Soullies/ichni_Official
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebd5dafa2dec154bd695f9dad80bd9665a8638df
ichni_Official/Packages/com.tivadar.best.http/Runtime/HTTP/Proxies/Implementations/SOCKSV5Negotiator.cs
stevesensei 2b9f134e5f add all
2026-06-15 18:18:16 +08:00

472 lines
22 KiB
C#
Raw Blame History

#if !UNITY_WEBGL || UNITY_EDITOR
using System;
using System.Text;
using System.Threading;
using Best.HTTP.Shared;
using Best.HTTP.Shared.Extensions;
using Best.HTTP.Shared.PlatformSupport.Memory;
using Best.HTTP.Shared.PlatformSupport.Network.Tcp;
using Best.HTTP.Shared.Streams;
namespace Best.HTTP.Proxies.Implementations
{
internal enum SOCKSVersions : byte
{
Unknown = 0x00,
V5 = 0x05
}
/// <summary>
/// https://tools.ietf.org/html/rfc1928
/// The values currently defined for METHOD are:
/// o X'00' NO AUTHENTICATION REQUIRED
/// o X'01' GSSAPI
/// o X'02' USERNAME/PASSWORD
/// o X'03' to X'7F' IANA ASSIGNED
/// o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
/// o X'FF' NO ACCEPTABLE METHODS
/// </summary>
internal enum SOCKSMethods : byte
{
NoAuthenticationRequired = 0x00,
GSSAPI = 0x01,
UsernameAndPassword = 0x02,
NoAcceptableMethods = 0xFF
}
internal enum SOCKSReplies : byte
{
Succeeded = 0x00,
GeneralSOCKSServerFailure = 0x01,
ConnectionNotAllowedByRuleset = 0x02,
NetworkUnreachable = 0x03,
HostUnreachable = 0x04,
ConnectionRefused = 0x05,
TTLExpired = 0x06,
CommandNotSupported = 0x07,
AddressTypeNotSupported = 0x08
}
internal enum SOCKSAddressTypes
{
IPV4 = 0x00,
DomainName = 0x03,
IPv6 = 0x04
}
internal sealed class SOCKSV5Negotiator : IContentConsumer
{
public PeekableContentProviderStream ContentProvider { get; private set; }
enum NegotiationStates
{
MethodSelection,
ExpectAuthenticationResponse,
ConnectResponse
}
NegotiationStates _state;
SOCKSProxy _proxy;
ProxyConnectParameters _parameters;
public SOCKSV5Negotiator(SOCKSProxy proxy, ProxyConnectParameters parameters)
{
this._proxy = proxy;
this._parameters = parameters;
//(this._parameters.stream as IPeekableContentProvider).Consumer = this;
(this._parameters.stream as PeekableContentProviderStream).SetTwoWayBinding(this);
SendHandshake();
}
public void SetBinding(PeekableContentProviderStream contentProvider) => this.ContentProvider = contentProvider;
public void UnsetBinding() => this.ContentProvider = null;
public void OnConnectionClosed()
{
CallOnError(new Exception($"{nameof(SOCKSV5Negotiator)}: connection closed unexpectedly!"));
}
public void OnError(Exception ex)
{
CallOnError(ex);
}
void SendHandshake()
{
var buffer = BufferPool.Get(1024, true);
try
{
int count = 0;
// https://tools.ietf.org/html/rfc1928
// The client connects to the server, and sends a version
// identifier/method selection message:
//
// +----+----------+----------+
// |VER | NMETHODS | METHODS |
// +----+----------+----------+
// | 1 | 1 | 1 to 255 |
// +----+----------+----------+
//
// The VER field is set to X'05' for this version of the protocol. The
// NMETHODS field contains the number of method identifier octets that
// appear in the METHODS field.
