trojan.go 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348
  1. package trojan
  2. import (
  3. "context"
  4. "crypto/sha256"
  5. "crypto/tls"
  6. "encoding/binary"
  7. "encoding/hex"
  8. "errors"
  9. "io"
  10. "net"
  11. "net/http"
  12. "sync"
  13. N "github.com/metacubex/mihomo/common/net"
  14. "github.com/metacubex/mihomo/common/pool"
  15. "github.com/metacubex/mihomo/component/ca"
  16. tlsC "github.com/metacubex/mihomo/component/tls"
  17. C "github.com/metacubex/mihomo/constant"
  18. "github.com/metacubex/mihomo/transport/socks5"
  19. "github.com/metacubex/mihomo/transport/vmess"
  20. )
  21. const (
  22. // max packet length
  23. maxLength = 8192
  24. )
  25. var (
  26. defaultALPN = []string{"h2", "http/1.1"}
  27. defaultWebsocketALPN = []string{"http/1.1"}
  28. crlf = []byte{'\r', '\n'}
  29. )
  30. type Command = byte
  31. const (
  32. CommandTCP byte = 1
  33. CommandUDP byte = 3
  34. // deprecated XTLS commands, as souvenirs
  35. commandXRD byte = 0xf0 // XTLS direct mode
  36. commandXRO byte = 0xf1 // XTLS origin mode
  37. )
  38. type Option struct {
  39. Password string
  40. ALPN []string
  41. ServerName string
  42. SkipCertVerify bool
  43. Fingerprint string
  44. ClientFingerprint string
  45. Reality *tlsC.RealityConfig
  46. }
  47. type WebsocketOption struct {
  48. Host string
  49. Port string
  50. Path string
  51. Headers http.Header
  52. V2rayHttpUpgrade bool
  53. V2rayHttpUpgradeFastOpen bool
  54. }
  55. type Trojan struct {
  56. option *Option
  57. hexPassword []byte
  58. }
  59. func (t *Trojan) StreamConn(ctx context.Context, conn net.Conn) (net.Conn, error) {
  60. alpn := defaultALPN
  61. if len(t.option.ALPN) != 0 {
  62. alpn = t.option.ALPN
  63. }
  64. tlsConfig := &tls.Config{
  65. NextProtos: alpn,
  66. MinVersion: tls.VersionTLS12,
  67. InsecureSkipVerify: t.option.SkipCertVerify,
  68. ServerName: t.option.ServerName,
  69. }
  70. var err error
  71. tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, t.option.Fingerprint)
  72. if err != nil {
  73. return nil, err
  74. }
  75. if len(t.option.ClientFingerprint) != 0 {
  76. if t.option.Reality == nil {
  77. utlsConn, valid := vmess.GetUTLSConn(conn, t.option.ClientFingerprint, tlsConfig)
  78. if valid {
  79. ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
  80. defer cancel()
  81. err := utlsConn.(*tlsC.UConn).HandshakeContext(ctx)
  82. return utlsConn, err
  83. }
  84. } else {
  85. ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
  86. defer cancel()
  87. return tlsC.GetRealityConn(ctx, conn, t.option.ClientFingerprint, tlsConfig, t.option.Reality)
  88. }
  89. }
  90. if t.option.Reality != nil {
  91. return nil, errors.New("REALITY is based on uTLS, please set a client-fingerprint")
  92. }
  93. tlsConn := tls.Client(conn, tlsConfig)
  94. // fix tls handshake not timeout
  95. ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
  96. defer cancel()
  97. err = tlsConn.HandshakeContext(ctx)
  98. return tlsConn, err
  99. }
  100. func (t *Trojan) StreamWebsocketConn(ctx context.Context, conn net.Conn, wsOptions *WebsocketOption) (net.Conn, error) {
  101. alpn := defaultWebsocketALPN
  102. if len(t.option.ALPN) != 0 {
  103. alpn = t.option.ALPN
  104. }
  105. tlsConfig := &tls.Config{
  106. NextProtos: alpn,
  107. MinVersion: tls.VersionTLS12,
  108. InsecureSkipVerify: t.option.SkipCertVerify,
  109. ServerName: t.option.ServerName,
  110. }
  111. var err error
  112. tlsConfig, err = ca.GetSpecifiedFingerprintTLSConfig(tlsConfig, t.option.Fingerprint)
  113. if err != nil {
  114. return nil, err
  115. }
  116. return vmess.StreamWebsocketConn(ctx, conn, &vmess.WebsocketConfig{
  117. Host: wsOptions.Host,
  118. Port: wsOptions.Port,
  119. Path: wsOptions.Path,
  120. Headers: wsOptions.Headers,
  121. V2rayHttpUpgrade: wsOptions.V2rayHttpUpgrade,
  122. V2rayHttpUpgradeFastOpen: wsOptions.V2rayHttpUpgradeFastOpen,
  123. TLS: true,
  124. TLSConfig: tlsConfig,
  125. ClientFingerprint: t.option.ClientFingerprint,
  126. })
  127. }
  128. func (t *Trojan) WriteHeader(w io.Writer, command Command, socks5Addr []byte) error {
  129. buf := pool.GetBuffer()
  130. defer pool.PutBuffer(buf)
  131. buf.Write(t.hexPassword)
  132. buf.Write(crlf)
  133. buf.WriteByte(command)
  134. buf.Write(socks5Addr)
  135. buf.Write(crlf)
