service

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: Apache-2.0 Imports: 23 Imported by: 1

Documentation

Index

Constants

View Source 
const MaxCapacity = 20_000

MaxCapacity is the largest allowed size of ReplayCache.

Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.

Variables

This section is empty.

Functions

func StreamServe added in v1.5.0 

func StreamServe(accept StreamListener, handle StreamHandler)

StreamServe repeatedly calls `accept` to obtain connections and `handle` to handle them until accept() returns [ErrClosed]. When that happens, all connection handlers will be notified via their context.Context. StreamServe will return after all pending handlers return.

Types

type CipherEntry 

type CipherEntry struct {
	ID            string
	CryptoKey     *shadowsocks.EncryptionKey
	SaltGenerator ServerSaltGenerator
	// contains filtered or unexported fields
}

CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.

func MakeCipherEntry 

func MakeCipherEntry(id string, cryptoKey *shadowsocks.EncryptionKey, secret string) CipherEntry

MakeCipherEntry constructs a CipherEntry.

type CipherList 

type CipherList interface {
	// Returns a snapshot of the cipher list optimized for this client IP
	SnapshotForClientIP(clientIP net.IP) []*list.Element
	MarkUsedByClientIP(e *list.Element, clientIP net.IP)
	// Update replaces the current contents of the CipherList with `contents`,
	// which is a List of *CipherEntry.  Update takes ownership of `contents`,
	// which must not be read or written after this call.
	Update(contents *list.List)
}

CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.

func MakeTestCiphers 

func MakeTestCiphers(secrets []string) (CipherList, error)

MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.

func NewCipherList 

func NewCipherList() CipherList

NewCipherList creates an empty CipherList

type NoOpTCPMetrics added in v1.5.0 

type NoOpTCPMetrics struct{}

NoOpTCPMetrics is a TCPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpTCPMetrics) AddAuthenticatedTCPConnection added in v1.5.0 

func (m *NoOpTCPMetrics) AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)

func (*NoOpTCPMetrics) AddClosedTCPConnection added in v1.5.0 

func (m *NoOpTCPMetrics) AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, data metrics.ProxyMetrics, duration time.Duration)

func (*NoOpTCPMetrics) AddOpenTCPConnection added in v1.5.0 

func (m *NoOpTCPMetrics) AddOpenTCPConnection(clientInfo ipinfo.IPInfo)

func (*NoOpTCPMetrics) AddTCPCipherSearch added in v1.5.0 

func (m *NoOpTCPMetrics) AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)

func (*NoOpTCPMetrics) AddTCPProbe added in v1.5.0 

func (m *NoOpTCPMetrics) AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64)

func (*NoOpTCPMetrics) GetIPInfo added in v1.5.0 

func (m *NoOpTCPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)

type NoOpUDPMetrics added in v1.5.0 

type NoOpUDPMetrics struct{}

NoOpUDPMetrics is a UDPMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpUDPMetrics) AddUDPCipherSearch added in v1.5.0 

func (m *NoOpUDPMetrics) AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)

func (*NoOpUDPMetrics) AddUDPNatEntry added in v1.5.0 

func (m *NoOpUDPMetrics) AddUDPNatEntry(clientAddr net.Addr, accessKey string)

func (*NoOpUDPMetrics) AddUDPPacketFromClient added in v1.5.0 

func (m *NoOpUDPMetrics) AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)

func (*NoOpUDPMetrics) AddUDPPacketFromTarget added in v1.5.0 

func (m *NoOpUDPMetrics) AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)

func (*NoOpUDPMetrics) GetIPInfo added in v1.5.0 

func (m *NoOpUDPMetrics) GetIPInfo(net.IP) (ipinfo.IPInfo, error)

func (*NoOpUDPMetrics) RemoveUDPNatEntry added in v1.5.0 

func (m *NoOpUDPMetrics) RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)

type PacketHandler added in v1.5.0 

type PacketHandler interface {
	// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
	SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
	// Handle returns after clientConn closes and all the sub goroutines return.
	Handle(clientConn net.PacketConn)
}

PacketHandler is a running UDP shadowsocks proxy that can be stopped.

func NewPacketHandler added in v1.5.0 

func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetrics) PacketHandler

NewPacketHandler creates a UDPService

type ReplayCache 

type ReplayCache struct {
	// contains filtered or unexported fields
}

ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).

The nil and zero values represent a cache with capacity 0, i.e. no cache.

func NewReplayCache 

func NewReplayCache(capacity int) ReplayCache

NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.

func (*ReplayCache) Add 

func (c *ReplayCache) Add(id string, salt []byte) bool

Add a handshake with this key ID and salt to the cache. Returns false if it is already present.

type ServerSaltGenerator 

type ServerSaltGenerator interface {
	ss.SaltGenerator
	// IsServerSalt returns true if the salt was created by this generator
	// and is marked as server-originated.
	IsServerSalt(salt []byte) bool
}

ServerSaltGenerator offers the ability to check if a salt was marked as server-originated. 

var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}

RandomServerSaltGenerator is a basic ServerSaltGenerator.

func NewServerSaltGenerator 

func NewServerSaltGenerator(secret string) ServerSaltGenerator

NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.

type ShadowsocksTCPMetrics added in v1.5.0 

type ShadowsocksTCPMetrics interface {
	// Shadowsocks TCP metrics
	AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

ShadowsocksTCPMetrics is used to report Shadowsocks metrics on TCP connections.

type StreamAuthenticateFunc added in v1.5.0 

type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError)

func NewShadowsocksStreamAuthenticator added in v1.5.0 

func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksTCPMetrics) StreamAuthenticateFunc

NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks. TODO(fortuna): Offer alternative transports.

type StreamHandler added in v1.5.0 

type StreamHandler func(ctx context.Context, conn transport.StreamConn)

type StreamListener added in v1.5.0 

type StreamListener func() (transport.StreamConn, error)

func WrapStreamListener added in v1.5.0 

func WrapStreamListener[T transport.StreamConn](f func() (T, error)) StreamListener

type TCPHandler added in v1.5.0 

type TCPHandler interface {
	Handle(ctx context.Context, conn transport.StreamConn)
	// SetTargetDialer sets the [transport.StreamDialer] to be used to connect to target addresses.
	SetTargetDialer(dialer transport.StreamDialer)
}

TCPService is a Shadowsocks TCP service that can be started and stopped.

func NewTCPHandler added in v1.5.0 

func NewTCPHandler(port int, authenticate StreamAuthenticateFunc, m TCPMetrics, timeout time.Duration) TCPHandler

NewTCPService creates a TCPService

type TCPMetrics added in v1.5.0 

type TCPMetrics interface {
	ipinfo.IPInfoMap

	// TCP metrics
	AddOpenTCPConnection(clientInfo ipinfo.IPInfo)
	AddAuthenticatedTCPConnection(clientAddr net.Addr, accessKey string)
	AddClosedTCPConnection(clientInfo ipinfo.IPInfo, clientAddr net.Addr, accessKey string, status string, data metrics.ProxyMetrics, duration time.Duration)
	AddTCPProbe(status, drainResult string, port int, clientProxyBytes int64)
}

TCPMetrics is used to report metrics on TCP connections.

type UDPMetrics added in v1.5.0 

type UDPMetrics interface {
	ipinfo.IPInfoMap

	// UDP metrics
	AddUDPPacketFromClient(clientInfo ipinfo.IPInfo, accessKey, status string, clientProxyBytes, proxyTargetBytes int)
	AddUDPPacketFromTarget(clientInfo ipinfo.IPInfo, accessKey, status string, targetProxyBytes, proxyClientBytes int)
	AddUDPNatEntry(clientAddr net.Addr, accessKey string)
	RemoveUDPNatEntry(clientAddr net.Addr, accessKey string)

	// Shadowsocks metrics
	AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

UDPMetrics is used to report metrics on UDP connections.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.