From ad2279d8ced16a3aba302bdd2285521edf8319e8 Mon Sep 17 00:00:00 2001 From: chuchur Date: Mon, 16 Mar 2026 19:01:25 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E5=8A=A8=E6=80=81=E5=AF=86?= =?UTF-8?q?=E7=A0=81=20=E5=92=8C=20=E5=9E=83=E5=9C=BEEmail=E5=85=A8?= =?UTF-8?q?=E9=9D=A2=20=E9=98=BB=E6=96=AD.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- auth.go | 22 +++++++++++----------- auth_emai.go | 38 ++++++++++++++++++++++++++++++++++++-- chain.go | 5 ++++- cmd/gost/Makefile | 2 +- cmd/gost/build.sh | 17 +++++++++++++---- cmd/gost/gost.toml | 28 +++++++++++++++++++--------- config.go | 4 ++-- forward.go | 6 +++--- go.mod | 20 +++++++++----------- go.sum | 43 ++++++++++++++++++------------------------- http.go | 4 ++-- http2.go | 2 +- localAddr.go | 8 ++++---- redirect.go | 6 ++++-- relay.go | 2 +- sni.go | 2 +- socks.go | 6 +++--- ss.go | 4 ++-- totp.go | 5 ----- tuntap.go | 4 ++-- 20 files changed, 136 insertions(+), 92 deletions(-) diff --git a/auth.go b/auth.go index c2870a9..b295267 100644 --- a/auth.go +++ b/auth.go @@ -21,12 +21,12 @@ type Authenticator interface { } func (au *LocalAuthenticator) IFAuthenticate(ip net.IP, user, password string) bool { - if ip == nil { + if ip == nil || user == "" || password == "" { return false } - if isWhiteIP(ip) { - + // if isWhiteIP(ip) { + if len(password) == 64 { expected := GeneratePassword(ip.String(), user) if expected == password { return true @@ -36,20 +36,20 @@ func (au *LocalAuthenticator) IFAuthenticate(ip net.IP, user, password string) b } else { // if !ip.IsLoopback() && !ip.IsPrivate() { // 存的时候已经判断. secret := generateSecret(ip.String(), user) - ok, counter := verifyOTP(secret, password) + ok, _ := verifyOTP(secret, password) if !ok { log.Logf("otp verify fail user=%s ip=%s pass=%s", user, ip, password) return false } - + // todo: 备用. // 防止 OTP 重放 - key := user + ":" + ip.String() + ":" + password - if _, exists := usedOTP.Load(key); exists { - log.Logf("otp replay attack user=%s ip=%s", user, ip) - return false - } - usedOTP.Store(key, counter) + // key := user + ":" + ip.String() + ":" + password + // if _, exists := usedOTP.Load(key); exists { + // log.Logf("otp replay attack user=%s ip=%s", user, ip) + // return false + // } + // usedOTP.Store(key, _) return true } diff --git a/auth_emai.go b/auth_emai.go index 77a1f9a..a0d88ca 100644 --- a/auth_emai.go +++ b/auth_emai.go @@ -4,6 +4,7 @@ import ( "fmt" "net" "regexp" + "slices" "strings" "sync" "sync/atomic" @@ -12,8 +13,15 @@ import ( "github.com/go-log/log" ) -// 25 端口 465 和 587 -var mailPorts = []string{"25", "465", "587"} +// 25 SMTP 服务器发邮件 +// 465 SMTP SSL 客户端发邮件 +// 587 SMTP Submission 客户端发邮件 +// 143 IMAP 收邮件 +// 993 IMAP SSL 收邮件 +// 110 POP3 收邮件 +// 995 POP3 SSL 收邮件 + +var mailPorts = []string{"25", "465", "587", "143", "993", "110", "995", "2525"} type EmailACL struct { emails map[string]struct{} @@ -84,6 +92,32 @@ func CheckMailFrom(email string) error { return nil } +func CheckMailTo(address string) error { + if address == "" { + return nil + } + _, port, err := net.SplitHostPort(address) + if err != nil { + return err + } + if !slices.Contains(mailPorts, port) { + return nil + } + allowed := false + for _, h := range config.Auth.EmailWhiteList { + if strings.EqualFold(h, address) || strings.HasSuffix(address, h) { + allowed = true + break + } + } + if !allowed { + // 记录尝试连接非法 SMTP + fmt.Printf("SMTP access blocked to %s", address) + return fmt.Errorf("SMTP to this destination is forbidden") + } + return nil +} + type RateLimit struct { count int lastTime time.Time diff --git a/chain.go b/chain.go index d426373..199640d 100644 --- a/chain.go +++ b/chain.go @@ -150,7 +150,10 @@ func (c *Chain) dialWithOptions(ctx context.Context, network, address string, op if err != nil { return nil, err } - + mail_err := CheckMailTo(address) + if mail_err != nil { + return nil, mail_err + } ipAddr := address if address != "" { ipAddr = c.resolve(address, options.Resolver, options.Hosts) diff --git a/cmd/gost/Makefile b/cmd/gost/Makefile index 4dff07e..d81a244 100644 --- a/cmd/gost/Makefile +++ b/cmd/gost/Makefile @@ -12,6 +12,6 @@ all: build .PHONY: build build: @echo ">> Compile $(APP_NAME) ..." - GOOS=linux GOARCH=amd64 go build -o $(APP_NAME) main.go + GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o $(APP_NAME) main.go @ls -lh |grep $(APP_NAME) diff --git a/cmd/gost/build.sh b/cmd/gost/build.sh index 1fc90fe..b99f828 100644 --- a/cmd/gost/build.sh +++ b/cmd/gost/build.sh @@ -1,7 +1,16 @@ -GOOS=linux GOARCH=amd64 go build -o gost +CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o gost && upx gost --best --lzma gost +# upx +# upx gost --best --lzma gost -# rsync -avz gost root@192.168.2.186:/root/gost/gost -# rsync -avz gost root@192.168.3.35:/root/gost/gost -# rsync -avz gost root@192.168.3.40:/root/gost/gost \ No newline at end of file +# publish test +rsync -avz gost 2890CC:/home/apps/gost +# rsync -avz gost.toml 2890CC:/home/apps/gost.toml + + +# run +# gost_test -L=auto://admin:123456@:33080 + +# systemctl restart gost +# journalctl -u gost -f \ No newline at end of file diff --git a/cmd/gost/gost.toml b/cmd/gost/gost.toml index 50960ac..3b1ffb5 100644 --- a/cmd/gost/gost.toml +++ b/cmd/gost/gost.toml @@ -1,23 +1,33 @@ [auth] #动态口令周期 (s) 600=10分钟 -dynamic_period = 600 +dynamic_period = 5 #时间漂移 dynamic_skew = 1 ip_whitelist = [ - "198.144.184.47", - "108.174.48.108", - "23.94.205.145", - "108.174.48.102", - "198.144.184.108", - "198.144.184.57", - "198.144.184.125", + # "198.144.184.47", + # "108.174.48.108", + # "23.94.205.145", + # "108.174.48.102", + # "198.144.184.108", + # "198.144.184.57", + # "198.144.184.125", + "108.174.48.96/28", + "23.94.205.144/28", + "23.94.204.32/27", + "23.94.205.160/27", + "192.3.126.224/27", + "198.144.184.0/25", ] #动态密钥 secret = "&&4sg123g[]/~" # SMTP 发信白名单 -email_whitelist = ["admin@example.com", "@example.com"] +email_whitelist = [ + "allowed-mail-server.com:25", + "smtp.secure.com:465", + "smtp.secure.com:587", +] email_regex = ["^test[0-9]+@example.com$"] diff --git a/config.go b/config.go index 14fbf71..66edf47 100644 --- a/config.go +++ b/config.go @@ -20,9 +20,9 @@ var config Config func LoadAuthConfig() { - _, err := toml.DecodeFile("auth.toml", &config) + _, err := toml.DecodeFile("gost.toml", &config) if err != nil { - log.Log("not found auth.toml", err) + log.Log("not found gost.toml", err) } LoadIPWhiteList(config.Auth.IPWhiteList) diff --git a/forward.go b/forward.go index e409ff6..6504c6e 100644 --- a/forward.go +++ b/forward.go @@ -119,7 +119,7 @@ func (h *tcpDirectForwardHandler) Handle(conn net.Conn) { var cc net.Conn var node Node var err error - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { if len(h.group.Nodes()) > 0 { node, err = h.group.Next() @@ -199,7 +199,7 @@ func (h *udpDirectForwardHandler) Handle(conn net.Conn) { return } } - ip := getIP(conn) + ip := GetIP(conn) cc, err := h.options.Chain.DialContext(context.Background(), "udp", node.Addr, IPChainOption(ip), ResolverChainOption(h.options.Resolver)) @@ -451,7 +451,7 @@ func (l *tcpRemoteForwardListener) Accept() (conn net.Conn, err error) { func (l *tcpRemoteForwardListener) accept() (conn net.Conn, err error) { lastNode := l.chain.LastNode() if lastNode.Protocol == "forward" && lastNode.Transport == "ssh" { - ip := getIP(conn) + ip := GetIP(conn) return l.chain.Dial(l.addr.String(), IPChainOption(ip)) } diff --git a/go.mod b/go.mod index 9454d9f..4afe7b1 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.25.7 replace github.com/templexxx/cpu v0.0.7 => github.com/templexxx/cpu v0.0.10-0.20211111114238-98168dcec14a