1
0
mirror of https://github.com/NekoX-Dev/NekoX.git synced 2024-12-03 15:00:26 +01:00
NekoX/TMessagesProj/jni/tgnet/ConnectionSocket.cpp
2021-08-07 17:28:34 +08:00

1064 lines
46 KiB
C++

/*
* This is the source code of tgnet library v. 1.1
* It is licensed under GNU GPL v. 2 or later.
* You should have received a copy of the license in this archive (see LICENSE).
*
* Copyright Nikolai Kudashov, 2015-2018.
*/
#include <cassert>
#include <unistd.h>
#include <fcntl.h>
#include <cerrno>
#include <sys/socket.h>
#include <memory.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <openssl/rand.h>
#include <openssl/hmac.h>
#include <algorithm>
#include <openssl/bn.h>
#include "ByteStream.h"
#include "ConnectionSocket.h"
#include "FileLog.h"
#include "Defines.h"
#include "ConnectionsManager.h"
#include "EventObject.h"
#include "Timer.h"
#include "NativeByteBuffer.h"
#include "BuffersStorage.h"
#include "Connection.h"
#ifndef EPOLLRDHUP
#define EPOLLRDHUP 0x2000
#endif
#define MAX_GREASE 8
static BIGNUM *get_y2(BIGNUM *x, const BIGNUM *mod, BN_CTX *big_num_context) {
// returns y^2 = x^3 + 486662 * x^2 + x
BIGNUM *y = BN_dup(x);
assert(y != NULL);
BIGNUM *coef = BN_new();
BN_set_word(coef, 486662);
BN_mod_add(y, y, coef, mod, big_num_context);
BN_mod_mul(y, y, x, mod, big_num_context);
BN_one(coef);
BN_mod_add(y, y, coef, mod, big_num_context);
BN_mod_mul(y, y, x, mod, big_num_context);
BN_clear_free(coef);
return y;
}
static BIGNUM *get_double_x(BIGNUM *x, const BIGNUM *mod, BN_CTX *big_num_context) {
// returns x_2 =(x^2 - 1)^2/(4*y^2)
BIGNUM *denominator = get_y2(x, mod, big_num_context);
assert(denominator != NULL);
BIGNUM *coef = BN_new();
BN_set_word(coef, 4);
BN_mod_mul(denominator, denominator, coef, mod, big_num_context);
BIGNUM *numerator = BN_new();
assert(numerator != NULL);
BN_mod_mul(numerator, x, x, mod, big_num_context);
BN_one(coef);
BN_mod_sub(numerator, numerator, coef, mod, big_num_context);
BN_mod_mul(numerator, numerator, numerator, mod, big_num_context);
BN_mod_inverse(denominator, denominator, mod, big_num_context);
BN_mod_mul(numerator, numerator, denominator, mod, big_num_context);
BN_clear_free(coef);
BN_clear_free(denominator);
return numerator;
}
static void generate_public_key(unsigned char *key) {
BIGNUM *mod = NULL;
BN_hex2bn(&mod, "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
BIGNUM *pow = NULL;
BN_hex2bn(&pow, "3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff6");
BN_CTX *big_num_context = BN_CTX_new();
assert(big_num_context != NULL);
BIGNUM *x = BN_new();
while (1) {
RAND_bytes(key, 32);
key[31] &= 127;
BN_bin2bn(key, 32, x);
assert(x != NULL);
BN_mod_mul(x, x, x, mod, big_num_context);
BIGNUM *y = get_y2(x, mod, big_num_context);
BIGNUM *r = BN_new();
BN_mod_exp(r, y, pow, mod, big_num_context);
BN_clear_free(y);
if (BN_is_one(r)) {
BN_clear_free(r);
break;
}
BN_clear_free(r);
}
int i;
for (i = 0; i < 3; i++) {
BIGNUM *x2 = get_double_x(x, mod, big_num_context);
BN_clear_free(x);
x = x2;
}
int num_size = BN_num_bytes(x);
assert(num_size <= 32);
memset(key, '\0', 32 - num_size);
BN_bn2bin(x, key + (32 - num_size));
for (i = 0; i < 16; i++) {
unsigned char t = key[i];
key[i] = key[31 - i];
key[31 - i] = t;
}
BN_clear_free(x);
BN_CTX_free(big_num_context);
BN_clear_free(pow);
BN_clear_free(mod);
}
class TlsHello {
public:
TlsHello() {
RAND_bytes(grease, MAX_GREASE);
for (int a = 0; a < MAX_GREASE; a++) {
grease[a] = (uint8_t) ((grease[a] & 0xf0) + 0x0A);
}
for (size_t i = 1; i < MAX_GREASE; i += 2) {
if (grease[i] == grease[i - 1]) {
grease[i] ^= 0x10;
}
}
}
struct Op {
enum class Type {
String, Random, K, Zero, Domain, Grease, BeginScope, EndScope
};
Type type;
size_t length;
int seed;
std::string data;
static Op string(const char str[], size_t len) {
Op res;
res.type = Type::String;
res.data = std::string(str, len);
return res;
}
static Op random(size_t length) {
Op res;
res.type = Type::Random;
res.length = length;
