PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Merge pull request #134 from klondi/httpproxy 

More SOCKS Proxy cleanups
pull/136/head
orignal 10 years ago
parent
ecf709cbba 225aa7fa6a
commit
ac17f116be
2 changed files with 213 additions and 201 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 301
      SOCKS.cpp
  2. 107
      SOCKS.h

301
SOCKS.cpp
Unescape View File

@ -60,23 +60,19 @@ namespace proxy @@ -60,23 +60,19 @@ namespace proxy
void SOCKSHandler::SocksRequestFailed()
{
switch (m_socksv) {
case 4:
case SOCKS4:
LogPrint(eLogWarning,"--- SOCKS4 failed");
//TODO: send the right response
boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5b\x00\x00\x00\x00\x00\x00",8),
std::bind(&SOCKSHandler::SentSocksFailed, this, std::placeholders::_1));
break;
case 5:
assert(m_error <= 8);
case SOCKS5:
assert(m_error <= SOCKS5_ADDR_UNSUP);
LogPrint(eLogWarning,"--- SOCKS5 failed");
//TODO: use error properly and address type m_error
boost::asio::async_write(*m_sock, boost::asio::buffer(socks5Replies[m_error],10),
std::bind(&SOCKSHandler::SentSocksFailed, this, std::placeholders::_1));
break;
default:
LogPrint (eLogError,"--- SOCKS had invalid version");
Terminate();
break;
}
}
@ -84,24 +80,20 @@ namespace proxy @@ -84,24 +80,20 @@ namespace proxy
{
std::shared_ptr<std::vector<uint8_t>> response(new std::vector<uint8_t>);
switch (m_socksv) {
case 4:
case SOCKS4:
LogPrint(eLogInfo,"--- SOCKS4 connection success");
//TODO: send the right response
boost::asio::async_write(*m_sock, boost::asio::buffer("\x00\x5a\x00\x00\x00\x00\x00\x00",8),
std::bind(&SOCKSHandler::SentSocksResponse, this,
std::placeholders::_1, nullptr));
break;
case 5:
case SOCKS5:
LogPrint(eLogInfo,"--- SOCKS5 connection success");
//TODO: send the right response using the port? and the localside i2p address
boost::asio::async_write(*m_sock, boost::asio::buffer("\x05\x00\x00\x01\x00\x00\x00\x00\x00\x00",10),
std::bind(&SOCKSHandler::SentSocksResponse, this,
std::placeholders::_1, response));
break;
default:
LogPrint (eLogError,"--- SOCKS had invalid version");
Terminate();
break;
}
}
@ -130,12 +122,10 @@ namespace proxy @@ -130,12 +122,10 @@ namespace proxy
switch (m_state) {
case GET_VERSION:
return HandleVersion(sock_buff);
case SOCKS4A:
return HandleSOCKS4A(sock_buff,len);
case SOCKS5_S1:
return HandleSOCKS5Step1(sock_buff,len);
case SOCKS5_S3:
return HandleSOCKS5Step3(sock_buff,len);
case SOCKS5_AUTHNEGO:
return HandleSOCKS5AuthNego(sock_buff,len);
case SOCKS_REQUEST:
return HandleSOCKSRequest(sock_buff,len);
default:
LogPrint(eLogError,"--- SOCKS state?? ", m_state);
Terminate();
@ -146,98 +136,24 @@ namespace proxy @@ -146,98 +136,24 @@ namespace proxy
std::size_t SOCKSHandler::HandleVersion(uint8_t *sock_buff)
{
switch (*sock_buff) {
case 4:
m_state = SOCKS4A; // Switch to the 4a handler
m_pstate = GET4A_COMMAND; //Initialize the parser at the right position
m_socksv = 4;
return 1;
case 5:
m_state = SOCKS5_S1; // Switch to the 4a handler
m_pstate = GET5_AUTHNUM; //Initialize the parser at the right position
m_socksv = 5;
return 1;
default:
LogPrint(eLogError,"--- SOCKS rejected invalid version", ((int)*sock_buff));
Terminate();
return 0;
}
}
std::size_t SOCKSHandler::HandleSOCKS4A(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
rv++;
switch (m_pstate)
{
case GET4A_COMMAND:
if ( *sock_buff != 1 ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS4a unsupported command", ((int)*sock_buff));
SocksRequestFailed();
return 0;
}
m_pstate = GET4A_PORT1;
break;
case GET4A_PORT1:
m_port = ((uint16_t)*sock_buff) << 8;
m_pstate = GET4A_PORT2;
break;
case GET4A_PORT2:
m_port |= ((uint16_t)*sock_buff);
m_pstate = GET4A_IP1;
break;
case GET4A_IP1:
m_ip = ((uint32_t)*sock_buff) << 24;
m_pstate = GET4A_IP2;
break;
case GET4A_IP2:
m_ip |= ((uint32_t)*sock_buff) << 16;
m_pstate = GET4A_IP3;
break;
case GET4A_IP3:
m_ip |= ((uint32_t)*sock_buff) << 8;
m_pstate = GET4A_IP4;
break;
case GET4A_IP4:
m_ip |= ((uint32_t)*sock_buff);
m_pstate = GET4A_IDENT;
if( m_ip == 0 || m_ip > 255 ) {
LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4");
SocksRequestFailed();
return 0;
}
break;
case GET4A_IDENT:
if (!*sock_buff)
m_pstate = GET4A_HOST;
case SOCKS4:
m_state = SOCKS_REQUEST; // Switch to the 4 handler
m_pstate = GET_COMMAND; //Initialize the parser at the right position
break;
case GET4A_HOST:
if (!*sock_buff) {
m_pstate = DONE;
m_state = READY;
m_need_more = false;
return rv;
}
if (m_destination.size() > max_socks_hostname_size) {
LogPrint(eLogError,"--- SOCKS4a destination is too large ");
SocksRequestFailed();
return 0;
}
m_destination.push_back(*sock_buff);
case SOCKS5:
m_state = SOCKS5_AUTHNEGO; // Switch to the 5 handler
m_pstate = GET5_AUTHNUM; //Initialize the parser at the right position
break;
default:
LogPrint(eLogError,"--- SOCKS4a parse state?? ", m_pstate);
LogPrint(eLogError,"--- SOCKS rejected invalid version: ", ((int)*sock_buff));
Terminate();
return 0;
}
sock_buff++;
len--;
}
return rv;
m_socksv = (SOCKSHandler::socksVersions) *sock_buff;
return 1;
}
std::size_t SOCKSHandler::HandleSOCKS5Step1(uint8_t *sock_buff, std::size_t len)
std::size_t SOCKSHandler::HandleSOCKS5AuthNego(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
@ -250,17 +166,17 @@ namespace proxy @@ -250,17 +166,17 @@ namespace proxy
break;
case GET5_AUTH:
m_authleft --;
if (*sock_buff == 0)
m_authchosen = 0;
if (*sock_buff == AUTH_NONE)
m_authchosen = AUTH_NONE;
if ( m_authleft == 0 ) {
if (m_authchosen == 0xff) {
if (m_authchosen == AUTH_UNACCEPTABLE) {
//TODO: we maybe want support for other methods!
LogPrint(eLogError,"--- SOCKS5 couldn't negotiate authentication");
Socks5AuthNegoFailed();
return 0;
}
m_pstate = GET5_REQUESTV;
m_state = SOCKS5_S3;
m_state = SOCKS_REQUEST;
m_need_more = false;
Socks5ChooseAuth();
return rv;
@ -277,51 +193,144 @@ namespace proxy @@ -277,51 +193,144 @@ namespace proxy
return rv;
}
//TODO this may be merged with the SOCKS4a code
std::size_t SOCKSHandler::HandleSOCKS5Step3(uint8_t *sock_buff, std::size_t len)
bool SOCKSHandler::ValidateSOCKSRequest() {
if ( m_cmd != CMD_CONNECT ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS unsupported command: ", m_cmd);
m_error = SOCKS5_CMD_UNSUP;
SocksRequestFailed();
return false;
}
//TODO: we may want to support other address types!
