👁️ Server: Add -udpPreferIPv6

database64128 · database64128 · commit 10fbb637be98 · 2022-03-27T17:23:59.000+08:00
Sometimes clients connect to UDP targets using domain names, and since we can't do happy eyeballs with UDP, and Go's net.ResolveUDPAddr() prefers IPv4, this flag was added to get servers to prefer IPv6 for UDP domain targets.
diff --git a/cmd/outline-ss-server/main.go b/cmd/outline-ss-server/main.go
@@ -55,6 +55,7 @@ type SSServer struct {
 	blockPrivateNet bool
 	listenerTFO     bool
 	dialerTFO       bool
+	udpPreferIPv6   bool
 }
 
 func (s *SSServer) startPort(portNum int) (err error) {
@@ -78,7 +79,7 @@ func (s *SSServer) startPort(portNum int) (err error) {
 	port := &ssPort{cipherList: service.NewCipherList()}
 	// TODO: Register initial data metrics at zero.
 	port.tcpService = service.NewTCPService(port.cipherList, &s.replayCache, s.saltPool, s.m, tcpReadTimeout, s.dialerTFO)
-	port.udpService = service.NewUDPService(s.natTimeout, port.cipherList, s.m)
+	port.udpService = service.NewUDPService(s.natTimeout, port.cipherList, s.m, s.udpPreferIPv6)
 	if s.blockPrivateNet {
 		port.tcpService.SetTargetIPValidator(onet.RequirePublicIP)
 		port.udpService.SetTargetIPValidator(onet.RequirePublicIP)
@@ -162,7 +163,7 @@ func (s *SSServer) Stop() error {
 }
 
 // RunSSServer starts a shadowsocks server running, and returns the server or an error.
-func RunSSServer(filename string, natTimeout time.Duration, sm metrics.ShadowsocksMetrics, replayHistory int, blockPrivateNet, listenerTFO, dialerTFO bool) (*SSServer, error) {
+func RunSSServer(filename string, natTimeout time.Duration, sm metrics.ShadowsocksMetrics, replayHistory int, blockPrivateNet, listenerTFO, dialerTFO, udpPreferIPv6 bool) (*SSServer, error) {
 	server := &SSServer{
 		natTimeout:      natTimeout,
 		m:               sm,
@@ -172,6 +173,7 @@ func RunSSServer(filename string, natTimeout time.Duration, sm metrics.Shadowsoc
 		blockPrivateNet: blockPrivateNet,
 		listenerTFO:     listenerTFO,
 		dialerTFO:       dialerTFO,
+		udpPreferIPv6:   udpPreferIPv6,
 	}
 	err := server.loadConfig(filename)
 	if err != nil {
@@ -220,6 +222,7 @@ func main() {
 		tfo             bool
 		listenerTFO     bool
 		dialerTFO       bool
+		udpPreferIPv6   bool
 		ver             bool
 
 		suppressTimestamps bool
@@ -240,6 +243,8 @@ func main() {
 	flag.BoolVar(&listenerTFO, "tfoListener", false, "Enables TFO for TCP listener")
 	flag.BoolVar(&dialerTFO, "tfoDialer", false, "Enables TFO for TCP dialer")
 
+	flag.BoolVar(&udpPreferIPv6, "udpPreferIPv6", false, "Prefer IPv6 addresses when resolving domain names for UDP targets")
+
 	flag.BoolVar(&suppressTimestamps, "suppressTimestamps", false, "Omit timestamps in logs")
 	flag.StringVar(&logLevel, "logLevel", "info", "Set custom log level. Available levels: debug, info, warn, error, dpanic, panic, fatal")
 
@@ -297,7 +302,7 @@ func main() {
 		dialerTFO = true
 	}
 
-	s, err := RunSSServer(configFile, natTimeout, m, replayHistory, blockPrivateNet, listenerTFO, dialerTFO)
+	s, err := RunSSServer(configFile, natTimeout, m, replayHistory, blockPrivateNet, listenerTFO, dialerTFO, udpPreferIPv6)
 	if err != nil {
 		logger.Fatal("Failed to start Shadowsocks server", zap.Error(err))
 	}
diff --git a/integration_test/integration_test.go b/integration_test/integration_test.go
@@ -258,7 +258,7 @@ func TestUDPEcho(t *testing.T) {
 		t.Fatal(err)
 	}
 	testMetrics := &fakeUDPMetrics{fakeLocation: "QQ"}
-	proxy := service.NewUDPService(time.Hour, cipherList, testMetrics)
+	proxy := service.NewUDPService(time.Hour, cipherList, testMetrics, true)
 	go proxy.Serve(proxyConn)
 