return res;
}
static Op K() {
Op res;
res.type = Type::K;
res.length = 32;
return res;
}
static Op zero(size_t length) {
Op res;
res.type = Type::Zero;
res.length = length;
return res;
}
static Op domain() {
Op res;
res.type = Type::Domain;
return res;
}
static Op grease(int seed) {
Op res;
res.type = Type::Grease;
res.seed = seed;
return res;
}
static Op begin_scope() {
Op res;
res.type = Type::BeginScope;
return res;
}
static Op end_scope() {
Op res;
res.type = Type::EndScope;
return res;
}
};
static const TlsHello &getDefault() {
static TlsHello result = [] {
TlsHello res;
res.ops = {
Op::string("\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03", 11),
Op::zero(32),
Op::string("\x20", 1),
Op::random(32),
Op::string("\x00\x20", 2),
Op::grease(0),
Op::string("\x13\x01\x13\x02\x13\x03\xc0\x2b\xc0\x2f\xc0\x2c\xc0\x30\xcc\xa9\xcc\xa8\xc0\x13\xc0\x14\x00\x9c"
"\x00\x9d\x00\x2f\x00\x35\x01\x00\x01\x93", 34),
Op::grease(2),
Op::string("\x00\x00\x00\x00", 4),
Op::begin_scope(),
Op::begin_scope(),
Op::string("\x00", 1),
Op::begin_scope(),
Op::domain(),
Op::end_scope(),
Op::end_scope(),
Op::end_scope(),
Op::string("\x00\x17\x00\x00\xff\x01\x00\x01\x00\x00\x0a\x00\x0a\x00\x08", 15),
Op::grease(4),
Op::string(
"\x00\x1d\x00\x17\x00\x18\x00\x0b\x00\x02\x01\x00\x00\x23\x00\x00\x00\x10\x00\x0e\x00\x0c\x02\x68\x32\x08"
"\x68\x74\x74\x70\x2f\x31\x2e\x31\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x0d\x00\x12\x00\x10\x04\x03\x08"
"\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x00\x12\x00\x00\x00\x33\x00\x2b\x00\x29", 75),
Op::grease(4),
Op::string("\x00\x01\x00\x00\x1d\x00\x20", 7),
Op::K(),
Op::string("\x00\x2d\x00\x02\x01\x01\x00\x2b\x00\x0b\x0a", 11),
Op::grease(6),
Op::string("\x03\x04\x03\x03\x03\x02\x03\x01\x00\x1b\x00\x03\x02\x00\x02", 15),
Op::grease(3),
Op::string("\x00\x01\x00\x00\x15", 5)};
return res;
}();
return result;
}
uint32_t writeToBuffer(uint8_t *data) {
uint32_t offset = 0;
for (auto op : ops) {
writeOp(op, data, offset);
}
return offset;
}
uint32_t writePadding(uint8_t *data, uint32_t length) {
if (length > 515) {
return 0;
}
uint32_t size = 515 - length;
memset(data + length + 2, 0, size);
data[length] = static_cast<uint8_t>((size >> 8) & 0xff);
data[length + 1] = static_cast<uint8_t>(size & 0xff);
return length + size + 2;
}
void setDomain(std::string value) {
domain = std::move(value);
}
private:
std::vector<Op> ops;
uint8_t grease[MAX_GREASE];
std::vector<size_t> scopeOffset;
std::string domain;
void writeOp(const TlsHello::Op &op, uint8_t *data, uint32_t &offset) {
using Type = TlsHello::Op::Type;
switch (op.type) {
case Type::String:
memcpy(data + offset, op.data.data(), op.data.size());
offset += op.data.size();
break;
case Type::Random:
RAND_bytes(data + offset, (size_t) op.length);
offset += op.length;
break;
case Type::K:
generate_public_key(data + offset);
offset += op.length;
break;
case Type::Zero:
std::memset(data + offset, 0, op.length);
offset += op.length;
break;
case Type::Domain: {
size_t size = domain.size();
if (size > 253) {
size = 253;
}
memcpy(data + offset, domain.data(), size);
offset += size;
break;
}
case Type::Grease: {
data[offset] = grease[op.seed];
data[offset + 1] = grease[op.seed];
offset += 2;
break;
}
case Type::BeginScope:
scopeOffset.push_back(offset);
offset += 2;
break;
case Type::EndScope: {
auto begin_offset = scopeOffset.back();
scopeOffset.pop_back();
size_t size = offset - begin_offset - 2;
data[begin_offset] = static_cast<uint8_t>((size >> 8) & 0xff);
data[begin_offset + 1] = static_cast<uint8_t>(size & 0xff);
break;
}
}
}
};
ConnectionSocket::ConnectionSocket(int32_t instance) {
instanceNum = instance;
outgoingByteStream = new ByteStream();
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
eventObject = new EventObject(this, EventObjectTypeConnection);
}
ConnectionSocket::~ConnectionSocket() {
if (outgoingByteStream != nullptr) {
delete outgoingByteStream;
outgoingByteStream = nullptr;
