func Test_listenWSAndDial(t *testing.T) { assert := assert.On(t) (&Config{Pto: "ws", Path: "ws"}).Apply() listen, err := ListenWS(v2net.DomainAddress("localhost"), 13142) assert.Error(err).IsNil() go func() { conn, err := listen.Accept() assert.Error(err).IsNil() conn.Close() conn, err = listen.Accept() assert.Error(err).IsNil() conn.Close() conn, err = listen.Accept() assert.Error(err).IsNil() conn.Close() listen.Close() }() conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142)) assert.Error(err).IsNil() conn.Close() <-time.After(time.Second * 5) conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142)) assert.Error(err).IsNil() conn.Close() <-time.After(time.Second * 15) conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13142)) assert.Error(err).IsNil() conn.Close() }
func TestDomainAddressEquals(t *testing.T) { assert := assert.On(t) addr := v2net.DomainAddress("v2ray.com") assert.Bool(addr.Equals(nil)).IsFalse() addr2 := v2net.DomainAddress("v2ray.com") assert.Bool(addr.Equals(addr2)).IsTrue() addr3 := v2net.DomainAddress("www.v2ray.com") assert.Bool(addr.Equals(addr3)).IsFalse() addr4 := v2net.IPAddress([]byte{1, 3, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5, 6}) assert.Bool(addr.Equals(addr4)).IsFalse() }
func TestIPResolution(t *testing.T) { assert := assert.On(t) space := app.NewSpace() space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, outbound.New()) space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space)) r := router.NewRouter(&router.Config{}, space) space.BindApp(router.APP_ID, r) dnsServer := dnsserver.NewCacheServer(space, &dns.Config{ Hosts: map[string]*v2net.IPOrDomain{ "v2ray.com": v2net.NewIPOrDomain(v2net.LocalHostIP), }, }) space.BindApp(dns.APP_ID, dnsServer) freedom := NewFreedomConnection( &Config{DomainStrategy: Config_USE_IP}, space, &proxy.OutboundHandlerMeta{ Address: v2net.AnyIP, StreamSettings: &internet.StreamConfig{ Network: v2net.Network_RawTCP, }, }) space.Initialize() ipDest := freedom.ResolveIP(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), v2net.Port(80))) assert.Destination(ipDest).IsTCP() assert.Address(ipDest.Address).Equals(v2net.LocalHostIP) }
func TestIPResolution(t *testing.T) { assert := assert.On(t) space := app.NewSpace() space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager()) space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space)) r, _ := router.CreateRouter("rules", &rules.RouterRuleConfig{}, space) space.BindApp(router.APP_ID, r) dnsServer := dns.NewCacheServer(space, &dns.Config{ Hosts: map[string]net.IP{ "v2ray.com": net.IP([]byte{127, 0, 0, 1}), }, }) space.BindApp(dns.APP_ID, dnsServer) freedom := NewFreedomConnection( &Config{DomainStrategy: DomainStrategyUseIP}, space, &proxy.OutboundHandlerMeta{ Address: v2net.AnyIP, StreamSettings: &internet.StreamSettings{ Type: internet.StreamConnectionTypeRawTCP, }, }) space.Initialize() ipDest := freedom.ResolveIP(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), v2net.Port(80))) assert.Destination(ipDest).IsTCP() assert.Address(ipDest.Address()).Equals(v2net.LocalHostIP) }
func TestSourceIPRule(t *testing.T) { assert := assert.On(t) rule := ParseRule([]byte(`{ "type": "field", "source": [ "10.0.0.0/8", "192.0.0.0/24" ], "outboundTag": "direct" }`)) assert.Pointer(rule).IsNotNil() cond, err := rule.BuildCondition() assert.Error(err).IsNil() assert.Bool(cond.Apply(&proxy.SessionInfo{ Source: v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80), })).IsFalse() assert.Bool(cond.Apply(&proxy.SessionInfo{ Source: v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80), })).IsTrue() assert.Bool(cond.Apply(&proxy.SessionInfo{ Source: v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80), })).IsFalse() assert.Bool(cond.Apply(&proxy.SessionInfo{ Source: v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80), })).IsTrue() }
