Documentation
¶
Index ¶
Constants ¶
const MaxCapacity = 20_000
MaxCapacity is the largest allowed size of ReplayCache.
Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.
const ServerSaltMarkLen = 4 // Must be less than or equal to SHA1.Size()
ServerSaltMarkLen is the number of bytes of salt to use as a marker. Increasing this value reduces the false positive rate, but increases the likelihood of salt collisions.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CipherEntry ¶
type CipherEntry struct {
ID string
Cipher *ss.Cipher
SaltGenerator ServerSaltGenerator
// contains filtered or unexported fields
}
CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.
func MakeCipherEntry ¶
func MakeCipherEntry(id string, cipher *ss.Cipher, secret string) CipherEntry
MakeCipherEntry constructs a CipherEntry.
type CipherList ¶
type CipherList interface {
// Returns a snapshot of the cipher list optimized for this client IP
SnapshotForClientIP(clientIP net.IP) []*list.Element
MarkUsedByClientIP(e *list.Element, clientIP net.IP)
// Update replaces the current contents of the CipherList with `contents`,
// which is a List of *CipherEntry. Update takes ownership of `contents`,
// which must not be read or written after this call.
Update(contents *list.List)
}
CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.
func MakeTestCiphers ¶
func MakeTestCiphers(secrets []string) (CipherList, error)
MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.
type ReplayCache ¶
type ReplayCache struct {
// contains filtered or unexported fields
}
ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).
The nil and zero values represent a cache with capacity 0, i.e. no cache.
func NewReplayCache ¶
func NewReplayCache(capacity int) ReplayCache
NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.
type ServerSaltGenerator ¶
type ServerSaltGenerator interface {
ss.SaltGenerator
// IsServerSalt returns true if the salt was created by this generator
// and is marked as server-originated.
IsServerSalt(salt []byte) bool
}
ServerSaltGenerator offers the ability to check if a salt was marked as server-originated.
var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}
RandomServerSaltGenerator is a basic ServerSaltGenerator.
func NewServerSaltGenerator ¶
func NewServerSaltGenerator(secret string) ServerSaltGenerator
NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.
type TCPService ¶
type TCPService interface {
// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
// Serve adopts the listener, which will be closed before Serve returns. Serve returns an error unless Stop() was called.
Serve(listener *net.TCPListener) error
// Stop closes the listener but does not interfere with existing connections.
Stop() error
// GracefulStop calls Stop(), and then blocks until all resources have been cleaned up.
GracefulStop() error
}
TCPService is a Shadowsocks TCP service that can be started and stopped.
func NewTCPService ¶
func NewTCPService(ciphers CipherList, replayCache *ReplayCache, m metrics.ShadowsocksMetrics, timeout time.Duration) TCPService
NewTCPService creates a TCPService `replayCache` is a pointer to SSServer.replayCache, to share the cache among all ports.
type UDPService ¶
type UDPService interface {
// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
// Serve adopts the clientConn, and will not return until it is closed by Stop().
Serve(clientConn net.PacketConn) error
// Stop closes the clientConn and prevents further forwarding of packets.
Stop() error
// GracefulStop calls Stop(), and then blocks until all resources have been cleaned up.
GracefulStop() error
}
UDPService is a running UDP shadowsocks proxy that can be stopped.
func NewUDPService ¶
func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics) UDPService
NewUDPService creates a UDPService
Source Files
Directories