SagerNet/sing
1
0
Fork 0
mirror of https://github.com/SagerNet/sing.git synced 2025-04-04 04:17:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add simple sslocal implementation

Browse source
This commit is contained in:
世界 2022-04-07 02:54:48 +08:00
parent 2e74275ceb
commit 542fa4f975
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
50 changed files with 674 additions and 1959 deletions
Download patch file Download diff file Expand all files Collapse all files

373
cli/sslocal/cmd.go Normal file
View file

@ -0,0 +1,373 @@
package sslocal
import (
"context"
"crypto/rand"
"encoding/base64"
"errors"
"io"
"net"
"net/netip"
"os"
"os/signal"
"syscall"
"time"
"github.com/sagernet/sing"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/rw"
"github.com/sagernet/sing/common/socksaddr"
"github.com/sagernet/sing/common/task"
"github.com/sagernet/sing/protocol/shadowsocks"
"github.com/sagernet/sing/protocol/socks"
"github.com/sagernet/sing/transport/system"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
type Flags struct {
Server string
ServerPort uint16
LocalPort uint16
Password string
Key string
Method string
}
func MainCmd() *cobra.Command {
flags := new(Flags)
cmd := &cobra.Command{
Use: "sslocal",
Short: "shadowsocks client as socks5 proxy, sing port",
Version: sing.Version,
Run: func(cmd *cobra.Command, args []string) {
Run(flags)
},
}
cmd.Flags().StringVarP(&flags.Server, "server", "s", "", "Set the server’s hostname or IP.")
cmd.Flags().Uint16VarP(&flags.ServerPort, "server-port", "p", 0, "Set the server’s port number.")
cmd.Flags().Uint16VarP(&flags.LocalPort, "local-port", "l", 1080, "Set the local port number.")
cmd.Flags().StringVarP(&flags.Password, "password", "k", "", "Set the password. The server and the client should use the same password.")
cmd.Flags().StringVar(&flags.Key, "key", "", "Set the key directly. The key should be encoded with URL-safe Base64.")
cmd.Flags().StringVarP(&flags.Method, "encrypt-method", "m", "", `Set the cipher.
Supported ciphers:
none
aes-128-gcm
aes-192-gcm
aes-256-gcm
chacha20-ietf-poly1305
xchacha20-ietf-poly1305
The default cipher is chacha20-ietf-poly1305.`)
// cmd.Flags().Uint16VarP(&flags.Timeout, "timeout", "t", 60, "Set the socket timeout in seconds.")
// cmd.Flags().StringVarP(&flags.ConfigFile, "config", "c", "", "Use a configuration file.")
// cmd.Flags().Uint16VarP(&flags.MaxFD, "max-open-files", "n", 0, `Specify max number of open files.
// Only available on Linux.`)
// cmd.Flags().StringVarP(&flags.Interface, "interface", "i", "", `Send traffic through specific network interface.
// For example, there are three interfaces in your device, which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure ss-local to listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through eth1, but not lo nor eth0. This option is useful to control traffic in multi-interface environment.`)
// cmd.Flags().StringVarP(&flags.LocalAddress, "local-address", "b", "", "Specify the local address to use while this client is making outbound connections to the server.")
return cmd
}
type LocalClient struct {
tcpIn *system.TCPListener
serverAddr netip.AddrPort
cipher shadowsocks.Cipher
key []byte
}
func NewLocalClient(flags *Flags) (*LocalClient, error) {
client := new(LocalClient)
client.tcpIn = system.NewTCPListener(netip.AddrPortFrom(netip.IPv4Unspecified(), flags.LocalPort), client)
if flags.Server == "" {
return nil, exceptions.New("server not specified")
}
if addrPort, err := netip.ParseAddrPort(flags.Server); err == nil {
client.serverAddr = addrPort
} else if addr, err := netip.ParseAddr(flags.Server); err == nil {
client.serverAddr = netip.AddrPortFrom(addr, flags.ServerPort)
} else {
return nil, err
}
cipher, err := shadowsocks.CreateCipher(flags.Method)
if err != nil {
return nil, err
}
client.cipher = cipher
if flags.Key != "" {
key, err := base64.URLEncoding.DecodeString(flags.Key)
if err != nil {
return nil, exceptions.Cause(err, "failed to decode base64 key")
}
if len(key) != cipher.KeySize() {
return nil, exceptions.New("key of ", flags.Method, " must be ", cipher.KeySize(), " bytes")
}
client.key = key
} else if flags.Password != "" {
client.key = shadowsocks.Key([]byte(flags.Password), cipher.KeySize())
} else {
return nil, exceptions.New("password not specified")
}
return client, nil
}
func Run(flags *Flags) {
client, err := NewLocalClient(flags)
if err != nil {
logrus.Fatal(err)
}
client.tcpIn.Start()
{
osSignals := make(chan os.Signal, 1)
signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM)
<-osSignals
}
client.tcpIn.Close()
}
func (c *LocalClient) HandleTCP(conn net.Conn) error {
defer conn.Close()
authRequest, err := socks.ReadAuthRequest(conn)
if err != nil {
return err
}
if !common.Contains(authRequest.Methods, socks.AuthTypeNotRequired) {
err = socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeNoAcceptedMethods,
})
if err != nil {
return err
}
}
err = socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeNotRequired,
})
if err != nil {
return err
}
request, err := socks.ReadRequest(conn)
if err != nil {
return err
}
ctx := context.Background()
failure := func() {
socks.WriteResponse(conn, &socks.Response{
Version: request.Version,
ReplyCode: socks.ReplyCodeFailure,
})
}
switch request.Command {
case socks.CommandConnect:
logrus.Info("CONNECT ", request.Addr, ":", request.Port)
serverConn, dialErr := system.Dial(ctx, "tcp", c.serverAddr.String())
if dialErr != nil {
failure()
return exceptions.Cause(dialErr, "connect to server")
}
saltBuffer := buf.New()
defer saltBuffer.Release()
if c.cipher.SaltSize() > 0 {
saltBuffer.WriteRandom(c.cipher.SaltSize())
}
serverWriter := &buf.BufferedWriter{
Writer: serverConn,
Buffer: saltBuffer,
}
writer, _ := c.cipher.CreateWriter(c.key, saltBuffer.Bytes(), serverWriter)
header := buf.New()
defer header.Release()
err = shadowsocks.AddressSerializer.WriteAddressAndPort(header, request.Addr, request.Port)
if err != nil {
failure()
return err
}
serverAddr, serverPort := socksaddr.AddressFromNetAddr(serverConn.LocalAddr())
err = socks.WriteResponse(conn, &socks.Response{
Version: request.Version,
ReplyCode: socks.ReplyCodeSuccess,
BindAddr: serverAddr,
BindPort: serverPort,
})
if err != nil {
return exceptions.Cause(err, "write response for ", request.Addr, "/", request.Port)
}
return task.Run(ctx, func() error {
// upload
defer rw.CloseRead(conn)
defer rw.CloseWrite(serverConn)
err := conn.SetReadDeadline(time.Now().Add(200 * time.Millisecond))
if err != nil {
return err
}
_, err = header.ReadFrom(conn)
if err != nil {
if errors.Is(err, os.ErrDeadlineExceeded) {
} else {
return exceptions.Cause(err, "read payload")
}
}
err = conn.SetReadDeadline(time.Time{})
if err != nil {
return err
}
_, err = writer.Write(header.Bytes())
if err != nil {
return err
}
err = serverWriter.Flush()
if err != nil {
return exceptions.Cause(err, "flush request")
}
_, err = io.Copy(writer, conn)
if err != nil {
return exceptions.Cause(err, "upload")
}
return nil
}, func() error {
// download
defer rw.CloseWrite(conn)
defer rw.CloseRead(serverConn)
responseBuffer := buf.New()
defer responseBuffer.Release()
_, err := responseBuffer.ReadFullFrom(serverConn, c.cipher.SaltSize())
if err != nil {
return exceptions.Cause(err, "read response")
}
var salt []byte
if c.cipher.SaltSize() > 0 {
salt = responseBuffer.To(c.cipher.SaltSize())
}
reader := c.cipher.CreateReader(c.key, salt, serverConn)
responseBuffer.FullReset()
_, err = io.CopyBuffer(conn, reader, responseBuffer.FreeBytes())
if err != nil {
return exceptions.Cause(err, "download")
}
return nil
})
case socks.CommandUDPAssociate:
serverConn, dialErr := system.Dial(ctx, "udp", c.serverAddr.String())
if dialErr != nil {
failure()
return exceptions.Cause(err, "connect to server")
}
handler := &udpHandler{
LocalClient: c,
upstreamConn: conn,
serverConn: serverConn,
}
handler.udpIn = system.NewUDPListener(netip.AddrPortFrom(netip.AddrFrom4([4]byte{127, 0, 0, 1}), 0), handler)
handler.udpIn.Start()
defer handler.Close()
bindAddr, bindPort := socksaddr.AddressFromNetAddr(handler.udpIn.UDPConn.LocalAddr())
err = socks.WriteResponse(conn, &socks.Response{
Version: request.Version,
ReplyCode: socks.ReplyCodeSuccess,
BindAddr: bindAddr,
BindPort: bindPort,
})
if err != nil {
return exceptions.Cause(err, "write response")
}
go handler.loopInput()
return common.Error(io.Copy(io.Discard, conn))
}
return nil
}
type udpHandler struct {
*LocalClient
upstreamConn net.Conn
serverConn net.Conn
udpIn *system.UDPListener
sourceAddr net.Addr
}
func (c *udpHandler) HandleUDP(listener *system.UDPListener, buffer *buf.Buffer, sourceAddr net.Addr) error {
c.sourceAddr = sourceAddr
buffer.Advance(3)
if c.cipher.SaltSize() > 0 {
salt := make([]byte, c.cipher.SaltSize())
common.Must1(rand.Read(salt))
common.Must1(buffer.WriteAtFirst(salt))
}
err := c.cipher.EncodePacket(c.key, buffer)
if err != nil {
return exceptions.Cause(err, "encode udp packet")
}
defer buffer.Release()
_, err = c.serverConn.Write(buffer.Bytes())
if err != nil {
return exceptions.Cause(err, "write udp packet")
}
return nil
}
func (c *udpHandler) loopInput() {
buffer := buf.New()
defer buffer.Release()
for {
_, err := buffer.ReadFrom(c.serverConn)
if err != nil {
c.OnError(exceptions.Cause(err, "read udp packet"))
return
}
err = c.cipher.DecodePacket(c.key, buffer)
if err != nil {
c.OnError(exceptions.Cause(err, "decode udp packet"))
continue
}
buffer.ExtendHeader(3) // RSV 2 FRAG 1
_, err = c.udpIn.WriteTo(buffer.Bytes(), c.sourceAddr)
if err != nil {
c.OnError(exceptions.Cause(err, "write back udp packet"))
return
}
buffer.Reset()
}
}
func (c *udpHandler) OnError(err error) {
c.LocalClient.OnError(err)
c.Close()
}
func (c *udpHandler) Close() error {
c.upstreamConn.Close()
c.serverConn.Close()
return nil
}
func (c *LocalClient) OnError(err error) {
logrus.Warn(err)
}

