static void accept_cb(EV_P_ ev_io *w, int revents)
{
struct listen_ctx *listener = (struct listen_ctx *)w;
int serverfd = accept(listener->fd, NULL, NULL);
if (serverfd == -1) {
ERROR("accept");
return;
}
setnonblocking(serverfd);
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
int index = rand() % listener->remote_num;
struct sockaddr *remote_addr = listener->remote_addr[index];
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd < 0) {
ERROR("socket");
return;
}
#ifdef ANDROID
if (vpn) {
if (protect_socket(remotefd) == -1) {
ERROR("protect_socket");
close(remotefd);
return;
}
}
#endif
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
// Setup
setnonblocking(remotefd);
#ifdef SET_INTERFACE
if (listener->iface) {
setinterface(remotefd, listener->iface);
}
#endif
struct server *server = new_server(serverfd, listener->method);
struct remote *remote = new_remote(remotefd, listener->timeout);
server->destaddr = listener->tunnel_addr;
server->remote = remote;
remote->server = server;
connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
}
static void accept_cb(EV_P_ ev_io *w, int revents)
{
listen_ctx_t *listener = (listen_ctx_t *)w;
struct sockaddr_storage destaddr;
int err;
int serverfd = accept(listener->fd, NULL, NULL);
if (serverfd == -1) {
ERROR("accept");
return;
}
err = getdestaddr(serverfd, &destaddr);
if (err) {
ERROR("getdestaddr");
return;
}
setnonblocking(serverfd);
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
int index = rand() % listener->remote_num;
struct sockaddr *remote_addr = listener->remote_addr[index];
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd < 0) {
ERROR("socket");
return;
}
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
// Setup
setnonblocking(remotefd);
server_t *server = new_server(serverfd, listener->method);
remote_t *remote = new_remote(remotefd, listener->timeout);
server->remote = remote;
remote->server = server;
server->destaddr = destaddr;
connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
}
static void
delayed_connect_cb(EV_P_ ev_timer *watcher, int revents)
{
server_t *server = cork_container_of(watcher, server_t,
delayed_connect_watcher);
remote_t *remote = server->remote;
int r = connect(remote->fd, remote->addr,
get_sockaddr_len(remote->addr));
if (r == -1 && errno != CONNECT_IN_PROGRESS) {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
}
}
static remote_t *create_remote(listen_ctx_t *listener,
struct sockaddr *addr)
{
struct sockaddr *remote_addr;
int index = rand() % listener->remote_num;
if (addr == NULL) {
remote_addr = listener->remote_addr[index];
} else {
remote_addr = addr;
}
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd < 0) {
ERROR("socket");
return NULL;
}
int opt = 1;
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
// Setup
setnonblocking(remotefd);
#ifdef SET_INTERFACE
if (listener->iface) {
setinterface(remotefd, listener->iface);
}
#endif
remote_t *remote = new_remote(remotefd, listener->timeout);
remote->addr_len = get_sockaddr_len(remote_addr);
memcpy(&(remote->addr), remote_addr, remote->addr_len);
remote->remote_index = index;
return remote;
}
static void
query_resolve_cb(struct sockaddr *addr, void *data)
{
struct query_ctx *query_ctx = (struct query_ctx *)data;
struct ev_loop *loop = query_ctx->server_ctx->loop;
if (verbose) {
LOGI("[udp] udns resolved");
}
query_ctx->query = NULL;
if (addr == NULL) {
LOGE("[udp] udns returned an error");
} else {
remote_ctx_t *remote_ctx = query_ctx->remote_ctx;
int cache_hit = 0;
// Lookup in the conn cache
if (remote_ctx == NULL) {
char *key = hash_key(AF_UNSPEC, &query_ctx->src_addr);
cache_lookup(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
}
if (remote_ctx == NULL) {
int remotefd = create_remote_socket(addr->sa_family == AF_INET6);
if (remotefd != -1) {
setnonblocking(remotefd);
#ifdef SO_BROADCAST
set_broadcast(remotefd);
#endif
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (query_ctx->server_ctx->iface) {
if (setinterface(remotefd, query_ctx->server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
remote_ctx = new_remote(remotefd, query_ctx->server_ctx);
remote_ctx->src_addr = query_ctx->src_addr;
remote_ctx->server_ctx = query_ctx->server_ctx;
remote_ctx->addr_header_len = query_ctx->addr_header_len;
memcpy(remote_ctx->addr_header, query_ctx->addr_header,
query_ctx->addr_header_len);
} else {
ERROR("[udp] bind() error");
}
} else {
cache_hit = 1;
}
if (remote_ctx != NULL) {
memcpy(&remote_ctx->dst_addr, addr, sizeof(struct sockaddr_storage));
size_t addr_len = get_sockaddr_len(addr);
int s = sendto(remote_ctx->fd, query_ctx->buf->data, query_ctx->buf->len,
0, addr, addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
if (!cache_hit) {
close_and_free_remote(EV_A_ remote_ctx);
}
} else {
if (!cache_hit) {
// Add to conn cache
char *key = hash_key(AF_UNSPEC, &remote_ctx->src_addr);
cache_insert(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
}
}
}
// clean up
close_and_free_query(EV_A_ query_ctx);
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
opterr = 0;
while ((c = getopt(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:uUvA")) != -1)
switch (c) {
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
#ifdef HAVE_SETRLIMIT
case 'n':
nofile = atoi(optarg);
break;
#endif
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
case 'A':
auth = 1;
break;
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++)
remote_addr[i] = conf->remote_addr[i];
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (auth == 0) {
auth = conf->auth;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile > 1024) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
}
if (remote_num == 0 || remote_port == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (timeout == NULL) {
timeout = "60";
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (auth) {
LOGI("onetime authentication enabled");
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
listen_ctx_t listen_ctx;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *) * remote_num);
for (int i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.method = m;
struct ev_loop *loop = EV_DEFAULT;
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd < 0) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), m, auth, listen_ctx.timeout, NULL);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL) {
run_as(user);
}
ev_run(loop, 0);
return 0;
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *iface = NULL;
srand(time(NULL));
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int option_index = 0;
static struct option long_options[] =
{
{ "fast-open", no_argument, 0, 0 },
{ "acl", required_argument, 0, 0 },
{ 0, 0, 0, 0 }
};
opterr = 0;
USE_TTY();
#ifdef ANDROID
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:uvVA",
long_options, &option_index)) != -1) {
#else
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:uvA",
long_options, &option_index)) != -1) {
#endif
switch (c) {
case 0:
if (option_index == 0) {
fast_open = 1;
} else if (option_index == 1) {
LOGI("initialize acl...");
acl = !init_acl(optarg);
}
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'i':
iface = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
case 'u':
mode = TCP_AND_UDP;
break;
case 'v':
verbose = 1;
break;
case 'A':
auth = 1;
break;
#ifdef ANDROID
case 'V':
vpn = 1;
break;
#endif
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++) {
remote_addr[i] = conf->remote_addr[i];
}
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (fast_open == 0) {
fast_open = conf->fast_open;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
}
if (remote_num == 0 || remote_port == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (timeout == NULL) {
timeout = "60";
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (fast_open == 1) {
#ifdef TCP_FASTOPEN
LOGI("using tcp fast open");
#else
LOGE("tcp fast open is not supported by this environment");
#endif
}
if (auth) {
LOGI("onetime authentication enabled");
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
struct listen_ctx listen_ctx;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.iface = iface;
listen_ctx.method = m;
