You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
v2ray-core/proxy/socks/server.go

335 lines
9.2 KiB

package socks
import (
"errors"
9 years ago
"io"
"sync"
9 years ago
"time"
9 years ago
"github.com/v2ray/v2ray-core/app"
"github.com/v2ray/v2ray-core/app/dispatcher"
v2io "github.com/v2ray/v2ray-core/common/io"
"github.com/v2ray/v2ray-core/common/log"
v2net "github.com/v2ray/v2ray-core/common/net"
"github.com/v2ray/v2ray-core/proxy"
"github.com/v2ray/v2ray-core/proxy/registry"
"github.com/v2ray/v2ray-core/proxy/socks/protocol"
"github.com/v2ray/v2ray-core/transport/internet"
"github.com/v2ray/v2ray-core/transport/internet/udp"
)
var (
8 years ago
ErrUnsupportedSocksCommand = errors.New("Unsupported socks command.")
ErrUnsupportedAuthMethod = errors.New("Unsupported auth method.")
)
// Server is a SOCKS 5 proxy server
type Server struct {
tcpMutex sync.RWMutex
udpMutex sync.RWMutex
accepting bool
packetDispatcher dispatcher.PacketDispatcher
config *Config
tcpListener *internet.TCPHub
udpHub *udp.UDPHub
udpAddress v2net.Destination
udpServer *udp.UDPServer
meta *proxy.InboundHandlerMeta
9 years ago
}
// NewServer creates a new Server object.
func NewServer(config *Config, space app.Space, meta *proxy.InboundHandlerMeta) *Server {
s := &Server{
config: config,
meta: meta,
}
space.InitializeApplication(func() error {
if !space.HasApp(dispatcher.APP_ID) {
log.Error("Socks|Server: Dispatcher is not found in the space.")
return app.ErrMissingApplication
}
s.packetDispatcher = space.GetApp(dispatcher.APP_ID).(dispatcher.PacketDispatcher)
return nil
})
return s
}
9 years ago
// Port implements InboundHandler.Port().
func (this *Server) Port() v2net.Port {
return this.meta.Port
}
9 years ago
// Close implements InboundHandler.Close().
func (this *Server) Close() {
this.accepting = false
if this.tcpListener != nil {
this.tcpMutex.Lock()
this.tcpListener.Close()
this.tcpListener = nil
this.tcpMutex.Unlock()
}
if this.udpHub != nil {
this.udpMutex.Lock()
this.udpHub.Close()
this.udpHub = nil
this.udpMutex.Unlock()
}
}
9 years ago
// Listen implements InboundHandler.Listen().
func (this *Server) Start() error {
if this.accepting {
return nil
}
listener, err := internet.ListenTCP(
this.meta.Address,
this.meta.Port,
this.handleConnection,
this.meta.StreamSettings)
if err != nil {
log.Error("Socks: failed to listen on ", this.meta.Address, ":", this.meta.Port, ": ", err)
return err
}
9 years ago
this.accepting = true
this.tcpMutex.Lock()
this.tcpListener = listener
this.tcpMutex.Unlock()
if this.config.UDPEnabled {
this.listenUDP()
}
return nil
}
func (this *Server) handleConnection(connection internet.Connection) {
defer connection.Close()
9 years ago
timedReader := v2net.NewTimeOutReader(this.config.Timeout, connection)
reader := v2io.NewBufferedReader(timedReader)
defer reader.Release()
writer := v2io.NewBufferedWriter(connection)
defer writer.Release()
auth, auth4, err := protocol.ReadAuthentication(reader)
if err != nil && err != protocol.Socks4Downgrade {
9 years ago
if err != io.EOF {
log.Warning("Socks: failed to read authentication: ", err)
}
return
}
clientAddr := v2net.DestinationFromAddr(connection.RemoteAddr())
if err != nil && err == protocol.Socks4Downgrade {
this.handleSocks4(clientAddr, reader, writer, auth4)
} else {
this.handleSocks5(clientAddr, reader, writer, auth)
}
}
func (this *Server) handleSocks5(clientAddr v2net.Destination, reader *v2io.BufferedReader, writer *v2io.BufferedWriter, auth protocol.Socks5AuthenticationRequest) error {
expectedAuthMethod := protocol.AuthNotRequired
if this.config.AuthType == AuthTypePassword {
expectedAuthMethod = protocol.AuthUserPass
}
if !auth.HasAuthMethod(expectedAuthMethod) {
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
err := protocol.WriteAuthentication(writer, authResponse)
writer.Flush()
9 years ago
if err != nil {
9 years ago
log.Warning("Socks: failed to write authentication: ", err)
9 years ago
return err
}
9 years ago
log.Warning("Socks: client doesn't support any allowed auth methods.")
8 years ago
return ErrUnsupportedAuthMethod
}
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
9 years ago
protocol.WriteAuthentication(writer, authResponse)
err := writer.Flush()
if err != nil {
log.Error("Socks: failed to write authentication: ", err)
return err
}
if this.config.AuthType == AuthTypePassword {
upRequest, err := protocol.ReadUserPassRequest(reader)
if err != nil {
9 years ago
log.Warning("Socks: failed to read username and password: ", err)
return err
}
status := byte(0)
9 years ago
if !this.config.HasAccount(upRequest.Username(), upRequest.Password()) {
status = byte(0xFF)
}
upResponse := protocol.NewSocks5UserPassResponse(status)
err = protocol.WriteUserPassResponse(writer, upResponse)
writer.Flush()
if err != nil {
log.Error("Socks: failed to write user pass response: ", err)
return err
}
if status != byte(0) {
log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail())
log.Access(clientAddr, "", log.AccessRejected, proxy.ErrInvalidAuthentication)
return proxy.ErrInvalidAuthentication
}
}
request, err := protocol.ReadRequest(reader)
if err != nil {
9 years ago
log.Warning("Socks: failed to read request: ", err)
return err
}
9 years ago
if request.Command == protocol.CmdUdpAssociate && this.config.UDPEnabled {
9 years ago
return this.handleUDP(reader, writer)
}
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorCommandNotSupported
response.Port = v2net.Port(0)
response.SetIPv4([]byte{0, 0, 0, 0})
response.Write(writer)
writer.Flush()
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
log.Warning("Socks: Unsupported socks command ", request.Command)
8 years ago
return ErrUnsupportedSocksCommand
}
9 years ago
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
9 years ago
// Some SOCKS software requires a value other than dest. Let's fake one:
response.Port = v2net.Port(1717)
9 years ago
response.SetIPv4([]byte{0, 0, 0, 0})
9 years ago
response.Write(writer)
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
reader.SetCached(false)
writer.SetCached(false)
dest := request.Destination()
session := &proxy.SessionInfo{
Source: clientAddr,
Destination: dest,
}
log.Info("Socks: TCP Connect request to ", dest)
log.Access(clientAddr, dest, log.AccessAccepted, "")
9 years ago
this.transport(reader, writer, session)
return nil
}
func (this *Server) handleUDP(reader io.Reader, writer *v2io.BufferedWriter) error {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
udpAddr := this.udpAddress
response.Port = udpAddr.Port()
switch udpAddr.Address().Family() {
case v2net.AddressFamilyIPv4:
response.SetIPv4(udpAddr.Address().IP())
case v2net.AddressFamilyIPv6:
response.SetIPv6(udpAddr.Address().IP())
case v2net.AddressFamilyDomain:
response.SetDomain(udpAddr.Address().Domain())
}
response.Write(writer)
err := writer.Flush()
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
9 years ago
// The TCP connection closes after this method returns. We need to wait until
// the client closes it.
// TODO: get notified from UDP part
<-time.After(5 * time.Minute)
return nil
}
func (this *Server) handleSocks4(clientAddr v2net.Destination, reader *v2io.BufferedReader, writer *v2io.BufferedWriter, auth protocol.Socks4AuthenticationRequest) error {
result := protocol.Socks4RequestGranted
if auth.Command == protocol.CmdBind {
result = protocol.Socks4RequestRejected
9 years ago
}
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:])
socks4Response.Write(writer)
if result == protocol.Socks4RequestRejected {
log.Warning("Socks: Unsupported socks 4 command ", auth.Command)
8 years ago
log.Access(clientAddr, "", log.AccessRejected, ErrUnsupportedSocksCommand)
return ErrUnsupportedSocksCommand
}
reader.SetCached(false)
writer.SetCached(false)
dest := v2net.TCPDestination(v2net.IPAddress(auth.IP[:]), auth.Port)
session := &proxy.SessionInfo{
Source: clientAddr,
Destination: dest,
}
log.Access(clientAddr, dest, log.AccessAccepted, "")
this.transport(reader, writer, session)
return nil
}
func (this *Server) transport(reader io.Reader, writer io.Writer, session *proxy.SessionInfo) {
ray := this.packetDispatcher.DispatchToOutbound(this.meta, session)
9 years ago
input := ray.InboundInput()
output := ray.InboundOutput()
var inputFinish, outputFinish sync.Mutex
inputFinish.Lock()
outputFinish.Lock()
9 years ago
go func() {
v2reader := v2io.NewAdaptiveReader(reader)
defer v2reader.Release()
v2io.Pipe(v2reader, input)
9 years ago
inputFinish.Unlock()
input.Close()
9 years ago
}()
9 years ago
9 years ago
go func() {
v2writer := v2io.NewAdaptiveWriter(writer)
defer v2writer.Release()
v2io.Pipe(output, v2writer)
9 years ago
outputFinish.Unlock()
output.Release()
9 years ago
}()
outputFinish.Lock()
9 years ago
}
9 years ago
type ServerFactory struct{}
func (this *ServerFactory) StreamCapability() internet.StreamConnectionType {
return internet.StreamConnectionTypeRawTCP
}
func (this *ServerFactory) Create(space app.Space, rawConfig interface{}, meta *proxy.InboundHandlerMeta) (proxy.InboundHandler, error) {
return NewServer(rawConfig.(*Config), space, meta), nil
}
9 years ago
func init() {
registry.MustRegisterInboundHandlerCreator("socks", new(ServerFactory))
9 years ago
}