func Test_listenWSAndDial(t *testing.T) {
assert := assert.On(t)
(&Config{Pto: "ws", Path: "ws"}).Apply()
listen, err := ListenWS(v2net.DomainAddress("localhost"), 13142)
assert.Error(err).IsNil()
go func() {
conn, err := listen.Accept()
assert.Error(err).IsNil()
conn.Close()
conn, err = listen.Accept()
assert.Error(err).IsNil()
conn.Close()
conn, err = listen.Accept()
assert.Error(err).IsNil()
conn.Close()
listen.Close()
}()
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142))
assert.Error(err).IsNil()
conn.Close()
<-time.After(time.Second * 5)
conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142))
assert.Error(err).IsNil()
conn.Close()
<-time.After(time.Second * 15)
conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142))
assert.Error(err).IsNil()
conn.Close()
}
func TestDomainAddressEquals(t *testing.T) {
assert := assert.On(t)
addr := v2net.DomainAddress("v2ray.com")
assert.Bool(addr.Equals(nil)).IsFalse()
addr2 := v2net.DomainAddress("v2ray.com")
assert.Bool(addr.Equals(addr2)).IsTrue()
addr3 := v2net.DomainAddress("www.v2ray.com")
assert.Bool(addr.Equals(addr3)).IsFalse()
addr4 := v2net.IPAddress([]byte{1, 3, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5, 6})
assert.Bool(addr.Equals(addr4)).IsFalse()
}
func TestIPResolution(t *testing.T) {
assert := assert.On(t)
space := app.NewSpace()
space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, outbound.New())
space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space))
r := router.NewRouter(&router.Config{}, space)
space.BindApp(router.APP_ID, r)
dnsServer := dnsserver.NewCacheServer(space, &dns.Config{
Hosts: map[string]*v2net.IPOrDomain{
"v2ray.com": v2net.NewIPOrDomain(v2net.LocalHostIP),
},
})
space.BindApp(dns.APP_ID, dnsServer)
freedom := NewFreedomConnection(
&Config{DomainStrategy: Config_USE_IP},
space,
&proxy.OutboundHandlerMeta{
Address: v2net.AnyIP,
StreamSettings: &internet.StreamConfig{
Network: v2net.Network_RawTCP,
},
})
space.Initialize()
ipDest := freedom.ResolveIP(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), v2net.Port(80)))
assert.Destination(ipDest).IsTCP()
assert.Address(ipDest.Address).Equals(v2net.LocalHostIP)
}
func TestIPResolution(t *testing.T) {
assert := assert.On(t)
space := app.NewSpace()
space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager())
space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space))
r, _ := router.CreateRouter("rules", &rules.RouterRuleConfig{}, space)
space.BindApp(router.APP_ID, r)
dnsServer := dns.NewCacheServer(space, &dns.Config{
Hosts: map[string]net.IP{
"v2ray.com": net.IP([]byte{127, 0, 0, 1}),
},
})
space.BindApp(dns.APP_ID, dnsServer)
freedom := NewFreedomConnection(
&Config{DomainStrategy: DomainStrategyUseIP},
space,
&proxy.OutboundHandlerMeta{
Address: v2net.AnyIP,
StreamSettings: &internet.StreamSettings{
Type: internet.StreamConnectionTypeRawTCP,
},
})
space.Initialize()
ipDest := freedom.ResolveIP(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), v2net.Port(80)))
assert.Destination(ipDest).IsTCP()
assert.Address(ipDest.Address()).Equals(v2net.LocalHostIP)
}
func TestSourceIPRule(t *testing.T) {
assert := assert.On(t)
rule := ParseRule([]byte(`{
"type": "field",
"source": [
"10.0.0.0/8",
"192.0.0.0/24"
],
"outboundTag": "direct"
}`))
assert.Pointer(rule).IsNotNil()
cond, err := rule.BuildCondition()
assert.Error(err).IsNil()
assert.Bool(cond.Apply(&proxy.SessionInfo{
Source: v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80),
