static void server_send_cb(EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_send_ctx = (struct server_ctx *)w;
struct server *server = server_send_ctx->server;
struct remote *remote = server->remote;
if (server->buf_len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s = send(server->fd, server->buf + server->buf_idx,
server->buf_len, 0);
if (s < 0) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < server->buf_len) {
// partly sent, move memory, wait for the next time to send
server->buf_len -= s;
server->buf_idx += s;
return;
} else {
// all sent out, wait for reading
server->buf_len = 0;
server->buf_idx = 0;
ev_io_stop(EV_A_ & server_send_ctx->io);
if (remote != NULL) {
ev_io_start(EV_A_ & remote->recv_ctx->io);
} else {
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
}
}
void
free_cb(void *key, void *element)
{
remote_ctx_t *remote_ctx = (remote_ctx_t *)element;
if (verbose) {
LOGI("[udp] one connection freed");
}
close_and_free_remote(EV_DEFAULT, remote_ctx);
}
void free_cb(void *element)
{
struct remote_ctx *remote_ctx = (struct remote_ctx *)element;
if (verbose)
{
LOGD("free a remote ctx");
}
close_and_free_remote(EV_DEFAULT, remote_ctx);
}
static void free_connections(struct ev_loop *loop)
{
struct cork_dllist_item *curr;
for (curr = cork_dllist_start(&connections);
!cork_dllist_is_end(&connections, curr);
curr = curr->next) {
struct server *server = cork_container_of(curr, struct server, entries);
struct remote *remote = server->remote;
close_and_free_server(loop, server);
close_and_free_remote(loop, remote);
}
}
static void server_timeout_cb(EV_P_ ev_timer *watcher, int revents)
{
struct server_ctx *server_ctx = (struct server_ctx *) (((void*)watcher)
- sizeof(ev_io));
struct server *server = server_ctx->server;
struct remote *remote = server->remote;
LOGE("TCP connection timeout");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
{
remote_ctx_t *remote_ctx = (remote_ctx_t *)(((void *)watcher)
- sizeof(ev_io));
remote_t *remote = remote_ctx->remote;
server_t *server = remote->server;
ev_timer_stop(EV_A_ watcher);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
{
struct remote_ctx *remote_ctx = (struct remote_ctx *)(((void *)watcher)
- sizeof(ev_io));
struct remote *remote = remote_ctx->remote;
struct server *server = remote->server;
LOGD("remote timeout");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
static void
remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
{
remote_ctx_t *remote_ctx
= cork_container_of(watcher, remote_ctx_t, watcher);
remote_t *remote = remote_ctx->remote;
server_t *server = remote->server;
ev_timer_stop(EV_A_ watcher);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
{
struct remote_ctx *remote_ctx = (struct remote_ctx *)(((void *)watcher)
- sizeof(ev_io));
struct remote *remote = remote_ctx->remote;
struct server *server = remote->server;
if (verbose) {
LOGI("TCP connection timeout");
}
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
static void
delayed_connect_cb(EV_P_ ev_timer *watcher, int revents)
{
server_t *server = cork_container_of(watcher, server_t,
delayed_connect_watcher);
remote_t *remote = server->remote;
int r = connect(remote->fd, remote->addr,
get_sockaddr_len(remote->addr));
if (r == -1 && errno != CONNECT_IN_PROGRESS) {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
}
}
static void
server_recv_cb(EV_P_ ev_io *w, int revents)
{
server_ctx_t *server_ctx = (server_ctx_t *)w;
struct sockaddr_storage src_addr;
memset(&src_addr, 0, sizeof(struct sockaddr_storage));
buffer_t *buf = ss_malloc(sizeof(buffer_t));
balloc(buf, buf_size);
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
unsigned int offset = 0;
#ifdef MODULE_REDIR
char control_buffer[64] = { 0 };
struct msghdr msg;
memset(&msg, 0, sizeof(struct msghdr));
struct iovec iov[1];
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
msg.msg_name = &src_addr;
msg.msg_namelen = src_addr_len;
msg.msg_control = control_buffer;
msg.msg_controllen = sizeof(control_buffer);
iov[0].iov_base = buf->data;
iov[0].iov_len = buf_size;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
buf->len = recvmsg(server_ctx->fd, &msg, 0);
if (buf->len == -1) {
ERROR("[udp] server_recvmsg");
goto CLEAN_UP;
} else if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] UDP server_recv_recvmsg fragmentation");
}
}
if (get_dstaddr(&msg, &dst_addr)) {
LOGE("[udp] unable to get dest addr");
goto CLEAN_UP;
}
src_addr_len = msg.msg_namelen;
#else
ssize_t r;
r = recvfrom(server_ctx->fd, buf->data, buf_size,
0, (struct sockaddr *)&src_addr, &src_addr_len);
if (r == -1) {
// error on recv
// simply drop that packet
ERROR("[udp] server_recv_recvfrom");
goto CLEAN_UP;
} else if (r > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_recvfrom fragmentation");
}
}
buf->len = r;
#endif
if (verbose) {
LOGI("[udp] server receive a packet");
}
#ifdef MODULE_REMOTE
tx += buf->len;
int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#endif
#ifdef MODULE_LOCAL
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
#ifdef __ANDROID__
tx += buf->len;
#endif
uint8_t frag = *(uint8_t *)(buf->data + 2);
offset += 3;
#endif
#endif
/*
*
* SOCKS5 UDP Request
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* SOCKS5 UDP Response
* +----+------+------+----------+----------+----------+
* |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
* +----+------+------+----------+----------+----------+
* | 2 | 1 | 1 | Variable | 2 | Variable |
* +----+------+------+----------+----------+----------+
*
* shadowsocks UDP Request (before encrypted)
* +------+----------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT | DATA |
* +------+----------+----------+----------+
* | 1 | Variable | 2 | Variable |
* +------+----------+----------+----------+
*
* shadowsocks UDP Response (before encrypted)
* +------+----------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT | DATA |
* +------+----------+----------+----------+
* | 1 | Variable | 2 | Variable |
* +------+----------+----------+----------+
*
* shadowsocks UDP Request and Response (after encrypted)
* +-------+--------------+
* | IV | PAYLOAD |
* +-------+--------------+
* | Fixed | Variable |
* +-------+--------------+
*
*/
#ifdef MODULE_REDIR
char addr_header[512] = { 0 };
int addr_header_len = construct_udprelay_header(&dst_addr, addr_header);
if (addr_header_len == 0) {
LOGE("[udp] failed to parse tproxy addr");
goto CLEAN_UP;
}
// reconstruct the buffer
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
#elif MODULE_TUNNEL
char addr_header[512] = { 0 };
char *host = server_ctx->tunnel_addr.host;
char *port = server_ctx->tunnel_addr.port;
uint16_t port_num = (uint16_t)atoi(port);
uint16_t port_net_num = htons(port_num);
int addr_header_len = 0;
struct cork_ip ip;
if (cork_ip_init(&ip, host) != -1) {
if (ip.version == 4) {
// send as IPv4
struct in_addr host_addr;
memset(&host_addr, 0, sizeof(struct in_addr));
int host_len = sizeof(struct in_addr);
if (dns_pton(AF_INET, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 1;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else if (ip.version == 6) {
// send as IPv6
struct in6_addr host_addr;
memset(&host_addr, 0, sizeof(struct in6_addr));
int host_len = sizeof(struct in6_addr);
if (dns_pton(AF_INET6, host, &host_addr) == -1) {
FATAL("IP parser error");
}
addr_header[addr_header_len++] = 4;
memcpy(addr_header + addr_header_len, &host_addr, host_len);
addr_header_len += host_len;
} else {
FATAL("IP parser error");
}
} else {
// send as domain
int host_len = strlen(host);
addr_header[addr_header_len++] = 3;
addr_header[addr_header_len++] = host_len;
memcpy(addr_header + addr_header_len, host, host_len);
addr_header_len += host_len;
}
memcpy(addr_header + addr_header_len, &port_net_num, 2);
