Ejemplo n.º 1
0
func parseServerConfig(config *ss.Config) {
	if len(config.ServerPassword) == 0 {
		// only one encryption table
		cipher, err := ss.NewCipher(config.Method, config.Password)
		if err != nil {
			log.Fatal("Failed generating ciphers:", err)
		}
		srvPort := strconv.Itoa(config.ServerPort)
		srvArr := config.GetServerArray()
		n := len(srvArr)
		servers.srvCipher = make([]*ServerCipher, n)

		for i, s := range srvArr {
			if ss.HasPort(s) {
				log.Println("ignore server_port option for server", s)
				servers.srvCipher[i] = &ServerCipher{s, cipher}
			} else {
				servers.srvCipher[i] = &ServerCipher{s + ":" + srvPort, cipher}
			}
		}
	} else {
		// multiple servers
		n := len(config.ServerPassword)
		servers.srvCipher = make([]*ServerCipher, n)

		cipherCache := make(map[string]ss.Cipher)
		i := 0
		for _, serverInfo := range config.ServerPassword {
			if len(serverInfo) < 2 || len(serverInfo) > 3 {
				log.Fatalf("server %v syntax error\n", serverInfo)
			}
			server := serverInfo[0]
			passwd := serverInfo[1]
			encmethod := ""
			if len(serverInfo) == 3 {
				encmethod = serverInfo[2]
			}
			if !ss.HasPort(server) {
				log.Fatalf("no port for server %s, please specify port in the form of %s:port\n", server, server)
			}
			cipher, ok := cipherCache[passwd]
			if !ok {
				var err error
				cipher, err = ss.NewCipher(encmethod, passwd)
				if err != nil {
					log.Fatal("Failed generating ciphers:", err)
				}
				cipherCache[passwd] = cipher
			}
			servers.srvCipher[i] = &ServerCipher{server, cipher}
			i++
		}
	}
	servers.failCnt = make([]int, len(servers.srvCipher))
	for _, se := range servers.srvCipher {
		log.Println("available remote server", se.server)
	}
	return
}
Ejemplo n.º 2
0
func initServers(config *ss.Config) {
	if len(config.ServerPassword) == 0 {
		// only one encryption table
		cipher, err := ss.NewCipher(config.Password)
		if err != nil {
			log.Fatal("Failed generating ciphers:", err)
		}
		srvPort := strconv.Itoa(config.ServerPort)
		srvArr := config.GetServerArray()
		n := len(srvArr)
		servers.srvCipher = make([]*ServerCipher, n, n)

		for i, s := range srvArr {
			if ss.HasPort(s) {
				log.Println("ignore server_port option for server", s)
				servers.srvCipher[i] = &ServerCipher{s, cipher}
			} else {
				servers.srvCipher[i] = &ServerCipher{s + ":" + srvPort, cipher}
			}
		}
	} else {
		n := len(config.ServerPassword)
		servers.srvCipher = make([]*ServerCipher, n, n)

		cipherCache := make(map[string]ss.Cipher)
		i := 0
		for s, passwd := range config.ServerPassword {
			if !ss.HasPort(s) {
				log.Fatal("no port for server %s, please specify port in the form of %s:port", s, s)
			}
			cipher, ok := cipherCache[passwd]
			if !ok {
				var err error
				cipher, err = ss.NewCipher(passwd)
				if err != nil {
					log.Fatal("Failed generating ciphers:", err)
				}
				cipherCache[passwd] = cipher
			}
			servers.srvCipher[i] = &ServerCipher{s, cipher}
			i++
		}
	}
	for _, se := range servers.srvCipher {
		log.Println("available remote server", se.server)
	}
	return
}
Ejemplo n.º 3
0
func clientMethodSelected(method uint8, conn net.Conn) (net.Conn, error) {
	switch method {
	case gosocks5.MethodUserPass:
		user, pass := parseUserPass(Password)
		if err := clientSocksAuth(conn, user, pass); err != nil {
			return nil, err
		}
	case MethodTLS, MethodTLSAuth:
		conn = tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
		if method == MethodTLSAuth {
			if len(Password) == 0 {
				return nil, ErrEmptyAuth
			}
			if err := clientSocksAuth(conn, "", Password); err != nil {
				return nil, err
			}
		}
	case MethodAES128, MethodAES192, MethodAES256,
		MethodDES, MethodBF, MethodCAST5, MethodRC4MD5, MethodRC4, MethodTable:
		cipher, err := shadowsocks.NewCipher(Methods[method], Password)
		if err != nil {
			log.Println(err)
			return nil, err
		}
		conn = shadowsocks.NewConn(conn, cipher)
	case gosocks5.MethodNoAcceptable:
		return nil, gosocks5.ErrBadMethod
	}

