Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support ShadowTLS v2 as Shadowsocks plugin #330

Merged
merged 26 commits into from
Jan 10, 2023
Merged

feat: Support ShadowTLS v2 as Shadowsocks plugin #330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
0a4570b
fix: group filter touch provider
Jun 7, 2022
eea9a12
fix: 规则匹配默认策略组返回错误
Jun 9, 2022
a5acd3a
refactor: clear linkname,reduce cycle dependencies,transport init geo…
Jun 10, 2022
7d04904
fix: leak dns when domain in hosts list
Jun 10, 2022
d1decb8
Update README.md
bash99 Jun 15, 2022
691cf1d
Merge pull request #94 from bash99/Meta
wwqgtxx Jun 15, 2022
10d2d14
Merge branch 'Beta' into Meta
Jul 2, 2022
0703d6c
Merge pull request #173 from MetaCubeX/Alpha
suzukua Aug 29, 2022
33abbdf
Merge pull request #174 from MetaCubeX/Alpha
suzukua Aug 29, 2022
3a8eb72
Merge branch 'Alpha' into Beta
Aug 29, 2022
5987f8e
Merge branch 'Beta' into Meta
Aug 29, 2022
c7aa164
Merge branch 'Alpha' into Beta
stitchrs Nov 2, 2022
2ad84f4
Merge branch 'Beta' into Meta
stitchrs Nov 2, 2022
f968d0c
chore: update github action
Nov 26, 2022
9e20f9c
chore: update dependencies
stitchrs Nov 28, 2022
dfbe098
Update README.md
Dec 3, 2022
667f42d
Merge pull request #282 from tdjnodj/Meta
stitchrs Dec 3, 2022
3b76a8b
Merge remote-tracking branch 'origin/Alpha' into Beta
stitchrs Jan 1, 2023
fa73b0f
Merge remote-tracking branch 'origin/Beta' into Meta
stitchrs Jan 1, 2023
a1d0f22
fix: update flake.nix hash
Rasphino Jan 7, 2023
3645fbf
Merge pull request #327 from Rasphino/Meta
stitchrs Jan 7, 2023
7c5d137
feat: impl shadow-tls as a shadowsocks plugin
Jan 9, 2023
7e05d5c
fix: several bugs
Jan 9, 2023
bedc240
fix: several comments
Jan 10, 2023
81011a2
fix: hot fix
Jan 10, 2023
5badbea
fix: clean up
Jan 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions .github/workflows/prerelease.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,16 @@ jobs:
run: make -j$(($(nproc) + 1)) releases

- name: Delete current release assets
uses: andreaswilli/delete-release-assets-action@v2.0.0
uses: mknejp/delete-release-assets@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tag: Prerelease-${{ github.ref_name }}
deleteOnlyFromDrafts: false
tag_name: Prerelease-${{ github.ref_name }}
assets: |
*.zip
*.gz
- name: Tag Repo
uses: richardsimko/update-tag@v1
uses: richardsimko/update-tag@v1.0.6
with:
tag_name: Prerelease-${{ github.ref_name }}
env:
Expand All @@ -53,7 +55,6 @@ jobs:
uses: softprops/action-gh-release@v1
if: ${{ success() }}
with:
tag: ${{ github.ref_name }}
tag_name: Prerelease-${{ github.ref_name }}
files: bin/*
prerelease: true
Expand Down
20 changes: 20 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,26 @@ Documentations are now moved to [GitHub Wiki](https://github.com/Dreamacro/clash

## Advanced usage for this branch

## Build

You should install [golang](https://go.dev) first.

Then get the source code of Clash.Meta:
```shell
git clone https://github.com/MetaCubeX/Clash.Meta.git
cd Clash.Meta && go mod download
```

If you can't visit github,you should set proxy first:
```shell
go env -w GOPROXY=https://goproxy.io,direct
```

So now you can build it:
```shell
go build
```

### DNS configuration

Support `geosite` with `fallback-filter`.
Expand Down
38 changes: 30 additions & 8 deletions adapter/outbound/shadowsocks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ import (
"github.com/Dreamacro/clash/common/structure"
"github.com/Dreamacro/clash/component/dialer"
C "github.com/Dreamacro/clash/constant"
"github.com/Dreamacro/clash/transport/shadowtls"
obfs "github.com/Dreamacro/clash/transport/simple-obfs"
"github.com/Dreamacro/clash/transport/socks5"
"github.com/Dreamacro/clash/transport/trojan"
v2rayObfs "github.com/Dreamacro/clash/transport/v2ray-plugin"