16
cli/sslocal/main/wrap.go Normal file
View file

@ -0,0 +1,16 @@
package main
import (
"fmt"
"os"
"github.com/sagernet/sing/cli/sslocal"
)
func main() {
err := sslocal.MainCmd().Execute()
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
}

61
common/buf/buffer.go
View file

@ -5,8 +5,8 @@ import (
"fmt"
"io"
"sing/common"
"sing/common/list"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/list"
)
type Buffer struct {
@ -72,11 +72,6 @@ func (b *Buffer) SetByte(index int, value byte) {
}
func (b *Buffer) Extend(n int) []byte {
if b.start == b.end {
b.start = 0
b.end = n
return b.data[:n]
}
end := b.end + n
ext := b.data[b.end:end]
b.end = end
@ -100,18 +95,43 @@ func (b *Buffer) Write(data []byte) (n int, err error) {
return
}
func (b *Buffer) ExtendHeader(size int) []byte {
if b.start >= size {
b.start -= size
return b.data[b.start-size : b.start]
} else {
offset := size - b.start
end := b.end + size
copy(b.data[offset:end], b.data[b.start:b.end])
b.end = end
return b.data[:offset]
}
}
func (b *Buffer) WriteBufferAtFirst(buffer *Buffer) *Buffer {
size := buffer.Len()
if b.start >= size {
n := copy(b.data[b.start-size:b.start], buffer.Bytes())
b.start -= n
buffer.Release()
return b
}
common.Must1(buffer.Write(b.Bytes()))
b.Release()
return buffer
}
func (b *Buffer) WriteAtFirst(data []byte) (n int, err error) {
size := len(data)
if b.start >= size {
n = copy(b.data[b.start-size:b.start], data)
b.start -= n
return
} else {
copy(b.data[size:], b.data[b.start:b.end])
n = copy(b.data[:size], data)
b.end += size - b.start
b.start = 0
}
offset := size - b.start
copy(b.data[offset:], b.data[b.start:b.end])
n = copy(b.data[:offset], data)
b.end += offset
return
}
@ -140,6 +160,21 @@ func (b *Buffer) ReadFrom(r io.Reader) (int64, error) {
return int64(n), nil
}
func (b *Buffer) ReadAtLeastFrom(r io.Reader, min int) (int64, error) {
if min <= 0 {
return b.ReadFrom(r)
}
if b.IsFull() {
return 0, io.ErrShortBuffer
}
n, err := io.ReadAtLeast(r, b.FreeBytes(), min)
if err != nil {
return 0, err
}
b.end += n
return int64(n), nil
}
func (b *Buffer) ReadFullFrom(r io.Reader, size int) (n int, err error) {
if b.IsFull() {
return 0, io.ErrShortBuffer

23
common/buf/buffer_test.go
View file

@ -1,23 +0,0 @@
package buf_test
import (
"bytes"
"crypto/rand"
"testing"
vb "github.com/v2fly/v2ray-core/v5/common/buf"
"sing/common/buf"
)
func TestBuffer(t *testing.T) {
v := vb.New()
v.ReadFullFrom(rand.Reader, 1024)
buffer := buf.New()
buffer.Write(v.Bytes())
v.Write(v.Bytes())
buffer.Write(buffer.Bytes())
if bytes.Compare(v.Bytes(), buffer.Bytes()) > 0 {
t.Fatal("bad request data\n", v.Bytes(), "\n", buffer.Bytes())
}
}

71
common/buf/conn.go Normal file
View file

@ -0,0 +1,71 @@
package buf
import (
"io"
)
type BufferedReader struct {
Reader io.Reader
Buffer *Buffer
}
func (r *BufferedReader) Upstream() io.Reader {
if r.Buffer != nil {
return nil
}
return r.Reader
}
func (r *BufferedReader) Read(p []byte) (n int, err error) {
if r.Buffer != nil {
n, err = r.Buffer.Read(p)
if err == nil {
return
}
r.Buffer = nil
}
return r.Reader.Read(p)
}
type BufferedWriter struct {
Writer io.Writer
Buffer *Buffer
}
func (w *BufferedWriter) Upstream() io.Writer {
if w.Buffer != nil {
return nil
}
return w.Writer
}
func (w *BufferedWriter) Write(p []byte) (n int, err error) {
if w.Buffer == nil {
return w.Writer.Write(p)
}
n, err = w.Buffer.Write(p)
if err == nil {
return
}
n, err = w.Writer.Write(w.Buffer.Bytes())
if err != nil {
return 0, err
}
w.Buffer.Release()
w.Buffer = nil
return w.Writer.Write(p)
}
func (w *BufferedWriter) Flush() error {
if w.Buffer == nil {
return nil
}
buffer := w.Buffer
w.Buffer = nil
defer buffer.Release()
if buffer.IsEmpty() {
return nil
}
_, err := w.Writer.Write(buffer.Bytes())
return err
}

6
common/crypto/padding.go
View file

@ -1,6 +0,0 @@
package crypto
type PaddingLengthGenerator interface {
MaxPaddingLen() uint16
NextPaddingLen() uint16
}

13
common/crypto/rand.go
View file

@ -1,13 +0,0 @@
package crypto
import (
"crypto/rand"
"sing/common"
)
func RandomBytes(size int) []byte {
b := make([]byte, size)
common.Must1(rand.Read(b))
return b
}

48
common/crypto/salsa20.go
View file

@ -1,48 +0,0 @@
package crypto
import (
"crypto/cipher"
"encoding/binary"
"errors"
"golang.org/x/crypto/salsa20/salsa"
"sing/common"
)
type Salsa20Cipher struct {
nonce []byte
key [32]byte
counter uint64
}
func (s *Salsa20Cipher) XORKeyStream(dst, src []byte) {
if len(dst) < len(src) {
common.Must(errors.New("dst is smaller than src"))
}
padLen := int(s.counter % 64)
buf := make([]byte, len(src)+padLen)
var subNonce [16]byte
copy(subNonce[:], s.nonce)
binary.LittleEndian.PutUint64(subNonce[8:], s.counter/64)
// It's difficult to avoid data copy here. src or dst maybe slice from
// Conn.Read/Write, which can't have padding.
copy(buf[padLen:], src)
salsa.XORKeyStream(buf, buf, &subNonce, &s.key)
copy(dst, buf[padLen:])
s.counter += uint64(len(src))
}
func NewSalsa20(key []byte, nonce []byte) (cipher.Stream, error) {
var fixedSizedKey [32]byte
if len(key) != 32 {
return nil, errors.New("key size must be 32")
}
copy(fixedSizedKey[:], key)
return &Salsa20Cipher{
key: fixedSizedKey,
nonce: nonce,
}, nil
}

2
common/exceptions/error.go
View file

@ -24,7 +24,7 @@ func (e exception) Error() string {
if e.cause == nil {
return e.message
}
return e.message + ":" + e.cause.Error()
return e.message + ": " + e.cause.Error()
}
func (e exception) Cause() error {

6
common/rw/copy.go
View file

@ -5,9 +5,9 @@ import (
"io"
"net"
"sing/common"
"sing/common/buf"
"sing/common/task"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/task"
)
func CopyConn(ctx context.Context, conn net.Conn, outConn net.Conn) error {

25
common/rw/duplex.go Normal file
View file

@ -0,0 +1,25 @@
package rw
import "io"
type ReadCloser interface {
CloseRead() error
}
type WriteCloser interface {
CloseWrite() error
}
func CloseRead(conn io.Closer) error {
if closer, ok := conn.(ReadCloser); ok {
return closer.CloseRead()
}
return conn.Close()
}
func CloseWrite(conn io.Closer) error {
if closer, ok := conn.(WriteCloser); ok {
return closer.CloseWrite()
}
return conn.Close()
}

6
common/rw/output.go
View file

@ -3,9 +3,9 @@ package rw
import (
"io"
"sing/common"
"sing/common/buf"
"sing/common/list"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/list"
)
type OutputStream interface {

2
common/rw/read.go
View file

@ -3,7 +3,7 @@ package rw
import (
"io"
"sing/common"
"github.com/sagernet/sing/common"
)
func Skip(reader io.Reader) error {

2
common/rw/write.go
View file

@ -3,7 +3,7 @@ package rw
import (
"io"
"sing/common"
"github.com/sagernet/sing/common"
)
var ZeroBytes = make([]byte, 1024)

4
common/session/context.go
View file

@ -4,8 +4,8 @@ import (
"net"
"strconv"
"sing/common/buf"
"sing/common/socksaddr"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/socksaddr"
)
type Network int

2
common/session/pool.go
View file

@ -4,7 +4,7 @@ import (
"container/list"
"sync"
"sing/common"
"github.com/sagernet/sing/common"
)
var (

1
common/socksaddr/addr.go
View file

@ -2,7 +2,6 @@ package socksaddr
import (
"net"
"net/netip"
)

