From 836b9b6a5474e58197666047c0287e661f738cc9 Mon Sep 17 00:00:00 2001 From: Toby Date: Fri, 25 Feb 2022 18:18:41 -0800 Subject: [PATCH 1/4] chore: bump txthinking/socks5 version --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 45371d7..7c796f9 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.3.0 github.com/spf13/viper v1.10.1 - github.com/txthinking/socks5 v0.0.0-20210326104807-61b5745ff346 + github.com/txthinking/socks5 v0.0.0-20220212043548-414499347d4a github.com/yosuke-furukawa/json5 v0.1.1 ) @@ -56,7 +56,7 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.2.0 // indirect - github.com/txthinking/runnergroup v0.0.0-20210326110939-37fc67d0da7c // indirect + github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect github.com/txthinking/x v0.0.0-20210326105829-476fab902fbe // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect diff --git a/go.sum b/go.sum index 311a20c..67ddacf 100644 --- a/go.sum +++ b/go.sum @@ -505,10 +505,10 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb github.com/tobyxdd/quic-go v0.25.1-0.20220224051149-310bd1bfaf1f h1:phddE/foYEnuZOgKfmfYVcnXBvV5cjhGrqBtSETqvQ0= github.com/tobyxdd/quic-go v0.25.1-0.20220224051149-310bd1bfaf1f/go.mod h1:YtzP8bxRVCBlO77yRanE264+fY/T2U9ZlW1AaHOsMOg= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/txthinking/runnergroup v0.0.0-20210326110939-37fc67d0da7c h1:6WIrmZPMl2Q61vozy5MfJNfD6CAgivGFgqvXsrho8GM= -github.com/txthinking/runnergroup v0.0.0-20210326110939-37fc67d0da7c/go.mod h1:CLUSJbazqETbaR+i0YAhXBICV9TrKH93pziccMhmhpM= -github.com/txthinking/socks5 v0.0.0-20210326104807-61b5745ff346 h1:czf2yvkvrQA9CfHK3S0UaE+Sh8jYIgCWlSzYLJjMHJQ= -github.com/txthinking/socks5 v0.0.0-20210326104807-61b5745ff346/go.mod h1:d3n8NJ6QMRb6I/WAlp4z5ZPAoaeqDmX5NgVZA0mhe+I= +github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0= +github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf/go.mod h1:CLUSJbazqETbaR+i0YAhXBICV9TrKH93pziccMhmhpM= +github.com/txthinking/socks5 v0.0.0-20220212043548-414499347d4a h1:BOqgJ4jku0LHPDoR51RD8Mxmo0LHxCzJT/M9MemYdHo= +github.com/txthinking/socks5 v0.0.0-20220212043548-414499347d4a/go.mod h1:7NloQcrxaZYKURWph5HLxVDlIwMHJXCPkeWPtpftsIg= github.com/txthinking/x v0.0.0-20210326105829-476fab902fbe h1:gMWxZxBFRAXqoGkwkYlPX2zvyyKNWJpxOxCrjqJkm5A= github.com/txthinking/x v0.0.0-20210326105829-476fab902fbe/go.mod h1:WgqbSEmUYSjEV3B1qmee/PpP2NYEz4bL9/+mF1ma+s4= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= From 6b880ba22d1850b0b572cb93aca786884e5c4d08 Mon Sep 17 00:00:00 2001 From: Toby Date: Sat, 26 Feb 2022 13:05:52 -0800 Subject: [PATCH 2/4] feat wip: SOCKS5 client DialTCP --- pkg/socks5/client.go | 118 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 pkg/socks5/client.go diff --git a/pkg/socks5/client.go b/pkg/socks5/client.go new file mode 100644 index 0000000..e8ea466 --- /dev/null +++ b/pkg/socks5/client.go @@ -0,0 +1,118 @@ +package socks5 + +import ( + "encoding/binary" + "errors" + "fmt" + "github.com/txthinking/socks5" + "net" + "time" +) + +type Client struct { + ServerTCPAddr *net.TCPAddr + Username string + Password string + NegTimeout time.Duration +} + +func NewClient(serverAddr string, username string, password string, negTimeout time.Duration) (*Client, error) { + tcpAddr, err := net.ResolveTCPAddr("tcp", serverAddr) + if err != nil { + return nil, err + } + return &Client{ + ServerTCPAddr: tcpAddr, + Username: username, + Password: password, + NegTimeout: negTimeout, + }, nil +} + +func (c *Client) negotiate(conn *net.TCPConn) error { + m := []byte{socks5.MethodNone} + if c.Username != "" && c.Password != "" { + m = append(m, socks5.MethodUsernamePassword) + } + rq := socks5.NewNegotiationRequest(m) + _, err := rq.WriteTo(conn) + if err != nil { + return err + } + rs, err := socks5.NewNegotiationReplyFrom(conn) + if err != nil { + return err + } + if rs.Method == socks5.MethodUsernamePassword { + urq := socks5.NewUserPassNegotiationRequest([]byte(c.Username), []byte(c.Password)) + _, err = urq.WriteTo(conn) + if err != nil { + return err + } + urs, err := socks5.NewUserPassNegotiationReplyFrom(conn) + if err != nil { + return err + } + if urs.Status != socks5.UserPassStatusSuccess { + return ErrUserPassAuth + } + } else if rs.Method != socks5.MethodNone { + return errors.New("unsupported auth method") + } + return nil +} + +func (c *Client) Request(conn *net.TCPConn, r *socks5.Request) (*socks5.Reply, error) { + if _, err := r.WriteTo(conn); err != nil { + return nil, err + } + reply, err := socks5.NewReplyFrom(conn) + if err != nil { + return nil, err + } + return reply, nil +} + +func (c *Client) DialTCP(raddr *net.TCPAddr) (*net.TCPConn, error) { + conn, err := net.DialTCP("tcp", nil, c.ServerTCPAddr) + if err != nil { + return nil, err + } + if err := conn.SetDeadline(time.Now().Add(c.NegTimeout)); err != nil { + return nil, err + } + err = c.negotiate(conn) + if err != nil { + _ = conn.Close() + return nil, err + } + var atyp byte + var addr, port []byte + if ip4 := raddr.IP.To4(); ip4 != nil { + atyp = socks5.ATYPIPv4 + addr = ip4 + } else if ip6 := raddr.IP.To16(); ip6 != nil { + atyp = socks5.ATYPIPv6 + addr = ip6 + } else { + _ = conn.Close() + return nil, errors.New("unsupported address type") + } + port = make([]byte, 2) + binary.BigEndian.PutUint16(port, uint16(raddr.Port)) + r := socks5.NewRequest(socks5.CmdConnect, atyp, addr, port) + reply, err := c.Request(conn, r) + if err != nil { + _ = conn.Close() + return nil, err + } + if reply.Rep != socks5.RepSuccess { + _ = conn.Close() + return nil, fmt.Errorf("request failed: %s", reply.Rep) + } + // Negotiation succeed, disable timeout + if err := conn.SetDeadline(time.Time{}); err != nil { + return nil, err + } + return conn, nil +} From 97ef033b659e05729dadad9b954499b37c5d25b5 Mon Sep 17 00:00:00 2001 From: Toby Date: Sat, 26 Feb 2022 20:45:20 -0800 Subject: [PATCH 3/4] feat: server SOCKS5 outbound --- cmd/config.go | 5 + cmd/server.go | 11 ++ pkg/core/server_client.go | 9 +- pkg/socks5/client.go | 118 ----------------- pkg/transport/server.go | 31 +++-- pkg/transport/socks5.go | 265 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 309 insertions(+), 130 deletions(-) delete mode 100644 pkg/socks5/client.go create mode 100644 pkg/transport/socks5.go diff --git a/cmd/config.go b/cmd/config.go index 46f5a6f..9a804e8 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -52,6 +52,11 @@ type serverConfig struct { DisableMTUDiscovery bool `json:"disable_mtu_discovery"` IPv6Only bool `json:"ipv6_only"` Resolver string `json:"resolver"` + SOCKS5Outbound struct { + Server string `json:"server"` + User string `json:"user"` + Password string `json:"password"` + } `json:"socks5_outbound"` } func (c *serverConfig) Check() error { diff --git a/cmd/server.go b/cmd/server.go index a47fc2b..cd6e096 100644 --- a/cmd/server.go +++ b/cmd/server.go @@ -144,6 +144,17 @@ func server(config *serverConfig) { if config.IPv6Only { transport.DefaultServerTransport.IPv6Only = true } + // SOCKS5 outbound + if config.SOCKS5Outbound.Server != "" { + ob, err := transport.NewSOCKS5Client(config.SOCKS5Outbound.Server, + config.SOCKS5Outbound.User, config.SOCKS5Outbound.Password, 10*time.Second) + if err != nil { + logrus.WithFields(logrus.Fields{ + "error": err, + }).Fatal("Failed to initialize SOCKS5 outbound") + } + transport.DefaultServerTransport.SOCKS5Client = ob + } // ACL var aclEngine *acl.Engine if len(config.ACL) > 0 { diff --git a/pkg/core/server_client.go b/pkg/core/server_client.go index 5b3c26c..eff83e2 100644 --- a/pkg/core/server_client.go +++ b/pkg/core/server_client.go @@ -35,12 +35,12 @@ type serverClient struct { ConnGauge prometheus.Gauge udpSessionMutex sync.RWMutex - udpSessionMap map[uint32]*net.UDPConn + udpSessionMap map[uint32]transport.PUDPConn nextUDPSessionID uint32 udpDefragger defragger } -func newServerClient(v2 bool, cs quic.Session, transport *transport.ServerTransport, auth []byte, disableUDP bool, ACLEngine *acl.Engine, +func newServerClient(v2 bool, cs quic.Session, tr *transport.ServerTransport, auth []byte, disableUDP bool, ACLEngine *acl.Engine, CTCPRequestFunc TCPRequestFunc, CTCPErrorFunc TCPErrorFunc, CUDPRequestFunc UDPRequestFunc, CUDPErrorFunc UDPErrorFunc, UpCounterVec, DownCounterVec *prometheus.CounterVec, @@ -48,7 +48,7 @@ func newServerClient(v2 bool, cs quic.Session, transport *transport.ServerTransp sc := &serverClient{ V2: v2, CS: cs, - Transport: transport, + Transport: tr, Auth: auth, ClientAddr: cs.RemoteAddr(), DisableUDP: disableUDP, @@ -57,7 +57,7 @@ func newServerClient(v2 bool, cs quic.Session, transport *transport.ServerTransp CTCPErrorFunc: CTCPErrorFunc, CUDPRequestFunc: CUDPRequestFunc, CUDPErrorFunc: CUDPErrorFunc, - udpSessionMap: make(map[uint32]*net.UDPConn), + udpSessionMap: make(map[uint32]transport.PUDPConn), } if UpCounterVec != nil && DownCounterVec != nil && ConnGaugeVec != nil { authB64 := base64.StdEncoding.EncodeToString(auth) @@ -365,6 +365,7 @@ func (c *serverClient) handleUDP(stream quic.Stream) { break } } + _ = stream.Close() }() // Hold the stream until it's closed by the client diff --git a/pkg/socks5/client.go b/pkg/socks5/client.go deleted file mode 100644 index e8ea466..0000000 --- a/pkg/socks5/client.go +++ /dev/null @@ -1,118 +0,0 @@ -package socks5 - -import ( - "encoding/binary" - "errors" - "fmt" - "github.com/txthinking/socks5" - "net" - "time" -) - -type Client struct { - ServerTCPAddr *net.TCPAddr - Username string - Password string - NegTimeout time.Duration -} - -func NewClient(serverAddr string, username string, password string, negTimeout time.Duration) (*Client, error) { - tcpAddr, err := net.ResolveTCPAddr("tcp", serverAddr) - if err != nil { - return nil, err - } - return &Client{ - ServerTCPAddr: tcpAddr, - Username: username, - Password: password, - NegTimeout: negTimeout, - }, nil -} - -func (c *Client) negotiate(conn *net.TCPConn) error { - m := []byte{socks5.MethodNone} - if c.Username != "" && c.Password != "" { - m = append(m, socks5.MethodUsernamePassword) - } - rq := socks5.NewNegotiationRequest(m) - _, err := rq.WriteTo(conn) - if err != nil { - return