func TestSimpleRouter(t *testing.T) { assert := assert.On(t) config := &Config{ Rule: []*RoutingRule{ { Tag: "test", NetworkList: &net.NetworkList{ Network: []net.Network{net.Network_TCP}, }, }, }, } space := app.NewSpace() ctx := app.ContextWithSpace(context.Background(), space) assert.Error(app.AddApplicationToSpace(ctx, new(dns.Config))).IsNil() assert.Error(app.AddApplicationToSpace(ctx, new(dispatcher.Config))).IsNil() assert.Error(app.AddApplicationToSpace(ctx, new(proxyman.OutboundConfig))).IsNil() assert.Error(app.AddApplicationToSpace(ctx, config)).IsNil() assert.Error(space.Initialize()).IsNil() r := FromSpace(space) ctx = proxy.ContextWithDestination(ctx, net.TCPDestination(net.DomainAddress("v2ray.com"), 80)) tag, err := r.TakeDetour(ctx) assert.Error(err).IsNil() assert.String(tag).Equals("test") }
func TestSimpleRouter(t *testing.T) { assert := assert.On(t) config := &Config{ Rule: []*RoutingRule{ { Tag: "test", NetworkList: &v2net.NetworkList{ Network: []v2net.Network{v2net.Network_TCP}, }, }, }, } space := app.NewSpace() space.BindApp(dns.APP_ID, dns.NewCacheServer(space, &dns.Config{})) space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space)) space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager()) r := NewRouter(config, space) space.BindApp(APP_ID, r) assert.Error(space.Initialize()).IsNil() tag, err := r.TakeDetour(&proxy.SessionInfo{Destination: v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80)}) assert.Error(err).IsNil() assert.String(tag).Equals("test") }
func Test_Connect_wss_guess_reuse(t *testing.T) { assert := assert.On(t) (&Config{Pto: "", Path: "", ConnectionReuse: true}).Apply() i := 3 for i != 0 { conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("echo.websocket.org"), 443)) assert.Error(err).IsNil() conn.Write([]byte("echo")) s := make(chan int) go func() { buf := make([]byte, 4) conn.Read(buf) str := string(buf) if str != "echo" { assert.Fail("Data mismatch") } s <- 0 }() <-s if i == 0 { conn.SetDeadline(time.Now()) conn.SetReadDeadline(time.Now()) conn.SetWriteDeadline(time.Now()) conn.SetReusable(false) } conn.Close() i-- } }
func Test_listenWSAndDial_TLS(t *testing.T) { assert := assert.On(t) go func() { <-time.After(time.Second * 5) assert.Fail("Too slow") }() listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143, internet.ListenOptions{ Stream: &internet.StreamConfig{ SecurityType: serial.GetMessageType(new(v2tls.Config)), SecuritySettings: []*serial.TypedMessage{serial.ToTypedMessage(&v2tls.Config{ Certificate: []*v2tls.Certificate{tlsgen.GenerateCertificateForTest()}, })}, Protocol: internet.TransportProtocol_WebSocket, TransportSettings: []*internet.TransportConfig{ { Protocol: internet.TransportProtocol_WebSocket, Settings: serial.ToTypedMessage(&Config{ Path: "wss", ConnectionReuse: &ConnectionReuse{ Enable: true, }, }), }, }, }, }) assert.Error(err).IsNil() go func() { conn, err := listen.Accept() assert.Error(err).IsNil() conn.Close() listen.Close() }() ctx := internet.ContextWithTransportSettings(context.Background(), &Config{ Path: "wss", ConnectionReuse: &ConnectionReuse{ Enable: true, }, }) ctx = internet.ContextWithSecuritySettings(ctx, &v2tls.Config{ AllowInsecure: true, }) conn, err := Dial(ctx, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143)) assert.Error(err).IsNil() conn.Close() }
