add socks5 udp relay

pkg/handler/socks/v4/handler.go

@@ -139,9 +139,14 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
 		h.logger.Debug(resp)
 	}
 
+	t := time.Now()
 	h.logger.Infof("%s <-> %s", conn.RemoteAddr(), addr)
 	handler.Transport(conn, cc)
-	h.logger.Infof("%s >-< %s", conn.RemoteAddr(), addr)
+	h.logger.
+		WithFields(map[string]interface{}{
+			"duration": time.Since(t),
+		}).
+		Infof("%s >-< %s", conn.RemoteAddr(), addr)
 }
 
 func (h *socks4Handler) handleBind(ctx context.Context, conn net.Conn, req *gosocks4.Request) {

pkg/handler/socks/v5/bind.go

@@ -3,6 +3,7 @@ package v5
 import (
 	"context"
 	"net"
+	"time"
 
 	"github.com/go-gost/gosocks5"
 	"github.com/go-gost/gost/pkg/handler"
@@ -39,6 +40,7 @@ func (h *socks5Handler) handleBind(ctx context.Context, conn net.Conn, req *goso
 	}
 	defer cc.Close()
 
+	// forward request
 	if err := req.Write(cc); err != nil {
 		h.logger.Error(err)
 		resp := gosocks5.NewReply(gosocks5.NetUnreachable, nil)
@@ -88,7 +90,11 @@ func (h *socks5Handler) bindLocal(ctx context.Context, conn net.Conn, addr strin
 	if h.logger.IsLevelEnabled(logger.DebugLevel) {
 		h.logger.Debug(reply.String())
 	}
-	h.logger.Infof("bind on: %s OK", socksAddr.String())
+
+	h.logger = h.logger.WithFields(map[string]interface{}{
+		"bind": socksAddr.String(),
+	})
+	h.logger.Infof("bind on %s OK", socksAddr.String())
 
 	h.serveBind(ctx, conn, ln)
 }
@@ -144,11 +150,14 @@ func (h *socks5Handler) serveBind(ctx context.Context, conn net.Conn, ln net.Lis
 		if h.logger.IsLevelEnabled(logger.DebugLevel) {
 			h.logger.Debug(reply.String())
 		}
-		h.logger.Infof("PEER %s ACCEPTED", raddr.String())
+		h.logger.Infof("peer accepted: %s", raddr.String())
 
+		start := time.Now()
 		h.logger.Infof("%s <-> %s", conn.RemoteAddr(), raddr.String())
 		handler.Transport(pc2, rc)
-		h.logger.Infof("%s >-< %s", conn.RemoteAddr(), raddr.String())
+		h.logger.
+			WithFields(map[string]interface{}{"duration": time.Since(start)}).
+			Infof("%s >-< %s", conn.RemoteAddr(), raddr.String())
 
 	case err := <-pipe():
 		if err != nil {

pkg/handler/socks/v5/connect.go

@@ -3,6 +3,7 @@ package v5
 import (
 	"context"
 	"net"
+	"time"
 
 	"github.com/go-gost/gosocks5"
 	"github.com/go-gost/gost/pkg/handler"
@@ -51,7 +52,12 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, addr s
 		h.logger.Debug(resp)
 	}
 
+	t := time.Now()
 	h.logger.Infof("%s <-> %s", conn.RemoteAddr(), addr)
 	handler.Transport(conn, cc)
-	h.logger.Infof("%s >-< %s", conn.RemoteAddr(), addr)
+	h.logger.
+		WithFields(map[string]interface{}{
+			"duration": time.Since(t),
+		}).
+		Infof("%s >-< %s", conn.RemoteAddr(), addr)
 }

pkg/handler/socks/v5/handler.go

@@ -9,28 +9,12 @@ import (
 	"github.com/go-gost/gost/pkg/bypass"
 	"github.com/go-gost/gost/pkg/chain"
 	"github.com/go-gost/gost/pkg/handler"
+	"github.com/go-gost/gost/pkg/internal/utils/socks"
 	"github.com/go-gost/gost/pkg/logger"
 	md "github.com/go-gost/gost/pkg/metadata"
 	"github.com/go-gost/gost/pkg/registry"
 )
 
-const (
-	// MethodTLS is an extended SOCKS5 method with tls encryption support.
-	MethodTLS uint8 = 0x80
-	// MethodTLSAuth is an extended SOCKS5 method with tls encryption and authentication support.
-	MethodTLSAuth uint8 = 0x82
-	// MethodMux is an extended SOCKS5 method for stream multiplexing.
-	MethodMux = 0x88
-)
-
-const (
-	// CmdMuxBind is an extended SOCKS5 request CMD for
-	// multiplexing transport with the binding server.
-	CmdMuxBind uint8 = 0xF2
-	// CmdUDPTun is an extended SOCKS5 request CMD for UDP over TCP.
-	CmdUDPTun uint8 = 0xF3
-)
-
 func init() {
 	registry.RegisterHandler("socks5", NewHandler)
 	registry.RegisterHandler("socks", NewHandler)
@@ -58,8 +42,8 @@ func NewHandler(opts ...handler.Option) handler.Handler {
 }
 
 func (h *socks5Handler) Init(md md.Metadata) (err error) {
-	if err := h.parseMetadata(md); err != nil {
-		return err
+	if err = h.parseMetadata(md); err != nil {
+		return
 	}
 
 	h.selector = &serverSelector{
@@ -110,9 +94,11 @@ func (h *socks5Handler) Handle(ctx context.Context, conn net.Conn) {
 		h.handleConnect(ctx, conn, req.Addr.String())
 	case gosocks5.CmdBind:
 		h.handleBind(ctx, conn, req)
-	case CmdMuxBind:
+	case socks.CmdMuxBind:
+		h.handleMuxBind(ctx, conn, req)
 	case gosocks5.CmdUdp:
-	case CmdUDPTun:
+		h.handleUDP(ctx, conn, req)
+	case socks.CmdUDPTun:
 	default:
 		h.logger.Errorf("unknown cmd: %d", req.Cmd)
 		resp := gosocks5.NewReply(gosocks5.CmdUnsupported, nil)

pkg/handler/socks/v5/mbind.go

@@ -0,0 +1,155 @@
+package v5
+
+import (
+	"context"
+	"net"
+	"time"
+
+	"github.com/go-gost/gosocks5"
+	"github.com/go-gost/gost/pkg/handler"
+	"github.com/go-gost/gost/pkg/internal/utils/mux"
+	"github.com/go-gost/gost/pkg/logger"
+)
+
+func (h *socks5Handler) handleMuxBind(ctx context.Context, conn net.Conn, req *gosocks5.Request) {
+	addr := req.Addr.String()
+
+	h.logger = h.logger.WithFields(map[string]interface{}{
+		"dst": addr,
+		"cmd": "mbind",
+	})
+
+	h.logger.Infof("%s >> %s", conn.RemoteAddr(), addr)
+
+	if h.chain.IsEmpty() {
+		h.muxBindLocal(ctx, conn, addr)
+		return
+	}
+
+	r := (&handler.Router{}).
+		WithChain(h.chain).
+		WithRetry(h.md.retryCount).
+		WithLogger(h.logger)
+	cc, err := r.Connect(ctx)
+	if err != nil {
+		resp := gosocks5.NewReply(gosocks5.Failure, nil)
+		resp.Write(conn)
+		if h.logger.IsLevelEnabled(logger.DebugLevel) {
+			h.logger.Debug(resp)
+		}
+		return
+	}
+	defer cc.Close()
+
+	// forward request
+	if err := req.Write(cc); err != nil {
+		h.logger.Error(err)
+		resp := gosocks5.NewReply(gosocks5.NetUnreachable, nil)
+		resp.Write(conn)
+		if h.logger.IsLevelEnabled(logger.DebugLevel) {
+			h.logger.Debug(resp)
+		}
+		return
+	}
+
+	t := time.Now()
+	h.logger.Infof("%s <-> %s", conn.RemoteAddr(), addr)
+	handler.Transport(conn, cc)
+	h.logger.
+		WithFields(map[string]interface{}{
+			"duration": time.Since(t),
+		}).
+		Infof("%s >-< %s", conn.RemoteAddr(), addr)
+}
+
+func (h *socks5Handler) muxBindLocal(ctx context.Context, conn net.Conn, addr string) {
+	bindAddr, _ := net.ResolveTCPAddr("tcp", addr)
+	ln, err := net.ListenTCP("tcp", bindAddr) // strict mode: if the port already in use, it will return error
+	if err != nil {
+		h.logger.Error(err)
+		reply := gosocks5.NewReply(gosocks5.Failure, nil)
+		if err := reply.Write(conn); err != nil {
+			h.logger.Error(err)
+		}
+		if h.logger.IsLevelEnabled(logger.DebugLevel) {
+			h.logger.Debug(reply.String())
+		}
+		return
+	}
+
+	socksAddr, err := gosocks5.NewAddr(ln.Addr().String())
+	if err != nil {
+		h.logger.Warn(err)
+		socksAddr = &gosocks5.Addr{
+			Type: gosocks5.AddrIPv4,
+		}
+	}
+
+	// Issue: may not reachable when host has multi-interface
+	socksAddr.Host, _, _ = net.SplitHostPort(conn.LocalAddr().String())
+	reply := gosocks5.NewReply(gosocks5.Succeeded, socksAddr)
+	if err := reply.Write(conn); err != nil {
+		h.logger.Error(err)
+		ln.Close()
+		return
+	}
+	if h.logger.IsLevelEnabled(logger.DebugLevel) {
+		h.logger.Debug(reply.String())
+	}
+
+	h.logger = h.logger.WithFields(map[string]interface{}{
+		"bind": socksAddr.String(),
+	})
+	h.logger.Infof("bind on: %s OK", socksAddr.String())
+
+	h.serveMuxBind(ctx, conn, ln)
+}
+
+func (h *socks5Handler) serveMuxBind(ctx context.Context, conn net.Conn, ln net.Listener) {
+	// Upgrade connection to multiplex stream.
+	session, err := mux.NewMuxSession(conn)
+	if err != nil {
+		h.logger.Error(err)
+		return
+	}
+	defer session.Close()
+
+	go func() {
+		defer ln.Close()
+		for {
+			conn, err := session.Accept()
+			if err != nil {
+				h.logger.Error(err)
+				return
+			}
+			conn.Close() // we do not handle incoming connections.
+		}
+	}()
+
+	for {
+		rc, err := ln.Accept()
+		if err != nil {
+			h.logger.Error(err)
+			return
+		}
+		h.logger.Infof("peer accepted: %s", rc.RemoteAddr().String())
+
+		go func(c net.Conn) {
+			defer c.Close()
+
+			sc, err := session.GetConn()
+			if err != nil {
+				h.logger.Error(err)
+				return
+			}
+			defer sc.Close()
+
+			t := time.Now()
+			h.logger.Infof("%s <-> %s", conn.RemoteAddr(), c.RemoteAddr().String())
+			handler.Transport(sc, c)
+			h.logger.
+				WithFields(map[string]interface{}{"duration": time.Since(t)}).
+				Infof("%s >-< %s", conn.RemoteAddr(), c.RemoteAddr().String())
+		}(rc)
+	}
+}