6
common/socksaddr/serializer.go
View file

@ -4,9 +4,9 @@ import (
"encoding/binary"
"io"
"sing/common"
"sing/common/exceptions"
"sing/common/rw"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/rw"
)
type SerializerOption func(*Serializer)

17
common/task/task.go
View file

@ -4,9 +4,19 @@ import (
"context"
"sync"
"sing/common"
"github.com/sagernet/sing/common"
)
func After(task func() error, after func() error) func() error {
return func() error {
err := task()
if err != nil {
return err
}
return after()
}
}
func Run(ctx context.Context, tasks ...func() error) error {
ctx, cancel := context.WithCancel(ctx)
wg := new(sync.WaitGroup)
@ -29,8 +39,5 @@ func Run(ctx context.Context, tasks ...func() error) error {
cancel()
}()
<-ctx.Done()
if retErr != nil {
return retErr
}
return ctx.Err()
return retErr
}

54
conf/config.go
View file

@ -1,54 +0,0 @@
package conf
import (
"encoding/json"
"sing/common/exceptions"
"sing/core"
"sing/transport"
"sing/transport/block"
"sing/transport/socks"
"sing/transport/system"
)
type Config struct {
Inbounds []*InboundConfig `json:"inbounds,omitempty"`
Outbounds []*OutboundConfig `json:"outbounds,omitempty"`
}
type InboundConfig struct {
Type string `json:"type"`
Tag string `json:"tag,omitempty"`
Settings json.RawMessage `json:"settings,omitempty"`
}
func (c InboundConfig) Build(instance core.Instance) (transport.Inbound, error) {
switch c.Type {
case "socks":
config := new(socks.InboundConfig)
err := json.Unmarshal(c.Settings, config)
if err != nil {
return nil, err
}
return socks.NewListener(instance, config)
}
return nil, exceptions.New("unknown inbound type ", c.Type)
}
type OutboundConfig struct {
Type string `json:"type"`
Settings json.RawMessage `json:"settings,omitempty"`
}
func (c OutboundConfig) Build(instance core.Instance) (transport.Outbound, error) {
var outbound transport.Outbound
switch c.Type {
case "system":
outbound = new(system.Outbound)
case "block":
outbound = new(block.Outbound)
default:
return nil, exceptions.New("unknown outbound type: ", c.Type)
}
return outbound, nil
}

93
core.go
View file

@ -1,94 +1,3 @@
package sing
import (
"context"
"sing/common/session"
"sync"
"sing/common/gsync"
"sing/common/list"
"sing/core"
"sing/transport"
)
var _ core.Instance = (*Instance)(nil)
type Instance struct {
access sync.Mutex
ctx context.Context
cancel context.CancelFunc
inbounds list.List[*transport.InboundContext]
inboundByName gsync.Map[string, *transport.InboundContext]
outbounds list.List[*transport.OutboundContext]
outboundByName gsync.Map[string, *transport.OutboundContext]
defaultOutbound *transport.OutboundContext
}
func (i *Instance) AddInbound(inbound transport.Inbound, tag string) {
i.access.Lock()
defer i.access.Unlock()
ic := new(transport.InboundContext)
ic.Context = i.ctx
ic.Tag = tag
ic.Inbound = inbound
i.inbounds.InsertAfter(ic)
i.inboundByName.Store(tag, ic)
}
func (i *Instance) Inbounds() *list.List[*transport.InboundContext] {
i.inboundByName.Range(func(tag string, inbound *transport.InboundContext) bool {
return true
})
return &i.inbounds
}
func (i *Instance) Inbound(tag string) *transport.InboundContext {
inbound, _ := i.inboundByName.Load(tag)
return inbound
}
func (i *Instance) Outbounds() *list.List[*transport.OutboundContext] {
return &i.outbounds
}
func (i *Instance) DefaultOutbound() *transport.OutboundContext {
i.access.Lock()
defer i.access.Unlock()
return i.defaultOutbound
}
func (i *Instance) Outbound(tag string) *transport.OutboundContext {
outbound, _ := i.outboundByName.Load(tag)
return outbound
}
func (i *Instance) HandleConnection(conn *session.Conn) {
i.defaultOutbound.Outbound.NewConnection(i.ctx, conn)
}
func (i *Instance) HandlePacket(packet *session.Packet) {
}
type InstanceContext interface {
context.Context
Instance() *Instance
Load(key string) (any, bool)
Store(key string, value any)
}
type instanceContext struct {
context.Context
instance Instance
values gsync.Map[any, string]
}
func (i *instanceContext) Load(key string) (any, bool) {
return i.values.Load(key)
}
func (i *instanceContext) Store(key string, value any) {
// TODO implement me
panic("implement me")
}
const Version = "v0.0.0-alpha.1"

12
core/core.go
View file

@ -1,12 +0,0 @@
package core
import (
"sing/common/session"
"sing/transport"
)
type Instance interface {
session.Handler
transport.InboundManager
transport.OutboundManager
}

222
example/shadowboom/main.go
View file

@ -1,222 +0,0 @@
package main
import (
"bytes"
"flag"
"fmt"
"io"
"log"
"net"
"os"
cObfs "github.com/Dreamacro/clash/transport/ssr/obfs"
cProtocol "github.com/Dreamacro/clash/transport/ssr/protocol"
"sing/common"
"sing/common/buf"
"sing/common/socksaddr"
"sing/protocol/shadowsocks"
_ "sing/protocol/shadowsocks/shadowstream"
)
var (
address string
port int
method string
password string
obfs string
obfsParam string
protocol string
protocolParam string
ring int
uniqueIV bool
)
func main() {
fs := flag.NewFlagSet("shadowboom", flag.ExitOnError)
fs.StringVar(&address, "address", "", "server address")
fs.IntVar(&port, "port", 0, "server port")
fs.StringVar(&method, "method", "", "server cipher")
fs.StringVar(&password, "password", "", "server password")
fs.StringVar(&obfs, "obfs", "", "shadowsocksr obfuscate")
fs.StringVar(&obfsParam, "obfs-param", "", "shadowsocksr obfuscate parameter")
fs.StringVar(&protocol, "protocol", "", "shadowsocksr protocol")
fs.StringVar(&protocolParam, "protocol-param", "", "shadowsocksr protocol parameter")
fs.IntVar(&ring, "ring", 5000, "requests")
fs.BoolVar(&uniqueIV, "uniqueIV", false, "use unique iv for each request")
_ = fs.Parse(os.Args[1:])
if common.IsBlank(method) {
fs.Usage()
log.Fatal("method not defined")
}
if common.IsBlank(password) {
fs.Usage()
log.Fatal("password not defined")
}
cipher, err := shadowsocks.CreateCipher(method)
if err != nil {
log.Fatal(err)
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
/*if _, isAEAD := cipher.(*shadowsocks.AEADCipher); isAEAD {
log.Fatal("not a stream cipher: ", method)
}*/
ipAddr, err := net.ResolveIPAddr("ip", address)
if err != nil {
log.Fatal("unable to resolve server address: ", address, ": ", err)
}
addr := socksaddr.AddrFromIP(ipAddr.IP)
var sharedPayload *bytes.Buffer
if !uniqueIV {
sharedPayload = createRequest(cipher, key, addr, uint16(port))
}
for {
var payload *bytes.Buffer
if !uniqueIV {
payload = sharedPayload
} else {
payload = createRequest(cipher, key, addr, uint16(port))
}
conn, err := net.DialTCP("tcp", nil, &net.TCPAddr{
IP: ipAddr.IP,
Port: port,
})
if err != nil {
log.Print("failed to connect to server: ", err)
return
}
log.Print(fmt.Sprint("open connection to ", address, ":", port))
_, err = conn.Write(payload.Bytes())
if err != nil {
log.Print("failed to write request: ", err)
return
}
if uniqueIV {
payload.Reset()
}
go func() {
_, err = io.Copy(io.Discard, conn)
}()
}
}
func createRequest(cipher shadowsocks.Cipher, key []byte, addr socksaddr.Addr, port uint16) *bytes.Buffer {
fmt.Println("creating payload")
content := new(bytes.Buffer)
iv := buf.New()
iv.WriteZeroN(cipher.IVSize())
defer iv.Release()
var (
obfsInstance cObfs.Obfs
protocolInstance cProtocol.Protocol
overhead int
err error
)
if common.IsNotBlank(obfs) && obfs != "plain" {
obfsInstance, overhead, err = cObfs.PickObfs(obfs, &cObfs.Base{
Host: address,
Port: int(port),
Key: key,
IVSize: cipher.IVSize(),
Param: obfsParam,
})
if err != nil {
log.Fatalln(err)
}
}
if common.IsNotBlank(protocol) && protocol != "origin" {
protocolInstance, err = cProtocol.PickProtocol(protocol, &cProtocol.Base{
Key: key,
Overhead: overhead,
Param: protocolParam,
})
if err != nil {
log.Fatalln(err)
}
}
for i := 0; i < ring; i++ {
var buffer bytes.Buffer
var writer io.Writer = &buffer
if uniqueIV {
iv.Reset()
iv.WriteRandom(cipher.IVSize())
}
if obfsInstance != nil {
writer = obfsInstance.StreamConn(common.NewWritConn(writer))
}
_, err = writer.Write(iv.Bytes())
if err != nil {
fmt.Println(err)
break
}
writer, err = cipher.NewEncryptionWriter(key, iv.Bytes(), writer)
if err != nil {
fmt.Println(err)
break
}
if protocolInstance != nil {
writer = protocolInstance.StreamConn(common.NewWritConn(writer), iv.Bytes())
}
var addressAndPort bytes.Buffer
shadowsocks.AddressSerializer.WriteAddressAndPort(&addressAndPort, addr, port)
_, err = writer.Write(addressAndPort.Bytes())
if err != nil {
fmt.Println(err)
break
}
_, err = writer.Write(content.Bytes())
if err != nil {
fmt.Println(err)
break
}
addressAndPort.Reset()
content.Reset()
if i%1000 == 0 {
log.Print("ring ", i, ": ", byteSize(buffer.Len()))
}
content = &buffer
}
log.Print("finished ", ring, ": ", byteSize(content.Len()))
return content
}
func byteSize(b int) string {
const unit = 1000
if b < unit {
return fmt.Sprintf("%d B", b)
}
div, exp := int64(unit), 0
for n := b / unit; n >= unit; n /= unit {
div *= unit
exp++
}
return fmt.Sprintf("%.1f %cB", float64(b)/float64(div), "KMGTPE"[exp])
}

25
example/shadowboom/server.json
View file

@ -1,25 +0,0 @@
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 1234,
"protocol": "shadowsocks",
"settings": {
"method": "aes-128-cfb",
"password": "test"
},
"streamSettings": {
"network": "tcp"
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}

2
format.go
View file

@ -3,4 +3,4 @@ package sing
//go:generate go install -v mvdan.cc/gofumpt@latest
//go:generate go install -v github.com/daixiang0/gci@latest
//go:generate gofumpt -l -w .
//go:generate gci -w .
//go:generate gci write .

