Merge pull request #27 from Zmax0/dev/2.4.5

README.md

@@ -58,6 +58,8 @@ put *config.json* file into the unpacked folder before running server
 
 >> `serverName`: the Server Name Indication field in the SSL handshake. If left blank, it will be set to `server.host`
 
+>> `verifyHostname`: whether to verify SSL hostname, default is `true`
+
 ## Features
 
 ### Transport

pom.xml

@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>urban-spork</groupId>
   <artifactId>urban-spork</artifactId>
-  <version>2.4.4</version>
+  <version>2.4.5</version>
   <packaging>pom</packaging>
   <modules>
     <module>urban-spork-common</module>
@@ -14,7 +14,7 @@
   </modules>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <urban-spork.version>2.4.4</urban-spork.version>
+    <urban-spork.version>2.4.5</urban-spork.version>
     <maven-surefire-plugin.versioin>3.2.5</maven-surefire-plugin.versioin>
     <maven-jar-plugin.version>3.4.1</maven-jar-plugin.version>
     <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>

urban-spork-client-gui/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <groupId>urban-spork</groupId>
     <artifactId>urban-spork</artifactId>
-    <version>2.4.4</version>
+    <version>2.4.5</version>
   </parent>
   <groupId>urban-spork-client-gui</groupId>
   <artifactId>urban-spork-client-gui</artifactId>

urban-spork-client/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <groupId>urban-spork</groupId>
     <artifactId>urban-spork</artifactId>
-    <version>2.4.4</version>
+    <version>2.4.5</version>
   </parent>
   <artifactId>urban-spork-client</artifactId>
   <dependencies>

urban-spork-client/src/com/urbanspork/client/Client.java

@@ -1,7 +1,6 @@
 package com.urbanspork.client;
 
 import com.urbanspork.client.shadowsocks.ClientUdpRelayHandler;
-import com.urbanspork.client.vmess.ClientUdpOverTcpHandler;
 import com.urbanspork.common.codec.socks.DatagramPacketDecoder;
 import com.urbanspork.common.codec.socks.DatagramPacketEncoder;
 import com.urbanspork.common.config.ClientConfig;
@@ -26,6 +25,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.Closeable;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.util.concurrent.CompletableFuture;
@@ -41,7 +41,7 @@ public static void main(String[] args) {
     public static void launch(ClientConfig config, CompletableFuture<Instance> promise) {
         EventLoopGroup bossGroup = new NioEventLoopGroup();
         EventLoopGroup workerGroup = new NioEventLoopGroup();
-        GlobalChannelTrafficShapingHandler trafficShapingHandler = new GlobalChannelTrafficShapingHandler(bossGroup);
+        GlobalChannelTrafficShapingHandler trafficShapingHandler = new GlobalChannelTrafficShapingHandler(workerGroup);
         ServerConfig current = config.getCurrent();
         current.setTrafficShapingHandler(trafficShapingHandler);
         try {
@@ -81,7 +81,7 @@ private static DatagramChannel launchUdp(EventLoopGroup bossGroup, EventLoopGrou
         ServerConfig current = config.getCurrent();
         ChannelHandler udpTransportHandler;
         if (Protocol.vmess == current.getProtocol()) {
-            udpTransportHandler = new ClientUdpOverTcpHandler(current, workerGroup);
+            udpTransportHandler = new com.urbanspork.client.vmess.ClientUdpOverTcpHandler(current, workerGroup);
         } else if (Protocol.trojan == current.getProtocol()) {
             udpTransportHandler = new com.urbanspork.client.trojan.ClientUdpOverTcpHandler(current, workerGroup);
         } else {
@@ -102,7 +102,8 @@ protected void initChannel(Channel ch) {
             .bind(InetAddress.getLoopbackAddress(), config.getPort()).sync().channel();
     }
 
-    public record Instance(ServerSocketChannel tcp, DatagramChannel udp, TrafficCounter traffic) {
+    public record Instance(ServerSocketChannel tcp, DatagramChannel udp, TrafficCounter traffic) implements Closeable {
+        @Override
         public void close() {
             traffic.stop();
             tcp.close().awaitUninterruptibly();

urban-spork-client/src/com/urbanspork/client/ClientSocksInitializer.java

@@ -11,7 +11,9 @@
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
 
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import java.io.File;
 
 public class ClientSocksInitializer extends ChannelInitializer<NioSocketChannel> {
@@ -34,6 +36,7 @@ protected void initChannel(NioSocketChannel channel) {
     public static SslHandler buildSslHandler(Channel ch, ServerConfig config) throws SSLException {
         String serverName = config.getHost();
         SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
+        boolean verifyHostname = true;
         if (config.getSsl() != null) {
             SslSetting ssl = config.getSsl();
             if (ssl.getCertificateFile() != null) {
@@ -42,8 +45,16 @@ public static SslHandler buildSslHandler(Channel ch, ServerConfig config) throws
             if (ssl.getServerName() != null) {
                 serverName = ssl.getServerName(); // override
             }
+            verifyHostname = ssl.isVerifyHostname();
         }
         SslContext sslContext = sslContextBuilder.build();
-        return sslContext.newHandler(ch.alloc(), serverName, config.getPort());
+        SslHandler sslHandler = sslContext.newHandler(ch.alloc(), serverName, config.getPort());
+        if (verifyHostname) {
+            SSLEngine sslEngine = sslHandler.engine();
+            SSLParameters sslParameters = sslEngine.getSSLParameters();
+            sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+            sslEngine.setSSLParameters(sslParameters);
+        }
+        return sslHandler;
     }
 }

urban-spork-client/src/com/urbanspork/client/shadowsocks/ClientUdpRelayHandler.java

