(conn net.Conn)
| 466 | } |
| 467 | |
| 468 | func (proxy *ProxyClient) handleSocks(conn net.Conn) { |
| 469 | logClose := func(args ...interface{}) { |
| 470 | proxy.Logger.E(args...) |
| 471 | conn.Close() |
| 472 | } |
| 473 | |
| 474 | buf := make([]byte, 2) |
| 475 | if _, err := io.ReadAtLeast(conn, buf, 2); err != nil { |
| 476 | logClose("SOCKS", "Error", err) |
| 477 | return |
| 478 | } else if buf[0] != socksVersion5 { |
| 479 | logClose("SOCKS", "Error", fmt.Sprintf(socksVersionErr, buf[0])) |
| 480 | return |
| 481 | } |
| 482 | |
| 483 | numMethods := int(buf[1]) |
| 484 | methods := make([]byte, numMethods) |
| 485 | if _, err := io.ReadAtLeast(conn, methods, numMethods); err != nil { |
| 486 | logClose("SOCKS", "Error", err) |
| 487 | return |
| 488 | } |
| 489 | |
| 490 | if proxy.UserAuth != "" { |
| 491 | conn.Write([]byte{socksVersion5, 0x02}) // username & password auth |
| 492 | |
| 493 | if !proxy.authSocks(conn) { |
| 494 | conn.Write([]byte{1, 1}) |
| 495 | logClose("SOCKS", "Invalid auth data", conn.RemoteAddr) |
| 496 | return |
| 497 | } |
| 498 | |
| 499 | // auth success |
| 500 | conn.Write([]byte{1, 0}) |
| 501 | } else { |
| 502 | conn.Write([]byte{socksVersion5, 0}) |
| 503 | } |
| 504 | // handshake over |
| 505 | // tunneling start |
| 506 | method, addr, err := parseUDPHeader(conn, nil, false) |
| 507 | if err != nil { |
| 508 | logClose("SOCKS", "Error", err) |
| 509 | return |
| 510 | } |
| 511 | |
| 512 | host := addr.String() |
| 513 | switch method { |
| 514 | case 1: |
| 515 | if ans, ext := proxy.canDirectConnect(host); ans == ruleBlock { |
| 516 | proxy.Logger.L("SOCKS ACL", ext, host) |
| 517 | conn.Close() |
| 518 | } else if ans == rulePass { |
| 519 | proxy.Logger.D("SOCKS ACL", ext, host) |
| 520 | proxy.dialHostAndBridge(conn, host, okSOCKS) |
| 521 | } else if proxy.Policy.IsSet(PolicyWebSocket) { |
| 522 | proxy.Logger.D("SOCKS ACL", ext, "Websocket", host) |
| 523 | proxy.DialUpstream(conn, host, okSOCKS, 0, 0) |
| 524 | } else { |
| 525 | proxy.Logger.D("SOCKS ACL", ext, host) |
no test coverage detected