func (server *SocksServer) handleSocks4(reader io.Reader, writer io.Writer, auth protocol.Socks4AuthenticationRequest) error {
result := protocol.Socks4RequestGranted
if auth.Command == protocol.CmdBind {
result = protocol.Socks4RequestRejected
}
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:])
responseBuffer := alloc.NewSmallBuffer().Clear()
socks4Response.Write(responseBuffer)
writer.Write(responseBuffer.Value)
responseBuffer.Release()
if result == protocol.Socks4RequestRejected {
log.Warning("Unsupported socks 4 command %d", auth.Command)
return UnsupportedSocksCommand
}
dest := v2net.NewTCPDestination(v2net.IPAddress(auth.IP[:], auth.Port))
data, err := v2net.ReadFrom(reader, nil)
if err != nil {
return err
}
packet := v2net.NewPacket(dest, data, true)
server.transport(reader, writer, packet)
return nil
}
func (server *SocksServer) handleUDP(reader *v2net.TimeOutReader, writer io.Writer) error {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
udpAddr := server.getUDPAddr()
response.Port = udpAddr.Port()
switch {
case udpAddr.IsIPv4():
response.AddrType = protocol.AddrTypeIPv4
copy(response.IPv4[:], udpAddr.IP())
case udpAddr.IsIPv6():
response.AddrType = protocol.AddrTypeIPv6
copy(response.IPv6[:], udpAddr.IP())
case udpAddr.IsDomain():
response.AddrType = protocol.AddrTypeDomain
response.Domain = udpAddr.Domain()
}
err := protocol.WriteResponse(writer, response)
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
reader.SetTimeOut(300) /* 5 minutes */
v2net.ReadFrom(reader, 1) // Just in case of anything left in the socket
// The TCP connection closes after this method returns. We need to wait until
// the client closes it.
// TODO: get notified from UDP part
<-time.After(5 * time.Minute)
return nil
}
func handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<- *alloc.Buffer, finish *sync.Mutex, isUDP bool) {
defer finish.Unlock()
defer close(output)
responseKey := md5.Sum(request.RequestKey[:])
responseIV := md5.Sum(request.RequestIV[:])
decryptResponseReader, err := v2io.NewAesDecryptReader(responseKey[:], responseIV[:], conn)
if err != nil {
log.Error("VMessOut: Failed to create decrypt reader: %v", err)
return
}
buffer, err := v2net.ReadFrom(decryptResponseReader, nil)
if err != nil {
log.Error("VMessOut: Failed to read VMess response (%d bytes): %v", buffer.Len(), err)
return
}
if buffer.Len() < 4 || !bytes.Equal(buffer.Value[:4], request.ResponseHeader[:]) {
log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.")
return
}
log.Info("VMessOut received %d bytes from %s", buffer.Len()-4, conn.RemoteAddr().String())
buffer.SliceFrom(4)
output <- buffer
if !isUDP {
v2net.ReaderToChan(output, decryptResponseReader)
}
return
}
func (server *SocksServer) handleUDP(reader *v2net.TimeOutReader, writer io.Writer) error {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
udpAddr := server.getUDPAddr()
response.Port = udpAddr.Port()
switch {
case udpAddr.IsIPv4():
response.SetIPv4(udpAddr.IP())
case udpAddr.IsIPv6():
response.SetIPv6(udpAddr.IP())
case udpAddr.IsDomain():
response.SetDomain(udpAddr.Domain())
}
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err := writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
reader.SetTimeOut(300) /* 5 minutes */
v2net.ReadFrom(reader, nil) // Just in case of anything left in the socket
// The TCP connection closes after this method returns. We need to wait until
// the client closes it.
// TODO: get notified from UDP part
<-time.After(5 * time.Minute)
return nil
}
func (this *FreedomConnection) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error {
conn, err := net.Dial(firstPacket.Destination().Network(), firstPacket.Destination().Address().String())
log.Info("Freedom: Opening connection to %s", firstPacket.Destination().String())
if err != nil {
close(ray.OutboundOutput())
log.Error("Freedom: Failed to open connection: %s : %v", firstPacket.Destination().String(), err)
return err
}
input := ray.OutboundInput()
output := ray.OutboundOutput()
var readMutex, writeMutex sync.Mutex
readMutex.Lock()
writeMutex.Lock()
if chunk := firstPacket.Chunk(); chunk != nil {
conn.Write(chunk.Value)
chunk.Release()
}
if !firstPacket.MoreChunks() {
writeMutex.Unlock()
} else {
go func() {
v2net.ChanToWriter(conn, input)
writeMutex.Unlock()
}()
}
go func() {
defer readMutex.Unlock()
defer close(output)
response, err := v2net.ReadFrom(conn, nil)
log.Info("Freedom receives %d bytes from %s", response.Len(), conn.RemoteAddr().String())
if response.Len() > 0 {
output <- response
} else {
response.Release()
}
if err != nil {
return
}
if firstPacket.Destination().IsUDP() {
return
}
v2net.ReaderToChan(output, conn)
}()
writeMutex.Lock()
if tcpConn, ok := conn.(*net.TCPConn); ok {
tcpConn.CloseWrite()
}
readMutex.Lock()
conn.Close()
return nil
}
func TestSocksTcpConnect(t *testing.T) {
v2testing.Current(t)
port := v2nettesting.PickPort()
data2Send := "Data to be sent to remote"
tcpServer := &tcp.Server{
Port: port,
MsgProcessor: func(data []byte) []byte {
buffer := make([]byte, 0, 2048)
buffer = append(buffer, []byte("Processed: ")...)
buffer = append(buffer, data...)
return buffer
},
}
_, err := tcpServer.Start()
assert.Error(err).IsNil()
pointPort := v2nettesting.PickPort()
config := mocks.Config{
PortValue: pointPort,
InboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "socks",
SettingsValue: &json.SocksConfig{
AuthMethod: "auth",
},
},
OutboundConfigValue: &mocks.ConnectionConfig{
ProtocolValue: "freedom",
SettingsValue: nil,
},
}
point, err := point.NewPoint(&config)
assert.Error(err).IsNil()
err = point.Start()
assert.Error(err).IsNil()
socks5Client, err := proxy.SOCKS5("tcp", fmt.Sprintf("127.0.0.1:%d", pointPort), nil, proxy.Direct)
assert.Error(err).IsNil()
targetServer := fmt.Sprintf("127.0.0.1:%d", port)
conn, err := socks5Client.Dial("tcp", targetServer)
assert.Error(err).IsNil()
conn.Write([]byte(data2Send))
if tcpConn, ok := conn.(*net.TCPConn); ok {
tcpConn.CloseWrite()
}
dataReturned, err := v2net.ReadFrom(conn, nil)
assert.Error(err).IsNil()
conn.Close()
assert.Bytes(dataReturned.Value).Equals([]byte("Processed: Data to be sent to remote"))
}
func (server *Server) handleConnection(conn net.Conn) {
for true {
request, err := v2net.ReadFrom(conn, nil)
if err != nil {
break
}
response := server.MsgProcessor(request.Value)
conn.Write(response)
}
conn.Close()
}
func handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<- *alloc.Buffer, finish *sync.Mutex, isUDP bool) {
defer finish.Unlock()
defer close(output)
responseKey := md5.Sum(request.RequestKey[:])
responseIV := md5.Sum(request.RequestIV[:])
aesStream, err := v2crypto.NewAesDecryptionStream(responseKey[:], responseIV[:])
if err != nil {
log.Error("VMessOut: Failed to create AES encryption stream: ", err)
return
}
decryptResponseReader := v2crypto.NewCryptionReader(aesStream, conn)
buffer, err := v2net.ReadFrom(decryptResponseReader, nil)
if err != nil {
log.Error("VMessOut: Failed to read VMess response (", buffer.Len(), " bytes): ", err)
buffer.Release()
return
}
if buffer.Len() < 4 || !headerMatch(request, buffer.Value[:2]) {
log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.")
