mirror of https://github.com/XTLS/Xray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
304 lines
8.5 KiB
304 lines
8.5 KiB
package socks |
|
|
|
import ( |
|
"context" |
|
"io" |
|
"time" |
|
|
|
"github.com/xtls/xray-core/common" |
|
"github.com/xtls/xray-core/common/buf" |
|
"github.com/xtls/xray-core/common/errors" |
|
"github.com/xtls/xray-core/common/log" |
|
"github.com/xtls/xray-core/common/net" |
|
"github.com/xtls/xray-core/common/protocol" |
|
udp_proto "github.com/xtls/xray-core/common/protocol/udp" |
|
"github.com/xtls/xray-core/common/session" |
|
"github.com/xtls/xray-core/common/signal" |
|
"github.com/xtls/xray-core/common/task" |
|
"github.com/xtls/xray-core/core" |
|
"github.com/xtls/xray-core/features/policy" |
|
"github.com/xtls/xray-core/features/routing" |
|
"github.com/xtls/xray-core/proxy/http" |
|
"github.com/xtls/xray-core/transport/internet/stat" |
|
"github.com/xtls/xray-core/transport/internet/udp" |
|
) |
|
|
|
// Server is a SOCKS 5 proxy server |
|
type Server struct { |
|
config *ServerConfig |
|
policyManager policy.Manager |
|
cone bool |
|
udpFilter *UDPFilter |
|
httpServer *http.Server |
|
} |
|
|
|
// NewServer creates a new Server object. |
|
func NewServer(ctx context.Context, config *ServerConfig) (*Server, error) { |
|
v := core.MustFromContext(ctx) |
|
s := &Server{ |
|
config: config, |
|
policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager), |
|
cone: ctx.Value("cone").(bool), |
|
} |
|
httpConfig := &http.ServerConfig{ |
|
UserLevel: config.UserLevel, |
|
} |
|
if config.AuthType == AuthType_PASSWORD { |
|
httpConfig.Accounts = config.Accounts |
|
s.udpFilter = new(UDPFilter) // We only use this when auth is enabled |
|
} |
|
s.httpServer, _ = http.NewServer(ctx, httpConfig) |
|
return s, nil |
|
} |
|
|
|
func (s *Server) policy() policy.Session { |
|
config := s.config |
|
p := s.policyManager.ForLevel(config.UserLevel) |
|
return p |
|
} |
|
|
|
// Network implements proxy.Inbound. |
|
func (s *Server) Network() []net.Network { |
|
list := []net.Network{net.Network_TCP} |
|
if s.config.UdpEnabled { |
|
list = append(list, net.Network_UDP) |
|
} |
|
return list |
|
} |
|
|
|
// Process implements proxy.Inbound. |
|
func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error { |
|
inbound := session.InboundFromContext(ctx) |
|
inbound.Name = "socks" |
|
inbound.CanSpliceCopy = 2 |
|
inbound.User = &protocol.MemoryUser{ |
|
Level: s.config.UserLevel, |
|
} |
|
|
|
switch network { |
|
case net.Network_TCP: |
|
firstbyte := make([]byte, 1) |
|
conn.Read(firstbyte) |
|
if firstbyte[0] != 5 && firstbyte[0] != 4 { // Check if it is Socks5/4/4a |
|
errors.LogDebug(ctx, "Not Socks request, try to parse as HTTP request") |
|
return s.httpServer.ProcessWithFirstbyte(ctx, network, conn, dispatcher, firstbyte...) |
|
} |
|
return s.processTCP(ctx, conn, dispatcher, firstbyte) |
|
case net.Network_UDP: |
|
return s.handleUDPPayload(ctx, conn, dispatcher) |
|
default: |
|
return errors.New("unknown network: ", network) |
|
} |
|
} |
|
|
|
func (s *Server) processTCP(ctx context.Context, conn stat.Connection, dispatcher routing.Dispatcher, firstbyte []byte) error { |
|
plcy := s.policy() |
|
if err := conn.SetReadDeadline(time.Now().Add(plcy.Timeouts.Handshake)); err != nil { |
|
errors.LogInfoInner(ctx, err, "failed to set deadline") |
|
} |
|
|
|
inbound := session.InboundFromContext(ctx) |
|
if inbound == nil || !inbound.Gateway.IsValid() { |
|
return errors.New("inbound gateway not specified") |
|
} |
|
|
|
svrSession := &ServerSession{ |
|
config: s.config, |
|
address: inbound.Gateway.Address, |
|
port: inbound.Gateway.Port, |
|
localAddress: net.IPAddress(conn.LocalAddr().(*net.TCPAddr).IP), |
|
} |
|
|
|
// Firstbyte is for forwarded conn from SOCKS inbound |
|
// Because it needs first byte to choose protocol |
|
// We need to add it back |
|
reader := &buf.BufferedReader{ |
|
Reader: buf.NewReader(conn), |
|
Buffer: buf.MultiBuffer{buf.FromBytes(firstbyte)}, |
|
} |
|
request, err := svrSession.Handshake(reader, conn) |
|
if err != nil { |
|
if inbound.Source.IsValid() { |
|
log.Record(&log.AccessMessage{ |
|
From: inbound.Source, |
|
To: "", |
|
Status: log.AccessRejected, |
|
Reason: err, |
|
}) |
|
} |
|
return errors.New("failed to read request").Base(err) |
|
} |
|
if request.User != nil { |
|
inbound.User.Email = request.User.Email |
|
} |
|
|
|
if err := conn.SetReadDeadline(time.Time{}); err != nil { |
|
errors.LogInfoInner(ctx, err, "failed to clear deadline") |
|
} |
|
|
|
if request.Command == protocol.RequestCommandTCP { |
|
dest := request.Destination() |
|
errors.LogInfo(ctx, "TCP Connect request to ", dest) |
|
if inbound.Source.IsValid() { |
|
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ |
|
From: inbound.Source, |
|
To: dest, |
|
Status: log.AccessAccepted, |
|
Reason: "", |
|
}) |
|
} |
|
|
|
return s.transport(ctx, reader, conn, dest, dispatcher, inbound) |
|
} |
|
|
|
if request.Command == protocol.RequestCommandUDP { |
|
if s.udpFilter != nil { |
|
s.udpFilter.Add(conn.RemoteAddr()) |
|
} |
|
return s.handleUDP(conn) |
|
} |
|
|
|
return nil |
|
} |
|
|
|
func (*Server) handleUDP(c io.Reader) error { |
|
// The TCP connection closes after this method returns. We need to wait until |
|
// the client closes it. |
|
return common.Error2(io.Copy(buf.DiscardBytes, c)) |
|
} |
|
|
|
func (s *Server) transport(ctx context.Context, reader io.Reader, writer io.Writer, dest net.Destination, dispatcher routing.Dispatcher, inbound *session.Inbound) error { |
|
ctx, cancel := context.WithCancel(ctx) |
|
timer := signal.CancelAfterInactivity(ctx, cancel, s.policy().Timeouts.ConnectionIdle) |
|
|
|
if inbound != nil { |
|
inbound.Timer = timer |
|
} |
|
|
|
plcy := s.policy() |
|
ctx = policy.ContextWithBufferPolicy(ctx, plcy.Buffer) |
|
link, err := dispatcher.Dispatch(ctx, dest) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
requestDone := func() error { |
|
defer timer.SetTimeout(plcy.Timeouts.DownlinkOnly) |
|
if err := buf.Copy(buf.NewReader(reader), link.Writer, buf.UpdateActivity(timer)); err != nil { |
|
return errors.New("failed to transport all TCP request").Base(err) |
|
} |
|
|
|
return nil |
|
} |
|
|
|
responseDone := func() error { |