	return conn, nil
}
Ejemplo n.º 4
0
func serverMethodSelected(method uint8, conn net.Conn) (net.Conn, error) {
	switch method {
	case MethodTLS:
		var cert tls.Certificate
		var err error

		if len(CertFile) == 0 || len(KeyFile) == 0 {
			cert, err = tls.X509KeyPair([]byte(rawCert), []byte(rawKey))
		} else {
			cert, err = tls.LoadX509KeyPair(CertFile, KeyFile)
		}

		if err != nil {
			return nil, err
		}
		conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{cert}})
		if err := svrTLSAuth(conn); err != nil {
			return nil, err
		}
	case MethodAES128, MethodAES192, MethodAES256,
		MethodDES, MethodBF, MethodCAST5, MethodRC4MD5, MethodRC4, MethodTable:
		cipher, err := shadowsocks.NewCipher(Methods[method], Password)
		if err != nil {
			return nil, err
		}
		conn = shadowsocks.NewConn(conn, cipher)
	case gosocks5.MethodNoAcceptable:
		return nil, gosocks5.ErrBadMethod
	}

	return conn, nil
}
Ejemplo n.º 5
0
func handleShadow(conn net.Conn, arg Args) {
	if arg.User != nil {
		method := arg.User.Username()
		password, _ := arg.User.Password()
		cipher, err := shadowsocks.NewCipher(method, password)
		if err != nil {
			glog.V(LWARNING).Infoln("shadowsocks:", err)
			return
		}
		conn = shadowsocks.NewConn(conn, cipher)
	}

	addr, extra, err := getShadowRequest(conn)
	if err != nil {
		glog.V(LWARNING).Infoln("shadowsocks:", err)
		return
	}
	glog.V(LINFO).Infoln("shadowsocks connect:", addr.String())

	sconn, err := Connect(addr.String())
	if err != nil {
		glog.V(LWARNING).Infoln("shadowsocks:", err)
		return
	}
	defer sconn.Close()

	if extra != nil {
		if _, err := sconn.Write(extra); err != nil {
			glog.V(LWARNING).Infoln("shadowsocks:", err)
			return
		}
	}

