func (v *Server) transport(ctx context.Context, reader io.Reader, writer io.Writer) error { ray := v.packetDispatcher.DispatchToOutbound(ctx) input := ray.InboundInput() output := ray.InboundOutput() requestDone := signal.ExecuteAsync(func() error { defer input.Close() v2reader := buf.NewReader(reader) if err := buf.PipeUntilEOF(v2reader, input); err != nil { log.Info("Socks|Server: Failed to transport all TCP request: ", err) return err } return nil }) responseDone := signal.ExecuteAsync(func() error { v2writer := buf.NewWriter(writer) if err := buf.PipeUntilEOF(output, v2writer); err != nil { log.Info("Socks|Server: Failed to transport all TCP response: ", err) return err } return nil }) if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil { log.Info("Socks|Server: Connection ends with ", err) input.CloseError() output.CloseError() return err } return nil }
func (v *Server) transport(reader io.Reader, writer io.Writer, session *proxy.SessionInfo) { ray := v.packetDispatcher.DispatchToOutbound(session) input := ray.InboundInput() output := ray.InboundOutput() defer input.Close() defer output.Release() go func() { v2reader := buf.NewReader(reader) defer v2reader.Release() if err := buf.PipeUntilEOF(v2reader, input); err != nil { log.Info("Socks|Server: Failed to transport all TCP request: ", err) } input.Close() }() v2writer := buf.NewWriter(writer) defer v2writer.Release() if err := buf.PipeUntilEOF(output, v2writer); err != nil { log.Info("Socks|Server: Failed to transport all TCP response: ", err) } output.Release() }
func (v *Server) transport(input io.Reader, output io.Writer, ray ray.InboundRay) { var wg sync.WaitGroup wg.Add(2) defer wg.Wait() go func() { v2reader := buf.NewReader(input) defer v2reader.Release() if err := buf.PipeUntilEOF(v2reader, ray.InboundInput()); err != nil { log.Info("HTTP: Failed to transport all TCP request: ", err) } ray.InboundInput().Close() wg.Done() }() go func() { v2writer := buf.NewWriter(output) defer v2writer.Release() if err := buf.PipeUntilEOF(ray.InboundOutput(), v2writer); err != nil { log.Info("HTTP: Failed to transport all TCP response: ", err) } ray.InboundOutput().Release() wg.Done() }() }
func (v *DokodemoDoor) HandleTCPConnection(conn internet.Connection) { defer conn.Close() var dest v2net.Destination if v.config.FollowRedirect { originalDest := GetOriginalDestination(conn) if originalDest.Network != v2net.Network_Unknown { log.Info("Dokodemo: Following redirect to: ", originalDest) dest = originalDest } } if dest.Network == v2net.Network_Unknown && v.address != nil && v.port > v2net.Port(0) { dest = v2net.TCPDestination(v.address, v.port) } if dest.Network == v2net.Network_Unknown { log.Info("Dokodemo: Unknown destination, stop forwarding...") return } log.Info("Dokodemo: Handling request to ", dest) ray := v.packetDispatcher.DispatchToOutbound(&proxy.SessionInfo{ Source: v2net.DestinationFromAddr(conn.RemoteAddr()), Destination: dest, Inbound: v.meta, }) defer ray.InboundOutput().Release() var wg sync.WaitGroup reader := v2net.NewTimeOutReader(v.config.Timeout, conn) defer reader.Release() wg.Add(1) go func() { v2reader := buf.NewReader(reader) defer v2reader.Release() if err := buf.PipeUntilEOF(v2reader, ray.InboundInput()); err != nil { log.Info("Dokodemo: Failed to transport all TCP request: ", err) } wg.Done() ray.InboundInput().Close() }() wg.Add(1) go func() { v2writer := buf.NewWriter(conn) defer v2writer.Release() if err := buf.PipeUntilEOF(ray.InboundOutput(), v2writer); err != nil { log.Info("Dokodemo: Failed to transport all TCP response: ", err) } wg.Done() }() wg.Wait() }
func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reader io.Reader) buf.Reader { aggressive := (request.Command == protocol.RequestCommandTCP) var authReader io.Reader if request.Security.Is(protocol.SecurityType_NONE) { if request.Option.Has(protocol.RequestOptionChunkStream) { auth := &crypto.AEADAuthenticator{ AEAD: new(FnvAuthenticator), NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) } else { authReader = reader } } else if request.Security.Is(protocol.SecurityType_LEGACY) { aesStream := crypto.NewAesDecryptionStream(v.requestBodyKey, v.requestBodyIV) cryptionReader := crypto.NewCryptionReader(aesStream, reader) if request.Option.Has(protocol.RequestOptionChunkStream) { auth := &crypto.AEADAuthenticator{ AEAD: new(FnvAuthenticator), NonceGenerator: crypto.NoOpBytesGenerator{}, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } authReader = crypto.NewAuthenticationReader(auth, cryptionReader, aggressive) } else { authReader = cryptionReader } } else if request.Security.Is(protocol.SecurityType_AES128_GCM) { block, _ := aes.NewCipher(v.requestBodyKey) aead, _ := cipher.NewGCM(block) auth := &crypto.AEADAuthenticator{ AEAD: aead, NonceGenerator: &ChunkNonceGenerator{ Nonce: append([]byte(nil), v.requestBodyIV...), Size: aead.NonceSize(), }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) } else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) { aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey)) auth := &crypto.AEADAuthenticator{ AEAD: aead, NonceGenerator: &ChunkNonceGenerator{ Nonce: append([]byte(nil), v.requestBodyIV...), Size: aead.NonceSize(), }, AdditionalDataGenerator: crypto.NoOpBytesGenerator{}, } authReader = crypto.NewAuthenticationReader(auth, reader, aggressive) } return buf.NewReader(authReader) }
func (v *Server) handlerUDPPayload(ctx context.Context, conn internet.Connection) error { source := proxy.SourceFromContext(ctx) reader := buf.NewReader(conn) for { payload, err := reader.Read() if err != nil { break } request, data, err := DecodeUDPPacket(v.user, payload) if err != nil { log.Info("Shadowsocks|Server: Skipping invalid UDP packet from: ", source, ": ", err) log.Access(source, "", log.AccessRejected, err) payload.Release() continue } if request.Option.Has(RequestOptionOneTimeAuth) && v.account.OneTimeAuth == Account_Disabled { log.Info("Shadowsocks|Server: Client payload enables OTA but server doesn't allow it.") payload.Release() continue } if !request.Option.Has(RequestOptionOneTimeAuth) && v.account.OneTimeAuth == Account_Enabled { log.Info("Shadowsocks|Server: Client payload disables OTA but server forces it.") payload.Release() continue } dest := request.Destination() log.Access(source, dest, log.AccessAccepted, "") log.Info("Shadowsocks|Server: Tunnelling request to ", dest) ctx = protocol.ContextWithUser(ctx, request.User) v.udpServer.Dispatch(ctx, dest, data, func(payload *buf.Buffer) { defer payload.Release() data, err := EncodeUDPPacket(request, payload) if err != nil { log.Warning("Shadowsocks|Server: Failed to encode UDP packet: ", err) return } defer data.Release() conn.Write(data.Bytes()) }) } return nil }
func (s *Server) handleConnect(ctx context.Context, request *http.Request, reader io.Reader, writer io.Writer) error { response := &http.Response{ Status: "200 OK", StatusCode: 200, Proto: "HTTP/1.1", ProtoMajor: 1, ProtoMinor: 1, Header: http.Header(make(map[string][]string)), Body: nil, ContentLength: 0, Close: false, } if err := response.Write(writer); err != nil { log.Warning("HTTP|Server: failed to write back OK response: ", err) return err } ray := s.packetDispatcher.DispatchToOutbound(ctx) requestDone := signal.ExecuteAsync(func() error { defer ray.InboundInput().Close() v2reader := buf.NewReader(reader) if err := buf.PipeUntilEOF(v2reader, ray.InboundInput()); err != nil { return err } return nil }) responseDone := signal.ExecuteAsync(func() error { v2writer := buf.NewWriter(writer) if err := buf.PipeUntilEOF(ray.InboundOutput(), v2writer); err != nil { return err } return nil }) if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil { log.Info("HTTP|Server: Connection ends with: ", err) ray.InboundInput().CloseError() ray.InboundOutput().CloseError() return err } return nil }
func ReadTCPResponse(user *protocol.User, reader io.Reader) (buf.Reader, error) { rawAccount, err := user.GetTypedAccount() if err != nil { return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.") } account := rawAccount.(*ShadowsocksAccount) iv := make([]byte, account.Cipher.IVSize()) _, err = io.ReadFull(reader, iv) if err != nil { return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.") } stream, err := account.Cipher.NewDecodingStream(account.Key, iv) if err != nil { return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.") } return buf.NewReader(crypto.NewCryptionReader(stream, reader)), nil }
