mirror of https://github.com/XTLS/Xray-core
314 lines
8.8 KiB
Go
314 lines
8.8 KiB
Go
package socks
|
|
|
|
import (
|
|
"context"
|
|
goerrors "errors"
|
|
"io"
|
|
"time"
|
|
|
|
"github.com/xtls/xray-core/common"
|
|
"github.com/xtls/xray-core/common/buf"
|
|
"github.com/xtls/xray-core/common/errors"
|
|
"github.com/xtls/xray-core/common/log"
|
|
"github.com/xtls/xray-core/common/net"
|
|
"github.com/xtls/xray-core/common/protocol"
|
|
udp_proto "github.com/xtls/xray-core/common/protocol/udp"
|
|
"github.com/xtls/xray-core/common/session"
|
|
"github.com/xtls/xray-core/common/signal"
|
|
"github.com/xtls/xray-core/common/task"
|
|
"github.com/xtls/xray-core/core"
|
|
"github.com/xtls/xray-core/features/policy"
|
|
"github.com/xtls/xray-core/features/routing"
|
|
"github.com/xtls/xray-core/proxy/http"
|
|
"github.com/xtls/xray-core/transport/internet/stat"
|
|
"github.com/xtls/xray-core/transport/internet/udp"
|
|
)
|
|
|
|
// Server is a SOCKS 5 proxy server
|
|
type Server struct {
|
|
config *ServerConfig
|
|
policyManager policy.Manager
|
|
cone bool
|
|
udpFilter *UDPFilter
|
|
httpServer *http.Server
|
|
}
|
|
|
|
// NewServer creates a new Server object.
|
|
func NewServer(ctx context.Context, config *ServerConfig) (*Server, error) {
|
|
v := core.MustFromContext(ctx)
|
|
s := &Server{
|
|
config: config,
|
|
policyManager: v.GetFeature(policy.ManagerType()).(policy.Manager),
|
|
cone: ctx.Value("cone").(bool),
|
|
}
|
|
httpConfig := &http.ServerConfig{
|
|
UserLevel: config.UserLevel,
|
|
}
|
|
if config.AuthType == AuthType_PASSWORD {
|
|
httpConfig.Accounts = config.Accounts
|
|
s.udpFilter = new(UDPFilter) // We only use this when auth is enabled
|
|
}
|
|
s.httpServer, _ = http.NewServer(ctx, httpConfig)
|
|
return s, nil
|
|
}
|
|
|
|
func (s *Server) policy() policy.Session {
|
|
config := s.config
|
|
p := s.policyManager.ForLevel(config.UserLevel)
|
|
return p
|
|
}
|
|
|
|
// Network implements proxy.Inbound.
|
|
func (s *Server) Network() []net.Network {
|
|
list := []net.Network{net.Network_TCP}
|
|
if s.config.UdpEnabled {
|
|
list = append(list, net.Network_UDP)
|
|
}
|
|
return list
|
|
}
|
|
|
|
// Process implements proxy.Inbound.
|
|
func (s *Server) Process(ctx context.Context, network net.Network, conn stat.Connection, dispatcher routing.Dispatcher) error {
|
|
inbound := session.InboundFromContext(ctx)
|
|
inbound.Name = "socks"
|
|
inbound.CanSpliceCopy = 2
|
|
inbound.User = &protocol.MemoryUser{
|
|
Level: s.config.UserLevel,
|
|
}
|
|
|
|
switch network {
|
|
case net.Network_TCP:
|
|
firstbyte := make([]byte, 1)
|
|
if n, err := conn.Read(firstbyte); n == 0 {
|
|
if goerrors.Is(err, io.EOF) {
|
|
errors.LogInfo(ctx, "Connection closed immediately, likely health check connection")
|
|
return nil
|
|
}
|
|
return errors.New("failed to read from connection").Base(err)
|
|
}
|
|
if firstbyte[0] != 5 && firstbyte[0] != 4 { // Check if it is Socks5/4/4a
|
|
errors.LogDebug(ctx, "Not Socks request, try to parse as HTTP request")
|
|
return s.httpServer.ProcessWithFirstbyte(ctx, network, conn, dispatcher, firstbyte...)
