service

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const MaxCapacity = 20_000

MaxCapacity is the largest allowed size of ReplayCache.

Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.

Variables

This section is empty.

Functions

func StreamServe

func StreamServe(accept StreamListener, handle StreamHandler)

StreamServe repeatedly calls `accept` to obtain connections and `handle` to handle them until accept() returns [ErrClosed]. When that happens, all connection handlers will be notified via their context.Context. StreamServe will return after all pending handlers return.

Types

type CipherEntry

type CipherEntry struct {
	ID            string
	CryptoKey     *shadowsocks.EncryptionKey
	SaltGenerator ServerSaltGenerator
	// contains filtered or unexported fields
}

CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.

func MakeCipherEntry

func MakeCipherEntry(id string, cryptoKey *shadowsocks.EncryptionKey, secret string) CipherEntry

MakeCipherEntry constructs a CipherEntry.

type CipherList

type CipherList interface {
	// Returns a snapshot of the cipher list optimized for this client IP
	SnapshotForClientIP(clientIP netip.Addr) []*list.Element
	MarkUsedByClientIP(e *list.Element, clientIP netip.Addr)
	// Update replaces the current contents of the CipherList with `contents`,
	// which is a List of *CipherEntry.  Update takes ownership of `contents`,
	// which must not be read or written after this call.
	Update(contents *list.List)
}

CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.

func MakeTestCiphers

func MakeTestCiphers(secrets []string) (CipherList, error)

MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.

func NewCipherList

func NewCipherList() CipherList

NewCipherList creates an empty CipherList

type NoOpTCPMetrics

type NoOpTCPMetrics struct{}

NoOpTCPMetrics is a TCPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpTCPMetrics) AddAuthenticatedTCPConnection

func (m *NoOpTCPMetrics) AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)

func (*NoOpTCPMetrics) AddClosedTCPConnection

func (m *NoOpTCPMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, data metrics.ProxyMetrics, duration time.Duration)

func (*NoOpTCPMetrics) AddOpenTCPConnection

func (m *NoOpTCPMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo)

func (*NoOpTCPMetrics) AddTCPCipherSearch

func (m *NoOpTCPMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)

func (*NoOpTCPMetrics) AddTCPProbe

func (m *NoOpTCPMetrics) AddTCPProbe(status, drainResult string, listenerId string, clientProxyBytes int64)

func (*NoOpTCPMetrics) GetIPInfo

func (m *NoOpTCPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)

type NoOpUDPMetrics

type NoOpUDPMetrics struct{}

NoOpUDPMetrics is a UDPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpUDPMetrics) AddUDPCipherSearch

func (m *NoOpUDPMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)

func (*NoOpUDPMetrics) AddUDPNatEntry

func (m *NoOpUDPMetrics) AddUDPNatEntry(clientAddr net.Addr, accessKey string)

func (*NoOpUDPMetrics) AddUDPPacketFromClient

func (m *NoOpUDPMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)

func (*NoOpUDPMetrics) AddUDPPacketFromTarget

func (m *NoOpUDPMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)

func (*NoOpUDPMetrics) GetIPInfo

func (m *NoOpUDPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)

func (*NoOpUDPMetrics) RemoveUDPNatEntry

func (m *NoOpUDPMetrics) RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)

type PacketHandler

type PacketHandler interface {
	// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
	SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
	// Handle returns after clientConn closes and all the sub goroutines return.
	Handle(clientConn net.PacketConn)
}

PacketHandler is a running UDP shadowsocks proxy that can be stopped.

func NewPacketHandler

func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics) PacketHandler

NewPacketHandler creates a UDPService

type ReplayCache

type ReplayCache struct {
	// contains filtered or unexported fields
}

ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).

The nil and zero values represent a cache with capacity 0, i.e. no cache.

func NewReplayCache

func NewReplayCache(capacity int) ReplayCache

NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.

func (*ReplayCache) Add

func (c *ReplayCache) Add(id string, salt []byte) bool

Add a handshake with this key ID and salt to the cache. Returns false if it is already present.

type ServerSaltGenerator

type ServerSaltGenerator interface {
	ss.SaltGenerator
	// IsServerSalt returns true if the salt was created by this generator
	// and is marked as server-originated.
	IsServerSalt(salt []byte) bool
}

ServerSaltGenerator offers the ability to check if a salt was marked as server-originated.

var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}

RandomServerSaltGenerator is a basic ServerSaltGenerator.

func NewServerSaltGenerator

func NewServerSaltGenerator(secret string) ServerSaltGenerator

NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.

type ShadowsocksTCPMetrics

type ShadowsocksTCPMetrics interface {
	// Shadowsocks TCP metrics
	AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

ShadowsocksTCPMetrics is used to report Shadowsocks metrics on TCP connections.

type StreamAuthenticateFunc

type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError)

func NewShadowsocksStreamAuthenticator

func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksTCPMetrics, sessionCounter map[string]int, maxSessions int) StreamAuthenticateFunc

NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks. TODO(fortuna): Offer alternative transports.

type StreamHandler

type StreamHandler func(ctx context.Context, conn transport.StreamConn)

type StreamListener

type StreamListener func() (transport.StreamConn, error)

func WrapStreamListener

func WrapStreamListener[T transport.StreamConn](f func() (T, error)) StreamListener

type TCPHandler

type TCPHandler interface {
	Handle(ctx context.Context, conn transport.StreamConn)
	// SetTargetDialer sets the [transport.StreamDialer] to be used to connect to target addresses.
	SetTargetDialer(dialer transport.StreamDialer)
}

TCPService is a Shadowsocks TCP service that can be started and stopped.

func NewTCPHandler

func NewTCPHandler(authenticate StreamAuthenticateFunc, m TCPMetrics, timeout time.Duration, sessionCounter map[string]int) TCPHandler

NewTCPService creates a TCPService

type TCPMetrics

type TCPMetrics interface {
	ipinfo.IPInfoMap

	// TCP metrics
	AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
	AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)
	AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, data metrics.ProxyMetrics, duration time.Duration)
	AddTCPProbe(status, drainResult string, listenerId string, clientProxyBytes int64)
}

TCPMetrics is used to report metrics on TCP connections.

type UDPMetrics

type UDPMetrics interface {
	ipinfo.IPInfoMap

	// UDP metrics
	AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)
	AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)
	AddUDPNatEntry(clientAddr net.Addr, accessKey string)
	RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)

	// Shadowsocks metrics
	AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

UDPMetrics is used to report metrics on UDP connections.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL