Browse Source

完成动态密码 和 垃圾Email全面 阻断.

pull/1077/head
chuchur 4 months ago
parent
commit
ad2279d8ce
  1. 22
      auth.go
  2. 38
      auth_emai.go
  3. 5
      chain.go
  4. 2
      cmd/gost/Makefile
  5. 17
      cmd/gost/build.sh
  6. 28
      cmd/gost/gost.toml
  7. 4
      config.go
  8. 6
      forward.go
  9. 20
      go.mod
  10. 43
      go.sum
  11. 4
      http.go
  12. 2
      http2.go
  13. 8
      localAddr.go
  14. 6
      redirect.go
  15. 2
      relay.go
  16. 2
      sni.go
  17. 6
      socks.go
  18. 4
      ss.go
  19. 5
      totp.go
  20. 4
      tuntap.go

22
auth.go

@ -21,12 +21,12 @@ type Authenticator interface {
}
func (au *LocalAuthenticator) IFAuthenticate(ip net.IP, user, password string) bool {
if ip == nil {
if ip == nil || user == "" || password == "" {
return false
}
if isWhiteIP(ip) {
// if isWhiteIP(ip) {
if len(password) == 64 {
expected := GeneratePassword(ip.String(), user)
if expected == password {
return true
@ -36,20 +36,20 @@ func (au *LocalAuthenticator) IFAuthenticate(ip net.IP, user, password string) b
} else {
// if !ip.IsLoopback() && !ip.IsPrivate() { // 存的时候已经判断.
secret := generateSecret(ip.String(), user)
ok, counter := verifyOTP(secret, password)
ok, _ := verifyOTP(secret, password)
if !ok {
log.Logf("otp verify fail user=%s ip=%s pass=%s", user, ip, password)
return false
}
// todo: 备用.
// 防止 OTP 重放
key := user + ":" + ip.String() + ":" + password
if _, exists := usedOTP.Load(key); exists {
log.Logf("otp replay attack user=%s ip=%s", user, ip)
return false
}
usedOTP.Store(key, counter)
// key := user + ":" + ip.String() + ":" + password
// if _, exists := usedOTP.Load(key); exists {
// log.Logf("otp replay attack user=%s ip=%s", user, ip)
// return false
// }
// usedOTP.Store(key, _)
return true
}

38
auth_emai.go

@ -4,6 +4,7 @@ import (
"fmt"
"net"
"regexp"
"slices"
"strings"
"sync"
"sync/atomic"
@ -12,8 +13,15 @@ import (
"github.com/go-log/log"
)
// 25 端口 465 和 587
var mailPorts = []string{"25", "465", "587"}
// 25 SMTP 服务器发邮件
// 465 SMTP SSL 客户端发邮件
// 587 SMTP Submission 客户端发邮件
// 143 IMAP 收邮件
// 993 IMAP SSL 收邮件
// 110 POP3 收邮件
// 995 POP3 SSL 收邮件
var mailPorts = []string{"25", "465", "587", "143", "993", "110", "995", "2525"}
type EmailACL struct {
emails map[string]struct{}
@ -84,6 +92,32 @@ func CheckMailFrom(email string) error {
return nil
}
func CheckMailTo(address string) error {
if address == "" {
return nil
}
_, port, err := net.SplitHostPort(address)
if err != nil {
return err
}
if !slices.Contains(mailPorts, port) {
return nil
}
allowed := false
for _, h := range config.Auth.EmailWhiteList {
if strings.EqualFold(h, address) || strings.HasSuffix(address, h) {
allowed = true
break
}
}
if !allowed {
// 记录尝试连接非法 SMTP
fmt.Printf("SMTP access blocked to %s", address)
return fmt.Errorf("SMTP to this destination is forbidden")
}
return nil
}
type RateLimit struct {
count int
lastTime time.Time

5
chain.go

@ -150,7 +150,10 @@ func (c *Chain) dialWithOptions(ctx context.Context, network, address string, op
if err != nil {
return nil, err
}
mail_err := CheckMailTo(address)
if mail_err != nil {
return nil, mail_err
}
ipAddr := address
if address != "" {
ipAddr = c.resolve(address, options.Resolver, options.Hosts)