func Test_listenWSAndDial_TLS(t *testing.T) { assert := assert.On(t) go func() { <-time.After(time.Second * 5) assert.Fail("Too slow") }() (&Config{Pto: "wss", Path: "wss", ConnectionReuse: true, DeveloperInsecureSkipVerify: true, PrivKey: "./../../../testing/tls/key.pem", Cert: "./../../../testing/tls/cert.pem"}).Apply() listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143) assert.Error(err).IsNil() go func() { conn, err := listen.Accept() assert.Error(err).IsNil() conn.Close() listen.Close() }() conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143)) assert.Error(err).IsNil() conn.Close() }
func TestDomainRule(t *testing.T) { assert := assert.On(t) rule := ParseRule([]byte(`{ "type": "field", "domain": [ "ooxx.com", "oxox.com", "regexp:\\.cn$" ], "network": "tcp", "outboundTag": "direct" }`)) assert.Pointer(rule).IsNotNil() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80))).IsTrue() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.aabb.com"), 80))).IsFalse() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80))).IsFalse() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.12306.cn"), 80))).IsTrue() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.acn.com"), 80))).IsFalse() }
func TestDomainAddress(t *testing.T) { assert := assert.On(t) domain := "v2ray.com" addr := v2net.DomainAddress(domain) assert.Address(addr).IsDomain() assert.Address(addr).IsNotIPv6() assert.Address(addr).IsNotIPv4() assert.String(addr.Domain()).Equals(domain) assert.Address(addr).EqualsString("v2ray.com") }
func TestDialDomain(t *testing.T) { assert := assert.On(t) server := &tcp.Server{} dest, err := server.Start() assert.Error(err).IsNil() defer server.Close() conn, err := DialToDest(nil, v2net.TCPDestination(v2net.DomainAddress("local.v2ray.com"), dest.Port)) assert.Error(err).IsNil() assert.String(conn.RemoteAddr().String()).Equals("127.0.0.1:" + dest.Port.String()) conn.Close() }
func TestUDPDestinationEquals(t *testing.T) { assert := assert.On(t) dest := v2net.UDPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80) assert.Bool(dest.Equals(nil)).IsFalse() dest2 := v2net.UDPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80) assert.Bool(dest.Equals(dest2)).IsTrue() dest3 := v2net.TCPDestination(v2net.IPAddress([]byte{1, 2, 3, 4}), 80) assert.Bool(dest.Equals(dest3)).IsFalse() dest4 := v2net.UDPDestination(v2net.DomainAddress("v2ray.com"), 80) assert.Bool(dest.Equals(dest4)).IsFalse() }
func TestIPRule(t *testing.T) { assert := assert.On(t) rule := ParseRule([]byte(`{ "type": "field", "ip": [ "10.0.0.0/8", "192.0.0.0/24" ], "network": "tcp", "outboundTag": "direct" }`)) assert.Pointer(rule).IsNotNil() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80))).IsFalse() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80))).IsTrue() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80))).IsFalse() assert.Bool(rule.Apply(v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80))).IsTrue() }
func TestUDPReaderWriter(t *testing.T) { assert := assert.On(t) user := &protocol.User{ Account: serial.ToTypedMessage(&Account{ Password: "******", CipherType: CipherType_CHACHA20_IEFT, }), } cache := buf.New() writer := &UDPWriter{ Writer: cache, Request: &protocol.RequestHeader{ Version: Version, Address: v2net.DomainAddress("v2ray.com"), Port: 123, User: user, Option: RequestOptionOneTimeAuth, }, } reader := &UDPReader{ Reader: cache, User: user, } b := buf.New() b.AppendSupplier(serial.WriteString("test payload")) err := writer.Write(b) assert.Error(err).IsNil() payload, err := reader.Read() assert.Error(err).IsNil() assert.String(payload.String()).Equals("test payload") b = buf.New() b.AppendSupplier(serial.WriteString("test payload 2")) err = writer.Write(b) assert.Error(err).IsNil() payload, err = reader.Read() assert.Error(err).IsNil() assert.String(payload.String()).Equals("test payload 2") }
func Test_Connect_wss_guess(t *testing.T) { assert := assert.On(t) (&Config{Pto: "", Path: ""}).Apply() conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("echo.websocket.org"), 443)) assert.Error(err).IsNil() conn.Write([]byte("echo")) s := make(chan int) go func() { buf := make([]byte, 4) conn.Read(buf) str := string(buf) if str != "echo" { assert.Fail("Data mismatch") } s <- 0 }() <-s conn.Close() }
func (this *Config) UnmarshalJSON(data []byte) error { type JsonConfig struct { Port v2net.Port `json:"port"` // Port of this Point server. LogConfig *LogConfig `json:"log"` RouterConfig *router.Config `json:"routing"` DNSConfig *dns.Config `json:"dns"` InboundConfig *InboundConnectionConfig `json:"inbound"` OutboundConfig *OutboundConnectionConfig `json:"outbound"` InboundDetours []*InboundDetourConfig `json:"inboundDetour"` OutboundDetours []*OutboundDetourConfig `json:"outboundDetour"` Transport *transport.Config `json:"transport"` } jsonConfig := new(JsonConfig) if err := json.Unmarshal(data, jsonConfig); err != nil { return errors.New("Point: Failed to parse config: " + err.Error()) } this.Port = jsonConfig.Port this.LogConfig = jsonConfig.LogConfig this.RouterConfig = jsonConfig.RouterConfig if jsonConfig.InboundConfig == nil { return errors.New("Point: Inbound config is not specified.") } this.InboundConfig = jsonConfig.InboundConfig if jsonConfig.OutboundConfig == nil { return errors.New("Point: Outbound config is not specified.") } this.OutboundConfig = jsonConfig.OutboundConfig this.InboundDetours = jsonConfig.InboundDetours this.OutboundDetours = jsonConfig.OutboundDetours if jsonConfig.DNSConfig == nil { jsonConfig.DNSConfig = &dns.Config{ NameServers: []v2net.Destination{ v2net.UDPDestination(v2net.DomainAddress("localhost"), v2net.Port(53)), }, } } this.DNSConfig = jsonConfig.DNSConfig this.TransportConfig = jsonConfig.Transport return nil }
func TestRequestSerialization(t *testing.T) { assert := assert.On(t) user := &protocol.User{ Level: 0, Email: "*****@*****.**", } account := &vmess.Account{ Id: uuid.New().String(), AlterId: 0, } user.Account = serial.ToTypedMessage(account) expectedRequest := &protocol.RequestHeader{ Version: 1, User: user, Command: protocol.RequestCommandTCP, Option: protocol.RequestOptionConnectionReuse, Address: v2net.DomainAddress("www.v2ray.com"), Port: v2net.Port(443), Security: protocol.Security(protocol.SecurityType_AES128_GCM), } buffer := buf.New() client := NewClientSession(protocol.DefaultIDHash) client.EncodeRequestHeader(expectedRequest, buffer) userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash) userValidator.Add(user) server := NewServerSession(userValidator) actualRequest, err := server.DecodeRequestHeader(buffer) assert.Error(err).IsNil() assert.Byte(expectedRequest.Version).Equals(actualRequest.Version) assert.Byte(byte(expectedRequest.Command)).Equals(byte(actualRequest.Command)) assert.Byte(byte(expectedRequest.Option)).Equals(byte(actualRequest.Option)) assert.Address(expectedRequest.Address).Equals(actualRequest.Address) assert.Port(expectedRequest.Port).Equals(actualRequest.Port) assert.Byte(byte(expectedRequest.Security)).Equals(byte(actualRequest.Security)) }
func TestServerSpecUser(t *testing.T) { assert := assert.On(t) account := &TestAccount{ id: 0, } user := NewUser(UserLevel(0), "") user.Account = account rec := NewServerSpec(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80), AlwaysValid(), user) assert.Bool(rec.HasUser(user)).IsTrue() account2 := &TestAccount{ id: 1, } user2 := NewUser(UserLevel(0), "") user2.Account = account2 assert.Bool(rec.HasUser(user2)).IsFalse() rec.AddUser(user2) assert.Bool(rec.HasUser(user2)).IsTrue() }
