mirror of
https://github.com/nadoo/glider.git
synced 2025-02-23 17:35:40 +08:00
451 lines
11 KiB
Go
451 lines
11 KiB
Go
// socks5 client:
|
|
// https://github.com/golang/net/tree/master/proxy
|
|
// Copyright 2011 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// socks5 server:
|
|
// https://github.com/shadowsocks/go-shadowsocks2/tree/master/socks
|
|
|
|
package main
|
|
|
|
import (
|
|
"errors"
|
|
"io"
|
|
"net"
|
|
"strconv"
|
|
)
|
|
|
|
const socks5Version = 5
|
|
|
|
const (
|
|
socks5AuthNone = 0
|
|
socks5AuthPassword = 2
|
|
)
|
|
|
|
// SOCKS request commands as defined in RFC 1928 section 4.
|
|
const (
|
|
socks5Connect = 1
|
|
socks5Bind = 2
|
|
socks5UDPAssociate = 3
|
|
)
|
|
|
|
// SOCKS address types as defined in RFC 1928 section 5.
|
|
const (
|
|
socks5IP4 = 1
|
|
socks5Domain = 3
|
|
socks5IP6 = 4
|
|
)
|
|
|
|
// MaxAddrLen is the maximum size of SOCKS address in bytes.
|
|
const MaxAddrLen = 1 + 1 + 255 + 2
|
|
|
|
// Addr represents a SOCKS address as defined in RFC 1928 section 5.
|
|
type Addr []byte
|
|
|
|
var socks5Errors = []string{
|
|
"",
|
|
"general failure",
|
|
"connection forbidden",
|
|
"network unreachable",
|
|
"host unreachable",
|
|
"connection refused",
|
|
"TTL expired",
|
|
"command not supported",
|
|
"address type not supported",
|
|
}
|
|
|
|
// SOCKS5 struct
|
|
type SOCKS5 struct {
|
|
*Forwarder
|
|
sDialer Dialer
|
|
|
|
user string
|
|
password string
|
|
}
|
|
|
|
// NewSOCKS5 returns a Proxy that makes SOCKSv5 connections to the given address
|
|
// with an optional username and password. See RFC 1928.
|
|
func NewSOCKS5(addr, user, pass string, cDialer Dialer, sDialer Dialer) (*SOCKS5, error) {
|
|
s := &SOCKS5{
|
|
Forwarder: NewForwarder(addr, cDialer),
|
|
sDialer: sDialer,
|
|
user: user,
|
|
password: pass,
|
|
}
|
|
|
|
return s, nil
|
|
}
|
|
|
|
// ListenAndServe .
|
|
func (s *SOCKS5) ListenAndServe() {
|
|
l, err := net.Listen("tcp", s.addr)
|
|
if err != nil {
|
|
logf("proxy-socks5 failed to listen on %s: %v", s.addr, err)
|
|
return
|
|
}
|
|
|
|
logf("proxy-socks5 listening TCP on %s", s.addr)
|
|
|
|
for {
|
|
c, err := l.Accept()
|
|
if err != nil {
|
|
logf("proxy-socks5 failed to accept: %v", err)
|
|
continue
|
|
}
|
|
|
|
go s.Serve(c)
|
|
}
|
|
}
|
|
|
|
// Serve .
|
|
func (s *SOCKS5) Serve(c net.Conn) {
|
|
defer c.Close()
|
|
|
|
if c, ok := c.(*net.TCPConn); ok {
|
|
c.SetKeepAlive(true)
|
|
}
|
|
|
|
tgt, err := s.handshake(c)
|
|
if err != nil {
|
|
logf("proxy-socks5 failed to get target address: %v", err)
|
|
return
|
|
}
|
|
|
|
rc, err := s.sDialer.Dial("tcp", tgt.String())
|
|
if err != nil {
|
|
logf("proxy-socks5 failed to connect to target: %v", err)
|
|
return
|
|
}
|
|
defer rc.Close()
|
|
|
|
logf("proxy-socks5 %s <-> %s", c.RemoteAddr(), tgt)
|
|
|
|
_, _, err = relay(c, rc)
|
|
if err != nil {
|
|
if err, ok := err.(net.Error); ok && err.Timeout() {
|
|
return // ignore i/o timeout
|
|
}
|
|
logf("relay error: %v", err)
|
|
}
|
|
}
|
|
|
|
// Dial connects to the address addr on the network net via the SOCKS5 proxy.
|
|
func (s *SOCKS5) Dial(network, addr string) (net.Conn, error) {
|
|
switch network {
|
|
case "tcp", "tcp6", "tcp4":
|
|
default:
|
|
return nil, errors.New("proxy-socks5: no support for connection type " + network)
|
|
}
|
|
|
|
c, err := s.cDialer.Dial(network, s.addr)
|
|
if err != nil {
|
|
logf("dial to %s error: %s", s.addr, err)
|
|
return nil, err
|
|
}
|
|
|
|
if c, ok := c.(*net.TCPConn); ok {
|
|
c.SetKeepAlive(true)
|
|
}
|
|
|
|
if err := s.connect(c, addr); err != nil {
|
|
c.Close()
|
|
return nil, err
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
// connect takes an existing connection to a socks5 proxy server,
|
|
// and commands the server to extend that connection to target,
|
|
// which must be a canonical address with a host and port.
