log RLIMIT_NOFILE

let http_simple the same as http_post when server_decode

db_transfer.py

@@ -189,6 +189,8 @@ class TransferBase(object):
 		socket.setdefaulttimeout(timeout)
 		last_rows = []
 		db_instance = obj()
+		import resource
+		logging.info('current process RLIMIT_NOFILE resource: soft %d hard %d'  % resource.getrlimit(resource.RLIMIT_NOFILE))
 		try:
 			while True:
 				load_config()

shadowsocks/obfsplugin/auth.py

@@ -298,12 +298,14 @@ class auth_sha1(verify_base):
         self.recv_buf += buf
         out_buf = b''
         if not self.has_recv_header:
-            if len(self.recv_buf) < 4:
+            if len(self.recv_buf) < 6:
                 return (b'', False)
             crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF)
             if crc != self.recv_buf[:4]:
                 return self.not_match_return(self.recv_buf)
             length = struct.unpack('>H', self.recv_buf[4:6])[0]
+            if length > 2048:
+                return self.not_match_return(self.recv_buf)
             if length > len(self.recv_buf):
                 return (b'', False)
             sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
@@ -529,12 +531,14 @@ class auth_sha1_v2(verify_base):
         self.recv_buf += buf
         out_buf = b''
         if not self.has_recv_header:
-            if len(self.recv_buf) < 4:
+            if len(self.recv_buf) < 6:
                 return (b'', False)
             crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF)
             if crc != self.recv_buf[:4]:
                 return self.not_match_return(self.recv_buf)
             length = struct.unpack('>H', self.recv_buf[4:6])[0]
+            if length > 2048:
+                return self.not_match_return(self.recv_buf)
             if length > len(self.recv_buf):
                 return (b'', False)
             sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]

shadowsocks/obfsplugin/http_simple.py

@@ -167,7 +167,7 @@ class http_simple(plain.plain):
         self.recv_buffer += buf
         buf = self.recv_buffer
         if len(buf) > 10:
-            if match_begin(buf, b'GET /') or match_begin(buf, b'POST /'):
+            if match_begin(buf, b'GET ') or match_begin(buf, b'POST '):
                 if len(buf) > 65536:
                     self.recv_buffer = None
                     logging.warn('http_simple: over size')
@@ -238,37 +238,6 @@ class http_post(http_simple):
             return (b'E'*64, False, False)
         return (buf, True, False)
 
-    def server_decode(self, buf):
-        if self.has_recv_header:
-            return (buf, True, False)
-
-        self.recv_buffer += buf
-        buf = self.recv_buffer
-        if len(buf) > 10:
-            if match_begin(buf, b'GET ') or match_begin(buf, b'POST '):
-                if len(buf) > 65536:
-                    self.recv_buffer = None
-                    logging.warn('http_post: over size')
-                    return self.not_match_return(buf)
-            else: #not http header, run on original protocol
-                self.recv_buffer = None
-                logging.debug('http_post: not match begin')
-                return self.not_match_return(buf)
-        else:
-            return (b'', True, False)
-
-        if b'\r\n\r\n' in buf:
-            datas = buf.split(b'\r\n\r\n', 1)
-            ret_buf = self.get_data_from_http_header(buf)
-            if len(datas) > 1:
-                ret_buf += datas[1]
-            if len(ret_buf) >= 7:
-                self.has_recv_header = True
-                return (ret_buf, True, False)
-            return self.not_match_return(buf)
-        else:
-            return (b'', True, False)
-
 class random_head(plain.plain):
     def __init__(self, method):
         self.method = method