Browse Source

Merge pull request #134 from klondi/httpproxy

More SOCKS Proxy cleanups
pull/136/head
orignal 10 years ago
parent
commit
ac17f116be
  1. 307
      SOCKS.cpp
  2. 107
      SOCKS.h

307
SOCKS.cpp

@ -60,23 +60,19 @@ namespace proxy @@ -60,23 +60,19 @@ namespace proxy
void SOCKSHandler::SocksRequestFailed()
{
switch (m_socksv) {
case 4:
case SOCKS4:
LogPrint(eLogWarning,"--- SOCKS4 failed");
//TODO: send the right response
boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5b\x00\x00\x00\x00\x00\x00",8),
std::bind(&SOCKSHandler::SentSocksFailed, this, std::placeholders::_1));
break;
case 5:
assert(m_error <= 8);
case SOCKS5:
assert(m_error <= SOCKS5_ADDR_UNSUP);
LogPrint(eLogWarning,"--- SOCKS5 failed");
//TODO: use error properly and address type m_error
boost::asio::async_write(*m_sock, boost::asio::buffer(socks5Replies[m_error],10),
std::bind(&SOCKSHandler::SentSocksFailed, this, std::placeholders::_1));
break;
default:
LogPrint (eLogError,"--- SOCKS had invalid version");
Terminate();
break;
}
}
@ -84,24 +80,20 @@ namespace proxy @@ -84,24 +80,20 @@ namespace proxy
{
std::shared_ptr<std::vector<uint8_t>> response(new std::vector<uint8_t>);
switch (m_socksv) {
case 4:
case SOCKS4:
LogPrint(eLogInfo,"--- SOCKS4 connection success");
//TODO: send the right response
boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5a\x00\x00\x00\x00\x00\x00",8),
std::bind(&SOCKSHandler::SentSocksResponse, this,
std::placeholders::_1, nullptr));
break;
case 5:
case SOCKS5:
LogPrint(eLogInfo,"--- SOCKS5 connection success");
//TODO: send the right response using the port? and the localside i2p address
boost::asio::async_write(*m_sock, boost::asio::buffer("\x05\x00\x00\x01\x00\x00\x00\x00\x00\x00",10),
std::bind(&SOCKSHandler::SentSocksResponse, this,
std::placeholders::_1, response));
break;
default:
LogPrint (eLogError,"--- SOCKS had invalid version");
Terminate();
break;
}
}
@ -130,12 +122,10 @@ namespace proxy @@ -130,12 +122,10 @@ namespace proxy
switch (m_state) {
case GET_VERSION:
return HandleVersion(sock_buff);
case SOCKS4A:
return HandleSOCKS4A(sock_buff,len);
case SOCKS5_S1:
return HandleSOCKS5Step1(sock_buff,len);
case SOCKS5_S3:
return HandleSOCKS5Step3(sock_buff,len);
case SOCKS5_AUTHNEGO:
return HandleSOCKS5AuthNego(sock_buff,len);
case SOCKS_REQUEST:
return HandleSOCKSRequest(sock_buff,len);
default:
LogPrint(eLogError,"--- SOCKS state?? ", m_state);
Terminate();
@ -146,98 +136,24 @@ namespace proxy @@ -146,98 +136,24 @@ namespace proxy
std::size_t SOCKSHandler::HandleVersion(uint8_t *sock_buff)
{
switch (*sock_buff) {
case 4:
m_state = SOCKS4A; // Switch to the 4a handler
m_pstate = GET4A_COMMAND; //Initialize the parser at the right position
m_socksv = 4;
return 1;
case 5:
m_state = SOCKS5_S1; // Switch to the 4a handler
case SOCKS4:
m_state = SOCKS_REQUEST; // Switch to the 4 handler
m_pstate = GET_COMMAND; //Initialize the parser at the right position
break;
case SOCKS5:
m_state = SOCKS5_AUTHNEGO; // Switch to the 5 handler