@@ -25,11 +25,13 @@ public class ClientUdpRelayHandler extends AbstractClientUdpRelayHandler<InetSoc
     private static final Logger logger = LoggerFactory.getLogger(ClientUdpRelayHandler.class);
     private final EventLoopGroup workerGroup;
     private final InetSocketAddress relay;
+    private final UdpRelayCodec codec;
 
     public ClientUdpRelayHandler(ServerConfig config, EventLoopGroup workerGroup) {
         super(config, Duration.ofMinutes(10));
         this.workerGroup = workerGroup;
         this.relay = new InetSocketAddress(config.getHost(), config.getPort());
+        this.codec = new UdpRelayCodec(config, Mode.Client);
     }
 
     @Override
@@ -49,7 +51,7 @@ protected Channel newBindingChannel(Channel inboundChannel, InetSocketAddress se
                 @Override
                 protected void initChannel(Channel ch) {
                     ch.pipeline().addLast(
-                        new UdpRelayCodec(config, Mode.Client),
+                        codec,
                         new InboundHandler(inboundChannel, sender),// server->client->sender
                         new ExceptionHandler(config)
                     );
@@ -58,6 +60,12 @@ protected void initChannel(Channel ch) {
             .syncUninterruptibly().channel();
     }
 
+    @Override
+    public void handlerRemoved(ChannelHandlerContext ctx) {
+        super.handlerRemoved(ctx);
+        codec.handlerRemoved(ctx);
+    }
+
     private static class InboundHandler extends SimpleChannelInboundHandler<DatagramPacket> {
 
         private final Channel channel;

urban-spork-common/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>urban-spork</groupId>
     <artifactId>urban-spork</artifactId>
-    <version>2.4.4</version>
+    <version>2.4.5</version>
   </parent>
   <artifactId>urban-spork-common</artifactId>
   <dependencies>

urban-spork-common/src/com/urbanspork/common/channel/ExceptionHandler.java

@@ -30,8 +30,7 @@ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
         if (cause.getCause() instanceof InvalidCipherTextException) {
             logger.error("[{}][{}][{}] Invalid cipher text", transport, protocol, transLog);
         } else {
-            String msg = String.format("[%s][%s][%s] Caught exception", transport, protocol, transLog);
-            logger.error(msg, cause);
+            logger.error("[{}][{}][{}] Caught exception", transport, protocol, transLog, cause);
         }
         ctx.close();
     }

urban-spork-common/src/com/urbanspork/common/config/SslSetting.java

@@ -6,6 +6,7 @@ public class SslSetting {
     private String keyFile;
     private String keyPassword;
     private String serverName;
+    private boolean verifyHostname = true;
 
     public String getCertificateFile() {
         return certificateFile;
@@ -38,4 +39,12 @@ public String getServerName() {
     public void setServerName(String serverName) {
         this.serverName = serverName;
     }
+
+    public boolean isVerifyHostname() {
+        return verifyHostname;
+    }
+
+    public void setVerifyHostname(boolean verifyHostname) {
+        this.verifyHostname = verifyHostname;
+    }
 }

urban-spork-common/src/com/urbanspork/common/protocol/shadowsocks/aead2022/AEAD2022.java

@@ -232,7 +232,7 @@ static int getNonceLength(CipherKind kind) {
         }
 
         static UdpCipher getCipher(CipherKind kind, CipherMethod method, byte[] key, long sessionId) {
-            return UdpCipherCaches.INSTANCE.get(kind, method, key, sessionId);
+            return UdpCipherCache.INSTANCE.get(kind, method, key, sessionId);
         }
 
         static void encodePacket(UdpCipher cipher, byte[] iPSK, int eihLength, ByteBuf in, ByteBuf out) throws InvalidCipherTextException {

urban-spork-common/src/com/urbanspork/common/protocol/shadowsocks/aead2022/UdpCipherCache.java

@@ -2,41 +2,25 @@
 
 import com.urbanspork.common.codec.CipherKind;
 import com.urbanspork.common.codec.aead.CipherMethod;
-import io.netty.util.HashedWheelTimer;
+import com.urbanspork.common.util.LruCache;
 
-import java.time.Duration;
 import java.util.Arrays;
-import java.util.LinkedHashMap;
-import java.util.Map;
 import java.util.Objects;
-import java.util.concurrent.TimeUnit;
 