|
|
}
|
|
return s.processTCP(ctx, conn, dispatcher, firstbyte)
|
|
case net.Network_UDP:
|
|
return s.handleUDPPayload(ctx, conn, dispatcher)
|
|
default:
|
|
return errors.New("unknown network: ", network)
|
|
}
|
|
}
|
|
|
|
func (s *Server) processTCP(ctx context.Context, conn stat.Connection, dispatcher routing.Dispatcher, firstbyte []byte) error {
|
|
plcy := s.policy()
|
|
if err := conn.SetReadDeadline(time.Now().Add(plcy.Timeouts.Handshake)); err != nil {
|
|
errors.LogInfoInner(ctx, err, "failed to set deadline")
|
|
}
|
|
|
|
inbound := session.InboundFromContext(ctx)
|
|
if inbound == nil || !inbound.Gateway.IsValid() {
|
|
return errors.New("inbound gateway not specified")
|
|
}
|
|
|
|
svrSession := &ServerSession{
|
|
config: s.config,
|
|
address: inbound.Gateway.Address,
|
|
port: inbound.Gateway.Port,
|
|
localAddress: net.IPAddress(conn.LocalAddr().(*net.TCPAddr).IP),
|
|
}
|
|
|
|
// Firstbyte is for forwarded conn from SOCKS inbound
|
|
// Because it needs first byte to choose protocol
|
|
// We need to add it back
|
|
reader := &buf.BufferedReader{
|
|
Reader: buf.NewReader(conn),
|
|
Buffer: buf.MultiBuffer{buf.FromBytes(firstbyte)},
|
|
}
|
|
request, err := svrSession.Handshake(reader, conn)
|
|
if err != nil {
|
|
if inbound.Source.IsValid() {
|
|
log.Record(&log.AccessMessage{
|
|
From: inbound.Source,
|
|
To: "",
|
|
Status: log.AccessRejected,
|
|
Reason: err,
|
|
})
|
|
}
|
|
return errors.New("failed to read request").Base(err)
|
|
}
|
|
if request.User != nil {
|
|
inbound.User.Email = request.User.Email
|
|
}
|
|
|
|
if err := conn.SetReadDeadline(time.Time{}); err != nil {
|
|
errors.LogInfoInner(ctx, err, "failed to clear deadline")
|
|
}
|
|
|
|
if request.Command == protocol.RequestCommandTCP {
|
|
dest := request.Destination()
|
|
errors.LogInfo(ctx, "TCP Connect request to ", dest)
|
|
if inbound.Source.IsValid() {
|
|
ctx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
|
From: inbound.Source,
|
|
To: dest,
|
|
Status: log.AccessAccepted,
|
|
Reason: "",
|
|
})
|
|
}
|
|
|
|
return s.transport(ctx, reader, conn, dest, dispatcher, inbound)
|
|
}
|
|
|
|
if request.Command == protocol.RequestCommandUDP {
|
|
if s.udpFilter != nil {
|
|
s.udpFilter.Add(conn.RemoteAddr())
|
|
}
|
|
return s.handleUDP(conn)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (*Server) handleUDP(c io.Reader) error {
|
|
// The TCP connection closes after this method returns. We need to wait until
|
|
// the client closes it.
