int
main(int argc, char **argv)
{
srand(time(NULL));
int i, c;
int pid_flags = 0;
int mptcp = 0;
int mtu = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int option_index = 0;
static struct option long_options[] = {
{ "mtu", required_argument, 0, 0 },
{ "mptcp", no_argument, 0, 0 },
{ "help", no_argument, 0, 0 },
{ 0, 0, 0, 0 }
};
opterr = 0;
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUvA6",
long_options, &option_index)) != -1) {
switch (c) {
case 0:
if (option_index == 0) {
mtu = atoi(optarg);
LOGI("set MTU to %d", mtu);
} else if (option_index == 1) {
mptcp = 1;
LOGI("enable multipath TCP");
} else if (option_index == 2) {
usage();
exit(EXIT_SUCCESS);
}
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
#ifdef HAVE_SETRLIMIT
case 'n':
nofile = atoi(optarg);
break;
#endif
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
case 'h':
usage();
exit(EXIT_SUCCESS);
case 'A':
auth = 1;
break;
case '6':
ipv6first = 1;
break;
case '?':
// The option character is not recognized.
LOGE("Unrecognized option: %s", optarg);
opterr = 1;
break;
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++)
remote_addr[i] = conf->remote_addr[i];
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (user == NULL) {
user = conf->user;
}
if (auth == 0) {
auth = conf->auth;
}
if (mtu == 0) {
mtu = conf->mtu;
}
if (mptcp == 0) {
mptcp = conf->mptcp;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
#endif
}
if (remote_num == 0 || remote_port == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (method == NULL) {
method = "rc4-md5";
}
if (timeout == NULL) {
timeout = "600";
}
#ifdef HAVE_SETRLIMIT
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile > 1024) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (ipv6first) {
LOGI("resolving hostname to IPv6 address first");
}
if (auth) {
LOGI("onetime authentication enabled");
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
signal(SIGINT, signal_cb);
signal(SIGTERM, signal_cb);
// Setup keys
LOGI("initializing ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
listen_ctx_t listen_ctx;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
for (int i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.method = m;
listen_ctx.mptcp = mptcp;
struct ev_loop *loop = EV_DEFAULT;
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd == -1) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), mtu, m, auth, listen_ctx.timeout, NULL);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL && ! run_as(user)) {
FATAL("failed to switch user");
}
if (geteuid() == 0){
LOGI("running from root user");
}
ev_run(loop, 0);
return 0;
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *iface = NULL;
srand(time(NULL));
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int option_index = 0;
static struct option long_options[] =
{
{ "fast-open", no_argument, 0, 0 },
{ "acl", required_argument, 0, 0 },
{ 0, 0, 0, 0 }
};
opterr = 0;
USE_TTY();
#ifdef ANDROID
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:uvVA",
long_options, &option_index)) != -1) {
#else
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:uvA",
long_options, &option_index)) != -1) {
#endif
switch (c) {
case 0:
if (option_index == 0) {
fast_open = 1;
} else if (option_index == 1) {
LOGI("initialize acl...");
acl = !init_acl(optarg);
}
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'i':
iface = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
case 'u':
mode = TCP_AND_UDP;
break;
case 'v':
verbose = 1;
break;
case 'A':
auth = 1;
break;
#ifdef ANDROID
case 'V':
vpn = 1;
break;
#endif
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++) {
remote_addr[i] = conf->remote_addr[i];
}
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (fast_open == 0) {
fast_open = conf->fast_open;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
}
if (remote_num == 0 || remote_port == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (timeout == NULL) {
timeout = "60";
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (fast_open == 1) {
#ifdef TCP_FASTOPEN
LOGI("using tcp fast open");
#else
LOGE("tcp fast open is not supported by this environment");
#endif
}
if (auth) {
LOGI("onetime authentication enabled");
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
struct listen_ctx listen_ctx;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.iface = iface;
listen_ctx.method = m;
struct ev_loop *loop = EV_DEFAULT;
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd < 0) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("udprelay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), m, listen_ctx.timeout, iface);
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL) {
run_as(user);
}
// Init connections
cork_dllist_init(&connections);
// Enter the loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
// Clean up
ev_io_stop(loop, &listen_ctx.io);
free_connections(loop);
if (mode != TCP_ONLY) {
free_udprelay();
}
for (i = 0; i < remote_num; i++) {
free(listen_ctx.remote_addr[i]);
}
free(listen_ctx.remote_addr);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
return 0;
}
#else
int start_ss_local_server(profile_t profile)
{
srand(time(NULL));
char *remote_host = profile.remote_host;
char *local_addr = profile.local_addr;
char *method = profile.method;
char *password = profile.password;
char *log = profile.log;
int remote_port = profile.remote_port;
int local_port = profile.local_port;
int timeout = profile.timeout;
mode = profile.mode;
fast_open = profile.fast_open;
verbose = profile.verbose;
char local_port_str[16];
char remote_port_str[16];
sprintf(local_port_str, "%d", local_port);
sprintf(remote_port_str, "%d", remote_port);
USE_LOGFILE(log);
if (profile.acl != NULL) {
acl = !init_acl(profile.acl);
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(remote_host, remote_port_str, storage, 1) == -1) {
return -1;
}
// Setup proxy context
struct ev_loop *loop = EV_DEFAULT;
struct listen_ctx listen_ctx;
listen_ctx.remote_num = 1;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *));
listen_ctx.remote_addr[0] = (struct sockaddr *)storage;
listen_ctx.timeout = timeout;
listen_ctx.method = m;
listen_ctx.iface = NULL;
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port_str);
if (listenfd < 0) {
ERROR("bind()");
return -1;
}
if (listen(listenfd, SOMAXCONN) == -1) {
ERROR("listen()");
return -1;
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("udprelay enabled");
struct sockaddr *addr = (struct sockaddr *)storage;
init_udprelay(local_addr, local_port_str, addr,
get_sockaddr_len(addr), m, timeout, NULL);
}
LOGI("listening at %s:%s", local_addr, local_port_str);
// Init connections
cork_dllist_init(&connections);
// Enter the loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
// Clean up
if (mode != TCP_ONLY) {
free_udprelay();
}
ev_io_stop(loop, &listen_ctx.io);
free_connections(loop);
close(listen_ctx.fd);
free(listen_ctx.remote_addr);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
// cannot reach here
return 0;
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *iface = NULL;
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
ss_addr_t tunnel_addr = { .host = NULL, .port = NULL };
char *tunnel_addr_str = NULL;
opterr = 0;
USE_TTY();
#ifdef ANDROID
while ((c = getopt(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:uUvV")) != -1) {
#else
while ((c = getopt(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:uUv")) != -1) {
#endif
switch (c) {
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'i':
iface = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'L':
tunnel_addr_str = optarg;
break;
case 'a':
user = optarg;
break;
case 'v':
verbose = 1;
break;
#ifdef ANDROID
case 'V':
vpn = 1;
break;
#endif
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++) {
remote_addr[i] = conf->remote_addr[i];
}
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
}
if (remote_num == 0 || remote_port == NULL || tunnel_addr_str == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (timeout == NULL) {
timeout = "60";
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
// parse tunnel addr
parse_addr(tunnel_addr_str, &tunnel_addr);
if (tunnel_addr.port == NULL) {
FATAL("tunnel port is not defined");
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
struct listen_ctx listen_ctx;
listen_ctx.tunnel_addr = tunnel_addr;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.iface = iface;
listen_ctx.method = m;
struct ev_loop *loop = EV_DEFAULT;
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd < 0) {
FATAL("bind() error:");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error:");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]),
tunnel_addr, m, listen_ctx.timeout, iface);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL) {
run_as(user);
}
ev_run(loop, 0);
#ifdef __MINGW32__
winsock_cleanup();
#endif
return 0;
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *iface = NULL;
int server_num = 0;
const char *server_host[MAX_REMOTE_NUM];
char * nameservers[MAX_DNS_NUM + 1];
int nameserver_num = 0;
int option_index = 0;
static struct option long_options[] =
{
{ "fast-open", no_argument, 0, 0 },
{ "acl", required_argument, 0, 0 },
{ "manager-address", required_argument, 0, 0 },
{ 0, 0, 0, 0 }
};
opterr = 0;
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:i:d:a:uUv",
long_options, &option_index)) != -1) {
switch (c) {
case 0:
if (option_index == 0) {
fast_open = 1;
} else if (option_index == 1) {
LOGI("initialize acl...");
acl = !init_acl(optarg);
} else if (option_index == 2) {
manager_address = optarg;
}
break;
case 's':
if (server_num < MAX_REMOTE_NUM) {
server_host[server_num++] = optarg;
}
break;
case 'p':
server_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'i':
iface = optarg;
break;
case 'd':
if (nameserver_num < MAX_DNS_NUM) {
nameservers[nameserver_num++] = optarg;
}
break;
case 'a':
user = optarg;
break;
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (server_num == 0) {
server_num = conf->remote_num;
for (i = 0; i < server_num; i++) {
server_host[i] = conf->remote_addr[i].host;
}
}
if (server_port == NULL) {
server_port = conf->remote_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
#ifdef TCP_FASTOPEN
if (fast_open == 0) {
fast_open = conf->fast_open;
}
#endif
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
if (conf->nameserver != NULL) {
nameservers[nameserver_num++] = conf->nameserver;
}
}
if (server_num == 0) {
server_host[server_num++] = NULL;
}
if (server_num == 0 || server_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (method == NULL) {
method = "table";
}
if (timeout == NULL) {
timeout = "60";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (fast_open == 1) {
#ifdef TCP_FASTOPEN
LOGI("using tcp fast open");
#else
LOGE("tcp fast open is not supported by this environment");
#endif
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// inilitialize ev loop
struct ev_loop *loop = EV_DEFAULT;
// setup udns
if (nameserver_num == 0) {
#ifdef __MINGW32__
nameservers[nameserver_num++] = "8.8.8.8";
resolv_init(loop, nameservers, nameserver_num);
#else
resolv_init(loop, NULL, 0);
#endif
} else {
resolv_init(loop, nameservers, nameserver_num);
}
for (int i = 0; i < nameserver_num; i++) {
LOGI("using nameserver: %s", nameservers[i]);
}
// inilitialize listen context
struct listen_ctx listen_ctx_list[server_num];
// bind to each interface
while (server_num > 0) {
int index = --server_num;
const char * host = server_host[index];
if (mode != UDP_ONLY) {
// Bind to port
int listenfd;
listenfd = create_and_bind(host, server_port);
if (listenfd < 0) {
FATAL("bind() error");
}
if (listen(listenfd, SSMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
struct listen_ctx *listen_ctx = &listen_ctx_list[index];
// Setup proxy context
listen_ctx->timeout = atoi(timeout);
listen_ctx->fd = listenfd;
listen_ctx->method = m;
listen_ctx->iface = iface;
listen_ctx->loop = loop;
ev_io_init(&listen_ctx->io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx->io);
}
// Setup UDP
if (mode != TCP_ONLY) {
init_udprelay(server_host[index], server_port, m, atoi(timeout),
iface);
}
LOGI("listening at %s:%s", host ? host : "*", server_port);
}
if (manager_address != NULL) {
ev_timer_init(&stat_update_watcher, stat_update_cb, UPDATE_INTERVAL, UPDATE_INTERVAL);
ev_timer_start(EV_DEFAULT, &stat_update_watcher);
}
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
// setuid
if (user != NULL) {
run_as(user);
}
// Init connections
cork_dllist_init(&connections);
// start ev loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
if (manager_address != NULL) {
ev_timer_stop(EV_DEFAULT, &stat_update_watcher);
}
// Clean up
for (int i = 0; i <= server_num; i++) {
struct listen_ctx *listen_ctx = &listen_ctx_list[i];
if (mode != UDP_ONLY) {
ev_io_stop(loop, &listen_ctx->io);
close(listen_ctx->fd);
}
}
if (mode != UDP_ONLY) {
free_connections(loop);
}
if (mode != TCP_ONLY) {
free_udprelay();
}
resolv_shutdown(loop);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
return 0;
}
int
main(int argc, char **argv)
{
srand(time(NULL));
int i, c;
int pid_flags = 0;
int mptcp = 0;
int mtu = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *key = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *plugin = NULL;
char *plugin_opts = NULL;
char *plugin_host = NULL;
char *plugin_port = NULL;
char tmp_port[8];
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int dscp_num = 0;
ss_dscp_t * dscp = NULL;
static struct option long_options[] = {
{ "fast-open", no_argument, NULL, GETOPT_VAL_FAST_OPEN },
{ "mtu", required_argument, NULL, GETOPT_VAL_MTU },
{ "mptcp", no_argument, NULL, GETOPT_VAL_MPTCP },
{ "plugin", required_argument, NULL, GETOPT_VAL_PLUGIN },
{ "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
{ "reuse-port", no_argument, NULL, GETOPT_VAL_REUSE_PORT },
{ "no-delay", no_argument, NULL, GETOPT_VAL_NODELAY },
{ "password", required_argument, NULL, GETOPT_VAL_PASSWORD },
{ "key", required_argument, NULL, GETOPT_VAL_KEY },
{ "help", no_argument, NULL, GETOPT_VAL_HELP },
{ NULL, 0, NULL, 0 }
};
opterr = 0;
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUv6A",
long_options, NULL)) != -1) {
switch (c) {
case GETOPT_VAL_FAST_OPEN:
fast_open = 1;
break;
case GETOPT_VAL_MTU:
mtu = atoi(optarg);
LOGI("set MTU to %d", mtu);
break;
case GETOPT_VAL_MPTCP:
mptcp = 1;
LOGI("enable multipath TCP");
break;
case GETOPT_VAL_NODELAY:
no_delay = 1;
LOGI("enable TCP no-delay");
break;
case GETOPT_VAL_PLUGIN:
plugin = optarg;
break;
case GETOPT_VAL_PLUGIN_OPTS:
plugin_opts = optarg;
break;
case GETOPT_VAL_KEY:
key = optarg;
break;
case GETOPT_VAL_REUSE_PORT:
reuse_port = 1;
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case GETOPT_VAL_PASSWORD:
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
#ifdef HAVE_SETRLIMIT
case 'n':
nofile = atoi(optarg);
break;
#endif
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
case GETOPT_VAL_HELP:
case 'h':
usage();
exit(EXIT_SUCCESS);
case '6':
ipv6first = 1;
break;
case 'A':
FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
break;
case '?':
// The option character is not recognized.
LOGE("Unrecognized option: %s", optarg);
opterr = 1;
break;
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++)
remote_addr[i] = conf->remote_addr[i];
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (key == NULL) {
key = conf->key;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (user == NULL) {
user = conf->user;
}
if (plugin == NULL) {
plugin = conf->plugin;
}
if (plugin_opts == NULL) {
plugin_opts = conf->plugin_opts;
}
if (mode == TCP_ONLY) {
mode = conf->mode;
}
if (mtu == 0) {
mtu = conf->mtu;
}
if (mptcp == 0) {
mptcp = conf->mptcp;
}
if (reuse_port == 0) {
reuse_port = conf->reuse_port;
}
if (disable_sni == 0) {
disable_sni = conf->disable_sni;
}
if (fast_open == 0) {
fast_open = conf->fast_open;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
#endif
if (ipv6first == 0) {
ipv6first = conf->ipv6_first;
}
dscp_num = conf->dscp_num;
dscp = conf->dscp;
}
if (remote_num == 0 || remote_port == NULL || local_port == NULL
|| (password == NULL && key == NULL)) {
usage();
exit(EXIT_FAILURE);
}
if (plugin != NULL) {
uint16_t port = get_local_port();
if (port == 0) {
FATAL("failed to find a free port");
}
snprintf(tmp_port, 8, "%d", port);
plugin_host = "127.0.0.1";
plugin_port = tmp_port;
LOGI("plugin \"%s\" enabled", plugin);
}
if (method == NULL) {
method = "rc4-md5";
}
if (timeout == NULL) {
timeout = "600";
}
#ifdef HAVE_SETRLIMIT
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile > 1024) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (fast_open == 1) {
#ifdef TCP_FASTOPEN
LOGI("using tcp fast open");
#else
LOGE("tcp fast open is not supported by this environment");
fast_open = 0;
#endif
}
USE_SYSLOG(argv[0], pid_flags);
if (pid_flags) {
daemonize(pid_path);
}
if (ipv6first) {
LOGI("resolving hostname to IPv6 address first");
}
if (plugin != NULL) {
int len = 0;
size_t buf_size = 256 * remote_num;
char *remote_str = ss_malloc(buf_size);
snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
for (int i = 1; i < remote_num; i++) {
snprintf(remote_str + len, buf_size - len, "|%s", remote_addr[i].host);
len = strlen(remote_str);
}
int err = start_plugin(plugin, plugin_opts, remote_str,
remote_port, plugin_host, plugin_port, MODE_CLIENT);
if (err) {
FATAL("failed to start the plugin");
}
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
ev_signal_start(EV_DEFAULT, &sigchld_watcher);
// Setup keys
LOGI("initializing ciphers... %s", method);
crypto = crypto_init(password, key, method);
if (crypto == NULL)
FATAL("failed to initialize ciphers");
// Setup proxy context
struct listen_ctx listen_ctx;
memset(&listen_ctx, 0, sizeof(struct listen_ctx));
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
memset(listen_ctx.remote_addr, 0, sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
if (plugin != NULL) {
host = plugin_host;
port = plugin_port;
}
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
if (plugin != NULL) break;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.mptcp = mptcp;
struct ev_loop *loop = EV_DEFAULT;
listen_ctx_t* listen_ctx_current = &listen_ctx;
do {
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd == -1) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx_current->fd = listenfd;
ev_io_init(&listen_ctx_current->io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx_current->io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
char *host = remote_addr[0].host;
char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
struct sockaddr *addr = (struct sockaddr *)storage;
init_udprelay(local_addr, local_port, addr,
get_sockaddr_len(addr), mtu, crypto, listen_ctx_current->timeout, NULL);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
if(listen_ctx_current->tos) {
LOGI("listening at %s:%s (TOS 0x%x)", local_addr, local_port, listen_ctx_current->tos);
} else {
LOGI("listening at %s:%s", local_addr, local_port);
}
// Handle additionals TOS/DSCP listening ports
if (dscp_num > 0) {
listen_ctx_current = (listen_ctx_t*) ss_malloc(sizeof(listen_ctx_t));
listen_ctx_current = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t));
local_port = dscp[dscp_num-1].port;
listen_ctx_current->tos = dscp[dscp_num-1].dscp << 2;
}
} while (dscp_num-- > 0);
// setuid
if (user != NULL && !run_as(user)) {
FATAL("failed to switch user");
}
if (geteuid() == 0) {
LOGI("running from root user");
}
ev_run(loop, 0);
if (plugin != NULL) {
stop_plugin();
}
return 0;
}