-public class UdpCipherCache {
-    private final HashedWheelTimer timer = new HashedWheelTimer(1, TimeUnit.SECONDS);
-    private final LinkedHashMap<Key, UdpCipher> map = new LinkedHashMap<>() {
-        @Override
-        protected boolean removeEldestEntry(Map.Entry eldest) {
-            return map.size() > limit;
-        }
-    };
-    private final Duration duration;
-    private final int limit;
+public enum UdpCipherCache {
+    INSTANCE(new LruCache<>(AEAD2022.UDP.CIPHER_CACHE_LIMIT, AEAD2022.UDP.CIPHER_CACHE_DURATION, (k, v) -> {}));
 
-    public UdpCipherCache(Duration duration, int limit) {
-        this.duration = duration;
-        this.limit = limit;
-    }
+    private final LruCache<Key, UdpCipher> cache;
 
-    public UdpCipher computeIfAbsent(CipherKind kind, CipherMethod method, byte[] key, long sessionId) {
-        Key cacheKey = new Key(kind, key, sessionId);
-        return map.computeIfAbsent(cacheKey, k -> {
-            timer.newTimeout(timeout -> map.remove(cacheKey), duration.toSeconds(), TimeUnit.SECONDS);
-            return new UdpCipher(method, AEAD2022.UDP.sessionSubkey(key, sessionId));
-        });
+    UdpCipherCache(LruCache<Key, UdpCipher> cache) {
+        this.cache = cache;
     }
 
-    public boolean contains(CipherKind kind, byte[] key, long sessionId) {
-        return map.containsKey(new Key(kind, key, sessionId));
+    public UdpCipher get(CipherKind kind, CipherMethod method, byte[] key, long sessionId) {
+        return cache.computeIfAbsent(
+            new Key(kind, key, sessionId),
+            k -> new UdpCipher(method, AEAD2022.UDP.sessionSubkey(key, sessionId))
+        );
     }
 
     record Key(CipherKind kind, byte[] key, long sessionId) {

urban-spork-server/pom.xml

@@ -3,7 +3,7 @@
   <parent>
     <groupId>urban-spork</groupId>
     <artifactId>urban-spork</artifactId>
-    <version>2.4.4</version>
+    <version>2.4.5</version>
   </parent>
   <artifactId>urban-spork-server</artifactId>
   <dependencies>

urban-spork-server/src/com/urbanspork/server/Server.java

@@ -24,6 +24,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.Closeable;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
@@ -127,7 +128,8 @@ protected void initChannel(Channel ch) {
         }
     }
 
-    public record Instance(ServerSocketChannel tcp, Optional<DatagramChannel> udp) {
+    public record Instance(ServerSocketChannel tcp, Optional<DatagramChannel> udp) implements Closeable {
+        @Override
         public void close() {
             tcp.close().awaitUninterruptibly();
             udp.ifPresent(c -> c.close().awaitUninterruptibly());

urban-spork-test/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>urban-spork</groupId>
     <artifactId>urban-spork</artifactId>
-    <version>2.4.4</version>
+    <version>2.4.5</version>
   </parent>
   <artifactId>urban-spork-test</artifactId>
   <dependencies>

urban-spork-test/test/com/urbanspork/client/ClientSocksInitializerTest.java

@@ -13,7 +13,9 @@ void testBuildSslHandler() {
         EmbeddedChannel channel = new EmbeddedChannel();
         ServerConfig config = ServerConfigTest.testConfig(0);
         Assertions.assertDoesNotThrow(() -> ClientSocksInitializer.buildSslHandler(channel, config));
-        config.setSsl(new SslSetting());
+        SslSetting ssl = new SslSetting();
+        ssl.setVerifyHostname(false);
+        config.setSsl(ssl);
         Assertions.assertDoesNotThrow(() -> ClientSocksInitializer.buildSslHandler(channel, config));
     }
 }

urban-spork-test/test/com/urbanspork/common/config/SslSettingTest.java

@@ -11,5 +11,6 @@ void testGetterAndSetter() {
         TestUtil.testGetterAndSetter("B", setting, SslSetting::getKeyFile, SslSetting::setKeyFile);
         TestUtil.testGetterAndSetter("C", setting, SslSetting::getKeyPassword, SslSetting::setKeyPassword);
         TestUtil.testGetterAndSetter("D", setting, SslSetting::getServerName, SslSetting::setServerName);
+        TestUtil.testGetterAndSetter(false, setting, SslSetting::isVerifyHostname, SslSetting::setVerifyHostname);
     }
 }

urban-spork-test/test/com/urbanspork/common/protocol/shadowsocks/aead2022/UDPCipherCacheTest.java → urban-spork-test/test/com/urbanspork/common/protocol/shadowsocks/aead2022/UdpCipherCacheTest.java

@@ -5,7 +5,7 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
-class UDPCipherCacheTest {
+class UdpCipherCacheTest {
     @Test
     void testKey() {
         CipherKind kind = CipherKind.aead2022_blake3_aes_128_gcm;