admin/leaf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix build

Browse Source
This commit is contained in:
eric
2026-02-05 16:05:47 +08:00
parent 016a7fa9bc
commit 02e2cad1a7
8 changed files with 99 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
leaf/Cargo.toml
View File

@@ -20,6 +20,7 @@ default-ring = [
"ring-aead",
"rustls-tls",
"rustls-tls-ring",
"quinn-ring",
"api",
]
@@ -29,6 +30,7 @@ default-aws-lc = [
"aws-lc-aead",
"rustls-tls",
"rustls-tls-aws-lc",
"quinn-aws-lc",
"api",
]
@@ -37,10 +39,14 @@ default-openssl = [
"all-endpoints",
"openssl-aead",
"openssl-tls",
"quinn-ring",
]
rustls-tls-aws-lc = ["tokio-rustls/aws_lc_rs"]
rustls-tls-ring = ["tokio-rustls/ring"]
rustls-tls-aws-lc = ["tokio-rustls/aws_lc_rs", "rustls/aws_lc_rs"]
rustls-tls-ring = ["tokio-rustls/ring", "rustls/ring"]
quinn-ring = ["quinn/rustls-ring", "quinn/runtime-tokio"]
quinn-aws-lc = ["quinn/rustls-aws-lc-rs", "quinn/runtime-tokio"]
# Grouping all features
all-configs = [
@@ -112,7 +118,7 @@ outbound-static= []
outbound-tryall = []
outbound-chain = []
outbound-amux= ["tokio-util"]
outbound-quic = ["quinn", "rustls", "webpki-roots-old", "rustls-pemfile-old"]
outbound-quic = ["rustls", "webpki-roots-old", "rustls-pemfile-old"]
outbound-select = ["directories", "axum/query"]
outbound-vmess = ["lz_fnv", "cfb-mode", "hmac", "aes", "sha3", "digest", "uuid", "md-5", "tokio-util", "byteorder"]
@@ -125,7 +131,7 @@ inbound-hc = []
inbound-tun = ["tun", "netstack-lwip", "pnet_datalink"]
inbound-ws = ["tungstenite", "tokio-tungstenite", "url", "http"]
inbound-amux = ["tokio-util"]
inbound-quic = ["quinn", "rustls", "rustls-pemfile-old"]
inbound-quic = ["rustls", "rustls-pemfile-old"]
inbound-tls = []
inbound-chain = []
inbound-cat = ["tokio/io-std"]
@@ -241,8 +247,8 @@ lru_time_cache = { version = "0.11", optional = true }
tokio-util = { version = "0.7", default-features = false, features = ["io"], optional = true }
# QUIC
quinn = { version = "0.11", default-features = false, features = ["rustls", "runtime-tokio"], optional = true }
rustls = { version = "0.23", optional = true }
quinn = { version = "0.11", default-features = false, optional = true }
rustls = { version = "0.23", default-features = false, features = ["std"], optional = true }
# API
axum = { version = "0.7", default-features = false, features = ["http1", "tokio", "json"], optional = true }

11
leaf/src/config/common.rs
View File

@@ -543,6 +543,17 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
}
inbounds.push(inbound);
}
#[cfg(not(any(
target_os = "ios",
target_os = "android",
target_os = "macos",
target_os = "linux"
)))]
InboundSettings::Tun { .. } => {
return Err(anyhow::anyhow!(
"tun inbound is not supported on this platform"
));
}
InboundSettings::Cat {
settings: ext_settings,
} => {

5
leaf/src/proxy/mod.rs
View File

@@ -20,10 +20,7 @@ use std::os::unix::io::{AsFd, AsRawFd};
#[cfg(windows)]
use std::os::windows::io::{AsRawSocket, AsSocket};
#[cfg(target_os = "android")]
use {
std::os::unix::io::RawFd, tokio::io::AsyncReadExt, tokio::io::AsyncWriteExt,
tokio::net::UnixStream, tracing::trace,
};
use {std::os::unix::io::RawFd, tokio::io::AsyncWriteExt, tokio::net::UnixStream, tracing::trace};
use crate::{
app::SyncDnsClient,