2
cmd/gost/Makefile

@ -12,6 +12,6 @@ all: build
.PHONY: build
build:
@echo ">> Compile $(APP_NAME) ..."
GOOS=linux GOARCH=amd64 go build -o $(APP_NAME) main.go
GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o $(APP_NAME) main.go
@ls -lh |grep $(APP_NAME)

17
cmd/gost/build.sh

@ -1,7 +1,16 @@
GOOS=linux GOARCH=amd64 go build -o gost
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o gost && upx gost --best --lzma gost
# upx
# upx gost --best --lzma gost
# rsync -avz gost [email protected]:/root/gost/gost
# rsync -avz gost [email protected]:/root/gost/gost
# rsync -avz gost [email protected]:/root/gost/gost
# publish test
rsync -avz gost 2890CC:/home/apps/gost
# rsync -avz gost.toml 2890CC:/home/apps/gost.toml
# run
# gost_test -L=auto://admin:123456@:33080
# systemctl restart gost
# journalctl -u gost -f

28
cmd/gost/gost.toml

@ -1,23 +1,33 @@
[auth]
#动态口令周期 (s) 600=10分钟
dynamic_period = 600
dynamic_period = 5
#时间漂移
dynamic_skew = 1
ip_whitelist = [
"198.144.184.47",
"108.174.48.108",
"23.94.205.145",
"108.174.48.102",
"198.144.184.108",
"198.144.184.57",
"198.144.184.125",
# "198.144.184.47",
# "108.174.48.108",
# "23.94.205.145",
# "108.174.48.102",
# "198.144.184.108",
# "198.144.184.57",
# "198.144.184.125",
"108.174.48.96/28",
"23.94.205.144/28",
"23.94.204.32/27",
"23.94.205.160/27",
"192.3.126.224/27",
"198.144.184.0/25",
]
#动态密钥
secret = "&&4sg123g[]/~"
# SMTP 发信白名单
email_whitelist = ["[email protected]", "@example.com"]
email_whitelist = [
"allowed-mail-server.com:25",
"smtp.secure.com:465",
"smtp.secure.com:587",
]
email_regex = ["^test[0-9][email protected]$"]

4
config.go

@ -20,9 +20,9 @@ var config Config
func LoadAuthConfig() {
_, err := toml.DecodeFile("auth.toml", &config)
_, err := toml.DecodeFile("gost.toml", &config)
if err != nil {
log.Log("not found auth.toml", err)
log.Log("not found gost.toml", err)
}
LoadIPWhiteList(config.Auth.IPWhiteList)

6
forward.go

@ -119,7 +119,7 @@ func (h *tcpDirectForwardHandler) Handle(conn net.Conn) {
var cc net.Conn
var node Node
var err error
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
if len(h.group.Nodes()) > 0 {
node, err = h.group.Next()
@ -199,7 +199,7 @@ func (h *udpDirectForwardHandler) Handle(conn net.Conn) {
return
}
}
ip := getIP(conn)
ip := GetIP(conn)
cc, err := h.options.Chain.DialContext(context.Background(), "udp", node.Addr,
IPChainOption(ip),
ResolverChainOption(h.options.Resolver))
@ -451,7 +451,7 @@ func (l *tcpRemoteForwardListener) Accept() (conn net.Conn, err error) {
func (l *tcpRemoteForwardListener) accept() (conn net.Conn, err error) {
lastNode := l.chain.LastNode()
if lastNode.Protocol == "forward" && lastNode.Transport == "ssh" {
ip := getIP(conn)
ip := GetIP(conn)
return l.chain.Dial(l.addr.String(), IPChainOption(ip))
}

20
go.mod

@ -5,6 +5,7 @@ go 1.25.7
replace github.com/templexxx/cpu v0.0.7 => github.com/templexxx/cpu v0.0.10-0.20211111114238-98168dcec14a
require (
github.com/BurntSushi/toml v1.6.0
github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
github.com/go-gost/gosocks4 v0.0.1
@ -22,38 +23,35 @@ require (
github.com/shadowsocks/go-shadowsocks2 v0.1.5
github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/xtaci/kcp-go/v5 v5.6.70
github.com/xtaci/smux v1.5.56
github.com/xtaci/kcp-go/v5 v5.6.71
github.com/xtaci/smux v1.5.57
github.com/xtaci/tcpraw v1.2.32
gitlab.com/yawning/obfs4.git v0.0.0-20231012084234-c3e2d44b1033
gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0
golang.org/x/crypto v0.48.0
golang.org/x/net v0.51.0
golang.org/x/crypto v0.49.0
golang.org/x/net v0.52.0
)
require (
filippo.io/edwards25519 v1.2.0 // indirect
github.com/BurntSushi/toml v1.6.0 // indirect
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/coreos/go-iptables v0.8.0 // indirect
github.com/dchest/siphash v1.2.3 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/gopacket v1.1.19 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/klauspost/reedsolomon v1.13.2 // indirect
github.com/klauspost/reedsolomon v1.13.3 // indirect
github.com/mdlayher/socket v0.5.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pquerna/otp v1.5.0 // indirect
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
github.com/xtaci/lossyconn v1.0.0 // indirect
gitlab.com/yawning/edwards25519-extra v0.0.0-20231005122941-2149dcafc266 // indirect
go.uber.org/mock v0.6.0 // indirect
golang.org/x/mod v0.33.0 // indirect
golang.org/x/mod v0.34.0 // indirect
golang.org/x/sync v0.20.0 // indirect
golang.org/x/sys v0.42.0 // indirect
golang.org/x/text v0.34.0 // indirect
golang.org/x/text v0.35.0 // indirect
golang.org/x/time v0.15.0 // indirect
golang.org/x/tools v0.42.0 // indirect
golang.org/x/tools v0.43.0 // indirect
)

43
go.sum

@ -11,14 +11,11 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc=
github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA=
@ -63,8 +60,8 @@ github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE
github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/klauspost/reedsolomon v1.13.2 h1:9qtQy2tKEVpVB8Pfq87ZljHZb60/LbeTQ1OxV8EGzdE=
github.com/klauspost/reedsolomon v1.13.2/go.mod h1:ggJT9lc71Vu+cSOPBlxGvBN6TfAS77qB4fp8vJ05NSA=
github.com/klauspost/reedsolomon v1.13.3 h1:01GwnO2xoCSaM0ShP4qwl+FsHg3csFShC6Tu/RS1ji0=
github.com/klauspost/reedsolomon v1.13.3/go.mod h1:yjqqjgMTQkBUHSG97/rm4zipffCNbCiZcB3kTqr++sQ=
github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=
@ -75,8 +72,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
@ -90,18 +85,16 @@ github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601 h1:XU9h
github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601/go.mod h1:mttDPaeLm87u74HMrP+n2tugXvIKWcwff/cqSX0lehY=
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8=
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
github.com/xtaci/kcp-go/v5 v5.6.70 h1:AYX0QZl6PqmNj2IdYGZGuBfZuDUkUfl+eHYNijCqaO0=
github.com/xtaci/kcp-go/v5 v5.6.70/go.mod h1:9O3D8WR+cyyUjGiTILYfg17vn72otWuXK2AFfqIe6CM=
github.com/xtaci/kcp-go/v5 v5.6.71 h1:c5lmRg2l+/z358i2AWr/vt6iRMhZjzn8oRct/iYZ4FQ=
github.com/xtaci/kcp-go/v5 v5.6.71/go.mod h1:9O3D8WR+cyyUjGiTILYfg17vn72otWuXK2AFfqIe6CM=
github.com/xtaci/lossyconn v1.0.0 h1:DM4Kt1j/6sq3QMbOi8VW8FAmdj7snnUH/3z309uadr8=
github.com/xtaci/lossyconn v1.0.0/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
github.com/xtaci/smux v1.5.56 h1:Eyv/dUULmkGZZNucLUisnkzJ/4UQ5YZTschhugFBM0U=
github.com/xtaci/smux v1.5.56/go.mod h1:IGQ9QYrBphmb/4aTnLEcJby0TNr3NV+OslIOMrX825Q=
github.com/xtaci/smux v1.5.57 h1:N72VbGoSYxgcm6mPOYX0QzEZNVD3UI/JlVvAtXF+WrY=
github.com/xtaci/smux v1.5.57/go.mod h1:IGQ9QYrBphmb/4aTnLEcJby0TNr3NV+OslIOMrX825Q=
github.com/xtaci/tcpraw v1.2.32 h1:wdJxd+9IaxGSaPK6luCLIdCkW/8TUQ6Vm872Ctq9L18=
github.com/xtaci/tcpraw v1.2.32/go.mod h1:D2934PQEqknT1iPhprdvpQ94x9pDO3zXQmZR/el+xMY=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@ -120,8 +113,8 @@ golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@ -130,8 +123,8 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -143,8 +136,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -173,16 +166,16 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -194,8 +187,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

