Routing config: Add processName (#5489)

2026-01-12 21:57:15 +08:00 · 2026-01-05 09:12:13 +08:00
parent e7c72c011f
commit 7265b5ac3f
9 changed files with 614 additions and 77 deletions
--- a/common/net/find_process_linux.go
+++ b/common/net/find_process_linux.go
@@ -0,0 +1,178 @@
+//go:build linux
+
+package net
+
+import (
+	"bufio"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/xtls/xray-core/common/errors"
+)
+
+func FindProcess(dest Destination) (int, string, error) {
+	isLocal, err := IsLocal(dest.Address.IP())
+	if err != nil {
+		return 0, "", errors.New("failed to determine if address is local: ", err)
+	}
+	if !isLocal {
+		return 0, "", ErrNotLocal
+	}
+	if dest.Network != Network_TCP && dest.Network != Network_UDP {
+		panic("Unsupported network type for process lookup.")
+	}
+	// the core should never has a domain as source(?
+	if dest.Address.Family() == AddressFamilyDomain {
+		panic("Domain addresses are not supported for process lookup.")
+	}
+	var procFile string
+
+	switch dest.Network {
+	case Network_TCP:
+		if dest.Address.Family() == AddressFamilyIPv4 {
+			procFile = "/proc/net/tcp"
+		}
+		if dest.Address.Family() == AddressFamilyIPv6 {
+			procFile = "/proc/net/tcp6"
+		}
+	case Network_UDP:
+		if dest.Address.Family() == AddressFamilyIPv4 {
+			procFile = "/proc/net/udp"
+		}
+		if dest.Address.Family() == AddressFamilyIPv6 {
+			procFile = "/proc/net/udp6"
+		}
+	default:
+		panic("Unsupported network type for process lookup.")
+	}
+
+	targetHexAddr, err := formatLittleEndianString(dest.Address, dest.Port)
+	if err != nil {
+		return 0, "", errors.New("failed to format address: ", err)
+	}
+
+	inode, err := findInodeInFile(procFile, targetHexAddr)
+	if err != nil {
+		return 0, "", errors.New("could not search in ", procFile).Base(err)
+	}
+	if inode == "" {
+		return 0, "", errors.New("connection for ", dest.Address, ":", dest.Port, " not found in ", procFile)
+	}
+
+	pidStr, err := findPidByInode(inode)
+	if err != nil {
+		return 0, "", errors.New("could not find PID for inode ", inode, ": ", err)
+	}
+	if pidStr == "" {
+		return 0, "", errors.New("no process found for inode ", inode)
+	}
+
+	procName, err := getProcessName(pidStr)
+	if err != nil {
+		return 0, "", fmt.Errorf("could not get process name for PID %s: %w", pidStr, err)
+	}
+
+	pid, err := strconv.Atoi(pidStr)
+	if err != nil {
+		return 0, "", errors.New("failed to parse PID: ", err)
+	}
+
+	return pid, procName, nil
+}
+
+func formatLittleEndianString(addr Address, port Port) (string, error) {
+	ip := addr.IP()
+	var ipBytes []byte
+	if addr.Family() == AddressFamilyIPv4 {
+		ipBytes = ip.To4()
+	} else {
+		ipBytes = ip.To16()
+	}
+	if ipBytes == nil {
+		return "", errors.New("invalid IP format for ", addr.Family(), ": ", ip)
+	}
+
+	for i, j := 0, len(ipBytes)-1; i < j; i, j = i+1, j-1 {
+		ipBytes[i], ipBytes[j] = ipBytes[j], ipBytes[i]
+	}
+	portHex := fmt.Sprintf("%04X", uint16(port))
+	ipHex := strings.ToUpper(hex.EncodeToString(ipBytes))
+	return fmt.Sprintf("%s:%s", ipHex, portHex), nil
+}
+
+func findInodeInFile(filePath, targetHexAddr string) (string, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+
+	for scanner.Scan() {
+		line := scanner.Text()
+		fields := strings.Fields(line)
+
+		if len(fields) < 10 {
+			continue
+		}
+
+		localAddress := fields[1]
+		if localAddress == targetHexAddr {
+			inode := fields[9]
+			return inode, nil
+		}
+	}
+
+	return "", scanner.Err()
+}
+
+func findPidByInode(inode string) (string, error) {
+	procDir, err := os.ReadDir("/proc")
+	if err != nil {
+		return "", err
+	}
+
+	targetLink := "socket:[" + inode + "]"
+
+	for _, entry := range procDir {
+		if !entry.IsDir() {
+			continue
+		}
+		pid := entry.Name()
+		if _, err := strconv.Atoi(pid); err != nil {
+			continue
+		}
+
+		fdPath := fmt.Sprintf("/proc/%s/fd", pid)
+		fdDir, err := os.ReadDir(fdPath)
+		if err != nil {
+			continue
+		}
+
+		for _, fdEntry := range fdDir {
+			linkPath := fmt.Sprintf("%s/%s", fdPath, fdEntry.Name())
+			linkTarget, err := os.Readlink(linkPath)
+			if err != nil {
+				continue
+			}
+			if linkTarget == targetLink {
+				return pid, nil
+			}
+		}
+	}
+	return "", nil
+}
+
+func getProcessName(pid string) (string, error) {
+	path := fmt.Sprintf("/proc/%s/comm", pid)
+	content, err := os.ReadFile(path)
+	if err != nil {
+		return "", err
+	}
+	// remove trailing \n
+	return strings.TrimSpace(string(content)), nil
+}
--- a/common/net/find_process_others.go
+++ b/common/net/find_process_others.go
@@ -0,0 +1,11 @@
+//go:build !windows && !linux
+
+package net
+
+import (
+	"github.com/xtls/xray-core/common/errors"
+)
+
+func FindProcess(dest Destination) (int, string, error) {
+	return 0, "", errors.New("process lookup is not supported on this platform")
+}
--- a/common/net/find_process_windows.go
+++ b/common/net/find_process_windows.go
@@ -0,0 +1,243 @@
+//go:build windows
+
+package net
+
+import (
+	"net/netip"
+	"strings"
+	"sync"
+	"syscall"
+	"unsafe"
+
+	"golang.org/x/sys/windows"
+
+	"github.com/xtls/xray-core/common/errors"
+)
+
+const (
+	tcpTableFunc    = "GetExtendedTcpTable"
+	tcpTablePidConn = 4
+	udpTableFunc    = "GetExtendedUdpTable"
+	udpTablePid     = 1
+)
+
+var (
+	getExTCPTable uintptr
+	getExUDPTable uintptr
+
+	once    sync.Once
+	initErr error
+)
+
+func initWin32API() error {
+	h, err := windows.LoadLibrary("iphlpapi.dll")
+	if err != nil {
+		return errors.New("LoadLibrary iphlpapi.dll failed").Base(err)
+	}
+
+	getExTCPTable, err = windows.GetProcAddress(h, tcpTableFunc)
+	if err != nil {
+		return errors.New("GetProcAddress of ", tcpTableFunc, " failed").Base(err)
+	}
+
+	getExUDPTable, err = windows.GetProcAddress(h, udpTableFunc)
+	if err != nil {
+		return errors.New("GetProcAddress of ", udpTableFunc, " failed").Base(err)
+	}
+
+	return nil
+}
+
+func FindProcess(dest Destination) (int, string, error) {
+	once.Do(func() {
+		initErr = initWin32API()
+	})
+	if initErr != nil {
+		return 0, "", initErr
+	}
+	isLocal, err := IsLocal(dest.Address.IP())
+	if err != nil {
+		return 0, "", errors.New("failed to determine if address is local: ", err)
+	}
+	if !isLocal {
+		return 0, "", ErrNotLocal
+	}
+	if dest.Network != Network_TCP && dest.Network != Network_UDP {
+		panic("Unsupported network type for process lookup.")
+	}
+	// the core should never has a domain as source(?
+	if dest.Address.Family() == AddressFamilyDomain {
+		panic("Domain addresses are not supported for process lookup.")
