shadowsocksr/shadowsocks/udprelay.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright 2015 clowwindy
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# SOCKS5 UDP Request
# +----+------+------+----------+----------+----------+
# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
# +----+------+------+----------+----------+----------+
# | 2  |  1   |  1   | Variable |    2     | Variable |
# +----+------+------+----------+----------+----------+

# SOCKS5 UDP Response
# +----+------+------+----------+----------+----------+
# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT |   DATA   |
# +----+------+------+----------+----------+----------+
# | 2  |  1   |  1   | Variable |    2     | Variable |
# +----+------+------+----------+----------+----------+

# shadowsocks UDP Request (before encrypted)
# +------+----------+----------+----------+
# | ATYP | DST.ADDR | DST.PORT |   DATA   |
# +------+----------+----------+----------+
# |  1   | Variable |    2     | Variable |
# +------+----------+----------+----------+

# shadowsocks UDP Response (before encrypted)
# +------+----------+----------+----------+
# | ATYP | DST.ADDR | DST.PORT |   DATA   |
# +------+----------+----------+----------+
# |  1   | Variable |    2     | Variable |
# +------+----------+----------+----------+

# shadowsocks UDP Request and Response (after encrypted)
# +-------+--------------+
# |   IV  |    PAYLOAD   |
# +-------+--------------+
# | Fixed |   Variable   |
# +-------+--------------+

# HOW TO NAME THINGS
# ------------------
# `dest`    means destination server, which is from DST fields in the SOCKS5
#           request
# `local`   means local server of shadowsocks
# `remote`  means remote server of shadowsocks
# `client`  means UDP clients that connects to other servers
# `server`  means the UDP server that handles user requests

from __future__ import absolute_import, division, print_function, \
    with_statement

import time
import socket
import logging
import struct
import errno
import random

from shadowsocks import encrypt, eventloop, lru_cache, common, shell
from shadowsocks.common import parse_header, pack_addr


BUF_SIZE = 65536


def client_key(a, b, c, d):
    return '%s:%s:%s:%s' % (a, b, c, d)


class UDPRelay(object):
    def __init__(self, config, dns_resolver, is_local):
        self._config = config
        if is_local:
            self._listen_addr = config['local_address']
            self._listen_port = config['local_port']
            self._remote_addr = config['server']
            self._remote_port = config['server_port']
        else:
            self._listen_addr = config['server']
            self._listen_port = config['server_port']
            self._remote_addr = None
            self._remote_port = None
        self._dns_resolver = dns_resolver
        self._password = config['password']
        self._method = config['method']
        self._timeout = config['timeout']
        self._is_local = is_local
        self._cache = lru_cache.LRUCache(timeout=config['timeout'],
                                         close_callback=self._close_client)
        self._client_fd_to_server_addr = \
            lru_cache.LRUCache(timeout=config['timeout'])
        self._eventloop = None
        self._closed = False
        self._last_time = time.time()
        self._sockets = set()
        if 'forbidden_ip' in config:
            self._forbidden_iplist = config['forbidden_ip']
        else:
            self._forbidden_iplist = None

        addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0,
                                   socket.SOCK_DGRAM, socket.SOL_UDP)
        if len(addrs) == 0:
            raise Exception("can't get addrinfo for %s:%d" %
                            (self._listen_addr, self._listen_port))
        af, socktype, proto, canonname, sa = addrs[0]
        server_socket = socket.socket(af, socktype, proto)
        server_socket.bind((self._listen_addr, self._listen_port))
        server_socket.setblocking(False)
        self._server_socket = server_socket

    def _get_a_server(self):
        server = self._config['server']
        server_port = self._config['server_port']
        if type(server_port) == list:
            server_port = random.choice(server_port)
        if type(server) == list:
            server = random.choice(server)
        logging.debug('chosen server: %s:%d', server, server_port)
        return server, server_port

    def _close_client(self, client):
        if hasattr(client, 'close'):
            self._sockets.remove(client.fileno())
            self._eventloop.remove(client)
            client.close()
        else:
            # just an address
            pass