}
if (eventObject != nullptr) {
delete eventObject;
eventObject = nullptr;
}
if (tempBuffer != nullptr) {
delete tempBuffer;
tempBuffer = nullptr;
}
if (tlsBuffer != nullptr) {
tlsBuffer->reuse();
tlsBuffer = nullptr;
}
}
void ConnectionSocket::openConnection(std::string address, uint16_t port, std::string secret, bool ipv6, int32_t networkType) {
currentNetworkType = networkType;
isIpv6 = ipv6;
currentAddress = address;
currentPort = port;
waitingForHostResolve = "";
adjustWriteOpAfterResolve = false;
tlsState = 0;
ConnectionsManager::getInstance(instanceNum).attachConnection(this);
memset(&socketAddress, 0, sizeof(sockaddr_in));
memset(&socketAddress6, 0, sizeof(sockaddr_in6));
std::string *proxyAddress = &overrideProxyAddress;
std::string *proxySecret = &overrideProxySecret;
uint16_t proxyPort = overrideProxyPort;
bool isProxyIpv6 = false;
if (proxyAddress->empty()) {
proxyAddress = &ConnectionsManager::getInstance(instanceNum).proxyAddress;
proxyPort = ConnectionsManager::getInstance(instanceNum).proxyPort;
proxySecret = &ConnectionsManager::getInstance(instanceNum).proxySecret;
// NekoX: Check whether proxyAddress is an ipv6 addr
struct sockaddr_in6 addr;
isProxyIpv6 = inet_pton(AF_INET6, proxyAddress->c_str(), &(addr.sin6_addr)) != 0;
}
if (!proxyAddress->empty()) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) connecting via proxy %s:%d secret[%d] ipv6:%d", this, proxyAddress->c_str(), proxyPort, (int) proxySecret->size(), isProxyIpv6);
if ((socketFd = socket(isProxyIpv6 ? AF_INET6 : AF_INET, SOCK_STREAM, 0)) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't create proxy socket", this);
closeSocket(1, -1);
return;
}
uint32_t tempBuffLength;
if (proxySecret->empty()) {
proxyAuthState = 1;
tempBuffLength = 1024;
} else if (proxySecret->size() > 17 && (*proxySecret)[0] == '\xee') {
proxyAuthState = 10;
currentSecret = proxySecret->substr(1, 16);
currentSecretDomain = proxySecret->substr(17);
tempBuffLength = 65 * 1024;
} else {
proxyAuthState = 0;
tempBuffLength = 0;
}
if (tempBuffLength > 0) {
if (tempBuffer == nullptr || tempBuffer->length < tempBuffLength) {
if (tempBuffer != nullptr) {
delete tempBuffer;
}
tempBuffer = new ByteArray(tempBuffLength);
}
}
socketAddress.sin_family = AF_INET;
socketAddress.sin_port = htons(proxyPort);
socketAddress6.sin6_family = AF_INET6;
socketAddress6.sin6_port = htons(proxyPort);
bool continueCheckAddress;
if (inet_pton(AF_INET, proxyAddress->c_str(), &socketAddress.sin_addr.s_addr) != 1) {
continueCheckAddress = true;
if (LOGS_ENABLED) DEBUG_D("connection(%p) not ipv4 address %s", this, proxyAddress->c_str());
} else {
ipv6 = false;
continueCheckAddress = false;
}
if (continueCheckAddress) {
if (inet_pton(AF_INET6, proxyAddress->c_str(), &socketAddress6.sin6_addr.s6_addr) != 1) {
continueCheckAddress = true;
if (LOGS_ENABLED) DEBUG_D("connection(%p) not ipv6 address %s", this, proxyAddress->c_str());
} else {
ipv6 = true;
continueCheckAddress = false;
}
if (continueCheckAddress) {
#ifdef USE_DELEGATE_HOST_RESOLVE
waitingForHostResolve = *proxyAddress;
ConnectionsManager::getInstance(instanceNum).delegate->getHostByName(*proxyAddress, instanceNum, this);
return;
#else
struct hostent *he;
if ((he = gethostbyname(proxyAddress->c_str())) == nullptr) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address", this, proxyAddress->c_str());
closeSocket(1, -1);
return;
}
struct in_addr **addr_list = (struct in_addr **) he->h_addr_list;
if (addr_list[0] != nullptr) {
socketAddress.sin_addr.s_addr = addr_list[0]->s_addr;
if (LOGS_ENABLED) DEBUG_D("connection(%p) resolved host %s address %x", this, proxyAddress->c_str(), addr_list[0]->s_addr);
ipv6 = false;
} else {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address", this, proxyAddress->c_str());
closeSocket(1, -1);
return;
}
#endif
}
}
} else {
proxyAuthState = 0;
if ((socketFd = socket(ipv6 ? AF_INET6 : AF_INET, SOCK_STREAM, 0)) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't create socket", this);
