add conn limiter

limiter/traffic/generator.go

@@ -0,0 +1,61 @@
+package traffic
+
+import (
+	limiter "github.com/go-gost/core/limiter/traffic"
+)
+
+type TrafficLimitGenerator interface {
+	In() limiter.Limiter
+	Out() limiter.Limiter
+}
+
+type trafficLimitGenerator struct {
+	in  int
+	out int
+}
+
+func NewTrafficLimitGenerator(in, out int) TrafficLimitGenerator {
+	return &trafficLimitGenerator{
+		in:  in,
+		out: out,
+	}
+}
+
+func (p *trafficLimitGenerator) In() limiter.Limiter {
+	if p == nil || p.in <= 0 {
+		return nil
+	}
+	return NewLimiter(p.in)
+}
+
+func (p *trafficLimitGenerator) Out() limiter.Limiter {
+	if p == nil || p.out <= 0 {
+		return nil
+	}
+	return NewLimiter(p.out)
+}
+
+type trafficLimitSingleGenerator struct {
+	in  limiter.Limiter
+	out limiter.Limiter
+}
+
+func NewTrafficLimitSingleGenerator(in, out int) TrafficLimitGenerator {
+	p := &trafficLimitSingleGenerator{}
+	if in > 0 {
+		p.in = NewLimiter(in)
+	}
+	if out > 0 {
+		p.out = NewLimiter(out)
+	}
+
+	return p
+}
+
+func (p *trafficLimitSingleGenerator) In() limiter.Limiter {
+	return p.in
+}
+
+func (p *trafficLimitSingleGenerator) Out() limiter.Limiter {
+	return p.out
+}

limiter/traffic/limiter.go

@@ -0,0 +1,30 @@
+package traffic
+
+import (
+	"context"
+
+	limiter "github.com/go-gost/core/limiter/traffic"
+	"golang.org/x/time/rate"
+)
+
+type llimiter struct {
+	limiter *rate.Limiter
+}
+
+func NewLimiter(r int) limiter.Limiter {
+	return &llimiter{
+		limiter: rate.NewLimiter(rate.Limit(r), r),
+	}
+}
+
+func (l *llimiter) Wait(ctx context.Context, n int) int {
+	if l.limiter.Burst() < n {
+		n = l.limiter.Burst()
+	}
+	l.limiter.WaitN(ctx, n)
+	return n
+}
+
+func (l *llimiter) Limit() int {
+	return l.limiter.Burst()
+}

limiter/traffic/traffic.go

@@ -0,0 +1,412 @@
+package traffic
+
+import (
+	"bufio"
+	"context"
+	"io"
+	"net"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/alecthomas/units"
+	limiter "github.com/go-gost/core/limiter/traffic"
+	"github.com/go-gost/core/logger"
+	"github.com/go-gost/x/internal/loader"
+	"github.com/yl2chen/cidranger"
+)
+
+const (
+	GlobalLimitKey = "$"
+	ConnLimitKey   = "$$"
+)
+
+type limiterGroup struct {
+	limiters []limiter.Limiter
+}
+
+func newLimiterGroup(limiters ...limiter.Limiter) *limiterGroup {
+	sort.Slice(limiters, func(i, j int) bool {
+		return limiters[i].Limit() < limiters[j].Limit()
+	})
+	return &limiterGroup{limiters: limiters}
+}
+
+func (l *limiterGroup) Wait(ctx context.Context, n int) int {
+	for i := range l.limiters {
+		if v := l.limiters[i].Wait(ctx, n); v < n {
+			n = v
+		}
+	}
+	return n
+}
+
+func (l *limiterGroup) Limit() int {
+	if len(l.limiters) == 0 {
+		return 0
+	}
+
+	return l.limiters[0].Limit()
+}
+
+type options struct {
+	limits      []string
+	fileLoader  loader.Loader
+	redisLoader loader.Loader
+	period      time.Duration
+	logger      logger.Logger
+}
+
+type Option func(opts *options)
+
+func LimitsOption(limits ...string) Option {
+	return func(opts *options) {
+		opts.limits = limits
+	}
+}
+
+func ReloadPeriodOption(period time.Duration) Option {
+	return func(opts *options) {
+		opts.period = period
+	}
+}
+
+func FileLoaderOption(fileLoader loader.Loader) Option {
+	return func(opts *options) {
