func (s *Server) Process(ctx context.Context, network v2net.Network, conn internet.Connection) error {
conn.SetReusable(false)
timedReader := v2net.NewTimeOutReader(s.config.Timeout, conn)
reader := bufio.OriginalReaderSize(timedReader, 2048)
request, err := http.ReadRequest(reader)
if err != nil {
if errors.Cause(err) != io.EOF {
log.Warning("HTTP: Failed to read http request: ", err)
}
return err
}
log.Info("HTTP: Request to Method [", request.Method, "] Host [", request.Host, "] with URL [", request.URL, "]")
defaultPort := v2net.Port(80)
if strings.ToLower(request.URL.Scheme) == "https" {
defaultPort = v2net.Port(443)
}
host := request.Host
if len(host) == 0 {
host = request.URL.Host
}
dest, err := parseHost(host, defaultPort)
if err != nil {
log.Warning("HTTP: Malformed proxy host (", host, "): ", err)
return err
}
log.Access(conn.RemoteAddr(), request.URL, log.AccessAccepted, "")
ctx = proxy.ContextWithDestination(ctx, dest)
if strings.ToUpper(request.Method) == "CONNECT" {
return s.handleConnect(ctx, request, reader, conn)
} else {
return s.handlePlainHTTP(ctx, request, reader, conn)
}
}
func (v *Server) handleConnection(connection internet.Connection) {
defer connection.Close()
timedReader := v2net.NewTimeOutReader(v.config.Timeout, connection)
reader := bufio.NewReader(timedReader)
defer reader.Release()
writer := bufio.NewWriter(connection)
defer writer.Release()
auth, auth4, err := protocol.ReadAuthentication(reader)
if err != nil && errors.Cause(err) != protocol.Socks4Downgrade {
if errors.Cause(err) != io.EOF {
log.Warning("Socks: failed to read authentication: ", err)
}
return
}
clientAddr := v2net.DestinationFromAddr(connection.RemoteAddr())
if err != nil && err == protocol.Socks4Downgrade {
v.handleSocks4(clientAddr, reader, writer, auth4)
} else {
v.handleSocks5(clientAddr, reader, writer, auth)
}
}
func (this *FreedomConnection) Dispatch(destination v2net.Destination, payload *alloc.Buffer, ray ray.OutboundRay) error {
log.Info("Freedom: Opening connection to ", destination)
defer payload.Release()
defer ray.OutboundInput().Release()
defer ray.OutboundOutput().Close()
var conn internet.Connection
if this.domainStrategy == Config_USE_IP && destination.Address.Family().IsDomain() {
destination = this.ResolveIP(destination)
}
err := retry.ExponentialBackoff(5, 100).On(func() error {
rawConn, err := internet.Dial(this.meta.Address, destination, this.meta.GetDialerOptions())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("Freedom: Failed to open connection to ", destination, ": ", err)
return err
}
defer conn.Close()
input := ray.OutboundInput()
output := ray.OutboundOutput()
if !payload.IsEmpty() {
conn.Write(payload.Value)
}
go func() {
v2writer := v2io.NewAdaptiveWriter(conn)
defer v2writer.Release()
v2io.Pipe(input, v2writer)
if tcpConn, ok := conn.(*tcp.RawConnection); ok {
tcpConn.CloseWrite()
}
}()
var reader io.Reader = conn
timeout := this.timeout
if destination.Network == v2net.Network_UDP {
timeout = 16
}
if timeout > 0 {
reader = v2net.NewTimeOutReader(timeout /* seconds */, conn)
}
v2reader := v2io.NewAdaptiveReader(reader)
v2io.Pipe(v2reader, output)
v2reader.Release()
ray.OutboundOutput().Close()
return nil
}
func (v *DokodemoDoor) HandleTCPConnection(conn internet.Connection) {
defer conn.Close()
var dest v2net.Destination
if v.config.FollowRedirect {
originalDest := GetOriginalDestination(conn)
if originalDest.Network != v2net.Network_Unknown {
log.Info("Dokodemo: Following redirect to: ", originalDest)
dest = originalDest
}
}
if dest.Network == v2net.Network_Unknown && v.address != nil && v.port > v2net.Port(0) {
dest = v2net.TCPDestination(v.address, v.port)
}
if dest.Network == v2net.Network_Unknown {
log.Info("Dokodemo: Unknown destination, stop forwarding...")
return
}
log.Info("Dokodemo: Handling request to ", dest)
ray := v.packetDispatcher.DispatchToOutbound(&proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
Inbound: v.meta,
})
defer ray.InboundOutput().Release()
var wg sync.WaitGroup
reader := v2net.NewTimeOutReader(v.config.Timeout, conn)
defer reader.Release()
wg.Add(1)
go func() {
v2reader := buf.NewReader(reader)
defer v2reader.Release()
if err := buf.PipeUntilEOF(v2reader, ray.InboundInput()); err != nil {
log.Info("Dokodemo: Failed to transport all TCP request: ", err)
}
wg.Done()
ray.InboundInput().Close()
}()
wg.Add(1)
go func() {
v2writer := buf.NewWriter(conn)
defer v2writer.Release()
if err := buf.PipeUntilEOF(ray.InboundOutput(), v2writer); err != nil {
log.Info("Dokodemo: Failed to transport all TCP response: ", err)
}
wg.Done()
}()
wg.Wait()
}
func (this *DokodemoDoor) HandleTCPConnection(conn internet.Connection) {
defer conn.Close()
var dest v2net.Destination
if this.config.FollowRedirect {
originalDest := GetOriginalDestination(conn)
if originalDest.Network != v2net.Network_Unknown {
log.Info("Dokodemo: Following redirect to: ", originalDest)
dest = originalDest
}
}
if dest.Network == v2net.Network_Unknown && this.address != nil && this.port > v2net.Port(0) {
dest = v2net.TCPDestination(this.address, this.port)
}
if dest.Network == v2net.Network_Unknown {
log.Info("Dokodemo: Unknown destination, stop forwarding...")
