cy/goproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add secure IP check for socks udp

Browse Source
This commit is contained in:
arraykeys@gmail.com
2018-07-09 16:32:04 +08:00
parent 3c070a7da3
commit 04ef338807
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
services/sps/socksudp.go
View File

@ -55,6 +55,7 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
utils.CloseConn(inConn) utils.CloseConn(inConn)
return return
} }
srcIP, _, _ := net.SplitHostPort((*inConn).RemoteAddr().String())
inconnRemoteAddr := (*inConn).RemoteAddr().String() inconnRemoteAddr := (*inConn).RemoteAddr().String()
localAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0} localAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
udpListener := serverConn.UDPConnListener udpListener := serverConn.UDPConnListener
@ -137,8 +138,6 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
}) })
} }
//client := socks.NewClientConn(&outconn, "udp", serverConn.Target(), time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
s.log.Printf("connect %s for udp", serverConn.Target()) s.log.Printf("connect %s for udp", serverConn.Target())
//socks client //socks client
var client *socks.ClientConn var client *socks.ClientConn
@ -182,9 +181,9 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
//s.log.Printf("parent udp address %s", client.UDPAddr) //s.log.Printf("parent udp address %s", client.UDPAddr)
destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr) destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
//relay //relay
buf := utils.LeakyBuffer.Get()
defer utils.LeakyBuffer.Put(buf)
for { for {
buf := utils.LeakyBuffer.Get()
defer utils.LeakyBuffer.Put(buf)
n, srcAddr, err := udpListener.ReadFromUDP(buf) n, srcAddr, err := udpListener.ReadFromUDP(buf)
if err != nil { if err != nil {
s.log.Printf("udp listener read fail, %s", err.Error()) s.log.Printf("udp listener read fail, %s", err.Error())
@ -193,6 +192,11 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
} }
continue continue
} }
srcIP0, _, _ := net.SplitHostPort(srcAddr.String())
//IP not match drop it
if srcIP != srcIP0 {
continue
}
p := socks.NewPacketUDP() p := socks.NewPacketUDP()
//convert data to raw //convert data to raw
if len(s.udpLocalKey) > 0 { if len(s.udpLocalKey) > 0 {
@ -204,7 +208,6 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
} else { } else {
err = p.Parse(buf[:n]) err = p.Parse(buf[:n])
} }
//err = p.Parse(buf[:n])
if err != nil { if err != nil {
s.log.Printf("udp listener parse packet fail, %s", err.Error()) s.log.Printf("udp listener parse packet fail, %s", err.Error())
continue continue
@ -233,7 +236,9 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
buf := utils.LeakyBuffer.Get() buf := utils.LeakyBuffer.Get()
defer utils.LeakyBuffer.Put(buf) defer utils.LeakyBuffer.Put(buf)
for { for {
outUDPConn.SetReadDeadline(time.Now().Add(time.Second * 5))
n, err := outUDPConn.Read(buf) n, err := outUDPConn.Read(buf)
outUDPConn.SetReadDeadline(time.Time{})
if err != nil { if err != nil {
s.log.Printf("read out udp data fail , %s , from : %s", err, srcAddr) s.log.Printf("read out udp data fail , %s , from : %s", err, srcAddr)
if isClosedErr(err) { if isClosedErr(err) {
@ -241,7 +246,6 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
} }
continue continue
} }
//var dlen = n //var dlen = n
//forward to local //forward to local
var v []byte var v []byte

2
utils/cert/cert.go
View File

@ -73,7 +73,7 @@ func CreateSignCert(rootCa *x509.Certificate, rootKey *rsa.PrivateKey, domainOrI
buf := x509.MarshalPKCS1PrivateKey(priKey) buf := x509.MarshalPKCS1PrivateKey(priKey)
keyPem := &pem.Block{ keyPem := &pem.Block{
Type: "PRIVATE KEY", Type: "RSA PRIVATE KEY",
Bytes: buf, Bytes: buf,
} }
keyBytes = pem.EncodeToMemory(keyPem) keyBytes = pem.EncodeToMemory(keyPem)