409 lines
13 KiB
C
409 lines
13 KiB
C
/*
|
|
* socks5 proxy server
|
|
*
|
|
* @build: make examples
|
|
*
|
|
* @proxy_server bin/socks5_proxy_server 1080
|
|
* bin/socks5_proxy_server 1080 username password
|
|
*
|
|
* @proxy_client curl -v http://www.example.com/ --proxy socks5://127.0.0.1:1080
|
|
* curl -v http://www.example.com/ --proxy socks5://username:password@127.0.0.1:1080
|
|
*
|
|
*/
|
|
|
|
#include "hv.h"
|
|
#include "hloop.h"
|
|
|
|
static char proxy_host[64] = "0.0.0.0";
|
|
static int proxy_port = 1080;
|
|
|
|
static const char* auth_username = NULL;
|
|
static const char* auth_password = NULL;
|
|
|
|
#define SOCKS5_VERSION ((uint8_t)5)
|
|
|
|
#define SOCKS5_AUTH_VERSION ((uint8_t)1)
|
|
#define SOCKS5_AUTH_SUCCESS ((uint8_t)0)
|
|
#define SOCKS5_AUTH_FAILURE ((uint8_t)1)
|
|
|
|
typedef enum {
|
|
NoAuth = 0,
|
|
GssApiAuth = 1,
|
|
UserPassAuth = 2,
|
|
} socks5_auth_method;
|
|
|
|
typedef enum {
|
|
ConnectCommand = 1,
|
|
BindCommand = 2,
|
|
AssociateCommand= 3,
|
|
} socks5_command;
|
|
|
|
typedef enum {
|
|
IPv4Addr = 1,
|
|
FqdnAddr = 3,
|
|
IPv6Addr = 4,
|
|
} socks5_addr_type;
|
|
|
|
typedef enum {
|
|
SuccessReply = 0,
|
|
ServerFailure = 1,
|
|
RuleFailure = 2,
|
|
NetworkUnreachable = 3,
|
|
HostUnreachable = 4,
|
|
ConnectRefused = 5,
|
|
TtlExpired = 6,
|
|
CommandNotSupported = 7,
|
|
AddrTypeNotSupported= 8,
|
|
} socks5_reply_code;
|
|
|
|
typedef enum {
|
|
s_begin,
|
|
s_auth_methods_count,
|
|
s_auth_methods,
|
|
s_auth_username_len,
|
|
s_auth_username,
|
|
s_auth_password_len,
|
|
s_auth_password,
|
|
s_request,
|
|
s_dst_addr_type,
|
|
s_dst_addr_len,
|
|
s_dst_addr,
|
|
s_dst_port,
|
|
s_upstream,
|
|
s_end,
|
|
} socks5_state_e;
|
|
|
|
typedef struct {
|
|
hio_t* io;
|
|
socks5_state_e state;
|
|
socks5_addr_type addr_type;
|
|
sockaddr_u addr;
|
|
} socks5_conn_t;
|
|
|
|
/*
|
|
* workflow:
|
|
* hloop_new -> hloop_create_tcp_server -> hloop_run
|
|
* on_accept -> HV_ALLOC(socks5_conn_t) -> hio_readbytes(s_auth_methods_count:2) ->
|
|
* on_recv -> hio_readbytes(s_auth_methods) ->
|
|
* on_recv -> hio_write(auth_method) -> hio_readbytes(s_auth_username_len:2) ->
|
|
* on_recv -> hio_readbytes(s_auth_username) ->
|
|
* on_recv -> hio_readbytes(s_auth_password_len:1) ->
|
|
* on_recv -> hio_readbytes(s_auth_password) -> hio_write(auth_result) ->
|
|
* on_recv -> hio_readbytes(s_request:3) ->
|
|
* on_recv -> hio_readbytes(addr_type:1) ->
|
|
* on_recv -> hio_readbytes(addr_len:1) ->
|
|
* on_recv -> hio_readbytes(addr) ->
|
|
* on_recv -> hio_readbytes(port:2) ->
|
|
* on_recv -> hio_setup_tcp_upstream(io, addr, port) ->
|
|
* on_close -> hio_close_upstream -> HV_FREE(socks5_conn_t)
|
|
*
|
|
*/
|
|
|
|
static void on_upstream_connect(hio_t* upstream_io) {
|
|
// printf("on_upstream_connect connfd=%d\n", hio_fd(upstream_io));
|
|
socks5_conn_t* conn = (socks5_conn_t*)hevent_userdata(upstream_io);
|
|
sockaddr_u* localaddr = (sockaddr_u*)hio_localaddr(upstream_io);
|
|