+		opts.fileLoader = fileLoader
+	}
+}
+
+func RedisLoaderOption(redisLoader loader.Loader) Option {
+	return func(opts *options) {
+		opts.redisLoader = redisLoader
+	}
+}
+
+func LoggerOption(logger logger.Logger) Option {
+	return func(opts *options) {
+		opts.logger = logger
+	}
+}
+
+type trafficLimiter struct {
+	ipLimits   map[string]TrafficLimitGenerator
+	cidrLimits cidranger.Ranger
+	inLimits   map[string]limiter.Limiter
+	outLimits  map[string]limiter.Limiter
+	mu         sync.RWMutex
+	cancelFunc context.CancelFunc
+	options    options
+}
+
+func NewTrafficLimiter(opts ...Option) limiter.TrafficLimiter {
+	var options options
+	for _, opt := range opts {
+		opt(&options)
+	}
+
+	ctx, cancel := context.WithCancel(context.TODO())
+	lim := &trafficLimiter{
+		ipLimits:   make(map[string]TrafficLimitGenerator),
+		cidrLimits: cidranger.NewPCTrieRanger(),
+		inLimits:   make(map[string]limiter.Limiter),
+		outLimits:  make(map[string]limiter.Limiter),
+		options:    options,
+		cancelFunc: cancel,
+	}
+
+	if err := lim.reload(ctx); err != nil {
+		options.logger.Warnf("reload: %v", err)
+	}
+	if lim.options.period > 0 {
+		go lim.periodReload(ctx)
+	}
+	return lim
+}
+
+func (l *trafficLimiter) In(key string) limiter.Limiter {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	if lim, ok := l.inLimits[key]; ok {
+		return lim
+	}
+
+	var lims []limiter.Limiter
+
+	if ip := net.ParseIP(key); ip != nil {
+		found := false
+		if p := l.ipLimits[key]; p != nil {
+			if lim := p.In(); lim != nil {
+				lims = append(lims, lim)
+				found = true
+			}
+		}
+		if !found {
+			if p, _ := l.cidrLimits.ContainingNetworks(ip); len(p) > 0 {
+				if v, _ := p[0].(*cidrLimitEntry); v != nil {
+					if lim := v.limit.In(); lim != nil {
+						lims = append(lims, lim)
+					}
+				}
+			}
+		}
+	}
+
+	if p := l.ipLimits[ConnLimitKey]; p != nil {
+		if lim := p.In(); lim != nil {
+			lims = append(lims, lim)
+		}
+	}
+	if p := l.ipLimits[GlobalLimitKey]; p != nil {
+		if lim := p.In(); lim != nil {
+			lims = append(lims, lim)
+		}
+	}
+
+	var lim limiter.Limiter
+	if len(lims) > 0 {
+		lim = newLimiterGroup(lims...)
+	}
+	l.inLimits[key] = lim
+
+	if lim != nil && l.options.logger != nil {
+		l.options.logger.Debugf("input limit for %s: %d", key, lim.Limit())
+	}
+
+	return lim
+}
+
+func (l *trafficLimiter) Out(key string) limiter.Limiter {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	if lim, ok := l.outLimits[key]; ok {
+		return lim
+	}
+
+	var lims []limiter.Limiter
+
+	if ip := net.ParseIP(key); ip != nil {
+		found := false
+		if p := l.ipLimits[key]; p != nil {
+			if lim := p.Out(); lim != nil {
+				lims = append(lims, lim)
+				found = true
+			}
+		}
+		if !found {
+			if p, _ := l.cidrLimits.ContainingNetworks(ip); len(p) > 0 {
+				if v, _ := p[0].(*cidrLimitEntry); v != nil {
+					if lim := v.limit.Out(); lim != nil {
+						lims = append(lims, lim)
+					}
+				}
+			}
+		}
+	}
+
+	if p := l.ipLimits[ConnLimitKey]; p != nil {
+		if lim := p.Out(); lim != nil {
+			lims = append(lims, lim)
+		}
+	}
+	if p := l.ipLimits[GlobalLimitKey]; p != nil {
+		if lim := p.Out(); lim != nil {
+			lims = append(lims, lim)
+		}
+	}
+
+	var lim limiter.Limiter
+	if len(lims) > 0 {
+		lim = newLimiterGroup(lims...)
+	}
+	l.outLimits[key] = lim
+
+	if lim != nil && l.options.logger != nil {
+		l.options.logger.Debugf("output limit for %s: %d", key, lim.Limit())
+	}
+
+	return lim
+}
+
+func (l *trafficLimiter) periodReload(ctx context.Context) error {
+	period := l.options.period
+	if period < time.Second {
+		period = time.Second
+	}
+	ticker := time.NewTicker(period)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			if err := l.reload(ctx); err != nil {
+				l.options.logger.Warnf("reload: %v", err)
+				// return err
+			}
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	}
+}
+
+func (l *trafficLimiter) reload(ctx context.Context) error {
+	v, err := l.load(ctx)
+	if err != nil {
+		return err
+	}
+
+	lines := append(l.options.limits, v...)
+
+	ipLimits := make(map[string]TrafficLimitGenerator)
+	cidrLimits := cidranger.NewPCTrieRanger()
+
+	for _, s := range lines {
+		key, in, out := l.parseLimit(s)
+		if key == "" {
+			continue
+		}
+		switch key {
+		case GlobalLimitKey:
+			ipLimits[key] = NewTrafficLimitSingleGenerator(in, out)
+		case ConnLimitKey:
+			ipLimits[key] = NewTrafficLimitGenerator(in, out)
+		default:
+			if ip := net.ParseIP(key); ip != nil {
+				ipLimits[key] = NewTrafficLimitGenerator(in, out)
+				break
+			}
+			if _, ipNet, _ := net.ParseCIDR(key); ipNet != nil {
+				cidrLimits.Insert(&cidrLimitEntry{
+					ipNet: *ipNet,
+					limit: NewTrafficLimitGenerator(in, out),
+				})
+			}
+		}
+	}
+
+	l.mu.Lock()
+	defer l.mu.Unlock()
+
+	l.ipLimits = ipLimits
+	l.cidrLimits = cidrLimits
+	l.inLimits = make(map[string]limiter.Limiter)
+	l.outLimits = make(map[string]limiter.Limiter)
+
+	return nil
+}
+
+func (l *trafficLimiter) load(ctx context.Context) (patterns []string, err error) {
+	if l.options.fileLoader != nil {
+		if lister, ok := l.options.fileLoader.(loader.Lister); ok {
+			list, er := lister.List(ctx)
+			if er != nil {
+				l.options.logger.Warnf("file loader: %v", er)
+			}
+			for _, s := range list {
+				if line := l.parseLine(s); line != "" {
+					patterns = append(patterns, line)
+				}
+			}
+		} else {
+			r, er := l.options.fileLoader.Load(ctx)
+			if er != nil {
+				l.options.logger.Warnf("file loader: %v", er)
+			}
+			if v, _ := l.parsePatterns(r); v != nil {
+				patterns = append(patterns, v...)
+			}
+		}
+	}
+	if l.options.redisLoader != nil {
+		if lister, ok := l.options.redisLoader.(loader.Lister); ok {
+			list, er := lister.List(ctx)
+			if er != nil {
+				l.options.logger.Warnf("redis loader: %v", er)
+			}
+			patterns = append(patterns, list...)
+		} else {
+			r, er := l.options.redisLoader.Load(ctx)
+			if er != nil {
+				l.options.logger.Warnf("redis loader: %v", er)
+			}
+			if v, _ := l.parsePatterns(r); v != nil {
+				patterns = append(patterns, v...)