addr_header_len += 2;
// reconstruct the buffer
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
#else
char host[257] = { 0 };
char port[64] = { 0 };
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int addr_header_len = parse_udprelay_header(buf->data + offset, buf->len - offset,
host, port, &dst_addr);
if (addr_header_len == 0) {
// error in parse header
goto CLEAN_UP;
}
char *addr_header = buf->data + offset;
#endif
#ifdef MODULE_LOCAL
char *key = hash_key(server_ctx->remote_addr->sa_family, &src_addr);
#else
char *key = hash_key(dst_addr.ss_family, &src_addr);
#endif
struct cache *conn_cache = server_ctx->conn_cache;
remote_ctx_t *remote_ctx = NULL;
cache_lookup(conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
if (remote_ctx != NULL) {
if (sockaddr_cmp(&src_addr, &remote_ctx->src_addr, sizeof(src_addr))) {
remote_ctx = NULL;
}
}
// reset the timer
if (remote_ctx != NULL) {
ev_timer_again(EV_A_ & remote_ctx->watcher);
}
if (remote_ctx == NULL) {
if (verbose) {
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache miss: %s <-> %s", dst, src);
#else
LOGI("[udp] cache miss: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
} else {
if (verbose) {
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
strcpy(dst, get_addr_str((struct sockaddr *)&dst_addr));
LOGI("[udp] cache hit: %s <-> %s", dst, src);
#else
LOGI("[udp] cache hit: %s:%s <-> %s", host, port,
get_addr_str((struct sockaddr *)&src_addr));
#endif
}
}
#ifdef MODULE_LOCAL
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
if (frag) {
LOGE("[udp] drop a message since frag is not 0, but %d", frag);
goto CLEAN_UP;
}
#endif
const struct sockaddr *remote_addr = server_ctx->remote_addr;
const int remote_addr_len = server_ctx->remote_addr_len;
if (remote_ctx == NULL) {
// Bind to any port
int remotefd = create_remote_socket(remote_addr->sa_family == AF_INET6);
if (remotefd < 0) {
ERROR("[udp] udprelay bind() error");
goto CLEAN_UP;
}
setnonblocking(remotefd);
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
if (setinterface(remotefd, server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
#ifdef __ANDROID__
if (vpn) {
if (protect_socket(remotefd) == -1) {
ERROR("protect_socket");
close(remotefd);
goto CLEAN_UP;
}
}
#endif
// Init remote_ctx
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->af = remote_addr->sa_family;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
// Add to conn cache
cache_insert(conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
// Start remote io
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
if (offset > 0) {
buf->len -= offset;
memmove(buf->data, buf->data + offset, buf->len);
}
int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_sendto fragmentation");
}
}
int s = sendto(remote_ctx->fd, buf->data, buf->len, 0, remote_addr, remote_addr_len);
if (s == -1) {
ERROR("[udp] server_recv_sendto");
}
#else
int cache_hit = 0;
int need_query = 0;
if (buf->len - addr_header_len > packet_size) {
if (verbose) {
LOGI("[udp] server_recv_sendto fragmentation");
}
}
if (remote_ctx != NULL) {
cache_hit = 1;
// detect destination mismatch
if (remote_ctx->addr_header_len != addr_header_len
|| memcmp(addr_header, remote_ctx->addr_header, addr_header_len) != 0) {
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
need_query = 1;
}
} else {
memcpy(&dst_addr, &remote_ctx->dst_addr, sizeof(struct sockaddr_storage));
}
} else {
if (dst_addr.ss_family == AF_INET || dst_addr.ss_family == AF_INET6) {
int remotefd = create_remote_socket(dst_addr.ss_family == AF_INET6);
if (remotefd != -1) {
setnonblocking(remotefd);
#ifdef SO_BROADCAST
set_broadcast(remotefd);
#endif
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (server_ctx->iface) {
if (setinterface(remotefd, server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
remote_ctx = new_remote(remotefd, server_ctx);
remote_ctx->src_addr = src_addr;
remote_ctx->server_ctx = server_ctx;
remote_ctx->addr_header_len = addr_header_len;
memcpy(remote_ctx->addr_header, addr_header, addr_header_len);
memcpy(&remote_ctx->dst_addr, &dst_addr, sizeof(struct sockaddr_storage));
} else {
ERROR("[udp] bind() error");
goto CLEAN_UP;
}
}
}
if (remote_ctx != NULL && !need_query) {
size_t addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int s = sendto(remote_ctx->fd, buf->data + addr_header_len,
buf->len - addr_header_len, 0,
(struct sockaddr *)&dst_addr, addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
if (!cache_hit) {
close_and_free_remote(EV_A_ remote_ctx);
}
} else {
if (!cache_hit) {
// Add to conn cache
remote_ctx->af = dst_addr.ss_family;
char *key = hash_key(remote_ctx->af, &remote_ctx->src_addr);
cache_insert(server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
}
} else {
struct addrinfo hints;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
struct query_ctx *query_ctx = new_query_ctx(buf->data + addr_header_len,
buf->len - addr_header_len);
query_ctx->server_ctx = server_ctx;
query_ctx->addr_header_len = addr_header_len;
query_ctx->src_addr = src_addr;
memcpy(query_ctx->addr_header, addr_header, addr_header_len);
if (need_query) {
query_ctx->remote_ctx = remote_ctx;
}
struct ResolvQuery *query = resolv_query(host, query_resolve_cb,
NULL, query_ctx, htons(atoi(port)));
if (query == NULL) {
ERROR("[udp] unable to create DNS query");
close_and_free_query(EV_A_ query_ctx);
goto CLEAN_UP;
}
query_ctx->query = query;
}
#endif
CLEAN_UP:
bfree(buf);
ss_free(buf);
}
static void
query_resolve_cb(struct sockaddr *addr, void *data)
{
struct query_ctx *query_ctx = (struct query_ctx *)data;
struct ev_loop *loop = query_ctx->server_ctx->loop;
if (verbose) {
LOGI("[udp] udns resolved");
}
query_ctx->query = NULL;
if (addr == NULL) {
LOGE("[udp] udns returned an error");
} else {
remote_ctx_t *remote_ctx = query_ctx->remote_ctx;
int cache_hit = 0;
// Lookup in the conn cache
if (remote_ctx == NULL) {
char *key = hash_key(AF_UNSPEC, &query_ctx->src_addr);
cache_lookup(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)&remote_ctx);
}
if (remote_ctx == NULL) {
int remotefd = create_remote_socket(addr->sa_family == AF_INET6);
if (remotefd != -1) {
setnonblocking(remotefd);
#ifdef SO_BROADCAST
set_broadcast(remotefd);
#endif
#ifdef SO_NOSIGPIPE
set_nosigpipe(remotefd);
#endif
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(remotefd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
#ifdef SET_INTERFACE
if (query_ctx->server_ctx->iface) {
if (setinterface(remotefd, query_ctx->server_ctx->iface) == -1)
ERROR("setinterface");
}
#endif
remote_ctx = new_remote(remotefd, query_ctx->server_ctx);
remote_ctx->src_addr = query_ctx->src_addr;
remote_ctx->server_ctx = query_ctx->server_ctx;
remote_ctx->addr_header_len = query_ctx->addr_header_len;
memcpy(remote_ctx->addr_header, query_ctx->addr_header,
query_ctx->addr_header_len);
} else {
ERROR("[udp] bind() error");
}
} else {
cache_hit = 1;
}
if (remote_ctx != NULL) {
memcpy(&remote_ctx->dst_addr, addr, sizeof(struct sockaddr_storage));
size_t addr_len = get_sockaddr_len(addr);
int s = sendto(remote_ctx->fd, query_ctx->buf->data, query_ctx->buf->len,
0, addr, addr_len);
if (s == -1) {
ERROR("[udp] sendto_remote");
if (!cache_hit) {
close_and_free_remote(EV_A_ remote_ctx);
}
} else {
if (!cache_hit) {
// Add to conn cache
char *key = hash_key(AF_UNSPEC, &remote_ctx->src_addr);
cache_insert(query_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN, (void *)remote_ctx);
ev_io_start(EV_A_ & remote_ctx->io);
ev_timer_start(EV_A_ & remote_ctx->watcher);
}
}
}
}
// clean up
close_and_free_query(EV_A_ query_ctx);
}
static void
remote_recv_cb(EV_P_ ev_io *w, int revents)
{
ssize_t r;
remote_ctx_t *remote_ctx = (remote_ctx_t *)w;