err - } - rs, err := socks5.NewNegotiationReplyFrom(conn) - if err != nil { - return err - } - if rs.Method == socks5.MethodUsernamePassword { - urq := socks5.NewUserPassNegotiationRequest([]byte(c.Username), []byte(c.Password)) - _, err = urq.WriteTo(conn) - if err != nil { - return err - } - urs, err := socks5.NewUserPassNegotiationReplyFrom(conn) - if err != nil { - return err - } - if urs.Status != socks5.UserPassStatusSuccess { - return ErrUserPassAuth - } - } else if rs.Method != socks5.MethodNone { - return errors.New("unsupported auth method") - } - return nil -} - -func (c *Client) Request(conn *net.TCPConn, r *socks5.Request) (*socks5.Reply, error) { - if _, err := r.WriteTo(conn); err != nil { - return nil, err - } - reply, err := socks5.NewReplyFrom(conn) - if err != nil { - return nil, err - } - return reply, nil -} - -func (c *Client) DialTCP(raddr *net.TCPAddr) (*net.TCPConn, error) { - conn, err := net.DialTCP("tcp", nil, c.ServerTCPAddr) - if err != nil { - return nil, err - } - if err := conn.SetDeadline(time.Now().Add(c.NegTimeout)); err != nil { - return nil, err - } - err = c.negotiate(conn) - if err != nil { - _ = conn.Close() - return nil, err - } - var atyp byte - var addr, port []byte - if ip4 := raddr.IP.To4(); ip4 != nil { - atyp = socks5.ATYPIPv4 - addr = ip4 - } else if ip6 := raddr.IP.To16(); ip6 != nil { - atyp = socks5.ATYPIPv6 - addr = ip6 - } else { - _ = conn.Close() - return nil, errors.New("unsupported address type") - } - port = make([]byte, 2) - binary.BigEndian.PutUint16(port, uint16(raddr.Port)) - r := socks5.NewRequest(socks5.CmdConnect, atyp, addr, port) - reply, err := c.Request(conn, r) - if err != nil { - _ = conn.Close() - return nil, err - } - if reply.Rep != socks5.RepSuccess { - _ = conn.Close() - return nil, fmt.Errorf("request failed: %s", reply.Rep) - } - // Negotiation succeed, disable timeout - if err := conn.SetDeadline(time.Time{}); err != nil { - return nil, err - } - return conn, nil -} diff --git a/pkg/transport/server.go b/pkg/transport/server.go index fc003c4..56bc451 100644 --- a/pkg/transport/server.go +++ b/pkg/transport/server.go @@ -13,8 +13,15 @@ import ( ) type ServerTransport struct { - Dialer *net.Dialer - IPv6Only bool + Dialer *net.Dialer + IPv6Only bool + SOCKS5Client *SOCKS5Client +} + +type PUDPConn interface { + ReadFromUDP([]byte) (int, *net.UDPAddr, error) + WriteToUDP([]byte, *net.UDPAddr) (int, error) + Close() error } var DefaultServerTransport = &ServerTransport{ @@ -93,13 +100,21 @@ func (ct *ServerTransport) ResolveIPAddr(address string) (*net.IPAddr, error) { } func (ct *ServerTransport) DialTCP(raddr *net.TCPAddr) (*net.TCPConn, error) { - conn, err := ct.Dialer.Dial("tcp", raddr.String()) - if err != nil { - return nil, err + if ct.SOCKS5Client != nil { + return ct.SOCKS5Client.DialTCP(raddr) + } else { + conn, err := ct.Dialer.Dial("tcp", raddr.String()) + if err != nil { + return nil, err + } + return conn.(*net.TCPConn), nil } - return conn.