})).IsFalse()
assert.Bool(cond.Apply(&proxy.SessionInfo{
Source: v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80),
})).IsTrue()
assert.Bool(cond.Apply(&proxy.SessionInfo{
Source: v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80),
})).IsFalse()
assert.Bool(cond.Apply(&proxy.SessionInfo{
Source: v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80),
})).IsTrue()
}
func TestSimpleRouter(t *testing.T) {
assert := assert.On(t)
config := &Config{
Rule: []*RoutingRule{
{
Tag: "test",
NetworkList: &net.NetworkList{
Network: []net.Network{net.Network_TCP},
},
},
},
}
space := app.NewSpace()
ctx := app.ContextWithSpace(context.Background(), space)
assert.Error(app.AddApplicationToSpace(ctx, new(dns.Config))).IsNil()
assert.Error(app.AddApplicationToSpace(ctx, new(dispatcher.Config))).IsNil()
assert.Error(app.AddApplicationToSpace(ctx, new(proxyman.OutboundConfig))).IsNil()
assert.Error(app.AddApplicationToSpace(ctx, config)).IsNil()
assert.Error(space.Initialize()).IsNil()
r := FromSpace(space)
ctx = proxy.ContextWithDestination(ctx, net.TCPDestination(net.DomainAddress("v2ray.com"), 80))
tag, err := r.TakeDetour(ctx)
assert.Error(err).IsNil()
assert.String(tag).Equals("test")
}
func TestSimpleRouter(t *testing.T) {
assert := assert.On(t)
config := &Config{
Rule: []*RoutingRule{
{
Tag: "test",
NetworkList: &v2net.NetworkList{
Network: []v2net.Network{v2net.Network_TCP},
},
},
},
}
space := app.NewSpace()
space.BindApp(dns.APP_ID, dns.NewCacheServer(space, &dns.Config{}))
space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space))
space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager())
r := NewRouter(config, space)
space.BindApp(APP_ID, r)
assert.Error(space.Initialize()).IsNil()
tag, err := r.TakeDetour(&proxy.SessionInfo{Destination: v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80)})
assert.Error(err).IsNil()
assert.String(tag).Equals("test")
}
func Test_Connect_wss_guess_reuse(t *testing.T) {
assert := assert.On(t)
(&Config{Pto: "", Path: "", ConnectionReuse: true}).Apply()
i := 3
for i != 0 {
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("echo.websocket.org"), 443))
assert.Error(err).IsNil()
conn.Write([]byte("echo"))
s := make(chan int)
go func() {
buf := make([]byte, 4)
conn.Read(buf)
str := string(buf)
if str != "echo" {
assert.Fail("Data mismatch")
}
s <- 0
}()
<-s
if i == 0 {
conn.SetDeadline(time.Now())
conn.SetReadDeadline(time.Now())
conn.SetWriteDeadline(time.Now())
conn.SetReusable(false)
}
conn.Close()
i--
}
}
func Test_listenWSAndDial_TLS(t *testing.T) {
assert := assert.On(t)
go func() {
<-time.After(time.Second * 5)
assert.Fail("Too slow")
}()
listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143, internet.ListenOptions{
Stream: &internet.StreamConfig{
SecurityType: serial.GetMessageType(new(v2tls.Config)),
SecuritySettings: []*serial.TypedMessage{serial.ToTypedMessage(&v2tls.Config{
Certificate: []*v2tls.Certificate{tlsgen.GenerateCertificateForTest()},
})},
Protocol: internet.TransportProtocol_WebSocket,
TransportSettings: []*internet.TransportConfig{
{
Protocol: internet.TransportProtocol_WebSocket,
Settings: serial.ToTypedMessage(&Config{
Path: "wss",
ConnectionReuse: &ConnectionReuse{
Enable: true,
},
}),
},
},
},
})
assert.Error(err).IsNil()
go func() {
conn, err := listen.Accept()
assert.Error(err).IsNil()
conn.Close()
listen.Close()
}()
ctx := internet.ContextWithTransportSettings(context.Background(), &Config{
Path: "wss",
