Xray-core/proxy/socks/protocol.go

package socks

import (
	"encoding/binary"
	"io"

	"github.com/xtls/xray-core/common"
	"github.com/xtls/xray-core/common/buf"
	"github.com/xtls/xray-core/common/net"
	"github.com/xtls/xray-core/common/protocol"
)

const (
	socks5Version = 0x05
	socks4Version = 0x04

	cmdTCPConnect    = 0x01
	cmdTCPBind       = 0x02
	cmdUDPAssociate  = 0x03
	cmdTorResolve    = 0xF0
	cmdTorResolvePTR = 0xF1

	socks4RequestGranted  = 90
	socks4RequestRejected = 91

	authNotRequired = 0x00
	// authGssAPI           = 0x01
	authPassword         = 0x02
	authNoMatchingMethod = 0xFF

	statusSuccess       = 0x00
	statusCmdNotSupport = 0x07
)

var addrParser = protocol.NewAddressParser(
	protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),
	protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),
	protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),
)

type ServerSession struct {
	config       *ServerConfig
	address      net.Address
	port         net.Port
	localAddress net.Address
}

func (s *ServerSession) handshake4(cmd byte, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
	if s.config.AuthType == AuthType_PASSWORD {
		writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))
		return nil, newError("socks 4 is not allowed when auth is required.")
	}

	var port net.Port
	var address net.Address

	{
		buffer := buf.StackNew()
		if _, err := buffer.ReadFullFrom(reader, 6); err != nil {
			buffer.Release()
			return nil, newError("insufficient header").Base(err)
		}
		port = net.PortFromBytes(buffer.BytesRange(0, 2))
		address = net.IPAddress(buffer.BytesRange(2, 6))
		buffer.Release()
	}

	if _, err := ReadUntilNull(reader); /* user id */ err != nil {
		return nil, err
	}
	if address.IP()[0] == 0x00 {
		domain, err := ReadUntilNull(reader)
		if err != nil {
			return nil, newError("failed to read domain for socks 4a").Base(err)
		}
		address = net.DomainAddress(domain)
	}

	switch cmd {
	case cmdTCPConnect:
		request := &protocol.RequestHeader{
			Command: protocol.RequestCommandTCP,
			Address: address,
			Port:    port,
			Version: socks4Version,
		}
		if err := writeSocks4Response(writer, socks4RequestGranted, net.AnyIP, net.Port(0)); err != nil {
			return nil, err
		}
		return request, nil
	default:
		writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))
		return nil, newError("unsupported command: ", cmd)
	}
}

func (s *ServerSession) auth5(nMethod byte, reader io.Reader, writer io.Writer) (username string, err error) {
	buffer := buf.StackNew()
	defer buffer.Release()

	if _, err = buffer.ReadFullFrom(reader, int32(nMethod)); err != nil {
		return "", newError("failed to read auth methods").Base(err)
	}

	var expectedAuth byte = authNotRequired
	if s.config.AuthType == AuthType_PASSWORD {
		expectedAuth = authPassword
	}

	if !hasAuthMethod(expectedAuth, buffer.BytesRange(0, int32(nMethod))) {
		writeSocks5AuthenticationResponse(writer, socks5Version, authNoMatchingMethod)
		return "", newError("no matching auth method")
	}

	if err := writeSocks5AuthenticationResponse(writer, socks5Version, expectedAuth); err != nil {
		return "", newError("failed to write auth response").Base(err)
	}

	if expectedAuth == authPassword {
		username, password, err := ReadUsernamePassword(reader)
		if err != nil {
			return "", newError("failed to read username and password for authentication").Base(err)
		}

		if !s.config.HasAccount(username, password) {
			writeSocks5AuthenticationResponse(writer, 0x01, 0xFF)
			return "", newError("invalid username or password")
		}

		if err := writeSocks5AuthenticationResponse(writer, 0x01, 0x00); err != nil {
			return "", newError("failed to write auth response").Base(err)
		}
		return username, nil
	}

	return "", nil
}

func (s *ServerSession) handshake5(nMethod byte, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
	var (
		username string
		err      error
	)
	if username, err = s.auth5(nMethod, reader, writer); err != nil {
		return nil, err
	}

