add simple ss-tunnel to shadowsocks for dns forward (shadowsocks#759)

* add vscode to .gitignore

* add config.json to gitignore

* add simple ss-tunnel to shadowsocks for dns forward


1.add tunnel.py file to shadowoscks for dns forward (seem ss-tunnel of ss-libev)

2.add add_header to common.py for add socks5 request header

3.add dns_service dns_server dns_server_port dns_server_port dns_local_port to shell.py and config.json

4.update to udprelay for ss-tunnel (dns forward)

5.update to local.py for ss-tunnel

* add config.json.example to shadowsocks

* add tunnel_udp_server.close to local.py and tunnel.py

* fix error about pep8 and  pyflakes for travis

* update rename

rename

add "tunnel_" to dns_service dns_server dns_server_port dns_local_port

* fix tunnel for run tunnel alone

* fix pep8 for travis

* update the config name for tunnel

ord name:
tunnel_service tunnel_dns_server tunnel_dns_server_port tunnel_dns_local_port

new name:
both_tunnel_local tunnel_remote tunnel_remote_port tunnel_port

* update for tunnel

update to local.py shell.py tunnel.py for tunnel

* update pep8 for travis

* update config to _config for tunnel

and fix pep8

* changed "add socks5 header to data" to "add ss header to data"

and changed "remove socks5 header" to "remove ss header"

* add tcp forward to tunnel and fix a bug for pack_addr from common.py

1. update tunnel to tcprelay.py

2. add tunnel_tcp_server to tunnel.py

3. add tunnel_tcp_server to local.py

4. add `address = to_bytes(address)` to `pack_addr` from common.py (fix a error when address is a domain)

* fix pep8 for travis again

* remove ss_header from tcprelay.py and update the "header_length" to udprelay.py

1. Remove unnecessary "add ss_header" from tcprelay.py

2. update "data[7:]" to "data[header_length:]"

* remove "both_tunnel_local" and fix some error for tunnel

* update

* update add_header

* rename is_tunnel to _is_tunnel

shadowsocks#759

.gitignore

@@ -32,3 +32,10 @@ htmlcov
 
 #Emacs
 .#*
+
+#vscode
+.idea
+.vscode
+
+#ss
+config.json

config.json.example

@@ -0,0 +1,13 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1080,
+    "password":"password",
+    "timeout":600,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false,
+    "tunnel_remote":"8.8.8.8",
+    "tunnel_remote_port":53,
+    "tunnel_port":53
+}

shadowsocks/common.py

@@ -146,6 +146,7 @@ def patch_socket():
 
 def pack_addr(address):
     address_str = to_str(address)
+    address = to_bytes(address)
     for family in (socket.AF_INET, socket.AF_INET6):
         try:
             r = socket.inet_pton(family, address_str)
@@ -160,6 +161,13 @@ def pack_addr(address):
     return b'\x03' + chr(len(address)) + address
 
 
+# add ss header
+def add_header(address, port, data=b''):
+    _data = b''
+    _data = pack_addr(address) + struct.pack('>H', port) + data
+    return _data
+
+
 def parse_header(data):
     addrtype = ord(data[0])
     dest_addr = None

shadowsocks/shell.py

@@ -132,6 +132,13 @@ def check_config(config, is_local):
             sys.exit(2)
         else:
             config['server'] = to_str(config['server'])
+
+        if config.get('tunnel_remote', None) is None:
+            logging.error('tunnel_remote addr not specified')
+            print_local_help()
+            sys.exit(2)
+        else:
+            config['tunnel_remote'] = to_str(config['tunnel_remote'])
     else:
         config['server'] = to_str(config.get('server', '0.0.0.0'))
         try:
@@ -159,6 +166,12 @@ def check_config(config, is_local):
     if 'server_port' in config and type(config['server_port']) != list:
         config['server_port'] = int(config['server_port'])
 
