diff --git a/essentials/addresses.go b/essentials/addresses.go new file mode 100644 index 000000000..7a91754d8 --- /dev/null +++ b/essentials/addresses.go @@ -0,0 +1,30 @@ +package essentials + +// TelegramCoreAddresses are publicly known addresses of Telegram core network. +var TelegramCoreAddresses = map[int][]string{ + 1: { + "149.154.175.50:443", + "[2001:b28:f23d:f001::a]:443", + }, + 2: { + "149.154.167.51:443", + "95.161.76.100:443", + "[2001:67c:04e8:f002::a]:443", + }, + 3: { + "149.154.175.100:443", + "[2001:b28:f23d:f003::a]:443", + }, + 4: { + "149.154.167.91:443", + "[2001:67c:04e8:f004::a]:443", + }, + 5: { + "149.154.171.5:443", + "[2001:b28:f23f:f005::a]:443", + }, + 203: { + "91.105.192.100:443", + "[2a0a:f280:0203:000a:5000:0000:0000:0100]:443", + }, +} diff --git a/go.mod b/go.mod index 481f739b1..c76e51c09 100644 --- a/go.mod +++ b/go.mod @@ -27,6 +27,7 @@ require ( ) require ( + github.com/beevik/ntp v1.5.0 github.com/ncruces/go-dns v1.3.2 github.com/pelletier/go-toml/v2 v2.2.4 github.com/pires/go-proxyproto v0.11.0 diff --git a/go.sum b/go.sum index aa3d0859b..d180039f1 100644 --- a/go.sum +++ b/go.sum @@ -12,6 +12,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0= github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg= +github.com/beevik/ntp v1.5.0 h1:y+uj/JjNwlY2JahivxYvtmv4ehfi3h74fAuABB9ZSM4= +github.com/beevik/ntp v1.5.0/go.mod h1:mJEhBrwT76w9D+IfOEGvuzyuudiW9E52U2BaTrMOYow= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= diff --git a/internal/cli/access.go b/internal/cli/access.go index 550babc8c..ec266e90a 100644 --- a/internal/cli/access.go +++ b/internal/cli/access.go @@ -1,22 +1,16 @@ package cli import ( - "context" "encoding/json" "fmt" - "io" "net" - "net/http" "net/url" "os" "strconv" - "strings" "sync" - "github.com/9seconds/mtg/v2/essentials" "github.com/9seconds/mtg/v2/internal/config" "github.com/9seconds/mtg/v2/internal/utils" - "github.com/9seconds/mtg/v2/mtglib" ) type accessResponse struct { @@ -65,7 +59,7 @@ func (a *Access) Run(cli *CLI, version string) error { wg.Go(func() { ip := a.PublicIPv4 if ip == nil { - ip = a.getIP(ntw, "tcp4") + ip = getIP(ntw, "tcp4") } if ip != nil { @@ -77,7 +71,7 @@ func (a *Access) Run(cli *CLI, version string) error { wg.Go(func() { ip := a.PublicIPv6 if ip == nil { - ip = a.getIP(ntw, "tcp6") + ip = getIP(ntw, "tcp6") } if ip != nil { @@ -100,45 +94,6 @@ func (a *Access) Run(cli *CLI, version string) error { return nil } -func (a *Access) getIP(ntw mtglib.Network, protocol string) net.IP { - dialer := ntw.NativeDialer() - client := ntw.MakeHTTPClient(func(ctx context.Context, network, address string) (essentials.Conn, error) { - conn, err := dialer.DialContext(ctx, protocol, address) - if err != nil { - return nil, err - } - return essentials.WrapNetConn(conn), err - }) - - req, err := http.NewRequest(http.MethodGet, "https://ifconfig.co", nil) //nolint: noctx - if err != nil { - panic(err) - } - - req.Header.Add("Accept", "text/plain") - - resp, err := client.Do(req) - if err != nil { - return nil - } - - if resp.StatusCode != http.StatusOK { - return nil - } - - defer func() { - io.Copy(io.Discard, resp.Body) //nolint: errcheck - resp.Body.Close() //nolint: errcheck - }() - - data, err := io.ReadAll(resp.Body) - if err != nil { - return nil - } - - return net.ParseIP(strings.TrimSpace(string(data))) -} - func (a *Access) makeURLs(conf *config.Config, ip net.IP) *accessResponseURLs { if ip == nil { return nil diff --git a/internal/cli/cli.go b/internal/cli/cli.go index f287ad8ff..ec25fac2d 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -4,6 +4,7 @@ import "github.com/alecthomas/kong" type CLI struct { GenerateSecret GenerateSecret `kong:"cmd,help='Generate new proxy secret'"` + Doctor Doctor `kong:"cmd,help='Check that proxy can run correctly'"` Access Access `kong:"cmd,help='Print access information.'"