(*net.TCPConn), nil } -func (ct *ServerTransport) ListenUDP() (*net.UDPConn, error) { - return net.ListenUDP("udp", nil) +func (ct *ServerTransport) ListenUDP() (PUDPConn, error) { + if ct.SOCKS5Client != nil { + return ct.SOCKS5Client.ListenUDP() + } else { + return net.ListenUDP("udp", nil) + } } diff --git a/pkg/transport/socks5.go b/pkg/transport/socks5.go new file mode 100644 index 0000000..e4e64ae --- /dev/null +++ b/pkg/transport/socks5.go @@ -0,0 +1,265 @@ +package transport + +import ( + "encoding/binary" + "errors" + "fmt" + "github.com/txthinking/socks5" + "net" + "time" +) + +type SOCKS5Client struct { + ServerTCPAddr *net.TCPAddr + Username string + Password string + NegTimeout time.Duration +} + +func NewSOCKS5Client(serverAddr string, username string, password string, negTimeout time.Duration) (*SOCKS5Client, error) { + tcpAddr, err := net.ResolveTCPAddr("tcp", serverAddr) + if err != nil { + return nil, err + } + return &SOCKS5Client{ + ServerTCPAddr: tcpAddr, + Username: username, + Password: password, + NegTimeout: negTimeout, + }, nil +} + +func (c *SOCKS5Client) negotiate(conn *net.TCPConn) error { + m := []byte{socks5.MethodNone} + if c.Username != "" && c.Password != "" { + m = append(m, socks5.MethodUsernamePassword) + } + rq := socks5.NewNegotiationRequest(m) + _, err := rq.WriteTo(conn) + if err != nil { + return err + } + rs, err := socks5.NewNegotiationReplyFrom(conn) + if err != nil { + return err + } + if rs.Method == socks5.MethodUsernamePassword { + urq := socks5.NewUserPassNegotiationRequest([]byte(c.Username), []byte(c.Password)) + _, err = urq.WriteTo(conn) + if err != nil { + return err + } + urs, err := socks5.NewUserPassNegotiationReplyFrom(conn) + if err != nil { + return err + } + if urs.Status != socks5.UserPassStatusSuccess { + return errors.New("username or password error") + } + } else if rs.Method != socks5.MethodNone { + return errors.New("unsupported auth method") + } + return nil +} + +func (c *SOCKS5Client) request(conn *net.TCPConn, r *socks5.Request) (*socks5.Reply, error) { + if _, err := r.WriteTo(conn); err != nil { + return nil, err + } + reply, err := socks5.NewReplyFrom(conn) + if err != nil { + return nil, err + } + return reply, nil +} + +func (c *SOCKS5Client) DialTCP(raddr *net.TCPAddr) (*net.TCPConn, error) { + conn, err := net.DialTCP("tcp", nil, c.ServerTCPAddr) + if err != nil { + return nil, err + } + if err := conn.SetDeadline(time.Now().Add(c.NegTimeout)); err != nil { + _ = conn.Close() + return nil, err + } + err = c.negotiate(conn) + if err != nil { + _ = conn.Close() + return nil, err + } + var atyp byte + var addr, port []byte + if ip4 := raddr.IP.To4(); ip4 != nil { + atyp = socks5.ATYPIPv4 + addr = ip4 + } else if ip6 := raddr.IP.To16(); ip6 != nil { + atyp = socks5.ATYPIPv6 + addr = ip6 + } else { + _ = conn.Close() + return nil, errors.New("unsupported address type") + } + port = make([]byte, 2) + binary.BigEndian.PutUint16(port, uint16(raddr.Port)) + r := socks5.NewRequest(socks5.CmdConnect, atyp, addr, port) + reply, err := c.request(conn, r) + if err != nil { + _ = conn.Close() + return nil, err + } + if reply.Rep != socks5.RepSuccess { + _ = conn.Close() + return nil, fmt.Errorf("request failed: %d", reply.Rep) + } + // Negotiation succeed, disable timeout + if err := conn.SetDeadline(time.Time{}); err != nil { + _ = conn.Close() + return nil, err + } + return conn, nil +} + +func (c *SOCKS5Client) ListenUDP() (*socks5UDPConn, error) { + conn, err := net.DialTCP("tcp", nil, c.ServerTCPAddr) + if err != nil { + return nil, err + } + if err := conn.SetDeadline(time.Now().Add(c.NegTimeout)); err != nil { + _ = conn.Close() + return nil, err + } + err = c.negotiate(conn) + if err != nil { + _ = conn.Close() + return