	Transport(conn, sconn)
}
Ejemplo n.º 6
0
func run(port, password string) {
	ln, err := net.Listen("tcp", ":"+port)
	if err != nil {
		log.Printf("error listening port %v: %v\n", port, err)
		return
	}
	passwdManager.add(port, password, ln)
	var cipher *ss.Cipher
	log.Printf("server listening port %v ...\n", port)
	for {
		conn, err := ln.Accept()
		if err != nil {
			// listener maybe closed to update password
			debug.Printf("accept error: %v\n", err)
			return
		}
		// Creating cipher upon first connection.
		if cipher == nil {
			log.Println("creating cipher for port:", port)
			cipher, err = ss.NewCipher(config.Method, password)
			if err != nil {
				log.Printf("Error generating cipher for port: %s %v\n", port, err)
				conn.Close()
				continue
			}
		}
		go handleConnection(ss.NewConn(conn, cipher.Copy()))
	}
}
Ejemplo n.º 7
0
func (sp *shadowsocksParent) initCipher(passwd, method string) {
	cipher, err := ss.NewCipher(method, passwd)
	if err != nil {
		Fatal("creating shadowsocks cipher:", err)
	}
	sp.cipher = cipher
}
Ejemplo n.º 8
0
func runWithCustomMethod(user user.User) {
	// port, password string, Cipher *ss.Cipher
	port := strconv.Itoa(user.GetPort())
	password := user.GetPasswd()
	ln, err := net.Listen("tcp", ":"+port)
	if err != nil {
		Log.Error(fmt.Sprintf("error listening port %v: %v\n", port, err))
		os.Exit(1)
	}
	passwdManager.add(port, password, ln)
	cipher, err := user.GetCipher()
	if err != nil {
		return
	}
	Log.Info(fmt.Sprintf("server listening port %v ...\n", port))
	for {
		conn, err := ln.Accept()
		if err != nil {
			// listener maybe closed to update password
			Log.Debug(fmt.Sprintf("accept error: %v\n", err))
			return
		}
		// Creating cipher upon first connection.
		if cipher == nil {
			Log.Debug("creating cipher for port:", port)
			cipher, err = ss.NewCipher(user.GetMethod(), password)
			if err != nil {
				Log.Error(fmt.Sprintf("Error generating cipher for port: %s %v\n", port, err))
				conn.Close()
				continue
			}
		}
		go handleConnection(user, ss.NewConn(conn, cipher.Copy()))
	}
}
Ejemplo n.º 9
0
func newMeowProxy(method, passwd, addr string) *meowProxy {
	cipher, err := ss.NewCipher(method, passwd)
	if err != nil {
		Fatal("can't initialize meow proxy server", err)
	}
	return &meowProxy{addr, method, passwd, cipher}
}
Ejemplo n.º 10
0
func newCowParent(srv, method, passwd string) *cowParent {
	cipher, err := ss.NewCipher(method, passwd)
	if err != nil {
		Fatal("create cow cipher:", err)
	}
	return &cowParent{srv, method, passwd, cipher}
}
Ejemplo n.º 11
0
func (sp *shadowsocksParent) initCipher(method, passwd string) {
	sp.method = method
	sp.passwd = passwd
	cipher, err := ss.NewCipher(method, passwd)
	if err != nil {
		Fatal("create shadowsocks cipher:", err)
	}
	sp.cipher = cipher
}
Ejemplo n.º 12
0
func init() {

	proxyTransports["http"] = func(proxyURL *url.URL) (*http.Transport, error) {
		return &http.Transport{
			Proxy: func(req *http.Request) (*url.URL, error) {
				return proxyURL, nil
			},
		}, nil
	}

	proxyTransports["socks5"] = func(proxyURL *url.URL) (*http.Transport, error) {
		ph, err := proxy.FromURL(proxyURL, proxy.Direct)
		if err != nil {
			return nil, err
		}
		return &http.Transport{
			Dial: ph.Dial,
		}, nil
	}

	proxyTransports["socks4"] = func(proxyURL *url.URL) (*http.Transport, error) {
		dialSocksProxy := socks.DialSocksProxy(socks.SOCKS4A, proxyURL.Host)
		return &http.Transport{
			Dial: dialSocksProxy,
		}, nil
	}

	proxyTransports["socks4a"] = func(proxyURL *url.URL) (*http.Transport, error) {
		dialSocksProxy := socks.DialSocksProxy(socks.SOCKS4A, proxyURL.Host)
		return &http.Transport{
			Dial: dialSocksProxy,
		}, nil
	}

	//shadowsocks
	proxyTransports["ss"] = func(proxyURL *url.URL) (*http.Transport, error) {
		if proxyURL.User == nil {
			return nil, fmt.Errorf("wrong shadowsocks uri,need method and passwd")
		}
		psw, _ := proxyURL.User.Password()
		cipher, err := ss.NewCipher(proxyURL.User.Username(), psw)
		if err != nil {
			return nil, err
		}
		serverAddr := proxyURL.Host
		return &http.Transport{
			Dial: func(_, addr string) (net.Conn, error) {
				return ss.Dial(addr, serverAddr, cipher.Copy())
			},
			//			DialTLS:func(_, addr string) (net.Conn, error) {
			//				return ss.Dial(addr, serverAddr, cipher.Copy())
			//			},
		}, nil
	}

