Documentation
¶
Index ¶
- Constants
- func MakeTestPayload(size int) []byte
- func MakeTestSecrets(n int) []string
- func NewAddr(address, network string) net.Addr
- type ChunkReader
- type CipherEntry
- type CipherList
- type Client
- type Reader
- type ReplayCache
- type SaltGenerator
- type ServerSaltGenerator
- type TCPService
- type UDPService
- type Writer
Constants ¶
const MaxCapacity = 20_000
MaxCapacity is the largest allowed size of ReplayCache.
Capacities in excess of 20,000 are not recommended, due to the false positive rate of up to 2 * capacity / 2^32 = 1 / 100,000. If larger capacities are desired, the key type should be changed to uint64.
const ServerSaltMarkLen = 4 // Must be less than or equal to SHA1.Size()
ServerSaltMarkLen is the number of bytes of salt to use as a marker. Increasing this value reduces the false positive rate, but increases the likelihood of salt collisions.
Variables ¶
This section is empty.
Functions ¶
func MakeTestPayload ¶ added in v1.0.3
MakeTestPayload returns a slice of `size` arbitrary bytes.
func MakeTestSecrets ¶ added in v1.1.1
MakeTestSecrets returns a slice of `n` test passwords. Not secure!
Types ¶
type ChunkReader ¶ added in v1.1.5
type ChunkReader interface {
// ReadChunk reads the next chunk and returns its payload. The caller must
// complete its use of the returned buffer before the next call.
// The buffer is nil iff there is an error. io.EOF indicates a close.
ReadChunk() ([]byte, error)
}
ChunkReader is similar to io.Reader, except that it controls its own buffer granularity.
type CipherEntry ¶ added in v1.0.3
type CipherEntry struct {
ID string
Cipher shadowaead.Cipher
SaltGenerator ServerSaltGenerator
// contains filtered or unexported fields
}
CipherEntry holds a Cipher with an identifier. The public fields are constant, but lastClientIP is mutable under cipherList.mu.
func MakeCipherEntry ¶ added in v1.2.0
func MakeCipherEntry(id string, cipher shadowaead.Cipher, secret string) CipherEntry
MakeCipherEntry constructs a CipherEntry.
type CipherList ¶ added in v1.0.3
type CipherList interface {
// Returns a snapshot of the cipher list optimized for this client IP,
// and also the number of bytes needed for TCP trial decryption.
SnapshotForClientIP(clientIP net.IP) (int, []*list.Element)
MarkUsedByClientIP(e *list.Element, clientIP net.IP)
// Update replaces the current contents of the CipherList with `contents`,
// which is a List of *CipherEntry. Update takes ownership of `contents`,
// which must not be read or written after this call.
Update(contents *list.List) error
}
CipherList is a thread-safe collection of CipherEntry elements that allows for snapshotting and moving to front.
func MakeTestCiphers ¶ added in v1.0.3
func MakeTestCiphers(secrets []string) (CipherList, error)
MakeTestCiphers creates a CipherList containing one fresh AEAD cipher for each secret in `secrets`.
func NewCipherList ¶ added in v1.0.3
func NewCipherList() CipherList
NewCipherList creates an empty CipherList
type Client ¶ added in v1.0.6
type Client interface {
// DialTCP connects to `raddr` over TCP though a Shadowsocks proxy.
// `laddr` is a local bind address, a local address is automatically chosen if nil.
// `raddr` has the form `host:port`, where `host` can be a domain name or IP address.
DialTCP(laddr *net.TCPAddr, raddr string) (onet.DuplexConn, error)
// ListenUDP relays UDP packets though a Shadowsocks proxy.
// `laddr` is a local bind address, a local address is automatically chosen if nil.