server_ctx_t *server_ctx = remote_ctx->server_ctx;
// server has been closed
if (server_ctx == NULL) {
LOGE("[udp] invalid server");
close_and_free_remote(EV_A_ remote_ctx);
return;
}
if (verbose) {
LOGI("[udp] remote receive a packet");
}
struct sockaddr_storage src_addr;
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
memset(&src_addr, 0, src_addr_len);
buffer_t *buf = ss_malloc(sizeof(buffer_t));
balloc(buf, buf_size);
// recv
r = recvfrom(remote_ctx->fd, buf->data, buf_size, 0, (struct sockaddr *)&src_addr, &src_addr_len);
if (r == -1) {
// error on recv
// simply drop that packet
ERROR("[udp] remote_recv_recvfrom");
goto CLEAN_UP;
} else if (r > packet_size) {
if (verbose) {
LOGI("[udp] remote_recv_recvfrom fragmentation");
}
}
buf->len = r;
#ifdef MODULE_LOCAL
int err = server_ctx->crypto->decrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#ifdef MODULE_REDIR
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, &dst_addr);
if (dst_addr.ss_family != AF_INET && dst_addr.ss_family != AF_INET6) {
LOGI("[udp] ss-redir does not support domain name");
goto CLEAN_UP;
}
#else
int len = parse_udprelay_header(buf->data, buf->len, NULL, NULL, NULL);
#endif
if (len == 0) {
LOGI("[udp] error in parse header");
// error in parse header
goto CLEAN_UP;
}
// server may return using a different address type other than the type we
// have used during sending
#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
// Construct packet
buf->len -= len;
memmove(buf->data, buf->data + len, buf->len);
#else
#ifdef __ANDROID__
rx += buf->len;
stat_update_cb();
#endif
// Construct packet
brealloc(buf, buf->len + 3, buf_size);
memmove(buf->data + 3, buf->data, buf->len);
memset(buf->data, 0, 3);
buf->len += 3;
#endif
#endif
#ifdef MODULE_REMOTE
rx += buf->len;
char addr_header_buf[512];
char *addr_header = remote_ctx->addr_header;
int addr_header_len = remote_ctx->addr_header_len;
if (remote_ctx->af == AF_INET || remote_ctx->af == AF_INET6) {
addr_header_len = construct_udprelay_header(&src_addr, addr_header_buf);
addr_header = addr_header_buf;
}
// Construct packet
brealloc(buf, buf->len + addr_header_len, buf_size);
memmove(buf->data + addr_header_len, buf->data, buf->len);
memcpy(buf->data, addr_header, addr_header_len);
buf->len += addr_header_len;
int err = server_ctx->crypto->encrypt_all(buf, server_ctx->crypto->cipher, buf_size);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#endif
if (buf->len > packet_size) {
if (verbose) {
LOGI("[udp] remote_recv_sendto fragmentation");
}
}
size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
#ifdef MODULE_REDIR
size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
if (src_fd < 0) {
ERROR("[udp] remote_recv_socket");
goto CLEAN_UP;
}
int opt = 1;
if (setsockopt(src_fd, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
if (setsockopt(src_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt))) {
ERROR("[udp] remote_recv_setsockopt");
close(src_fd);
goto CLEAN_UP;
}
#ifdef IP_TOS
// Set QoS flag
int tos = 46;
setsockopt(src_fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
#endif
if (bind(src_fd, (struct sockaddr *)&dst_addr, remote_dst_addr_len) != 0) {
ERROR("[udp] remote_recv_bind");
close(src_fd);
goto CLEAN_UP;
}
int s = sendto(src_fd, buf->data, buf->len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
close(src_fd);
goto CLEAN_UP;
}
close(src_fd);
#else
int s = sendto(server_ctx->fd, buf->data, buf->len, 0,
(struct sockaddr *)&remote_ctx->src_addr, remote_src_addr_len);
if (s == -1) {
ERROR("[udp] remote_recv_sendto");
goto CLEAN_UP;
}
#endif
// handle the UDP packet successfully,
// triger the timer
ev_timer_again(EV_A_ & remote_ctx->watcher);
CLEAN_UP:
bfree(buf);
ss_free(buf);
}
static void
remote_send_cb(EV_P_ ev_io *w, int revents)
{
remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
remote_t *remote = remote_send_ctx->remote;
server_t *server = remote->server;
ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
if (!remote_send_ctx->connected) {
int r = 0;
if (remote->addr == NULL) {
struct sockaddr_storage addr;
memset(&addr, 0, sizeof(struct sockaddr_storage));
socklen_t len = sizeof addr;
r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
}
if (r == 0) {
remote_send_ctx->connected = 1;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_stop(EV_A_ & server->recv_ctx->io);
ev_io_start(EV_A_ & remote->recv_ctx->io);
ev_timer_start(EV_A_ & remote->recv_ctx->watcher);
// send destaddr
buffer_t ss_addr_to_send;
buffer_t *abuf = &ss_addr_to_send;
balloc(abuf, BUF_SIZE);
if (server->hostname_len > 0
&& validate_hostname(server->hostname, server->hostname_len)) { // HTTP/SNI
uint16_t port;
if (AF_INET6 == server->destaddr.ss_family) { // IPv6
port = (((struct sockaddr_in6 *)&(server->destaddr))->sin6_port);
} else { // IPv4
port = (((struct sockaddr_in *)&(server->destaddr))->sin_port);
}
abuf->data[abuf->len++] = 3; // Type 3 is hostname
abuf->data[abuf->len++] = server->hostname_len;
memcpy(abuf->data + abuf->len, server->hostname, server->hostname_len);
abuf->len += server->hostname_len;
memcpy(abuf->data + abuf->len, &port, 2);
} else if (AF_INET6 == server->destaddr.ss_family) { // IPv6
abuf->data[abuf->len++] = 4; // Type 4 is IPv6 address
size_t in6_addr_len = sizeof(struct in6_addr);
memcpy(abuf->data + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_addr),
in6_addr_len);
abuf->len += in6_addr_len;
memcpy(abuf->data + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_port),
2);
} else { // IPv4
abuf->data[abuf->len++] = 1; // Type 1 is IPv4 address
size_t in_addr_len = sizeof(struct in_addr);
memcpy(abuf->data + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_addr, in_addr_len);
abuf->len += in_addr_len;
memcpy(abuf->data + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_port, 2);
}
abuf->len += 2;
int err = crypto->encrypt(abuf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
bfree(abuf);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
err = crypto->encrypt(remote->buf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
bfree(abuf);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
bprepend(remote->buf, abuf, BUF_SIZE);
bfree(abuf);
} else {
ERROR("getpeername");
// not connected
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (remote->buf->len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s;
if (remote->addr != NULL) {
s = sendto(remote->fd, remote->buf->data + remote->buf->idx,
remote->buf->len, MSG_FASTOPEN, remote->addr,
get_sockaddr_len(remote->addr));
if (s == -1 && (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT ||
errno == ENOPROTOOPT)) {
fast_open = 0;
LOGE("fast open is not supported on this platform");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
remote->addr = NULL;
if (s == -1) {
if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN
|| errno == EWOULDBLOCK) {
ev_io_start(EV_A_ & remote_send_ctx->io);
ev_timer_start(EV_A_ & remote_send_ctx->watcher);
} else {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
}
} else {
s = send(remote->fd, remote->buf->data + remote->buf->idx,
remote->buf->len, 0);
}
if (s == -1) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf->len) {
// partly sent, move memory, wait for the next time to send
remote->buf->len -= s;
remote->buf->idx += s;
ev_io_start(EV_A_ & remote_send_ctx->io);
return;
} else {
// all sent out, wait for reading
remote->buf->len = 0;
remote->buf->idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
}
}
static void remote_recv_cb(EV_P_ ev_io *w, int revents)
{
remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
remote_t *remote = remote_recv_ctx->remote;
server_t *server = remote->server;
ev_timer_again(EV_A_ & remote->recv_ctx->watcher);
#ifdef ANDROID
stat_update_cb(loop);
#endif
