func (v *Server) handleSocks4(clientAddr v2net.Destination, reader *bufio.BufferedReader, writer *bufio.BufferedWriter, auth protocol.Socks4AuthenticationRequest) error { result := protocol.Socks4RequestGranted if auth.Command == protocol.CmdBind { result = protocol.Socks4RequestRejected } socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:]) socks4Response.Write(writer) if result == protocol.Socks4RequestRejected { log.Warning("Socks: Unsupported socks 4 command ", auth.Command) log.Access(clientAddr, "", log.AccessRejected, ErrUnsupportedSocksCommand) return ErrUnsupportedSocksCommand } reader.SetCached(false) writer.SetCached(false) dest := v2net.TCPDestination(v2net.IPAddress(auth.IP[:]), auth.Port) session := &proxy.SessionInfo{ Source: clientAddr, Destination: dest, Inbound: v.meta, } log.Access(clientAddr, dest, log.AccessAccepted, "") v.transport(reader, writer, session) return nil }
func (v *Server) handleSocks5(clientAddr v2net.Destination, reader *bufio.BufferedReader, writer *bufio.BufferedWriter, auth protocol.Socks5AuthenticationRequest) error { expectedAuthMethod := protocol.AuthNotRequired if v.config.AuthType == AuthType_PASSWORD { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err := protocol.WriteAuthentication(writer, authResponse) writer.Flush() if err != nil { log.Warning("Socks: failed to write authentication: ", err) return err } log.Warning("Socks: client doesn't support any allowed auth methods.") return ErrUnsupportedAuthMethod } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) protocol.WriteAuthentication(writer, authResponse) err := writer.Flush() if err != nil { log.Error("Socks: failed to write authentication: ", err) return err } if v.config.AuthType == AuthType_PASSWORD { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Warning("Socks: failed to read username and password: "******"Socks: failed to write user pass response: ", err) return err } if status != byte(0) { log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail()) log.Access(clientAddr, "", log.AccessRejected, crypto.ErrAuthenticationFailed) return crypto.ErrAuthenticationFailed } } request, err := protocol.ReadRequest(reader) if err != nil { log.Warning("Socks: failed to read request: ", err) return err } if request.Command == protocol.CmdUdpAssociate && v.config.UdpEnabled { return v.handleUDP(reader, writer) } if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported response.Port = v2net.Port(0) response.SetIPv4([]byte{0, 0, 0, 0}) response.Write(writer) writer.Flush() if err != nil { log.Error("Socks: failed to write response: ", err) return err } log.Warning("Socks: Unsupported socks command ", request.Command) return ErrUnsupportedSocksCommand } response := protocol.NewSocks5Response() response.Error = protocol.ErrorSuccess // Some SOCKS software requires a value other than dest. Let's fake one: response.Port = v2net.Port(1717) response.SetIPv4([]byte{0, 0, 0, 0}) response.Write(writer) if err != nil { log.Error("Socks: failed to write response: ", err) return err } reader.SetCached(false) writer.SetCached(false) dest := request.Destination() session := &proxy.SessionInfo{ Source: clientAddr, Destination: dest, Inbound: v.meta, } log.Info("Socks: TCP Connect request to ", dest) log.Access(clientAddr, dest, log.AccessAccepted, "") v.transport(reader, writer, session) return nil }