+    if 'tunnel_remote_port' in config:
+        config['tunnel_remote_port'] = \
+            int(config['tunnel_remote_port'])
+    if 'tunnel_port' in config:
+        config['tunnel_port'] = int(config['tunnel_port'])
+
     if config.get('local_address', '') in [b'0.0.0.0']:
         logging.warn('warning: local set to listen on 0.0.0.0, it\'s not safe')
     if config.get('server', '') in ['127.0.0.1', 'localhost']:
@@ -299,6 +312,11 @@ def get_config(is_local):
     config['one_time_auth'] = config.get('one_time_auth', False)
     config['prefer_ipv6'] = config.get('prefer_ipv6', False)
     config['server_port'] = config.get('server_port', 8388)
+
+    config['tunnel_remote'] = \
+        to_str(config.get('tunnel_remote', '8.8.8.8'))
+    config['tunnel_remote_port'] = config.get('tunnel_remote_port', 53)
+    config['tunnel_port'] = config.get('tunnel_port', 53)
     config['dns_server'] = config.get('dns_server', None)
 
     logging.getLogger('').handlers = []

shadowsocks/tcprelay.py

@@ -106,6 +106,7 @@ class NoAcceptableMethods(Exception):
 
 
 class TCPRelayHandler(object):
+
     def __init__(self, server, fd_to_handlers, loop, local_sock, config,
                  dns_resolver, is_local):
         self._server = server
@@ -115,6 +116,10 @@ def __init__(self, server, fd_to_handlers, loop, local_sock, config,
         self._remote_sock = None
         self._config = config
         self._dns_resolver = dns_resolver
+        self.tunnel_remote = config.get('tunnel_remote', "8.8.8.8")
+        self.tunnel_remote_port = config.get('tunnel_remote_port', 53)
+        self.tunnel_port = config.get('tunnel_port', 53)
+        self._is_tunnel = server._is_tunnel
 