|
|
func (s *SOCKS5) connect(conn net.Conn, target string) error {
|
|
host, portStr, err := net.SplitHostPort(target)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
port, err := strconv.Atoi(portStr)
|
|
if err != nil {
|
|
return errors.New("proxy: failed to parse port number: " + portStr)
|
|
}
|
|
if port < 1 || port > 0xffff {
|
|
return errors.New("proxy: port number out of range: " + portStr)
|
|
}
|
|
|
|
// the size here is just an estimate
|
|
buf := make([]byte, 0, 6+len(host))
|
|
|
|
buf = append(buf, socks5Version)
|
|
if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
|
|
buf = append(buf, 2 /* num auth methods */, socks5AuthNone, socks5AuthPassword)
|
|
} else {
|
|
buf = append(buf, 1 /* num auth methods */, socks5AuthNone)
|
|
}
|
|
|
|
if _, err := conn.Write(buf); err != nil {
|
|
return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
|
return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
if buf[0] != 5 {
|
|
return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
|
|
}
|
|
if buf[1] == 0xff {
|
|
return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
|
|
}
|
|
|
|
if buf[1] == socks5AuthPassword {
|
|
buf = buf[:0]
|
|
buf = append(buf, 1 /* password protocol version */)
|
|
buf = append(buf, uint8(len(s.user)))
|
|
buf = append(buf, s.user...)
|
|
buf = append(buf, uint8(len(s.password)))
|
|
buf = append(buf, s.password...)
|
|
|
|
if _, err := conn.Write(buf); err != nil {
|
|
return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
|
return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
if buf[1] != 0 {
|
|
return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
|
|
}
|
|
}
|
|
|
|
buf = buf[:0]
|
|
buf = append(buf, socks5Version, socks5Connect, 0 /* reserved */)
|
|
|
|
if ip := net.ParseIP(host); ip != nil {
|
|
if ip4 := ip.To4(); ip4 != nil {
|
|
buf = append(buf, socks5IP4)
|
|
ip = ip4
|
|
} else {
|
|
buf = append(buf, socks5IP6)
|
|
}
|
|
buf = append(buf, ip...)
|
|
} else {
|
|
if len(host) > 255 {
|
|
return errors.New("proxy: destination hostname too long: " + host)
|
|
}
|
|
buf = append(buf, socks5Domain)
|
|
buf = append(buf, byte(len(host)))
|
|
buf = append(buf, host...)
|
|
}
|
|
buf = append(buf, byte(port>>8), byte(port))
|
|
|
|
if _, err := conn.Write(buf); err != nil {
|
|
return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
if _, err := io.ReadFull(conn, buf[:4]); err != nil {
|
|
return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
failure := "unknown error"
|
|
if int(buf[1]) < len(socks5Errors) {
|
|
failure = socks5Errors[buf[1]]
|
|
}
|
|
|
|
if len(failure) > 0 {
|
|
return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
|
|
}
|
|
|
|
bytesToDiscard := 0
|
|
switch buf[3] {
|
|
case socks5IP4:
|
|
bytesToDiscard = net.IPv4len
|
|
case socks5IP6:
|
|
bytesToDiscard = net.IPv6len
|
|
case socks5Domain:
|
|
_, err := io.ReadFull(conn, buf[:1])
|
|
if err != nil {
|
|
return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
bytesToDiscard = int(buf[0])
|
|
default:
|
|
return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
|
|
}
|
|
|
|
if cap(buf) < bytesToDiscard {
|
|
buf = make([]byte, bytesToDiscard)
|
|
} else {
|
|
buf = buf[:bytesToDiscard]
|
|
}
|
|
if _, err := io.ReadFull(conn, buf); err != nil {
|
|
return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
// Also need to discard the port number
|
|
if _, err := io.ReadFull(conn, buf[:2]); err != nil {
|
|
return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Handshake fast-tracks SOCKS initialization to get target address to connect.
|
|
func (s *SOCKS5) handshake(rw io.ReadWriter) (Addr, error) {
|
|
// Read RFC 1928 for request and reply structure and sizes.
|
|
buf := make([]byte, MaxAddrLen)
|
|
// read VER, NMETHODS, METHODS
|
|
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
|
return nil, err
|
|
}
|
|
nmethods := buf[1]
|
|
if _, err := io.ReadFull(rw, buf[:nmethods]); err != nil {
|
|
return nil, err
|
|
}
|
|
// write VER METHOD
|
|
if _, err := rw.Write([]byte{5, 0}); err != nil {
|
|
return nil, err
|
|
}
|
|
// read VER CMD RSV ATYP DST.ADDR DST.PORT
|
|
if _, err := io.ReadFull(rw, buf[:3]); err != nil {
|
|
return nil, err
|
|
}
|
|
if buf[1] != socks5Connect {
|
|
return nil, errors.New(socks5Errors[7])
|
|
}
|
|
addr, err := readAddr(rw, buf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// write VER REP RSV ATYP BND.ADDR BND.PORT
|
|
_, err = rw.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
|
|
return addr, err
|
|
}
|
|
|
|
// String serializes SOCKS address a to string form.
