func (server *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error { expectedAuthMethod := protocol.AuthNotRequired if server.config.IsPassword() { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } log.Warning("Socks client doesn't support allowed any auth methods.") return UnsupportedAuthMethod } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } if server.config.IsPassword() { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Error("Socks failed to read username and password: %v", err) return err } status := byte(0) if !server.config.HasAccount(upRequest.Username(), upRequest.Password()) { status = byte(0xFF) } upResponse := protocol.NewSocks5UserPassResponse(status) err = protocol.WriteUserPassResponse(writer, upResponse) if err != nil { log.Error("Socks failed to write user pass response: %v", err) return err } if status != byte(0) { log.Warning("Invalid user account: %s", upRequest.AuthDetail()) return proxyerrors.InvalidAuthentication } } request, err := protocol.ReadRequest(reader) if err != nil { log.Error("Socks failed to read request: %v", err) return err } if request.Command == protocol.CmdUdpAssociate && server.config.UDPEnabled { return server.handleUDP(reader, writer) } if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported responseBuffer := alloc.NewSmallBuffer().Clear() response.Write(responseBuffer) _, err = writer.Write(responseBuffer.Value) responseBuffer.Release() if err != nil { log.Error("Socks failed to write response: %v", err) return err } log.Warning("Unsupported socks command %d", request.Command) return UnsupportedSocksCommand } response := protocol.NewSocks5Response() response.Error = protocol.ErrorSuccess // Some SOCKS software requires a value other than dest. Let's fake one: response.Port = uint16(1717) response.AddrType = protocol.AddrTypeIPv4 response.IPv4[0] = 0 response.IPv4[1] = 0 response.IPv4[2] = 0 response.IPv4[3] = 0 responseBuffer := alloc.NewSmallBuffer().Clear() response.Write(responseBuffer) _, err = writer.Write(responseBuffer.Value) responseBuffer.Release() if err != nil { log.Error("Socks failed to write response: %v", err) return err } dest := request.Destination() data, err := v2net.ReadFrom(reader, nil) if err != nil { return err } packet := v2net.NewPacket(dest, data, true) server.transport(reader, writer, packet) return nil }
func (server *SocksServer) HandleConnection(connection net.Conn) error { defer connection.Close() reader := connection.(io.Reader) auth, auth4, err := protocol.ReadAuthentication(reader) if err != nil && err != protocol.ErrorSocksVersion4 { log.Error("Error on reading authentication: %v", err) return err } var dest v2net.Destination // TODO refactor this part if err == protocol.ErrorSocksVersion4 { result := protocol.Socks4RequestGranted if auth4.Command == protocol.CmdBind { result = protocol.Socks4RequestRejected } socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth4.Port, auth4.IP[:]) protocol.WriteSocks4AuthenticationResponse(connection, socks4Response) if result == protocol.Socks4RequestRejected { return ErrorCommandNotSupported } dest = v2net.NewTCPDestination(v2net.IPAddress(auth4.IP[:], auth4.Port)) } else { expectedAuthMethod := protocol.AuthNotRequired if server.config.AuthMethod == JsonAuthMethodUserPass { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err = protocol.WriteAuthentication(connection, authResponse) if err != nil { log.Error("Error on socksio write authentication: %v", err) return err } log.Warning("Client doesn't support allowed any auth methods.") return ErrorAuthenticationFailed } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) err = protocol.WriteAuthentication(connection, authResponse) if err != nil { log.Error("Error on socksio write authentication: %v", err) return err } if server.config.AuthMethod == JsonAuthMethodUserPass { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Error("Failed to read username and password: %v", err) return err } status := byte(0) if !upRequest.IsValid(server.config.Username, server.config.Password) { status = byte(0xFF) } upResponse := protocol.NewSocks5UserPassResponse(status) err = protocol.WriteUserPassResponse(connection, upResponse) if err != nil { log.Error("Error on socksio write user pass response: %v", err) return err } if status != byte(0) { return ErrorInvalidUser } } request, err := protocol.ReadRequest(reader) if err != nil { log.Error("Error on reading socks request: %v", err) return err } response := protocol.NewSocks5Response() if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported err = protocol.WriteResponse(connection, response) if err != nil { log.Error("Error on socksio write response: %v", err) return err } log.Warning("Unsupported socks command %d", request.Command) return ErrorCommandNotSupported } response.Error = protocol.ErrorSuccess response.Port = request.Port response.AddrType = request.AddrType switch response.AddrType { case protocol.AddrTypeIPv4: copy(response.IPv4[:], request.IPv4[:]) case protocol.AddrTypeIPv6: copy(response.IPv6[:], request.IPv6[:]) case protocol.AddrTypeDomain: response.Domain = request.Domain } err = protocol.WriteResponse(connection, response) if err != nil { log.Error("Error on socksio write response: %v", err) return err } dest = request.Destination() } ray := server.vPoint.NewInboundConnectionAccepted(dest) input := ray.InboundInput() output := ray.InboundOutput() readFinish := make(chan bool) writeFinish := make(chan bool) go server.dumpInput(reader, input, readFinish) go server.dumpOutput(connection, output, writeFinish) <-writeFinish return nil }
func (server *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error { expectedAuthMethod := protocol.AuthNotRequired if server.config.IsPassword() { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } log.Warning("Socks client doesn't support allowed any auth methods.") return errors.NewInvalidOperationError("Unsupported auth methods.") } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } if server.config.IsPassword() { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Error("Socks failed to read username and password: %v", err) return err } status := byte(0) if !upRequest.IsValid(server.config.Username, server.config.Password) { status = byte(0xFF) } upResponse := protocol.NewSocks5UserPassResponse(status) err = protocol.WriteUserPassResponse(writer, upResponse) if err != nil { log.Error("Socks failed to write user pass response: %v", err) return err } if status != byte(0) { err = errors.NewAuthenticationError(upRequest.AuthDetail()) log.Warning(err.Error()) return err } } request, err := protocol.ReadRequest(reader) if err != nil { log.Error("Socks failed to read request: %v", err) return err } response := protocol.NewSocks5Response() if request.Command == protocol.CmdUdpAssociate && server.config.UDPEnabled { return server.handleUDP(reader, writer) } if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported err = protocol.WriteResponse(writer, response) if err != nil { log.Error("Socks failed to write response: %v", err) return err } log.Warning("Unsupported socks command %d", request.Command) return errors.NewInvalidOperationError("Socks command " + strconv.Itoa(int(request.Command))) } response.Error = protocol.ErrorSuccess response.Port = request.Port response.AddrType = request.AddrType switch response.AddrType { case protocol.AddrTypeIPv4: copy(response.IPv4[:], request.IPv4[:]) case protocol.AddrTypeIPv6: copy(response.IPv6[:], request.IPv6[:]) case protocol.AddrTypeDomain: response.Domain = request.Domain } err = protocol.WriteResponse(writer, response) if err != nil { log.Error("Socks failed to write response: %v", err) return err } dest := request.Destination() data, err := v2net.ReadFrom(reader) if err != nil { return err } packet := v2net.NewPacket(dest, data, true) server.transport(reader, writer, packet) return nil }
func (this *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error { expectedAuthMethod := protocol.AuthNotRequired if this.config.AuthType == AuthTypePassword { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks: failed to write authentication: ", err) return err } log.Warning("Socks: client doesn't support allowed any auth methods.") return ErrorUnsupportedAuthMethod } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) err := protocol.WriteAuthentication(writer, authResponse) if err != nil { log.Error("Socks: failed to write authentication: ", err) return err } if this.config.AuthType == AuthTypePassword { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Error("Socks: failed to read username and password: "******"Socks: failed to write user pass response: ", err) return err } if status != byte(0) { log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail()) return proxy.ErrorInvalidAuthentication } } request, err := protocol.ReadRequest(reader) if err != nil { log.Error("Socks: failed to read request: ", err) return err } if request.Command == protocol.CmdUdpAssociate && this.config.UDPEnabled { return this.handleUDP(reader, writer) } if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported response.Port = v2net.Port(0) response.SetIPv4([]byte{0, 