}
Ejemplo n.º 13
0
func forward(conn net.Conn, arg Args) (net.Conn, error) {
	var err error
	if glog.V(LINFO) {
		proto := arg.Protocol
		if proto == "default" {
			proto = "http" // default is http
		}
		glog.Infof("forward: %s/%s %s", proto, arg.Transport, arg.Addr)
	}
	switch arg.Transport {
	case "ws": // websocket connection
		conn, err = wsClient(conn, arg.Addr)
		if err != nil {
			return nil, err
		}
	case "tls": // tls connection
		conn = tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
	case "tcp":
		fallthrough
	default:
	}

	switch arg.Protocol {
	case "socks", "socks5":
		selector := &clientSelector{
			methods: []uint8{
				gosocks5.MethodNoAuth,
				gosocks5.MethodUserPass,
				MethodTLS,
			},
			arg: arg,
		}
		c := gosocks5.ClientConn(conn, selector)
		if err := c.Handleshake(); err != nil {
			return nil, err
		}
		conn = c
	case "ss": // shadowsocks
		if arg.User != nil {
			method := arg.User.Username()
			password, _ := arg.User.Password()
			cipher, err := shadowsocks.NewCipher(method, password)
			if err != nil {
				return nil, err
			}
			conn = shadowsocks.NewConn(conn, cipher)
		}
	case "http":
		fallthrough
	default:
	}

	return conn, nil
}
Ejemplo n.º 14
0
func (u User) GetCipher() (*ss.Cipher, error, bool) {
	method := u.Method
	auth := false

	if strings.HasSuffix(method, "-auth") {
		method = method[:len(method)-5]
		auth = true
	}
	s, e := ss.NewCipher(method, u.Passwd)
	return s, e, auth
}
Ejemplo n.º 15
0
func (s *SSDialer) Dial(network, addr string) (c net.Conn, err error) {
	cipher, err := ss.NewCipher(s.Method, s.Password)
	if err != nil {
		return nil, err
	}
	ssConn, err := ss.Dial(addr, s.Host, cipher)
	if err != nil {
		return nil, err
	}
	return ssConn, nil
}
Ejemplo n.º 16
0
func (sp *shadowsocksParent) initCipher(method, passwd string) error {
	if method == "table" {
		method = ""
	}
	sp.method = method
	sp.passwd = passwd
	cipher, err := ss.NewCipher(method, passwd)
	if err != nil {
		return err
	}
	sp.cipher = cipher
	return nil
}
Ejemplo n.º 17
0
func New(conf *ProxyConfig) (ps *ProxyServer, err error) {
	ps = &ProxyServer{
		config:  conf,
		joins:   make(chan net.Conn),
		stop:    make(chan bool),
		Stopped: true,
	}
	ps.Cip, err = ss.NewCipher(conf.Method, conf.EncrStr)
	if err != nil {
		err = errors.Newf("create cipher error: %v", err)
	}
	return
}
Ejemplo n.º 18
0
func runWithCustomMethod(user user.User) {
	// port, password string, Cipher *ss.Cipher
	port := strconv.Itoa(user.GetPort())
	// 检测端口是否已存在
	_, ok := passwdManager.get(port)
	// 如果存在
	if ok {
		return
	}
	password := user.GetPasswd()
	ln, err := net.Listen("tcp", ":"+port)
	if err != nil {
		Log.Error(fmt.Sprintf("error listening port %v: %v\n", port, err))
		// os.Exit(1)
		return
	}
	passwdManager.add(port, password, ln)
	cipher, err, auth := user.GetCipher()
	if err != nil {
		return
	}
	Log.Info(fmt.Sprintf("server listening port %v ...\n", port))
	for {
		conn, err := ln.Accept()
		if err != nil {
			// listener maybe closed to update password
			Log.Debug(fmt.Sprintf("accept error: %v\n", err))
			return
		}
		// Creating cipher upon first connection.
		if cipher == nil {
			Log.Debug("creating cipher for port:", port)
			method := user.GetMethod()

