socks-go/socks5.go

package socks

import (
	"errors"
	"fmt"
	"io"
	"log"
	"net"
	//"strconv"
	"encoding/binary"
)

/*
socks5 protocol

initial

byte | 0  |   1    | 2 | ...... | n |
     |0x05|num auth|  auth methods  |


reply

byte | 0  |  1  |
     |0x05| auth|


username/password auth request

byte | 0  |  1         |          |     1 byte   |          |
     |0x01|username_len| username | password_len | password |

username/password auth reponse

byte | 0  | 1    |
     |0x01|status|

request

byte | 0  | 1 | 2  |   3    | 4 | .. | n-2 | n-1| n |
     |0x05|cmd|0x00|addrtype|      addr    |  port  |

response
byte |0   |  1   | 2  |   3    | 4 | .. | n-2 | n-1 | n |
     |0x05|status|0x00|addrtype|     addr     |  port   |

*/

var Socks5AuthRequired bool

type socks5Conn struct {
	//addr        string
	clientConn net.Conn
	serverConn net.Conn
	dial       dialFunc
}

func (s5 *socks5Conn) Serve() {
	defer s5.Close()

	if err := s5.handshake(); err != nil {
		log.Println(err)
		return
	}

	if err := s5.processRequest(); err != nil {
		log.Println(err)
		return
	}
}

func (s5 *socks5Conn) handshake() error {
	// version has already readed by socksConn.Serve()
	// only process auth methods here

	buf := make([]byte, 258)

	// read auth methods
	n, err := io.ReadAtLeast(s5.clientConn, buf, 1)
	if err != nil {
		return err
	}

	l := int(buf[0]) + 1
	if n < l {
		// read remains data
		if n1, err := io.ReadFull(s5.clientConn, buf[n:l]); err != nil {
			return err
		} else {
			n += n1
		}
	}

	if !Socks5AuthRequired {
		// no auth required
		s5.clientConn.Write([]byte{0x05, 0x00})
		return nil
	}

	hasPassAuth := false
	var passAuth byte = 0x02

	// check auth method
	// only password(0x02) supported
	for i := 1; i < n; i++ {
		if buf[i] == passAuth {
			hasPassAuth = true
			break
		}
	}

	if !hasPassAuth {
		s5.clientConn.Write([]byte{0x05, 0xff})
		return errors.New("no supported auth method")
	}

	err = s5.passwordAuth()
	return err
}

func (s5 *socks5Conn) passwordAuth() error {
	buf := make([]byte, 32)

	// username/password required
	s5.clientConn.Write([]byte{0x05, 0x02})
	n, err := io.ReadAtLeast(s5.clientConn, buf, 2)
	if err != nil {
		return err
	}

	//log.Printf("%+v", buf[:n])

	// check auth version
	if buf[0] != 0x01 {
		return errors.New("unsupported auth version")
	}

	username_len := int(buf[1])

	p0 := 2
	p1 := p0 + username_len

	if n < p1 {
		n1, err := s5.clientConn.Read(buf[n:])
		if err != nil {
			return err
		}
		n += n1
	}

	username := buf[p0:p1]
	password_len := int(buf[p1])

	p3 := p1 + 1
	p4 := p3 + password_len

	if n < p4 {
		n1, err := s5.clientConn.Read(buf[n:])
		if err != nil {
			return err
		}
		n += n1
	}

	password := buf[p3:p4]

	log.Printf("get username: %s, password: %s", username, password)

	if string(username) == "" && string(password) == "" {
		s5.clientConn.Write([]byte{0x01, 0x01})
	} else {
		s5.clientConn.Write([]byte{0x01, 0x00})
	}

	return nil
}

func (s5 *socks5Conn) processRequest() error {
	buf := make([]byte, 258)

	// read header
	n, err := io.ReadAtLeast(s5.clientConn, buf, 10)
	if err != nil {
		return err
	}

	if buf[0] != socks5Version {
		return fmt.Errorf("error version %d", buf[0])
	}

	// command only support connect
	if buf[1] != cmdConnect {
		return fmt.Errorf("unsupported command %s", buf[1])
	}

	hlen := 0   // target address length
	host := ""  // target address
	msglen := 0 // header length

	switch buf[3] {
	case addrTypeIPv4:
		hlen = 4
	case addrTypeDomain:
		hlen = int(buf[4]) + 1
	case addrTypeIPv6:
		hlen = 16
	}

	msglen = 6 + hlen

	if n < msglen {
		// read remains header
		_, err := io.ReadFull(s5.clientConn, buf[n:msglen])
		if err != nil {
			return err
		}
	}

	// get target address
	addr := buf[4 : 4+hlen]
	if buf[3] == addrTypeDomain {
		host = string(addr[1:])
	} else {
		host = net.IP(addr).String()
	}

	// get target port
	port := binary.BigEndian.Uint16(buf[msglen-2 : msglen])

	// target address
	target := net.JoinHostPort(host, fmt.Sprintf("%d", port))

	// reply user with connect success
	// if dial to target failed, user will receive connection reset
	s5.clientConn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})

	//log.Printf("connecing to %s\r\n", target)

	// connect to the target
	s5.serverConn, err = s5.dial("tcp", target)
	if err != nil {
		return err
	}

	// enter data exchange
	s5.forward()

	return nil
}

func (s5 *socks5Conn) forward() {

	c := make(chan int, 2)

	go func() {
		io.Copy(s5.clientConn, s5.serverConn)
		c <- 1
	}()

	go func() {
		io.Copy(s5.serverConn, s5.clientConn)
		c <- 1
	}()

	<-c
}

func (s5 *socks5Conn) Close() {
	if s5.serverConn != nil {
		s5.serverConn.Close()
	}
	if s5.clientConn != nil {
		s5.clientConn.Close()
	}
}
Initial commit 9 years ago			`package socks`

			`import (`
add password auth for socks5 8 years ago			`"errors"`
Initial commit 9 years ago			`"fmt"`
			`"io"`
			`"log"`
			`"net"`
			`//"strconv"`
			`"encoding/binary"`
			`)`

add protocol data format 8 years ago			`/*`
			`socks5 protocol`

			`initial`

			`byte \| 0 \| 1 \| 2 \| ...... \| n \|`
			`\|0x05\|num auth\| auth methods \|`


			`reply`

			`byte \| 0 \| 1 \|`
			`\|0x05\| auth\|`


add password auth for socks5 8 years ago			`username/password auth request`

			`byte \| 0 \| 1 \| \| 1 byte \| \|`
			`\|0x01\|username_len\| username \| password_len \| password \|`

			`username/password auth reponse`

			`byte \| 0 \| 1 \|`
			`\|0x01\|status\|`

add protocol data format 8 years ago			`request`

			`byte \| 0 \| 1 \| 2 \| 3 \| 4 \| .. \| n-2 \| n-1\| n \|`
			`\|0x05\|cmd\|0x00\|addrtype\| addr \| port \|`

			`response`
			`byte \|0 \| 1 \| 2 \| 3 \| 4 \| .. \| n-2 \| n-1 \| n \|`
			`\|0x05\|status\|0x00\|addrtype\| addr \| port \|`

			`*/`
add password auth for socks5 8 years ago
			`var Socks5AuthRequired bool`

Initial commit 9 years ago			`type socks5Conn struct {`
			`//addr string`
golint 8 years ago			`clientConn net.Conn`
			`serverConn net.Conn`
			`dial dialFunc`
Initial commit 9 years ago			`}`

			`func (s5 *socks5Conn) Serve() {`
			`defer s5.Close()`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
Initial commit 9 years ago			`if err := s5.handshake(); err != nil {`
			`log.Println(err)`
			`return`
			`}`

			`if err := s5.processRequest(); err != nil {`
			`log.Println(err)`
			`return`
			`}`
			`}`

			`func (s5 *socks5Conn) handshake() error {`
			`// version has already readed by socksConn.Serve()`
			`// only process auth methods here`

			`buf := make([]byte, 258)`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
			`// read auth methods`
golint 8 years ago			`n, err := io.ReadAtLeast(s5.clientConn, buf, 1)`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`

			`l := int(buf[0]) + 1`
			`if n < l {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// read remains data`
add password auth for socks5 8 years ago			`if n1, err := io.ReadFull(s5.clientConn, buf[n:l]); err != nil {`
			`return err`
			`} else {`
			`n += n1`
			`}`
			`}`

			`if !Socks5AuthRequired {`
			`// no auth required`
			`s5.clientConn.Write([]byte{0x05, 0x00})`
			`return nil`
			`}`

			`hasPassAuth := false`
			`var passAuth byte = 0x02`

			`// check auth method`
			`// only password(0x02) supported`
			`for i := 1; i < n; i++ {`
			`if buf[i] == passAuth {`
			`hasPassAuth = true`
			`break`
			`}`
			`}`

			`if !hasPassAuth {`
			`s5.clientConn.Write([]byte{0x05, 0xff})`
			`return errors.New("no supported auth method")`
			`}`

			`err = s5.passwordAuth()`
			`return err`
			`}`

			`func (s5 *socks5Conn) passwordAuth() error {`
			`buf := make([]byte, 32)`

			`// username/password required`
			`s5.clientConn.Write([]byte{0x05, 0x02})`
			`n, err := io.ReadAtLeast(s5.clientConn, buf, 2)`
			`if err != nil {`
			`return err`
			`}`

			`//log.Printf("%+v", buf[:n])`

			`// check auth version`
			`if buf[0] != 0x01 {`
			`return errors.New("unsupported auth version")`
			`}`

			`username_len := int(buf[1])`

			`p0 := 2`
			`p1 := p0 + username_len`

			`if n < p1 {`
			`n1, err := s5.clientConn.Read(buf[n:])`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
add password auth for socks5 8 years ago			`n += n1`
Initial commit 9 years ago			`}`

add password auth for socks5 8 years ago			`username := buf[p0:p1]`
			`password_len := int(buf[p1])`

			`p3 := p1 + 1`
			`p4 := p3 + password_len`

			`if n < p4 {`
			`n1, err := s5.clientConn.Read(buf[n:])`
			`if err != nil {`
			`return err`
			`}`
			`n += n1`
			`}`

			`password := buf[p3:p4]`

			`log.Printf("get username: %s, password: %s", username, password)`

			`if string(username) == "" && string(password) == "" {`
			`s5.clientConn.Write([]byte{0x01, 0x01})`
			`} else {`
			`s5.clientConn.Write([]byte{0x01, 0x00})`
			`}`
Initial commit 9 years ago
			`return nil`
			`}`

			`func (s5 *socks5Conn) processRequest() error {`
			`buf := make([]byte, 258)`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
			`// read header`
golint 8 years ago			`n, err := io.ReadAtLeast(s5.clientConn, buf, 10)`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
Initial commit 9 years ago			`if buf[0] != socks5Version {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`return fmt.Errorf("error version %d", buf[0])`
Initial commit 9 years ago			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// command only support connect`
Initial commit 9 years ago			`if buf[1] != cmdConnect {`
			`return fmt.Errorf("unsupported command %s", buf[1])`
			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`hlen := 0 // target address length`
			`host := "" // target address`
			`msglen := 0 // header length`

Initial commit 9 years ago			`switch buf[3] {`
			`case addrTypeIPv4:`
			`hlen = 4`
			`case addrTypeDomain:`
			`hlen = int(buf[4]) + 1`
			`case addrTypeIPv6:`
			`hlen = 16`
			`}`

			`msglen = 6 + hlen`

			`if n < msglen {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// read remains header`
golint 8 years ago			`_, err := io.ReadFull(s5.clientConn, buf[n:msglen])`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
			`}`

			`// get target address`
			`addr := buf[4 : 4+hlen]`
			`if buf[3] == addrTypeDomain {`
			`host = string(addr[1:])`
			`} else {`
			`host = net.IP(addr).String()`
			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// get target port`
Initial commit 9 years ago			`port := binary.BigEndian.Uint16(buf[msglen-2 : msglen])`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// target address`
Initial commit 9 years ago			`target := net.JoinHostPort(host, fmt.Sprintf("%d", port))`

			`// reply user with connect success`
			`// if dial to target failed, user will receive connection reset`
golint 8 years ago			`s5.clientConn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})`
Initial commit 9 years ago
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`//log.Printf("connecing to %s\r\n", target)`
Initial commit 9 years ago
			`// connect to the target`
golint 8 years ago			`s5.serverConn, err = s5.dial("tcp", target)`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`

			`// enter data exchange`
			`s5.forward()`

			`return nil`
			`}`

			`func (s5 *socks5Conn) forward() {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
			`c := make(chan int, 2)`

			`go func() {`
			`io.Copy(s5.clientConn, s5.serverConn)`
			`c <- 1`
			`}()`

			`go func() {`
			`io.Copy(s5.serverConn, s5.clientConn)`
fix mis-typed dash 8 years ago			`c <- 1`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`}()`

			`<-c`
Initial commit 9 years ago			`}`

			`func (s5 *socks5Conn) Close() {`
golint 8 years ago			`if s5.serverConn != nil {`
			`s5.serverConn.Close()`
Initial commit 9 years ago			`}`
golint 8 years ago			`if s5.clientConn != nil {`
			`s5.clientConn.Close()`
Initial commit 9 years ago			`}`
			`}`