struct ev_loop *loop = EV_DEFAULT;
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd < 0) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("udprelay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), m, listen_ctx.timeout, iface);
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL) {
run_as(user);
}
// Init connections
cork_dllist_init(&connections);
// Enter the loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
// Clean up
ev_io_stop(loop, &listen_ctx.io);
free_connections(loop);
if (mode != TCP_ONLY) {
free_udprelay();
}
for (i = 0; i < remote_num; i++) {
free(listen_ctx.remote_addr[i]);
}
free(listen_ctx.remote_addr);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
return 0;
}
#else
int start_ss_local_server(profile_t profile)
{
srand(time(NULL));
char *remote_host = profile.remote_host;
char *local_addr = profile.local_addr;
char *method = profile.method;
char *password = profile.password;
char *log = profile.log;
int remote_port = profile.remote_port;
int local_port = profile.local_port;
int timeout = profile.timeout;
mode = profile.mode;
fast_open = profile.fast_open;
verbose = profile.verbose;
char local_port_str[16];
char remote_port_str[16];
sprintf(local_port_str, "%d", local_port);
sprintf(remote_port_str, "%d", remote_port);
USE_LOGFILE(log);
if (profile.acl != NULL) {
acl = !init_acl(profile.acl);
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(remote_host, remote_port_str, storage, 1) == -1) {
return -1;
}
// Setup proxy context
struct ev_loop *loop = EV_DEFAULT;
struct listen_ctx listen_ctx;
listen_ctx.remote_num = 1;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *));
listen_ctx.remote_addr[0] = (struct sockaddr *)storage;
listen_ctx.timeout = timeout;
listen_ctx.method = m;
listen_ctx.iface = NULL;
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port_str);
if (listenfd < 0) {
ERROR("bind()");
return -1;
}
if (listen(listenfd, SOMAXCONN) == -1) {
ERROR("listen()");
return -1;
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("udprelay enabled");
struct sockaddr *addr = (struct sockaddr *)storage;
init_udprelay(local_addr, local_port_str, addr,
get_sockaddr_len(addr), m, timeout, NULL);
}
LOGI("listening at %s:%s", local_addr, local_port_str);
// Init connections
cork_dllist_init(&connections);
// Enter the loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
// Clean up
if (mode != TCP_ONLY) {
free_udprelay();
}
ev_io_stop(loop, &listen_ctx.io);
free_connections(loop);
close(listen_ctx.fd);
free(listen_ctx.remote_addr);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
// cannot reach here
return 0;
}
static void stat_update_cb(EV_P_ ev_timer *watcher, int revents)
{
struct sockaddr_un svaddr, claddr;
int sfd = -1;
size_t msgLen;
char resp[BUF_SIZE];
if (verbose) {
LOGI("update traffic stat: tx: %"PRIu64" rx: %"PRIu64"", tx, rx);
}
snprintf(resp, BUF_SIZE, "stat: {\"%s\":%"PRIu64"}", server_port, tx + rx);
msgLen = strlen(resp) + 1;
ss_addr_t ip_addr = { .host = NULL, .port = NULL };
parse_addr(manager_address, &ip_addr);
if (ip_addr.host == NULL || ip_addr.port == NULL) {
sfd = socket(AF_UNIX, SOCK_DGRAM, 0);
if (sfd == -1) {
ERROR("stat_socket");
return;
}
memset(&claddr, 0, sizeof(struct sockaddr_un));
claddr.sun_family = AF_UNIX;
snprintf(claddr.sun_path, sizeof(claddr.sun_path), "/tmp/shadowsocks.%s", server_port);
unlink(claddr.sun_path);
if (bind(sfd, (struct sockaddr *) &claddr, sizeof(struct sockaddr_un)) == -1) {
ERROR("stat_bind");
close(sfd);
return;
}
memset(&svaddr, 0, sizeof(struct sockaddr_un));
svaddr.sun_family = AF_UNIX;
strncpy(svaddr.sun_path, manager_address, sizeof(svaddr.sun_path) - 1);
if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *) &svaddr,
sizeof(struct sockaddr_un)) != msgLen) {
ERROR("stat_sendto");
close(sfd);
return;
}
unlink(claddr.sun_path);
} else {
struct sockaddr_storage storage;
memset(&storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(ip_addr.host, ip_addr.port, &storage, 0) == -1) {
ERROR("failed to parse the manager addr");
return;
}
sfd = socket(storage.ss_family, SOCK_DGRAM, 0);
if (sfd == -1) {
ERROR("stat_socket");
return;
}
size_t addr_len = get_sockaddr_len((struct sockaddr *)&storage);
if (sendto(sfd, resp, strlen(resp) + 1, 0, (struct sockaddr *)&storage,
addr_len) != msgLen) {
ERROR("stat_sendto");
close(sfd);
return;
}
}
close(sfd);
}
static void remote_recv_cb(EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_ctx = (struct remote_ctx *)w;
struct server_ctx *server_ctx = remote_ctx->server_ctx;
// server has been closed
if (server_ctx == NULL) {
LOGE("[udp] invalid server");
close_and_free_remote(EV_A_ remote_ctx);
return;
}
if (verbose) {
LOGI("[udp] remote receive a packet");
}
struct sockaddr_storage src_addr;
socklen_t src_addr_len = sizeof(src_addr);
memset(&src_addr, 0, src_addr_len);
char *buf = malloc(BUF_SIZE);
// recv
ssize_t buf_len = recvfrom(remote_ctx->fd, buf, BUF_SIZE, 0, (struct sockaddr *)&src_addr, &src_addr_len);
if (buf_len == -1) {
// error on recv
// simply drop that packet
if (verbose) {
ERROR("[udp] server_recvfrom");
}
goto CLEAN_UP;
}
#ifdef UDPRELAY_LOCAL
buf = ss_decrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method);
if (buf == NULL) {
if (verbose) {
ERROR("[udp] server_ss_decrypt_all");
}
goto CLEAN_UP;
}
#ifdef UDPRELAY_REDIR
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int len = parse_udprealy_header(buf, buf_len, NULL, NULL, &dst_addr);
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
LOGI("[udp] ss-redir does not support domain name");
goto CLEAN_UP;
}
#else
int len = parse_udprealy_header(buf, buf_len, NULL, NULL, NULL);
#endif
if (len == 0) {
LOGI("[udp] error in parse header");
// error in parse header
goto CLEAN_UP;
}
// server may return using a different address type other than the type we
// have used during sending
#if defined(UDPRELAY_TUNNEL) || defined(UDPRELAY_REDIR)
// Construct packet
buf_len -= len;
memmove(buf, buf + len, buf_len);
#else
// Construct packet
buf = realloc(buf, buf_len + 3);
memmove(buf + 3, buf, buf_len);
memset(buf, 0, 3);
buf_len += 3;
#endif
#endif
#ifdef UDPRELAY_REMOTE
char addr_header_buf[256];
char *addr_header = remote_ctx->addr_header;
int addr_header_len = remote_ctx->addr_header_len;
if (remote_ctx->af == AF_INET || remote_ctx->af == AF_INET6) {
addr_header_len = construct_udprealy_header(&src_addr, addr_header_buf);
addr_header = addr_header_buf;
}
// Construct packet
buf = realloc(buf, buf_len + addr_header_len);
memmove(buf + addr_header_len, buf, buf_len);
memcpy(buf, addr_header, addr_header_len);
buf_len += addr_header_len;
buf = ss_encrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method);
#endif
size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
#ifdef UDPRELAY_REDIR
size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
if (src_fd < 0) {
ERROR("[udp] remote_recv_socket");
goto CLEAN_UP;
}
int opt = 1;
if (setsockopt(src_fd, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
if (setsockopt(src_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
if (bind(src_fd, (struct sockaddr *)&dst_addr, remote_dst_addr_len) != 0) {
ERROR("[udp] remote_recv_bind");
close(src_fd);
goto CLEAN_UP;
}
int s = sendto(src_fd, buf, buf_len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
close(src_fd);
goto CLEAN_UP;
}
close(src_fd);
#else
int s = sendto(server_ctx->fd, buf, buf_len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
goto CLEAN_UP;
}
#endif
// handle the UDP packet sucessfully,
// triger the timer
ev_timer_again(EV_A_ & remote_ctx->watcher);
CLEAN_UP:
free(buf);
}
static void
accept_cb(EV_P_ ev_io *w, int revents)
{
listen_ctx_t *listener = (listen_ctx_t *)w;
struct sockaddr_storage destaddr;
int err;
int serverfd = accept(listener->fd, NULL, NULL);
if (serverfd == -1) {
ERROR("accept");
return;
}
err = getdestaddr(serverfd, &destaddr);
if (err) {
ERROR("getdestaddr");
return;
}
setnonblocking(serverfd);
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
int index = rand() % listener->remote_num;
struct sockaddr *remote_addr = listener->remote_addr[index];
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd == -1) {
ERROR("socket");
return;
}