			if strings.HasSuffix(method, "-auth") {
				method = method[:len(method)-5]
				auth = true
			} else {
				auth = false
			}

			cipher, err = ss.NewCipher(method, password)
			if err != nil {
				Log.Error(fmt.Sprintf("Error generating cipher for port: %s %v\n", port, err))
				conn.Close()
				continue
			}
		}
		go handleConnection(user, ss.NewConn(conn, cipher.Copy()), auth)
	}
}
Ejemplo n.º 19
0
func serverMethodSelected(method uint8, conn net.Conn) (net.Conn, error) {
	//log.Println(method)
	switch method {
	case gosocks5.MethodUserPass:
		var username, password string

		if listenUrl != nil && listenUrl.User != nil {
			username = listenUrl.User.Username()
			password, _ = listenUrl.User.Password()
		}

		if err := serverSocksAuth(conn, username, password); err != nil {
			return nil, err
		}
	case MethodTLS, MethodTLSAuth:
		var cert tls.Certificate
		var err error

		if len(CertFile) == 0 || len(KeyFile) == 0 {
			cert, err = tls.X509KeyPair([]byte(rawCert), []byte(rawKey))
		} else {
			cert, err = tls.LoadX509KeyPair(CertFile, KeyFile)
		}

		if err != nil {
			return nil, err
		}
		conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{cert}})
		if method == MethodTLSAuth {
			// password is mandatory
			if len(Password) == 0 {
				return nil, ErrEmptyAuth
			}
			if err := serverSocksAuth(conn, "", Password); err != nil {
				return nil, err
			}
		}
	case MethodAES128, MethodAES192, MethodAES256,
		MethodDES, MethodBF, MethodCAST5, MethodRC4MD5, MethodRC4, MethodTable:
		cipher, err := shadowsocks.NewCipher(Methods[method], Password)
		if err != nil {
			return nil, err
		}
		conn = shadowsocks.NewConn(conn, cipher)
	case gosocks5.MethodNoAcceptable:
		return nil, gosocks5.ErrBadMethod
	}

	return conn, nil
}
Ejemplo n.º 20
0
func runUDP(port string, password [3]string) {
	addr, _ := net.ResolveUDPAddr(netUdp, ":"+port)
	conn, err := net.ListenUDP(netUdp, addr)
	if err != nil {
		log.Printf("error listening udp port %v: %v\n", port, err)
		return
	}
	passwdManager.addUDP(port, password, conn)
	log.Printf("server listening udp port %v ...\n", port)
	defer conn.Close()
	var cipher *ss.Cipher
	cipher, err = ss.NewCipher(config.Method, password[0])
	if err != nil {
		log.Printf("Error generating cipher for udp port: %s %v\n", port, err)
		conn.Close()
	}
	ss.HandleUDPConnection(ss.NewUDPConn(conn, cipher.Copy()), password[1])
}
Ejemplo n.º 21
0
func run(port, password string) {

	var addr string
	var lastTime int64

	ln, err := net.Listen("tcp", ":"+port)
	if err != nil {
		log.Printf("error listening port %v: %v\n", port, err)
		return
	}
	passwdManager.add(port, password, ln)
	var cipher *ss.Cipher
	log.Printf("server listening port %v ...\n", port)
	for {
		conn, err := ln.Accept()
		if err != nil {
			// listener maybe closed to update password
			debug.Printf("accept error: %v\n", err)
			return
		}

		newaddr := conn.RemoteAddr().String()
		nowtime := time.Now().Unix()
		if addr != newaddr && lastTime >= nowtime {
			conn.Close()
			continue
		}
		lastTime = nowtime
		addr = newaddr

		// Creating cipher upon first connection.
		if cipher == nil {
			log.Println("creating cipher for port:", port)
			cipher, err = ss.NewCipher(config.Method, password)
			if err != nil {
				log.Printf("Error generating cipher for port: %s %v\n", port, err)
				conn.Close()
				continue
			}
		}
		go handleConnection(ss.NewConn(conn, cipher.Copy()))
	}
}
Ejemplo n.º 22
0
func initShadowSocks() {
	if config.ShadowSocks != "" && config.ShadowPasswd != "" {
		var err error
		if err = ss.SetDefaultCipher(config.ShadowMethod); err != nil {
			fmt.Println("Initializing shadowsocks:", err)
			os.Exit(1)
		}
		if cipher, err = ss.NewCipher(config.ShadowPasswd); err != nil {
			fmt.Println("Creating shadowsocks cipher:", err)
			os.Exit(1)
		}
		debug.Println("shadowsocks server:", config.ShadowSocks)
		return
	}
	if (config.ShadowSocks != "" && config.ShadowPasswd == "") ||
		(config.ShadowSocks == "" && config.ShadowPasswd != "") {
		fmt.Println("Missing option: shadowSocks and shadowPasswd should be both given")
		os.Exit(1)
	}
}
Ejemplo n.º 23
0
func initShadowSocks() {
	// error checking is done when parsing config
	if len(config.ShadowSocks) == 0 {
		return
	}
	for i, _ := range config.ShadowSocks {
		// initialize cipher for each shadowsocks connection
		if c, err := ss.NewCipher(config.ShadowMethod[i], config.ShadowPasswd[i]); err != nil {
			Fatal("creating shadowsocks cipher:", err)
		} else {
			cipher = append(cipher, c)
		}
		if debug {
			if config.ShadowMethod[i] != "" {
				debug.Println("shadowsocks server:", config.ShadowSocks[i], "encryption:", config.ShadowMethod[i])
			} else {
				debug.Println("shadowsocks server:", config.ShadowSocks[i])
			}
		}
	}
}
Ejemplo n.º 24
0
func TestShadowsocksTCP(t *testing.T) {
	v2testing.Current(t)

	tcpServer := &tcp.Server{
		Port: v2net.Port(50052),
		MsgProcessor: func(data []byte) []byte {
			buffer := make([]byte, 0, 2048)
			buffer = append(buffer, []byte("Processed: ")...)
			buffer = append(buffer, data...)
			return buffer
		},
	}
	_, err := tcpServer.Start()
	assert.Error(err).IsNil()
	defer tcpServer.Close()

	assert.Error(InitializeServerServer("test_6")).IsNil()

	cipher, err := ssclient.NewCipher("aes-256-cfb", "v2ray-password")
	assert.Error(err).IsNil()

	rawAddr := []byte{1, 127, 0, 0, 1, 0xc3, 0x84} // 127.0.0.1:50052
	conn, err := ssclient.DialWithRawAddr(rawAddr, "127.0.0.1:50051", cipher)
	assert.Error(err).IsNil()

	payload := "shadowsocks request."
	nBytes, err := conn.Write([]byte(payload))
	assert.Error(err).IsNil()
	assert.Int(nBytes).Equals(len(payload))

	conn.Conn.(*net.TCPConn).CloseWrite()

	response := make([]byte, 1024)
	nBytes, err = conn.Read(response)
	assert.Error(err).IsNil()
	assert.StringLiteral("Processed: " + payload).Equals(string(response[:nBytes]))
	conn.Close()

	CloseAllServers()
}
Ejemplo n.º 25
0
func cliHandle(conn net.Conn) {
	defer conn.Close()

	if Shadows {
		cipher, _ := shadowsocks.NewCipher(SMethod, SPassword)
		conn = shadowsocks.NewConn(conn, cipher)
		handleShadow(conn)
		return
	}

	b := mpool.Take()
	defer mpool.put(b)

	n, err := io.ReadAtLeast(conn, b, 2)
	if err != nil {
		return
	}

	if b[0] == gosocks5.Ver5 {
		mn := int(b[1]) // methods count
		length := 2 + mn
		if n < length {
			if _, err := io.ReadFull(conn, b[n:length]); err != nil {
				return
			}
		}

		methods := b[2 : 2+mn]
		handleSocks5(conn, methods)
		return
	}

	req, err := http.ReadRequest(bufio.NewReader(newReqReader(b[:n], conn)))
	if err != nil {
		//log.Println(hex.Dump(b[:n]))
		log.Println(err)
		return
	}
	handleHttp(req, conn)
}
Ejemplo n.º 26
0
func run(port string) {
	ln, err := net.Listen("tcp", ":"+port)
	if err != nil {
		log.Printf("error listening port %v: %v\n", port, err)
		os.Exit(0)
	}
	var cipher *ss.Cipher
	log.Printf("server listening port %v ...\n", port)
	for {
		conn, err := ln.Accept()
		if err != nil {
			log.Printf("accept error: %v\n", err)
			continue
		}

		user, err := getUser(conn)
		if err != nil {
			log.Printf("Error get passeoed: %s %v\n", port, err)
			conn.Close()
			continue
		}
		size, err := storage.GetSize("flow:" + user.Name)
		if user.Limit < size {
			log.Printf("Error user runover: %s\n", size)
			conn.Close()
			continue
		}

		// log.Println("creating cipher for user:"******"Error generating cipher for user: %s %v\n", user.Name, err)
			conn.Close()
			continue
		}
		go handleConnection(user, ss.NewConn(conn, cipher.Copy()))
	}
}
Ejemplo n.º 27
0
func newSsProxyClient(proxyAddr, method, password string, upProxy ProxyClient, query map[string][]string) (ProxyClient, error) {
	p := ssProxyClient{}

	cipher, err := ss.NewCipher(method, password)
	if err != nil {
		return nil, fmt.Errorf("创建代理错误:%v", err)
	}

	if upProxy == nil {
		nUpProxy, err := newDriectProxyClient("", false, 0, make(map[string][]string))
		if err != nil {
			return nil, fmt.Errorf("创建直连代理错误:%v", err)
		}
		upProxy = nUpProxy
	}

	p.proxyAddr = proxyAddr
	p.cipher = cipher
	p.upProxy = upProxy
	p.query = query

	return &p, nil
}
Ejemplo n.º 28
0
func NewProxyServer(node ProxyNode, chain *ProxyChain, config *tls.Config) *ProxyServer {
	if chain == nil {
		chain = NewProxyChain()
	}
	if config == nil {
		config = &tls.Config{}
	}

	var cipher *ss.Cipher
	if node.Protocol == "ss" && node.User != nil {
		var err error
		method := node.User.Username()
		password, _ := node.User.Password()
		cipher, err = ss.NewCipher(method, password)
		if err != nil {
			glog.Fatal(err)
		}
	}
	return &ProxyServer{
		Node:      node,
		Chain:     chain,
		TLSConfig: config,
		selector: &serverSelector{ // socks5 server selector
			// methods that socks5 server supported
			methods: []uint8{
				gosocks5.MethodNoAuth,
				gosocks5.MethodUserPass,
				MethodTLS,
				MethodTLSAuth,
			},
			user:      node.User,
			tlsConfig: config,
		},
		cipher: cipher,
	}
}
Ejemplo n.º 29
0
func parseServerConfig(config *ss.Config) {
	hasPort := func(s string) bool {
		_, port, err := net.SplitHostPort(s)
		if err != nil {
			return false
		}
		return port != ""
	}

	if len(config.ServerPassword) == 0 {
		method := config.Method
		if config.Auth {
			method += "-ota"
		}
		// only one encryption table
		cipher, err := ss.NewCipher(method, config.Password)
		if err != nil {
			log.Fatal("Failed generating ciphers:", err)
		}
		srvPort := strconv.Itoa(config.ServerPort)
		srvArr := config.GetServerArray()
		n := len(srvArr)
		servers.srvCipher = make([]*ServerCipher, n)

		for i, s := range srvArr {
			if hasPort(s) {
				log.Println("ignore server_port option for server", s)
				servers.srvCipher[i] = &ServerCipher{s, cipher}
			} else {
				servers.srvCipher[i] = &ServerCipher{net.JoinHostPort(s, srvPort), cipher}
			}
		}
	} else {
		// multiple servers
		n := len(config.ServerPassword)
		servers.srvCipher = make([]*ServerCipher, n)

		cipherCache := make(map[string]*ss.Cipher)
		i := 0
		for _, serverInfo := range config.ServerPassword {
			if len(serverInfo) < 2 || len(serverInfo) > 3 {
				log.Fatalf("server %v syntax error\n", serverInfo)
			}
			server := serverInfo[0]
			passwd := serverInfo[1]
			encmethod := ""
			if len(serverInfo) == 3 {
				encmethod = serverInfo[2]
			}
			if !hasPort(server) {
				log.Fatalf("no port for server %s\n", server)
			}
			// Using "|" as delimiter is safe here, since no encryption
			// method contains it in the name.
			cacheKey := encmethod + "|" + passwd
			cipher, ok := cipherCache[cacheKey]
			if !ok {
				var err error
				cipher, err = ss.NewCipher(encmethod, passwd)
				if err != nil {
					log.Fatal("Failed generating ciphers:", err)
				}
				cipherCache[cacheKey] = cipher
			}
			servers.srvCipher[i] = &ServerCipher{server, cipher}
			i++
		}
	}
	servers.failCnt = make([]int, len(servers.srvCipher))
	for _, se := range servers.srvCipher {
		log.Println("available remote server", se.server)
	}
	return
}
Ejemplo n.º 30
0
func TestSsProxy(t *testing.T) {

	// 测试域名
	testAddr := "www.test123.com:80"
	testData := []byte("dsgbhdfhgsq36jhrawdxghucn46ggetst")
	testServerAddr := "127.0.0.1:1458"
	testMethod := "aes-256-cfb"
	testPassword := "******"
	testRawAddr, err := ss.RawAddr(testAddr)
	if err != nil {
		t.Fatal(err)
	}

	// 简单模拟服务器
	cipher, err := ss.NewCipher(testMethod, testPassword)
	if err != nil {
		t.Fatal(err)
	}

	l, err := net.Listen("tcp", testServerAddr)
	if err != nil {
		t.Fatal(err)
	}
	defer l.Close()

	go func() {
		c, err := l.Accept()
		if err != nil {
			t.Fatal(err)
		}
		c.SetDeadline(time.Now().Add(5 * time.Second))

		sc := ss.NewConn(c, cipher)
		defer sc.Close()

		// 读内容并返回
		for i := 0; i < 2; i++ {
			buf := make([]byte, 1024)
			if n, err := sc.Read(buf); err != nil {
				t.Fatal("i=", i, "服务器读内容错误:", err)
			} else {
				if _, err := sc.Write(buf[:n]); err != nil {
					t.Fatal(err)
				}
			}
		}
	}()

	// 发出请求,然后解密。
	p, err := newSsProxyClient(testServerAddr, testMethod, testPassword, nil, nil)
	if err != nil {
		t.Fatal(err)
	}

	c, err := p.DialTimeout("tcp", testAddr, 1*time.Second)
	if err != nil {
		t.Fatal(err)
	}
	defer c.Close()

	// 比较地址是否正确
	buf := make([]byte, 1024)
	if n, err := c.Read(buf); err != nil {
		t.Fatal("读地址错误:", err)
	} else {
		if bytes.Compare(buf[:n], testRawAddr) != 0 {
			t.Fatal("地址未正确发送")
		}
	}

	// 发送测试数据,并读取比较
	if _, err := c.Write(testData); err != nil {
		t.Fatal(err)
	}

	if n, err := c.Read(buf); err != nil {
		t.Fatal(err)
	} else {
		if bytes.Compare(buf[:n], testData) != 0 {
			t.Fatal("数据未正确发送")
		}
	}
}