pkg/handler/socks/v5/metadata.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/go-gost/gost/pkg/auth"
-	"github.com/go-gost/gost/pkg/internal/utils"
+	util_tls "github.com/go-gost/gost/pkg/internal/utils/tls"
 	md "github.com/go-gost/gost/pkg/metadata"
 )
 
@@ -30,7 +30,7 @@ type metadata struct {
 
 func (h *socks5Handler) parseMetadata(md md.Metadata) error {
 	var err error
-	h.md.tlsConfig, err = utils.LoadTLSConfig(
+	h.md.tlsConfig, err = util_tls.LoadTLSConfig(
 		md.GetString(certFile),
 		md.GetString(keyFile),
 		md.GetString(caFile),

pkg/handler/socks/v5/selector.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/go-gost/gosocks5"
 	"github.com/go-gost/gost/pkg/auth"
+	"github.com/go-gost/gost/pkg/internal/utils/socks"
 	"github.com/go-gost/gost/pkg/logger"
 )
 
@@ -27,7 +28,7 @@ func (s *serverSelector) Select(methods ...uint8) (method uint8) {
 	}
 	method = gosocks5.MethodNoAuth
 	for _, m := range methods {
-		if m == MethodTLS && !s.noTLS {
+		if m == socks.MethodTLS && !s.noTLS {
 			method = m
 			break
 		}
@@ -38,8 +39,8 @@ func (s *serverSelector) Select(methods ...uint8) (method uint8) {
 		if method == gosocks5.MethodNoAuth {
 			method = gosocks5.MethodUserPass
 		}
-		if method == MethodTLS && !s.noTLS {
-			method = MethodTLSAuth
+		if method == socks.MethodTLS && !s.noTLS {
+			method = socks.MethodTLSAuth
 		}
 	}
 
@@ -51,11 +52,11 @@ func (s *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Conn, erro
 		s.logger.Debugf("%d %d", gosocks5.Ver5, method)
 	}
 	switch method {
-	case MethodTLS:
+	case socks.MethodTLS:
 		conn = tls.Server(conn, s.TLSConfig)
 
-	case gosocks5.MethodUserPass, MethodTLSAuth:
-		if method == MethodTLSAuth {
+	case gosocks5.MethodUserPass, socks.MethodTLSAuth:
+		if method == socks.MethodTLSAuth {
 			conn = tls.Server(conn, s.TLSConfig)
 		}
 