// Set flags
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
// Enable TCP keepalive feature
int keepAlive = 1;
int keepIdle = 40;
int keepInterval = 20;
int keepCount = 5;
setsockopt(remotefd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keepAlive, sizeof(keepAlive));
setsockopt(remotefd, SOL_TCP, TCP_KEEPIDLE, (void *)&keepIdle, sizeof(keepIdle));
setsockopt(remotefd, SOL_TCP, TCP_KEEPINTVL, (void *)&keepInterval, sizeof(keepInterval));
setsockopt(remotefd, SOL_TCP, TCP_KEEPCNT, (void *)&keepCount, sizeof(keepCount));
// Set non blocking
setnonblocking(remotefd);
// Enable MPTCP
if (listener->mptcp == 1) {
int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt));
if (err == -1) {
ERROR("failed to enable multipath TCP");
}
}
server_t *server = new_server(serverfd, listener->method);
remote_t *remote = new_remote(remotefd, listener->timeout);
server->remote = remote;
remote->server = server;
server->destaddr = destaddr;
int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
if (r == -1 && errno != CONNECT_IN_PROGRESS) {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
int
main(int argc, char **argv)
{
srand(time(NULL));
int i, c;
int pid_flags = 0;
int mptcp = 0;
int mtu = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *key = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *plugin = NULL;
char *plugin_opts = NULL;
char *plugin_host = NULL;
char *plugin_port = NULL;
char tmp_port[8];
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int dscp_num = 0;
ss_dscp_t * dscp = NULL;
static struct option long_options[] = {
{ "fast-open", no_argument, NULL, GETOPT_VAL_FAST_OPEN },
{ "mtu", required_argument, NULL, GETOPT_VAL_MTU },
{ "mptcp", no_argument, NULL, GETOPT_VAL_MPTCP },
{ "plugin", required_argument, NULL, GETOPT_VAL_PLUGIN },
{ "plugin-opts", required_argument, NULL, GETOPT_VAL_PLUGIN_OPTS },
{ "reuse-port", no_argument, NULL, GETOPT_VAL_REUSE_PORT },
{ "no-delay", no_argument, NULL, GETOPT_VAL_NODELAY },
{ "password", required_argument, NULL, GETOPT_VAL_PASSWORD },
{ "key", required_argument, NULL, GETOPT_VAL_KEY },
{ "help", no_argument, NULL, GETOPT_VAL_HELP },
{ NULL, 0, NULL, 0 }
};
opterr = 0;
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUv6A",
long_options, NULL)) != -1) {
switch (c) {
case GETOPT_VAL_FAST_OPEN:
fast_open = 1;
break;
case GETOPT_VAL_MTU:
mtu = atoi(optarg);
LOGI("set MTU to %d", mtu);
break;
case GETOPT_VAL_MPTCP:
mptcp = 1;
LOGI("enable multipath TCP");
break;
case GETOPT_VAL_NODELAY:
no_delay = 1;
LOGI("enable TCP no-delay");
break;
case GETOPT_VAL_PLUGIN:
plugin = optarg;
break;
case GETOPT_VAL_PLUGIN_OPTS:
plugin_opts = optarg;
break;
case GETOPT_VAL_KEY:
key = optarg;
break;
case GETOPT_VAL_REUSE_PORT:
reuse_port = 1;
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case GETOPT_VAL_PASSWORD:
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
#ifdef HAVE_SETRLIMIT
case 'n':
nofile = atoi(optarg);
break;
#endif
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
case GETOPT_VAL_HELP:
case 'h':
usage();
exit(EXIT_SUCCESS);
case '6':
ipv6first = 1;
break;
case 'A':
FATAL("One time auth has been deprecated. Try AEAD ciphers instead.");
break;
case '?':
// The option character is not recognized.
LOGE("Unrecognized option: %s", optarg);
opterr = 1;
break;
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++)
remote_addr[i] = conf->remote_addr[i];
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (key == NULL) {
key = conf->key;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (user == NULL) {
user = conf->user;
}
if (plugin == NULL) {
plugin = conf->plugin;
}
if (plugin_opts == NULL) {
plugin_opts = conf->plugin_opts;
}
if (mode == TCP_ONLY) {
mode = conf->mode;
}
if (mtu == 0) {
mtu = conf->mtu;
}
if (mptcp == 0) {
mptcp = conf->mptcp;
}
if (reuse_port == 0) {
reuse_port = conf->reuse_port;
}
if (disable_sni == 0) {
disable_sni = conf->disable_sni;
}
if (fast_open == 0) {
fast_open = conf->fast_open;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
#endif
if (ipv6first == 0) {
ipv6first = conf->ipv6_first;
}
dscp_num = conf->dscp_num;
dscp = conf->dscp;
}
if (remote_num == 0 || remote_port == NULL || local_port == NULL
|| (password == NULL && key == NULL)) {
usage();
exit(EXIT_FAILURE);
}
if (plugin != NULL) {
uint16_t port = get_local_port();
if (port == 0) {
FATAL("failed to find a free port");
}
snprintf(tmp_port, 8, "%d", port);
plugin_host = "127.0.0.1";
plugin_port = tmp_port;
LOGI("plugin \"%s\" enabled", plugin);
}
if (method == NULL) {
method = "rc4-md5";
}
if (timeout == NULL) {
timeout = "600";
}
#ifdef HAVE_SETRLIMIT
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile > 1024) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (fast_open == 1) {
#ifdef TCP_FASTOPEN
LOGI("using tcp fast open");
#else
LOGE("tcp fast open is not supported by this environment");
fast_open = 0;
#endif
}
USE_SYSLOG(argv[0], pid_flags);
if (pid_flags) {
daemonize(pid_path);
}
if (ipv6first) {
LOGI("resolving hostname to IPv6 address first");
}
if (plugin != NULL) {
int len = 0;
size_t buf_size = 256 * remote_num;
char *remote_str = ss_malloc(buf_size);
snprintf(remote_str, buf_size, "%s", remote_addr[0].host);
for (int i = 1; i < remote_num; i++) {
snprintf(remote_str + len, buf_size - len, "|%s", remote_addr[i].host);
len = strlen(remote_str);
}
int err = start_plugin(plugin, plugin_opts, remote_str,
remote_port, plugin_host, plugin_port, MODE_CLIENT);
if (err) {
FATAL("failed to start the plugin");
}
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_init(&sigchld_watcher, signal_cb, SIGCHLD);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
ev_signal_start(EV_DEFAULT, &sigchld_watcher);
// Setup keys
LOGI("initializing ciphers... %s", method);
crypto = crypto_init(password, key, method);
if (crypto == NULL)
FATAL("failed to initialize ciphers");
// Setup proxy context
struct listen_ctx listen_ctx;
memset(&listen_ctx, 0, sizeof(struct listen_ctx));
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
memset(listen_ctx.remote_addr, 0, sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
if (plugin != NULL) {
host = plugin_host;
port = plugin_port;
}
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
if (plugin != NULL) break;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.mptcp = mptcp;
struct ev_loop *loop = EV_DEFAULT;
listen_ctx_t* listen_ctx_current = &listen_ctx;
do {
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd == -1) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx_current->fd = listenfd;
ev_io_init(&listen_ctx_current->io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx_current->io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
char *host = remote_addr[0].host;
char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port;
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
struct sockaddr *addr = (struct sockaddr *)storage;
init_udprelay(local_addr, local_port, addr,
get_sockaddr_len(addr), mtu, crypto, listen_ctx_current->timeout, NULL);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
if(listen_ctx_current->tos) {
LOGI("listening at %s:%s (TOS 0x%x)", local_addr, local_port, listen_ctx_current->tos);
} else {
LOGI("listening at %s:%s", local_addr, local_port);
}
// Handle additionals TOS/DSCP listening ports
if (dscp_num > 0) {
listen_ctx_current = (listen_ctx_t*) ss_malloc(sizeof(listen_ctx_t));
listen_ctx_current = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t));
local_port = dscp[dscp_num-1].port;
listen_ctx_current->tos = dscp[dscp_num-1].dscp << 2;
}
} while (dscp_num-- > 0);
// setuid
if (user != NULL && !run_as(user)) {
FATAL("failed to switch user");
}
if (geteuid() == 0) {
LOGI("running from root user");
}
ev_run(loop, 0);
if (plugin != NULL) {
stop_plugin();
}
return 0;
}
static void
remote_send_cb(EV_P_ ev_io *w, int revents)
{
remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
remote_t *remote = remote_send_ctx->remote;
server_t *server = remote->server;
ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
if (!remote_send_ctx->connected) {
int r = 0;
if (remote->addr == NULL) {
struct sockaddr_storage addr;
memset(&addr, 0, sizeof(struct sockaddr_storage));
