Documentation ¶
Index ¶
- Constants
- func StreamServe(accept StreamListener, handle StreamHandler)
- type CipherEntry
- type CipherList
- type NoOpTCPMetrics
- func (m *NoOpTCPMetrics) AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)
- func (m *NoOpTCPMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, ...)
- func (m *NoOpTCPMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
- func (m *NoOpTCPMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
- func (m *NoOpTCPMetrics) AddTCPProbe(status, drainResult string, listenerId string, clientProxyBytes int64)
- func (m *NoOpTCPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)
- type NoOpUDPMetrics
- func (m *NoOpUDPMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
- func (m *NoOpUDPMetrics) AddUDPNatEntry(clientAddr net.Addr, accessKey string)
- func (m *NoOpUDPMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, ...)
- func (m *NoOpUDPMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, ...)
- func (m *NoOpUDPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)
- func (m *NoOpUDPMetrics) RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)
- type PacketHandler
- type ReplayCache
- type ServerSaltGenerator
- type ShadowsocksTCPMetrics
- type StreamAuthenticateFunc
- type StreamHandler
- type StreamListener
- type TCPHandler
- type TCPMetrics
- type UDPMetrics
Constants ¶
const MaxCapacity = 20_000
MaxCapacity is the largest allowed size of ReplayCache.
Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.
Variables ¶
This section is empty.
Functions ¶
func StreamServe ¶
func StreamServe(accept StreamListener, handle StreamHandler)
StreamServe repeatedly calls `accept` to obtain connections and `handle` to handle them until accept() returns [ErrClosed]. When that happens, all connection handlers will be notified via their context.Context. StreamServe will return after all pending handlers return.
Types ¶
type CipherEntry ¶
type CipherEntry struct { ID string CryptoKey *shadowsocks.EncryptionKey SaltGenerator ServerSaltGenerator // contains filtered or unexported fields }
CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.
func MakeCipherEntry ¶
func MakeCipherEntry(id string, cryptoKey *shadowsocks.EncryptionKey, secret string) CipherEntry
MakeCipherEntry constructs a CipherEntry.
type CipherList ¶
type CipherList interface { // Returns a snapshot of the cipher list optimized for this client IP SnapshotForClientIP(clientIP netip.Addr) []*list.Element MarkUsedByClientIP(e *list.Element, clientIP netip.Addr) // Update replaces the current contents of the CipherList with `contents`, // which is a List of *CipherEntry. Update takes ownership of `contents`, // which must not be read or written after this call. Update(contents *list.List) }
CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.
func MakeTestCiphers ¶
func MakeTestCiphers(secrets []string) (CipherList, error)
MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.
type NoOpTCPMetrics ¶
type NoOpTCPMetrics struct{}
NoOpTCPMetrics is a TCPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.
func (*NoOpTCPMetrics) AddAuthenticatedTCPConnection ¶
func (m *NoOpTCPMetrics) AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)
func (*NoOpTCPMetrics) AddClosedTCPConnection ¶
func (*NoOpTCPMetrics) AddOpenTCPConnection ¶
func (m *NoOpTCPMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
func (*NoOpTCPMetrics) AddTCPCipherSearch ¶
func (m *NoOpTCPMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
func (*NoOpTCPMetrics) AddTCPProbe ¶
func (m *NoOpTCPMetrics) AddTCPProbe(status, drainResult string, listenerId string, clientProxyBytes int64)
type NoOpUDPMetrics ¶
type NoOpUDPMetrics struct{}
NoOpUDPMetrics is a UDPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.
func (*NoOpUDPMetrics) AddUDPCipherSearch ¶
func (m *NoOpUDPMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
func (*NoOpUDPMetrics) AddUDPNatEntry ¶
func (m *NoOpUDPMetrics) AddUDPNatEntry(clientAddr net.Addr, accessKey string)
func (*NoOpUDPMetrics) AddUDPPacketFromClient ¶
func (m *NoOpUDPMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)
func (*NoOpUDPMetrics) AddUDPPacketFromTarget ¶
func (m *NoOpUDPMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)
func (*NoOpUDPMetrics) RemoveUDPNatEntry ¶
func (m *NoOpUDPMetrics) RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)
type PacketHandler ¶
type PacketHandler interface { // SetTargetIPValidator sets the function to be used to validate the target IP addresses. SetTargetIPValidator(targetIPValidator onet.TargetIPValidator) // Handle returns after clientConn closes and all the sub goroutines return. Handle(clientConn net.PacketConn) }
PacketHandler is a running UDP shadowsocks proxy that can be stopped.
func NewPacketHandler ¶
func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics) PacketHandler
NewPacketHandler creates a UDPService
type ReplayCache ¶
type ReplayCache struct {
// contains filtered or unexported fields
}
ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).
The nil and zero values represent a cache with capacity 0, i.e. no cache.
func NewReplayCache ¶
func NewReplayCache(capacity int) ReplayCache
NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.
type ServerSaltGenerator ¶
type ServerSaltGenerator interface { ss.SaltGenerator // IsServerSalt returns true if the salt was created by this generator // and is marked as server-originated. IsServerSalt(salt []byte) bool }
ServerSaltGenerator offers the ability to check if a salt was marked as server-originated.
var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}
RandomServerSaltGenerator is a basic ServerSaltGenerator.
func NewServerSaltGenerator ¶
func NewServerSaltGenerator(secret string) ServerSaltGenerator
NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.
type ShadowsocksTCPMetrics ¶
type ShadowsocksTCPMetrics interface { // Shadowsocks TCP metrics AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) }
ShadowsocksTCPMetrics is used to report Shadowsocks metrics on TCP connections.
type StreamAuthenticateFunc ¶
type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError)
func NewShadowsocksStreamAuthenticator ¶
func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksTCPMetrics, sessionCounter map[string]int, maxSessions int) StreamAuthenticateFunc
NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks. TODO(fortuna): Offer alternative transports.
type StreamHandler ¶
type StreamHandler func(ctx context.Context, conn transport.StreamConn)
type StreamListener ¶
type StreamListener func() (transport.StreamConn, error)
func WrapStreamListener ¶
func WrapStreamListener[T transport.StreamConn](f func() (T, error)) StreamListener
type TCPHandler ¶
type TCPHandler interface { Handle(ctx context.Context, conn transport.StreamConn) // SetTargetDialer sets the [transport.StreamDialer] to be used to connect to target addresses. SetTargetDialer(dialer transport.StreamDialer) }
TCPService is a Shadowsocks TCP service that can be started and stopped.
func NewTCPHandler ¶
func NewTCPHandler(authenticate StreamAuthenticateFunc, m TCPMetrics, timeout time.Duration, sessionCounter map[string]int) TCPHandler
NewTCPService creates a TCPService
type TCPMetrics ¶
type TCPMetrics interface { ipinfo.IPInfoMap // TCP metrics AddOpenTCPConnection(clientInfo ipinfo.IPInfo) AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, data metrics.ProxyMetrics, duration time.Duration) AddTCPProbe(status, drainResult string, listenerId string, clientProxyBytes int64) }
TCPMetrics is used to report metrics on TCP connections.
type UDPMetrics ¶
type UDPMetrics interface { ipinfo.IPInfoMap // UDP metrics AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int) AddUDPNatEntry(clientAddr net.Addr, accessKey string) RemoveUDPNatEntry(clientAddr net.Addr, accessKey string) // Shadowsocks metrics AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration) }
UDPMetrics is used to report metrics on UDP connections.