Feature: support outbound socks5 udp
This commit is contained in:
parent
cec2206774
commit
936ea3aa55
12 changed files with 337 additions and 206 deletions
|
@ -230,5 +230,5 @@ https://clash.gitbook.io/
|
||||||
|
|
||||||
- [x] Complementing the necessary rule operators
|
- [x] Complementing the necessary rule operators
|
||||||
- [x] Redir proxy
|
- [x] Redir proxy
|
||||||
- [ ] UDP support (vmess, outbound socks5)
|
- [ ] UDP support (vmess)
|
||||||
- [ ] Connection manager
|
- [ ] Connection manager
|
||||||
|
|
|
@ -3,8 +3,8 @@ package adapters
|
||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// SocketAdapter is a adapter for socks and redir connection
|
// SocketAdapter is a adapter for socks and redir connection
|
||||||
|
@ -19,7 +19,7 @@ func (s *SocketAdapter) Metadata() *C.Metadata {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewSocket is SocketAdapter generator
|
// NewSocket is SocketAdapter generator
|
||||||
func NewSocket(target socks.Addr, conn net.Conn, source C.SourceType, netType C.NetWork) *SocketAdapter {
|
func NewSocket(target socks5.Addr, conn net.Conn, source C.SourceType, netType C.NetWork) *SocketAdapter {
|
||||||
metadata := parseSocksAddr(target)
|
metadata := parseSocksAddr(target)
|
||||||
metadata.NetWork = netType
|
metadata.NetWork = netType
|
||||||
metadata.Source = source
|
metadata.Source = source
|
||||||
|
|
|
@ -5,24 +5,24 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func parseSocksAddr(target socks.Addr) *C.Metadata {
|
func parseSocksAddr(target socks5.Addr) *C.Metadata {
|
||||||
metadata := &C.Metadata{
|
metadata := &C.Metadata{
|
||||||
AddrType: int(target[0]),
|
AddrType: int(target[0]),
|
||||||
}
|
}
|
||||||
|
|
||||||
switch target[0] {
|
switch target[0] {
|
||||||
case socks.AtypDomainName:
|
case socks5.AtypDomainName:
|
||||||
metadata.Host = string(target[2 : 2+target[1]])
|
metadata.Host = string(target[2 : 2+target[1]])
|
||||||
metadata.Port = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
|
metadata.Port = strconv.Itoa((int(target[2+target[1]]) << 8) | int(target[2+target[1]+1]))
|
||||||
case socks.AtypIPv4:
|
case socks5.AtypIPv4:
|
||||||
ip := net.IP(target[1 : 1+net.IPv4len])
|
ip := net.IP(target[1 : 1+net.IPv4len])
|
||||||
metadata.IP = &ip
|
metadata.IP = &ip
|
||||||
metadata.Port = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
|
metadata.Port = strconv.Itoa((int(target[1+net.IPv4len]) << 8) | int(target[1+net.IPv4len+1]))
|
||||||
case socks.AtypIPv6:
|
case socks5.AtypIPv6:
|
||||||
ip := net.IP(target[1 : 1+net.IPv6len])
|
ip := net.IP(target[1 : 1+net.IPv6len])
|
||||||
metadata.IP = &ip
|
metadata.IP = &ip
|
||||||
metadata.Port = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
|
metadata.Port = strconv.Itoa((int(target[1+net.IPv6len]) << 8) | int(target[1+net.IPv6len+1]))
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
package adapters
|
package adapters
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -11,11 +10,11 @@ import (
|
||||||
"github.com/Dreamacro/clash/common/pool"
|
"github.com/Dreamacro/clash/common/pool"
|
||||||
"github.com/Dreamacro/clash/common/structure"
|
"github.com/Dreamacro/clash/common/structure"
|
||||||
obfs "github.com/Dreamacro/clash/component/simple-obfs"
|
obfs "github.com/Dreamacro/clash/component/simple-obfs"
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
v2rayObfs "github.com/Dreamacro/clash/component/v2ray-plugin"
|
v2rayObfs "github.com/Dreamacro/clash/component/v2ray-plugin"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/core"
|
"github.com/Dreamacro/go-shadowsocks2/core"
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type ShadowSocks struct {
|
type ShadowSocks struct {
|
||||||
|
@ -177,26 +176,6 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func serializesSocksAddr(metadata *C.Metadata) []byte {
|
|
||||||
var buf [][]byte
|
|
||||||
aType := uint8(metadata.AddrType)
|
|
||||||
p, _ := strconv.Atoi(metadata.Port)
|
|
||||||
port := []byte{uint8(p >> 8), uint8(p & 0xff)}
|
|
||||||
switch metadata.AddrType {
|
|
||||||
case socks.AtypDomainName:
|
|
||||||
len := uint8(len(metadata.Host))
|
|
||||||
host := []byte(metadata.Host)
|
|
||||||
buf = [][]byte{{aType, len}, host, port}
|
|
||||||
case socks.AtypIPv4:
|
|
||||||
host := metadata.IP.To4()
|
|
||||||
buf = [][]byte{{aType}, host, port}
|
|
||||||
case socks.AtypIPv6:
|
|
||||||
host := metadata.IP.To16()
|
|
||||||
buf = [][]byte{{aType}, host, port}
|
|
||||||
}
|
|
||||||
return bytes.Join(buf, nil)
|
|
||||||
}
|
|
||||||
|
|
||||||
type ssUDPConn struct {
|
type ssUDPConn struct {
|
||||||
net.PacketConn
|
net.PacketConn
|
||||||
rAddr net.Addr
|
rAddr net.Addr
|
||||||
|
@ -205,7 +184,7 @@ type ssUDPConn struct {
|
||||||
func (uc *ssUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
|
func (uc *ssUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
|
||||||
buf := pool.BufPool.Get().([]byte)
|
buf := pool.BufPool.Get().([]byte)
|
||||||
defer pool.BufPool.Put(buf[:cap(buf)])
|
defer pool.BufPool.Put(buf[:cap(buf)])
|
||||||
rAddr := socks.ParseAddr(uc.rAddr.String())
|
rAddr := socks5.ParseAddr(uc.rAddr.String())
|
||||||
copy(buf[len(rAddr):], b)
|
copy(buf[len(rAddr):], b)
|
||||||
copy(buf, rAddr)
|
copy(buf, rAddr)
|
||||||
return uc.PacketConn.WriteTo(buf[:len(rAddr)+len(b)], addr)
|
return uc.PacketConn.WriteTo(buf[:len(rAddr)+len(b)], addr)
|
||||||
|
@ -213,7 +192,7 @@ func (uc *ssUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
|
||||||
|
|
||||||
func (uc *ssUDPConn) ReadFrom(b []byte) (int, net.Addr, error) {
|
func (uc *ssUDPConn) ReadFrom(b []byte) (int, net.Addr, error) {
|
||||||
n, a, e := uc.PacketConn.ReadFrom(b)
|
n, a, e := uc.PacketConn.ReadFrom(b)
|
||||||
addr := socks.SplitAddr(b[:n])
|
addr := socks5.SplitAddr(b[:n])
|
||||||
copy(b, b[len(addr):])
|
copy(b, b[len(addr):])
|
||||||
return n - len(addr), a, e
|
return n - len(addr), a, e
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,13 @@
|
||||||
package adapters
|
package adapters
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
|
||||||
"net"
|
"net"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type Socks5 struct {
|
type Socks5 struct {
|
||||||
|
@ -48,69 +44,44 @@ func (ss *Socks5) Dial(metadata *C.Metadata) (net.Conn, error) {
|
||||||
return nil, fmt.Errorf("%s connect error", ss.addr)
|
return nil, fmt.Errorf("%s connect error", ss.addr)
|
||||||
}
|
}
|
||||||
tcpKeepAlive(c)
|
tcpKeepAlive(c)
|
||||||
if err := ss.shakeHand(metadata, c); err != nil {
|
var user *socks5.User
|
||||||
|
if ss.user != "" {
|
||||||
|
user = &socks5.User{
|
||||||
|
Username: ss.user,
|
||||||
|
Password: ss.pass,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return c, nil
|
return c, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ss *Socks5) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
|
func (ss *Socks5) DialUDP(metadata *C.Metadata) (net.PacketConn, net.Addr, error) {
|
||||||
buf := make([]byte, socks.MaxAddrLen)
|
c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout)
|
||||||
var err error
|
|
||||||
|
|
||||||
// VER, NMETHODS, METHODS
|
if err == nil && ss.tls {
|
||||||
if len(ss.user) > 0 {
|
cc := tls.Client(c, ss.tlsConfig)
|
||||||
_, err = rw.Write([]byte{5, 1, 2})
|
err = cc.Handshake()
|
||||||
} else {
|
c = cc
|
||||||
_, err = rw.Write([]byte{5, 1, 0})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return nil, nil, fmt.Errorf("%s connect error", ss.addr)
|
||||||
|
}
|
||||||
|
tcpKeepAlive(c)
|
||||||
|
var user *socks5.User
|
||||||
|
if ss.user != "" {
|
||||||
|
user = &socks5.User{
|
||||||
|
Username: ss.user,
|
||||||
|
Password: ss.pass,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// VER, METHOD
|
if err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user); err != nil {
|
||||||
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
return nil, nil, err
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
|
return &fakeUDPConn{Conn: c}, c.LocalAddr(), nil
|
||||||
if buf[0] != 5 {
|
|
||||||
return errors.New("SOCKS version error")
|
|
||||||
}
|
|
||||||
|
|
||||||
if buf[1] == 2 {
|
|
||||||
// password protocol version
|
|
||||||
authMsg := &bytes.Buffer{}
|
|
||||||
authMsg.WriteByte(1)
|
|
||||||
authMsg.WriteByte(uint8(len(ss.user)))
|
|
||||||
authMsg.WriteString(ss.user)
|
|
||||||
authMsg.WriteByte(uint8(len(ss.pass)))
|
|
||||||
authMsg.WriteString(ss.pass)
|
|
||||||
|
|
||||||
if _, err := rw.Write(authMsg.Bytes()); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if buf[1] != 0 {
|
|
||||||
return errors.New("rejected username/password")
|
|
||||||
}
|
|
||||||
} else if buf[1] != 0 {
|
|
||||||
return errors.New("SOCKS need auth")
|
|
||||||
}
|
|
||||||
|
|
||||||
// VER, CMD, RSV, ADDR
|
|
||||||
if _, err := rw.Write(bytes.Join([][]byte{{5, 1, 0}, serializesSocksAddr(metadata)}, []byte(""))); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, err := io.ReadFull(rw, buf[:10]); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSocks5(option Socks5Option) *Socks5 {
|
func NewSocks5(option Socks5Option) *Socks5 {
|
||||||
|
|
|
@ -1,13 +1,16 @@
|
||||||
package adapters
|
package adapters
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strconv"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -60,3 +63,36 @@ func getClientSessionCache() tls.ClientSessionCache {
|
||||||
})
|
})
|
||||||
return globalClientSessionCache
|
return globalClientSessionCache
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func serializesSocksAddr(metadata *C.Metadata) []byte {
|
||||||
|
var buf [][]byte
|
||||||
|
aType := uint8(metadata.AddrType)
|
||||||
|
p, _ := strconv.Atoi(metadata.Port)
|
||||||
|
port := []byte{uint8(p >> 8), uint8(p & 0xff)}
|
||||||
|
switch metadata.AddrType {
|
||||||
|
case socks5.AtypDomainName:
|
||||||
|
len := uint8(len(metadata.Host))
|
||||||
|
host := []byte(metadata.Host)
|
||||||
|
buf = [][]byte{{aType, len}, host, port}
|
||||||
|
case socks5.AtypIPv4:
|
||||||
|
host := metadata.IP.To4()
|
||||||
|
buf = [][]byte{{aType}, host, port}
|
||||||
|
case socks5.AtypIPv6:
|
||||||
|
host := metadata.IP.To16()
|
||||||
|
buf = [][]byte{{aType}, host, port}
|
||||||
|
}
|
||||||
|
return bytes.Join(buf, nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
type fakeUDPConn struct {
|
||||||
|
net.Conn
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fuc *fakeUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) {
|
||||||
|
return fuc.Conn.Write(b)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (fuc *fakeUDPConn) ReadFrom(b []byte) (int, net.Addr, error) {
|
||||||
|
n, err := fuc.Conn.Read(b)
|
||||||
|
return n, fuc.RemoteAddr(), err
|
||||||
|
}
|
||||||
|
|
246
component/socks5/socks5.go
Normal file
246
component/socks5/socks5.go
Normal file
|
@ -0,0 +1,246 @@
|
||||||
|
package socks5
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"errors"
|
||||||
|
"io"
|
||||||
|
"net"
|
||||||
|
"strconv"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Error represents a SOCKS error
|
||||||
|
type Error byte
|
||||||
|
|
||||||
|
func (err Error) Error() string {
|
||||||
|
return "SOCKS error: " + strconv.Itoa(int(err))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Command is request commands as defined in RFC 1928 section 4.