func (d *DokodemoDoor) Process(ctx context.Context, network net.Network, conn internet.Connection) error { log.Debug("Dokodemo: processing connection from: ", conn.RemoteAddr()) conn.SetReusable(false) ctx = proxy.ContextWithDestination(ctx, net.Destination{ Network: network, Address: d.address, Port: d.port, }) inboundRay := d.packetDispatcher.DispatchToOutbound(ctx) requestDone := signal.ExecuteAsync(func() error { defer inboundRay.InboundInput().Close() timedReader := net.NewTimeOutReader(d.config.Timeout, conn) chunkReader := buf.NewReader(timedReader) if err := buf.PipeUntilEOF(chunkReader, inboundRay.InboundInput()); err != nil { log.Info("Dokodemo: Failed to transport request: ", err) return err } return nil }) responseDone := signal.ExecuteAsync(func() error { v2writer := buf.NewWriter(conn) if err := buf.PipeUntilEOF(inboundRay.InboundOutput(), v2writer); err != nil { log.Info("Dokodemo: Failed to transport response: ", err) return err } return nil }) if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil { inboundRay.InboundInput().CloseError() inboundRay.InboundOutput().CloseError() log.Info("Dokodemo: Connection ends with ", err) return err } return nil }
func (v *Server) handleUDPPayload(ctx context.Context, conn internet.Connection) error { source := proxy.SourceFromContext(ctx) log.Info("Socks|Server: Client UDP connection from ", source) reader := buf.NewReader(conn) for { payload, err := reader.Read() if err != nil { return err } request, data, err := DecodeUDPPacket(payload.Bytes()) if err != nil { log.Info("Socks|Server: Failed to parse UDP request: ", err) continue } if len(data) == 0 { continue } log.Info("Socks: Send packet to ", request.Destination(), " with ", len(data), " bytes") log.Access(source, request.Destination, log.AccessAccepted, "") dataBuf := buf.NewSmall() dataBuf.Append(data) v.udpServer.Dispatch(ctx, request.Destination(), dataBuf, func(payload *buf.Buffer) { defer payload.Release() log.Info("Socks|Server: Writing back UDP response with ", payload.Len(), " bytes") udpMessage := EncodeUDPPacket(request, payload.Bytes()) defer udpMessage.Release() conn.Write(udpMessage.Bytes()) }) } }
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) { rawAccount, err := user.GetTypedAccount() if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.") } account := rawAccount.(*ShadowsocksAccount) buffer := buf.NewLocal(512) defer buffer.Release() ivLen := account.Cipher.IVSize() err = buffer.AppendSupplier(buf.ReadFullFrom(reader, ivLen)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.") } iv := append([]byte(nil), buffer.BytesTo(ivLen)...) stream, err := account.Cipher.NewDecodingStream(account.Key, iv) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.") } reader = crypto.NewCryptionReader(stream, reader) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) request := &protocol.RequestHeader{ Version: Version, User: user, Command: protocol.RequestCommandTCP, } buffer.Clear() err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 1)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read address type.") } addrType := (buffer.Byte(0) & 0x0F) if (buffer.Byte(0) & 0x10) == 0x10 { request.Option |= RequestOptionOneTimeAuth } if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled { return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.") } if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled { return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.") } switch addrType { case AddrTypeIPv4: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 4)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv4 address.") } request.Address = v2net.IPAddress(buffer.BytesFrom(-4)) case AddrTypeIPv6: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 16)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv6 address.") } request.Address = v2net.IPAddress(buffer.BytesFrom(-16)) case AddrTypeDomain: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 1)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain lenth.") } domainLength := int(buffer.BytesFrom(-1)[0]) err = buffer.AppendSupplier(buf.ReadFullFrom(reader, domainLength)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain.") } request.Address = v2net.DomainAddress(string(buffer.BytesFrom(-domainLength))) default: // Check address validity after OTA verification. } err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 2)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read port.") } request.Port = v2net.PortFromBytes(buffer.BytesFrom(-2)) if request.Option.Has(RequestOptionOneTimeAuth) { actualAuth := make([]byte, AuthSize) authenticator.Authenticate(buffer.Bytes())(actualAuth) err := buffer.AppendSupplier(buf.ReadFullFrom(reader, AuthSize)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read OTA.") } if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) { return nil, nil, errors.New("Shadowsocks|TCP: Invalid OTA") } } if request.Address == nil { return nil, nil, errors.New("Shadowsocks|TCP: Invalid remote address.") } var chunkReader buf.Reader if request.Option.Has(RequestOptionOneTimeAuth) { chunkReader = NewChunkReader(reader, NewAuthenticator(ChunkKeyGenerator(iv))) } else { chunkReader = buf.NewReader(reader) } return request, chunkReader, nil }