//
buffer[count++] = (byte)SOCKSVersions.V5;
if (this._proxy.Credentials != null)
{
buffer[count++] = 0x02; // method count
buffer[count++] = (byte)SOCKSMethods.UsernameAndPassword;
buffer[count++] = (byte)SOCKSMethods.NoAuthenticationRequired;
}
else
{
buffer[count++] = 0x01; // method count
buffer[count++] = (byte)SOCKSMethods.NoAuthenticationRequired;
}
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Sending method negotiation - buffer: {buffer.AsBuffer(count)} ", this._parameters.context);
// enqueue buffer and move its ownership to the tcp streamer
this._parameters.stream.Write(buffer.AsBuffer(count));
// null out the buffer so it won't be released
buffer = null;
}
catch (Exception ex)
{
CallOnError(ex);
}
finally
{
BufferPool.Release(buffer);
}
}
void SendConnect()
{
// The SOCKS request is formed as follows:
//
// +----+-----+-------+------+----------+----------+
// |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
// +----+-----+-------+------+----------+----------+
// | 1 | 1 | X'00' | 1 | Variable | 2 |
// +----+-----+-------+------+----------+----------+
//
// Where:
//
// o VER protocol version: X'05'
// o CMD
// o CONNECT X'01'
// o BIND X'02'
// o UDP ASSOCIATE X'03'
// o RSV RESERVED
// o ATYP address type of following address
// o IP V4 address: X'01'
// o DOMAINNAME: X'03'
// o IP V6 address: X'04'
// o DST.ADDR desired destination address
// o DST.PORT desired destination port in network octet
// order
var buffer = BufferPool.Get(512, true);
int count = 0;
buffer[count++] = (byte)SOCKSVersions.V5; // version: 5
buffer[count++] = 0x01; // command: connect
buffer[count++] = 0x00; // reserved, bust be 0x00
if (this._parameters.uri.IsHostIsAnIPAddress())
{
bool isIPV4 = Extensions.IsIpV4AddressValid(this._parameters.uri.Host);
buffer[count++] = isIPV4 ? (byte)SOCKSAddressTypes.IPV4 : (byte)SOCKSAddressTypes.IPv6;
var ipAddress = System.Net.IPAddress.Parse(this._parameters.uri.Host);
var ipBytes = ipAddress.GetAddressBytes();
WriteBytes(buffer, ref count, ipBytes); // destination address
}
else
{
buffer[count++] = (byte)SOCKSAddressTypes.DomainName;
// The first octet of the address field contains the number of octets of name that
// follow, there is no terminating NUL octet.
WriteString(buffer, ref count, this._parameters.uri.Host);
}
// destination port in network octet order
buffer[count++] = (byte)((this._parameters.uri.Port >> 8) & 0xFF);
buffer[count++] = (byte)(this._parameters.uri.Port & 0xFF);
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Sending connect request - buffer: {buffer.AsBuffer(count)} ", this._parameters.context);
this._parameters.stream.Write(buffer.AsBuffer(count));
this._state = NegotiationStates.ConnectResponse;
}
public void OnContent()
{
try
{
switch (this._state)
{
case NegotiationStates.MethodSelection:
{
if (this.ContentProvider.Length < 2)
return;
// Read method selection result
//count = stream.Read(buffer, 0, buffer.Length);
var buffer = BufferPool.Get(BufferPool.MIN_BUFFER_SIZE, true);
int count = this.ContentProvider.Read(buffer, 0, buffer.Length);
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Negotiation response - count: {count} buffer: {buffer.AsBuffer(count)}", this._parameters.context);
// The server selects from one of the methods given in METHODS, and
// sends a METHOD selection message:
//
// +----+--------+
// |VER | METHOD |
// +----+--------+
// | 1 | 1 |
// +----+--------+
//
// If the selected METHOD is X'FF', none of the methods listed by the
// client are acceptable, and the client MUST close the connection.