nil, err + } + r := socks5.NewRequest(socks5.CmdUDP, socks5.ATYPIPv4, nil, nil) + reply, err := c.request(conn, r) + if err != nil { + _ = conn.Close() + return nil, err + } + if reply.Rep != socks5.RepSuccess { + _ = conn.Close() + return nil, fmt.Errorf("request failed: %d", reply.Rep) + } + // Negotiation succeed, disable timeout + if err := conn.SetDeadline(time.Time{}); err != nil { + _ = conn.Close() + return nil, err + } + udpRelayAddr, err := socks5AddrToUDPAddr(reply.Atyp, reply.BndAddr, reply.BndPort) + if err != nil { + _ = conn.Close() + return nil, err + } + udpConn, err := net.DialUDP("udp", nil, udpRelayAddr) + if err != nil { + _ = conn.Close() + return nil, err + } + sc := &socks5UDPConn{ + tcpConn: conn, + udpConn: udpConn, + } + go sc.hold() + return sc, nil +} + +type socks5UDPConn struct { + tcpConn *net.TCPConn + udpConn *net.UDPConn +} + +func (c *socks5UDPConn) hold() { + buf := make([]byte, 1024) + for { + _, err := c.tcpConn.Read(buf) + if err != nil { + break + } + } + _ = c.tcpConn.Close() + _ = c.udpConn.Close() +} + +func (c *socks5UDPConn) ReadFromUDP(b []byte) (int, *net.UDPAddr, error) { + n, err := c.udpConn.Read(b) + if err != nil { + return 0, nil, err + } + d, err := socks5.NewDatagramFromBytes(b[:n]) + if err != nil { + return 0, nil, err + } + addr, err := socks5AddrToUDPAddr(d.Atyp, d.DstAddr, d.DstPort) + if err != nil { + return 0, nil, err + } + n = copy(b, d.Data) + return n, addr, nil +} + +func (c *socks5UDPConn) WriteToUDP(b []byte, addr *net.UDPAddr) (int, error) { + var atyp byte + var dstAddr, dstPort []byte + if ip4 := addr.IP.To4(); ip4 != nil { + atyp = socks5.ATYPIPv4 + dstAddr = ip4 + } else if ip6 := addr.IP.To16(); ip6 != nil { + atyp = socks5.ATYPIPv6 + dstAddr = ip6 + } else { + return 0, errors.New("unsupported address type") + } + dstPort = make([]byte, 2) + binary.BigEndian.PutUint16(dstPort, uint16(addr.Port)) + d := socks5.NewDatagram(atyp, dstAddr, dstPort, b) + _, err := c.udpConn.Write(d.Bytes()) + if err != nil { + return 0, err + } + return len(b), nil +} + +func (c *socks5UDPConn) Close() error { + _ = c.tcpConn.Close() + _ = c.udpConn.Close() + return nil +} + +func socks5AddrToUDPAddr(atyp byte, addr []byte, port []byte) (*net.UDPAddr, error) { + switch atyp { + case socks5.ATYPIPv4: + if len(addr) != 4 { + return nil, errors.New("invalid ipv4 address") + } + return &net.UDPAddr{ + IP: addr, + Port: int(binary.BigEndian.Uint16(port)), + }, nil + case socks5.ATYPIPv6: + if len(addr) != 16 { + return nil, errors.New("invalid ipv6 address") + } + return &net.UDPAddr{ + IP: addr, + Port: int(binary.BigEndian.Uint16(port)), + }, nil + case socks5.ATYPDomain: + if len(addr) == 0 { + return nil, errors.New("invalid domain address") + } + ipAddr, err := net.ResolveIPAddr("ip", string(addr)) + if err != nil { + return nil, err + } + return &net.UDPAddr{ + IP: ipAddr.IP, + Port: int(binary.BigEndian.Uint16(port)), + Zone: ipAddr.Zone, + }, nil + default: + return nil, errors.New("unsupported address type") + } +} From a94009ed4bd81e6dfb29a1b0a5a9e6a633b2c904 Mon Sep 17 00:00:00 2001 From: Toby Date: Sun, 27 Feb 2022 13:53:37 -0800 Subject: [PATCH 4/4] chore: code improvements --- pkg/transport/socks5.go | 67 ++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 28 deletions(-) diff --git a/pkg/transport/socks5.go b/pkg/transport/socks5.go index