 	client, err := client.NewClient(proxyConn.LocalAddr().String(), ss.TestCipher, secrets[0], nil)
@@ -345,7 +345,7 @@ func BenchmarkUDPEcho(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	proxy := service.NewUDPService(time.Hour, cipherList, &metrics.NoOpMetrics{})
+	proxy := service.NewUDPService(time.Hour, cipherList, &metrics.NoOpMetrics{}, true)
 	go proxy.Serve(proxyConn)
 
 	client, err := client.NewClient(proxyConn.LocalAddr().String(), ss.TestCipher, secrets[0], nil)
@@ -385,7 +385,7 @@ func BenchmarkUDPManyKeys(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	proxy := service.NewUDPService(time.Hour, cipherList, &metrics.NoOpMetrics{})
+	proxy := service.NewUDPService(time.Hour, cipherList, &metrics.NoOpMetrics{}, true)
 	go proxy.Serve(proxyConn)
 
 	var clients [numKeys]client.Client
diff --git a/service/udp.go b/service/udp.go
@@ -57,14 +57,16 @@ type udpService struct {
 	m                 metrics.ShadowsocksMetrics
 	running           sync.WaitGroup
 	targetIPValidator onet.TargetIPValidator
+	preferIPv6        bool
 }
 
 // NewUDPService creates a UDPService
-func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics) UDPService {
+func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics, preferIPv6 bool) UDPService {
 	return &udpService{
 		natTimeout: natTimeout,
 		ciphers:    cipherList,
 		m:          m,
+		preferIPv6: preferIPv6,
 	}
 }
 
@@ -389,7 +391,7 @@ func (s *udpService) validatePacket(textData []byte, cipherConfig ss.CipherConfi
 		return nil, nil, onet.NewConnectionError("ERR_READ_HEADER", "Failed to read packet header", err)
 	}
 
-	tgtUDPAddr, err := socksAddr.UDPAddr()
+	tgtUDPAddr, err := socksAddr.UDPAddr(s.preferIPv6)
 	if err != nil {
 		logger.Warn("Failed to resolve UDPAddr",
 			zap.Stringer("clientAddress", clientAddr),
diff --git a/service/udp_test.go b/service/udp_test.go
@@ -180,7 +180,7 @@ func sendToDiscard(payloads [][]byte, validator onet.TargetIPValidator) *natTest
 	cipher := ciphers.SnapshotForClientIP(nil)[0].Value.(*CipherEntry).Cipher
 	clientConn := makePacketConn()
 	metrics := &natTestMetrics{}
-	service := NewUDPService(timeout, ciphers, metrics)
+	service := NewUDPService(timeout, ciphers, metrics, true)
 	service.SetTargetIPValidator(validator)
 	go service.Serve(clientConn)
 
@@ -539,7 +539,7 @@ func TestUDPDoubleServe(t *testing.T) {
 	}
 	testMetrics := &natTestMetrics{}
 	const testTimeout = 200 * time.Millisecond
-	s := NewUDPService(testTimeout, cipherList, testMetrics)
+	s := NewUDPService(testTimeout, cipherList, testMetrics, true)
 
 	c := make(chan error)
 	for i := 0; i < 2; i++ {
@@ -573,7 +573,7 @@ func TestUDPEarlyStop(t *testing.T) {
 	}
 	testMetrics := &natTestMetrics{}
 	const testTimeout = 200 * time.Millisecond
-	s := NewUDPService(testTimeout, cipherList, testMetrics)
+	s := NewUDPService(testTimeout, cipherList, testMetrics, true)
 
 	if err := s.Stop(); err != nil {
 		t.Error(err)
diff --git a/socks/socks.go b/socks/socks.go
@@ -2,8 +2,10 @@ package socks
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
+	"math/rand"
 	"net"
 	"strconv"
 
@@ -100,10 +102,10 @@ func (a Addr) Addr(network string) (net.Addr, error) {
 	}
 }
 
