Cloak/cmd/ck-server/ck-server.go

package main

import (
	"bytes"
	"crypto/rand"
	"encoding/base64"
	"flag"
	"fmt"
	"io"
	"net"
	"net/http"
	_ "net/http/pprof"
	"os"
	"runtime"
	"strings"
	"time"

	mux "github.com/cbeuw/Cloak/internal/multiplex"
	"github.com/cbeuw/Cloak/internal/server"
	"github.com/cbeuw/Cloak/internal/util"
	log "github.com/sirupsen/logrus"
)

var b64 = base64.StdEncoding.EncodeToString
var version string

func dispatchConnection(conn net.Conn, sta *server.State) {
	remoteAddr := conn.RemoteAddr()
	var err error
	buf := make([]byte, 1500)

	// TODO: potential fingerprint for active probers here
	conn.SetReadDeadline(time.Now().Add(3 * time.Second))
	i, err := io.ReadAtLeast(conn, buf, 1)
	if err != nil {
		go conn.Close()
		return
	}
	conn.SetReadDeadline(time.Time{})
	data := buf[:i]

	goWeb := func() {
		_, remotePort, _ := net.SplitHostPort(conn.LocalAddr().String())
		webConn, err := net.Dial("tcp", net.JoinHostPort(sta.RedirAddr.String(), remotePort))
		if err != nil {
			log.Errorf("Making connection to redirection server: %v", err)
			return
		}
		_, err = webConn.Write(data)
		if err != nil {
			log.Error("Failed to send first packet to redirection server", err)
		}
		go util.Pipe(webConn, conn, 0)
		go util.Pipe(conn, webConn, 0)
	}

	ci, finishHandshake, err := server.PrepareConnection(data, sta, conn)
	if err != nil {
		log.WithFields(log.Fields{
			"remoteAddr":       remoteAddr,
			"UID":              b64(ci.UID),
			"sessionId":        ci.SessionId,
			"proxyMethod":      ci.ProxyMethod,
			"encryptionMethod": ci.EncryptionMethod,
		}).Warn(err)
		goWeb()
		return
	}

	sessionKey := make([]byte, 32)
	rand.Read(sessionKey)
	obfuscator, err := mux.GenerateObfs(ci.EncryptionMethod, sessionKey, ci.Transport.HasRecordLayer())
	if err != nil {
		log.Error(err)
		goWeb()
		return
	}

	// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
	// added to the userinfo database. The distinction between going into the admin mode
	// and normal proxy mode is that sessionID needs == 0 for admin mode
	if bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 {
		preparedConn, err := finishHandshake(sessionKey)
		if err != nil {
			log.Error(err)
			return
		}
		log.Trace("finished handshake")
		seshConfig := &mux.SessionConfig{
			Obfuscator: obfuscator,
			Valve:      nil,
			UnitRead:   ci.Transport.UnitReadFunc(),
		}
		sesh := mux.MakeSession(0, seshConfig)
		sesh.AddConnection(preparedConn)
		//TODO: Router could be nil in cnc mode
		log.WithField("remoteAddr", preparedConn.RemoteAddr()).Info("New admin session")
		err = http.Serve(sesh, sta.LocalAPIRouter)
		if err != nil {
			log.Error(err)
			return
		}
	}

	var user *server.ActiveUser
	if sta.IsBypass(ci.UID) {
		user, err = sta.Panel.GetBypassUser(ci.UID)
	} else {
		user, err = sta.Panel.GetUser(ci.UID)
	}
	if err != nil {
		log.WithFields(log.Fields{
			"UID":        b64(ci.UID),
			"remoteAddr": remoteAddr,
			"error":      err,
		}).Warn("+1 unauthorised UID")
		goWeb()
		return
	}

	seshConfig := &mux.SessionConfig{
		Obfuscator: obfuscator,
		Valve:      nil,
		UnitRead:   ci.Transport.UnitReadFunc(),
		Unordered:  ci.Unordered,
	}
	sesh, existing, err := user.GetSession(ci.SessionId, seshConfig)
	if err != nil {
		user.CloseSession(ci.SessionId, "")
		log.Error(err)
		return
	}

