both: shadowsocks over tls

Author: liudongmiao

common.c

@@ -591,6 +591,44 @@ void tunnel_wss(struct bufferevent *raw, struct evhttp_connection *wss) {
     bufferevent_setcb(raw, raw_forward_cb, NULL, raw_event_cb_wss, wss);
 }
 
+static void wss_event_cb_ss(struct bufferevent *tev, short event, void *raw) {
+    uint16_t port;
+    struct evhttp_connection *wss;
+    (void) tev;
+    if (event & (BEV_EVENT_EOF | BEV_EVENT_ERROR)) {
+        bufferevent_getcb(raw, NULL, NULL, NULL, (void **) &wss);
+#ifdef WSS_PROXY_CLIENT
+        port = get_peer_port(raw);
+#endif
+#ifdef WSS_PROXY_SERVER
+        port = get_http_port(wss);
+#endif
+        LOGD("connection %u closing from wss %p (won't send close), event: 0x%02x", port, wss, event);
+        bufferevent_free(raw);
+        evhttp_connection_free(wss);
+    }
+}
+
+static void raw_forward_cb_ss(struct bufferevent *raw, void *wss) {
+    struct evbuffer *src;
+    struct evbuffer *dst;
+
+    src = bufferevent_get_input(raw);
+    dst = bufferevent_get_output(evhttp_connection_get_bufferevent(wss));
+    evbuffer_add_buffer(dst, src);
+}
+
+void tunnel_ss(struct bufferevent *raw, struct evhttp_connection *wss) {
+    struct bufferevent *tev;
+
+    tev = evhttp_connection_get_bufferevent(wss);
+    bufferevent_enable(tev, EV_READ | EV_WRITE);
+    bufferevent_setcb(tev, wss_forward_cb, NULL, wss_event_cb_ss, raw);
+
+    bufferevent_enable(raw, EV_READ | EV_WRITE);
+    bufferevent_setcb(raw, raw_forward_cb_ss, NULL, raw_event_cb, wss);
+}
+
 #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
 void ssl_keylog_callback(const SSL *ssl, const char *line) {
     char *keylog_file_name;

common.h

@@ -94,6 +94,11 @@ void tunnel_wss(struct bufferevent *raw, struct evhttp_connection *wss);
  */
 int send_close(struct bufferevent *raw, uint16_t reason);
 
+#define X_UPGRADE "X-Upgrade"
+#define SHADOWSOCKS "shadowsocks"
+#define IS_SHADOWSOCKS(x) (x != NULL && !evutil_ascii_strcasecmp(x, SHADOWSOCKS))
+void tunnel_ss(struct bufferevent *raw, struct evhttp_connection *wss);
+
 #ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
 void ssl_keylog_callback(const SSL *ssl, const char *line);
 #endif

run-test.sh

@@ -95,3 +95,15 @@ fi
 
 echo "cleaning..."
 sleep 1
+kill $lpid
+sleep 1
+echo wss-proxy client - wss-proxy server - ss
+ss-local -l $lport -s 127.0.0.1 -p $sport -m chacha20-ietf-poly1305 -k sip003 --plugin ./wss-proxy-client --plugin-opts "mux=0;ws=0" &
+lpid=$!
+sleep 1
+if ! check; then
+    exit 1
+fi
+
+echo "cleaning..."
+sleep 1

wss-proxy-client.c

@@ -11,7 +11,8 @@
 #include "common.h"
 
 struct wss_server_info {
-    uint8_t tls;
+    uint8_t tls: 1;
+    uint8_t ws: 1;
     uint16_t port;
     const char *addr;
     const char *host;
@@ -60,6 +61,7 @@ static int init_wss_addr(struct wss_server_info *server) {
     int port;
     char *end;
     int mux = 1;
+    char *wss;
     const char *loglevel;
     const char *remote_host = getenv("SS_REMOTE_HOST");
     const char *remote_port = getenv("SS_REMOTE_PORT");
@@ -124,6 +126,14 @@ static int init_wss_addr(struct wss_server_info *server) {
         mux = (int) strtol(end, NULL, 10);
     }
 