uint8_t resp[32] = { SOCKS5_VERSION, SuccessReply, 0, IPv4Addr, 127,0,0,1, 0,80, 0 };
|
|
int resp_len = 3;
|
|
if (localaddr->sa.sa_family == AF_INET) {
|
|
resp[resp_len++] = IPv4Addr;
|
|
memcpy(resp + resp_len, &localaddr->sin.sin_addr, 4); resp_len += 4;
|
|
memcpy(resp + resp_len, &localaddr->sin.sin_port, 2); resp_len += 2;
|
|
} else if (localaddr->sa.sa_family == AF_INET6) {
|
|
resp[resp_len++] = IPv6Addr;
|
|
memcpy(resp + resp_len, &localaddr->sin6.sin6_addr, 16); resp_len += 16;
|
|
memcpy(resp + resp_len, &localaddr->sin6.sin6_port, 2); resp_len += 2;
|
|
}
|
|
hio_write(conn->io, resp, resp_len);
|
|
hio_setcb_read(upstream_io, hio_write_upstream);
|
|
hio_setcb_read(conn->io, hio_write_upstream);
|
|
hio_read(conn->io);
|
|
hio_read(upstream_io);
|
|
}
|
|
|
|
static void on_close(hio_t* io) {
|
|
// printf("on_close fd=%d error=%d\n", hio_fd(io), hio_error(io));
|
|
socks5_conn_t* conn = (socks5_conn_t*)hevent_userdata(io);
|
|
if (conn) {
|
|
hevent_set_userdata(io, NULL);
|
|
HV_FREE(conn);
|
|
}
|
|
hio_close_upstream(io);
|
|
}
|
|
|
|
static void on_recv(hio_t* io, void* buf, int readbytes) {
|
|
socks5_conn_t* conn = (socks5_conn_t*)hevent_userdata(io);
|
|
const uint8_t* bytes = (uint8_t*)buf;
|
|
switch(conn->state) {
|
|
case s_begin:
|
|
// printf("s_begin\n");
|
|
conn->state = s_auth_methods_count;
|
|
case s_auth_methods_count:
|
|
// printf("s_auth_methods_count\n");
|
|
{
|
|
assert(readbytes == 2);
|
|
uint8_t version = bytes[0];
|
|
uint8_t methods_count = bytes[1];
|
|
if (version != SOCKS5_VERSION || methods_count == 0) {
|
|
fprintf(stderr, "Unsupprted socks version: %d\n", (int)version);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_auth_methods;
|
|
hio_readbytes(io, methods_count);
|
|
}
|
|
break;
|
|
case s_auth_methods:
|
|
// printf("s_auth_methods\n");
|
|
{
|
|
// TODO: check auth methos
|
|
uint8_t auth_method = NoAuth;
|
|
if (auth_username && auth_password) {
|
|
auth_method = UserPassAuth;
|
|
} else {
|
|
// TODO: Implement more auth methods
|
|
}
|
|
// send auth mothod
|
|
uint8_t resp[2] = { SOCKS5_VERSION, NoAuth };
|
|
resp[1] = auth_method;
|
|
hio_write(io, resp, 2);
|
|
if (auth_method == NoAuth) {
|
|
conn->state = s_request;
|
|
hio_readbytes(io, 3);
|
|
} else if (auth_method == UserPassAuth) {
|
|
conn->state = s_auth_username_len;
|
|
hio_readbytes(io, 2);
|
|
}
|
|
}
|
|
break;
|
|
case s_auth_username_len:
|
|
// printf("s_auth_username_len\n");
|
|
{
|
|
assert(readbytes == 2);
|
|
uint8_t auth_version = bytes[0];
|
|
uint8_t username_len = bytes[1];
|
|
if (auth_version != SOCKS5_AUTH_VERSION || username_len == 0) {
|
|
fprintf(stderr, "Unsupported auth version: %d\n", (int)auth_version);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_auth_username;
|
|
hio_readbytes(io, username_len);
|
|
}
|
|
break;
|
|
case s_auth_username:
|
|
// printf("s_auth_username\n");
|
|
{
|
|
char* username = (char*)bytes;
|
|
printf("username=%.*s\n", readbytes, username);
|
|
if (readbytes != strlen(auth_username) ||
|
|
