2021-07-18 16:09:09 +08:00
|
|
|
package socks4
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
|
|
|
"errors"
|
|
|
|
"io"
|
|
|
|
"net"
|
2022-04-20 01:52:51 +08:00
|
|
|
"net/netip"
|
2021-07-18 16:09:09 +08:00
|
|
|
"strconv"
|
|
|
|
|
2023-11-03 21:01:45 +08:00
|
|
|
"github.com/metacubex/mihomo/component/auth"
|
2021-07-18 16:09:09 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
const Version = 0x04
|
|
|
|
|
|
|
|
type Command = uint8
|
|
|
|
|
|
|
|
const (
|
|
|
|
CmdConnect Command = 0x01
|
|
|
|
CmdBind Command = 0x02
|
|
|
|
)
|
|
|
|
|
|
|
|
type Code = uint8
|
|
|
|
|
|
|
|
const (
|
|
|
|
RequestGranted Code = 90
|
|
|
|
RequestRejected Code = 91
|
|
|
|
RequestIdentdFailed Code = 92
|
|
|
|
RequestIdentdMismatched Code = 93
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
errVersionMismatched = errors.New("version code mismatched")
|
|
|
|
errCommandNotSupported = errors.New("command not supported")
|
|
|
|
errIPv6NotSupported = errors.New("IPv6 not supported")
|
|
|
|
|
|
|
|
ErrRequestRejected = errors.New("request rejected or failed")
|
|
|
|
ErrRequestIdentdFailed = errors.New("request rejected because SOCKS server cannot connect to identd on the client")
|
|
|
|
ErrRequestIdentdMismatched = errors.New("request rejected because the client program and identd report different user-ids")
|
|
|
|
ErrRequestUnknownCode = errors.New("request failed with unknown code")
|
|
|
|
)
|
|
|
|
|
2022-04-20 01:52:51 +08:00
|
|
|
var subnet = netip.PrefixFrom(netip.IPv4Unspecified(), 24)
|
|
|
|
|
2024-04-25 11:48:53 +08:00
|
|
|
func ServerHandshake(rw io.ReadWriter, authenticator auth.Authenticator) (addr string, command Command, user string, err error) {
|
2021-07-18 16:09:09 +08:00
|
|
|
var req [8]byte
|
|
|
|
if _, err = io.ReadFull(rw, req[:]); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if req[0] != Version {
|
|
|
|
err = errVersionMismatched
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if command = req[1]; command != CmdConnect {
|
|
|
|
err = errCommandNotSupported
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
2022-04-20 01:52:51 +08:00
|
|
|
dstIP = netip.AddrFrom4(*(*[4]byte)(req[4:8])) // [4]byte
|
|
|
|
dstPort = req[2:4] // [2]byte
|
2021-07-18 16:09:09 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
host string
|
|
|
|
port string
|
|
|
|
code uint8
|
|
|
|
userID []byte
|
|
|
|
)
|
|
|
|
if userID, err = readUntilNull(rw); err != nil {
|
|
|
|
return
|
|
|
|
}
|
2024-04-25 11:48:53 +08:00
|
|
|
user = string(userID)
|
2021-07-18 16:09:09 +08:00
|
|
|
|
|
|
|
if isReservedIP(dstIP) {
|
|
|
|
var target []byte
|
|
|
|
if target, err = readUntilNull(rw); err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
host = string(target)
|
|
|
|
}
|
|
|
|
|
|
|
|
port = strconv.Itoa(int(binary.BigEndian.Uint16(dstPort)))
|
|
|
|
if host != "" {
|
|
|
|
addr = net.JoinHostPort(host, port)
|
|
|
|
} else {
|
2022-04-20 01:52:51 +08:00
|
|
|
addr = net.JoinHostPort(dstIP.String(), port)
|
2021-07-18 16:09:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// SOCKS4 only support USERID auth.
|
2024-04-25 11:48:53 +08:00
|
|
|
if authenticator == nil || authenticator.Verify(user, "") {
|
2021-07-18 16:09:09 +08:00
|
|
|
code = RequestGranted
|
|
|
|
} else {
|
|
|
|
code = RequestIdentdMismatched
|
2021-09-15 16:45:57 +08:00
|
|
|
err = ErrRequestIdentdMismatched
|
2021-07-18 16:09:09 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
var reply [8]byte
|
|
|
|
reply[0] = 0x00 // reply code
|
|
|
|
reply[1] = code // result code
|
2022-04-20 01:52:51 +08:00
|
|
|
copy(reply[4:8], dstIP.AsSlice())
|
2021-07-18 16:09:09 +08:00
|
|
|
copy(reply[2:4], dstPort)
|
|
|
|
|
2021-09-15 16:45:57 +08:00
|
|
|
_, wErr := rw.Write(reply[:])
|
|
|
|
if err == nil {
|
|
|
|
err = wErr
|
|
|
|
}
|
2021-07-18 16:09:09 +08:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
func ClientHandshake(rw io.ReadWriter, addr string, command Command, userID string) (err error) {
|
|
|
|
host, portStr, err := net.SplitHostPort(addr)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
port, err := strconv.ParseUint(portStr, 10, 16)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-04-20 01:52:51 +08:00
|
|
|
dstIP, err := netip.ParseAddr(host)
|
|
|
|
if err != nil /* HOST */ {
|
|
|
|
dstIP = netip.AddrFrom4([4]byte{0, 0, 0, 1})
|
|
|
|
} else if dstIP.Is6() /* IPv6 */ {
|
2021-07-18 16:09:09 +08:00
|
|
|
return errIPv6NotSupported
|
|
|
|
}
|
|
|
|
|
|
|
|
req := &bytes.Buffer{}
|
|
|
|
req.WriteByte(Version)
|
|
|
|
req.WriteByte(command)
|
2022-04-20 01:52:51 +08:00
|
|
|
_ = binary.Write(req, binary.BigEndian, uint16(port))
|
|
|
|
req.Write(dstIP.AsSlice())
|
2021-07-18 16:09:09 +08:00
|
|
|
req.WriteString(userID)
|
|
|
|
req.WriteByte(0) /* NULL */
|
|
|
|
|
|
|
|
if isReservedIP(dstIP) /* SOCKS4A */ {
|
|
|
|
req.WriteString(host)
|
|
|
|
req.WriteByte(0) /* NULL */
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err = rw.Write(req.Bytes()); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var resp [8]byte
|
|
|
|
if _, err = io.ReadFull(rw, resp[:]); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp[0] != 0x00 {
|
|
|
|
return errVersionMismatched
|
|
|
|
}
|
|
|
|
|
|
|
|
switch resp[1] {
|
|
|
|
case RequestGranted:
|
|
|
|
return nil
|
|
|
|
case RequestRejected:
|
|
|
|
return ErrRequestRejected
|
|
|
|
case RequestIdentdFailed:
|
|
|
|
return ErrRequestIdentdFailed
|
|
|
|
case RequestIdentdMismatched:
|
|
|
|
return ErrRequestIdentdMismatched
|
|
|
|
default:
|
|
|
|
return ErrRequestUnknownCode
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// For version 4A, if the client cannot resolve the destination host's
|
|
|
|
// domain name to find its IP address, it should set the first three bytes
|
|
|
|
// of DSTIP to NULL and the last byte to a non-zero value. (This corresponds
|
|
|
|
// to IP address 0.0.0.x, with x nonzero. As decreed by IANA -- The
|
|
|
|
// Internet Assigned Numbers Authority -- such an address is inadmissible
|
|
|
|
// as a destination IP address and thus should never occur if the client
|
|
|
|
// can resolve the domain name.)
|
2022-04-20 01:52:51 +08:00
|
|
|
func isReservedIP(ip netip.Addr) bool {
|
2021-07-18 16:09:09 +08:00
|
|
|
return !ip.IsUnspecified() && subnet.Contains(ip)
|
|
|
|
}
|
|
|
|
|
|
|
|
func readUntilNull(r io.Reader) ([]byte, error) {
|
2021-10-10 23:44:09 +08:00
|
|
|
buf := &bytes.Buffer{}
|
2021-07-18 16:09:09 +08:00
|
|
|
var data [1]byte
|
|
|
|
|
|
|
|
for {
|
|
|
|
if _, err := r.Read(data[:]); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if data[0] == 0 {
|
|
|
|
return buf.Bytes(), nil
|
|
|
|
}
|
|
|
|
buf.WriteByte(data[0])
|
|
|
|
}
|
|
|
|
}
|