m_pstate = GET5_AUTHNUM; //Initialize the parser at the right position
m_socksv = 5;
return 1;
break;
default:
LogPrint(eLogError,"--- SOCKS rejected invalid version", ((int)*sock_buff));
LogPrint(eLogError,"--- SOCKS rejected invalid version: ", ((int)*sock_buff));
Terminate();
return 0;
}
m_socksv = (SOCKSHandler::socksVersions) *sock_buff;
return 1;
}
std::size_t SOCKSHandler::HandleSOCKS4A(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
rv++;
switch (m_pstate)
{
case GET4A_COMMAND:
if ( *sock_buff != 1 ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS4a unsupported command", ((int)*sock_buff));
SocksRequestFailed();
return 0;
}
m_pstate = GET4A_PORT1;
break;
case GET4A_PORT1:
m_port = ((uint16_t)*sock_buff) << 8;
m_pstate = GET4A_PORT2;
break;
case GET4A_PORT2:
m_port |= ((uint16_t)*sock_buff);
m_pstate = GET4A_IP1;
break;
case GET4A_IP1:
m_ip = ((uint32_t)*sock_buff) << 24;
m_pstate = GET4A_IP2;
break;
case GET4A_IP2:
m_ip |= ((uint32_t)*sock_buff) << 16;
m_pstate = GET4A_IP3;
break;
case GET4A_IP3:
m_ip |= ((uint32_t)*sock_buff) << 8;
m_pstate = GET4A_IP4;
break;
case GET4A_IP4:
m_ip |= ((uint32_t)*sock_buff);
m_pstate = GET4A_IDENT;
if( m_ip == 0 || m_ip > 255 ) {
LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4");
SocksRequestFailed();
return 0;
}
break;
case GET4A_IDENT:
if (!*sock_buff)
m_pstate = GET4A_HOST;
break;
case GET4A_HOST:
if (!*sock_buff) {
m_pstate = DONE;
m_state = READY;
m_need_more = false;
return rv;
}
if (m_destination.size() > max_socks_hostname_size) {
LogPrint(eLogError,"--- SOCKS4a destination is too large ");
SocksRequestFailed();
return 0;
}
m_destination.push_back(*sock_buff);
break;
default:
LogPrint(eLogError,"--- SOCKS4a parse state?? ", m_pstate);
Terminate();
return 0;
}
sock_buff++;
len--;
}
return rv;
}
std::size_t SOCKSHandler::HandleSOCKS5Step1(uint8_t *sock_buff, std::size_t len)
std::size_t SOCKSHandler::HandleSOCKS5AuthNego(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
@ -250,17 +166,17 @@ namespace proxy @@ -250,17 +166,17 @@ namespace proxy
break;
case GET5_AUTH:
m_authleft --;
if (*sock_buff == 0)
m_authchosen = 0;
if (*sock_buff == AUTH_NONE)
m_authchosen = AUTH_NONE;
if ( m_authleft == 0 ) {
if (m_authchosen == 0xff) {
if (m_authchosen == AUTH_UNACCEPTABLE) {
//TODO: we maybe want support for other methods!
LogPrint(eLogError,"--- SOCKS5 couldn't negotiate authentication");
Socks5AuthNegoFailed();
return 0;
}
m_pstate = GET5_REQUESTV;
m_state = SOCKS5_S3;
m_state = SOCKS_REQUEST;
m_need_more = false;
Socks5ChooseAuth();
return rv;
@ -277,51 +193,144 @@ namespace proxy @@ -277,51 +193,144 @@ namespace proxy
return rv;
}
//TODO this may be merged with the SOCKS4a code
std::size_t SOCKSHandler::HandleSOCKS5Step3(uint8_t *sock_buff, std::size_t len)
bool SOCKSHandler::ValidateSOCKSRequest() {
if ( m_cmd != CMD_CONNECT ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS unsupported command: ", m_cmd);
m_error = SOCKS5_CMD_UNSUP;
SocksRequestFailed();
return false;
}
//TODO: we may want to support other address types!