	var cmd byte
	{
		buffer := buf.StackNew()
		if _, err := buffer.ReadFullFrom(reader, 3); err != nil {
			buffer.Release()
			return nil, newError("failed to read request").Base(err)
		}
		cmd = buffer.Byte(1)
		buffer.Release()
	}

	request := new(protocol.RequestHeader)
	if username != "" {
		request.User = &protocol.MemoryUser{Email: username}
	}
	switch cmd {
	case cmdTCPConnect, cmdTorResolve, cmdTorResolvePTR:
		// We don't have a solution for Tor case now. Simply treat it as connect command.
		request.Command = protocol.RequestCommandTCP
	case cmdUDPAssociate:
		if !s.config.UdpEnabled {
			writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
			return nil, newError("UDP is not enabled.")
		}
		request.Command = protocol.RequestCommandUDP
	case cmdTCPBind:
		writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
		return nil, newError("TCP bind is not supported.")
	default:
		writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))
		return nil, newError("unknown command ", cmd)
	}

	request.Version = socks5Version

	addr, port, err := addrParser.ReadAddressPort(nil, reader)
	if err != nil {
		return nil, newError("failed to read address").Base(err)
	}
	request.Address = addr
	request.Port = port

	responseAddress := s.address
	responsePort := s.port
	//nolint:gocritic // Use if else chain for clarity
	if request.Command == protocol.RequestCommandUDP {
		if s.config.Address != nil {
			// Use configured IP as remote address in the response to UDP Associate
			responseAddress = s.config.Address.AsAddress()
		} else {
			// Use conn.LocalAddr() IP as remote address in the response by default
			responseAddress = s.localAddress
		}
	}
	if err := writeSocks5Response(writer, statusSuccess, responseAddress, responsePort); err != nil {
		return nil, err
	}

	return request, nil
}

// Handshake performs a Socks4/4a/5 handshake.
func (s *ServerSession) Handshake(reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
	buffer := buf.StackNew()
	if _, err := buffer.ReadFullFrom(reader, 2); err != nil {
		buffer.Release()
		return nil, newError("insufficient header").Base(err)
	}

	version := buffer.Byte(0)
	cmd := buffer.Byte(1)
	buffer.Release()

	switch version {
	case socks4Version:
		return s.handshake4(cmd, reader, writer)
	case socks5Version:
		return s.handshake5(cmd, reader, writer)
	default:
		return nil, newError("unknown Socks version: ", version)
	}
}

// ReadUsernamePassword reads Socks 5 username/password message from the given reader.
// +----+------+----------+------+----------+
// |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
// +----+------+----------+------+----------+
// | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
// +----+------+----------+------+----------+
func ReadUsernamePassword(reader io.Reader) (string, string, error) {
	buffer := buf.StackNew()
	defer buffer.Release()

	if _, err := buffer.ReadFullFrom(reader, 2); err != nil {
		return "", "", err
	}
	nUsername := int32(buffer.Byte(1))

	buffer.Clear()
	if _, err := buffer.ReadFullFrom(reader, nUsername); err != nil {
		return "", "", err
	}
	username := buffer.String()

	buffer.Clear()
	if _, err := buffer.ReadFullFrom(reader, 1); err != nil {
		return "", "", err
	}
	nPassword := int32(buffer.Byte(0))

	buffer.Clear()
	if _, err := buffer.ReadFullFrom(reader, nPassword); err != nil {
		return "", "", err
	}
	password := buffer.String()
	return username, password, nil
}