+			}
+		}
+	}
+
+	l.options.logger.Debugf("load items %d", len(patterns))
+	return
+}
+
+func (l *trafficLimiter) parsePatterns(r io.Reader) (patterns []string, err error) {
+	if r == nil {
+		return
+	}
+
+	scanner := bufio.NewScanner(r)
+	for scanner.Scan() {
+		if line := l.parseLine(scanner.Text()); line != "" {
+			patterns = append(patterns, line)
+		}
+	}
+
+	err = scanner.Err()
+	return
+}
+
+func (l *trafficLimiter) parseLine(s string) string {
+	if n := strings.IndexByte(s, '#'); n >= 0 {
+		s = s[:n]
+	}
+	return strings.TrimSpace(s)
+}
+
+func (l *trafficLimiter) parseLimit(s string) (key string, in, out int) {
+	s = strings.Replace(s, "\t", " ", -1)
+	s = strings.TrimSpace(s)
+	var ss []string
+	for _, v := range strings.Split(s, " ") {
+		if v != "" {
+			ss = append(ss, v)
+		}
+	}
+	if len(ss) < 2 {
+		return
+	}
+
+	key = ss[0]
+	if v, _ := units.ParseBase2Bytes(ss[1]); v > 0 {
+		in = int(v)
+	}
+	if len(ss) > 2 {
+		if v, _ := units.ParseBase2Bytes(ss[2]); v > 0 {
+			out = int(v)
+		}
+	}
+
+	return
+}
+
+func (l *trafficLimiter) Close() error {
+	l.cancelFunc()
+	if l.options.fileLoader != nil {
+		l.options.fileLoader.Close()
+	}
+	if l.options.redisLoader != nil {
+		l.options.redisLoader.Close()
+	}
+	return nil
+}
+
+type cidrLimitEntry struct {
+	ipNet net.IPNet
+	limit TrafficLimitGenerator
+}
+
+func (p *cidrLimitEntry) Network() net.IPNet {
+	return p.ipNet
+}

limiter/traffic/wrapper/conn.go

@@ -0,0 +1,340 @@
+package wrapper
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"io"
+	"net"
+	"syscall"
+
+	limiter "github.com/go-gost/core/limiter/traffic"
+	xnet "github.com/go-gost/x/internal/net"
+	"github.com/go-gost/x/internal/net/udp"
+)
+
+var (
+	errUnsupport = errors.New("unsupported operation")
+)
+
+// serverConn is a server side Conn with metrics supported.
+type serverConn struct {
+	net.Conn
+	rbuf     bytes.Buffer
+	raddr    string
+	rlimiter limiter.TrafficLimiter
+}
+
+func WrapConn(rlimiter limiter.TrafficLimiter, c net.Conn) net.Conn {
+	if rlimiter == nil {
+		return c
+	}
+	host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
+	return &serverConn{
+		Conn:     c,
+		rlimiter: rlimiter,
+		raddr:    host,
+	}
+}
+
+func (c *serverConn) Read(b []byte) (n int, err error) {
+	if c.rlimiter == nil ||
+		c.rlimiter.In(c.raddr) == nil {
+		return c.Conn.Read(b)
+	}
+
+	limiter := c.rlimiter.In(c.raddr)
+
+	if c.rbuf.Len() > 0 {
+		burst := len(b)
+		if c.rbuf.Len() < burst {
+			burst = c.rbuf.Len()
+		}
+		lim := limiter.Wait(context.Background(), burst)
+		return c.rbuf.Read(b[:lim])
+	}
+
+	nn, err := c.Conn.Read(b)
+	if err != nil {
+		return nn, err
+	}
+
+	n = limiter.Wait(context.Background(), nn)
+	if n < nn {
+		if _, err = c.rbuf.Write(b[n:nn]); err != nil {
+			return 0, err
+		}
+	}
+
+	return
+}
+
+func (c *serverConn) Write(b []byte) (n int, err error) {
+	if c.rlimiter == nil ||
+		c.rlimiter.Out(c.raddr) == nil {
+		return c.Conn.Write(b)
+	}
+
+	limiter := c.rlimiter.Out(c.raddr)
+	nn := 0
+	for len(b) > 0 {
+		nn, err = c.Conn.Write(b[:limiter.Wait(context.Background(), len(b))])
