remove pkgs to github.com/go-gost/x

2022-04-04 11:30:31 +08:00
parent 6340d5198f
commit 04f6ed4708
78 changed files with 11 additions and 5627 deletions
--- a/common/matcher/matcher.go
+++ b/common/matcher/matcher.go
@ -1,99 +0,0 @@
-package matcher
-
-import (
-	"net"
-	"strings"
-
-	"github.com/gobwas/glob"
-)
-
-// Matcher is a generic pattern matcher,
-// it gives the match result of the given pattern for specific v.
-type Matcher interface {
-	Match(v string) bool
-}
-
-// NewMatcher creates a Matcher for the given pattern.
-// The acutal Matcher depends on the pattern:
-// IP Matcher if pattern is a valid IP address.
-// CIDR Matcher if pattern is a valid CIDR address.
-// Domain Matcher if both of the above are not.
-func NewMatcher(pattern string) Matcher {
-	if pattern == "" {
-		return nil
-	}
-	if ip := net.ParseIP(pattern); ip != nil {
-		return IPMatcher(ip)
-	}
-	if _, inet, err := net.ParseCIDR(pattern); err == nil {
-		return CIDRMatcher(inet)
-	}
-	return DomainMatcher(pattern)
-}
-
-type ipMatcher struct {
-	ip net.IP
-}
-
-// IPMatcher creates a Matcher for a specific IP address.
-func IPMatcher(ip net.IP) Matcher {
-	return &ipMatcher{
-		ip: ip,
-	}
-}
-
-func (m *ipMatcher) Match(ip string) bool {
-	if m == nil {
-		return false
-	}
-	return m.ip.Equal(net.ParseIP(ip))
-}
-
-type cidrMatcher struct {
-	ipNet *net.IPNet
-}
-
-// CIDRMatcher creates a Matcher for a specific CIDR notation IP address.
-func CIDRMatcher(inet *net.IPNet) Matcher {
-	return &cidrMatcher{
-		ipNet: inet,
-	}
-}
-
-func (m *cidrMatcher) Match(ip string) bool {
-	if m == nil || m.ipNet == nil {
-		return false
-	}
-	return m.ipNet.Contains(net.ParseIP(ip))
-}
-
-type domainMatcher struct {
-	pattern string
-	glob    glob.Glob
-}
-
-// DomainMatcher creates a Matcher for a specific domain pattern,
-// the pattern can be a plain domain such as 'example.com',
-// a wildcard such as '*.exmaple.com' or a special wildcard '.example.com'.
-func DomainMatcher(pattern string) Matcher {
-	p := pattern
-	if strings.HasPrefix(pattern, ".") {
-		p = pattern[1:] // trim the prefix '.'
-		pattern = "*" + p
-	}
-	return &domainMatcher{
-		pattern: p,
-		glob:    glob.MustCompile(pattern),
-	}
-}
-
-func (m *domainMatcher) Match(domain string) bool {
-	if m == nil || m.glob == nil {
-		return false
-	}
-
-	if domain == m.pattern {
-		return true
-	}
-	return m.glob.Match(domain)
-}
--- a/common/util/resolver/cache.go
+++ b/common/util/resolver/cache.go
@ -1,88 +0,0 @@
-package resolver
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/go-gost/core/logger"
-	"github.com/miekg/dns"
-)
-
-type CacheKey string
-
-// NewCacheKey generates resolver cache key from question of dns query.
-func NewCacheKey(q *dns.Question) CacheKey {
-	if q == nil {
-		return ""
-	}
-	key := fmt.Sprintf("%s%s.%s", q.Name, dns.Class(q.Qclass).String(), dns.Type(q.Qtype).String())
-	return CacheKey(key)
-}
-
-type cacheItem struct {
-	msg *dns.Msg
-	ts  time.Time
-	ttl time.Duration
-}
-
-type Cache struct {
-	m      sync.Map
-	logger logger.Logger
-}
-
-func NewCache() *Cache {
-	return &Cache{}
-}
-
-func (c *Cache) WithLogger(logger logger.Logger) *Cache {
-	c.logger = logger
-	return c
-}
-
-func (c *Cache) Load(key CacheKey) *dns.Msg {
-	v, ok := c.m.Load(key)
-	if !ok {
-		return nil
-	}
-
-	item, ok := v.(*cacheItem)
-	if !ok {
-		return nil
-	}
-
-	if time.Since(item.ts) > item.ttl {
-		c.m.Delete(key)
-		return nil
-	}
-
-	c.logger.Debugf("hit resolver cache: %s", key)
-
-	return item.msg.Copy()
-}
-
-func (c *Cache) Store(key CacheKey, mr *dns.Msg, ttl time.Duration) {
-	if key == "" || mr == nil || ttl < 0 {
-		return
-	}
-
-	if ttl == 0 {
-		for _, answer := range mr.Answer {
-			v := time.Duration(answer.Header().Ttl) * time.Second
-			if ttl == 0 || ttl > v {
-				ttl = v
-			}
-		}
-	}
-	if ttl == 0 {
-		ttl = 30 * time.Second
-	}
-
-	c.m.Store(key, &cacheItem{
-		msg: mr.Copy(),
-		ts:  time.Now(),
-		ttl: ttl,
-	})
-
-	c.logger.Debugf("resolver cache store: %s, ttl: %v", key, ttl)
-}
--- a/common/util/resolver/resolver.go
+++ b/common/util/resolver/resolver.go
@ -1,30 +0,0 @@
-package resolver
-
-import (
-	"net"
-
-	"github.com/miekg/dns"
-)
-
-func AddSubnetOpt(m *dns.Msg, ip net.IP) {
-	if m == nil || ip == nil {
-		return
-	}
-
-	opt := new(dns.OPT)
-	opt.Hdr.Name = "."
-	opt.Hdr.Rrtype = dns.TypeOPT
-	e := new(dns.EDNS0_SUBNET)
-	e.Code = dns.EDNS0SUBNET
-	if ip := ip.To4(); ip != nil {
-		e.Family = 1
-		e.SourceNetmask = 24
-		e.Address = ip
-	} else {
-		e.Family = 2
-		e.SourceNetmask = 128
-		e.Address = ip.To16()
-	}
-	opt.Option = append(opt.Option, e)
-	m.Extra = append(m.Extra, opt)
-}
--- a/common/util/tls/tls.go
+++ b/common/util/tls/tls.go
@ -1,178 +0,0 @@
-package tls
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"errors"
-	"io/ioutil"
-	"net"
-	"time"
-)
-
-var (
-	// DefaultConfig is a default TLS config for global use.
-	DefaultConfig *tls.Config
-)
-
-// LoadServerConfig loads the certificate from cert & key files and optional client CA file.
-func LoadServerConfig(certFile, keyFile, caFile string) (*tls.Config, error) {
-	if certFile == "" && keyFile == "" {
-		return DefaultConfig.Clone(), nil
-	}
-
-	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-	if err != nil {
-		return nil, err
-	}
-
-	cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
-
-	pool, err := loadCA(caFile)
-	if err != nil {
-		return nil, err
-	}
-	if pool != nil {
-		cfg.ClientCAs = pool
-		cfg.ClientAuth = tls.RequireAndVerifyClientCert
-	}
-
-	return cfg, nil
-}
-
-// LoadClientConfig loads the certificate from cert & key files and optional CA file.
