/ libi2pd_client / SOCKS.cpp
SOCKS.cpp
1 /* 2 * Copyright (c) 2013-2025, The PurpleI2P Project 3 * 4 * This file is part of Purple i2pd project and licensed under BSD3 5 * 6 * See full license text in LICENSE file at top of project tree 7 */ 8 9 #include <cstring> 10 #include <cassert> 11 #include <string> 12 #include <atomic> 13 #include "SOCKS.h" 14 #include "Identity.h" 15 #include "Streaming.h" 16 #include "Destination.h" 17 #include "ClientContext.h" 18 #include "I2PEndian.h" 19 #include "I2PTunnel.h" 20 #include "I2PService.h" 21 #include "util.h" 22 #include "Socks5.h" 23 #include "UDPTunnel.h" 24 25 namespace i2p 26 { 27 namespace proxy 28 { 29 static const size_t socks_buffer_size = 8192; 30 static const size_t max_socks_hostname_size = 255; // Limit for socks5 and bad idea to traverse 31 32 struct SOCKSDnsAddress 33 { 34 uint8_t size; 35 char value[max_socks_hostname_size]; 36 void FromString (const std::string& str) 37 { 38 size = str.length(); 39 if (str.length() > max_socks_hostname_size) size = max_socks_hostname_size; 40 memcpy(value,str.c_str(),size); 41 } 42 std::string ToString() { return std::string(value, size); } 43 void push_back (char c) { value[size++] = c; } 44 }; 45 46 class SOCKSServer; 47 class SOCKSHandler: public i2p::client::I2PServiceHandler, public std::enable_shared_from_this<SOCKSHandler> 48 { 49 private: 50 51 enum state 52 { 53 GET_SOCKSV, 54 GET_COMMAND, 55 GET_PORT, 56 GET_IPV4, 57 GET4_IDENT, 58 GET4A_HOST, 59 GET5_AUTHNUM, 60 GET5_AUTH, 61 GET5_REQUESTV, 62 GET5_GETRSV, 63 GET5_GETADDRTYPE, 64 GET5_IPV6, 65 GET5_HOST_SIZE, 66 GET5_HOST, 67 GET5_USERPASSWD, 68 GET5_USER_SIZE, 69 GET5_USER, 70 GET5_PASSWD_SIZE, 71 GET5_PASSWD, 72 READY, 73 UPSTREAM_RESOLVE, 74 UPSTREAM_CONNECT, 75 UPSTREAM_HANDSHAKE 76 }; 77 enum authMethods 78 { 79 AUTH_NONE = 0, //No authentication, skip to next step 80 AUTH_GSSAPI = 1, //GSSAPI authentication 81 AUTH_USERPASSWD = 2, //Username and password 82 AUTH_UNACCEPTABLE = 0xff //No acceptable method found 83 }; 84 enum addrTypes 85 { 86 ADDR_IPV4 = 1, //IPv4 address (4 octets) 87 ADDR_DNS = 3, // DNS name (up to 255 octets) 88 ADDR_IPV6 = 4 //IPV6 address (16 octets) 89 }; 90 enum errTypes 91 { 92 SOCKS5_OK = 0, // No error for SOCKS5 93 SOCKS5_GEN_FAIL = 1, // General server failure 94 SOCKS5_RULE_DENIED = 2, // Connection disallowed by ruleset 95 SOCKS5_NET_UNREACH = 3, // Network unreachable 96 SOCKS5_HOST_UNREACH = 4, // Host unreachable 97 SOCKS5_CONN_REFUSED = 5, // Connection refused by the peer 98 SOCKS5_TTL_EXPIRED = 6, // TTL Expired 99 SOCKS5_CMD_UNSUP = 7, // Command unsupported 100 SOCKS5_ADDR_UNSUP = 8, // Address type unsupported 101 SOCKS4_OK = 90, // No error for SOCKS4 102 SOCKS4_FAIL = 91, // Failed establishing connecting or not allowed 103 SOCKS4_IDENTD_MISSING = 92, // Couldn't connect to the identd server 104 SOCKS4_IDENTD_DIFFER = 93 // The ID reported by the application and by identd differ 105 }; 106 enum cmdTypes 107 { 108 CMD_CONNECT = 1, // TCP Connect 109 CMD_BIND = 2, // TCP Bind 110 CMD_UDP = 3 // UDP associate 111 }; 112 enum socksVersions 113 { 114 SOCKS4 = 4, // SOCKS4 115 SOCKS5 = 5 // SOCKS5 116 }; 117 union address 118 { 119 uint32_t ip; 120 SOCKSDnsAddress dns; 121 uint8_t ipv6[16]; 122 }; 123 124 void EnterState(state nstate, uint8_t parseleft = 1); 125 bool HandleData(uint8_t *sock_buff, std::size_t len); 126 bool ValidateSOCKSRequest(); 127 void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); 128 void Terminate(); 129 void AsyncSockRead(); 130 SOCKSServer * GetServer () { return (SOCKSServer *)GetOwner (); }; 131 boost::asio::const_buffer GenerateSOCKS4Response(errTypes error, uint32_t ip, uint16_t port); 132 boost::asio::const_buffer GenerateSOCKS5Response(errTypes error, addrTypes type, const address &addr, uint16_t port); 133 bool Socks5ChooseAuth(); 134 void Socks5UserPasswdResponse (); 135 void SocksRequestFailed(errTypes error); 136 void SocksRequestSuccess(); 137 void SentSocksFailed(const boost::system::error_code & ecode); 138 void SentSocksDone(const boost::system::error_code & ecode); 139 void SentSocksResponse(const boost::system::error_code & ecode); 140 void HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream); 141 void ForwardSOCKS(); 142 143 template<typename Socket> 144 void SocksUpstreamSuccess(std::shared_ptr<Socket>& upstreamSock); 145 void AsyncUpstreamSockRead(); 146 template<typename Socket> 147 void SendUpstreamRequest(std::shared_ptr<Socket>& upstreamSock); 148 void HandleUpstreamConnected(const boost::system::error_code & ecode, 149 const boost::asio::ip::tcp::endpoint& ep); 150 void HandleUpstreamResolved(const boost::system::error_code & ecode, 151 boost::asio::ip::tcp::resolver::results_type endpoints); 152 153 boost::asio::ip::tcp::resolver m_proxy_resolver; 154 uint8_t m_sock_buff[socks_buffer_size]; 155 std::shared_ptr<boost::asio::ip::tcp::socket> m_sock, m_upstreamSock; 156 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS) 157 std::shared_ptr<boost::asio::local::stream_protocol::socket> m_upstreamLocalSock; 158 #endif 159 std::shared_ptr<i2p::stream::Stream> m_stream; 160 uint8_t *m_remaining_data; //Data left to be sent 161 uint8_t *m_remaining_upstream_data; //upstream data left to be forwarded 162 uint8_t m_response[7+max_socks_hostname_size]; 163 address m_address; //Address 164 std::size_t m_remaining_data_len; //Size of the data left to be sent 165 uint32_t m_4aip; //Used in 4a requests 166 uint16_t m_port; 167 uint8_t m_command; 168 uint8_t m_parseleft; //Octets left to parse 169 authMethods m_authchosen; //Authentication chosen 170 addrTypes m_addrtype; //Address type chosen 171 socksVersions m_socksv; //Socks version 172 cmdTypes m_cmd; // Command requested 173 state m_state; 174 const bool m_UseUpstreamProxy; // do we want to use the upstream proxy for non i2p addresses? 175 const std::string m_UpstreamProxyAddress; 176 const uint16_t m_UpstreamProxyPort; 177 std::unique_ptr<i2p::client::I2PUDPClientTunnel> m_UDPTunnel; 178 179 public: 180 181 SOCKSHandler(SOCKSServer * parent, std::shared_ptr<boost::asio::ip::tcp::socket> sock, const std::string & upstreamAddr, const uint16_t upstreamPort, const bool useUpstream) : 182 I2PServiceHandler(parent), 183 m_proxy_resolver(parent->GetService()), 184 m_sock(sock), m_stream(nullptr), 185 m_authchosen(AUTH_UNACCEPTABLE), m_addrtype(ADDR_IPV4), 186 m_UseUpstreamProxy(useUpstream), 187 m_UpstreamProxyAddress(upstreamAddr), 188 m_UpstreamProxyPort(upstreamPort) 189 { m_address.ip = 0; EnterState(GET_SOCKSV); } 190 191 ~SOCKSHandler() { Terminate(); } 192 void Handle() { AsyncSockRead(); } 193 }; 194 195 void SOCKSHandler::AsyncSockRead() 196 { 197 LogPrint(eLogDebug, "SOCKS: Async sock read"); 198 if (m_sock) { 199 m_sock->async_receive(boost::asio::buffer(m_sock_buff, socks_buffer_size), 200 std::bind(&SOCKSHandler::HandleSockRecv, shared_from_this(), 201 std::placeholders::_1, std::placeholders::_2)); 202 } else { 203 LogPrint(eLogError,"SOCKS: No socket for read"); 204 } 205 } 206 207 void SOCKSHandler::Terminate() 208 { 209 if (Kill()) return; 210 if (m_sock) 211 { 212 LogPrint(eLogDebug, "SOCKS: Closing socket"); 213 m_sock->close(); 214 m_sock = nullptr; 215 } 216 if (m_upstreamSock) 217 { 218 LogPrint(eLogDebug, "SOCKS: Closing upstream socket"); 219 m_upstreamSock->close(); 220 m_upstreamSock = nullptr; 221 } 222 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS) 223 if (m_upstreamLocalSock) 224 { 225 LogPrint(eLogDebug, "SOCKS: Closing upstream local socket"); 226 m_upstreamLocalSock->close(); 227 m_upstreamLocalSock = nullptr; 228 } 229 #endif 230 if (m_stream) 231 { 232 LogPrint(eLogDebug, "SOCKS: Closing stream"); 233 m_stream.reset (); 234 } 235 if (m_UDPTunnel) 236 { 237 m_UDPTunnel->Stop (); 238 GetServer ()->ReleaseLocalUDPPort (m_UDPTunnel->GetLocalEndpoint ().port ()); 239 m_UDPTunnel = nullptr; 240 } 241 Done(shared_from_this()); 242 } 243 244 boost::asio::const_buffer SOCKSHandler::GenerateSOCKS4Response(SOCKSHandler::errTypes error, uint32_t ip, uint16_t port) 245 { 246 assert(error >= SOCKS4_OK); 247 m_response[0] = '\x00'; // version 248 m_response[1] = error; // response code 249 htobe16buf(m_response + 2, port); // port 250 htobe32buf(m_response + 4, ip); // IP 251 return boost::asio::const_buffer (m_response,8); 252 } 253 254 boost::asio::const_buffer SOCKSHandler::GenerateSOCKS5Response(SOCKSHandler::errTypes error, SOCKSHandler::addrTypes type, const SOCKSHandler::address &addr, uint16_t port) 255 { 256 size_t size = 6; // header + port 257 assert(error <= SOCKS5_ADDR_UNSUP); 258 m_response[0] = '\x05'; // version 259 m_response[1] = error; // response code 260 m_response[2] = '\x00'; // reserved 261 m_response[3] = type; // address type 262 switch (type) 263 { 264 case ADDR_IPV4: 265 size += 4; 266 htobe32buf(m_response + 4, addr.ip); 267 htobe16buf(m_response + size - 2, port); 268 break; 269 case ADDR_IPV6: 270 size += 16; 271 memcpy(m_response + 4, addr.ipv6, 16); 272 htobe16buf(m_response + size - 2, port); 273 break; 274 case ADDR_DNS: 275 std::string address(addr.dns.value, addr.dns.size); 276 if(address.substr(addr.dns.size - 4, 4) == ".i2p") // overwrite if requested address inside I2P 277 { 278 m_response[3] = ADDR_IPV4; 279 size += 4; 280 memset(m_response + 4, 0, 6); // six HEX zeros 281 } 282 else 283 { 284 size += (1 + addr.dns.size); /* name length + resolved address */ 285 m_response[4] = addr.dns.size; 286 memcpy(m_response + 5, addr.dns.value, addr.dns.size); 287 htobe16buf(m_response + size - 2, port); 288 } 289 break; 290 } 291 return boost::asio::const_buffer (m_response, size); 292 } 293 294 bool SOCKSHandler::Socks5ChooseAuth() 295 { 296 m_response[0] = '\x05'; // Version 297 m_response[1] = m_authchosen; // Response code 298 boost::asio::const_buffer response(m_response, 2); 299 if (m_authchosen == AUTH_UNACCEPTABLE) 300 { 301 LogPrint(eLogWarning, "SOCKS: v5 authentication negotiation failed"); 302 boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed, shared_from_this(), std::placeholders::_1)); 303 return false; 304 } 305 else 306 { 307 LogPrint(eLogDebug, "SOCKS: v5 choosing authentication method: ", m_authchosen); 308 boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksResponse, shared_from_this(), std::placeholders::_1)); 309 return true; 310 } 311 } 312 313 void SOCKSHandler::Socks5UserPasswdResponse () 314 { 315 m_response[0] = 1; // Version of the subnegotiation 316 m_response[1] = 0; // Response code 317 LogPrint(eLogDebug, "SOCKS: v5 user/password response"); 318 boost::asio::async_write(*m_sock, boost::asio::const_buffer(m_response, 