func (v *Handler) Process(ctx context.Context, outboundRay ray.OutboundRay) error { destination := proxy.DestinationFromContext(ctx) if v.destOverride != nil { server := v.destOverride.Server destination = net.Destination{ Network: destination.Network, Address: server.Address.AsAddress(), Port: net.Port(server.Port), } } log.Info("Freedom: Opening connection to ", destination) input := outboundRay.OutboundInput() output := outboundRay.OutboundOutput() var conn internet.Connection if v.domainStrategy == Config_USE_IP && destination.Address.Family().IsDomain() { destination = v.ResolveIP(destination) } dialer := proxy.DialerFromContext(ctx) err := retry.ExponentialBackoff(5, 100).On(func() error { rawConn, err := dialer.Dial(ctx, destination) if err != nil { return err } conn = rawConn return nil }) if err != nil { log.Warning("Freedom: Failed to open connection to ", destination, ": ", err) return err } defer conn.Close() conn.SetReusable(false) requestDone := signal.ExecuteAsync(func() error { v2writer := buf.NewWriter(conn) if err := buf.PipeUntilEOF(input, v2writer); err != nil { return err } return nil }) var reader io.Reader = conn timeout := v.timeout if destination.Network == net.Network_UDP { timeout = 16 } if timeout > 0 { reader = net.NewTimeOutReader(timeout /* seconds */, conn) } responseDone := signal.ExecuteAsync(func() error { defer output.Close() v2reader := buf.NewReader(reader) if err := buf.PipeUntilEOF(v2reader, output); err != nil { return err } return nil }) if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil { log.Info("Freedom: Connection ending with ", err) input.CloseError() output.CloseError() return err } return nil }
func (c *Client) Process(ctx context.Context, ray ray.OutboundRay) error { destination := proxy.DestinationFromContext(ctx) var server *protocol.ServerSpec var conn internet.Connection dialer := proxy.DialerFromContext(ctx) err := retry.ExponentialBackoff(5, 100).On(func() error { server = c.serverPicker.PickServer() dest := server.Destination() rawConn, err := dialer.Dial(ctx, dest) if err != nil { return err } conn = rawConn return nil }) if err != nil { log.Warning("Socks|Client: Failed to find an available destination.") return err } defer conn.Close() conn.SetReusable(false) request := &protocol.RequestHeader{ Version: socks5Version, Command: protocol.RequestCommandTCP, Address: destination.Address, Port: destination.Port, } if destination.Network == net.Network_UDP { request.Command = protocol.RequestCommandUDP } user := server.PickUser() if user != nil { request.User = user } udpRequest, err := ClientHandshake(request, conn, conn) if err != nil { log.Warning("Socks|Client: Failed to establish connection to server: ", err) return err } var requestFunc func() error var responseFunc func() error if request.Command == protocol.RequestCommandTCP { requestFunc = func() error { return buf.PipeUntilEOF(ray.OutboundInput(), buf.NewWriter(conn)) } responseFunc = func() error { defer ray.OutboundOutput().Close() return buf.PipeUntilEOF(buf.NewReader(conn), ray.OutboundOutput()) } } else if request.Command == protocol.RequestCommandUDP { udpConn, err := dialer.Dial(ctx, udpRequest.Destination()) if err != nil { log.Info("Socks|Client: Failed to create UDP connection: ", err) return err } defer udpConn.Close() requestFunc = func() error { return buf.PipeUntilEOF(ray.OutboundInput(), &UDPWriter{request: request, writer: udpConn}) } responseFunc = func() error { defer ray.OutboundOutput().Close() reader := &UDPReader{reader: net.NewTimeOutReader(16, udpConn)} return buf.PipeUntilEOF(reader, ray.OutboundOutput()) } } requestDone := signal.ExecuteAsync(requestFunc) responseDone := signal.ExecuteAsync(responseFunc) if err := signal.ErrorOrFinish2(requestDone, responseDone); err != nil { log.Info("Socks|Client: Connection ends with ", err) ray.OutboundInput().CloseError() ray.OutboundOutput().CloseError() return err } return nil }