41
go.mod
View file

@ -1,42 +1,15 @@
module sing
module github.com/sagernet/sing
go 1.18
require (
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8
golang.org/x/crypto v0.0.0-20220214200702-86341886e292
github.com/sirupsen/logrus v1.8.1
github.com/spf13/cobra v1.4.0
golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29
)
// for testing and example only
require (
github.com/Dreamacro/clash v1.9.0
github.com/v2fly/v2ray-core/v5 v5.0.3
)
//replace github.com/v2fly/v2ray-core/v5 => ../v2ray-core
replace github.com/v2fly/v2ray-core/v5 => github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567
// https://github.com/google/gvisor/releases/tag/release-20211129.0
//replace gvisor.dev/gvisor => ../gvisor
replace gvisor.dev/gvisor => github.com/sagernet/gvisor v0.0.0-20220109124627-f8f67dadd776
require (
github.com/Dreamacro/go-shadowsocks2 v0.1.7 // indirect
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/pires/go-proxyproto v0.6.1 // indirect
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e // indirect
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 // indirect
golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
google.golang.org/protobuf v1.27.1 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/sys v0.0.0-20220406163625-3f8b81556e12 // indirect
)

122
go.sum
View file

@ -1,117 +1,23 @@
github.com/Dreamacro/clash v1.9.0 h1:IfmPW86Klngu0iQ4LL6Bhxcvtr+QaI7Oppa9qRPX/Q8=
github.com/Dreamacro/clash v1.9.0/go.mod h1:vOzDB9KKD/PirNdSlsH4soMl1xF5lk8SwNQiVY5UacE=
github.com/Dreamacro/go-shadowsocks2 v0.1.7 h1:8CtbE1HoPPMfrQZGXmlluq6dO2lL31W6WRRE8fabc4Q=
github.com/Dreamacro/go-shadowsocks2 v0.1.7/go.mod h1:8p5G4cAj5ZlXwUR+Ww63gfSikr8kvw8uw3TDwLAJpUc=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d h1:CPqTNIigGweVPT4CYb+OO2E6XyRKFOmvTHwWRLgCAlE=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d/go.mod h1:QX5ZVULjAfZJux/W62Y91HvCh9hyW6enAwcrrv/sLj0=
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb h1:zXpN5126w/mhECTkqazBkrOJIMatbPP71aSIDR5UuW4=
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb/go.mod h1:F7WkpqJj9t98ePxB/WJGQTIDeOVPuSJ3qdn6JUjg170=
github.com/dgryski/go-metro v0.0.0-20200812162917-85c65e2d0165/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140 h1:y7y0Oa6UawqTFPCDw9JG6pdKt4F9pAhHv0B7FMGaGD0=
github.com/dgryski/go-metro v0.0.0-20211217172704-adc40b04c140/go.mod h1:c9O8+fpSOX1DM8cPNSkX/qsBWdkD4yd2dpciOWQjpBw=
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152 h1:ED31mPIxDJnrLt9W9dH5xgd/6KjzEACKHBVGQ33czc0=
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152/go.mod h1:I9fhc/EvSg88cDxmfQ47v35Ssz9rlFunL/KY0A1JAYI=
github.com/ebfe/bcrypt_pbkdf v0.0.0-20140212075826-3c8d2dcb253a h1:YtdtTUN1iH97s+6PUjLnaiKSQj4oG1/EZ3N9bx6g4kU=
github.com/ebfe/rc2 v0.0.0-20131011165748-24b9757f5521 h1:fBHFH+Y/GPGFGo7LIrErQc3p2MeAhoIQNgaxPWYsSxk=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22 h1:CdVtqYWYGIEuYCbtyx6BVMKOcO0N6lKm99cR1DZubAs=
github.com/geeksbaek/seed v0.0.0-20180909040025-2a7f5fb92e22/go.mod h1:YS1s0XuwU13tHT0WeYeUXUwGk1m8WZvSbK9cx/kY1SE=
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
github.com/go-chi/render v1.0.1 h1:4/5tis2cKaNdnv9zFLfXzcquC9HbeZgCnxGnKrltBS8=
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
github.com/jhump/protoreflect v1.10.1 h1:iH+UZfsbRE6vpyZH7asAjTPWJf7RJbpZ9j/N3lDlKs0=
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8 h1:QxgFSDEqLP8ZsmVm/Qke0HP6JLV7EB93vtWK7noU1Sw=
github.com/kierdavis/cfb8 v0.0.0-20180105024805-3a17c36ee2f8/go.mod h1:uL2TcUivilrs0kPsqUwIf8XHAcmkSjsfrzSgAJwS0TI=
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
github.com/lucas-clemente/quic-go v0.25.0 h1:K+X9Gvd7JXsOHtU0N2icZ2Nw3rx82uBej3mP4CLgibc=
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc=
github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=
github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk=
github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1 h1:EnzzN9fPUkUck/1CuY1FlzBaIYMoiBsdwTNmNGkwUUM=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
github.com/sagernet/gvisor v0.0.0-20220109124627-f8f67dadd776 h1:NBeFhu3oWPjBCAifVeTDyIuxK5SfHUeHG1b0OA3/EZI=
github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567 h1:ZqzVNuyPKHQJKdz2BMTQagFeAHjWprlvtOHDLQ3F1uQ=
github.com/sagernet/v2ray-core/v5 v5.0.7-0.20220128184540-38f59e02f567/go.mod h1:4FMkEwBDneahJymFQGpJtQ0OlC33hpmCoyUneaOQDno=
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c h1:pqy40B3MQWYrza7YZXOXgl0Nf0QGFqrOC0BKae1UNAA=
github.com/seiflotfy/cuckoofilter v0.0.0-20201222105146-bc6005554a0c/go.mod h1:bR6DqgcAl1zTcOX8/pE2Qkj9XO00eCNqmKb7lXP8EAg=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/v2fly/BrowserBridge v0.0.0-20210430233438-0570fc1d7d08 h1:4Yh46CVE3k/lPq6hUbEdbB1u1anRBXLewm3k+L0iOMc=
github.com/v2fly/VSign v0.0.0-20201108000810-e2adc24bf848 h1:p1UzXK6VAutXFFQMnre66h7g1BjRKUnLv0HfmmRoz7w=
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e h1:5QefA066A1tF8gHIiADmOVOV5LS43gt3ONnlEl3xkwI=
github.com/v2fly/ss-bloomring v0.0.0-20210312155135-28617310f63e/go.mod h1:5t19P9LBIrNamL6AcMQOncg/r10y3Pc01AbHeMhwlpU=
github.com/xtaci/smux v1.5.16 h1:FBPYOkW8ZTjLKUM4LI4xnnuuDC8CQ/dB04HD519WoEk=
go.starlark.net v0.0.0-20211203141949-70c0e40ae128 h1:bxH+EXOo87zEOwKDdZ8Tevgi6irRbqheRm/fr293c58=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
go4.org/intern v0.0.0-20211027215823-ae77deb06f29 h1:UXLjNohABv4S58tHmeuIZDO6e3mHpW2Dx33gaNt03LE=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 h1:Tx9kY6yUkLge/pFG7IEMwDZy6CS2ajFc9TvQdPCW0uA=
golang.org/x/crypto v0.0.0-20210317152858-513c2a44f670/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8 h1:kACShD3qhmr/3rLmg1yXyt+N4HcwutKyPRB93s54TIU=
golang.org/x/crypto v0.0.0-20220126234351-aa10faf2a1f8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57 h1:LQmS1nU0twXLA96Kt7U9qtHJEbBk3z6Q0V4UXjZkpr4=
golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o=
golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.1.9 h1:j9KsMiaP1c3B0OTQGth0/k+miLGTgLsAFUCrF2vLcF8=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d h1:9+v0G0naRhLPOJEeJOL6NuXTtAHHwmkyZlgQJ0XcQ8I=
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
golang.zx2c4.com/wireguard v0.0.0-20220117163742-e0b8f11489c5 h1:fREdS2tvy7LARzKUA868aAABc35XOo4CMHydwv+alR4=
google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350 h1:YxHp5zqIcAShDEvRr5/0rVESVS+njYF68PSdazrNLJo=
google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
golang.org/x/sys v0.0.0-20220406163625-3f8b81556e12 h1:QyVthZKMsyaQwBTJE04jdNN0Pp5Fn9Qga0mrgxyERQM=
golang.org/x/sys v0.0.0-20220406163625-3f8b81556e12/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 h1:acCzuUSQ79tGsM/O50VRFySfMm19IoMKL+sZztZkCxw=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

12
protocol/shadowsocks/cipher.go
View file

@ -3,16 +3,16 @@ package shadowsocks
import (
"io"
"sing/common/buf"
"sing/common/exceptions"
"sing/common/list"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/list"
)
type Cipher interface {
KeySize() int
IVSize() int
NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error)
NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error)
SaltSize() int
CreateReader(key []byte, iv []byte, reader io.Reader) io.Reader
CreateWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, int)
EncodePacket(key []byte, buffer *buf.Buffer) error
DecodePacket(key []byte, buffer *buf.Buffer) error
}

