func (this *SimpleAuthenticator) Open(buffer *alloc.Buffer) bool {
len := buffer.Len()
xtra := 4 - len%4
if xtra != 0 {
buffer.Slice(0, len+xtra)
}
xorbkd(buffer.Value)
if xtra != 0 {
buffer.Slice(0, len)
}
fnvHash := fnv.New32a()
fnvHash.Write(buffer.Value[4:])
if serial.BytesToUint32(buffer.Value[:4]) != fnvHash.Sum32() {
return false
}
length := serial.BytesToUint16(buffer.Value[4:6])
if buffer.Len()-6 != int(length) {
return false
}
buffer.SliceFrom(6)
return true
}
// Write implements Writer.Write(). Write() takes ownership of the given buffer.
func (this *AdaptiveWriter) Write(buffer *alloc.Buffer) error {
defer buffer.Release()
for !buffer.IsEmpty() {
nBytes, err := this.writer.Write(buffer.Value)
if err != nil {
return err
}
buffer.SliceFrom(nBytes)
}
return nil
}
func (this *Server) handlerUDPPayload(payload *alloc.Buffer, source v2net.Destination) {
defer payload.Release()
ivLen := this.config.Cipher.IVSize()
iv := payload.Value[:ivLen]
key := this.config.Key
payload.SliceFrom(ivLen)
stream, err := this.config.Cipher.NewDecodingStream(key, iv)
if err != nil {
log.Error("Shadowsocks: Failed to create decoding stream: ", err)
return
}
reader := crypto.NewCryptionReader(stream, payload)
request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)), true)
if err != nil {
if err != io.EOF {
log.Access(source, "", log.AccessRejected, err)
log.Warning("Shadowsocks: Invalid request from ", source, ": ", err)
}
return
}
//defer request.Release()
dest := v2net.UDPDestination(request.Address, request.Port)
log.Access(source, dest, log.AccessAccepted, "")
log.Info("Shadowsocks: Tunnelling request to ", dest)
this.udpServer.Dispatch(source, dest, request.DetachUDPPayload(), func(destination v2net.Destination, payload *alloc.Buffer) {
defer payload.Release()
response := alloc.NewBuffer().Slice(0, ivLen)
defer response.Release()
rand.Read(response.Value)
respIv := response.Value
stream, err := this.config.Cipher.NewEncodingStream(key, respIv)
if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return
}
writer := crypto.NewCryptionWriter(stream, response)
switch {
case request.Address.IsIPv4():
writer.Write([]byte{AddrTypeIPv4})
writer.Write(request.Address.IP())
case request.Address.IsIPv6():
writer.Write([]byte{AddrTypeIPv6})
writer.Write(request.Address.IP())
case request.Address.IsDomain():
writer.Write([]byte{AddrTypeDomain, byte(len(request.Address.Domain()))})
writer.Write([]byte(request.Address.Domain()))
}
writer.Write(request.Port.Bytes())
writer.Write(payload.Value)
if request.OTA {
respAuth := NewAuthenticator(HeaderKeyGenerator(key, respIv))
respAuth.Authenticate(response.Value, response.Value[ivLen:])
}
this.udpHub.WriteTo(response.Value, source)
})
}
func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, source v2net.Destination) {
defer payload.Release()
iv := payload.Value[:this.config.Cipher.IVSize()]
key := this.config.Key
payload.SliceFrom(this.config.Cipher.IVSize())
reader, err := this.config.Cipher.NewDecodingStream(key, iv, payload)
if err != nil {
log.Error("Shadowsocks: Failed to create decoding stream: ", err)
return
}
request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)), true)
if err != nil {
log.Access(source, serial.StringLiteral(""), log.AccessRejected, serial.StringLiteral(err.Error()))
log.Warning("Shadowsocks: Invalid request from ", source, ": ", err)
return
}
dest := v2net.UDPDestination(request.Address, request.Port)
log.Access(source, dest, log.AccessAccepted, serial.StringLiteral(""))
log.Info("Shadowsocks: Tunnelling request to ", dest)
packet := v2net.NewPacket(dest, request.UDPPayload, false)
this.udpServer.Dispatch(source, packet, func(packet v2net.Packet) {
defer packet.Chunk().Release()
response := alloc.NewBuffer().Slice(0, this.config.Cipher.IVSize())
defer response.Release()
rand.Read(response.Value)
respIv := response.Value
writer, err := this.config.Cipher.NewEncodingStream(key, respIv, response)
if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return
}
switch {
case request.Address.IsIPv4():
writer.Write([]byte{AddrTypeIPv4})
writer.Write(request.Address.IP())
case request.Address.IsIPv6():
writer.Write([]byte{AddrTypeIPv6})
writer.Write(request.Address.IP())
case request.Address.IsDomain():
writer.Write([]byte{AddrTypeDomain, byte(len(request.Address.Domain()))})
writer.Write([]byte(request.Address.Domain()))
}
writer.Write(request.Port.Bytes())
writer.Write(packet.Chunk().Value)
if request.OTA {
respAuth := NewAuthenticator(HeaderKeyGenerator(key, respIv))
respAuth.Authenticate(response.Value, response.Value[this.config.Cipher.IVSize():])
}
this.udpHub.WriteTo(response.Value, source)
})
}
func (this *AuthChunkReader) Read() (*alloc.Buffer, error) {
var buffer *alloc.Buffer
if this.last != nil {
buffer = this.last
this.last = nil
} else {
buffer = alloc.NewBufferWithSize(4096).Clear()
}
if this.chunkLength == -1 {
for buffer.Len() < 6 {
_, err := buffer.FillFrom(this.reader)
if err != nil {
buffer.Release()
return nil, io.ErrUnexpectedEOF
}
}
length := serial.BytesToUint16(buffer.Value[:2])
this.chunkLength = int(length) - 4
this.validator = NewValidator(serial.BytesToUint32(buffer.Value[2:6]))
buffer.SliceFrom(6)
if buffer.Len() < this.chunkLength && this.chunkLength <= 2048 {
_, err := buffer.FillFrom(this.reader)
if err != nil {
buffer.Release()
return nil, io.ErrUnexpectedEOF
}
}
} else if buffer.Len() < this.chunkLength {
_, err := buffer.FillFrom(this.reader)
if err != nil {
buffer.Release()
return nil, io.ErrUnexpectedEOF
}
}
if this.chunkLength == 0 {
buffer.Release()
return nil, io.EOF
}
if buffer.Len() < this.chunkLength {
this.validator.Consume(buffer.Value)
this.chunkLength -= buffer.Len()
} else {
this.validator.Consume(buffer.Value[:this.chunkLength])
if !this.validator.Validate() {
buffer.Release()
return nil, transport.ErrCorruptedPacket
}
leftLength := buffer.Len() - this.chunkLength
if leftLength > 0 {
this.last = alloc.NewBufferWithSize(leftLength + 4096).Clear()
this.last.Append(buffer.Value[this.chunkLength:])
buffer.Slice(0, this.chunkLength)
}
this.chunkLength = -1
this.validator = nil
}
return buffer, nil
}