|
|
return common.Error2(io.Copy(buf.DiscardBytes, c))
|
|
}
|
|
|
|
func (s *Server) transport(ctx context.Context, reader io.Reader, writer io.Writer, dest net.Destination, dispatcher routing.Dispatcher, inbound *session.Inbound) error {
|
|
ctx, cancel := context.WithCancel(ctx)
|
|
timer := signal.CancelAfterInactivity(ctx, cancel, s.policy().Timeouts.ConnectionIdle)
|
|
|
|
if inbound != nil {
|
|
inbound.Timer = timer
|
|
}
|
|
|
|
plcy := s.policy()
|
|
ctx = policy.ContextWithBufferPolicy(ctx, plcy.Buffer)
|
|
link, err := dispatcher.Dispatch(ctx, dest)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
requestDone := func() error {
|
|
defer timer.SetTimeout(plcy.Timeouts.DownlinkOnly)
|
|
if err := buf.Copy(buf.NewReader(reader), link.Writer, buf.UpdateActivity(timer)); err != nil {
|
|
return errors.New("failed to transport all TCP request").Base(err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
responseDone := func() error {
|
|
inbound.CanSpliceCopy = 1
|
|
defer timer.SetTimeout(plcy.Timeouts.UplinkOnly)
|
|
|
|
v2writer := buf.NewWriter(writer)
|
|
if err := buf.Copy(link.Reader, v2writer, buf.UpdateActivity(timer)); err != nil {
|
|
return errors.New("failed to transport all TCP response").Base(err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
requestDonePost := task.OnSuccess(requestDone, task.Close(link.Writer))
|
|
if err := task.Run(ctx, requestDonePost, responseDone); err != nil {
|
|
common.Interrupt(link.Reader)
|
|
common.Interrupt(link.Writer)
|
|
return errors.New("connection ends").Base(err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Server) handleUDPPayload(ctx context.Context, conn stat.Connection, dispatcher routing.Dispatcher) error {
|
|
if s.udpFilter != nil && !s.udpFilter.Check(conn.RemoteAddr()) {
|
|
errors.LogDebug(ctx, "Unauthorized UDP access from ", conn.RemoteAddr().String())
|
|
return nil
|
|
}
|
|
udpServer := udp.NewDispatcher(dispatcher, func(ctx context.Context, packet *udp_proto.Packet) {
|
|
payload := packet.Payload
|
|
errors.LogDebug(ctx, "writing back UDP response with ", payload.Len(), " bytes")
|
|
|
|
request := protocol.RequestHeaderFromContext(ctx)
|
|
if request == nil {
|
|
return
|
|
}
|
|
|
|
if payload.UDP != nil {
|
|
request = &protocol.RequestHeader{
|
|
User: request.User,
|
|
Address: payload.UDP.Address,
|
|
Port: payload.UDP.Port,
|
|
}
|
|
}
|
|
|
|
udpMessage, err := EncodeUDPPacket(request, payload.Bytes())
|
|
payload.Release()
|
|
|
|
defer udpMessage.Release()
|
|
if err != nil {
|
|
errors.LogWarningInner(ctx, err, "failed to write UDP response")
|
|
}
|
|
|
|
conn.Write(udpMessage.Bytes())
|
|
})
|
|
|
|
inbound := session.InboundFromContext(ctx)
|
|
if inbound != nil && inbound.Source.IsValid() {
|
|
errors.LogInfo(ctx, "client UDP connection from ", inbound.Source)
|
|
}
|
|
inbound.CanSpliceCopy = 1
|
|
|
|
var dest *net.Destination
|
|
|
|
reader := buf.NewPacketReader(conn)
|
|
for {
|
|
mpayload, err := reader.ReadMultiBuffer()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, payload := range mpayload {
|
|
request, err := DecodeUDPPacket(payload)
|
|
if err != nil {
|
|
errors.LogInfoInner(ctx, err, "failed to parse UDP request")
|
|
payload.Release()
|
|
continue
|
|
}
|
|
|
|
if payload.IsEmpty() {
|
|
payload.Release()
|
|
continue
|
|
}
|
|
|
|
destination := request.Destination()
|
|
|
|
currentPacketCtx := ctx
|
|
errors.LogDebug(ctx, "send packet to ", destination, " with ", payload.Len(), " bytes")
|
|
if inbound != nil && inbound.Source.IsValid() {
|
|
currentPacketCtx = log.ContextWithAccessMessage(ctx, &log.AccessMessage{
|
|
From: inbound.Source,
|
|
To: destination,
|
|
Status: log.AccessAccepted,
|
|
Reason: "",
|
|
})
|
|
}
|
|
|
|
payload.UDP = &destination
|
|
|
|
if !s.cone || dest == nil {
|
|
dest = &destination
|
|
}
|
|
|
|
currentPacketCtx = protocol.ContextWithRequestHeader(currentPacketCtx, request)
|
|
udpServer.Dispatch(currentPacketCtx, *dest, payload)
|
|
}
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
common.Must(common.RegisterConfig((*ServerConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
|
return NewServer(ctx, config.(*ServerConfig))
|
|
}))
|
|
}
|