1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-30 05:56:54 -05:00
v2fly/proxy/socks/protocol.go

540 lines
14 KiB
Go
Raw Normal View History

2017-01-03 18:43:13 -05:00
package socks
import (
2018-11-15 17:37:53 -05:00
"encoding/binary"
2017-01-03 18:43:13 -05:00
"io"
2021-12-31 08:16:11 -05:00
gonet "net"
2017-01-03 18:43:13 -05:00
"github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/buf"
"github.com/v2fly/v2ray-core/v5/common/net"
"github.com/v2fly/v2ray-core/v5/common/protocol"
2017-01-03 18:43:13 -05:00
)
const (
socks5Version = 0x05
socks4Version = 0x04
cmdTCPConnect = 0x01
cmdTCPBind = 0x02
cmdUDPAssociate = 0x03
cmdTorResolve = 0xF0
cmdTorResolvePTR = 0xF1
2017-01-03 18:43:13 -05:00
socks4RequestGranted = 90
socks4RequestRejected = 91
2017-01-08 17:31:45 -05:00
authNotRequired = 0x00
// authGssAPI = 0x01
2017-01-03 18:43:13 -05:00
authPassword = 0x02
authNoMatchingMethod = 0xFF
statusSuccess = 0x00
statusCmdNotSupport = 0x07
)
2018-02-23 17:42:01 -05:00
var addrParser = protocol.NewAddressParser(
protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),
protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
)
2017-01-03 18:43:13 -05:00
type ServerSession struct {
config *ServerConfig
address net.Address
port net.Port
clientAddress net.Address
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
func (s *ServerSession) handshake4(cmd byte, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
if s.config.AuthType == AuthType_PASSWORD {
writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))
2018-11-15 17:37:53 -05:00
return nil, newError("socks 4 is not allowed when auth is required.")
}
2018-03-09 05:26:00 -05:00
2018-11-15 17:37:53 -05:00
var port net.Port
var address net.Address
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
{
buffer := buf.StackNew()
if _, err := buffer.ReadFullFrom(reader, 6); err != nil {
buffer.Release()
return nil, newError("insufficient header").Base(err)
}
port = net.PortFromBytes(buffer.BytesRange(0, 2))
address = net.IPAddress(buffer.BytesRange(2, 6))
buffer.Release()
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
if _, err := ReadUntilNull(reader); /* user id */ err != nil {
return nil, err
}
if address.IP()[0] == 0x00 {
domain, err := ReadUntilNull(reader)
if err != nil {
return nil, newError("failed to read domain for socks 4a").Base(err)
2018-02-23 07:55:56 -05:00
}
2018-11-15 17:37:53 -05:00
address = net.DomainAddress(domain)
}
2018-02-23 07:55:56 -05:00
2018-11-15 17:37:53 -05:00
switch cmd {
case cmdTCPConnect:
request := &protocol.RequestHeader{
Command: protocol.RequestCommandTCP,
Address: address,
Port: port,
Version: socks4Version,
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
if err := writeSocks4Response(writer, socks4RequestGranted, net.AnyIP, net.Port(0)); err != nil {
2017-01-03 18:43:13 -05:00
return nil, err
}
2018-11-15 17:37:53 -05:00
return request, nil
default:
writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))
2018-11-15 17:37:53 -05:00
return nil, newError("unsupported command: ", cmd)
}
}
2017-01-03 18:43:13 -05:00
func (s *ServerSession) auth5(nMethod byte, reader io.Reader, writer io.Writer) (username string, err error) {
2018-11-15 17:37:53 -05:00
buffer := buf.StackNew()
defer buffer.Release()
if _, err = buffer.ReadFullFrom(reader, int32(nMethod)); err != nil {
return "", newError("failed to read auth methods").Base(err)
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
var expectedAuth byte = authNotRequired
if s.config.AuthType == AuthType_PASSWORD {
expectedAuth = authPassword
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
if !hasAuthMethod(expectedAuth, buffer.BytesRange(0, int32(nMethod))) {
writeSocks5AuthenticationResponse(writer, socks5Version, authNoMatchingMethod)
return "", newError("no matching auth method")
2018-11-15 17:37:53 -05:00
}
if err := writeSocks5AuthenticationResponse(writer, socks5Version, expectedAuth); err != nil {
return "", newError("failed to write auth response").Base(err)
2018-11-15 17:37:53 -05:00
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
if expectedAuth == authPassword {
username, password, err := ReadUsernamePassword(reader)
if err != nil {