         # TCP Relay works as either sslocal or ssserver
         # if is_local, this is sslocal
@@ -250,7 +255,6 @@ def _handle_stage_connecting(self, data):
             else:
                 self._data_to_write_to_remote.append(data)
             return
-
         if self._ota_enable_session:
             data = self._ota_chunk_data_gen(data)
         data = self._encryptor.encrypt(data)
@@ -293,29 +297,36 @@ def _handle_stage_connecting(self, data):
     @shell.exception_handle(self_=True, destroy=True, conn_err=True)
     def _handle_stage_addr(self, data):
         if self._is_local:
-            cmd = common.ord(data[1])
-            if cmd == CMD_UDP_ASSOCIATE:
-                logging.debug('UDP associate')
-                if self._local_sock.family == socket.AF_INET6:
-                    header = b'\x05\x00\x00\x04'
-                else:
-                    header = b'\x05\x00\x00\x01'
-                addr, port = self._local_sock.getsockname()[:2]
-                addr_to_send = socket.inet_pton(self._local_sock.family,
-                                                addr)
-                port_to_send = struct.pack('>H', port)
-                self._write_to_sock(header + addr_to_send + port_to_send,
-                                    self._local_sock)
-                self._stage = STAGE_UDP_ASSOC
-                # just wait for the client to disconnect
-                return
-            elif cmd == CMD_CONNECT:
-                # just trim VER CMD RSV
-                data = data[3:]
+            if self._is_tunnel:
+                # add ss header to data
+                tunnel_remote = self.tunnel_remote
+                tunnel_remote_port = self.tunnel_remote_port
+                data = common.add_header(tunnel_remote,
+                                         tunnel_remote_port, data)
             else:
-                logging.error('unknown command %d', cmd)
-                self.destroy()
-                return
+                cmd = common.ord(data[1])
+                if cmd == CMD_UDP_ASSOCIATE:
+                    logging.debug('UDP associate')
+                    if self._local_sock.family == socket.AF_INET6:
+                        header = b'\x05\x00\x00\x04'
+                    else:
+                        header = b'\x05\x00\x00\x01'
+                    addr, port = self._local_sock.getsockname()[:2]
+                    addr_to_send = socket.inet_pton(self._local_sock.family,
+                                                    addr)
+                    port_to_send = struct.pack('>H', port)
+                    self._write_to_sock(header + addr_to_send + port_to_send,
+                                        self._local_sock)
+                    self._stage = STAGE_UDP_ASSOC
+                    # just wait for the client to disconnect
+                    return
+                elif cmd == CMD_CONNECT:
+                    # just trim VER CMD RSV
+                    data = data[3:]
+                else:
+                    logging.error('unknown command %d', cmd)
+                    self.destroy()
+                    return
         header_result = parse_header(data)
         if header_result is None:
             raise Exception('can not parse header')
@@ -347,10 +358,12 @@ def _handle_stage_addr(self, data):
         self._update_stream(STREAM_UP, WAIT_STATUS_WRITING)
         self._stage = STAGE_DNS
         if self._is_local:
-            # forward address to remote
-            self._write_to_sock((b'\x05\x00\x00\x01'
-                                 b'\x00\x00\x00\x00\x10\x10'),
-                                self._local_sock)
+            # jump over socks5 response
+            if not self._is_tunnel:
+                # forward address to remote
+                self._write_to_sock((b'\x05\x00\x00\x01'
+                                     b'\x00\x00\x00\x00\x10\x10'),
+                                    self._local_sock)
             # spec https://shadowsocks.org/en/spec/one-time-auth.html
             # ATYP & 0x10 == 0x10, then OTA is enabled.
             if self._ota_enable_session:
@@ -558,7 +571,12 @@ def _on_local_read(self):
             self._handle_stage_stream(data)
             return
         elif is_local and self._stage == STAGE_INIT:
-            self._handle_stage_init(data)
+            # jump over socks5 init
+            if self._is_tunnel:
+                self._handle_stage_addr(data)
+                return
+            else:
+                self._handle_stage_init(data)
         elif self._stage == STAGE_CONNECTING:
             self._handle_stage_connecting(data)
         elif (is_local and self._stage == STAGE_ADDR) or \
@@ -689,13 +707,15 @@ def destroy(self):
 
 
 class TCPRelay(object):
+
     def __init__(self, config, dns_resolver, is_local, stat_callback=None):
         self._config = config
         self._is_local = is_local
         self._dns_resolver = dns_resolver
         self._closed = False
         self._eventloop = None
         self._fd_to_handlers = {}
+        self._is_tunnel = False
 
         self._timeout = config['timeout']
         self._timeouts = []  # a list for all the handlers

shadowsocks/tunnel.py

@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Copyright 2012-2015 clowwindy
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from __future__ import absolute_import, division, print_function, \
+    with_statement
+
+import sys
+import os
+import logging
+import signal
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '../'))
+from shadowsocks import shell, daemon, eventloop, tcprelay, udprelay, asyncdns
+
+
+@shell.exception_handle(self_=False, exit_code=1)
+def main():
+    shell.check_python()
+
+    # fix py2exe
+    if hasattr(sys, "frozen") and sys.frozen in \
+            ("windows_exe", "console_exe"):
+        p = os.path.dirname(os.path.abspath(sys.executable))
+        os.chdir(p)
+
+    config = shell.get_config(True)
+    daemon.daemon_exec(config)
+    dns_resolver = asyncdns.DNSResolver()
+    loop = eventloop.EventLoop()
+    dns_resolver.add_to_loop(loop)
+    _config = config.copy()
+    _config["local_port"] = _config["tunnel_port"]
+    logging.info("starting tcp tunnel at %s:%d forward to %s:%d" %
+                 (_config['local_address'], _config['local_port'],
+                  _config['tunnel_remote'], _config['tunnel_remote_port']))
+    tunnel_tcp_server = tcprelay.TCPRelay(_config, dns_resolver, True)
+    tunnel_tcp_server._is_tunnel = True
+    tunnel_tcp_server.add_to_loop(loop)
+    logging.info("starting udp tunnel at %s:%d forward to %s:%d" %
+                 (_config['local_address'], _config['local_port'],
+                     _config['tunnel_remote'], _config['tunnel_remote_port']))
+    tunnel_udp_server = udprelay.UDPRelay(_config, dns_resolver, True)
+    tunnel_udp_server._is_tunnel = True
+    tunnel_udp_server.add_to_loop(loop)
+
+    def handler(signum, _):
+        logging.warn('received SIGQUIT, doing graceful shutting down..')
+        tunnel_tcp_server.close(next_tick=True)
+        tunnel_udp_server.close(next_tick=True)
+    signal.signal(getattr(signal, 'SIGQUIT', signal.SIGTERM), handler)
+
+    def int_handler(signum, _):
+        sys.exit(1)
+    signal.signal(signal.SIGINT, int_handler)
+
+    daemon.set_user(config.get('user', None))
+    loop.run()
+
+if __name__ == '__main__':
+    main()

