Browse Source

add forbidden support for UDP and add tests

master
clowwindy 10 years ago
parent
commit
4312eb9e58
  1. 1
      .jenkins.sh
  2. 4
      shadowsocks/tcprelay.py
  3. 11
      shadowsocks/udprelay.py
  4. 28
      tests/test.py

1
.jenkins.sh

@ -45,6 +45,7 @@ run_test python tests/test.py --with-coverage -c tests/workers.json
run_test python tests/test.py --with-coverage -s tests/ipv6.json -c tests/ipv6-client-side.json run_test python tests/test.py --with-coverage -s tests/ipv6.json -c tests/ipv6-client-side.json
run_test python tests/test.py --with-coverage -b "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -q" -a "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -vv" run_test python tests/test.py --with-coverage -b "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -q" -a "-m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -vv"
run_test python tests/test.py --with-coverage -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --workers 1" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -qq -b 127.0.0.1" run_test python tests/test.py --with-coverage -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --workers 1" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -qq -b 127.0.0.1"
run_test python tests/test.py --with-coverage --should-fail --url="http://127.0.0.1/" -b "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 --forbidden-ip=127.0.0.1,::1,8.8.8.8" -a "-m aes-256-cfb -k testrc4 -s 127.0.0.1 -p 8388 -l 1081 -t 30 -b 127.0.0.1"
if [ -f /proc/sys/net/ipv4/tcp_fastopen ] ; then if [ -f /proc/sys/net/ipv4/tcp_fastopen ] ; then
if [ 3 -eq `cat /proc/sys/net/ipv4/tcp_fastopen` ] ; then if [ 3 -eq `cat /proc/sys/net/ipv4/tcp_fastopen` ] ; then

4
shadowsocks/tcprelay.py

@ -123,8 +123,8 @@ class TCPRelayHandler(object):
self._downstream_status = WAIT_STATUS_INIT self._downstream_status = WAIT_STATUS_INIT
self._client_address = local_sock.getpeername()[:2] self._client_address = local_sock.getpeername()[:2]
self._remote_address = None self._remote_address = None
if 'forbidden_ip' in self._config: if 'forbidden_ip' in config:
self._forbidden_iplist = self._config['forbidden_ip'] self._forbidden_iplist = config['forbidden_ip']
else: else:
self._forbidden_iplist = None self._forbidden_iplist = None
if is_local: if is_local:

11
shadowsocks/udprelay.py

@ -112,6 +112,11 @@ class UDPRelay(object):
self._closed = False self._closed = False
self._last_time = time.time() self._last_time = time.time()
self._sockets = set() self._sockets = set()
print(config)
if 'forbidden_ip' in config:
self._forbidden_iplist = config['forbidden_ip']
else:
self._forbidden_iplist = None
addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0, addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0,
socket.SOCK_DGRAM, socket.SOL_UDP) socket.SOCK_DGRAM, socket.SOL_UDP)
@ -178,6 +183,12 @@ class UDPRelay(object):
socket.SOCK_DGRAM, socket.SOL_UDP) socket.SOCK_DGRAM, socket.SOL_UDP)
if addrs: if addrs:
af, socktype, proto, canonname, sa = addrs[0] af, socktype, proto, canonname, sa = addrs[0]
if self._forbidden_iplist:
if common.to_str(sa[0]) in self._forbidden_iplist:
logging.warn('IP %s is in forbidden list, drop' %
common.to_str(sa[0]))
# drop
return
client = socket.socket(af, socktype, proto) client = socket.socket(af, socktype, proto)
client.setblocking(False) client.setblocking(False)
self._cache[key] = client self._cache[key] = client

28
tests/test.py

@ -40,6 +40,9 @@ parser.add_argument('-s', '--server-conf', type=str, default=None)
parser.add_argument('-a', '--client-args', type=str, default=None) parser.add_argument('-a', '--client-args', type=str, default=None)
parser.add_argument('-b', '--server-args', type=str, default=None) parser.add_argument('-b', '--server-args', type=str, default=None)
parser.add_argument('--with-coverage', action='store_true', default=None) parser.add_argument('--with-coverage', action='store_true', default=None)
parser.add_argument('--should-fail', action='store_true', default=None)
parser.add_argument('--url', type=str, default='http://www.example.com/')
parser.add_argument('--dns', type=str, default='8.8.8.8')
config = parser.parse_args() config = parser.parse_args()
@ -87,6 +90,7 @@ try:
for fd in r: for fd in r:
line = fd.readline() line = fd.readline()
sys.stderr.write(line)
if not line: if not line:
if stage == 2 and fd == p3.stdout: if stage == 2 and fd == p3.stdout:
stage = 3 stage = 3
@ -94,7 +98,6 @@ try:
stage = 5 stage = 5
if bytes != str: if bytes != str:
line = str(line, 'utf8') line = str(line, 'utf8')
sys.stdout.write(line)
if line.find('starting local') >= 0: if line.find('starting local') >= 0:
local_ready = True local_ready = True
if line.find('starting server') >= 0: if line.find('starting server') >= 0:
@ -103,7 +106,7 @@ try:
if stage == 1: if stage == 1:
time.sleep(2) time.sleep(2)
p3 = Popen(['curl', 'http://www.example.com/', '-v', '-L', p3 = Popen(['curl', config.url, '-v', '-L',
'--socks5-hostname', '127.0.0.1:1081', '--socks5-hostname', '127.0.0.1:1081',
'-m', '15', '--connect-timeout', '10'], '-m', '15', '--connect-timeout', '10'],
stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
@ -118,9 +121,13 @@ try:
fdset.remove(p3.stdout) fdset.remove(p3.stdout)
fdset.remove(p3.stderr) fdset.remove(p3.stderr)
r = p3.wait() r = p3.wait()
if r != 0: if config.should_fail:
sys.exit(1) if r == 0:
p4 = Popen(['socksify', 'dig', '@8.8.8.8', 'www.google.com'], sys.exit(1)
else:
if r != 0:
sys.exit(1)
p4 = Popen(['socksify', 'dig', '@%s' % config.dns, 'www.google.com'],
stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
if p4 is not None: if p4 is not None:
fdset.append(p4.stdout) fdset.append(p4.stdout)
@ -131,9 +138,14 @@ try:
if stage == 5: if stage == 5:
r = p4.wait() r = p4.wait()
if r != 0: if config.should_fail:
sys.exit(1) if r == 0:
print('test passed') sys.exit(1)
print('test passed (expecting failure)')
else:
if r != 0:
sys.exit(1)
print('test passed')
break break
finally: finally:
for p in [p1, p2]: for p in [p1, p2]:

Loading…
Cancel
Save