return
}
log.Info("Dokodemo: Handling request to ", dest)
ray := this.packetDispatcher.DispatchToOutbound(&proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
Inbound: this.meta,
})
defer ray.InboundOutput().Release()
var wg sync.WaitGroup
reader := v2net.NewTimeOutReader(this.config.Timeout, conn)
defer reader.Release()
wg.Add(1)
go func() {
v2reader := v2io.NewAdaptiveReader(reader)
defer v2reader.Release()
v2io.Pipe(v2reader, ray.InboundInput())
wg.Done()
ray.InboundInput().Close()
}()
wg.Add(1)
go func() {
v2writer := v2io.NewAdaptiveWriter(conn)
defer v2writer.Release()
v2io.Pipe(ray.InboundOutput(), v2writer)
wg.Done()
}()
wg.Wait()
}
func (v *Server) handlerUDPPayload(ctx context.Context, conn internet.Connection) error {
source := proxy.SourceFromContext(ctx)
reader := buf.NewReader(conn)
for {
payload, err := reader.Read()
if err != nil {
break
}
request, data, err := DecodeUDPPacket(v.user, payload)
if err != nil {
log.Info("Shadowsocks|Server: Skipping invalid UDP packet from: ", source, ": ", err)
log.Access(source, "", log.AccessRejected, err)
payload.Release()
continue
}
if request.Option.Has(RequestOptionOneTimeAuth) && v.account.OneTimeAuth == Account_Disabled {
log.Info("Shadowsocks|Server: Client payload enables OTA but server doesn't allow it.")
payload.Release()
continue
}
if !request.Option.Has(RequestOptionOneTimeAuth) && v.account.OneTimeAuth == Account_Enabled {
log.Info("Shadowsocks|Server: Client payload disables OTA but server forces it.")
payload.Release()
continue
}
dest := request.Destination()
log.Access(source, dest, log.AccessAccepted, "")
log.Info("Shadowsocks|Server: Tunnelling request to ", dest)
ctx = protocol.ContextWithUser(ctx, request.User)
v.udpServer.Dispatch(ctx, dest, data, func(payload *buf.Buffer) {
defer payload.Release()
data, err := EncodeUDPPacket(request, payload)
if err != nil {
log.Warning("Shadowsocks|Server: Failed to encode UDP packet: ", err)
return
}
defer data.Release()
conn.Write(data.Bytes())
})
}
return nil
}
func (w *tcpWorker) callback(conn internet.Connection) {
ctx, cancel := context.WithCancel(w.ctx)
if w.recvOrigDest {
dest := tcp.GetOriginalDestination(conn)
if dest.IsValid() {
ctx = proxy.ContextWithOriginalDestination(ctx, dest)
}
}
if len(w.tag) > 0 {
ctx = proxy.ContextWithInboundTag(ctx, w.tag)
}
ctx = proxy.ContextWithAllowPassiveConnection(ctx, w.allowPassiveConn)
ctx = proxy.ContextWithInboundDestination(ctx, v2net.TCPDestination(w.address, w.port))
w.proxy.Process(ctx, v2net.Network_TCP, conn)
cancel()
conn.Close()
}
func (this *VMessOutboundHandler) Dispatch(target v2net.Destination, payload *alloc.Buffer, ray ray.OutboundRay) error {
defer ray.OutboundInput().Release()
defer ray.OutboundOutput().Close()
var rec *protocol.ServerSpec
var conn internet.Connection
err := retry.Timed(5, 100).On(func() error {
rec = this.serverPicker.PickServer()
rawConn, err := internet.Dial(this.meta.Address, rec.Destination(), this.meta.StreamSettings)
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Error("VMess|Outbound: Failed to find an available destination:", err)
return err
}
log.Info("VMess|Outbound: Tunneling request to ", target, " via ", rec.Destination())
command := protocol.RequestCommandTCP
if target.IsUDP() {
command = protocol.RequestCommandUDP
}
request := &protocol.RequestHeader{
Version: encoding.Version,
User: rec.PickUser(),
Command: command,
Address: target.Address(),
Port: target.Port(),
Option: protocol.RequestOptionChunkStream,
}
defer conn.Close()
conn.SetReusable(true)
if conn.Reusable() { // Conn reuse may be disabled on transportation layer
request.Option.Set(protocol.RequestOptionConnectionReuse)
}
input := ray.OutboundInput()
output := ray.OutboundOutput()
var requestFinish, responseFinish sync.Mutex
requestFinish.Lock()
responseFinish.Lock()
session := encoding.NewClientSession(protocol.DefaultIDHash)
go this.handleRequest(session, conn, request, payload, input, &requestFinish)
go this.handleResponse(session, conn, request, rec.Destination(), output, &responseFinish)
requestFinish.Lock()
responseFinish.Lock()
return nil
}
func (d *DokodemoDoor) Process(ctx context.Context, network net.Network, conn internet.Connection) error {
log.Debug("Dokodemo: processing connection from: ", conn.RemoteAddr())
conn.SetReusable(false)
ctx = proxy.ContextWithDestination(ctx, net.Destination{
Network: network,
Address: d.address,
Port: d.port,
})
inboundRay := d.packetDispatcher.DispatchToOutbound(ctx)
requestDone := signal.ExecuteAsync(func() error {
defer inboundRay.InboundInput().Close()
timedReader := net.NewTimeOutReader(d.config.Timeout, conn)
chunkReader := buf.NewReader(timedReader)
if err := buf.PipeUntilEOF(chunkReader, inboundRay.InboundInput()); err != nil {
log.Info("Dokodemo: Failed to transport request: ", err)
return err
}
return nil
})
responseDone := signal.ExecuteAsync(func() error {
v2writer := buf.NewWriter(conn)
if err := buf.PipeUntilEOF(inboundRay.InboundOutput(), v2writer); err != nil {
log.Info("Dokodemo: Failed to transport response: ", err)
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
inboundRay.InboundInput().CloseError()
inboundRay.InboundOutput().CloseError()
log.Info("Dokodemo: Connection ends with ", err)
return err
}
return nil
}
func (v *VMessOutboundHandler) handleRequest(session *encoding.ClientSession, conn internet.Connection, request *protocol.RequestHeader, payload *buf.Buffer, input buf.Reader, finish *sync.Mutex) {
defer finish.Unlock()
writer := bufio.NewWriter(conn)
defer writer.Release()
session.EncodeRequestHeader(request, writer)
bodyWriter := session.EncodeRequestBody(request, writer)
defer bodyWriter.Release()
if !payload.IsEmpty() {
if err := bodyWriter.Write(payload); err != nil {
log.Info("VMess|Outbound: Failed to write payload. Disabling connection reuse.", err)
conn.SetReusable(false)
}
payload.Release()
}
writer.SetCached(false)
if err := buf.PipeUntilEOF(input, bodyWriter); err != nil {
conn.SetReusable(false)
}
if request.Option.Has(protocol.RequestOptionChunkStream) {
err := bodyWriter.Write(buf.NewLocal(8))
if err != nil {
conn.SetReusable(false)
}
}
return
}
func (v *VMessOutboundHandler) handleResponse(session *encoding.ClientSession, conn internet.Connection, request *protocol.RequestHeader, dest v2net.Destination, output buf.Writer, finish *sync.Mutex) {
defer finish.Unlock()
reader := bufio.NewReader(conn)
defer reader.Release()
header, err := session.DecodeResponseHeader(reader)
if err != nil {
conn.SetReusable(false)
log.Warning("VMess|Outbound: Failed to read response from ", request.Destination(), ": ", err)
return
}
v.handleCommand(dest, header.Command)
conn.SetReusable(header.Option.Has(protocol.ResponseOptionConnectionReuse))
reader.SetCached(false)
bodyReader := session.DecodeResponseBody(request, reader)
defer bodyReader.Release()
if err := buf.PipeUntilEOF(bodyReader, output); err != nil {
conn.SetReusable(false)
}
return
}
func (this *VMessOutboundHandler) handleRequest(session *encoding.ClientSession, conn internet.Connection, request *protocol.RequestHeader, payload *alloc.Buffer, input v2io.Reader, finish *sync.Mutex) {
defer finish.Unlock()
writer := v2io.NewBufferedWriter(conn)
defer writer.Release()
session.EncodeRequestHeader(request, writer)
bodyWriter := session.EncodeRequestBody(writer)
var streamWriter v2io.Writer = v2io.NewAdaptiveWriter(bodyWriter)
if request.Option.Has(protocol.RequestOptionChunkStream) {
streamWriter = vmessio.NewAuthChunkWriter(streamWriter)
}
if !payload.IsEmpty() {
if err := streamWriter.Write(payload); err != nil {
conn.SetReusable(false)
}
}
writer.SetCached(false)
err := v2io.Pipe(input, streamWriter)
if err != io.EOF {
conn.SetReusable(false)
}
if request.Option.Has(protocol.RequestOptionChunkStream) {
err := streamWriter.Write(alloc.NewLocalBuffer(32).Clear())
if err != nil {
conn.SetReusable(false)
}
}
streamWriter.Release()
return
}
func (v *Server) handleUDPPayload(ctx context.Context, conn internet.Connection) error {
source := proxy.SourceFromContext(ctx)
log.Info("Socks|Server: Client UDP connection from ", source)
reader := buf.NewReader(conn)
for {
payload, err := reader.Read()
if err != nil {
return err
}
request, data, err := DecodeUDPPacket(payload.Bytes())
if err != nil {
log.Info("Socks|Server: Failed to parse UDP request: ", err)
continue
}
if len(data) == 0 {
continue
}
log.Info("Socks: Send packet to ", request.Destination(), " with ", len(data), " bytes")
log.Access(source, request.Destination, log.AccessAccepted, "")
dataBuf := buf.NewSmall()
dataBuf.Append(data)
v.udpServer.Dispatch(ctx, request.Destination(), dataBuf, func(payload *buf.Buffer) {
defer payload.Release()
log.Info("Socks|Server: Writing back UDP response with ", payload.Len(), " bytes")
udpMessage := EncodeUDPPacket(request, payload.Bytes())
defer udpMessage.Release()
conn.Write(udpMessage.Bytes())
})
}
}
func (s *Server) processTCP(ctx context.Context, conn internet.Connection) error {
conn.SetReusable(false)
timedReader := net.NewTimeOutReader(16 /* seconds, for handshake */, conn)
reader := bufio.NewReader(timedReader)
inboundDest := proxy.InboundDestinationFromContext(ctx)
session := &ServerSession{
config: s.config,
port: inboundDest.Port,
}
source := proxy.SourceFromContext(ctx)
request, err := session.Handshake(reader, conn)
if err != nil {
log.Access(source, "", log.AccessRejected, err)
log.Info("Socks|Server: Failed to read request: ", err)
return err
}
if request.Command == protocol.RequestCommandTCP {
dest := request.Destination()
log.Info("Socks|Server: TCP Connect request to ", dest)
log.Access(source, dest, log.AccessAccepted, "")
timedReader.SetTimeOut(s.config.Timeout)
ctx = proxy.ContextWithDestination(ctx, dest)
return s.transport(ctx, reader, conn)
}
if request.Command == protocol.RequestCommandUDP {
return s.handleUDP()
}
return nil
}
func (this *Server) handleConnection(conn internet.Connection) {
defer conn.Close()
timedReader := v2net.NewTimeOutReader(this.config.Timeout, conn)
reader := bufio.NewReaderSize(timedReader, 2048)
request, err := http.ReadRequest(reader)
if err != nil {
if err != io.EOF {
log.Warning("HTTP: Failed to read http request: ", err)
}
return
}
log.Info("HTTP: Request to Method [", request.Method, "] Host [", request.Host, "] with URL [", request.URL, "]")