// ReadUntilNull reads content from given reader, until a null (0x00) byte.
func ReadUntilNull(reader io.Reader) (string, error) {
	b := buf.StackNew()
	defer b.Release()

	for {
		_, err := b.ReadFullFrom(reader, 1)
		if err != nil {
			return "", err
		}
		if b.Byte(b.Len()-1) == 0x00 {
			b.Resize(0, b.Len()-1)
			return b.String(), nil
		}
		if b.IsFull() {
			return "", newError("buffer overrun")
		}
	}
}

func hasAuthMethod(expectedAuth byte, authCandidates []byte) bool {
	for _, a := range authCandidates {
		if a == expectedAuth {
			return true
		}
	}
	return false
}

func writeSocks5AuthenticationResponse(writer io.Writer, version byte, auth byte) error {
	return buf.WriteAllBytes(writer, []byte{version, auth}, nil)
}

func writeSocks5Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {
	buffer := buf.New()
	defer buffer.Release()

	common.Must2(buffer.Write([]byte{socks5Version, errCode, 0x00 /* reserved */}))
	if err := addrParser.WriteAddressPort(buffer, address, port); err != nil {
		return err
	}

	return buf.WriteAllBytes(writer, buffer.Bytes(), nil)
}

func writeSocks4Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {
	buffer := buf.StackNew()
	defer buffer.Release()

	common.Must(buffer.WriteByte(0x00))
	common.Must(buffer.WriteByte(errCode))
	portBytes := buffer.Extend(2)
	binary.BigEndian.PutUint16(portBytes, port.Value())
	common.Must2(buffer.Write(address.IP()))
	return buf.WriteAllBytes(writer, buffer.Bytes(), nil)
}

func DecodeUDPPacket(packet *buf.Buffer) (*protocol.RequestHeader, error) {
	if packet.Len() < 5 {
		return nil, newError("insufficient length of packet.")
	}
	request := &protocol.RequestHeader{
		Version: socks5Version,
		Command: protocol.RequestCommandUDP,
	}

	// packet[0] and packet[1] are reserved
	if packet.Byte(2) != 0 /* fragments */ {
		return nil, newError("discarding fragmented payload.")
	}

	packet.Advance(3)

	addr, port, err := addrParser.ReadAddressPort(nil, packet)
	if err != nil {
		return nil, newError("failed to read UDP header").Base(err)
	}
	request.Address = addr
	request.Port = port
	return request, nil
}

func EncodeUDPPacket(request *protocol.RequestHeader, data []byte) (*buf.Buffer, error) {
	b := buf.New()
	common.Must2(b.Write([]byte{0, 0, 0 /* Fragment */}))
	if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {
		b.Release()
		return nil, err
	}
	common.Must2(b.Write(data))
	return b, nil
}

type UDPReader struct {
	Reader io.Reader
}

func (r *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
	buffer := buf.New()
	_, err := buffer.ReadFrom(r.Reader)
	if err != nil {
		buffer.Release()
		return nil, err
	}
	u, err := DecodeUDPPacket(buffer)
	if err != nil {
		buffer.Release()
		return nil, err
	}
	dest := u.Destination()
	buffer.UDP = &dest
	return buf.MultiBuffer{buffer}, nil
}

type UDPWriter struct {
	Writer  io.Writer
	Request *protocol.RequestHeader
}

func (w *UDPWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
	for {
		mb2, b := buf.SplitFirst(mb)
		mb = mb2
		if b == nil {
			break
		}
		request := w.Request
		if b.UDP != nil {
			request = &protocol.RequestHeader{
				Address: b.UDP.Address,
				Port:    b.UDP.Port,
			}
		}
		packet, err := EncodeUDPPacket(request, b.Bytes())
		b.Release()
		if err != nil {
			buf.ReleaseMulti(mb)
			return err
		}
		_, err = w.Writer.Write(packet.Bytes())
		packet.Release()
		if err != nil {
			buf.ReleaseMulti(mb)
			return err
		}
	}
	return nil
}

func ClientHandshake(request *protocol.RequestHeader, reader io.Reader, writer io.Writer) (*protocol.RequestHeader, error) {
	authByte := byte(authNotRequired)
	if request.User != nil {
		authByte = byte(authPassword)
	}

	b := buf.New()
	defer b.Release()

	common.Must2(b.Write([]byte{socks5Version, 0x01, authByte}))
	if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {
		return nil, err
	}

	b.Clear()
	if _, err := b.ReadFullFrom(reader, 2); err != nil {
		return nil, err
	}

	if b.Byte(0) != socks5Version {
		return nil, newError("unexpected server version: ", b.Byte(0)).AtWarning()
	}
	if b.Byte(1) != authByte {
		return nil, newError("auth method not supported.").AtWarning()
	}