  136. _, err := w.Write(buf.Bytes())
  137. return err
  138. }
  139. func (t *Trojan) PacketConn(conn net.Conn) net.PacketConn {
  140. return &PacketConn{
  141. Conn: conn,
  142. }
  143. }
  144. func writePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
  145. buf := pool.GetBuffer()
  146. defer pool.PutBuffer(buf)
  147. buf.Write(socks5Addr)
  148. binary.Write(buf, binary.BigEndian, uint16(len(payload)))
  149. buf.Write(crlf)
  150. buf.Write(payload)
  151. return w.Write(buf.Bytes())
  152. }
  153. func WritePacket(w io.Writer, socks5Addr, payload []byte) (int, error) {
  154. if len(payload) <= maxLength {
  155. return writePacket(w, socks5Addr, payload)
  156. }
  157. offset := 0
  158. total := len(payload)
  159. for {
  160. cursor := offset + maxLength
  161. if cursor > total {
  162. cursor = total
  163. }
  164. n, err := writePacket(w, socks5Addr, payload[offset:cursor])
  165. if err != nil {
  166. return offset + n, err
  167. }
  168. offset = cursor
  169. if offset == total {
  170. break
  171. }
  172. }
  173. return total, nil
  174. }
  175. func ReadPacket(r io.Reader, payload []byte) (net.Addr, int, int, error) {
  176. addr, err := socks5.ReadAddr(r, payload)
  177. if err != nil {
  178. return nil, 0, 0, errors.New("read addr error")
  179. }
  180. uAddr := addr.UDPAddr()
  181. if uAddr == nil {
  182. return nil, 0, 0, errors.New("parse addr error")
  183. }
  184. if _, err = io.ReadFull(r, payload[:2]); err != nil {
  185. return nil, 0, 0, errors.New("read length error")
  186. }
  187. total := int(binary.BigEndian.Uint16(payload[:2]))
  188. if total > maxLength {
  189. return nil, 0, 0, errors.New("packet invalid")
  190. }
  191. // read crlf
  192. if _, err = io.ReadFull(r, payload[:2]); err != nil {
  193. return nil, 0, 0, errors.New("read crlf error")
  194. }
  195. length := len(payload)
  196. if total < length {
  197. length = total
  198. }
  199. if _, err = io.ReadFull(r, payload[:length]); err != nil {
  200. return nil, 0, 0, errors.New("read packet error")
  201. }
  202. return uAddr, length, total - length, nil
  203. }
  204. func New(option *Option) *Trojan {
  205. return &Trojan{option, hexSha224([]byte(option.Password))}
  206. }
  207. var _ N.EnhancePacketConn = (*PacketConn)(nil)
  208. type PacketConn struct {
  209. net.Conn
  210. remain int
  211. rAddr net.Addr
  212. mux sync.Mutex
  213. }
  214. func (pc *PacketConn) WriteTo(b []byte, addr net.Addr) (int, error) {
  215. return WritePacket(pc, socks5.ParseAddr(addr.String()), b)
  216. }
  217. func (pc *PacketConn) ReadFrom(b []byte) (int, net.Addr, error) {
  218. pc.mux.Lock()
  219. defer pc.mux.Unlock()
  220. if pc.remain != 0 {
  221. length := len(b)
  222. if pc.remain < length {
  223. length = pc.remain
  224. }
  225. n, err := pc.Conn.Read(b[:length])
  226. if err != nil {
  227. return 0, nil, err
  228. }
  229. pc.remain -= n
  230. addr := pc.rAddr
  231. if pc.remain == 0 {
  232. pc.rAddr = nil
  233. }
  234. return n, addr, nil
  235. }
  236. addr, n, remain, err := ReadPacket(pc.Conn, b)
  237. if err != nil {
  238. return 0, nil, err
  239. }
  240. if remain != 0 {
  241. pc.remain = remain
  242. pc.rAddr = addr
  243. }
  244. return n, addr, nil
  245. }
  246. func (pc *PacketConn) WaitReadFrom() (data []byte, put func(), addr net.Addr, err error) {
  247. pc.mux.Lock()
  248. defer pc.mux.Unlock()
  249. destination, err := socks5.ReadAddr0(pc.Conn)
  250. if err != nil {
  251. return nil, nil, nil, err
  252. }
  253. addr = destination.UDPAddr()
  254. data = pool.Get(pool.UDPBufferSize)
  255. put = func() {
  256. _ = pool.Put(data)
  257. }
  258. _, err = io.ReadFull(pc.Conn, data[:2+2]) // u16be length + CR LF
  259. if err != nil {
  260. if put != nil {
  261. put()
  262. }
  263. return nil, nil, nil, err
  264. }
  265. length := binary.BigEndian.Uint16(data)
  266. if length > 0 {
  267. data = data[:length]
  268. _, err = io.ReadFull(pc.Conn, data)
  269. if err != nil {
  270. if put != nil {
  271. put()
  272. }
  273. return nil, nil, nil, err
  274. }
  275. } else {
  276. if put != nil {
  277. put()
  278. }
  279. return nil, nil, addr, nil
  280. }
  281. return
  282. }
  283. func hexSha224(data []byte) []byte {
  284. buf := make([]byte, 56)
  285. hash := sha256.Sum224(data)
  286. hex.Encode(buf, hash[:])
  287. return buf
  288. }