func (this *Server) transport(reader io.Reader, writer io.Writer, session *proxy.SessionInfo) {
ray := this.packetDispatcher.DispatchToOutbound(this.meta, session)
input := ray.InboundInput()
output := ray.InboundOutput()
var inputFinish, outputFinish sync.Mutex
inputFinish.Lock()
outputFinish.Lock()
go func() {
v2reader := v2io.NewAdaptiveReader(reader)
defer v2reader.Release()
v2io.Pipe(v2reader, input)
inputFinish.Unlock()
input.Close()
}()
go func() {
v2writer := v2io.NewAdaptiveWriter(writer)
defer v2writer.Release()
v2io.Pipe(output, v2writer)
outputFinish.Unlock()
output.Release()
}()
outputFinish.Lock()
}
func (this *OutboundConnectionHandler) Dispatch(destination v2net.Destination, payload *alloc.Buffer, ray ray.OutboundRay) error {
input := ray.OutboundInput()
output := ray.OutboundOutput()
this.Destination = destination
if !payload.IsEmpty() {
this.ConnOutput.Write(payload.Value)
}
payload.Release()
writeFinish := &sync.Mutex{}
writeFinish.Lock()
go func() {
v2writer := v2io.NewAdaptiveWriter(this.ConnOutput)
defer v2writer.Release()
v2io.Pipe(input, v2writer)
writeFinish.Unlock()
input.Release()
}()
writeFinish.Lock()
v2reader := v2io.NewAdaptiveReader(this.ConnInput)
defer v2reader.Release()
v2io.Pipe(v2reader, output)
output.Close()
return nil
}
func (this *VMessOutboundHandler) handleRequest(session *encoding.ClientSession, conn internet.Connection, request *protocol.RequestHeader, payload *alloc.Buffer, input v2io.Reader, finish *sync.Mutex) {
defer finish.Unlock()
writer := v2io.NewBufferedWriter(conn)
defer writer.Release()
session.EncodeRequestHeader(request, writer)
bodyWriter := session.EncodeRequestBody(writer)
var streamWriter v2io.Writer = v2io.NewAdaptiveWriter(bodyWriter)
if request.Option.Has(protocol.RequestOptionChunkStream) {
streamWriter = vmessio.NewAuthChunkWriter(streamWriter)
}
if !payload.IsEmpty() {
if err := streamWriter.Write(payload); err != nil {
conn.SetReusable(false)
}
}
writer.SetCached(false)
err := v2io.Pipe(input, streamWriter)
if err != io.EOF {
conn.SetReusable(false)
}
if request.Option.Has(protocol.RequestOptionChunkStream) {
err := streamWriter.Write(alloc.NewLocalBuffer(32).Clear())
if err != nil {
conn.SetReusable(false)
}
}
streamWriter.Release()
return
}
func (this *FreedomConnection) Dispatch(destination v2net.Destination, payload *alloc.Buffer, ray ray.OutboundRay) error {
log.Info("Freedom: Opening connection to ", destination)
defer payload.Release()
defer ray.OutboundInput().Release()
defer ray.OutboundOutput().Close()
var conn internet.Connection
if this.domainStrategy == Config_USE_IP && destination.Address.Family().IsDomain() {
destination = this.ResolveIP(destination)
}
err := retry.ExponentialBackoff(5, 100).On(func() error {
rawConn, err := internet.Dial(this.meta.Address, destination, this.meta.GetDialerOptions())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
log.Warning("Freedom: Failed to open connection to ", destination, ": ", err)
return err
}
defer conn.Close()
input := ray.OutboundInput()
output := ray.OutboundOutput()
if !payload.IsEmpty() {
conn.Write(payload.Value)
}
go func() {
v2writer := v2io.NewAdaptiveWriter(conn)
defer v2writer.Release()
v2io.Pipe(input, v2writer)
if tcpConn, ok := conn.(*tcp.RawConnection); ok {
tcpConn.CloseWrite()
}
}()
var reader io.Reader = conn
timeout := this.timeout
if destination.Network == v2net.Network_UDP {
timeout = 16
}
if timeout > 0 {
reader = v2net.NewTimeOutReader(timeout /* seconds */, conn)
}
v2reader := v2io.NewAdaptiveReader(reader)
v2io.Pipe(v2reader, output)
v2reader.Release()
ray.OutboundOutput().Close()
return nil
}
func (this *DokodemoDoor) HandleTCPConnection(conn internet.Connection) {
defer conn.Close()
var dest v2net.Destination
if this.config.FollowRedirect {
originalDest := GetOriginalDestination(conn)
if originalDest.Network != v2net.Network_Unknown {
log.Info("Dokodemo: Following redirect to: ", originalDest)
dest = originalDest
}
}
if dest.Network == v2net.Network_Unknown && this.address != nil && this.port > v2net.Port(0) {
dest = v2net.TCPDestination(this.address, this.port)
}
if dest.Network == v2net.Network_Unknown {
log.Info("Dokodemo: Unknown destination, stop forwarding...")
return
}
log.Info("Dokodemo: Handling request to ", dest)
ray := this.packetDispatcher.DispatchToOutbound(&proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
Inbound: this.meta,
})
defer ray.InboundOutput().Release()
var wg sync.WaitGroup
reader := v2net.NewTimeOutReader(this.config.Timeout, conn)
defer reader.Release()
wg.Add(1)
go func() {
v2reader := v2io.NewAdaptiveReader(reader)
defer v2reader.Release()
v2io.Pipe(v2reader, ray.InboundInput())
wg.Done()
ray.InboundInput().Close()
}()
wg.Add(1)
go func() {
v2writer := v2io.NewAdaptiveWriter(conn)
defer v2writer.Release()
v2io.Pipe(ray.InboundOutput(), v2writer)
wg.Done()
}()
wg.Wait()
}
func TestHTTPResponse(t *testing.T) {
assert := assert.On(t)
buffer := alloc.NewBuffer().Clear()
httpResponse := new(HTTPResponse)
httpResponse.WriteTo(v2io.NewAdaptiveWriter(buffer))
reader := bufio.NewReader(buffer)
response, err := http.ReadResponse(reader, nil)
assert.Error(err).IsNil()
assert.Int(response.StatusCode).Equals(403)
}
func TestSingleIO(t *testing.T) {
assert := assert.On(t)
content := bytes.NewBuffer(make([]byte, 0, 1024*1024))
writer := NewAuthChunkWriter(v2io.NewAdaptiveWriter(content))
writer.Write(alloc.NewBuffer().Clear().AppendString("abcd"))
writer.Write(alloc.NewBuffer().Clear())
writer.Release()
reader := NewAuthChunkReader(content)
buffer, err := reader.Read()
assert.Error(err).IsNil()
assert.Bytes(buffer.Value).Equals([]byte("abcd"))
}
func (this *InboundConnectionHandler) Communicate(destination v2net.Destination) error {
ray := this.PacketDispatcher.DispatchToOutbound(&proxy.SessionInfo{
Source: v2net.TCPDestination(v2net.LocalHostIP, v2net.Port(0)),
Destination: destination,
Inbound: &proxy.InboundHandlerMeta{
AllowPassiveConnection: false,
},
})
input := ray.InboundInput()
output := ray.InboundOutput()
readFinish := &sync.Mutex{}
writeFinish := &sync.Mutex{}
readFinish.Lock()
writeFinish.Lock()
go func() {
v2reader := v2io.NewAdaptiveReader(this.ConnInput)
defer v2reader.Release()
v2io.Pipe(v2reader, input)
input.Close()
readFinish.Unlock()
}()
go func() {
v2writer := v2io.NewAdaptiveWriter(this.ConnOutput)
defer v2writer.Release()
v2io.Pipe(output, v2writer)
output.Release()
writeFinish.Unlock()
}()
readFinish.Lock()
writeFinish.Lock()
return nil
}
func WriteTCPResponse(request *protocol.RequestHeader, writer io.Writer) (v2io.Writer, error) {
user := request.User
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to parse account: " + err.Error())
}
account := rawAccount.(*ShadowsocksAccount)
iv := make([]byte, account.Cipher.IVSize())
rand.Read(iv)
_, err = writer.Write(iv)
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to write IV: " + err.Error())
}
stream, err := account.Cipher.NewEncodingStream(account.Key, iv)
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to create encoding stream: " + err.Error())
}
return v2io.NewAdaptiveWriter(crypto.NewCryptionWriter(stream, writer)), nil
}
func (this *Server) transport(input io.Reader, output io.Writer, ray ray.InboundRay) {
var wg sync.WaitGroup
wg.Add(2)
defer wg.Wait()
go func() {
v2reader := v2io.NewAdaptiveReader(input)
defer v2reader.Release()
v2io.Pipe(v2reader, ray.InboundInput())
ray.InboundInput().Close()
wg.Done()
}()
go func() {
v2writer := v2io.NewAdaptiveWriter(output)
defer v2writer.Release()
v2io.Pipe(ray.InboundOutput(), v2writer)
ray.InboundOutput().Release()
wg.Done()
}()
}
func TestLargeIO(t *testing.T) {
assert := assert.On(t)
content := make([]byte, 1024*1024)
rand.Read(content)
chunckContent := bytes.NewBuffer(make([]byte, 0, len(content)*2))
writer := NewAuthChunkWriter(v2io.NewAdaptiveWriter(chunckContent))
writeSize := 0
for {
chunkSize := 7 * 1024
if chunkSize+writeSize > len(content) {
chunkSize = len(content) - writeSize
}
writer.Write(alloc.NewBuffer().Clear().Append(content[writeSize : writeSize+chunkSize]))
writeSize += chunkSize
if writeSize == len(content) {
break
}
}
writer.Write(alloc.NewBuffer().Clear())
writer.Release()
actualContent := make([]byte, 0, len(content))
reader := NewAuthChunkReader(chunckContent)
for {
buffer, err := reader.Read()
if err == io.EOF {
break
}
assert.Error(err).IsNil()
actualContent = append(actualContent, buffer.Value...)
