func (this *VMessOutboundHandler) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error { vNextAddress, vNextUser := this.receiverManager.PickReceiver() command := protocol.CmdTCP if firstPacket.Destination().IsUDP() { command = protocol.CmdUDP } request := &protocol.VMessRequest{ Version: protocol.Version, User: vNextUser, Command: command, Address: firstPacket.Destination().Address(), Port: firstPacket.Destination().Port(), } buffer := alloc.NewSmallBuffer() defer buffer.Release() // Buffer is released after communication finishes. v2net.ReadAllBytes(rand.Reader, buffer.Value[:33]) // 16 + 16 + 1 buffer.Value[33] = 0 buffer.Value[34] = 0 buffer.Value[35] = 0 request.RequestIV = buffer.Value[:16] request.RequestKey = buffer.Value[16:32] request.ResponseHeader = buffer.Value[32:36] return startCommunicate(request, vNextAddress, ray, firstPacket) }
func (handler *VMessOutboundHandler) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error { vNextList := handler.vNextList if firstPacket.Destination().IsUDP() { vNextList = handler.vNextListUDP } vNextAddress, vNextUser := pickVNext(vNextList) command := protocol.CmdTCP if firstPacket.Destination().IsUDP() { command = protocol.CmdUDP } request := &protocol.VMessRequest{ Version: protocol.Version, User: vNextUser, Command: command, Address: firstPacket.Destination().Address(), } buffer := alloc.NewSmallBuffer() defer buffer.Release() v2net.ReadAllBytes(rand.Reader, buffer.Value[:36]) // 16 + 16 + 4 request.RequestIV = buffer.Value[:16] request.RequestKey = buffer.Value[16:32] request.ResponseHeader = buffer.Value[32:36] return startCommunicate(request, vNextAddress, ray, firstPacket) }
func handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<- *alloc.Buffer, finish *sync.Mutex, isUDP bool) { defer finish.Unlock() defer close(output) responseKey := md5.Sum(request.RequestKey[:]) responseIV := md5.Sum(request.RequestIV[:]) aesStream, err := v2crypto.NewAesDecryptionStream(responseKey[:], responseIV[:]) if err != nil { log.Error("VMessOut: Failed to create AES encryption stream: ", err) return } decryptResponseReader := v2crypto.NewCryptionReader(aesStream, conn) buffer, err := v2net.ReadFrom(decryptResponseReader, nil) if err != nil { log.Error("VMessOut: Failed to read VMess response (", buffer.Len(), " bytes): ", err) buffer.Release() return } if buffer.Len() < 4 || !headerMatch(request, buffer.Value[:2]) { log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.") return } log.Info("VMessOut received ", buffer.Len()-4, " bytes from ", conn.RemoteAddr()) responseBegin := 4 if buffer.Value[2] != 0 { dataLen := int(buffer.Value[3]) if buffer.Len() < dataLen+4 { // Rare case diffBuffer := make([]byte, dataLen+4-buffer.Len()) v2net.ReadAllBytes(decryptResponseReader, diffBuffer) buffer.Append(diffBuffer) } command := buffer.Value[2] data := buffer.Value[4 : 4+dataLen] go handleCommand(command, data) responseBegin = 4 + dataLen } buffer.SliceFrom(responseBegin) output <- buffer if !isUDP { v2net.ReaderToChan(output, decryptResponseReader) } return }
func ReadRequest(reader io.Reader) (*Request, error) { buffer := alloc.NewSmallBuffer() defer buffer.Release() _, err := v2net.ReadAllBytes(reader, buffer.Value[:1]) if err != nil { log.Error("Shadowsocks: Failed to read address type: ", err) return nil, transport.CorruptedPacket } request := new(Request) addrType := buffer.Value[0] switch addrType { case AddrTypeIPv4: _, err := v2net.ReadAllBytes(reader, buffer.Value[:4]) if err != nil { log.Error("Shadowsocks: Failed to read IPv4 address: ", err) return nil, transport.CorruptedPacket } request.Address = v2net.IPAddress(buffer.Value[:4]) case AddrTypeIPv6: _, err := v2net.ReadAllBytes(reader, buffer.Value[:16]) if err != nil { log.Error("Shadowsocks: Failed to read IPv6 address: ", err) return nil, transport.CorruptedPacket } request.Address = v2net.IPAddress(buffer.Value[:16]) case