ConnectionReuse: &ConnectionReuse{
Enable: true,
},
})
ctx = internet.ContextWithSecuritySettings(ctx, &v2tls.Config{
AllowInsecure: true,
})
conn, err := Dial(ctx, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143))
assert.Error(err).IsNil()
conn.Close()
}
func Test_listenWSAndDial_TLS(t *testing.T) {
assert := assert.On(t)
go func() {
<-time.After(time.Second * 5)
assert.Fail("Too slow")
}()
(&Config{Pto: "wss", Path: "wss", ConnectionReuse: true, DeveloperInsecureSkipVerify: true, PrivKey: "./../../../testing/tls/key.pem", Cert: "./../../../testing/tls/cert.pem"}).Apply()
listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143)
assert.Error(err).IsNil()
go func() {
conn, err := listen.Accept()
assert.Error(err).IsNil()
conn.Close()
listen.Close()
}()
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143))
assert.Error(err).IsNil()
conn.Close()
}
func TestDomainRule(t *testing.T) {
assert := assert.On(t)
rule := ParseRule([]byte(`{
"type": "field",
"domain": [
"ooxx.com",
"oxox.com",
"regexp:\\.cn$"
],
"network": "tcp",
"outboundTag": "direct"
}`))
assert.Pointer(rule).IsNotNil()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80))).IsTrue()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.aabb.com"), 80))).IsFalse()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80))).IsFalse()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.12306.cn"), 80))).IsTrue()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.acn.com"), 80))).IsFalse()
}
func TestDomainAddress(t *testing.T) {
assert := assert.On(t)
domain := "v2ray.com"
addr := v2net.DomainAddress(domain)
assert.Address(addr).IsDomain()
assert.Address(addr).IsNotIPv6()
assert.Address(addr).IsNotIPv4()
assert.String(addr.Domain()).Equals(domain)
assert.Address(addr).EqualsString("v2ray.com")
}
func TestDialDomain(t *testing.T) {
assert := assert.On(t)
server := &tcp.Server{}
dest, err := server.Start()
assert.Error(err).IsNil()
defer server.Close()
conn, err := DialToDest(nil, v2net.TCPDestination(v2net.DomainAddress("local.v2ray.com"), dest.Port))
assert.Error(err).IsNil()
assert.String(conn.RemoteAddr().String()).Equals("127.0.0.1:" + dest.Port.String())
conn.Close()
}
func TestUDPDestinationEquals(t *testing.T) {
assert := assert.On(t)
dest := v2net.UDPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80)
assert.Bool(dest.Equals(nil)).IsFalse()
dest2 := v2net.UDPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80)
assert.Bool(dest.Equals(dest2)).IsTrue()
dest3 := v2net.TCPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80)
assert.Bool(dest.Equals(dest3)).IsFalse()
dest4 := v2net.UDPDestination(v2net.DomainAddress("v2ray.com"), 80)
assert.Bool(dest.Equals(dest4)).IsFalse()
}
func TestIPRule(t *testing.T) {
assert := assert.On(t)
rule := ParseRule([]byte(`{
"type": "field",
"ip": [
"10.0.0.0/8",
"192.0.0.0/24"
],
"network": "tcp",
"outboundTag": "direct"
}`))
assert.Pointer(rule).IsNotNil()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80))).IsFalse()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80))).IsTrue()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80))).IsFalse()
assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80))).IsTrue()
}
func TestUDPReaderWriter(t *testing.T) {
assert := assert.On(t)
user := &protocol.User{
Account: serial.ToTypedMessage(&Account{
Password: "******",
CipherType: CipherType_CHACHA20_IEFT,
}),
}
cache := buf.New()
writer := &UDPWriter{
Writer: cache,
Request: &protocol.RequestHeader{
