root/gost_software
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

support shadowsocks

Browse Source
This commit is contained in:
rui.zheng 2015-10-26 13:03:55 +08:00
parent ab6e857443
commit f598779b6b
4 changed files with 159 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -1,4 +1,4 @@
gost 2.0 - GO Simple Tunnel gost - GO Simple Tunnel
==== ====
### GO语言实现的安全隧道 ### GO语言实现的安全隧道
@ -15,7 +15,25 @@ gost 2.0 - GO Simple Tunnel
Google讨论组: https://groups.google.com/d/forum/go-gost Google讨论组: https://groups.google.com/d/forum/go-gost
在gost 2.0中,没有了客户端-服务器的概念gost与其他代理服务都被看作是代理节点(proxy node)gost可以自己处理请求或者将请求转发给任意一个或多个代理节点。 在gost中gost与其他代理服务都被看作是代理节点(proxy node)gost可以自己处理请求或者将请求转发给任意一个或多个代理节点。
#### 参数说明
-L和-F参数格式[scheme://][user:pass@host]:port
scheme分为两部分: protocol - 代理协议类型(http, socks5, shadowsocks), transport - 数据传输方式(tcp, websocket, tls)。
> http - 作为标准http代理: http://:8080
> http+tls - 作为http代理使用tls传输数据: http+tls://:8080
> socks - 作为标准socks5代理: socks://:8080
> socks+ws -作为socks5代理使用websocket传输数据: socks+ws://:8080
> tls - 作为http/socks5代理使用tls传输数据: tls://:8080
> ss - 作为shadowsocks服务ss://aes-256-cfb:123456@:8080
#### 使用方法 #### 使用方法
@ -34,23 +52,9 @@ gost -L=admin:123456@localhost:8080
* 多端口监听 * 多端口监听
```bash ```bash
gost -L=http://localhost:8080 -L=socks://localhost:8081 gost -L=http://localhost:8080 -L=socks://localhost:8081 -L=ss://aes-256-cfb:123456@:8082
``` ```
-L参数格式[scheme://][user:pass@host]:port
scheme分为两部分: protocol - 代理协议类型(http, socks5, shadowsocks), transport - 数据传输方式(tcp, websocket, tls)。
> http - 作为http代理: http://:8080
> http+tls - 作为http代理使用tls传输数据: http+tls://:8080
> socks - 作为socks5代理: socks://:8080
> socks+ws -作为socks5代理使用websocket传输数据: socks+ws://:8080
##### 设置转发代理 ##### 设置转发代理
<img src="https://ginuerzh.github.io/images/gost_02.png" /> <img src="https://ginuerzh.github.io/images/gost_02.png" />
@ -60,14 +64,14 @@ gost -L=:8080 -F=192.168.1.1:8081
* 转发代理认证 * 转发代理认证
```bash ```bash
gost -L=:8080 -F=admin:123456@192.168.1.1:8081 gost -L=:8080 -F=http://admin:123456@192.168.1.1:8081
``` ```
##### 设置多个转发代理(转发链) ##### 设置多个转发代理(转发链)
<img src="https://ginuerzh.github.io/images/gost_03.png" /> <img src="https://ginuerzh.github.io/images/gost_03.png" />
```bash ```bash
gost -L=:8080 -F=http://192.168.1.1:8081 -F socks://192.168.1.2:8082 -F=··· -F=a.b.c.d:NNNN gost -L=:8080 -F=http+tls://192.168.1.1:8081 -F socks+ws://192.168.1.2:8082 -F=··· -F=a.b.c.d:NNNN
``` ```
gost通过转发链按照-F设置顺序将请求最终转发给a.b.c.d:NNNN处理每一个转发代理可以是任意一种类型的代理(http/socks5) gost通过转发链按照-F设置顺序将请求最终转发给a.b.c.d:NNNN处理每一个转发代理可以是任意一种类型的代理(http/socks5)

7
conn.go
View File

@ -91,6 +91,7 @@ func handleConn(conn net.Conn, arg Args) {
switch arg.Protocol { switch arg.Protocol {
case "ss": // shadowsocks case "ss": // shadowsocks
handleShadow(conn, arg)
return return
case "http": case "http":
req, err := http.ReadRequest(bufio.NewReader(conn)) req, err := http.ReadRequest(bufio.NewReader(conn))
@ -253,7 +254,11 @@ exit:
func forward(conn net.Conn, arg Args) (net.Conn, error) { func forward(conn net.Conn, arg Args) (net.Conn, error) {
var err error var err error
if glog.V(LINFO) { if glog.V(LINFO) {
glog.Infof("forward: %s/%s %s", arg.Protocol, arg.Transport, arg.Addr) proto := arg.Protocol
if proto == "default" {
proto = "http" // default is http
}
glog.Infof("forward: %s/%s %s", proto, arg.Transport, arg.Addr)
} }
switch arg.Transport { switch arg.Transport {
case "ws": // websocket connection case "ws": // websocket connection