	if authByte == authPassword {
		b.Clear()
		account := request.User.Account.(*Account)
		common.Must(b.WriteByte(0x01))
		common.Must(b.WriteByte(byte(len(account.Username))))
		common.Must2(b.WriteString(account.Username))
		common.Must(b.WriteByte(byte(len(account.Password))))
		common.Must2(b.WriteString(account.Password))
		if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {
			return nil, err
		}

		b.Clear()
		if _, err := b.ReadFullFrom(reader, 2); err != nil {
			return nil, err
		}
		if b.Byte(1) != 0x00 {
			return nil, newError("server rejects account: ", b.Byte(1))
		}
	}

	b.Clear()

	command := byte(cmdTCPConnect)
	if request.Command == protocol.RequestCommandUDP {
		command = byte(cmdUDPAssociate)
	}
	common.Must2(b.Write([]byte{socks5Version, command, 0x00 /* reserved */}))
	if request.Command == protocol.RequestCommandUDP {
		common.Must2(b.Write([]byte{1, 0, 0, 0, 0, 0, 0 /* RFC 1928 */}))
	} else {
		if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {
			return nil, err
		}
	}

	if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {
		return nil, err
	}

	b.Clear()
	if _, err := b.ReadFullFrom(reader, 3); err != nil {
		return nil, err
	}

	resp := b.Byte(1)
	if resp != 0x00 {
		return nil, newError("server rejects request: ", resp)
	}

	b.Clear()

	address, port, err := addrParser.ReadAddressPort(b, reader)
	if err != nil {
		return nil, err
	}

	if request.Command == protocol.RequestCommandUDP {
		udpRequest := &protocol.RequestHeader{
			Version: socks5Version,
			Command: protocol.RequestCommandUDP,
			Address: address,
			Port:    port,
		}
		return udpRequest, nil
	}

	return nil, nil
}
v1.0.0 2020-11-25 13:01:53 +02:00			`package socks`

			`import (`
			`"encoding/binary"`
			`"io"`

v1.1.0 2020-12-04 03:36:16 +02:00			`"github.com/xtls/xray-core/common"`
			`"github.com/xtls/xray-core/common/buf"`
			`"github.com/xtls/xray-core/common/net"`
			`"github.com/xtls/xray-core/common/protocol"`
v1.0.0 2020-11-25 13:01:53 +02:00			`)`

			`const (`
			`socks5Version = 0x05`
			`socks4Version = 0x04`

			`cmdTCPConnect = 0x01`
			`cmdTCPBind = 0x02`
Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`cmdUDPAssociate = 0x03`
v1.0.0 2020-11-25 13:01:53 +02:00			`cmdTorResolve = 0xF0`
			`cmdTorResolvePTR = 0xF1`

			`socks4RequestGranted = 90`
			`socks4RequestRejected = 91`

			`authNotRequired = 0x00`
			`// authGssAPI = 0x01`
			`authPassword = 0x02`
			`authNoMatchingMethod = 0xFF`

			`statusSuccess = 0x00`
			`statusCmdNotSupport = 0x07`
			`)`

			`var addrParser = protocol.NewAddressParser(`
			`protocol.AddressFamilyByte(0x01, net.AddressFamilyIPv4),`
			`protocol.AddressFamilyByte(0x04, net.AddressFamilyIPv6),`
			`protocol.AddressFamilyByte(0x03, net.AddressFamilyDomain),`
			`)`

			`type ServerSession struct {`
Improve the response to UDP Associate in Socks5 2021-01-09 18:36:20 +02:00			`config *ServerConfig`
			`address net.Address`
			`port net.Port`
			`localAddress net.Address`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func (s ServerSession) handshake4(cmd byte, reader io.Reader, writer io.Writer) (protocol.RequestHeader, error) {`
			`if s.config.AuthType == AuthType_PASSWORD {`
			`writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))`
			`return nil, newError("socks 4 is not allowed when auth is required.")`
			`}`

			`var port net.Port`
			`var address net.Address`

			`{`
			`buffer := buf.StackNew()`
			`if _, err := buffer.ReadFullFrom(reader, 6); err != nil {`
			`buffer.Release()`
			`return nil, newError("insufficient header").Base(err)`
			`}`
			`port = net.PortFromBytes(buffer.BytesRange(0, 2))`
			`address = net.IPAddress(buffer.BytesRange(2, 6))`
			`buffer.Release()`
			`}`

			`if _, err := ReadUntilNull(reader); /* user id */ err != nil {`
			`return nil, err`
			`}`
			`if address.IP()[0] == 0x00 {`
			`domain, err := ReadUntilNull(reader)`
			`if err != nil {`
			`return nil, newError("failed to read domain for socks 4a").Base(err)`
			`}`
			`address = net.DomainAddress(domain)`
			`}`

			`switch cmd {`
			`case cmdTCPConnect:`
			`request := &protocol.RequestHeader{`
			`Command: protocol.RequestCommandTCP,`
			`Address: address,`
			`Port: port,`
			`Version: socks4Version,`
			`}`
			`if err := writeSocks4Response(writer, socks4RequestGranted, net.AnyIP, net.Port(0)); err != nil {`
			`return nil, err`
			`}`
			`return request, nil`
			`default:`
			`writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))`
			`return nil, newError("unsupported command: ", cmd)`
			`}`
			`}`

			`func (s *ServerSession) auth5(nMethod byte, reader io.Reader, writer io.Writer) (username string, err error) {`
			`buffer := buf.StackNew()`
			`defer buffer.Release()`

			`if _, err = buffer.ReadFullFrom(reader, int32(nMethod)); err != nil {`
			`return "", newError("failed to read auth methods").Base(err)`
			`}`

			`var expectedAuth byte = authNotRequired`
			`if s.config.AuthType == AuthType_PASSWORD {`
			`expectedAuth = authPassword`
			`}`

			`if !hasAuthMethod(expectedAuth, buffer.BytesRange(0, int32(nMethod))) {`
			`writeSocks5AuthenticationResponse(writer, socks5Version, authNoMatchingMethod)`
			`return "", newError("no matching auth method")`
			`}`

			`if err := writeSocks5AuthenticationResponse(writer, socks5Version, expectedAuth); err != nil {`
			`return "", newError("failed to write auth response").Base(err)`
			`}`

			`if expectedAuth == authPassword {`
			`username, password, err := ReadUsernamePassword(reader)`
			`if err != nil {`
			`return "", newError("failed to read username and password for authentication").Base(err)`
			`}`

			`if !s.config.HasAccount(username, password) {`
			`writeSocks5AuthenticationResponse(writer, 0x01, 0xFF)`
			`return "", newError("invalid username or password")`
			`}`

			`if err := writeSocks5AuthenticationResponse(writer, 0x01, 0x00); err != nil {`
			`return "", newError("failed to write auth response").Base(err)`
			`}`
			`return username, nil`
			`}`

			`return "", nil`
			`}`

			`func (s ServerSession) handshake5(nMethod byte, reader io.Reader, writer io.Writer) (protocol.RequestHeader, error) {`
			`var (`
			`username string`
			`err error`
			`)`
			`if username, err = s.auth5(nMethod, reader, writer); err != nil {`
			`return nil, err`
			`}`

			`var cmd byte`
			`{`
			`buffer := buf.StackNew()`
			`if _, err := buffer.ReadFullFrom(reader, 3); err != nil {`
			`buffer.Release()`
			`return nil, newError("failed to read request").Base(err)`
			`}`
			`cmd = buffer.Byte(1)`
			`buffer.Release()`
			`}`

			`request := new(protocol.RequestHeader)`
			`if username != "" {`
			`request.User = &protocol.MemoryUser{Email: username}`
			`}`
			`switch cmd {`
			`case cmdTCPConnect, cmdTorResolve, cmdTorResolvePTR:`
			`// We don't have a solution for Tor case now. Simply treat it as connect command.`
			`request.Command = protocol.RequestCommandTCP`
Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`case cmdUDPAssociate:`
v1.0.0 2020-11-25 13:01:53 +02:00			`if !s.config.UdpEnabled {`
			`writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))`
			`return nil, newError("UDP is not enabled.")`
			`}`
			`request.Command = protocol.RequestCommandUDP`
			`case cmdTCPBind:`
			`writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))`
			`return nil, newError("TCP bind is not supported.")`
			`default:`
			`writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))`
			`return nil, newError("unknown command ", cmd)`
			`}`