socklen_t len = sizeof addr;
r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
}
if (r == 0) {
remote_send_ctx->connected = 1;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_stop(EV_A_ & server->recv_ctx->io);
ev_io_start(EV_A_ & remote->recv_ctx->io);
ev_timer_start(EV_A_ & remote->recv_ctx->watcher);
// send destaddr
buffer_t ss_addr_to_send;
buffer_t *abuf = &ss_addr_to_send;
balloc(abuf, BUF_SIZE);
if (server->hostname_len > 0
&& validate_hostname(server->hostname, server->hostname_len)) { // HTTP/SNI
uint16_t port;
if (AF_INET6 == server->destaddr.ss_family) { // IPv6
port = (((struct sockaddr_in6 *)&(server->destaddr))->sin6_port);
} else { // IPv4
port = (((struct sockaddr_in *)&(server->destaddr))->sin_port);
}
abuf->data[abuf->len++] = 3; // Type 3 is hostname
abuf->data[abuf->len++] = server->hostname_len;
memcpy(abuf->data + abuf->len, server->hostname, server->hostname_len);
abuf->len += server->hostname_len;
memcpy(abuf->data + abuf->len, &port, 2);
} else if (AF_INET6 == server->destaddr.ss_family) { // IPv6
abuf->data[abuf->len++] = 4; // Type 4 is IPv6 address
size_t in6_addr_len = sizeof(struct in6_addr);
memcpy(abuf->data + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_addr),
in6_addr_len);
abuf->len += in6_addr_len;
memcpy(abuf->data + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_port),
2);
} else { // IPv4
abuf->data[abuf->len++] = 1; // Type 1 is IPv4 address
size_t in_addr_len = sizeof(struct in_addr);
memcpy(abuf->data + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_addr, in_addr_len);
abuf->len += in_addr_len;
memcpy(abuf->data + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_port, 2);
}
abuf->len += 2;
int err = crypto->encrypt(abuf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
bfree(abuf);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
err = crypto->encrypt(remote->buf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
bfree(abuf);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
bprepend(remote->buf, abuf, BUF_SIZE);
bfree(abuf);
} else {
ERROR("getpeername");
// not connected
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (remote->buf->len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s;
if (remote->addr != NULL) {
s = sendto(remote->fd, remote->buf->data + remote->buf->idx,
remote->buf->len, MSG_FASTOPEN, remote->addr,
get_sockaddr_len(remote->addr));
if (s == -1 && (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
errno == ENOPROTOOPT)) {
fast_open = 0;
LOGE("fast open is not supported on this platform");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
remote->addr = NULL;
if (s == -1) {
if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
|| errno == EWOULDBLOCK) {
ev_io_start(EV_A_ & remote_send_ctx->io);
ev_timer_start(EV_A_ & remote_send_ctx->watcher);
} else {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
}
} else {
s = send(remote->fd, remote->buf->data + remote->buf->idx,
remote->buf->len, 0);
}
if (s == -1) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf->len) {
// partly sent, move memory, wait for the next time to send
remote->buf->len -= s;
remote->buf->idx += s;
ev_io_start(EV_A_ & remote_send_ctx->io);
return;
} else {
// all sent out, wait for reading
remote->buf->len = 0;
remote->buf->idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
}
}
{
struct sockaddr_in addr = {
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
.sin_len = sizeof(struct sockaddr_in),
#endif
.sin_family = AF_INET,
.sin_port = htons(500),
}, *val;
socklen_t *socklen;
host_t *host;
host = host_create_from_sockaddr((sockaddr_t*)&addr);
verify_any(host, AF_INET, 500);
val = (struct sockaddr_in*)host->get_sockaddr(host);
ck_assert(memeq(&addr, val, sizeof(addr)));
socklen = host->get_sockaddr_len(host);
ck_assert(*socklen == sizeof(addr));
host->destroy(host);
}
END_TEST
START_TEST(test_create_from_sockaddr_v6)
{
struct sockaddr_in6 addr = {
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
.sin6_len = sizeof(struct sockaddr_in6),
#endif
.sin6_family = AF_INET6,
.sin6_port = htons(500),
}, *val;
socklen_t *socklen;
static void
accept_cb(EV_P_ ev_io *w, int revents)
{
struct listen_ctx *listener = (struct listen_ctx *)w;
int serverfd = accept(listener->fd, NULL, NULL);
if (serverfd == -1) {
ERROR("accept");
return;
}
setnonblocking(serverfd);
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
int index = rand() % listener->remote_num;
struct sockaddr *remote_addr = listener->remote_addr[index];
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd == -1) {
ERROR("socket");
return;
}
#ifdef ANDROID
if (vpn) {
int not_protect = 0;
if (remote_addr->sa_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in *)remote_addr;
if (s->sin_addr.s_addr == inet_addr("127.0.0.1"))
not_protect = 1;
}
if (!not_protect) {
if (protect_socket(remotefd) == -1) {
ERROR("protect_socket");
close(remotefd);
return;
}
}
}
#endif
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
if (listener->mptcp == 1) {
int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt));
if (err == -1) {
ERROR("failed to enable multipath TCP");
}
}
// Setup
setnonblocking(remotefd);
#ifdef SET_INTERFACE
if (listener->iface) {
if (setinterface(remotefd, listener->iface) == -1)
ERROR("setinterface");
}
#endif
server_t *server = new_server(serverfd, listener->method);
remote_t *remote = new_remote(remotefd, listener->timeout);
server->destaddr = listener->tunnel_addr;
server->remote = remote;
remote->server = server;
int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
if (r == -1 && errno != CONNECT_IN_PROGRESS) {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
}
int start_ss_local_server(profile_t profile)
{
srand(time(NULL));
char *remote_host = profile.remote_host;
char *local_addr = profile.local_addr;
char *method = profile.method;
char *password = profile.password;
char *log = profile.log;
int remote_port = profile.remote_port;
int local_port = profile.local_port;
int timeout = profile.timeout;
udprelay = profile.udp_relay;
fast_open = profile.fast_open;
verbose = profile.verbose;
char local_port_str[16];
char remote_port_str[16];
sprintf(local_port_str, "%d", local_port);
sprintf(remote_port_str, "%d", remote_port);
USE_LOGFILE(log);
if (profile.acl != NULL) {
acl = !init_acl(profile.acl);
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
struct ev_signal sigint_watcher;
struct ev_signal sigterm_watcher;
ev_signal_init(&sigint_watcher, signal_cb, SIGINT);
ev_signal_init(&sigterm_watcher, signal_cb, SIGTERM);
ev_signal_start(EV_DEFAULT, &sigint_watcher);
ev_signal_start(EV_DEFAULT, &sigterm_watcher);
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port_str);
if (listenfd < 0) {
ERROR("bind()");
return -1;
}
if (listen(listenfd, SOMAXCONN) == -1) {
ERROR("listen()");
return -1;
}
setnonblocking(listenfd);
LOGI("listening at %s:%s", local_addr, local_port_str);
// Setup proxy context
struct listen_ctx listen_ctx;
listen_ctx.remote_num = 1;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *));
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(remote_host, remote_port_str, storage) == -1) {
return -1;
}
listen_ctx.remote_addr[0] = (struct sockaddr *)storage;
listen_ctx.timeout = timeout;
listen_ctx.fd = listenfd;
listen_ctx.method = m;
listen_ctx.iface = NULL;
struct ev_loop *loop = EV_DEFAULT;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
// Setup UDP
if (udprelay) {
LOGI("udprelay enabled");
init_udprelay(local_addr, local_port_str, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), m,
listen_ctx.timeout, NULL);
}
// Init connections
cork_dllist_init(&connections);
// Enter the loop
ev_run(loop, 0);
if (verbose) {
LOGI("closed gracefully");
}
// Clean up
free_connections(loop);
if (udprelay) {
free_udprelay();
}
ev_io_stop(loop, &listen_ctx.io);
free(listen_ctx.remote_addr);
close(listen_ctx.fd);
#ifdef __MINGW32__
winsock_cleanup();
#endif
ev_signal_stop(EV_DEFAULT, &sigint_watcher);
ev_signal_stop(EV_DEFAULT, &sigterm_watcher);
// cannot reach here
return 0;
}
static void
remote_recv_cb(EV_P_ ev_io *w, int revents)
{
ssize_t r;
remote_ctx_t *remote_ctx = (remote_ctx_t *)w;
