service

package
v1.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2025 License: Apache-2.0 Imports: 26 Imported by: 8

Documentation

Index

Constants

View Source 
const MaxCapacity = 20_000

MaxCapacity is the largest allowed size of ReplayCache.

Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.

Variables

This section is empty.

Functions

func MakeTargetUDPListener added in v1.8.0 

func MakeTargetUDPListener(timeout time.Duration, fwmark uint) transport.PacketListener

NewPacketListener creates a new PacketListener that listens on UDP and optionally sets a firewall mark on the socket (Linux only).

func MakeValidatingTCPStreamDialer added in v1.8.0 

func MakeValidatingTCPStreamDialer(targetIPValidator onet.TargetIPValidator, fwmark uint) transport.StreamDialer

fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management. Value of 0 disables fwmark (SO_MARK) (Linux Only)

func NewShadowsocksHandlers added in v1.9.0 

func NewShadowsocksHandlers(opts ...Option) (StreamHandler, AssociationHandler)

NewShadowsocksHandlers creates new Shadowsocks stream and packet handlers.

func PacketServe added in v1.9.0 

func PacketServe(clientConn net.PacketConn, assocHandle AssociationHandleFunc, metrics NATMetrics)

PacketServe listens for UDP packets on the provided net.PacketConn and creates and manages NAT associations. It uses a NAT map to track active associations and handles their lifecycle.

func SetFwmark added in v1.8.0 

func SetFwmark(rc syscall.RawConn, fwmark uint) error

func StreamServe added in v1.5.0 

func StreamServe(accept StreamAcceptFunc, streamHandle StreamHandleFunc)

StreamServe repeatedly calls `accept` to obtain connections and `handle` to handle them until accept() returns [ErrClosed]. When that happens, all connection handlers will be notified via their context.Context. StreamServe will return after all pending handlers return.

Types

type AssociationHandleFunc added in v1.9.0 

type AssociationHandleFunc func(ctx context.Context, conn net.Conn)

type AssociationHandler added in v1.9.0 

type AssociationHandler interface {
	HandleAssociation(ctx context.Context, conn net.Conn, assocMetrics UDPAssociationMetrics)
	// SetLogger sets the logger used to log messages. Uses a no-op logger if nil.
	SetLogger(l *slog.Logger)
	// SetTargetIPValidator sets the function to be used to validate the target IP addresses.
	SetTargetIPValidator(targetIPValidator onet.TargetIPValidator)
	// SetTargetPacketListener sets the packet listener to use for target connections.
	SetTargetPacketListener(targetListener transport.PacketListener)
}

AssociationHandler is a handler that handles UDP assocations.

func NewAssociationHandler added in v1.9.0 

func NewAssociationHandler(cipherList CipherList, ssMetrics ShadowsocksConnMetrics) AssociationHandler

NewAssociationHandler creates a Shadowsocks proxy AssociationHandler.

type CipherEntry 

type CipherEntry struct {
	ID            string
	CryptoKey     *shadowsocks.EncryptionKey
	SaltGenerator ServerSaltGenerator
	// contains filtered or unexported fields
}

CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.

func MakeCipherEntry 

func MakeCipherEntry(id string, cryptoKey *shadowsocks.EncryptionKey, secret string) CipherEntry

MakeCipherEntry constructs a CipherEntry.

type CipherList 

type CipherList interface {
	// Returns a snapshot of the cipher list optimized for this client IP
	SnapshotForClientIP(clientIP netip.Addr) []*list.Element
	MarkUsedByClientIP(e *list.Element, clientIP netip.Addr)
	// Update replaces the current contents of the CipherList with `contents`,
	// which is a List of *CipherEntry.  Update takes ownership of `contents`,
	// which must not be read or written after this call.
	Update(contents *list.List)
}

CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.

func MakeTestCiphers 

func MakeTestCiphers(secrets []string) (CipherList, error)

MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.

func NewCipherList 

func NewCipherList() CipherList

NewCipherList creates an empty CipherList

type Listener added in v1.6.0 

type Listener = io.Closer

The implementations of listeners for different network types are not interchangeable. The type of listener depends on the network type.

type ListenerManager added in v1.6.0 

type ListenerManager interface {
	// ListenStream creates a new stream listener for a given address.
	ListenStream(addr string) (StreamListener, error)

	// ListenPacket creates a new packet listener for a given address.
	ListenPacket(addr string) (net.PacketConn, error)
}

ListenerManager holds the state of shared listeners.

func NewListenerManager added in v1.6.0 

func NewListenerManager() ListenerManager

NewListenerManager creates a new [ListenerManger].

type MultiListener added in v1.6.0 

type MultiListener[T Listener] interface {
	// Acquire creates a new listener from the shared listener. Listeners can overlap
	// one another (e.g. during config changes the new config is started before the
	// old config is destroyed), which is done by creating virtual listeners that wrap
	// the shared listener. These virtual listeners do not actually close the
	// underlying socket until all uses of the shared listener have been closed.
	Acquire() (T, error)
}

MultiListener manages shared listeners.

func NewMultiPacketListener added in v1.6.0 

func NewMultiPacketListener(addr string, onCloseFunc OnCloseFunc) MultiListener[net.PacketConn]

NewMultiPacketListener creates a new packet-based MultiListener.

func NewMultiStreamListener added in v1.6.0 

func NewMultiStreamListener(addr string, onCloseFunc OnCloseFunc) MultiListener[StreamListener]

NewMultiStreamListener creates a new stream-based MultiListener.

type NATMetrics added in v1.9.0 

type NATMetrics interface {
	AddNATEntry()
	RemoveNATEntry()
}

NATMetrics is used to report NAT related metrics.

type NoOpShadowsocksConnMetrics added in v1.7.1 

type NoOpShadowsocksConnMetrics struct{}

NoOpShadowsocksConnMetrics is a ShadowsocksConnMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpShadowsocksConnMetrics) AddCipherSearch added in v1.7.1 

func (m *NoOpShadowsocksConnMetrics) AddCipherSearch(accessKeyFound bool, timeToCipher time.Duration)

type NoOpTCPConnMetrics added in v1.6.0 

type NoOpTCPConnMetrics struct{}

NoOpTCPConnMetrics is a TCPConnMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpTCPConnMetrics) AddAuthentication added in v1.9.0 

func (m *NoOpTCPConnMetrics) AddAuthentication(accessKey string)

func (*NoOpTCPConnMetrics) AddClose added in v1.9.0 

func (m *NoOpTCPConnMetrics) AddClose(status string, data metrics.ProxyMetrics, duration time.Duration)

func (*NoOpTCPConnMetrics) AddProbe added in v1.6.0 

func (m *NoOpTCPConnMetrics) AddProbe(status, drainResult string, clientProxyBytes int64)

type NoOpUDPAssociationMetrics added in v1.9.0 

type NoOpUDPAssociationMetrics struct{}

NoOpUDPAssociationMetrics is a UDPAssociationMetrics that doesn't do anything. Useful in tests or if you don't want to track metrics.

func (*NoOpUDPAssociationMetrics) AddAuthentication added in v1.9.0 

func (m *NoOpUDPAssociationMetrics) AddAuthentication(accessKey string)

func (*NoOpUDPAssociationMetrics) AddClose added in v1.9.0 

func (m *NoOpUDPAssociationMetrics) AddClose()

func (*NoOpUDPAssociationMetrics) AddPacketFromClient added in v1.9.0 

func (m *NoOpUDPAssociationMetrics) AddPacketFromClient(status string, clientProxyBytes, proxyTargetBytes int64)

func (*NoOpUDPAssociationMetrics) AddPacketFromTarget added in v1.9.0 

func (m *NoOpUDPAssociationMetrics) AddPacketFromTarget(status string, targetProxyBytes, proxyClientBytes int64)

type OnCloseFunc added in v1.6.0 

type OnCloseFunc func() error

type Option added in v1.7.1 

type Option func(s *ssService)

Option is a Shadowsocks service constructor option.

func WithCiphers added in v1.7.1 

func WithCiphers(ciphers CipherList) Option

WithCiphers option function.

func WithLogger added in v1.7.3 

func WithLogger(l *slog.Logger) Option

WithLogger can be used to provide a custom log target. If not provided, the service uses a noop logger (i.e., no logging).

func WithMetrics added in v1.7.1 

func WithMetrics(metrics ServiceMetrics) Option

func WithPacketListener added in v1.8.0 

func WithPacketListener(listener transport.PacketListener) Option

WithPacketListener option function.

func WithReplayCache added in v1.7.1 

func WithReplayCache(replayCache *ReplayCache) Option

WithReplayCache option function.

func WithStreamDialer added in v1.8.0 

func WithStreamDialer(dialer transport.StreamDialer) Option

WithStreamDialer option function.

type ReplayCache 

type ReplayCache struct {
	// contains filtered or unexported fields
}

ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).

The nil and zero values represent a cache with capacity 0, i.e. no cache.

func NewReplayCache 

func NewReplayCache(capacity int) ReplayCache

NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.

func (*ReplayCache) Add 

func (c *ReplayCache) Add(id string, salt []byte) bool

Add a handshake with this key ID and salt to the cache. Returns false if it is already present.

func (*ReplayCache) Resize added in v1.8.0 

func (c *ReplayCache) Resize(capacity int) error

Resize adjusts the capacity of the ReplayCache.

type ServerSaltGenerator 

type ServerSaltGenerator interface {
	ss.SaltGenerator
	// IsServerSalt returns true if the salt was created by this generator
	// and is marked as server-originated.
	IsServerSalt(salt []byte) bool
}

ServerSaltGenerator offers the ability to check if a salt was marked as server-originated. 

var RandomServerSaltGenerator ServerSaltGenerator = randomServerSaltGenerator{}

RandomServerSaltGenerator is a basic ServerSaltGenerator.

func NewServerSaltGenerator 

func NewServerSaltGenerator(secret string) ServerSaltGenerator

NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.

type ServiceMetrics added in v1.7.1 

type ServiceMetrics interface {
	AddOpenUDPAssociation(conn net.Conn) UDPAssociationMetrics
	AddOpenTCPConnection(conn net.Conn) TCPConnMetrics
	AddTCPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
	AddUDPCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

type ShadowsocksConnMetrics added in v1.6.0 

type ShadowsocksConnMetrics interface {
	AddCipherSearch(accessKeyFound bool, timeToCipher time.Duration)
}

ShadowsocksConnMetrics is used to report Shadowsocks related metrics on connections.

type StreamAcceptFunc added in v1.6.0 

type StreamAcceptFunc func() (transport.StreamConn, error)

func WrapStreamAcceptFunc added in v1.6.0 

func WrapStreamAcceptFunc[T transport.StreamConn](f func() (T, error)) StreamAcceptFunc

type StreamAuthenticateFunc added in v1.5.0 

type StreamAuthenticateFunc func(clientConn transport.StreamConn) (string, transport.StreamConn, *onet.ConnectionError)

func NewShadowsocksStreamAuthenticator added in v1.5.0 

func NewShadowsocksStreamAuthenticator(ciphers CipherList, replayCache *ReplayCache, metrics ShadowsocksConnMetrics, l *slog.Logger) StreamAuthenticateFunc

NewShadowsocksStreamAuthenticator creates a stream authenticator that uses Shadowsocks. TODO(fortuna): Offer alternative transports.

type StreamHandleFunc added in v1.6.0 

type StreamHandleFunc func(ctx context.Context, conn transport.StreamConn)

type StreamHandler added in v1.5.0 

type StreamHandler interface {
	HandleStream(ctx context.Context, conn transport.StreamConn, connMetrics TCPConnMetrics)
	// SetLogger sets the logger used to log messages. Uses a no-op logger if nil.
	SetLogger(l *slog.Logger)
	// SetTargetDialer sets the [transport.StreamDialer] to be used to connect to target addresses.
	SetTargetDialer(dialer transport.StreamDialer)
}

StreamHandler is a handler that handles stream connections.

func NewStreamHandler added in v1.6.0 

func NewStreamHandler(authenticate StreamAuthenticateFunc, timeout time.Duration) StreamHandler

NewStreamHandler creates a StreamHandler

type StreamListener added in v1.5.0 

type StreamListener interface {
	// Accept waits for and returns the next connection to the listener.
	AcceptStream() (transport.StreamConn, error)

	// Close closes the listener.
	// Any blocked Accept operations will be unblocked and return errors. This
	// stops the current listener from accepting new connections without closing
	// the underlying socket. Only when the last user of the underlying socket
	// closes it, do we actually close it.
	Close() error

	// Addr returns the listener's network address.
	Addr() net.Addr
}

StreamListener is a network listener for stream-oriented protocols that accepts transport.StreamConn connections.

type TCPConnMetrics added in v1.6.0 

type TCPConnMetrics interface {
	AddAuthentication(accessKey string)
	AddClose(status string, data metrics.ProxyMetrics, duration time.Duration)
	AddProbe(status, drainResult string, clientProxyBytes int64)
}

TCPConnMetrics is used to report metrics on TCP connections.

type TCPListener added in v1.6.0 

type TCPListener struct {
	// contains filtered or unexported fields
}

func (*TCPListener) AcceptStream added in v1.6.0 

func (t *TCPListener) AcceptStream() (transport.StreamConn, error)

func (*TCPListener) Addr added in v1.6.0 

func (t *TCPListener) Addr() net.Addr

func (*TCPListener) Close added in v1.6.0 

func (t *TCPListener) Close() error

type UDPAssociationMetrics added in v1.9.0 

type UDPAssociationMetrics interface {
	AddAuthentication(accessKey string)
	AddPacketFromClient(status string, clientProxyBytes, proxyTargetBytes int64)
	AddPacketFromTarget(status string, targetProxyBytes, proxyClientBytes int64)
	AddClose()
}

UDPAssociationMetrics is used to report metrics on UDP associations.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.