strncmp(username, auth_username, readbytes) != 0) {
|
|
fprintf(stderr, "User authentication failed!\n");
|
|
uint8_t resp[2] = { SOCKS5_AUTH_VERSION, SOCKS5_AUTH_FAILURE };
|
|
hio_write(io, resp, 2);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_auth_password_len;
|
|
hio_readbytes(io, 1);
|
|
}
|
|
break;
|
|
case s_auth_password_len:
|
|
// printf("s_auth_password_len\n");
|
|
{
|
|
assert(readbytes == 1);
|
|
uint8_t password_len = bytes[0];
|
|
if (password_len == 0) {
|
|
fprintf(stderr, "Miss password\n");
|
|
uint8_t resp[2] = { SOCKS5_AUTH_VERSION, SOCKS5_AUTH_FAILURE };
|
|
hio_write(io, resp, 2);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_auth_password;
|
|
hio_readbytes(io, password_len);
|
|
}
|
|
break;
|
|
case s_auth_password:
|
|
// printf("s_auth_password\n");
|
|
{
|
|
char* password = (char*)bytes;
|
|
printf("password=%.*s\n", readbytes, password);
|
|
uint8_t resp[2] = { SOCKS5_AUTH_VERSION, SOCKS5_AUTH_SUCCESS };
|
|
if (readbytes != strlen(auth_password) ||
|
|
strncmp(password, auth_password, readbytes) != 0) {
|
|
fprintf(stderr, "User authentication failed!\n");
|
|
resp[1] = SOCKS5_AUTH_FAILURE;
|
|
hio_write(io, resp, 2);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
hio_write(io, resp, 2);
|
|
conn->state = s_request;
|
|
hio_readbytes(io, 3);
|
|
}
|
|
break;
|
|
case s_request:
|
|
// printf("s_request\n");
|
|
{
|
|
assert(readbytes == 3);
|
|
uint8_t version = bytes[0];
|
|
uint8_t cmd = bytes[1];
|
|
if (version != SOCKS5_VERSION || cmd != ConnectCommand) {
|
|
// TODO: Implement other commands
|
|
fprintf(stderr, "Unsupported command: %d\n", (int)cmd);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_dst_addr_type;
|
|
hio_readbytes(io, 1);
|
|
}
|
|
break;
|
|
case s_dst_addr_type:
|
|
// printf("s_dst_addr_type\n");
|
|
{
|
|
assert(readbytes == 1);
|
|
conn->addr_type = (socks5_addr_type)bytes[0];
|
|
if (conn->addr_type == IPv4Addr) {
|
|
conn->state = s_dst_addr;
|
|
hio_readbytes(io, 4);
|
|
} else if (conn->addr_type == FqdnAddr) {
|
|
conn->state = s_dst_addr_len;
|
|
hio_readbytes(io, 1);
|
|
} else if (conn->addr_type == IPv6Addr) {
|
|
conn->state = s_dst_addr;
|
|
hio_readbytes(io, 16);
|
|
} else {
|
|
fprintf(stderr, "Unsupported addr type: %d\n", (int)conn->addr_type);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
}
|
|
break;
|
|
case s_dst_addr_len:
|
|
// printf("s_dst_addr_len\n");
|
|
{
|
|
uint8_t addr_len = bytes[0];
|
|
if (addr_len == 0) {
|
|
fprintf(stderr, "Miss domain!\n");
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
conn->state = s_dst_addr;
|
|
hio_readbytes(io, addr_len);
|
|
}
|
|
break;
|
|
case s_dst_addr:
|
|
// printf("s_dst_addr\n");
|
|
{
|
|
if (conn->addr_type == IPv4Addr) {
|
|
assert(readbytes == 4);
|
|
conn->addr.sa.sa_family = AF_INET;
|
|
memcpy(&conn->addr.sin.sin_addr, bytes, 4);
|
|
} else if (conn->addr_type == IPv6Addr) {
|
|
assert(readbytes == 16);
|
|
conn->addr.sa.sa_family = AF_INET6;
|
|
memcpy(&conn->addr.sin6.sin6_addr, bytes, 16);