72
protocol/shadowsocks/cipher_aead.go
View file

@ -5,12 +5,13 @@ import (
"crypto/cipher"
"encoding/binary"
"io"
"net"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/rw"
"golang.org/x/crypto/chacha20poly1305"
"sing/common"
"sing/common/buf"
"sing/common/exceptions"
"sing/common/rw"
)
const PacketLengthBufferSize = 2
@ -19,35 +20,35 @@ func init() {
RegisterCipher("aes-128-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 16,
IVLength: 16,
SaltLength: 16,
Constructor: aesGcm,
}
})
RegisterCipher("aes-192-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 24,
IVLength: 24,
SaltLength: 24,
Constructor: aesGcm,
}
})
RegisterCipher("aes-256-gcm", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
SaltLength: 32,
Constructor: aesGcm,
}
})
RegisterCipher("chacha20-ietf-poly1305", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
SaltLength: 32,
Constructor: chacha20Poly1305,
}
})
RegisterCipher("xchacha20-ietf-poly1305", func() Cipher {
return &AEADCipher{
KeyLength: 32,
IVLength: 32,
SaltLength: 32,
Constructor: xchacha20Poly1305,
}
})
@ -75,7 +76,7 @@ func xchacha20Poly1305(key []byte) cipher.AEAD {
type AEADCipher struct {
KeyLength int
IVLength int
SaltLength int
Constructor func(key []byte) cipher.AEAD
}
@ -83,38 +84,60 @@ func (c *AEADCipher) KeySize() int {
return c.KeyLength
}
func (c *AEADCipher) IVSize() int {
return c.IVLength
func (c *AEADCipher) SaltSize() int {
return c.SaltLength
}
func (c *AEADCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error) {
return NewAEADWriter(writer, c.Constructor(Kdf(key, iv, c.KeyLength))), nil
func (c *AEADCipher) CreateReader(key []byte, salt []byte, reader io.Reader) io.Reader {
return NewAEADReader(reader, c.Constructor(Kdf(key, salt, c.KeyLength)))
}
func (c *AEADCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error) {
return NewAEADReader(reader, c.Constructor(Kdf(key, iv, c.KeyLength))), nil
func (c *AEADCipher) CreateWriter(key []byte, salt []byte, writer io.Writer) (io.Writer, int) {
protocolWriter := NewAEADWriter(writer, c.Constructor(Kdf(key, salt, c.KeyLength)))
return protocolWriter, protocolWriter.maxDataSize
}
func (c *AEADCipher) EncodePacket(key []byte, buffer *buf.Buffer) error {
aead := c.Constructor(Kdf(key, buffer.To(c.IVLength), c.KeyLength))
aead.Seal(buffer.From(c.IVLength)[:0], rw.ZeroBytes[:aead.NonceSize()], buffer.From(c.IVLength), nil)
aead := c.Constructor(Kdf(key, buffer.To(c.SaltLength), c.KeyLength))
aead.Seal(buffer.From(c.SaltLength)[:0], rw.ZeroBytes[:aead.NonceSize()], buffer.From(c.SaltLength), nil)
buffer.Extend(aead.Overhead())
return nil
}
func (c *AEADCipher) DecodePacket(key []byte, buffer *buf.Buffer) error {
if buffer.Len() < c.IVLength {
if buffer.Len() < c.SaltLength {
return exceptions.New("bad packet")
}
aead := c.Constructor(Kdf(key, buffer.To(c.IVLength), c.KeyLength))
packet, err := aead.Open(buffer.Index(0), rw.ZeroBytes[:aead.NonceSize()], buffer.From(c.IVLength), nil)
aead := c.Constructor(Kdf(key, buffer.To(c.SaltLength), c.KeyLength))
packet, err := aead.Open(buffer.Index(c.SaltLength), rw.ZeroBytes[:aead.NonceSize()], buffer.From(c.SaltLength), nil)
if err != nil {
return err
}
buffer.Advance(c.SaltLength)
buffer.Truncate(len(packet))
return nil
}
type AEADConn struct {
net.Conn
Reader *AEADReader
Writer *AEADWriter
}
func (c *AEADConn) Read(p []byte) (n int, err error) {
return c.Reader.Read(p)
}
func (c *AEADConn) Write(p []byte) (n int, err error) {
return c.Writer.Write(p)
}
func (c *AEADConn) Close() error {
c.Reader.Close()
c.Writer.Close()
return c.Conn.Close()
}
type AEADReader struct {
upstream io.Reader
cipher cipher.AEAD
@ -248,7 +271,6 @@ func (w *AEADWriter) Process(p []byte) (n int, buffer *buf.Buffer, flush bool, e
func (w *AEADWriter) Write(p []byte) (n int, err error) {
for _, data := range buf.ForeachN(p, w.maxDataSize) {
binary.BigEndian.PutUint16(w.data[:PacketLengthBufferSize], uint16(len(data)))
w.cipher.Seal(w.data[:0], w.nonce, w.data[:PacketLengthBufferSize], nil)
increaseNonce(w.nonce)
@ -257,11 +279,11 @@ func (w *AEADWriter) Write(p []byte) (n int, err error) {
packet := w.cipher.Seal(w.data[:start], w.nonce, data, nil)
increaseNonce(w.nonce)
pn, err := w.upstream.Write(packet)
_, err = w.upstream.Write(packet)
if err != nil {
return 0, err
return
}
n += pn
n += len(data)
}
return

12
protocol/shadowsocks/cipher_none.go
View file

@ -3,7 +3,7 @@ package shadowsocks
import (
"io"
"sing/common/buf"
"github.com/sagernet/sing/common/buf"
)
func init() {
@ -18,16 +18,16 @@ func (c *NoneCipher) KeySize() int {
return 16
}
func (c *NoneCipher) IVSize() int {
func (c *NoneCipher) SaltSize() int {
return 0
}
func (c *NoneCipher) NewEncryptionWriter(_ []byte, _ []byte, writer io.Writer) (io.Writer, error) {
return writer, nil
func (c *NoneCipher) CreateReader(_ []byte, _ []byte, reader io.Reader) io.Reader {
return reader
}
func (c *NoneCipher) NewDecryptionReader(_ []byte, _ []byte, reader io.Reader) (io.Reader, error) {
return reader, nil
func (c *NoneCipher) CreateWriter(_ []byte, _ []byte, writer io.Writer) (io.Writer, int) {
return writer, 0
}
func (c *NoneCipher) EncodePacket([]byte, *buf.Buffer) error {