+	}
+	var class int
+	var fn uintptr
+	switch dest.Network {
+	case Network_TCP:
+		fn = getExTCPTable
+		class = tcpTablePidConn
+	case Network_UDP:
+		fn = getExUDPTable
+		class = udpTablePid
+	default:
+		panic("Unsupported network type for process lookup.")
+	}
+	ip := dest.Address.IP()
+	port := int(dest.Port)
+
+	addr, ok := netip.AddrFromSlice(ip)
+	if !ok {
+		return 0, "", errors.New("invalid IP address")
+	}
+	addr = addr.Unmap()
+
+	family := windows.AF_INET
+	if addr.Is6() {
+		family = windows.AF_INET6
+	}
+
+	buf, err := getTransportTable(fn, family, class)
+	if err != nil {
+		return 0, "", err
+	}
+
+	s := newSearcher(dest.Network, dest.Address.Family())
+
+	pid, err := s.Search(buf, addr, uint16(port))
+	if err != nil {
+		return 0, "", err
+	}
+	name, err := getExecPathFromPID(pid)
+	// drop .exe
+	name = strings.TrimSuffix(name, ".exe")
+	return int(pid), name, err
+}
+
+type searcher struct {
+	itemSize int
+	port     int
+	ip       int
+	ipSize   int
+	pid      int
+	tcpState int
+}
+
+func (s *searcher) Search(b []byte, ip netip.Addr, port uint16) (uint32, error) {
+	n := int(readNativeUint32(b[:4]))
+	itemSize := s.itemSize
+	for i := range n {
+		row := b[4+itemSize*i : 4+itemSize*(i+1)]
+
+		if s.tcpState >= 0 {
+			tcpState := readNativeUint32(row[s.tcpState : s.tcpState+4])
+			// MIB_TCP_STATE_ESTAB, only check established connections for TCP
+			if tcpState != 5 {
+				continue
+			}
+		}
+
+		// according to MSDN, only the lower 16 bits of dwLocalPort are used and the port number is in network endian.
+		// this field can be illustrated as follows depends on different machine endianess:
+		//     little endian: [ MSB LSB  0   0  ]   interpret as native uint32 is ((LSB<<8)|MSB)
+		//       big  endian: [  0   0  MSB LSB ]   interpret as native uint32 is ((MSB<<8)|LSB)
+		// so we need an syscall.Ntohs on the lower 16 bits after read the port as native uint32
+		srcPort := syscall.Ntohs(uint16(readNativeUint32(row[s.port : s.port+4])))
+		if srcPort != port {
+			continue
+		}
+
+		srcIP, _ := netip.AddrFromSlice(row[s.ip : s.ip+s.ipSize])
+		srcIP = srcIP.Unmap()
+		// windows binds an unbound udp socket to 0.0.0.0/[::] while first sendto
+		if ip != srcIP && (!srcIP.IsUnspecified() || s.tcpState != -1) {
+			continue
+		}
+
+		pid := readNativeUint32(row[s.pid : s.pid+4])
+		return pid, nil
+	}
+	return 0, errors.New("not found")
+}
+
+func newSearcher(network Network, family AddressFamily) *searcher {
+	var itemSize, port, ip, ipSize, pid int
+	tcpState := -1
+	switch network {
+	case Network_TCP:
+		if family == AddressFamilyIPv4 {
+			// struct MIB_TCPROW_OWNER_PID
+			itemSize, port, ip, ipSize, pid, tcpState = 24, 8, 4, 4, 20, 0
+		}
+		if family == AddressFamilyIPv6 {
+			// struct MIB_TCP6ROW_OWNER_PID
+			itemSize, port, ip, ipSize, pid, tcpState = 56, 20, 0, 16, 52, 48
+		}
+	case Network_UDP:
+		if family == AddressFamilyIPv4 {
+			// struct MIB_UDPROW_OWNER_PID
+			itemSize, port, ip, ipSize, pid = 12, 4, 0, 4, 8
+		}
+		if family == AddressFamilyIPv6 {
+			// struct MIB_UDP6ROW_OWNER_PID
+			itemSize, port, ip, ipSize, pid = 28, 20, 0, 16, 24
