From d55d5423fbb5af8203cf97e8ad7539e67df65bae Mon Sep 17 00:00:00 2001 From: Shelikhoo Date: Sat, 13 Mar 2021 10:34:13 +0000 Subject: [PATCH] use shadowsocket's bloomring for shadowsocket's replay protection --- common/antireplay/bloomring.go | 35 ++++++++++++++++++++++++++++++++++ go.mod | 1 + go.sum | 4 ++++ proxy/shadowsocks/config.go | 2 +- 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 common/antireplay/bloomring.go diff --git a/common/antireplay/bloomring.go b/common/antireplay/bloomring.go new file mode 100644 index 000000000..0e0406189 --- /dev/null +++ b/common/antireplay/bloomring.go @@ -0,0 +1,35 @@ +package antireplay + +import ( + ss_bloomring "github.com/v2fly/ss-bloomring" + "sync" +) + +type BloomRing struct { + *ss_bloomring.BloomRing + lock *sync.Mutex +} + +func (b BloomRing) Interval() int64 { + return 9999999 +} + +func (b BloomRing) Check(sum []byte) bool { + b.lock.Lock() + defer b.lock.Unlock() + if b.Test(sum) { + return false + } + b.Add(sum) + return true +} + +func NewBloomRing() BloomRing { + const ( + DefaultSFCapacity = 1e6 + // FalsePositiveRate + DefaultSFFPR = 1e-6 + DefaultSFSlot = 10 + ) + return BloomRing{ss_bloomring.NewBloomRing(DefaultSFSlot, DefaultSFCapacity, DefaultSFFPR), &sync.Mutex{}} +} diff --git a/go.mod b/go.mod index 088f7f505..f8f4cb9fd 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/stretchr/testify v1.7.0 github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848 + github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e go.starlark.net v0.0.0-20210312235212-74c10e2c17dc golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 golang.org/x/net v0.0.0-20210326220855-61e056675ecf diff --git a/go.sum b/go.sum index 6d382f8ea..2f88e8c07 100644 --- a/go.sum +++ b/go.sum @@ -139,6 +139,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg= +github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c h1:pqy40B3MQWYrza7YZXOXgl0Nf0QGFqrOC0BKae1UNAA= github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg= @@ -178,6 +180,8 @@ github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd h1:fQ4O/lTTwSP github.com/v2fly/BrowserBridge v0.0.0-20210327130545-c01e4317fadd/go.mod h1:skmBSeT/GvVqal/eylE9E16x9RC29xFXCbxDLVmatOk= github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848 h1:p1UzXK6VAutXFFQMnre66h7g1BjRKUnLv0HfmmRoz7w= github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848/go.mod h1:p80Bv154ZtrGpXMN15slDCqc9UGmfBuUzheDFBYaW/M= +github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI= +github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/xtaci/smux v1.5.15 h1:6hMiXswcleXj5oNfcJc+DXS8Vj36XX2LaX98udog6Kc= diff --git a/proxy/shadowsocks/config.go b/proxy/shadowsocks/config.go index 48bb12689..45105fd21 100644 --- a/proxy/shadowsocks/config.go +++ b/proxy/shadowsocks/config.go @@ -96,7 +96,7 @@ func (a *Account) AsAccount() (protocol.Account, error) { Key: passwordToCipherKey([]byte(a.Password), Cipher.KeySize()), replayFilter: func() antireplay.GeneralizedReplayFilter { if a.IvCheck { - return antireplay.NewReplayFilter(300) + return antireplay.NewBloomRing() } return nil }(),