Jigsaw-Code · bemasc · Jan 5, 2022 · Jan 7, 2022 · Jan 21, 2022 · Jan 25, 2022
@@ -8,6 +8,7 @@ require (
 	github.com/shadowsocks/go-shadowsocks2 v0.1.4-0.20201002022019-75d43273f5a5
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
 	gopkg.in/yaml.v2 v2.3.0
 )
 

@@ -104,6 +104,8 @@ golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -121,7 +123,13 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200824131525-c12d262b63d8 h1:AvbQYmiaaaza3cW3QXRyPo5kYgpFIzOAfeAAN7m3qQ4=
 golang.org/x/sys v0.0.0-20200824131525-c12d262b63d8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=

@@ -233,6 +233,7 @@ type udpRecord struct {
 type fakeUDPMetrics struct {
 	metrics.ShadowsocksMetrics
 	fakeLocation string
+	mu           sync.Mutex
 	up, down     []udpRecord
 	natAdded     int
 }
@@ -241,13 +242,19 @@ func (m *fakeUDPMetrics) GetLocation(addr net.Addr) (string, error) {
 	return m.fakeLocation, nil
 }
 func (m *fakeUDPMetrics) AddUDPPacketFromClient(clientLocation, accessKey, status string, clientProxyBytes, proxyTargetBytes int, timeToCipher time.Duration) {
+	m.mu.Lock()
 	m.up = append(m.up, udpRecord{clientLocation, accessKey, status, clientProxyBytes, proxyTargetBytes})
+	m.mu.Unlock()
 }
 func (m *fakeUDPMetrics) AddUDPPacketFromTarget(clientLocation, accessKey, status string, targetProxyBytes, proxyClientBytes int) {
+	m.mu.Lock()
 	m.down = append(m.down, udpRecord{clientLocation, accessKey, status, targetProxyBytes, proxyClientBytes})
+	m.mu.Unlock()
 }
 func (m *fakeUDPMetrics) AddUDPNatEntry() {
+	m.mu.Lock()
 	m.natAdded++
+	m.mu.Unlock()
 }
 func (m *fakeUDPMetrics) RemoveUDPNatEntry() {
 	// Not tested because it requires waiting for a long timeout.
@@ -256,9 +263,9 @@ func (m *fakeUDPMetrics) RemoveUDPNatEntry() {
 func TestUDPEcho(t *testing.T) {
 	echoConn, echoRunning := startUDPEchoServer(t)
 
-	proxyConn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 0})
+	proxyConn, err := onet.ListenAnyUDP4(0)
 	if err != nil {
-		t.Fatalf("ListenTCP failed: %v", err)
+		t.Fatalf("ListenAnyUDP4 failed: %v", err)
 	}
 	secrets := ss.MakeTestSecrets(1)
 	cipherList, err := service.MakeTestCiphers(secrets)
@@ -350,6 +357,118 @@ func TestUDPEcho(t *testing.T) {
 	}
 }
 