return "", newError("failed to read username and password for authentication").Base(err)
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
if !s.config.HasAccount(username, password) {
writeSocks5AuthenticationResponse(writer, 0x01, 0xFF)
return "", newError("invalid username or password")
2017-01-07 19:06:35 -05:00
}
2018-11-15 17:37:53 -05:00
if err := writeSocks5AuthenticationResponse(writer, 0x01, 0x00); err != nil {
return "", newError("failed to write auth response").Base(err)
2018-11-15 17:37:53 -05:00
}
return username, nil
2018-11-15 17:37:53 -05:00
}
2017-01-17 04:22:18 -05:00
return "", nil
2018-11-15 17:37:53 -05:00
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
func (s *ServerSession) handshake5(nMethod byte, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
var (
username string
err error
)
if username, err = s.auth5(nMethod, reader, writer); err != nil {
2018-11-15 17:37:53 -05:00
return nil, err
}
2018-11-02 10:01:33 -04:00
2018-11-15 17:37:53 -05:00
var cmd byte
{
buffer := buf.StackNew()
2018-11-02 10:01:33 -04:00
if _, err := buffer.ReadFullFrom(reader, 3); err != nil {
2018-11-15 17:37:53 -05:00
buffer.Release()
2017-04-08 19:43:25 -04:00
return nil, newError("failed to read request").Base(err)
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
cmd = buffer.Byte(1)
buffer.Release()
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
request := new(protocol.RequestHeader)
if username != "" {
request.User = &protocol.MemoryUser{Email: username}
}
2018-11-15 17:37:53 -05:00
switch cmd {
case cmdTCPConnect, cmdTorResolve, cmdTorResolvePTR:
// We don't have a solution for Tor case now. Simply treat it as connect command.
request.Command = protocol.RequestCommandTCP
case cmdUDPAssociate:
2018-11-15 17:37:53 -05:00
if !s.config.UdpEnabled {
writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
2018-11-15 17:37:53 -05:00
return nil, newError("UDP is not enabled.")
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
request.Command = protocol.RequestCommandUDP
case cmdTCPBind:
writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
2018-11-15 17:37:53 -05:00
return nil, newError("TCP bind is not supported.")
default:
writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
2018-11-15 17:37:53 -05:00
return nil, newError("unknown command ", cmd)
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
request.Version = socks5Version
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
addr, port, err := addrParser.ReadAddressPort(nil, reader)
if err != nil {
return nil, newError("failed to read address").Base(err)
}
request.Address = addr
request.Port = port
responseAddress := s.address
responsePort := s.port
//nolint:gocritic // Use if else chain for clarity
2018-11-15 17:37:53 -05:00
if request.Command == protocol.RequestCommandUDP {
if s.config.Address != nil {
// Use configured IP as remote address in the response to UdpAssociate
responseAddress = s.config.Address.AsAddress()
} else if s.clientAddress == net.LocalHostIP || s.clientAddress == net.LocalHostIPv6 {
// For localhost clients use loopback IP
responseAddress = s.clientAddress
} else {
// For non-localhost clients use inbound listening address
responseAddress = s.address
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
}
if err := writeSocks5Response(writer, statusSuccess, responseAddress, responsePort); err != nil {
return nil, err
}
2017-01-03 18:43:13 -05:00
2018-11-15 17:37:53 -05:00
return request, nil
}
// Handshake performs a Socks4/4a/5 handshake.
func (s *ServerSession) Handshake(reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
buffer := buf.StackNew()
if _, err := buffer.ReadFullFrom(reader, 2); err != nil {
buffer.Release()
return nil, newError("insufficient header").Base(err)
2017-01-03 18:43:13 -05:00
}
2018-11-15 17:37:53 -05:00
version := buffer.Byte(0)
cmd := buffer.Byte(1)
buffer.Release()
switch version {
case socks4Version:
return s.handshake4(cmd, reader, writer)
case socks5Version:
return s.handshake5(cmd, reader, writer)
default:
return nil, newError("unknown Socks version: ", version)
}
2017-01-03 18:43:13 -05:00
}
// ReadUsernamePassword reads Socks 5 username/password message from the given reader.
