Improve: better relay copies

.travis.yml

@@ -1,7 +1,7 @@
 language: go
 sudo: false
 go:
-  - "1.10"
+  - "1.11"
 before_install:
   - go get -u github.com/golang/dep/cmd/dep
 install:

Gopkg.lock

@@ -3,65 +3,92 @@
 
 [[projects]]
   branch = "master"
+  digest = "1:8fa55a6e302771a90a86ceae1ca3c0df4ef15d21092198e8313f61dde9eea963"
   name = "github.com/Yawning/chacha20"
   packages = ["."]
+  pruneopts = "UT"
   revision = "e3b1f968fc6397b51d963fee8ec8711a47bc0ce8"
 
 [[projects]]
+  digest = "1:444b82bfe35c83bbcaf84e310fb81a1f9ece03edfed586483c869e2c046aef69"
   name = "github.com/eapache/queue"
   packages = ["."]
+  pruneopts = "UT"
   revision = "44cc805cf13205b55f69e14bcb69867d1ae92f98"
   version = "v1.1.0"
 
 [[projects]]
+  digest = "1:b9914f85d95a0968bafd1be1908ba29e2eafafd88d6fd13696be42bf5368c380"
   name = "github.com/go-chi/chi"
   packages = ["."]
-  revision = "e83ac2304db3c50cf03d96a2fcd39009d458bc35"
-  version = "v3.3.2"
+  pruneopts = "UT"
+  revision = "b5294d10673813fac8558e7f47242bc9e61b4c25"
+  version = "v3.3.3"
 
 [[projects]]
+  digest = "1:dfa416a1bb8139f30832543340f972f65c0db9932034cb6a1b42c5ac615a3fb8"
   name = "github.com/go-chi/cors"
   packages = ["."]
+  pruneopts = "UT"
   revision = "dba6525398619dead495962a916728e7ee2ca322"
   version = "v1.0.0"
 
 [[projects]]
+  digest = "1:54d7b4b9ab2bb2bae35b55eea900bc8fe15cba05a95fc78bf7fd7b82a9a07afa"
   name = "github.com/go-chi/render"
   packages = ["."]
+  pruneopts = "UT"
   revision = "3215478343fbc559bd3fc08f7031bb134d6bdad5"
   version = "v1.0.1"
 
 [[projects]]
+  digest = "1:ce579162ae1341f3e5ab30c0dce767f28b1eb6a81359aad01723f1ba6b4becdf"
+  name = "github.com/gofrs/uuid"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "370558f003bfe29580cd0f698d8640daccdcc45c"
+  version = "v3.1.1"
+
+[[projects]]
+  digest = "1:2e8bdbc8a11d716dab1bf66d326285d7e5c92fa4c996c1574ba1153e57534b85"
   name = "github.com/oschwald/geoip2-golang"
   packages = ["."]
+  pruneopts = "UT"
   revision = "7118115686e16b77967cdbf55d1b944fe14ad312"
   version = "v1.2.1"
 
 [[projects]]
+  digest = "1:07e8589503b7ec22430dae6eed6f2c17e4249ab245574f4fd0ba8fc9c597d138"
   name = "github.com/oschwald/maxminddb-golang"
   packages = ["."]
+  pruneopts = "UT"
   revision = "c5bec84d1963260297932a1b7a1753c8420717a7"
   version = "v1.3.0"
 
 [[projects]]
+  digest = "1:2bfa1a73654feb90893014b04779ce5205f3e19e843c0e32a89ea051d31f12d5"
   name = "github.com/riobard/go-shadowsocks2"
   packages = [
     "core",
     "shadowaead",
     "shadowstream",
-    "socks"
+    "socks",
   ]
+  pruneopts = "UT"
   revision = "8346403248229fc7e10d7a259de8e9352a9d8830"
   version = "v0.1.0"
 
 [[projects]]
+  digest = "1:d867dfa6751c8d7a435821ad3b736310c2ed68945d05b50fb9d23aee0540c8cc"
   name = "github.com/sirupsen/logrus"
   packages = ["."]
-  revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
-  version = "v1.0.5"
+  pruneopts = "UT"
+  revision = "3e01752db0189b9157070a0e1668a620f9a85da2"
+  version = "v1.0.6"
 
 [[projects]]
   branch = "master"
+  digest = "1:d33888518d56c3f0cc9009594f56be4faf33ffff358fe10ff8e7e8cccf0e6617"
   name = "golang.org/x/crypto"
   packages = [
     "chacha20poly1305",
@@ -69,35 +96,54 @@
     "internal/chacha20",
     "internal/subtle",
     "poly1305",
-    "ssh/terminal"
+    "ssh/terminal",
   ]
-  revision = "a2144134853fc9a27a7b1e3eb4f19f1a76df13c9"
+  pruneopts = "UT"
+  revision = "0709b304e793a5edb4a2c0145f281ecdc20838a4"
 
 [[projects]]
   branch = "master"
+  digest = "1:576f8d82185dc836ec6d10c0e5568dc4ff94e4d9f101d33ed5d6bae0cbba65b2"
   name = "golang.org/x/sys"
   packages = [
     "cpu",
     "unix",
-    "windows"
+    "windows",
   ]
-  revision = "ac767d655b305d4e9612f5f6e33120b9176c4ad4"
+  pruneopts = "UT"
+  revision = "ebe1bf3edb3325c393447059974de898d5133eb8"
 