if ( m_addrtype != ADDR_DNS ) {
switch (m_socksv) {
case SOCKS5:
LogPrint(eLogError,"--- SOCKS5 unsupported address type: ", m_addrtype);
m_error = SOCKS5_ADDR_UNSUP;
break;
case SOCKS4:
LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4");
break;
}
SocksRequestFailed();
return false;
}
//TODO: we may want to support other domains
if(m_addrtype == ADDR_DNS && m_destination.find(".i2p") == std::string::npos) {
LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_destination);
m_error = SOCKS5_ADDR_UNSUP;
SocksRequestFailed();
return false;
}
return true;
}
std::size_t SOCKSHandler::HandleSOCKSRequest(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
rv++;
switch (m_pstate)
{
case GET5_REQUESTV:
if (*sock_buff != 5) {
LogPrint(eLogError,"--- SOCKS rejected unknown request version", ((int)*sock_buff));
m_error = 0x7;
case GET_COMMAND:
switch (*sock_buff) {
case CMD_CONNECT:
case CMD_BIND:
break;
case CMD_UDP:
if (m_socksv == SOCKS5) break;
default:
LogPrint(eLogError,"--- SOCKS invalid command: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_cmd = (SOCKSHandler::cmdTypes)*sock_buff;
switch (m_socksv) {
case SOCKS5: m_pstate = GET5_GETRSV; break;
case SOCKS4: m_pstate = GET_PORT; m_addrleft = 2; break;
}
break;
case GET_PORT:
m_port = (m_port << 8)|((uint16_t)*sock_buff);
m_addrleft--;
if (m_addrleft == 0) {
switch (m_socksv) {
case SOCKS5: m_pstate = DONE; break;
case SOCKS4: m_pstate = GET_IPV4; m_addrleft = 4; break;
}
}
break;
case GET_IPV4:
m_ip = (m_ip << 8)|((uint32_t)*sock_buff);
m_addrleft--;
if (m_addrleft == 0) {
switch (m_socksv) {
case SOCKS5: m_pstate = GET_PORT; m_addrleft = 2; break;
case SOCKS4: m_pstate = GET4_IDENT; break;
}
}
break;
case GET4_IDENT:
if (!*sock_buff) {
if( m_ip == 0 || m_ip > 255 ) {
m_addrtype = ADDR_IPV4;
m_pstate = DONE;
} else {
m_addrtype = ADDR_DNS;
m_pstate = GET4A_HOST;
}
}
break;
case GET4A_HOST:
if (!*sock_buff) {
m_pstate = DONE;
break;
}
if (m_destination.size() > max_socks_hostname_size) {
LogPrint(eLogError,"--- SOCKS4a destination is too large");
SocksRequestFailed();
return 0;
}
m_pstate = GET5_COMMAND;
m_destination.push_back(*sock_buff);
break;
case GET5_COMMAND:
if ( *sock_buff != 1 ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS5 unsupported command", ((int)*sock_buff));
m_error = 0x7;
case GET5_REQUESTV:
if (*sock_buff != SOCKS5) {
LogPrint(eLogError,"--- SOCKS5 rejected unknown request version: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET5_GETRSV;
m_pstate = GET_COMMAND;
break;
case GET5_GETRSV:
if ( *sock_buff != 0 ) {
LogPrint(eLogError,"--- SOCKS5 unknown reserved field", ((int)*sock_buff));
m_error = 0x7;
LogPrint(eLogError,"--- SOCKS5 unknown reserved field: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET5_GETADDRTYPE;
break;
case GET5_GETADDRTYPE:
if ( *sock_buff != 0x3 ) {
//TODO: we may want to support other address types!