4
http.go

@ -239,7 +239,7 @@ func (h *httpHandler) handleRequest(conn net.Conn, req *http.Request) {
var err error
var cc net.Conn
var route *Chain
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
route, err = h.options.Chain.selectRouteFor(host)
if err != nil {
@ -359,7 +359,7 @@ func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http.
log.Logf("[http] %s -> %s : Authorization '%s' '%s'",
conn.RemoteAddr(), conn.LocalAddr(), u, p)
}
ip := getIP(conn)
ip := GetIP(conn)
if h.options.Authenticator == nil || h.options.Authenticator.IFAuthenticate(ip, u, p) {
return true
}

2
http2.go

@ -338,7 +338,7 @@ func (h *http2Handler) Handle(conn net.Conn) {
return
}
ip := getIP(conn)
ip := GetIP(conn)
h.roundTrip(ip, h2c.w, h2c.r)
}

8
localAddr.go

@ -9,7 +9,7 @@ import (
var localAddrKey = "localAddr"
func getIP(conn net.Conn) (ip net.IP) {
func GetIP(conn net.Conn) (ip net.IP) {
IP := conn.LocalAddr().(*net.TCPAddr).IP
if IP != nil && !IP.IsPrivate() && !IP.IsLoopback() {
return IP
@ -18,14 +18,14 @@ func getIP(conn net.Conn) (ip net.IP) {
}
func getContext(conn net.Conn, parentCtx context.Context) (ctx context.Context) {
IP := getIP(conn)
IP := GetIP(conn)
if IP != nil {
return context.WithValue(parentCtx, localAddrKey, IP)
}
return parentCtx
}
func GetIP(ctx context.Context) (ip net.IP) {
func getIP(ctx context.Context) (ip net.IP) {
if v := ctx.Value(localAddrKey); v != nil {
if ip, ok := v.(net.IP); ok && !ip.IsPrivate() && !ip.IsLoopback() {
return ip
@ -42,7 +42,7 @@ func GetSshIP(conn ssh.ConnMetadata) (ip net.IP) {
}
func getLocalAddr(ctx context.Context, options *ChainOptions) (addr net.Addr) {
ip := GetIP(ctx)
ip := getIP(ctx)
if ip == nil && options != nil {
ip = options.IP
}

6
redirect.go

@ -54,10 +54,11 @@ func (h *tcpRedirectHandler) Handle(c net.Conn) {
log.Logf("[red-tcp] %s -> %s", srcAddr, dstAddr)
ip := GetIP(c)
cc, err := h.options.Chain.DialContext(ip, context.Background(),
cc, err := h.options.Chain.DialContext(context.Background(),
"tcp", dstAddr.String(),
RetryChainOption(h.options.Retries),
TimeoutChainOption(h.options.Timeout),
IPChainOption(ip),
)
if err != nil {
log.Logf("[red-tcp] %s -> %s : %s", srcAddr, dstAddr, err)
@ -135,10 +136,11 @@ func (h *udpRedirectHandler) Handle(conn net.Conn) {
return
}
ip := GetIP(conn)
cc, err := h.options.Chain.DialContext(ip, context.Background(),
cc, err := h.options.Chain.DialContext(context.Background(),
"udp", raddr.String(),
RetryChainOption(h.options.Retries),
TimeoutChainOption(h.options.Timeout),
IPChainOption(ip),
)
if err != nil {
log.Logf("[red-udp] %s - %s : %s", conn.RemoteAddr(), raddr, err)

2
relay.go

@ -165,7 +165,7 @@ func (h *relayHandler) Handle(conn net.Conn) {
Version: relay.Version1,
Status: relay.StatusOK,
}
ip := getIP(conn)
ip := GetIP(conn)
if h.options.Authenticator != nil && !h.options.Authenticator.IFAuthenticate(ip, user, pass) {
resp.Status = relay.StatusUnauthorized
resp.WriteTo(conn)

2
sni.go

@ -134,7 +134,7 @@ func (h *sniHandler) Handle(conn net.Conn) {
var cc net.Conn
var route *Chain
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
route, err = h.options.Chain.selectRouteFor(host)
if err != nil {

6
socks.go

@ -168,7 +168,7 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (string,
if Debug {
log.Logf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), req.String())
}
ip := getIP(conn)
ip := GetIP(conn)
if selector.Authenticator != nil && !selector.Authenticator.IFAuthenticate(ip, req.Username, req.Password) {
resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure)
if err := resp.Write(conn); err != nil {
@ -923,7 +923,7 @@ func (h *socks5Handler) handleConnect(conn net.Conn, req *gosocks5.Request) {
var err error
var cc net.Conn
var route *Chain
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
route, err = h.options.Chain.selectRouteFor(host)
if err != nil {
@ -1775,7 +1775,7 @@ func (h *socks4Handler) handleConnect(conn net.Conn, req *gosocks4.Request) {
var err error
var cc net.Conn
var route *Chain
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
route, err = h.options.Chain.selectRouteFor(addr)
if err != nil {

4
ss.go

@ -164,7 +164,7 @@ func (h *shadowHandler) Handle(conn net.Conn) {
var cc net.Conn
var route *Chain
ip := getIP(conn)
ip := GetIP(conn)
for i := 0; i < retries; i++ {
route, err = h.options.Chain.selectRouteFor(host)
if err != nil {
@ -298,7 +298,7 @@ func (h *shadowUDPHandler) Handle(conn net.Conn) {
defer conn.Close()
var cc net.PacketConn
ip := getIP(conn)
ip := GetIP(conn)
c, err := h.options.Chain.DialContext(context.Background(), "udp", "", IPChainOption(ip))
if err != nil {
log.Logf("[ssu] %s: %s", conn.LocalAddr(), err)

5
totp.go

@ -14,13 +14,9 @@ func VerifyOTP(secret, pass string) bool {
now := time.Now().UTC().Unix()
skew := config.Auth.DynamicSkew
period := config.Auth.DynamicPeriod
for i := -skew; i <= skew; i++ {
t := (now / period) + int64(i)
code := generateTOTP(secret, t)
if code == pass {
return true
}
@ -51,7 +47,6 @@ func verifyOTP(secret, pass string) (bool, int64) {
now := time.Now().UTC().Unix()
skew := config.Auth.DynamicSkew
period := config.Auth.DynamicPeriod
for i := -skew; i <= skew; i++ {
counter := (now / period) + int64(i)
code := generateTOTP(secret, counter)

4
tuntap.go

@ -162,7 +162,7 @@ func (h *tunHandler) Handle(conn net.Conn) {
}
var tempDelay time.Duration
ip := getIP(conn)
ip := GetIP(conn)
for {
err := func() error {
var err error
@ -552,7 +552,7 @@ func (h *tapHandler) Handle(conn net.Conn) {
}
}
var tempDelay time.Duration
ip := getIP(conn)
ip := GetIP(conn)
for {
err := func() error {
var err error

Loading…
Cancel
Save