func TestUDPReaderWriter(t *testing.T) { assert := assert.On(t) user := &protocol.User{ Account: loader.NewTypedSettings(&Account{ Password: "******", CipherType: CipherType_CHACHA20_IEFT, }), } cache := alloc.NewBuffer().Clear() writer := &UDPWriter{ Writer: cache, Request: &protocol.RequestHeader{ Version: Version, Address: v2net.DomainAddress("v2ray.com"), Port: 123, User: user, Option: RequestOptionOneTimeAuth, }, } reader := &UDPReader{ Reader: cache, User: user, } err := writer.Write(alloc.NewBuffer().Clear().AppendString("test payload")) assert.Error(err).IsNil() payload, err := reader.Read() assert.Error(err).IsNil() assert.String(payload.String()).Equals("test payload") err = writer.Write(alloc.NewBuffer().Clear().AppendString("test payload 2")) assert.Error(err).IsNil() payload, err = reader.Read() assert.Error(err).IsNil() assert.String(payload.String()).Equals("test payload 2") }
func parseHost(rawHost string, defaultPort v2net.Port) (v2net.Destination, error) { port := defaultPort host, rawPort, err := net.SplitHostPort(rawHost) if err != nil { if addrError, ok := err.(*net.AddrError); ok && strings.Contains(addrError.Err, "missing port") { host = rawHost } else { return v2net.Destination{}, err } } else { intPort, err := strconv.Atoi(rawPort) if err != nil { return v2net.Destination{}, err } port = v2net.Port(intPort) } if ip := net.ParseIP(host); ip != nil { return v2net.TCPDestination(v2net.IPAddress(ip), port), nil } return v2net.TCPDestination(v2net.DomainAddress(host), port), nil }
func TestRequestSerialization(t *testing.T) { assert := assert.On(t) user := protocol.NewUser( protocol.UserLevelUntrusted, "*****@*****.**") user.Account = &vmess.Account{ ID: protocol.NewID(uuid.New()), AlterIDs: nil, } expectedRequest := &protocol.RequestHeader{ Version: 1, User: user, Command: protocol.RequestCommandTCP, Option: protocol.RequestOption(0), Address: v2net.DomainAddress("www.v2ray.com"), Port: v2net.Port(443), } buffer := alloc.NewBuffer().Clear() client := NewClientSession(protocol.DefaultIDHash) client.EncodeRequestHeader(expectedRequest, buffer) userValidator := vmess.NewTimedUserValidator(protocol.DefaultIDHash) userValidator.Add(user) server := NewServerSession(userValidator) actualRequest, err := server.DecodeRequestHeader(buffer) assert.Error(err).IsNil() assert.Byte(expectedRequest.Version).Equals(actualRequest.Version) assert.Byte(byte(expectedRequest.Command)).Equals(byte(actualRequest.Command)) assert.Byte(byte(expectedRequest.Option)).Equals(byte(actualRequest.Option)) assert.Address(expectedRequest.Address).Equals(actualRequest.Address) assert.Port(expectedRequest.Port).Equals(actualRequest.Port) }
func TestSimpleRouter(t *testing.T) { assert := assert.On(t) config := &RouterRuleConfig{ Rules: []*Rule{ { Tag: "test", Condition: NewNetworkMatcher(v2net.Network("tcp").AsList()), }, }, } space := app.NewSpace() space.BindApp(dns.APP_ID, dns.NewCacheServer(space, &dns.Config{})) space.BindApp(dispatcher.APP_ID, dispatchers.NewDefaultDispatcher(space)) space.BindApp(proxyman.APP_ID_OUTBOUND_MANAGER, proxyman.NewDefaultOutboundHandlerManager()) r := NewRouter(config, space) space.BindApp(router.APP_ID, r) assert.Error(space.Initialize()).IsNil() tag, err := r.TakeDetour(v2net.TCPDestination(v2net.DomainAddress("v2ray.com"), 80)) assert.Error(err).IsNil() assert.String(tag).Equals("test") }