ssize_t r = recv(remote->fd, server->buf->array, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("remote_recv_cb_recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
server->buf->len = r;
if (!remote->direct) {
#ifdef ANDROID
rx += server->buf->len;
#endif
if ( r == 0 )
return;
// SSR beg
if (server->obfs_plugin) {
obfs_class *obfs_plugin = server->obfs_plugin;
if (obfs_plugin->client_decode) {
int needsendback;
server->buf->len = obfs_plugin->client_decode(server->obfs, &server->buf->array, server->buf->len, &server->buf->capacity, &needsendback);
if (server->buf->len < 0) {
LOGE("client_decode");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
}
int err = ss_decrypt(server->buf, server->d_ctx);
if (err) {
LOGE("remote invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
if (server->protocol_plugin) {
obfs_class *protocol_plugin = server->protocol_plugin;
if (protocol_plugin->client_post_decrypt) {
server->buf->len = protocol_plugin->client_post_decrypt(server->protocol, &server->buf->array, server->buf->len, &server->buf->capacity);
if (server->buf->len < 0) {
LOGE("client_post_decrypt");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
if ( server->buf->len == 0 )
return;
}
}
// SSR end
}
int s = send(server->fd, server->buf->array, server->buf->len, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
server->buf->idx = 0;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
return;
} else {
ERROR("remote_recv_cb_send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < server->buf->len) {
server->buf->len -= s;
server->buf->idx = s;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
return;
}
}
static void
remote_send_cb(EV_P_ ev_io *w, int revents)
{
remote_ctx_t *remote_send_ctx = (remote_ctx_t *)w;
remote_t *remote = remote_send_ctx->remote;
server_t *server = remote->server;
if (!remote_send_ctx->connected) {
struct sockaddr_storage addr;
socklen_t len = sizeof addr;
int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
if (r == 0) {
remote_send_ctx->connected = 1;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_stop(EV_A_ & server->recv_ctx->io);
ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
ev_timer_start(EV_A_ & remote->recv_ctx->watcher);
// send destaddr
buffer_t ss_addr_to_send;
buffer_t *abuf = &ss_addr_to_send;
balloc(abuf, BUF_SIZE);
if (server->hostname_len > 0) { // HTTP/SNI
uint16_t port;
if (AF_INET6 == server->destaddr.ss_family) { // IPv6
port = (((struct sockaddr_in6 *)&(server->destaddr))->sin6_port);
} else { // IPv4
port = (((struct sockaddr_in *)&(server->destaddr))->sin_port);
}
abuf->array[abuf->len++] = 3; // Type 3 is hostname
abuf->array[abuf->len++] = server->hostname_len;
memcpy(abuf->array + abuf->len, server->hostname, server->hostname_len);
abuf->len += server->hostname_len;
memcpy(abuf->array + abuf->len, &port, 2);
} else if (AF_INET6 == server->destaddr.ss_family) { // IPv6
abuf->array[abuf->len++] = 4; // Type 4 is IPv6 address
size_t in6_addr_len = sizeof(struct in6_addr);
memcpy(abuf->array + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_addr),
in6_addr_len);
abuf->len += in6_addr_len;
memcpy(abuf->array + abuf->len,
&(((struct sockaddr_in6 *)&(server->destaddr))->sin6_port),
2);
} else { // IPv4
abuf->array[abuf->len++] = 1; // Type 1 is IPv4 address
size_t in_addr_len = sizeof(struct in_addr);
memcpy(abuf->array + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_addr, in_addr_len);
abuf->len += in_addr_len;
memcpy(abuf->array + abuf->len,
&((struct sockaddr_in *)&(server->destaddr))->sin_port, 2);
}
abuf->len += 2;
if (auth) {
abuf->array[0] |= ONETIMEAUTH_FLAG;
ss_onetimeauth(abuf, server->e_ctx->evp.iv, BUF_SIZE);
}
brealloc(remote->buf, remote->buf->len + abuf->len, BUF_SIZE);
memmove(remote->buf->array + abuf->len, remote->buf->array, remote->buf->len);
memcpy(remote->buf->array, abuf->array, abuf->len);
remote->buf->len += abuf->len;
bfree(abuf);
int err = ss_encrypt(remote->buf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
ev_io_start(EV_A_ & remote->recv_ctx->io);
} else {
ERROR("getpeername");
// not connected
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (remote->buf->len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s = send(remote->fd, remote->buf->array + remote->buf->idx,
remote->buf->len, 0);
if (s == -1) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf->len) {
// partly sent, move memory, wait for the next time to send
remote->buf->len -= s;
remote->buf->idx += s;
return;
} else {
// all sent out, wait for reading
remote->buf->len = 0;
remote->buf->idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
}
}
static void server_recv_cb(EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_recv_ctx = (struct server_ctx *)w;
struct server *server = server_recv_ctx->server;
struct remote *remote = server->remote;
if (remote == NULL) {
close_and_free_server(EV_A_ server);
return;
}
ssize_t r = recv(server->fd, remote->buf, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("server recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (auth) {
remote->buf = ss_gen_hash(remote->buf, &r, &remote->counter, server->e_ctx, BUF_SIZE);
}
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
if (remote->buf == NULL) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, remote->buf, r, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
remote->buf_len = r;
remote->buf_idx = 0;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < r) {
remote->buf_len = r - s;
remote->buf_idx = s;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
}
}
static void remote_send_cb(EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_send_ctx = (struct remote_ctx *)w;
struct remote *remote = remote_send_ctx->remote;
struct server *server = remote->server;
if (!remote_send_ctx->connected) {
struct sockaddr_storage addr;
socklen_t len = sizeof addr;
int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
if (r == 0) {
remote_send_ctx->connected = 1;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
char *ss_addr_to_send = malloc(BUF_SIZE);
ssize_t addr_len = 0;
ss_addr_t *sa = &server->destaddr;
struct cork_ip ip;
if (cork_ip_init(&ip, sa->host) != -1) {
if (ip.version == 4) {
// send as IPv4
struct in_addr host;
int host_len = sizeof(struct in_addr);
if (dns_pton(AF_INET, sa->host, &host) == -1) {
FATAL("IP parser error");
}
ss_addr_to_send[addr_len++] = 1;
memcpy(ss_addr_to_send + addr_len, &host, host_len);
addr_len += host_len;
} else if (ip.version == 6) {
// send as IPv6
struct in6_addr host;
int host_len = sizeof(struct in6_addr);
if (dns_pton(AF_INET6, sa->host, &host) == -1) {
FATAL("IP parser error");
}
ss_addr_to_send[addr_len++] = 4;
memcpy(ss_addr_to_send + addr_len, &host, host_len);
addr_len += host_len;
} else {
FATAL("IP parser error");
}
} else {
// send as domain
int host_len = strlen(sa->host);
ss_addr_to_send[addr_len++] = 3;
ss_addr_to_send[addr_len++] = host_len;
memcpy(ss_addr_to_send + addr_len, sa->host, host_len);
addr_len += host_len;
}
uint16_t port = htons(atoi(sa->port));
memcpy(ss_addr_to_send + addr_len, &port, 2);
addr_len += 2;
ss_addr_to_send = ss_encrypt(BUF_SIZE, ss_addr_to_send, &addr_len,
server->e_ctx);
if (ss_addr_to_send == NULL) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, ss_addr_to_send, addr_len, 0);
free(ss_addr_to_send);
if (s < addr_len) {
LOGE("failed to send addr");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
ev_io_start(EV_A_ & remote->recv_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
return;
} else {
ERROR("getpeername");
// not connected
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else {
if (remote->buf_len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s = send(remote->fd, remote->buf + remote->buf_idx,
