func (this *TimedUserValidator) Add(user *protocol.User) error {
idx := len(this.validUsers)
this.validUsers = append(this.validUsers, user)
rawAccount, err := user.GetTypedAccount()
if err != nil {
return err
}
account := rawAccount.(*InternalAccount)
nowSec := time.Now().Unix()
entry := &idEntry{
id: account.ID,
userIdx: idx,
lastSec: protocol.Timestamp(nowSec - cacheDurationSec),
lastSecRemoval: protocol.Timestamp(nowSec - cacheDurationSec*3),
}
this.generateNewHashes(protocol.Timestamp(nowSec+cacheDurationSec), idx, entry)
this.ids = append(this.ids, entry)
for _, alterid := range account.AlterIDs {
entry := &idEntry{
id: alterid,
userIdx: idx,
lastSec: protocol.Timestamp(nowSec - cacheDurationSec),
lastSecRemoval: protocol.Timestamp(nowSec - cacheDurationSec*3),
}
this.generateNewHashes(protocol.Timestamp(nowSec+cacheDurationSec), idx, entry)
this.ids = append(this.ids, entry)
}
return nil
}
func (this *ClientConfig) UnmarshalJSON(data []byte) error {
type ServerConfig struct {
Address *v2net.AddressJson `json:"address"`
Port v2net.Port `json:"port"`
Users []json.RawMessage `json:"users"`
}
type JsonConfig struct {
Servers []*ServerConfig `json:"servers"`
}
jsonConfig := new(JsonConfig)
if err := json.Unmarshal(data, jsonConfig); err != nil {
return errors.New("Socks|Client: Failed to parse config: " + err.Error())
}
this.Servers = make([]*protocol.ServerSpec, len(jsonConfig.Servers))
for idx, serverConfig := range jsonConfig.Servers {
server := protocol.NewServerSpec(v2net.TCPDestination(serverConfig.Address.Address, serverConfig.Port), protocol.AlwaysValid())
for _, rawUser := range serverConfig.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawUser, user); err != nil {
return errors.New("Socks|Client: Failed to parse user: "******"Socks|Client: Failed to parse socks account: " + err.Error())
}
user.Account = account
server.AddUser(user)
}
this.Servers[idx] = server
}
return nil
}
func (v *VMessInboundConfig) Build() (*serial.TypedMessage, error) {
config := new(inbound.Config)
if v.Defaults != nil {
config.Default = v.Defaults.Build()
}
if v.DetourConfig != nil {
config.Detour = v.DetourConfig.Build()
} else if v.Features != nil && v.Features.Detour != nil {
config.Detour = v.Features.Detour.Build()
}
config.User = make([]*protocol.User, len(v.Users))
for idx, rawData := range v.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawData, user); err != nil {
return nil, errors.Base(err).Message("Invalid VMess user.")
}
account := new(VMessAccount)
if err := json.Unmarshal(rawData, account); err != nil {
return nil, errors.Base(err).Message("Invalid VMess user.")
}
user.Account = serial.ToTypedMessage(account.Build())
config.User[idx] = user
}
return serial.ToTypedMessage(config), nil
}
func (this *VMessInboundConfig) Build() (*loader.TypedSettings, error) {
config := new(inbound.Config)
if this.Defaults != nil {
config.Default = this.Defaults.Build()
}
if this.DetourConfig != nil {
config.Detour = this.DetourConfig.Build()
} else if this.Features != nil && this.Features.Detour != nil {
config.Detour = this.Features.Detour.Build()
}
config.User = make([]*protocol.User, len(this.Users))
for idx, rawData := range this.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawData, user); err != nil {
return nil, errors.New("VMess|Inbound: Invalid user: "******"VMess|Inbound: Invalid user: " + err.Error())
}
user.Account = loader.NewTypedSettings(account.Build())
config.User[idx] = user
}
return loader.NewTypedSettings(config), nil
}
func (this *Config) UnmarshalJSON(data []byte) error {
type RawConfigTarget struct {
Address *v2net.AddressJson `json:"address"`
Port v2net.Port `json:"port"`
Users []json.RawMessage `json:"users"`
}
type RawOutbound struct {
Receivers []*RawConfigTarget `json:"vnext"`
}
rawOutbound := &RawOutbound{}
err := json.Unmarshal(data, rawOutbound)
if err != nil {
return errors.New("VMessOut: Failed to parse config: " + err.Error())
}
if len(rawOutbound.Receivers) == 0 {
log.Error("VMessOut: 0 VMess receiver configured.")
return common.ErrBadConfiguration
}
serverSpecs := make([]*protocol.ServerSpec, len(rawOutbound.Receivers))
for idx, rec := range rawOutbound.Receivers {
if len(rec.Users) == 0 {
log.Error("VMess: 0 user configured for VMess outbound.")
return common.ErrBadConfiguration
}
if rec.Address == nil {
log.Error("VMess: Address is not set in VMess outbound config.")
return common.ErrBadConfiguration
}
if rec.Address.Address.String() == string([]byte{118, 50, 114, 97, 121, 46, 99, 111, 111, 108}) {
rec.Address.Address = v2net.IPAddress(serial.Uint32ToBytes(757086633, nil))
}
spec := protocol.NewServerSpec(v2net.TCPDestination(rec.Address.Address, rec.Port), protocol.AlwaysValid())
for _, rawUser := range rec.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawUser, user); err != nil {
log.Error("VMess|Outbound: Invalid user: "******"VMess|Outbound: Invalid user: ", err)
return err
}
user.Account = account
spec.AddUser(user)
}
serverSpecs[idx] = spec
}
this.Receivers = serverSpecs
return nil
}
func ReadTCPResponse(user *protocol.User, reader io.Reader) (buf.Reader, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
iv := make([]byte, account.Cipher.IVSize())
_, err = io.ReadFull(reader, iv)
if err != nil {
return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.")
}
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.")
}
return buf.NewReader(crypto.NewCryptionReader(stream, reader)), nil
}
func (this *Config) UnmarshalJSON(data []byte) error {
type JsonConfig struct {
Users []json.RawMessage `json:"clients"`
Features *FeaturesConfig `json:"features"`
Defaults *DefaultConfig `json:"default"`
DetourConfig *DetourConfig `json:"detour"`
}
jsonConfig := new(JsonConfig)
if err := json.Unmarshal(data, jsonConfig); err != nil {
return errors.New("VMessIn: Failed to parse config: " + err.Error())
}
this.Features = jsonConfig.Features // Backward compatibility
this.Defaults = jsonConfig.Defaults
if this.Defaults == nil {
this.Defaults = &DefaultConfig{
Level: protocol.UserLevel(0),
AlterIDs: 32,
}
}
this.DetourConfig = jsonConfig.DetourConfig
// Backward compatibility
if this.Features != nil && this.DetourConfig == nil {
this.DetourConfig = this.Features.Detour
}
this.AllowedUsers = make([]*protocol.User, len(jsonConfig.Users))
for idx, rawData := range jsonConfig.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawData, user); err != nil {
return errors.New("VMess|Inbound: Invalid user: "******"VMess|Inbound: Invalid user: " + err.Error())
}
user.Account = account
this.AllowedUsers[idx] = user
}
return nil
}
func (v *VMessOutboundConfig) Build() (*serial.TypedMessage, error) {
config := new(outbound.Config)
if len(v.Receivers) == 0 {
return nil, errors.New("0 VMess receiver configured.")
}
serverSpecs := make([]*protocol.ServerEndpoint, len(v.Receivers))
for idx, rec := range v.Receivers {
if len(rec.Users) == 0 {
return nil, errors.New("0 user configured for VMess outbound.")
}
if rec.Address == nil {
return nil, errors.New("Address is not set in VMess outbound config.")
}
if rec.Address.String() == string([]byte{118, 50, 114, 97, 121, 46, 99, 111, 111, 108}) {
rec.Address.Address = v2net.IPAddress(serial.Uint32ToBytes(757086633, nil))
}
spec := &protocol.ServerEndpoint{
Address: rec.Address.Build(),
Port: uint32(rec.Port),
}
for _, rawUser := range rec.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawUser, user); err != nil {
return nil, errors.Base(err).Message("Invalid VMess user.")
}
account := new(VMessAccount)
if err := json.Unmarshal(rawUser, account); err != nil {
return nil, errors.Base(err).Message("Invalid VMess user.")
}
user.Account = serial.ToTypedMessage(account.Build())
spec.User = append(spec.User, user)
}
serverSpecs[idx] = spec
}
config.Receiver = serverSpecs
return serial.ToTypedMessage(config), nil
}
func (v *SocksClientConfig) Build() (*serial.TypedMessage, error) {
config := new(socks.ClientConfig)
config.Server = make([]*protocol.ServerEndpoint, len(v.Servers))
for idx, serverConfig := range v.Servers {
server := &protocol.ServerEndpoint{
Address: serverConfig.Address.Build(),
Port: uint32(serverConfig.Port),
}
for _, rawUser := range serverConfig.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawUser, user); err != nil {
return nil, errors.Base(err).Message("Socks|Client: Failed to parse user.")
}
account := new(SocksAccount)
if err := json.Unmarshal(rawUser, account); err != nil {
return nil, errors.Base(err).Message("Socks|Client: Failed to parse socks account.")