128
ss.go Normal file
View File

@ -0,0 +1,128 @@
package main
import (
"encoding/binary"
"fmt"
"github.com/ginuerzh/gosocks5"
"github.com/golang/glog"
"github.com/shadowsocks/shadowsocks-go/shadowsocks"
"io"
"net"
)
func handleShadow(conn net.Conn, arg Args) {
if arg.User != nil {
method := arg.User.Username()
password, _ := arg.User.Password()
cipher, err := shadowsocks.NewCipher(method, password)
if err != nil {
if glog.V(LWARNING) {
glog.Warningln("shadowsocks:", err)
}
return
}
conn = shadowsocks.NewConn(conn, cipher)
}
addr, extra, err := getShadowRequest(conn)
if err != nil {
if glog.V(LWARNING) {
glog.Warningln("shadowsocks:", err)
}
return
}
if glog.V(LINFO) {
glog.Infoln("shadowsocks connect:", addr.String())
}
sconn, err := Connect(addr.String())
if err != nil {
if glog.V(LWARNING) {
glog.Warningln("shadowsocks:", err)
}
return
}
defer sconn.Close()
if extra != nil {
if _, err := sconn.Write(extra); err != nil {
if glog.V(LWARNING) {
glog.Warningln("shadowsocks:", err)
}
return
}
}
Transport(conn, sconn)
}
func getShadowRequest(conn net.Conn) (addr *gosocks5.Addr, extra []byte, err error) {
const (
idType = 0 // address type index
idIP0 = 1 // ip addres start index
idDmLen = 1 // domain address length index
idDm0 = 2 // domain address start index
typeIPv4 = 1 // type is ipv4 address
typeDm = 3 // type is domain address
typeIPv6 = 4 // type is ipv6 address
lenIPv4 = 1 + net.IPv4len + 2 // 1addrType + ipv4 + 2port
lenIPv6 = 1 + net.IPv6len + 2 // 1addrType + ipv6 + 2port
lenDmBase = 1 + 1 + 2 // 1addrType + 1addrLen + 2port, plus addrLen
)
// buf size should at least have the same size with the largest possible
// request size (when addrType is 3, domain name has at most 256 bytes)
// 1(addrType) + 1(lenByte) + 256(max length address) + 2(port)
buf := make([]byte, 1024)
var n int
// read till we get possible domain length field
//shadowsocks.SetReadTimeout(conn)
if n, err = io.ReadAtLeast(conn, buf, idDmLen+1); err != nil {
return
}
addr = &gosocks5.Addr{
Type: buf[idType],
}
reqLen := -1
switch buf[idType] {
case typeIPv4:
reqLen = lenIPv4
case typeIPv6:
reqLen = lenIPv6
case typeDm:
reqLen = int(buf[idDmLen]) + lenDmBase
default:
err = fmt.Errorf("addr type %d not supported", buf[idType])
return
}
if n < reqLen { // rare case
//ss.SetReadTimeout(conn)
if _, err = io.ReadFull(conn, buf[n:reqLen]); err != nil {
return
}
} else if n > reqLen {
// it's possible to read more than just the request head
extra = buf[reqLen:n]
}
// Return string for typeIP is not most efficient, but browsers (Chrome,
// Safari, Firefox) all seems using typeDm exclusively. So this is not a
// big problem.
switch buf[idType] {
case typeIPv4:
addr.Host = net.IP(buf[idIP0 : idIP0+net.IPv4len]).String()
case typeIPv6:
addr.Host = net.IP(buf[idIP0 : idIP0+net.IPv6len]).String()
case typeDm:
addr.Host = string(buf[idDm0 : idDm0+buf[idDmLen]])
}
// parse port
addr.Port = binary.BigEndian.Uint16(buf[reqLen-2 : reqLen])
return
}

16
util.go
View File

@ -92,8 +92,6 @@ type Args struct {
Protocol string // protocol: http&socks5/http/socks/socks5/ss, default is http&socks5 Protocol string // protocol: http&socks5/http/socks/socks5/ss, default is http&socks5
Transport string // transport: tcp/ws/tls, default is tcp(raw tcp) Transport string // transport: tcp/ws/tls, default is tcp(raw tcp)
User *url.Userinfo User *url.Userinfo
EncMeth string // data encryption method, shadowsocks only
EncPass string // data encryption password, shadowsocks only
Cert tls.Certificate // tls certificate Cert tls.Certificate // tls certificate
} }
@ -103,9 +101,8 @@ func (args Args) String() string {
authUser = args.User.Username() authUser = args.User.Username()
authPass, _ = args.User.Password() authPass, _ = args.User.Password()
} }
return fmt.Sprintf("host: %s, proto: %s, trans: %s, auth: %s:%s, enc: %s:%s", return fmt.Sprintf("host: %s, protocol: %s, transport: %s, auth: %s:%s",
args.Addr, args.Protocol, args.Transport, authUser, authPass, args.Addr, args.Protocol, args.Transport, authUser, authPass)
args.EncMeth, args.EncPass)
} }
func parseArgs(ss []string) (args []Args) { func parseArgs(ss []string) (args []Args) {
@ -148,15 +145,6 @@ func parseArgs(ss []string) (args []Args) {
arg.Transport = "tcp" arg.Transport = "tcp"
} }
mp := strings.Split(strings.Trim(u.Path, "/"), ":")
if len(mp) == 1 {
arg.EncMeth = mp[0]
}
if len(mp) == 2 {
arg.EncMeth = mp[0]
arg.EncPass = mp[1]
}
args = append(args, arg) args = append(args, arg)
} }