374
protocol/shadowsocks/cipher_test.go
View file

@ -1,374 +0,0 @@
package shadowsocks_test
import (
"bufio"
"bytes"
"io"
"net"
"strings"
"sync"
"testing"
vb "github.com/v2fly/v2ray-core/v5/common/buf"
vn "github.com/v2fly/v2ray-core/v5/common/net"
vp "github.com/v2fly/v2ray-core/v5/common/protocol"
vs "github.com/v2fly/v2ray-core/v5/proxy/shadowsocks"
"sing/common"
"sing/common/buf"
"sing/common/crypto"
"sing/common/rw"
"sing/common/socksaddr"
"sing/protocol/shadowsocks"
_ "sing/protocol/shadowsocks/shadowstream"
)
func TestShadowsocks(t *testing.T) {
for index := 1; index <= int(vs.CipherType_XCHACHA20); index++ {
cipherType := vs.CipherType(index)
cipher := strings.ReplaceAll(strings.ToLower(cipherType.String()), "_", "-")
t.Log("Test", cipher, "server")
testShadowsocksServerTCPWithCipher(t, cipherType, cipher)
t.Log("Test", cipher, "client")
testShadowsocksClientTCPWithCipher(t, cipherType, cipher)
t.Log("Test", cipher, "udp")
testShadowsocksUDPWithCipher(t, cipherType, cipher)
}
}
func testShadowsocksServerTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
password := "fuck me till the daylight"
cipher, err := shadowsocks.CreateCipher(cipherName)
if err != nil {
t.Log("Skip unsupported method: ", cipherName)
return
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
address := socksaddr.AddrFromFqdn("internal.sagernet.org")
data := buf.New()
defer data.Release()
data.WriteRandom(1024)
protoAccount := &vs.Account{
Password: password,
CipherType: cipherType,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
memoryUser := &vp.MemoryUser{
Account: memoryAccount,
}
account := memoryAccount.(*vs.MemoryAccount)
client, server := net.Pipe()
defer common.Close(client, server)
wg := new(sync.WaitGroup)
wg.Add(1)
go func() {
defer wg.Done()
req := &vp.RequestHeader{
Version: vs.Version,
Command: vp.RequestCommandTCP,
Address: vn.DomainAddress(address.Fqdn()),
Port: 443,
User: memoryUser,
}
writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
writer, err := vs.WriteTCPRequest(req, client, writeIv, nil)
if err != nil {
t.Error(err)
return
}
reader, err := vs.ReadTCPResponse(memoryUser, client, nil)
if err != nil {
t.Error(err)
return
}
conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
_, err = conn.Write(data.ToOwned().Bytes())
if err != nil {
t.Error(err)
return
}
clientRead := make([]byte, 1024)
_, err = io.ReadFull(conn, clientRead)
if err != nil {
t.Error(err)
return
}
if bytes.Compare(clientRead, data.Bytes()) > 0 {
t.Error("bad response data")
return
}
client.Close()
}()
var readIv []byte
if cipher.IVSize() > 0 {
readIv = make([]byte, cipher.IVSize())
_, err = io.ReadFull(server, readIv)
if err != nil {
t.Fatal(err)
}
}
reader, err := cipher.NewDecryptionReader(key, readIv, server)
if err != nil {
t.Fatal(err)
}
defer common.Close(reader)
addr, port, err := shadowsocks.AddressSerializer.ReadAddressAndPort(reader)
if err != nil {
t.Fatal(err)
}
if addr != address {
t.Fatal("bad address")
}
if port != 443 {
t.Fatal("bad port")
}
var writeIv []byte
if cipher.IVSize() > 0 {
writeIv = crypto.RandomBytes(cipher.IVSize())
_, err = server.Write(writeIv)
if err != nil {
t.Fatal(err)
}
}
serverRead := make([]byte, 1024)
_, err = io.ReadFull(reader, serverRead)
if err != nil {
t.Fatal(err)
}
if bytes.Compare(serverRead, data.Bytes()) > 0 {
t.Fatal("bad request data")
}
writer, err := cipher.NewEncryptionWriter(key, writeIv, server)
if err != nil {
t.Fatal(err)
}
writer = rw.GetWriter(writer)
defer common.Close(writer)
_, err = writer.Write(data.ToOwned().Bytes())
if err != nil {
t.Fatal(err)
}
wg.Wait()
}
func BenchmarkShadowsocks(b *testing.B) {
b.ReportAllocs()
for _, cipher := range shadowsocks.ListCiphers() {
b.Run(cipher, func(b *testing.B) {
benchmarkShadowsocksCipher(b, cipher, 14*1024)
})
}
}
func benchmarkShadowsocksCipher(b *testing.B, method string, data int) {
b.StopTimer()
b.ResetTimer()
b.SetBytes(int64(data))
cipher, _ := shadowsocks.CreateCipher(method)
iv := buf.New()
defer iv.Release()
iv.WriteRandom(cipher.IVSize())
writer, _ := cipher.NewEncryptionWriter(shadowsocks.Key([]byte("test"), cipher.KeySize()), iv.Bytes(), io.Discard)
defer common.Close(writer)
buffer := buf.New()
defer buffer.Release()
buffer.Extend(data)
b.StartTimer()
if output, ok := writer.(rw.OutputStream); ok {
for i := 0; i < b.N; i++ {
output.Process(buffer.Bytes())
}
} else {
writer.Write(buffer.Bytes())
}
}
func testShadowsocksClientTCPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
password := "fuck me till the daylight"
cipher, err := shadowsocks.CreateCipher(cipherName)
if err != nil {
t.Log("Skip unsupported method: ", cipherName)
return
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
address := socksaddr.AddrFromFqdn("internal.sagernet.org")
data := buf.New()
data.WriteRandom(1024)
defer data.Release()
protoAccount := &vs.Account{
Password: password,
CipherType: cipherType,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
memoryUser := &vp.MemoryUser{
Account: memoryAccount,
}
account := memoryAccount.(*vs.MemoryAccount)
wg := new(sync.WaitGroup)
wg.Add(1)
client, server := net.Pipe()
defer common.Close(client, server)
go func() {
defer wg.Done()
session, reader, err := vs.ReadTCPSession(memoryUser, server, nil)
if err != nil {
t.Error(err)
return
}
if !session.Address.Family().IsDomain() || session.Address.Domain() != address.Fqdn() {
t.Error("bad request address")
return
}
if session.Port != 443 {
t.Error("bad request port")
return
}
writeIv := crypto.RandomBytes(int(account.Cipher.IVSize()))
writer, err := vs.WriteTCPResponse(session, server, writeIv, nil)
if err != nil {
t.Error(err)
return
}
conn := vb.NewConnection(vb.ConnectionOutputMulti(reader), vb.ConnectionInputMulti(writer))
_, err = conn.Write(data.Bytes())
if err != nil {
t.Error(err)
return
}
serverRead := make([]byte, 1024)
_, err = io.ReadFull(conn, serverRead)
if err != nil {
t.Error(err)
return
}
if bytes.Compare(serverRead, data.Bytes()) > 0 {
t.Error("bad request data")
return
}
server.Close()
}()
writeIv := crypto.RandomBytes(cipher.IVSize())
w := bufio.NewWriter(client)
_, err = w.Write(writeIv)
if err != nil {
t.Fatal(err)
}
ew, err := cipher.NewEncryptionWriter(key, writeIv, w)
if err != nil {
t.Fatal(err)
}
defer common.Close(ew)
bw := bufio.NewWriter(ew)
err = shadowsocks.AddressSerializer.WriteAddressAndPort(bw, address, 443)
if err != nil {
t.Fatal(err)
}
_, err = bw.Write(data.ToOwned().Bytes())
if err != nil {
t.Fatal(err)
}
err = bw.Flush()
if err != nil {
t.Fatal(err)
}
err = w.Flush()
if err != nil {
t.Fatal(err)
}
readIv := make([]byte, cipher.IVSize())
_, err = io.ReadFull(client, readIv)
if err != nil {
t.Fatal(err)
}
input, err := cipher.NewDecryptionReader(key, readIv, client)
if err != nil {
t.Fatal(err)
}
defer common.Close(input)
clientRead := make([]byte, 1024)
_, err = io.ReadFull(input, clientRead)
if err != nil {
t.Fatal(err)
}
if bytes.Compare(clientRead, data.Bytes()) > 0 {
t.Fatal("bad response data")
}
client.Close()
wg.Wait()
}
func testShadowsocksUDPWithCipher(t *testing.T, cipherType vs.CipherType, cipherName string) {
password := "fuck me till the daylight"
cipher, err := shadowsocks.CreateCipher(cipherName)
if err != nil {
t.Log("Skip unsupported method: ", cipherName)
return
}
key := shadowsocks.Key([]byte(password), cipher.KeySize())
address := socksaddr.AddrFromFqdn("internal.sagernet.org")
data := buf.New()
defer data.Release()
data.WriteRandom(1024)
protoAccount := &vs.Account{
Password: password,
CipherType: cipherType,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
memoryUser := &vp.MemoryUser{
Account: memoryAccount,
}
req := &vp.RequestHeader{
Version: vs.Version,
Command: vp.RequestCommandUDP,
Address: vn.DomainAddress(address.Fqdn()),
Port: 443,
User: memoryUser,
}
packet, err := vs.EncodeUDPPacket(req, data.Bytes(), nil)
if err != nil {
t.Fatal(err)
}
buffer := buf.New()
defer buffer.Release()
buffer.Write(packet.BytesTo(int32(cipher.IVSize())))
err = shadowsocks.AddressSerializer.WriteAddressAndPort(buffer, address, 443)
if err != nil {
t.Fatal(err)
}
buffer.Write(data.Bytes())
err = cipher.EncodePacket(key, buffer)
if err != nil {
t.Fatal(err)
}
if bytes.Compare(packet.Bytes(), buffer.Bytes()) > 0 {
t.Fatal("bad request data\n", packet.Bytes(), "\n", buffer.Bytes())
}
}

4
protocol/shadowsocks/protocol.go
View file

@ -7,9 +7,9 @@ import (
"io"
"math/rand"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/socksaddr"
"golang.org/x/crypto/hkdf"
"sing/common"
"sing/common/socksaddr"
)
const MaxPacketSize = 16*1024 - 1

25
protocol/shadowsocks/protocol_test.go
View file

@ -1,25 +0,0 @@
package shadowsocks_test
import (
"bytes"
"testing"
vs "github.com/v2fly/v2ray-core/v5/proxy/shadowsocks"
"sing/common"
"sing/protocol/shadowsocks"
)
func TestGenerateKey(t *testing.T) {
password := "fuck me till the daylight"
protoAccount := &vs.Account{
Password: password,
CipherType: vs.CipherType_AES_128_GCM,
}
memoryAccount, err := protoAccount.AsAccount()
common.Must(err)
account := memoryAccount.(*vs.MemoryAccount)
if bytes.Compare(account.Key, shadowsocks.Key([]byte(password), int(account.Cipher.KeySize()))) > 0 {
t.Fatal("bad key")
}
}

38
protocol/shadowsocks/shadowstream/chacha20_non_std.go
View file

@ -1,38 +0,0 @@
//go:build !(arm64 || ppc64le || s390x)
package shadowstream
import (
"crypto/cipher"
"github.com/aead/chacha20"
"github.com/aead/chacha20/chacha"
"sing/protocol/shadowsocks"
)
func init() {
shadowsocks.RegisterCipher("chacha20", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.NonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
shadowsocks.RegisterCipher("xchacha20", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.XNonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
}

37
protocol/shadowsocks/shadowstream/chacha20_std.go
View file

@ -1,37 +0,0 @@
//go:build arm64 || ppc64le || s390x
package shadowstream
import (
"crypto/cipher"
"golang.org/x/crypto/chacha20"
"sing/protocol/shadowsocks"
)
func init() {
shadowsocks.RegisterCipher("chacha20", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: chacha20.KeySize,
IVLength: chacha20.NonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
}
})
shadowsocks.RegisterCipher("xchacha20", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: chacha20.KeySize,
IVLength: chacha20.NonceSizeX,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewUnauthenticatedCipher(key, iv)
},
}
})
}