AddrTypeDomain: _, err := v2net.ReadAllBytes(reader, buffer.Value[:1]) if err != nil { log.Error("Shadowsocks: Failed to read domain lenth: ", err) return nil, transport.CorruptedPacket } domainLength := int(buffer.Value[0]) _, err = v2net.ReadAllBytes(reader, buffer.Value[:domainLength]) if err != nil { log.Error("Shadowsocks: Failed to read domain: ", err) return nil, transport.CorruptedPacket } request.Address = v2net.DomainAddress(string(buffer.Value[:domainLength])) default: log.Error("Shadowsocks: Unknown address type: ", addrType) return nil, transport.CorruptedPacket } _, err = v2net.ReadAllBytes(reader, buffer.Value[:2]) if err != nil { log.Error("Shadowsocks: Failed to read port: ", err) return nil, transport.CorruptedPacket } request.Port = v2net.PortFromBytes(buffer.Value[:2]) return request, nil }
// Read reads a VMessRequest from a byte stream. func (r *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) { buffer := alloc.NewSmallBuffer() nBytes, err := v2net.ReadAllBytes(reader, buffer.Value[:config.IDBytesLen]) if err != nil { return nil, err } userId, timeSec, valid := r.vUserSet.GetUser(buffer.Value[:nBytes]) if !valid { return nil, proxy.InvalidAuthentication } aesCipher, err := aes.NewCipher(userId.CmdKey()) if err != nil { return nil, err } aesStream := cipher.NewCFBDecrypter(aesCipher, user.Int64Hash(timeSec)) decryptor := v2io.NewCryptionReader(aesStream, reader) if err != nil { return nil, err } nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[:41]) if err != nil { return nil, err } bufferLen := nBytes request := &VMessRequest{ UserId: *userId, Version: buffer.Value[0], } if request.Version != Version { log.Warning("Invalid protocol version %d", request.Version) return nil, proxy.InvalidProtocolVersion } request.RequestIV = buffer.Value[1:17] // 16 bytes request.RequestKey = buffer.Value[17:33] // 16 bytes request.ResponseHeader = buffer.Value[33:37] // 4 bytes request.Command = buffer.Value[37] port := binary.BigEndian.Uint16(buffer.Value[38:40]) switch buffer.Value[40] { case addrTypeIPv4: _, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:45]) // 4 bytes bufferLen += 4 if err != nil { return nil, err } request.Address = v2net.IPAddress(buffer.Value[41:45], port) case addrTypeIPv6: _, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:57]) // 16 bytes bufferLen += 16 if err != nil { return nil, err } request.Address = v2net.IPAddress(buffer.Value[41:57], port) case addrTypeDomain: _, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:42]) if err != nil { return nil, err } domainLength := int(buffer.Value[41]) _, err = v2net.ReadAllBytes(decryptor, buffer.Value[42:42+domainLength]) if err != nil { return nil, err } bufferLen += 1 + domainLength request.Address = v2net.DomainAddress(string(buffer.Value[42:42+domainLength]), port) } _, err = v2net.ReadAllBytes(decryptor, buffer.Value[bufferLen:bufferLen+4]) if err != nil { return nil, err } fnv1a := fnv.New32a() fnv1a.Write(buffer.Value[:bufferLen]) actualHash := fnv1a.Sum32() expectedHash := binary.BigEndian.Uint32(buffer.Value[bufferLen : bufferLen+4]) if actualHash != expectedHash { return nil, transport.CorruptedPacket } return request, nil }
// Read reads a VMessRequest from a byte stream. func (this *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) { buffer := alloc.NewSmallBuffer() defer buffer.Release() nBytes, err := v2net.ReadAllBytes(reader, buffer.Value[:vmess.IDBytesLen]) if err != nil { log.Debug("VMess: Failed to read request ID (", nBytes, " bytes): ", err) return nil, err } userObj, timeSec, valid := this.vUserSet.GetUser(buffer.Value[:nBytes]) if !valid { return nil, proxy.InvalidAuthentication } timestampHash := TimestampHash() timestampHash.Write(timeSec.HashBytes()) iv := timestampHash.Sum(nil) aesStream, err := v2crypto.NewAesDecryptionStream(userObj.ID.CmdKey(), iv) if err != nil { log.Debug("VMess: Failed to create AES stream: ", err) return nil, err } decryptor := v2crypto.NewCryptionReader(aesStream, reader) nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[:41]) if err != nil { log.Debug("VMess: Failed to read request header (", nBytes, " bytes): ", err) return nil, err } bufferLen := nBytes request := &VMessRequest{ User: userObj, Version: buffer.Value[0], } if request.Version != Version { log.Warning("VMess: Invalid protocol version ", request.Version) return nil, proxy.InvalidProtocolVersion } request.RequestIV = append([]byte(nil), buffer.Value[1:17]...) // 16 bytes request.RequestKey = append([]byte(nil), buffer.Value[17:33]...) // 16 bytes request.ResponseHeader = append([]byte(nil), buffer.Value[33:37]...) // 4 bytes request.Command = buffer.Value[37] request.Port = v2net.PortFromBytes(buffer.Value[38:40]) switch buffer.Value[40] { case addrTypeIPv4: nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:45]) // 4 bytes bufferLen += 4 if err != nil { log.Debug("VMess: Failed to read target IPv4 (", nBytes, " bytes): ", err) return nil, err } request.Address = v2net.IPAddress(buffer.Value[41:45]) case addrTypeIPv6: nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:57]) // 16 bytes bufferLen += 16 if err != nil { log.Debug("VMess: Failed to read target IPv6 (", nBytes, " bytes): ", nBytes, err) return nil, err } request.Address = v2net.IPAddress(buffer.Value[41:57]) case addrTypeDomain: nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:42]) if err != nil { log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err) return nil, err } domainLength := int(buffer.Value[41]) if domainLength == 0 { return nil, transport.CorruptedPacket } nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[42:42+domainLength]) if err != nil { log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err) return nil, err } bufferLen += 1 + domainLength domainBytes := append([]byte(nil), buffer.Value[42:42+domainLength]...) request.Address = v2net.DomainAddress(string(domainBytes)) } nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[bufferLen:bufferLen+4]) if err != nil { log.Debug("VMess: Failed to read checksum (", nBytes, " bytes): ", nBytes, err) return nil, err } fnv1a := fnv.New32a() fnv1a.Write(buffer.Value[:bufferLen]) actualHash := fnv1a.Sum32() expectedHash := binary.BigEndian.Uint32(buffer.Value[bufferLen : bufferLen+4]) if actualHash != expectedHash { return nil, transport.CorruptedPacket } return request, nil }
func (this *Shadowsocks) handleConnection(conn *listener.TCPConn) { defer conn.Close() buffer := alloc.NewSmallBuffer() defer buffer.Release() _, err := v2net.ReadAllBytes(conn, buffer.Value[:this.config.Cipher.IVSize()]) if err != nil { log.Error("Shadowsocks: Failed to read IV: ", err) return } iv := buffer.Value[:this.config.Cipher.IVSize()] key := this.config.Key reader, err := this.config.Cipher.NewDecodingStream(key, iv, conn) if err != nil { log.Error("Shadowsocks: Failed to create decoding stream: ", err) return } request, err := ReadRequest(reader) if err != nil { return } packet := v2net.NewPacket(v2net.TCPDestination(request.Address, request.Port), nil, true) ray := this.space.PacketDispatcher().DispatchToOutbound(packet) respIv := make([]byte, this.config.Cipher.IVSize()) rand.Read(respIv) writer, err := this.config.Cipher.NewEncodingStream(key, respIv, conn) if err != nil { log.Error("Shadowsocks: Failed to create encoding stream: ", err) return } var writeFinish sync.Mutex writeFinish.Lock() go func() { firstChunk := alloc.NewBuffer().Clear() defer firstChunk.Release() firstChunk.Append(respIv) if payload, ok := <-ray.InboundOutput(); ok { firstChunk.Append(payload.Value) payload.Release() writer.Write(firstChunk.Value) v2net.ChanToWriter(writer, ray.InboundOutput()) } writeFinish.Unlock() }() v2net.ReaderToChan(ray.InboundInput(), reader) close(ray.InboundInput()) writeFinish.Lock() }