2015-09-08 11:18:55 +00:00
|
|
|
package socks
|
2015-09-07 12:49:40 +00:00
|
|
|
|
|
|
|
|
import (
|
2015-09-17 20:05:47 +00:00
|
|
|
_ "bufio"
|
2015-09-09 10:13:52 +00:00
|
|
|
"errors"
|
2015-09-15 22:06:22 +00:00
|
|
|
"io"
|
2015-09-07 12:49:40 +00:00
|
|
|
"net"
|
2015-09-11 12:12:26 +00:00
|
|
|
"strconv"
|
2015-09-23 12:14:53 +00:00
|
|
|
"sync"
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-10 22:24:18 +00:00
|
|
|
"github.com/v2ray/v2ray-core"
|
2015-09-19 22:50:21 +00:00
|
|
|
"github.com/v2ray/v2ray-core/common/log"
|
2015-09-19 21:54:36 +00:00
|
|
|
v2net "github.com/v2ray/v2ray-core/common/net"
|
|
|
|
|
protocol "github.com/v2ray/v2ray-core/proxy/socks/protocol"
|
2015-09-09 10:13:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
ErrorAuthenticationFailed = errors.New("None of the authentication methods is allowed.")
|
|
|
|
|
ErrorCommandNotSupported = errors.New("Client requested an unsupported command.")
|
2015-09-15 22:06:22 +00:00
|
|
|
ErrorInvalidUser = errors.New("Invalid username or password.")
|
2015-09-07 12:49:40 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// SocksServer is a SOCKS 5 proxy server
|
|
|
|
|
type SocksServer struct {
|
|
|
|
|
accepting bool
|
2015-09-12 20:11:54 +00:00
|
|
|
vPoint *core.Point
|
2015-09-12 09:51:42 +00:00
|
|
|
config SocksConfig
|
2015-09-10 22:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-12 20:11:54 +00:00
|
|
|
func NewSocksServer(vp *core.Point, rawConfig []byte) *SocksServer {
|
2015-09-12 09:51:42 +00:00
|
|
|
config, err := loadConfig(rawConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(log.Error("Unable to load socks config: %v", err))
|
|
|
|
|
}
|
2015-09-16 14:27:36 +00:00
|
|
|
return &SocksServer{
|
|
|
|
|
vPoint: vp,
|
|
|
|
|
config: config,
|
|
|
|
|
}
|
2015-09-07 12:49:40 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-11 12:12:09 +00:00
|
|
|
func (server *SocksServer) Listen(port uint16) error {
|
|
|
|
|
listener, err := net.Listen("tcp", ":"+strconv.Itoa(int(port)))
|
2015-09-07 12:49:40 +00:00
|
|
|
if err != nil {
|
2015-09-12 18:36:21 +00:00
|
|
|
log.Error("Error on listening port %d: %v", port, err)
|
|
|
|
|
return err
|
2015-09-07 12:49:40 +00:00
|
|
|
}
|
2015-09-12 18:36:21 +00:00
|
|
|
log.Debug("Working on tcp:%d", port)
|
2015-09-07 12:49:40 +00:00
|
|
|
server.accepting = true
|
2015-09-07 15:46:17 +00:00
|
|
|
go server.AcceptConnections(listener)
|
2015-09-07 12:49:40 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-16 15:07:05 +00:00
|
|
|
func (server *SocksServer) AcceptConnections(listener net.Listener) {
|
2015-09-07 12:49:40 +00:00
|
|
|
for server.accepting {
|
|
|
|
|
connection, err := listener.Accept()
|
|
|
|
|
if err != nil {
|
2015-09-12 18:36:21 +00:00
|
|
|
log.Error("Error on accepting socks connection: %v", err)
|
2015-09-07 12:49:40 +00:00
|
|
|
}
|
|
|
|
|
go server.HandleConnection(connection)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-07 15:46:17 +00:00
|
|
|
func (server *SocksServer) HandleConnection(connection net.Conn) error {
|
2015-09-09 10:13:52 +00:00
|
|
|
defer connection.Close()
|
2015-09-15 22:06:22 +00:00
|
|
|
|
2015-09-17 20:05:47 +00:00
|
|
|
reader := connection.(io.Reader)
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
auth, auth4, err := protocol.ReadAuthentication(reader)