	if existing {
		preparedConn, err := finishHandshake(sesh.SessionKey)
		if err != nil {
			log.Error(err)
			return
		}
		log.Trace("finished handshake")
		sesh.AddConnection(preparedConn)
		return
	}

	preparedConn, err := finishHandshake(sessionKey)
	if err != nil {
		log.Error(err)
		return
	}
	log.Trace("finished handshake")

	log.WithFields(log.Fields{
		"UID":       b64(ci.UID),
		"sessionID": ci.SessionId,
	}).Info("New session")
	sesh.AddConnection(preparedConn)

	for {
		newStream, err := sesh.Accept()
		if err != nil {
			if err == mux.ErrBrokenSession {
				log.WithFields(log.Fields{
					"UID":       b64(ci.UID),
					"sessionID": ci.SessionId,
					"reason":    sesh.TerminalMsg(),
				}).Info("Session closed")
				user.CloseSession(ci.SessionId, "")
				return
			} else {
				continue
			}
		}
		proxyAddr := sta.ProxyBook[ci.ProxyMethod]
		localConn, err := net.Dial(proxyAddr.Network(), proxyAddr.String())
		if err != nil {
			log.Errorf("Failed to connect to %v: %v", ci.ProxyMethod, err)
			user.CloseSession(ci.SessionId, "Failed to connect to proxy server")
			continue
		}
		log.Tracef("%v endpoint has been successfully connected", ci.ProxyMethod)

		go util.Pipe(localConn, newStream, 0)
		go util.Pipe(newStream, localConn, sta.Timeout)

	}

}

func main() {
	// set TLS bind host through commandline for legacy support, default 0.0.0,0
	var ssRemoteHost string
	// set TLS bind port through commandline for legacy support, default 443
	var ssRemotePort string
	var config string

	var pluginMode bool

	if os.Getenv("SS_LOCAL_HOST") != "" && os.Getenv("SS_LOCAL_PORT") != "" {
		pluginMode = true
		ssRemoteHost = os.Getenv("SS_REMOTE_HOST")
		ssRemotePort = os.Getenv("SS_REMOTE_PORT")
		config = os.Getenv("SS_PLUGIN_OPTIONS")
	} else {
		flag.StringVar(&config, "c", "server.json", "config: path to the configuration file or its content")
		askVersion := flag.Bool("v", false, "Print the version number")
		printUsage := flag.Bool("h", false, "Print this message")

		genUID := flag.Bool("u", false, "Generate a UID")
		genKeyPair := flag.Bool("k", false, "Generate a pair of public and private key, output in the format of pubkey,pvkey")

		pprofAddr := flag.String("d", "", "debug use: ip:port to be listened by pprof profiler")
		verbosity := flag.String("verbosity", "info", "verbosity level")

		flag.Parse()

		if *askVersion {
			fmt.Printf("ck-server %s", version)
			return
		}
		if *printUsage {
			flag.Usage()
			return
		}
		if *genUID {
			fmt.Println(generateUID())
			return
		}
		if *genKeyPair {
			pub, pv := generateKeyPair()
			fmt.Printf("%v,%v", pub, pv)
			return
		}

		if *pprofAddr != "" {
			runtime.SetBlockProfileRate(5)
			go func() {
				log.Info(http.ListenAndServe(*pprofAddr, nil))
			}()
			log.Infof("pprof listening on %v", *pprofAddr)

		}

		lvl, err := log.ParseLevel(*verbosity)
		if err != nil {
			log.Fatal(err)
		}
		log.SetLevel(lvl)

		log.Infof("Starting standalone mode")
	}
	sta, _ := server.InitState(time.Now)

	err := sta.ParseConfig(config)
	if err != nil {
		log.Fatalf("Configuration file error: %v", err)
	}

	if !pluginMode && len(sta.BindAddr) == 0 {
		log.Fatalf("bind address cannot be empty")
	}

