)
if err != nil {
return err
}
var level, opt int
switch family {
case unix.AF_INET6:
level, opt = unix.SOL_IPV6, unix.IPV6_TRANSPARENT
case unix.AF_INET:
level, opt = unix.SOL_IP, unix.IP_TRANSPARENT
default:
return errors.New("unknown address family")
}
return unix.SetsockoptInt(fd, level, opt, 1)
}
func setConnTransparent(conn interface{}) error {
f := func(fd int) error {
return setSocketTransparent(fd)
}
if err := withConnControl(conn, f); err != nil {
return fmt.Errorf("set-transparent: %w", err)
}
return nil
}
|