+    // wss
+    if ((end = strstr(options, "ws=")) != NULL) {
+        end += 3;
+        server->ws = (int) strtol(end, NULL, 10);
+    } else {
+        server->ws = 1;
+    }
+
     // strip
     if ((end = strstr(server->host, ";")) != NULL) {
         *end = '\0';
@@ -132,8 +142,21 @@ static int init_wss_addr(struct wss_server_info *server) {
         *end = '\0';
     }
 
-    LOGI("wss client %s:%d (%s://%s%s)", remote_host, port, server->tls ? "wss" : "ws", server->host, server->path);
-    if (mux) {
+    if (server->ws) {
+        if (server->tls) {
+            wss = "wss";
+        } else {
+            wss = "ws";
+        }
+    } else {
+        if (server->tls) {
+            wss = "sss";
+        } else {
+            wss = "ss";
+        }
+    }
+    LOGI("wss client %s:%d (%s://%s%s)", remote_host, port, wss, server->host, server->path);
+    if (server->ws && mux) {
         LOGW("mux %d is unsupported", mux);
     }
     return 0;
@@ -159,7 +182,11 @@ static void http_request_cb(struct evhttp_request *req, void *raw) {
     int status = req == NULL ? -1 : evhttp_request_get_response_code(req);
     bufferevent_getcb(raw, NULL, NULL, NULL, (void **) &wss);
     if (status == 101 && is_websocket_handshake(req)) {
-        tunnel_wss(raw, wss);
+        if (IS_SHADOWSOCKS(evhttp_find_header(evhttp_request_get_input_headers(req), X_UPGRADE))) {
+            tunnel_ss(raw, wss);
+        } else {
+            tunnel_wss(raw, wss);
+        }
     } else {
         LOGE("wss fail for peer %d, status: %d", get_peer_port(raw), status);
         bufferevent_free(raw);
@@ -240,6 +267,9 @@ static struct evhttp_connection *connect_wss(struct wss_proxy_context *context,
 #endif
     evhttp_add_header(output_headers, "Sec-WebSocket-Version", "13");
     evhttp_add_header(output_headers, "User-Agent", context->user_agent);
+    if (!context->server.ws) {
+        evhttp_add_header(output_headers, X_UPGRADE, SHADOWSOCKS);
+    }
 
     if (evhttp_make_request(wss, req, EVHTTP_REQ_GET, context->server.path)) {
         LOGE("cannot make http request for peer %d", port);

wss-proxy-server.c

@@ -99,6 +99,7 @@ static void generic_request_handler(struct evhttp_request *req, void *ctx) {
     struct raw_server_info *raw_server_info = ctx;
     char sec_websocket_accept[29];
     struct evkeyvalq *headers = evhttp_request_get_output_headers(req);
+    int ss;
 
     if (!do_websocket_handshake(req, sec_websocket_accept)) {
         goto error;
@@ -120,9 +121,17 @@ static void generic_request_handler(struct evhttp_request *req, void *ctx) {
     evhttp_add_header(headers, "Upgrade", "websocket");
     evhttp_add_header(headers, "Connection", "Upgrade");
     evhttp_add_header(headers, "Sec-WebSocket-Accept", (char *) sec_websocket_accept);
+    ss = IS_SHADOWSOCKS(evhttp_find_header(evhttp_request_get_input_headers(req), X_UPGRADE));
+    if (ss) {
+        evhttp_add_header(headers, X_UPGRADE, SHADOWSOCKS);
+    }
     evhttp_send_reply(req, 101, "Switching Protocols", NULL);
 
-    tunnel_wss(raw, wss);
+    if (ss) {
+        tunnel_ss(raw, wss);
+    } else {
+        tunnel_wss(raw, wss);
+    }
     return;
 error:
     evhttp_send_error(req, HTTP_BADREQUEST, "Bad Request");