service

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const MaxCapacity = 20_000

MaxCapacity is the largest allowed size of ReplayCache.

Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.

Variables

This section is empty.

Functions

func StreamServe 

func StreamServe(accept StreamAcceptFunc, handle StreamHandleFunc)

StreamServe repeatedly calls `accept` to obtain connections and `handle` to handle them until accept() returns [ErrClosed]. When that happens, all connection handlers will be notified via their context.Context. StreamServe will return after all pending handlers return.

Types

type CipherEntry 

type CipherEntry struct {
	ID            string
	CryptoKey     *shadowsocks.EncryptionKey
	SaltGenerator ServerSaltGenerator
	// contains filtered or unexported fields
}

CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.

func MakeCipherEntry 

func MakeCipherEntry(id string, cryptoKey *shadowsocks.EncryptionKey, secret string) CipherEntry

MakeCipherEntry constructs a CipherEntry.

type CipherList 

type CipherList interface {
	// Returns a snapshot of the cipher list optimized for this client IP
	SnapshotForClientIP(clientIP netip.Addr) []*list.Element
	MarkUsedByClientIP(e *list.Element, clientIP netip.Addr)
	// Update replaces the current contents of the CipherList with `contents`,
	// which is a List of *CipherEntry.  Update takes ownership of `contents`,
	// which must not be read or written after this call.
	Update(contents *list.List)
}

CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.

func MakeTestCiphers 

func MakeTestCiphers(secrets []string) (CipherList, error)

MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.

func NewCipherList 

func NewCipherList() CipherList

NewCipherList creates an empty CipherList

type Listener 

type Listener = io.Closer

The implementations of listeners for different network types are not interchangeable. The type of listener depends on the network type.

type ListenerManager 

type ListenerManager interface {
	// ListenStream creates a new stream listener for a given address.
	ListenStream(addr string) (StreamListener, error)

	// ListenPacket creates a new packet listener for a given address.
	ListenPacket(addr string) (net.PacketConn, error)
}

ListenerManager holds the state of shared listeners.

func NewListenerManager 

func NewListenerManager() ListenerManager

NewListenerManager creates a new [ListenerManger].

type MultiListener 

type MultiListener[T Listener] interface {
	// Acquire creates a new listener from the shared listener. Listeners can overlap
	// one another (e.g. during config changes the new config is started before the
	// old config is destroyed), which is done by creating virtual listeners that wrap
	// the shared listener. These virtual listeners do not actually close the
	// underlying socket until all uses of the shared listener have been closed.
	Acquire() (T, error)
}

MultiListener manages shared listeners.

func NewMultiPacketListener 

func NewMultiPacketListener(addr string, onCloseFunc OnCloseFunc) MultiListener[net.PacketConn]

NewMultiPacketListener creates a new packet-based MultiListener.

func NewMultiStreamListener 

func NewMultiStreamListener(addr string, onCloseFunc OnCloseFunc) MultiListener[StreamListener]

NewMultiStreamListener creates a new stream-based MultiListener.

type NoOpTCPConnMetrics 

type NoOpTCPConnMetrics struct{}

NoOpTCPConnMetrics is a TCPConnMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpTCPConnMetrics) AddAuthenticated 

func (m *NoOpTCPConnMetrics) AddAuthenticated(accessKey string)

func (*NoOpTCPConnMetrics) AddClosed 

func (m *NoOpTCPConnMetrics) AddClosed(status string, data metrics.ProxyMetrics, duration time.Duration)

func (*NoOpTCPConnMetrics) AddProbe 

func (m *NoOpTCPConnMetrics) AddProbe(status, drainResult string, clientProxyBytes int64)

type NoOpUDPConnMetrics 

type NoOpUDPConnMetrics struct{}

NoOpUDPConnMetrics is a UDPConnMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpUDPConnMetrics) AddPacketFromClient 

func (m *NoOpUDPConnMetrics) AddPacketFromClient(status string, clientProxyBytes, proxyTargetBytes int64)

func (*NoOpUDPConnMetrics) AddPacketFromTarget 

func (m *NoOpUDPConnMetrics) AddPacketFromTarget(status string, targetProxyBytes, proxyClientBytes int64)

func (*NoOpUDPConnMetrics) RemoveNatEntry 

func (m *NoOpUDPConnMetrics) RemoveNatEntry()

type NoOpUDPMetrics 

type NoOpUDPMetrics struct{}

NoOpUDPMetrics is a UDPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpUDPMetrics) AddUDPNatEntry 

func (m *NoOpUDPMetrics) AddUDPNatEntry(clientAddr net.Addr, accessKey string) UDPConnMetrics

type OnCloseFunc 

type OnCloseFunc func() error

type PacketHandler 

type PacketHandler interface {
	// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
	SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
	// Handle returns after clientConn closes and all the sub goroutines return.
	Handle(clientConn net.PacketConn)
}

PacketHandler is a running UDP shadowsocks proxy that can be stopped.

func NewPacketHandler 

func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics, ssMetrics ShadowsocksConnMetrics) PacketHandler

NewPacketHandler creates a UDPService

type ReplayCache 

type ReplayCache struct {
	// contains filtered or unexported fields
}

ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).

