func (v *ChunkWriter) Write(payload *buf.Buffer) error {
totalLength := payload.Len()
serial.Uint16ToBytes(uint16(totalLength), v.buffer[:0])
v.auth.Authenticate(payload.Bytes())(v.buffer[2:])
copy(v.buffer[2+AuthSize:], payload.Bytes())
_, err := v.writer.Write(v.buffer[:2+AuthSize+payload.Len()])
return err
}
func (v *Server) handleUDPPayload(payload *buf.Buffer, session *proxy.SessionInfo) {
source := session.Source
log.Info("Socks: Client UDP connection from ", source)
request, err := protocol.ReadUDPRequest(payload.Bytes())
payload.Release()
if err != nil {
log.Error("Socks: Failed to parse UDP request: ", err)
return
}
if request.Data.Len() == 0 {
request.Data.Release()
return
}
if request.Fragment != 0 {
log.Warning("Socks: Dropping fragmented UDP packets.")
// TODO handle fragments
request.Data.Release()
return
}
log.Info("Socks: Send packet to ", request.Destination(), " with ", request.Data.Len(), " bytes")
log.Access(source, request.Destination, log.AccessAccepted, "")
v.udpServer.Dispatch(&proxy.SessionInfo{Source: source, Destination: request.Destination(), Inbound: v.meta}, request.Data, func(destination v2net.Destination, payload *buf.Buffer) {
response := &protocol.Socks5UDPRequest{
Fragment: 0,
Address: request.Destination().Address,
Port: request.Destination().Port,
Data: payload,
}
log.Info("Socks: Writing back UDP response with ", payload.Len(), " bytes to ", destination)
udpMessage := buf.NewLocal(2048)
response.Write(udpMessage)
v.udpMutex.RLock()
if !v.accepting {
v.udpMutex.RUnlock()
return
}
nBytes, err := v.udpHub.WriteTo(udpMessage.Bytes(), destination)
v.udpMutex.RUnlock()
udpMessage.Release()
response.Data.Release()
if err != nil {
log.Error("Socks: failed to write UDP message (", nBytes, " bytes) to ", destination, ": ", err)
}
})
}
func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
ivLen := account.Cipher.IVSize()
iv := payload.BytesTo(ivLen)
payload.SliceFrom(ivLen)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to initialize decoding stream.")
}
stream.XORKeyStream(payload.Bytes(), payload.Bytes())
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
addrType := (payload.Byte(0) & 0x0F)
if (payload.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.")
}
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.")
}
if request.Option.Has(RequestOptionOneTimeAuth) {
payloadLen := payload.Len() - AuthSize
authBytes := payload.BytesFrom(payloadLen)
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(payload.BytesTo(payloadLen))(actualAuth)
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, errors.New("Shadowsocks|UDP: Invalid OTA.")
}
payload.Slice(0, payloadLen)
}
payload.SliceFrom(1)
switch addrType {
case AddrTypeIPv4:
request.Address = v2net.IPAddress(payload.BytesTo(4))
payload.SliceFrom(4)
case AddrTypeIPv6:
request.Address = v2net.IPAddress(payload.BytesTo(16))
payload.SliceFrom(16)
case AddrTypeDomain:
domainLength := int(payload.Byte(0))
request.Address = v2net.DomainAddress(string(payload.BytesRange(1, 1+domainLength)))
payload.SliceFrom(1 + domainLength)
default:
return nil, nil, errors.New("Shadowsocks|UDP: Unknown address type: ", addrType)
}
request.Port = v2net.PortFromBytes(payload.BytesTo(2))
payload.SliceFrom(2)
return request, payload, nil
}
func (v *Listener) OnReceive(payload *buf.Buffer, src v2net.Destination, originalDest v2net.Destination) {
defer payload.Release()
segments := v.reader.Read(payload.Bytes())
if len(segments) == 0 {
log.Info("KCP|Listener: discarding invalid payload from ", src)
return
}
if !v.running {
return
}
v.Lock()
defer v.Unlock()
if !v.running {
return
}
if payload.Len() < 4 {
return
}
conv := segments[0].Conversation()
cmd := segments[0].Command()
id := ConnectionID{
Remote: src.Address,
Port: src.Port,
Conv: conv,
}
conn, found := v.sessions[id]
if !found {
if cmd == CommandTerminate {
return
}
writer := &Writer{
id: id,
hub: v.hub,
dest: src,
listener: v,
}
remoteAddr := &net.UDPAddr{
IP: src.Address.IP(),
Port: int(src.Port),
}
localAddr := v.hub.Addr()
sConn := &ServerConnection{
id: internal.NewConnectionID(v2net.LocalHostIP, src),
local: localAddr,
remote: remoteAddr,
writer: &KCPPacketWriter{
Header: v.header,
Writer: writer,
Security: v.security,
},
closer: writer,
}
conn = NewConnection(conv, sConn, v, v.config)
select {
case v.awaitingConns <- conn:
case <-time.After(time.Second * 5):
conn.Close()
return
}
v.sessions[id] = conn
}
conn.Input(segments)
}