+		n += nn
+		if err != nil {
+			return
+		}
+		b = b[nn:]
+	}
+
+	return
+}
+
+func (c *serverConn) SyscallConn() (rc syscall.RawConn, err error) {
+	if sc, ok := c.Conn.(syscall.Conn); ok {
+		rc, err = sc.SyscallConn()
+		return
+	}
+	err = errUnsupport
+	return
+}
+
+type packetConn struct {
+	net.PacketConn
+	limiter limiter.TrafficLimiter
+}
+
+func WrapPacketConn(limiter limiter.TrafficLimiter, pc net.PacketConn) net.PacketConn {
+	if limiter == nil {
+		return pc
+	}
+	return &packetConn{
+		PacketConn: pc,
+		limiter:    limiter,
+	}
+}
+
+func (c *packetConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	for {
+		n, addr, err = c.PacketConn.ReadFrom(p)
+		if err != nil {
+			return
+		}
+
+		host, _, _ := net.SplitHostPort(addr.String())
+
+		if c.limiter == nil || c.limiter.In(host) == nil {
+			return
+		}
+
+		limiter := c.limiter.In(host)
+		// discard when exceed the limit size.
+		if limiter.Wait(context.Background(), n) < n {
+			continue
+		}
+
+		return
+	}
+}
+
+func (c *packetConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	if c.limiter != nil {
+		host, _, _ := net.SplitHostPort(addr.String())
+		// discard when exceed the limit size.
+		if limiter := c.limiter.Out(host); limiter != nil &&
+			limiter.Wait(context.Background(), len(p)) < len(p) {
+			n = len(p)
+			return
+		}
+	}
+
+	return c.PacketConn.WriteTo(p, addr)
+}
+
+type udpConn struct {
+	net.PacketConn
+	limiter limiter.TrafficLimiter
+}
+
+func WrapUDPConn(limiter limiter.TrafficLimiter, pc net.PacketConn) udp.Conn {
+	return &udpConn{
+		PacketConn: pc,
+		limiter:    limiter,
+	}
+}
+
+func (c *udpConn) RemoteAddr() net.Addr {
+	if nc, ok := c.PacketConn.(xnet.RemoteAddr); ok {
+		return nc.RemoteAddr()
+	}
+	return nil
+}
+
+func (c *udpConn) SetReadBuffer(n int) error {
+	if nc, ok := c.PacketConn.(xnet.SetBuffer); ok {
+		return nc.SetReadBuffer(n)
+	}
+	return errUnsupport
+}
+
+func (c *udpConn) SetWriteBuffer(n int) error {
+	if nc, ok := c.PacketConn.(xnet.SetBuffer); ok {
+		return nc.SetWriteBuffer(n)
+	}
+	return errUnsupport
+}
+
+func (c *udpConn) Read(b []byte) (n int, err error) {
+	if nc, ok := c.PacketConn.(io.Reader); ok {
+		n, err = nc.Read(b)
+		return
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	for {
+		n, addr, err = c.PacketConn.ReadFrom(p)
+		if err != nil {
+			return
+		}
+		host, _, _ := net.SplitHostPort(addr.String())
+
+		if c.limiter == nil || c.limiter.In(host) == nil {
+			return
+		}
+		limiter := c.limiter.In(host)
+		// discard when exceed the limit size.
+		if limiter.Wait(context.Background(), n) < n {
+			continue
+		}
+		return
+	}
+}
+
+func (c *udpConn) ReadFromUDP(b []byte) (n int, addr *net.UDPAddr, err error) {
+	if nc, ok := c.PacketConn.(udp.ReadUDP); ok {
+		for {
+			n, addr, err = nc.ReadFromUDP(b)
+			if err != nil {
+				return
+			}
+
+			host, _, _ := net.SplitHostPort(addr.String())
+
+			if c.limiter == nil || c.limiter.In(host) == nil {
+				return
+			}
+			limiter := c.limiter.In(host)
+			// discard when exceed the limit size.
+			if limiter.Wait(context.Background(), n) < n {
+				continue
+			}
+			return
+		}
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) ReadMsgUDP(b, oob []byte) (n, oobn, flags int, addr *net.UDPAddr, err error) {
+	if nc, ok := c.PacketConn.(udp.ReadUDP); ok {
+		for {
+			n, oobn, flags, addr, err = nc.ReadMsgUDP(b, oob)
+			if err != nil {
+				return
+			}
+
+			host, _, _ := net.SplitHostPort(addr.String())
+
+			if c.limiter == nil || c.limiter.In(host) == nil {
+				return
+			}
+			limiter := c.limiter.In(host)
+			// discard when exceed the limit size.
+			if limiter.Wait(context.Background(), n) < n {
+				continue
+			}
+			return
+		}
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) Write(b []byte) (n int, err error) {
+	if nc, ok := c.PacketConn.(io.Writer); ok {
+		n, err = nc.Write(b)
+		return
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	if c.limiter != nil {
+		host, _, _ := net.SplitHostPort(addr.String())
+		// discard when exceed the limit size.
+		if limiter := c.limiter.Out(host); limiter != nil &&
+			limiter.Wait(context.Background(), len(p)) < len(p) {
+			n = len(p)
+			return
+		}
+	}
+
+	n, err = c.PacketConn.WriteTo(p, addr)
+	return
+}
+
+func (c *udpConn) WriteToUDP(b []byte, addr *net.UDPAddr) (n int, err error) {
+	if c.limiter != nil {
+		host, _, _ := net.SplitHostPort(addr.String())
+		// discard when exceed the limit size.
+		if limiter := c.limiter.Out(host); limiter != nil &&
+			limiter.Wait(context.Background(), len(b)) < len(b) {
+			n = len(b)
+			return
+		}
+	}
+
+	if nc, ok := c.PacketConn.(udp.WriteUDP); ok {
+		n, err = nc.WriteToUDP(b, addr)
+		return
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) WriteMsgUDP(b, oob []byte, addr *net.UDPAddr) (n, oobn int, err error) {
+	if c.limiter != nil {
+		host, _, _ := net.SplitHostPort(addr.String())
+		// discard when exceed the limit size.
+		if limiter := c.limiter.Out(host); limiter != nil &&
+			limiter.Wait(context.Background(), len(b)) < len(b) {
+			n = len(b)
+			return
+		}
+	}
+
+	if nc, ok := c.PacketConn.(udp.WriteUDP); ok {
+		n, oobn, err = nc.WriteMsgUDP(b, oob, addr)
+		return
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) SyscallConn() (rc syscall.RawConn, err error) {
+	if nc, ok := c.PacketConn.(xnet.SyscallConn); ok {
+		return nc.SyscallConn()
+	}
+	err = errUnsupport
+	return
+}
+
+func (c *udpConn) SetDSCP(n int) error {
+	if nc, ok := c.PacketConn.(xnet.SetDSCP); ok {
+		return nc.SetDSCP(n)
+	}
+	return nil
+}

limiter/traffic/wrapper/listener.go

@@ -0,0 +1,32 @@
+package wrapper
+
+import (
+	"net"
+
+	limiter "github.com/go-gost/core/limiter/traffic"
+)
+
+type listener struct {
+	net.Listener
+	limiter limiter.TrafficLimiter
+}
+
+func WrapListener(limiter limiter.TrafficLimiter, ln net.Listener) net.Listener {
+	if limiter == nil {
+		return ln
+	}
+
+	return &listener{
+		limiter:  limiter,
+		Listener: ln,
+	}
+}
+
+func (ln *listener) Accept() (net.Conn, error) {
+	c, err := ln.Listener.Accept()
+	if err != nil {
+		return nil, err
+	}
+
+	return WrapConn(ln.limiter, c), nil
+}