Merge branch 'release/1.1'

Conflicts: README.md
dearplain · May 26, 2013 · 34c04a8 · 34c04a8
2 parents 61d94bc + 81c94a5
commit 34c04a8
Show file tree

Hide file tree

Showing 12 changed files with 416 additions and 144 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # shadowsocks-go
 
-Current version: 1.0 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
+Current version: 1.1 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
 
 shadowsocks-go is a lightweight tunnel proxy which can help you get through firewalls. It is a port of [shadowsocks](https://github.com/clowwindy/shadowsocks).
 
@@ -33,7 +33,8 @@ Configuration file is in json format and has the same syntax with [shadowsocks-n
 server          your server ip or hostname
 server_port     server port
 local_port      local socks5 proxy port
-method          encryption method, null by default, or use "rc4"
+method          encryption method, null by default, or use any of the following:
+                    aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4
 password        a password used to encrypt transfer
 timeout         server option, in seconds
 ```

diff --git a/cmd/shadowsocks-local/local.go b/cmd/shadowsocks-local/local.go
@@ -150,7 +150,7 @@ func getRequest(conn net.Conn) (rawaddr []byte, host string, err error) {
 
 type ServerCipher struct {
 	server string
-	cipher ss.Cipher
+	cipher *ss.Cipher
 }
 
 var servers struct {
@@ -191,7 +191,7 @@ func parseServerConfig(config *ss.Config) {
 		n := len(config.ServerPassword)
 		servers.srvCipher = make([]*ServerCipher, n)
 
-		cipherCache := make(map[string]ss.Cipher)
+		cipherCache := make(map[string]*ss.Cipher)
 		i := 0
 		for _, serverInfo := range config.ServerPassword {
 			if len(serverInfo) < 2 || len(serverInfo) > 3 {

diff --git a/cmd/shadowsocks-server/server.go b/cmd/shadowsocks-server/server.go
@@ -264,7 +264,7 @@ func run(port, password string) {
 		return
 	}
 	passwdManager.add(port, password, ln)
-	var cipher ss.Cipher
+	var cipher *ss.Cipher
 	log.Printf("server listening port %v ...\n", port)
 	for {
 		conn, err := ln.Accept()
@@ -278,8 +278,9 @@ func run(port, password string) {
 			log.Println("creating cipher for port:", port)
 			cipher, err = ss.NewCipher(config.Method, password)
 			if err != nil {
-				log.Printf("Error generating cipher for port: %s password: %s\n", port, password)
-				return
+				log.Printf("Error generating cipher for port: %s %v\n", port, err)
+				conn.Close()
+				continue
 			}
 		}
 		go handleConnection(ss.NewConn(conn, cipher.Copy()))
@@ -345,6 +346,10 @@ func main() {
 	} else {
 		ss.UpdateConfig(config, &cmdConfig)
 	}
+	if err = ss.CheckCipherMethod(config.Method); err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
 	if err = unifyPortPassword(config); err != nil {
 		os.Exit(1)
 	}

diff --git a/config.json b/config.json
@@ -3,5 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
+    "method": null,
     "timeout":600
 }
diff --git a/script/build.sh b/script/build.sh
@@ -5,8 +5,6 @@ cd "$( dirname "${BASH_SOURCE[0]}" )/.."
 version=`grep 'const version = ' ./shadowsocks/util.go | sed -e 's/.*= //' | sed -e 's/"//g'`
 echo "creating shadowsocks binary version $version"
 
-export CGO_ENABLED=0
-
 ROOT=`pwd`
 bindir=$ROOT/bin
 mkdir -p $bindir
@@ -16,6 +14,13 @@ build() {
     local GOOS
     local GOARCH
 
+    if [[ $1 == "darwin" ]]; then
+        # Enable CGO for OS X so change network location will not cause problem.
+        export CGO_ENABLED=1
+    else
+        export CGO_ENABLED=0
+    fi
+
     prog=shadowsocks-$4
     pushd cmd/$prog
     name=$prog-$3-$version

diff --git a/script/test.sh b/script/test.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-OPTION="-p 8389 -k foobar -d"
+OPTION="-p 8389 -k foobar"
 LOCAL_PORT="1090"
 SOCKS="127.0.0.1:$LOCAL_PORT"
 
@@ -14,25 +14,21 @@ test_get() {
         code="200"
     fi
 
-    # get 5 times
-    for i in {1..2}; do
-        # -s silent to disable progress meter, but enable --show-error
-        # -i to include http header
-        # -L to follow redirect so we should always get HTTP 200
-        cont=`curl --socks5 $SOCKS -s --show-error -i -L $url 2>&1`
-        ok=`echo $cont | grep -E -o "HTTP/1\.1 +$code"`
-        html=`echo $cont | grep -E -o -i "$target"`
-        if [[ -z $ok || -z $html ]] ; then
-            echo "=============================="
-            echo "GET $url FAILED!!!"
-            echo "$ok"
-            echo "$html"
-            echo $cont
-            echo "=============================="
-            return 1
-        fi
-        sleep 0.3
-    done
+    # -s silent to disable progress meter, but enable --show-error
+    # -i to include http header
+    # -L to follow redirect so we should always get HTTP 200
+    cont=`curl --socks5 $SOCKS -s --show-error -i -L $url 2>&1`
+    ok=`echo $cont | grep -E -o "HTTP/1\.1 +$code"`
+    html=`echo $cont | grep -E -o -i "$target"`
+    if [[ -z $ok || -z $html ]] ; then
+        echo "=============================="
+        echo "GET $url FAILED!!!"
+        echo "$ok"
+        echo "$html"
+        echo $cont
+        echo "=============================="
+        return 1
+    fi
     return 0
 }
 
@@ -44,21 +40,21 @@ test_shadowsocks() {
     url=$1
     method=$2
 
-    shadowsocks-server $OPTION -m "$method" &
+    $SERVER $OPTION -m "$method" &
     server_pid=$!
-    shadowsocks-local $OPTION -s 127.0.0.1 -l $LOCAL_PORT -m "$method" &
+    $LOCAL $OPTION -s 127.0.0.1 -l $LOCAL_PORT -m "$method" &
     local_pid=$!
 
     # wait server and client finish startup
     sleep 1
 
-    # get 5 times
-    for i in {1..5}; do
+    for i in {1..3}; do
         if ! test_get $url "<html"; then
             kill -SIGTERM $server_pid
             kill -SIGTERM $local_pid
-            return 1
+            exit 1
         fi
+        sleep 0.3
     done
     echo "=============================="
     echo "GET $url $method passed"
@@ -68,6 +64,35 @@ test_shadowsocks() {
     sleep 1
 }
 
-test_shadowsocks baidu.com
-test_shadowsocks baidu.com rc4
+test_server_local_pair() {
+    echo "============================================================"
+    echo "server: $SERVER, local: $LOCAL"
+    echo "============================================================"
+    test_shadowsocks baidu.com table
+    test_shadowsocks baidu.com rc4
+    test_shadowsocks baidu.com aes-128-cfb
+    test_shadowsocks baidu.com aes-192-cfb
+    test_shadowsocks baidu.com aes-256-cfb
+    test_shadowsocks baidu.com bf-cfb
+    test_shadowsocks baidu.com des-cfb