defaultPort := v2net.Port(80)
if strings.ToLower(request.URL.Scheme) == "https" {
defaultPort = v2net.Port(443)
}
host := request.Host
if len(host) == 0 {
host = request.URL.Host
}
dest, err := parseHost(host, defaultPort)
if err != nil {
log.Warning("HTTP: Malformed proxy host (", host, "): ", err)
return
}
log.Access(conn.RemoteAddr(), request.URL, log.AccessAccepted, "")
session := &proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
Inbound: this.meta,
}
if strings.ToUpper(request.Method) == "CONNECT" {
this.handleConnect(request, session, reader, conn)
} else {
this.handlePlainHTTP(request, session, reader, conn)
}
}
func (this *VMessOutboundHandler) handleResponse(session *encoding.ClientSession, conn internet.Connection, request *protocol.RequestHeader, dest v2net.Destination, output v2io.Writer, finish *sync.Mutex) {
defer finish.Unlock()
reader := v2io.NewBufferedReader(conn)
defer reader.Release()
header, err := session.DecodeResponseHeader(reader)
if err != nil {
conn.SetReusable(false)
log.Warning("VMess|Outbound: Failed to read response from ", request.Destination(), ": ", err)
return
}
go this.handleCommand(dest, header.Command)
if !header.Option.Has(protocol.ResponseOptionConnectionReuse) {
conn.SetReusable(false)
}
reader.SetCached(false)
decryptReader := session.DecodeResponseBody(reader)
var bodyReader v2io.Reader
if request.Option.Has(protocol.RequestOptionChunkStream) {
bodyReader = vmessio.NewAuthChunkReader(decryptReader)
} else {
bodyReader = v2io.NewAdaptiveReader(decryptReader)
}
err = v2io.Pipe(bodyReader, output)
if err != io.EOF {
conn.SetReusable(false)
}
bodyReader.Release()
return
}
// Dispatch implements OutboundHandler.Dispatch().
func (v *VMessOutboundHandler) Process(ctx context.Context, outboundRay ray.OutboundRay) error {
var rec *protocol.ServerSpec
var conn internet.Connection
dialer := proxy.DialerFromContext(ctx)
err := retry.ExponentialBackoff(5, 100).On(func() error {
rec = v.serverPicker.PickServer()
rawConn, err := dialer.Dial(ctx, rec.Destination())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("VMess|Outbound: Failed to find an available destination:", err)
return err
}
defer conn.Close()
target := proxy.DestinationFromContext(ctx)
log.Info("VMess|Outbound: Tunneling request to ", target, " via ", rec.Destination())
command := protocol.RequestCommandTCP
if target.Network == net.Network_UDP {
command = protocol.RequestCommandUDP
}
request := &protocol.RequestHeader{
Version: encoding.Version,
User: rec.PickUser(),
Command: command,
Address: target.Address,
Port: target.Port,
Option: protocol.RequestOptionChunkStream,
}
rawAccount, err := request.User.GetTypedAccount()
if err != nil {
log.Warning("VMess|Outbound: Failed to get user account: ", err)
return err
}
account := rawAccount.(*vmess.InternalAccount)
request.Security = account.Security
conn.SetReusable(true)
if conn.Reusable() { // Conn reuse may be disabled on transportation layer
request.Option.Set(protocol.RequestOptionConnectionReuse)
}
input := outboundRay.OutboundInput()
output := outboundRay.OutboundOutput()
session := encoding.NewClientSession(protocol.DefaultIDHash)
requestDone := signal.ExecuteAsync(func() error {
writer := bufio.NewWriter(conn)
session.EncodeRequestHeader(request, writer)
bodyWriter := session.EncodeRequestBody(request, writer)
firstPayload, err := input.ReadTimeout(time.Millisecond * 500)
if err != nil && err != ray.ErrReadTimeout {
return errors.Base(err).Message("VMess|Outbound: Failed to get first payload.")
}
if !firstPayload.IsEmpty() {
if err := bodyWriter.Write(firstPayload); err != nil {
return errors.Base(err).Message("VMess|Outbound: Failed to write first payload.")
}
firstPayload.Release()
}
writer.SetBuffered(false)
if err := buf.PipeUntilEOF(input, bodyWriter); err != nil {
return err
}
if request.Option.Has(protocol.RequestOptionChunkStream) {
if err := bodyWriter.Write(buf.NewLocal(8)); err != nil {
return err
}
}
return nil
})
responseDone := signal.ExecuteAsync(func() error {
defer output.Close()
reader := bufio.NewReader(conn)
header, err := session.DecodeResponseHeader(reader)
if err != nil {
return err
}
v.handleCommand(rec.Destination(), header.Command)
conn.SetReusable(header.Option.Has(protocol.ResponseOptionConnectionReuse))
reader.SetBuffered(false)
bodyReader := session.DecodeResponseBody(request, reader)
if err := buf.PipeUntilEOF(bodyReader, output); err != nil {
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("VMess|Outbound: Connection ending with ", err)
conn.SetReusable(false)
input.CloseError()
output.CloseError()
return err
}
return nil
}
func (c *Client) Process(ctx context.Context, ray ray.OutboundRay) error {
destination := proxy.DestinationFromContext(ctx)
var server *protocol.ServerSpec
var conn internet.Connection
dialer := proxy.DialerFromContext(ctx)
err := retry.ExponentialBackoff(5, 100).On(func() error {
server = c.serverPicker.PickServer()
dest := server.Destination()
rawConn, err := dialer.Dial(ctx, dest)
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("Socks|Client: Failed to find an available destination.")