pkg/handler/socks/v5/udp.go

@@ -0,0 +1,168 @@
+package v5
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"io/ioutil"
+	"net"
+	"time"
+
+	"github.com/go-gost/gosocks5"
+	"github.com/go-gost/gost/pkg/internal/bufpool"
+	"github.com/go-gost/gost/pkg/logger"
+)
+
+func (h *socks5Handler) handleUDP(ctx context.Context, conn net.Conn, req *gosocks5.Request) {
+	h.logger = h.logger.WithFields(map[string]interface{}{
+		"cmd": "udp",
+	})
+
+	relay, err := net.ListenUDP("udp", nil)
+	if err != nil {
+		h.logger.Error(err)
+		reply := gosocks5.NewReply(gosocks5.Failure, nil)
+		reply.Write(conn)
+		if h.logger.IsLevelEnabled(logger.DebugLevel) {
+			h.logger.Debug(reply)
+		}
+		return
+	}
+	defer relay.Close()
+
+	saddr, _ := gosocks5.NewAddr(relay.LocalAddr().String())
+	if saddr == nil {
+		saddr = &gosocks5.Addr{}
+	}
+	saddr.Type = 0
+	saddr.Host, _, _ = net.SplitHostPort(conn.LocalAddr().String()) // replace the IP to the out-going interface's
+	reply := gosocks5.NewReply(gosocks5.Succeeded, saddr)
+	if err := reply.Write(conn); err != nil {
+		h.logger.Error(err)
+		return
+	}
+	if h.logger.IsLevelEnabled(logger.DebugLevel) {
+		h.logger.Debug(reply)
+	}
+
+	h.logger = h.logger.WithFields(map[string]interface{}{
+		"bind": saddr.String(),
+	})
+	h.logger.Infof("bind on %s OK", saddr.String())
+
+	if !h.chain.IsEmpty() {
+
+	}
+
+	peer, err := net.ListenUDP("udp", nil)
+	if err != nil {
+		h.logger.Error(err)
+		return
+	}
+	defer peer.Close()
+
+	go h.transportUDP(relay, peer)
+
+	t := time.Now()
+	h.logger.Infof("%s <-> %s", conn.RemoteAddr(), saddr)
+	io.Copy(ioutil.Discard, conn)
+	h.logger.
+		WithFields(map[string]interface{}{"duration": time.Since(t)}).
+		Infof("%s >-< %s", conn.RemoteAddr(), saddr)
+}
+
+func (h *socks5Handler) transportUDP(relay, peer net.PacketConn) (err error) {
+	const bufSize = 65 * 1024
+	errc := make(chan error, 2)
+
+	var clientAddr net.Addr
+
+	go func() {
+		b := bufpool.Get(bufSize)
+		defer bufpool.Put(b)
+
+		for {
+			n, laddr, err := relay.ReadFrom(b)
+			if err != nil {
+				errc <- err
+				return
+			}
+			if clientAddr == nil {
+				clientAddr = laddr
+			}
+
+			var addr gosocks5.Addr
+			header := gosocks5.UDPHeader{
+				Addr: &addr,
+			}
+			hlen, err := header.ReadFrom(bytes.NewReader(b[:n]))
+			if err != nil {
+				errc <- err
+				return
+			}
+
+			raddr, err := net.ResolveUDPAddr("udp", addr.String())
+			if err != nil {
+				continue // drop silently
+			}
+
+			if h.bypass != nil && h.bypass.Contains(raddr.String()) {
+				h.logger.Warn("bypass: ", raddr)
+				continue // bypass
+			}
+
+			data := b[hlen:n]
+			if _, err := peer.WriteTo(data, raddr); err != nil {
+				errc <- err
+				return
+			}
+			if h.logger.IsLevelEnabled(logger.DebugLevel) {
+				h.logger.Debugf("%s >>> %s: %v data: %d",
+					clientAddr, raddr, b[:hlen], len(data))
+			}
+		}
+	}()
+
+	go func() {
+		b := bufpool.Get(bufSize)
+		defer bufpool.Put(b)
+
+		const dataPos = 1024
+
+		for {
+			n, raddr, err := peer.ReadFrom(b[dataPos:])
+			if err != nil {
+				errc <- err
+				return
+			}
+			if clientAddr == nil {
+				continue
+			}
+			if h.bypass != nil && h.bypass.Contains(raddr.String()) {
+				h.logger.Warn("bypass: ", raddr)
+				continue // bypass
+			}
+
+			socksAddr, _ := gosocks5.NewAddr(raddr.String())
+			if socksAddr == nil {
+				socksAddr = &gosocks5.Addr{}
+			}
+			socksAddr.Type = 0
+			addrLen := socksAddr.Length()
+			socksAddr.Encode(b[dataPos-addrLen : dataPos])
+
+			hlen := addrLen + 3
+			if _, err := relay.WriteTo(b[dataPos-hlen:dataPos+n], clientAddr); err != nil {
+				errc <- err
+				return
+			}
+
+			if h.logger.IsLevelEnabled(logger.DebugLevel) {
+				h.logger.Debugf("%s <<< %s: %v data: %d",
+					clientAddr, raddr, b[dataPos-hlen:dataPos], n)
+			}
+		}
+	}()
+
+	return <-errc
+}