2021-03-29 15:59:14 +08:00
|
|
|
use crate::{bail, bytes_codec::BytesCodec, ResultType};
|
2023-01-27 11:42:08 +08:00
|
|
|
use anyhow::Context as AnyhowCtx;
|
2021-03-29 15:59:14 +08:00
|
|
|
use bytes::{BufMut, Bytes, BytesMut};
|
2021-06-25 19:42:51 +08:00
|
|
|
use futures::{SinkExt, StreamExt};
|
2021-03-29 15:59:14 +08:00
|
|
|
use protobuf::Message;
|
2023-05-14 18:17:02 +08:00
|
|
|
use sodiumoxide::crypto::{
|
|
|
|
|
box_,
|
|
|
|
|
secretbox::{self, Key, Nonce},
|
|
|
|
|
};
|
2021-03-29 15:59:14 +08:00
|
|
|
use std::{
|
2022-01-02 22:55:33 +08:00
|
|
|
io::{self, Error, ErrorKind},
|
2023-01-04 18:35:31 +08:00
|
|
|
net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr},
|
2021-03-29 15:59:14 +08:00
|
|
|
ops::{Deref, DerefMut},
|
2022-01-02 22:55:33 +08:00
|
|
|
pin::Pin,
|
|
|
|
|
task::{Context, Poll},
|
2021-03-29 15:59:14 +08:00
|
|
|
};
|
2022-01-02 22:55:33 +08:00
|
|
|
use tokio::{
|
|
|
|
|
io::{AsyncRead, AsyncWrite, ReadBuf},
|
|
|
|
|
net::{lookup_host, TcpListener, TcpSocket, ToSocketAddrs},
|
|
|
|
|
};
|
|
|
|
|
use tokio_socks::{tcp::Socks5Stream, IntoTargetAddr, ToProxyAddrs};
|
2021-03-29 15:59:14 +08:00
|
|
|
use tokio_util::codec::Framed;
|
|
|
|
|
|
2022-01-02 22:55:33 +08:00
|
|
|
pub trait TcpStreamTrait: AsyncRead + AsyncWrite + Unpin {}
|
2022-01-19 16:40:05 +08:00
|
|
|
pub struct DynTcpStream(Box<dyn TcpStreamTrait + Send + Sync>);
|
2022-01-02 22:55:33 +08:00
|
|
|
|
2023-05-14 18:17:02 +08:00
|
|
|
#[derive(Clone)]
|
|
|
|
|
pub struct Encrypt(Key, u64, u64);
|
|
|
|
|
|
2022-01-02 22:55:33 +08:00
|
|
|
pub struct FramedStream(
|
|
|
|
|
Framed<DynTcpStream, BytesCodec>,
|
|
|
|
|
SocketAddr,
|
2023-05-14 18:17:02 +08:00
|
|
|
Option<Encrypt>,
|
2022-01-02 22:55:33 +08:00
|
|
|
u64,
|
|
|
|
|
);
|
2021-03-29 15:59:14 +08:00
|
|
|
|
|
|
|
|
impl Deref for FramedStream {
|
2022-01-02 22:55:33 +08:00
|
|
|
type Target = Framed<DynTcpStream, BytesCodec>;
|
2021-03-29 15:59:14 +08:00
|
|
|
|
|
|
|
|
fn deref(&self) -> &Self::Target {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl DerefMut for FramedStream {
|
|
|
|
|
fn deref_mut(&mut self) -> &mut Self::Target {
|
|
|
|
|
&mut self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-02 22:55:33 +08:00
|
|
|
impl Deref for DynTcpStream {
|
2022-01-19 16:40:05 +08:00
|
|
|
type Target = Box<dyn TcpStreamTrait + Send + Sync>;
|
2022-01-02 22:55:33 +08:00
|
|
|
|
|
|
|
|
fn deref(&self) -> &Self::Target {
|
|
|
|
|
&self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl DerefMut for DynTcpStream {
|
|
|
|
|
fn deref_mut(&mut self) -> &mut Self::Target {
|
|
|
|
|
&mut self.0
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-25 19:42:51 +08:00
|
|
|
fn new_socket(addr: std::net::SocketAddr, reuse: bool) -> Result<TcpSocket, std::io::Error> {
|
|
|
|
|
let socket = match addr {
|
|
|
|
|
std::net::SocketAddr::V4(..) => TcpSocket::new_v4()?,