return err
}
defer conn.Close()
conn.SetReusable(false)
request := &protocol.RequestHeader{
Version: socks5Version,
Command: protocol.RequestCommandTCP,
Address: destination.Address,
Port: destination.Port,
}
if destination.Network == net.Network_UDP {
request.Command = protocol.RequestCommandUDP
}
user := server.PickUser()
if user != nil {
request.User = user
}
udpRequest, err := ClientHandshake(request, conn, conn)
if err != nil {
log.Warning("Socks|Client: Failed to establish connection to server: ", err)
return err
}
var requestFunc func() error
var responseFunc func() error
if request.Command == protocol.RequestCommandTCP {
requestFunc = func() error {
return buf.PipeUntilEOF(ray.OutboundInput(), buf.NewWriter(conn))
}
responseFunc = func() error {
defer ray.OutboundOutput().Close()
return buf.PipeUntilEOF(buf.NewReader(conn), ray.OutboundOutput())
}
} else if request.Command == protocol.RequestCommandUDP {
udpConn, err := dialer.Dial(ctx, udpRequest.Destination())
if err != nil {
log.Info("Socks|Client: Failed to create UDP connection: ", err)
return err
}
defer udpConn.Close()
requestFunc = func() error {
return buf.PipeUntilEOF(ray.OutboundInput(), &UDPWriter{request: request, writer: udpConn})
}
responseFunc = func() error {
defer ray.OutboundOutput().Close()
reader := &UDPReader{reader: net.NewTimeOutReader(16, udpConn)}
return buf.PipeUntilEOF(reader, ray.OutboundOutput())
}
}
requestDone := signal.ExecuteAsync(requestFunc)
responseDone := signal.ExecuteAsync(responseFunc)
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("Socks|Client: Connection ends with ", err)
ray.OutboundInput().CloseError()
ray.OutboundOutput().CloseError()
return err
}
return nil
}
func (v *VMessOutboundHandler) Dispatch(target v2net.Destination, payload *buf.Buffer, ray ray.OutboundRay) {
defer ray.OutboundInput().Release()
defer ray.OutboundOutput().Close()
var rec *protocol.ServerSpec
var conn internet.Connection
err := retry.ExponentialBackoff(5, 100).On(func() error {
rec = v.serverPicker.PickServer()
rawConn, err := internet.Dial(v.meta.Address, rec.Destination(), v.meta.GetDialerOptions())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("VMess|Outbound: Failed to find an available destination:", err)
return
}
log.Info("VMess|Outbound: Tunneling request to ", target, " via ", rec.Destination())
command := protocol.RequestCommandTCP
if target.Network == v2net.Network_UDP {
command = protocol.RequestCommandUDP
}
request := &protocol.RequestHeader{
Version: encoding.Version,
User: rec.PickUser(),
Command: command,
Address: target.Address,
Port: target.Port,
Option: protocol.RequestOptionChunkStream,
}
rawAccount, err := request.User.GetTypedAccount()
if err != nil {
log.Warning("VMess|Outbound: Failed to get user account: ", err)
}
account := rawAccount.(*vmess.InternalAccount)
request.Security = account.Security
defer conn.Close()
conn.SetReusable(true)
if conn.Reusable() { // Conn reuse may be disabled on transportation layer
request.Option.Set(protocol.RequestOptionConnectionReuse)
}
input := ray.OutboundInput()
output := ray.OutboundOutput()
var requestFinish, responseFinish sync.Mutex
requestFinish.Lock()
responseFinish.Lock()
session := encoding.NewClientSession(protocol.DefaultIDHash)
go v.handleRequest(session, conn, request, payload, input, &requestFinish)
go v.handleResponse(session, conn, request, rec.Destination(), output, &responseFinish)
requestFinish.Lock()
responseFinish.Lock()
return
}
func (v *Handler) Process(ctx context.Context, outboundRay ray.OutboundRay) error {
destination := proxy.DestinationFromContext(ctx)
if v.destOverride != nil {
server := v.destOverride.Server
destination = net.Destination{
Network: destination.Network,
Address: server.Address.AsAddress(),
Port: net.Port(server.Port),
}
}
log.Info("Freedom: Opening connection to ", destination)
input := outboundRay.OutboundInput()
output := outboundRay.OutboundOutput()
var conn internet.Connection
if v.domainStrategy == Config_USE_IP && destination.Address.Family().IsDomain() {
destination = v.ResolveIP(destination)
}
dialer := proxy.DialerFromContext(ctx)
err := retry.ExponentialBackoff(5, 100).On(func() error {
rawConn, err := dialer.Dial(ctx, destination)
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("Freedom: Failed to open connection to ", destination, ": ", err)
return err
}
defer conn.Close()
conn.SetReusable(false)
requestDone := signal.ExecuteAsync(func() error {
v2writer := buf.NewWriter(conn)
if err := buf.PipeUntilEOF(input, v2writer); err != nil {
return err
}
return nil
})
var reader io.Reader = conn
timeout := v.timeout
if destination.Network == net.Network_UDP {
timeout = 16
}
if timeout > 0 {
reader = net.NewTimeOutReader(timeout /* seconds */, conn)
}
responseDone := signal.ExecuteAsync(func() error {
defer output.Close()
v2reader := buf.NewReader(reader)
if err := buf.PipeUntilEOF(v2reader, output); err != nil {
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("Freedom: Connection ending with ", err)
input.CloseError()
output.CloseError()
return err
}
return nil
}
func (this *Server) handleConnection(conn internet.Connection) {
defer conn.Close()
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
timedReader := v2net.NewTimeOutReader(16, conn)
defer timedReader.Release()
bufferedReader := v2io.NewBufferedReader(timedReader)
defer bufferedReader.Release()
ivLen := this.config.Cipher.IVSize()
_, err := io.ReadFull(bufferedReader, buffer.Value[:ivLen])
if err != nil {
if err != io.EOF {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("Shadowsocks: Failed to read IV: ", err)
}
return
}
iv := buffer.Value[:ivLen]
key := this.config.Key
stream, err := this.config.Cipher.NewDecodingStream(key, iv)
if err != nil {
log.Error("Shadowsocks: Failed to create decoding stream: ", err)
return
}
reader := crypto.NewCryptionReader(stream, bufferedReader)
request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)), false)
if err != nil {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("Shadowsocks: Invalid request from ", conn.RemoteAddr(), ": ", err)
return
}
defer request.Release()
bufferedReader.SetCached(false)
userSettings := protocol.GetUserSettings(this.config.Level)
timedReader.SetTimeOut(userSettings.PayloadReadTimeout)
dest := v2net.TCPDestination(request.Address, request.Port)
log.Access(conn.RemoteAddr(), dest, log.AccessAccepted, "")
log.Info("Shadowsocks: Tunnelling request to ", dest)
ray := this.packetDispatcher.DispatchToOutbound(this.meta, &proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
})
defer ray.InboundOutput().Release()
var writeFinish sync.Mutex
writeFinish.Lock()
go func() {
if payload, err := ray.InboundOutput().Read(); err == nil {
payload.SliceBack(ivLen)
rand.Read(payload.Value[:ivLen])
stream, err := this.config.Cipher.NewEncodingStream(key, payload.Value[:ivLen])
if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return
}
stream.XORKeyStream(payload.Value[ivLen:], payload.Value[ivLen:])
conn.Write(payload.Value)
payload.Release()
writer := crypto.NewCryptionWriter(stream, conn)
v2writer := v2io.NewAdaptiveWriter(writer)
v2io.Pipe(ray.InboundOutput(), v2writer)
writer.Release()
v2writer.Release()
}
writeFinish.Unlock()
}()
var payloadReader v2io.Reader
if request.OTA {
payloadAuth := NewAuthenticator(ChunkKeyGenerator(iv))
payloadReader = NewChunkReader(reader, payloadAuth)
} else {
payloadReader = v2io.NewAdaptiveReader(reader)
}
v2io.Pipe(payloadReader, ray.InboundInput())
ray.InboundInput().Close()
payloadReader.Release()
writeFinish.Lock()
}
func (this *Client) Dispatch(destination v2net.Destination, payload *alloc.Buffer, ray ray.OutboundRay) error {
defer payload.Release()
defer ray.OutboundInput().Release()
defer ray.OutboundOutput().Close()
network := destination.Network
var server *protocol.ServerSpec
var conn internet.Connection
err := retry.ExponentialBackoff(5, 100).On(func() error {
server = this.serverPicker.PickServer()
dest := server.Destination()
dest.Network = network
rawConn, err := internet.Dial(this.meta.Address, dest, this.meta.GetDialerOptions())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
return errors.New("Shadowsocks|Client: Failed to find an available destination:" + err.Error())
}
log.Info("Shadowsocks|Client: Tunneling request to ", destination, " via ", server.Destination())
conn.SetReusable(false)
request := &protocol.RequestHeader{
Version: Version,
Address: destination.Address,
Port: destination.Port,
}
if destination.Network == v2net.Network_TCP {
request.Command = protocol.RequestCommandTCP
} else {
request.Command = protocol.RequestCommandUDP
}
user := server.PickUser()
rawAccount, err := user.GetTypedAccount()
if err != nil {
return errors.New("Shadowsocks|Client: Failed to get a valid user account: " + err.Error())
}
account := rawAccount.(*ShadowsocksAccount)
request.User = user
if account.OneTimeAuth == Account_Auto || account.OneTimeAuth == Account_Enabled {
request.Option |= RequestOptionOneTimeAuth
}
if request.Command == protocol.RequestCommandTCP {
bufferedWriter := v2io.NewBufferedWriter(conn)
defer bufferedWriter.Release()
bodyWriter, err := WriteTCPRequest(request, bufferedWriter)
defer bodyWriter.Release()
if err != nil {
return errors.New("Shadowsock|Client: Failed to write request: " + err.Error())
}
if err := bodyWriter.Write(payload); err != nil {
return errors.New("Shadowsocks|Client: Failed to write payload: " + err.Error())
}
var responseMutex sync.Mutex
responseMutex.Lock()
go func() {
defer responseMutex.Unlock()
responseReader, err := ReadTCPResponse(user, conn)
if err != nil {
log.Warning("Shadowsocks|Client: Failed to read response: " + err.Error())
return
}
v2io.Pipe(responseReader, ray.OutboundOutput())
}()
bufferedWriter.SetCached(false)
v2io.Pipe(ray.OutboundInput(), bodyWriter)
responseMutex.Lock()
}
if request.Command == protocol.RequestCommandUDP {
timedReader := v2net.NewTimeOutReader(16, conn)
var responseMutex sync.Mutex
responseMutex.Lock()
go func() {
defer responseMutex.Unlock()
reader := &UDPReader{
Reader: timedReader,
User: user,
}
v2io.Pipe(reader, ray.OutboundOutput())
}()
writer := &UDPWriter{
Writer: conn,
Request: request,
}
if !payload.IsEmpty() {
if err := writer.Write(payload); err != nil {
return errors.New("Shadowsocks|Client: Failed to write payload: " + err.Error())
}
}
v2io.Pipe(ray.OutboundInput(), writer)
responseMutex.Lock()
}
return nil
}
// Process implements OutboundHandler.Process().
func (v *Client) Process(ctx context.Context, outboundRay ray.OutboundRay) error {
destination := proxy.DestinationFromContext(ctx)
network := destination.Network
var server *protocol.ServerSpec
var conn internet.Connection
dialer := proxy.DialerFromContext(ctx)
err := retry.ExponentialBackoff(5, 100).On(func() error {
server = v.serverPicker.PickServer()
dest := server.Destination()
dest.Network = network
rawConn, err := dialer.Dial(ctx, dest)
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("Shadowsocks|Client: Failed to find an available destination:", err)
return err
}
log.Info("Shadowsocks|Client: Tunneling request to ", destination, " via ", server.Destination())
conn.SetReusable(false)
request := &protocol.RequestHeader{
Version: Version,
Address: destination.Address,
Port: destination.Port,
}
if destination.Network == net.Network_TCP {
request.Command = protocol.RequestCommandTCP
} else {
request.Command = protocol.RequestCommandUDP
}
user := server.PickUser()
rawAccount, err := user.GetTypedAccount()
if err != nil {
log.Warning("Shadowsocks|Client: Failed to get a valid user account: ", err)
return err
}
account := rawAccount.(*ShadowsocksAccount)
request.User = user
if account.OneTimeAuth == Account_Auto || account.OneTimeAuth == Account_Enabled {
request.Option |= RequestOptionOneTimeAuth
}
if request.Command == protocol.RequestCommandTCP {
bufferedWriter := bufio.NewWriter(conn)
bodyWriter, err := WriteTCPRequest(request, bufferedWriter)
if err != nil {
log.Info("Shadowsocks|Client: Failed to write request: ", err)
return err
}
bufferedWriter.SetBuffered(false)
requestDone := signal.ExecuteAsync(func() error {
if err := buf.PipeUntilEOF(outboundRay.OutboundInput(), bodyWriter); err != nil {
return err
}
return nil
})
responseDone := signal.ExecuteAsync(func() error {
defer outboundRay.OutboundOutput().Close()
responseReader, err := ReadTCPResponse(user, conn)
if err != nil {
return err
}
if err := buf.PipeUntilEOF(responseReader, outboundRay.OutboundOutput()); err != nil {
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("Shadowsocks|Client: Connection ends with ", err)
outboundRay.OutboundInput().CloseError()
outboundRay.OutboundOutput().CloseError()
return err
}
return nil
}
if request.Command == protocol.RequestCommandUDP {
writer := &UDPWriter{
Writer: conn,
Request: request,
}
requestDone := signal.ExecuteAsync(func() error {
if err := buf.PipeUntilEOF(outboundRay.OutboundInput(), writer); err != nil {
log.Info("Shadowsocks|Client: Failed to transport all UDP request: ", err)
return err
}
return nil
})
timedReader := net.NewTimeOutReader(16, conn)
responseDone := signal.ExecuteAsync(func() error {
defer outboundRay.OutboundOutput().Close()
reader := &UDPReader{
Reader: timedReader,
User: user,
}
if err := buf.PipeUntilEOF(reader, outboundRay.OutboundOutput()); err != nil {
log.Info("Shadowsocks|Client: Failed to transport all UDP response: ", err)
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("Shadowsocks|Client: Connection ends with ", err)
outboundRay.OutboundInput().CloseError()
outboundRay.OutboundOutput().CloseError()
return err
}
return nil
}
return nil
}
func (v *VMessInboundHandler) Process(ctx context.Context, network net.Network, connection internet.Connection) error {
connReader := net.NewTimeOutReader(8, connection)
reader := bufio.NewReader(connReader)
session := encoding.NewServerSession(v.clients)
request, err := session.DecodeRequestHeader(reader)
if err != nil {
if errors.Cause(err) != io.EOF {
log.Access(connection.RemoteAddr(), "", log.AccessRejected, err)
log.Info("VMess|Inbound: Invalid request from ", connection.RemoteAddr(), ": ", err)
}
connection.SetReusable(false)
return err
}
log.Access(connection.RemoteAddr(), request.Destination(), log.AccessAccepted, "")
log.Info("VMess|Inbound: Received request for ", request.Destination())
connection.SetReusable(request.Option.Has(protocol.RequestOptionConnectionReuse))
ctx = proxy.ContextWithDestination(ctx, request.Destination())
ctx = protocol.ContextWithUser(ctx, request.User)
ray := v.packetDispatcher.DispatchToOutbound(ctx)
input := ray.InboundInput()
output := ray.InboundOutput()
userSettings := request.User.GetSettings()
connReader.SetTimeOut(userSettings.PayloadReadTimeout)
reader.SetBuffered(false)
requestDone := signal.ExecuteAsync(func() error {
return transferRequest(session, request, reader, input)
})
writer := bufio.NewWriter(connection)
response := &protocol.ResponseHeader{
Command: v.generateCommand(ctx, request),
}
if connection.Reusable() {
response.Option.Set(protocol.ResponseOptionConnectionReuse)
}
responseDone := signal.ExecuteAsync(func() error {
return transferResponse(session, request, response, output, writer)
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("VMess|Inbound: Connection ending with ", err)
connection.SetReusable(false)
input.CloseError()
output.CloseError()
return err
}
if err := writer.Flush(); err != nil {
log.Info("VMess|Inbound: Failed to flush remain data: ", err)
connection.SetReusable(false)
return err
}
return nil
}
func (this *Server) handleConnection(conn internet.Connection) {
defer conn.Close()
conn.SetReusable(false)
timedReader := v2net.NewTimeOutReader(16, conn)
defer timedReader.Release()
bufferedReader := v2io.NewBufferedReader(timedReader)
defer bufferedReader.Release()
request, bodyReader, err := ReadTCPSession(this.user, bufferedReader)
if err != nil {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Info("Shadowsocks|Server: Failed to create request from: ", conn.RemoteAddr(), ": ", err)
return
}
defer bodyReader.Release()
bufferedReader.SetCached(false)
userSettings := this.user.GetSettings()
timedReader.SetTimeOut(userSettings.PayloadReadTimeout)
dest := request.Destination()
log.Access(conn.RemoteAddr(), dest, log.AccessAccepted, "")
log.Info("Shadowsocks|Server: Tunnelling request to ", dest)
ray := this.packetDispatcher.DispatchToOutbound(&proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
User: request.User,
Inbound: this.meta,
})
defer ray.InboundOutput().Release()
var writeFinish sync.Mutex
writeFinish.Lock()
go func() {
defer writeFinish.Unlock()
bufferedWriter := v2io.NewBufferedWriter(conn)
defer bufferedWriter.Release()
responseWriter, err := WriteTCPResponse(request, bufferedWriter)
if err != nil {
log.Warning("Shadowsocks|Server: Failed to write response: ", err)
return
}
defer responseWriter.Release()
if payload, err := ray.InboundOutput().Read(); err == nil {
responseWriter.Write(payload)
bufferedWriter.SetCached(false)
v2io.Pipe(ray.InboundOutput(), responseWriter)
}
}()
v2io.Pipe(bodyReader, ray.InboundInput())
ray.InboundInput().Close()
writeFinish.Lock()
}
func (this *VMessInboundHandler) HandleConnection(connection internet.Connection) {
defer connection.Close()
if !this.accepting {
return
}
connReader := v2net.NewTimeOutReader(8, connection)
defer connReader.Release()
reader := v2io.NewBufferedReader(connReader)
defer reader.Release()
this.RLock()
if !this.accepting {
this.RUnlock()
return
}
session := encoding.NewServerSession(this.clients)
defer session.Release()
request, err := session.DecodeRequestHeader(reader)
this.RUnlock()
if err != nil {
if err != io.EOF {
log.Access(connection.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("VMessIn: Invalid request from ", connection.RemoteAddr(), ": ", err)
}
connection.SetReusable(false)
return
}
log.Access(connection.RemoteAddr(), request.Destination(), log.AccessAccepted, "")
log.Info("VMessIn: Received request for ", request.Destination())
connection.SetReusable(request.Option.Has(protocol.RequestOptionConnectionReuse))
ray := this.packetDispatcher.DispatchToOutbound(this.meta, &proxy.SessionInfo{
Source: v2net.DestinationFromAddr(connection.RemoteAddr()),
Destination: request.Destination(),
})
input := ray.InboundInput()
output := ray.InboundOutput()
defer input.Close()
defer output.Release()
var readFinish sync.Mutex
readFinish.Lock()
userSettings := protocol.GetUserSettings(request.User.Level)
connReader.SetTimeOut(userSettings.PayloadReadTimeout)
reader.SetCached(false)
go func() {
bodyReader := session.DecodeRequestBody(reader)
var requestReader v2io.Reader
if request.Option.Has(protocol.RequestOptionChunkStream) {
requestReader = vmessio.NewAuthChunkReader(bodyReader)
} else {
requestReader = v2io.NewAdaptiveReader(bodyReader)
}
err := v2io.Pipe(requestReader, input)
if err != io.EOF {
connection.SetReusable(false)
}
requestReader.Release()
input.Close()
readFinish.Unlock()
}()
writer := v2io.NewBufferedWriter(connection)
defer writer.Release()
response := &protocol.ResponseHeader{
Command: this.generateCommand(request),
}
if connection.Reusable() {
response.Option.Set(protocol.ResponseOptionConnectionReuse)
}
session.EncodeResponseHeader(response, writer)
bodyWriter := session.EncodeResponseBody(writer)
var v2writer v2io.Writer = v2io.NewAdaptiveWriter(bodyWriter)
if request.Option.Has(protocol.RequestOptionChunkStream) {
v2writer = vmessio.NewAuthChunkWriter(v2writer)
}
// Optimize for small response packet
if data, err := output.Read(); err == nil {
if err := v2writer.Write(data); err != nil {
connection.SetReusable(false)
}
writer.SetCached(false)
err = v2io.Pipe(output, v2writer)
if err != io.EOF {
connection.SetReusable(false)
}
}
output.Release()
if request.Option.Has(protocol.RequestOptionChunkStream) {
if err := v2writer.Write(alloc.NewLocalBuffer(32).Clear()); err != nil {
connection.SetReusable(false)
}
}
writer.Flush()
v2writer.Release()
readFinish.Lock()
}
func (s *Server) handleConnection(ctx context.Context, conn internet.Connection) error {
conn.SetReusable(false)
timedReader := net.NewTimeOutReader(16, conn)
bufferedReader := bufio.NewReader(timedReader)
request, bodyReader, err := ReadTCPSession(s.user, bufferedReader)
if err != nil {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Info("Shadowsocks|Server: Failed to create request from: ", conn.RemoteAddr(), ": ", err)
return err
}
bufferedReader.SetBuffered(false)
userSettings := s.user.GetSettings()
timedReader.SetTimeOut(userSettings.PayloadReadTimeout)
dest := request.Destination()
log.Access(conn.RemoteAddr(), dest, log.AccessAccepted, "")
log.Info("Shadowsocks|Server: Tunnelling request to ", dest)
ctx = proxy.ContextWithDestination(ctx, dest)
ctx = protocol.ContextWithUser(ctx, request.User)
ray := s.packetDispatcher.DispatchToOutbound(ctx)
requestDone := signal.ExecuteAsync(func() error {
bufferedWriter := bufio.NewWriter(conn)
responseWriter, err := WriteTCPResponse(request, bufferedWriter)
if err != nil {
log.Warning("Shadowsocks|Server: Failed to write response: ", err)
return err
}
payload, err := ray.InboundOutput().Read()
if err != nil {
return err
}
if err := responseWriter.Write(payload); err != nil {
return err
}
payload.Release()
if err := bufferedWriter.SetBuffered(false); err != nil {
return err
}
if err := buf.PipeUntilEOF(ray.InboundOutput(), responseWriter); err != nil {
log.Info("Shadowsocks|Server: Failed to transport all TCP response: ", err)
return err
}
return nil
})
responseDone := signal.ExecuteAsync(func() error {
defer ray.InboundInput().Close()
if err := buf.PipeUntilEOF(bodyReader, ray.InboundInput()); err != nil {
log.Info("Shadowsocks|Server: Failed to transport all TCP request: ", err)
return err
}
return nil
})
if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil {
log.Info("Shadowsocks|Server: Connection ends with ", err)
ray.InboundInput().CloseError()
ray.InboundOutput().CloseError()
return err
}
return nil
}