func handShake(conn net.Conn) (err error) { const ( idVer = 0 idNmethod = 1 ) // version identification and method selection message in theory can have // at most 256 methods, plus version and nmethod field in total 258 bytes // the current rfc defines only 3 authentication methods (plus 2 reserved), // so it won't be such long in practice buf := make([]byte, 258) var n int ss.SetReadTimeout(conn) // make sure we get the nmethod field if n, err = io.ReadAtLeast(conn, buf, idNmethod+1); err != nil { return } if buf[idVer] != socksVer5 { return errVer } nmethod := int(buf[idNmethod]) msgLen := nmethod + 2 if n == msgLen { // handshake done, common case // do nothing, jump directly to send confirmation } else if n < msgLen { // has more methods to read, rare case if _, err = io.ReadFull(conn, buf[n:msgLen]); err != nil { return } } else { // error, should not get extra data return errAuthExtraData } // send confirmation: version 5, no authentication required _, err = conn.Write([]byte{socksVer5, 0}) return }
func getRequest(conn net.Conn) (rawaddr []byte, host string, err error) { const ( idVer = 0 idCmd = 1 idType = 3 // address type index idIP0 = 4 // ip addres start index idDmLen = 4 // domain address length index idDm0 = 5 // domain address start index typeIPv4 = 1 // type is ipv4 address typeDm = 3 // type is domain address typeIPv6 = 4 // type is ipv6 address lenIPv4 = 3 + 1 + net.IPv4len + 2 // 3(ver+cmd+rsv) + 1addrType + ipv4 + 2port lenIPv6 = 3 + 1 + net.IPv6len + 2 // 3(ver+cmd+rsv) + 1addrType + ipv6 + 2port lenDmBase = 3 + 1 + 1 + 2 // 3 + 1addrType + 1addrLen + 2port, plus addrLen ) // refer to getRequest in server.go for why set buffer size to 263 var buf []byte if (config.TcpFastOpen & 1) == 0 { buf = make([]byte, 263) } else { // Make the buffer bigger to receive client payload for tfo dialing if tfo configured. buf = make([]byte, 1000) } var n int ss.SetReadTimeout(conn) // read till we get possible domain length field if n, err = io.ReadAtLeast(conn, buf, idDmLen+1); err != nil { return } // check version and cmd if buf[idVer] != socksVer5 { err = errVer return } if buf[idCmd] != socksCmdConnect { err = errCmd return } reqLen := -1 switch buf[idType] { case typeIPv4: reqLen = lenIPv4 case typeIPv6: reqLen = lenIPv6 case typeDm: reqLen = int(buf[idDmLen]) + lenDmBase default: err = errAddrType return } if n == reqLen { // common case, do nothing } else if n < reqLen { // rare case if _, err = io.ReadFull(conn, buf[n:reqLen]); err != nil { return } } else { err = errReqExtraData return } rawaddr = buf[idType:reqLen] if debug { switch buf[idType] { case typeIPv4: host = net.IP(buf[idIP0 : idIP0+net.IPv4len]).String() case typeIPv6: host = net.IP(buf[idIP0 : idIP0+net.IPv6len]).String() case typeDm: host = string(buf[idDm0 : idDm0+buf[idDmLen]]) } port := binary.BigEndian.Uint16(buf[reqLen-2 : reqLen]) host = net.JoinHostPort(host, strconv.Itoa(int(port))) } return }
func handleConnection(conn net.Conn) { var ( remote *ss.Conn ) if debug { debug.Printf("socks connect from %s\n", conn.RemoteAddr().String()) } closed := false defer func() { if !closed { conn.Close() } }() var err error = nil if err = handShake(conn); err != nil { log.Println("socks handshake:", err) return } rawaddr, addr, err := getRequest(conn) if err != nil { log.Println("error getting request:", err) return } // Sending connection established message immediately to client. // This could save some round trip time for creating socks connection with the client. // But if connection failed, the client will get connection reset error. _, err = conn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x43}) if err != nil { debug.Println("send connection confirmation:", err) return } debug.Println("1", ", len:", len(rawaddr), ", addr:", addr, "cap:", cap(rawaddr)) // If tfo configured, read the client payload first // since most of the time the rtt between client and local // are much smaller than between local and server. // This could save one rtt from local to server // by sending client data to server on the first syn packet. if (config.TcpFastOpen & 1) != 0 { ss.SetReadTimeout(conn) n, err := conn.Read(rawaddr[len(rawaddr):cap(rawaddr)]) if err != nil { log.Println("Failed read data from client:", err) return } rawaddr = rawaddr[:len(rawaddr)+n] debug.Println("2, n:", n, ", len:", len(rawaddr), ", addr:", addr, ", cap:", cap(rawaddr)) } debug.Println("3", ", len:", len(rawaddr), ", addr:", addr, ", cap:", cap(rawaddr)) remote, err = createServerConn(rawaddr, addr) if err != nil { if len(servers.srvCipher) > 1 { log.Println("Failed connect to all avaiable shadowsocks server") } log.Println("Failed connect to all avaiable shadowsocks server", err) return } defer func() { if !closed { remote.Close() } }() go ss.PipeThenClose(conn, remote) ss.PipeThenClose(remote, conn) closed = true debug.Println("closed connection to", addr) }
func getRequest(conn *ss.Conn) (host string, extra []byte, err error) { const ( idType = 0 // address type index idIP0 = 1 // ip addres start index idDmLen = 1 // domain address length index idDm0 = 2 // domain address start index typeIPv4 = 1 // type is ipv4 address typeDm = 3 // type is domain address typeIPv6 = 4 // type is ipv6 address lenIPv4 = 1 + net.IPv4len + 2 // 1addrType + ipv4 + 2port lenIPv6 = 1 + net.IPv6len + 2 // 1addrType + ipv6 + 2port lenDmBase = 1 + 1 + 2 // 1addrType + 1addrLen + 2port, plus addrLen ) var buf []byte // buf size should at least have the same size with the largest possible // request size (when addrType is 3, domain name has at most 256 bytes) // 1(addrType) + 1(lenByte) + 256(max length address) + 2(port) if (config.TcpFastOpen & 2) == 0 { buf = make([]byte, 260) } else { // server side tfo is configured, read more data(less than a normal ethernet mtu). buf = make([]byte, 1500) } var n int // read till we get possible domain length field ss.SetReadTimeout(conn) if n, err = io.ReadAtLeast(conn, buf, idDmLen+1); err != nil { return } reqLen := -1 switch buf[idType] { case typeIPv4: reqLen = lenIPv4 case typeIPv6: reqLen = lenIPv6 case typeDm: reqLen = int(buf[idDmLen]) + lenDmBase default: err = fmt.Errorf("addr type %d not supported", buf[idType]) return } if n < reqLen { // rare case if _, err = io.ReadFull(conn, buf[n:reqLen]); err != nil { return } } else if n > reqLen { // it's possible to read more than just the request head extra = buf[reqLen:n] } // Return string for typeIP is not most efficient, but browsers (Chrome, // Safari, Firefox) all seems using typeDm exclusively. So this is not a // big problem. switch buf[idType] { case typeIPv4: host = net.IP(buf[idIP0 : idIP0+net.IPv4len]).String() case typeIPv6: host = net.IP(buf[idIP0 : idIP0+net.IPv6len]).String() case typeDm: host = string(buf[idDm0 : idDm0+buf[idDmLen]]) } // parse port port := binary.BigEndian.Uint16(buf[reqLen-2 : reqLen]) host = net.JoinHostPort(host, strconv.Itoa(int(port))) return }