server_ctx_t *server_ctx = remote_ctx->server_ctx;
// server has been closed
if (server_ctx == NULL) {
LOGE("[udp] invalid server");
close_and_free_remote(EV_A_ remote_ctx);
return;
}
if (verbose) {
LOGI("[udp] remote receive a packet");
}
struct sockaddr_storage src_addr;
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
memset(&src_addr, 0, src_addr_len);
buffer_t *buf = ss_malloc(sizeof(buffer_t));
balloc(buf, buf_size);
// recv
r = recvfrom(remote_ctx->fd, buf->data, buf_size, 0, (struct sockaddr *)&src_addr, &src_addr_len);
if (r == -1) {
// error on recv
// simply drop that packet
ERROR("[udp] remote_recv_recvfrom");
goto CLEAN_UP;
} else if (r > packet_size) {
if (verbose) {
LOGI("[udp] remote_recv_recvfrom fragmentation");
}
}
buf->len = r;
#ifdef MODULE_LOCAL
int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#ifdef MODULE_REDIR
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, &dst_addr);
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
LOGI("[udp] ss-redir does not support domain name");
goto CLEAN_UP;
}
#else
int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, NULL);
#endif
if (len == 0) {
LOGI("[udp] error in parse header");
// error in parse header
goto CLEAN_UP;
}
// server may return using a different address type other than the type we
// have used during sending
#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
// Construct packet
buf->len -= len;
memmove(buf->data, buf->data + len, buf->len);
#else
#ifdef __ANDROID__
rx += buf->len;
stat_update_cb();
#endif
// Construct packet
brealloc(buf, buf->len + 3, buf_size);
memmove(buf->data + 3, buf->data, buf->len);
memset(buf->data, 0, 3);
buf->len += 3;
#endif
#endif
#ifdef MODULE_REMOTE
rx += buf->len;
char addr_header_buf[512];
char *addr_header = remote_ctx->addr_header;
int addr_header_len = remote_ctx->addr_header_len;
if (remote_ctx->af == AF_INET || remote_ctx->af == AF_INET6) {
addr_header_len = construct_udprelay_header(&src_addr, addr_header_buf);
addr_header = addr_header_buf;
}
// Construct packet
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#endif
if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] remote_recv_sendto fragmentation");
}
}
size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
#ifdef MODULE_REDIR
size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
if (src_fd < 0) {
ERROR("[udp] remote_recv_socket");
goto CLEAN_UP;
}
int opt = 1;
if (setsockopt(src_fd, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
if (setsockopt(src_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(src_fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
if (bind(src_fd, (struct sockaddr *)&dst_addr, remote_dst_addr_len) != 0) {
ERROR("[udp] remote_recv_bind");
close(src_fd);
goto CLEAN_UP;
}
int s = sendto(src_fd, buf->data, buf->len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
close(src_fd);
goto CLEAN_UP;
}
close(src_fd);
#else
int s = sendto(server_ctx->fd, buf->data, buf->len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
goto CLEAN_UP;
}
#endif
// handle the UDP packet successfully,
// triger the timer
ev_timer_again(EV_A_ & remote_ctx->watcher);
CLEAN_UP:
bfree(buf);
ss_free(buf);
}
static void
server_recv_cb(EV_P_ ev_io *w, int revents)
{
server_ctx_t *server_ctx = (server_ctx_t *)w;
struct sockaddr_storage src_addr;
memset(&src_addr, 0, sizeof(struct sockaddr_storage));
buffer_t *buf = ss_malloc(sizeof(buffer_t));
balloc(buf, buf_size);
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
unsigned int offset = 0;
#ifdef MODULE_REDIR
char control_buffer[64] = { 0 };
struct msghdr msg;
memset(&msg, 0, sizeof(struct msghdr));
struct iovec iov[1];
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
msg.msg_name = &src_addr;
msg.msg_namelen = src_addr_len;
msg.msg_control = control_buffer;
msg.msg_controllen = sizeof(control_buffer);
iov[0].iov_base = buf->data;
iov[0].iov_len = buf_size;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
buf->len = recvmsg(server_ctx->fd, &msg, 0);
if (buf->len == -1) {
ERROR("[udp] server_recvmsg");
goto CLEAN_UP;
} else if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] UDP server_recv_recvmsg fragmentation");
}
}
if (get_dstaddr(&msg, &dst_addr)) {
LOGE("[udp] unable to get dest addr");
goto CLEAN_UP;
}
src_addr_len = msg.msg_namelen;
#else
ssize_t r;
r = recvfrom(server_ctx->fd, buf->data, buf_size,
0, (struct sockaddr *)&src_addr, &src_addr_len);
if (r == -1) {
// error on recv
// simply drop that packet
ERROR("[udp] server_recv_recvfrom");
goto CLEAN_UP;
} else if (r > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_recvfrom fragmentation");
}
}
buf->len = r;
#endif
if (verbose) {
LOGI("[udp] server receive a packet");
}
#ifdef MODULE_REMOTE
tx += buf->len;
int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#endif
#ifdef MODULE_LOCAL
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
#ifdef __ANDROID__
tx += buf->len;
#endif
uint8_t frag = *(uint8_t *)(buf->data + 2);
offset += 3;
#endif
#endif
/*
*
* SOCKS5 UDP Request
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* SOCKS5 UDP Response
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* shadowsocks UDP Request (before encrypted)
* +------+----------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT | DATA |
* +------+----------+----------+----------+
* | 1 | Variable | 2 | Variable |
* +------+----------+----------+----------+
*
* shadowsocks UDP Response (before encrypted)
* +------+----------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT | DATA |
* +------+----------+----------+----------+
* | 1 | Variable | 2 | Variable |
* +------+----------+----------+----------+
*
* shadowsocks UDP Request and Response (after encrypted)
* +-------+--------------+
* | IV | PAYLOAD |
* +-------+--------------+
* | Fixed | Variable |
* +-------+--------------+
*
*/
#ifdef MODULE_REDIR
char addr_header[512] = { 0 };
int addr_header_len = construct_udprelay_header(&dst_addr, addr_header);
if (addr_header_len == 0) {
LOGE("[udp] failed to parse tproxy addr");
goto CLEAN_UP;
}
// reconstruct the buffer
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
#elif MODULE_TUNNEL
char addr_header[512] = { 0 };
char *host = server_ctx->tunnel_addr.host;
char *port = server_ctx->tunnel_addr.port;
uint16_t port_num = (uint16_t)atoi(port);
uint16_t port_net_num = htons(port_num);
int addr_header_len = 0;
struct cork_ip ip;
if (cork_ip_init(&ip, host) != -1) {
if (ip.version == 4) {
// send as IPv4
struct in_addr host_addr;
memset(&host_addr, 0, sizeof(struct in_addr));
int host_len = sizeof(struct in_addr);
if (dns_pton(AF_INET, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 1;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else if (ip.version == 6) {
// send as IPv6
struct in6_addr host_addr;
memset(&host_addr, 0, sizeof(struct in6_addr));
int host_len = sizeof(struct in6_addr);
if (dns_pton(AF_INET6, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 4;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else {
FATAL("IP parser error");
}
} else {
// send as domain
int host_len = strlen(host);
addr_header[addr_header_len++] = 3;
addr_header[addr_header_len++] = host_len;
memcpy(addr_header + addr_header_len, host, host_len);
addr_header_len += host_len;
}
memcpy(addr_header + addr_header_len, &port_net_num, 2);
addr_header_len += 2;
// reconstruct the buffer
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
#else
char host[257] = { 0 };
char port[64] = { 0 };
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int addr_header_len = parse_udprelay_header(buf->data + offset, buf->len - offset,
host, port, &dst_addr);
if (addr_header_len == 0) {
// error in parse header
goto CLEAN_UP;
}
char *addr_header = buf->data + offset;
#endif
#ifdef MODULE_LOCAL
char *key = hash_key(server_ctx->remote_addr->sa_family, &src_addr);
#else
char *key = hash_key(dst_addr.ss_family, &src_addr);
#endif
struct cache *conn_cache = server_ctx->conn_cache;
remote_ctx_t *remote_ctx = NULL;
cache_lookup(conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
if (remote_ctx != NULL) {
if (sockaddr_cmp(&src_addr, &remote_ctx->src_addr, sizeof(src_addr))) {
remote_ctx = NULL;