|
||||||
|
type Command = uint8
|
||||||
|
|
||||||
|
// SOCKS request commands as defined in RFC 1928 section 4.
|
||||||
|
const (
|
||||||
|
CmdConnect Command = 1
|
||||||
|
CmdBind Command = 2
|
||||||
|
CmdUDPAssociate Command = 3
|
||||||
|
)
|
||||||
|
|
||||||
|
// SOCKS address types as defined in RFC 1928 section 5.
|
||||||
|
const (
|
||||||
|
AtypIPv4 = 1
|
||||||
|
AtypDomainName = 3
|
||||||
|
AtypIPv6 = 4
|
||||||
|
)
|
||||||
|
|
||||||
|
// MaxAddrLen is the maximum size of SOCKS address in bytes.
|
||||||
|
const MaxAddrLen = 1 + 1 + 255 + 2
|
||||||
|
|
||||||
|
// Addr represents a SOCKS address as defined in RFC 1928 section 5.
|
||||||
|
type Addr = []byte
|
||||||
|
|
||||||
|
// SOCKS errors as defined in RFC 1928 section 6.
|
||||||
|
const (
|
||||||
|
ErrGeneralFailure = Error(1)
|
||||||
|
ErrConnectionNotAllowed = Error(2)
|
||||||
|
ErrNetworkUnreachable = Error(3)
|
||||||
|
ErrHostUnreachable = Error(4)
|
||||||
|
ErrConnectionRefused = Error(5)
|
||||||
|
ErrTTLExpired = Error(6)
|
||||||
|
ErrCommandNotSupported = Error(7)
|
||||||
|
ErrAddressNotSupported = Error(8)
|
||||||
|
)
|
||||||
|
|
||||||
|
type User struct {
|
||||||
|
Username string
|
||||||
|
Password string
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServerHandshake fast-tracks SOCKS initialization to get target address to connect on server side.
|
||||||
|
func ServerHandshake(rw io.ReadWriter) (addr Addr, command Command, err error) {
|
||||||
|
// Read RFC 1928 for request and reply structure and sizes.
|
||||||
|
buf := make([]byte, MaxAddrLen)
|
||||||
|
// read VER, NMETHODS, METHODS
|
||||||
|
if _, err = io.ReadFull(rw, buf[:2]); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
nmethods := buf[1]
|
||||||
|
if _, err = io.ReadFull(rw, buf[:nmethods]); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// write VER METHOD
|
||||||
|
if _, err = rw.Write([]byte{5, 0}); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// read VER CMD RSV ATYP DST.ADDR DST.PORT
|
||||||
|
if _, err = io.ReadFull(rw, buf[:3]); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if buf[1] != CmdConnect && buf[1] != CmdUDPAssociate {
|
||||||
|
err = ErrCommandNotSupported
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
command = buf[1]
|
||||||
|
addr, err = readAddr(rw, buf)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// write VER REP RSV ATYP BND.ADDR BND.PORT
|
||||||
|
_, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// ClientHandshake fast-tracks SOCKS initialization to get target address to connect on client side.
