Files
x/connector/ss/connector.go
T
ginuerzh a86b5ab66b feat(ss): support none/dummy cipher via no-op AEAD implementation
The go-gost fork of go-shadowsocks2 dropped built-in support for the
none/dummy cipher that was present in the original go-shadowsocks2.
Combined with the SS components' hard requirement for auth (and
therefore a valid cipher), this made gost fail to start with
method=none or method=dummy.

Add a no-op cipher in x/internal/util/ss/none/ that implements the
core.ShadowCipher interface using the standard go-shadowsocks2 AEAD
framing (salt + length-prefixed chunks, target address embedding)
without actual encryption.  SaltSize=16 ensures random salts on every
connection to avoid bloom-ring replay detection.

Update SS TCP connector/handler and SS UDP connector/handler to detect
method=none/dummy (case-insensitive) and use the no-op cipher instead
of utils.NewClientConfig/NewServerConfig.

Fixes go-gost/x#105
2026-06-17 22:18:23 +08:00

122 lines
2.6 KiB
Go

package ss
import (
"context"
"errors"
"fmt"
"net"
"time"
"strings"
"github.com/go-gost/core/common/bufpool"
"github.com/go-gost/core/connector"
md "github.com/go-gost/core/metadata"
"github.com/go-gost/go-shadowsocks2/core"
"github.com/go-gost/go-shadowsocks2/socks"
"github.com/go-gost/go-shadowsocks2/utils"
"github.com/go-gost/gosocks5"
ctxvalue "github.com/go-gost/x/ctx"
"github.com/go-gost/x/internal/util/ss/none"
"github.com/go-gost/x/registry"
)
func init() {
registry.ConnectorRegistry().Register("ss", NewConnector)
}
type ssConnector struct {
client core.TCPClient
md metadata
options connector.Options
}
func NewConnector(opts ...connector.Option) connector.Connector {
options := connector.Options{}
for _, opt := range opts {
opt(&options)
}
return &ssConnector{
options: options,
}
}
func (c *ssConnector) Init(md md.Metadata) (err error) {
if err = c.parseMetadata(md); err != nil {
return
}
if c.options.Auth == nil {
return errors.New("ss: auth is required")
}
method := c.options.Auth.Username()
password, _ := c.options.Auth.Password()
if strings.EqualFold(method, "none") || strings.EqualFold(method, "dummy") {
c.client = core.NewTCPClient(core.ClientConfig{Cipher: none.Cipher})
return
}
clientConfig, err := utils.NewClientConfig(method, password)
if err != nil {
return err
}
c.client = core.NewTCPClient(clientConfig)
return
}
func (c *ssConnector) Connect(ctx context.Context, conn net.Conn, network, address string, opts ...connector.ConnectOption) (net.Conn, error) {
log := c.options.Logger.WithFields(map[string]any{
"remote": conn.RemoteAddr().String(),
"local": conn.LocalAddr().String(),
"network": network,
"address": address,
"sid": string(ctxvalue.SidFromContext(ctx)),
})
log.Debugf("connect %s/%s", address, network)
switch network {
case "tcp", "tcp4", "tcp6":
if _, ok := conn.(net.PacketConn); ok {
err := fmt.Errorf("tcp over udp is unsupported")
log.Error(err)
return nil, err
}
default:
err := fmt.Errorf("network %s is unsupported", network)
log.Error(err)
return nil, err
}
addr := gosocks5.Addr{}
if err := addr.ParseFrom(address); err != nil {
log.Error(err)
return nil, err
}
rawaddr := bufpool.Get(512)
defer bufpool.Put(rawaddr)
n, err := addr.Encode(rawaddr)
if err != nil {
log.Error("encoding addr: ", err)
return nil, err
}
if c.md.connectTimeout > 0 {
conn.SetDeadline(time.Now().Add(c.md.connectTimeout))
defer conn.SetDeadline(time.Time{})
}
target := socks.Addr(rawaddr[:n])
conn, err = c.client.WrapConn(conn, target)
if err != nil {
return nil, err
}
return conn, nil
}