closeSocket(1, -1);
return;
}
if (ipv6) {
socketAddress6.sin6_family = AF_INET6;
socketAddress6.sin6_port = htons(port);
if (inet_pton(AF_INET6, address.c_str(), &socketAddress6.sin6_addr.s6_addr) != 1) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) bad ipv6 %s", this, address.c_str());
closeSocket(1, -1);
return;
}
} else {
socketAddress.sin_family = AF_INET;
socketAddress.sin_port = htons(port);
if (inet_pton(AF_INET, address.c_str(), &socketAddress.sin_addr.s_addr) != 1) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) bad ipv4 %s", this, address.c_str());
closeSocket(1, -1);
return;
}
}
uint32_t tempBuffLength;
if (secret.size() > 17 && secret[0] == '\xee') {
proxyAuthState = 10;
currentSecret = secret.substr(1, 16);
currentSecretDomain = secret.substr(17);
tempBuffLength = 65 * 1024;
} else {
proxyAuthState = 0;
tempBuffLength = 0;
}
if (tempBuffLength > 0) {
if (tempBuffer == nullptr || tempBuffer->length < tempBuffLength) {
if (tempBuffer != nullptr) {
delete tempBuffer;
}
tempBuffer = new ByteArray(tempBuffLength);
}
}
}
openConnectionInternal(ipv6);
}
void ConnectionSocket::openConnectionInternal(bool ipv6) {
int epolFd = ConnectionsManager::getInstance(instanceNum).epolFd;
int yes = 1;
if (setsockopt(socketFd, IPPROTO_TCP, TCP_NODELAY, &yes, sizeof(int))) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) set TCP_NODELAY failed", this);
}
#ifdef DEBUG_VERSION
int size = 4 * 1024 * 1024;
if (setsockopt(socketFd, SOL_SOCKET, SO_SNDBUF, &size, sizeof(int))) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) set SO_SNDBUF failed", this);
}
if (setsockopt(socketFd, SOL_SOCKET, SO_RCVBUF, &size, sizeof(int))) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) set SO_RCVBUF failed", this);
}
#endif
if (fcntl(socketFd, F_SETFL, O_NONBLOCK) == -1) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) set O_NONBLOCK failed", this);
closeSocket(1, -1);
return;
}
if(LOGS_ENABLED) DEBUG_D("connection(%p) socketAddress6, port: %d, family:%d", this, socketAddress6.sin6_port, socketAddress6.sin6_family);
if (connect(socketFd, (ipv6 ? (sockaddr *) &socketAddress6 : (sockaddr *) &socketAddress), (socklen_t) (ipv6 ? sizeof(sockaddr_in6) : sizeof(sockaddr_in))) == -1 && errno != EINPROGRESS) {
closeSocket(1, -1);
} else {
eventMask.events = EPOLLOUT | EPOLLIN | EPOLLRDHUP | EPOLLERR | EPOLLET;
eventMask.data.ptr = eventObject;
if (epoll_ctl(epolFd, EPOLL_CTL_ADD, socketFd, &eventMask) != 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll_ctl, adding socket failed", this);
closeSocket(1, -1);
}
}
if (adjustWriteOpAfterResolve) {
adjustWriteOp();
}
}
int32_t ConnectionSocket::checkSocketError(int32_t *error) {
if (socketFd < 0) {
return true;
}
int ret;
int code;
socklen_t len = sizeof(int);
ret = getsockopt(socketFd, SOL_SOCKET, SO_ERROR, &code, &len);
if (ret != 0 || code != 0) {
if (LOGS_ENABLED) DEBUG_E("socket error 0x%x code 0x%x", ret, code);
}
*error = code;
return (ret || code) != 0;
}
void ConnectionSocket::closeSocket(int32_t reason, int32_t error) {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
ConnectionsManager::getInstance(instanceNum).detachConnection(this);
if (socketFd >= 0) {
epoll_ctl(ConnectionsManager::getInstance(instanceNum).epolFd, EPOLL_CTL_DEL, socketFd, nullptr);
if (close(socketFd) != 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) unable to close socket", this);
}
socketFd = -1;
}
waitingForHostResolve = "";
adjustWriteOpAfterResolve = false;
proxyAuthState = 0;
tlsState = 0;
onConnectedSent = false;
outgoingByteStream->clean();
if (tlsBuffer != nullptr) {
tlsBuffer->reuse();
tlsBuffer = nullptr;
}
onDisconnected(reason, error);
}
void ConnectionSocket::onEvent(uint32_t events) {
if (events & EPOLLIN) {
int32_t error;
if (checkSocketError(&error) != 0) {
closeSocket(1, error);
return;
} else {
ssize_t readCount;
NativeByteBuffer *buffer = ConnectionsManager::getInstance(instanceNum).networkBuffer;
while (true) {
buffer->rewind();
readCount = recv(socketFd, buffer->bytes(), READ_BUFFER_SIZE, 0);
if (readCount < 0) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) recv failed", this);
return;
}
if (readCount > 0) {
buffer->limit((uint32_t) readCount);
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
if (proxyAuthState == 11) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS received %d", this, (int) readCount);
size_t newBytesRead = bytesRead + readCount;
if (newBytesRead > 64 * 1024) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS client hello too much data", this);
return;
}
if (newBytesRead >= 16) {
std::memcpy(tempBuffer->bytes + bytesRead, buffer->bytes(), (size_t) readCount);
static std::string hello1 = std::string("\x16\x03\x03", 3);
if (std::memcmp(hello1.data(), tempBuffer->bytes, hello1.size()) != 0) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hello1 mismatch", this);
return;
}
size_t len1 = (tempBuffer->bytes[3] << 8) + tempBuffer->bytes[4];
if (len1 > 64 * 1024 - 5) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS len1 invalid", this);
return;
} else if (newBytesRead < len1 + 5) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS client hello wait for more data", this);
bytesRead = newBytesRead;
return;
}
static std::string hello2 = std::string("\x14\x03\x03\x00\x01\x01\x17\x03\x03", 9);
if (std::memcmp(hello2.data(), tempBuffer->bytes + 5 + len1, hello2.size()) != 0) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hello2 mismatch", this);
return;
}
size_t len2 = (tempBuffer->bytes[5 + 9 + len1] << 8) + tempBuffer->bytes[5 + 9 + len1 + 1];
if (len2 > 64 * 1024 - len1 - 5 - 11) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS len2 invalid", this);
return;
} else if (newBytesRead < len2 + len1 + 5 + 11) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS client hello wait for more data", this);
bytesRead = newBytesRead;
return;
}
std::memcpy(tempBuffer->bytes + 64 * 1024 + 32, tempBuffer->bytes + 11, 32);
std::memset(tempBuffer->bytes + 11, 0, 32);
uint8_t *temp = new uint8_t[32 + newBytesRead];
memcpy(temp, tempBuffer->bytes + 64 * 1024, 32);
memcpy(temp + 32, tempBuffer->bytes, newBytesRead);
uint32_t outLength;
HMAC(EVP_sha256(), currentSecret.data(), currentSecret.size(), temp, 32 + newBytesRead, tempBuffer->bytes + 64 * 1024, &outLength);
delete[] temp;
if (std::memcmp(tempBuffer->bytes + 64 * 1024, tempBuffer->bytes + 64 * 1024 + 32, 32) != 0) {
tlsHashMismatch = true;
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS hash mismatch", this);
return;
}
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS hello complete", this);
tlsState = 1;
proxyAuthState = 0;
bytesRead = 0;
adjustWriteOp();
} else {
std::memcpy(tempBuffer->bytes + bytesRead, buffer->bytes(), (size_t) readCount);
bytesRead = newBytesRead;
}
} else if (proxyAuthState == 2) {
if (readCount == 2) {
uint8_t auth_method = buffer->bytes()[1];
if (auth_method == 0xff) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) unsupported proxy auth method", this);
} else if (auth_method == 0x02) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) proxy auth required", this);
proxyAuthState = 3;
} else if (auth_method == 0x00) {
proxyAuthState = 5;
}
adjustWriteOp();
} else {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 2", this);
}
} else if (proxyAuthState == 4) {
if (readCount == 2) {
uint8_t auth_method = buffer->bytes()[1];
if (auth_method != 0x00) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) auth invalid", this);
} else {
proxyAuthState = 5;
}
adjustWriteOp();
} else {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 4", this);
}
} else if (proxyAuthState == 6) {
if (readCount > 2) {
uint8_t status = buffer->bytes()[1];
if (status == 0x00) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) connected via proxy", this);
proxyAuthState = 0;
adjustWriteOp();