|
|
|
|
|
std::net::SocketAddr::V6(..) => TcpSocket::new_v6()?,
|
|
|
|
|
};
|
|
|
|
|
if reuse {
|
|
|
|
|
// windows has no reuse_port, but it's reuse_address
|
|
|
|
|
// almost equals to unix's reuse_port + reuse_address,
|
2021-11-14 18:52:05 +03:30
|
|
|
// though may introduce nondeterministic behavior
|
2021-06-25 19:42:51 +08:00
|
|
|
#[cfg(unix)]
|
2023-06-27 15:20:32 +08:00
|
|
|
socket.set_reuseport(true).ok();
|
|
|
|
|
socket.set_reuseaddr(true).ok();
|
2021-06-25 19:42:51 +08:00
|
|
|
}
|
|
|
|
|
socket.bind(addr)?;
|
|
|
|
|
Ok(socket)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-29 15:59:14 +08:00
|
|
|
impl FramedStream {
|
2022-12-29 20:34:52 +08:00
|
|
|
pub async fn new<T: ToSocketAddrs + std::fmt::Display>(
|
|
|
|
|
remote_addr: T,
|
|
|
|
|
local_addr: Option<SocketAddr>,
|
2021-03-29 15:59:14 +08:00
|
|
|
ms_timeout: u64,
|
|
|
|
|
) -> ResultType<Self> {
|
2022-12-29 20:34:52 +08:00
|
|
|
for remote_addr in lookup_host(&remote_addr).await? {
|
|
|
|
|
let local = if let Some(addr) = local_addr {
|
|
|
|
|
addr
|
|
|
|
|
} else {
|
|
|
|
|
crate::config::Config::get_any_listen_addr(remote_addr.is_ipv4())
|
|
|
|
|
};
|
|
|
|
|
if let Ok(socket) = new_socket(local, true) {
|
|
|
|
|
if let Ok(Ok(stream)) =
|
|
|
|
|
super::timeout(ms_timeout, socket.connect(remote_addr)).await
|
|
|
|
|
{
|
|
|
|
|
stream.set_nodelay(true).ok();
|
|
|
|
|
let addr = stream.local_addr()?;
|
|
|
|
|
return Ok(Self(
|
|
|
|
|
Framed::new(DynTcpStream(Box::new(stream)), BytesCodec::new()),
|
|
|
|
|
addr,
|
|
|
|
|
None,
|
|
|
|
|
0,
|
|
|
|
|
));
|
|
|
|
|
}
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
}
|
2023-02-08 17:26:44 +08:00
|
|
|
bail!(format!("Failed to connect to {remote_addr}"));
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
|
2022-12-29 20:34:52 +08:00
|
|
|
pub async fn connect<'a, 't, P, T>(
|
2022-01-02 22:55:33 +08:00
|
|
|
proxy: P,
|
2022-12-29 20:34:52 +08:00
|
|
|
target: T,
|
|
|
|
|
local_addr: Option<SocketAddr>,
|
2022-01-02 22:55:33 +08:00
|
|
|
username: &'a str,
|
|
|
|
|
password: &'a str,
|
|
|
|
|
ms_timeout: u64,
|
|
|
|
|
) -> ResultType<Self>
|
|
|
|
|
where
|
|
|
|
|
P: ToProxyAddrs,
|
2022-12-29 20:34:52 +08:00
|
|
|
T: IntoTargetAddr<'t>,
|
2022-01-02 22:55:33 +08:00
|
|
|
{
|
2022-12-29 20:34:52 +08:00
|
|
|
if let Some(Ok(proxy)) = proxy.to_proxy_addrs().next().await {
|
|
|
|
|
let local = if let Some(addr) = local_addr {
|
|
|
|
|
addr
|
|
|
|
|
} else {
|
|
|
|
|
crate::config::Config::get_any_listen_addr(proxy.is_ipv4())
|
|
|
|
|
};
|
|
|
|
|
let stream =
|
|
|
|
|
super::timeout(ms_timeout, new_socket(local, true)?.connect(proxy)).await??;
|
|
|
|
|
stream.set_nodelay(true).ok();
|
|
|
|
|
let stream = if username.trim().is_empty() {
|
|
|
|
|
super::timeout(
|
|
|
|
|
ms_timeout,
|
|
|
|
|
Socks5Stream::connect_with_socket(stream, target),
|
|
|
|
|
)
|
|
|
|
|
.await??