` Run Run `kong:"cmd,help='Run proxy.'"` SimpleRun SimpleRun `kong:"cmd,help='Run proxy without config file.'"` diff --git a/internal/cli/doctor.go b/internal/cli/doctor.go new file mode 100644 index 000000000..21ea0e12e --- /dev/null +++ b/internal/cli/doctor.go @@ -0,0 +1,368 @@ +package cli + +import ( + "context" + "errors" + "fmt" + "maps" + "net" + "os" + "slices" + "strconv" + "strings" + "text/template" + "time" + + "github.com/9seconds/mtg/v2/essentials" + "github.com/9seconds/mtg/v2/internal/config" + "github.com/9seconds/mtg/v2/internal/utils" + "github.com/9seconds/mtg/v2/mtglib" + "github.com/9seconds/mtg/v2/network/v2" + "github.com/beevik/ntp" +) + +var ( + tplError = template.Must( + template.New("").Parse(" ‼️ {{ .description }}: {{ .error }}\n"), + ) + + tplWDeprecatedConfig = template.Must( + template.New(""). + Parse(` ⚠️ Option {{ .old | printf "%q" }}{{ if .old_section }} from section [{{ .old_section }}]{{ end }} is deprecated and will be removed in v{{ .when }}. Please use {{ .new | printf "%q" }}{{ if .new_section }} in [{{ .new_section }}] section{{ end }} instead.` + "\n"), + ) + + tplOTimeSkewness = template.Must( + template.New(""). + Parse(" ✅ Time drift is {{ .drift }}, but tolerate-time-skewness is {{ .value }}\n"), + ) + tplWTimeSkewness = template.Must( + template.New(""). + Parse(" ⚠️ Time drift is {{ .drift }}, but tolerate-time-skewness is {{ .value }}. Please check ntp.\n"), + ) + tplETimeSkewness = template.Must( + template.New(""). + Parse(" ❌ Time drift is {{ .drift }}, but tolerate-time-skewness is {{ .value }}. You will get many rejected connections!\n"), + ) + + tplODCConnect = template.Must( + template.New("").Parse(" ✅ DC {{ .dc }}\n"), + ) + tplEDCConnect = template.Must( + template.New("").Parse(" ❌ DC {{ .dc }}: {{ .error }}\n"), + ) + + tplODNSSNIMatch = template.Must( + template.New("").Parse(" ✅ IP address {{ .ip }} matches secret hostname {{ .hostname }}\n"), + ) + tplEDNSSNIMatch = template.Must( + template.New("").Parse(" ❌ Hostname {{ .hostname }} {{ if .resolved }}is resolved to {{ .resolved }} addresses, not {{ if .ip4 }}{{ .ip4 }}{{ else }}{{ .ip6 }}{{ end }}{{ else }}cannot be resolved to any host{{ end }}\n"), + ) + + tplOFrontingDomain = template.Must( + template.New("").Parse(" ✅ {{ .address }} is reachable\n"), + ) + tplEFrontingDomain = template.Must( + template.New("").Parse(" ❌ {{ .address }}: {{ .error }}\n"), + ) +) + +type Doctor struct { + conf *config.Config + + ConfigPath string `kong:"arg,required,type='existingfile',help='Path to the configuration file.',name='config-path'"` //nolint: lll +} + +func (d *Doctor) Run(cli *CLI, version string) error { + conf, err := utils.ReadConfig(d.ConfigPath) + if err != nil { + return fmt.Errorf("cannot init config: %w", err) + } + + d.conf = conf + + fmt.Println("Deprecated options") + everythingOK := d.checkDeprecatedConfig() + + fmt.Println("Time skewness") + everythingOK = d.checkTimeSkewness() && everythingOK + + resolver, err := network.GetDNS(conf.GetDNS()) + if err != nil { + return fmt.Errorf("cannot create DNS resolver: %w", err) + } + + base := network.New( + resolver, + "", + conf.Network.Timeout.TCP.Get(10*time.Second), + conf.Network.Timeout.HTTP.Get(0), + conf.Network.Timeout.Idle.Get(0), + ) + + fmt.Println("Validate native network connectivity") + everythingOK = d.checkNetwork(base) && everythingOK + + for _, url := range conf.Network.Proxies { + value, err := network.NewProxyNetwork(base, url.Get(nil)) + if err != nil { + return err + } + + fmt.Printf("Validate network connectivity with proxy %s\n", url.Get(nil)) + everythingOK = d.checkNetwork(value) && everythingOK + } + + fmt.Println("Validate fronting domain connectivity") + everythingOK = d.checkFrontingDomain(base) && everythingOK + + fmt.Println("Validate SNI-DNS match") + everythingOK = d.checkSecretHost(resolver, base) && everythingOK + + if !everythingOK { + os.Exit(1) + } + + return nil +} + +func (d *Doctor) checkDeprecatedConfig() bool { + ok := true + + if d.conf.DomainFrontingIP.Value != nil { + ok = false + tplWDeprecatedConfig.Execute(os.Stdout, map[string]string{ //nolint: errcheck + "when": "2.3.0", + "old": "domain-fronting-ip", + "old_section": "", + "new": "ip", + "new_section": "domain-fronting", + }) + } + + if d.conf.DomainFrontingPort.Value != 0 { + ok = false + tplWDeprecatedConfig.Execute(os.Stdout, map[string]string{ //nolint: errcheck + "when": "2.3.0", + "old": "domain-fronting-port", + "old_section": "", + "new": "port", + "new_section": "domain-fronting", + }) + } + + if d.conf.DomainFrontingProxyProtocol.Value { + ok = false + tplWDeprecatedConfig.Execute(os.Stdout, map[string]string{ //nolint: errcheck + "when": "2.3.0", + "old": "domain-fronting-proxy-protocol", + "old_section": "", + "new": "proxy-protocol", + "new_section": "domain-fronting", + }) + } + + if d.conf.Network.DOHIP.Value != nil { + ok = false + tplWDeprecatedConfig.Execute(os.Stdout, map[string]string{ //nolint: errcheck + "when": "2.3.0", + "old": "doh-ip", + "old_section": "network", + "new": "dns", + "new_section": "network", + }) + } + + if ok { + fmt.Println(" ✅ All good") + } + + return ok +} + +func (d *Doctor) checkTimeSkewness() bool { + response, err := ntp.Query("0.pool.ntp.org") + if err != nil { + tplError.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "description": "cannot access ntp pool", + "error": err, + }) + return false + } + + skewness := response.ClockOffset.Abs() + confValue := d.conf.TolerateTimeSkewness.Get(mtglib.DefaultTolerateTimeSkewness) + diff := float64(skewness) / float64(confValue) + tplData := map[string]any{ + "drift": response.ClockOffset, + "value": confValue, + } + + switch { + case diff < 0.3: + tplOTimeSkewness.Execute(os.Stdout, tplData) //nolint: errcheck + return true + case diff < 0.7: + tplWTimeSkewness.Execute(os.Stdout, tplData) //nolint: errcheck + default: + tplETimeSkewness.Execute(os.Stdout, tplData) //nolint: errcheck + } + + return false +} + +func (d *Doctor) checkNetwork(ntw mtglib.Network) bool { + dcs := slices.Collect(maps.Keys(essentials.TelegramCoreAddresses)) + slices.Sort(dcs) + + ok := true + + for _, dc := range dcs { + err := d.checkNetworkAddresses(ntw, essentials.TelegramCoreAddresses[dc]) + if err == nil { + tplODCConnect.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "dc": dc, + }) + } else { + tplEDCConnect.