LogPrint(eLogError,"--- SOCKS5 unsupported address type", ((int)*sock_buff));
m_error = 0x8;
SocksRequestFailed();
return 0;
switch (*sock_buff) {
case ADDR_IPV4: m_pstate = GET_IPV4; m_addrleft = 4; break;
case ADDR_IPV6: m_pstate = GET5_IPV6; m_addrleft = 16; break;
case ADDR_DNS : m_pstate = GET5_HOST_SIZE; break;
default:
LogPrint(eLogError,"--- SOCKS5 unknown address type: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_addrtype = (SOCKSHandler::addrTypes)*sock_buff;
break;
case GET5_IPV6:
m_ipv6[16-m_addrleft] = *sock_buff;
m_addrleft--;
if (m_addrleft == 0) {
m_pstate = GET_PORT;
m_addrleft = 2;
}
m_pstate = GET5_HOST_SIZE;
break;
case GET5_HOST_SIZE:
m_addrleft = *sock_buff;
@ -330,25 +339,21 @@ namespace proxy @@ -330,25 +339,21 @@ namespace proxy
case GET5_HOST:
m_destination.push_back(*sock_buff);
m_addrleft--;
if (m_addrleft == 0)
m_pstate = GET5_PORT1;
break;
case GET5_PORT1:
m_port = ((uint16_t)*sock_buff) << 8;
m_pstate = GET5_PORT2;
break;
case GET5_PORT2:
m_port |= ((uint16_t)*sock_buff);
m_pstate = DONE;
m_state = READY;
m_need_more = false;
return rv;
if (m_addrleft == 0) {
m_pstate = GET_PORT;
m_addrleft = 2;
}
break;
default:
LogPrint(eLogError,"--- SOCKS5 parse state?? ", m_pstate);
LogPrint(eLogError,"--- SOCKS parse state?? ", m_pstate);
Terminate();
return 0;
}
if (m_pstate == DONE) {
m_state = READY;
m_need_more = false;
return (ValidateSOCKSRequest() ? rv : 0);
}
sock_buff++;
len--;
}
@ -378,21 +383,18 @@ namespace proxy @@ -378,21 +383,18 @@ namespace proxy
if (m_state == READY) {
LogPrint(eLogInfo,"--- SOCKS requested ", m_destination, ":" , m_port);
if (pos != len) {
LogPrint(eLogError,"--- SOCKS rejected because be can't handle extra data");
LogPrint(eLogError,"--- SOCKS rejected because we can't handle extra data");
SocksRequestFailed();
return ;
}
if(m_destination.find(".i2p") == std::string::npos) {
LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_destination);
SocksRequestFailed();
return;
}
m_parent->GetLocalDestination ()->CreateStream (
std::bind (&SOCKSHandler::HandleStreamRequestComplete,
this, std::placeholders::_1), m_destination, m_port);
} else if (m_need_more)
} else if (m_need_more) {
LogPrint (eLogDebug,"--- SOCKS Need more data");
AsyncSockRead();
}
}
void SOCKSHandler::SentSocksFailed(const boost::system::error_code & ecode)
@ -415,6 +417,7 @@ namespace proxy @@ -415,6 +417,7 @@ namespace proxy
m_parent->AddConnection (connection);
connection->I2PConnect ();
} else {
LogPrint (eLogDebug,"--- SOCKS Go to next state");
AsyncSockRead();
}
}
@ -431,7 +434,7 @@ namespace proxy @@ -431,7 +434,7 @@ namespace proxy
m_stream = stream;
SocksRequestSuccess();
} else {
m_error = 0x4;
m_error = SOCKS5_HOST_UNREACH;
LogPrint (eLogError,"--- SOCKS Issue when creating the stream, check the previous warnings for more info.");
SocksRequestFailed();
}

107
SOCKS.h

@ -21,62 +21,71 @@ namespace proxy @@ -21,62 +21,71 @@ namespace proxy
private:
enum state {
GET_VERSION,
SOCKS4A,
SOCKS5_S1, //Authentication negotiation
SOCKS5_S2, //Authentication
SOCKS5_S3, //Request
READY
GET_VERSION, // Get SOCKS version
SOCKS5_AUTHNEGO, //Authentication negotiation
SOCKS5_AUTH, //Authentication
SOCKS_REQUEST, //Request
READY // Ready to connect
};
enum parseState {
GET4A_COMMAND,
GET4A_PORT1,
GET4A_PORT2,
GET4A_IP1,
GET4A_IP2,
GET4A_IP3,
GET4A_IP4,
GET4A_IDENT,
GET_COMMAND,
GET_PORT,
GET_IPV4,
GET4_IDENT,
GET4A_HOST,
GET5_AUTHNUM,
GET5_AUTH,
GET5_REQUESTV,
GET5_COMMAND,
GET5_GETRSV,
GET5_GETADDRTYPE,
GET5_IPV4_1,
GET5_IPV4_2,
GET5_IPV4_3,
GET5_IPV4_4,
GET5_IPV6_1,
GET5_IPV6_2,
GET5_IPV6_3,
GET5_IPV6_4,
GET5_IPV6_5,