2), 319 std::bind(&SOCKSHandler::SentSocksResponse, shared_from_this(), std::placeholders::_1)); 320 } 321 322 /* All hope is lost beyond this point */ 323 void SOCKSHandler::SocksRequestFailed(SOCKSHandler::errTypes error) 324 { 325 boost::asio::const_buffer response(nullptr,0); 326 assert(error != SOCKS4_OK && error != SOCKS5_OK); 327 switch (m_socksv) 328 { 329 case SOCKS4: 330 LogPrint(eLogWarning, "SOCKS: v4 request failed: ", error); 331 if (error < SOCKS4_OK) error = SOCKS4_FAIL; // Transparently map SOCKS5 errors 332 response = GenerateSOCKS4Response(error, m_4aip, m_port); 333 break; 334 case SOCKS5: 335 LogPrint(eLogWarning, "SOCKS: v5 request failed: ", error); 336 response = GenerateSOCKS5Response(error, m_addrtype, m_address, m_port); 337 break; 338 } 339 boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksFailed, 340 shared_from_this(), std::placeholders::_1)); 341 } 342 343 void SOCKSHandler::SocksRequestSuccess() 344 { 345 boost::asio::const_buffer response(nullptr,0); 346 // TODO: this should depend on things like the command type and callbacks may change 347 switch (m_socksv) 348 { 349 case SOCKS4: 350 LogPrint(eLogInfo, "SOCKS: v4 connection success"); 351 response = GenerateSOCKS4Response(SOCKS4_OK, m_4aip, m_port); 352 break; 353 case SOCKS5: 354 LogPrint(eLogInfo, "SOCKS: v5 connection success"); 355 if (m_cmd == CMD_UDP && m_UDPTunnel) 356 { 357 address ad; 358 // TODO: implement ipv6 359 ad.ip = m_UDPTunnel->GetLocalEndpoint ().address ().to_v4 ().to_uint (); 360 response = GenerateSOCKS5Response(SOCKS5_OK, ADDR_IPV4, ad, m_UDPTunnel->GetLocalEndpoint ().port ()); 361 } 362 else 363 { 364 auto s = i2p::client::context.GetAddressBook().ToAddress(GetOwner()->GetLocalDestination()->GetIdentHash()); 365 address ad; ad.dns.FromString(s); 366 // HACK only 16 bits passed in port as SOCKS5 doesn't allow for more 367 response = GenerateSOCKS5Response(SOCKS5_OK, ADDR_DNS, ad, m_stream ? m_stream->GetRecvStreamID() : 0); 368 } 369 break; 370 } 371 boost::asio::async_write(*m_sock, response, std::bind(&SOCKSHandler::SentSocksDone, shared_from_this(), std::placeholders::_1)); 372 } 373 374 void SOCKSHandler::EnterState(SOCKSHandler::state nstate, uint8_t parseleft) { 375 switch (nstate) 376 { 377 case GET_PORT: parseleft = 2; break; 378 case GET_IPV4: m_addrtype = ADDR_IPV4; m_address.ip = 0; parseleft = 4; break; 379 case GET4_IDENT: m_4aip = m_address.ip; break; 380 case GET4A_HOST: 381 case GET5_HOST: m_addrtype = ADDR_DNS; m_address.dns.size = 0; break; 382 case GET5_IPV6: m_addrtype = ADDR_IPV6; parseleft = 16; break; 383 default:; 384 } 385 m_parseleft = parseleft; 386 m_state = nstate; 387 } 388 389 bool SOCKSHandler::ValidateSOCKSRequest() 390 { 391 if ( m_cmd != CMD_CONNECT && m_cmd != CMD_UDP) 392 { 393 // TODO: we need to support binds and other shit! 394 LogPrint(eLogError, "SOCKS: Unsupported command: ", m_cmd); 395 SocksRequestFailed(SOCKS5_CMD_UNSUP); 396 return false; 397 } 398 // TODO: we may want to support other address types! 399 if ( m_addrtype != ADDR_DNS ) 400 { 401 switch (m_socksv) 402 { 403 case SOCKS5: 404 LogPrint(eLogError, "SOCKS: v5 unsupported address type: ", m_addrtype); 405 break; 406 case SOCKS4: 407 LogPrint(eLogError, "SOCKS: Request with v4a rejected because it's actually SOCKS4"); 408 break; 409 } 410 SocksRequestFailed(SOCKS5_ADDR_UNSUP); 411 return false; 412 } 413 return true; 414 } 415 416 bool SOCKSHandler::HandleData(uint8_t *sock_buff, std::size_t len) 417 { 418 assert(len); // This should always be called with a least a byte left to parse 419 while (len > 0) 420 { 421 switch (m_state) 422 { 423 case GET_SOCKSV: 424 m_socksv = (SOCKSHandler::socksVersions) *sock_buff; 425 switch (*sock_buff) 426 { 427 case SOCKS4: 428 EnterState(GET_COMMAND); //Initialize the parser at the right position 429 break; 430 case SOCKS5: 431 EnterState(GET5_AUTHNUM); //Initialize the parser at the right position 432 break; 433 default: 434 LogPrint(eLogError, "SOCKS: Rejected invalid version: ", ((int)*sock_buff)); 435 Terminate(); 436 return false; 437 } 438 break; 439 case GET5_AUTHNUM: 440 EnterState(GET5_AUTH, *sock_buff); 441 break; 442 case GET5_AUTH: 443 m_parseleft --; 444 if (*sock_buff == AUTH_NONE) 445 m_authchosen = AUTH_NONE; 446 else if (*sock_buff == AUTH_USERPASSWD) 447 m_authchosen = AUTH_USERPASSWD; 448 if ( m_parseleft == 0 ) 449 { 450 if (!Socks5ChooseAuth()) return false; 451 if (m_authchosen == AUTH_USERPASSWD) 452 EnterState(GET5_USERPASSWD); 453 else 454 EnterState(GET5_REQUESTV); 455 } 456 break; 457 case GET_COMMAND: 458 switch (*sock_buff) 459 { 460 case CMD_CONNECT: 461 case CMD_BIND: 462 break; 463 case CMD_UDP: 464 if (m_socksv == SOCKS5) break; 465 [[fallthrough]]; 466 default: 467 LogPrint(eLogError, "SOCKS: Invalid command: ", ((int)*sock_buff)); 468 SocksRequestFailed(SOCKS5_GEN_FAIL); 469 return false; 470 } 471 m_cmd = (SOCKSHandler::cmdTypes)*sock_buff; 472 switch (m_socksv) 473 { 474 case SOCKS5: EnterState(GET5_GETRSV); break; 475 case SOCKS4: EnterState(GET_PORT); break; 476 } 477 break; 478 case GET_PORT: 479 m_port = (m_port << 8)|((uint16_t)*sock_buff); 480 m_parseleft--; 481 if (m_parseleft == 0) 482 { 483 switch (m_socksv) 484 { 485 case SOCKS5: EnterState(READY); break; 486 case SOCKS4: EnterState(GET_IPV4); break; 487 } 488 } 489 break; 490 case GET_IPV4: 491 m_address.ip = (m_address.ip << 8)|((uint32_t)*sock_buff); 492 m_parseleft--; 493 if (m_parseleft == 0) 494 { 495 switch (m_socksv) 496 { 497 case SOCKS5: EnterState(GET_PORT); break; 498 case SOCKS4: EnterState(GET4_IDENT); m_4aip = m_address.ip; break; 499 } 500 } 501 break; 502 case GET4_IDENT: 503 if (!*sock_buff) 504 { 505 if( m_4aip == 0 || m_4aip > 255 ) 506 EnterState(READY); 507 else 508 EnterState(GET4A_HOST); 509 } 510 break; 511 case GET4A_HOST: 512 if (!*sock_buff) 513 { 514 EnterState(READY); 515 break; 516 } 517 if (m_address.dns.size >= max_socks_hostname_size) 518 { 519 LogPrint(eLogError, "SOCKS: v4a req failed: destination is too large"); 520 SocksRequestFailed(SOCKS4_FAIL); 521 return false; 522 } 523 m_address.dns.push_back(*sock_buff); 524 break; 525 case GET5_REQUESTV: 526 if (*sock_buff != SOCKS5) 527 { 528 LogPrint(eLogError,"SOCKS: v5 rejected unknown request version: ", ((int)*sock_buff)); 529 SocksRequestFailed(SOCKS5_GEN_FAIL); 530 return false; 531 } 532 EnterState(GET_COMMAND); 533 break; 534 case GET5_GETRSV: 535 if ( *sock_buff != 0 ) 536 { 537 LogPrint(eLogError, "SOCKS: v5 unknown reserved field: ", ((int)*sock_buff)); 538 SocksRequestFailed(SOCKS5_GEN_FAIL); 539 return false; 540 } 541 EnterState(GET5_GETADDRTYPE); 542 break; 543 case GET5_GETADDRTYPE: 544 switch (*sock_buff) 545 { 546 case ADDR_IPV4: EnterState(GET_IPV4); break; 547 case ADDR_IPV6: EnterState(GET5_IPV6); break; 548 case ADDR_DNS : EnterState(GET5_HOST_SIZE); break; 549 default: 550 LogPrint(eLogError, "SOCKS: v5 unknown address type: ", ((int)*sock_buff)); 551 SocksRequestFailed(SOCKS5_GEN_FAIL); 552 return false; 553 } 554 break; 555 case GET5_IPV6: 556 m_address.ipv6[16-m_parseleft] = *sock_buff; 557 m_parseleft--; 558 if (m_parseleft == 0) EnterState(GET_PORT); 559 break; 560 case GET5_HOST_SIZE: 561 EnterState(GET5_HOST, *sock_buff); 562 break; 563 case GET5_HOST: 564 m_address.dns.push_back(*sock_buff); 565 m_parseleft--; 566 if (m_parseleft == 0) EnterState(GET_PORT); 567 break; 568 case GET5_USERPASSWD: 569 if (*sock_buff != 1) 570 { 571 LogPrint(eLogError,"SOCKS: v5 rejected invalid username/password subnegotiation: ", ((int)*sock_buff)); 572 SocksRequestFailed(SOCKS5_GEN_FAIL); 573 return false; 574 } 575 EnterState(GET5_USER_SIZE); 576 break; 577 case GET5_USER_SIZE: 578 if (*sock_buff) 579 EnterState(GET5_USER, *sock_buff); 580 else // empty user 581 EnterState(GET5_PASSWD_SIZE); 582 break; 583 case GET5_USER: 584 // skip user for now 585 m_parseleft--; 586 if (m_parseleft == 0) EnterState(GET5_PASSWD_SIZE); 587 break; 588 case GET5_PASSWD_SIZE: 589 if (*sock_buff) 590 EnterState(GET5_PASSWD, *sock_buff); 591 else // empty password 592 { 593 Socks5UserPasswdResponse (); 594 EnterState(GET5_REQUESTV); 595 } 596 break; 597 case GET5_PASSWD: 598 // skip passwd for now 599 m_parseleft--; 600 if (m_parseleft == 0) 601 { 602 Socks5UserPasswdResponse (); 603 EnterState(GET5_REQUESTV); 604 } 605 break; 606 default: 607 LogPrint(eLogError, "SOCKS: Parse state?? ", m_state); 608 Terminate(); 609 return false; 610 } 611 sock_buff++; 612 len--; 613 if (m_state == READY) 614 { 615 m_remaining_data_len = len; 616 m_remaining_data = sock_buff; 617 return ValidateSOCKSRequest(); 618 } 619 } 620 return true; 621 } 622 623 void SOCKSHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len) 624 { 625 LogPrint(eLogDebug, "SOCKS: Received ", len, " bytes"); 626 if(ecode) 627 { 628 LogPrint(eLogWarning, "SOCKS: Recv got error: ", ecode); 629 Terminate(); 630 return; 631 } 632 633 if (HandleData(m_sock_buff, len)) 634 { 635 if (m_state == READY) 636 { 637 const std::string addr = m_address.dns.ToString(); 638 LogPrint(eLogInfo, "SOCKS: Requested ", addr, ":" , m_port); 639 const size_t addrlen = addr.size(); 640 // does it end with .i2p? 641 if (addr.rfind(".i2p") == addrlen - 4) 642 { 643 // yes it does 644 switch (m_cmd) 645 { 646 case CMD_CONNECT: 647 //make an i2p session 648 GetOwner()->CreateStream ( std::bind (&SOCKSHandler::HandleStreamRequestComplete, 649 shared_from_this(), std::placeholders::_1), m_address.dns.ToString(), m_port); 650 break; 651 case CMD_UDP: 652 // create UDP client tunnel 653 LogPrint (eLogInfo, "SOCKS: New UDP associate connection"); 654 m_UDPTunnel = std::make_unique<i2p::client::I2PUDPClientTunnel>("", addr, 655 GetServer ()->GetNextLocalUDPEndpoint (), 656 GetOwner ()->GetLocalDestination (), m_port, false, i2p::datagram::eDatagramV3); 657 boost::asio::post (GetOwner ()->GetService (), [this](void) 658 { 659 SocksRequestSuccess(); 660 }); 661 break; 662 default: ; 663 } 664 } 665 else if (m_UseUpstreamProxy) 666 // forward it to upstream proxy 667 ForwardSOCKS(); 668 else 669 // no upstream proxy 670 SocksRequestFailed(SOCKS5_ADDR_UNSUP); 671 } 672 else 673 AsyncSockRead(); 674 } 675 } 676 677 void SOCKSHandler::SentSocksFailed(const boost::system::error_code & ecode) 678 { 679 if (ecode) 680 LogPrint (eLogError, "SOCKS: Closing socket after sending failure because: ", ecode.message ()); 681 Terminate(); 682 } 683 684 void SOCKSHandler::SentSocksDone(const boost::system::error_code & ecode) 685 { 686 if (!ecode) 687 { 688 if (m_cmd == CMD_CONNECT) 689 { 690 if (Kill()) return; 691 LogPrint (eLogInfo, "SOCKS: New I2PTunnel connection"); 692 auto connection = std::make_shared<i2p::client::I2PTunnelConnection>(GetOwner(), m_sock, m_stream); 693 GetOwner()->AddHandler (connection); 694 connection->I2PConnect (m_remaining_data,m_remaining_data_len); 695 Done(shared_from_this()); 696 } 697 else if (m_cmd == CMD_UDP && m_UDPTunnel) 698 { 699 LogPrint (eLogInfo, "SOCKS: Start UDP tunnel"); 700 m_UDPTunnel->Start (); 701 AsyncSockRead (); // associate socket 702 } 703 } 704 else 705 { 706 LogPrint (eLogError, "SOCKS: Closing socket after completion reply because: ", ecode.message ()); 707 Terminate(); 708 } 709 } 710 711 void SOCKSHandler::SentSocksResponse(const boost::system::error_code & ecode) 712 { 713 if (ecode) 714 { 715 LogPrint (eLogError, "SOCKS: Closing socket after sending reply because: ", ecode.message ()); 716 Terminate(); 717 } 718 } 719 720 void SOCKSHandler::HandleStreamRequestComplete (std::shared_ptr<i2p::stream::Stream> stream) 721 { 722 if (stream) 723 { 724 m_stream = stream; 725 SocksRequestSuccess(); 726 } 727 else 728 { 729 LogPrint (eLogError, "SOCKS: Error when creating the stream, check the previous warnings for more info"); 730 SocksRequestFailed(SOCKS5_HOST_UNREACH); 731 } 732 } 733 734 void SOCKSHandler::ForwardSOCKS() 735 { 736 LogPrint(eLogInfo, "SOCKS: Forwarding to upstream"); 737 if (m_UpstreamProxyPort) // TCP 738 { 739 EnterState(UPSTREAM_RESOLVE); 740 m_proxy_resolver.async_resolve(m_UpstreamProxyAddress, std::to_string(m_UpstreamProxyPort), 741 std::bind(&SOCKSHandler::HandleUpstreamResolved, shared_from_this(), std::placeholders::_1, std::placeholders::_2)); 742 } 743 else if (!m_UpstreamProxyAddress.empty ())// local 744 { 745 #if defined(BOOST_ASIO_HAS_LOCAL_SOCKETS) 746 EnterState(UPSTREAM_CONNECT); 747 m_upstreamLocalSock = std::make_shared<boost::asio::local::stream_protocol::socket>(GetOwner()->GetService()); 748 auto s = shared_from_this (); 749 m_upstreamLocalSock->async_connect(m_UpstreamProxyAddress, 750 [s](const boost::system::error_code& ecode) 751 { 752 if (ecode) 753 { 754 LogPrint(eLogWarning, "SOCKS: Could not connect to local upstream proxy: ", ecode.message()); 755 s->SocksRequestFailed(SOCKS5_NET_UNREACH); 756 return; 757 } 758 LogPrint(eLogInfo, "SOCKS: Connected to local upstream proxy"); 759 s->SendUpstreamRequest(s->m_upstreamLocalSock); 760 }); 761 #else 762 LogPrint(eLogError, "SOCKS: Local sockets for upstream proxy not supported"); 763 SocksRequestFailed(SOCKS5_ADDR_UNSUP); 764 #endif 765 } 766 else 767 { 768 LogPrint(eLogError, "SOCKS: Incorrect upstream proxy address"); 769 SocksRequestFailed(SOCKS5_ADDR_UNSUP); 770 } 771 } 772 773 template<typename Socket> 774 void SOCKSHandler::SocksUpstreamSuccess(std::shared_ptr<Socket>& upstreamSock) 775 { 776 LogPrint(eLogInfo, "SOCKS: Upstream success"); 777 boost::asio::const_buffer response(nullptr, 0); 778 switch (m_socksv) 779 { 780 case SOCKS4: 781 LogPrint(eLogInfo, "SOCKS: v4 connection success"); 782 response = GenerateSOCKS4Response(SOCKS4_OK, m_4aip, m_port); 783 break; 784 case SOCKS5: 785 LogPrint(eLogInfo, "SOCKS: v5 connection success"); 786 //HACK only 16 bits passed in port as SOCKS5 doesn't allow for more 787 response = GenerateSOCKS5Response(SOCKS5_OK, ADDR_DNS, m_address, m_port); 788 break; 789 } 790 m_sock->send(response); 791 auto forwarder = CreateSocketsPipe (GetOwner(), m_sock, upstreamSock); 792 upstreamSock = nullptr; 793 m_sock = nullptr; 794 GetOwner()->AddHandler(forwarder); 795 forwarder->Start(); 796 Terminate(); 797 } 798 799 template<typename Socket> 800 void SOCKSHandler::SendUpstreamRequest(std::shared_ptr<Socket>& upstreamSock) 801 { 802 LogPrint(eLogInfo, "SOCKS: Negotiating with upstream proxy"); 803 EnterState(UPSTREAM_HANDSHAKE); 804 if (upstreamSock) 805 { 806 auto s = shared_from_this (); 807 i2p::transport::Socks5Handshake (*upstreamSock, std::make_pair(m_address.dns.ToString (), m_port), 808 [s, &upstreamSock](const boost::system::error_code& ec) 809 { 810 if (!ec) 811 s->SocksUpstreamSuccess(upstreamSock); 812 else 813 { 814 s->SocksRequestFailed(SOCKS5_NET_UNREACH); 815 LogPrint(eLogError, "SOCKS: Upstream proxy failure: ", ec.message ()); 816 } 817 }); 818 } 819 else 820 LogPrint(eLogError, "SOCKS: No upstream socket to send handshake to"); 821 } 822 823 void SOCKSHandler::HandleUpstreamConnected(const boost::system::error_code & ecode, 824 const boost::asio::ip::tcp::endpoint& ep) 825 { 826 if (ecode) { 827 LogPrint(eLogWarning, "SOCKS: Could not connect to upstream proxy: ", ecode.message()); 828 SocksRequestFailed(SOCKS5_NET_UNREACH); 829 return; 830 } 831 LogPrint(eLogInfo, "SOCKS: Connected to upstream proxy"); 832 SendUpstreamRequest(m_upstreamSock); 833 } 834 835 void SOCKSHandler::HandleUpstreamResolved(const boost::system::error_code & ecode, 836 boost::asio::ip::tcp::resolver::results_type endpoints) 837 { 838 if (ecode) { 839 // error resolving 840 LogPrint(eLogWarning, "SOCKS: Upstream proxy", m_UpstreamProxyAddress, " not resolved: ", ecode.message()); 841 SocksRequestFailed(SOCKS5_NET_UNREACH); 842 return; 843 } 844 LogPrint(eLogInfo, "SOCKS: Upstream proxy resolved"); 845 EnterState(UPSTREAM_CONNECT); 846 auto & service = GetOwner()->GetService(); 847 m_upstreamSock = std::make_shared<boost::asio::ip::tcp::socket>(service); 848 boost::asio::async_connect(*m_upstreamSock, endpoints, 849 std::bind(&SOCKSHandler::HandleUpstreamConnected, 850 shared_from_this(), std::placeholders::_1, std::placeholders::_2)); 851 } 852 853 SOCKSServer::SOCKSServer(const std::string& name, const std::string& address, uint16_t port, 854 bool outEnable, const std::string& outAddress, uint16_t outPort, 855 std::shared_ptr<i2p::client::ClientDestination> localDestination) : 856 TCPIPAcceptor (address, port, localDestination ? localDestination : i2p::client::context.GetSharedLocalDestination ()), m_Name (name) 857 { 858 m_UseUpstreamProxy = false; 859 if (outAddress.length() > 0 && outEnable) 860 SetUpstreamProxy(outAddress, outPort); 861 } 862 863 std::shared_ptr<i2p::client::I2PServiceHandler> SOCKSServer::CreateHandler(std::shared_ptr<boost::asio::ip::tcp::socket> socket) 864 { 865 return std::make_shared<SOCKSHandler> (this, socket, m_UpstreamProxyAddress, m_UpstreamProxyPort, m_UseUpstreamProxy); 866 } 867 868 void SOCKSServer::SetUpstreamProxy(const std::string & addr, const uint16_t port) 869 { 870 m_UpstreamProxyAddress = addr; 871 m_UpstreamProxyPort = port; 872 m_UseUpstreamProxy = true; 873 } 874 875 boost::asio::ip::udp::endpoint SOCKSServer::GetNextLocalUDPEndpoint () 876 { 877 const auto& localEndpoint = GetLocalEndpoint (); 878 uint16_t port = localEndpoint.port (); 879 #if __cplusplus >= 202002L // C++20 880 while (m_UDPPorts.contains (port)) 881 #else 882 while (m_UDPPorts.count (port) > 0) 883 #endif 884 port++; 885 m_UDPPorts.insert (port); 886 887 return boost::asio::ip::udp::endpoint (localEndpoint.address (), port); // use proxy address 888 } 889 890 void SOCKSServer::ReleaseLocalUDPPort (uint16_t port) 891 { 892 m_UDPPorts.erase (port); 893 } 894 } 895 }