return
}
log.Info("VMessOut received ", buffer.Len()-4, " bytes from ", conn.RemoteAddr())
responseBegin := 4
if buffer.Value[2] != 0 {
dataLen := int(buffer.Value[3])
if buffer.Len() < dataLen+4 { // Rare case
diffBuffer := make([]byte, dataLen+4-buffer.Len())
v2net.ReadAllBytes(decryptResponseReader, diffBuffer)
buffer.Append(diffBuffer)
}
command := buffer.Value[2]
data := buffer.Value[4 : 4+dataLen]
go handleCommand(command, data)
responseBegin = 4 + dataLen
}
buffer.SliceFrom(responseBegin)
output <- buffer
if !isUDP {
v2net.ReaderToChan(output, decryptResponseReader)
}
return
}
func dumpOutput(conn net.Conn, output chan<- []byte, finish *sync.Mutex, udp bool) {
defer finish.Unlock()
defer close(output)
response, err := v2net.ReadFrom(conn)
if len(response) > 0 {
output <- response
}
if err != nil {
return
}
if udp {
return
}
v2net.ReaderToChan(output, conn)
}
func dumpOutput(conn net.Conn, output chan<- []byte, finish *sync.Mutex, udp bool) {
defer finish.Unlock()
defer close(output)
response, err := v2net.ReadFrom(conn)
log.Info("Freedom receives %d bytes from %s", len(response), conn.RemoteAddr().String())
if len(response) > 0 {
output <- response
}
if err != nil {
return
}
if udp {
return
}
v2net.ReaderToChan(output, conn)
}
func dumpOutput(conn net.Conn, output chan<- *alloc.Buffer, finish *sync.Mutex, udp bool) {
defer finish.Unlock()
defer close(output)
response, err := v2net.ReadFrom(conn, nil)
log.Info("Freedom receives %d bytes from %s", response.Len(), conn.RemoteAddr().String())
if response.Len() > 0 {
output <- response
} else {
response.Release()
}
if err != nil {
return
}
if udp {
return
}
v2net.ReaderToChan(output, conn)
}
func (server *SocksServer) handleSocks4(reader io.Reader, writer io.Writer, auth protocol.Socks4AuthenticationRequest) error {
result := protocol.Socks4RequestGranted
if auth.Command == protocol.CmdBind {
result = protocol.Socks4RequestRejected
}
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:])
writer.Write(socks4Response.ToBytes(nil))
if result == protocol.Socks4RequestRejected {
return errors.NewInvalidOperationError("Socks4 command " + strconv.Itoa(int(auth.Command)))
}
dest := v2net.NewTCPDestination(v2net.IPAddress(auth.IP[:], auth.Port))
data, err := v2net.ReadFrom(reader)
if err != nil {
return err
}
packet := v2net.NewPacket(dest, data, true)
server.transport(reader, writer, packet)
return nil
}
func (server *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error {
expectedAuthMethod := protocol.AuthNotRequired
if server.config.IsPassword() {
expectedAuthMethod = protocol.AuthUserPass
}
if !auth.HasAuthMethod(expectedAuthMethod) {
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks failed to write authentication: %v", err)
return err
}
log.Warning("Socks client doesn't support allowed any auth methods.")
return UnsupportedAuthMethod
}
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks failed to write authentication: %v", err)
return err
}
if server.config.IsPassword() {
upRequest, err := protocol.ReadUserPassRequest(reader)
if err != nil {
log.Error("Socks failed to read username and password: %v", err)
return err
}
status := byte(0)
if !server.config.HasAccount(upRequest.Username(), upRequest.Password()) {
status = byte(0xFF)
}
upResponse := protocol.NewSocks5UserPassResponse(status)
err = protocol.WriteUserPassResponse(writer, upResponse)
if err != nil {
log.Error("Socks failed to write user pass response: %v", err)
return err
}
if status != byte(0) {
log.Warning("Invalid user account: %s", upRequest.AuthDetail())
return proxyerrors.InvalidAuthentication
}
}
request, err := protocol.ReadRequest(reader)
if err != nil {
log.Error("Socks failed to read request: %v", err)
return err
}
if request.Command == protocol.CmdUdpAssociate && server.config.UDPEnabled {
return server.handleUDP(reader, writer)
}
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorCommandNotSupported
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err = writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
log.Warning("Unsupported socks command %d", request.Command)
return UnsupportedSocksCommand
}
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
// Some SOCKS software requires a value other than dest. Let's fake one:
response.Port = uint16(1717)
response.AddrType = protocol.AddrTypeIPv4
response.IPv4[0] = 0
response.IPv4[1] = 0
response.IPv4[2] = 0
response.IPv4[3] = 0
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err = writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
dest := request.Destination()
data, err := v2net.ReadFrom(reader, nil)
if err != nil {
return err
}
packet := v2net.NewPacket(dest, data, true)
server.transport(reader, writer, packet)
return nil
}
func (server *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error {
expectedAuthMethod := protocol.AuthNotRequired
if server.config.IsPassword() {
expectedAuthMethod = protocol.AuthUserPass
}
if !auth.HasAuthMethod(expectedAuthMethod) {
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks failed to write authentication: %v", err)
return err
}
log.Warning("Socks client doesn't support allowed any auth methods.")
return errors.NewInvalidOperationError("Unsupported auth methods.")