"github.com/metacubex/sing-shadowsocks"
shadowsocks "github.com/metacubex/sing-shadowsocks"
"github.com/metacubex/sing-shadowsocks/shadowimpl"
"github.com/sagernet/sing/common/bufio"
M "github.com/sagernet/sing/common/metadata"
Expand All @@ -27,9 +29,11 @@ type ShadowSocks struct {

option *ShadowSocksOption
// obfs
obfsMode string
obfsOption *simpleObfsOption
v2rayOption *v2rayObfs.Option
obfsMode string
obfsOption *simpleObfsOption
v2rayOption *v2rayObfs.Option
shadowTLSOption *shadowTLSOption
tlsConnector *trojan.Trojan
}

type ShadowSocksOption struct {
Expand Down Expand Up @@ -61,6 +65,11 @@ type v2rayObfsOption struct {
Mux bool `obfs:"mux,omitempty"`
}

type shadowTLSOption struct {
Password string `obfs:"password"`
Host string `obfs:"host"`
}

// StreamConn implements C.ProxyAdapter
func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, error) {
switch ss.obfsMode {
Expand All @@ -75,6 +84,11 @@ func (ss *ShadowSocks) StreamConn(c net.Conn, metadata *C.Metadata) (net.Conn, e
if err != nil {
return nil, fmt.Errorf("%s connect error: %w", ss.addr, err)
}
case shadowtls.Mode:
if ss.tlsConnector == nil {
ss.tlsConnector = trojan.New(&trojan.Option{ServerName: ss.shadowTLSOption.Host, SkipCertVerify: false})
}
c = shadowtls.NewShadowTls(c, ss.shadowTLSOption.Password, ss.tlsConnector)
}
if metadata.NetWork == C.UDP && ss.option.UDPOverTCP {
return ss.method.DialConn(c, M.ParseSocksaddr(uot.UOTMagicAddress+":443"))
Expand Down Expand Up @@ -157,6 +171,7 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {

var v2rayOption *v2rayObfs.Option
var obfsOption *simpleObfsOption
var shadowTLSOpt *shadowTLSOption
obfsMode := ""

decoder := structure.NewDecoder(structure.Option{TagName: "obfs", WeaklyTypedInput: true})
Expand Down Expand Up @@ -192,6 +207,12 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
v2rayOption.TLS = true
v2rayOption.SkipCertVerify = opts.SkipCertVerify
}
} else if option.Plugin == shadowtls.Mode {
obfsMode = shadowtls.Mode
shadowTLSOpt = &shadowTLSOption{}
if err := decoder.Decode(option.PluginOpts, shadowTLSOpt); err != nil {
return nil, fmt.Errorf("ss %s initialize shadow-tls-plugin error: %w", addr, err)
}
}

return &ShadowSocks{
Expand All @@ -206,10 +227,11 @@ func NewShadowSocks(option ShadowSocksOption) (*ShadowSocks, error) {
},
method: method,

option: &option,
obfsMode: obfsMode,
v2rayOption: v2rayOption,
obfsOption: obfsOption,
option: &option,
obfsMode: obfsMode,
v2rayOption: v2rayOption,
obfsOption: obfsOption,
shadowTLSOption: shadowTLSOpt,
}, nil
}

Expand Down
2 changes: 1 addition & 1 deletion flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
inherit version;
src = ./.;

vendorSha256 = "sha256-XVz2vts4on42lfxnov4jnUrHzSFF05+i1TVY3C7bgdw=";
vendorSha256 = "sha256-8cbcE9gKJjU14DNTLPc6nneEPZg7Akt+FlSDlPRvG5k=";

# Do not build testing suit
excludedPackages = [ "./test" ];
Expand Down
142 changes: 142 additions & 0 deletions transport/shadowtls/shadowtls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
package shadowtls

import (
"crypto/hmac"
"crypto/sha1"
"encoding/binary"
"fmt"
"hash"
"io"
"net"

"github.com/Dreamacro/clash/common/pool"
"github.com/Dreamacro/clash/transport/trojan"
)

const (
chunkSize = 1 << 13
Mode string = "shadow-tls"
hashLen int = 8
tlsHeaderLen int = 5
)