|
|
|
|
|
if err != nil && err != protocol.ErrorSocksVersion4 {
|
2015-09-12 18:36:21 +00:00
|
|
|
log.Error("Error on reading authentication: %v", err)
|
|
|
|
|
return err
|
2015-09-09 10:13:52 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-20 16:22:29 +00:00
|
|
|
var dest v2net.Destination
|
2015-09-12 09:51:42 +00:00
|
|
|
|
2015-09-17 15:37:04 +00:00
|
|
|
// TODO refactor this part
|
2015-09-19 21:54:36 +00:00
|
|
|
if err == protocol.ErrorSocksVersion4 {
|
|
|
|
|
result := protocol.Socks4RequestGranted
|
|
|
|
|
if auth4.Command == protocol.CmdBind {
|
|
|
|
|
result = protocol.Socks4RequestRejected
|
2015-09-16 15:07:05 +00:00
|
|
|
}
|
2015-09-19 21:54:36 +00:00
|
|
|
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth4.Port, auth4.IP[:])
|
|
|
|
|
protocol.WriteSocks4AuthenticationResponse(connection, socks4Response)
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
if result == protocol.Socks4RequestRejected {
|
2015-09-17 15:37:04 +00:00
|
|
|
return ErrorCommandNotSupported
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-20 16:22:29 +00:00
|
|
|
dest = v2net.NewTCPDestination(v2net.IPAddress(auth4.IP[:], auth4.Port))
|
2015-09-17 15:37:04 +00:00
|
|
|
} else {
|
2015-09-19 21:54:36 +00:00
|
|
|
expectedAuthMethod := protocol.AuthNotRequired
|
2015-09-17 15:37:04 +00:00
|
|
|
if server.config.AuthMethod == JsonAuthMethodUserPass {
|
2015-09-19 21:54:36 +00:00
|
|
|
expectedAuthMethod = protocol.AuthUserPass
|
2015-09-17 15:37:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !auth.HasAuthMethod(expectedAuthMethod) {
|
2015-09-19 21:54:36 +00:00
|
|
|
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
|
|
|
|
|
err = protocol.WriteAuthentication(connection, authResponse)
|
2015-09-17 15:37:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Error on socksio write authentication: %v", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
log.Warning("Client doesn't support allowed any auth methods.")
|
|
|
|
|
return ErrorAuthenticationFailed
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
|
|
|
|
|
err = protocol.WriteAuthentication(connection, authResponse)
|
2015-09-15 22:06:22 +00:00
|
|
|
if err != nil {
|
2015-09-17 15:37:04 +00:00
|
|
|
log.Error("Error on socksio write authentication: %v", err)
|
2015-09-15 22:06:22 +00:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-17 15:37:04 +00:00
|
|
|
if server.config.AuthMethod == JsonAuthMethodUserPass {
|
2015-09-19 21:54:36 +00:00
|
|
|
upRequest, err := protocol.ReadUserPassRequest(reader)
|
2015-09-17 15:37:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Failed to read username and password: %v", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
status := byte(0)
|
|
|
|
|
if !upRequest.IsValid(server.config.Username, server.config.Password) {
|
|
|
|
|
status = byte(0xFF)
|
|
|
|
|
}
|
2015-09-19 21:54:36 +00:00
|
|
|
upResponse := protocol.NewSocks5UserPassResponse(status)
|
|
|
|
|
err = protocol.WriteUserPassResponse(connection, upResponse)
|
2015-09-17 15:37:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Error on socksio write user pass response: %v", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if status != byte(0) {
|
|
|
|
|
return ErrorInvalidUser
|
|
|
|
|
}
|
2015-09-15 22:06:22 +00:00
|
|
|
}
|
2015-09-17 15:37:04 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
request, err := protocol.ReadRequest(reader)
|
2015-09-16 15:07:05 +00:00
|
|
|
if err != nil {
|
2015-09-17 15:37:04 +00:00
|
|
|
log.Error("Error on reading socks request: %v", err)
|
2015-09-16 15:07:05 +00:00
|
|
|
return err
|
|
|
|
|
}
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
response := protocol.NewSocks5Response()
|
2015-09-11 12:12:26 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
|
|
|
|
|
response := protocol.NewSocks5Response()
|
|
|
|
|
response.Error = protocol.ErrorCommandNotSupported
|
|
|
|
|
err = protocol.WriteResponse(connection, response)
|
2015-09-17 15:37:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Error on socksio write response: %v", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
log.Warning("Unsupported socks command %d", request.Command)
|
|
|
|
|
return ErrorCommandNotSupported
|
|
|
|
|
}
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-19 21:54:36 +00:00
|
|
|
response.Error = protocol.ErrorSuccess
|
2015-09-17 15:37:04 +00:00
|
|
|
response.Port = request.Port
|
|
|
|
|
response.AddrType = request.AddrType
|
|
|
|
|
switch response.AddrType {
|
2015-09-19 21:54:36 +00:00
|
|
|
case protocol.AddrTypeIPv4:
|
2015-09-17 15:37:04 +00:00
|
|
|
copy(response.IPv4[:], request.IPv4[:])
|
2015-09-19 21:54:36 +00:00
|
|
|
case protocol.AddrTypeIPv6:
|
2015-09-17 15:37:04 +00:00
|
|
|
copy(response.IPv6[:], request.IPv6[:])
|
2015-09-19 21:54:36 +00:00
|
|
|
case protocol.AddrTypeDomain:
|
2015-09-17 15:37:04 +00:00
|
|
|
response.Domain = request.Domain
|
|
|
|
|
}
|
2015-09-19 21:54:36 +00:00
|
|
|
err = protocol.WriteResponse(connection, response)
|
2015-09-16 15:07:05 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Error on socksio write response: %v", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-09-11 12:12:26 +00:00
|
|
|
|
2015-09-17 15:37:04 +00:00
|
|
|
dest = request.Destination()
|
2015-09-11 12:12:26 +00:00
|
|
|
}
|
2015-09-17 15:37:04 +00:00
|
|
|
|
2015-09-22 12:45:03 +00:00
|
|
|
ray := server.vPoint.DispatchToOutbound(v2net.NewTCPPacket(dest))
|
2015-09-10 22:24:18 +00:00
|
|
|
input := ray.InboundInput()
|
|
|
|
|
output := ray.InboundOutput()
|
2015-09-23 12:14:53 +00:00
|
|
|
var readFinish, writeFinish sync.Mutex
|
|
|
|
|
readFinish.Lock()
|
|
|
|
|
writeFinish.Lock()
|
2015-09-10 22:24:18 +00:00
|
|
|
|
2015-09-23 15:13:50 +00:00
|
|
|
go dumpInput(reader, input, &readFinish)
|
|
|
|
|
go dumpOutput(connection, output, &writeFinish)
|
2015-09-23 12:14:53 +00:00
|
|
|
writeFinish.Lock()
|
2015-09-09 10:13:52 +00:00
|
|
|
|
2015-09-07 12:49:40 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
2015-09-10 22:24:18 +00:00
|
|
|
|
2015-09-23 15:13:50 +00:00
|
|
|
func dumpInput(reader io.Reader, input chan<- []byte, finish *sync.Mutex) {
|
2015-09-15 19:45:04 +00:00
|
|
|
v2net.ReaderToChan(input, reader)
|
2015-09-23 12:14:53 +00:00
|
|
|
finish.Unlock()
|
2015-09-13 18:01:50 +00:00
|
|
|
close(input)
|
2015-09-10 22:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
2015-09-23 15:13:50 +00:00
|
|
|
func dumpOutput(writer io.Writer, output <-chan []byte, finish *sync.Mutex) {
|
2015-09-15 19:45:04 +00:00
|
|
|
v2net.ChanToWriter(writer, output)
|
2015-09-23 12:14:53 +00:00
|
|
|
finish.Unlock()
|
2015-09-10 22:24:18 +00:00
|
|
|
}
|