    def _handle_server(self):
        server = self._server_socket
        data, r_addr = server.recvfrom(BUF_SIZE)
        if not data:
            logging.debug('UDP handle_server: data is empty')
        if self._is_local:
            frag = common.ord(data[2])
            if frag != 0:
                logging.warn('drop a message since frag is not 0')
                return
            else:
                data = data[3:]
        else:
            data = encrypt.encrypt_all(self._password, self._method, 0, data)
            # decrypt data
            if not data:
                logging.debug('UDP handle_server: data is empty after decrypt')
                return
        header_result = parse_header(data)
        if header_result is None:
            return
        addrtype, dest_addr, dest_port, header_length = header_result

        if self._is_local:
            server_addr, server_port = self._get_a_server()
        else:
            server_addr, server_port = dest_addr, dest_port

        key = client_key(r_addr[0], r_addr[1], dest_addr, dest_port)
        client = self._cache.get(key, None)
        if not client:
            # TODO async getaddrinfo
            addrs = socket.getaddrinfo(server_addr, server_port, 0,
                                       socket.SOCK_DGRAM, socket.SOL_UDP)
            if addrs:
                af, socktype, proto, canonname, sa = addrs[0]
                if self._forbidden_iplist:
                    if common.to_str(sa[0]) in self._forbidden_iplist:
                        logging.debug('IP %s is in forbidden list, drop' %
                                      common.to_str(sa[0]))
                        # drop
                        return
                client = socket.socket(af, socktype, proto)
                client.setblocking(False)
                self._cache[key] = client
                self._client_fd_to_server_addr[client.fileno()] = r_addr
            else:
                # drop
                return
            self._sockets.add(client.fileno())
            self._eventloop.add(client, eventloop.POLL_IN)

        if self._is_local:
            data = encrypt.encrypt_all(self._password, self._method, 1, data)
            if not data:
                return
        else:
            data = data[header_length:]
        if not data:
            return
        try:
            client.sendto(data, (server_addr, server_port))
        except IOError as e:
            err = eventloop.errno_from_exception(e)
            if err in (errno.EINPROGRESS, errno.EAGAIN):
                pass
            else:
                shell.print_exception(e)

    def _handle_client(self, sock):
        data, r_addr = sock.recvfrom(BUF_SIZE)
        if not data:
            logging.debug('UDP handle_client: data is empty')
            return
        if not self._is_local:
            addrlen = len(r_addr[0])
            if addrlen > 255:
                # drop
                return
            data = pack_addr(r_addr[0]) + struct.pack('>H', r_addr[1]) + data
            response = encrypt.encrypt_all(self._password, self._method, 1,
                                           data)
            if not response:
                return
        else:
            data = encrypt.encrypt_all(self._password, self._method, 0,
                                       data)
            if not data:
                return
            header_result = parse_header(data)
            if header_result is None:
                return
            # addrtype, dest_addr, dest_port, header_length = header_result
            response = b'\x00\x00\x00' + data
        client_addr = self._client_fd_to_server_addr.get(sock.fileno())
        if client_addr:
            self._server_socket.sendto(response, client_addr)
        else:
            # this packet is from somewhere else we know
            # simply drop that packet
            pass

    def add_to_loop(self, loop):
        if self._eventloop:
            raise Exception('already add to loop')
        if self._closed:
            raise Exception('already closed')
        self._eventloop = loop
        loop.add_handler(self._handle_events)

        server_socket = self._server_socket
        self._eventloop.add(server_socket,
                            eventloop.POLL_IN | eventloop.POLL_ERR)

    def _handle_events(self, events):
        for sock, fd, event in events:
            if sock == self._server_socket:
                if event & eventloop.POLL_ERR:
                    logging.error('UDP server_socket err')
                self._handle_server()
            elif sock and (fd in self._sockets):
                if event & eventloop.POLL_ERR:
                    logging.error('UDP client_socket err')
                self._handle_client(sock)
        now = time.time()
        if now - self._last_time > 3:
            self._cache.sweep()
            self._client_fd_to_server_addr.sweep()
            self._last_time = now
        if self._closed:
            self._server_socket.close()
            for sock in self._sockets:
                sock.close()
            self._eventloop.remove_handler(self._handle_events)