} else {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy status on state 6, 0x%x", this, status);
}
} else {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) invalid proxy response on state 6", this);
}
} else if (proxyAuthState == 0) {
if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
ConnectionsManager::getInstance(instanceNum).delegate->onBytesReceived((int32_t) readCount, currentNetworkType, instanceNum);
}
if (tlsState != 0) {
while (buffer->hasRemaining()) {
size_t newBytesRead = buffer->remaining();
if (tlsBuffer != nullptr) {
newBytesRead += tlsBuffer->position();
if (tlsBufferSized) {
newBytesRead += 5;
}
}
if (newBytesRead >= 5) {
if (tlsBuffer == nullptr || !tlsBufferSized) {
uint32_t pos = buffer->position();
uint8_t offset = 0;
uint8_t header[5];
if (tlsBuffer != nullptr) {
offset = (uint8_t) tlsBuffer->position();
memcpy(header, tlsBuffer->bytes(), offset);
tlsBuffer->reuse();
tlsBuffer = nullptr;
}
memcpy(header + offset, buffer->bytes() + pos, (uint8_t) (5 - offset));
static std::string header1 = std::string("\x17\x03\x03", 3);
if (std::memcmp(header1.data(), header, header1.size()) != 0) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS response header1 mismatch", this);
return;
}
uint32_t len1 = (header[3] << 8) + header[4];
if (len1 > 64 * 1024) {
closeSocket(1, -1);
if (LOGS_ENABLED) DEBUG_E("connection(%p) TLS response len1 invalid", this);
return;
} else {
tlsBuffer = BuffersStorage::getInstance().getFreeBuffer(len1);
tlsBufferSized = true;
buffer->position(pos + (5 - offset));
}
} else {
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response new data %d", this, buffer->remaining());
}
buffer->limit(std::min(buffer->position() + tlsBuffer->remaining(), buffer->limit()));
tlsBuffer->writeBytes(buffer);
buffer->limit((uint32_t) readCount);
if (tlsBuffer->remaining() == 0) {
tlsBuffer->rewind();
onReceivedData(tlsBuffer);
if (tlsBuffer == nullptr) {
return;
}
tlsBuffer->reuse();
tlsBuffer = nullptr;
} else {
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response wait for more data, total size %d, left %d", this, tlsBuffer->limit(), tlsBuffer->remaining());
}
} else {
if (tlsBuffer == nullptr) {
tlsBuffer = BuffersStorage::getInstance().getFreeBuffer(4);
tlsBufferSized = false;
}
tlsBuffer->writeBytes(buffer);
if (LOGS_ENABLED) DEBUG_D("connection(%p) TLS response wait for more data, not enough bytes for header, total = %d", this, (int) tlsBuffer->position());
}
}
} else {
onReceivedData(buffer);
}
}
}
if (readCount != READ_BUFFER_SIZE) {
break;
}
}
}
}
if (events & EPOLLOUT) {
int32_t error;
if (checkSocketError(&error) != 0) {
closeSocket(1, error);
return;
} else {
if (proxyAuthState != 0) {
if (proxyAuthState >= 10) {
if (proxyAuthState == 10) {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
tlsHashMismatch = false;
proxyAuthState = 11;
TlsHello hello = TlsHello::getDefault();
hello.setDomain(currentSecretDomain);
uint32_t size = hello.writeToBuffer(tempBuffer->bytes);
if (!(size = hello.writePadding(tempBuffer->bytes, size))) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) too much data for padding", this);
closeSocket(1, -1);
return;
}
uint32_t outLength;
HMAC(EVP_sha256(), currentSecret.data(), currentSecret.size(), tempBuffer->bytes, size, tempBuffer->bytes + 64 * 1024, &outLength);
int32_t currentTime = ConnectionsManager::getInstance(instanceNum).getCurrentTime();
int32_t old = ((int32_t *) (tempBuffer->bytes + 64 * 1024 + 28))[0];
((int32_t *) (tempBuffer->bytes + 64 * 1024 + 28))[0] = old ^ currentTime;
memcpy(tempBuffer->bytes + 11, tempBuffer->bytes + 64 * 1024, 32);
bytesRead = 0;
if (send(socketFd, tempBuffer->bytes, size, 0) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
closeSocket(1, -1);
return;
}
adjustWriteOp();
}
} else {
if (proxyAuthState == 1) {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
proxyAuthState = 2;
tempBuffer->bytes[0] = 0x05;
tempBuffer->bytes[1] = 0x02;