			`request.Version = socks5Version`

			`addr, port, err := addrParser.ReadAddressPort(nil, reader)`
			`if err != nil {`
			`return nil, newError("failed to read address").Base(err)`
			`}`
			`request.Address = addr`
			`request.Port = port`

Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`responseAddress := s.address`
			`responsePort := s.port`
			`//nolint:gocritic // Use if else chain for clarity`
v1.0.0 2020-11-25 13:01:53 +02:00			`if request.Command == protocol.RequestCommandUDP {`
Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`if s.config.Address != nil {`
Improve the response to UDP Associate in Socks5 2021-01-09 18:36:20 +02:00			`// Use configured IP as remote address in the response to UDP Associate`
Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`responseAddress = s.config.Address.AsAddress()`
			`} else {`
Improve the response to UDP Associate in Socks5 2021-01-09 18:36:20 +02:00			`// Use conn.LocalAddr() IP as remote address in the response by default`
			`responseAddress = s.localAddress`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`
			`}`
			`if err := writeSocks5Response(writer, statusSuccess, responseAddress, responsePort); err != nil {`
			`return nil, err`
			`}`

			`return request, nil`
			`}`

			`// Handshake performs a Socks4/4a/5 handshake.`
			`func (s ServerSession) Handshake(reader io.Reader, writer io.Writer) (protocol.RequestHeader, error) {`
			`buffer := buf.StackNew()`
			`if _, err := buffer.ReadFullFrom(reader, 2); err != nil {`
			`buffer.Release()`
			`return nil, newError("insufficient header").Base(err)`
			`}`

			`version := buffer.Byte(0)`
			`cmd := buffer.Byte(1)`
			`buffer.Release()`

			`switch version {`
			`case socks4Version:`
			`return s.handshake4(cmd, reader, writer)`
			`case socks5Version:`
			`return s.handshake5(cmd, reader, writer)`
			`default:`
			`return nil, newError("unknown Socks version: ", version)`
			`}`
			`}`

			`// ReadUsernamePassword reads Socks 5 username/password message from the given reader.`
			`// +----+------+----------+------+----------+`
			`// \|VER \| ULEN \| UNAME \| PLEN \| PASSWD \|`
			`// +----+------+----------+------+----------+`
			`// \| 1 \| 1 \| 1 to 255 \| 1 \| 1 to 255 \|`
			`// +----+------+----------+------+----------+`
			`func ReadUsernamePassword(reader io.Reader) (string, string, error) {`
			`buffer := buf.StackNew()`
			`defer buffer.Release()`

			`if _, err := buffer.ReadFullFrom(reader, 2); err != nil {`
			`return "", "", err`
			`}`
			`nUsername := int32(buffer.Byte(1))`

			`buffer.Clear()`
			`if _, err := buffer.ReadFullFrom(reader, nUsername); err != nil {`
			`return "", "", err`
			`}`
			`username := buffer.String()`

			`buffer.Clear()`
			`if _, err := buffer.ReadFullFrom(reader, 1); err != nil {`
			`return "", "", err`
			`}`
			`nPassword := int32(buffer.Byte(0))`

			`buffer.Clear()`
			`if _, err := buffer.ReadFullFrom(reader, nPassword); err != nil {`
			`return "", "", err`
			`}`
			`password := buffer.String()`
			`return username, password, nil`
			`}`

			`// ReadUntilNull reads content from given reader, until a null (0x00) byte.`
			`func ReadUntilNull(reader io.Reader) (string, error) {`
			`b := buf.StackNew()`
			`defer b.Release()`

			`for {`
			`_, err := b.ReadFullFrom(reader, 1)`
			`if err != nil {`
			`return "", err`
			`}`
			`if b.Byte(b.Len()-1) == 0x00 {`
			`b.Resize(0, b.Len()-1)`
			`return b.String(), nil`
			`}`
			`if b.IsFull() {`
			`return "", newError("buffer overrun")`
			`}`
			`}`
			`}`

