diff --git a/main.go b/main.go index 85d2137..9d90446 100644 --- a/main.go +++ b/main.go @@ -169,11 +169,7 @@ func loadConfiguration(configFilePath string) (*SocksJsonConfig, error) { return &config, nil } -func main() { - config, err := loadConfiguration("/etc/fw-daemon-socks.json") - if err != nil { - panic(err) - } +func getSocksChainConfig(config *SocksJsonConfig) *socksChainConfig { // XXX fields := strings.Split(config.TorSocks, ":") torSocksNet := fields[0] @@ -181,12 +177,23 @@ func main() { fields = strings.Split(config.SocksListener, ":") socksListenNet := fields[0] socksListenAddr := fields[1] - socksConfig := SocksChainConfig{ + socksConfig := socksChainConfig{ TargetSocksNet: torSocksNet, TargetSocksAddr: torSocksAddr, ListenSocksNet: socksListenNet, ListenSocksAddr: socksListenAddr, } + return &socksConfig +} + +func main() { + // XXX should this really be hardcoded? + // or should i add a CLI to specify config file location? + config, err := loadConfiguration("/etc/fw-daemon-socks.json") + if err != nil { + panic(err) + } + socksConfig := getSocksChainConfig(config) logBackend := setupLoggerBackend() log.SetBackend(logBackend) @@ -225,7 +232,9 @@ func main() { */ wg := sync.WaitGroup{} - InitSocksListener(&socksConfig, &wg) + chain := NewSocksChain(socksConfig, &wg, ds) + chain.start() + fw.runFilter() // observe process signals and either @@ -240,7 +249,7 @@ func main() { select { case <-sigHupChan: fw.reloadRules() - // XXX perhaps restart SOCKS proxy chain service? + // XXX perhaps restart SOCKS proxy chain service with new proxy config specification? case <-sigKillChan: fw.stop() return diff --git a/socks_server_chain.go b/socks_server_chain.go index 1f185dc..6d95f3d 100644 --- a/socks_server_chain.go +++ b/socks_server_chain.go @@ -9,43 +9,58 @@ import ( "github.com/subgraph/fw-daemon/socks5" ) -type SocksChainConfig struct { +type socksChainConfig struct { TargetSocksNet string TargetSocksAddr string ListenSocksNet string ListenSocksAddr string } -type session struct { - cfg *SocksChainConfig +type socksChain struct { + cfg *socksChainConfig + dbus *dbusServer + listener net.Listener + wg *sync.WaitGroup +} +type socksChainSession struct { + cfg *socksChainConfig clientConn net.Conn upstreamConn net.Conn + req *socks5.Request + bndAddr *socks5.Address + optData []byte +} - req *socks5.Request - bndAddr *socks5.Address - optData []byte +func NewSocksChain(cfg *socksChainConfig, wg *sync.WaitGroup, dbus *dbusServer) *socksChain { + chain := socksChain{ + cfg: cfg, + dbus: dbus, + wg: wg, + } + return &chain } -// InitSocksListener initializes the SOCKS 5 server and starts +// Start initializes the SOCKS 5 server and starts // accepting connections. -func InitSocksListener(cfg *SocksChainConfig, wg *sync.WaitGroup) { - ln, err := net.Listen(cfg.ListenSocksNet, cfg.ListenSocksAddr) +func (s *socksChain) start() { + var err error + s.listener, err = net.Listen(s.cfg.ListenSocksNet, s.cfg.ListenSocksAddr) if err != nil { log.Error("ERR/socks: Failed to listen on the socks address: %v", err) os.Exit(1) } - wg.Add(1) - go socksAcceptLoop(cfg, ln, wg) + s.wg.Add(1) + go s.socksAcceptLoop() } -func socksAcceptLoop(cfg *SocksChainConfig, ln net.Listener, wg *sync.WaitGroup) error { - defer wg.Done() - defer ln.Close() +func (s *socksChain) socksAcceptLoop() error { + defer s.wg.Done() + defer s.listener.Close() for { - conn, err := ln.Accept() + conn, err := s.listener.Accept() if err != nil { if e, ok := err.