    def close(self, next_tick=False):
        self._closed = True
        if not next_tick:
            self._server_socket.close()
add udprelay 11 years ago			`#!/usr/bin/python`
			`# -- coding: utf-8 --`
			`#`
license under Apache License v2.0 10 years ago			`# Copyright 2015 clowwindy`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License"); you may`
			`# not use this file except in compliance with the License. You may obtain`
			`# a copy of the License at`
add udprelay 11 years ago			`#`
license under Apache License v2.0 10 years ago			`# http://www.apache.org/licenses/LICENSE-2.0`
add udprelay 11 years ago			`#`
license under Apache License v2.0 10 years ago			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`# License for the specific language governing permissions and limitations`
			`# under the License.`
add udprelay 11 years ago
			`# SOCKS5 UDP Request`
			`# +----+------+------+----------+----------+----------+`
			`# \|RSV \| FRAG \| ATYP \| DST.ADDR \| DST.PORT \| DATA \|`
			`# +----+------+------+----------+----------+----------+`
			`# \| 2 \| 1 \| 1 \| Variable \| 2 \| Variable \|`
			`# +----+------+------+----------+----------+----------+`

			`# SOCKS5 UDP Response`
			`# +----+------+------+----------+----------+----------+`
			`# \|RSV \| FRAG \| ATYP \| DST.ADDR \| DST.PORT \| DATA \|`
			`# +----+------+------+----------+----------+----------+`
			`# \| 2 \| 1 \| 1 \| Variable \| 2 \| Variable \|`
			`# +----+------+------+----------+----------+----------+`

			`# shadowsocks UDP Request (before encrypted)`
			`# +------+----------+----------+----------+`
			`# \| ATYP \| DST.ADDR \| DST.PORT \| DATA \|`
			`# +------+----------+----------+----------+`
			`# \| 1 \| Variable \| 2 \| Variable \|`
			`# +------+----------+----------+----------+`

			`# shadowsocks UDP Response (before encrypted)`
			`# +------+----------+----------+----------+`
			`# \| ATYP \| DST.ADDR \| DST.PORT \| DATA \|`
			`# +------+----------+----------+----------+`
			`# \| 1 \| Variable \| 2 \| Variable \|`
			`# +------+----------+----------+----------+`

			`# shadowsocks UDP Request and Response (after encrypted)`
			`# +-------+--------------+`
			`# \| IV \| PAYLOAD \|`
			`# +-------+--------------+`
			`# \| Fixed \| Variable \|`
			`# +-------+--------------+`

			`# HOW TO NAME THINGS`
			`# ------------------`
			# `dest` means destination server, which is from DST fields in the SOCKS5
			`# request`
			# `local` means local server of shadowsocks
			# `remote` means remote server of shadowsocks
			# `client` means UDP clients that connects to other servers
fix a typo 11 years ago			# `server` means the UDP server that handles user requests
add udprelay 11 years ago
python 3 support; not stable yet 10 years ago			`from __future__ import absolute_import, division, print_function, \`
			`with_statement`
add udprelay 11 years ago
add LRUCache 11 years ago			`import time`
add udprelay 11 years ago			`import socket`
impl 11 years ago			`import logging`
			`import struct`
more work 10 years ago			`import errno`
fix server-multi-ports 10 years ago			`import random`
use absolute import 10 years ago
rename utils module into shell Since utils is ambiguous, we want to give the module a more clear role. 10 years ago			`from shadowsocks import encrypt, eventloop, lru_cache, common, shell`
use absolute import 10 years ago			`from shadowsocks.common import parse_header, pack_addr`
add LRUCache 11 years ago
impl 11 years ago
			`BUF_SIZE = 65536`


implement udp relay 11 years ago			`def client_key(a, b, c, d):`
			`return '%s:%s:%s:%s' % (a, b, c, d)`


