From a2b6c367eec483a0ee880d46299f6a80d814a36a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Tue, 10 Dec 2024 20:36:09 +0800 Subject: [PATCH] Fix socks5 UDP implementation --- protocol/http/inbound.go | 2 +- protocol/mixed/inbound.go | 16 ++++++++++++---- protocol/socks/inbound.go | 14 +++++++++++--- protocol/tor/proxy.go | 2 +- route/route.go | 11 +++++++---- 5 files changed, 32 insertions(+), 13 deletions(-) diff --git a/protocol/http/inbound.go b/protocol/http/inbound.go index 8aa1d415..68150fa7 100644 --- a/protocol/http/inbound.go +++ b/protocol/http/inbound.go @@ -91,7 +91,7 @@ func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata a } conn = tlsConn } - err := http.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), h.authenticator, nil, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) + err := http.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), h.authenticator, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) if err != nil { N.CloseOnHandshakeFailure(conn, onClose, err) h.logger.ErrorContext(ctx, E.Cause(err, "process connection from ", metadata.Source)) diff --git a/protocol/mixed/inbound.go b/protocol/mixed/inbound.go index d1d343a9..b675a536 100644 --- a/protocol/mixed/inbound.go +++ b/protocol/mixed/inbound.go @@ -85,9 +85,9 @@ func (h *Inbound) newConnection(ctx context.Context, conn net.Conn, metadata ada } switch headerBytes[0] { case socks4.Version, socks5.Version: - return socks.HandleConnectionEx(ctx, conn, reader, h.authenticator, nil, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, metadata.Destination, onClose) + return socks.HandleConnectionEx(ctx, conn, reader, h.authenticator, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) default: - return http.HandleConnectionEx(ctx, conn, reader, h.authenticator, nil, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) + return http.HandleConnectionEx(ctx, conn, reader, h.authenticator, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) } } @@ -110,11 +110,19 @@ func (h *Inbound) streamUserPacketConnection(ctx context.Context, conn N.PacketC metadata.InboundType = h.Type() user, loaded := auth.UserFromContext[string](ctx) if !loaded { - h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + if !metadata.Destination.IsValid() { + h.logger.InfoContext(ctx, "inbound packet connection") + } else { + h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + } h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose) return } metadata.User = user - h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination) + if !metadata.Destination.IsValid() { + h.logger.InfoContext(ctx, "[", user, "] inbound packet connection") + } else { + h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination) + } h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose) } diff --git a/protocol/socks/inbound.go b/protocol/socks/inbound.go index 1490cee5..820c7bbb 100644 --- a/protocol/socks/inbound.go +++ b/protocol/socks/inbound.go @@ -62,7 +62,7 @@ func (h *Inbound) Close() error { } func (h *Inbound) NewConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) { - err := socks.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), h.authenticator, nil, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, metadata.Destination, onClose) + err := socks.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), h.authenticator, adapter.NewUpstreamHandlerEx(metadata, h.newUserConnection, h.streamUserPacketConnection), metadata.Source, onClose) N.CloseOnHandshakeFailure(conn, onClose, err) if err != nil { if E.IsClosedOrCanceled(err) { @@ -92,11 +92,19 @@ func (h *Inbound) streamUserPacketConnection(ctx context.Context, conn N.PacketC metadata.InboundType = h.Type() user, loaded := auth.UserFromContext[string](ctx) if !loaded { - h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + if !metadata.Destination.IsValid() { + h.logger.InfoContext(ctx, "inbound packet connection") + } else { + h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination) + } h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose) return } metadata.User = user - h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination) + if !metadata.Destination.IsValid() { + h.logger.InfoContext(ctx, "[", user, "] inbound packet connection") + } else { + h.logger.InfoContext(ctx, "[", user, "] inbound packet connection to ", metadata.Destination) + } h.router.RoutePacketConnectionEx(ctx, conn, metadata, onClose) } diff --git a/protocol/tor/proxy.go b/protocol/tor/proxy.go index 1ed30335..feab7971 100644 --- a/protocol/tor/proxy.go +++ b/protocol/tor/proxy.go @@ -99,7 +99,7 @@ func (l *ProxyListener) acceptLoop() { } func (l *ProxyListener) accept(ctx context.Context, conn *net.TCPConn) error { - return socks.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), l.authenticator, nil, l, M.SocksaddrFromNet(conn.RemoteAddr()), M.Socksaddr{}, nil) + return socks.HandleConnectionEx(ctx, conn, std_bufio.NewReader(conn), l.authenticator, l, M.SocksaddrFromNet(conn.RemoteAddr()), nil) } func (l *ProxyListener) NewConnectionEx(ctx context.Context, conn net.Conn, source M.Socksaddr, destination M.Socksaddr, onClose N.CloseHandlerFunc) { diff --git a/route/route.go b/route/route.go index 05e22c25..fb2de85d 100644 --- a/route/route.go +++ b/route/route.go @@ -461,8 +461,12 @@ match: break match } } - if !preMatch && metadata.Destination.Addr.IsUnspecified() { - newBuffer, newPacketBuffers, newErr := r.actionSniff(ctx, metadata, &rule.RuleActionSniff{}, inputConn, inputPacketConn) + if !preMatch && inputPacketConn != nil && !metadata.Destination.IsFqdn() && !metadata.Destination.Addr.IsGlobalUnicast() { + var timeout time.Duration + if metadata.InboundType == C.TypeSOCKS { + timeout = C.TCPTimeout + } + newBuffer, newPacketBuffers, newErr := r.actionSniff(ctx, metadata, &rule.RuleActionSniff{Timeout: timeout}, inputConn, inputPacketConn) if newErr != nil { fatalErr = newErr return @@ -558,8 +562,7 @@ func (r *Router) actionSniff( return } } else { - // TODO: maybe always override destination - if metadata.Destination.Addr.IsUnspecified() { + if !metadata.Destination.Addr.IsGlobalUnicast() { metadata.Destination = destination } if len(packetBuffers) > 0 {