feat: add refresh-server-ip-interval for wireguard outbound

adapter/outbound/wireguard.go

@@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/metacubex/mihomo/common/atomic"
 	CN "github.com/metacubex/mihomo/common/net"
@@ -48,6 +49,10 @@ type WireGuard struct {
 	connectAddr   M.Socksaddr
 	localPrefixes []netip.Prefix
 
+	serverAddrMap   map[M.Socksaddr]netip.AddrPort
+	serverAddrTime  atomic.TypedValue[time.Time]
+	serverAddrMutex sync.Mutex
+
 	closeCh chan struct{} // for test
 }
 
@@ -67,6 +72,8 @@ type WireGuardOption struct {
 
 	RemoteDnsResolve bool     `proxy:"remote-dns-resolve,omitempty"`
 	Dns              []string `proxy:"dns,omitempty"`
+
+	RefreshServerIPInterval int `proxy:"refresh-server-ip-interval,omitempty"`
 }
 
 type WireGuardPeerOption struct {
@@ -287,6 +294,15 @@ func (w *WireGuard) resolve(ctx context.Context, address M.Socksaddr) (netip.Add
 }
 
 func (w *WireGuard) init(ctx context.Context) error {
+	err := w.init0(ctx)
+	if err != nil {
+		return err
+	}
+	w.updateServerAddr(ctx)
+	return nil
+}
+
+func (w *WireGuard) init0(ctx context.Context) error {
 	if w.initOk.Load() {
 		return nil
 	}
@@ -301,44 +317,118 @@ func (w *WireGuard) init(ctx context.Context) error {
 	}
 
 	w.bind.ResetReservedForEndpoint()
-	ipcConf := "private_key=" + w.option.PrivateKey
+	w.serverAddrMap = make(map[M.Socksaddr]netip.AddrPort)
+	ipcConf, err := w.genIpcConf(ctx, false)
+	if err != nil {
+		// !!! do not set initErr here !!!
+		// let us can retry domain resolve in next time
+		return err
+	}
+
+	if debug.Enabled {
+		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", w.option.Name, ipcConf))
+	}
+	err = w.device.IpcSet(ipcConf)
+	if err != nil {
+		w.initErr = E.Cause(err, "setup wireguard")
+		return w.initErr
+	}
+	w.serverAddrTime.Store(time.Now())
+
+	err = w.tunDevice.Start()
+	if err != nil {
+		w.initErr = err
+		return w.initErr
+	}
+
+	w.initOk.Store(true)
+	return nil
+}
+
+func (w *WireGuard) updateServerAddr(ctx context.Context) {
+	if w.option.RefreshServerIPInterval != 0 && time.Since(w.serverAddrTime.Load()) > time.Second*time.Duration(w.option.RefreshServerIPInterval) {
+		if w.serverAddrMutex.TryLock() {
+			defer w.serverAddrMutex.Unlock()
+			ipcConf, err := w.genIpcConf(ctx, true)
+			if err != nil {
+				log.Warnln("[WG](%s)UpdateServerAddr failed to generate wireguard ipc conf: %s", w.option.Name, err)
+				return
+			}
+			err = w.device.IpcSet(ipcConf)
+			if err != nil {
+				log.Warnln("[WG](%s)UpdateServerAddr failed to update wireguard ipc conf: %s", w.option.Name, err)
+				return
+			}
+			w.serverAddrTime.Store(time.Now())
+		}
+	}
+}
+
+func (w *WireGuard) genIpcConf(ctx context.Context, updateOnly bool) (string, error) {
+	ipcConf := ""
+	if !updateOnly {
+		ipcConf += "private_key=" + w.option.PrivateKey + "\n"
+	}
 	if len(w.option.Peers) > 0 {
 		for i, peer := range w.option.Peers {
-			ipcConf += "\npublic_key=" + peer.PublicKey
-			destination, err := w.resolve(ctx, peer.Addr())
+			peerAddr := peer.Addr()
+			destination, err := w.resolve(ctx, peerAddr)
 			if err != nil {
-				// !!! do not set initErr here !!!
-				// let us can retry domain resolve in next time
-				return E.Cause(err, "resolve endpoint domain for peer ", i)
+				return "", E.Cause(err, "resolve endpoint domain for peer ", i)
 			}
+			if w.serverAddrMap[peerAddr] != destination {
+				w.serverAddrMap[peerAddr] = destination
+			} else if updateOnly {
+				continue
+			}
+
 			if len(w.option.Peers) == 1 { // must call SetConnectAddr if isConnect == true
 				w.bind.SetConnectAddr(destination)
 			}
-			ipcConf += "\nendpoint=" + destination.String()
-			if peer.PreSharedKey != "" {
-				ipcConf += "\npreshared_key=" + peer.PreSharedKey
-			}
-			for _, allowedIP := range peer.AllowedIPs {
-				ipcConf += "\nallowed_ip=" + allowedIP
+			ipcConf += "public_key=" + peer.PublicKey + "\n"
+			if updateOnly {
+				ipcConf += "update_only=true\n"
 			}
+			ipcConf += "endpoint=" + destination.String() + "\n"
 			if len(peer.Reserved) > 0 {
 				var reserved [3]uint8
 				copy(reserved[:], w.option.Reserved)
 				w.bind.SetReservedForEndpoint(destination, reserved)
 			}
+			if updateOnly {
+				continue
+			}
+			if peer.PreSharedKey != "" {
+				ipcConf += "preshared_key=" + peer.PreSharedKey + "\n"
+			}
+			for _, allowedIP := range peer.AllowedIPs {
+				ipcConf += "allowed_ip=" + allowedIP + "\n"
+			}
+			if w.option.PersistentKeepalive != 0 {
+				ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
+			}
 		}
 	} else {
-		ipcConf += "\npublic_key=" + w.option.PublicKey
 		destination, err := w.resolve(ctx, w.connectAddr)
 		if err != nil {
-			// !!! do not set initErr here !!!
-			// let us can retry domain resolve in next time
-			return E.Cause(err, "resolve endpoint domain")
+			return "", E.Cause(err, "resolve endpoint domain")
+		}
+		if w.serverAddrMap[w.connectAddr] != destination {
+			w.serverAddrMap[w.connectAddr] = destination
+		} else if updateOnly {
+			return "", nil
 		}
 		w.bind.SetConnectAddr(destination) // must call SetConnectAddr if isConnect == true
-		ipcConf += "\nendpoint=" + destination.String()
+		ipcConf += "public_key=" + w.option.PublicKey + "\n"
+		if updateOnly {
+			ipcConf += "update_only=true\n"
+		}
+		ipcConf += "endpoint=" + destination.String() + "\n"
+		if updateOnly {
+			return ipcConf, nil
+		}
 		if w.option.PreSharedKey != "" {
-			ipcConf += "\npreshared_key=" + w.option.PreSharedKey
+			ipcConf += "preshared_key=" + w.option.PreSharedKey + "\n"
 		}
 		var has4, has6 bool
 		for _, address := range w.localPrefixes {
@@ -349,34 +439,17 @@ func (w *WireGuard) init(ctx context.Context) error {
 			}
 		}
 		if has4 {
-			ipcConf += "\nallowed_ip=0.0.0.0/0"
+			ipcConf += "allowed_ip=0.0.0.0/0\n"
 		}
 		if has6 {
-			ipcConf += "\nallowed_ip=::/0"
+			ipcConf += "allowed_ip=::/0\n"
+		}
+
+		if w.option.PersistentKeepalive != 0 {
+			ipcConf += fmt.Sprintf("persistent_keepalive_interval=%d\n", w.option.PersistentKeepalive)
 		}
 	}
-
-	if w.option.PersistentKeepalive != 0 {
-		ipcConf += fmt.Sprintf("\npersistent_keepalive_interval=%d", w.option.PersistentKeepalive)
-	}
-
-	if debug.Enabled {
-		log.SingLogger.Trace(fmt.Sprintf("[WG](%s) created wireguard ipc conf: \n %s", w.option.Name, ipcConf))
-	}
-	err := w.device.IpcSet(ipcConf)
-	if err != nil {
-		w.initErr = E.Cause(err, "setup wireguard")
-		return w.initErr
-	}
-
-	err = w.tunDevice.Start()
-	if err != nil {
-		w.initErr = err
-		return w.initErr
-	}
-
-	w.initOk.Store(true)
-	return nil
+	return ipcConf, nil
 }
 
 func closeWireGuard(w *WireGuard) {

dns/dialer.go

@@ -0,0 +1,12 @@
+package dns
+
+// export functions from tunnel module
+
+import "github.com/metacubex/mihomo/tunnel"
+
+const RespectRules = tunnel.DnsRespectRules
+
+type dialHandler = tunnel.DnsDialHandler
+
+var getDialHandler = tunnel.GetDnsDialHandler
+var listenPacket = tunnel.DnsListenPacket