}
assert.Int(len(actualContent)).Equals(len(content))
assert.Bytes(actualContent).Equals(content)
}
func (this *VMessInboundHandler) HandleConnection(connection internet.Connection) {
defer connection.Close()
if !this.accepting {
return
}
connReader := v2net.NewTimeOutReader(8, connection)
defer connReader.Release()
reader := v2io.NewBufferedReader(connReader)
defer reader.Release()
this.RLock()
if !this.accepting {
this.RUnlock()
return
}
session := encoding.NewServerSession(this.clients)
defer session.Release()
request, err := session.DecodeRequestHeader(reader)
this.RUnlock()
if err != nil {
if err != io.EOF {
log.Access(connection.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("VMessIn: Invalid request from ", connection.RemoteAddr(), ": ", err)
}
connection.SetReusable(false)
return
}
log.Access(connection.RemoteAddr(), request.Destination(), log.AccessAccepted, "")
log.Info("VMessIn: Received request for ", request.Destination())
connection.SetReusable(request.Option.Has(protocol.RequestOptionConnectionReuse))
ray := this.packetDispatcher.DispatchToOutbound(this.meta, &proxy.SessionInfo{
Source: v2net.DestinationFromAddr(connection.RemoteAddr()),
Destination: request.Destination(),
})
input := ray.InboundInput()
output := ray.InboundOutput()
defer input.Close()
defer output.Release()
var readFinish sync.Mutex
readFinish.Lock()
userSettings := protocol.GetUserSettings(request.User.Level)
connReader.SetTimeOut(userSettings.PayloadReadTimeout)
reader.SetCached(false)
go func() {
bodyReader := session.DecodeRequestBody(reader)
var requestReader v2io.Reader
if request.Option.Has(protocol.RequestOptionChunkStream) {
requestReader = vmessio.NewAuthChunkReader(bodyReader)
} else {
requestReader = v2io.NewAdaptiveReader(bodyReader)
}
err := v2io.Pipe(requestReader, input)
if err != io.EOF {
connection.SetReusable(false)
}
requestReader.Release()
input.Close()
readFinish.Unlock()
}()
writer := v2io.NewBufferedWriter(connection)
defer writer.Release()
response := &protocol.ResponseHeader{
Command: this.generateCommand(request),
}
if connection.Reusable() {
response.Option.Set(protocol.ResponseOptionConnectionReuse)
}
session.EncodeResponseHeader(response, writer)
bodyWriter := session.EncodeResponseBody(writer)
var v2writer v2io.Writer = v2io.NewAdaptiveWriter(bodyWriter)
if request.Option.Has(protocol.RequestOptionChunkStream) {
v2writer = vmessio.NewAuthChunkWriter(v2writer)
}
// Optimize for small response packet
if data, err := output.Read(); err == nil {
if err := v2writer.Write(data); err != nil {
connection.SetReusable(false)
}
writer.SetCached(false)
err = v2io.Pipe(output, v2writer)
if err != io.EOF {
connection.SetReusable(false)
}
}
output.Release()
if request.Option.Has(protocol.RequestOptionChunkStream) {
if err := v2writer.Write(alloc.NewLocalBuffer(32).Clear()); err != nil {
connection.SetReusable(false)
}
}
writer.Flush()
v2writer.Release()
readFinish.Lock()
}
func (this *Server) handleConnection(conn internet.Connection) {
defer conn.Close()
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
timedReader := v2net.NewTimeOutReader(16, conn)
defer timedReader.Release()
bufferedReader := v2io.NewBufferedReader(timedReader)
defer bufferedReader.Release()
ivLen := this.config.Cipher.IVSize()
_, err := io.ReadFull(bufferedReader, buffer.Value[:ivLen])
if err != nil {
if err != io.EOF {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("Shadowsocks: Failed to read IV: ", err)
}
return
}
iv := buffer.Value[:ivLen]
key := this.config.Key
stream, err := this.config.Cipher.NewDecodingStream(key, iv)
if err != nil {