e4e64ae..e693caa 100644 --- a/pkg/transport/socks5.go +++ b/pkg/transport/socks5.go @@ -87,20 +87,11 @@ func (c *SOCKS5Client) DialTCP(raddr *net.TCPAddr) (*net.TCPConn, error) { _ = conn.Close() return nil, err } - var atyp byte - var addr, port []byte - if ip4 := raddr.IP.To4(); ip4 != nil { - atyp = socks5.ATYPIPv4 - addr = ip4 - } else if ip6 := raddr.IP.To16(); ip6 != nil { - atyp = socks5.ATYPIPv6 - addr = ip6 - } else { + atyp, addr, port, err := addrToSOCKS5Addr(raddr) + if err != nil { _ = conn.Close() - return nil, errors.New("unsupported address type") + return nil, err } - port = make([]byte, 2) - binary.BigEndian.PutUint16(port, uint16(raddr.Port)) r := socks5.NewRequest(socks5.CmdConnect, atyp, addr, port) reply, err := c.request(conn, r) if err != nil { @@ -201,21 +192,12 @@ func (c *socks5UDPConn) ReadFromUDP(b []byte) (int, *net.UDPAddr, error) { } func (c *socks5UDPConn) WriteToUDP(b []byte, addr *net.UDPAddr) (int, error) { - var atyp byte - var dstAddr, dstPort []byte - if ip4 := addr.IP.To4(); ip4 != nil { - atyp = socks5.ATYPIPv4 - dstAddr = ip4 - } else if ip6 := addr.IP.To16(); ip6 != nil { - atyp = socks5.ATYPIPv6 - dstAddr = ip6 - } else { - return 0, errors.New("unsupported address type") + atyp, dstAddr, dstPort, err := addrToSOCKS5Addr(addr) + if err != nil { + return 0, err } - dstPort = make([]byte, 2) - binary.BigEndian.PutUint16(dstPort, uint16(addr.Port)) d := socks5.NewDatagram(atyp, dstAddr, dstPort, b) - _, err := c.udpConn.Write(d.Bytes()) + _, err = c.udpConn.Write(d.Bytes()) if err != nil { return 0, err } @@ -229,6 +211,7 @@ func (c *socks5UDPConn) Close() error { } func socks5AddrToUDPAddr(atyp byte, addr []byte, port []byte) (*net.UDPAddr, error) { + iPort := int(binary.BigEndian.Uint16(port)) switch atyp { case socks5.ATYPIPv4: if len(addr) != 4 { @@ -236,7 +219,7 @@ func socks5AddrToUDPAddr(atyp byte, addr []byte, port []byte) (*net.UDPAddr, err } return &net.UDPAddr{ IP: addr, - Port: int(binary.BigEndian.Uint16(port)), + Port: iPort, }, nil case socks5.ATYPIPv6: if len(addr) != 16 { @@ -244,7 +227,7 @@ func socks5AddrToUDPAddr(atyp byte, addr []byte, port []byte) (*net.UDPAddr, err } return &net.UDPAddr{ IP: addr, - Port: int(binary.BigEndian.Uint16(port)), + Port: iPort, }, nil case socks5.ATYPDomain: if len(addr) == 0 { @@ -256,10 +239,38 @@ func socks5AddrToUDPAddr(atyp byte, addr []byte, port []byte) (*net.UDPAddr, err } return &net.UDPAddr{ IP: ipAddr.IP, - Port: int(binary.BigEndian.Uint16(port)), + Port: iPort, Zone: ipAddr.Zone, }, nil default: return nil, errors.New("unsupported address type") } } + +func addrToSOCKS5Addr(addr net.Addr) (byte, []byte, []byte, error) { + var addrIP net.IP + var addrPort int + if tcpAddr, ok := addr.(*net.TCPAddr); ok { + addrIP = tcpAddr.IP + addrPort = tcpAddr.Port + } else if udpAddr, ok := addr.(*net.UDPAddr); ok { + addrIP = udpAddr.IP + addrPort = udpAddr.Port + } else { + return 0, nil, nil, errors.New("unsupported address type") + } + var atyp byte + var saddr, sport []byte + if ip4 := addrIP.To4(); ip4 != nil { + atyp = socks5.ATYPIPv4 + saddr = addrIP + } else if ip6 := addrIP.To16(); ip6 != nil { + atyp = socks5.ATYPIPv6 + saddr = ip6 + } else { + return 0, nil, nil, errors.New("unsupported address type") + } + sport = make([]byte, 2) + binary.BigEndian.PutUint16(sport, uint16(addrPort)) + return atyp, saddr, sport, nil +}