			`func hasAuthMethod(expectedAuth byte, authCandidates []byte) bool {`
			`for _, a := range authCandidates {`
			`if a == expectedAuth {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

			`func writeSocks5AuthenticationResponse(writer io.Writer, version byte, auth byte) error {`
Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`return buf.WriteAllBytes(writer, []byte{version, auth}, nil)`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func writeSocks5Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {`
			`buffer := buf.New()`
			`defer buffer.Release()`

			`common.Must2(buffer.Write([]byte{socks5Version, errCode, 0x00 /* reserved */}))`
			`if err := addrParser.WriteAddressPort(buffer, address, port); err != nil {`
			`return err`
			`}`

Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`return buf.WriteAllBytes(writer, buffer.Bytes(), nil)`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func writeSocks4Response(writer io.Writer, errCode byte, address net.Address, port net.Port) error {`
			`buffer := buf.StackNew()`
			`defer buffer.Release()`

			`common.Must(buffer.WriteByte(0x00))`
			`common.Must(buffer.WriteByte(errCode))`
			`portBytes := buffer.Extend(2)`
			`binary.BigEndian.PutUint16(portBytes, port.Value())`
			`common.Must2(buffer.Write(address.IP()))`
Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`return buf.WriteAllBytes(writer, buffer.Bytes(), nil)`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func DecodeUDPPacket(packet buf.Buffer) (protocol.RequestHeader, error) {`
			`if packet.Len() < 5 {`
			`return nil, newError("insufficient length of packet.")`
			`}`
			`request := &protocol.RequestHeader{`
			`Version: socks5Version,`
			`Command: protocol.RequestCommandUDP,`
			`}`

			`// packet[0] and packet[1] are reserved`
			`if packet.Byte(2) != 0 /* fragments */ {`
			`return nil, newError("discarding fragmented payload.")`
			`}`

			`packet.Advance(3)`

			`addr, port, err := addrParser.ReadAddressPort(nil, packet)`
			`if err != nil {`
			`return nil, newError("failed to read UDP header").Base(err)`
			`}`
			`request.Address = addr`
			`request.Port = port`
			`return request, nil`
			`}`

			`func EncodeUDPPacket(request protocol.RequestHeader, data []byte) (buf.Buffer, error) {`
			`b := buf.New()`
			`common.Must2(b.Write([]byte{0, 0, 0 /* Fragment */}))`
			`if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {`
			`b.Release()`
			`return nil, err`
			`}`
			`common.Must2(b.Write(data))`
			`return b, nil`
			`}`

			`type UDPReader struct {`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`Reader io.Reader`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func (r *UDPReader) ReadMultiBuffer() (buf.MultiBuffer, error) {`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`buffer := buf.New()`
			`_, err := buffer.ReadFrom(r.Reader)`
			`if err != nil {`
			`buffer.Release()`
v1.0.0 2020-11-25 13:01:53 +02:00			`return nil, err`
			`}`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`u, err := DecodeUDPPacket(buffer)`
			`if err != nil {`
			`buffer.Release()`
v1.0.0 2020-11-25 13:01:53 +02:00			`return nil, err`
			`}`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`dest := u.Destination()`
			`buffer.UDP = &dest`
			`return buf.MultiBuffer{buffer}, nil`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`type UDPWriter struct {`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`Writer io.Writer`
			`Request *protocol.RequestHeader`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`func (w *UDPWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {`
			`for {`
			`mb2, b := buf.SplitFirst(mb)`
			`mb = mb2`
			`if b == nil {`
			`break`
			`}`
			`request := w.Request`
			`if b.UDP != nil {`
			`request = &protocol.RequestHeader{`
			`Address: b.UDP.Address,`
			`Port: b.UDP.Port,`
			`}`
			`}`
			`packet, err := EncodeUDPPacket(request, b.Bytes())`
			`b.Release()`
			`if err != nil {`
			`buf.ReleaseMulti(mb)`
			`return err`
			`}`
			`_, err = w.Writer.Write(packet.Bytes())`
			`packet.Release()`
			`if err != nil {`
			`buf.ReleaseMulti(mb)`
			`return err`
			`}`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`
Refactor: FullCone TPROXY Inbound & Socks Outbound https://t.me/projectXray/116037 2020-12-29 13:50:17 +02:00			`return nil`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