+// Test that UDP packets addressed to different proxy IPs produce replies
+// from the corresponding proxy IP.
+func TestUDPEchoMultipleIP(t *testing.T) {
+	echoConn, echoRunning := startUDPEchoServer(t)
+
+	proxyConn, err := onet.ListenAnyUDP4(0)
+	if err != nil {
+		t.Fatalf("ListenAnyUDP4 failed: %v", err)
+	}
+	secrets := ss.MakeTestSecrets(1)
+	cipherList, err := service.MakeTestCiphers(secrets)
+	if err != nil {
+		t.Fatal(err)
+	}
+	testMetrics := &fakeUDPMetrics{fakeLocation: "QQ"}
+	proxy := service.NewUDPService(time.Hour, cipherList, testMetrics)
+	proxy.SetTargetIPValidator(allowAll)
+	go proxy.Serve(proxyConn)
+
+	_, proxyPort, err := net.SplitHostPort(proxyConn.LocalAddr().String())
+	if err != nil {
+		t.Fatal(err)
+	}
+	portNum, err := strconv.Atoi(proxyPort)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	client1, err := client.NewClient("127.0.0.1", portNum, secrets[0], ss.TestCipher)
+	if err != nil {
+		t.Fatalf("Failed to create ShadowsocksClient: %v", err)
+	}
+	client2, err := client.NewClient("127.0.0.2", portNum, secrets[0], ss.TestCipher)
+	if err != nil {
+		t.Fatalf("Failed to create ShadowsocksClient: %v", err)
+	}
+	conn1, err := client1.ListenUDP(nil)
+	if err != nil {
+		t.Fatalf("ShadowsocksClient.ListenUDP failed: %v", err)
+	}
+	conn2, err := client2.ListenUDP(nil)
+	if err != nil {
+		t.Fatalf("ShadowsocksClient.ListenUDP failed: %v", err)
+	}
+
+	const N = 1000
+	up1 := ss.MakeTestPayload(N)
+	n, err := conn1.WriteTo(up1, echoConn.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != N {
+		t.Fatalf("Tried to upload %d bytes, but only sent %d", N, n)
+	}
+
+	up2 := ss.MakeTestPayload(N + 1)
+	n, err = conn2.WriteTo(up2, echoConn.LocalAddr())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != N+1 {
+		t.Fatalf("Tried to upload %d bytes, but only sent %d", N+1, n)
+	}
+
+	down := make([]byte, N+1)
+	n, addr, err := conn1.ReadFrom(down)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != N {
+		t.Errorf("Tried to download %d bytes, but only received %d", N, n)
+	}
+	if addr.String() != echoConn.LocalAddr().String() {
+		t.Errorf("Reported address mismatch: %s != %s", addr.String(), echoConn.LocalAddr().String())
+	}
+
+	if !bytes.Equal(up1, down[:n]) {
+		t.Fatal("Echo mismatch")
+	}
+
+	n, addr, err = conn2.ReadFrom(down)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if n != N+1 {
+		t.Errorf("Tried to download %d bytes, but only received %d", N+1, n)
+	}
+	if addr.String() != echoConn.LocalAddr().String() {
+		t.Errorf("Reported address mismatch: %s != %s", addr.String(), echoConn.LocalAddr().String())
+	}
+
+	if !bytes.Equal(up2, down) {
+		t.Fatal("Echo mismatch")
+	}
+
+	conn1.Close()
+	conn2.Close()
+	echoConn.Close()
+	echoRunning.Wait()
+	proxy.GracefulStop()
+	// Verify that the expected number of metrics were reported.
+	if testMetrics.natAdded != 2 {
+		t.Errorf("Wrong NAT add count: %d", testMetrics.natAdded)
+	}
+	if len(testMetrics.up) != 2 {
+		t.Errorf("Wrong number of packets sent: %v", testMetrics.up)
+	}
+	if len(testMetrics.down) != 2 {
+		t.Errorf("Wrong number of packets received: %v", testMetrics.down)
+	}
+}
+
 func BenchmarkTCPThroughput(b *testing.B) {
 	echoListener, echoRunning := startTCPEchoServer(b)
 
@@ -496,7 +615,7 @@ func BenchmarkTCPMultiplexing(b *testing.B) {
 func BenchmarkUDPEcho(b *testing.B) {
 	echoConn, echoRunning := startUDPEchoServer(b)
 
-	proxyConn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 0})
+	proxyConn, err := onet.ListenAnyUDP4(0)
 	if err != nil {
 		b.Fatalf("ListenTCP failed: %v", err)
 	}
@@ -544,7 +663,7 @@ func BenchmarkUDPEcho(b *testing.B) {
 func BenchmarkUDPManyKeys(b *testing.B) {
 	echoConn, echoRunning := startUDPEchoServer(b)
 
-	proxyConn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 0})
+	proxyConn, err := onet.ListenAnyUDP4(0)
 	if err != nil {
 		b.Fatalf("ListenTCP failed: %v", err)
 	}

@@ -0,0 +1,134 @@
+// Copyright 2022 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build darwin || linux
+
+package net
+
+import (
+	"errors"
+	"io"
+	"net"
+	"runtime"
+
+	"golang.org/x/net/ipv4"
+	"golang.org/x/net/ipv6"
+)
+
+// UDPAnyConn extends net.PacketConn to allow reporting the destination IP
+// of incoming packets, and setting the source IP of outgoing packets.  This
+// is relevant for UDP connections that are bound to `0.0.0.0` or `::`.  In
+// these cases, net.PacketConn is not sufficient to enable sending a reply
+// from the expected source IP.
+type UDPAnyConn interface {
+	net.PacketConn
+	ReadToFrom(p []byte) (n int, src *net.UDPAddr, dst net.IP, err error)
+	WriteToFrom(p []byte, dst *net.UDPAddr, src net.IP) (int, error)
+}
+
+type udpAnyConnV4 struct {
+	net.PacketConn
+	v4 ipv4.PacketConn
+}
+
+// ListenAnyUDP4 returns a UDPAnyConn that is listening on all IPv4 addresses
+// at the specified port. If `port` is zero, the kernel will choose an open port.
+func ListenAnyUDP4(port int) (UDPAnyConn, error) {
+	conn, err := net.ListenUDP("udp4", &net.UDPAddr{Port: port})
+	if err != nil {
+		return nil, err
+	}
+	anyConn := &udpAnyConnV4{conn, *ipv4.NewPacketConn(conn)}
+	if err = anyConn.v4.SetControlMessage(ipv4.FlagDst, true); err != nil {
+		return nil, err
+	}
+	return anyConn, nil
+}
+
+func (c *udpAnyConnV4) ReadToFrom(p []byte) (n int, src *net.UDPAddr, dst net.IP, err error) {
+	var cm *ipv4.ControlMessage
+	var tmpSrc net.Addr
+	if n, cm, tmpSrc, err = c.v4.ReadFrom(p); err != nil {
+		return
+	}
+	if cm != nil {
+		dst = cm.Dst
+	} else if runtime.GOOS != "windows" {
+		err = errors.New("control data is missing")
+		return
+	}
+	src = tmpSrc.(*net.UDPAddr)
+	return
+}
+
+func (c *udpAnyConnV4) WriteToFrom(p []byte, dst *net.UDPAddr, src net.IP) (int, error) {
+	cm := &ipv4.ControlMessage{Src: src}
+	return c.v4.WriteTo(p, cm, dst)
+}
+
+type udpAnyConnV6 struct {
+	net.PacketConn
+	v6 ipv6.PacketConn
+}
+
+// ListenAnyUDP4 returns a UDPAnyConn that is listening on all IPv6 addresses
+// at the specified port. If `port` is zero, the kernel will choose an open port.
+func ListenAnyUDP6(port int) (UDPAnyConn, error) {
+	conn, err := net.ListenUDP("udp6", &net.UDPAddr{Port: port})
+	if err != nil {
+		return nil, err
+	}
+	anyConn := &udpAnyConnV6{conn, *ipv6.NewPacketConn(conn)}
+	if err = anyConn.v6.SetControlMessage(ipv6.FlagDst, true); err != nil {
+		return nil, err
+	}
+	return anyConn, nil
+}
+
+func (c *udpAnyConnV6) ReadToFrom(p []byte) (n int, src *net.UDPAddr, dst net.IP, err error) {
+	var cm *ipv6.ControlMessage
+	var tmpSrc net.Addr
+	if n, cm, tmpSrc, err = c.v6.ReadFrom(p); err != nil {
+		return
+	}
+	if cm != nil {
+		dst = cm.Dst
+	} else if runtime.GOOS != "windows" {
+		err = errors.New("control data is missing")
+		return
+	}
+	src = tmpSrc.(*net.UDPAddr)
+	return
+}
+
+func (c *udpAnyConnV6) WriteToFrom(p []byte, dst *net.UDPAddr, src net.IP) (int, error) {
+	cm := &ipv6.ControlMessage{Src: src}
+	return c.v6.WriteTo(p, cm, dst)
+}
+
+type boundWriter struct {
+	conn UDPAnyConn
+	dst *net.UDPAddr
+	src net.IP
+}
+
+func (w boundWriter) Write(p []byte) (int, error) {
+	return w.conn.WriteToFrom(p, w.dst, w.src)
+}
+
+// MakeBoundWriter returns a Writer that mimics the behavior of Write() on a
+// connected UDPConn.
+func MakeBoundWriter(conn UDPAnyConn, dst *net.UDPAddr, src net.IP) io.Writer {
+	return boundWriter{conn, dst, src}
+}