// +----+------+----------+------+----------+
// |VER | ULEN | UNAME | PLEN | PASSWD |
// +----+------+----------+------+----------+
// | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
// +----+------+----------+------+----------+
func ReadUsernamePassword(reader io.Reader) (string, string, error) {
2018-11-15 15:32:27 -05:00
buffer := buf.StackNew()
2017-01-03 18:43:13 -05:00
defer buffer.Release()
2018-11-02 10:01:33 -04:00
if _, err := buffer.ReadFullFrom(reader, 2); err != nil {
2017-01-03 18:43:13 -05:00
return "", "", err
}
2018-04-01 18:44:47 -04:00
nUsername := int32(buffer.Byte(1))
2017-01-03 18:43:13 -05:00
2018-11-02 10:01:33 -04:00
buffer.Clear()
if _, err := buffer.ReadFullFrom(reader, nUsername); err != nil {
2017-01-03 18:43:13 -05:00
return "", "", err
}
username := buffer.String()
2018-11-02 10:01:33 -04:00
buffer.Clear()
if _, err := buffer.ReadFullFrom(reader, 1); err != nil {
2017-01-03 18:43:13 -05:00
return "", "", err
}
2018-04-01 18:44:47 -04:00
nPassword := int32(buffer.Byte(0))
2018-11-02 10:01:33 -04:00
buffer.Clear()
if _, err := buffer.ReadFullFrom(reader, nPassword); err != nil {
2017-01-03 18:43:13 -05:00
return "", "", err
}
password := buffer.String()
return username, password, nil
}
// ReadUntilNull reads content from given reader, until a null (0x00) byte.
func ReadUntilNull(reader io.Reader) (string, error) {
2018-11-15 15:32:27 -05:00
b := buf.StackNew()
defer b.Release()
2017-01-03 18:43:13 -05:00
for {
_, err := b.ReadFullFrom(reader, 1)
2017-01-03 18:43:13 -05:00
if err != nil {
return "", err
}
if b.Byte(b.Len()-1) == 0x00 {
b.Resize(0, b.Len()-1)
return b.String(), nil
2017-01-03 18:43:13 -05:00
}
if b.IsFull() {
2017-04-08 19:43:25 -04:00
return "", newError("buffer overrun")
2017-01-03 18:43:13 -05:00
}
}
}
func hasAuthMethod(expectedAuth byte, authCandidates []byte) bool {
for _, a := range authCandidates {
if a == expectedAuth {
return true
}
}
return false
}
2017-01-29 02:25:01 -05:00
func writeSocks5AuthenticationResponse(writer io.Writer, version byte, auth byte) error {
2018-07-28 09:03:40 -04:00
return buf.WriteAllBytes(writer, []byte{version, auth})
2017-01-03 18:43:13 -05:00
}
func writeSocks5Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {
2018-03-09 05:26:00 -05:00
buffer := buf.New()
defer buffer.Release()
2018-11-14 16:55:20 -05:00
common.Must2(buffer.Write([]byte{socks5Version, errCode, 0x00 /* reserved */}))
2018-02-23 17:42:01 -05:00
if err := addrParser.WriteAddressPort(buffer, address, port); err != nil {
2017-09-18 19:39:33 -04:00
return err
}
2017-01-03 18:43:13 -05:00
2018-07-28 09:03:40 -04:00
return buf.WriteAllBytes(writer, buffer.Bytes())
2017-01-03 18:43:13 -05:00
}
func writeSocks4Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {
2018-11-15 17:37:53 -05:00
buffer := buf.StackNew()
2018-03-09 05:26:00 -05:00
defer buffer.Release()
2018-11-14 16:55:20 -05:00
common.Must(buffer.WriteByte(0x00))
common.Must(buffer.WriteByte(errCode))
2018-11-15 17:37:53 -05:00
portBytes := buffer.Extend(2)
binary.BigEndian.PutUint16(portBytes, port.Value())
2018-05-25 20:01:48 -04:00
common.Must2(buffer.Write(address.IP()))
2018-07-28 09:03:40 -04:00
return buf.WriteAllBytes(writer, buffer.Bytes())
2017-01-03 18:43:13 -05:00
}
2017-01-07 15:57:24 -05:00
2018-02-23 17:42:01 -05:00
func DecodeUDPPacket(packet *buf.Buffer) (*protocol.RequestHeader, error) {
if packet.Len() < 5 {
return nil, newError("insufficient length of packet.")