remote->buf_len, 0);
if (s < 0) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf_len) {
// partly sent, move memory, wait for the next time to send
remote->buf_len -= s;
remote->buf_idx += s;
return;
} else {
// all sent out, wait for reading
remote->buf_len = 0;
remote->buf_idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
}
}
}
static void remote_recv_cb(EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_recv_ctx = (struct remote_ctx *)w;
struct remote *remote = remote_recv_ctx->remote;
struct server *server = remote->server;
ev_timer_again(EV_A_ & remote->recv_ctx->watcher);
ssize_t r = recv(remote->fd, server->buf, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("remote_recv_cb_recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (!remote->direct) {
server->buf = ss_decrypt(BUF_SIZE, server->buf, &r, server->d_ctx);
if (server->buf == NULL) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
int s = send(server->fd, server->buf, r, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
server->buf_len = r;
server->buf_idx = 0;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
return;
} else {
ERROR("remote_recv_cb_send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < r) {
server->buf_len = r - s;
server->buf_idx = s;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
return;
}
}
static void server_recv_cb (EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_recv_ctx = (struct server_ctx *)w;
struct server *server = server_recv_ctx->server;
struct remote *remote = server->remote;
if (remote == NULL)
{
close_and_free_server(EV_A_ server);
return;
}
ssize_t r = recv(server->fd, remote->buf, BUF_SIZE, 0);
if (r == 0)
{
// connection closed
remote->buf_len = 0;
remote->buf_idx = 0;
close_and_free_server(EV_A_ server);
if (remote != NULL)
{
ev_io_start(EV_A_ &remote->send_ctx->io);
}
return;
}
else if(r < 0)
{
if (errno == EAGAIN || errno == EWOULDBLOCK)
{
// no data
// continue to wait for recv
return;
}
else
{
ERROR("server recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
// local socks5 server
if (server->stage == 5)
{
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r, server->e_ctx);
if (remote->buf == NULL)
{
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, remote->buf, r, 0);
if(s == -1)
{
if (errno == EAGAIN || errno == EWOULDBLOCK)
{
// no data, wait for send
remote->buf_len = r;
remote->buf_idx = 0;
ev_io_stop(EV_A_ &server_recv_ctx->io);
ev_io_start(EV_A_ &remote->send_ctx->io);
return;
}
else
{
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
else if(s < r)
{
remote->buf_len = r - s;
remote->buf_idx = s;
ev_io_stop(EV_A_ &server_recv_ctx->io);
ev_io_start(EV_A_ &remote->send_ctx->io);
return;
}
}
else if (server->stage == 0)
{
struct method_select_response response;
response.ver = SVERSION;
response.method = 0;
char *send_buf = (char *)&response;
send(server->fd, send_buf, sizeof(response), 0);
server->stage = 1;
return;
}
else if (server->stage == 1)
{
struct socks5_request *request = (struct socks5_request *)remote->buf;
struct sockaddr_in sock_addr;
memset(&sock_addr, 0, sizeof(sock_addr));
if (udprelay && request->cmd == 3)
{
socklen_t addr_len = sizeof(sock_addr);
getsockname(server->fd, (struct sockaddr *)&sock_addr,
&addr_len);
if (verbose)
{
LOGD("udp assc request accepted.");
}
}
else if (request->cmd != 1)
{
LOGE("unsupported cmd: %d", request->cmd);
struct socks5_response response;
response.ver = SVERSION;
response.rep = CMD_NOT_SUPPORTED;
response.rsv = 0;
response.atyp = 1;
char *send_buf = (char *)&response;
send(server->fd, send_buf, 4, 0);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
else
{
char *ss_addr_to_send = malloc(BUF_SIZE);
ssize_t addr_len = 0;
ss_addr_to_send[addr_len++] = request->atyp;
// get remote addr and port
if (request->atyp == 1)
{
// IP V4
size_t in_addr_len = sizeof(struct in_addr);
memcpy(ss_addr_to_send + addr_len, remote->buf + 4, in_addr_len + 2);
addr_len += in_addr_len + 2;
if (verbose)
{
char host[INET_ADDRSTRLEN];
uint16_t port = ntohs(*(uint16_t *)(remote->buf + 4 + in_addr_len));
inet_ntop(AF_INET, (const void *)(remote->buf + 4),
host, INET_ADDRSTRLEN);
LOGD("connect to %s:%d", host, port);
}
}
else if (request->atyp == 3)
{
// Domain name
uint8_t name_len = *(uint8_t *)(remote->buf + 4);
ss_addr_to_send[addr_len++] = name_len;
memcpy(ss_addr_to_send + addr_len, remote->buf + 4 + 1, name_len + 2);
addr_len += name_len + 2;
if (verbose)
{
char host[256];
uint16_t port = ntohs(*(uint16_t *)(remote->buf + 4 + 1 + name_len));
memcpy(host, remote->buf + 4 + 1, name_len);
host[name_len] = '\0';
LOGD("connect to %s:%d", host, port);
}
}
else if (request->atyp == 4)
{
// IP V6
size_t in6_addr_len = sizeof(struct in6_addr);
memcpy(ss_addr_to_send + addr_len, remote->buf + 4, in6_addr_len + 2);
addr_len += in6_addr_len + 2;
if (verbose)
{
char host[INET6_ADDRSTRLEN];
uint16_t port = ntohs(*(uint16_t *)(remote->buf + 4 + in6_addr_len));
inet_ntop(AF_INET6, (const void *)(remote->buf + 4),
host, INET6_ADDRSTRLEN);
LOGD("connect to %s:%d", host, port);
}
}
else
{
LOGE("unsupported addrtype: %d", request->atyp);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
ss_addr_to_send = ss_encrypt(BUF_SIZE, ss_addr_to_send, &addr_len, server->e_ctx);
if (ss_addr_to_send == NULL)
{
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, ss_addr_to_send, addr_len, 0);
free(ss_addr_to_send);
if (s < addr_len)
{
LOGE("failed to send remote addr.");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
server->stage = 5;
ev_io_start(EV_A_ &remote->recv_ctx->io);
}
// Fake reply
struct socks5_response response;
response.ver = SVERSION;
response.rep = 0;
response.rsv = 0;
response.atyp = 1;
memcpy(server->buf, &response, sizeof(struct socks5_response));
memcpy(server->buf + sizeof(struct socks5_response), &sock_addr.sin_addr, sizeof(sock_addr.sin_addr));
memcpy(server->buf + sizeof(struct socks5_response) + sizeof(sock_addr.sin_addr),
&sock_addr.sin_port, sizeof(sock_addr.sin_port));
int reply_size = sizeof(struct socks5_response) + sizeof(sock_addr.sin_addr) + sizeof(sock_addr.sin_port);
int s = send(server->fd, server->buf, reply_size, 0);
if (s < reply_size)
{
LOGE("failed to send fake reply.");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
if (request->cmd == 3) {
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
}
static void server_recv_cb(EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_recv_ctx = (struct server_ctx *)w;
struct server *server = server_recv_ctx->server;
struct remote *remote = server->remote;
char *buf;
if (remote == NULL) {
buf = server->buf;
} else {
buf = remote->buf;
}
ssize_t r = recv(server->fd, buf, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("server_recv_cb_recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
while (1) {
// local socks5 server
if (server->stage == 5) {
if (remote == NULL) {
LOGE("invalid remote.");
close_and_free_server(EV_A_ server);
return;
}
// insert shadowsocks header
if (!remote->direct) {
remote->buf = ss_encrypt(BUF_SIZE, remote->buf, &r,
server->e_ctx);
if (remote->buf == NULL) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (!remote->send_ctx->connected) {
remote->buf_idx = 0;
remote->buf_len = r;
if (!fast_open || remote->direct) {
// connecting, wait until connected
connect(remote->fd, remote->addr_info->ai_addr,
remote->addr_info->ai_addrlen);
// wait on remote connected event
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
} else {
#ifdef TCP_FASTOPEN
int s = sendto(remote->fd, remote->buf, r, MSG_FASTOPEN,
remote->addr_info->ai_addr,
remote->addr_info->ai_addrlen);
if (s == -1) {
if (errno == EINPROGRESS) {
// in progress, wait until connected
remote->buf_idx = 0;
