clash/adapter/outbound/socks5.go

package outbound

import (
	"context"
	"crypto/tls"
	"errors"
	"fmt"
	"io"
	"net"
	"strconv"

	"github.com/Dreamacro/clash/component/dialer"
	C "github.com/Dreamacro/clash/constant"
	"github.com/Dreamacro/clash/transport/socks5"
)

type Socks5 struct {
	*Base
	user           string
	pass           string
	tls            bool
	skipCertVerify bool
	tlsConfig      *tls.Config
}

type Socks5Option struct {
	BasicOption
	Name           string `proxy:"name"`
	Server         string `proxy:"server"`
	Port           int    `proxy:"port"`
	UserName       string `proxy:"username,omitempty"`
	Password       string `proxy:"password,omitempty"`
	TLS            bool   `proxy:"tls,omitempty"`
	UDP            bool   `proxy:"udp,omitempty"`
	SkipCertVerify bool   `proxy:"skip-cert-verify,omitempty"`
}

// StreamConn implements C.ProxyAdapter
func (ss *Socks5) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
	if ss.tls {
		cc := tls.Client(c, ss.tlsConfig)
		err := cc.Handshake()
		c = cc
		if err != nil {
			return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
		}
	}

	var user *socks5.User
	if ss.user != "" {
		user = &socks5.User{
			Username: ss.user,
			Password: ss.pass,
		}
	}
	if _, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user); err != nil {
		return nil, err
	}
	return c, nil
}

// DialContext implements C.ProxyAdapter
func (ss *Socks5) DialContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {
	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
	if err != nil {
		return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
	}
	tcpKeepAlive(c)

	defer safeConnClose(c, err)

	c, err = ss.StreamConn(c, metadata)
	if err != nil {
		return nil, err
	}

	return NewConn(c, ss), nil
}

// ListenPacketContext implements C.ProxyAdapter
func (ss *Socks5) ListenPacketContext(ctx context.Context, metadata *C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {
	c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)
	if err != nil {
		err = fmt.Errorf("%s connect error: %w", ss.addr, err)
		return
	}

	if ss.tls {
		cc := tls.Client(c, ss.tlsConfig)
		err = cc.Handshake()
		c = cc
	}

	defer safeConnClose(c, err)

	tcpKeepAlive(c)
	var user *socks5.User
	if ss.user != "" {
		user = &socks5.User{
			Username: ss.user,
			Password: ss.pass,
		}
	}

	bindAddr, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user)
	if err != nil {
		err = fmt.Errorf("client hanshake error: %w", err)
		return
	}

	pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)
	if err != nil {
		return
	}

	go func() {
		io.Copy(io.Discard, c)
		c.Close()
		// A UDP association terminates when the TCP connection that the UDP
		// ASSOCIATE request arrived on terminates. RFC1928
		pc.Close()
	}()

	// Support unspecified UDP bind address.
	bindUDPAddr := bindAddr.UDPAddr()
	if bindUDPAddr == nil {
		err = errors.New("invalid UDP bind address")
		return
	} else if bindUDPAddr.IP.IsUnspecified() {
		serverAddr, err := resolveUDPAddr("udp", ss.Addr())
		if err != nil {
			return nil, err
		}

		bindUDPAddr.IP = serverAddr.IP
	}

	return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, ss), nil
}

func NewSocks5(option Socks5Option) *Socks5 {
	var tlsConfig *tls.Config
	if option.TLS {
		tlsConfig = &tls.Config{
			InsecureSkipVerify: option.SkipCertVerify,
			ServerName:         option.Server,
		}
	}

	return &Socks5{
		Base: &Base{
			name:  option.Name,
			addr:  net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
			tp:    C.Socks5,
			udp:   option.UDP,
			iface: option.Interface,
			rmark: option.RoutingMark,
		},
		user:           option.UserName,
		pass:           option.Password,
		tls:            option.TLS,
		skipCertVerify: option.SkipCertVerify,
		tlsConfig:      tlsConfig,
	}
}

type socksPacketConn struct {
	net.PacketConn
	rAddr   net.Addr
	tcpConn net.Conn
}

func (uc *socksPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {
	packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)
	if err != nil {
		return
	}
	return uc.PacketConn.WriteTo(packet, uc.rAddr)
}

func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
	n, _, e := uc.PacketConn.ReadFrom(b)
	if e != nil {
		return 0, nil, e
	}
	addr, payload, err := socks5.DecodeUDPPacket(b)
	if err != nil {
		return 0, nil, err
	}

	udpAddr := addr.UDPAddr()
	if udpAddr == nil {
		return 0, nil, errors.New("parse udp addr error")
	}