|
||||||
|
func ClientHandshake(rw io.ReadWriter, addr Addr, cammand Command, user *User) error {
|
||||||
|
buf := make([]byte, MaxAddrLen)
|
||||||
|
var err error
|
||||||
|
|
||||||
|
// VER, NMETHODS, METHODS
|
||||||
|
if user != nil {
|
||||||
|
_, err = rw.Write([]byte{5, 1, 2})
|
||||||
|
} else {
|
||||||
|
_, err = rw.Write([]byte{5, 1, 0})
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// VER, METHOD
|
||||||
|
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if buf[0] != 5 {
|
||||||
|
return errors.New("SOCKS version error")
|
||||||
|
}
|
||||||
|
|
||||||
|
if buf[1] == 2 {
|
||||||
|
// password protocol version
|
||||||
|
authMsg := &bytes.Buffer{}
|
||||||
|
authMsg.WriteByte(1)
|
||||||
|
authMsg.WriteByte(uint8(len(user.Username)))
|
||||||
|
authMsg.WriteString(user.Username)
|
||||||
|
authMsg.WriteByte(uint8(len(user.Password)))
|
||||||
|
authMsg.WriteString(user.Password)
|
||||||
|
|
||||||
|
if _, err := rw.Write(authMsg.Bytes()); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if buf[1] != 0 {
|
||||||
|
return errors.New("rejected username/password")
|
||||||
|
}
|
||||||
|
} else if buf[1] != 0 {
|
||||||
|
return errors.New("SOCKS need auth")
|
||||||
|
}
|
||||||
|
|
||||||
|
// VER, CMD, RSV, ADDR
|
||||||
|
if _, err := rw.Write(bytes.Join([][]byte{{5, cammand, 0}, addr}, []byte(""))); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := io.ReadFull(rw, buf[:10]); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func readAddr(r io.Reader, b []byte) (Addr, error) {
|
||||||
|
if len(b) < MaxAddrLen {
|
||||||
|
return nil, io.ErrShortBuffer
|
||||||
|
}
|
||||||
|
_, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
switch b[0] {
|
||||||
|
case AtypDomainName:
|
||||||
|
_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
_, err = io.ReadFull(r, b[2:2+b[1]+2])
|
||||||
|
return b[:1+1+b[1]+2], err
|
||||||
|
case AtypIPv4:
|
||||||
|
_, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
|
||||||
|
return b[:1+net.IPv4len+2], err
|
||||||
|
case AtypIPv6:
|
||||||
|
_, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
|
||||||
|
return b[:1+net.IPv6len+2], err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil, ErrAddressNotSupported
|
||||||
|
}
|
||||||
|
|
||||||
|
// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
|
||||||
|
func SplitAddr(b []byte) Addr {
|
||||||
|
addrLen := 1
|
||||||
|
if len(b) < addrLen {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
switch b[0] {
|
||||||
|
case AtypDomainName:
|
||||||
|
if len(b) < 2 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
addrLen = 1 + 1 + int(b[1]) + 2
|
||||||
|
case AtypIPv4:
|
||||||
|
addrLen = 1 + net.IPv4len + 2
|
||||||
|
case AtypIPv6:
|
||||||
|
addrLen = 1 + net.IPv6len + 2
|
||||||
|
default:
|
||||||
|
return nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(b) < addrLen {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return b[:addrLen]
|
||||||
|
}
|
||||||
|
|
||||||
|
// ParseAddr parses the address in string s. Returns nil if failed.