log.Error("Shadowsocks: Failed to create decoding stream: ", err)
return
}
reader := crypto.NewCryptionReader(stream, bufferedReader)
request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)), false)
if err != nil {
log.Access(conn.RemoteAddr(), "", log.AccessRejected, err)
log.Warning("Shadowsocks: Invalid request from ", conn.RemoteAddr(), ": ", err)
return
}
defer request.Release()
bufferedReader.SetCached(false)
userSettings := protocol.GetUserSettings(this.config.Level)
timedReader.SetTimeOut(userSettings.PayloadReadTimeout)
dest := v2net.TCPDestination(request.Address, request.Port)
log.Access(conn.RemoteAddr(), dest, log.AccessAccepted, "")
log.Info("Shadowsocks: Tunnelling request to ", dest)
ray := this.packetDispatcher.DispatchToOutbound(this.meta, &proxy.SessionInfo{
Source: v2net.DestinationFromAddr(conn.RemoteAddr()),
Destination: dest,
})
defer ray.InboundOutput().Release()
var writeFinish sync.Mutex
writeFinish.Lock()
go func() {
if payload, err := ray.InboundOutput().Read(); err == nil {
payload.SliceBack(ivLen)
rand.Read(payload.Value[:ivLen])
stream, err := this.config.Cipher.NewEncodingStream(key, payload.Value[:ivLen])
if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return
}
stream.XORKeyStream(payload.Value[ivLen:], payload.Value[ivLen:])
conn.Write(payload.Value)
payload.Release()
writer := crypto.NewCryptionWriter(stream, conn)
v2writer := v2io.NewAdaptiveWriter(writer)
v2io.Pipe(ray.InboundOutput(), v2writer)
writer.Release()
v2writer.Release()
}
writeFinish.Unlock()
}()
var payloadReader v2io.Reader
if request.OTA {
payloadAuth := NewAuthenticator(ChunkKeyGenerator(iv))
payloadReader = NewChunkReader(reader, payloadAuth)
} else {
payloadReader = v2io.NewAdaptiveReader(reader)
}
v2io.Pipe(payloadReader, ray.InboundInput())
ray.InboundInput().Close()
payloadReader.Release()
writeFinish.Lock()
}
func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (v2io.Writer, error) {
user := request.User
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to parse account: " + err.Error())
}
account := rawAccount.(*ShadowsocksAccount)
iv := make([]byte, account.Cipher.IVSize())
rand.Read(iv)
_, err = writer.Write(iv)
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to write IV: " + err.Error())
}
stream, err := account.Cipher.NewEncodingStream(account.Key, iv)
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to create encoding stream: " + err.Error())
}
writer = crypto.NewCryptionWriter(stream, writer)
header := alloc.NewLocalBuffer(512).Clear()
switch request.Address.Family() {
case v2net.AddressFamilyIPv4:
header.AppendBytes(AddrTypeIPv4)
header.Append([]byte(request.Address.IP()))
case v2net.AddressFamilyIPv6:
header.AppendBytes(AddrTypeIPv6)
header.Append([]byte(request.Address.IP()))
case v2net.AddressFamilyDomain:
header.AppendBytes(AddrTypeDomain, byte(len(request.Address.Domain())))
header.Append([]byte(request.Address.Domain()))
default:
return nil, errors.New("Shadowsocks|TCP: Unsupported address type. ")
}
header.AppendUint16(uint16(request.Port))
if request.Option.Has(RequestOptionOneTimeAuth) {
header.Value[0] |= 0x10
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
header.Value = authenticator.Authenticate(header.Value, header.Value)
}
_, err = writer.Write(header.Value)
if err != nil {
return nil, errors.New("Shadowsocks|TCP: Failed to write header: " + err.Error())
}
var chunkWriter v2io.Writer
if request.Option.Has(RequestOptionOneTimeAuth) {
chunkWriter = NewChunkWriter(writer, NewAuthenticator(ChunkKeyGenerator(iv)))
} else {
chunkWriter = v2io.NewAdaptiveWriter(writer)
}
return chunkWriter, nil
}