	// due to DecodeUDPPacket is mutable, record addr length
	copy(b, payload)
	return n - len(addr) - 3, udpAddr, nil
}

func (uc *socksPacketConn) Close() error {
	uc.tcpConn.Close()
	return uc.PacketConn.Close()
}
Feature: add experimental provider 2019-12-08 04:17:24 +00:00			`package outbound`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00
			`import (`
Fix: dial tcp with context to avoid margin of error 2019-10-12 15:55:39 +00:00			`"context"`
Improve: add tls, sni options to socks5 outbound adapter 2018-10-28 11:46:49 +00:00			`"crypto/tls"`
Fix: mutable SplitAddr cause panic 2020-03-02 15:47:23 +00:00			`"errors"`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`"fmt"`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`"io"`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`"net"`
Fix: dial IPv6 host (#29) 2018-11-04 13:12:16 +00:00			`"strconv"`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00
Chore: use custom dialer 2020-02-09 09:02:48 +00:00			`"github.com/Dreamacro/clash/component/dialer"`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`C "github.com/Dreamacro/clash/constant"`
Chore: split component to transport 2021-05-13 14:18:49 +00:00			`"github.com/Dreamacro/clash/transport/socks5"`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`)`

			`type Socks5 struct {`
Chore: improve outbound architecture 2018-12-22 15:56:42 +00:00			`*Base`
Feature: SOCKS5 authentication support (#34) * Feature: socks5 auth support * Chore: make code unified * Fix: auth buffer length 2018-11-09 09:36:30 +00:00			`user string`
			`pass string`
Chore: unified naming "skip-cert-verify" 2018-10-29 12:16:43 +00:00			`tls bool`
			`skipCertVerify bool`
Optimization: use client session cache for TLS connection (#26) 2018-11-01 03:54:45 +00:00			`tlsConfig *tls.Config`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`
Revert: "fix: proxy-groups filter logic" This reverts commit 8a85c63b08627f50c663d88ed0c2b5c217f00d56. 2022-04-22 10:55:28 +00:00
Break Change: use yml, which is easier to parse, as the config format 2018-10-02 07:26:36 +00:00			`type Socks5Option struct {`
Feature: mark on socket (#1705) 2021-11-08 08:59:48 +00:00			`BasicOption`
Chore: unified naming "skip-cert-verify" 2018-10-29 12:16:43 +00:00			Name string `proxy:"name"`
			Server string `proxy:"server"`
			Port int `proxy:"port"`
Feature: SOCKS5 authentication support (#34) * Feature: socks5 auth support * Chore: make code unified * Fix: auth buffer length 2018-11-09 09:36:30 +00:00			UserName string `proxy:"username,omitempty"`
			Password string `proxy:"password,omitempty"`
Chore: unified naming "skip-cert-verify" 2018-10-29 12:16:43 +00:00			TLS bool `proxy:"tls,omitempty"`
Feature: socks5 udp associate 2019-04-23 15:29:36 +00:00			UDP bool `proxy:"udp,omitempty"`
Chore: unified naming "skip-cert-verify" 2018-10-29 12:16:43 +00:00			SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
Break Change: use yml, which is easier to parse, as the config format 2018-10-02 07:26:36 +00:00			`}`

Style: code style 2021-04-29 03:23:14 +00:00			`// StreamConn implements C.ProxyAdapter`
Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`func (ss Socks5) StreamConn(c net.Conn, metadata C.Metadata) (net.Conn, error) {`
			`if ss.tls {`
Optimization: use client session cache for TLS connection (#26) 2018-11-01 03:54:45 +00:00			`cc := tls.Client(c, ss.tlsConfig)`
Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`err := cc.Handshake()`
Optimization: use client session cache for TLS connection (#26) 2018-11-01 03:54:45 +00:00			`c = cc`
Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)`
			`}`
Improve: add tls, sni options to socks5 outbound adapter 2018-10-28 11:46:49 +00:00			`}`