|
||||||
|
func ParseAddr(s string) Addr {
|
||||||
|
var addr Addr
|
||||||
|
host, port, err := net.SplitHostPort(s)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if ip := net.ParseIP(host); ip != nil {
|
||||||
|
if ip4 := ip.To4(); ip4 != nil {
|
||||||
|
addr = make([]byte, 1+net.IPv4len+2)
|
||||||
|
addr[0] = AtypIPv4
|
||||||
|
copy(addr[1:], ip4)
|
||||||
|
} else {
|
||||||
|
addr = make([]byte, 1+net.IPv6len+2)
|
||||||
|
addr[0] = AtypIPv6
|
||||||
|
copy(addr[1:], ip)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if len(host) > 255 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
addr = make([]byte, 1+1+len(host)+2)
|
||||||
|
addr[0] = AtypDomainName
|
||||||
|
addr[1] = byte(len(host))
|
||||||
|
copy(addr[2:], host)
|
||||||
|
}
|
||||||
|
|
||||||
|
portnum, err := strconv.ParseUint(port, 10, 16)
|
||||||
|
if err != nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
|
||||||
|
|
||||||
|
return addr
|
||||||
|
}
|
|
@ -5,10 +5,10 @@ import (
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
)
|
)
|
||||||
|
|
||||||
func parserPacket(c net.Conn) (socks.Addr, error) {
|
func parserPacket(c net.Conn) (socks5.Addr, error) {
|
||||||
const (
|
const (
|
||||||
PfInout = 0
|
PfInout = 0
|
||||||
PfIn = 1
|
PfIn = 1
|
||||||
|
@ -51,7 +51,7 @@ func parserPacket(c net.Conn) (socks.Addr, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := make([]byte, 1+net.IPv4len+2)
|
addr := make([]byte, 1+net.IPv4len+2)
|
||||||
addr[0] = socks.AtypIPv4
|
addr[0] = socks5.AtypIPv4
|
||||||
copy(addr[1:1+net.IPv4len], nl.rdaddr[:4])
|
copy(addr[1:1+net.IPv4len], nl.rdaddr[:4])
|
||||||
copy(addr[1+net.IPv4len:], nl.rdxport[:2])
|
copy(addr[1+net.IPv4len:], nl.rdxport[:2])
|
||||||
return addr, nil
|
return addr, nil
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -14,7 +14,7 @@ const (
|
||||||
IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
|
IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
|
||||||
)
|
)
|
||||||
|
|
||||||
func parserPacket(conn net.Conn) (socks.Addr, error) {
|
func parserPacket(conn net.Conn) (socks5.Addr, error) {
|
||||||
c, ok := conn.(*net.TCPConn)
|
c, ok := conn.(*net.TCPConn)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, errors.New("only work with TCP connection")
|
return nil, errors.New("only work with TCP connection")
|
||||||
|
@ -25,7 +25,7 @@ func parserPacket(conn net.Conn) (socks.Addr, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var addr socks.Addr
|
var addr socks5.Addr
|
||||||
|
|
||||||
rc.Control(func(fd uintptr) {
|
rc.Control(func(fd uintptr) {
|
||||||
addr, err = getorigdst(fd)
|
addr, err = getorigdst(fd)
|
||||||
|
@ -35,7 +35,7 @@ func parserPacket(conn net.Conn) (socks.Addr, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
|
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
|
||||||
func getorigdst(fd uintptr) (socks.Addr, error) {
|
func getorigdst(fd uintptr) (socks5.Addr, error) {
|
||||||
raw := syscall.RawSockaddrInet4{}
|
raw := syscall.RawSockaddrInet4{}
|
||||||
siz := unsafe.Sizeof(raw)
|
siz := unsafe.Sizeof(raw)
|
||||||
_, _, err := syscall.Syscall6(syscall.SYS_GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0)
|
_, _, err := syscall.Syscall6(syscall.SYS_GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0)
|
||||||
|
@ -44,7 +44,7 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := make([]byte, 1+net.IPv4len+2)
|
addr := make([]byte, 1+net.IPv4len+2)
|
||||||
addr[0] = socks.AtypIPv4
|
addr[0] = socks5.AtypIPv4
|
||||||
copy(addr[1:1+net.IPv4len], raw.Addr[:])
|
copy(addr[1:1+net.IPv4len], raw.Addr[:])
|
||||||
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
|
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
|
||||||
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
|
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -14,7 +14,7 @@ const (
|
||||||
IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
|
IP6T_SO_ORIGINAL_DST = 80 // from linux/include/uapi/linux/netfilter_ipv6/ip6_tables.h
|
||||||
)
|
)
|
||||||
|
|
||||||
func parserPacket(conn net.Conn) (socks.Addr, error) {
|
func parserPacket(conn net.Conn) (socks5.Addr, error) {
|
||||||
c, ok := conn.(*net.TCPConn)
|
c, ok := conn.(*net.TCPConn)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, errors.New("only work with TCP connection")
|
return nil, errors.New("only work with TCP connection")
|
||||||
|
@ -25,7 +25,7 @@ func parserPacket(conn net.Conn) (socks.Addr, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var addr socks.Addr
|
var addr socks5.Addr
|
||||||
|
|
||||||
rc.Control(func(fd uintptr) {
|
rc.Control(func(fd uintptr) {
|
||||||
addr, err = getorigdst(fd)
|
addr, err = getorigdst(fd)
|
||||||
|
@ -35,7 +35,7 @@ func parserPacket(conn net.Conn) (socks.Addr, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
|
// Call getorigdst() from linux/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
|
||||||
func getorigdst(fd uintptr) (socks.Addr, error) {
|
func getorigdst(fd uintptr) (socks5.Addr, error) {
|
||||||
raw := syscall.RawSockaddrInet4{}
|
raw := syscall.RawSockaddrInet4{}
|
||||||
siz := unsafe.Sizeof(raw)
|
siz := unsafe.Sizeof(raw)
|
||||||
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
|
if err := socketcall(GETSOCKOPT, fd, syscall.IPPROTO_IP, SO_ORIGINAL_DST, uintptr(unsafe.Pointer(&raw)), uintptr(unsafe.Pointer(&siz)), 0); err != nil {
|
||||||
|
@ -43,7 +43,7 @@ func getorigdst(fd uintptr) (socks.Addr, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
addr := make([]byte, 1+net.IPv4len+2)
|
addr := make([]byte, 1+net.IPv4len+2)
|
||||||
addr[0] = socks.AtypIPv4
|
addr[0] = socks5.AtypIPv4
|
||||||
copy(addr[1:1+net.IPv4len], raw.Addr[:])
|
copy(addr[1:1+net.IPv4len], raw.Addr[:])
|
||||||
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
|
port := (*[2]byte)(unsafe.Pointer(&raw.Port)) // big-endian
|
||||||
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
|
addr[1+net.IPv4len], addr[1+net.IPv4len+1] = port[0], port[1]
|
||||||
|
|
|
@ -4,9 +4,9 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
)
|
)
|
||||||
|
|
||||||
func parserPacket(conn net.Conn) (socks.Addr, error) {
|
func parserPacket(conn net.Conn) (socks5.Addr, error) {
|
||||||
return nil, errors.New("Windows not support yet")
|
return nil, errors.New("Windows not support yet")
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,57 +1,19 @@
|
||||||
package socks
|
package socks
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"io"
|
|
||||||
"net"
|
"net"
|
||||||
"strconv"
|
|
||||||
|
|
||||||
adapters "github.com/Dreamacro/clash/adapters/inbound"
|
adapters "github.com/Dreamacro/clash/adapters/inbound"
|
||||||
|
"github.com/Dreamacro/clash/component/socks5"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"github.com/Dreamacro/clash/log"
|
"github.com/Dreamacro/clash/log"
|
||||||
"github.com/Dreamacro/clash/tunnel"
|
"github.com/Dreamacro/clash/tunnel"
|
||||||
|
|
||||||
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
tun = tunnel.Instance()
|
tun = tunnel.Instance()
|
||||||
)
|
)
|
||||||
|
|
||||||
// Error represents a SOCKS error
|
|
||||||
type Error byte
|
|
||||||
|
|
||||||
func (err Error) Error() string {
|
|
||||||
return "SOCKS error: " + strconv.Itoa(int(err))
|
|
||||||
}
|
|
||||||
|
|
||||||
// SOCKS request commands as defined in RFC 1928 section 4.
|
|
||||||
const (
|
|
||||||
CmdConnect = 1
|
|
||||||
CmdBind = 2
|
|
||||||
CmdUDPAssociate = 3
|
|
||||||
)
|
|
||||||
|
|
||||||
// SOCKS address types as defined in RFC 1928 section 5.