GET5_IPV6_6,
GET5_IPV6_7,
GET5_IPV6_8,
GET5_IPV6_9,
GET5_IPV6_10,
GET5_IPV6_11,
GET5_IPV6_12,
GET5_IPV6_13,
GET5_IPV6_14,
GET5_IPV6_15,
GET5_IPV6_16,
GET5_IPV6,
GET5_HOST_SIZE,
GET5_HOST,
GET5_PORT1,
GET5_PORT2,
DONE
};
enum authMethods {
AUTH_NONE = 0, //No authentication, skip to next step
AUTH_GSSAPI = 1, //GSSAPI authentication
AUTH_USERPASSWD = 2, //Username and password
AUTH_UNACCEPTABLE = 0xff //No acceptable method found
};
enum addrTypes {
ADDR_IPV4 = 1, //IPv4 address (4 octets)
ADDR_DNS = 3, // DNS name (up to 255 octets)
ADDR_IPV6 = 4 //IPV6 address (16 octets)
};
enum errTypes {
SOCKS5_OK = 0, // No error for SOCKS5
SOCKS5_GEN_FAIL = 1, // General server failure
SOCKS5_RULE_DENIED = 2, // Connection disallowed by ruleset
SOCKS5_NET_UNREACH = 3, // Network unreachable
SOCKS5_HOST_UNREACH = 4, // Host unreachable
SOCKS5_CONN_REFUSED = 5, // Connection refused by the peer
SOCKS5_TTL_EXPIRED = 6, // TTL Expired
SOCKS5_CMD_UNSUP = 7, // Command unsuported
SOCKS5_ADDR_UNSUP = 8, // Address type unsuported
SOCKS4_OK = 90, // No error for SOCKS4
SOCKS4_FAIL = 91, // Failed establishing connecting or not allowed
SOCKS4_IDENTD_MISSING = 92, // Couldn't connect to the identd server
SOCKS4_IDENTD_DIFFER = 93 // The ID reported by the application and by identd differ
};
enum cmdTypes {
CMD_CONNECT = 1, // TCP Connect
CMD_BIND = 2, // TCP Bind
CMD_UDP = 3 // UDP associate
};
enum socksVersions {
SOCKS4 = 4, // SOCKS4
SOCKS5 = 5 // SOCKS5
};
void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port);
std::size_t HandleData(uint8_t *sock_buff, std::size_t len);
std::size_t HandleVersion(uint8_t *sock_buff);
std::size_t HandleSOCKS4A(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5Step1(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5Step3(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5AuthNego(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKSRequest(uint8_t *sock_buff, std::size_t len);
bool ValidateSOCKSRequest();
void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
void Terminate();
void CloseSock();
@ -92,7 +101,6 @@ namespace proxy @@ -92,7 +101,6 @@ namespace proxy
void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
uint8_t m_sock_buff[socks_buffer_size];
SOCKSServer * m_parent;
boost::asio::ip::tcp::socket * m_sock;
std::shared_ptr<i2p::stream::Stream> m_stream;
@ -101,22 +109,23 @@ namespace proxy @@ -101,22 +109,23 @@ namespace proxy
uint8_t m_command;
uint16_t m_port;
uint32_t m_ip;
uint8_t m_ipv6[16];
std::string m_destination;
uint8_t m_authleft; //Authentication methods left
//TODO: this will probably be more elegant as enums
uint8_t m_authchosen; //Authentication chosen
uint8_t m_addrtype; //Address type chosen
uint8_t m_addrleft; //Address type chosen
uint8_t m_error; //Address type chosen
uint8_t m_socksv; //Address type chosen
bool m_need_more; //Address type chosen
authMethods m_authchosen; //Authentication chosen
addrTypes m_addrtype; //Address type chosen
uint8_t m_addrleft; //Octets of DNS address left
errTypes m_error; //Error cause
socksVersions m_socksv; //Socks version
cmdTypes m_cmd; // Command requested
bool m_need_more; //The parser still needs to receive more data
public:
SOCKSHandler(SOCKSServer * parent, boost::asio::ip::tcp::socket * sock) :
m_parent(parent), m_sock(sock), m_stream(nullptr), m_state(GET_VERSION),
m_authchosen(0xff), m_addrtype(0x01), m_error(0x01)
m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4), m_error(SOCKS5_GEN_FAIL)
{ AsyncSockRead(); m_destination.reserve(max_socks_hostname_size+1); }
~SOCKSHandler() { CloseSock(); CloseStream(); }
};

Loading…
Cancel
Save