Version: Version,
Address: v2net.DomainAddress("v2ray.com"),
Port: 123,
User: user,
Option: RequestOptionOneTimeAuth,
},
}
reader := &UDPReader{
Reader: cache,
User: user,
}
b := buf.New()
b.AppendSupplier(serial.WriteString("test payload"))
err := writer.Write(b)
assert.Error(err).IsNil()
payload, err := reader.Read()
assert.Error(err).IsNil()
assert.String(payload.String()).Equals("test payload")
b = buf.New()
b.AppendSupplier(serial.WriteString("test payload 2"))
err = writer.Write(b)
assert.Error(err).IsNil()
payload, err = reader.Read()
assert.Error(err).IsNil()
assert.String(payload.String()).Equals("test payload 2")
}
func Test_Connect_wss_guess(t *testing.T) {
assert := assert.On(t)
(&Config{Pto: "", Path: ""}).Apply()
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("echo.websocket.org"), 443))
assert.Error(err).IsNil()
conn.Write([]byte("echo"))
s := make(chan int)
go func() {
buf := make([]byte, 4)
conn.Read(buf)
str := string(buf)
if str != "echo" {
assert.Fail("Data mismatch")
}
s <- 0
}()
<-s
conn.Close()
}
func (this *Config) UnmarshalJSON(data []byte) error {
type JsonConfig struct {
Port v2net.Port `json:"port"` // Port of this Point server.
LogConfig *LogConfig `json:"log"`
RouterConfig *router.Config `json:"routing"`
DNSConfig *dns.Config `json:"dns"`
InboundConfig *InboundConnectionConfig `json:"inbound"`
OutboundConfig *OutboundConnectionConfig `json:"outbound"`
InboundDetours []*InboundDetourConfig `json:"inboundDetour"`
OutboundDetours []*OutboundDetourConfig `json:"outboundDetour"`
Transport *transport.Config `json:"transport"`
}
jsonConfig := new(JsonConfig)
if err := json.Unmarshal(data, jsonConfig); err != nil {
return errors.New("Point: Failed to parse config: " + err.Error())
}
this.Port = jsonConfig.Port
this.LogConfig = jsonConfig.LogConfig
this.RouterConfig = jsonConfig.RouterConfig
if jsonConfig.InboundConfig == nil {
return errors.New("Point: Inbound config is not specified.")
}
this.InboundConfig = jsonConfig.InboundConfig
if jsonConfig.OutboundConfig == nil {
return errors.New("Point: Outbound config is not specified.")
}
this.OutboundConfig = jsonConfig.OutboundConfig
this.InboundDetours = jsonConfig.InboundDetours
this.OutboundDetours = jsonConfig.OutboundDetours
if jsonConfig.DNSConfig == nil {
jsonConfig.DNSConfig = &dns.Config{
NameServers: []v2net.Destination{
v2net.UDPDestination(v2net.DomainAddress("localhost"), v2net.Port(53)),
},
}
}
this.DNSConfig = jsonConfig.DNSConfig
this.TransportConfig = jsonConfig.Transport
return nil
}
func TestRequestSerialization(t *testing.T) {
assert := assert.On(t)
user := &protocol.User{
Level: 0,
Email: "*****@*****.**",
}
account := &vmess.Account{
Id: uuid.New().String(),
AlterId: 0,
}
user.Account = serial.ToTypedMessage(account)
expectedRequest := &protocol.RequestHeader{
Version: 1,
User: user,
Command: protocol.RequestCommandTCP,
Option: protocol.RequestOptionConnectionReuse,
Address: v2net.DomainAddress("www.v2ray.com"),
Port: v2net.Port(443),
Security: protocol.Security(protocol.SecurityType_AES128_GCM),
}
buffer := buf.New()
client := NewClientSession(protocol.DefaultIDHash)
client.EncodeRequestHeader(expectedRequest, buffer)
userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash)
userValidator.Add(user)
server := NewServerSession(userValidator)
actualRequest, err := server.DecodeRequestHeader(buffer)
assert.Error(err).IsNil()
assert.Byte(expectedRequest.Version).Equals(actualRequest.Version)