	// when cloak is started as a shadowsocks plugin
	if pluginMode {
		ssLocalHost := os.Getenv("SS_LOCAL_HOST")
		ssLocalPort := os.Getenv("SS_LOCAL_PORT")

		sta.ProxyBook["shadowsocks"], err = net.ResolveTCPAddr("tcp", net.JoinHostPort(ssLocalHost, ssLocalPort))
		if err != nil {
			log.Fatal(err)
		}

		var ssBind string
		// When listening on an IPv6 and IPv4, SS gives REMOTE_HOST as e.g. ::|0.0.0.0
		v4nv6 := len(strings.Split(ssRemoteHost, "|")) == 2
		if v4nv6 {
			ssBind = ":" + ssRemotePort
		} else {
			ssBind = net.JoinHostPort(ssRemoteHost, ssRemotePort)
		}
		ssBindAddr, err := net.ResolveTCPAddr("tcp", ssBind)
		if err != nil {
			log.Fatalf("unable to resolve bind address provided by SS: %v", err)
		}

		shouldAppend := true
		for i, addr := range sta.BindAddr {
			if addr.String() == ssBindAddr.String() {
				shouldAppend = false
			}
			if addr.String() == ":"+ssRemotePort { // already listening on all interfaces
				shouldAppend = false
			}
			if addr.String() == "0.0.0.0:"+ssRemotePort || addr.String() == "[::]:"+ssRemotePort {
				// if config listens on one ip version but ss wants to listen on both,
				// listen on both
				if ssBindAddr.String() == ":"+ssRemotePort {
					shouldAppend = true
					sta.BindAddr[i] = ssBindAddr
				}
			}
		}
		if shouldAppend {
			sta.BindAddr = append(sta.BindAddr, ssBindAddr)
		}
	}

	listen := func(bindAddr net.Addr) {
		listener, err := net.Listen("tcp", bindAddr.String())
		log.Infof("Listening on %v", bindAddr)
		if err != nil {
			log.Fatal(err)
		}
		for {
			conn, err := listener.Accept()
			if err != nil {
				log.Errorf("%v", err)
				continue
			}
			go dispatchConnection(conn, sta)
		}
	}

	for i, addr := range sta.BindAddr {
		if i != len(sta.BindAddr)-1 {
			go listen(addr)
		} else {
			listen(addr)
		}
	}

}
Untested server 6 years ago			`package main`

			`import (`
Implement admin control through a tunneled RESTful API 5 years ago			`"bytes"`
TLS1.3 5 years ago			`"crypto/rand"`
Cleanup logs 6 years ago			`"encoding/base64"`
Untested server 6 years ago			`"flag"`
			`"fmt"`
			`"io"`
			`"net"`
Implement admin control through a tunneled RESTful API 5 years ago			`"net/http"`
Close pipe properly 5 years ago			`_ "net/http/pprof"`
Untested server 6 years ago			`"os"`
pprof now will not require debug build flag 5 years ago			`"runtime"`
Untested server 6 years ago			`"strings"`
			`"time"`

			`mux "github.com/cbeuw/Cloak/internal/multiplex"`
			`"github.com/cbeuw/Cloak/internal/server"`
			`"github.com/cbeuw/Cloak/internal/util"`
Improve logging 5 years ago			`log "github.com/sirupsen/logrus"`
Untested server 6 years ago			`)`

Improve logging 5 years ago			`var b64 = base64.StdEncoding.EncodeToString`
Untested server 6 years ago			`var version string`

			`func dispatchConnection(conn net.Conn, sta *server.State) {`
Improve logging 5 years ago			`remoteAddr := conn.RemoteAddr()`
			`var err error`
Untested server 6 years ago			`buf := make([]byte, 1500)`