|
|
||||||
const (
|
|
||||||
AtypIPv4 = 1
|
|
||||||
AtypDomainName = 3
|
|
||||||
AtypIPv6 = 4
|
|
||||||
)
|
|
||||||
|
|
||||||
const MaxAddrLen = 1 + 1 + 255 + 2
|
|
||||||
|
|
||||||
// SOCKS errors as defined in RFC 1928 section 6.
|
|
||||||
const (
|
|
||||||
ErrGeneralFailure = Error(1)
|
|
||||||
ErrConnectionNotAllowed = Error(2)
|
|
||||||
ErrNetworkUnreachable = Error(3)
|
|
||||||
ErrHostUnreachable = Error(4)
|
|
||||||
ErrConnectionRefused = Error(5)
|
|
||||||
ErrTTLExpired = Error(6)
|
|
||||||
ErrCommandNotSupported = Error(7)
|
|
||||||
ErrAddressNotSupported = Error(8)
|
|
||||||
)
|
|
||||||
|
|
||||||
type SockListener struct {
|
type SockListener struct {
|
||||||
net.Listener
|
net.Listener
|
||||||
address string
|
address string
|
||||||
|
@ -92,78 +54,15 @@ func (l *SockListener) Address() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func handleSocks(conn net.Conn) {
|
func handleSocks(conn net.Conn) {
|
||||||
target, command, err := handshake(conn)
|
target, command, err := socks5.ServerHandshake(conn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
conn.Close()
|
conn.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
conn.(*net.TCPConn).SetKeepAlive(true)
|
conn.(*net.TCPConn).SetKeepAlive(true)
|
||||||
if command == CmdUDPAssociate {
|
if command == socks5.CmdUDPAssociate {
|
||||||
tun.Add(adapters.NewSocket(target, conn, C.SOCKS, C.UDP))
|
tun.Add(adapters.NewSocket(target, conn, C.SOCKS, C.UDP))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
tun.Add(adapters.NewSocket(target, conn, C.SOCKS, C.TCP))
|
tun.Add(adapters.NewSocket(target, conn, C.SOCKS, C.TCP))
|
||||||
}
|
}
|
||||||
|
|
||||||
// handshake fast-tracks SOCKS initialization to get target address to connect.
|
|
||||||
func handshake(rw io.ReadWriter) (addr socks.Addr, command int, err error) {
|
|
||||||
// Read RFC 1928 for request and reply structure and sizes.
|
|
||||||
buf := make([]byte, MaxAddrLen)
|
|
||||||
// read VER, NMETHODS, METHODS
|
|
||||||
if _, err = io.ReadFull(rw, buf[:2]); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
nmethods := buf[1]
|
|
||||||
if _, err = io.ReadFull(rw, buf[:nmethods]); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// write VER METHOD
|
|
||||||
if _, err = rw.Write([]byte{5, 0}); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// read VER CMD RSV ATYP DST.ADDR DST.PORT
|
|
||||||
if _, err = io.ReadFull(rw, buf[:3]); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if buf[1] != CmdConnect && buf[1] != CmdUDPAssociate {
|
|
||||||
err = ErrCommandNotSupported
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
command = int(buf[1])
|
|
||||||
addr, err = readAddr(rw, buf)
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// write VER REP RSV ATYP BND.ADDR BND.PORT
|
|
||||||
_, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
func readAddr(r io.Reader, b []byte) (socks.Addr, error) {
|
|
||||||
if len(b) < MaxAddrLen {
|
|
||||||
return nil, io.ErrShortBuffer
|
|
||||||
}
|
|
||||||
_, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
switch b[0] {
|
|
||||||
case AtypDomainName:
|
|
||||||
_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
_, err = io.ReadFull(r, b[2:2+b[1]+2])
|
|
||||||
return b[:1+1+b[1]+2], err
|
|
||||||
case AtypIPv4:
|
|
||||||
_, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
|
|
||||||
return b[:1+net.IPv4len+2], err
|
|
||||||
case AtypIPv6:
|
|
||||||
_, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
|
|
||||||
return b[:1+net.IPv6len+2], err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil, ErrAddressNotSupported
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue