From 8a1777ce62b794cf9130df37cea7d9ef81f2cc43 Mon Sep 17 00:00:00 2001
From: Shelikhoo <xiaokangwang@outlook.com>
Date: Sat, 18 Nov 2023 23:20:27 +0000
Subject: [PATCH] implement ss2022 client timestamp check as per spec

---
 proxy/shadowsocks2022/client_session.go | 9 +++++++++
 proxy/shadowsocks2022/encoding.go       | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/proxy/shadowsocks2022/client_session.go b/proxy/shadowsocks2022/client_session.go
index 4acd83637..9c70c008c 100644
--- a/proxy/shadowsocks2022/client_session.go
+++ b/proxy/shadowsocks2022/client_session.go
@@ -73,6 +73,15 @@ func (c *ClientUDPSession) KeepReading() {
 				newError("unable to decode udp response").Base(err).WriteToLog()
 				continue
 			}
+
+			{
+				timeDifference := int64(udpResp.TimeStamp) - time.Now().Unix()
+				if timeDifference < -30 || timeDifference > 30 {
+					newError("udp packet timestamp difference too large, packet discarded").WriteToLog()
+					continue
+				}
+			}
+
 			c.locker.Lock()
 			session, ok := c.sessionMap[string(udpResp.ClientSessionID[:])]
 			if ok {
diff --git a/proxy/shadowsocks2022/encoding.go b/proxy/shadowsocks2022/encoding.go
index 9d30b08f5..70d78e06c 100644
--- a/proxy/shadowsocks2022/encoding.go
+++ b/proxy/shadowsocks2022/encoding.go
@@ -203,7 +203,7 @@ func (t *TCPRequest) DecodeTCPResponseHeader(effectivePsk []byte, In io.Reader)
 		return newError("unexpected TCP header type")
 	}
 	timeDifference := int64(fixedLengthHeader.Timestamp) - time.Now().Unix()
-	if timeDifference < -60 || timeDifference > 60 {
+	if timeDifference < -30 || timeDifference > 30 {
 		return newError("timestamp is too far away")
 	}