395
protocol/shadowsocks/shadowstream/stream.go
View file

@ -1,395 +0,0 @@
package shadowstream
import (
"crypto/aes"
"crypto/cipher"
"crypto/des"
"crypto/md5"
"crypto/rc4"
"io"
"sync"
"github.com/aead/chacha20"
"github.com/aead/chacha20/chacha"
"github.com/dgryski/go-camellia"
"github.com/dgryski/go-idea"
"github.com/dgryski/go-rc2"
"github.com/geeksbaek/seed"
"github.com/kierdavis/cfb8"
"golang.org/x/crypto/blowfish"
"golang.org/x/crypto/cast5"
"sing/common/buf"
"sing/common/crypto"
"sing/common/exceptions"
"sing/protocol/shadowsocks"
)
func init() {
shadowsocks.RegisterCipher("aes-128-ctr", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
shadowsocks.RegisterCipher("aes-192-ctr", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
shadowsocks.RegisterCipher("aes-256-ctr", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCTR),
}
})
shadowsocks.RegisterCipher("aes-128-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("aes-192-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("aes-256-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("aes-128-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("aes-192-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("aes-256-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cfb8.NewEncrypter),
DecryptConstructor: blockStream(aes.NewCipher, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("aes-128-ofb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
shadowsocks.RegisterCipher("aes-192-ofb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
shadowsocks.RegisterCipher("aes-256-ofb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: aes.BlockSize,
EncryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
DecryptConstructor: blockStream(aes.NewCipher, cipher.NewOFB),
}
})
shadowsocks.RegisterCipher("rc4", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 16,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return rc4.NewCipher(key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return rc4.NewCipher(key)
},
}
})
shadowsocks.RegisterCipher("rc4-md5", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 16,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
h := md5.New()
h.Write(key)
h.Write(iv)
return rc4.NewCipher(h.Sum(nil))
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
h := md5.New()
h.Write(key)
h.Write(iv)
return rc4.NewCipher(h.Sum(nil))
},
}
})
shadowsocks.RegisterCipher("bf-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: blowfish.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return blowfish.NewCipher(key) }, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("cast5-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: cast5.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return cast5.NewCipher(key) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return cast5.NewCipher(key) }, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("des-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 8,
IVLength: des.BlockSize,
EncryptConstructor: blockStream(des.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(des.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("idea-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: 8,
EncryptConstructor: blockStream(idea.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(idea.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("rc2-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: rc2.BlockSize,
EncryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return rc2.New(key, 16) }, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(func(key []byte) (cipher.Block, error) { return rc2.New(key, 16) }, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("seed-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: seed.BlockSize,
EncryptConstructor: blockStream(seed.NewCipher, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(seed.NewCipher, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-128-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-192-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-256-cfb", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cipher.NewCFBEncrypter),
DecryptConstructor: blockStream(camellia.New, cipher.NewCFBDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-128-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 16,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-192-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 24,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("camellia-256-cfb8", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: camellia.BlockSize,
EncryptConstructor: blockStream(camellia.New, cfb8.NewEncrypter),
DecryptConstructor: blockStream(camellia.New, cfb8.NewDecrypter),
}
})
shadowsocks.RegisterCipher("salsa20", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: 32,
IVLength: 8,
EncryptConstructor: crypto.NewSalsa20,
DecryptConstructor: crypto.NewSalsa20,
}
})
shadowsocks.RegisterCipher("chacha20-ietf", func() shadowsocks.Cipher {
return &StreamCipher{
KeyLength: chacha.KeySize,
IVLength: chacha.INonceSize,
EncryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
DecryptConstructor: func(key []byte, iv []byte) (cipher.Stream, error) {
return chacha20.NewCipher(iv, key)
},
}
})
}
func blockStream(blockCreator func(key []byte) (cipher.Block, error), streamCreator func(block cipher.Block, iv []byte) cipher.Stream) func([]byte, []byte) (cipher.Stream, error) {
return func(key []byte, iv []byte) (cipher.Stream, error) {
block, err := blockCreator(key)
if err != nil {
return nil, err
}
return streamCreator(block, iv), err
}
}
type StreamCipher struct {
KeyLength int
IVLength int
EncryptConstructor func(key []byte, iv []byte) (cipher.Stream, error)
DecryptConstructor func(key []byte, iv []byte) (cipher.Stream, error)
sync.Mutex
}
func (s *StreamCipher) KeySize() int {
return s.KeyLength
}
func (s *StreamCipher) IVSize() int {
return s.IVLength
}
func (s *StreamCipher) NewEncryptionWriter(key []byte, iv []byte, writer io.Writer) (io.Writer, error) {
streamCipher, err := s.EncryptConstructor(key, iv)
if err != nil {
return nil, err
}
return &StreamWriter{writer, streamCipher}, nil
}
func (s *StreamCipher) NewDecryptionReader(key []byte, iv []byte, reader io.Reader) (io.Reader, error) {
streamCipher, err := s.DecryptConstructor(key, iv)
if err != nil {
return nil, err
}
return &StreamReader{reader, streamCipher}, nil
}
func (s *StreamCipher) EncodePacket(key []byte, buffer *buf.Buffer) error {
iv := buffer.To(s.IVLength)
streamCipher, err := s.EncryptConstructor(key, iv)
if err != nil {
return err
}
data := buffer.From(s.IVLength)
streamCipher.XORKeyStream(data, data)
return nil
}
func (s *StreamCipher) DecodePacket(key []byte, buffer *buf.Buffer) error {
if buffer.Len() <= s.IVLength {
return exceptions.New("insufficient data: ", buffer.Len())
}
iv := buffer.From(s.IVLength)
streamCipher, err := s.DecryptConstructor(key, iv)
if err != nil {
return err
}
end := buffer.Len() - s.IVLength
streamCipher.XORKeyStream(buffer.Bytes()[:end], buffer.Bytes()[s.IVLength:])
buffer.Truncate(end)
return nil
}
type StreamReader struct {
upstream io.Reader
cipher cipher.Stream
}
func (r *StreamReader) Upstream() io.Reader {
return r.upstream
}
func (r *StreamReader) Process(p []byte, readN int) (n int, err error) {
n = readN
if n > 0 {
r.cipher.XORKeyStream(p[:n], p[:n])
}
return
}
func (r *StreamReader) Read(p []byte) (n int, err error) {
n, err = r.upstream.Read(p)
if err != nil {
return 0, err
}
if n > 0 {
r.cipher.XORKeyStream(p[:n], p[:n])
}
return
}
type StreamWriter struct {
upstream io.Writer
cipher cipher.Stream
}
func (w *StreamWriter) Upstream() io.Writer {
return w.upstream
}
func (w *StreamWriter) Process(p []byte) (n int, buffer *buf.Buffer, flush bool, err error) {
w.cipher.XORKeyStream(p, p)
n = len(p)
return
}
func (w *StreamWriter) Write(p []byte) (n int, err error) {
w.cipher.XORKeyStream(p, p)
return w.upstream.Write(p)
}

3
protocol/socks/constant.go
View file

@ -3,7 +3,7 @@ package socks
import (
"strconv"
"sing/common/socksaddr"
"github.com/sagernet/sing/common/socksaddr"
)
const (
@ -13,6 +13,7 @@ const (
const (
AuthTypeNotRequired byte = 0x00
AuthTypeGSSAPI byte = 0x01
AuthTypeUsernamePassword byte = 0x02
AuthTypeNoAcceptedMethods byte = 0xFF
)

8
protocol/socks/exceptions.go
View file

@ -10,14 +10,6 @@ func (e UnsupportedVersionException) Error() string {
return fmt.Sprint("unsupported version: ", e.Version)
}
type UnsupportedAuthTypeException struct {
Method byte
}
func (e UnsupportedAuthTypeException) Error() string {
return fmt.Sprint("unsupported auth type: ", e.Method)
}
type UnsupportedCommandException struct {
Command byte
}

6
protocol/socks/handshake.go
View file

@ -3,9 +3,9 @@ package socks
import (
"io"
"sing/common"
"sing/common/exceptions"
"sing/common/socksaddr"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/socksaddr"
)
func ClientHandshake(conn io.ReadWriter, version byte, command byte, addr socksaddr.Addr, port uint16, username string, password string) (*Response, error) {

22
protocol/socks/protocol.go
View file

@ -3,12 +3,13 @@ package socks
import (
"bytes"
"io"
"net"
"sing/common"
"sing/common/buf"
"sing/common/exceptions"
"sing/common/rw"
"sing/common/socksaddr"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
"github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/rw"
"github.com/sagernet/sing/common/socksaddr"
)
//+----+----------+----------+
@ -50,11 +51,6 @@ func ReadAuthRequest(reader io.Reader) (*AuthRequest, error) {
if err != nil {
return nil, exceptions.Cause(err, "read socks auth methods, length ", methodLen)
}
for _, method := range methods {
if !(method == AuthTypeNotRequired || method == AuthTypeUsernamePassword) {
return nil, &UnsupportedAuthTypeException{method}
}
}
request := &AuthRequest{
version,
methods,
@ -93,9 +89,6 @@ func ReadAuthResponse(reader io.Reader) (*AuthResponse, error) {
if err != nil {
return nil, err
}
if !(method == AuthTypeNotRequired || method == AuthTypeUsernamePassword || method == AuthTypeNoAcceptedMethods) {
return nil, &UnsupportedAuthTypeException{method}
}
response := &AuthResponse{
Version: version,
Method: method,
@ -272,6 +265,9 @@ func WriteResponse(writer io.Writer, response *Response) error {
if err != nil {
return err
}
if response.BindAddr == nil {
return AddressSerializer.WriteAddressAndPort(writer, socksaddr.AddrFromIP(net.IPv4zero), response.BindPort)
}
return AddressSerializer.WriteAddressAndPort(writer, response.BindAddr, response.BindPort)
}

4
protocol/socks/protocol_test.go
View file

@ -5,8 +5,8 @@ import (
"sync"
"testing"
"sing/common/socksaddr"
"sing/protocol/socks"
"github.com/sagernet/sing/common/socksaddr"
"github.com/sagernet/sing/protocol/socks"
)
func TestHandshake(t *testing.T) {

25
shadowboom.sh
View file

@ -1,25 +0,0 @@
#!/bin/bash
build() {
go build -v -o "$1" -trimpath -buildinfo=false -buildvcs=false -ldflags "-s -w -buildid=" ./example/shadowboom
}
export GOARCH=amd64
build sing_shadowboom_amd64
export GOARCH=386
build sing_shadowboom_386
export GOARCH=arm64
build sing_shadowboom_arm64
export GOOS=windows
export GOARCH=amd64
build sing_shadowboom_amd64.exe
export GOARCH=386
build sing_shadowboom_386.exe
export GOARCH=arm64
build sing_shadowboom_arm64.exe

30
transport/block/outbound.go
View file

@ -1,30 +0,0 @@
package block
import (
"context"
"sing/common/session"
"sing/transport"
)
var _ transport.Outbound = (*Outbound)(nil)
type Outbound struct {
}
func (h *Outbound) Init(*transport.OutboundContext) {
}
func (h *Outbound) Close() error {
return nil
}
func (o *Outbound) NewConnection(ctx context.Context, conn *session.Conn) error {
conn.Conn.Close()
return nil
}
func (o *Outbound) NewPacketConnection(ctx context.Context, packetConn *session.PacketConn) error {
packetConn.Conn.Close()
return nil
}