(net.Error); ok && !e.Temporary() { log.Info("ERR/socks: Failed to Accept(): %v", err) @@ -53,55 +68,55 @@ func socksAcceptLoop(cfg *SocksChainConfig, ln net.Listener, wg *sync.WaitGroup) } continue } - s := &session{cfg: cfg, clientConn: conn} - go s.sessionWorker() + session := &socksChainSession{cfg: s.cfg, clientConn: conn} + go session.sessionWorker() } } -func (s *session) sessionWorker() { - defer s.clientConn.Close() +func (c *socksChainSession) sessionWorker() { + defer c.clientConn.Close() - clientAddr := s.clientConn.RemoteAddr() + clientAddr := c.clientConn.RemoteAddr() log.Info("INFO/socks: New connection from: %v", clientAddr) // Do the SOCKS handshake with the client, and read the command. var err error - if s.req, err = socks5.Handshake(s.clientConn); err != nil { + if c.req, err = socks5.Handshake(c.clientConn); err != nil { log.Info("ERR/socks: Failed SOCKS5 handshake: %v", err) return } - switch s.req.Cmd { + switch c.req.Cmd { case socks5.CommandTorResolve, socks5.CommandTorResolvePTR: - err = s.dispatchTorSOCKS() + err = c.dispatchTorSOCKS() // If we reach here, the request has been dispatched and completed. if err == nil { - // Successfully even, send the response back with the address. - s.req.ReplyAddr(socks5.ReplySucceeded, s.bndAddr) + // Successfully even, send the response back with the addresc. + c.req.ReplyAddr(socks5.ReplySucceeded, c.bndAddr) } return case socks5.CommandConnect: default: // Should *NEVER* happen, validated as part of handshake. - log.Info("BUG/socks: Unsupported SOCKS command: 0x%02x", s.req.Cmd) - s.req.Reply(socks5.ReplyCommandNotSupported) + log.Info("BUG/socks: Unsupported SOCKS command: 0x%02x", c.req.Cmd) + c.req.Reply(socks5.ReplyCommandNotSupported) return } - err = s.dispatchTorSOCKS() + err = c.dispatchTorSOCKS() if err != nil { return } - s.req.Reply(socks5.ReplySucceeded) - defer s.upstreamConn.Close() + c.req.Reply(socks5.ReplySucceeded) + defer c.upstreamConn.Close() - if s.optData != nil { - if _, err = s.upstreamConn.Write(s.optData); err != nil { + if c.optData != nil { + if _, err = c.upstreamConn.Write(c.optData); err != nil { log.Info("ERR/socks: Failed writing OptData: %v", err) return } - s.optData = nil + c.optData = nil } // A upstream connection has been established, push data back and forth @@ -115,17 +130,17 @@ func (s *session) sessionWorker() { io.Copy(dst, src) } - go copyLoop(s.upstreamConn, s.clientConn) - go copyLoop(s.clientConn, s.upstreamConn) + go copyLoop(c.upstreamConn, c.clientConn) + go copyLoop(c.clientConn, c.upstreamConn) wg.Wait() log.Info("INFO/socks: Closed SOCKS connection from: %v", clientAddr) } -func (s *session) dispatchTorSOCKS() (err error) { - s.upstreamConn, s.bndAddr, err = socks5.Redispatch(s.cfg.TargetSocksNet, s.cfg.TargetSocksAddr, s.req) +func (c *socksChainSession) dispatchTorSOCKS() (err error) { + c.upstreamConn, c.bndAddr, err = socks5.Redispatch(c.cfg.TargetSocksNet, c.cfg.TargetSocksAddr, c.req) if err != nil { - s.req.Reply(socks5.ErrorToReplyCode(err)) + c.req.Reply(socks5.ErrorToReplyCode(err)) } return } diff --git a/socks_server_chain_test.go b/socks_server_chain_test.go index c8e233d..4fc71be 100644 --- a/socks_server_chain_test.go +++ b/socks_server_chain_test.go @@ -259,14 +259,16 @@ func TestSocksServerProxyChain(t *testing.T) { defer socksService.Stop() // setup the SOCKS proxy chain - socksConfig := SocksChainConfig{ + socksConfig := socksChainConfig{ TargetSocksNet: socksServerNet, TargetSocksAddr: socksServerAddr, ListenSocksNet: socksChainNet, ListenSocksAddr: socksChainAddr, } wg := sync.WaitGroup{} - InitSocksListener(&socksConfig, &wg) + ds := dbusServer{} + chain := NewSocksChain(&socksConfig, &wg, &ds) + chain.start() // setup the SOCKS client auth := proxy.Auth{