|
|
|
|
|
} else {
|
|
|
|
|
super::timeout(
|
|
|
|
|
ms_timeout,
|
|
|
|
|
Socks5Stream::connect_with_password_and_socket(
|
|
|
|
|
stream, target, username, password,
|
|
|
|
|
),
|
|
|
|
|
)
|
|
|
|
|
.await??
|
2022-01-02 22:55:33 +08:00
|
|
|
};
|
2022-12-29 20:34:52 +08:00
|
|
|
let addr = stream.local_addr()?;
|
|
|
|
|
return Ok(Self(
|
|
|
|
|
Framed::new(DynTcpStream(Box::new(stream)), BytesCodec::new()),
|
|
|
|
|
addr,
|
|
|
|
|
None,
|
|
|
|
|
0,
|
|
|
|
|
));
|
|
|
|
|
}
|
2022-01-02 22:55:33 +08:00
|
|
|
bail!("could not resolve to any address");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn local_addr(&self) -> SocketAddr {
|
|
|
|
|
self.1
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-24 19:13:11 +08:00
|
|
|
pub fn set_send_timeout(&mut self, ms: u64) {
|
2022-01-02 22:55:33 +08:00
|
|
|
self.3 = ms;
|
2021-12-24 19:13:11 +08:00
|
|
|
}
|
|
|
|
|
|
2022-01-19 16:40:05 +08:00
|
|
|
pub fn from(stream: impl TcpStreamTrait + Send + Sync + 'static, addr: SocketAddr) -> Self {
|
2022-01-02 22:55:33 +08:00
|
|
|
Self(
|
|
|
|
|
Framed::new(DynTcpStream(Box::new(stream)), BytesCodec::new()),
|
|
|
|
|
addr,
|
|
|
|
|
None,
|
|
|
|
|
0,
|
|
|
|
|
)
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn set_raw(&mut self) {
|
|
|
|
|
self.0.codec_mut().set_raw();
|
2022-01-02 22:55:33 +08:00
|
|
|
self.2 = None;
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn is_secured(&self) -> bool {
|
2022-01-02 22:55:33 +08:00
|
|
|
self.2.is_some()
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[inline]
|
|
|
|
|
pub async fn send(&mut self, msg: &impl Message) -> ResultType<()> {
|
|
|
|
|
self.send_raw(msg.write_to_bytes()?).await
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[inline]
|
|
|
|
|
pub async fn send_raw(&mut self, msg: Vec<u8>) -> ResultType<()> {
|
|
|
|
|
let mut msg = msg;
|
2022-01-02 22:55:33 +08:00
|
|
|
if let Some(key) = self.2.as_mut() {
|
2023-05-14 18:17:02 +08:00
|
|
|
msg = key.enc(&msg);
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
2021-12-24 19:13:11 +08:00
|
|
|
self.send_bytes(bytes::Bytes::from(msg)).await?;
|
2021-03-29 15:59:14 +08:00
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-24 19:13:11 +08:00
|
|
|
#[inline]
|
2021-03-29 15:59:14 +08:00
|
|
|
pub async fn send_bytes(&mut self, bytes: Bytes) -> ResultType<()> {
|
2022-01-02 22:55:33 +08:00
|
|
|
if self.3 > 0 {
|
|
|
|
|
super::timeout(self.3, self.0.send(bytes)).await??;
|
2021-12-24 19:13:11 +08:00
|
|
|
} else {
|
|
|
|
|
self.0.send(bytes).await?;
|
|
|
|
|
}
|
2021-03-29 15:59:14 +08:00
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[inline]
|
|
|
|
|
pub async fn next(&mut self) -> Option<Result<BytesMut, Error>> {
|
|
|
|
|
let mut res = self.0.next().await;
|
2023-05-14 18:17:02 +08:00
|
|
|
if let Some(Ok(bytes)) = res.as_mut() {
|
|
|
|
|
if let Some(key) = self.2.as_mut() {
|
|
|
|
|
if let Err(err) = key.dec(bytes) {
|
|
|
|
|
return Some(Err(err));
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
res
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[inline]
|
|
|
|
|
pub async fn next_timeout(&mut self, ms: u64) -> Option<Result<BytesMut, Error>> {
|
|
|
|
|
if let Ok(res) = super::timeout(ms, self.next()).await {
|
|
|
|
|
res
|
|
|
|
|
} else {
|
|
|
|
|
None
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn set_key(&mut self, key: Key) {
|
2023-05-14 18:17:02 +08:00
|
|
|
self.2 = Some(Encrypt::new(key));
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn get_nonce(seqnum: u64) -> Nonce {
|
|
|
|
|
let mut nonce = Nonce([0u8; secretbox::NONCEBYTES]);
|
2021-06-25 19:42:51 +08:00
|
|
|
nonce.0[..std::mem::size_of_val(&seqnum)].copy_from_slice(&seqnum.to_le_bytes());
|
2021-03-29 15:59:14 +08:00
|
|
|
nonce
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-25 19:42:51 +08:00
|
|
|
const DEFAULT_BACKLOG: u32 = 128;
|
2021-03-29 15:59:14 +08:00
|
|
|
|
|
|
|
|
pub async fn new_listener<T: ToSocketAddrs>(addr: T, reuse: bool) -> ResultType<TcpListener> {
|
|
|
|
|
if !reuse {
|
|
|
|
|
Ok(TcpListener::bind(addr).await?)
