Cloak/cmd/ck-server/ck-server.go

package main

import (
	"bytes"
	"crypto/rand"
	"encoding/base64"
	"flag"
	"fmt"
	"io"
	"net"
	"net/http"
	_ "net/http/pprof"
	"os"
	"runtime"
	"strings"
	"time"

	mux "github.com/cbeuw/Cloak/internal/multiplex"
	"github.com/cbeuw/Cloak/internal/server"
	"github.com/cbeuw/Cloak/internal/util"
	log "github.com/sirupsen/logrus"
)

var b64 = base64.StdEncoding.EncodeToString
var version string

func pipe(dst io.ReadWriteCloser, src io.ReadWriteCloser) {
	// The maximum size of TLS message will be 16380+12+16. 12 because of the stream header and 16
	// because of the salt/mac
	// 16408 is the max TLS message size on Firefox
	buf := make([]byte, 16380)
	for {
		i, err := io.ReadAtLeast(src, buf, 1)
		if err != nil {
			go dst.Close()
			go src.Close()
			return
		}
		i, err = dst.Write(buf[:i])
		if err != nil {
			go dst.Close()
			go src.Close()
			return
		}
	}
}

func dispatchConnection(conn net.Conn, sta *server.State) {
	remoteAddr := conn.RemoteAddr()
	var err error
	rejectLogger := log.WithFields(log.Fields{
		"remoteAddr": remoteAddr,
		"error":      err,
	})
	buf := make([]byte, 1500)

	conn.SetReadDeadline(time.Now().Add(3 * time.Second))
	i, err := io.ReadAtLeast(conn, buf, 1)
	if err != nil {
		go conn.Close()
		return
	}
	conn.SetReadDeadline(time.Time{})
	data := buf[:i]

	goWeb := func() {
		webConn, err := net.Dial("tcp", sta.RedirAddr)
		if err != nil {
			log.Errorf("Making connection to redirection server: %v", err)
			return
		}
		webConn.Write(data)
		go pipe(webConn, conn)
		go pipe(conn, webConn)
	}

	ch, err := server.ParseClientHello(data)
	if err != nil {
		rejectLogger.Warn("+1 non Cloak non (or malformed) TLS traffic")
		goWeb()
		return
	}

	UID, sessionID, proxyMethod, encryptionMethod, sharedSecret, err := server.TouchStone(ch, sta)
	if err != nil {
		rejectLogger.Warn("+1 non Cloak TLS traffic")
		goWeb()
		return
	}
	if _, ok := sta.ProxyBook[proxyMethod]; !ok {
		log.WithFields(log.Fields{
			"UID":         UID,
			"proxyMethod": proxyMethod,
		}).Warn("+1 Cloak TLS traffic with invalid proxy method")
		goWeb()
		return
	}

	user, err := sta.Panel.GetUser(UID)
	if err != nil {
		log.WithFields(log.Fields{
			"UID":        b64(UID),
			"remoteAddr": remoteAddr,
			"error":      err,
		}).Warn("+1 unauthorised UID")
		goWeb()
		return
	}

	finishHandshake := func(sessionKey []byte) error {
		reply := server.ComposeReply(ch, sharedSecret, sessionKey)
		_, err = conn.Write(reply)
		if err != nil {
			go conn.Close()
			return err
		}
		return nil
	}

	sessionKey := make([]byte, 32)
	rand.Read(sessionKey)
	obfs, deobfs, err := util.GenerateObfs(encryptionMethod, sessionKey)
	if err != nil {
		log.Error(err)
		goWeb()
	}

	sesh, existing, err := user.GetSession(sessionID, obfs, deobfs, sessionKey, util.ReadTLS)
	if err != nil {
		user.DelSession(sessionID)
		log.Error(err)
		return
	}

	if existing {
		err = finishHandshake(sesh.SessionKey)
		if err != nil {
			log.Error(err)
			return
		}
		sesh.AddConnection(conn)
		return
	}

	// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
	// added to the userinfo database. The distinction between going into the admin mode
	// and normal proxy mode is that sessionID needs == 0 for admin mode
	if bytes.Equal(UID, sta.AdminUID) && sessionID == 0 {
		err = finishHandshake(sessionKey)
		if err != nil {
			log.Error(err)
			return
		}
		sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfs, deobfs, sessionKey, util.ReadTLS)
		sesh.AddConnection(conn)
		//TODO: Router could be nil in cnc mode
		err = http.Serve(sesh, sta.LocalAPIRouter)
		if err != nil {
			log.Error(err)
			return
		}
	}

	err = finishHandshake(sessionKey)
	if err != nil {
		log.Error(err)
		return
	}

	log.WithFields(log.Fields{
		"UID":       b64(UID),
		"sessionID": sessionID,
	}).Info("New session")
	sesh.AddConnection(conn)

	for {
		newStream, err := sesh.Accept()
		if err != nil {
			if err == mux.ErrBrokenSession {
				log.WithFields(log.Fields{
					"UID":       b64(UID),
					"sessionID": sessionID,
					"reason":    sesh.TerminalMsg(),
				}).Info("Session closed")
				user.DelSession(sessionID)
				return
			} else {
				continue
			}
		}
		localConn, err := net.Dial("tcp", sta.ProxyBook[proxyMethod])
		if err != nil {
			log.Errorf("Failed to connect to %v: %v", proxyMethod, err)
			continue
		}
		go pipe(localConn, newStream)
		go pipe(newStream, localConn)
	}

}

func main() {
	// server in ss config, the outbound listening ip
	var bindHost string
	// Outbound listening ip, should be 443
	var bindPort string
	var config string

	log.SetLevel(log.DebugLevel)

	if os.Getenv("SS_LOCAL_HOST") != "" {
		bindHost = os.Getenv("SS_REMOTE_HOST")
		bindPort = os.Getenv("SS_REMOTE_PORT")
		config = os.Getenv("SS_PLUGIN_OPTIONS")
	} else {
		flag.StringVar(&bindHost, "s", "0.0.0.0", "bindHost: ip to bind to, set to 0.0.0.0 to listen to everything")
		flag.StringVar(&bindPort, "p", "443", "bindPort: port to bind to, should be 443")
		flag.StringVar(&config, "c", "server.json", "config: path to the configuration file or its content")
		askVersion := flag.Bool("v", false, "Print the version number")
		printUsage := flag.Bool("h", false, "Print this message")

		genUID := flag.Bool("u", false, "Generate a UID")
		genKeyPair := flag.Bool("k", false, "Generate a pair of public and private key, output in the format of pubkey,pvkey")

		pprofAddr := flag.String("d", "", "debug use: ip:port to be listened by pprof profiler")

		flag.Parse()

		if *askVersion {
			fmt.Printf("ck-server %s", version)
			return
		}
		if *printUsage {
			flag.Usage()
			return
		}
		if *genUID {
			fmt.Println(generateUID())
			return
		}
		if *genKeyPair {
			pub, pv := generateKeyPair()
			fmt.Printf("%v,%v", pub, pv)
			return
		}

		if *pprofAddr != "" {
			runtime.SetBlockProfileRate(5)
			go func() {
				log.Info(http.ListenAndServe(*pprofAddr, nil))
			}()
			log.Infof("pprof listening on %v", *pprofAddr)

		}

		log.Infof("Starting standalone mode, listening on %v:%v", bindHost, bindPort)
	}
	sta, _ := server.InitState(bindHost, bindPort, time.Now)

	err := sta.ParseConfig(config)
	if err != nil {
		log.Fatalf("Configuration file error: %v", err)
	}

	// when cloak is started as a shadowsocks plugin
	if os.Getenv("SS_LOCAL_HOST") != "" && os.Getenv("SS_LOCAL_PORT") != "" {
		ssLocalHost := os.Getenv("SS_LOCAL_HOST")
		ssLocalPort := os.Getenv("SS_LOCAL_PORT")
		if net.ParseIP(ssLocalHost).To4() == nil {
			ssLocalHost = "[" + ssLocalHost + "]"
		}
		sta.ProxyBook["shadowsocks"] = ssLocalHost + ":" + ssLocalPort
	}

	listen := func(addr, port string) {
		listener, err := net.Listen("tcp", addr+":"+port)
		log.Infof("Listening on " + addr + ":" + port)
		if err != nil {
			log.Fatal(err)
		}
		for {
			conn, err := listener.Accept()
			if err != nil {
				log.Errorf("%v", err)
				continue
			}
			go dispatchConnection(conn, sta)
		}
	}