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "dc": dc, + "error": err, + }) + ok = false + } + } + + return ok +} + +func (d *Doctor) checkNetworkAddresses(ntw mtglib.Network, addresses []string) error { + checkAddresses := []string{} + + switch d.conf.PreferIP.Get("prefer-ip4") { + case "only-ipv4": + for _, addr := range addresses { + host, _, err := net.SplitHostPort(addr) + if err != nil { + panic(err) + } + + if ip := net.ParseIP(host); ip != nil && ip.To4() != nil { + checkAddresses = append(checkAddresses, addr) + } + } + case "only-ipv6": + for _, addr := range addresses { + host, _, err := net.SplitHostPort(addr) + if err != nil { + panic(err) + } + + if ip := net.ParseIP(host); ip != nil && ip.To4() == nil { + checkAddresses = append(checkAddresses, addr) + } + } + default: + checkAddresses = addresses + } + + if len(checkAddresses) == 0 { + return fmt.Errorf("no suitable addresses after IP version filtering") + } + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + var ( + conn net.Conn + err error + ) + + for _, addr := range checkAddresses { + conn, err = ntw.DialContext(ctx, "tcp", addr) + if err != nil { + continue + } + + conn.Close() //nolint: errcheck + + return nil + } + + return err +} + +func (d *Doctor) checkFrontingDomain(ntw mtglib.Network) bool { + host := d.conf.Secret.Host + if ip := d.conf.GetDomainFrontingIP(nil); ip != "" { + host = ip + } + + port := d.conf.GetDomainFrontingPort(mtglib.DefaultDomainFrontingPort) + address := net.JoinHostPort(host, strconv.Itoa(int(port))) + + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + dialer := ntw.NativeDialer() + + conn, err := dialer.DialContext(ctx, "tcp", address) + if err != nil { + tplEFrontingDomain.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "address": address, + "error": err, + }) + return false + } + + conn.Close() //nolint: errcheck + + tplOFrontingDomain.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "address": address, + }) + + return true +} + +func (d *Doctor) checkSecretHost(resolver *net.Resolver, ntw mtglib.Network) bool { + addresses, err := resolver.LookupIPAddr(context.Background(), d.conf.Secret.Host) + if err != nil { + tplError.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "description": fmt.Sprintf("cannot resolve DNS name of %s", d.conf.Secret.Host), + "error": err, + }) + return false + } + + ourIP4 := getIP(ntw, "tcp4") + ourIP6 := getIP(ntw, "tcp6") + + if ourIP4 == nil && ourIP6 == nil { + tplError.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "description": "cannot detect public IP address", + "error": errors.New("ifconfig.co is unreachable for both IPv4 and IPv6"), + }) + return false + } + + strAddresses := []string{} + for _, value := range addresses { + if (ourIP4 != nil && value.IP.String() == ourIP4.String()) || + (ourIP6 != nil && value.IP.String() == ourIP6.String()) { + tplODNSSNIMatch.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "ip": value.IP, + "hostname": d.conf.Secret.Host, + }) + return true + } + + strAddresses = append(strAddresses, `"`+value.IP.String()+`"`) + } + + tplEDNSSNIMatch.Execute(os.Stdout, map[string]any{ //nolint: errcheck + "hostname": d.conf.Secret.Host, + "resolved": strings.Join(strAddresses, ", "), + "ip4": ourIP4, + "ip6": ourIP6, + }) + + return false +} diff --git a/internal/cli/utils.go b/internal/cli/utils.go new file mode 100644 index 000000000..db8af549b --- /dev/null +++ b/internal/cli/utils.go @@ -0,0 +1,51 @@ +package cli + +import ( + "context" + "io" + "net" + "net/http" + "strings" + + "github.com/9seconds/mtg/v2/essentials" + "github.com/9seconds/mtg/v2/mtglib" +) + +func getIP(ntw mtglib.Network, protocol string) net.IP { + dialer := ntw.NativeDialer() + client := ntw.MakeHTTPClient(func(ctx context.Context, network, address string) (essentials.Conn, error) { + conn, err := dialer.DialContext(ctx, protocol, address) + if err != nil { + return nil, err + } + return essentials.WrapNetConn(conn), err + }) + + req, err := http.NewRequest(http.MethodGet, "https://ifconfig.co", nil) //nolint: noctx + if err != nil { + panic(err) + } + + req.Header.Add("Accept", "text/plain") + + resp, err := client.Do(req) + if err != nil { + return nil + } + + if resp.StatusCode != http.StatusOK { + return nil + } + + defer func() { + io.Copy(io.Discard, resp.Body) //nolint: errcheck + resp.Body.Close() //nolint: errcheck + }() + + data, err := io.ReadAll(resp.Body) + if err != nil { + return nil + } + + return net.ParseIP(strings.TrimSpace(string(data))) +} diff --git a/mtg-linux b/mtg-linux new file mode 100755 index 000000000..6c3e66d03 Binary files /dev/null and b/mtg-linux differ diff --git a/mtglib/internal/dc/init.go b/mtglib/internal/dc/init.go index 1af0545cb..f7db83f88 100644 --- a/mtglib/internal/dc/init.go +++ b/mtglib/internal/dc/init.go @@ -2,7 +2,10 @@ package dc import ( "context" + "net" "time" + + "github.com/9seconds/mtg/v2/essentials" ) type preferIP uint8 @@ -39,46 +42,36 @@ type Updater interface { } // https://github.com/telegramdesktop/tdesktop/blob/master/Telegram/SourceFiles/mtproto/mtproto_dc_options.cpp#L30 -var defaultDCAddrSet = dcAddrSet{ - v4: map[int][]Addr{ - 1: { - {Network: "tcp4", Address: "149.154.175.50:443"}, - }, - 2: { - {Network: "tcp4", Address: "149.154.167.51:443"}, - {Network: "tcp4", Address: "95.161.76.100:443"}, - }, - 3: { - {Network: "tcp4", Address: "149.154.175.100:443"}, - }, - 4: { - {Network: "tcp4", Address: "149.154.167.91:443"}, - }, - 5: { - {Network: "tcp4", Address: "149.154.171.5:443"}, - }, - 203: { - {Network: "tcp4", Address: "91.105.192.100:443"}, - }, - }, - v6: map[int][]Addr{ - 1: { - {Network: "tcp6", Address: "[2001:b28:f23d:f001::a]:443"}, - }, - 2: { - {Network: "tcp6", Address: "[2001:67c:04e8:f002::a]:443"}, - }, - 3: { - {Network: "tcp6", Address: "[2001:b28:f23d:f003::a]:443"}, - }, - 4: { - {Network: "tcp6", Address: "[2001:67c:04e8:f004::a]:443"}, - }, - 5: { - {Network: "tcp6", Address: "[2001:b28:f23f:f005::a]:443"}, - }, - 203: { - {Network: "tcp6", Address: "[2a0a:f280:0203:000a:5000:0000:0000:0100]:443"}, - }, - }, -} +var defaultDCAddrSet = (func() dcAddrSet { + addrSet := dcAddrSet{ + v4: make(map[int][]Addr), + v6: make(map[int][]Addr), + } + + for dcid, ips := range essentials.TelegramCoreAddresses { + for _, addr := range ips { + host, _, err := net.SplitHostPort(addr) + if err != nil { + panic(err) + } + + ip := net.ParseIP(host) + if ip == nil { + panic(addr) + } + if ip.To4() == nil { + addrSet.v6[dcid] = append(addrSet.v6[dcid], Addr{ + Network: "tcp6", + Address: addr, + }) + } else { + addrSet.v4[dcid] = append(addrSet.v4[dcid], Addr{ + Network: "tcp4", + Address: addr, + }) + } + } + } + + return addrSet +})() diff --git a/run_profile.go b/run_profile.go index 06b7ab81a..c6e5e74a6 100644 --- a/run_profile.go +++ b/run_profile.go @@ -3,5 +3,4 @@ package main func runProfile() { - }