func Test_listenWSAndDial_TLS(t *testing.T) { assert := assert.On(t) go func() { <-time.After(time.Second * 5) assert.Fail("Too slow") }() tlsSettings := &v2tls.Config{ AllowInsecure: true, Certificate: []*v2tls.Certificate{ { Certificate: ReadFile("./../../../testing/tls/cert.pem", assert), Key: ReadFile("./../../../testing/tls/key.pem", assert), }, }, } listen, err := ListenWS(v2net.DomainAddress("localhost"), 13143, internet.ListenOptions{ Stream: &internet.StreamConfig{ SecurityType: loader.GetType(new(v2tls.Config)), SecuritySettings: []*loader.TypedSettings{loader.NewTypedSettings(tlsSettings)}, Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "wss", ConnectionReuse: &ConnectionReuse{ Enable: true, }, }), }, }, }, }) assert.Error(err).IsNil() go func() { conn, err := listen.Accept() assert.Error(err).IsNil() conn.Close() listen.Close() }() conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13143), internet.DialerOptions{ Stream: &internet.StreamConfig{ SecurityType: loader.GetType(new(v2tls.Config)), SecuritySettings: []*loader.TypedSettings{loader.NewTypedSettings(tlsSettings)}, Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "wss", ConnectionReuse: &ConnectionReuse{ Enable: true, }, }), }, }, }, }) assert.Error(err).IsNil() conn.Close() }
func Test_listenWSAndDial(t *testing.T) { assert := assert.On(t) listen, err := ListenWS(v2net.DomainAddress("localhost"), 13146, internet.ListenOptions{ Stream: &internet.StreamConfig{ Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "ws", }), }, }, }, }) assert.Error(err).IsNil() go func() { conn, err := listen.Accept() assert.Error(err).IsNil() conn.Close() conn, err = listen.Accept() assert.Error(err).IsNil() conn.Close() conn, err = listen.Accept() assert.Error(err).IsNil() conn.Close() listen.Close() }() conn, err := Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{ Stream: &internet.StreamConfig{ Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "ws", }), }, }, }, }) assert.Error(err).IsNil() conn.Close() <-time.After(time.Second * 5) conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{ Stream: &internet.StreamConfig{ Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "ws", }), }, }, }, }) assert.Error(err).IsNil() conn.Close() <-time.After(time.Second * 15) conn, err = Dial(v2net.AnyIP, v2net.TCPDestination(v2net.DomainAddress("localhost"), 13146), internet.DialerOptions{ Stream: &internet.StreamConfig{ Network: v2net.Network_WebSocket, NetworkSettings: []*internet.NetworkSettings{ { Network: v2net.Network_WebSocket, Settings: loader.NewTypedSettings(&Config{ Path: "ws", }), }, }, }, }) assert.Error(err).IsNil() conn.Close() }
func DecodeUDPPacket(user *protocol.User, payload *buf.Buffer) (*protocol.RequestHeader, *buf.Buffer, error) { rawAccount, err := user.GetTypedAccount() if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to parse account.") } account := rawAccount.(*ShadowsocksAccount) ivLen := account.Cipher.IVSize() iv := payload.BytesTo(ivLen) payload.SliceFrom(ivLen) stream, err := account.Cipher.NewDecodingStream(account.Key, iv) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|UDP: Failed to initialize decoding stream.") } stream.XORKeyStream(payload.Bytes(), payload.Bytes()) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) request := &protocol.RequestHeader{ Version: Version, User: user, Command: protocol.RequestCommandUDP, } addrType := (payload.Byte(0) & 0x0F) if (payload.Byte(0) & 0x10) == 0x10 { request.Option |= RequestOptionOneTimeAuth } if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled { return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.") } if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled { return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.") } if request.Option.Has(RequestOptionOneTimeAuth) { payloadLen := payload.Len() - AuthSize authBytes := payload.BytesFrom(payloadLen) actualAuth := make([]byte, AuthSize) authenticator.Authenticate(payload.BytesTo(payloadLen))(actualAuth) if !bytes.Equal(actualAuth, authBytes) { return nil, nil, errors.New("Shadowsocks|UDP: Invalid OTA.") } payload.Slice(0, payloadLen) } payload.SliceFrom(1) switch addrType { case AddrTypeIPv4: request.Address = v2net.IPAddress(payload.BytesTo(4)) payload.SliceFrom(4) case AddrTypeIPv6: request.Address = v2net.IPAddress(payload.BytesTo(16)) payload.SliceFrom(16) case AddrTypeDomain: domainLength := int(payload.Byte(0)) request.Address = v2net.DomainAddress(string(payload.BytesRange(1, 1+domainLength))) payload.SliceFrom(1 + domainLength) default: return nil, nil, errors.New("Shadowsocks|UDP: Unknown address type: ", addrType) } request.Port = v2net.PortFromBytes(payload.BytesTo(2)) payload.SliceFrom(2) return request, payload, nil }