|
|
} else {
|
|
char* host = NULL;
|
|
STACK_OR_HEAP_ALLOC(host, readbytes + 1, 256);
|
|
memcpy(host, bytes, readbytes);
|
|
host[readbytes] = '\0';
|
|
// TODO: async DNS
|
|
int ret = ResolveAddr(host, &conn->addr);
|
|
STACK_OR_HEAP_FREE(host);
|
|
if (ret != 0) {
|
|
fprintf(stderr, "Resolve %.*s failed!\n", readbytes, (char*)bytes);
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
}
|
|
conn->state = s_dst_port;
|
|
hio_readbytes(io, 2);
|
|
}
|
|
break;
|
|
case s_dst_port:
|
|
// printf("s_dst_port\n");
|
|
{
|
|
assert(readbytes == 2);
|
|
uint16_t port = ((uint16_t)bytes[0]) << 8 | bytes[1];
|
|
// printf("port=%d\n", port);
|
|
sockaddr_set_port(&conn->addr, port);
|
|
hloop_t* loop = hevent_loop(io);
|
|
// hio_t* upstream_io = hio_setup_tcp_upstream(io, conn->host, conn->port, 0);
|
|
// hio_t* upstream_io = hio_create_socket(loop, conn->host, conn->port, HIO_TYPE_TCP, HIO_CLIENT_SIDE);
|
|
int sockfd = socket(conn->addr.sa.sa_family, SOCK_STREAM, 0);
|
|
if (sockfd < 0) {
|
|
perror("socket");
|
|
hio_close(io);
|
|
return;
|
|
}
|
|
hio_t* upstream_io = hio_get(loop, sockfd);
|
|
assert(upstream_io != NULL);
|
|
hio_set_peeraddr(upstream_io, &conn->addr.sa, sockaddr_len(&conn->addr));
|
|
|
|
hevent_set_userdata(upstream_io, conn);
|
|
// io <=> upstream_io
|
|
hio_setup_upstream(io, upstream_io);
|
|
hio_setcb_connect(upstream_io, on_upstream_connect);
|
|
hio_setcb_close(upstream_io, hio_close_upstream);
|
|
conn->state = s_upstream;
|
|
// printf("connect to ");
|
|
// SOCKADDR_PRINT(hio_peeraddr(upstream_io));
|
|
hio_connect(upstream_io);
|
|
}
|
|
break;
|
|
case s_upstream:
|
|
hio_write_upstream(io, buf, readbytes);
|
|
break;
|
|
case s_end:
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
static void on_accept(hio_t* io) {
|
|
/*
|
|
printf("on_accept connfd=%d\n", hio_fd(io));
|
|
char localaddrstr[SOCKADDR_STRLEN] = {0};
|
|
char peeraddrstr[SOCKADDR_STRLEN] = {0};
|
|
printf("accept connfd=%d [%s] <= [%s]\n", hio_fd(io),
|
|
SOCKADDR_STR(hio_localaddr(io), localaddrstr),
|
|
SOCKADDR_STR(hio_peeraddr(io), peeraddrstr));
|
|
*/
|
|
|
|
hio_setcb_read(io, on_recv);
|
|
hio_setcb_close(io, on_close);
|
|
|
|
socks5_conn_t* conn = NULL;
|
|
HV_ALLOC_SIZEOF(conn);
|
|
conn->io = io;
|
|
hevent_set_userdata(io, conn);
|
|
// start read
|
|
conn->state = s_auth_methods_count;
|
|
hio_readbytes(io, 2);
|
|
}
|
|
|
|
int main(int argc, char** argv) {
|
|
if (argc < 2) {
|
|
printf("Usage: %s proxy_port [username] [password]\n", argv[0]);
|
|
return -10;
|
|
}
|
|
proxy_port = atoi(argv[1]);
|
|
if (argc > 3) {
|
|
auth_username = argv[2];
|
|
auth_password = argv[3];
|
|
}
|
|
|
|
hloop_t* loop = hloop_new(0);
|
|
hio_t* listenio = hloop_create_tcp_server(loop, proxy_host, proxy_port, on_accept);
|
|
if (listenio == NULL) {
|
|
return -20;
|
|
}
|
|
printf("socks5 proxy server listening on %s:%d, listenfd=%d\n", proxy_host, proxy_port, hio_fd(listenio));
|
|
hloop_run(loop);
|
|
hloop_free(&loop);
|
|
return 0;
|
|
}
|