if ( m_addrtype != ADDR_DNS ) {
switch (m_socksv) {
case SOCKS5:
LogPrint(eLogError,"--- SOCKS5 unsupported address type: ", m_addrtype);
m_error = SOCKS5_ADDR_UNSUP;
break;
case SOCKS4:
LogPrint(eLogError,"--- SOCKS4a rejected because it's actually SOCKS4");
break;
}
SocksRequestFailed();
return false;
}
//TODO: we may want to support other domains
if(m_addrtype == ADDR_DNS && m_destination.find(".i2p") == std::string::npos) {
LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_destination);
m_error = SOCKS5_ADDR_UNSUP;
SocksRequestFailed();
return false;
}
return true;
}
std::size_t SOCKSHandler::HandleSOCKSRequest(uint8_t *sock_buff, std::size_t len)
{
std::size_t rv = 0;
while (len > 0) {
rv++;
switch (m_pstate)
{
case GET5_REQUESTV:
if (*sock_buff != 5) {
LogPrint(eLogError,"--- SOCKS rejected unknown request version", ((int)*sock_buff));
m_error = 0x7;
case GET_COMMAND:
switch (*sock_buff) {
case CMD_CONNECT:
case CMD_BIND:
break;
case CMD_UDP:
if (m_socksv == SOCKS5) break;
default:
LogPrint(eLogError,"--- SOCKS invalid command: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET5_COMMAND;
m_cmd = (SOCKSHandler::cmdTypes)*sock_buff;
switch (m_socksv) {
case SOCKS5: m_pstate = GET5_GETRSV; break;
case SOCKS4: m_pstate = GET_PORT; m_addrleft = 2; break;
}
break;
case GET5_COMMAND:
if ( *sock_buff != 1 ) {
//TODO: we need to support binds and other shit!
LogPrint(eLogError,"--- SOCKS5 unsupported command", ((int)*sock_buff));
m_error = 0x7;
case GET_PORT:
m_port = (m_port << 8)|((uint16_t)*sock_buff);
m_addrleft--;
if (m_addrleft == 0) {
switch (m_socksv) {
case SOCKS5: m_pstate = DONE; break;
case SOCKS4: m_pstate = GET_IPV4; m_addrleft = 4; break;
}
}
break;
case GET_IPV4:
m_ip = (m_ip << 8)|((uint32_t)*sock_buff);
m_addrleft--;
if (m_addrleft == 0) {
switch (m_socksv) {
case SOCKS5: m_pstate = GET_PORT; m_addrleft = 2; break;
case SOCKS4: m_pstate = GET4_IDENT; break;
}
}
break;
case GET4_IDENT:
if (!*sock_buff) {
if( m_ip == 0 || m_ip > 255 ) {
m_addrtype = ADDR_IPV4;
m_pstate = DONE;
} else {
m_addrtype = ADDR_DNS;
m_pstate = GET4A_HOST;
}
}
break;
case GET4A_HOST:
if (!*sock_buff) {
m_pstate = DONE;
break;
}
if (m_destination.size() > max_socks_hostname_size) {
LogPrint(eLogError,"--- SOCKS4a destination is too large");
SocksRequestFailed();
return 0;
}
m_pstate = GET5_GETRSV;
m_destination.push_back(*sock_buff);
break;
case GET5_REQUESTV:
if (*sock_buff != SOCKS5) {
LogPrint(eLogError,"--- SOCKS5 rejected unknown request version: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET_COMMAND;
break;
case GET5_GETRSV:
if ( *sock_buff != 0 ) {
LogPrint(eLogError,"--- SOCKS5 unknown reserved field", ((int)*sock_buff));
m_error = 0x7;
LogPrint(eLogError,"--- SOCKS5 unknown reserved field: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET5_GETADDRTYPE;
break;
case GET5_GETADDRTYPE:
if ( *sock_buff != 0x3 ) {
//TODO: we may want to support other address types!
LogPrint(eLogError,"--- SOCKS5 unsupported address type", ((int)*sock_buff));
m_error = 0x8;
switch (*sock_buff) {
case ADDR_IPV4: m_pstate = GET_IPV4; m_addrleft = 4; break;
case ADDR_IPV6: m_pstate = GET5_IPV6; m_addrleft = 16; break;
case ADDR_DNS : m_pstate = GET5_HOST_SIZE; break;
default:
LogPrint(eLogError,"--- SOCKS5 unknown address type: ", ((int)*sock_buff));
m_error = SOCKS5_GEN_FAIL;
SocksRequestFailed();
return 0;
}
m_pstate = GET5_HOST_SIZE;
m_addrtype = (SOCKSHandler::addrTypes)*sock_buff;
break;
case GET5_IPV6:
m_ipv6[16-m_addrleft] = *sock_buff;
m_addrleft--;
if (m_addrleft == 0) {
m_pstate = GET_PORT;
m_addrleft = 2;
}
break;
case GET5_HOST_SIZE:
m_addrleft = *sock_buff;
@ -330,25 +339,21 @@ namespace proxy @@ -330,25 +339,21 @@ namespace proxy
case GET5_HOST:
m_destination.push_back(*sock_buff);
m_addrleft--;
if (m_addrleft == 0)
m_pstate = GET5_PORT1;
break;
case GET5_PORT1:
m_port = ((uint16_t)*sock_buff) << 8;
m_pstate = GET5_PORT2;
break;
case GET5_PORT2:
m_port |= ((uint16_t)*sock_buff);
m_pstate = DONE;
m_state = READY;
m_need_more = false;
return rv;
if (m_addrleft == 0) {
m_pstate = GET_PORT;
m_addrleft = 2;
}
break;
default:
LogPrint(eLogError,"--- SOCKS5 parse state?? ", m_pstate);
LogPrint(eLogError,"--- SOCKS parse state?? ", m_pstate);
Terminate();
return 0;
}
if (m_pstate == DONE) {
m_state = READY;
m_need_more = false;
return (ValidateSOCKSRequest() ? rv : 0);
}
sock_buff++;
len--;
}
@ -378,12 +383,7 @@ namespace proxy @@ -378,12 +383,7 @@ namespace proxy
if (m_state == READY) {
LogPrint(eLogInfo,"--- SOCKS requested ", m_destination, ":" , m_port);
if (pos != len) {
LogPrint(eLogError,"--- SOCKS rejected because be can't handle extra data");
SocksRequestFailed();
return ;
}
if(m_destination.find(".i2p") == std::string::npos) {
LogPrint(eLogError,"--- SOCKS invalid hostname: ", m_destination);
LogPrint(eLogError,"--- SOCKS rejected because we can't handle extra data");
SocksRequestFailed();
return ;
}
@ -391,9 +391,11 @@ namespace proxy @@ -391,9 +391,11 @@ namespace proxy
m_parent->GetLocalDestination ()->CreateStream (
std::bind (&SOCKSHandler::HandleStreamRequestComplete,
this, std::placeholders::_1), m_destination, m_port);
} else if (m_need_more)
} else if (m_need_more) {
LogPrint (eLogDebug,"--- SOCKS Need more data");
AsyncSockRead();
}
}
void SOCKSHandler::SentSocksFailed(const boost::system::error_code & ecode)
{
@ -415,6 +417,7 @@ namespace proxy @@ -415,6 +417,7 @@ namespace proxy
m_parent->AddConnection (connection);
connection->I2PConnect ();
} else {
LogPrint (eLogDebug,"--- SOCKS Go to next state");
AsyncSockRead();
}
}
@ -431,7 +434,7 @@ namespace proxy @@ -431,7 +434,7 @@ namespace proxy
m_stream = stream;
SocksRequestSuccess();
} else {
m_error = 0x4;
m_error = SOCKS5_HOST_UNREACH;
LogPrint (eLogError,"--- SOCKS Issue when creating the stream, check the previous warnings for more info.");
SocksRequestFailed();
}

107
SOCKS.h
Unescape View File

@ -21,62 +21,71 @@ namespace proxy @@ -21,62 +21,71 @@ namespace proxy
private:
enum state {
GET_VERSION,
SOCKS4A,
SOCKS5_S1, //Authentication negotiation
SOCKS5_S2, //Authentication
SOCKS5_S3, //Request
READY
GET_VERSION, // Get SOCKS version
SOCKS5_AUTHNEGO, //Authentication negotiation
SOCKS5_AUTH, //Authentication
SOCKS_REQUEST, //Request
READY // Ready to connect
};
enum parseState {
GET4A_COMMAND,
GET4A_PORT1,
GET4A_PORT2,
GET4A_IP1,
GET4A_IP2,
GET4A_IP3,
GET4A_IP4,
GET4A_IDENT,
GET_COMMAND,
GET_PORT,
GET_IPV4,
GET4_IDENT,
GET4A_HOST,
GET5_AUTHNUM,
GET5_AUTH,
GET5_REQUESTV,
GET5_COMMAND,
GET5_GETRSV,
GET5_GETADDRTYPE,
GET5_IPV4_1,
GET5_IPV4_2,
GET5_IPV4_3,
GET5_IPV4_4,
GET5_IPV6_1,
GET5_IPV6_2,
GET5_IPV6_3,
GET5_IPV6_4,
GET5_IPV6_5,
GET5_IPV6_6,
GET5_IPV6_7,
GET5_IPV6_8,
GET5_IPV6_9,
GET5_IPV6_10,
GET5_IPV6_11,
GET5_IPV6_12,
GET5_IPV6_13,
GET5_IPV6_14,
GET5_IPV6_15,
GET5_IPV6_16,
GET5_IPV6,
GET5_HOST_SIZE,
GET5_HOST,
GET5_PORT1,
GET5_PORT2,
DONE
};
enum authMethods {
AUTH_NONE = 0, //No authentication, skip to next step
AUTH_GSSAPI = 1, //GSSAPI authentication
AUTH_USERPASSWD = 2, //Username and password
AUTH_UNACCEPTABLE = 0xff //No acceptable method found
};
enum addrTypes {
ADDR_IPV4 = 1, //IPv4 address (4 octets)
ADDR_DNS = 3, // DNS name (up to 255 octets)
ADDR_IPV6 = 4 //IPV6 address (16 octets)
};
enum errTypes {
SOCKS5_OK = 0, // No error for SOCKS5
SOCKS5_GEN_FAIL = 1, // General server failure
SOCKS5_RULE_DENIED = 2, // Connection disallowed by ruleset
SOCKS5_NET_UNREACH = 3, // Network unreachable
SOCKS5_HOST_UNREACH = 4, // Host unreachable
SOCKS5_CONN_REFUSED = 5, // Connection refused by the peer
SOCKS5_TTL_EXPIRED = 6, // TTL Expired
SOCKS5_CMD_UNSUP = 7, // Command unsuported
SOCKS5_ADDR_UNSUP = 8, // Address type unsuported
SOCKS4_OK = 90, // No error for SOCKS4
SOCKS4_FAIL = 91, // Failed establishing connecting or not allowed
SOCKS4_IDENTD_MISSING = 92, // Couldn't connect to the identd server
SOCKS4_IDENTD_DIFFER = 93 // The ID reported by the application and by identd differ
};
enum cmdTypes {
CMD_CONNECT = 1, // TCP Connect
CMD_BIND = 2, // TCP Bind
CMD_UDP = 3 // UDP associate
};
enum socksVersions {
SOCKS4 = 4, // SOCKS4
SOCKS5 = 5 // SOCKS5
};
void GotClientRequest(boost::system::error_code & ecode, std::string & host, uint16_t port);
std::size_t HandleData(uint8_t *sock_buff, std::size_t len);
std::size_t HandleVersion(uint8_t *sock_buff);
std::size_t HandleSOCKS4A(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5Step1(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5Step3(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKS5AuthNego(uint8_t *sock_buff, std::size_t len);
std::size_t HandleSOCKSRequest(uint8_t *sock_buff, std::size_t len);
bool ValidateSOCKSRequest();
void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered);
void Terminate();
void CloseSock();
@ -92,7 +101,6 @@ namespace proxy @@ -92,7 +101,6 @@ namespace proxy
void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream);
uint8_t m_sock_buff[socks_buffer_size];
SOCKSServer * m_parent;
boost::asio::ip::tcp::socket * m_sock;
std::shared_ptr<i2p::stream::Stream> m_stream;
@ -101,22 +109,23 @@ namespace proxy @@ -101,22 +109,23 @@ namespace proxy
uint8_t m_command;
uint16_t m_port;
uint32_t m_ip;
uint8_t m_ipv6[16];
std::string m_destination;
uint8_t m_authleft; //Authentication methods left
//TODO: this will probably be more elegant as enums
uint8_t m_authchosen; //Authentication chosen
uint8_t m_addrtype; //Address type chosen
uint8_t m_addrleft; //Address type chosen
uint8_t m_error; //Address type chosen
uint8_t m_socksv; //Address type chosen
bool m_need_more; //Address type chosen
authMethods m_authchosen; //Authentication chosen
addrTypes m_addrtype; //Address type chosen
uint8_t m_addrleft; //Octets of DNS address left
errTypes m_error; //Error cause
socksVersions m_socksv; //Socks version
cmdTypes m_cmd; // Command requested
bool m_need_more; //The parser still needs to receive more data
public:
SOCKSHandler(SOCKSServer * parent, boost::asio::ip::tcp::socket * sock) :
m_parent(parent), m_sock(sock), m_stream(nullptr), m_state(GET_VERSION),
m_authchosen(0xff), m_addrtype(0x01), m_error(0x01)
m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4), m_error(SOCKS5_GEN_FAIL)
{ AsyncSockRead(); m_destination.reserve(max_socks_hostname_size+1); }
~SOCKSHandler() { CloseSock(); CloseStream(); }
};

Write Preview
Loading…
Cancel
Save