-func LoadClientConfig(certFile, keyFile, caFile string, verify bool, serverName string) (*tls.Config, error) {
-	var cfg *tls.Config
-
-	if certFile == "" && keyFile == "" {
-		cfg = &tls.Config{}
-	} else {
-		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
-		if err != nil {
-			return nil, err
-		}
-
-		cfg = &tls.Config{
-			Certificates: []tls.Certificate{cert},
-		}
-	}
-
-	rootCAs, err := loadCA(caFile)
-	if err != nil {
-		return nil, err
-	}
-
-	cfg.RootCAs = rootCAs
-	cfg.ServerName = serverName
-	cfg.InsecureSkipVerify = !verify
-
-	// If the root ca is given, but skip verify, we verify the certificate manually.
-	if cfg.RootCAs != nil && !verify {
-		cfg.VerifyConnection = func(state tls.ConnectionState) error {
-			opts := x509.VerifyOptions{
-				Roots:         cfg.RootCAs,
-				CurrentTime:   time.Now(),
-				DNSName:       "",
-				Intermediates: x509.NewCertPool(),
-			}
-
-			certs := state.PeerCertificates
-			for i, cert := range certs {
-				if i == 0 {
-					continue
-				}
-				opts.Intermediates.AddCert(cert)
-			}
-
-			_, err := certs[0].Verify(opts)
-			return err
-		}
-	}
-
-	return cfg, nil
-}
-
-func loadCA(caFile string) (cp *x509.CertPool, err error) {
-	if caFile == "" {
-		return
-	}
-	cp = x509.NewCertPool()
-	data, err := ioutil.ReadFile(caFile)
-	if err != nil {
-		return nil, err
-	}
-	if !cp.AppendCertsFromPEM(data) {
-		return nil, errors.New("AppendCertsFromPEM failed")
-	}
-	return
-}
-
-// Wrap a net.Conn into a client tls connection, performing any
-// additional verification as needed.
-//
-// As of go 1.3, crypto/tls only supports either doing no certificate
-// verification, or doing full verification including of the peer's
-// DNS name. For consul, we want to validate that the certificate is
-// signed by a known CA, but because consul doesn't use DNS names for
-// node names, we don't verify the certificate DNS names. Since go 1.3
-// no longer supports this mode of operation, we have to do it
-// manually.
-//
-// This code is taken from consul:
-// https://github.com/hashicorp/consul/blob/master/tlsutil/config.go
-func WrapTLSClient(conn net.Conn, tlsConfig *tls.Config, timeout time.Duration) (net.Conn, error) {
-	var err error
-	var tlsConn *tls.Conn
-
-	if timeout > 0 {
-		conn.SetDeadline(time.Now().Add(timeout))
-		defer conn.SetDeadline(time.Time{})
-	}
-
-	tlsConn = tls.Client(conn, tlsConfig)
-
-	// Otherwise perform handshake, but don't verify the domain
-	//
-	// The following is lightly-modified from the doFullHandshake
-	// method in https://golang.org/src/crypto/tls/handshake_client.go
-	if err = tlsConn.Handshake(); err != nil {
-		tlsConn.Close()
-		return nil, err
-	}
-
-	// We can do this in `tls.Config.VerifyConnection`, which effective for
-	// other TLS protocols such as WebSocket. See `route.go:parseChainNode`
-	/*
-		// If crypto/tls is doing verification, there's no need to do our own.
-		if tlsConfig.InsecureSkipVerify == false {
-			return tlsConn, nil
-		}
-
-		// Similarly if we use host's CA, we can do full handshake
-		if tlsConfig.RootCAs == nil {
-			return tlsConn, nil
-		}
-
-		opts := x509.VerifyOptions{
-			Roots:         tlsConfig.RootCAs,
-			CurrentTime:   time.Now(),
-			DNSName:       "",
-			Intermediates: x509.NewCertPool(),
-		}
-
-		certs := tlsConn.ConnectionState().PeerCertificates
-		for i, cert := range certs {
-			if i == 0 {
-				continue
-			}
-			opts.Intermediates.AddCert(cert)
-		}
-
-		_, err = certs[0].Verify(opts)
-		if err != nil {
-			tlsConn.Close()
-			return nil, err
-		}
-	*/
-
-	return tlsConn, err
-}