add udprelay 11 years ago			`class UDPRelay(object):`
add async dns 10 years ago			`def __init__(self, config, dns_resolver, is_local):`
fix server-multi-ports 10 years ago			`self._config = config`
add ssloop branch 10 years ago			`if is_local:`
			`self._listen_addr = config['local_address']`
			`self._listen_port = config['local_port']`
			`self._remote_addr = config['server']`
			`self._remote_port = config['server_port']`
			`else:`
			`self._listen_addr = config['server']`
			`self._listen_port = config['server_port']`
			`self._remote_addr = None`
			`self._remote_port = None`
add async dns 10 years ago			`self._dns_resolver = dns_resolver`
add ssloop branch 10 years ago			`self._password = config['password']`
			`self._method = config['method']`
			`self._timeout = config['timeout']`
add udprelay 11 years ago			`self._is_local = is_local`
more work 10 years ago			`self._cache = lru_cache.LRUCache(timeout=config['timeout'],`
fix close 11 years ago			`close_callback=self._close_client)`
more work 10 years ago			`self._client_fd_to_server_addr = \`
			`lru_cache.LRUCache(timeout=config['timeout'])`
refine loop 10 years ago			`self._eventloop = None`
fix workers 11 years ago			`self._closed = False`
refine loop 10 years ago			`self._last_time = time.time()`
			`self._sockets = set()`
add forbidden support for UDP and add tests 10 years ago			`if 'forbidden_ip' in config:`
			`self._forbidden_iplist = config['forbidden_ip']`
			`else:`
			`self._forbidden_iplist = None`
add udprelay 11 years ago
fix workers 11 years ago			`addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0,`
			`socket.SOCK_DGRAM, socket.SOL_UDP)`
			`if len(addrs) == 0:`
			`raise Exception("can't get addrinfo for %s:%d" %`
			`(self._listen_addr, self._listen_port))`
			`af, socktype, proto, canonname, sa = addrs[0]`
			`server_socket = socket.socket(af, socktype, proto)`
			`server_socket.bind((self._listen_addr, self._listen_port))`
			`server_socket.setblocking(False)`
			`self._server_socket = server_socket`

fix server-multi-ports 10 years ago			`def _get_a_server(self):`
			`server = self._config['server']`
			`server_port = self._config['server_port']`
			`if type(server_port) == list:`
			`server_port = random.choice(server_port)`
support multiple server ip on client side 10 years ago			`if type(server) == list:`
			`server = random.choice(server)`
fix server-multi-ports 10 years ago			`logging.debug('chosen server: %s:%d', server, server_port)`
			`return server, server_port`

fix remove() 11 years ago			`def _close_client(self, client):`
			`if hasattr(client, 'close'):`
refine loop 10 years ago			`self._sockets.remove(client.fileno())`
fix remove() 11 years ago			`self._eventloop.remove(client)`
			`client.close()`
			`else:`
			`# just an address`
			`pass`

impl 11 years ago			`def _handle_server(self):`
			`server = self._server_socket`
implement udp relay 11 years ago			`data, r_addr = server.recvfrom(BUF_SIZE)`
more log 10 years ago			`if not data:`
			`logging.debug('UDP handle_server: data is empty')`
impl 11 years ago			`if self._is_local:`
python 3 support; not stable yet 10 years ago			`frag = common.ord(data[2])`
impl 11 years ago			`if frag != 0:`
			`logging.warn('drop a message since frag is not 0')`
implement udp relay 11 years ago			`return`
impl 11 years ago			`else:`
			`data = data[3:]`
			`else:`
implement udp relay 11 years ago			`data = encrypt.encrypt_all(self._password, self._method, 0, data)`
more log 10 years ago			`# decrypt data`
implement udp relay 11 years ago			`if not data:`
more log 10 years ago			`logging.debug('UDP handle_server: data is empty after decrypt')`
implement udp relay 11 years ago			`return`
			`header_result = parse_header(data)`
			`if header_result is None:`
			`return`
			`addrtype, dest_addr, dest_port, header_length = header_result`

			`if self._is_local:`
fix server-multi-ports 10 years ago			`server_addr, server_port = self._get_a_server()`
implement udp relay 11 years ago			`else:`
			`server_addr, server_port = dest_addr, dest_port`