remote->buf_len = r;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
ERROR("sendto");
if (errno == ENOTCONN) {
LOGE(
"fast open is not supported on this platform");
// just turn it off
fast_open = 0;
}
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < r) {
remote->buf_len = r - s;
remote->buf_idx = s;
}
// Just connected
remote->send_ctx->connected = 1;
ev_timer_stop(EV_A_ & remote->send_ctx->watcher);
ev_io_start(EV_A_ & remote->recv_ctx->io);
#else
// if TCP_FASTOPEN is not defined, fast_open will always be 0
LOGE("can't come here");
exit(1);
#endif
}
} else {
int s = send(remote->fd, remote->buf, r, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
remote->buf_idx = 0;
remote->buf_len = r;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
ERROR("server_recv_cb_send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < r) {
remote->buf_len = r - s;
remote->buf_idx = s;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
}
}
// all processed
return;
} else if (server->stage == 0) {
struct method_select_response response;
response.ver = SVERSION;
response.method = 0;
char *send_buf = (char *)&response;
send(server->fd, send_buf, sizeof(response), 0);
server->stage = 1;
return;
} else if (server->stage == 1) {
struct socks5_request *request = (struct socks5_request *)buf;
struct sockaddr_in sock_addr;
memset(&sock_addr, 0, sizeof(sock_addr));
int udp_assc = 0;
if (udprelay && request->cmd == 3) {
udp_assc = 1;
socklen_t addr_len = sizeof(sock_addr);
getsockname(server->fd, (struct sockaddr *)&sock_addr,
&addr_len);
if (verbose) {
LOGD("udp assc request accepted.");
}
} else if (request->cmd != 1) {
LOGE("unsupported cmd: %d", request->cmd);
struct socks5_response response;
response.ver = SVERSION;
response.rep = CMD_NOT_SUPPORTED;
response.rsv = 0;
response.atyp = 1;
char *send_buf = (char *)&response;
send(server->fd, send_buf, 4, 0);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
char *ss_addr_to_send = malloc(BUF_SIZE);
ssize_t addr_len = 0;
ss_addr_to_send[addr_len++] = request->atyp;
char host[256], port[16];
// get remote addr and port
if (request->atyp == 1) {
// IP V4
size_t in_addr_len = sizeof(struct in_addr);
memcpy(ss_addr_to_send + addr_len, buf + 4, in_addr_len +
2);
addr_len += in_addr_len + 2;
if (acl || verbose) {
uint16_t p =
ntohs(*(uint16_t *)(buf + 4 + in_addr_len));
inet_ntop(AF_INET, (const void *)(buf + 4),
host, INET_ADDRSTRLEN);
sprintf(port, "%d", p);
}
} else if (request->atyp == 3) {
// Domain name
uint8_t name_len = *(uint8_t *)(buf + 4);
ss_addr_to_send[addr_len++] = name_len;
memcpy(ss_addr_to_send + addr_len, buf + 4 + 1, name_len +
2);
addr_len += name_len + 2;
if (acl || verbose) {
uint16_t p =
ntohs(*(uint16_t *)(buf + 4 + 1 + name_len));
memcpy(host, buf + 4 + 1, name_len);
host[name_len] = '\0';
sprintf(port, "%d", p);
}
} else if (request->atyp == 4) {
// IP V6
size_t in6_addr_len = sizeof(struct in6_addr);
memcpy(ss_addr_to_send + addr_len, buf + 4, in6_addr_len +
2);
addr_len += in6_addr_len + 2;
if (acl || verbose) {
uint16_t p =
ntohs(*(uint16_t *)(buf + 4 + in6_addr_len));
inet_ntop(AF_INET6, (const void *)(buf + 4),
host, INET6_ADDRSTRLEN);
sprintf(port, "%d", p);
}
} else {
LOGE("unsupported addrtype: %d", request->atyp);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
server->stage = 5;
r -= (3 + addr_len);
buf += (3 + addr_len);
if (verbose) {
LOGD("connect to %s:%s", host, port);
}
if ((acl && request->atyp == 1 && acl_contains_ip(host))
|| (acl && request->atyp == 3 &&
acl_contains_domain(host))) {
remote = connect_to_remote(server->listener, host, port);
remote->direct = 1;
if (verbose) {
LOGD("bypass %s:%s", host, port);
}
} else {
remote = connect_to_remote(server->listener, NULL, NULL);
}
if (remote == NULL) {
LOGE("invalid remote addr.");
close_and_free_server(EV_A_ server);
return;
}
if (!remote->direct) {
memcpy(remote->buf, ss_addr_to_send, addr_len);
if (r > 0) {
memcpy(remote->buf + addr_len, buf, r);
}
r += addr_len;
} else {
if (r > 0) {
memcpy(remote->buf, buf, r);
}
}
server->remote = remote;
remote->server = server;
}
// Fake reply
struct socks5_response response;
response.ver = SVERSION;
response.rep = 0;
response.rsv = 0;
response.atyp = 1;
memcpy(server->buf, &response, sizeof(struct socks5_response));
memcpy(server->buf + sizeof(struct socks5_response),
&sock_addr.sin_addr, sizeof(sock_addr.sin_addr));
memcpy(server->buf + sizeof(struct socks5_response) +
sizeof(sock_addr.sin_addr),
&sock_addr.sin_port, sizeof(sock_addr.sin_port));
int reply_size = sizeof(struct socks5_response) +
sizeof(sock_addr.sin_addr) +
sizeof(sock_addr.sin_port);
int s = send(server->fd, server->buf, reply_size, 0);
if (s < reply_size) {
LOGE("failed to send fake reply.");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
if (udp_assc) {
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
}
}
static void query_resolve_cb(EV_P_ ev_timer *watcher, int revents)
{
int err;
struct addrinfo *result, *rp;
struct query_ctx *query_ctx = (struct query_ctx *)((void*)watcher);
asyncns_t *asyncns = query_ctx->server_ctx->asyncns;
asyncns_query_t *query = query_ctx->query;
if (asyncns == NULL || query == NULL)
{
LOGE("invalid dns query.");
close_and_free_query(EV_A_ query_ctx);
return;
}
if (asyncns_wait(asyncns, 0) == -1)
{
// asyncns error
FATAL("asyncns exit unexpectedly.");
}
if (!asyncns_isdone(asyncns, query))
{
// wait reolver
return;
}
if (verbose)
{
LOGD("[udp] asyncns resolved.");
}
ev_timer_stop(EV_A_ watcher);
err = asyncns_getaddrinfo_done(asyncns, query, &result);
if (err)
{
ERROR("getaddrinfo");
}
else
{
// Use IPV4 address if possible
for (rp = result; rp != NULL; rp = rp->ai_next)
{
if (rp->ai_family == AF_INET) break;
}
if (rp == NULL)
{
rp = result;
}
int remotefd = create_remote_socket(rp->ai_family == AF_INET6);
if (remotefd != -1)
{
setnonblocking(remotefd);
#ifdef SO_NOSIGPIPE
int opt = 1;
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
#ifdef SET_INTERFACE
if (query_ctx->server_ctx->iface)
setinterface(remotefd, query_ctx->server_ctx->iface);
#endif
struct remote_ctx *remote_ctx = new_remote(remotefd, query_ctx->server_ctx);
remote_ctx->src_addr = query_ctx->src_addr;
remote_ctx->dst_addr = *rp->ai_addr;
remote_ctx->server_ctx = query_ctx->server_ctx;
remote_ctx->addr_header_len = query_ctx->addr_header_len;
memcpy(remote_ctx->addr_header, query_ctx->addr_header, query_ctx->addr_header_len);
// Add to conn cache
char *key = hash_key(remote_ctx->addr_header,
remote_ctx->addr_header_len, &remote_ctx->src_addr);
cache_insert(query_ctx->server_ctx->conn_cache, key, (void *)remote_ctx);
ev_io_start(EV_A_ &remote_ctx->io);
int s = sendto(remote_ctx->fd, query_ctx->buf, query_ctx->buf_len, 0, &remote_ctx->dst_addr, sizeof(remote_ctx->dst_addr));
if (s == -1)
{
ERROR("udprelay_sendto_remote");
close_and_free_remote(EV_A_ remote_ctx);
}
}
else
{
ERROR("udprelay bind() error..");
}
}
// clean up
asyncns_freeaddrinfo(result);
close_and_free_query(EV_A_ query_ctx);
}
static void remote_send_cb(EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_send_ctx = (struct remote_ctx *)w;
struct remote *remote = remote_send_ctx->remote;
struct server *server = remote->server;
if (server == NULL) {
LOGE("invalid server");
close_and_free_remote(EV_A_ remote);
return;
}
if (!remote_send_ctx->connected) {
struct sockaddr_storage addr;
socklen_t len = sizeof addr;
memset(&addr, 0, len);
int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
if (r == 0) {
if (verbose) {
LOGI("remote connected");
}
remote_send_ctx->connected = 1;
if (remote->buf_len == 0) {
server->stage = 5;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
ev_io_start(EV_A_ & remote->recv_ctx->io);
return;
}
} else {
ERROR("getpeername");
// not connected