func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHeader, buf.Reader, error) { rawAccount, err := user.GetTypedAccount() if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to parse account.") } account := rawAccount.(*ShadowsocksAccount) buffer := buf.NewLocal(512) defer buffer.Release() ivLen := account.Cipher.IVSize() err = buffer.AppendSupplier(buf.ReadFullFrom(reader, ivLen)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IV.") } iv := append([]byte(nil), buffer.BytesTo(ivLen)...) stream, err := account.Cipher.NewDecodingStream(account.Key, iv) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to initialize decoding stream.") } reader = crypto.NewCryptionReader(stream, reader) authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv)) request := &protocol.RequestHeader{ Version: Version, User: user, Command: protocol.RequestCommandTCP, } buffer.Clear() err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 1)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read address type.") } addrType := (buffer.Byte(0) & 0x0F) if (buffer.Byte(0) & 0x10) == 0x10 { request.Option |= RequestOptionOneTimeAuth } if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled { return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.") } if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled { return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.") } switch addrType { case AddrTypeIPv4: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 4)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv4 address.") } request.Address = v2net.IPAddress(buffer.BytesFrom(-4)) case AddrTypeIPv6: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 16)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read IPv6 address.") } request.Address = v2net.IPAddress(buffer.BytesFrom(-16)) case AddrTypeDomain: err := buffer.AppendSupplier(buf.ReadFullFrom(reader, 1)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain lenth.") } domainLength := int(buffer.BytesFrom(-1)[0]) err = buffer.AppendSupplier(buf.ReadFullFrom(reader, domainLength)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read domain.") } request.Address = v2net.DomainAddress(string(buffer.BytesFrom(-domainLength))) default: // Check address validity after OTA verification. } err = buffer.AppendSupplier(buf.ReadFullFrom(reader, 2)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read port.") } request.Port = v2net.PortFromBytes(buffer.BytesFrom(-2)) if request.Option.Has(RequestOptionOneTimeAuth) { actualAuth := make([]byte, AuthSize) authenticator.Authenticate(buffer.Bytes())(actualAuth) err := buffer.AppendSupplier(buf.ReadFullFrom(reader, AuthSize)) if err != nil { return nil, nil, errors.Base(err).Message("Shadowsocks|TCP: Failed to read OTA.") } if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) { return nil, nil, errors.New("Shadowsocks|TCP: Invalid OTA") } } if request.Address == nil { return nil, nil, errors.New("Shadowsocks|TCP: Invalid remote address.") } var chunkReader buf.Reader if request.Option.Has(RequestOptionOneTimeAuth) { chunkReader = NewChunkReader(reader, NewAuthenticator(ChunkKeyGenerator(iv))) } else { chunkReader = buf.NewReader(reader) } return request, chunkReader, nil }
