func (handler *VMessInboundHandler) HandleConnection(connection net.Conn) error {
defer connection.Close()
reader := protocol.NewVMessRequestReader(handler.clients)
// Timeout 4 seconds to prevent DoS attack
connection.SetReadDeadline(time.Now().Add(requestReadTimeOut))
request, err := reader.Read(connection)
if err != nil {
log.Warning("VMessIn: Invalid request from (%s): %v", connection.RemoteAddr().String(), err)
return err
}
log.Debug("VMessIn: Received request for %s", request.Address.String())
// Clear read timeout
connection.SetReadDeadline(zeroTime)
ray := handler.vPoint.DispatchToOutbound(v2net.NewTCPPacket(request.Destination()))
input := ray.InboundInput()
output := ray.InboundOutput()
readFinish := make(chan bool)
writeFinish := make(chan bool)
go handleInput(request, connection, input, readFinish)
responseKey := md5.Sum(request.RequestKey[:])
responseIV := md5.Sum(request.RequestIV[:])
response := protocol.NewVMessResponse(request)
responseWriter, err := v2io.NewAesEncryptWriter(responseKey[:], responseIV[:], connection)
if err != nil {
return log.Error("VMessIn: Failed to create encrypt writer: %v", err)
}
// Optimize for small response packet
buffer := make([]byte, 0, 2*1024)
buffer = append(buffer, response[:]...)
if data, open := <-output; open {
buffer = append(buffer, data...)
responseWriter.Write(buffer)
go handleOutput(request, responseWriter, output, writeFinish)
<-writeFinish
}
if tcpConn, ok := connection.(*net.TCPConn); ok {
tcpConn.CloseWrite()
}
<-readFinish
return nil
}
func (handler *VMessInboundHandler) HandleConnection(connection net.Conn) error {
defer connection.Close()
connReader := v2net.NewTimeOutReader(4, connection)
requestReader := protocol.NewVMessRequestReader(handler.clients)
request, err := requestReader.Read(connReader)
if err != nil {
log.Warning("VMessIn: Invalid request from (%s): %v", connection.RemoteAddr().String(), err)
return err
}
log.Debug("VMessIn: Received request for %s", request.Address.String())
ray := handler.vPoint.DispatchToOutbound(v2net.NewTCPPacket(request.Destination()))
input := ray.InboundInput()
output := ray.InboundOutput()
var readFinish, writeFinish sync.Mutex
readFinish.Lock()
writeFinish.Lock()
go handleInput(request, connReader, input, &readFinish)
responseKey := md5.Sum(request.RequestKey[:])
responseIV := md5.Sum(request.RequestIV[:])
response := protocol.NewVMessResponse(request)
responseWriter, err := v2io.NewAesEncryptWriter(responseKey[:], responseIV[:], connection)
if err != nil {
return log.Error("VMessIn: Failed to create encrypt writer: %v", err)
}
// Optimize for small response packet
buffer := make([]byte, 0, 2*1024)
buffer = append(buffer, response[:]...)
if data, open := <-output; open {
buffer = append(buffer, data...)
responseWriter.Write(buffer)
go handleOutput(request, responseWriter, output, &writeFinish)
writeFinish.Lock()
}
if tcpConn, ok := connection.(*net.TCPConn); ok {
tcpConn.CloseWrite()
}
readFinish.Lock()
return nil
}
func (server *SocksServer) HandleConnection(connection net.Conn) error {
defer connection.Close()
reader := v2net.NewTimeOutReader(4, connection)
auth, auth4, err := protocol.ReadAuthentication(reader)
if err != nil && err != protocol.ErrorSocksVersion4 {
log.Error("Error on reading authentication: %v", err)
return err
}
var dest v2net.Destination
// TODO refactor this part
if err == protocol.ErrorSocksVersion4 {
result := protocol.Socks4RequestGranted
if auth4.Command == protocol.CmdBind {
result = protocol.Socks4RequestRejected
}
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth4.Port, auth4.IP[:])
protocol.WriteSocks4AuthenticationResponse(connection, socks4Response)
if result == protocol.Socks4RequestRejected {
return ErrorCommandNotSupported
}
dest = v2net.NewTCPDestination(v2net.IPAddress(auth4.IP[:], auth4.Port))
} else {
expectedAuthMethod := protocol.AuthNotRequired
if server.config.AuthMethod == JsonAuthMethodUserPass {
expectedAuthMethod = protocol.AuthUserPass
}
if !auth.HasAuthMethod(expectedAuthMethod) {
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
err = protocol.WriteAuthentication(connection, authResponse)
if err != nil {
log.Error("Error on socksio write authentication: %v", err)
return err
}
log.Warning("Client doesn't support allowed any auth methods.")