Feature: support outbound socks5 udp 2019-04-25 05:48:47 +00:00			`var user *socks5.User`
			`if ss.user != "" {`
			`user = &socks5.User{`
			`Username: ss.user,`
			`Password: ss.pass,`
			`}`
			`}`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`if _, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdConnect, user); err != nil {`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`return nil, err`
			`}`
Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`return c, nil`
			`}`

Style: code style 2021-04-29 03:23:14 +00:00			`// DialContext implements C.ProxyAdapter`
Feature: dial different NIC for all proxies (#1714) 2021-11-07 08:48:51 +00:00			`func (ss Socks5) DialContext(ctx context.Context, metadata C.Metadata, opts ...dialer.Option) (_ C.Conn, err error) {`
			`c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)`
Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)`
			`}`
			`tcpKeepAlive(c)`

Chore: Clarify the definition of StreamConn and DialContext 2021-03-22 15:26:20 +00:00			`defer safeConnClose(c, err)`

Feature: support relay (proxy chains) (#539) 2020-03-21 15:46:49 +00:00			`c, err = ss.StreamConn(c, metadata)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return NewConn(c, ss), nil`
Chore: improve code architecture 2018-11-21 05:47:46 +00:00			`}`

Chore: contexify ProxyAdapter ListenPacket 2021-10-15 13:44:53 +00:00			`// ListenPacketContext implements C.ProxyAdapter`
Feature: dial different NIC for all proxies (#1714) 2021-11-07 08:48:51 +00:00			`func (ss Socks5) ListenPacketContext(ctx context.Context, metadata C.Metadata, opts ...dialer.Option) (_ C.PacketConn, err error) {`
			`c, err := dialer.DialContext(ctx, "tcp", ss.addr, ss.Base.DialOptions(opts...)...)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`if err != nil {`
Chore: throw more detail dial error 2019-12-05 09:51:21 +00:00			`err = fmt.Errorf("%s connect error: %w", ss.addr, err)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`return`
			`}`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`if ss.tls {`
Feature: support outbound socks5 udp 2019-04-25 05:48:47 +00:00			`cc := tls.Client(c, ss.tlsConfig)`
			`err = cc.Handshake()`
			`c = cc`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`

Chore: Clarify the definition of StreamConn and DialContext 2021-03-22 15:26:20 +00:00			`defer safeConnClose(c, err)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00
Feature: support outbound socks5 udp 2019-04-25 05:48:47 +00:00			`tcpKeepAlive(c)`
			`var user *socks5.User`
			`if ss.user != "" {`
			`user = &socks5.User{`
			`Username: ss.user,`
			`Password: ss.pass,`
Feature: SOCKS5 authentication support (#34) * Feature: socks5 auth support * Chore: make code unified * Fix: auth buffer length 2018-11-09 09:36:30 +00:00			`}`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`

Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`bindAddr, err := socks5.ClientHandshake(c, serializesSocksAddr(metadata), socks5.CmdUDPAssociate, user)`
			`if err != nil {`
Chore: throw more detail dial error 2019-12-05 09:51:21 +00:00			`err = fmt.Errorf("client hanshake error: %w", err)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`return`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00
Feature: dial different NIC for all proxies (#1714) 2021-11-07 08:48:51 +00:00			`pc, err := dialer.ListenPacket(ctx, "udp", "", ss.Base.DialOptions(opts...)...)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`if err != nil {`
			`return`
			`}`

			`go func() {`
Chore: remove deprecated ioutil 2021-10-09 12:35:06 +00:00			`io.Copy(io.Discard, c)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`c.Close()`
			`// A UDP association terminates when the TCP connection that the UDP`
			`// ASSOCIATE request arrived on terminates. RFC1928`
			`pc.Close()`
			`}()`

Fix: support unspecified UDP bind address (#1159) 2020-12-31 10:58:03 +00:00			`// Support unspecified UDP bind address.`
			`bindUDPAddr := bindAddr.UDPAddr()`
			`if bindUDPAddr == nil {`
			`err = errors.New("invalid UDP bind address")`
			`return`
			`} else if bindUDPAddr.IP.IsUnspecified() {`
			`serverAddr, err := resolveUDPAddr("udp", ss.Addr())`
			`if err != nil {`
			`return nil, err`
			`}`

			`bindUDPAddr.IP = serverAddr.IP`
			`}`

			`return newPacketConn(&socksPacketConn{PacketConn: pc, rAddr: bindUDPAddr, tcpConn: c}, ss), nil`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`