-func (a Addr) UDPAddr() (*net.UDPAddr, error) {
+func (a Addr) UDPAddr(preferIPv6 bool) (*net.UDPAddr, error) {
 	switch a[0] {
 	case AtypDomainName:
-		return net.ResolveUDPAddr("udp", a.String())
+		return resolveUDPAddr(a.String(), preferIPv6)
 	case AtypIPv4:
 		return &net.UDPAddr{
 			IP:   net.IP(a[1 : 1+4]),
@@ -119,6 +121,62 @@ func (a Addr) UDPAddr() (*net.UDPAddr, error) {
 	}
 }
 
+// resolveUDPAddr resolves an address in domain:port format into *net.UDPAddr.
+// ip:port is not supported.
+func resolveUDPAddr(address string, preferIPv6 bool) (*net.UDPAddr, error) {
+	if !preferIPv6 {
+		return net.ResolveUDPAddr("udp", address)
+	}
+
+	// Although !preferIPv6 was short-circuited to use net.ResolveUDPAddr(),
+	// the following code is generic and takes preferIPv6 into account.
+
+	host, port, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+	portNum, err := net.LookupPort("udp", port)
+	if err != nil {
+		return nil, err
+	}
+	ips, err := net.LookupIP(host)
+	if err != nil {
+		return nil, err
+	}
+
+	// We can't actually do fallbacks here.
+	// If preferIPv6 is true, v6 -> primaries, v4 -> fallbacks.
+	// And vice versa.
+	// Then we select a random IP from primaries, or fallbacks if primaries is empty.
+	var primaries, fallbacks []net.IP
+
+	for _, ipc := range ips {
+		ip4 := ipc.To4()
+		switch {
+		case preferIPv6 && ip4 == nil || !preferIPv6 && ip4 != nil: // Prefer 6/4 and got 6/4
+			primaries = append(primaries, ipc)
+		case preferIPv6 && ip4 != nil || !preferIPv6 && ip4 == nil: // Prefer 6/4 and got 4/6
+			fallbacks = append(fallbacks, ipc)
+		}
+	}
+
+	var ip net.IP
+
+	switch {
+	case len(primaries) > 0:
+		ip = primaries[rand.Intn(len(primaries))]
+	case len(fallbacks) > 0:
+		ip = fallbacks[rand.Intn(len(fallbacks))]
+	default:
+		return nil, errors.New("lookup returned no addresses and no error")
+	}
+
+	return &net.UDPAddr{
+		IP:   ip,
+		Port: portNum,
+	}, nil
+}
+
 // WriteAddr parses an address string into a socks address
 // and writes to the destination slice.
 //

Original file line number	Diff line number	Diff line change
`@@ -57,14 +57,16 @@ type udpService struct {`
`57`	`57`	`m metrics.ShadowsocksMetrics`
`58`	`58`	`running sync.WaitGroup`
`59`	`59`	`targetIPValidator onet.TargetIPValidator`
	`60`	`+ preferIPv6 bool`
`60`	`61`	`}`
`61`	`62`
`62`	`63`	`// NewUDPService creates a UDPService`
`63`		`-func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics) UDPService {`
	`64`	`+func NewUDPService(natTimeout time.Duration, cipherList CipherList, m metrics.ShadowsocksMetrics, preferIPv6 bool) UDPService {`
`64`	`65`	`return &udpService{`
`65`	`66`	`natTimeout: natTimeout,`
`66`	`67`	`ciphers: cipherList,`
`67`	`68`	`m: m,`
	`69`	`+ preferIPv6: preferIPv6,`
`68`	`70`	`}`
`69`	`71`	`}`
`70`	`72`
`@@ -389,7 +391,7 @@ func (s *udpService) validatePacket(textData []byte, cipherConfig ss.CipherConfi`
`389`	`391`	`return nil, nil, onet.NewConnectionError("ERR_READ_HEADER", "Failed to read packet header", err)`
`390`	`392`	`}`
`391`	`393`
`392`		`- tgtUDPAddr, err := socksAddr.UDPAddr()`
	`394`	`+ tgtUDPAddr, err := socksAddr.UDPAddr(s.preferIPv6)`
`393`	`395`	`if err != nil {`
`394`	`396`	`logger.Warn("Failed to resolve UDPAddr",`
`395`	`397`	`zap.Stringer("clientAddress", clientAddr),`