assert.Byte(byte(expectedRequest.Command)).Equals(byte(actualRequest.Command))
assert.Byte(byte(expectedRequest.Option)).Equals(byte(actualRequest.Option))
assert.Address(expectedRequest.Address).Equals(actualRequest.Address)
assert.Port(expectedRequest.Port).Equals(actualRequest.Port)
assert.Byte(byte(expectedRequest.Security)).Equals(byte(actualRequest.Security))
}
func TestServerSpecUser(t *testing.T) {
assert := assert.On(t)
account := &TestAccount{
id: 0,
}
user := NewUser(UserLevel(0), "")
user.Account = account
rec := NewServerSpec(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80), AlwaysValid(), user)
assert.Bool(rec.HasUser(user)).IsTrue()
account2 := &TestAccount{
id: 1,
}
user2 := NewUser(UserLevel(0), "")
user2.Account = account2
assert.Bool(rec.HasUser(user2)).IsFalse()
rec.AddUser(user2)
assert.Bool(rec.HasUser(user2)).IsTrue()
}
func TestUDPReaderWriter(t *testing.T) {
assert := assert.On(t)
user := &protocol.User{
Account: loader.NewTypedSettings(&Account{
Password: "******",
CipherType: CipherType_CHACHA20_IEFT,
}),
}
cache := alloc.NewBuffer().Clear()
writer := &UDPWriter{
Writer: cache,
Request: &protocol.RequestHeader{
Version: Version,
Address: v2net.DomainAddress("v2ray.com"),
Port: 123,
User: user,
Option: RequestOptionOneTimeAuth,
},
}
reader := &UDPReader{
Reader: cache,
User: user,
}
err := writer.Write(alloc.NewBuffer().Clear().AppendString("test payload"))
assert.Error(err).IsNil()
payload, err := reader.Read()
assert.Error(err).IsNil()
assert.String(payload.String()).Equals("test payload")
err = writer.Write(alloc.NewBuffer().Clear().AppendString("test payload 2"))
assert.Error(err).IsNil()
payload, err = reader.Read()
assert.Error(err).IsNil()
assert.String(payload.String()).Equals("test payload 2")
}
func parseHost(rawHost string, defaultPort v2net.Port) (v2net.Destination, error) {
port := defaultPort
host, rawPort, err := net.SplitHostPort(rawHost)
if err != nil {
if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") {
host = rawHost
} else {
return v2net.Destination{}, err
}
} else {
intPort, err := strconv.Atoi(rawPort)
if err != nil {
return v2net.Destination{}, err
}
port = v2net.Port(intPort)
}
if ip := net.ParseIP(host); ip != nil {
return v2net.TCPDestination(v2net.IPAddress(ip), port), nil
}
return v2net.TCPDestination(v2net.DomainAddress(host), port), nil
}
func TestRequestSerialization(t *testing.T) {
assert := assert.On(t)
user := protocol.NewUser(
protocol.UserLevelUntrusted,
"*****@*****.**")
user.Account = &vmess.Account{
ID: protocol.NewID(uuid.New()),
AlterIDs: nil,
}
expectedRequest := &protocol.RequestHeader{
Version: 1,
User: user,
Command: protocol.RequestCommandTCP,
Option: protocol.RequestOption(0),
Address: v2net.DomainAddress("www.v2ray.com"),
Port: v2net.Port(443),
}
buffer := alloc.NewBuffer().Clear()
client := NewClientSession(protocol.DefaultIDHash)
client.EncodeRequestHeader(expectedRequest, buffer)
userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash)
userValidator.Add(user)
server := NewServerSession(userValidator)
actualRequest, err := server.DecodeRequestHeader(buffer)
assert.Error(err).IsNil()
assert.Byte(expectedRequest.Version).Equals(actualRequest.Version)
assert.Byte(byte(expectedRequest.Command)).Equals(byte(actualRequest.Command))
assert.Byte(byte(expectedRequest.Option)).Equals(byte(actualRequest.Option))
assert.Address(expectedRequest.Address).Equals(actualRequest.Address)
assert.Port(expectedRequest.Port).Equals(actualRequest.Port)
}
func TestSimpleRouter(t *testing.T) {
assert := assert.On(t)
config := &RouterRuleConfig{
Rules: []*Rule{
{
Tag: "test",
Condition: NewNetworkMatcher(v2net.Network("tcp").AsList()),
},
},
}
space := app.NewSpace()
space.BindApp(dns.APP_ID, dns.NewCacheServer(space, &dns.Config{}))
space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space))
space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager())
r := NewRouter(config, space)
space.BindApp(router.APP_ID, r)
assert.Error(space.Initialize()).IsNil()
tag, err := r.TakeDetour(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80))
assert.Error(err).IsNil()
assert.String(tag).Equals("test")
}
func Test_listenWSAndDial_TLS(t *testing.T) {
assert := assert.On(t)
go func() {
<-time.After(time.Second * 5)
assert.Fail("Too slow")
}()
tlsSettings := &v2tls.Config{
AllowInsecure: true,
Certificate: []*v2tls.Certificate{
{
Certificate: ReadFile("./../../../testing/tls/cert.pem", assert),
Key: ReadFile("./../../../testing/tls/key.pem", assert),
},
},
}
listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143, internet.ListenOptions{
Stream: &internet.StreamConfig{
SecurityType: loader.GetType(new(v2tls.Config)),
SecuritySettings: []*loader.TypedSettings{loader.NewTypedSettings(tlsSettings)},
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "wss",
ConnectionReuse: &ConnectionReuse{
Enable: true,
},
}),
},
},
},
})
assert.Error(err).IsNil()
go func() {
conn, err := listen.Accept()
assert.Error(err).IsNil()
conn.Close()
listen.Close()
}()
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143), internet.DialerOptions{
Stream: &internet.StreamConfig{
SecurityType: loader.GetType(new(v2tls.Config)),
SecuritySettings: []*loader.TypedSettings{loader.NewTypedSettings(tlsSettings)},
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "wss",
ConnectionReuse: &ConnectionReuse{
Enable: true,
},
}),
},
},
},
})
assert.Error(err).IsNil()
conn.Close()
}
func Test_listenWSAndDial(t *testing.T) {
assert := assert.On(t)
listen, err := ListenWS(v2net.DomainAddress("localhost"), 13146, internet.ListenOptions{
Stream: &internet.StreamConfig{
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "ws",
}),
},
},
},
})
assert.Error(err).IsNil()
go func() {
conn, err := listen.Accept()
assert.Error(err).IsNil()
conn.Close()
conn, err = listen.Accept()
assert.Error(err).IsNil()
conn.Close()
conn, err = listen.Accept()
assert.Error(err).IsNil()
conn.Close()
listen.Close()
}()
conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{
Stream: &internet.StreamConfig{
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "ws",
}),
},
},
},
})
assert.Error(err).IsNil()
conn.Close()
<-time.After(time.Second * 5)
conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{
Stream: &internet.StreamConfig{
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "ws",
}),
},
},
},
})
assert.Error(err).IsNil()
conn.Close()
<-time.After(time.Second * 15)
conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{
Stream: &internet.StreamConfig{
Network: v2net.Network_WebSocket,
NetworkSettings: []*internet.NetworkSettings{
{
Network: v2net.Network_WebSocket,
Settings: loader.NewTypedSettings(&Config{
Path: "ws",
}),
},
},
},
})
assert.Error(err).IsNil()
conn.Close()
}
func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
ivLen := account.Cipher.IVSize()
iv := payload.BytesTo(ivLen)
payload.SliceFrom(ivLen)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to initialize decoding stream.")