// TLSObfs is shadowsocks tls simple-obfs implementation
type ShadowTls struct {
net.Conn
password []byte
remain int
firstRequest bool
tlsConnector *trojan.Trojan
}

type HashedConn struct {
net.Conn
hasher hash.Hash
}

func newHashedStream(conn net.Conn, password []byte) HashedConn {
return HashedConn{
Conn: conn,
hasher: hmac.New(sha1.New, password),
}
}

func (h HashedConn) Read(b []byte) (n int, err error) {
n, err = h.Conn.Read(b)
h.hasher.Write(b[:n])
return
}

func (to *ShadowTls) read(b []byte) (int, error) {
buf := pool.Get(tlsHeaderLen)
_, err := io.ReadFull(to.Conn, buf)
if err != nil {
return 0, fmt.Errorf("shadowtls read failed %w", err)
}
if buf[0] != 0x17 || buf[1] != 0x3 || buf[2] != 0x3 {
return 0, fmt.Errorf("invalid shadowtls header %v", buf)
}
length := int(binary.BigEndian.Uint16(buf[3:]))
pool.Put(buf)

if length > len(b) {
n, err := to.Conn.Read(b)
if err != nil {
return n, err
}
to.remain = length - n
return n, nil
}

return io.ReadFull(to.Conn, b[:length])
}

func (to *ShadowTls) Read(b []byte) (int, error) {
if to.remain > 0 {
length := to.remain
if length > len(b) {
length = len(b)
}

n, err := io.ReadFull(to.Conn, b[:length])
if err != nil {
return n, fmt.Errorf("shadowtls Read failed with %w", err)
}
to.remain -= n
return n, nil
}

return to.read(b)
}

func (to *ShadowTls) Write(b []byte) (int, error) {
length := len(b)
for i := 0; i < length; i += chunkSize {
end := i + chunkSize
if end > length {
end = length
}

n, err := to.write(b[i:end])
if err != nil {
return n, fmt.Errorf("shadowtls Write failed with %w, i=%d, end=%d, n=%d", err, i, end, n)
}
}
return length, nil
}

func (s *ShadowTls) write(b []byte) (int, error) {
var hashVal []byte
if s.firstRequest {
hashedConn := newHashedStream(s.Conn, s.password)
if _, err := s.tlsConnector.StreamConn(hashedConn); err != nil {
return 0, fmt.Errorf("tls connect failed with %w", err)
}
hashVal = hashedConn.hasher.Sum(nil)[:hashLen]
s.firstRequest = false
}

buf := pool.GetBuffer()
defer pool.PutBuffer(buf)
buf.Write([]byte{0x17, 0x03, 0x03})
binary.Write(buf, binary.BigEndian, uint16(len(b)+len(hashVal)))
buf.Write(hashVal)
buf.Write(b)
_, err := s.Conn.Write(buf.Bytes())
if err != nil {
// return 0 because errors occur here make the
// whole situation irrecoverable
return 0, err
}
return len(b), nil
}

// NewShadowTls return a ShadowTls
func NewShadowTls(conn net.Conn, password string, tlsConnector *trojan.Trojan) net.Conn {
return &ShadowTls{
Conn: conn,
password: []byte(password),
firstRequest: true,
tlsConnector: tlsConnector,
}
}
7 changes: 6 additions & 1 deletion transport/simple-obfs/tls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,12 @@ func (to *TLSObfs) write(b []byte) (int, error) {
binary.Write(buf, binary.BigEndian, uint16(len(b)))
buf.Write(b)
_, err := to.Conn.Write(buf.Bytes())
return len(b), err
if err != nil {
// return 0 because errors occur here make the
// whole situation irrecoverable
return 0, err
}
return len(b), nil
}

// NewTLSObfs return a SimpleObfs
Expand Down
6 changes: 1 addition & 5 deletions transport/trojan/trojan.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,17 @@ import (
"encoding/hex"
"errors"
"fmt"
tlsC "github.com/Dreamacro/clash/component/tls"
"io"
"net"
"net/http"
"sync"

"github.com/Dreamacro/clash/common/pool"
tlsC "github.com/Dreamacro/clash/component/tls"
C "github.com/Dreamacro/clash/constant"
"github.com/Dreamacro/clash/transport/socks5"
"github.com/Dreamacro/clash/transport/vless"
"github.com/Dreamacro/clash/transport/vmess"

xtls "github.com/xtls/go"
)

Expand Down Expand Up @@ -117,9 +116,6 @@ func (t *Trojan) StreamConn(conn net.Conn) (net.Conn, error) {
}

tlsConn := tls.Client(conn, tlsConfig)
if err := tlsConn.Handshake(); err != nil {
return nil, err
}
// fix tls handshake not timeout
ctx, cancel := context.WithTimeout(context.Background(), C.DefaultTLSTimeout)
defer cancel()
Expand Down