Shadowsocks should send data along with header #232
Comments
|
Hmm, IV is already sent with the first packet:
|
|
Two connections should use independent IVs. |
|
Yes, they are. |
|
The first packet should contain the header/handshake as well as actual payload. |
|
Hmm, then the |
|
CC @madeye to double check on this. |
|
Made a simple but a little bit ugly solution. |
|
This should also be done at the server side as well -- https://github.com/shadowsocks/shadowsocks-rust/blob/806f44244af1366323d69a2abed3a530838ab264/src/relay/tcprelay/aead.rs |
|
Server side doesn't have a handshake packet. |
|
Cool just double checked via |
|
@madeye Maybe we should include this in official doc as well? |
|
Yeah, we should do that. |
|
Hmm, this fix caused another problem: shadowsocks/shadowsocks-android#2621. We'd better have a delay control to send out the header, even if there's no data. Some underlying protocol requires this behavior like FTP. |
|
Well, it would be quite tricky to do that in a |
|
Yes, I tried to implement this myself at first, but found it's not easy. |
|
Considering this only covers a few use cases like FTP, maybe it is better to have a timeout of maybe 500ms, and an option to turn off this behavior (default on). EDIT: Or a configurable timeout defaulting to 500ms, 0 indicating not waiting... |
|
A fixed 500ms timeout looks good enough. Given most of protocols today let client send the request first, I don't think we would see header only handshakes often. |
|
This 500ms is only applied on the client side: |
* Refactored and separate library into crates
- shadowsocks: the core feature of shadowsocks
- shadowsocks-service: library for building shadowsocks services
- dns, http, redir, socks, tunnel
- load balancer
- shadowsocks-rust: release binaries
fix #347
* unified DnsResolver implementation
* unified local service common parameters into ServiceContext
- ServiceContext is common parameters shared between all local
implementations
- Completely removed https local support
* add #292 reply attack protection
* migrated redir local server
* support customizing outbound socket bind address
* manager outbound socket should accepts connect_opts
* republic local implementations
* socks5 udp server should always listen to client address
* socks4 controlled by local-socks4 feature
* socks4 also obey mode configuration
* socks server tcp cannot be disable. add support of udp-bind-addr parameter
* add udp-bind-addr for customizing udp-relay bind-addr
* local-dns infra, support customizing resolver
* fully implements DNS relay server
* support binding to specific interface on Linux-like platform
* tcp cannot be disabled in socks
* enable local-flow-stat
* fixed windows build
* fixed android specific warnings and compile errors
* allow udp_only mode in socks5
* dns relay listens to both TCP and UDP, mode controls outbound upstreams
* dns relay retries twice if request failed
* doc
* fix DnsClient typo
* fix stream EncryptWriter bug
* allow disable logging output
updated dependencies
* add readme
* refine doc
* remove depending on trust-dns-client
* socks4/4a client
* allow socks5 udp_only mode, fixes compile warning
* create standalone socks5 UDP relay server
- socks5 UDP association full cone (NAT2)
* server udp relay supports full cone (NAT2)
* acl moved to crate root
* redir udp relay support full cone (NAT2)
* standard socks5 udp test must use tcp_and_udp mode
* set server context fields with pub APIs
* udp_max_associations and udp_timeout default value set in Config
* local dns resolver retry with fixed attempts
* max_udp_association keeps unlimited by default
* fixed logging binary name
* pops first exited future result for local and server
* update reverse target index cache
* fix ProxyClientStreamWriteHalf that allows sending empty buffers
ref #232
* remove unused import when socks4 is disabled
* make balancer become a globally shared object
* print plugin exit status
* control local, server, manager services in features
Currently, this implementation does handshake first, which is problematic for obfuscation, e.g.
shadowsocks-rust/src/relay/tcprelay/socks5_local.rs
Line 40 in 1204d58
The text was updated successfully, but these errors were encountered: