// Copyright (c) 2020 Cesanta Software Limited // All rights reserved // // Example socks5 server. To test, // 1. Run `make` to start this server on port 1080 // 2. Run `curl` #include "mongoose.h" static const char *s_lsn = "tcp://localhost:1080"; // Listening address enum { VERSION = 5, // Socks protocol version STATE_HANDSHAKE = 0, // Connection state: in handshake STATE_REQUEST = 1, // Connection state: connecting STATE_ESTABLISHED = 2, // Connection state: established HANDSHAKE_NOAUTH = 0, // Handshake method - no authentication HANDSHAKE_GSSAPI = 1, // Handshake method - GSSAPI auth HANDSHAKE_USERPASS = 2, // Handshake method - user/password auth HANDSHAKE_FAILURE = 0xff, // Handshake method - failure CMD_CONNECT = 1, // Command: CONNECT CMD_BIND = 2, // Command: BIND CMD_UDP_ASSOCIATE = 3, // Command: UDP ASSOCIATE ADDR_TYPE_IPV4 = 1, // Address type: IPv4 ADDR_TYPE_DOMAIN = 3, // Address type: Domain name ADDR_TYPE_IPV6 = 4, // Address type: IPv6 RESP_SUCCESS = 0, // Response: success RESP_FAILURE = 1, // Response: failure RESP_NOT_ALLOWED = 2, // Response status RESP_NET_UNREACHABLE = 3, // Response status RESP_HOST_UNREACHABLE = 4, // Response status RESP_CONN_REFUSED = 5, // Response status RESP_TTL_EXPIRED = 6, // Response status RESP_CMD_NOT_SUPPORTED = 7, // Response status RESP_ADDR_NOT_SUPPORTED = 8, // Response status }; // https://www.ietf.org/rfc/rfc1928.txt paragraph 3, handle client handshake // +----+----------+----------+ // |VER | NMETHODS | METHODS | // +----+----------+----------+ // | 1 | 1 | 1 to 255 | // +----+----------+----------+ static void handshake(struct mg_connection *c) { struct mg_iobuf *r = &c->recv; if (r->buf[0] != VERSION) { c->is_closing = 1; } else if (r->len > 2 && (size_t) r->buf[1] + 2 <= r->len) { /* https://www.ietf.org/rfc/rfc1928.txt paragraph 3 */ uint8_t reply[2] = {VERSION, HANDSHAKE_FAILURE}; int i; for (i = 2; i < r->buf[1] + 2; i++) { // TODO(lsm): support other auth methods if (r->buf[i] == HANDSHAKE_NOAUTH) reply[1] = r->buf[i]; } mg_iobuf_del(r, 0, 2 + r->buf[1]); mg_send(c, reply, sizeof(reply)); c->data[0] = STATE_REQUEST; } } static void disband(struct mg_connection *c) { struct mg_connection *c2 = (struct mg_connection *) c->fn_data; if (c2 != NULL) { c2->is_draining = 1; c2->fn_data = NULL; } c->is_draining = 1; c->fn_data = NULL; } static void exchange(struct mg_connection *c) { struct mg_connection *c2 = (struct mg_connection *) c->fn_data; if (c2 != NULL) { mg_send(c2, c->recv.buf, c->recv.len); mg_iobuf_del(&c->recv, 0, c->recv.len); } else { c->is_draining = 1; } } static void fn2(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { if (ev == MG_EV_READ) { exchange(c); } else if (ev == MG_EV_CLOSE) { disband(c); } (void) ev_data; (void) fn_data; } // Request, https://www.ietf.org/rfc/rfc1928.txt paragraph 4 // +----+-----+-------+------+----------+----------+ // |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT | // +----+-----+-------+------+----------+----------+ // | 1 | 1 | X'00' | 1 | Variable | 2 | // +----+-----+-------+------+----------+----------+ static void request(struct mg_connection *c) { struct mg_iobuf *r = &c->recv; uint8_t *p = r->buf, addr_len = 4, reply = RESP_SUCCESS; int ver, cmd, atyp; char addr[1024]; if (r->len < 8) return; // return if not fully buffered. min DST.ADDR is 2 ver = p[0]; cmd = p[1]; atyp = p[3]; // TODO(lsm): support other commands if (ver != VERSION || cmd != CMD_CONNECT) { reply = RESP_CMD_NOT_SUPPORTED; } else if (atyp == ADDR_TYPE_IPV4) { addr_len = 4; if (r->len < (size_t) addr_len + 6) return; /* return if not buffered */ snprintf(addr, sizeof(addr), "tcp://%d.%d.%d.%d:%d", p[4], p[5], p[6], p[7], p[8] << 8 | p[9]); c->fn_data = mg_connect(c->mgr, addr, fn2, c); } else if (atyp == ADDR_TYPE_IPV6) { addr_len = 16; if (r->len < (size_t) addr_len + 6) return; /* return if not buffered */ snprintf(addr, sizeof(addr), "tcp://[%x:%x:%x:%x:%x:%x:%x:%x]:%d", p[4] << 8 | p[5], p[6] << 8 | p[7], p[8] << 8 | p[9], p[10] << 8 | p[11], p[12] << 8 | p[13], p[14] << 8 | p[15], p[16] << 8 | p[17], p[18] << 8 | p[19], p[20] << 8 | p[21]); c->fn_data = mg_connect(c->mgr, addr, fn2, c); } else if (atyp == ADDR_TYPE_DOMAIN) { addr_len = p[4] + 1; if (r->len < (size_t) addr_len + 6) return; /* return if not buffered */ snprintf(addr, sizeof(addr), "tcp://%.*s:%d", p[4], p + 5, p[4 + addr_len] << 8 | p[4 + addr_len + 1]); c->fn_data = mg_connect(c->mgr, addr, fn2, c); } else { reply = RESP_ADDR_NOT_SUPPORTED; } // Reply, https://www.ietf.org/rfc/rfc1928.txt paragraph 5 // // +----+-----+-------+------+----------+----------+ // |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT | // +----+-----+-------+------+----------+----------+ // | 1 | 1 | X'00' | 1 | Variable | 2 | // +----+-----+-------+------+----------+----------+ { uint8_t buf[] = {VERSION, reply, 0}; mg_send(c, buf, sizeof(buf)); } mg_send(c, r->buf + 3, addr_len + 1 + 2); mg_iobuf_del(r, 0, 6 + addr_len); // Remove request from the input stream c->data[0] = STATE_ESTABLISHED; // Mark ourselves as connected } static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { if (ev == MG_EV_READ) { // We use the first label byte as a state if (c->data[0] == STATE_HANDSHAKE) handshake(c); if (c->data[0] == STATE_REQUEST) request(c); if (c->data[0] == STATE_ESTABLISHED) exchange(c); } else if (ev == MG_EV_CLOSE) { disband(c); } (void) fn_data; (void) ev_data; } int main(void) { struct mg_mgr mgr; // Event manager mg_log_set(MG_LL_DEBUG); // Set log level mg_mgr_init(&mgr); // Initialise event manager mg_listen(&mgr, s_lsn, fn, NULL); // Create client connection while (true) mg_mgr_poll(&mgr, 1000); // Infinite event loop mg_mgr_free(&mgr); // Free resources return 0; }