shadowsocks/udprelay.py

@@ -82,6 +82,7 @@ def client_key(source_addr, server_af):
 
 
 class UDPRelay(object):
+
     def __init__(self, config, dns_resolver, is_local, stat_callback=None):
         self._config = config
         if is_local:
@@ -94,6 +95,10 @@ def __init__(self, config, dns_resolver, is_local, stat_callback=None):
             self._listen_port = config['server_port']
             self._remote_addr = None
             self._remote_port = None
+        self.tunnel_remote = config.get('tunnel_remote', "8.8.8.8")
+        self.tunnel_remote_port = config.get('tunnel_remote_port', 53)
+        self.tunnel_port = config.get('tunnel_port', 53)
+        self._is_tunnel = False
         self._dns_resolver = dns_resolver
         self._password = common.to_bytes(config['password'])
         self._method = config['method']
@@ -151,12 +156,19 @@ def _handle_server(self):
         if self._stat_callback:
             self._stat_callback(self._listen_port, len(data))
         if self._is_local:
-            frag = common.ord(data[2])
-            if frag != 0:
-                logging.warn('UDP drop a message since frag is not 0')
-                return
+            if self._is_tunnel:
+                # add ss header to data
+                tunnel_remote = self.tunnel_remote
+                tunnel_remote_port = self.tunnel_remote_port
+                data = common.add_header(tunnel_remote,
+                                         tunnel_remote_port, data)
             else:
-                data = data[3:]
+                frag = common.ord(data[2])
+                if frag != 0:
+                    logging.warn('UDP drop a message since frag is not 0')
+                    return
+                else:
+                    data = data[3:]
         else:
             data, key, iv = encrypt.decrypt_all(self._password,
                                                 self._method,
@@ -171,7 +183,8 @@ def _handle_server(self):
         if header_result is None:
             return
         addrtype, dest_addr, dest_port, header_length = header_result
-
+        logging.info("udp data to %s:%d from %s:%d"
+                     % (dest_addr, dest_port, r_addr[0], r_addr[1]))
         if self._is_local:
             server_addr, server_port = self._get_a_server()
         else:
@@ -267,9 +280,15 @@ def _handle_client(self, sock):
             if header_result is None:
                 return
             addrtype, dest_addr, dest_port, header_length = header_result
-            response = b'\x00\x00\x00' + data
+            if self._is_tunnel:
+                # remove ss header
+                response = data[header_length:]
+            else:
+                response = b'\x00\x00\x00' + data
         client_addr = self._client_fd_to_server_addr.get(sock.fileno())
         if client_addr:
+            logging.debug("send udp response to %s:%d"
+                          % (client_addr[0], client_addr[1]))
             self._server_socket.sendto(response, client_addr)
         else:
             # this packet is from somewhere else we know