			`key = client_key(r_addr[0], r_addr[1], dest_addr, dest_port)`
			`client = self._cache.get(key, None)`
			`if not client:`
			`# TODO async getaddrinfo`
			`addrs = socket.getaddrinfo(server_addr, server_port, 0,`
			`socket.SOCK_DGRAM, socket.SOL_UDP)`
			`if addrs:`
			`af, socktype, proto, canonname, sa = addrs[0]`
add forbidden support for UDP and add tests 10 years ago			`if self._forbidden_iplist:`
			`if common.to_str(sa[0]) in self._forbidden_iplist:`
change logging level for UDP warning 10 years ago			`logging.debug('IP %s is in forbidden list, drop' %`
			`common.to_str(sa[0]))`
add forbidden support for UDP and add tests 10 years ago			`# drop`
			`return`
implement udp relay 11 years ago			`client = socket.socket(af, socktype, proto)`
			`client.setblocking(False)`
			`self._cache[key] = client`
			`self._client_fd_to_server_addr[client.fileno()] = r_addr`
			`else:`
			`# drop`
			`return`
refine loop 10 years ago			`self._sockets.add(client.fileno())`
fix remove() 11 years ago			`self._eventloop.add(client, eventloop.POLL_IN)`
udp server works 11 years ago
implement udp relay 11 years ago			`if self._is_local:`
			`data = encrypt.encrypt_all(self._password, self._method, 1, data)`
			`if not data:`
			`return`
fix udprelay for local 10 years ago			`else:`
			`data = data[header_length:]`
			`if not data:`
			`return`
fix local 11 years ago			`try:`
			`client.sendto(data, (server_addr, server_port))`
			`except IOError as e:`
			`err = eventloop.errno_from_exception(e)`
			`if err in (errno.EINPROGRESS, errno.EAGAIN):`
			`pass`
			`else:`
rename utils module into shell Since utils is ambiguous, we want to give the module a more clear role. 10 years ago			`shell.print_exception(e)`
impl 11 years ago
			`def _handle_client(self, sock):`
implement udp relay 11 years ago			`data, r_addr = sock.recvfrom(BUF_SIZE)`
more log 10 years ago			`if not data:`
			`logging.debug('UDP handle_client: data is empty')`
			`return`
implement udp relay 11 years ago			`if not self._is_local:`
			`addrlen = len(r_addr[0])`
			`if addrlen > 255:`
			`# drop`
			`return`
prefer addrtype 1 and 4 over 3 in UDP relay 10 years ago			`data = pack_addr(r_addr[0]) + struct.pack('>H', r_addr[1]) + data`
implement udp relay 11 years ago			`response = encrypt.encrypt_all(self._password, self._method, 1,`
			`data)`
			`if not response:`
			`return`
			`else:`
			`data = encrypt.encrypt_all(self._password, self._method, 0,`
			`data)`
			`if not data:`
			`return`
add checkout for header 11 years ago			`header_result = parse_header(data)`
			`if header_result is None:`
			`return`
			`# addrtype, dest_addr, dest_port, header_length = header_result`
fix UDP 10 years ago			`response = b'\x00\x00\x00' + data`
more work 10 years ago			`client_addr = self._client_fd_to_server_addr.get(sock.fileno())`
implement udp relay 11 years ago			`if client_addr:`
			`self._server_socket.sendto(response, client_addr)`
			`else:`
add connect 11 years ago			`# this packet is from somewhere else we know`
			`# simply drop that packet`
implement udp relay 11 years ago			`pass`
add udprelay 11 years ago
refine loop 10 years ago			`def add_to_loop(self, loop):`
add async dns 10 years ago			`if self._eventloop:`
			`raise Exception('already add to loop')`
fix workers 11 years ago			`if self._closed:`
refine loop 10 years ago			`raise Exception('already closed')`
			`self._eventloop = loop`
			`loop.add_handler(self._handle_events)`

			`server_socket = self._server_socket`
			`self._eventloop.add(server_socket,`
			`eventloop.POLL_IN \| eventloop.POLL_ERR)`

			`def _handle_events(self, events):`
			`for sock, fd, event in events:`
			`if sock == self._server_socket:`
more log 10 years ago			`if event & eventloop.POLL_ERR:`
			`logging.error('UDP server_socket err')`
refine loop 10 years ago			`self._handle_server()`
			`elif sock and (fd in self._sockets):`
more log 10 years ago			`if event & eventloop.POLL_ERR:`
			`logging.error('UDP client_socket err')`
refine loop 10 years ago			`self._handle_client(sock)`
			`now = time.time()`
Graceful shutdown; close #179 10 years ago			`if now - self._last_time > 3:`
refine loop 10 years ago			`self._cache.sweep()`
			`self._client_fd_to_server_addr.sweep()`
			`self._last_time = now`
handle signal soon; #179 10 years ago			`if self._closed:`
			`self._server_socket.close()`
			`for sock in self._sockets:`
			`sock.close()`
			`self._eventloop.remove_handler(self._handle_events)`
fix workers 11 years ago
Graceful shutdown; close #179 10 years ago			`def close(self, next_tick=False):`
fix workers 11 years ago			`self._closed = True`
Graceful shutdown; close #179 10 years ago			`if not next_tick:`
			`self._server_socket.close()`