Break Change: use yml, which is easier to parse, as the config format 2018-10-02 07:26:36 +00:00			`func NewSocks5(option Socks5Option) *Socks5 {`
Optimization: use client session cache for TLS connection (#26) 2018-11-01 03:54:45 +00:00			`var tlsConfig *tls.Config`
			`if option.TLS {`
			`tlsConfig = &tls.Config{`
			`InsecureSkipVerify: option.SkipCertVerify,`
			`ServerName: option.Server,`
			`}`
			`}`

New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`return &Socks5{`
Chore: improve outbound architecture 2018-12-22 15:56:42 +00:00			`Base: &Base{`
Feature: dial different NIC for all proxies (#1714) 2021-11-07 08:48:51 +00:00			`name: option.Name,`
			`addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),`
			`tp: C.Socks5,`
			`udp: option.UDP,`
			`iface: option.Interface,`
Fix: routing-mark option doesn't work on proxies (#2028) 2022-03-19 05:29:30 +00:00			`rmark: option.RoutingMark,`
Chore: improve outbound architecture 2018-12-22 15:56:42 +00:00			`},`
Feature: SOCKS5 authentication support (#34) * Feature: socks5 auth support * Chore: make code unified * Fix: auth buffer length 2018-11-09 09:36:30 +00:00			`user: option.UserName,`
			`pass: option.Password,`
Chore: unified naming "skip-cert-verify" 2018-10-29 12:16:43 +00:00			`tls: option.TLS,`
			`skipCertVerify: option.SkipCertVerify,`
Optimization: use client session cache for TLS connection (#26) 2018-11-01 03:54:45 +00:00			`tlsConfig: tlsConfig,`
New: custom socks5 proxy support 2018-08-12 05:50:54 +00:00			`}`
			`}`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00
Fix: vmess udp crash 2020-02-17 09:34:19 +00:00			`type socksPacketConn struct {`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`net.PacketConn`
Improve: udp NAT type 2020-01-31 06:43:54 +00:00			`rAddr net.Addr`
Optimization: socks UDP & fix typo (#261) 2019-08-12 06:01:32 +00:00			`tcpConn net.Conn`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`}`

Fix: vmess udp crash 2020-02-17 09:34:19 +00:00			`func (uc *socksPacketConn) WriteTo(b []byte, addr net.Addr) (n int, err error) {`
Improve: udp NAT type 2020-01-31 06:43:54 +00:00			`packet, err := socks5.EncodeUDPPacket(socks5.ParseAddrToSocksAddr(addr), b)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`if err != nil {`
			`return`
			`}`
Improve: udp NAT type 2020-01-31 06:43:54 +00:00			`return uc.PacketConn.WriteTo(packet, uc.rAddr)`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`}`

Fix: vmess udp crash 2020-02-17 09:34:19 +00:00			`func (uc *socksPacketConn) ReadFrom(b []byte) (int, net.Addr, error) {`
Fix: ss udp return error when addr parse failed 2020-02-29 17:46:02 +00:00			`n, _, e := uc.PacketConn.ReadFrom(b)`
Fix: some UDP issues (#265) 2019-10-11 12:11:18 +00:00			`if e != nil {`
			`return 0, nil, e`
			`}`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`addr, payload, err := socks5.DecodeUDPPacket(b)`
			`if err != nil {`
			`return 0, nil, err`
			`}`
Fix: mutable SplitAddr cause panic 2020-03-02 15:47:23 +00:00
			`udpAddr := addr.UDPAddr()`
			`if udpAddr == nil {`
			`return 0, nil, errors.New("parse udp addr error")`
			`}`

Fix: some UDP issues (#265) 2019-10-11 12:11:18 +00:00			`// due to DecodeUDPPacket is mutable, record addr length`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`copy(b, payload)`
Fix: mutable SplitAddr cause panic 2020-03-02 15:47:23 +00:00			`return n - len(addr) - 3, udpAddr, nil`
Fix(socks5): fully udp associate support (#233) 2019-07-25 09:47:39 +00:00			`}`
Optimization: socks UDP & fix typo (#261) 2019-08-12 06:01:32 +00:00
Fix: vmess udp crash 2020-02-17 09:34:19 +00:00			`func (uc *socksPacketConn) Close() error {`
Optimization: socks UDP & fix typo (#261) 2019-08-12 06:01:32 +00:00			`uc.tcpConn.Close()`
			`return uc.PacketConn.Close()`
			`}`