|
|
|
|
|
} else {
|
2023-01-27 11:42:08 +08:00
|
|
|
let addr = lookup_host(&addr)
|
|
|
|
|
.await?
|
|
|
|
|
.next()
|
|
|
|
|
.context("could not resolve to any address")?;
|
|
|
|
|
new_socket(addr, true)?
|
|
|
|
|
.listen(DEFAULT_BACKLOG)
|
|
|
|
|
.map_err(anyhow::Error::msg)
|
2021-03-29 15:59:14 +08:00
|
|
|
}
|
|
|
|
|
}
|
2022-01-02 22:55:33 +08:00
|
|
|
|
2023-01-04 18:35:31 +08:00
|
|
|
pub async fn listen_any(port: u16) -> ResultType<TcpListener> {
|
|
|
|
|
if let Ok(mut socket) = TcpSocket::new_v6() {
|
|
|
|
|
#[cfg(unix)]
|
|
|
|
|
{
|
2023-06-27 15:20:32 +08:00
|
|
|
socket.set_reuseport(true).ok();
|
|
|
|
|
socket.set_reuseaddr(true).ok();
|
2023-01-04 18:35:31 +08:00
|
|
|
use std::os::unix::io::{FromRawFd, IntoRawFd};
|
|
|
|
|
let raw_fd = socket.into_raw_fd();
|
|
|
|
|
let sock2 = unsafe { socket2::Socket::from_raw_fd(raw_fd) };
|
|
|
|
|
sock2.set_only_v6(false).ok();
|
|
|
|
|
socket = unsafe { TcpSocket::from_raw_fd(sock2.into_raw_fd()) };
|
|
|
|
|
}
|
|
|
|
|
#[cfg(windows)]
|
|
|
|
|
{
|
|
|
|
|
use std::os::windows::prelude::{FromRawSocket, IntoRawSocket};
|
|
|
|
|
let raw_socket = socket.into_raw_socket();
|
|
|
|
|
let sock2 = unsafe { socket2::Socket::from_raw_socket(raw_socket) };
|
|
|
|
|
sock2.set_only_v6(false).ok();
|
|
|
|
|
socket = unsafe { TcpSocket::from_raw_socket(sock2.into_raw_socket()) };
|
|
|
|
|
}
|
|
|
|
|
if socket
|
|
|
|
|
.bind(SocketAddr::new(IpAddr::V6(Ipv6Addr::UNSPECIFIED), port))
|
|
|
|
|
.is_ok()
|
|
|
|
|
{
|
|
|
|
|
if let Ok(l) = socket.listen(DEFAULT_BACKLOG) {
|
|
|
|
|
return Ok(l);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-06-27 15:20:32 +08:00
|
|
|
Ok(new_socket(
|
|
|
|
|
SocketAddr::new(IpAddr::V4(Ipv4Addr::UNSPECIFIED), port),
|
|
|
|
|
true,
|
|
|
|
|
)?
|
|
|
|
|
.listen(DEFAULT_BACKLOG)?)