}
}
// reset the timer
if (remote_ctx != NULL) {
ev_timer_again(EV_A_ & remote_ctx->watcher);
}
if (remote_ctx == NULL) {
if (verbose) {
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache miss: %s <-> %s", dst, src);
#else
LOGI("[udp] cache miss: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
} else {
if (verbose) {
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache hit: %s <-> %s", dst, src);
#else
LOGI("[udp] cache hit: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
}
#ifdef MODULE_LOCAL
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
if (frag) {
LOGE("[udp] drop a message since frag is not 0, but %d", frag);
goto CLEAN_UP;
}
#endif
const struct sockaddr *remote_addr = server_ctx->remote_addr;
const int remote_addr_len = server_ctx->remote_addr_len;
if (remote_ctx == NULL) {
// Bind to any port
int remotefd = create_remote_socket(remote_addr->sa_family == AF_INET6);
if (remotefd < 0) {
ERROR("[udp] udprelay bind() error");
goto CLEAN_UP;
}
setnonblocking(remotefd);
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
if (setinterface(remotefd, server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
#ifdef __ANDROID__
if (vpn) {
if (protect_socket(remotefd) == -1) {
ERROR("protect_socket");
close(remotefd);
goto CLEAN_UP;
}
}
#endif
// Init remote_ctx
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->af = remote_addr->sa_family;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
// Add to conn cache
cache_insert(conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
// Start remote io
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
if (offset > 0) {
buf->len -= offset;
memmove(buf->data, buf->data + offset, buf->len);
}
int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_sendto fragmentation");
}
}
int s = sendto(remote_ctx->fd, buf->data, buf->len, 0, remote_addr, remote_addr_len);
if (s == -1) {
ERROR("[udp] server_recv_sendto");
}
#else
int cache_hit = 0;
int need_query = 0;
if (buf->len - addr_header_len > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_sendto fragmentation");
}
}
if (remote_ctx != NULL) {
cache_hit = 1;
// detect destination mismatch
if (remote_ctx->addr_header_len != addr_header_len
|| memcmp(addr_header, remote_ctx->addr_header, addr_header_len) != 0) {
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
need_query = 1;
}
} else {
memcpy(&dst_addr, &remote_ctx->dst_addr, sizeof(struct sockaddr_storage));
}
} else {
if (dst_addr.ss_family == AF_INET || dst_addr.ss_family == AF_INET6) {
int remotefd = create_remote_socket(dst_addr.ss_family == AF_INET6);
if (remotefd != -1) {
setnonblocking(remotefd);
#ifdef SO_BROADCAST
set_broadcast(remotefd);
#endif
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
if (setinterface(remotefd, server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->server_ctx = server_ctx;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
memcpy(&remote_ctx->dst_addr, &dst_addr, sizeof(struct sockaddr_storage));
} else {
ERROR("[udp] bind() error");
goto CLEAN_UP;
}
}
}
if (remote_ctx != NULL && !need_query) {
size_t addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int s = sendto(remote_ctx->fd, buf->data + addr_header_len,
buf->len - addr_header_len, 0,
(struct sockaddr *)&dst_addr, addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
if (!cache_hit) {
close_and_free_remote(EV_A_ remote_ctx);
}
} else {
if (!cache_hit) {
// Add to conn cache
remote_ctx->af = dst_addr.ss_family;
char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
cache_insert(server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
}
} else {
struct addrinfo hints;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
struct query_ctx *query_ctx = new_query_ctx(buf->data + addr_header_len,
buf->len - addr_header_len);
query_ctx->server_ctx = server_ctx;
query_ctx->addr_header_len = addr_header_len;
query_ctx->src_addr = src_addr;
memcpy(query_ctx->addr_header, addr_header, addr_header_len);
if (need_query) {
query_ctx->remote_ctx = remote_ctx;
}
struct ResolvQuery *query = resolv_query(host, query_resolve_cb,
NULL, query_ctx, htons(atoi(port)));
if (query == NULL) {
ERROR("[udp] unable to create DNS query");
close_and_free_query(EV_A_ query_ctx);
goto CLEAN_UP;
}
query_ctx->query = query;
}
#endif
CLEAN_UP:
bfree(buf);
ss_free(buf);
}
int main(int argc, char **argv)
{
int i, c;
int pid_flags = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *iface = NULL;
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
ss_addr_t tunnel_addr = { .host = NULL, .port = NULL };
char *tunnel_addr_str = NULL;
opterr = 0;
USE_TTY();
#ifdef ANDROID
while ((c = getopt(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:uUvV")) != -1) {
#else
while ((c = getopt(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:uUv")) != -1) {
#endif
switch (c) {
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'i':
iface = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'L':
tunnel_addr_str = optarg;
break;
case 'a':
user = optarg;
break;
case 'v':
verbose = 1;
break;
#ifdef ANDROID
case 'V':
vpn = 1;
break;
#endif
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++) {
remote_addr[i] = conf->remote_addr[i];
}
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
}
if (remote_num == 0 || remote_port == NULL || tunnel_addr_str == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (timeout == NULL) {
timeout = "60";
}
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
// parse tunnel addr
parse_addr(tunnel_addr_str, &tunnel_addr);
if (tunnel_addr.port == NULL) {
FATAL("tunnel port is not defined");
}
#ifdef __MINGW32__
winsock_init();
#else
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
#endif
// Setup keys
LOGI("initialize ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
struct listen_ctx listen_ctx;
listen_ctx.tunnel_addr = tunnel_addr;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = malloc(sizeof(struct sockaddr *) * remote_num);
for (i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.iface = iface;
listen_ctx.method = m;
struct ev_loop *loop = EV_DEFAULT;
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd < 0) {
FATAL("bind() error:");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error:");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]),
tunnel_addr, m, listen_ctx.timeout, iface);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL) {
run_as(user);
}
ev_run(loop, 0);
#ifdef __MINGW32__
winsock_cleanup();
#endif
return 0;
}
int
main(int argc, char **argv)
{
srand(time(NULL));
int i, c;
int pid_flags = 0;
int mptcp = 0;
int mtu = 0;
char *user = NULL;
char *local_port = NULL;
char *local_addr = NULL;
char *password = NULL;
char *timeout = NULL;
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
int remote_num = 0;
ss_addr_t remote_addr[MAX_REMOTE_NUM];
char *remote_port = NULL;
int option_index = 0;
static struct option long_options[] = {
{ "mtu", required_argument, 0, 0 },
{ "mptcp", no_argument, 0, 0 },
{ "help", no_argument, 0, 0 },
{ 0, 0, 0, 0 }
};
opterr = 0;
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUvA6",
long_options, &option_index)) != -1) {
switch (c) {
case 0:
if (option_index == 0) {
mtu = atoi(optarg);
LOGI("set MTU to %d", mtu);
} else if (option_index == 1) {
mptcp = 1;
LOGI("enable multipath TCP");
} else if (option_index == 2) {
usage();
exit(EXIT_SUCCESS);
}
break;
case 's':
if (remote_num < MAX_REMOTE_NUM) {
remote_addr[remote_num].host = optarg;
remote_addr[remote_num++].port = NULL;
}
break;
case 'p':
remote_port = optarg;
break;
case 'l':
local_port = optarg;
break;
case 'k':
password = optarg;
break;
case 'f':
pid_flags = 1;
pid_path = optarg;
break;
case 't':
timeout = optarg;
break;
case 'm':
method = optarg;
break;
case 'c':
conf_path = optarg;
break;
case 'b':
local_addr = optarg;
break;
case 'a':
user = optarg;
break;
#ifdef HAVE_SETRLIMIT
case 'n':
nofile = atoi(optarg);
break;
#endif
case 'u':
mode = TCP_AND_UDP;
break;
case 'U':
mode = UDP_ONLY;
break;
case 'v':
verbose = 1;
break;
case 'h':
usage();
exit(EXIT_SUCCESS);
case 'A':
auth = 1;
break;
case '6':
ipv6first = 1;
break;
case '?':
// The option character is not recognized.