The nil and zero values represent a cache with capacity 0, i.e. no cache.

func NewReplayCache 

func NewReplayCache(capacity int) ReplayCache

NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.

func (*ReplayCache) Add 

func (c *ReplayCache) Add(id string, salt []byte) bool

Add a handshake with this key ID and salt to the cache. Returns false if it is already present.

type ServerSaltGenerator 

type ServerSaltGenerator interface {
	ss.SaltGenerator
	// IsServerSalt returns true if the salt was created by this generator
	// and is marked as server-originated.
	IsServerSalt(salt []byte) bool
}

ServerSaltGenerator offers the ability to check if a salt was marked as server-originated. 

var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}

RandomServerSaltGenerator is a basic ServerSaltGenerator.

func NewServerSaltGenerator 

func NewServerSaltGenerator(secret string) ServerSaltGenerator

NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.

type ShadowsocksConnMetrics 

type ShadowsocksConnMetrics interface {
	AddCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

ShadowsocksConnMetrics is used to report Shadowsocks related metrics on connections.

type StreamAcceptFunc 

type StreamAcceptFunc func() (transport.StreamConn, error)

func WrapStreamAcceptFunc 

func WrapStreamAcceptFunc[T transport.StreamConn](f func() (T, error)) StreamAcceptFunc

type StreamAuthenticateFunc 

type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError)

func NewShadowsocksStreamAuthenticator 

func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksConnMetrics) StreamAuthenticateFunc

NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks. TODO(fortuna): Offer alternative transports.

type StreamHandleFunc 

type StreamHandleFunc func(ctx context.Context, conn transport.StreamConn)

type StreamHandler 

type StreamHandler interface {
	Handle(ctx context.Context, conn transport.StreamConn, connMetrics TCPConnMetrics)
	// SetTargetDialer sets the [transport.StreamDialer] to be used to connect to target addresses.
	SetTargetDialer(dialer transport.StreamDialer)
}

StreamHandler is a handler that handles stream connections.

func NewStreamHandler 

func NewStreamHandler(authenticate StreamAuthenticateFunc, timeout time.Duration) StreamHandler

NewStreamHandler creates a StreamHandler

type StreamListener 

type StreamListener interface {
	// Accept waits for and returns the next connection to the listener.
	AcceptStream() (transport.StreamConn, error)

	// Close closes the listener.
	// Any blocked Accept operations will be unblocked and return errors. This
	// stops the current listener from accepting new connections without closing
	// the underlying socket. Only when the last user of the underlying socket
	// closes it, do we actually close it.
	Close() error

	// Addr returns the listener's network address.
	Addr() net.Addr
}

StreamListener is a network listener for stream-oriented protocols that accepts transport.StreamConn connections.

type TCPConnMetrics 

type TCPConnMetrics interface {
	AddAuthenticated(accessKey string)
	AddClosed(status string, data metrics.ProxyMetrics, duration time.Duration)
	AddProbe(status, drainResult string, clientProxyBytes int64)
}

TCPConnMetrics is used to report metrics on TCP connections.

type TCPListener 

type TCPListener struct {
	// contains filtered or unexported fields
}

func (*TCPListener) AcceptStream 

func (t *TCPListener) AcceptStream() (transport.StreamConn, error)

func (*TCPListener) Addr 

func (t *TCPListener) Addr() net.Addr

func (*TCPListener) Close 

func (t *TCPListener) Close() error

type UDPConnMetrics 

type UDPConnMetrics interface {
	AddPacketFromClient(status string, clientProxyBytes, proxyTargetBytes int64)
	AddPacketFromTarget(status string, targetProxyBytes, proxyClientBytes int64)
	RemoveNatEntry()
}

UDPConnMetrics is used to report metrics on UDP connections.

type UDPMetrics 

type UDPMetrics interface {
	AddUDPNatEntry(clientAddr net.Addr, accessKey string) UDPConnMetrics
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.