feat: create SOCKS5 StreamDialer (#44)

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/shadowsocks/go-shadowsocks2 v0.1.5
 	github.com/stretchr/testify v1.8.2
 	golang.org/x/crypto v0.7.0
+	golang.org/x/net v0.8.0
 )
 
 require (

go.sum

@@ -34,6 +34,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191021144547-ec77196f6094/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

transport/socks5/stream_dialer.go

@@ -0,0 +1,72 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package socks5
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+
+	"github.com/Jigsaw-Code/outline-sdk/transport"
+	"golang.org/x/net/proxy"
+)
+
+// NewStreamDialer creates a client that routes connections to a SOCKS5 proxy listening at
+// the given [transport.StreamEndpoint].
+func NewStreamDialer(endpoint transport.StreamEndpoint) (transport.StreamDialer, error) {
+	// See https://pkg.go.dev/golang.org/x/net/proxy#SOCKS5
+	if endpoint == nil {
+		return nil, errors.New("argument endpoint must not be nil")
+	}
+	return &StreamDialer{proxyEndpoint: endpoint}, nil
+}
+
+type StreamDialer struct {
+	proxyEndpoint transport.StreamEndpoint
+}
+
+var _ transport.StreamDialer = (*StreamDialer)(nil)
+
+func (c *StreamDialer) Dial(ctx context.Context, remoteAddr string) (transport.StreamConn, error) {
+	proxyConn, err := c.proxyEndpoint.Connect(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("could not connect to SOCKS5 proxy: %w", err)
+	}
+	socks5Dialer, err := proxy.SOCKS5("tcp", "unused", nil, &fixedConnDialer{proxyConn})
+	if err != nil {
+		return nil, err
+	}
+	socks5Conn, err := socks5Dialer.(proxy.ContextDialer).DialContext(ctx, "tcp", remoteAddr)
+	if err != nil {
+		return nil, fmt.Errorf("could not establish SOCKS5 tunnel: %w", err)
+	}
+	return transport.WrapConn(proxyConn, socks5Conn, socks5Conn), nil
+}
+
+type fixedConnDialer struct {
+	conn net.Conn
+}
+
+func (d *fixedConnDialer) Dial(network, addr string) (c net.Conn, err error) {
+	return d.conn, nil
+}
+
+func (d *fixedConnDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	return d.conn, nil
+}
+
+var _ proxy.Dialer = (*fixedConnDialer)(nil)
+var _ proxy.ContextDialer = (*fixedConnDialer)(nil)

transport/socks5/stream_dialer_test.go

@@ -0,0 +1,97 @@
+// Copyright 2023 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package socks5
+
+import (
+	"context"
+	"io"
+	"net"
+	"sync"
+	"testing"
+	"testing/iotest"
+
+	"github.com/Jigsaw-Code/outline-sdk/transport"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSOCKS5Dialer_Dial(t *testing.T) {
+	requestText := []byte("Request")
+	responseText := []byte("Response")
+
+	listener, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1)})
+	require.NoError(t, err, "Failed to create TCP listener: %v", err)
+	defer listener.Close()
+
+	var running sync.WaitGroup
+	running.Add(2)
+
+	// Server
+	go func() {
+		defer running.Done()
+		clientConn, err := listener.AcceptTCP()
+		require.NoError(t, err, "AcceptTCP failed: %v", err)
+		defer clientConn.Close()
+
+		// See https://datatracker.ietf.org/doc/html/rfc1928#autoid-3
+		// VER = 5, NMETHODS = 1, METHODS = 0 (no auth)
+		err = iotest.TestReader(io.LimitReader(clientConn, 3), []byte{5, 1, 0})
+		assert.NoError(t, err, "Request read failed: %v", err)
+
+		// VER = 5, METHOD = 0
+		_, err = clientConn.Write([]byte{5, 0})
+		assert.NoError(t, err, "Write failed: %v", err)
+
+		// VER = 5, CMD = 1 (connect), RSV = 0, ATYP = 1 (IPv4), DST.ADDR, DST.PORT
+		port := listener.Addr().(*net.TCPAddr).Port
+		err = iotest.TestReader(io.LimitReader(clientConn, 10), []byte{5, 1, 0, 1, 127, 0, 0, 1, byte(port >> 8), byte(port & 0xFF)})
+		assert.NoError(t, err, "Request read failed: %v", err)
+
+		// VER = 5, REP = 0 (success), RSV = 0, ATYP = 1 (IPv4), DST.ADDR, DST.PORT
+		_, err = clientConn.Write([]byte{5, 0, 0, 1, 0, 0, 0, 0, 0, 0})
+		assert.NoError(t, err, "Write failed: %v", err)
+
+		err = iotest.TestReader(clientConn, requestText)
+		assert.NoError(t, err, "Request read failed: %v", err)
+
+		n, err := clientConn.Write(responseText)
+		require.NoError(t, err)
+		require.Equal(t, len(responseText), n)
+
+		err = clientConn.CloseWrite()
+		assert.NoError(t, err, "CloseWrite failed: %v", err)
+	}()
+
+	// Client
+	go func() {
+		defer running.Done()
+		dialer, err := NewStreamDialer(&transport.TCPEndpoint{Address: listener.Addr().String()})
+		require.NoError(t, err)
+		serverConn, err := dialer.Dial(context.Background(), listener.Addr().String())
+		require.NoError(t, err, "Dial failed")
+		require.Equal(t, listener.Addr().String(), serverConn.RemoteAddr().String())
+		defer serverConn.Close()
+
+		n, err := serverConn.Write(requestText)
+		require.NoError(t, err)
+		require.Equal(t, len(requestText), n)
+		assert.NoError(t, serverConn.CloseWrite())
+
+		err = iotest.TestReader(serverConn, responseText)
+		require.NoError(t, err, "Response read failed: %v", err)
+	}()
+
+	running.Wait()
+}