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (remote->buf_len == 0) {
// close and free
if (verbose) {
LOGI("remote_send close the connection");
}
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s = send(remote->fd, remote->buf + remote->buf_idx,
remote->buf_len, 0);
if (s == -1) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("remote_send_send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf_len) {
// partly sent, move memory, wait for the next time to send
remote->buf_len -= s;
remote->buf_idx += s;
return;
} else {
// all sent out, wait for reading
remote->buf_len = 0;
remote->buf_idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
if (server != NULL) {
ev_io_start(EV_A_ & server->recv_ctx->io);
if (server->stage == 4) {
server->stage = 5;
ev_io_start(EV_A_ & remote->recv_ctx->io);
}
} else {
LOGE("invalid server");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
}
}
}
static void server_recv_cb(EV_P_ ev_io *w, int revents)
{
struct server_ctx *server_recv_ctx = (struct server_ctx *)w;
struct server *server = server_recv_ctx->server;
struct remote *remote = NULL;
int len = server->buf_len;
char **buf = &server->buf;
ev_timer_again(EV_A_ & server->recv_ctx->watcher);
if (server->stage != 0) {
remote = server->remote;
buf = &remote->buf;
len = 0;
}
ssize_t r = recv(server->fd, *buf + len, BUF_SIZE - len, 0);
if (r == 0) {
// connection closed
if (verbose) {
LOGI("server_recv close the connection");
}
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("server recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
tx += r;
// handle incomplete header
if (server->stage == 0) {
r += server->buf_len;
if (r <= enc_get_iv_len()) {
// wait for more
if (verbose) {
#ifdef __MINGW32__
LOGI("imcomplete header: %u", r);
#else
LOGI("imcomplete header: %zu", r);
#endif
}
server->buf_len = r;
return;
} else {
server->buf_len = 0;
}
}
*buf = ss_decrypt(BUF_SIZE, *buf, &r, server->d_ctx);
if (*buf == NULL) {
LOGE("invalid password or cipher");
report_addr(server->fd);
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
// handshake and transmit data
if (server->stage == 5) {
int s = send(remote->fd, remote->buf, r, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
remote->buf_len = r;
remote->buf_idx = 0;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
} else {
ERROR("server_recv_send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
} else if (s < r) {
remote->buf_len = r - s;
remote->buf_idx = s;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
}
return;
} else if (server->stage == 0) {
/*
* Shadowsocks Protocol:
*
* +------+----------+----------+
* | ATYP | DST.ADDR | DST.PORT |
* +------+----------+----------+
* | 1 | Variable | 2 |
* +------+----------+----------+
*/
int offset = 0;
int need_query = 0;
char atyp = server->buf[offset++];
char host[256] = { 0 };
uint16_t port = 0;
struct addrinfo info;
struct sockaddr_storage storage;
memset(&info, 0, sizeof(struct addrinfo));
memset(&storage, 0, sizeof(struct sockaddr_storage));
// get remote addr and port
if (atyp == 1) {
// IP V4
struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
size_t in_addr_len = sizeof(struct in_addr);
addr->sin_family = AF_INET;
if (r > in_addr_len) {
addr->sin_addr = *(struct in_addr *)(server->buf + offset);
dns_ntop(AF_INET, (const void *)(server->buf + offset),
host, INET_ADDRSTRLEN);
offset += in_addr_len;
} else {
LOGE("invalid header with addr type %d", atyp);
report_addr(server->fd);
close_and_free_server(EV_A_ server);
return;
}
addr->sin_port = *(uint16_t *)(server->buf + offset);
info.ai_family = AF_INET;
info.ai_socktype = SOCK_STREAM;
info.ai_protocol = IPPROTO_TCP;
info.ai_addrlen = sizeof(struct sockaddr_in);
info.ai_addr = (struct sockaddr *)addr;
} else if (atyp == 3) {
// Domain name
uint8_t name_len = *(uint8_t *)(server->buf + offset);
if (name_len < r) {
memcpy(host, server->buf + offset + 1, name_len);
offset += name_len + 1;
} else {
LOGE("invalid name length: %d", name_len);
report_addr(server->fd);
close_and_free_server(EV_A_ server);
return;
}
struct cork_ip ip;
if (cork_ip_init(&ip, host) != -1) {
info.ai_socktype = SOCK_STREAM;
info.ai_protocol = IPPROTO_TCP;
if (ip.version == 4) {
struct sockaddr_in *addr = (struct sockaddr_in *)&storage;
dns_pton(AF_INET, host, &(addr->sin_addr));
addr->sin_port = *(uint16_t *)(server->buf + offset);
addr->sin_family = AF_INET;
info.ai_family = AF_INET;
info.ai_addrlen = sizeof(struct sockaddr_in);
info.ai_addr = (struct sockaddr *)addr;
} else if (ip.version == 6) {
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
dns_pton(AF_INET6, host, &(addr->sin6_addr));
addr->sin6_port = *(uint16_t *)(server->buf + offset);
addr->sin6_family = AF_INET6;
info.ai_family = AF_INET6;
info.ai_addrlen = sizeof(struct sockaddr_in6);
info.ai_addr = (struct sockaddr *)addr;
}
} else {
need_query = 1;
}
} else if (atyp == 4) {
// IP V6
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)&storage;
size_t in6_addr_len = sizeof(struct in6_addr);
addr->sin6_family = AF_INET6;
if (r > in6_addr_len) {
addr->sin6_addr = *(struct in6_addr *)(server->buf + offset);
dns_ntop(AF_INET6, (const void *)(server->buf + offset),
host, INET6_ADDRSTRLEN);
offset += in6_addr_len;
} else {
LOGE("invalid header with addr type %d", atyp);
report_addr(server->fd);
close_and_free_server(EV_A_ server);
return;
}
addr->sin6_port = *(uint16_t *)(server->buf + offset);
info.ai_family = AF_INET6;
info.ai_socktype = SOCK_STREAM;
info.ai_protocol = IPPROTO_TCP;
info.ai_addrlen = sizeof(struct sockaddr_in6);
info.ai_addr = (struct sockaddr *)addr;
}
if (offset == 1) {
LOGE("invalid header with addr type %d", atyp);
report_addr(server->fd);
close_and_free_server(EV_A_ server);
return;
}
if (acl && !need_query && acl_contains_ip(host)) {
if (verbose) {
LOGI("Access denied to %s", host);
}
close_and_free_server(EV_A_ server);
return;
}
port = (*(uint16_t *)(server->buf + offset));
offset += 2;
if (verbose) {
LOGI("connect to: %s:%d", host, ntohs(port));
}
// XXX: should handle buffer carefully
if (r > offset) {
server->buf_len = r - offset;
server->buf_idx = offset;
}
if (!need_query) {
struct remote *remote = connect_to_remote(&info, server);
if (remote == NULL) {
LOGE("connect error");
close_and_free_server(EV_A_ server);
return;
} else {
server->remote = remote;
remote->server = server;
// XXX: should handle buffer carefully
if (server->buf_len > 0) {
memcpy(remote->buf, server->buf + server->buf_idx,
server->buf_len);
remote->buf_len = server->buf_len;
remote->buf_idx = 0;
server->buf_len = 0;
server->buf_idx = 0;
}
server->stage = 4;
// listen to remote connected event
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
}
} else {
server->stage = 4;
server->query = resolv_query(host, server_resolve_cb, NULL, server,
port);
ev_io_stop(EV_A_ & server_recv_ctx->io);
}
return;
}
// should not reach here
FATAL("server context error");
}
static void
server_recv_cb(EV_P_ ev_io *w, int revents)
{
server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
server_t *server = server_recv_ctx->server;
remote_t *remote = server->remote;
ssize_t r = recv(server->fd, remote->buf->array + remote->buf->len,
BUF_SIZE - remote->buf->len, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("server recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
remote->buf->len += r;
if (verbose) {
uint16_t port = 0;
char ipstr[INET6_ADDRSTRLEN];
memset(&ipstr, 0, INET6_ADDRSTRLEN);
if (AF_INET == server->destaddr.ss_family) {
struct sockaddr_in *sa = (struct sockaddr_in *)&(server->destaddr);
dns_ntop(AF_INET, &(sa->sin_addr), ipstr, INET_ADDRSTRLEN);
port = ntohs(sa->sin_port);
} else {
// TODO: The code below need to be test in IPv6 envirment, which I
// don't have.