}
stream.XORKeyStream(payload.Bytes(), payload.Bytes())
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandUDP,
}
addrType := (payload.Byte(0) & 0x0F)
if (payload.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.")
}
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.")
}
if request.Option.Has(RequestOptionOneTimeAuth) {
payloadLen := payload.Len() - AuthSize
authBytes := payload.BytesFrom(payloadLen)
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(payload.BytesTo(payloadLen))(actualAuth)
if !bytes.Equal(actualAuth, authBytes) {
return nil, nil, errors.New("Shadowsocks|UDP: Invalid OTA.")
}
payload.Slice(0, payloadLen)
}
payload.SliceFrom(1)
switch addrType {
case AddrTypeIPv4:
request.Address = v2net.IPAddress(payload.BytesTo(4))
payload.SliceFrom(4)
case AddrTypeIPv6:
request.Address = v2net.IPAddress(payload.BytesTo(16))
payload.SliceFrom(16)
case AddrTypeDomain:
domainLength := int(payload.Byte(0))
request.Address = v2net.DomainAddress(string(payload.BytesRange(1, 1+domainLength)))
payload.SliceFrom(1 + domainLength)
default:
return nil, nil, errors.New("Shadowsocks|UDP: Unknown address type: ", addrType)
}
request.Port = v2net.PortFromBytes(payload.BytesTo(2))
payload.SliceFrom(2)
return request, payload, nil
}
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) {
rawAccount, err := user.GetTypedAccount()
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.")
}
account := rawAccount.(*ShadowsocksAccount)
buffer := buf.NewLocal(512)
defer buffer.Release()
ivLen := account.Cipher.IVSize()
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, ivLen))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.")
}
iv := append([]byte(nil), buffer.BytesTo(ivLen)...)
stream, err := account.Cipher.NewDecodingStream(account.Key, iv)
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.")
}
reader = crypto.NewCryptionReader(stream, reader)
authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
request := &protocol.RequestHeader{
Version: Version,
User: user,
Command: protocol.RequestCommandTCP,
}
buffer.Clear()
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 1))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read address type.")
}
addrType := (buffer.Byte(0) & 0x0F)
if (buffer.Byte(0) & 0x10) == 0x10 {
request.Option |= RequestOptionOneTimeAuth
}
if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.")
}
if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.")
}
switch addrType {
case AddrTypeIPv4:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 4))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv4 address.")
}
request.Address = v2net.IPAddress(buffer.BytesFrom(-4))
case AddrTypeIPv6:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 16))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv6 address.")
}
request.Address = v2net.IPAddress(buffer.BytesFrom(-16))
case AddrTypeDomain:
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 1))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain lenth.")
}
domainLength := int(buffer.BytesFrom(-1)[0])
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, domainLength))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain.")
}
request.Address = v2net.DomainAddress(string(buffer.BytesFrom(-domainLength)))
default:
// Check address validity after OTA verification.
}
err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 2))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read port.")
}
request.Port = v2net.PortFromBytes(buffer.BytesFrom(-2))
if request.Option.Has(RequestOptionOneTimeAuth) {
actualAuth := make([]byte, AuthSize)
authenticator.Authenticate(buffer.Bytes())(actualAuth)
err := buffer.AppendSupplier(buf.ReadFullFrom(reader, AuthSize))
if err != nil {
return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read OTA.")
}
if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) {
return nil, nil, errors.New("Shadowsocks|TCP: Invalid OTA")
}
}
if request.Address == nil {
return nil, nil, errors.New("Shadowsocks|TCP: Invalid remote address.")