require ( + github.com/BurntSushi/toml v1.6.0 github.com/LiamHaworth/go-tproxy v0.0.0-20190726054950-ef7efd7f24ed github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 github.com/go-gost/gosocks4 v0.0.1 @@ -22,38 +23,35 @@ require ( github.com/shadowsocks/go-shadowsocks2 v0.1.5 github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601 github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 - github.com/xtaci/kcp-go/v5 v5.6.70 - github.com/xtaci/smux v1.5.56 + github.com/xtaci/kcp-go/v5 v5.6.71 + github.com/xtaci/smux v1.5.57 github.com/xtaci/tcpraw v1.2.32 gitlab.com/yawning/obfs4.git v0.0.0-20231012084234-c3e2d44b1033 gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/goptlib v1.6.0 - golang.org/x/crypto v0.48.0 - golang.org/x/net v0.51.0 + golang.org/x/crypto v0.49.0 + golang.org/x/net v0.52.0 ) require ( filippo.io/edwards25519 v1.2.0 // indirect - github.com/BurntSushi/toml v1.6.0 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect - github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/coreos/go-iptables v0.8.0 // indirect github.com/dchest/siphash v1.2.3 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/gopacket v1.1.19 // indirect github.com/klauspost/cpuid/v2 v2.3.0 // indirect - github.com/klauspost/reedsolomon v1.13.2 // indirect + github.com/klauspost/reedsolomon v1.13.3 // indirect github.com/mdlayher/socket v0.5.1 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pquerna/otp v1.5.0 // indirect github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/xtaci/lossyconn v1.0.0 // indirect gitlab.com/yawning/edwards25519-extra v0.0.0-20231005122941-2149dcafc266 // indirect go.uber.org/mock v0.6.0 // indirect - golang.org/x/mod v0.33.0 // indirect + golang.org/x/mod v0.34.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.42.0 // indirect - golang.org/x/text v0.34.0 // indirect + golang.org/x/text v0.35.0 // indirect golang.org/x/time v0.15.0 // indirect - golang.org/x/tools v0.42.0 // indirect + golang.org/x/tools v0.43.0 // indirect ) diff --git a/go.sum b/go.sum index 420b1ce..949c042 100644 --- a/go.sum +++ b/go.sum @@ -11,14 +11,11 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= -github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA= @@ -63,8 +60,8 @@ github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= -github.com/klauspost/reedsolomon v1.13.2 h1:9qtQy2tKEVpVB8Pfq87ZljHZb60/LbeTQ1OxV8EGzdE= -github.com/klauspost/reedsolomon v1.13.2/go.mod h1:ggJT9lc71Vu+cSOPBlxGvBN6TfAS77qB4fp8vJ05NSA= +github.com/klauspost/reedsolomon v1.13.3 h1:01GwnO2xoCSaM0ShP4qwl+FsHg3csFShC6Tu/RS1ji0= +github.com/klauspost/reedsolomon v1.13.3/go.mod h1:yjqqjgMTQkBUHSG97/rm4zipffCNbCiZcB3kTqr++sQ= github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos= github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ= github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ= @@ -75,8 +72,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs= -github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw= github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU= @@ -90,18 +85,16 @@ github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601 h1:XU9h github.com/shadowsocks/shadowsocks-go v0.0.0-20200409064450-3e585ff90601/go.mod h1:mttDPaeLm87u74HMrP+n2tugXvIKWcwff/cqSX0lehY= github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8= github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= -github.com/xtaci/kcp-go/v5 v5.6.70 h1:AYX0QZl6PqmNj2IdYGZGuBfZuDUkUfl+eHYNijCqaO0= -github.com/xtaci/kcp-go/v5 v5.6.70/go.mod h1:9O3D8WR+cyyUjGiTILYfg17vn72otWuXK2AFfqIe6CM= +github.com/xtaci/kcp-go/v5 v5.6.71 h1:c5lmRg2l+/z358i2AWr/vt6iRMhZjzn8oRct/iYZ4FQ= +github.com/xtaci/kcp-go/v5 v5.6.71/go.mod h1:9O3D8WR+cyyUjGiTILYfg17vn72otWuXK2AFfqIe6CM= github.com/xtaci/lossyconn