return ErrorAuthenticationFailed
}
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
err = protocol.WriteAuthentication(connection, authResponse)
if err != nil {
log.Error("Error on socksio write authentication: %v", err)
return err
}
if server.config.AuthMethod == JsonAuthMethodUserPass {
upRequest, err := protocol.ReadUserPassRequest(reader)
if err != nil {
log.Error("Failed to read username and password: %v", err)
return err
}
status := byte(0)
if !upRequest.IsValid(server.config.Username, server.config.Password) {
status = byte(0xFF)
}
upResponse := protocol.NewSocks5UserPassResponse(status)
err = protocol.WriteUserPassResponse(connection, upResponse)
if err != nil {
log.Error("Error on socksio write user pass response: %v", err)
return err
}
if status != byte(0) {
return ErrorInvalidUser
}
}
request, err := protocol.ReadRequest(reader)
if err != nil {
log.Error("Error on reading socks request: %v", err)
return err
}
response := protocol.NewSocks5Response()
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorCommandNotSupported
err = protocol.WriteResponse(connection, response)
if err != nil {
log.Error("Error on socksio write response: %v", err)
return err
}
log.Warning("Unsupported socks command %d", request.Command)
return ErrorCommandNotSupported
}
response.Error = protocol.ErrorSuccess
response.Port = request.Port
response.AddrType = request.AddrType
switch response.AddrType {
case protocol.AddrTypeIPv4:
copy(response.IPv4[:], request.IPv4[:])
case protocol.AddrTypeIPv6:
copy(response.IPv6[:], request.IPv6[:])
case protocol.AddrTypeDomain:
response.Domain = request.Domain
}
err = protocol.WriteResponse(connection, response)
if err != nil {
log.Error("Error on socksio write response: %v", err)
return err
}
dest = request.Destination()
}
ray := server.vPoint.DispatchToOutbound(v2net.NewTCPPacket(dest))
input := ray.InboundInput()
output := ray.InboundOutput()
var readFinish, writeFinish sync.Mutex
readFinish.Lock()
writeFinish.Lock()
go dumpInput(reader, input, &readFinish)
go dumpOutput(connection, output, &writeFinish)
writeFinish.Lock()
return nil
}
func TestVMessInAndOut(t *testing.T) {
assert := unit.Assert(t)
data2Send := "The data to be send to outbound server."
portA := uint16(17392)
ich := &mocks.InboundConnectionHandler{
Data2Send: []byte(data2Send),
DataReturned: bytes.NewBuffer(make([]byte, 0, 1024)),
}
core.RegisterInboundConnectionHandlerFactory("mock_ich", ich)
configA := mocks.Config{
PortValue: portA,
InboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "mock_ich",
ContentValue: nil,
},
OutboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "vmess",
ContentValue: []byte("{\"vnext\":[{\"address\": \"127.0.0.1\", \"network\": \"tcp\", \"port\": 13829, \"users\":[{\"id\": \"ad937d9d-6e23-4a5a-ba23-bce5092a7c51\"}]}]}"),
},
}
pointA, err := core.NewPoint(&configA)
assert.Error(err).IsNil()
err = pointA.Start()
assert.Error(err).IsNil()
portB := uint16(13829)
och := &mocks.OutboundConnectionHandler{
Data2Send: bytes.NewBuffer(make([]byte, 0, 1024)),
Data2Return: []byte("The data to be returned to inbound server."),
}
core.RegisterOutboundConnectionHandlerFactory("mock_och", och)
configB := mocks.Config{
PortValue: portB,
InboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "vmess",
ContentValue: []byte("{\"clients\": [{\"id\": \"ad937d9d-6e23-4a5a-ba23-bce5092a7c51\"}]}"),
},
OutboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "mock_och",
ContentValue: nil,
},
}
pointB, err := core.NewPoint(&configB)
assert.Error(err).IsNil()
err = pointB.Start()
assert.Error(err).IsNil()
dest := v2net.NewTCPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}, 80))
ich.Communicate(v2net.NewTCPPacket(dest))
assert.Bytes([]byte(data2Send)).Equals(och.Data2Send.Bytes())
assert.Bytes(ich.DataReturned.Bytes()).Equals(och.Data2Return)
}