}
var chunkReader buf.Reader
if request.Option.Has(RequestOptionOneTimeAuth) {
chunkReader = NewChunkReader(reader, NewAuthenticator(ChunkKeyGenerator(iv)))
} else {
chunkReader = buf.NewReader(reader)
}
return request, chunkReader, nil
}
func (this *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) {
buffer := make([]byte, 512)
_, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen])
if err != nil {
log.Info("Raw: Failed to read request header: ", err)
return nil, io.EOF
}
user, timestamp, valid := this.userValidator.Get(buffer[:protocol.IDBytesLen])
if !valid {
return nil, protocol.ErrInvalidUser
}
timestampHash := md5.New()
timestampHash.Write(hashTimestamp(timestamp))
iv := timestampHash.Sum(nil)
account := user.Account.(*vmess.Account)
aesStream := crypto.NewAesDecryptionStream(account.ID.CmdKey(), iv)
decryptor := crypto.NewCryptionReader(aesStream, reader)
nBytes, err := io.ReadFull(decryptor, buffer[:41])
if err != nil {
log.Debug("Raw: Failed to read request header (", nBytes, " bytes): ", err)
return nil, err
}
bufferLen := nBytes
request := &protocol.RequestHeader{
User: user,
Version: buffer[0],
}
if request.Version != Version {
log.Info("Raw: Invalid protocol version ", request.Version)
return nil, protocol.ErrInvalidVersion
}
this.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes
this.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes
this.responseHeader = buffer[33] // 1 byte
request.Option = protocol.RequestOption(buffer[34]) // 1 byte + 2 bytes reserved
request.Command = protocol.RequestCommand(buffer[37])
request.Port = v2net.PortFromBytes(buffer[38:40])
switch buffer[40] {
case AddrTypeIPv4:
nBytes, err = io.ReadFull(decryptor, buffer[41:45]) // 4 bytes
bufferLen += 4
if err != nil {
log.Debug("VMess: Failed to read target IPv4 (", nBytes, " bytes): ", err)
return nil, err
}
request.Address = v2net.IPAddress(buffer[41:45])
case AddrTypeIPv6:
nBytes, err = io.ReadFull(decryptor, buffer[41:57]) // 16 bytes
bufferLen += 16
if err != nil {
log.Debug("VMess: Failed to read target IPv6 (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
request.Address = v2net.IPAddress(buffer[41:57])
case AddrTypeDomain:
nBytes, err = io.ReadFull(decryptor, buffer[41:42])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
domainLength := int(buffer[41])
if domainLength == 0 {
return nil, transport.ErrCorruptedPacket
}
nBytes, err = io.ReadFull(decryptor, buffer[42:42+domainLength])
if err != nil {
log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
bufferLen += 1 + domainLength
request.Address = v2net.DomainAddress(string(buffer[42 : 42+domainLength]))
}
nBytes, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+4])
if err != nil {
log.Debug("VMess: Failed to read checksum (", nBytes, " bytes): ", nBytes, err)
return nil, err
}
fnv1a := fnv.New32a()
fnv1a.Write(buffer[:bufferLen])
actualHash := fnv1a.Sum32()
expectedHash := serial.BytesToUint32(buffer[bufferLen : bufferLen+4])
if actualHash != expectedHash {
return nil, transport.ErrCorruptedPacket
}
return request, nil
}
func TestIPRule(t *testing.T) {
assert := assert.On(t)
rule := ParseRule([]byte(`{
"type": "field",
"ip": [
"10.0.0.0/8",
"192.0.0.0/24"
],
"network": "tcp",
"outboundTag": "direct"
}`))
assert.Pointer(rule).IsNotNil()
cond, err := rule.BuildCondition()
assert.Error(err).IsNil()
assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80)))).IsFalse()
assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80)))).IsTrue()
assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80)))).IsFalse()
assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80)))).IsTrue()
}
