fix shadowsocks udp ota

2024-11-04 09:17:32 -05:00 · 2016-01-29 21:55:42 +01:00 · 2016-01-29 21:55:42 +01:00 · be10ca7e09
commit be10ca7e09
parent e9c784d4bd
3 changed files with 71 additions and 19 deletions
--- a/proxy/shadowsocks/protocol.go
+++ b/proxy/shadowsocks/protocol.go
@ -20,9 +20,10 @@ type Request struct {
 	Address    v2net.Address
 	Port       v2net.Port
 	OTA        bool
+	UDPPayload *alloc.Buffer
 }

-func ReadRequest(reader io.Reader, auth *Authenticator) (*Request, error) {
+func ReadRequest(reader io.Reader, auth *Authenticator, udp bool) (*Request, error) {
 	buffer := alloc.NewSmallBuffer()
 	defer buffer.Release()

@ -85,14 +86,33 @@ func ReadRequest(reader io.Reader, auth *Authenticator) (*Request, error) {
 	request.Port = v2net.PortFromBytes(buffer.Value[lenBuffer : lenBuffer+2])
 	lenBuffer += 2

+	var authBytes []byte
+
+	if udp {
+		nBytes, err := reader.Read(buffer.Value[lenBuffer:])
+		if err != nil {
+			log.Error("Shadowsocks: Failed to read UDP payload: ", err)
+		}
+		buffer.Slice(0, lenBuffer+nBytes)
 		if request.OTA {
-		authBytes := buffer.Value[lenBuffer : lenBuffer+AuthSize]
+			authBytes = buffer.Value[lenBuffer+nBytes-AuthSize:]
+			request.UDPPayload = alloc.NewSmallBuffer().Clear().Append(buffer.Value[lenBuffer : lenBuffer+nBytes-AuthSize])
+			lenBuffer = lenBuffer + nBytes - AuthSize
+		} else {
+			request.UDPPayload = alloc.NewSmallBuffer().Clear().Append(buffer.Value[lenBuffer:])
+		}
+	} else {
+		if request.OTA {
+			authBytes = buffer.Value[lenBuffer : lenBuffer+AuthSize]
 			_, err = io.ReadFull(reader, authBytes)
 			if err != nil {
 				log.Error("Shadowsocks: Failed to read OTA: ", err)
 				return nil, transport.CorruptedPacket
 			}
+		}
+	}

+	if request.OTA {
 		actualAuth := auth.Authenticate(nil, buffer.Value[0:lenBuffer])
 		if !serial.BytesLiteral(actualAuth).Equals(serial.BytesLiteral(authBytes)) {
 			log.Error("Shadowsocks: Invalid OTA: ", actualAuth)
--- a/proxy/shadowsocks/protocol_test.go
+++ b/proxy/shadowsocks/protocol_test.go
@ -17,7 +17,7 @@ func TestNormalRequestParsing(t *testing.T) {
 	buffer := alloc.NewSmallBuffer().Clear()
 	buffer.AppendBytes(1, 127, 0, 0, 1, 0, 80)

-	request, err := ReadRequest(buffer, nil)
+	request, err := ReadRequest(buffer, nil, false)
 	assert.Error(err).IsNil()
 	netassert.Address(request.Address).Equals(v2net.IPAddress([]byte{127, 0, 0, 1}))
 	netassert.Port(request.Port).Equals(v2net.Port(80))
@ -33,8 +33,42 @@ func TestOTARequest(t *testing.T) {
 	auth := NewAuthenticator(HeaderKeyGenerator(
 		[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5},
 		[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5}))
-	request, err := ReadRequest(buffer, auth)
+	request, err := ReadRequest(buffer, auth, false)
 	assert.Error(err).IsNil()
 	netassert.Address(request.Address).Equals(v2net.DomainAddress("www.v2ray.com"))
 	assert.Bool(request.OTA).IsTrue()
 }
+
+func TestUDPRequestParsing(t *testing.T) {
+	v2testing.Current(t)
+
+	buffer := alloc.NewSmallBuffer().Clear()
+	buffer.AppendBytes(1, 127, 0, 0, 1, 0, 80, 1, 2, 3, 4, 5, 6)
+
+	request, err := ReadRequest(buffer, nil, true)
+	assert.Error(err).IsNil()
+	netassert.Address(request.Address).Equals(v2net.IPAddress([]byte{127, 0, 0, 1}))
+	netassert.Port(request.Port).Equals(v2net.Port(80))
+	assert.Bool(request.OTA).IsFalse()
+	assert.Bytes(request.UDPPayload.Value).Equals([]byte{1, 2, 3, 4, 5, 6})
+}
+
+func TestUDPRequestWithOTA(t *testing.T) {
+	v2testing.Current(t)
+
+	buffer := alloc.NewSmallBuffer().Clear()
+	buffer.AppendBytes(
+		0x13, 13, 119, 119, 119, 46, 118, 50, 114, 97, 121, 46, 99, 111, 109, 0, 0,
+		1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0,
+		58, 32, 223, 30, 57, 199, 50, 139, 143, 101)
+
+	auth := NewAuthenticator(HeaderKeyGenerator(
+		[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5},
+		[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 1, 2, 3, 4, 5}))
+	request, err := ReadRequest(buffer, auth, true)
+	assert.Error(err).IsNil()
+	netassert.Address(request.Address).Equals(v2net.DomainAddress("www.v2ray.com"))
+	assert.Bool(request.OTA).IsTrue()
+	assert.Bytes(request.UDPPayload.Value).Equals([]byte{
+		1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0})
+}
--- a/proxy/shadowsocks/shadowsocks.go
+++ b/proxy/shadowsocks/shadowsocks.go
@ -85,14 +85,12 @@ func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, dest v2net.Des
 		return
 	}

-	request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)))
+	request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(key, iv)), true)
 	if err != nil {
 		return
 	}

-	buffer, _ := v2io.ReadFrom(reader, nil)
-
-	packet := v2net.NewPacket(v2net.TCPDestination(request.Address, request.Port), buffer, false)
+	packet := v2net.NewPacket(v2net.TCPDestination(request.Address, request.Port), request.UDPPayload, false)
 	ray := this.space.PacketDispatcher().DispatchToOutbound(packet)
 	close(ray.InboundInput())

@ -126,7 +124,7 @@ func (this *Shadowsocks) handlerUDPPayload(payload *alloc.Buffer, dest v2net.Des

 		if request.OTA {
 			respAuth := NewAuthenticator(HeaderKeyGenerator(key, respIv))
-			respAuth.Authenticate(buffer.Value, buffer.Value[this.config.Cipher.IVSize():])
+			respAuth.Authenticate(response.Value, response.Value[this.config.Cipher.IVSize():])
 		}

 		this.udpHub.WriteTo(response.Value, dest)
@ -155,7 +153,7 @@ func (this *Shadowsocks) handleConnection(conn *hub.TCPConn) {
 		return
 	}

-	request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(iv, key)))
+	request, err := ReadRequest(reader, NewAuthenticator(HeaderKeyGenerator(iv, key)), false)
 	if err != nil {
 		return
 	}