+    test_shadowsocks baidu.com cast5-cfb
+}
+
+SERVER="shadowsocks-server"
+LOCAL="shadowsocks-local"
+test_server_local_pair
+
+if [ -n $SS_NODEJS ]; then
+    pushd $SS_NODEJS
+
+    SERVER="node server.js"
+    LOCAL="shadowsocks-local"
+    test_server_local_pair
+
+    SERVER="shadowsocks-server"
+    LOCAL="node local.js"
+    test_server_local_pair
+
+    popd $SS_NODEJS
+fi
 
diff --git a/script/upload.sh b/script/upload.sh
@@ -26,6 +26,6 @@ upload "$version Windows Client 32bit" bin/shadowsocks-local-win32-$version.zip
 upload "$version Linux Server 32bit" bin/shadowsocks-server-linux32-$version.gz
 upload "$version Linux Server 64bit" bin/shadowsocks-server-linux64-$version.gz
 
-upload "$version Linux Server deb 32bit" bin/shadowsocks-go_$version-1-i386.deb
+upload "$version Linux Server deb 32bit" bin/shadowsocks-go_$version-1-386.deb
 upload "$version Linux Server deb 64bit" bin/shadowsocks-go_$version-1-amd64.deb
 
diff --git a/shadowsocks/config.go b/shadowsocks/config.go
@@ -120,4 +120,7 @@ func UpdateConfig(old, new *Config) {
 			}
 		}
 	}
+	if old.Method == "table" {
+		old.Method = ""
+	}
 }
diff --git a/shadowsocks/conn.go b/shadowsocks/conn.go
@@ -4,16 +4,17 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
+	"io"
 	"net"
 	"strconv"
 )
 
 type Conn struct {
 	net.Conn
-	Cipher
+	*Cipher
 }
 
-func NewConn(cn net.Conn, cipher Cipher) *Conn {
+func NewConn(cn net.Conn, cipher *Cipher) *Conn {
 	return &Conn{cn, cipher}
 }
 
@@ -42,7 +43,7 @@ func RawAddr(addr string) (buf []byte, err error) {
 // This is intended for use by users implementing a local socks proxy.
 // rawaddr shoud contain part of the data in socks request, starting from the
 // ATYP field. (Refer to rfc1928 for more information.)
-func DialWithRawAddr(rawaddr []byte, server string, cipher Cipher) (c *Conn, err error) {
+func DialWithRawAddr(rawaddr []byte, server string, cipher *Cipher) (c *Conn, err error) {
 	conn, err := net.Dial("tcp", server)
 	if err != nil {
 		return
@@ -56,7 +57,7 @@ func DialWithRawAddr(rawaddr []byte, server string, cipher Cipher) (c *Conn, err
 }
 
 // addr should be in the form of host:port
-func Dial(addr, server string, cipher Cipher) (c *Conn, err error) {
+func Dial(addr, server string, cipher *Cipher) (c *Conn, err error) {
 	ra, err := RawAddr(addr)
 	if err != nil {
 		return
@@ -65,17 +66,36 @@ func Dial(addr, server string, cipher Cipher) (c *Conn, err error) {
 }
 
 func (c Conn) Read(b []byte) (n int, err error) {
-	cipherData := make([]byte, len(b), len(b))
+	if c.dec == nil {
+		iv := make([]byte, c.info.ivLen)
+		if _, err = io.ReadFull(c.Conn, iv); err != nil {
+			return
+		}
+		if err = c.initDecrypt(iv); err != nil {
+			return
+		}
+	}
+	cipherData := make([]byte, len(b))
 	n, err = c.Conn.Read(cipherData)
 	if n > 0 {
-		c.Decrypt(b[0:n], cipherData[0:n])
+		c.decrypt(b[0:n], cipherData[0:n])
 	}
 	return
 }
 
 func (c Conn) Write(b []byte) (n int, err error) {
-	cipherData := make([]byte, len(b), len(b))
-	c.Encrypt(cipherData, b)
+	if c.enc == nil {
+		var iv []byte
+		iv, err = c.initEncrypt()
+		if err != nil {
+			return
+		}
+		if _, err = c.Conn.Write(iv); err != nil {
+			return
+		}
+	}
+	cipherData := make([]byte, len(b))
+	c.encrypt(cipherData, b)
 	n, err = c.Conn.Write(cipherData)
 	return
 }