docs/config.yaml

@@ -728,6 +728,7 @@ proxies: # socks5
     # dialer-proxy: "ss1"
     # remote-dns-resolve: true # 强制 dns 远程解析，默认值为 false
     # dns: [ 1.1.1.1, 8.8.8.8 ] # 仅在 remote-dns-resolve 为 true 时生效
+    # refresh-server-ip-interval: 60 # 重新解析server ip的间隔，单位为秒，默认值为0即仅第一次链接时解析server域名，仅应在server域名对应的IP会发生变化时启用该选项（如家宽ddns）
     # 如果 peers 不为空，该段落中的 allowed-ips 不可为空；前面段落的 server,port,public-key,pre-shared-key 均会被忽略，但 private-key 会被保留且只能在顶层指定
     # peers:
     #   - server: 162.159.192.1

tunnel/dns_dialer.go

@@ -1,4 +1,6 @@
-package dns
+package tunnel
+
+// WARNING: all function in this file should only be using in dns module
 
 import (
 	"context"
@@ -11,15 +13,14 @@ import (
 	"github.com/metacubex/mihomo/component/dialer"
 	"github.com/metacubex/mihomo/component/resolver"
 	C "github.com/metacubex/mihomo/constant"
-	"github.com/metacubex/mihomo/tunnel"
 	"github.com/metacubex/mihomo/tunnel/statistic"
 )
 
-const RespectRules = "RULES"
+const DnsRespectRules = "RULES"
 
-type dialHandler func(ctx context.Context, network, addr string) (net.Conn, error)
+type DnsDialHandler func(ctx context.Context, network, addr string) (net.Conn, error)
 
-func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string, opts ...dialer.Option) dialHandler {
+func GetDnsDialHandler(r resolver.Resolver, proxyAdapter C.ProxyAdapter, proxyName string, opts ...dialer.Option) DnsDialHandler {
 	return func(ctx context.Context, network, addr string) (net.Conn, error) {
 		if len(proxyName) == 0 && proxyAdapter == nil {
 			opts = append(opts, dialer.WithResolver(r))
@@ -47,22 +48,22 @@ func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string,
 
 			var rule C.Rule
 			if proxyAdapter == nil {
-				if proxyName == RespectRules {
+				if proxyName == DnsRespectRules {
 					if !metadata.Resolved() {
-						// resolve here before ResolveMetadata to avoid its inner resolver.ResolveIP
+						// resolve here before resolveMetadata to avoid its inner resolver.ResolveIP
 						dstIP, err := resolver.ResolveIPWithResolver(ctx, metadata.Host, r)
 						if err != nil {
 							return nil, err
 						}
 						metadata.DstIP = dstIP
 					}
-					proxyAdapter, rule, err = tunnel.ResolveMetadata(metadata)
+					proxyAdapter, rule, err = resolveMetadata(metadata)
 					if err != nil {
 						return nil, err
 					}
 				} else {
 					var ok bool
-					proxyAdapter, ok = tunnel.Proxies()[proxyName]
+					proxyAdapter, ok = Proxies()[proxyName]
 					if !ok {
 						opts = append(opts, dialer.WithInterface(proxyName))
 					}
@@ -88,8 +89,10 @@ func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string,
 
 				conn, err := proxyAdapter.DialContext(ctx, metadata, opts...)
 				if err != nil {
+					logMetadataErr(metadata, rule, proxyAdapter, err)
 					return nil, err
 				}
+				logMetadata(metadata, rule, conn)
 
 				conn = statistic.NewTCPTracker(conn, statistic.DefaultManager, metadata, rule, 0, 0, false)
 
@@ -105,8 +108,10 @@ func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string,
 
 				packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
 				if err != nil {
+					logMetadataErr(metadata, rule, proxyAdapter, err)
 					return nil, err
 				}
+				logMetadata(metadata, rule, packetConn)
 
 				packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
 
@@ -116,7 +121,7 @@ func getDialHandler(r *Resolver, proxyAdapter C.ProxyAdapter, proxyName string,
 	}
 }
 
-func listenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName string, network string, addr string, r *Resolver, opts ...dialer.Option) (net.PacketConn, error) {
+func DnsListenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName string, network string, addr string, r resolver.Resolver, opts ...dialer.Option) (net.PacketConn, error) {
 	metadata := &C.Metadata{
 		NetWork: C.UDP,
 		Type:    C.INNER,
@@ -136,14 +141,14 @@ func listenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName st
 
 	var rule C.Rule
 	if proxyAdapter == nil {
-		if proxyName == RespectRules {
-			proxyAdapter, rule, err = tunnel.ResolveMetadata(metadata)
+		if proxyName == DnsRespectRules {
+			proxyAdapter, rule, err = resolveMetadata(metadata)
 			if err != nil {
 				return nil, err
 			}
 		} else {
 			var ok bool
-			proxyAdapter, ok = tunnel.Proxies()[proxyName]
+			proxyAdapter, ok = Proxies()[proxyName]
 			if !ok {
 				opts = append(opts, dialer.WithInterface(proxyName))
 			}
@@ -160,8 +165,10 @@ func listenPacket(ctx context.Context, proxyAdapter C.ProxyAdapter, proxyName st
 
 	packetConn, err := proxyAdapter.ListenPacketContext(ctx, metadata, opts...)
 	if err != nil {
+		logMetadataErr(metadata, rule, proxyAdapter, err)
 		return nil, err
 	}
+	logMetadata(metadata, rule, packetConn)
 
 	packetConn = statistic.NewUDPTracker(packetConn, statistic.DefaultManager, metadata, rule, 0, 0, false)
 

tunnel/tunnel.go

@@ -8,6 +8,7 @@ import (
 	"net/netip"
 	"path/filepath"
 	"runtime"
+	"strings"
 	"sync"
 	"time"
 
@@ -278,7 +279,7 @@ func preHandleMetadata(metadata *C.Metadata) error {
 	return nil
 }
 
-func ResolveMetadata(metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) {
+func resolveMetadata(metadata *C.Metadata) (proxy C.Proxy, rule C.Rule, err error) {
 	if metadata.SpecialProxy != "" {
 		var exist bool
 		proxy, exist = proxies[metadata.SpecialProxy]
@@ -375,7 +376,7 @@ func handleUDPConn(packet C.PacketAdapter) {
 			cond.Broadcast()
 		}()
 
-		proxy, rule, err := ResolveMetadata(metadata)
+		proxy, rule, err := resolveMetadata(metadata)
 		if err != nil {
 			log.Warnln("[UDP] Parse metadata failed: %s", err.Error())
 			return
@@ -386,43 +387,18 @@ func handleUDPConn(packet C.PacketAdapter) {
 		rawPc, err := retry(ctx, func(ctx context.Context) (C.PacketConn, error) {
 			return proxy.ListenPacketContext(ctx, metadata.Pure())
 		}, func(err error) {
-			if rule == nil {
-				log.Warnln(
-					"[UDP] dial %s %s --> %s error: %s",
-					proxy.Name(),
-					metadata.SourceDetail(),
-					metadata.RemoteAddress(),
-					err.Error(),
-				)
-			} else {
-				log.Warnln("[UDP] dial %s (match %s/%s) %s --> %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
-			}
+			logMetadataErr(metadata, rule, proxy, err)
 		})
 		if err != nil {
 			return
 		}
+		logMetadata(metadata, rule, rawPc)
 
 		pc := statistic.NewUDPTracker(rawPc, statistic.DefaultManager, metadata, rule, 0, 0, true)
 
-		switch true {
-		case metadata.SpecialProxy != "":
-			log.Infoln("[UDP] %s --> %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
-		case rule != nil:
-			if rule.Payload() != "" {
-				log.Infoln("[UDP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), rawPc.Chains().String())
-				if rawPc.Chains().Last() == "REJECT-DROP" {
-					pc.Close()
-					return
-				}
-			} else {
-				log.Infoln("[UDP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.Payload(), rawPc.Chains().String())
-			}
-		case mode == Global:
-			log.Infoln("[UDP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
-		case mode == Direct:
-			log.Infoln("[UDP] %s --> %s using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
-		default:
-			log.Infoln("[UDP] %s --> %s doesn't match any rule using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
+		if rawPc.Chains().Last() == "REJECT-DROP" {
+			pc.Close()
+			return
 		}
 
 		oAddrPort := metadata.AddrPort()
@@ -486,7 +462,7 @@ func handleTCPConn(connCtx C.ConnContext) {
 		}()
 	}
 
-	proxy, rule, err := ResolveMetadata(metadata)
+	proxy, rule, err := resolveMetadata(metadata)
 	if err != nil {
 		log.Warnln("[Metadata] parse failed: %s", err.Error())
 		return
@@ -539,48 +515,18 @@ func handleTCPConn(connCtx C.ConnContext) {
 		}
 		return
 	}, func(err error) {
-		if rule == nil {
-			log.Warnln(
-				"[TCP] dial %s %s --> %s error: %s",
-				proxy.Name(),
-				metadata.SourceDetail(),
-				metadata.RemoteAddress(),
-				err.Error(),
-			)
-		} else {
-			log.Warnln("[TCP] dial %s (match %s/%s) %s --> %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
-		}
+		logMetadataErr(metadata, rule, proxy, err)
 	})
 	if err != nil {
 		return
 	}
+	logMetadata(metadata, rule, remoteConn)
 
 	remoteConn = statistic.NewTCPTracker(remoteConn, statistic.DefaultManager, metadata, rule, 0, int64(peekLen), true)
 	defer func(remoteConn C.Conn) {
 		_ = remoteConn.Close()
 	}(remoteConn)
 
-	switch true {
-	case metadata.SpecialProxy != "":
-		log.Infoln("[TCP] %s --> %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
-	case rule != nil:
-		if rule.Payload() != "" {
-			log.Infoln("[TCP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), remoteConn.Chains().String())
-		} else {
-			log.Infoln("[TCP] %s --> %s match %s using %s", metadata.SourceDetail(), metadata.RemoteAddress(), rule.RuleType().String(), remoteConn.Chains().String())
-		}
-	case mode == Global:
-		log.Infoln("[TCP] %s --> %s using GLOBAL", metadata.SourceDetail(), metadata.RemoteAddress())
-	case mode == Direct:
-		log.Infoln("[TCP] %s --> %s using DIRECT", metadata.SourceDetail(), metadata.RemoteAddress())
-	default:
-		log.Infoln(
-			"[TCP] %s --> %s doesn't match any rule using DIRECT",
-			metadata.SourceDetail(),
-			metadata.RemoteAddress(),
-		)
-	}
-
 	_ = conn.SetReadDeadline(time.Now()) // stop unfinished peek
 	peekMutex.Lock()
 	defer peekMutex.Unlock()
@@ -588,6 +534,33 @@ func handleTCPConn(connCtx C.ConnContext) {
 	handleSocket(conn, remoteConn)
 }
 
+func logMetadataErr(metadata *C.Metadata, rule C.Rule, proxy C.ProxyAdapter, err error) {
+	if rule == nil {
+		log.Warnln("[%s] dial %s %s --> %s error: %s", strings.ToUpper(metadata.NetWork.String()), proxy.Name(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
+	} else {
+		log.Warnln("[%s] dial %s (match %s/%s) %s --> %s error: %s", strings.ToUpper(metadata.NetWork.String()), proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.SourceDetail(), metadata.RemoteAddress(), err.Error())
+	}
+}
+
+func logMetadata(metadata *C.Metadata, rule C.Rule, remoteConn C.Connection) {
+	switch {
+	case metadata.SpecialProxy != "":
+		log.Infoln("[%s] %s --> %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), metadata.SpecialProxy)
+	case rule != nil:
+		if rule.Payload() != "" {
+			log.Infoln("[%s] %s --> %s match %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), fmt.Sprintf("%s(%s)", rule.RuleType().String(), rule.Payload()), remoteConn.Chains().String())
+		} else {
+			log.Infoln("[%s] %s --> %s match %s using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), rule.RuleType().String(), remoteConn.Chains().String())
+		}
+	case mode == Global:
+		log.Infoln("[%s] %s --> %s using GLOBAL", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress())
+	case mode == Direct:
+		log.Infoln("[%s] %s --> %s using DIRECT", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress())
+	default:
+		log.Infoln("[%s] %s --> %s doesn't match any rule using %s", strings.ToUpper(metadata.NetWork.String()), metadata.SourceDetail(), metadata.RemoteAddress(), remoteConn.Chains().Last())
+	}
+}
+
 func shouldResolveIP(rule C.Rule, metadata *C.Metadata) bool {
 	return rule.ShouldResolveIP() && metadata.Host != "" && !metadata.DstIP.IsValid()
 }