func (this *ServerSession) DecodeRequestHeader(reader io.Reader) (*protocol.RequestHeader, error) { buffer := make([]byte, 512) _, err := io.ReadFull(reader, buffer[:protocol.IDBytesLen]) if err != nil { log.Info("Raw: Failed to read request header: ", err) return nil, io.EOF } user, timestamp, valid := this.userValidator.Get(buffer[:protocol.IDBytesLen]) if !valid { return nil, protocol.ErrInvalidUser } timestampHash := md5.New() timestampHash.Write(hashTimestamp(timestamp)) iv := timestampHash.Sum(nil) account := user.Account.(*vmess.Account) aesStream := crypto.NewAesDecryptionStream(account.ID.CmdKey(), iv) decryptor := crypto.NewCryptionReader(aesStream, reader) nBytes, err := io.ReadFull(decryptor, buffer[:41]) if err != nil { log.Debug("Raw: Failed to read request header (", nBytes, " bytes): ", err) return nil, err } bufferLen := nBytes request := &protocol.RequestHeader{ User: user, Version: buffer[0], } if request.Version != Version { log.Info("Raw: Invalid protocol version ", request.Version) return nil, protocol.ErrInvalidVersion } this.requestBodyIV = append([]byte(nil), buffer[1:17]...) // 16 bytes this.requestBodyKey = append([]byte(nil), buffer[17:33]...) // 16 bytes this.responseHeader = buffer[33] // 1 byte request.Option = protocol.RequestOption(buffer[34]) // 1 byte + 2 bytes reserved request.Command = protocol.RequestCommand(buffer[37]) request.Port = v2net.PortFromBytes(buffer[38:40]) switch buffer[40] { case AddrTypeIPv4: nBytes, err = io.ReadFull(decryptor, buffer[41:45]) // 4 bytes bufferLen += 4 if err != nil { log.Debug("VMess: Failed to read target IPv4 (", nBytes, " bytes): ", err) return nil, err } request.Address = v2net.IPAddress(buffer[41:45]) case AddrTypeIPv6: nBytes, err = io.ReadFull(decryptor, buffer[41:57]) // 16 bytes bufferLen += 16 if err != nil { log.Debug("VMess: Failed to read target IPv6 (", nBytes, " bytes): ", nBytes, err) return nil, err } request.Address = v2net.IPAddress(buffer[41:57]) case AddrTypeDomain: nBytes, err = io.ReadFull(decryptor, buffer[41:42]) if err != nil { log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err) return nil, err } domainLength := int(buffer[41]) if domainLength == 0 { return nil, transport.ErrCorruptedPacket } nBytes, err = io.ReadFull(decryptor, buffer[42:42+domainLength]) if err != nil { log.Debug("VMess: Failed to read target domain (", nBytes, " bytes): ", nBytes, err) return nil, err } bufferLen += 1 + domainLength request.Address = v2net.DomainAddress(string(buffer[42 : 42+domainLength])) } nBytes, err = io.ReadFull(decryptor, buffer[bufferLen:bufferLen+4]) if err != nil { log.Debug("VMess: Failed to read checksum (", nBytes, " bytes): ", nBytes, err) return nil, err } fnv1a := fnv.New32a() fnv1a.Write(buffer[:bufferLen]) actualHash := fnv1a.Sum32() expectedHash := serial.BytesToUint32(buffer[bufferLen : bufferLen+4]) if actualHash != expectedHash { return nil, transport.ErrCorruptedPacket } return request, nil }
func TestIPRule(t *testing.T) { assert := assert.On(t) rule := ParseRule([]byte(`{ "type": "field", "ip": [ "10.0.0.0/8", "192.0.0.0/24" ], "network": "tcp", "outboundTag": "direct" }`)) assert.Pointer(rule).IsNotNil() cond, err := rule.BuildCondition() assert.Error(err).IsNil() assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.DomainAddress("www.ooxx.com"), 80)))).IsFalse() assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{10, 0, 0, 1}), 80)))).IsTrue() assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{127, 0, 0, 1}), 80)))).IsFalse() assert.Bool(cond.Apply(proxy.ContextWithDestination(context.Background(), v2net.TCPDestination(v2net.IPAddress([]byte{192, 0, 0, 1}), 80)))).IsTrue() }