|
|
func (a Addr) String() string {
|
|
var host, port string
|
|
|
|
switch ATYP(a[0]) { // address type
|
|
case socks5Domain:
|
|
host = string(a[2 : 2+int(a[1])])
|
|
port = strconv.Itoa((int(a[2+int(a[1])]) << 8) | int(a[2+int(a[1])+1]))
|
|
case socks5IP4:
|
|
host = net.IP(a[1 : 1+net.IPv4len]).String()
|
|
port = strconv.Itoa((int(a[1+net.IPv4len]) << 8) | int(a[1+net.IPv4len+1]))
|
|
case socks5IP6:
|
|
host = net.IP(a[1 : 1+net.IPv6len]).String()
|
|
port = strconv.Itoa((int(a[1+net.IPv6len]) << 8) | int(a[1+net.IPv6len+1]))
|
|
}
|
|
|
|
return net.JoinHostPort(host, port)
|
|
}
|
|
|
|
// UoT udp over tcp
|
|
func UoT(b byte) bool {
|
|
return b&0x8 == 0x8
|
|
}
|
|
|
|
// ATYP return the address type
|
|
func ATYP(b byte) int {
|
|
return int(b &^ 0x8)
|
|
}
|
|
|
|
func readAddr(r io.Reader, b []byte) (Addr, error) {
|
|
if len(b) < MaxAddrLen {
|
|
return nil, io.ErrShortBuffer
|
|
}
|
|
_, err := io.ReadFull(r, b[:1]) // read 1st byte for address type
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch ATYP(b[0]) {
|
|
case socks5Domain:
|
|
_, err = io.ReadFull(r, b[1:2]) // read 2nd byte for domain length
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
_, err = io.ReadFull(r, b[2:2+int(b[1])+2])
|
|
return b[:1+1+int(b[1])+2], err
|
|
case socks5IP4:
|
|
_, err = io.ReadFull(r, b[1:1+net.IPv4len+2])
|
|
return b[:1+net.IPv4len+2], err
|
|
case socks5IP6:
|
|
_, err = io.ReadFull(r, b[1:1+net.IPv6len+2])
|
|
return b[:1+net.IPv6len+2], err
|
|
}
|
|
|
|
return nil, errors.New(socks5Errors[8])
|
|
}
|
|
|
|
// ReadAddr reads just enough bytes from r to get a valid Addr.
|
|
func ReadAddr(r io.Reader) (Addr, error) {
|
|
return readAddr(r, make([]byte, MaxAddrLen))
|
|
}
|
|
|
|
// SplitAddr slices a SOCKS address from beginning of b. Returns nil if failed.
|
|
func SplitAddr(b []byte) Addr {
|
|
addrLen := 1
|
|
if len(b) < addrLen {
|
|
return nil
|
|
}
|
|
|
|
switch ATYP(b[0]) {
|
|
case socks5Domain:
|
|
if len(b) < 2 {
|
|
return nil
|
|
}
|
|
addrLen = 1 + 1 + int(b[1]) + 2
|
|
case socks5IP4:
|
|
addrLen = 1 + net.IPv4len + 2
|
|
case socks5IP6:
|
|
addrLen = 1 + net.IPv6len + 2
|
|
default:
|
|
return nil
|
|
|
|
}
|
|
|
|
if len(b) < addrLen {
|
|
return nil
|
|
}
|
|
|
|
return b[:addrLen]
|
|
}
|
|
|
|
// ParseAddr parses the address in string s. Returns nil if failed.
|
|
func ParseAddr(s string) Addr {
|
|
var addr Addr
|
|
host, port, err := net.SplitHostPort(s)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
if ip := net.ParseIP(host); ip != nil {
|
|
if ip4 := ip.To4(); ip4 != nil {
|
|
addr = make([]byte, 1+net.IPv4len+2)
|
|
addr[0] = socks5IP4
|
|
copy(addr[1:], ip4)
|
|
} else {
|
|
addr = make([]byte, 1+net.IPv6len+2)
|
|
addr[0] = socks5IP6
|
|
copy(addr[1:], ip)
|
|
}
|
|
} else {
|
|
if len(host) > 255 {
|
|
return nil
|
|
}
|
|
addr = make([]byte, 1+1+len(host)+2)
|
|
addr[0] = socks5Domain
|
|
addr[1] = byte(len(host))
|
|
copy(addr[2:], host)
|
|
}
|
|
|
|
portnum, err := strconv.ParseUint(port, 10, 16)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
addr[len(addr)-2], addr[len(addr)-1] = byte(portnum>>8), byte(portnum)
|
|
|
|
return addr
|
|
}
|