Rename a test set 5 years ago			`// TODO: potential fingerprint for active probers here`
Untested server 6 years ago			`conn.SetReadDeadline(time.Now().Add(3 * time.Second))`
			`i, err := io.ReadAtLeast(conn, buf, 1)`
			`if err != nil {`
			`go conn.Close()`
			`return`
			`}`
			`conn.SetReadDeadline(time.Time{})`
			`data := buf[:i]`
TLS1.3 5 years ago
			`goWeb := func() {`
Allow server to listen on multiple ports 5 years ago			`_, remotePort, _ := net.SplitHostPort(conn.LocalAddr().String())`
			`webConn, err := net.Dial("tcp", net.JoinHostPort(sta.RedirAddr.String(), remotePort))`
TLS1.3 5 years ago			`if err != nil {`
Improve logging 5 years ago			`log.Errorf("Making connection to redirection server: %v", err)`
TLS1.3 5 years ago			`return`
			`}`
Fix redirection 5 years ago			`_, err = webConn.Write(data)`
			`if err != nil {`
			`log.Error("Failed to send first packet to redirection server", err)`
			`}`
Add Stream Timeout 5 years ago			`go util.Pipe(webConn, conn, 0)`
			`go util.Pipe(conn, webConn, 0)`
TLS1.3 5 years ago			`}`

Refactor return value of decryption 5 years ago			`ci, finishHandshake, err := server.PrepareConnection(data, sta, conn)`
Untested server 6 years ago			`if err != nil {`
Improve logging 5 years ago			`log.WithFields(log.Fields{`
Refactor TLS handshake 5 years ago			`"remoteAddr": remoteAddr,`
Refactor return value of decryption 5 years ago			`"UID": b64(ci.UID),`
			`"sessionId": ci.SessionId,`
			`"proxyMethod": ci.ProxyMethod,`
			`"encryptionMethod": ci.EncryptionMethod,`
Refactor TLS handshake 5 years ago			`}).Warn(err)`
Re add goWeb 5 years ago			`goWeb()`
			`return`
TLS1.3 5 years ago			`}`
Basic remote control 6 years ago
TLS1.3 5 years ago			`sessionKey := make([]byte, 32)`
			`rand.Read(sessionKey)`
Working direct WebSocket transport 5 years ago			`obfuscator, err := mux.GenerateObfs(ci.EncryptionMethod, sessionKey, ci.Transport.HasRecordLayer())`
TLS1.3 5 years ago			`if err != nil {`
Improve logging 5 years ago			`log.Error(err)`
TLS1.3 5 years ago			`goWeb()`
Re add goWeb 5 years ago			`return`
TLS1.3 5 years ago			`}`

Implement admin control through a tunneled RESTful API 5 years ago			`// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not`
			`// added to the userinfo database. The distinction between going into the admin mode`
			`// and normal proxy mode is that sessionID needs == 0 for admin mode`
Refactor return value of decryption 5 years ago			`if bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 {`
Working direct WebSocket transport 5 years ago			`preparedConn, err := finishHandshake(sessionKey)`
Implement admin control through a tunneled RESTful API 5 years ago			`if err != nil {`
Improve logging 5 years ago			`log.Error(err)`
Implement admin control through a tunneled RESTful API 5 years ago			`return`
Rewrite user authentication, credit bookkeeping and db interaction 5 years ago			`}`
Refactor TLS handshake 5 years ago			`log.Trace("finished handshake")`
Refactor session configuration 5 years ago			`seshConfig := &mux.SessionConfig{`
			`Obfuscator: obfuscator,`
			`Valve: nil,`
Working direct WebSocket transport 5 years ago			`UnitRead: ci.Transport.UnitReadFunc(),`
Refactor session configuration 5 years ago			`}`
			`sesh := mux.MakeSession(0, seshConfig)`
Working direct WebSocket transport 5 years ago			`sesh.AddConnection(preparedConn)`
Implement admin control through a tunneled RESTful API 5 years ago			`//TODO: Router could be nil in cnc mode`
Working direct WebSocket transport 5 years ago			`log.WithField("remoteAddr", preparedConn.RemoteAddr()).Info("New admin session")`
Implement admin control through a tunneled RESTful API 5 years ago			`err = http.Serve(sesh, sta.LocalAPIRouter)`
			`if err != nil {`
Improve logging 5 years ago			`log.Error(err)`
Implement admin control through a tunneled RESTful API 5 years ago			`return`
			`}`
			`}`
Client using AdminUID can now use the proxy without adding themselves to the db 6 years ago
Add user bypass feature 5 years ago			`var user *server.ActiveUser`
Refactor return value of decryption 5 years ago			`if sta.IsBypass(ci.UID) {`
			`user, err = sta.Panel.GetBypassUser(ci.UID)`
Add user bypass feature 5 years ago			`} else {`
Refactor return value of decryption 5 years ago			`user, err = sta.Panel.GetUser(ci.UID)`
Add user bypass feature 5 years ago			`}`
Fix admin session 5 years ago			`if err != nil {`
			`log.WithFields(log.Fields{`
Refactor return value of decryption 5 years ago			`"UID": b64(ci.UID),`
Fix admin session 5 years ago			`"remoteAddr": remoteAddr,`
			`"error": err,`
			`}).Warn("+1 unauthorised UID")`
			`goWeb()`
			`return`
			`}`

Refactor session configuration 5 years ago			`seshConfig := &mux.SessionConfig{`
			`Obfuscator: obfuscator,`
			`Valve: nil,`
Working direct WebSocket transport 5 years ago			`UnitRead: ci.Transport.UnitReadFunc(),`
Experimental support for UDP 5 years ago			`Unordered: ci.Unordered,`
Refactor session configuration 5 years ago			`}`
Refactor return value of decryption 5 years ago			`sesh, existing, err := user.GetSession(ci.SessionId, seshConfig)`
Fix admin session 5 years ago			`if err != nil {`
Change the way user termination works 5 years ago			`user.CloseSession(ci.SessionId, "")`
Fix admin session 5 years ago			`log.Error(err)`
			`return`
			`}`

			`if existing {`
Working direct WebSocket transport 5 years ago			`preparedConn, err := finishHandshake(sesh.SessionKey)`
Fix admin session 5 years ago			`if err != nil {`
			`log.Error(err)`
			`return`
			`}`
Refactor TLS handshake 5 years ago			`log.Trace("finished handshake")`
Working direct WebSocket transport 5 years ago			`sesh.AddConnection(preparedConn)`
Fix admin session 5 years ago			`return`
			`}`

Working direct WebSocket transport 5 years ago			`preparedConn, err := finishHandshake(sessionKey)`
Untested server 6 years ago			`if err != nil {`
Improve logging 5 years ago			`log.Error(err)`
Untested server 6 years ago			`return`
			`}`
Refactor TLS handshake 5 years ago			`log.Trace("finished handshake")`
Untested server 6 years ago
Improve logging 5 years ago			`log.WithFields(log.Fields{`
Refactor return value of decryption 5 years ago			`"UID": b64(ci.UID),`
			`"sessionID": ci.SessionId,`
Improve logging 5 years ago			`}).Info("New session")`
Working direct WebSocket transport 5 years ago			`sesh.AddConnection(preparedConn)`
Implement SessionsCap and ExpiryTime limitations 6 years ago
TLS1.3 5 years ago			`for {`
			`newStream, err := sesh.Accept()`
			`if err != nil {`
			`if err == mux.ErrBrokenSession {`
Improve logging 5 years ago			`log.WithFields(log.Fields{`
Refactor return value of decryption 5 years ago			`"UID": b64(ci.UID),`
			`"sessionID": ci.SessionId,`
Improve logging 5 years ago			`"reason": sesh.TerminalMsg(),`
			`}).Info("Session closed")`
Change the way user termination works 5 years ago			`user.CloseSession(ci.SessionId, "")`
TLS1.3 5 years ago			`return`
			`} else {`
QOS and user managing, bug fixes 6 years ago			`continue`
Untested server 6 years ago			`}`
QOS and user managing, bug fixes 6 years ago			`}`
Server side UDP to proxy server 5 years ago			`proxyAddr := sta.ProxyBook[ci.ProxyMethod]`
			`localConn, err := net.Dial(proxyAddr.Network(), proxyAddr.String())`
TLS1.3 5 years ago			`if err != nil {`
Refactor return value of decryption 5 years ago			`log.Errorf("Failed to connect to %v: %v", ci.ProxyMethod, err)`
Change the way user termination works 5 years ago			`user.CloseSession(ci.SessionId, "Failed to connect to proxy server")`
TLS1.3 5 years ago			`continue`
			`}`
Change a verbose logging to trace 5 years ago			`log.Tracef("%v endpoint has been successfully connected", ci.ProxyMethod)`
Experimental support for UDP 5 years ago
Add Stream Timeout 5 years ago			`go util.Pipe(localConn, newStream, 0)`
			`go util.Pipe(newStream, localConn, sta.Timeout)`
Experimental support for UDP 5 years ago
QOS and user managing, bug fixes 6 years ago			`}`
Untested server 6 years ago
			`}`

			`func main() {`
Allow server to listen on multiple ports 5 years ago			`// set TLS bind host through commandline for legacy support, default 0.0.0,0`
			`var ssRemoteHost string`
			`// set TLS bind port through commandline for legacy support, default 443`
			`var ssRemotePort string`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`var config string`
Untested server 6 years ago
Allow server to listen on multiple ports 5 years ago			`var pluginMode bool`

			`if os.Getenv("SS_LOCAL_HOST") != "" && os.Getenv("SS_LOCAL_PORT") != "" {`
			`pluginMode = true`
			`ssRemoteHost = os.Getenv("SS_REMOTE_HOST")`
			`ssRemotePort = os.Getenv("SS_REMOTE_PORT")`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`config = os.Getenv("SS_PLUGIN_OPTIONS")`
Untested server 6 years ago			`} else {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`flag.StringVar(&config, "c", "server.json", "config: path to the configuration file or its content")`
Untested server 6 years ago			`askVersion := flag.Bool("v", false, "Print the version number")`
			`printUsage := flag.Bool("h", false, "Print this message")`
Integrate keygen util into ck-server 6 years ago
			`genUID := flag.Bool("u", false, "Generate a UID")`
			`genKeyPair := flag.Bool("k", false, "Generate a pair of public and private key, output in the format of pubkey,pvkey")`

Make pprof optional 6 years ago			`pprofAddr := flag.String("d", "", "debug use: ip:port to be listened by pprof profiler")`
Add verbosity arguments 5 years ago			`verbosity := flag.String("verbosity", "info", "verbosity level")`
Make pprof optional 6 years ago
Untested server 6 years ago			`flag.Parse()`

			`if *askVersion {`
Improve logging 5 years ago			`fmt.Printf("ck-server %s", version)`
Untested server 6 years ago			`return`
			`}`
			`if *printUsage {`
			`flag.Usage()`
			`return`
			`}`
Integrate keygen util into ck-server 6 years ago			`if *genUID {`
			`fmt.Println(generateUID())`
			`return`
			`}`
			`if *genKeyPair {`
			`pub, pv := generateKeyPair()`
			`fmt.Printf("%v,%v", pub, pv)`
			`return`
			`}`
Untested server 6 years ago
Make pprof optional 6 years ago			`if *pprofAddr != "" {`
pprof now will not require debug build flag 5 years ago			`runtime.SetBlockProfileRate(5)`
			`go func() {`
Improve logging 5 years ago			`log.Info(http.ListenAndServe(*pprofAddr, nil))`
pprof now will not require debug build flag 5 years ago			`}()`
Improve logging 5 years ago			`log.Infof("pprof listening on %v", *pprofAddr)`
pprof now will not require debug build flag 5 years ago
Make pprof optional 6 years ago			`}`

Add verbosity arguments 5 years ago			`lvl, err := log.ParseLevel(*verbosity)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`log.SetLevel(lvl)`

Allow server to listen on multiple ports 5 years ago			`log.Infof("Starting standalone mode")`
Untested server 6 years ago			`}`
Allow server to listen on multiple ports 5 years ago			`sta, _ := server.InitState(time.Now)`
QOS and user managing, bug fixes 6 years ago
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`err := sta.ParseConfig(config)`
Untested server 6 years ago			`if err != nil {`
			`log.Fatalf("Configuration file error: %v", err)`
			`}`

Allow server to listen on multiple ports 5 years ago			`if !pluginMode && len(sta.BindAddr) == 0 {`
			`log.Fatalf("bind address cannot be empty")`
			`}`

Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`// when cloak is started as a shadowsocks plugin`
Allow server to listen on multiple ports 5 years ago			`if pluginMode {`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`ssLocalHost := os.Getenv("SS_LOCAL_HOST")`
			`ssLocalPort := os.Getenv("SS_LOCAL_PORT")`
Allow server to listen on multiple ports 5 years ago
			`sta.ProxyBook["shadowsocks"], err = net.ResolveTCPAddr("tcp", net.JoinHostPort(ssLocalHost, ssLocalPort))`
Server side UDP to proxy server 5 years ago			`if err != nil {`
			`log.Fatal(err)`
			`}`
Allow server to listen on multiple ports 5 years ago
			`var ssBind string`
			`// When listening on an IPv6 and IPv4, SS gives REMOTE_HOST as e.g. ::\|0.0.0.0`
			`v4nv6 := len(strings.Split(ssRemoteHost, "\|")) == 2`
			`if v4nv6 {`
			`ssBind = ":" + ssRemotePort`
			`} else {`
			`ssBind = net.JoinHostPort(ssRemoteHost, ssRemotePort)`
			`}`
			`ssBindAddr, err := net.ResolveTCPAddr("tcp", ssBind)`
			`if err != nil {`
			`log.Fatalf("unable to resolve bind address provided by SS: %v", err)`
			`}`

			`shouldAppend := true`
			`for i, addr := range sta.BindAddr {`
			`if addr.String() == ssBindAddr.String() {`
			`shouldAppend = false`
			`}`
			`if addr.String() == ":"+ssRemotePort { // already listening on all interfaces`
			`shouldAppend = false`
			`}`
			`if addr.String() == "0.0.0.0:"+ssRemotePort \|\| addr.String() == "[::]:"+ssRemotePort {`
			`// if config listens on one ip version but ss wants to listen on both,`
			`// listen on both`
			`if ssBindAddr.String() == ":"+ssRemotePort {`
			`shouldAppend = true`
			`sta.BindAddr[i] = ssBindAddr`
			`}`
			`}`
			`}`
			`if shouldAppend {`
			`sta.BindAddr = append(sta.BindAddr, ssBindAddr)`
			`}`
Cloak 2: generalising cloak as a universal pluggable transport for arbitary proxies 5 years ago			`}`

Allow server to listen on multiple ports 5 years ago			`listen := func(bindAddr net.Addr) {`
			`listener, err := net.Listen("tcp", bindAddr.String())`
			`log.Infof("Listening on %v", bindAddr)`
Untested server 6 years ago			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`for {`
			`conn, err := listener.Accept()`
			`if err != nil {`
Improve logging 5 years ago			`log.Errorf("%v", err)`
Untested server 6 years ago			`continue`
			`}`
			`go dispatchConnection(conn, sta)`
			`}`
			`}`

Allow server to listen on multiple ports 5 years ago			`for i, addr := range sta.BindAddr {`
			`if i != len(sta.BindAddr)-1 {`
			`go listen(addr)`
Untested server 6 years ago			`} else {`
Allow server to listen on multiple ports 5 years ago			`listen(addr)`
Untested server 6 years ago			`}`
			`}`

			`}`