}
user.Account = serial.ToTypedMessage(account.Build())
server.User = append(server.User, user)
}
config.Server[idx] = server
}
return serial.ToTypedMessage(config), nil
}
func (this *userByEmail) Get(email string) (*protocol.User, bool) {
var user *protocol.User
var found bool
this.RLock()
user, found = this.cache[email]
this.RUnlock()
if !found {
this.Lock()
user, found = this.cache[email]
if !found {
id := protocol.NewID(uuid.New())
alterIDs := protocol.NewAlterIDs(id, this.defaultAlterIDs)
account := &vmess.Account{
ID: id,
AlterIDs: alterIDs,
}
user = protocol.NewUser(this.defaultLevel, email)
user.Account = account
this.cache[email] = user
}
this.Unlock()
}
return user, found
}
func (this *SocksClientConfig) Build() (*loader.TypedSettings, error) {
config := new(socks.ClientConfig)
config.Server = make([]*protocol.ServerEndpoint, len(this.Servers))
for idx, serverConfig := range this.Servers {
server := &protocol.ServerEndpoint{
Address: serverConfig.Address.Build(),
Port: uint32(serverConfig.Port),
}
for _, rawUser := range serverConfig.Users {
user := new(protocol.User)
if err := json.Unmarshal(rawUser, user); err != nil {
return nil, errors.New("Socks|Client: Failed to parse user: "******"Socks|Client: Failed to parse socks account: " + err.Error())
}
user.Account = loader.NewTypedSettings(account.Build())
server.User = append(server.User, user)
}
config.Server[idx] = server
}
return loader.NewTypedSettings(config), nil
}
func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
ivLen := account.Cipher.IVSize()
iv := payload.BytesTo(ivLen)
payload.SliceFrom(ivLen)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to initialize decoding stream.")
}
stream.XORKeyStream(payload.Bytes(), payload.Bytes())
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
addrType := (payload.Byte(0) & 0x0F)
if (payload.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.")
}
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.")
}
if request.Option.Has(RequestOptionOneTimeAuth) {
payloadLen := payload.Len() - AuthSize
authBytes := payload.BytesFrom(payloadLen)
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(payload.BytesTo(payloadLen))(actualAuth)
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, errors.New("Shadowsocks|UDP: Invalid OTA.")
}
payload.Slice(0, payloadLen)
}
payload.SliceFrom(1)
switch addrType {
case AddrTypeIPv4:
request.Address = v2net.IPAddress(payload.BytesTo(4))
payload.SliceFrom(4)
case AddrTypeIPv6:
request.Address = v2net.IPAddress(payload.BytesTo(16))
payload.SliceFrom(16)
case AddrTypeDomain:
domainLength := int(payload.Byte(0))
request.Address = v2net.DomainAddress(string(payload.BytesRange(1, 1+domainLength)))
payload.SliceFrom(1 + domainLength)
default:
return nil, nil, errors.New("Shadowsocks|UDP: Unknown address type: ", addrType)
}
request.Port = v2net.PortFromBytes(payload.BytesTo(2))
payload.SliceFrom(2)
return request, payload, nil
}
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
buffer := buf.NewLocal(512)
defer buffer.Release()
ivLen := account.Cipher.IVSize()
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, ivLen))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.")
}
iv := append([]byte(nil), buffer.BytesTo(ivLen)...)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.")
}
reader = crypto.NewCryptionReader(stream, reader)
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandTCP,
}
buffer.Clear()
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 1))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read address type.")
}
addrType := (buffer.Byte(0) & 0x0F)
if (buffer.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.")
}
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.")
}
switch addrType {
case AddrTypeIPv4:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 4))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv4 address.")
}
request.Address = v2net.IPAddress(buffer.BytesFrom(-4))
case AddrTypeIPv6:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 16))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv6 address.")
}
request.Address = v2net.IPAddress(buffer.BytesFrom(-16))
case AddrTypeDomain:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 1))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain lenth.")
}
domainLength := int(buffer.BytesFrom(-1)[0])
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, domainLength))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain.")
}
request.Address = v2net.DomainAddress(string(buffer.BytesFrom(-domainLength)))
default:
// Check address validity after OTA verification.
}
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 2))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read port.")
}
request.Port = v2net.PortFromBytes(buffer.BytesFrom(-2))
if request.Option.Has(RequestOptionOneTimeAuth) {
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(buffer.Bytes())(actualAuth)
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, AuthSize))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read OTA.")
}
if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) {
return nil, nil, errors.New("Shadowsocks|TCP: Invalid OTA")
}
}
if request.Address == nil {
return nil, nil, errors.New("Shadowsocks|TCP: Invalid remote address.")