2017-01-07 15:57:24 -05:00
}
request := &protocol.RequestHeader{
Version: socks5Version,
Command: protocol.RequestCommandUDP,
}
// packet[0] and packet[1] are reserved
2018-02-23 17:42:01 -05:00
if packet.Byte(2) != 0 /* fragments */ {
return nil, newError("discarding fragmented payload.")
2017-01-07 15:57:24 -05:00
}
packet.Advance(3)
2017-01-07 15:57:24 -05:00
2018-02-23 17:42:01 -05:00
addr, port, err := addrParser.ReadAddressPort(nil, packet)
if err != nil {
return nil, newError("failed to read UDP header").Base(err)
2017-01-07 15:57:24 -05:00
}
2018-02-23 17:42:01 -05:00
request.Address = addr
request.Port = port
return request, nil
2017-01-07 15:57:24 -05:00
}
2017-09-18 19:39:33 -04:00
func EncodeUDPPacket(request *protocol.RequestHeader, data []byte) (*buf.Buffer, error) {
2017-04-15 15:19:21 -04:00
b := buf.New()
2018-11-14 16:55:20 -05:00
common.Must2(b.Write([]byte{0, 0, 0 /* Fragment */}))
2018-02-23 17:42:01 -05:00
if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {
2018-03-09 05:26:00 -05:00
b.Release()
2017-09-18 19:39:33 -04:00
return nil, err
}
2018-05-25 20:01:48 -04:00
common.Must2(b.Write(data))
2017-09-18 19:39:33 -04:00
return b, nil
2017-01-07 15:57:24 -05:00
}
2017-01-07 19:06:35 -05:00
2021-12-29 07:12:58 -05:00
func EncodeUDPPacketFromAddress(address net.Destination, data []byte) (*buf.Buffer, error) {
b := buf.New()
common.Must2(b.Write([]byte{0, 0, 0 /* Fragment */}))
if err := addrParser.WriteAddressPort(b, address.Address, address.Port); err != nil {
b.Release()
return nil, err
}
common.Must2(b.Write(data))
return b, nil
}
2017-01-07 19:06:35 -05:00
type UDPReader struct {
reader io.Reader
}
2017-01-08 10:31:28 -05:00
func NewUDPReader(reader io.Reader) *UDPReader {
return &UDPReader{reader: reader}
}
2017-11-09 16:33:15 -05:00
func (r *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
2017-04-15 15:19:21 -04:00
b := buf.New()
2018-11-02 10:01:33 -04:00
if _, err := b.ReadFrom(r.reader); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
2018-02-23 17:42:01 -05:00
if _, err := DecodeUDPPacket(b); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
2018-11-16 05:08:12 -05:00
return buf.MultiBuffer{b}, nil
2017-01-07 19:06:35 -05:00
}
2021-12-31 16:22:16 -05:00
func (r *UDPReader) ReadFrom(p []byte) (n int, addr gonet.Addr, err error) {
2021-12-31 08:16:11 -05:00
buffer := buf.New()
2021-12-31 16:22:16 -05:00
_, err = buffer.ReadFrom(r.reader)
2021-12-31 08:16:11 -05:00
if err != nil {
buffer.Release()
return 0, nil, err
}
req, err := DecodeUDPPacket(buffer)
if err != nil {
buffer.Release()
return 0, nil, err
}
n = copy(p, buffer.Bytes())
buffer.Release()
return n, &gonet.UDPAddr{IP: req.Address.IP(), Port: int(req.Port)}, nil
}
2017-01-07 19:06:35 -05:00
type UDPWriter struct {
request *protocol.RequestHeader
writer io.Writer
}
2017-01-08 10:31:28 -05:00
func NewUDPWriter(request *protocol.RequestHeader, writer io.Writer) *UDPWriter {
return &UDPWriter{
request: request,
writer: writer,
}
}
2017-04-21 09:36:05 -04:00
// Write implements io.Writer.