}
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks failed to write authentication: %v", err)
return err
}
if server.config.IsPassword() {
upRequest, err := protocol.ReadUserPassRequest(reader)
if err != nil {
log.Error("Socks failed to read username and password: %v", err)
return err
}
status := byte(0)
if !upRequest.IsValid(server.config.Username, server.config.Password) {
status = byte(0xFF)
}
upResponse := protocol.NewSocks5UserPassResponse(status)
err = protocol.WriteUserPassResponse(writer, upResponse)
if err != nil {
log.Error("Socks failed to write user pass response: %v", err)
return err
}
if status != byte(0) {
err = errors.NewAuthenticationError(upRequest.AuthDetail())
log.Warning(err.Error())
return err
}
}
request, err := protocol.ReadRequest(reader)
if err != nil {
log.Error("Socks failed to read request: %v", err)
return err
}
response := protocol.NewSocks5Response()
if request.Command == protocol.CmdUdpAssociate && server.config.UDPEnabled {
return server.handleUDP(reader, writer)
}
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorCommandNotSupported
err = protocol.WriteResponse(writer, response)
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
log.Warning("Unsupported socks command %d", request.Command)
return errors.NewInvalidOperationError("Socks command " + strconv.Itoa(int(request.Command)))
}
response.Error = protocol.ErrorSuccess
response.Port = request.Port
response.AddrType = request.AddrType
switch response.AddrType {
case protocol.AddrTypeIPv4:
copy(response.IPv4[:], request.IPv4[:])
case protocol.AddrTypeIPv6:
copy(response.IPv6[:], request.IPv6[:])
case protocol.AddrTypeDomain:
response.Domain = request.Domain
}
err = protocol.WriteResponse(writer, response)
if err != nil {
log.Error("Socks failed to write response: %v", err)
return err
}
dest := request.Destination()
data, err := v2net.ReadFrom(reader)
if err != nil {
return err
}
packet := v2net.NewPacket(dest, data, true)
server.transport(reader, writer, packet)
return nil
}
func (this *FreedomConnection) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error {
log.Info("Freedom: Opening connection to ", firstPacket.Destination())
var conn net.Conn
err := retry.Timed(5, 100).On(func() error {
rawConn, err := dialer.Dial(firstPacket.Destination())
if err != nil {
return err
}
conn = rawConn
return nil
})
if err != nil {
close(ray.OutboundOutput())
log.Error("Freedom: Failed to open connection to ", firstPacket.Destination(), ": ", err)
return err
}
defer conn.Close()
input := ray.OutboundInput()
output := ray.OutboundOutput()
var readMutex, writeMutex sync.Mutex
readMutex.Lock()
writeMutex.Lock()
if chunk := firstPacket.Chunk(); chunk != nil {
conn.Write(chunk.Value)
chunk.Release()
}
if !firstPacket.MoreChunks() {
writeMutex.Unlock()
} else {
go func() {
v2net.ChanToWriter(conn, input)
writeMutex.Unlock()
}()
}
go func() {
defer readMutex.Unlock()
defer close(output)
response, err := v2net.ReadFrom(conn, nil)
log.Info("Freedom receives ", response.Len(), " bytes from ", conn.RemoteAddr())
if response.Len() > 0 {
output <- response
} else {
response.Release()
}
if err != nil {
return
}
if firstPacket.Destination().IsUDP() {
return
}
v2net.ReaderToChan(output, conn)
}()
if this.space.HasDnsCache() {
if firstPacket.Destination().Address().IsDomain() {
domain := firstPacket.Destination().Address().Domain()
addr := conn.RemoteAddr()
switch typedAddr := addr.(type) {
case *net.TCPAddr:
this.space.DnsCache().Add(domain, typedAddr.IP)
case *net.UDPAddr:
this.space.DnsCache().Add(domain, typedAddr.IP)
}
}
}
writeMutex.Lock()
if tcpConn, ok := conn.(*net.TCPConn); ok {
tcpConn.CloseWrite()
}
readMutex.Lock()
return nil
}