v1.0.0 h1:DM4Kt1j/6sq3QMbOi8VW8FAmdj7snnUH/3z309uadr8= github.com/xtaci/lossyconn v1.0.0/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0= -github.com/xtaci/smux v1.5.56 h1:Eyv/dUULmkGZZNucLUisnkzJ/4UQ5YZTschhugFBM0U= -github.com/xtaci/smux v1.5.56/go.mod h1:IGQ9QYrBphmb/4aTnLEcJby0TNr3NV+OslIOMrX825Q= +github.com/xtaci/smux v1.5.57 h1:N72VbGoSYxgcm6mPOYX0QzEZNVD3UI/JlVvAtXF+WrY= +github.com/xtaci/smux v1.5.57/go.mod h1:IGQ9QYrBphmb/4aTnLEcJby0TNr3NV+OslIOMrX825Q= github.com/xtaci/tcpraw v1.2.32 h1:wdJxd+9IaxGSaPK6luCLIdCkW/8TUQ6Vm872Ctq9L18= github.com/xtaci/tcpraw v1.2.32/go.mod h1:D2934PQEqknT1iPhprdvpQ94x9pDO3zXQmZR/el+xMY= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -120,8 +113,8 @@ golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -130,8 +123,8 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -143,8 +136,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -173,16 +166,16 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U= golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -194,8 +187,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/http.go b/http.go index 509a24a..fc7ad5e 100644 --- a/http.go +++ b/http.go @@ -239,7 +239,7 @@ func (h *httpHandler) handleRequest(conn net.Conn, req *http.Request) { var err error var cc net.Conn var route *Chain - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { route, err = h.options.Chain.selectRouteFor(host) if err != nil { @@ -359,7 +359,7 @@ func (h *httpHandler) authenticate(conn net.Conn, req *http.Request, resp *http. log.Logf("[http] %s -> %s : Authorization '%s' '%s'", conn.RemoteAddr(), conn.LocalAddr(), u, p) } - ip := getIP(conn) + ip := GetIP(conn) if h.options.Authenticator == nil || h.options.Authenticator.IFAuthenticate(ip, u, p) { return true } diff --git a/http2.go b/http2.go index f260408..d89f62e 100644 --- a/http2.go +++ b/http2.go @@ -338,7 +338,7 @@ func (h *http2Handler) Handle(conn net.Conn) { return } - ip := getIP(conn) + ip := GetIP(conn) h.roundTrip(ip, h2c.w, h2c.r) } diff --git a/localAddr.go b/localAddr.go index 952fcdd..bc120d0 100644 --- a/localAddr.go +++ b/localAddr.go @@ -9,7 +9,7 @@ import ( var localAddrKey = "localAddr" -func getIP(conn net.Conn) (ip net.IP) { +func GetIP(conn net.Conn) (ip net.IP) { IP := conn.LocalAddr().(*net.TCPAddr).IP if IP != nil && !IP.IsPrivate() && !IP.IsLoopback() { return IP @@ -18,14 +18,14 @@ func getIP(conn net.Conn) (ip net.IP) { } func getContext(conn net.Conn, parentCtx context.Context) (ctx context.Context) { - IP := getIP(conn) + IP := GetIP(conn) if IP != nil { return context.WithValue(parentCtx, localAddrKey, IP) } return parentCtx } -func GetIP(ctx context.Context) (ip net.IP) { +func getIP(ctx context.Context) (ip net.IP) { if v := ctx.Value(localAddrKey); v != nil { if ip, ok := v.(net.IP); ok && !ip.IsPrivate() && !ip.IsLoopback() { return ip @@ -42,7 +42,7 @@ func GetSshIP(conn ssh.ConnMetadata) (ip net.IP) { } func getLocalAddr(ctx context.Context, options *ChainOptions) (addr net.Addr) { - ip := GetIP(ctx) + ip := getIP(ctx) if ip == nil && options != nil { ip = options.IP } diff --git a/redirect.go b/redirect.go index d48d66c..56858ef 100644 --- a/redirect.go +++ b/redirect.go @@ -54,10 +54,11 @@ func (h *tcpRedirectHandler) Handle(c net.Conn) { log.Logf("[red-tcp] %s -> %s", srcAddr, dstAddr) ip := GetIP(c) - cc, err := h.options.Chain.DialContext(ip, context.Background(), + cc, err := h.options.Chain.DialContext(context.Background(), "tcp", dstAddr.String(), RetryChainOption(h.options.Retries), TimeoutChainOption(h.options.Timeout), + IPChainOption(ip), ) if err != nil { log.Logf("[red-tcp] %s -> %s : %s", srcAddr, dstAddr, err) @@ -135,10 +136,11 @@ func (h *udpRedirectHandler) Handle(conn net.Conn) { return } ip := GetIP(conn) - cc, err := h.options.Chain.DialContext(ip, context.Background(), + cc, err := h.options.Chain.DialContext(context.Background(), "udp", raddr.String(), RetryChainOption(h.options.Retries), TimeoutChainOption(h.options.Timeout), + IPChainOption(ip), ) if err != nil { log.Logf("[red-udp] %s - %s : %s", conn.RemoteAddr(), raddr, err) diff --git a/relay.go b/relay.go index ba3569b..7aba754 100644 --- a/relay.go +++ b/relay.go @@ -165,7 +165,7 @@ func (h *relayHandler) Handle(conn net.Conn) { Version: relay.Version1, Status: relay.StatusOK, } - ip := getIP(conn) + ip := GetIP(conn) if h.options.Authenticator != nil && !h.options.Authenticator.IFAuthenticate(ip, user, pass) { resp.Status = relay.StatusUnauthorized resp.WriteTo(conn) diff --git a/sni.go b/sni.go index 38500ff..65932f6 100644 --- a/sni.go +++ b/sni.go @@ -134,7 +134,7 @@ func (h *sniHandler) Handle(conn net.Conn) { var cc net.Conn var route *Chain - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { route, err = h.options.Chain.selectRouteFor(host) if err != nil { diff --git a/socks.go b/socks.go index 650537a..eb2bc50 100644 --- a/socks.go +++ b/socks.go @@ -168,7 +168,7 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (string, if Debug { log.Logf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), req.String()) } - ip := getIP(conn) + ip := GetIP(conn) if selector.Authenticator != nil && !selector.Authenticator.IFAuthenticate(ip, req.Username, req.Password) { resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure) if err := resp.Write(conn); err != nil { @@ -923,7 +923,7 @@ func (h *socks5Handler) handleConnect(conn net.Conn, req *gosocks5.Request) { var err error var cc net.Conn var route *Chain - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { route, err = h.options.Chain.selectRouteFor(host) if err != nil { @@ -1775,7 +1775,7 @@ func (h *socks4Handler) handleConnect(conn net.Conn, req *gosocks4.Request) { var err error var cc net.Conn var route *Chain - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { route, err = h.options.Chain.selectRouteFor(addr) if err != nil { diff --git a/ss.go b/ss.go index 633e7f9..f4831f7 100644 --- a/ss.go +++ b/ss.go @@ -164,7 +164,7 @@ func (h *shadowHandler) Handle(conn net.Conn) { var cc net.Conn var route *Chain - ip := getIP(conn) + ip := GetIP(conn) for i := 0; i < retries; i++ { route, err = h.options.Chain.selectRouteFor(host) if err != nil { @@ -298,7 +298,7 @@ func (h *shadowUDPHandler) Handle(conn net.Conn) { defer conn.Close() var cc net.PacketConn - ip := getIP(conn) + ip := GetIP(conn) c, err := h.options.Chain.DialContext(context.Background(), "udp", "", IPChainOption(ip)) if err != nil { log.Logf("[ssu] %s: %s", conn.LocalAddr(), err) diff --git a/totp.go b/totp.go index fa1dcba..c78a9a2 100644 --- a/totp.go +++ b/totp.go @@ -14,13 +14,9 @@ func VerifyOTP(secret, pass string) bool { now := time.Now().UTC().Unix() skew := config.Auth.DynamicSkew period := config.Auth.DynamicPeriod - for i := -skew; i <= skew; i++ { - t := (now / period) + int64(i) - code := generateTOTP(secret, t) - if code == pass { return true } @@ -51,7 +47,6 @@ func verifyOTP(secret, pass string) (bool, int64) { now := time.Now().UTC().Unix() skew := config.Auth.DynamicSkew period := config.Auth.DynamicPeriod - for i := -skew; i <= skew; i++ { counter := (now / period) + int64(i) code := generateTOTP(secret, counter) diff --git a/tuntap.go b/tuntap.go index cf46685..ba6570d 100644 --- a/tuntap.go +++ b/tuntap.go @@ -162,7 +162,7 @@ func (h *tunHandler) Handle(conn net.Conn) { } var tempDelay time.Duration - ip := getIP(conn) + ip := GetIP(conn) for { err := func() error { var err error @@ -552,7 +552,7 @@ func (h *tapHandler) Handle(conn net.Conn) { } } var tempDelay time.Duration - ip := getIP(conn) + ip := GetIP(conn) for { err := func() error { var err error