			`func ClientHandshake(request protocol.RequestHeader, reader io.Reader, writer io.Writer) (protocol.RequestHeader, error) {`
			`authByte := byte(authNotRequired)`
			`if request.User != nil {`
			`authByte = byte(authPassword)`
			`}`

			`b := buf.New()`
			`defer b.Release()`

			`common.Must2(b.Write([]byte{socks5Version, 0x01, authByte}))`
Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {`
v1.0.0 2020-11-25 13:01:53 +02:00			`return nil, err`
			`}`

			`b.Clear()`
			`if _, err := b.ReadFullFrom(reader, 2); err != nil {`
			`return nil, err`
			`}`

			`if b.Byte(0) != socks5Version {`
			`return nil, newError("unexpected server version: ", b.Byte(0)).AtWarning()`
			`}`
			`if b.Byte(1) != authByte {`
			`return nil, newError("auth method not supported.").AtWarning()`
			`}`

			`if authByte == authPassword {`
Standardize Socks Outbound Authentication Behavior 2021-01-28 05:11:17 +02:00			`b.Clear()`
			`account := request.User.Account.(*Account)`
			`common.Must(b.WriteByte(0x01))`
			`common.Must(b.WriteByte(byte(len(account.Username))))`
			`common.Must2(b.WriteString(account.Username))`
			`common.Must(b.WriteByte(byte(len(account.Password))))`
			`common.Must2(b.WriteString(account.Password))`
Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {`
Standardize Socks Outbound Authentication Behavior 2021-01-28 05:11:17 +02:00			`return nil, err`
			`}`

v1.0.0 2020-11-25 13:01:53 +02:00			`b.Clear()`
			`if _, err := b.ReadFullFrom(reader, 2); err != nil {`
			`return nil, err`
			`}`
			`if b.Byte(1) != 0x00 {`
			`return nil, newError("server rejects account: ", b.Byte(1))`
			`}`
			`}`

			`b.Clear()`

			`command := byte(cmdTCPConnect)`
			`if request.Command == protocol.RequestCommandUDP {`
Changes from v2ray-core (#93) 2020-12-24 21:45:35 +02:00			`command = byte(cmdUDPAssociate)`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`
			`common.Must2(b.Write([]byte{socks5Version, command, 0x00 /* reserved */}))`
Improve the request for UDP Associate in Socks5 2021-01-27 01:53:01 +02:00			`if request.Command == protocol.RequestCommandUDP {`
			`common.Must2(b.Write([]byte{1, 0, 0, 0, 0, 0, 0 /* RFC 1928 */}))`
			`} else {`
			`if err := addrParser.WriteAddressPort(b, request.Address, request.Port); err != nil {`
			`return nil, err`
			`}`
v1.0.0 2020-11-25 13:01:53 +02:00			`}`

Fix: CounterConnection with ReadV/WriteV (#720) Co-authored-by: JimhHan <50871214+JimhHan@users.noreply.github.com> 2021-09-20 15:11:21 +03:00			`if err := buf.WriteAllBytes(writer, b.Bytes(), nil); err != nil {`
v1.0.0 2020-11-25 13:01:53 +02:00			`return nil, err`
			`}`

			`b.Clear()`
			`if _, err := b.ReadFullFrom(reader, 3); err != nil {`
			`return nil, err`
			`}`

			`resp := b.Byte(1)`
			`if resp != 0x00 {`
			`return nil, newError("server rejects request: ", resp)`
			`}`

			`b.Clear()`

			`address, port, err := addrParser.ReadAddressPort(b, reader)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if request.Command == protocol.RequestCommandUDP {`
			`udpRequest := &protocol.RequestHeader{`
			`Version: socks5Version,`
			`Command: protocol.RequestCommandUDP,`
			`Address: address,`
			`Port: port,`
			`}`
			`return udpRequest, nil`
			`}`

			`return nil, nil`
			`}`