2018-10-09 15:07:54 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2019-07-25 11:17:29 +00:00
|
|
|
"bytes"
|
2019-01-12 15:51:20 +00:00
|
|
|
"encoding/base64"
|
2018-10-09 15:07:54 +00:00
|
|
|
"flag"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"net"
|
2019-07-25 11:17:29 +00:00
|
|
|
"net/http"
|
2019-07-25 21:06:33 +00:00
|
|
|
_ "net/http/pprof"
|
2018-10-09 15:07:54 +00:00
|
|
|
"os"
|
2019-07-25 19:52:15 +00:00
|
|
|
"runtime"
|
2018-10-09 15:07:54 +00:00
|
|
|
"strings"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
mux "github.com/cbeuw/Cloak/internal/multiplex"
|
|
|
|
|
"github.com/cbeuw/Cloak/internal/server"
|
|
|
|
|
"github.com/cbeuw/Cloak/internal/util"
|
2019-08-02 14:45:33 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
2018-10-09 15:07:54 +00:00
|
|
|
)
|
|
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
var b64 = base64.StdEncoding.EncodeToString
|
2018-10-09 15:07:54 +00:00
|
|
|
var version string
|
|
|
|
|
|
|
|
|
|
func dispatchConnection(conn net.Conn, sta *server.State) {
|
2019-08-02 14:45:33 +00:00
|
|
|
remoteAddr := conn.RemoteAddr()
|
|
|
|
|
var err error
|
2018-10-09 15:07:54 +00:00
|
|
|
buf := make([]byte, 1500)
|
|
|
|
|
|
2019-08-30 16:07:08 +00:00
|
|
|
// TODO: potential fingerprint for active probers here
|
2018-10-09 15:07:54 +00:00
|
|
|
conn.SetReadDeadline(time.Now().Add(3 * time.Second))
|
|
|
|
|
i, err := io.ReadAtLeast(conn, buf, 1)
|
|
|
|
|
if err != nil {
|
|
|
|
|
go conn.Close()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
conn.SetReadDeadline(time.Time{})
|
|
|
|
|
data := buf[:i]
|
2019-08-02 00:01:19 +00:00
|
|
|
|
|
|
|
|
goWeb := func() {
|
2019-12-29 19:47:17 +00:00
|
|
|
redirPort := sta.RedirPort
|
|
|
|
|
if redirPort == "" {
|
|
|
|
|
_, redirPort, _ = net.SplitHostPort(conn.LocalAddr().String())
|
|
|
|
|
}
|
|
|
|
|
webConn, err := net.Dial("tcp", net.JoinHostPort(sta.RedirHost.String(), redirPort))
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Errorf("Making connection to redirection server: %v", err)
|
2019-08-02 00:01:19 +00:00
|
|
|
return
|
|
|
|
|
}
|
2019-08-03 12:26:57 +00:00
|
|
|
_, err = webConn.Write(data)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Failed to send first packet to redirection server", err)
|
|
|
|
|
}
|
2019-08-19 22:23:41 +00:00
|
|
|
go util.Pipe(webConn, conn, 0)
|
|
|
|
|
go util.Pipe(conn, webConn, 0)
|
2019-08-02 00:01:19 +00:00
|
|
|
}
|
|
|
|
|
|
2019-08-12 13:21:42 +00:00
|
|
|
ci, finishHandshake, err := server.PrepareConnection(data, sta, conn)
|
2018-10-09 15:07:54 +00:00
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.WithFields(log.Fields{
|
2019-08-06 14:50:33 +00:00
|
|
|
"remoteAddr": remoteAddr,
|
2019-08-12 13:21:42 +00:00
|
|
|
"UID": b64(ci.UID),
|
|
|
|
|
"sessionId": ci.SessionId,
|
|
|
|
|
"proxyMethod": ci.ProxyMethod,
|
|
|
|
|
"encryptionMethod": ci.EncryptionMethod,
|
2019-08-06 14:50:33 +00:00
|
|
|
}).Warn(err)
|
2019-08-07 18:46:10 +00:00
|
|
|
goWeb()
|
|
|
|
|
return
|
2019-08-02 00:01:19 +00:00
|
|
|
}
|
2018-11-22 21:55:23 +00:00
|
|
|
|
2019-08-02 00:01:19 +00:00
|
|
|
sessionKey := make([]byte, 32)
|
2020-02-01 23:46:46 +00:00
|
|
|
util.CryptoRandRead(sessionKey)
|
2019-09-01 19:23:45 +00:00
|
|
|
obfuscator, err := mux.GenerateObfs(ci.EncryptionMethod, sessionKey, ci.Transport.HasRecordLayer())
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Error(err)
|
2019-08-02 00:01:19 +00:00
|
|
|
goWeb()
|
2019-08-07 18:46:10 +00:00
|
|
|
return
|
2019-08-02 00:01:19 +00:00
|
|
|
}
|
|
|
|
|
|
2019-07-25 11:17:29 +00:00
|
|
|
// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
|
|
|
|
|
// added to the userinfo database. The distinction between going into the admin mode
|
|
|
|
|
// and normal proxy mode is that sessionID needs == 0 for admin mode
|
2019-08-12 13:21:42 +00:00
|
|
|
if bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 {
|
2019-09-01 19:23:45 +00:00
|
|
|
preparedConn, err := finishHandshake(sessionKey)
|
2019-07-25 11:17:29 +00:00
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Error(err)
|
2019-07-25 11:17:29 +00:00
|
|
|
return
|
2019-07-22 12:42:39 +00:00
|
|
|
}
|
2019-08-06 14:50:33 +00:00
|
|
|
log.Trace("finished handshake")
|
2019-08-11 23:22:15 +00:00
|
|
|
seshConfig := &mux.SessionConfig{
|
|
|
|
|
Obfuscator: obfuscator,
|
|
|
|
|
Valve: nil,
|
2019-09-01 19:23:45 +00:00
|
|
|
UnitRead: ci.Transport.UnitReadFunc(),
|
2019-08-11 23:22:15 +00:00
|
|
|
}
|
|
|
|
|
sesh := mux.MakeSession(0, seshConfig)
|
2019-09-01 19:23:45 +00:00
|
|
|
sesh.AddConnection(preparedConn)
|
2019-07-25 11:17:29 +00:00
|
|
|
//TODO: Router could be nil in cnc mode
|
2019-09-01 19:23:45 +00:00
|
|
|
log.WithField("remoteAddr", preparedConn.RemoteAddr()).Info("New admin session")
|
2019-07-25 11:17:29 +00:00
|
|
|
err = http.Serve(sesh, sta.LocalAPIRouter)
|
|
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Error(err)
|
2019-07-25 11:17:29 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-12-11 23:26:05 +00:00
|
|
|
|
2019-08-04 20:10:59 +00:00
|
|
|
var user *server.ActiveUser
|
2019-08-12 13:21:42 +00:00
|
|
|
if sta.IsBypass(ci.UID) {
|
|
|
|
|
user, err = sta.Panel.GetBypassUser(ci.UID)
|
2019-08-04 20:10:59 +00:00
|
|
|
} else {
|
2019-08-12 13:21:42 +00:00
|
|
|
user, err = sta.Panel.GetUser(ci.UID)
|
2019-08-04 20:10:59 +00:00
|
|
|
}
|
2019-08-03 21:42:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.WithFields(log.Fields{
|
2019-08-12 13:21:42 +00:00
|
|
|
"UID": b64(ci.UID),
|
2019-08-03 21:42:26 +00:00
|
|
|
"remoteAddr": remoteAddr,
|
|
|
|
|
"error": err,
|
|
|
|
|
}).Warn("+1 unauthorised UID")
|
|
|
|
|
goWeb()
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-11 23:22:15 +00:00
|
|
|
seshConfig := &mux.SessionConfig{
|
|
|
|
|
Obfuscator: obfuscator,
|
|
|
|
|
Valve: nil,
|
2019-09-01 19:23:45 +00:00
|
|
|
UnitRead: ci.Transport.UnitReadFunc(),
|
2019-08-14 09:04:27 +00:00
|
|
|
Unordered: ci.Unordered,
|
2019-08-11 23:22:15 +00:00
|
|
|
}
|
2019-08-12 13:21:42 +00:00
|
|
|
sesh, existing, err := user.GetSession(ci.SessionId, seshConfig)
|
2019-08-03 21:42:26 +00:00
|
|
|
if err != nil {
|
2019-08-30 21:14:45 +00:00
|
|
|
user.CloseSession(ci.SessionId, "")
|
2019-08-03 21:42:26 +00:00
|
|
|
log.Error(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if existing {
|
2019-09-01 19:23:45 +00:00
|
|
|
preparedConn, err := finishHandshake(sesh.SessionKey)
|
2019-08-03 21:42:26 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
2019-08-06 14:50:33 +00:00
|
|
|
log.Trace("finished handshake")
|
2019-09-01 19:23:45 +00:00
|
|
|
sesh.AddConnection(preparedConn)
|
2019-08-03 21:42:26 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-01 19:23:45 +00:00
|
|
|
preparedConn, err := finishHandshake(sessionKey)
|
2018-10-09 15:07:54 +00:00
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Error(err)
|
2018-10-09 15:07:54 +00:00
|
|
|
return
|
|
|
|
|
}
|
2019-08-06 14:50:33 +00:00
|
|
|
log.Trace("finished handshake")
|
2018-10-09 15:07:54 +00:00
|
|
|
|
2019-08-02 14:45:33 +00:00
|
|
|
log.WithFields(log.Fields{
|
2019-08-12 13:21:42 +00:00
|
|
|
"UID": b64(ci.UID),
|
|
|
|
|
"sessionID": ci.SessionId,
|
2019-08-02 14:45:33 +00:00
|
|
|
}).Info("New session")
|
2019-09-01 19:23:45 +00:00
|
|
|
sesh.AddConnection(preparedConn)
|
2018-12-29 00:54:10 +00:00
|
|
|
|
2019-08-02 00:01:19 +00:00
|
|
|
for {
|
|
|
|
|
newStream, err := sesh.Accept()
|
|
|
|
|
if err != nil {
|
|
|
|
|
if err == mux.ErrBrokenSession {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.WithFields(log.Fields{
|
2019-08-12 13:21:42 +00:00
|
|
|
"UID": b64(ci.UID),
|
|
|
|
|
"sessionID": ci.SessionId,
|
2019-08-02 14:45:33 +00:00
|
|
|
"reason": sesh.TerminalMsg(),
|
|
|
|
|
}).Info("Session closed")
|
2019-08-30 21:14:45 +00:00
|
|
|
user.CloseSession(ci.SessionId, "")
|
2019-08-02 00:01:19 +00:00
|
|
|
return
|
|
|
|
|
} else {
|
2019-11-03 12:22:12 +00:00
|
|
|
// TODO: other errors
|
2018-11-07 21:16:13 +00:00
|
|
|
continue
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
2018-11-07 21:16:13 +00:00
|
|
|
}
|
2019-08-12 22:13:13 +00:00
|
|
|
proxyAddr := sta.ProxyBook[ci.ProxyMethod]
|
2019-12-09 16:12:47 +00:00
|
|
|
d := net.Dialer{KeepAlive: sta.KeepAlive}
|
|
|
|
|
localConn, err := d.Dial(proxyAddr.Network(), proxyAddr.String())
|
2019-08-02 00:01:19 +00:00
|
|
|
if err != nil {
|
2019-08-12 13:21:42 +00:00
|
|
|
log.Errorf("Failed to connect to %v: %v", ci.ProxyMethod, err)
|
2019-08-30 21:14:45 +00:00
|
|
|
user.CloseSession(ci.SessionId, "Failed to connect to proxy server")
|
2019-08-02 00:01:19 +00:00
|
|
|
continue
|
|
|
|
|
}
|
2019-08-20 16:46:36 +00:00
|
|
|
log.Tracef("%v endpoint has been successfully connected", ci.ProxyMethod)
|
2019-08-14 09:04:27 +00:00
|
|
|
|
2020-04-04 14:39:50 +00:00
|
|
|
go util.Pipe(localConn, newStream, sta.Timeout)
|
|
|
|
|
go util.Pipe(newStream, localConn, 0)
|
2019-08-14 09:04:27 +00:00
|
|
|
|
2018-11-07 21:16:13 +00:00
|
|
|
}
|
2018-10-09 15:07:54 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func main() {
|
2019-09-15 14:29:29 +00:00
|
|
|
// set TLS bind host through commandline for legacy support, default 0.0.0,0
|
|
|
|
|
var ssRemoteHost string
|
|
|
|
|
// set TLS bind port through commandline for legacy support, default 443
|
|
|
|
|
var ssRemotePort string
|
2019-06-09 06:10:22 +00:00
|
|
|
var config string
|
2018-10-09 15:07:54 +00:00
|
|
|
|
2019-09-15 14:29:29 +00:00
|
|
|
var pluginMode bool
|
|
|
|
|
|
|
|
|
|
if os.Getenv("SS_LOCAL_HOST") != "" && os.Getenv("SS_LOCAL_PORT") != "" {
|
|
|
|
|
pluginMode = true
|
|
|
|
|
ssRemoteHost = os.Getenv("SS_REMOTE_HOST")
|
|
|
|
|
ssRemotePort = os.Getenv("SS_REMOTE_PORT")
|
2019-06-09 06:10:22 +00:00
|
|
|
config = os.Getenv("SS_PLUGIN_OPTIONS")
|
2018-10-09 15:07:54 +00:00
|
|
|
} else {
|
2019-06-09 06:10:22 +00:00
|
|
|
flag.StringVar(&config, "c", "server.json", "config: path to the configuration file or its content")
|
2018-10-09 15:07:54 +00:00
|
|
|
askVersion := flag.Bool("v", false, "Print the version number")
|
|
|
|
|
printUsage := flag.Bool("h", false, "Print this message")
|
2018-12-17 22:12:38 +00:00
|
|
|
|
|
|
|
|
genUID := flag.Bool("u", false, "Generate a UID")
|
|
|
|
|
genKeyPair := flag.Bool("k", false, "Generate a pair of public and private key, output in the format of pubkey,pvkey")
|
|
|
|
|
|
2019-01-21 11:49:01 +00:00
|
|
|
pprofAddr := flag.String("d", "", "debug use: ip:port to be listened by pprof profiler")
|
2019-08-09 21:51:17 +00:00
|
|
|
verbosity := flag.String("verbosity", "info", "verbosity level")
|
2019-01-21 11:49:01 +00:00
|
|
|
|
2018-10-09 15:07:54 +00:00
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
|
|
if *askVersion {
|
2019-08-02 14:45:33 +00:00
|
|
|
fmt.Printf("ck-server %s", version)
|
2018-10-09 15:07:54 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if *printUsage {
|
|
|
|
|
flag.Usage()
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-12-17 22:12:38 +00:00
|
|
|
if *genUID {
|
|
|
|
|
fmt.Println(generateUID())
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if *genKeyPair {
|
|
|
|
|
pub, pv := generateKeyPair()
|
|
|
|
|
fmt.Printf("%v,%v", pub, pv)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-10-09 15:07:54 +00:00
|
|
|
|
2019-01-21 11:49:01 +00:00
|
|
|
if *pprofAddr != "" {
|
2019-07-25 19:52:15 +00:00
|
|
|
runtime.SetBlockProfileRate(5)
|
|
|
|
|
go func() {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Info(http.ListenAndServe(*pprofAddr, nil))
|
2019-07-25 19:52:15 +00:00
|
|
|
}()
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Infof("pprof listening on %v", *pprofAddr)
|
2019-07-25 19:52:15 +00:00
|
|
|
|
2019-01-21 11:49:01 +00:00
|
|
|
}
|
|
|
|
|
|
2019-08-09 21:51:17 +00:00
|
|
|
lvl, err := log.ParseLevel(*verbosity)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
log.SetLevel(lvl)
|
|
|
|
|
|
2019-09-15 14:29:29 +00:00
|
|
|
log.Infof("Starting standalone mode")
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
2019-09-15 14:29:29 +00:00
|
|
|
sta, _ := server.InitState(time.Now)
|
2018-11-07 21:16:13 +00:00
|
|
|
|
2019-06-09 06:10:22 +00:00
|
|
|
err := sta.ParseConfig(config)
|
2018-10-09 15:07:54 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("Configuration file error: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-15 14:29:29 +00:00
|
|
|
if !pluginMode && len(sta.BindAddr) == 0 {
|
2019-09-15 17:11:23 +00:00
|
|
|
https, _ := net.ResolveTCPAddr("tcp", ":443")
|
|
|
|
|
http, _ := net.ResolveTCPAddr("tcp", ":80")
|
|
|
|
|
sta.BindAddr = []net.Addr{https, http}
|
2019-09-15 14:29:29 +00:00
|
|
|
}
|
|
|
|
|
|
2019-06-09 06:10:22 +00:00
|
|
|
// when cloak is started as a shadowsocks plugin
|
2019-09-15 14:29:29 +00:00
|
|
|
if pluginMode {
|
2019-06-09 06:10:22 +00:00
|
|
|
ssLocalHost := os.Getenv("SS_LOCAL_HOST")
|
|
|
|
|
ssLocalPort := os.Getenv("SS_LOCAL_PORT")
|
2019-09-15 14:29:29 +00:00
|
|
|
|
|
|
|
|
sta.ProxyBook["shadowsocks"], err = net.ResolveTCPAddr("tcp", net.JoinHostPort(ssLocalHost, ssLocalPort))
|
2019-08-12 22:13:13 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
2019-09-15 14:29:29 +00:00
|
|
|
|
|
|
|
|
var ssBind string
|
|
|
|
|
// When listening on an IPv6 and IPv4, SS gives REMOTE_HOST as e.g. ::|0.0.0.0
|
|
|
|
|
v4nv6 := len(strings.Split(ssRemoteHost, "|")) == 2
|
|
|
|
|
if v4nv6 {
|
|
|
|
|
ssBind = ":" + ssRemotePort
|
|
|
|
|
} else {
|
|
|
|
|
ssBind = net.JoinHostPort(ssRemoteHost, ssRemotePort)
|
|
|
|
|
}
|
|
|
|
|
ssBindAddr, err := net.ResolveTCPAddr("tcp", ssBind)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("unable to resolve bind address provided by SS: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
shouldAppend := true
|
|
|
|
|
for i, addr := range sta.BindAddr {
|
|
|
|
|
if addr.String() == ssBindAddr.String() {
|
|
|
|
|
shouldAppend = false
|
|
|
|
|
}
|
|
|
|
|
if addr.String() == ":"+ssRemotePort { // already listening on all interfaces
|
|
|
|
|
shouldAppend = false
|
|
|
|
|
}
|
|
|
|
|
if addr.String() == "0.0.0.0:"+ssRemotePort || addr.String() == "[::]:"+ssRemotePort {
|
|
|
|
|
// if config listens on one ip version but ss wants to listen on both,
|
|
|
|
|
// listen on both
|
|
|
|
|
if ssBindAddr.String() == ":"+ssRemotePort {
|
|
|
|
|
shouldAppend = true
|
|
|
|
|
sta.BindAddr[i] = ssBindAddr
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if shouldAppend {
|
|
|
|
|
sta.BindAddr = append(sta.BindAddr, ssBindAddr)
|
|
|
|
|
}
|
2019-06-09 06:10:22 +00:00
|
|
|
}
|
|
|
|
|
|
2019-09-15 14:29:29 +00:00
|
|
|
listen := func(bindAddr net.Addr) {
|
|
|
|
|
listener, err := net.Listen("tcp", bindAddr.String())
|
|
|
|
|
log.Infof("Listening on %v", bindAddr)
|
2018-10-09 15:07:54 +00:00
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
for {
|
|
|
|
|
conn, err := listener.Accept()
|
|
|
|
|
if err != nil {
|
2019-08-02 14:45:33 +00:00
|
|
|
log.Errorf("%v", err)
|
2018-10-09 15:07:54 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
go dispatchConnection(conn, sta)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-15 14:29:29 +00:00
|
|
|
for i, addr := range sta.BindAddr {
|
|
|
|
|
if i != len(sta.BindAddr)-1 {
|
|
|
|
|
go listen(addr)
|
2018-10-09 15:07:54 +00:00
|
|
|
} else {
|
2019-09-15 14:29:29 +00:00
|
|
|
listen(addr)
|
2018-10-09 15:07:54 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