0, 0, 0}) responseBuffer := alloc.NewSmallBuffer().Clear() response.Write(responseBuffer) _, err = writer.Write(responseBuffer.Value) responseBuffer.Release() if err != nil { log.Error("Socks: failed to write response: ", err) return err } log.Warning("Socks: Unsupported socks command ", request.Command) return ErrorUnsupportedSocksCommand } response := protocol.NewSocks5Response() response.Error = protocol.ErrorSuccess // Some SOCKS software requires a value other than dest. Let's fake one: response.Port = v2net.Port(1717) response.SetIPv4([]byte{0, 0, 0, 0}) responseBuffer := alloc.NewSmallBuffer().Clear() response.Write(responseBuffer) _, err = writer.Write(responseBuffer.Value) responseBuffer.Release() if err != nil { log.Error("Socks: failed to write response: ", err) return err } dest := request.Destination() log.Info("Socks: TCP Connect request to ", dest) packet := v2net.NewPacket(dest, nil, true) this.transport(reader, writer, packet) return nil }
func (server *SocksServer) HandleConnection(connection net.Conn) error { defer connection.Close() reader := v2net.NewTimeOutReader(4, connection) auth, auth4, err := protocol.ReadAuthentication(reader) if err != nil && !errors.HasCode(err, 1000) { log.Error("Socks failed to read authentication: %v", err) return err } var dest v2net.Destination // TODO refactor this part if errors.HasCode(err, 1000) { result := protocol.Socks4RequestGranted if auth4.Command == protocol.CmdBind { result = protocol.Socks4RequestRejected } socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth4.Port, auth4.IP[:]) connection.Write(socks4Response.ToBytes(nil)) if result == protocol.Socks4RequestRejected { return errors.NewInvalidOperationError("Socks4 command " + strconv.Itoa(int(auth4.Command))) } dest = v2net.NewTCPDestination(v2net.IPAddress(auth4.IP[:], auth4.Port)) } else { expectedAuthMethod := protocol.AuthNotRequired if server.config.IsPassword() { expectedAuthMethod = protocol.AuthUserPass } if !auth.HasAuthMethod(expectedAuthMethod) { authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod) err = protocol.WriteAuthentication(connection, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } log.Warning("Socks client doesn't support allowed any auth methods.") return errors.NewInvalidOperationError("Unsupported auth methods.") } authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod) err = protocol.WriteAuthentication(connection, authResponse) if err != nil { log.Error("Socks failed to write authentication: %v", err) return err } if server.config.IsPassword() { upRequest, err := protocol.ReadUserPassRequest(reader) if err != nil { log.Error("Socks failed to read username and password: %v", err) return err } status := byte(0) if !upRequest.IsValid(server.config.Username, server.config.Password) { status = byte(0xFF) } upResponse := protocol.NewSocks5UserPassResponse(status) err = protocol.WriteUserPassResponse(connection, upResponse) if err != nil { log.Error("Socks failed to write user pass response: %v", err) return err } if status != byte(0) { err = errors.NewAuthenticationError(upRequest.AuthDetail()) log.Warning(err.Error()) return err } } request, err := protocol.ReadRequest(reader) if err != nil { log.Error("Socks failed to read request: %v", err) return err } response := protocol.NewSocks5Response() if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate { response := protocol.NewSocks5Response() response.Error = protocol.ErrorCommandNotSupported err = protocol.WriteResponse(connection, response) if err != nil { log.Error("Socks failed to write response: %v", err) return err } log.Warning("Unsupported socks command %d", request.Command) return errors.NewInvalidOperationError("Socks command " + strconv.Itoa(int(request.Command))) } response.Error = protocol.ErrorSuccess response.Port = request.Port response.AddrType = request.AddrType switch response.AddrType { case protocol.AddrTypeIPv4: copy(response.IPv4[:], request.IPv4[:]) case protocol.AddrTypeIPv6: copy(response.IPv6[:], request.IPv6[:]) case protocol.AddrTypeDomain: response.Domain = request.Domain } err = protocol.WriteResponse(connection, response) if err != nil { log.Error("Socks failed to write response: %v", err) return err } dest = request.Destination() } ray := server.vPoint.DispatchToOutbound(v2net.NewTCPPacket(dest)) input := ray.InboundInput() output := ray.InboundOutput() var readFinish, writeFinish sync.Mutex readFinish.Lock() writeFinish.Lock() go dumpInput(reader, input, &readFinish) go dumpOutput(connection, output, &writeFinish) writeFinish.Lock() return nil }