tempBuffer->bytes[2] = 0x00;
tempBuffer->bytes[3] = 0x02;
if (send(socketFd, tempBuffer->bytes, 4, 0) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
closeSocket(1, -1);
return;
}
adjustWriteOp();
} else if (proxyAuthState == 3) {
tempBuffer->bytes[0] = 0x01;
std::string *proxyUser;
std::string *proxyPassword;
if (!overrideProxyAddress.empty()) {
proxyUser = &overrideProxyUser;
proxyPassword = &overrideProxyPassword;
} else {
proxyUser = &ConnectionsManager::getInstance(instanceNum).proxyUser;
proxyPassword = &ConnectionsManager::getInstance(instanceNum).proxyPassword;
}
uint8_t len1 = (uint8_t) proxyUser->length();
uint8_t len2 = (uint8_t) proxyPassword->length();
tempBuffer->bytes[1] = len1;
memcpy(tempBuffer->bytes + 2, proxyUser->c_str(), len1);
tempBuffer->bytes[2 + len1] = len2;
memcpy(tempBuffer->bytes + 3 + len1, proxyPassword->c_str(), len2);
proxyAuthState = 4;
if (send(socketFd, tempBuffer->bytes, 3 + len1 + len2, 0) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
closeSocket(1, -1);
return;
}
adjustWriteOp();
} else if (proxyAuthState == 5) {
tempBuffer->bytes[0] = 0x05;
tempBuffer->bytes[1] = 0x01;
tempBuffer->bytes[2] = 0x00;
tempBuffer->bytes[3] = (uint8_t) (isIpv6 ? 0x04 : 0x01);
uint16_t networkPort = ntohs(currentPort);
inet_pton(isIpv6 ? AF_INET6 : AF_INET, currentAddress.c_str(), tempBuffer->bytes + 4);
memcpy(tempBuffer->bytes + 4 + (isIpv6 ? 16 : 4), &networkPort, sizeof(uint16_t));
proxyAuthState = 6;
if (send(socketFd, tempBuffer->bytes, 4 + (isIpv6 ? 16 : 4) + 2, 0) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
closeSocket(1, -1);
return;
}
adjustWriteOp();
}
}
} else {
if (!onConnectedSent) {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
if (LOGS_ENABLED) DEBUG_D("connection(%p) reset last event time, on connect", this);
onConnected();
onConnectedSent = true;
}
NativeByteBuffer *buffer = ConnectionsManager::getInstance(instanceNum).networkBuffer;
buffer->clear();
outgoingByteStream->get(buffer);
buffer->flip();
uint32_t remaining = buffer->remaining();
if (remaining) {
ssize_t sentLength;
if (tlsState != 0) {
if (remaining > 2878) {
remaining = 2878;
}
size_t headersSize = 0;
if (tlsState == 1) {
static std::string header1 = std::string("\x14\x03\x03\x00\x01\x01", 6);
std::memcpy(tempBuffer->bytes, header1.data(), header1.size());
headersSize += header1.size();
tlsState = 2;
}
static std::string header2 = std::string("\x17\x03\x03", 3);
std::memcpy(tempBuffer->bytes + headersSize, header2.data(), header2.size());
headersSize += header2.size();
tempBuffer->bytes[headersSize] = static_cast<uint8_t>((remaining >> 8) & 0xff);
tempBuffer->bytes[headersSize + 1] = static_cast<uint8_t>(remaining & 0xff);
headersSize += 2;
std::memcpy(tempBuffer->bytes + headersSize, buffer->bytes(), remaining);
if ((sentLength = send(socketFd, tempBuffer->bytes, headersSize + remaining, 0)) < headersSize) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) send failed", this);
closeSocket(1, -1);
return;
} else {
if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
ConnectionsManager::getInstance(instanceNum).delegate->onBytesSent((int32_t) sentLength, currentNetworkType, instanceNum);
}
outgoingByteStream->discard((uint32_t) (sentLength - headersSize));
adjustWriteOp();
}
} else {
if ((sentLength = send(socketFd, buffer->bytes(), remaining, 0)) < 0) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) send failed", this);
closeSocket(1, -1);
return;
} else {
if (ConnectionsManager::getInstance(instanceNum).delegate != nullptr) {
ConnectionsManager::getInstance(instanceNum).delegate->onBytesSent((int32_t) sentLength, currentNetworkType, instanceNum);
}
outgoingByteStream->discard((uint32_t) sentLength);
adjustWriteOp();
}
}
}
}
}
}
if (events & EPOLLHUP) {
if (LOGS_ENABLED) DEBUG_E("socket event has EPOLLHUP");
closeSocket(1, -1);
return;
} else if (events & EPOLLRDHUP) {
if (LOGS_ENABLED) DEBUG_E("socket event has EPOLLRDHUP");
