188 lines
6.4 KiB
Swift
188 lines
6.4 KiB
Swift
import Foundation
|
||
import Network
|
||
|
||
final class DNSLocalClient {
|
||
// 需要保存DNS请求的追踪信息
|
||
struct DNSTracker {
|
||
let transactionID: UInt16
|
||
let clientIP: UInt32 // 原始包的源 IP (大端序)
|
||
let clientPort: UInt16 // 原始包的源端口 (大端序)
|
||
let createdAt: Date // 用于超时清理
|
||
}
|
||
|
||
private var connections: [NWConnection] = []
|
||
|
||
// 准备多个公共 DNS
|
||
private let dnsServers = ["114.114.114.114", "223.5.5.5", "8.8.8.8"]
|
||
|
||
public let packetFlow: AsyncStream<Data>
|
||
private let packetContinuation: AsyncStream<Data>.Continuation
|
||
|
||
private let locker = NSLock()
|
||
private var trackers: [UInt16: [DNSTracker]] = [:]
|
||
|
||
init() {
|
||
let (stream, continuation) = AsyncStream.makeStream(of: Data.self, bufferingPolicy: .unbounded)
|
||
self.packetFlow = stream
|
||
self.packetContinuation = continuation
|
||
}
|
||
|
||
func start() {
|
||
for server in dnsServers {
|
||
let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(server), port: 53)
|
||
let parameters = NWParameters.udp
|
||
parameters.prohibitedInterfaceTypes = [.other]
|
||
|
||
let conn = NWConnection(to: endpoint, using: parameters)
|
||
|
||
conn.stateUpdateHandler = { [weak self] state in
|
||
switch state {
|
||
case .ready:
|
||
self?.receiveLoop(for: conn)
|
||
case .failed(let error):
|
||
SDLLogger.shared.log("[DNSLocalClient] failed with error: \(error.localizedDescription)")
|
||
self?.stop()
|
||
case .cancelled:
|
||
self?.packetContinuation.finish()
|
||
default:
|
||
()
|
||
}
|
||
}
|
||
conn.start(queue: .global())
|
||
|
||
connections.append(conn)
|
||
}
|
||
}
|
||
|
||
/// 并发查询:对所有服务器广播
|
||
func query(tracker: DNSTracker, dnsPayload: Data) {
|
||
locker.lock()
|
||
self.trackers[tracker.transactionID, default: []].append(tracker)
|
||
locker.unlock()
|
||
|
||
for conn in connections where conn.state == .ready {
|
||
conn.send(content: dnsPayload, completion: .contentProcessed({ _ in }))
|
||
}
|
||
}
|
||
|
||
private func receiveLoop(for conn: NWConnection) {
|
||
conn.receiveMessage { [weak self] content, _, _, error in
|
||
if let data = content {
|
||
// !!!核心:由于 AsyncStream 是流式的
|
||
// 谁先 yield,上层就先收到谁。
|
||
// 只要上层收到了第一个有效响应并回填给系统,
|
||
self?.handleResponse(data: data)
|
||
}
|
||
|
||
if error == nil && conn.state == .ready {
|
||
self?.receiveLoop(for: conn)
|
||
}
|
||
}
|
||
}
|
||
|
||
private func handleResponse(data: Data) {
|
||
guard data.count > 2 else {
|
||
return
|
||
}
|
||
|
||
let tranId = UInt16(data[0]) << 8 | UInt16(data[1])
|
||
|
||
locker.lock()
|
||
let items = self.trackers.removeValue(forKey: tranId)
|
||
locker.unlock()
|
||
|
||
items?.forEach { tracker in
|
||
let packet = Self.createDNSResponse(
|
||
payload: data,
|
||
srcIP: DNSHelper.dnsDestIpAddr,
|
||
srcPort: 53,
|
||
destIP: tracker.clientIP,
|
||
destPort: tracker.clientPort
|
||
)
|
||
self.packetContinuation.yield(packet)
|
||
}
|
||
}
|
||
|
||
func stop() {
|
||
connections.forEach { conn in
|
||
conn.cancel()
|
||
}
|
||
self.connections.removeAll()
|
||
}
|
||
|
||
}
|
||
|
||
extension DNSLocalClient {
|
||
/// 构造发回 TUN 的完整 UDP/IPv4 数据包
|
||
static func createDNSResponse(payload: Data, srcIP: UInt32, srcPort: UInt16, destIP: UInt32, destPort: UInt16) -> Data {
|
||
let udpLen = 8 + payload.count
|
||
let ipLen = 20 + udpLen
|
||
|
||
// --- 1. IPv4 Header (20 字节) ---
|
||
var ipHeader = Data(count: 20)
|
||
ipHeader[0] = 0x45 // Version 4, IHL 5
|
||
ipHeader[2...3] = withUnsafeBytes(of: UInt16(ipLen).bigEndian) { Data($0) }
|
||
ipHeader[8] = 64 // TTL
|
||
ipHeader[9] = 17 // Protocol UDP
|
||
|
||
// 填充 IP 地址
|
||
ipHeader[12...15] = withUnsafeBytes(of: srcIP.bigEndian) { Data($0) }
|
||
ipHeader[16...19] = withUnsafeBytes(of: destIP.bigEndian) { Data($0) }
|
||
|
||
// 计算 IP Checksum
|
||
let ipChecksum = calculateChecksum(data: ipHeader)
|
||
ipHeader[10...11] = withUnsafeBytes(of: ipChecksum.bigEndian) { Data($0) }
|
||
|
||
// --- 2. UDP Header (8 字节) ---
|
||
var udpHeader = Data(count: 8)
|
||
udpHeader[0...1] = withUnsafeBytes(of: srcPort.bigEndian) { Data($0) }
|
||
udpHeader[2...3] = withUnsafeBytes(of: destPort.bigEndian) { Data($0) }
|
||
udpHeader[4...5] = withUnsafeBytes(of: UInt16(udpLen).bigEndian) { Data($0) }
|
||
// UDP Checksum 在 IPv4 中可选,设为 0 可跳过计算(大部分系统接受)
|
||
udpHeader[6...7] = Data([0, 0])
|
||
|
||
// --- 3. 拼接 ---
|
||
var packet = Data(capacity: ipLen)
|
||
packet.append(ipHeader)
|
||
packet.append(udpHeader)
|
||
packet.append(payload)
|
||
|
||
return packet
|
||
}
|
||
|
||
/// 经典的 Internet Checksum 算法
|
||
static func calculateChecksum(data: Data) -> UInt16 {
|
||
var sum: UInt32 = 0
|
||
let count = data.count
|
||
|
||
data.withUnsafeBytes { (ptr: UnsafeRawBufferPointer) in
|
||
guard let baseAddress = ptr.baseAddress else { return }
|
||
|
||
// 1. 处理成对的 16-bit 单词
|
||
let wordCount = count / 2
|
||
let words = baseAddress.bindMemory(to: UInt16.self, capacity: wordCount)
|
||
|
||
for i in 0..<wordCount {
|
||
// 使用 bigEndian: words[i] 是正确的,但要确保不越界
|
||
sum += UInt32(UInt16(bigEndian: words[i]))
|
||
}
|
||
|
||
// 2. 关键修复:处理奇数长度的最后一个字节
|
||
if count % 2 != 0 {
|
||
// 获取最后一个字节,并左移 8 位(作为 16-bit 的高位)
|
||
let lastByte = ptr[count - 1]
|
||
sum += UInt32(lastByte) << 8
|
||
}
|
||
}
|
||
|
||
// 3. 将进位加回低 16 位
|
||
while (sum >> 16) != 0 {
|
||
sum = (sum & 0xffff) + (sum >> 16)
|
||
}
|
||
|
||
return UInt16(~sum & 0xffff)
|
||
}
|
||
|
||
|
||
}
|