	// When listening on an IPv6 and IPv4, SS gives REMOTE_HOST as e.g. ::|0.0.0.0
	listeningIP := strings.Split(sta.BindHost, "|")
	for i, ip := range listeningIP {
		if net.ParseIP(ip).To4() == nil {
			// IPv6 needs square brackets
			ip = "[" + ip + "]"
		}

		// The last listener must block main() because the program exits on main return.
		if i == len(listeningIP)-1 {
			listen(ip, sta.BindPort)
		} else {
			go listen(ip, sta.BindPort)
		}
	}

}
Untested server 2018-10-09 15:07:54 +00:00			`package main`

			`import (`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`"bytes"`
TLS1.3 2019-08-02 00:01:19 +00:00			`"crypto/rand"`
Cleanup logs 2019-01-12 15:51:20 +00:00			`"encoding/base64"`
Untested server 2018-10-09 15:07:54 +00:00			`"flag"`
			`"fmt"`
			`"io"`
			`"net"`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`"net/http"`
Close pipe properly 2019-07-25 21:06:33 +00:00			`_ "net/http/pprof"`
Untested server 2018-10-09 15:07:54 +00:00			`"os"`
pprof now will not require debug build flag 2019-07-25 19:52:15 +00:00			`"runtime"`
Untested server 2018-10-09 15:07:54 +00:00			`"strings"`
			`"time"`

			`mux "github.com/cbeuw/Cloak/internal/multiplex"`
			`"github.com/cbeuw/Cloak/internal/server"`
			`"github.com/cbeuw/Cloak/internal/util"`
Improve logging 2019-08-02 14:45:33 +00:00			`log "github.com/sirupsen/logrus"`
Untested server 2018-10-09 15:07:54 +00:00			`)`

Improve logging 2019-08-02 14:45:33 +00:00			`var b64 = base64.StdEncoding.EncodeToString`
Untested server 2018-10-09 15:07:54 +00:00			`var version string`

			`func pipe(dst io.ReadWriteCloser, src io.ReadWriteCloser) {`
Correct the maximum record size 2019-06-15 01:56:52 +00:00			`// The maximum size of TLS message will be 16380+12+16. 12 because of the stream header and 16`
			`// because of the salt/mac`
drop aes encryption of headers 2018-10-20 20:41:01 +00:00			`// 16408 is the max TLS message size on Firefox`
Correct the maximum record size 2019-06-15 01:56:52 +00:00			`buf := make([]byte, 16380)`
Untested server 2018-10-09 15:07:54 +00:00			`for {`
Mostly works 2018-10-20 10:35:50 +00:00			`i, err := io.ReadAtLeast(src, buf, 1)`
Remove redundant error checking 2019-01-12 17:06:14 +00:00			`if err != nil {`
Mostly works 2018-10-20 10:35:50 +00:00			`go dst.Close()`
			`go src.Close()`
			`return`
			`}`
			`i, err = dst.Write(buf[:i])`
Remove redundant error checking 2019-01-12 17:06:14 +00:00			`if err != nil {`
Untested server 2018-10-09 15:07:54 +00:00			`go dst.Close()`
			`go src.Close()`
			`return`
			`}`
			`}`
			`}`

			`func dispatchConnection(conn net.Conn, sta *server.State) {`
Improve logging 2019-08-02 14:45:33 +00:00			`remoteAddr := conn.RemoteAddr()`
			`var err error`
			`rejectLogger := log.WithFields(log.Fields{`
			`"remoteAddr": remoteAddr,`
			`"error": err,`
			`})`
Untested server 2018-10-09 15:07:54 +00:00			`buf := make([]byte, 1500)`

			`conn.SetReadDeadline(time.Now().Add(3 * time.Second))`
			`i, err := io.ReadAtLeast(conn, buf, 1)`
			`if err != nil {`
			`go conn.Close()`
			`return`
			`}`
			`conn.SetReadDeadline(time.Time{})`
			`data := buf[:i]`
TLS1.3 2019-08-02 00:01:19 +00:00
			`goWeb := func() {`
			`webConn, err := net.Dial("tcp", sta.RedirAddr)`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Errorf("Making connection to redirection server: %v", err)`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
			`}`
			`webConn.Write(data)`
			`go pipe(webConn, conn)`
			`go pipe(conn, webConn)`
			`}`

Untested server 2018-10-09 15:07:54 +00:00			`ch, err := server.ParseClientHello(data)`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`rejectLogger.Warn("+1 non Cloak non (or malformed) TLS traffic")`
TLS1.3 2019-08-02 00:01:19 +00:00			`goWeb()`
Untested server 2018-10-09 15:07:54 +00:00			`return`
			`}`

Improve logging 2019-08-02 14:45:33 +00:00			`UID, sessionID, proxyMethod, encryptionMethod, sharedSecret, err := server.TouchStone(ch, sta)`
			`if err != nil {`
			`rejectLogger.Warn("+1 non Cloak TLS traffic")`
TLS1.3 2019-08-02 00:01:19 +00:00			`goWeb()`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`return`
			`}`
			`if _, ok := sta.ProxyBook[proxyMethod]; !ok {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.WithFields(log.Fields{`
			`"UID": UID,`
			`"proxyMethod": proxyMethod,`
			`}).Warn("+1 Cloak TLS traffic with invalid proxy method")`
TLS1.3 2019-08-02 00:01:19 +00:00			`goWeb()`
Untested server 2018-10-09 15:07:54 +00:00			`return`
			`}`

TLS1.3 2019-08-02 00:01:19 +00:00			`user, err := sta.Panel.GetUser(UID)`
Fix bad cryptography 2019-07-31 23:16:33 +00:00			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.WithFields(log.Fields{`
			`"UID": b64(UID),`
			`"remoteAddr": remoteAddr,`
			`"error": err,`
			`}).Warn("+1 unauthorised UID")`
TLS1.3 2019-08-02 00:01:19 +00:00			`goWeb()`
Fix bad cryptography 2019-07-31 23:16:33 +00:00			`return`
			`}`

TLS1.3 2019-08-02 00:01:19 +00:00			`finishHandshake := func(sessionKey []byte) error {`
			`reply := server.ComposeReply(ch, sharedSecret, sessionKey)`
Basic remote control 2018-11-22 21:55:23 +00:00			`_, err = conn.Write(reply)`
			`if err != nil {`
			`go conn.Close()`
Client using AdminUID can now use the proxy without adding themselves to the db 2018-12-11 23:26:05 +00:00			`return err`
Basic remote control 2018-11-22 21:55:23 +00:00			`}`
TLS1.3 2019-08-02 00:01:19 +00:00			`return nil`
			`}`
Basic remote control 2018-11-22 21:55:23 +00:00
TLS1.3 2019-08-02 00:01:19 +00:00			`sessionKey := make([]byte, 32)`
			`rand.Read(sessionKey)`
			`obfs, deobfs, err := util.GenerateObfs(encryptionMethod, sessionKey)`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
TLS1.3 2019-08-02 00:01:19 +00:00			`goWeb()`
			`}`

			`sesh, existing, err := user.GetSession(sessionID, obfs, deobfs, sessionKey, util.ReadTLS)`
			`if err != nil {`
			`user.DelSession(sessionID)`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
			`}`

