use shadowsocket's bloomring for shadowsocket's replay protection

common/antireplay/bloomring.go

@@ -0,0 +1,35 @@
+package antireplay
+
+import (
+	ss_bloomring "github.com/v2fly/ss-bloomring"
+	"sync"
+)
+
+type BloomRing struct {
+	*ss_bloomring.BloomRing
+	lock *sync.Mutex
+}
+
+func (b BloomRing) Interval() int64 {
+	return 9999999
+}
+
+func (b BloomRing) Check(sum []byte) bool {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+	if b.Test(sum) {
+		return false
+	}
+	b.Add(sum)
+	return true
+}
+
+func NewBloomRing() BloomRing {
+	const (
+		DefaultSFCapacity = 1e6
+		// FalsePositiveRate
+		DefaultSFFPR  = 1e-6
+		DefaultSFSlot = 10
+	)
+	return BloomRing{ss_bloomring.NewBloomRing(DefaultSFSlot, DefaultSFCapacity, DefaultSFFPR), &sync.Mutex{}}
+}

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd
 	github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848
+	github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e
 	go.starlark.net v0.0.0-20210312235212-74c10e2c17dc
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
 	golang.org/x/net v0.0.0-20210326220855-61e056675ecf

go.sum

@@ -139,6 +139,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
+github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c h1:pqy40B3MQWYrza7YZXOXgl0Nf0QGFqrOC0BKae1UNAA=
 github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
@@ -178,6 +180,8 @@ github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd h1:fQ4O/lTTwSP
 github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd/go.mod h1:skmBSeT/GvVqal/eylE9E16x9RC29xFXCbxDLVmatOk=
 github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848 h1:p1UzXK6VAutXFFQMnre66h7g1BjRKUnLv0HfmmRoz7w=
 github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M=
+github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI=
+github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
 github.com/xtaci/smux v1.5.15 h1:6hMiXswcleXj5oNfcJc+DXS8Vj36XX2LaX98udog6Kc=

proxy/shadowsocks/config.go

@@ -96,7 +96,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 		Key:    passwordToCipherKey([]byte(a.Password), Cipher.KeySize()),
 		replayFilter: func() antireplay.GeneralizedReplayFilter {
 			if a.IvCheck {
-				return antireplay.NewReplayFilter(300)
+				return antireplay.NewBloomRing()
 			}
 			return nil
 		}(),