You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
v2ray-core/proxy/socks/socks.go

308 lines
8.2 KiB

package socks
import (
"errors"
"io"
"net"
"sync"
"time"
"github.com/v2ray/v2ray-core/app"
"github.com/v2ray/v2ray-core/common/alloc"
"github.com/v2ray/v2ray-core/common/log"
v2net "github.com/v2ray/v2ray-core/common/net"
"github.com/v2ray/v2ray-core/common/retry"
"github.com/v2ray/v2ray-core/proxy"
"github.com/v2ray/v2ray-core/proxy/socks/protocol"
)
var (
UnsupportedSocksCommand = errors.New("Unsupported socks command.")
UnsupportedAuthMethod = errors.New("Unsupported auth method.")
)
// SocksServer is a SOCKS 5 proxy server
type SocksServer struct {
tcpMutex sync.RWMutex
udpMutex sync.RWMutex
accepting bool
space app.Space
config *Config
tcpListener *net.TCPListener
udpConn *net.UDPConn
udpAddress v2net.Destination
listeningPort v2net.Port
}
func NewSocksServer(space app.Space, config *Config) *SocksServer {
return &SocksServer{
space: space,
config: config,
}
}
func (this *SocksServer) Port() v2net.Port {
return this.listeningPort
}
func (this *SocksServer) Close() {
this.accepting = false
if this.tcpListener != nil {
this.tcpListener.Close()
this.tcpMutex.Lock()
this.tcpListener = nil
this.tcpMutex.Unlock()
}
if this.udpConn != nil {
this.udpConn.Close()
this.udpMutex.Lock()
this.udpConn = nil
this.udpMutex.Unlock()
}
}
func (this *SocksServer) Listen(port v2net.Port) error {
if this.accepting {
if this.listeningPort == port {
return nil
} else {
return proxy.ErrorAlreadyListening
}
}
this.listeningPort = port
listener, err := net.ListenTCP("tcp", &net.TCPAddr{
IP: []byte{0, 0, 0, 0},
Port: int(port),
Zone: "",
})
if err != nil {
log.Error("Socks: failed to listen on port ", port, ": ", err)
return err
}
this.accepting = true
this.tcpMutex.Lock()
this.tcpListener = listener
this.tcpMutex.Unlock()
go this.AcceptConnections()
if this.config.UDPEnabled {
this.ListenUDP(port)
}
return nil
}
func (this *SocksServer) AcceptConnections() {
for this.accepting {
retry.Timed(100 /* times */, 100 /* ms */).On(func() error {
this.tcpMutex.RLock()
defer this.tcpMutex.RUnlock()
if !this.accepting {
return nil
}
connection, err := this.tcpListener.AcceptTCP()
if err != nil {
log.Error("Socks: failed to accept new connection: ", err)
return err
}
go this.HandleConnection(connection)
return nil
})
}
}
func (this *SocksServer) HandleConnection(connection *net.TCPConn) error {
defer connection.Close()
reader := v2net.NewTimeOutReader(120, connection)
auth, auth4, err := protocol.ReadAuthentication(reader)
if err != nil && err != protocol.Socks4Downgrade {
log.Error("Socks: failed to read authentication: ", err)
return err
}
if err != nil && err == protocol.Socks4Downgrade {
return this.handleSocks4(reader, connection, auth4)
} else {
return this.handleSocks5(reader, connection, auth)
}
}
func (this *SocksServer) handleSocks5(reader *v2net.TimeOutReader, writer io.Writer, auth protocol.Socks5AuthenticationRequest) error {
expectedAuthMethod := protocol.AuthNotRequired
if this.config.AuthType == AuthTypePassword {
expectedAuthMethod = protocol.AuthUserPass
}
if !auth.HasAuthMethod(expectedAuthMethod) {
authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks: failed to write authentication: ", err)
return err
}
log.Warning("Socks: client doesn't support allowed any auth methods.")
return UnsupportedAuthMethod
}
authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
err := protocol.WriteAuthentication(writer, authResponse)
if err != nil {
log.Error("Socks: failed to write authentication: ", err)
return err
}
if this.config.AuthType == AuthTypePassword {
upRequest, err := protocol.ReadUserPassRequest(reader)
if err != nil {
log.Error("Socks: failed to read username and password: ", err)
return err
}
status := byte(0)
if !this.config.HasAccount(upRequest.Username(), upRequest.Password()) {
status = byte(0xFF)
}
upResponse := protocol.NewSocks5UserPassResponse(status)
err = protocol.WriteUserPassResponse(writer, upResponse)
if err != nil {
log.Error("Socks: failed to write user pass response: ", err)
return err
}
if status != byte(0) {
log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail())
return proxy.InvalidAuthentication
}
}
request, err := protocol.ReadRequest(reader)
if err != nil {
log.Error("Socks: failed to read request: ", err)
return err
}
if request.Command == protocol.CmdUdpAssociate && this.config.UDPEnabled {
return this.handleUDP(reader, writer)
}
if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorCommandNotSupported
response.Port = v2net.Port(0)
response.SetIPv4([]byte{0, 0, 0, 0})
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err = writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
log.Warning("Socks: Unsupported socks command ", request.Command)
return UnsupportedSocksCommand
}
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
// Some SOCKS software requires a value other than dest. Let's fake one:
response.Port = v2net.Port(1717)
response.SetIPv4([]byte{0, 0, 0, 0})
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err = writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
dest := request.Destination()
log.Info("Socks: TCP Connect request to ", dest)
packet := v2net.NewPacket(dest, nil, true)
this.transport(reader, writer, packet)
return nil
}
func (this *SocksServer) handleUDP(reader *v2net.TimeOutReader, writer io.Writer) error {
response := protocol.NewSocks5Response()
response.Error = protocol.ErrorSuccess
udpAddr := this.udpAddress
response.Port = udpAddr.Port()
switch {
case udpAddr.Address().IsIPv4():
response.SetIPv4(udpAddr.Address().IP())
case udpAddr.Address().IsIPv6():
response.SetIPv6(udpAddr.Address().IP())
case udpAddr.Address().IsDomain():
response.SetDomain(udpAddr.Address().Domain())
}
responseBuffer := alloc.NewSmallBuffer().Clear()
response.Write(responseBuffer)
_, err := writer.Write(responseBuffer.Value)
responseBuffer.Release()
if err != nil {
log.Error("Socks: failed to write response: ", err)
return err
}
reader.SetTimeOut(300) /* 5 minutes */
v2net.ReadFrom(reader, nil) // Just in case of anything left in the socket
// The TCP connection closes after this method returns. We need to wait until
// the client closes it.
// TODO: get notified from UDP part
<-time.After(5 * time.Minute)
return nil
}
func (this *SocksServer) handleSocks4(reader io.Reader, writer io.Writer, auth protocol.Socks4AuthenticationRequest) error {
result := protocol.Socks4RequestGranted
if auth.Command == protocol.CmdBind {
result = protocol.Socks4RequestRejected
}
socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:])
responseBuffer := alloc.NewSmallBuffer().Clear()
socks4Response.Write(responseBuffer)
writer.Write(responseBuffer.Value)
responseBuffer.Release()
if result == protocol.Socks4RequestRejected {
log.Warning("Socks: Unsupported socks 4 command ", auth.Command)
return UnsupportedSocksCommand
}
dest := v2net.TCPDestination(v2net.IPAddress(auth.IP[:]), auth.Port)
packet := v2net.NewPacket(dest, nil, true)
this.transport(reader, writer, packet)
return nil
}
func (this *SocksServer) transport(reader io.Reader, writer io.Writer, firstPacket v2net.Packet) {
ray := this.space.PacketDispatcher().DispatchToOutbound(firstPacket)
input := ray.InboundInput()
output := ray.InboundOutput()
var inputFinish, outputFinish sync.Mutex
inputFinish.Lock()
outputFinish.Lock()
go func() {
v2net.ReaderToChan(input, reader)
inputFinish.Unlock()
close(input)
}()
go func() {
v2net.ChanToWriter(writer, output)
outputFinish.Unlock()
}()
outputFinish.Lock()
}