|
defer timer.SetTimeout(plcy.Timeouts.UplinkOnly) |
|
|
|
v2writer := buf.NewWriter(writer) |
|
if err := buf.Copy(link.Reader, v2writer, buf.UpdateActivity(timer)); err != nil { |
|
return errors.New("failed to transport all TCP response").Base(err) |
|
} |
|
|
|
return nil |
|
} |
|
|
|
requestDonePost := task.OnSuccess(requestDone, task.Close(link.Writer)) |
|
if err := task.Run(ctx, requestDonePost, responseDone); err != nil { |
|
common.Interrupt(link.Reader) |
|
common.Interrupt(link.Writer) |
|
return errors.New("connection ends").Base(err) |
|
} |
|
|
|
return nil |
|
} |
|
|
|
func (s *Server) handleUDPPayload(ctx context.Context, conn stat.Connection, dispatcher routing.Dispatcher) error { |
|
if s.udpFilter != nil && !s.udpFilter.Check(conn.RemoteAddr()) { |
|
errors.LogDebug(ctx, "Unauthorized UDP access from ", conn.RemoteAddr().String()) |
|
return nil |
|
} |
|
udpServer := udp.NewDispatcher(dispatcher, func(ctx context.Context, packet *udp_proto.Packet) { |
|
payload := packet.Payload |
|
errors.LogDebug(ctx, "writing back UDP response with ", payload.Len(), " bytes") |
|
|
|
request := protocol.RequestHeaderFromContext(ctx) |
|
if request == nil { |
|
return |
|
} |
|
|
|
if payload.UDP != nil { |
|
request = &protocol.RequestHeader{ |
|
User: request.User, |
|
Address: payload.UDP.Address, |
|
Port: payload.UDP.Port, |
|
} |
|
} |
|
|
|
udpMessage, err := EncodeUDPPacket(request, payload.Bytes()) |
|
payload.Release() |
|
|
|
defer udpMessage.Release() |
|
if err != nil { |
|
errors.LogWarningInner(ctx, err, "failed to write UDP response") |
|
} |
|
|
|
conn.Write(udpMessage.Bytes()) |
|
}) |
|
|
|
inbound := session.InboundFromContext(ctx) |
|
if inbound != nil && inbound.Source.IsValid() { |
|
errors.LogInfo(ctx, "client UDP connection from ", inbound.Source) |
|
} |
|
|
|
var dest *net.Destination |
|
|
|
reader := buf.NewPacketReader(conn) |
|
for { |
|
mpayload, err := reader.ReadMultiBuffer() |
|
if err != nil { |
|
return err |
|
} |
|
|
|
for _, payload := range mpayload { |
|
request, err := DecodeUDPPacket(payload) |
|
if err != nil { |
|
errors.LogInfoInner(ctx, err, "failed to parse UDP request") |
|
payload.Release() |
|
continue |
|
} |
|
|
|
if payload.IsEmpty() { |
|
payload.Release() |
|
continue |
|
} |
|
|
|
destination := request.Destination() |
|
|
|
currentPacketCtx := ctx |
|
errors.LogDebug(ctx, "send packet to ", destination, " with ", payload.Len(), " bytes") |
|
if inbound != nil && inbound.Source.IsValid() { |
|
currentPacketCtx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{ |
|
From: inbound.Source, |
|
To: destination, |
|
Status: log.AccessAccepted, |
|
Reason: "", |
|
}) |
|
} |
|
|
|
payload.UDP = &destination |
|
|
|
if !s.cone || dest == nil { |
|
dest = &destination |
|
} |
|
|
|
currentPacketCtx = protocol.ContextWithRequestHeader(currentPacketCtx, request) |
|
udpServer.Dispatch(currentPacketCtx, *dest, payload) |
|
} |
|
} |
|
} |
|
|
|
func init() { |
|
common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { |
|
return NewServer(ctx, config.(*ServerConfig)) |
|
})) |
|
}
|
|
|