27
leaf/src/proxy/quic/inbound/datagram.rs
View File

@@ -47,7 +47,7 @@ fn quic_err<E>(error: E) -> io::Error
where
E: Into<Box<dyn std::error::Error + Send + Sync>>,
{
io::Error::new(io::ErrorKind::Other, error)
io::Error::other(error)
}
pub struct Handler {
@@ -60,9 +60,7 @@ impl Handler {
fs::read(&certificate).and_then(|x| Ok((x, fs::read(&certificate_key)?)))?;
let cert = match Path::new(&certificate).extension().map(|ext| ext.to_str()) {
Some(Some(ext)) if ext == "der" => {
vec![CertificateDer::from(cert)]
}
Some(Some("der")) => vec![CertificateDer::from(cert)],
_ => certs(&mut io::BufReader::new(&*cert)).collect::<Result<Vec<_>, _>>()?,
};
@@ -70,7 +68,7 @@ impl Handler {
.extension()
.map(|ext| ext.to_str())
{
Some(Some(ext)) if ext == "der" => PrivateKeyDer::Pkcs8(key.into()),
Some(Some("der")) => PrivateKeyDer::Pkcs8(key.into()),
_ => {
let pkcs8 = pkcs8_private_keys(&mut io::BufReader::new(&*key))
.collect::<Result<Vec<_>, _>>()?;
@@ -90,13 +88,16 @@ impl Handler {
}
};
let mut crypto = rustls::ServerConfig::builder_with_provider(
rustls::crypto::ring::default_provider().into(),
)
.with_safe_default_protocol_versions()
.unwrap()
.with_no_client_auth()
.with_single_cert(cert, key)?;
#[cfg(feature = "rustls-tls-aws-lc")]
let provider = rustls::crypto::aws_lc_rs::default_provider().into();
#[cfg(not(feature = "rustls-tls-aws-lc"))]
let provider = rustls::crypto::ring::default_provider().into();
let mut crypto = rustls::ServerConfig::builder_with_provider(provider)
.with_safe_default_protocol_versions()
.unwrap()
.with_no_client_auth()
.with_single_cert(cert, key)?;
for alpn in alpns {
crypto.alpn_protocols.push(alpn.as_bytes().to_vec());
}
@@ -132,7 +133,7 @@ async fn handle_conn(
if stream_tx.capacity() == 0 {
warn!("QUIC accept channel full");
}
let _ = stream_tx.send((remote_addr.clone(), s)).await;
let _ = stream_tx.send((*remote_addr, s)).await;
}
}

17
leaf/src/proxy/quic/outbound/stream.rs
View File

@@ -65,13 +65,16 @@ impl Manager {
roots.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
}
let mut client_crypto = rustls::ClientConfig::builder_with_provider(
rustls::crypto::ring::default_provider().into(),
)
.with_safe_default_protocol_versions()
.unwrap()
.with_root_certificates(roots)
.with_no_client_auth();
#[cfg(feature = "rustls-tls-aws-lc")]
let provider = rustls::crypto::aws_lc_rs::default_provider().into();
#[cfg(not(feature = "rustls-tls-aws-lc"))]
let provider = rustls::crypto::ring::default_provider().into();
let mut client_crypto = rustls::ClientConfig::builder_with_provider(provider)
.with_safe_default_protocol_versions()
.unwrap()
.with_root_certificates(roots)
.with_no_client_auth();
for alpn in alpns {
client_crypto.alpn_protocols.push(alpn.as_bytes().to_vec());
}

25
leaf/src/proxy/tls/inbound/stream.rs
View File

@@ -51,16 +51,19 @@ impl Handler {
{
let certs = load_certs(Path::new(&certificate))?;
let mut keys = load_keys(Path::new(&certificate_key))?;
let config = ServerConfig::builder_with_provider(
rustls::crypto::ring::default_provider().into(),
)
.with_safe_default_protocol_versions()
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?
.with_no_client_auth()
.with_single_cert(certs, keys.remove(0))
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
#[cfg(feature = "rustls-tls-aws-lc")]
let provider = rustls::crypto::aws_lc_rs::default_provider().into();
#[cfg(not(feature = "rustls-tls-aws-lc"))]
let provider = rustls::crypto::ring::default_provider().into();
let config = ServerConfig::builder_with_provider(provider)
.with_safe_default_protocol_versions()
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?
.with_no_client_auth()
.with_single_cert(certs, keys.remove(0))
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
let acceptor = TlsAcceptor::from(Arc::new(config));
return Ok(Self { acceptor });
Ok(Self { acceptor })
}
#[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]
unimplemented!();
@@ -78,10 +81,10 @@ impl InboundStreamHandler for Handler {
) -> std::io::Result<AnyInboundTransport> {
#[cfg(feature = "rustls-tls")]
{
return Ok(InboundTransport::Stream(
Ok(InboundTransport::Stream(
Box::new(self.acceptor.accept(stream).await?),
sess,
));
))
}
#[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))]

13
leaf/src/proxy/tls/outbound/stream.rs
View File

@@ -129,11 +129,14 @@ impl Handler {
} else {
roots.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
}
let builder = ClientConfig::builder_with_provider(
rustls::crypto::ring::default_provider().into(),
)
.with_safe_default_protocol_versions()
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
#[cfg(feature = "rustls-tls-aws-lc")]
let provider = rustls::crypto::aws_lc_rs::default_provider().into();
#[cfg(not(feature = "rustls-tls-aws-lc"))]
let provider = rustls::crypto::ring::default_provider().into();
let builder = ClientConfig::builder_with_provider(provider)
.with_safe_default_protocol_versions()
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
let mut config = if insecure {
builder

30
scripts/build_android.sh
View File

@@ -28,13 +28,41 @@ HOST_OS=`uname -s | tr "[:upper:]" "[:lower:]"`
# HOST_ARCH=`uname -m | tr "[:upper:]" "[:lower:]"`
HOST_ARCH=x86_64
if [ -z "${NDK_HOME}" ]; then
echo "NDK_HOME is not set" >&2
exit 1
fi
if [ ! -d "${NDK_HOME}" ]; then
echo "NDK_HOME does not exist: ${NDK_HOME}" >&2
exit 1
fi
if [ ! -d "${NDK_HOME}/toolchains/llvm/prebuilt/${HOST_OS}-${HOST_ARCH}/bin" ]; then
HOST_ARCH=`uname -m | tr "[:upper:]" "[:lower:]"`
if [ ! -d "${NDK_HOME}/toolchains/llvm/prebuilt/${HOST_OS}-${HOST_ARCH}/bin" ]; then
echo "NDK toolchain not found under: ${NDK_HOME}/toolchains/llvm/prebuilt/${HOST_OS}-${HOST_ARCH}/bin" >&2
exit 1
fi
fi
export PATH="$NDK_HOME/toolchains/llvm/prebuilt/$HOST_OS-$HOST_ARCH/bin/":$PATH
android_tools="$NDK_HOME/toolchains/llvm/prebuilt/$HOST_OS-$HOST_ARCH/bin"
api=21
export ANDROID_NDK_ROOT="$NDK_HOME"
export ANDROID_NDK="$NDK_HOME"
export ANDROID_NDK_HOME="$NDK_HOME"
export CMAKE_GENERATOR=Ninja
# See also: https://github.com/briansmith/ring/blob/main/mk/cargo.sh
profile=release
if [ -z "$mode" ]; then
profile=debug
fi
for target in $targets; do
case $target in
'armv7-linux-androideabi')
@@ -68,7 +96,7 @@ android_libs=$BASE/../target/leaf-android-libs
mkdir -p $android_libs
for target in $targets; do
mv $BASE/../target/$target/release/libleaf.so $android_libs/libleaf-$target.so
mv $BASE/../target/$target/$profile/libleaf.so $android_libs/libleaf-$target.so
done
cbindgen \
--config $BASE/../$package/cbindgen.toml \