struct sockaddr_in6 *sa = (struct sockaddr_in6 *)&(server->destaddr);
dns_ntop(AF_INET6, &(sa->sin6_addr), ipstr, INET6_ADDRSTRLEN);
port = ntohs(sa->sin6_port);
}
LOGI("redir to %s:%d, len=%zd, recv=%zd", ipstr, port, remote->buf->len, r);
}
if (auth) {
ss_gen_hash(remote->buf, &remote->counter, server->e_ctx, BUF_SIZE);
}
if (!remote->send_ctx->connected) {
// SNI
int ret = 0;
uint16_t port = 0;
if (AF_INET6 == server->destaddr.ss_family) { // IPv6
port = ntohs(((struct sockaddr_in6 *)&(server->destaddr))->sin6_port);
} else { // IPv4
port = ntohs(((struct sockaddr_in *)&(server->destaddr))->sin_port);
}
if (port == http_protocol->default_port)
ret = http_protocol->parse_packet(remote->buf->array,
remote->buf->len, &server->hostname);
else if (port == tls_protocol->default_port)
ret = tls_protocol->parse_packet(remote->buf->array,
remote->buf->len, &server->hostname);
if (ret > 0) {
server->hostname_len = ret;
}
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
}
int err = ss_encrypt(remote->buf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, remote->buf->array, remote->buf->len, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
remote->buf->idx = 0;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < remote->buf->len) {
remote->buf->len -= s;
remote->buf->idx = s;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
remote->buf->idx = 0;
remote->buf->len = 0;
}
}
static void remote_send_cb(EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_send_ctx = (struct remote_ctx *)w;
struct remote *remote = remote_send_ctx->remote;
struct server *server = remote->server;
if (!remote_send_ctx->connected) {
struct sockaddr_storage addr;
socklen_t len = sizeof addr;
int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len);
if (r == 0) {
remote_send_ctx->connected = 1;
ev_timer_stop(EV_A_ & remote_send_ctx->watcher);
ev_timer_start(EV_A_ & remote->recv_ctx->watcher);
ev_io_start(EV_A_ & remote->recv_ctx->io);
// no need to send any data
if (remote->buf_len == 0) {
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
return;
}
} else {
// not connected
ERROR("getpeername");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
if (remote->buf_len == 0) {
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else {
// has data to send
ssize_t s = send(remote->fd, remote->buf + remote->buf_idx,
remote->buf_len, 0);
if (s < 0) {
if (errno != EAGAIN && errno != EWOULDBLOCK) {
ERROR("remote_send_cb_send");
// close and free
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
return;
} else if (s < remote->buf_len) {
// partly sent, move memory, wait for the next time to send
remote->buf_len -= s;
remote->buf_idx += s;
return;
} else {
// all sent out, wait for reading
remote->buf_len = 0;
remote->buf_idx = 0;
ev_io_stop(EV_A_ & remote_send_ctx->io);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
}
}
static void
remote_recv_cb(EV_P_ ev_io *w, int revents)
{
remote_ctx_t *remote_recv_ctx = (remote_ctx_t *)w;
remote_t *remote = remote_recv_ctx->remote;
server_t *server = remote->server;
ev_timer_again(EV_A_ & remote->recv_ctx->watcher);
ssize_t r = recv(remote->fd, server->buf->array, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("remote recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
server->buf->len = r;
int err = ss_decrypt(server->buf, server->d_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(server->fd, server->buf->array, server->buf->len, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
server->buf->idx = 0;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
} else {
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
}
} else if (s < server->buf->len) {
server->buf->len -= s;
server->buf->idx = s;
ev_io_stop(EV_A_ & remote_recv_ctx->io);
ev_io_start(EV_A_ & server->send_ctx->io);
}
// Disable TCP_NODELAY after the first response are sent
int opt = 0;
setsockopt(server->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
setsockopt(remote->fd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
}
static void server_recv_cb(EV_P_ ev_io *w, int revents)
{
server_ctx_t *server_recv_ctx = (server_ctx_t *)w;
server_t *server = server_recv_ctx->server;
remote_t *remote = server->remote;
ssize_t r = recv(server->fd, remote->buf->array, BUF_SIZE, 0);
if (r == 0) {
// connection closed
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
} else if (r < 0) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data
// continue to wait for recv
return;
} else {
ERROR("server recv");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
}
remote->buf->len = r;
if (auth) {
ss_gen_hash(remote->buf, &remote->counter, server->e_ctx, BUF_SIZE);
}
if (!remote->send_ctx->connected) {
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
}
int err = ss_encrypt(remote->buf, server->e_ctx, BUF_SIZE);
if (err) {
LOGE("invalid password or cipher");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
int s = send(remote->fd, remote->buf->array, remote->buf->len, 0);
if (s == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
// no data, wait for send
remote->buf->idx = 0;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
} else {
ERROR("send");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
} else if (s < remote->buf->len) {
remote->buf->len -= s;
remote->buf->idx = s;
ev_io_stop(EV_A_ & server_recv_ctx->io);
ev_io_start(EV_A_ & remote->send_ctx->io);
return;
}
}
static void
accept_cb(EV_P_ ev_io *w, int revents)
{
listen_ctx_t *listener = (listen_ctx_t *)w;
struct sockaddr_storage destaddr;
int err;
int serverfd = accept(listener->fd, NULL, NULL);
if (serverfd == -1) {
ERROR("accept");
return;
}
err = getdestaddr(serverfd, &destaddr);
if (err) {
ERROR("getdestaddr");
return;
}
setnonblocking(serverfd);
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
int index = rand() % listener->remote_num;
struct sockaddr *remote_addr = listener->remote_addr[index];
int remotefd = socket(remote_addr->sa_family, SOCK_STREAM, IPPROTO_TCP);
if (remotefd == -1) {
ERROR("socket");
return;
}
// Set flags
setsockopt(remotefd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
// Enable TCP keepalive feature
int keepAlive = 1;
int keepIdle = 40;
int keepInterval = 20;
int keepCount = 5;
setsockopt(remotefd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keepAlive, sizeof(keepAlive));
setsockopt(remotefd, SOL_TCP, TCP_KEEPIDLE, (void *)&keepIdle, sizeof(keepIdle));
setsockopt(remotefd, SOL_TCP, TCP_KEEPINTVL, (void *)&keepInterval, sizeof(keepInterval));
setsockopt(remotefd, SOL_TCP, TCP_KEEPCNT, (void *)&keepCount, sizeof(keepCount));
// Set non blocking
setnonblocking(remotefd);
// Enable MPTCP
if (listener->mptcp == 1) {
int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt));
if (err == -1) {
ERROR("failed to enable multipath TCP");
}
}
server_t *server = new_server(serverfd, listener->method);
remote_t *remote = new_remote(remotefd, listener->timeout);
server->remote = remote;
remote->server = server;
server->destaddr = destaddr;
int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr));
if (r == -1 && errno != CONNECT_IN_PROGRESS) {
ERROR("connect");
close_and_free_remote(EV_A_ remote);
close_and_free_server(EV_A_ server);
return;
}
// listen to remote connected event
ev_io_start(EV_A_ & remote->send_ctx->io);
ev_timer_start(EV_A_ & remote->send_ctx->watcher);
ev_io_start(EV_A_ & server->recv_ctx->io);
}
static void remote_recv_cb (EV_P_ ev_io *w, int revents)
{
struct remote_ctx *remote_ctx = (struct remote_ctx *)w;
struct server_ctx *server_ctx = remote_ctx->server_ctx;
// server has been closed
if (server_ctx == NULL)
{
LOGE("invalid server.");
close_and_free_remote(EV_A_ remote_ctx);
return;
}
if (verbose)
{
LOGD("[udp] remote receive a packet");
}
// triger the timer
ev_timer_again(EV_A_ &remote_ctx->watcher);
struct sockaddr src_addr;
socklen_t addr_len = sizeof(src_addr);
unsigned int addr_header_len = remote_ctx->addr_header_len;
char *buf = malloc(BUF_SIZE);
// recv
ssize_t buf_len = recvfrom(remote_ctx->fd, buf, BUF_SIZE, 0, &src_addr, &addr_len);
if (buf_len == -1)
{
// error on recv
// simply drop that packet
if (verbose)
{
ERROR("udprelay_server_recvfrom");
}
goto CLEAN_UP;
}
#ifdef UDPRELAY_LOCAL
buf = ss_decrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method);
int len = parse_udprealy_header(buf, buf_len, NULL, NULL);
if (len == 0 || len != addr_header_len)
{
// error in parse header
goto CLEAN_UP;
}
// Construct packet
char *tmpbuf = malloc(buf_len + 3);
memset(tmpbuf, 0, 3);
memcpy(tmpbuf + 3, buf, buf_len);
free(buf);
buf = tmpbuf;
buf_len += 3;
#endif
#ifdef UDPRELAY_REMOTE
// Construct packet
char *tmpbuf = malloc(buf_len + addr_header_len);
memcpy(tmpbuf, remote_ctx->addr_header, addr_header_len);
memcpy(tmpbuf + addr_header_len, buf, buf_len);
free(buf);
buf = tmpbuf;
buf_len += addr_header_len;
buf = ss_encrypt_all(BUF_SIZE, buf, &buf_len, server_ctx->method);
#endif
int s = sendto(server_ctx->fd, buf, buf_len, 0, &remote_ctx->src_addr, sizeof(remote_ctx->src_addr));
if (s == -1)
{
ERROR("udprelay_sendto_local");
}
CLEAN_UP:
free(buf);
}