//
// The values currently defined for METHOD are:
//
// o X'00' NO AUTHENTICATION REQUIRED
// o X'01' GSSAPI
// o X'02' USERNAME/PASSWORD
// o X'03' to X'7F' IANA ASSIGNED
// o X'80' to X'FE' RESERVED FOR PRIVATE METHODS
// o X'FF' NO ACCEPTABLE METHODS
//
// The client and server then enter a method-specific sub-negotiation.
SOCKSVersions version = (SOCKSVersions)buffer[0];
SOCKSMethods method = (SOCKSMethods)buffer[1];
// Expected result:
// 1.) Received bytes' count is 2: version + preferred method
// 2.) Version must be 5
// 3.) Preferred method must NOT be 0xFF
if (count != 2)
throw new Exception($"SOCKS Proxy - Expected read count: 2! buffer: {buffer.AsBuffer(count)}");
else if (version != SOCKSVersions.V5)
throw new Exception("SOCKS Proxy - Expected version: 5, received version: " + buffer[0].ToString("X2"));
else if (method == SOCKSMethods.NoAcceptableMethods)
throw new Exception("SOCKS Proxy - Received 'NO ACCEPTABLE METHODS' (0xFF)");
else
{
HTTPManager.Logger.Information("SOCKSProxy", "Method negotiation over. Method: " + method.ToString(), this._parameters.context);
switch (method)
{
case SOCKSMethods.NoAuthenticationRequired:
SendConnect();
break;
case SOCKSMethods.UsernameAndPassword:
if (this._proxy.Credentials.UserName.Length > 255)
throw new Exception($"SOCKS Proxy - Credentials.UserName too long! {this._proxy.Credentials.UserName.Length} > 255");
if (this._proxy.Credentials.Password.Length > 255)
throw new Exception($"SOCKS Proxy - Credentials.Password too long! {this._proxy.Credentials.Password.Length} > 255");
// https://tools.ietf.org/html/rfc1929 : Username/Password Authentication for SOCKS V5
// Once the SOCKS V5 server has started, and the client has selected the
// Username/Password Authentication protocol, the Username/Password
// subnegotiation begins. This begins with the client producing a
// Username/Password request:
//
// +----+------+----------+------+----------+
// |VER | ULEN | UNAME | PLEN | PASSWD |
// +----+------+----------+------+----------+
// | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
// +----+------+----------+------+----------+
HTTPManager.Logger.Information("SOCKSProxy", "starting sub-negotiation", this._parameters.context);
count = 0;
buffer[count++] = 0x01; // version of sub negotiation
WriteString(buffer, ref count, this._proxy.Credentials.UserName);
WriteString(buffer, ref count, this._proxy.Credentials.Password);
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Sending username and password sub-negotiation - buffer: {buffer.AsBuffer(count)} ", this._parameters.context);
// Write negotiation and transfer ownership of buffer
this._parameters.stream.Write(buffer.AsBuffer(count));
this._state = NegotiationStates.ExpectAuthenticationResponse;
break;
case SOCKSMethods.GSSAPI:
throw new Exception("SOCKS proxy: GSSAPI not supported!");
case SOCKSMethods.NoAcceptableMethods:
throw new Exception("SOCKS proxy: No acceptable method");
}
}
break;
}
case NegotiationStates.ExpectAuthenticationResponse:
{
if (this.ContentProvider.Length < 2)
return;
// Read result
var buffer = BufferPool.Get(512, true);
var count = this._parameters.stream.Read(buffer, 0, buffer.Length);
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Username and password sub-negotiation response - buffer: {buffer.AsBuffer(count)} ", this._parameters.context);
// The server verifies the supplied UNAME and PASSWD, and sends the
// following response:
//
// +----+--------+
// |VER | STATUS |
// +----+--------+
// | 1 | 1 |
// +----+--------+
// A STATUS field of X'00' indicates success. If the server returns a
// `failure' (STATUS value other than X'00') status, it MUST close the
// connection.