+		}
+	}
+
+	return &searcher{
+		itemSize: itemSize,
+		port:     port,
+		ip:       ip,
+		ipSize:   ipSize,
+		pid:      pid,
+		tcpState: tcpState,
+	}
+}
+
+func getTransportTable(fn uintptr, family int, class int) ([]byte, error) {
+	for size, buf := uint32(8), make([]byte, 8); ; {
+		ptr := unsafe.Pointer(&buf[0])
+		err, _, _ := syscall.Syscall6(fn, 6, uintptr(ptr), uintptr(unsafe.Pointer(&size)), 0, uintptr(family), uintptr(class), 0)
+
+		switch err {
+		case 0:
+			return buf, nil
+		case uintptr(syscall.ERROR_INSUFFICIENT_BUFFER):
+			buf = make([]byte, size)
+		default:
+			return nil, errors.New("syscall error: ", int(err))
+		}
+	}
+}
+
+func readNativeUint32(b []byte) uint32 {
+	return *(*uint32)(unsafe.Pointer(&b[0]))
+}
+
+func getExecPathFromPID(pid uint32) (string, error) {
+	// kernel process starts with a colon in order to distinguish with normal processes
+	switch pid {
+	case 0:
+		// reserved pid for system idle process
+		return ":System Idle Process", nil
+	case 4:
+		// reserved pid for windows kernel image
+		return ":System", nil
+	}
+	h, err := windows.OpenProcess(windows.PROCESS_QUERY_LIMITED_INFORMATION, false, pid)
+	if err != nil {
+		return "", err
+	}
+	defer windows.CloseHandle(h)
+
+	buf := make([]uint16, syscall.MAX_LONG_PATH)
+	size := uint32(len(buf))
+	err = windows.QueryFullProcessImageName(h, 0, &buf[0], &size)
+	if err != nil {
+		return "", err
+	}
+	// full path will like: C:\Windows\System32\curl.exe
+	// we only need the executable name
+	fullPathName := syscall.UTF16ToString(buf[:size])
+	nameSplit := strings.Split(fullPathName, "\\")
+	name := nameSplit[len(nameSplit)-1]
+	return name, nil
+}
--- a/common/net/net.go
+++ b/common/net/net.go
@@ -1,7 +1,13 @@
 // Package net is a drop-in replacement to Golang's net package, with some more functionalities.
 package net // import "github.com/xtls/xray-core/common/net"

-import "time"
+import (
+	"net"
+	"sync/atomic"
+	"time"
+
+	"github.com/xtls/xray-core/common/errors"
+)

 // defines the maximum time an idle TCP session can survive in the tunnel, so
 // it should be consistent across HTTP versions and with other transports.
@@ -12,3 +18,37 @@ const QuicgoH3KeepAlivePeriod = 10 * time.Second

 // consistent with chrome
 const ChromeH2KeepAlivePeriod = 45 * time.Second
+
+var ErrNotLocal = errors.New("the source address is not from local machine.")
+
+type localIPCahceEntry struct {
+	addrs      []net.Addr
+	lastUpdate time.Time
+}
+
+var localIPCahce = atomic.Pointer[localIPCahceEntry]{}
+
+func IsLocal(ip net.IP) (bool, error) {
+	var addrs []net.Addr
+	if entry := localIPCahce.Load(); entry == nil || time.Since(entry.lastUpdate) > time.Minute {
+		var err error
+		addrs, err = net.InterfaceAddrs()
+		if err != nil {
+			return false, err
+		}
+		localIPCahce.Store(&localIPCahceEntry{
+			addrs:      addrs,
+			lastUpdate: time.Now(),
+		})
+	} else {
+		addrs = entry.addrs
+	}
+	for _, addr := range addrs {
+		if ipnet, ok := addr.(*net.IPNet); ok {
+			if ipnet.IP.Equal(ip) {
+				return true, nil
+			}
+		}
+	}
+	return false, nil
+}