25
transport/inbound.go
View file

@ -1,25 +0,0 @@
package transport
import (
"context"
"sing/common/list"
)
type Inbound interface {
Init(ctx *InboundContext)
Start() error
Close() error
}
type InboundContext struct {
Context context.Context
Tag string
Inbound Inbound
}
type InboundManager interface {
AddInbound(inbound Inbound, tag string)
Inbounds() *list.List[*InboundContext]
Inbound(tag string) *InboundContext
}

28
transport/outbound.go
View file

@ -1,28 +0,0 @@
package transport
import (
"context"
"sing/common/list"
"sing/common/session"
)
type Outbound interface {
Init(ctx *OutboundContext)
Close() error
NewConnection(ctx context.Context, conn *session.Conn) error
NewPacketConnection(ctx context.Context, packetConn *session.PacketConn) error
}
type OutboundContext struct {
Context context.Context
Tag string
Outbound Outbound
}
type OutboundManager interface {
AddOutbound(outbound Outbound, tag string)
Outbounds() *list.List[*OutboundContext]
Outbound(tag string) *OutboundContext
DefaultOutbound() *OutboundContext
}

187
transport/socks/inbound.go
View file

@ -1,187 +0,0 @@
package socks
import (
"bytes"
"io"
"net"
"github.com/sirupsen/logrus"
"net/netip"
"sing/common"
"sing/common/buf"
"sing/common/exceptions"
"sing/common/session"
"sing/common/socksaddr"
"sing/protocol/socks"
"sing/transport"
"sing/transport/system"
)
var _ transport.Inbound = (*Inbound)(nil)
type Inbound struct {
lAddr netip.AddrPort
username, password string
tcpListener *system.TCPListener
udpListener *system.UDPListener
handler session.Handler
}
func (h *Inbound) Init(ctx *transport.InboundContext) {
}
type InboundConfig struct {
Listen string `json:"listen"`
Port uint16 `json:"port"`
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
}
func NewListener(handler session.Handler, config *InboundConfig) (*Inbound, error) {
addr, err := netip.ParseAddr(config.Listen)
if err != nil {
return nil, exceptions.Cause(err, "invalid listen address: ", config.Listen)
}
lAddr := netip.AddrPortFrom(addr, config.Port)
inbound := new(Inbound)
inbound.username, inbound.password = config.Username, config.Password
inbound.handler = handler
inbound.tcpListener = system.NewTCPListener(lAddr, inbound)
inbound.udpListener = system.NewUDPListener(lAddr, inbound)
return inbound, nil
}
func (h *Inbound) Start() error {
err := h.tcpListener.Start()
if err != nil {
return err
}
return h.udpListener.Start()
}
func (h *Inbound) HandleTCP(conn net.Conn) error {
authRequest, err := socks.ReadAuthRequest(conn)
if err != nil {
return exceptions.Cause(err, "read socks auth request")
}
if h.username != "" {
if bytes.IndexByte(authRequest.Methods, socks.AuthTypeNotRequired) > 0 {
err = socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeNotRequired,
})
if err != nil {
return exceptions.Cause(err, "write socks auth response")
}
} else {
socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeNoAcceptedMethods,
})
return exceptions.New("no accepted methods, requested = ", authRequest.Methods, ", except no auth")
}
} else if bytes.IndexByte(authRequest.Methods, socks.AuthTypeNotRequired) == -1 {
socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeNoAcceptedMethods,
})
return exceptions.New("no accepted methods, requested = ", authRequest.Methods, ", except password")
} else {
err = socks.WriteAuthResponse(conn, &socks.AuthResponse{
Version: authRequest.Version,
Method: socks.AuthTypeUsernamePassword,
})
if err != nil {
return exceptions.Cause(err, "write socks auth response: ", err)
}
usernamePasswordRequest, err := socks.ReadUsernamePasswordAuthRequest(conn)
if err != nil {
return exceptions.Cause(err, "read username-password request")
}
if usernamePasswordRequest.Username != h.username {
socks.WriteUsernamePasswordAuthResponse(conn, &socks.UsernamePasswordAuthResponse{Status: socks.UsernamePasswordStatusFailure})
return exceptions.New("auth failed: excepted username ", h.username, ", got ", usernamePasswordRequest.Username)
} else if usernamePasswordRequest.Password != h.password {
socks.WriteUsernamePasswordAuthResponse(conn, &socks.UsernamePasswordAuthResponse{Status: socks.UsernamePasswordStatusFailure})
return exceptions.New("auth failed: excepted password ", h.password, ", got ", usernamePasswordRequest.Password)
}
err = socks.WriteUsernamePasswordAuthResponse(conn, &socks.UsernamePasswordAuthResponse{Status: socks.UsernamePasswordStatusSuccess})
if err != nil {
return exceptions.Cause(err, "write username-password response")
}
}
request, err := socks.ReadRequest(conn)
if err != nil {
return exceptions.Cause(err, "read request")
}
switch request.Command {
case socks.CommandBind:
socks.WriteResponse(conn, &socks.Response{
Version: request.Version,
ReplyCode: socks.ReplyCodeUnsupported,
})
return exceptions.New("bind unsupported")
case socks.CommandUDPAssociate:
addr, port := session.AddressFromNetAddr(h.udpListener.LocalAddr())
err = socks.WriteResponse(conn, &socks.Response{
Version: request.Version,
ReplyCode: socks.ReplyCodeSuccess,
BindAddr: addr,
BindPort: port,
})
if err != nil {
return exceptions.Cause(err, "write response")
}
io.Copy(io.Discard, conn)
return nil
}
context := new(session.Context)
context.Network = session.NetworkTCP
context.Source, context.SourcePort = socksaddr.AddressFromNetAddr(conn.RemoteAddr())
context.Destination, context.DestinationPort = request.Addr, request.Port
h.handler.HandleConnection(&session.Conn{
Conn: conn,
Context: context,
})
return nil
}
func (h *Inbound) HandleUDP(buffer *buf.Buffer, sourceAddr net.Addr) error {
associatePacket, err := socks.DecodeAssociatePacket(buffer)
if err != nil {
return exceptions.Cause(err, "decode associate packet")
}
context := new(session.Context)
context.Network = session.NetworkUDP
context.Source, context.SourcePort = socksaddr.AddressFromNetAddr(sourceAddr)
context.Destination, context.DestinationPort = associatePacket.Addr, associatePacket.Port
h.handler.HandlePacket(&session.Packet{
Context: context,
Data: buffer,
Release: nil,
WriteBack: func(buffer *buf.Buffer, addr *net.UDPAddr) error {
header := new(socks.AssociatePacket)
header.Addr, header.Port = socksaddr.AddressFromNetAddr(addr)
header.Data = buffer.Bytes()
packet := buf.FullNew()
defer packet.Release()
err := socks.EncodeAssociatePacket(header, packet)
buffer.Release()
if err != nil {
return err
}
return common.Error(h.udpListener.WriteTo(packet.Bytes(), sourceAddr))
},
})
return nil
}
func (h *Inbound) OnError(err error) {
logrus.Warn("socks: ", err)
}
func (h *Inbound) Close() error {
h.tcpListener.Close()
h.udpListener.Close()
return nil
}

10
transport/system/dial.go Normal file
View file

@ -0,0 +1,10 @@
package system
import (
"context"
"net"
)
type DialFunc func(ctx context.Context, network, address string) (net.Conn, error)
var Dial DialFunc = new(net.Dialer).DialContext

52
transport/system/outbound.go
View file

@ -1,52 +0,0 @@
package system
import (
"context"
"net"
"sing/transport"
"syscall"
"sing/common/rw"
"sing/common/session"
)
var _ transport.Outbound = (*Outbound)(nil)
type Outbound struct{}
func (h *Outbound) Init(*transport.OutboundContext) {
}
func (h *Outbound) Close() error {
return nil
}
func (h *Outbound) NewConnection(ctx context.Context, conn *session.Conn) error {
dialer := net.Dialer{
Control: func(network, address string, c syscall.RawConn) error {
return ControlRaw(c)
},
}
outConn, err := dialer.DialContext(ctx, "tcp", conn.Context.DestinationNetAddr())
if err != nil {
return err
}
connElement := session.AddConnection(outConn)
defer session.RemoveConnection(connElement)
return rw.CopyConn(ctx, conn.Conn, outConn)
}
func (h *Outbound) NewPacketConnection(ctx context.Context, packetConn *session.PacketConn) error {
dialer := net.Dialer{
Control: func(network, address string, c syscall.RawConn) error {
return ControlRaw(c)
},
}
outConn, err := dialer.DialContext(ctx, "udp", packetConn.Context.DestinationNetAddr())
if err != nil {
return err
}
connElement := session.AddConnection(outConn)
defer session.RemoveConnection(connElement)
return rw.CopyPacketConn(ctx, packetConn.Conn, outConn.(net.PacketConn))
}

1
transport/system/tcp.go
View file

@ -2,7 +2,6 @@ package system
import (
"net"
"net/netip"
)

8
transport/system/udp.go
View file

@ -2,13 +2,13 @@ package system
import (
"net"
"net/netip"
"sing/common/buf"
"github.com/sagernet/sing/common/buf"
)
type UDPHandler interface {
HandleUDP(buffer *buf.Buffer, sourceAddr net.Addr) error
HandleUDP(listener *UDPListener, buffer *buf.Buffer, sourceAddr net.Addr) error
OnError(err error)
}
@ -52,7 +52,7 @@ func (l *UDPListener) loop() {
}
buffer.Truncate(n)
go func() {
err := l.Handler.HandleUDP(buffer, addr)
err := l.Handler.HandleUDP(l, buffer, addr)
if err != nil {
buffer.Release()
l.Handler.OnError(err)