			`if existing {`
			`err = finishHandshake(sesh.SessionKey)`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
TLS1.3 2019-08-02 00:01:19 +00:00			`return`
Basic remote control 2018-11-22 21:55:23 +00:00			`}`
TLS1.3 2019-08-02 00:01:19 +00:00			`sesh.AddConnection(conn)`
			`return`
Client using AdminUID can now use the proxy without adding themselves to the db 2018-12-11 23:26:05 +00:00			`}`
Basic remote control 2018-11-22 21:55:23 +00:00
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not`
			`// added to the userinfo database. The distinction between going into the admin mode`
			`// and normal proxy mode is that sessionID needs == 0 for admin mode`
			`if bytes.Equal(UID, sta.AdminUID) && sessionID == 0 {`
TLS1.3 2019-08-02 00:01:19 +00:00			`err = finishHandshake(sessionKey)`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`return`
Rewrite user authentication, credit bookkeeping and db interaction 2019-07-22 12:42:39 +00:00			`}`
TLS1.3 2019-08-02 00:01:19 +00:00			`sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfs, deobfs, sessionKey, util.ReadTLS)`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`sesh.AddConnection(conn)`
			`//TODO: Router could be nil in cnc mode`
			`err = http.Serve(sesh, sta.LocalAPIRouter)`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
Implement admin control through a tunneled RESTful API 2019-07-25 11:17:29 +00:00			`return`
			`}`
			`}`
Client using AdminUID can now use the proxy without adding themselves to the db 2018-12-11 23:26:05 +00:00
TLS1.3 2019-08-02 00:01:19 +00:00			`err = finishHandshake(sessionKey)`
Untested server 2018-10-09 15:07:54 +00:00			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Error(err)`
Untested server 2018-10-09 15:07:54 +00:00			`return`
			`}`

Improve logging 2019-08-02 14:45:33 +00:00			`log.WithFields(log.Fields{`
			`"UID": b64(UID),`
			`"sessionID": sessionID,`
			`}).Info("New session")`
TLS1.3 2019-08-02 00:01:19 +00:00			`sesh.AddConnection(conn)`
Implement SessionsCap and ExpiryTime limitations 2018-12-29 00:54:10 +00:00
TLS1.3 2019-08-02 00:01:19 +00:00			`for {`
			`newStream, err := sesh.Accept()`
			`if err != nil {`
			`if err == mux.ErrBrokenSession {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.WithFields(log.Fields{`
			`"UID": b64(UID),`
			`"sessionID": sessionID,`
			`"reason": sesh.TerminalMsg(),`
			`}).Info("Session closed")`
TLS1.3 2019-08-02 00:01:19 +00:00			`user.DelSession(sessionID)`
			`return`
			`} else {`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`continue`
Untested server 2018-10-09 15:07:54 +00:00			`}`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`}`
TLS1.3 2019-08-02 00:01:19 +00:00			`localConn, err := net.Dial("tcp", sta.ProxyBook[proxyMethod])`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Errorf("Failed to connect to %v: %v", proxyMethod, err)`
TLS1.3 2019-08-02 00:01:19 +00:00			`continue`
			`}`
			`go pipe(localConn, newStream)`
			`go pipe(newStream, localConn)`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00			`}`
Untested server 2018-10-09 15:07:54 +00:00
			`}`

			`func main() {`
			`// server in ss config, the outbound listening ip`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`var bindHost string`
Untested server 2018-10-09 15:07:54 +00:00			`// Outbound listening ip, should be 443`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`var bindPort string`
			`var config string`
Untested server 2018-10-09 15:07:54 +00:00
Improve logging 2019-08-02 14:45:33 +00:00			`log.SetLevel(log.DebugLevel)`
Untested server 2018-10-09 15:07:54 +00:00
			`if os.Getenv("SS_LOCAL_HOST") != "" {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`bindHost = os.Getenv("SS_REMOTE_HOST")`
			`bindPort = os.Getenv("SS_REMOTE_PORT")`
			`config = os.Getenv("SS_PLUGIN_OPTIONS")`
Untested server 2018-10-09 15:07:54 +00:00			`} else {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`flag.StringVar(&bindHost, "s", "0.0.0.0", "bindHost: ip to bind to, set to 0.0.0.0 to listen to everything")`
			`flag.StringVar(&bindPort, "p", "443", "bindPort: port to bind to, should be 443")`
			`flag.StringVar(&config, "c", "server.json", "config: path to the configuration file or its content")`
Untested server 2018-10-09 15:07:54 +00:00			`askVersion := flag.Bool("v", false, "Print the version number")`
			`printUsage := flag.Bool("h", false, "Print this message")`
Integrate keygen util into ck-server 2018-12-17 22:12:38 +00:00
			`genUID := flag.Bool("u", false, "Generate a UID")`
			`genKeyPair := flag.Bool("k", false, "Generate a pair of public and private key, output in the format of pubkey,pvkey")`

Make pprof optional 2019-01-21 11:49:01 +00:00			`pprofAddr := flag.String("d", "", "debug use: ip:port to be listened by pprof profiler")`

Untested server 2018-10-09 15:07:54 +00:00			`flag.Parse()`

			`if *askVersion {`
Improve logging 2019-08-02 14:45:33 +00:00			`fmt.Printf("ck-server %s", version)`
Untested server 2018-10-09 15:07:54 +00:00			`return`
			`}`
			`if *printUsage {`
			`flag.Usage()`
			`return`
			`}`
Integrate keygen util into ck-server 2018-12-17 22:12:38 +00:00			`if *genUID {`
			`fmt.Println(generateUID())`
			`return`
			`}`
			`if *genKeyPair {`
			`pub, pv := generateKeyPair()`
			`fmt.Printf("%v,%v", pub, pv)`
			`return`
			`}`
Untested server 2018-10-09 15:07:54 +00:00
Make pprof optional 2019-01-21 11:49:01 +00:00			`if *pprofAddr != "" {`
pprof now will not require debug build flag 2019-07-25 19:52:15 +00:00			`runtime.SetBlockProfileRate(5)`
			`go func() {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Info(http.ListenAndServe(*pprofAddr, nil))`
pprof now will not require debug build flag 2019-07-25 19:52:15 +00:00			`}()`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Infof("pprof listening on %v", *pprofAddr)`
pprof now will not require debug build flag 2019-07-25 19:52:15 +00:00
Make pprof optional 2019-01-21 11:49:01 +00:00			`}`

Improve logging 2019-08-02 14:45:33 +00:00			`log.Infof("Starting standalone mode, listening on %v:%v", bindHost, bindPort)`
Untested server 2018-10-09 15:07:54 +00:00			`}`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`sta, _ := server.InitState(bindHost, bindPort, time.Now)`
QOS and user managing, bug fixes 2018-11-07 21:16:13 +00:00
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`err := sta.ParseConfig(config)`
Untested server 2018-10-09 15:07:54 +00:00			`if err != nil {`
			`log.Fatalf("Configuration file error: %v", err)`
			`}`

Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`// when cloak is started as a shadowsocks plugin`
			`if os.Getenv("SS_LOCAL_HOST") != "" && os.Getenv("SS_LOCAL_PORT") != "" {`
			`ssLocalHost := os.Getenv("SS_LOCAL_HOST")`
			`ssLocalPort := os.Getenv("SS_LOCAL_PORT")`
			`if net.ParseIP(ssLocalHost).To4() == nil {`
			`ssLocalHost = "[" + ssLocalHost + "]"`
			`}`
			`sta.ProxyBook["shadowsocks"] = ssLocalHost + ":" + ssLocalPort`
			`}`

Untested server 2018-10-09 15:07:54 +00:00			`listen := func(addr, port string) {`
			`listener, err := net.Listen("tcp", addr+":"+port)`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Infof("Listening on " + addr + ":" + port)`
Untested server 2018-10-09 15:07:54 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`for {`
			`conn, err := listener.Accept()`
			`if err != nil {`
Improve logging 2019-08-02 14:45:33 +00:00			`log.Errorf("%v", err)`
Untested server 2018-10-09 15:07:54 +00:00			`continue`
			`}`
			`go dispatchConnection(conn, sta)`
			`}`
			`}`

			`// When listening on an IPv6 and IPv4, SS gives REMOTE_HOST as e.g. ::\|0.0.0.0`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`listeningIP := strings.Split(sta.BindHost, "\|")`
Untested server 2018-10-09 15:07:54 +00:00			`for i, ip := range listeningIP {`
			`if net.ParseIP(ip).To4() == nil {`
			`// IPv6 needs square brackets`
			`ip = "[" + ip + "]"`
			`}`

			`// The last listener must block main() because the program exits on main return.`
			`if i == len(listeningIP)-1 {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`listen(ip, sta.BindPort)`
Untested server 2018-10-09 15:07:54 +00:00			`} else {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 2019-06-09 06:10:22 +00:00			`go listen(ip, sta.BindPort)`
Untested server 2018-10-09 15:07:54 +00:00			`}`
			`}`

			`}`