LOGE("Unrecognized option: %s", optarg);
opterr = 1;
break;
}
}
if (opterr) {
usage();
exit(EXIT_FAILURE);
}
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;
}
}
if (conf_path != NULL) {
jconf_t *conf = read_jconf(conf_path);
if (remote_num == 0) {
remote_num = conf->remote_num;
for (i = 0; i < remote_num; i++)
remote_addr[i] = conf->remote_addr[i];
}
if (remote_port == NULL) {
remote_port = conf->remote_port;
}
if (local_addr == NULL) {
local_addr = conf->local_addr;
}
if (local_port == NULL) {
local_port = conf->local_port;
}
if (password == NULL) {
password = conf->password;
}
if (method == NULL) {
method = conf->method;
}
if (timeout == NULL) {
timeout = conf->timeout;
}
if (user == NULL) {
user = conf->user;
}
if (auth == 0) {
auth = conf->auth;
}
if (mtu == 0) {
mtu = conf->mtu;
}
if (mptcp == 0) {
mptcp = conf->mptcp;
}
#ifdef HAVE_SETRLIMIT
if (nofile == 0) {
nofile = conf->nofile;
}
#endif
}
if (remote_num == 0 || remote_port == NULL ||
local_port == NULL || password == NULL) {
usage();
exit(EXIT_FAILURE);
}
if (method == NULL) {
method = "rc4-md5";
}
if (timeout == NULL) {
timeout = "600";
}
#ifdef HAVE_SETRLIMIT
/*
* no need to check the return value here since we will show
* the user an error message if setrlimit(2) fails
*/
if (nofile > 1024) {
if (verbose) {
LOGI("setting NOFILE to %d", nofile);
}
set_nofile(nofile);
}
#endif
if (local_addr == NULL) {
local_addr = "127.0.0.1";
}
if (pid_flags) {
USE_SYSLOG(argv[0]);
daemonize(pid_path);
}
if (ipv6first) {
LOGI("resolving hostname to IPv6 address first");
}
if (auth) {
LOGI("onetime authentication enabled");
}
// ignore SIGPIPE
signal(SIGPIPE, SIG_IGN);
signal(SIGABRT, SIG_IGN);
signal(SIGINT, signal_cb);
signal(SIGTERM, signal_cb);
// Setup keys
LOGI("initializing ciphers... %s", method);
int m = enc_init(password, method);
// Setup proxy context
listen_ctx_t listen_ctx;
listen_ctx.remote_num = remote_num;
listen_ctx.remote_addr = ss_malloc(sizeof(struct sockaddr *) * remote_num);
for (int i = 0; i < remote_num; i++) {
char *host = remote_addr[i].host;
char *port = remote_addr[i].port == NULL ? remote_port :
remote_addr[i].port;
struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage));
memset(storage, 0, sizeof(struct sockaddr_storage));
if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) {
FATAL("failed to resolve the provided hostname");
}
listen_ctx.remote_addr[i] = (struct sockaddr *)storage;
}
listen_ctx.timeout = atoi(timeout);
listen_ctx.method = m;
listen_ctx.mptcp = mptcp;
struct ev_loop *loop = EV_DEFAULT;
if (mode != UDP_ONLY) {
// Setup socket
int listenfd;
listenfd = create_and_bind(local_addr, local_port);
if (listenfd == -1) {
FATAL("bind() error");
}
if (listen(listenfd, SOMAXCONN) == -1) {
FATAL("listen() error");
}
setnonblocking(listenfd);
listen_ctx.fd = listenfd;
ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ);
ev_io_start(loop, &listen_ctx.io);
}
// Setup UDP
if (mode != TCP_ONLY) {
LOGI("UDP relay enabled");
init_udprelay(local_addr, local_port, listen_ctx.remote_addr[0],
get_sockaddr_len(listen_ctx.remote_addr[0]), mtu, m, auth, listen_ctx.timeout, NULL);
}
if (mode == UDP_ONLY) {
LOGI("TCP relay disabled");
}
LOGI("listening at %s:%s", local_addr, local_port);
// setuid
if (user != NULL && ! run_as(user)) {
FATAL("failed to switch user");
}
if (geteuid() == 0){
LOGI("running from root user");
}
ev_run(loop, 0);
return 0;
}
static void server_recv_cb(EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_ctx = (struct server_ctx *)w;
struct sockaddr_storage src_addr;
memset(&src_addr, 0, sizeof(struct sockaddr_storage));
char *buf = malloc(BUF_SIZE);
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
unsigned int offset = 0;
#ifdef UDPRELAY_REDIR
char control_buffer[64] = { 0 };
struct msghdr msg;
struct iovec iov[1];
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
msg.msg_name = &src_addr;
msg.msg_namelen = src_addr_len;
msg.msg_control = control_buffer;
msg.msg_controllen = sizeof(control_buffer);
iov[0].iov_base = buf;
iov[0].iov_len = BUF_SIZE;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
ssize_t buf_len = recvmsg(server_ctx->fd, &msg, 0);
if (buf_len == -1) {
ERROR("[udp] server_recvmsg");
goto CLEAN_UP;
}
if (get_dstaddr(&msg, &dst_addr)) {
LOGE("[udp] unable to get dest addr");
goto CLEAN_UP;
}
src_addr_len = msg.msg_namelen;
#else
ssize_t buf_len =
recvfrom(server_ctx->fd, buf, BUF_SIZE, 0, (struct sockaddr *)&src_addr,
&src_addr_len);
if (buf_len == -1) {
// error on recv
// simply drop that packet
ERROR("[udp] server_recvfrom");
goto CLEAN_UP;
}
#endif
if (verbose) {
LOGI("[udp] server receive a packet");
}
#ifdef UDPRELAY_REMOTE
tx += buf_len;
buf = ss_decrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method, server_ctx->auth);
if (buf == NULL) {
ERROR("[udp] server_ss_decrypt_all");
goto CLEAN_UP;
}
#endif
#ifdef UDPRELAY_LOCAL
#if !defined(UDPRELAY_TUNNEL) && !defined(UDPRELAY_REDIR)
uint8_t frag = *(uint8_t *)(buf + 2);
offset += 3;
#endif
#endif
// packet size > default MTU
if (verbose && buf_len > MTU) {
LOGE("[udp] possible ip fragment, size: %d", (int)buf_len);
}
/*
*
* SOCKS5 UDP Request
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* SOCKS5 UDP Response
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* shadowsocks UDP Request (before encrypted)
* +------+----------+----------+----------+-------------+
* | ATYP | DST.ADDR | DST.PORT | DATA | HMAC-SHA1 |
* +------+----------+----------+----------+-------------+
* | 1 | Variable | 2 | Variable | 10 |
* +------+----------+----------+----------+-------------+
*
* If ATYP & ONETIMEAUTH_FLAG(0x10) == 1, Authentication (HMAC-SHA1) is enabled.
