diff --git a/gost/examples/bench/srv.go b/gost/examples/bench/srv.go index de0ce1f..4606840 100644 --- a/gost/examples/bench/srv.go +++ b/gost/examples/bench/srv.go @@ -41,6 +41,7 @@ func main() { go sshTunnelServer() // go http2Server() go quicServer() + go shadowUDPServer() select {} } @@ -238,6 +239,16 @@ func quicServer() { log.Fatal(s.Serve(ln, h)) } +func shadowUDPServer() { + s := &gost.Server{} + ln, err := gost.ShadowUDPListener(":18338", url.UserPassword("chacha20", "123456"), 30*time.Second) + if err != nil { + log.Fatal(err) + } + h := gost.ShadowUDPdHandler() + log.Fatal(s.Serve(ln, h)) +} + var ( rawCert = []byte(`-----BEGIN CERTIFICATE----- MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw diff --git a/gost/examples/ssu/ssu.go b/gost/examples/ssu/ssu.go new file mode 100644 index 0000000..93a82c8 --- /dev/null +++ b/gost/examples/ssu/ssu.go @@ -0,0 +1,55 @@ +package main + +import ( + "bytes" + "log" + "net" + "strconv" + + "github.com/ginuerzh/gosocks5" + ss "github.com/shadowsocks/shadowsocks-go/shadowsocks" +) + +func main() { + ssuClient() +} + +func ssuClient() { + addr, err := net.ResolveUDPAddr("udp", ":18338") + if err != nil { + log.Fatal(err) + } + conn, err := net.ListenUDP("udp", nil) + if err != nil { + log.Fatal(err) + } + cp, err := ss.NewCipher("chacha20", "123456") + if err != nil { + log.Fatal(err) + } + cc := ss.NewSecurePacketConn(conn, cp, false) + + raddr, _ := net.ResolveTCPAddr("udp", ":8080") + msg := []byte(`abcdefghijklmnopqrstuvwxyz`) + dgram := gosocks5.NewUDPDatagram(gosocks5.NewUDPHeader(0, 0, toSocksAddr(raddr)), msg) + buf := bytes.Buffer{} + dgram.Write(&buf) + if _, err := cc.WriteTo(buf.Bytes()[3:], addr); err != nil { + log.Fatal(err) + } +} + +func toSocksAddr(addr net.Addr) *gosocks5.Addr { + host := "0.0.0.0" + port := 0 + if addr != nil { + h, p, _ := net.SplitHostPort(addr.String()) + host = h + port, _ = strconv.Atoi(p) + } + return &gosocks5.Addr{ + Type: gosocks5.AddrIPv4, + Host: host, + Port: uint16(port), + } +} diff --git a/gost/forward.go b/gost/forward.go index 89f1bd4..1cd24e0 100644 --- a/gost/forward.go +++ b/gost/forward.go @@ -48,7 +48,6 @@ func (h *tcpDirectForwardHandler) Handle(conn net.Conn) { type udpDirectForwardHandler struct { raddr string - ttl time.Duration options *HandlerOptions } @@ -168,7 +167,7 @@ func (h *udpRemoteForwardHandler) Handle(conn net.Conn) { } type udpDirectForwardListener struct { - ln *net.UDPConn + ln net.PacketConn conns map[string]*udpServerConn connChan chan net.Conn errChan chan error @@ -199,7 +198,7 @@ func UDPDirectForwardListener(addr string, ttl time.Duration) (Listener, error) func (l *udpDirectForwardListener) listenLoop() { for { b := make([]byte, mediumBufferSize) - n, raddr, err := l.ln.ReadFromUDP(b) + n, raddr, err := l.ln.ReadFrom(b) if err != nil { log.Logf("[udp] peer -> %s : %s", l.Addr(), err) l.ln.Close() @@ -226,7 +225,7 @@ func (l *udpDirectForwardListener) listenLoop() { select { case conn.rChan <- b[:n]: default: - log.Logf("[udp] %s -> %s : write queue is full", raddr, l.Addr()) + log.Logf("[udp] %s -> %s : read queue is full", raddr, l.Addr()) } } } diff --git a/gost/ss.go b/gost/ss.go index f3e2889..7ee924a 100644 --- a/gost/ss.go +++ b/gost/ss.go @@ -1,7 +1,9 @@ package gost import ( + "bytes" "encoding/binary" + "errors" "fmt" "io" "net" @@ -9,6 +11,7 @@ import ( "strconv" "time" + "github.com/ginuerzh/gosocks5" "github.com/go-log/log" ss "github.com/shadowsocks/shadowsocks-go/shadowsocks" ) @@ -207,3 +210,199 @@ func (h *shadowHandler) getRequest(conn net.Conn) (host string, err error) { host = net.JoinHostPort(host, strconv.Itoa(int(port))) return } + +type shadowUDPListener struct { + ln net.PacketConn + conns map[string]*udpServerConn + connChan chan net.Conn + errChan chan error + ttl time.Duration +} + +// ShadowUDPListener creates a Listener for shadowsocks UDP relay server. +func ShadowUDPListener(addr string, cipher *url.Userinfo, ttl time.Duration) (Listener, error) { + laddr, err := net.ResolveUDPAddr("udp", addr) + if err != nil { + return nil, err + } + ln, err := net.ListenUDP("udp", laddr) + if err != nil { + return nil, err + } + + var method, password string + if cipher != nil { + method = cipher.Username() + password, _ = cipher.Password() + } + cp, err := ss.NewCipher(method, password) + if err != nil { + ln.Close() + return nil, err + } + l := &udpDirectForwardListener{ + ln: ss.NewSecurePacketConn(ln, cp, false), + conns: make(map[string]*udpServerConn), + connChan: make(chan net.Conn, 1024), + errChan: make(chan error, 1), + ttl: ttl, + } + go l.listenLoop() + return l, nil +} + +func (l *shadowUDPListener) listenLoop() { + for { + b := make([]byte, mediumBufferSize) + n, raddr, err := l.ln.ReadFrom(b[3:]) // add rsv and frag fields to make it the standard SOCKS5 UDP datagram + if err != nil { + log.Logf("[ssu] peer -> %s : %s", l.Addr(), err) + l.ln.Close() + l.errChan <- err + close(l.errChan) + return + } + if Debug { + log.Logf("[ssu] %s >>> %s : length %d", raddr, l.Addr(), n) + } + + b[3] &= ss.AddrMask // remove OTA flag + conn, ok := l.conns[raddr.String()] + if !ok || conn.Closed() { + conn = newUDPServerConn(l.ln, raddr, l.ttl) + l.conns[raddr.String()] = conn + + select { + case l.connChan <- conn: + default: + conn.Close() + log.Logf("[ssu] %s - %s: connection queue is full", raddr, l.Addr()) + } + } + + select { + case conn.rChan <- b[:n+3]: // we keep the addr info so that the handler can identify the destination. + default: + log.Logf("[ssu] %s -> %s : read queue is full", raddr, l.Addr()) + } + } +} + +func (l *shadowUDPListener) Accept() (conn net.Conn, err error) { + var ok bool + select { + case conn = <-l.connChan: + case err, ok = <-l.errChan: + if !ok { + err = errors.New("accpet on closed listener") + } + } + return +} + +func (l *shadowUDPListener) Addr() net.Addr { + return l.ln.LocalAddr() +} + +func (l *shadowUDPListener) Close() error { + return l.ln.Close() +} + +type shadowUDPdHandler struct { + ttl time.Duration + options *HandlerOptions +} + +// ShadowUDPdHandler creates a server Handler for shadowsocks UDP relay server. +func ShadowUDPdHandler(opts ...HandlerOption) Handler { + h := &udpDirectForwardHandler{ + options: &HandlerOptions{}, + } + for _, opt := range opts { + opt(h.options) + } + return h +} + +func (h *shadowUDPdHandler) Handle(conn net.Conn) { + defer conn.Close() + + var err error + var cc net.PacketConn + if h.options.Chain.IsEmpty() { + cc, err = net.ListenUDP("udp", nil) + if err != nil { + log.Logf("[udp] %s - : %s", conn.LocalAddr(), err) + return + } + } else { + var c net.Conn + c, err = getSOCKS5UDPTunnel(h.options.Chain, nil) + if err != nil { + log.Logf("[udp] %s - : %s", conn.LocalAddr(), err) + return + } + cc = &udpTunnelConn{Conn: c} + } + defer cc.Close() + + log.Logf("[udp] %s <-> %s", conn.RemoteAddr(), conn.LocalAddr()) + transportUDP(conn, cc) + log.Logf("[udp] %s >-< %s", conn.RemoteAddr(), conn.LocalAddr()) +} + +func transportUDP(sc net.Conn, cc net.PacketConn) error { + errc := make(chan error, 1) + go func() { + for { + dgram, err := gosocks5.ReadUDPDatagram(sc) + if err != nil { + errc <- err + return + } + if Debug { + log.Logf("[ssu] %s >>> %s length: %d", sc.RemoteAddr(), dgram.Header.Addr.String(), len(dgram.Data)) + } + addr, err := net.ResolveUDPAddr("udp", dgram.Header.Addr.String()) + if err != nil { + errc <- err + return + } + if _, err := cc.WriteTo(dgram.Data, addr); err != nil { + errc <- err + return + } + } + }() + + go func() { + for { + b := make([]byte, mediumBufferSize) + n, addr, err := cc.ReadFrom(b) + if err != nil { + errc <- err + return + } + if Debug { + log.Logf("[ssu] %s <<< %s length: %d", sc.RemoteAddr(), addr, n) + } + dgram := gosocks5.NewUDPDatagram(gosocks5.NewUDPHeader(0, 0, toSocksAddr(addr)), b[:n]) + buf := bytes.Buffer{} + dgram.Write(&buf) + if buf.Len() < 10 { + log.Logf("[ssu] %s <- %s : invalid udp datagram", sc.RemoteAddr(), addr) + continue + } + if _, err := sc.Write(buf.Bytes()[3:]); err != nil { + errc <- err + return + } + } + }() + + err := <-errc + if err != nil && err == io.EOF { + err = nil + } + return err +}