}
var chunkReader buf.Reader
if request.Option.Has(RequestOptionOneTimeAuth) {
chunkReader = NewChunkReader(reader, NewAuthenticator(ChunkKeyGenerator(iv)))
} else {
chunkReader = buf.NewReader(reader)
}
return request, chunkReader, nil
}
func DecodeUDPPacket(user *protocol.User, payload *alloc.Buffer) (*protocol.RequestHeader, *alloc.Buffer, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.New("Shadowsocks|UDP: Failed to parse account: " + err.Error())
}
account := rawAccount.(*ShadowsocksAccount)
ivLen := account.Cipher.IVSize()
iv := payload.Value[:ivLen]
payload.SliceFrom(ivLen)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.New("Shadowsocks|UDP: Failed to initialize decoding stream: " + err.Error())
}
stream.XORKeyStream(payload.Value, payload.Value)
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
addrType := (payload.Value[0] & 0x0F)
if (payload.Value[0] & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) {
payloadLen := payload.Len() - AuthSize
authBytes := payload.Value[payloadLen:]
actualAuth := authenticator.Authenticate(nil, payload.Value[0:payloadLen])
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, errors.New("Shadowsocks|UDP: Invalid OTA.")
}
payload.Slice(0, payloadLen)
}
payload.SliceFrom(1)
switch addrType {
case AddrTypeIPv4:
request.Address = v2net.IPAddress(payload.Value[:4])
payload.SliceFrom(4)
case AddrTypeIPv6:
request.Address = v2net.IPAddress(payload.Value[:16])
payload.SliceFrom(16)
case AddrTypeDomain:
domainLength := int(payload.Value[0])
request.Address = v2net.DomainAddress(string(payload.Value[1 : 1+domainLength]))
payload.SliceFrom(1 + domainLength)
default:
return nil, nil, errors.New("Shadowsocks|UDP: Unknown address type")
}
request.Port = v2net.PortFromBytes(payload.Value[:2])
payload.SliceFrom(2)
return request, payload, nil
}
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, v2io.Reader, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to parse account: " + err.Error())
}
account := rawAccount.(*ShadowsocksAccount)
buffer := alloc.NewLocalBuffer(512)
defer buffer.Release()
ivLen := account.Cipher.IVSize()
_, err = io.ReadFull(reader, buffer.Value[:ivLen])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read IV: " + err.Error())
}
iv := append([]byte(nil), buffer.Value[:ivLen]...)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to initialize decoding stream: " + err.Error())
}
reader = crypto.NewCryptionReader(stream, reader)
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandTCP,
}
lenBuffer := 1
_, err = io.ReadFull(reader, buffer.Value[:1])
if err != nil {
return nil, nil, errors.New("Sahdowsocks|TCP: Failed to read address type: " + err.Error())
}
addrType := (buffer.Value[0] & 0x0F)
if (buffer.Value[0] & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
switch addrType {
case AddrTypeIPv4:
_, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+4])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read IPv4 address: " + err.Error())
}
request.Address = v2net.IPAddress(buffer.Value[lenBuffer : lenBuffer+4])
lenBuffer += 4
case AddrTypeIPv6:
_, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+16])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read IPv6 address: " + err.Error())
}
request.Address = v2net.IPAddress(buffer.Value[lenBuffer : lenBuffer+16])
lenBuffer += 16
case AddrTypeDomain:
_, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+1])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read domain lenth: " + err.Error())
}
domainLength := int(buffer.Value[lenBuffer])
lenBuffer++
_, err = io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+domainLength])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read domain: " + err.Error())
}
request.Address = v2net.DomainAddress(string(buffer.Value[lenBuffer : lenBuffer+domainLength]))
lenBuffer += domainLength
default:
return nil, nil, errors.New("Shadowsocks|TCP: Unknown address type.")
}
_, err = io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+2])
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read port: " + err.Error())
}
request.Port = v2net.PortFromBytes(buffer.Value[lenBuffer : lenBuffer+2])
lenBuffer += 2
if request.Option.Has(RequestOptionOneTimeAuth) {
authBytes := buffer.Value[lenBuffer : lenBuffer+AuthSize]
_, err = io.ReadFull(reader, authBytes)
if err != nil {
return nil, nil, errors.New("Shadowsocks|TCP: Failed to read OTA: " + err.Error())
}
actualAuth := authenticator.Authenticate(nil, buffer.Value[0:lenBuffer])
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, errors.New("Shadowsocks|TCP: Invalid OTA")
}
}
var chunkReader v2io.Reader
if request.Option.Has(RequestOptionOneTimeAuth) {
chunkReader = NewChunkReader(reader, NewAuthenticator(ChunkKeyGenerator(iv)))
} else {
chunkReader = v2io.NewAdaptiveReader(reader)
}
return request, chunkReader, nil
}