You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

265 lines
4.6 KiB
Go

package socks
import (
"errors"
"fmt"
"io"
"log"
"net"
//"strconv"
"encoding/binary"
)
/*
socks5 protocol
initial
byte | 0 | 1 | 2 | ...... | n |
|0x05|num auth| auth methods |
reply
byte | 0 | 1 |
|0x05| auth|
username/password auth request
byte | 0 | 1 | | 1 byte | |
|0x01|username_len| username | password_len | password |
username/password auth reponse
byte | 0 | 1 |
|0x01|status|
request
byte | 0 | 1 | 2 | 3 | 4 | .. | n-2 | n-1| n |
|0x05|cmd|0x00|addrtype| addr | port |
response
byte |0 | 1 | 2 | 3 | 4 | .. | n-2 | n-1 | n |
|0x05|status|0x00|addrtype| addr | port |
*/
// Socks5AuthRequired means socks5 server need auth or not
type socks5Conn struct {
// username
username string
// password
password string
//addr string
clientConn net.Conn
serverConn net.Conn
dial DialFunc
}
func (s5 *socks5Conn) Serve(b []byte, n int) {
defer s5.Close()
if err := s5.handshake(b, n); err != nil {
log.Println(err)
return
}
if err := s5.processRequest(); err != nil {
log.Println(err)
return
}
}
func (s5 *socks5Conn) handshake(buf []byte, n int) (err error) {
// read auth methods
if n < 2 {
n1, err := io.ReadAtLeast(s5.clientConn, buf[1:], 1)
if err != nil {
return err
}
n += n1
}
l := int(buf[1])
if n != (l + 2) {
// read remains data
n1, err := io.ReadFull(s5.clientConn, buf[n:l+2+1])
if err != nil {
return err
}
n += n1
}
if s5.username == "" {
// no auth required
s5.clientConn.Write([]byte{0x05, 0x00})
return nil
}
hasPassAuth := false
var passAuth byte = 0x02
// check auth method
// only password(0x02) supported
for i := 2; i < n; i++ {
if buf[i] == passAuth {
hasPassAuth = true
break
}
}
if !hasPassAuth {
s5.clientConn.Write([]byte{0x05, 0xff})
return errors.New("no supported auth method")
}
err = s5.passwordAuth()
return err
}
func (s5 *socks5Conn) passwordAuth() error {
buf := make([]byte, 32)
// username/password required
s5.clientConn.Write([]byte{0x05, 0x02})
n, err := io.ReadAtLeast(s5.clientConn, buf, 2)
if err != nil {
return err
}
//log.Printf("%+v", buf[:n])
// check auth version
if buf[0] != 0x01 {
return errors.New("unsupported auth version")
}
usernameLen := int(buf[1])
p0 := 2
p1 := p0 + usernameLen
if n < p1 {
n1, err := s5.clientConn.Read(buf[n:])
if err != nil {
return err
}
n += n1
}
username := buf[p0:p1]
passwordLen := int(buf[p1])
p3 := p1 + 1
p4 := p3 + passwordLen
if n < p4 {
n1, err := s5.clientConn.Read(buf[n:])
if err != nil {
return err
}
n += n1
}
password := buf[p3:p4]
// log.Printf("get username: %s, password: %s", username, password)
if string(username) == s5.username && string(password) == s5.password {
s5.clientConn.Write([]byte{0x01, 0x00})
return nil
}
// auth failed
s5.clientConn.Write([]byte{0x01, 0x01})
return fmt.Errorf("wrong password")
}
func (s5 *socks5Conn) processRequest() error {
buf := make([]byte, 258)
// read header
n, err := io.ReadAtLeast(s5.clientConn, buf, 10)
if err != nil {
return err
}
if buf[0] != socks5Version {
return fmt.Errorf("error version %d", buf[0])
}
// command only support connect
if buf[1] != cmdConnect {
return fmt.Errorf("unsupported command %d", buf[1])
}
hlen := 0 // target address length
host := "" // target address
msglen := 0 // header length
switch buf[3] {
case addrTypeIPv4:
hlen = 4
case addrTypeDomain:
hlen = int(buf[4]) + 1
case addrTypeIPv6:
hlen = 16
}
msglen = 6 + hlen
if n < msglen {
// read remains header
_, err := io.ReadFull(s5.clientConn, buf[n:msglen])
if err != nil {
return err
}
}
// get target address
addr := buf[4 : 4+hlen]
if buf[3] == addrTypeDomain {
host = string(addr[1:])
} else {
host = net.IP(addr).String()
}
// get target port
port := binary.BigEndian.Uint16(buf[msglen-2 : msglen])
// target address
target := net.JoinHostPort(host, fmt.Sprintf("%d", port))
//log.Printf("connecing to %s\r\n", target)
// connect to the target
s5.serverConn, err = s5.dial("tcp", target)
if err != nil {
// connection failed
s5.clientConn.Write([]byte{0x05, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})
return err
}
// connection success
s5.clientConn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})
// enter data exchange
forward(s5.clientConn, s5.serverConn)
return nil
}
func (s5 *socks5Conn) Close() {
if s5.serverConn != nil {
s5.serverConn.Close()
}
if s5.clientConn != nil {
s5.clientConn.Close()
}
}