ListenUDP(laddr *net.UDPAddr) (net.PacketConn, error)
}
Client is a client for Shadowsocks TCP and UDP connections.
type Reader ¶ added in v1.1.0
Reader is an io.Reader that also implements io.WriterTo to allow for piping the data without extra allocations and copies.
func NewShadowsocksReader ¶
func NewShadowsocksReader(reader io.Reader, ssCipher shadowaead.Cipher) Reader
NewShadowsocksReader creates a Reader that decrypts the given Reader using the shadowsocks protocol with the given shadowsocks cipher.
type ReplayCache ¶ added in v1.0.8
type ReplayCache struct {
// contains filtered or unexported fields
}
ReplayCache allows us to check whether a handshake salt was used within the last `capacity` handshakes. It requires approximately 20*capacity bytes of memory (as measured by BenchmarkReplayCache_Creation).
The nil and zero values represent a cache with capacity 0, i.e. no cache.
func NewReplayCache ¶ added in v1.0.8
func NewReplayCache(capacity int) ReplayCache
NewReplayCache returns a fresh ReplayCache that promises to remember at least the most recent `capacity` handshakes.
type SaltGenerator ¶ added in v1.2.0
SaltGenerator generates unique salts to use in Shadowsocks connections.
type ServerSaltGenerator ¶ added in v1.2.0
type ServerSaltGenerator interface {
SaltGenerator
// IsServerSalt returns true if the salt was created by this generator
// and is marked as server-originated.
IsServerSalt(salt []byte) bool
}
ServerSaltGenerator offers the ability to check if a salt was marked as server-originated.
var RandomSaltGenerator ServerSaltGenerator = randomSaltGenerator{}
RandomSaltGenerator is a basic SaltGenerator.
func NewServerSaltGenerator ¶ added in v1.2.0
func NewServerSaltGenerator(secret string) ServerSaltGenerator
NewServerSaltGenerator returns a SaltGenerator whose output is apparently random, but is secretly marked as being issued by the server. This is useful to prevent the server from accepting its own output in a reflection attack.
type TCPService ¶
type TCPService interface {
// Serve adopts the listener, which will be closed before Serve returns. Serve returns an error unless Stop() was called.
Serve(listener *net.TCPListener) error
// Stop closes the listener but does not interfere with existing connections.
Stop() error
// GracefulStop calls Stop(), and then blocks until all resources have been cleaned up.
GracefulStop() error
}
TCPService is a Shadowsocks TCP service that can be started and stopped.
func NewTCPService ¶
func NewTCPService(ciphers CipherList, replayCache *ReplayCache, m metrics.ShadowsocksMetrics, timeout time.Duration) TCPService
NewTCPService creates a TCPService `replayCache` is a pointer to SSServer.replayCache, to share the cache among all ports.
type UDPService ¶
type UDPService interface {
// Serve adopts the clientConn, and will not return until it is closed by Stop().
Serve(clientConn net.PacketConn) error
// Stop closes the clientConn and prevents further forwarding of packets.
Stop() error
// GracefulStop calls Stop(), and then blocks until all resources have been cleaned up.
GracefulStop() error
}
UDPService is a running UDP shadowsocks proxy that can be stopped.
func NewUDPService ¶
func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics) UDPService
NewUDPService creates a UDPService
type Writer ¶ added in v1.1.0
type Writer struct {
// contains filtered or unexported fields
}
Writer is an io.Writer that also implements io.ReaderFrom to allow for piping the data without extra allocations and copies. The LazyWrite and Flush methods allow a header to be added but delayed until the first write, for concatenation. All methods except Flush must be called from a single thread.
func NewShadowsocksWriter ¶
func NewShadowsocksWriter(writer io.Writer, ssCipher shadowaead.Cipher) *Writer
NewShadowsocksWriter creates a Writer that encrypts the given Writer using the shadowsocks protocol with the given shadowsocks cipher.
func (*Writer) Flush ¶ added in v1.1.8
Flush sends the pending data, if any. This method is thread-safe.
func (*Writer) LazyWrite ¶ added in v1.1.8
LazyWrite queues p to be written, but doesn't send it until Flush() is called, a non-lazy write is made, or the buffer is filled.
func (*Writer) SetSaltGenerator ¶ added in v1.2.0
func (sw *Writer) SetSaltGenerator(saltGenerator SaltGenerator)
SetSaltGenerator sets the salt generator to be used. Must be called before the first write.
Source Files