Merge branch 'master' of shadowsocks/shadowsocks

.travis.yml

@@ -13,7 +13,7 @@ before_install:
   - sudo dd if=/dev/urandom of=/usr/share/nginx/www/file bs=1M count=10
   - sudo sh -c "echo '127.0.0.1    localhost' > /etc/hosts"
   - sudo service nginx restart
-  - pip install pep8 pyflakes nose coverage
+  - pip install pep8 pyflakes nose coverage PySocks
   - sudo tests/socksify/install.sh
   - sudo tests/libsodium/install.sh
   - sudo tests/setup_tc.sh

CHANGES

@@ -1,3 +1,6 @@
+2.6.11 2015-07-10
+- Fix a compatibility issue in UDP Relay
+
 2.6.10 2015-06-08
 - Optimize LRU cache
 - Refine logging

setup.py

@@ -7,7 +7,7 @@ with codecs.open('README.rst', encoding='utf-8') as f:
 
 setup(
     name="shadowsocks",
-    version="2.6.11",
+    version="2.6.12",
     license='http://www.apache.org/licenses/LICENSE-2.0',
     description="A fast tunnel proxy that help you get through firewalls",
     author='clowwindy',

shadowsocks/udprelay.py

@@ -76,8 +76,9 @@ from shadowsocks.common import pre_parse_header, parse_header, pack_addr
 BUF_SIZE = 65536
 
 
-def client_key(a, b, c, d):
-    return '%s:%s:%s:%s' % (a, b, c, d)
+def client_key(source_addr, server_af):
+    # notice this is server af, not dest af
+    return '%s:%s:%d' % (source_addr[0], source_addr[1], server_af)
 
 
 class UDPRelay(object):
@@ -102,6 +103,7 @@ class UDPRelay(object):
                                          close_callback=self._close_client)
         self._client_fd_to_server_addr = \
             lru_cache.LRUCache(timeout=config['timeout'])
+        self._dns_cache = lru_cache.LRUCache(timeout=300)
         self._eventloop = None
         self._closed = False
         self._last_time = time.time()
@@ -172,37 +174,36 @@ class UDPRelay(object):
 
         if self._is_local:
             server_addr, server_port = self._get_a_server()
-            key = client_key(r_addr[0], r_addr[1], dest_addr, dest_port)
         else:
             server_addr, server_port = dest_addr, dest_port
-            addrs = socket.getaddrinfo(dest_addr, dest_port, 0, socket.SOCK_DGRAM, socket.SOL_UDP)
-            if addrs:
-                af, socktype, proto, canonname, sa = addrs[0]
-                key = client_key(r_addr[0], r_addr[1], af, 0)
-            else:
-                key = None
 
-        client = self._cache.get(key, None)
-        if not client:
-            # TODO async getaddrinfo
-            #logging.info('UDP handle_server %s:%d from %s:%d' % (common.to_str(server_addr), server_port, self._listen_addr, self._listen_port))
+        addrs = self._dns_cache.get(server_addr, None)
+        if addrs is None:
             addrs = socket.getaddrinfo(server_addr, server_port, 0,
                                        socket.SOCK_DGRAM, socket.SOL_UDP)
-            if addrs:
-                af, socktype, proto, canonname, sa = addrs[0]
-                if self._forbidden_iplist:
-                    if common.to_str(sa[0]) in self._forbidden_iplist:
-                        logging.debug('IP %s is in forbidden list, drop' %
-                                      common.to_str(sa[0]))
-                        # drop
-                        return
-                client = socket.socket(af, socktype, proto)
-                client.setblocking(False)
-                self._cache[key] = client
-                self._client_fd_to_server_addr[client.fileno()] = r_addr
-            else:
+            if not addrs:
                 # drop
                 return
+            else:
+                self._dns_cache[server_addr] = addrs
+
+        af, socktype, proto, canonname, sa = addrs[0]
+        key = client_key(r_addr, af)
+        logging.debug(key)
+        client = self._cache.get(key, None)
+        if not client:
+            # TODO async getaddrinfo
+            if self._forbidden_iplist:
+                if common.to_str(sa[0]) in self._forbidden_iplist:
+                    logging.debug('IP %s is in forbidden list, drop' %
+                                  common.to_str(sa[0]))
+                    # drop
+                    return
+            client = socket.socket(af, socktype, proto)
+            client.setblocking(False)
+            self._cache[key] = client
+            self._client_fd_to_server_addr[client.fileno()] = r_addr
+
             self._sockets.add(client.fileno())
             self._eventloop.add(client, eventloop.POLL_IN)
 