2017-04-21 08:51:09 -04:00
func (w *UDPWriter) Write(b []byte) (int, error) {
2017-09-18 19:39:33 -04:00
eb, err := EncodeUDPPacket(w.request, b)
if err != nil {
return 0, err
}
2017-04-21 08:51:09 -04:00
defer eb.Release()
if _, err := w.writer.Write(eb.Bytes()); err != nil {
return 0, err
2017-01-07 19:06:35 -05:00
}
2017-04-21 08:51:09 -04:00
return len(b), nil
2017-01-07 19:06:35 -05:00
}
2021-12-31 08:16:11 -05:00
func (w *UDPWriter) WriteTo(payload []byte, addr gonet.Addr) (n int, err error) {
request := *w.request
udpAddr := addr.(*gonet.UDPAddr)
request.Command = protocol.RequestCommandUDP
request.Address = net.IPAddress(udpAddr.IP)
request.Port = net.Port(udpAddr.Port)
packet, err := EncodeUDPPacket(&request, payload)
if err != nil {
return 0, err
}
_, err = w.writer.Write(packet.Bytes())
packet.Release()
return len(payload), err
}
2017-01-07 19:06:35 -05:00
func ClientHandshake(request *protocol.RequestHeader, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
authByte := byte(authNotRequired)
if request.User != nil {
authByte = byte(authPassword)
}
2018-03-09 05:26:00 -05:00
b := buf.New()
defer b.Release()
2018-11-14 16:55:20 -05:00
common.Must2(b.Write([]byte{socks5Version, 0x01, authByte}))
if authByte == authPassword {
2018-08-26 18:11:32 -04:00
account := request.User.Account.(*Account)
2018-11-14 16:55:20 -05:00
common.Must(b.WriteByte(0x01))
common.Must(b.WriteByte(byte(len(account.Username))))
common.Must2(b.WriteString(account.Username))
common.Must(b.WriteByte(byte(len(account.Password))))
common.Must2(b.WriteString(account.Password))
}
2018-07-28 09:03:40 -04:00
if err := buf.WriteAllBytes(writer, b.Bytes()); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
2018-11-02 10:01:33 -04:00
b.Clear()
if _, err := b.ReadFullFrom(reader, 2); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
if b.Byte(0) != socks5Version {
2017-04-09 07:30:46 -04:00
return nil, newError("unexpected server version: ", b.Byte(0)).AtWarning()
2017-01-07 19:06:35 -05:00
}
if b.Byte(1) != authByte {
2017-04-09 07:30:46 -04:00
return nil, newError("auth method not supported.").AtWarning()
2017-01-07 19:06:35 -05:00
}
if authByte == authPassword {
2018-11-02 10:01:33 -04:00
b.Clear()
if _, err := b.ReadFullFrom(reader, 2); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
if b.Byte(1) != 0x00 {
2017-04-09 07:30:46 -04:00
return nil, newError("server rejects account: ", b.Byte(1))
2017-01-07 19:06:35 -05:00
}
}
b.Clear()
command := byte(cmdTCPConnect)
if request.Command == protocol.RequestCommandUDP {
command = byte(cmdUDPAssociate)
2017-01-07 19:06:35 -05:00
}
2018-11-14 16:55:20 -05:00
common.Must2(b.Write([]byte{socks5Version, command, 0x00 /* reserved */}))
2018-02-23 17:42:01 -05:00
if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {
return nil, err
}
2018-07-28 09:03:40 -04:00
if err := buf.WriteAllBytes(writer, b.Bytes()); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
b.Clear()
2018-11-02 10:01:33 -04:00
if _, err := b.ReadFullFrom(reader, 3); err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
resp := b.Byte(1)
if resp != 0x00 {
2017-04-09 07:30:46 -04:00
return nil, newError("server rejects request: ", resp)
2017-01-07 19:06:35 -05:00
}
b.Clear()
2018-02-23 17:42:01 -05:00
address, port, err := addrParser.ReadAddressPort(b, reader)
if err != nil {
2017-01-07 19:06:35 -05:00
return nil, err
}
if request.Command == protocol.RequestCommandUDP {
udpRequest := &protocol.RequestHeader{
Version: socks5Version,
Command: protocol.RequestCommandUDP,
Address: address,
Port: port,
}
return udpRequest, nil
}
return nil, nil
}