*
* The key of HMAC-SHA1 is (IV + KEY) and the input is the whole packet.
* The output of HMAC-SHA is truncated to 10 bytes (leftmost bits).
*
* shadowsocks UDP Response (before encrypted)
* +------+----------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT | DATA |
* +------+----------+----------+----------+
* | 1 | Variable | 2 | Variable |
* +------+----------+----------+----------+
*
* shadowsocks UDP Request and Response (after encrypted)
* +-------+--------------+
* | IV | PAYLOAD |
* +-------+--------------+
* | Fixed | Variable |
* +-------+--------------+
*
*/
#ifdef UDPRELAY_REDIR
char addr_header[256] = { 0 };
int addr_header_len = construct_udprealy_header(&dst_addr, addr_header);
if (addr_header_len == 0) {
LOGE("[udp] failed to parse tproxy addr");
goto CLEAN_UP;
}
// reconstruct the buffer
if (BUF_SIZE < buf_len + addr_header_len) {
buf = realloc(buf, buf_len + addr_header_len);
}
memmove(buf + addr_header_len, buf, buf_len);
memcpy(buf, addr_header, addr_header_len);
buf_len += addr_header_len;
char *key = hash_key(dst_addr.ss_family, &src_addr);
#elif UDPRELAY_TUNNEL
char addr_header[256] = { 0 };
char *host = server_ctx->tunnel_addr.host;
char *port = server_ctx->tunnel_addr.port;
uint16_t port_num = (uint16_t)atoi(port);
uint16_t port_net_num = htons(port_num);
int addr_header_len = 0;
struct cork_ip ip;
if (cork_ip_init(&ip, host) != -1) {
if (ip.version == 4) {
// send as IPv4
struct in_addr host_addr;
int host_len = sizeof(struct in_addr);
if (dns_pton(AF_INET, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 1;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else if (ip.version == 6) {
// send as IPv6
struct in6_addr host_addr;
int host_len = sizeof(struct in6_addr);
if (dns_pton(AF_INET6, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 4;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else {
FATAL("IP parser error");
}
} else {
// send as domain
int host_len = strlen(host);
addr_header[addr_header_len++] = 3;
addr_header[addr_header_len++] = host_len;
memcpy(addr_header + addr_header_len, host, host_len);
addr_header_len += host_len;
}
memcpy(addr_header + addr_header_len, &port_net_num, 2);
addr_header_len += 2;
// reconstruct the buffer
if (BUF_SIZE < buf_len + addr_header_len) {
buf = realloc(buf, buf_len + addr_header_len);
}
memmove(buf + addr_header_len, buf, buf_len);
memcpy(buf, addr_header, addr_header_len);
buf_len += addr_header_len;
char *key = hash_key(ip.version == 4 ? AF_INET : AF_INET6, &src_addr);
#else
char host[256] = { 0 };
char port[64] = { 0 };
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int addr_header_len = parse_udprealy_header(buf + offset, buf_len - offset,
&server_ctx->auth, host, port,
&dst_addr);
if (addr_header_len == 0) {
// error in parse header
goto CLEAN_UP;
}
char *addr_header = buf + offset;
char *key = hash_key(dst_addr.ss_family, &src_addr);
#endif
struct cache *conn_cache = server_ctx->conn_cache;
struct remote_ctx *remote_ctx = NULL;
cache_lookup(conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
if (remote_ctx != NULL) {
if (memcmp(&src_addr, &remote_ctx->src_addr, sizeof(src_addr))) {
remote_ctx = NULL;
}
}
// reset the timer
if (remote_ctx != NULL) {
ev_timer_again(EV_A_ & remote_ctx->watcher);
}
if (remote_ctx == NULL) {
if (verbose) {
#ifdef UDPRELAY_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache miss: %s <-> %s", dst, src);
#else
LOGI("[udp] cache miss: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
} else {
if (verbose) {
#ifdef UDPRELAY_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache hit: %s <-> %s", dst, src);
#else
LOGI("[udp] cache hit: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
}
#ifdef UDPRELAY_LOCAL
#if !defined(UDPRELAY_TUNNEL) && !defined(UDPRELAY_REDIR)
if (frag) {
LOGE("[udp] drop a message since frag is not 0, but %d", frag);
goto CLEAN_UP;
}
#endif
const struct sockaddr *remote_addr = server_ctx->remote_addr;
const int remote_addr_len = server_ctx->remote_addr_len;
if (remote_ctx == NULL) {
// Bind to any port
int remotefd = create_remote_socket(remote_addr->sa_family == AF_INET6);
if (remotefd < 0) {
ERROR("[udp] udprelay bind() error");
goto CLEAN_UP;
}
setnonblocking(remotefd);
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
setinterface(remotefd, server_ctx->iface);
}
#endif
#ifdef ANDROID
if (vpn) {
if (protect_socket(remotefd) == -1) {
ERROR("protect_socket");
close(remotefd);
goto CLEAN_UP;
}
}
#endif
// Init remote_ctx
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->af = remote_addr->sa_family;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
// Add to conn cache
cache_insert(conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
// Start remote io
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
if (offset > 0) {
buf_len -= offset;
memmove(buf, buf + offset, buf_len);
}
if (server_ctx->auth) {
buf[0] |= ONETIMEAUTH_FLAG;
}
buf = ss_encrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method, server_ctx->auth);
int s = sendto(remote_ctx->fd, buf, buf_len, 0, remote_addr, remote_addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
}
#else
int cache_hit = 0;
int need_query = 0;
if (remote_ctx != NULL) {
cache_hit = 1;
// detect destination mismatch
if (remote_ctx->addr_header_len != addr_header_len
|| memcmp(addr_header, remote_ctx->addr_header, addr_header_len) != 0) {
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
need_query = 1;
}
}
} else {
if (dst_addr.ss_family == AF_INET || dst_addr.ss_family == AF_INET6) {
int remotefd = create_remote_socket(dst_addr.ss_family == AF_INET6);
if (remotefd != -1) {
setnonblocking(remotefd);
#ifdef SO_BROADCAST
set_broadcast(remotefd);
#endif
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
setinterface(remotefd, server_ctx->iface);
}
#endif
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->server_ctx = server_ctx;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
} else {
ERROR("[udp] bind() error");
goto CLEAN_UP;
}
}
}
if (remote_ctx != NULL && !need_query) {
size_t addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int s = sendto(remote_ctx->fd, buf + addr_header_len,
buf_len - addr_header_len, 0,
(struct sockaddr *)&dst_addr, addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
if (!cache_hit) {
close_and_free_remote(EV_A_ remote_ctx);
}
} else {
if (!cache_hit) {
// Add to conn cache
remote_ctx->af = dst_addr.ss_family;
char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
cache_insert(server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
}
} else {
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
struct query_ctx *query_ctx = new_query_ctx(buf + addr_header_len,
buf_len -
addr_header_len);
query_ctx->server_ctx = server_ctx;
query_ctx->addr_header_len = addr_header_len;
query_ctx->src_addr = src_addr;
memcpy(query_ctx->addr_header, addr_header, addr_header_len);
if (need_query) {
query_ctx->remote_ctx = remote_ctx;
}
struct ResolvQuery *query = resolv_query(host, query_resolve_cb,
NULL, query_ctx, htons(atoi(port)));
if (query == NULL) {
ERROR("[udp] unable to create DNS query");
close_and_free_query(EV_A_ query_ctx);
goto CLEAN_UP;
}
query_ctx->query = query;
}
#endif
CLEAN_UP:
free(buf);
}