tests/jenkins.sh

@@ -69,7 +69,7 @@ if [ -f /proc/sys/net/ipv4/tcp_fastopen ] ; then
 fi
 
 run_test tests/test_large_file.sh
-
+run_test tests/test_udp_src.sh
 run_test tests/test_command.sh
 
 coverage combine && coverage report --include=shadowsocks/*

tests/test_udp_src.py

@@ -0,0 +1,83 @@
+#!/usr/bin/python
+
+import socket
+import socks
+
+
+SERVER_IP = '127.0.0.1'
+SERVER_PORT = 1081
+
+
+if __name__ == '__main__':
+    # Test 1: same source port IPv4
+    sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
+                                socket.SOL_UDP)
+    sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
+    sock_out.bind(('127.0.0.1', 9000))
+
+    sock_in1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
+                             socket.SOL_UDP)
+    sock_in2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM,
+                             socket.SOL_UDP)
+
+    sock_in1.bind(('127.0.0.1', 9001))
+    sock_in2.bind(('127.0.0.1', 9002))
+
+    sock_out.sendto(b'data', ('127.0.0.1', 9001))
+    result1 = sock_in1.recvfrom(8)
+
+    sock_out.sendto(b'data', ('127.0.0.1', 9002))
+    result2 = sock_in2.recvfrom(8)
+
+    sock_out.close()
+    sock_in1.close()
+    sock_in2.close()
+
+    # make sure they're from the same source port
+    assert result1 == result2
+
+    # Test 2: same source port IPv6
+    # try again from the same port but IPv6
+    sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
+                                socket.SOL_UDP)
+    sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
+    sock_out.bind(('127.0.0.1', 9000))
+
+    sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
+                             socket.SOL_UDP)
+    sock_in2 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
+                             socket.SOL_UDP)
+
+    sock_in1.bind(('::1', 9001))
+    sock_in2.bind(('::1', 9002))
+
+    sock_out.sendto(b'data', ('::1', 9001))
+    result1 = sock_in1.recvfrom(8)
+
+    sock_out.sendto(b'data', ('::1', 9002))
+    result2 = sock_in2.recvfrom(8)
+
+    sock_out.close()
+    sock_in1.close()
+    sock_in2.close()
+
+    # make sure they're from the same source port
+    assert result1 == result2
+
+    # Test 3: different source ports IPv6
+    sock_out = socks.socksocket(socket.AF_INET, socket.SOCK_DGRAM,
+                                socket.SOL_UDP)
+    sock_out.set_proxy(socks.SOCKS5, SERVER_IP, SERVER_PORT)
+    sock_out.bind(('127.0.0.1', 9003))
+
+    sock_in1 = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM,
+                             socket.SOL_UDP)
+    sock_in1.bind(('::1', 9001))
+    sock_out.sendto(b'data', ('::1', 9001))
+    result3 = sock_in1.recvfrom(8)
+
+    # make sure they're from different source ports
+    assert result1 != result3
+
+    sock_out.close()
+    sock_in1.close()

tests/test_udp_src.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+PYTHON="coverage run -p -a"
+
+mkdir -p tmp
+
+$PYTHON shadowsocks/local.py -c tests/aes.json -v &
+LOCAL=$!
+
+$PYTHON shadowsocks/server.py -c tests/aes.json --forbidden-ip "" -v &
+SERVER=$!
+
+sleep 3
+
+python tests/test_udp_src.py
+r=$?
+
+kill -s SIGINT $LOCAL
+kill -s SIGINT $SERVER
+
+sleep 2
+
+exit $r

utils/fail2ban/shadowsocks.conf

@@ -0,0 +1,5 @@
+[Definition]
+
+_daemon = shadowsocks
+
+failregex = ^\s+ERROR\s+can not parse header when handling connection from <HOST>:\d+$