func (this *VMessOutboundHandler) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error {
vNextAddress, vNextUser := this.receiverManager.PickReceiver()
command := protocol.CmdTCP
if firstPacket.Destination().IsUDP() {
command = protocol.CmdUDP
}
request := &protocol.VMessRequest{
Version: protocol.Version,
User: vNextUser,
Command: command,
Address: firstPacket.Destination().Address(),
Port: firstPacket.Destination().Port(),
}
buffer := alloc.NewSmallBuffer()
defer buffer.Release() // Buffer is released after communication finishes.
v2net.ReadAllBytes(rand.Reader, buffer.Value[:33]) // 16 + 16 + 1
buffer.Value[33] = 0
buffer.Value[34] = 0
buffer.Value[35] = 0
request.RequestIV = buffer.Value[:16]
request.RequestKey = buffer.Value[16:32]
request.ResponseHeader = buffer.Value[32:36]
return startCommunicate(request, vNextAddress, ray, firstPacket)
}
func (handler *VMessOutboundHandler) Dispatch(firstPacket v2net.Packet, ray ray.OutboundRay) error {
vNextList := handler.vNextList
if firstPacket.Destination().IsUDP() {
vNextList = handler.vNextListUDP
}
vNextAddress, vNextUser := pickVNext(vNextList)
command := protocol.CmdTCP
if firstPacket.Destination().IsUDP() {
command = protocol.CmdUDP
}
request := &protocol.VMessRequest{
Version: protocol.Version,
User: vNextUser,
Command: command,
Address: firstPacket.Destination().Address(),
}
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
v2net.ReadAllBytes(rand.Reader, buffer.Value[:36]) // 16 + 16 + 4
request.RequestIV = buffer.Value[:16]
request.RequestKey = buffer.Value[16:32]
request.ResponseHeader = buffer.Value[32:36]
return startCommunicate(request, vNextAddress, ray, firstPacket)
}
func handleResponse(conn net.Conn, request *protocol.VMessRequest, output chan<- *alloc.Buffer, finish *sync.Mutex, isUDP bool) {
defer finish.Unlock()
defer close(output)
responseKey := md5.Sum(request.RequestKey[:])
responseIV := md5.Sum(request.RequestIV[:])
aesStream, err := v2crypto.NewAesDecryptionStream(responseKey[:], responseIV[:])
if err != nil {
log.Error("VMessOut: Failed to create AES encryption stream: ", err)
return
}
decryptResponseReader := v2crypto.NewCryptionReader(aesStream, conn)
buffer, err := v2net.ReadFrom(decryptResponseReader, nil)
if err != nil {
log.Error("VMessOut: Failed to read VMess response (", buffer.Len(), " bytes): ", err)
buffer.Release()
return
}
if buffer.Len() < 4 || !headerMatch(request, buffer.Value[:2]) {
log.Warning("VMessOut: unexepcted response header. The connection is probably hijacked.")
return
}
log.Info("VMessOut received ", buffer.Len()-4, " bytes from ", conn.RemoteAddr())
responseBegin := 4
if buffer.Value[2] != 0 {
dataLen := int(buffer.Value[3])
if buffer.Len() < dataLen+4 { // Rare case
diffBuffer := make([]byte, dataLen+4-buffer.Len())
v2net.ReadAllBytes(decryptResponseReader, diffBuffer)
buffer.Append(diffBuffer)
}
command := buffer.Value[2]
data := buffer.Value[4 : 4+dataLen]
go handleCommand(command, data)
responseBegin = 4 + dataLen
}
buffer.SliceFrom(responseBegin)
output <- buffer
if !isUDP {
v2net.ReaderToChan(output, decryptResponseReader)
}
return
}
func ReadRequest(reader io.Reader) (*Request, error) {
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
_, err := v2net.ReadAllBytes(reader, buffer.Value[:1])
if err != nil {
log.Error("Shadowsocks: Failed to read address type: ", err)
return nil, transport.CorruptedPacket
}
request := new(Request)
addrType := buffer.Value[0]
switch addrType {
case AddrTypeIPv4:
_, err := v2net.ReadAllBytes(reader, buffer.Value[:4])
if err != nil {
log.Error("Shadowsocks: Failed to read IPv4 address: ", err)
return nil, transport.CorruptedPacket
}
request.Address = v2net.IPAddress(buffer.Value[:4])
case AddrTypeIPv6:
_, err := v2net.ReadAllBytes(reader, buffer.Value[:16])
if err != nil {
log.Error("Shadowsocks: Failed to read IPv6 address: ", err)
return nil, transport.CorruptedPacket
}
request.Address = v2net.IPAddress(buffer.Value[:16])
case AddrTypeDomain:
_, err := v2net.ReadAllBytes(reader, buffer.Value[:1])
if err != nil {
log.Error("Shadowsocks: Failed to read domain lenth: ", err)
return nil, transport.CorruptedPacket
}
domainLength := int(buffer.Value[0])
_, err = v2net.ReadAllBytes(reader, buffer.Value[:domainLength])
if err != nil {
log.Error("Shadowsocks: Failed to read domain: ", err)
return nil, transport.CorruptedPacket
}
request.Address = v2net.DomainAddress(string(buffer.Value[:domainLength]))
default:
log.Error("Shadowsocks: Unknown address type: ", addrType)
return nil, transport.CorruptedPacket
}
_, err = v2net.ReadAllBytes(reader, buffer.Value[:2])
if err != nil {
log.Error("Shadowsocks: Failed to read port: ", err)
return nil, transport.CorruptedPacket
}
request.Port = v2net.PortFromBytes(buffer.Value[:2])
return request, nil
}
// Read reads a VMessRequest from a byte stream.
func (r *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) {
buffer := alloc.NewSmallBuffer()
nBytes, err := v2net.ReadAllBytes(reader, buffer.Value[:config.IDBytesLen])
if err != nil {
return nil, err
}
userId, timeSec, valid := r.vUserSet.GetUser(buffer.Value[:nBytes])
if !valid {
return nil, proxy.InvalidAuthentication
}
aesCipher, err := aes.NewCipher(userId.CmdKey())
if err != nil {
return nil, err
}
aesStream := cipher.NewCFBDecrypter(aesCipher, user.Int64Hash(timeSec))
decryptor := v2io.NewCryptionReader(aesStream, reader)
if err != nil {
return nil, err
}
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[:41])
if err != nil {
return nil, err
}
bufferLen := nBytes
request := &VMessRequest{
UserId: *userId,
Version: buffer.Value[0],
}
if request.Version != Version {
log.Warning("Invalid protocol version %d", request.Version)
return nil, proxy.InvalidProtocolVersion
}
request.RequestIV = buffer.Value[1:17] // 16 bytes
request.RequestKey = buffer.Value[17:33] // 16 bytes
request.ResponseHeader = buffer.Value[33:37] // 4 bytes
request.Command = buffer.Value[37]
port := binary.BigEndian.Uint16(buffer.Value[38:40])
switch buffer.Value[40] {
case addrTypeIPv4:
_, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:45]) // 4 bytes
bufferLen += 4
if err != nil {
return nil, err
}
request.Address = v2net.IPAddress(buffer.Value[41:45], port)
case addrTypeIPv6:
_, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:57]) // 16 bytes
bufferLen += 16
if err != nil {
return nil, err
}
request.Address = v2net.IPAddress(buffer.Value[41:57], port)
case addrTypeDomain:
_, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:42])
if err != nil {
return nil, err
}
domainLength := int(buffer.Value[41])
_, err = v2net.ReadAllBytes(decryptor, buffer.Value[42:42+domainLength])
if err != nil {
return nil, err
}
bufferLen += 1 + domainLength
request.Address = v2net.DomainAddress(string(buffer.Value[42:42+domainLength]), port)
}
_, err = v2net.ReadAllBytes(decryptor, buffer.Value[bufferLen:bufferLen+4])
if err != nil {
return nil, err
}
fnv1a := fnv.New32a()
fnv1a.Write(buffer.Value[:bufferLen])
actualHash := fnv1a.Sum32()
expectedHash := binary.BigEndian.Uint32(buffer.Value[bufferLen : bufferLen+4])
if actualHash != expectedHash {
return nil, transport.CorruptedPacket
}
return request, nil
}
// Read reads a VMessRequest from a byte stream.
func (this *VMessRequestReader) Read(reader io.Reader) (*VMessRequest, error) {
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
nBytes, err := v2net.ReadAllBytes(reader, buffer.Value[:vmess.IDBytesLen])
if err != nil {
log.Debug("VMess: Failed to read request ID (", nBytes, " bytes): ", err)
return nil, err
}
userObj, timeSec, valid := this.vUserSet.GetUser(buffer.Value[:nBytes])
if !valid {
return nil, proxy.InvalidAuthentication
}
timestampHash := TimestampHash()
timestampHash.Write(timeSec.HashBytes())
iv := timestampHash.Sum(nil)
aesStream, err := v2crypto.NewAesDecryptionStream(userObj.ID.CmdKey(), iv)
if err != nil {
log.Debug("VMess: Failed to create AES stream: ", err)
return nil, err
}
decryptor := v2crypto.NewCryptionReader(aesStream, reader)
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[:41])
if err != nil {
log.Debug("VMess: Failed to read request header (", nBytes, " bytes): ", err)
return nil, err
}
bufferLen := nBytes
request := &VMessRequest{
User: userObj,
Version: buffer.Value[0],
}
if request.Version != Version {
log.Warning("VMess: Invalid protocol version ", request.Version)
return nil, proxy.InvalidProtocolVersion
}
request.RequestIV = append([]byte(nil), buffer.Value[1:17]...) // 16 bytes
request.RequestKey = append([]byte(nil), buffer.Value[17:33]...) // 16 bytes
request.ResponseHeader = append([]byte(nil), buffer.Value[33:37]...) // 4 bytes
request.Command = buffer.Value[37]
request.Port = v2net.PortFromBytes(buffer.Value[38:40])
switch buffer.Value[40] {
case addrTypeIPv4:
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:45]) // 4 bytes
bufferLen += 4
if err != nil {
log.Debug("VMess: Failed to read target IPv4 (", nBytes, " bytes): ", err)
return nil, err
}
request.Address = v2net.IPAddress(buffer.Value[41:45])
case addrTypeIPv6:
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:57]) // 16 bytes
bufferLen += 16
if err != nil {
log.Debug("VMess: Failed to read target IPv6 (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
request.Address = v2net.IPAddress(buffer.Value[41:57])
case addrTypeDomain:
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[41:42])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
domainLength := int(buffer.Value[41])
if domainLength == 0 {
return nil, transport.CorruptedPacket
}
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[42:42+domainLength])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
bufferLen += 1 + domainLength
domainBytes := append([]byte(nil), buffer.Value[42:42+domainLength]...)
request.Address = v2net.DomainAddress(string(domainBytes))
}
nBytes, err = v2net.ReadAllBytes(decryptor, buffer.Value[bufferLen:bufferLen+4])
if err != nil {
log.Debug("VMess: Failed to read checksum (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
fnv1a := fnv.New32a()
fnv1a.Write(buffer.Value[:bufferLen])
actualHash := fnv1a.Sum32()
expectedHash := binary.BigEndian.Uint32(buffer.Value[bufferLen : bufferLen+4])
if actualHash != expectedHash {
return nil, transport.CorruptedPacket
}
return request, nil
}
func (this *Shadowsocks) handleConnection(conn *listener.TCPConn) {
defer conn.Close()
buffer := alloc.NewSmallBuffer()
defer buffer.Release()
_, err := v2net.ReadAllBytes(conn, buffer.Value[:this.config.Cipher.IVSize()])
if err != nil {
log.Error("Shadowsocks: Failed to read IV: ", err)
return
}
iv := buffer.Value[:this.config.Cipher.IVSize()]
key := this.config.Key
reader, err := this.config.Cipher.NewDecodingStream(key, iv, conn)
if err != nil {
log.Error("Shadowsocks: Failed to create decoding stream: ", err)
return
}
request, err := ReadRequest(reader)
if err != nil {
return
}
packet := v2net.NewPacket(v2net.TCPDestination(request.Address, request.Port), nil, true)
ray := this.space.PacketDispatcher().DispatchToOutbound(packet)
respIv := make([]byte, this.config.Cipher.IVSize())
rand.Read(respIv)
writer, err := this.config.Cipher.NewEncodingStream(key, respIv, conn)
if err != nil {
log.Error("Shadowsocks: Failed to create encoding stream: ", err)
return
}
var writeFinish sync.Mutex
writeFinish.Lock()
go func() {
firstChunk := alloc.NewBuffer().Clear()
defer firstChunk.Release()
firstChunk.Append(respIv)
if payload, ok := <-ray.InboundOutput(); ok {
firstChunk.Append(payload.Value)
payload.Release()
writer.Write(firstChunk.Value)
v2net.ChanToWriter(writer, ray.InboundOutput())
}
writeFinish.Unlock()
}()
v2net.ReaderToChan(ray.InboundInput(), reader)
close(ray.InboundInput())
writeFinish.Lock()
}