dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add forbidden_port

dev
BreakWa11 9 years ago
parent
9e288c9ac0
commit
d653c9bdb3
4 changed files with 67 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      shadowsocks/common.py
  2. 7
      shadowsocks/shell.py
  3. 27
      shadowsocks/tcprelay.py
  4. 8
      shadowsocks/udprelay.py

25
shadowsocks/common.py
View File

@ -283,6 +283,31 @@ class IPNetwork(object):
else: else:
return False return False
class PortRange(object):
def __init__(self, range_str):
self.range = set()
if type(range_str) == str:
range_str = range_str.split(',')
for item in range_str:
try:
int_range = item.split('-')
if len(int_range) == 1:
self.range.add(int(item))
elif len(int_range) == 2:
int_range[0] = int(int_range[0])
int_range[1] = int(int_range[1])
if int_range[0] < 0:
int_range[0] = 0
if int_range[1] > 65535:
int_range[1] = 65535
i = int_range[0]
while i <= int_range[1]:
self.range.add(i)
except Exception as e:
logging.error(e)
def __contains__(self, val):
return val in self.range
def test_inet_conv(): def test_inet_conv():
ipv4 = b'8.8.4.4' ipv4 = b'8.8.4.4'

7
shadowsocks/shell.py
View File

@ -23,7 +23,7 @@ import json
import sys import sys
import getopt import getopt
import logging import logging
from shadowsocks.common import to_bytes, to_str, IPNetwork from shadowsocks.common import to_bytes, to_str, IPNetwork, PortRange
from shadowsocks import encrypt from shadowsocks import encrypt
@ -261,6 +261,11 @@ def get_config(is_local):
except Exception as e: except Exception as e:
logging.error(e) logging.error(e)
sys.exit(2) sys.exit(2)
try:
config['forbidden_port'] = PortRange(config.get('forbidden_port', ''))
except Exception as e:
logging.error(e)
sys.exit(2)
try: try:
config['ignore_bind'] = \ config['ignore_bind'] = \
IPNetwork(config.get('ignore_bind', '127.0.0.0/8,::1/128')) IPNetwork(config.get('ignore_bind', '127.0.0.0/8,::1/128'))

27
shadowsocks/tcprelay.py
View File

@ -160,6 +160,10 @@ class TCPRelayHandler(object):
self._forbidden_iplist = config['forbidden_ip'] self._forbidden_iplist = config['forbidden_ip']
else: else:
self._forbidden_iplist = None self._forbidden_iplist = None
if 'forbidden_port' in config:
self._forbidden_portset = config['forbidden_port']
else:
self._forbidden_portset = None
if is_local: if is_local:
self._chosen_server = self._get_a_server() self._chosen_server = self._get_a_server()
fd_to_handlers[local_sock.fileno()] = self fd_to_handlers[local_sock.fileno()] = self
@ -511,10 +515,15 @@ class TCPRelayHandler(object):
if len(addrs) == 0: if len(addrs) == 0:
raise Exception("getaddrinfo failed for %s:%d" % (ip, port)) raise Exception("getaddrinfo failed for %s:%d" % (ip, port))
af, socktype, proto, canonname, sa = addrs[0] af, socktype, proto, canonname, sa = addrs[0]
if not self._remote_udp and self._forbidden_iplist: if not self._remote_udp:
if self._forbidden_iplist:
if common.to_str(sa[0]) in self._forbidden_iplist: if common.to_str(sa[0]) in self._forbidden_iplist:
raise Exception('IP %s is in forbidden list, reject' % raise Exception('IP %s is in forbidden list, reject' %
common.to_str(sa[0])) common.to_str(sa[0]))
if self._forbidden_portset:
if sa[1] in self._forbidden_portset:
raise Exception('Port %d is in forbidden list, reject' %
sa[1])
remote_sock = socket.socket(af, socktype, proto) remote_sock = socket.socket(af, socktype, proto)
self._remote_sock = remote_sock self._remote_sock = remote_sock
self._fd_to_handlers[remote_sock.fileno()] = self self._fd_to_handlers[remote_sock.fileno()] = self
@ -652,7 +661,21 @@ class TCPRelayHandler(object):
else: else:
data = obfs_decode[0] data = obfs_decode[0]
try: try:
data = self._protocol.server_post_decrypt(data) newdata = self._protocol.server_post_decrypt(data)
if data and not newdata:
data = self._protocol.server_pre_encrypt(data)
data = self._encryptor.encrypt(data)
data = self._obfs.server_encode(data)
try:
self._write_to_sock(data, self._local_sock)
except Exception as e:
shell.print_exception(e)
if self._config['verbose']:
traceback.print_exc()
logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1]))
self.destroy()
return
data = newdata
except Exception as e: except Exception as e:
shell.print_exception(e) shell.print_exception(e)
logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1])) logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1]))

8
shadowsocks/udprelay.py
View File

@ -301,6 +301,10 @@ class TCPRelayHandler(object):
self._forbidden_iplist = config['forbidden_ip'] self._forbidden_iplist = config['forbidden_ip']
else: else:
self._forbidden_iplist = None self._forbidden_iplist = None
if 'forbidden_port' in config:
self._forbidden_portset = config['forbidden_port']
else:
self._forbidden_portset = None
#fd_to_handlers[local_sock.fileno()] = self #fd_to_handlers[local_sock.fileno()] = self
#local_sock.setblocking(False) #local_sock.setblocking(False)
#loop.add(local_sock, eventloop.POLL_IN | eventloop.POLL_ERR) #loop.add(local_sock, eventloop.POLL_IN | eventloop.POLL_ERR)
@ -1077,6 +1081,10 @@ class UDPRelay(object):
common.to_str(sa[0])) common.to_str(sa[0]))
# drop # drop
return return
if self._forbidden_portset:
if sa[1] in self._forbidden_portset:
raise Exception('Port %d is in forbidden list, reject' %
sa[1])
client = socket.socket(af, socktype, proto) client = socket.socket(af, socktype, proto)
client.setblocking(False) client.setblocking(False)
is_dns = False is_dns = False

Write Preview
Loading…
Cancel
Save