bool success = buffer[1] == 0;
if (count != 2)
throw new Exception($"SOCKS Proxy - Expected read count: 2! buffer: {buffer.AsBuffer(count)}");
else if (!success)
throw new Exception("SOCKS proxy: username+password authentication failed!");
HTTPManager.Logger.Information("SOCKSProxy", "Authenticated!", this._parameters.context);
// Send connect
SendConnect();
break;
}
case NegotiationStates.ConnectResponse:
{
if (this.ContentProvider.Length < 10)
return;
var buffer = BufferPool.Get(512, true);
var count = this._parameters.stream.Read(buffer, 0, buffer.Length);
if (HTTPManager.Logger.IsDiagnostic)
HTTPManager.Logger.Information("SOCKSProxy", $"Connect response - buffer: {buffer.AsBuffer(count)} ", this._parameters.context);
// The SOCKS request information is sent by the client as soon as it has
// established a connection to the SOCKS server, and completed the
// authentication negotiations. The server evaluates the request, and
// returns a reply formed as follows:
//
// +----+-----+-------+------+----------+----------+
// |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
// +----+-----+-------+------+----------+----------+
// | 1 | 1 | X'00' | 1 | Variable | 2 |
// +----+-----+-------+------+----------+----------+
//
// Where:
// o VER protocol version: X'05'
// o REP Reply field:
// o X'00' succeeded
// o X'01' general SOCKS server failure
// o X'02' connection not allowed by ruleset
// o X'03' Network unreachable
// o X'04' Host unreachable
// o X'05' Connection refused
// o X'06' TTL expired
// o X'07' Command not supported
// o X'08' Address type not supported
// o X'09' to X'FF' unassigned
// o RSV RESERVED
// o ATYP address type of following address
// o IP V4 address: X'01'
// o DOMAINNAME: X'03'
// o IP V6 address: X'04'
// o BND.ADDR server bound address
// o BND.PORT server bound port in network octet order
//
// Fields marked RESERVED (RSV) must be set to X'00'.
SOCKSVersions version = (SOCKSVersions)buffer[0];
SOCKSReplies reply = (SOCKSReplies)buffer[1];
// at least 10 bytes expected as a result
if (count < 10)
throw new Exception($"SOCKS proxy: not enough data returned by the server. Expected count is at least 10 bytes, server returned {count} bytes! content: {buffer.AsBuffer(count)}");
else if (reply != SOCKSReplies.Succeeded)
throw new Exception("SOCKS proxy error: " + reply.ToString());
HTTPManager.Logger.Information("SOCKSProxy", "Connected!", this._parameters.context);
CallOnSuccess();
break;
}
}
}
catch(Exception ex)
{
CallOnError(ex);
}
}
void CallOnError(Exception ex)
{
var callback = Interlocked.Exchange(ref this._parameters.OnError, null);
Interlocked.Exchange(ref this._parameters.OnSuccess, null);
this.ContentProvider.Unbind();
callback?.Invoke(this._parameters, ex, false);
}
void CallOnSuccess()
{
var callback = Interlocked.Exchange(ref this._parameters.OnSuccess, null);
Interlocked.Exchange(ref this._parameters.OnError, null);
this.ContentProvider.Unbind();
callback?.Invoke(this._parameters);
}
private void WriteString(byte[] buffer, ref int count, string str)
{
// Get the bytes
int byteCount = Encoding.UTF8.GetByteCount(str);
if (byteCount > 255)
throw new Exception(string.Format("SOCKS Proxy - String is too large ({0}) to fit in 255 bytes!", byteCount.ToString()));
// number of bytes
buffer[count++] = (byte)byteCount;
// and the bytes itself
Encoding.UTF8.GetBytes(str, 0, str.Length, buffer, count);
count += byteCount;
}
private void WriteBytes(byte[] buffer, ref int count, byte[] bytes)
{
Array.Copy(bytes, 0, buffer, count, bytes.Length);
count += bytes.Length;
}
}
}
#endif
Reference in New Issue View Git Blame Copy Permalink