closeSocket(1, -1);
return;
}
if (events & EPOLLERR) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll error", this);
return;
}
}
void ConnectionSocket::writeBuffer(uint8_t *data, uint32_t size) {
NativeByteBuffer *buffer = BuffersStorage::getInstance().getFreeBuffer(size);
buffer->writeBytes(data, size);
outgoingByteStream->append(buffer);
adjustWriteOp();
}
void ConnectionSocket::writeBuffer(NativeByteBuffer *buffer) {
outgoingByteStream->append(buffer);
adjustWriteOp();
}
void ConnectionSocket::adjustWriteOp() {
if (!waitingForHostResolve.empty()) {
adjustWriteOpAfterResolve = true;
return;
}
eventMask.events = EPOLLIN | EPOLLRDHUP | EPOLLERR | EPOLLET;
if (proxyAuthState == 0 && (outgoingByteStream->hasData() || !onConnectedSent) || proxyAuthState == 1 || proxyAuthState == 3 || proxyAuthState == 5 || proxyAuthState == 10) {
eventMask.events |= EPOLLOUT;
}
eventMask.data.ptr = eventObject;
if (epoll_ctl(ConnectionsManager::getInstance(instanceNum).epolFd, EPOLL_CTL_MOD, socketFd, &eventMask) != 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) epoll_ctl, modify socket failed", this);
closeSocket(1, -1);
}
}
void ConnectionSocket::setTimeout(time_t time) {
timeout = time;
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
if (LOGS_ENABLED) DEBUG_D("connection(%p) set current timeout = %lld", this, (long long) timeout);
}
time_t ConnectionSocket::getTimeout() {
return timeout;
}
bool ConnectionSocket::checkTimeout(int64_t now) {
if (timeout != 0 && (now - lastEventTime) > (int64_t) timeout * 1000) {
if (!onConnectedSent || hasPendingRequests()) {
closeSocket(2, 0);
return true;
} else {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
if (LOGS_ENABLED) DEBUG_D("connection(%p) reset last event time, no requests", this);
}
}
return false;
}
bool ConnectionSocket::hasTlsHashMismatch() {
return tlsHashMismatch;
}
void ConnectionSocket::resetLastEventTime() {
lastEventTime = ConnectionsManager::getInstance(instanceNum).getCurrentTimeMonotonicMillis();
}
bool ConnectionSocket::isDisconnected() {
return socketFd < 0;
}
void ConnectionSocket::dropConnection() {
closeSocket(0, 0);
}
void ConnectionSocket::setOverrideProxy(std::string address, uint16_t port, std::string username, std::string password, std::string secret) {
overrideProxyAddress = address;
overrideProxyPort = port;
overrideProxyUser = username;
overrideProxyPassword = password;
overrideProxySecret = secret;
}
void ConnectionSocket::onHostNameResolved(std::string host, std::string ip, bool ipv6) {
ConnectionsManager::getInstance(instanceNum).scheduleTask([&, host, ip, ipv6] {
if (waitingForHostResolve == host) {
waitingForHostResolve = "";
if (ip.empty() || (inet_pton(AF_INET, ip.c_str(), &socketAddress.sin_addr.s_addr) != 1 && inet_pton(AF_INET6, ip.c_str(), &socketAddress6.sin6_addr.s6_addr) != 1)) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't resolve host %s address via delegate", this, host.c_str());
closeSocket(1, -1);
return;
}
if (LOGS_ENABLED) DEBUG_D("connection(%p) resolved host %s address %s via delegate ipv6:%d", this, host.c_str(), ip.c_str(), ipv6);
// NekoX: ipv6 Proxy with domain resolved, fix socket
// Since default socket type is IPv4 (isProxyIPv6 == false)
if (!ConnectionsManager::getInstance(instanceNum).proxyAddress.empty() && ipv6) {
if (LOGS_ENABLED) DEBUG_D("connection(%p) recreate proxy socket when use resolved ipv6 address, host:%s, ip:%s, port:%d isIPv6: %d", this, host.c_str(), ip.c_str(), ConnectionsManager::getInstance(instanceNum).proxyPort, ipv6);
// recreate socket
close(socketFd);
if ((socketFd = socket(AF_INET6 , SOCK_STREAM, 0)) < 0) {
if (LOGS_ENABLED) DEBUG_E("connection(%p) can't recreate proxy socket when use resolved ipv6 address", this);
closeSocket(1, -1);
return;
}
socketAddress6.sin6_port = htons(ConnectionsManager::getInstance(instanceNum).proxyPort);
socketAddress6.sin6_family = AF_INET6;
}
openConnectionInternal(ipv6);
}
});
}