|
2023-01-04 18:35:31 +08:00
|
|
|
}
|
|
|
|
|
|
2022-01-02 22:55:33 +08:00
|
|
|
impl Unpin for DynTcpStream {}
|
|
|
|
|
|
|
|
|
|
impl AsyncRead for DynTcpStream {
|
|
|
|
|
fn poll_read(
|
|
|
|
|
mut self: Pin<&mut Self>,
|
|
|
|
|
cx: &mut Context<'_>,
|
|
|
|
|
buf: &mut ReadBuf<'_>,
|
|
|
|
|
) -> Poll<io::Result<()>> {
|
|
|
|
|
AsyncRead::poll_read(Pin::new(&mut self.0), cx, buf)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl AsyncWrite for DynTcpStream {
|
|
|
|
|
fn poll_write(
|
|
|
|
|
mut self: Pin<&mut Self>,
|
|
|
|
|
cx: &mut Context<'_>,
|
|
|
|
|
buf: &[u8],
|
|
|
|
|
) -> Poll<io::Result<usize>> {
|
|
|
|
|
AsyncWrite::poll_write(Pin::new(&mut self.0), cx, buf)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
|
|
|
|
AsyncWrite::poll_flush(Pin::new(&mut self.0), cx)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
|
|
|
|
AsyncWrite::poll_shutdown(Pin::new(&mut self.0), cx)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl<R: AsyncRead + AsyncWrite + Unpin> TcpStreamTrait for R {}
|
2023-05-14 18:17:02 +08:00
|
|
|
|
|
|
|
|
impl Encrypt {
|
|
|
|
|
pub fn new(key: Key) -> Self {
|
|
|
|
|
Self(key, 0, 0)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn dec(&mut self, bytes: &mut BytesMut) -> Result<(), Error> {
|
2024-01-10 11:48:23 +08:00
|
|
|
if bytes.len() <= 1 {
|
2024-01-09 22:41:11 +08:00
|
|
|
return Ok(());
|
|
|
|
|
}
|
2023-05-14 18:17:02 +08:00
|
|
|
self.2 += 1;
|
|
|
|
|
let nonce = FramedStream::get_nonce(self.2);
|
|
|
|
|
match secretbox::open(bytes, &nonce, &self.0) {
|
|
|
|
|
Ok(res) => {
|
|
|
|
|
bytes.clear();
|
|
|
|
|
bytes.put_slice(&res);
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
Err(()) => Err(Error::new(ErrorKind::Other, "decryption error")),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn enc(&mut self, data: &[u8]) -> Vec<u8> {
|
|
|
|
|
self.1 += 1;
|
|
|
|
|
let nonce = FramedStream::get_nonce(self.1);
|
|
|
|
|
secretbox::seal(&data, &nonce, &self.0)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn decode(
|
|
|
|
|
symmetric_data: &[u8],
|
|
|
|
|
their_pk_b: &[u8],
|
|
|
|
|
our_sk_b: &box_::SecretKey,
|
|
|
|
|
) -> ResultType<Key> {
|
2023-05-16 14:40:33 +08:00
|
|
|
if their_pk_b.len() != box_::PUBLICKEYBYTES {
|
|
|
|
|
anyhow::bail!("Handshake failed: pk length {}", their_pk_b.len());
|
|
|
|
|
}
|
2023-05-14 18:17:02 +08:00
|
|
|
let nonce = box_::Nonce([0u8; box_::NONCEBYTES]);
|
|
|
|
|
let mut pk_ = [0u8; box_::PUBLICKEYBYTES];
|
|
|
|
|
pk_[..].copy_from_slice(their_pk_b);
|
|
|
|
|
let their_pk_b = box_::PublicKey(pk_);
|
|
|
|
|
let symmetric_key = box_::open(symmetric_data, &nonce, &their_pk_b, &our_sk_b)
|
|
|
|
|
.map_err(|_| anyhow::anyhow!("Handshake failed: box decryption failure"))?;
|
|
|
|
|
if symmetric_key.len() != secretbox::KEYBYTES {
|
|
|
|
|
anyhow::bail!("Handshake failed: invalid secret key length from peer");
|
|
|
|
|
}
|
|
|
|
|
let mut key = [0u8; secretbox::KEYBYTES];
|
|
|
|
|
key[..].copy_from_slice(&symmetric_key);
|
|
|
|
|
Ok(Key(key))
|
|
|
|
|
}
|
|
|
|
|
}
|