 [[projects]]
+  digest = "1:975a4480c40f2d0b95e1f83d3ec1aa29a2774e80179e08a9a4ba2aab86721b23"
   name = "gopkg.in/eapache/channels.v1"
   packages = ["."]
+  pruneopts = "UT"
   revision = "47238d5aae8c0fefd518ef2bee46290909cf8263"
   version = "v1.1.0"
 
 [[projects]]
+  digest = "1:5abd6a22805b1919f6a6bca0ae58b13cef1f3412812f38569978f43ef02743d4"
   name = "gopkg.in/ini.v1"
   packages = ["."]
-  revision = "358ee7663966325963d4e8b2e1fbd570c5195153"
-  version = "v1.38.1"
+  pruneopts = "UT"
+  revision = "5cf292cae48347c2490ac1a58fe36735fb78df7e"
+  version = "v1.38.2"
 
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "0ccb06b3617c87e75bd650f92adc99e55b93070e0b2a0bc71634270226e125fc"
+  input-imports = [
+    "github.com/go-chi/chi",
+    "github.com/go-chi/cors",
+    "github.com/go-chi/render",
+    "github.com/gofrs/uuid",
+    "github.com/oschwald/geoip2-golang",
+    "github.com/riobard/go-shadowsocks2/core",
+    "github.com/riobard/go-shadowsocks2/socks",
+    "github.com/sirupsen/logrus",
+    "golang.org/x/crypto/chacha20poly1305",
+    "gopkg.in/eapache/channels.v1",
+    "gopkg.in/ini.v1",
+  ]
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -1,6 +1,6 @@
 # Gopkg.toml example
 #
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
 # for detailed Gopkg.toml documentation.
 #
 # required = ["github.com/user/thing/cmd/thing"]
@@ -27,7 +27,7 @@
 
 [[constraint]]
   name = "github.com/go-chi/chi"
-  version = "3.3.2"
+  version = "3.3.3"
 
 [[constraint]]
   name = "github.com/go-chi/cors"
@@ -37,6 +37,10 @@
   name = "github.com/go-chi/render"
   version = "1.0.1"
 
+[[constraint]]
+  name = "github.com/gofrs/uuid"
+  version = "3.1.1"
+
 [[constraint]]
   name = "github.com/oschwald/geoip2-golang"
   version = "1.2.1"
@@ -47,7 +51,11 @@
 
 [[constraint]]
   name = "github.com/sirupsen/logrus"
-  version = "1.0.5"
+  version = "1.0.6"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"
 
 [[constraint]]
   name = "gopkg.in/eapache/channels.v1"
@@ -55,7 +63,7 @@
 
 [[constraint]]
   name = "gopkg.in/ini.v1"
-  version = "1.38.1"
+  version = "1.38.2"
 
 [prune]
   go-tests = true

README.md

@@ -25,6 +25,12 @@
 - HTTP/HTTPS and SOCKS proxy
 - Surge like configuration
 - GeoIP rule support
+- Support Vmess/Shadowsocks/Socks5
+- Support for Netfilter TCP redirect
+
+## Discussion
+
+[Telegram Group](https://t.me/clash_discuss)
 
 ## Install
 
@@ -72,14 +78,18 @@ redir-port = 7892
 external-controller = 127.0.0.1:8080
 
 [Proxy]
-# name = ss, server, port, cipher, password
+# name = ss, server, port, cipher, password(, obfs=tls/http, obfs-host=bing.com)
 # The types of cipher are consistent with go-shadowsocks2
 # support AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CTR AES-192-CTR AES-256-CTR AES-128-CFB AES-192-CFB AES-256-CFB CHACHA20-IETF XCHACHA20
 ss1 = ss, server1, port, AEAD_CHACHA20_POLY1305, password
 ss2 = ss, server2, port, AEAD_CHACHA20_POLY1305, password
 
+# name = vmess, server, port, uuid, alterId, cipher(, tls=true)
+# cipher support auto/aes-128-gcm/chacha20-poly1305/none
+vmess1 = vmess, server, port, uuid, 32, auto, tls=true
+
 # name = socks5, server, port
-socks = socks5, server1, port
+socks = socks5, server, port
 
 [Proxy Group]
 # url-test select which proxy will be used by benchmarking speed to a URL.
@@ -103,7 +113,7 @@ FINAL,,Proxy # note: there is two ","
 
 [riobard/go-shadowsocks2](https://github.com/riobard/go-shadowsocks2)
 
-[google/tcpproxy](https://github.com/google/tcpproxy)
+[v2ray/v2ray-core](https://github.com/v2ray/v2ray-core)
 
 ## License
 

adapters/local/http.go

@@ -1,56 +1,18 @@
 package adapters
 
 import (
-	"bufio"
-	"bytes"
-	"io"
 	"net"
+	"net/http"
 	"strings"
 
 	C "github.com/Dreamacro/clash/constant"
 )
 
-// PeekedConn handle http connection and buffed HTTP data
-type PeekedConn struct {
-	net.Conn
-	Peeked []byte
-	host   string
-	isHTTP bool
-}
-
-func (c *PeekedConn) Read(p []byte) (n int, err error) {
-	if len(c.Peeked) > 0 {
-		n = copy(p, c.Peeked)
-		c.Peeked = c.Peeked[n:]
-		if len(c.Peeked) == 0 {
-			c.Peeked = nil
-		}
-		return n, nil
-	}
-
-	// Sometimes firefox just open a socket to process multiple domains in HTTP
-	// The temporary solution is to return io.EOF when encountering different HOST
-	if c.isHTTP {
-		br := bufio.NewReader(bytes.NewReader(p))
-		_, hostName := ParserHTTPHostHeader(br)
-		if hostName != "" {
-			if !strings.Contains(hostName, ":") {
-				hostName += ":80"
-			}
-
-			if hostName != c.host {
-				return 0, io.EOF
-			}
-		}
-	}
-
-	return c.Conn.Read(p)
-}
-
 // HTTPAdapter is a adapter for HTTP connection
 type HTTPAdapter struct {
 	addr *C.Addr
-	conn *PeekedConn
+	conn net.Conn
+	R    *http.Request
 }
 
 // Close HTTP connection
@@ -69,14 +31,34 @@ func (h *HTTPAdapter) Conn() net.Conn {
 }
 
 // NewHTTP is HTTPAdapter generator
-func NewHTTP(host string, peeked []byte, isHTTP bool, conn net.Conn) *HTTPAdapter {
+func NewHTTP(request *http.Request, conn net.Conn) *HTTPAdapter {
 	return &HTTPAdapter{
-		addr: parseHTTPAddr(host),
-		conn: &PeekedConn{
-			Peeked: peeked,
-			Conn:   conn,
-			host:   host,
-			isHTTP: isHTTP,
-		},
+		addr: parseHTTPAddr(request),
+		R:    request,
+		conn: conn,
+	}
+}
+
+// RemoveHopByHopHeaders remove hop-by-hop header
+func RemoveHopByHopHeaders(header http.Header) {
+	// Strip hop-by-hop header based on RFC:
+	// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1
+	// https://www.mnot.net/blog/2011/07/11/what_proxies_must_do
+
+	header.Del("Proxy-Connection")
+	header.Del("Proxy-Authenticate")
+	header.Del("Proxy-Authorization")
+	header.Del("TE")
+	header.Del("Trailers")
+	header.Del("Transfer-Encoding")
+	header.Del("Upgrade")
+
+	connections := header.Get("Connection")
+	header.Del("Connection")
+	if len(connections) == 0 {
+		return
+	}
+	for _, h := range strings.Split(connections, ",") {
+		header.Del(strings.TrimSpace(h))
 	}
 }

adapters/local/https.go

@@ -0,0 +1,14 @@
+package adapters
+
+import (
+	"net"
+	"net/http"
+)
+
+// NewHTTPS is HTTPAdapter generator
+func NewHTTPS(request *http.Request, conn net.Conn) *SocketAdapter {
+	return &SocketAdapter{
+		addr: parseHTTPAddr(request),
+		conn: conn,
+	}
+}

adapters/local/socket.go

@@ -7,30 +7,30 @@ import (
 	"github.com/riobard/go-shadowsocks2/socks"
 )
 
-// SocksAdapter is a adapter for socks and redir connection
-type SocksAdapter struct {
+// SocketAdapter is a adapter for socks and redir connection
+type SocketAdapter struct {
 	conn net.Conn
 	addr *C.Addr
 }
 
 // Close socks and redir connection
-func (s *SocksAdapter) Close() {
+func (s *SocketAdapter) Close() {
 	s.conn.Close()
 }
 
 // Addr return destination address
-func (s *SocksAdapter) Addr() *C.Addr {
+func (s *SocketAdapter) Addr() *C.Addr {
 	return s.addr
 }
 
 // Conn return raw net.Conn
-func (s *SocksAdapter) Conn() net.Conn {
+func (s *SocketAdapter) Conn() net.Conn {
 	return s.conn
 }
 
-// NewSocks is SocksAdapter generator
-func NewSocks(target socks.Addr, conn net.Conn) *SocksAdapter {
-	return &SocksAdapter{
+// NewSocket is SocketAdapter generator
+func NewSocket(target socks.Addr, conn net.Conn) *SocketAdapter {
+	return &SocketAdapter{
 		conn: conn,
 		addr: parseSocksAddr(target),
 	}

adapters/local/util.go

@@ -1,8 +1,6 @@
 package adapters
 
 import (
-	"bufio"
-	"bytes"
 	"net"
 	"net/http"
 	"strconv"
@@ -40,8 +38,12 @@ func parseSocksAddr(target socks.Addr) *C.Addr {
 	}
 }
 
-func parseHTTPAddr(target string) *C.Addr {
-	host, port, _ := net.SplitHostPort(target)
+func parseHTTPAddr(request *http.Request) *C.Addr {
+	host := request.URL.Hostname()
+	port := request.URL.Port()
+	if port == "" {
+		port = "80"
+	}
 	ipAddr, err := net.ResolveIPAddr("ip", host)
 	var resolveIP *net.IP
 	if err == nil {
@@ -67,74 +69,3 @@ func parseHTTPAddr(target string) *C.Addr {
 		Port:     port,
 	}
 }
-
-// ParserHTTPHostHeader returns the HTTP Host header from br without
-// consuming any of its bytes. It returns "" if it can't find one.
-func ParserHTTPHostHeader(br *bufio.Reader) (method, host string) {
-	// br := bufio.NewReader(bytes.NewReader(data))
-	const maxPeek = 4 << 10
-	peekSize := 0
-	for {
-		peekSize++
-		if peekSize > maxPeek {
-			b, _ := br.Peek(br.Buffered())
-			return method, httpHostHeaderFromBytes(b)
-		}
-		b, err := br.Peek(peekSize)
-		if n := br.Buffered(); n > peekSize {
-			b, _ = br.Peek(n)
-			peekSize = n
-		}
-		if len(b) > 0 {
-			if b[0] < 'A' || b[0] > 'Z' {
-				// Doesn't look like an HTTP verb
-				// (GET, POST, etc).
-				return
-			}
-			if bytes.Index(b, crlfcrlf) != -1 || bytes.Index(b, lflf) != -1 {
-				req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(b)))
-				if err != nil {
-					return
-				}
-				if len(req.Header["Host"]) > 1 {
-					// TODO(bradfitz): what does
-					// ReadRequest do if there are
-					// multiple Host headers?
-					return
-				}
-				return req.Method, req.Host
-			}
-		}
-		if err != nil {
-			return method, httpHostHeaderFromBytes(b)
-		}
-	}
-}
-
-var (
-	lfHostColon = []byte("\nHost:")
-	lfhostColon = []byte("\nhost:")
-	crlf        = []byte("\r\n")
-	lf          = []byte("\n")
-	crlfcrlf    = []byte("\r\n\r\n")
-	lflf        = []byte("\n\n")
-)
-
-func httpHostHeaderFromBytes(b []byte) string {
-	if i := bytes.Index(b, lfHostColon); i != -1 {
-		return string(bytes.TrimSpace(untilEOL(b[i+len(lfHostColon):])))
-	}
-	if i := bytes.Index(b, lfhostColon); i != -1 {
-		return string(bytes.TrimSpace(untilEOL(b[i+len(lfhostColon):])))
-	}
-	return ""
-}
-
-// untilEOL returns v, truncated before the first '\n' byte, if any.
-// The returned slice may include a '\r' at the end.
-func untilEOL(v []byte) []byte {
-	if i := bytes.IndexByte(v, '\n'); i != -1 {
-		return v[:i]
-	}
-	return v
-}

adapters/remote/direct.go

@@ -36,7 +36,7 @@ func (d *Direct) Generator(addr *C.Addr) (adapter C.ProxyAdapter, err error) {
 	if err != nil {
 		return
 	}
-	c.(*net.TCPConn).SetKeepAlive(true)
+	tcpKeepAlive(c)
 	return &DirectAdapter{conn: c}, nil
 }
 

adapters/remote/shadowsocks.go

@@ -9,6 +9,7 @@ import (
 
 	C "github.com/Dreamacro/clash/constant"
 
+	"github.com/Dreamacro/clash/common/simple-obfs"
 	"github.com/riobard/go-shadowsocks2/core"
 	"github.com/riobard/go-shadowsocks2/socks"
 )
@@ -28,9 +29,11 @@ func (ss *ShadowsocksAdapter) Conn() net.Conn {
 }
 
 type ShadowSocks struct {
-	server string
-	name   string
-	cipher core.Cipher
+	server   string
+	name     string
+	obfs     string
+	obfsHost string
+	cipher   core.Cipher
 }
 
 func (ss *ShadowSocks) Name() string {
@@ -46,23 +49,43 @@ func (ss *ShadowSocks) Generator(addr *C.Addr) (adapter C.ProxyAdapter, err erro
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error", ss.server)
 	}
-	c.(*net.TCPConn).SetKeepAlive(true)
+	tcpKeepAlive(c)
+	switch ss.obfs {
+	case "tls":
+		c = obfs.NewTLSObfs(c, ss.obfsHost)
+	case "http":
+		_, port, _ := net.SplitHostPort(ss.server)
+		c = obfs.NewHTTPObfs(c, ss.obfsHost, port)
+	}
 	c = ss.cipher.StreamConn(c)
 	_, err = c.Write(serializesSocksAddr(addr))
 	return &ShadowsocksAdapter{conn: c}, err
 }
 
-func NewShadowSocks(name string, ssURL string) (*ShadowSocks, error) {
+func NewShadowSocks(name string, ssURL string, option map[string]string) (*ShadowSocks, error) {
 	var key []byte
 	server, cipher, password, _ := parseURL(ssURL)
 	ciph, err := core.PickCipher(cipher, key, password)
 	if err != nil {
 		return nil, fmt.Errorf("ss %s initialize error: %s", server, err.Error())
 	}
+
+	obfs := ""
+	obfsHost := "bing.com"
+	if value, ok := option["obfs"]; ok {
+		obfs = value
+	}
+
+	if value, ok := option["obfs-host"]; ok {
+		obfsHost = value
+	}
+
 	return &ShadowSocks{
-		server: server,
-		name:   name,
-		cipher: ciph,
+		server:   server,
+		name:     name,
+		cipher:   ciph,
+		obfs:     obfs,
+		obfsHost: obfsHost,
 	}, nil
 }
 

adapters/remote/socks5.go

@@ -44,8 +44,7 @@ func (ss *Socks5) Generator(addr *C.Addr) (adapter C.ProxyAdapter, err error) {
 	if err != nil {
 		return nil, fmt.Errorf("%s connect error", ss.addr)
 	}
-	c.(*net.TCPConn).SetKeepAlive(true)
-
+	tcpKeepAlive(c)
 	if err := ss.sharkHand(addr, c); err != nil {
 		return nil, err
 	}

adapters/remote/util.go

@@ -84,3 +84,10 @@ func selectFast(in chan interface{}) chan interface{} {
 
 	return out
 }
+
+func tcpKeepAlive(c net.Conn) {
+	if tcp, ok := c.(*net.TCPConn); ok {
+		tcp.SetKeepAlive(true)
+		tcp.SetKeepAlivePeriod(3 * time.Minute)
+	}
+}

adapters/remote/vmess.go

@@ -0,0 +1,95 @@
+package adapters
+
+import (
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+
+	"github.com/Dreamacro/clash/common/vmess"
+	C "github.com/Dreamacro/clash/constant"
+)
+
+// VmessAdapter is a vmess adapter
+type VmessAdapter struct {
+	conn net.Conn
+}
+
+// Close is used to close connection
+func (v *VmessAdapter) Close() {
+	v.conn.Close()
+}
+
+func (v *VmessAdapter) Conn() net.Conn {
+	return v.conn
+}
+
+type Vmess struct {
+	name   string
+	server string
+	client *vmess.Client
+}
+
+func (ss *Vmess) Name() string {
+	return ss.name
+}
+
+func (ss *Vmess) Type() C.AdapterType {
+	return C.Vmess
+}
+
+func (ss *Vmess) Generator(addr *C.Addr) (adapter C.ProxyAdapter, err error) {
+	c, err := net.Dial("tcp", ss.server)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error", ss.server)
+	}
+	tcpKeepAlive(c)
+	c = ss.client.New(c, parseVmessAddr(addr))
+	return &VmessAdapter{conn: c}, err
+}
+
+func NewVmess(name string, server string, uuid string, alterID uint16, security string, option map[string]string) (*Vmess, error) {
+	security = strings.ToLower(security)
+	client, err := vmess.NewClient(vmess.Config{
+		UUID:     uuid,
+		AlterID:  alterID,
+		Security: security,
+		TLS:      option["tls"] == "true",
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &Vmess{
+		name:   name,
+		server: server,
+		client: client,
+	}, nil
+}
+
+func parseVmessAddr(info *C.Addr) *vmess.DstAddr {
+	var addrType byte
+	var addr []byte
+	switch info.AddrType {
+	case C.AtypIPv4:
+		addrType = byte(vmess.AtypIPv4)
+		addr = make([]byte, net.IPv4len)
+		copy(addr[:], info.IP.To4())
+	case C.AtypIPv6:
+		addrType = byte(vmess.AtypIPv6)
+		addr = make([]byte, net.IPv6len)
+		copy(addr[:], info.IP.To16())
+	case C.AtypDomainName:
+		addrType = byte(vmess.AtypDomainName)
+		addr = make([]byte, len(info.Host)+1)
+		addr[0] = byte(len(info.Host))
+		copy(addr[1:], []byte(info.Host))
+	}
+
+	port, _ := strconv.Atoi(info.Port)
+	return &vmess.DstAddr{
+		AddrType: addrType,
+		Addr:     addr,
+		Port:     uint(port),
+	}
+}

common/simple-obfs/http.go

@@ -0,0 +1,88 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math/rand"
+	"net"
+	"net/http"
+)
+
+// HTTPObfs is shadowsocks http simple-obfs implementation
+type HTTPObfs struct {
+	net.Conn
+	host          string
+	port          string
+	buf           []byte
+	offset        int
+	firstRequest  bool
+	firstResponse bool
+}
+
+func (ho *HTTPObfs) Read(b []byte) (int, error) {
+	if ho.buf != nil {
+		n := copy(b, ho.buf[ho.offset:])
+		ho.offset += n
+		if ho.offset == len(ho.buf) {
+			ho.buf = nil
+		}
+		return n, nil
+	}
+
+	if ho.firstResponse {
+		buf := bufPool.Get().([]byte)
+		n, err := ho.Conn.Read(buf)
+		if err != nil {
+			bufPool.Put(buf[:cap(buf)])
+			return 0, err
+		}
+		idx := bytes.Index(buf[:n], []byte("\r\n\r\n"))
+		if idx == -1 {
+			bufPool.Put(buf[:cap(buf)])
+			return 0, io.EOF
+		}
+		ho.firstResponse = false
+		length := n - (idx + 4)
+		n = copy(b, buf[idx+4:n])
+		if length > n {
+			ho.buf = buf[:idx+4+length]
+			ho.offset = idx + 4 + n
+		} else {
+			bufPool.Put(buf[:cap(buf)])
+		}
+		return n, nil
+	}
+	return ho.Conn.Read(b)
+}
+
+func (ho *HTTPObfs) Write(b []byte) (int, error) {
+	if ho.firstRequest {
+		randBytes := make([]byte, 16)
+		rand.Read(randBytes)
+		req, _ := http.NewRequest("GET", fmt.Sprintf("http://%s/", ho.host), bytes.NewBuffer(b[:]))
+		req.Header.Set("User-Agent", fmt.Sprintf("curl/7.%d.%d", rand.Int()%54, rand.Int()%2))
+		req.Header.Set("Upgrade", "websocket")
+		req.Header.Set("Connection", "Upgrade")
+		req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port)
+		req.Header.Set("Sec-WebSocket-Key", base64.URLEncoding.EncodeToString(randBytes))
+		req.ContentLength = int64(len(b))
+		err := req.Write(ho.Conn)
+		ho.firstRequest = false
+		return len(b), err
+	}
+
+	return ho.Conn.Write(b)
+}
+
+// NewHTTPObfs return a HTTPObfs
+func NewHTTPObfs(conn net.Conn, host string, port string) net.Conn {
+	return &HTTPObfs{
+		Conn:          conn,
+		firstRequest:  true,
+		firstResponse: true,
+		host:          host,
+		port:          port,
+	}
+}

common/simple-obfs/tls.go

@@ -0,0 +1,190 @@
+package obfs
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"math/rand"
+	"net"
+	"sync"
+	"time"
+)
+
+func init() {
+	rand.Seed(time.Now().Unix())
+}
+
+var bufPool = sync.Pool{New: func() interface{} { return make([]byte, 2048) }}
+
+// TLSObfs is shadowsocks tls simple-obfs implementation
+type TLSObfs struct {
+	net.Conn
+	server        string
+	remain        int
+	firstRequest  bool
+	firstResponse bool
+}
+
+func (to *TLSObfs) read(b []byte, discardN int) (int, error) {
+	buf := bufPool.Get().([]byte)
+	_, err := io.ReadFull(to.Conn, buf[:discardN])
+	if err != nil {
+		return 0, err
+	}
+	bufPool.Put(buf[:cap(buf)])
+
+	sizeBuf := make([]byte, 2)
+	_, err = io.ReadFull(to.Conn, sizeBuf)
+	if err != nil {
+		return 0, nil
+	}
+
+	length := int(binary.BigEndian.Uint16(sizeBuf))
+	if length > len(b) {
+		n, err := to.Conn.Read(b)
+		if err != nil {
+			return n, err
+		}
+		to.remain = length - n
+		return n, nil
+	}
+
+	return io.ReadFull(to.Conn, b[:length])
+}
+
+func (to *TLSObfs) Read(b []byte) (int, error) {
+	if to.remain > 0 {
+		length := to.remain
+		if length > len(b) {
+			length = len(b)
+		}
+
+		n, err := io.ReadFull(to.Conn, b[:length])
+		to.remain -= n
+		return n, err
+	}
+
+	if to.firstResponse {
+		// type + ver + lensize + 91 = 96
+		// type + ver + lensize + 1 = 6
+		// type + ver = 3
+		to.firstResponse = false
+		return to.read(b, 105)
+	}
+
+	// type + ver = 3
+	return to.read(b, 3)
+}
+
+func (to *TLSObfs) Write(b []byte) (int, error) {
+	if to.firstRequest {
+		helloMsg := makeClientHelloMsg(b, to.server)
+		_, err := to.Conn.Write(helloMsg)
+		to.firstRequest = false
+		return len(b), err
+	}
+
+	size := bufPool.Get().([]byte)
+	binary.BigEndian.PutUint16(size[:2], uint16(len(b)))
+
+	buf := &bytes.Buffer{}
+	buf.Write([]byte{0x17, 0x03, 0x03})
+	buf.Write(size[:2])
+	buf.Write(b)
+	_, err := to.Conn.Write(buf.Bytes())
+	bufPool.Put(size[:cap(size)])
+	return len(b), err
+}
+
+// NewTLSObfs return a SimpleObfs
+func NewTLSObfs(conn net.Conn, server string) net.Conn {
+	return &TLSObfs{
+		Conn:          conn,
+		server:        server,
+		firstRequest:  true,
+		firstResponse: true,
+	}
+}
+
+func makeClientHelloMsg(data []byte, server string) []byte {
+	random := make([]byte, 32)
+	sessionID := make([]byte, 32)
+	size := make([]byte, 2)
+	rand.Read(random)
+	rand.Read(sessionID)
+
+	buf := &bytes.Buffer{}
+
+	// handshake, TLS 1.0 version, length
+	buf.WriteByte(22)
+	buf.Write([]byte{0x03, 0x01})
+	length := uint16(212 + len(data) + len(server))
+	buf.WriteByte(byte(length >> 8))
+	buf.WriteByte(byte(length & 0xff))
+
+	// clientHello, length, TLS 1.2 version
+	buf.WriteByte(1)
+	binary.BigEndian.PutUint16(size, uint16(208+len(data)+len(server)))
+	buf.WriteByte(0)
+	buf.Write(size)
+	buf.Write([]byte{0x03, 0x03})
+
+	// random, sid len, sid
+	buf.Write(random)
+	buf.WriteByte(32)
+	buf.Write(sessionID)
+
+	// cipher suites
+	buf.Write([]byte{0x00, 0x38})
+	buf.Write([]byte{
+		0xc0, 0x2c, 0xc0, 0x30, 0x00, 0x9f, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x2b, 0xc0, 0x2f,
+		0x00, 0x9e, 0xc0, 0x24, 0xc0, 0x28, 0x00, 0x6b, 0xc0, 0x23, 0xc0, 0x27, 0x00, 0x67, 0xc0, 0x0a,
+		0xc0, 0x14, 0x00, 0x39, 0xc0, 0x09, 0xc0, 0x13, 0x00, 0x33, 0x00, 0x9d, 0x00, 0x9c, 0x00, 0x3d,
+		0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0xff,
+	})
+
+	// compression
+	buf.Write([]byte{0x01, 0x00})
+
+	// extension length
+	binary.BigEndian.PutUint16(size, uint16(79+len(data)+len(server)))
+	buf.Write(size)
+
+	// session ticket
+	buf.Write([]byte{0x00, 0x23})
+	binary.BigEndian.PutUint16(size, uint16(len(data)))
+	buf.Write(size)
+	buf.Write(data)
+
+	// server name
+	buf.Write([]byte{0x00, 0x00})
+	binary.BigEndian.PutUint16(size, uint16(len(server)+5))
+	buf.Write(size)
+	binary.BigEndian.PutUint16(size, uint16(len(server)+3))
+	buf.Write(size)
+	buf.WriteByte(0)
+	binary.BigEndian.PutUint16(size, uint16(len(server)))
+	buf.Write(size)
+	buf.Write([]byte(server))
+
+	// ec_point
+	buf.Write([]byte{0x00, 0x0b, 0x00, 0x04, 0x03, 0x01, 0x00, 0x02})
+
+	// groups
+	buf.Write([]byte{0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x19, 0x00, 0x18})
+
+	// signature
+	buf.Write([]byte{
+		0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x01, 0x06, 0x02, 0x06, 0x03, 0x05,
+		0x01, 0x05, 0x02, 0x05, 0x03, 0x04, 0x01, 0x04, 0x02, 0x04, 0x03, 0x03, 0x01,
+		0x03, 0x02, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
+	})
+
+	// encrypt then mac
+	buf.Write([]byte{0x00, 0x16, 0x00, 0x00})
+
+	// extended master secret
+	buf.Write([]byte{0x00, 0x17, 0x00, 0x00})
+
+	return buf.Bytes()
+}

common/vmess/aead.go

@@ -0,0 +1,115 @@
+package vmess
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+type aeadWriter struct {
+	io.Writer
+	cipher.AEAD
+	nonce [32]byte
+	count uint16
+	iv    []byte
+}
+
+func newAEADWriter(w io.Writer, aead cipher.AEAD, iv []byte) *aeadWriter {
+	return &aeadWriter{Writer: w, AEAD: aead, iv: iv}
+}
+
+func (w *aeadWriter) Write(b []byte) (n int, err error) {
+	buf := bufPool.Get().([]byte)
+	defer bufPool.Put(buf[:cap(buf)])
+	length := len(b)
+	for {
+		if length == 0 {
+			break
+		}
+		readLen := chunkSize - w.Overhead()
+		if length < readLen {
+			readLen = length
+		}
+		payloadBuf := buf[lenSize : lenSize+chunkSize-w.Overhead()]
+		copy(payloadBuf, b[n:n+readLen])
+
+		binary.BigEndian.PutUint16(buf[:lenSize], uint16(readLen+w.Overhead()))
+		binary.BigEndian.PutUint16(w.nonce[:2], w.count)
+		copy(w.nonce[2:], w.iv[2:12])
+
+		w.Seal(payloadBuf[:0], w.nonce[:w.NonceSize()], payloadBuf[:readLen], nil)
+		w.count++
+
+		_, err = w.Writer.Write(buf[:lenSize+readLen+w.Overhead()])
+		if err != nil {
+			break
+		}
+		n += readLen
+		length -= readLen
+	}
+	return
+}
+
+type aeadReader struct {
+	io.Reader
+	cipher.AEAD
+	nonce   [32]byte
+	buf     []byte
+	offset  int
+	iv      []byte
+	sizeBuf []byte
+	count   uint16
+}
+
+func newAEADReader(r io.Reader, aead cipher.AEAD, iv []byte) *aeadReader {
+	return &aeadReader{Reader: r, AEAD: aead, iv: iv, sizeBuf: make([]byte, lenSize)}
+}
+
+func (r *aeadReader) Read(b []byte) (int, error) {
+	if r.buf != nil {
+		n := copy(b, r.buf[r.offset:])
+		r.offset += n
+		if r.offset == len(r.buf) {
+			bufPool.Put(r.buf[:cap(r.buf)])
+			r.buf = nil
+		}
+		return n, nil
+	}
+
+	_, err := io.ReadFull(r.Reader, r.sizeBuf)
+	if err != nil {
+		return 0, err
+	}
+
+	size := int(binary.BigEndian.Uint16(r.sizeBuf))
+	if size > maxSize {
+		return 0, errors.New("Buffer is larger than standard")
+	}
+
+	buf := bufPool.Get().([]byte)
+	_, err = io.ReadFull(r.Reader, buf[:size])
+	if err != nil {
+		bufPool.Put(buf[:cap(buf)])
+		return 0, err
+	}
+
+	binary.BigEndian.PutUint16(r.nonce[:2], r.count)
+	copy(r.nonce[2:], r.iv[2:12])
+
+	_, err = r.Open(buf[:0], r.nonce[:r.NonceSize()], buf[:size], nil)
+	r.count++
+	if err != nil {
+		return 0, err
+	}
+	realLen := size - r.Overhead()
+	n := copy(b, buf[:realLen])
+	if len(b) >= realLen {
+		bufPool.Put(buf[:cap(buf)])
+		return n, nil
+	}
+
+	r.offset = n
+	r.buf = buf[:realLen]
+	return n, nil
+}

common/vmess/chunk.go

@@ -0,0 +1,103 @@
+package vmess
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+	"sync"
+)
+
+const (
+	lenSize   = 2
+	chunkSize = 1 << 14   // 2 ** 14 == 16 * 1024
+	maxSize   = 17 * 1024 // 2 + chunkSize + aead.Overhead()
+)
+
+var bufPool = sync.Pool{New: func() interface{} { return make([]byte, maxSize) }}
+
+type chunkReader struct {
+	io.Reader
+	buf     []byte
+	sizeBuf []byte
+	offset  int
+}
+
+func newChunkReader(reader io.Reader) *chunkReader {
+	return &chunkReader{Reader: reader, sizeBuf: make([]byte, lenSize)}
+}
+
+func newChunkWriter(writer io.WriteCloser) *chunkWriter {
+	return &chunkWriter{Writer: writer}
+}
+
+func (cr *chunkReader) Read(b []byte) (int, error) {
+	if cr.buf != nil {
+		n := copy(b, cr.buf[cr.offset:])
+		cr.offset += n
+		if cr.offset == len(cr.buf) {
+			bufPool.Put(cr.buf[:cap(cr.buf)])
+			cr.buf = nil
+		}
+		return n, nil
+	}
+
+	_, err := io.ReadFull(cr.Reader, cr.sizeBuf)
+	if err != nil {
+		return 0, err
+	}
+
+	size := int(binary.BigEndian.Uint16(cr.sizeBuf))
+	if size > maxSize {
+		return 0, errors.New("Buffer is larger than standard")
+	}
+
+	if len(b) >= size {
+		_, err := io.ReadFull(cr.Reader, b[:size])
+		if err != nil {
+			return 0, err
+		}
+
+		return size, nil
+	}
+
+	buf := bufPool.Get().([]byte)
+	_, err = io.ReadFull(cr.Reader, buf[:size])
+	if err != nil {
+		bufPool.Put(buf[:cap(buf)])
+		return 0, err
+	}
+	n := copy(b, cr.buf[:])
+	cr.offset = n
+	cr.buf = buf[:size]
+	return n, nil
+}
+
+type chunkWriter struct {
+	io.Writer
+}
+
+func (cw *chunkWriter) Write(b []byte) (n int, err error) {
+	buf := bufPool.Get().([]byte)
+	defer bufPool.Put(buf[:cap(buf)])
+	length := len(b)
+	for {
+		if length == 0 {
+			break
+		}
+		readLen := chunkSize
+		if length < chunkSize {
+			readLen = length
+		}
+		payloadBuf := buf[lenSize : lenSize+chunkSize]
+		copy(payloadBuf, b[n:n+readLen])
+
+		binary.BigEndian.PutUint16(buf[:lenSize], uint16(readLen))
+		_, err = cw.Writer.Write(buf[:lenSize+readLen])
+		if err != nil {
+			break
+		}
+		n += readLen
+		length -= readLen
+	}
+	return
+}

common/vmess/conn.go

@@ -0,0 +1,213 @@
+package vmess
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/md5"
+	"encoding/binary"
+	"errors"
+	"hash/fnv"
+	"io"
+	"math/rand"
+	"net"
+	"time"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+func init() {
+	rand.Seed(time.Now().UnixNano())
+}
+
+// Conn wrapper a net.Conn with vmess protocol
+type Conn struct {
+	net.Conn
+	reader      io.Reader
+	writer      io.Writer
+	dst         *DstAddr
+	id          *ID
+	reqBodyIV   []byte
+	reqBodyKey  []byte
+	respBodyIV  []byte
+	respBodyKey []byte
+	respV       byte
+	security    byte
+
+	sent     bool
+	received bool
+}
+
+func (vc *Conn) Write(b []byte) (int, error) {
+	if vc.sent {
+		return vc.writer.Write(b)
+	}
+
+	if err := vc.sendRequest(); err != nil {
+		return 0, err
+	}
+
+	vc.sent = true
+	return vc.writer.Write(b)
+}
+
+func (vc *Conn) Read(b []byte) (int, error) {
+	if vc.received {
+		return vc.reader.Read(b)
+	}
+
+	if err := vc.recvResponse(); err != nil {
+		return 0, err
+	}
+	vc.received = true
+	return vc.reader.Read(b)
+}
+
+func (vc *Conn) sendRequest() error {
+	timestamp := make([]byte, 8)
+	binary.BigEndian.PutUint64(timestamp, uint64(time.Now().UTC().Unix()))
+
+	h := hmac.New(md5.New, vc.id.UUID.Bytes())
+	h.Write(timestamp)
+	_, err := vc.Conn.Write(h.Sum(nil))
+	if err != nil {
+		return err
+	}
+
+	buf := &bytes.Buffer{}
+
+	// Ver IV Key V Opt
+	buf.WriteByte(Version)
+	buf.Write(vc.reqBodyIV[:])
+	buf.Write(vc.reqBodyKey[:])
+	buf.WriteByte(vc.respV)
+	buf.WriteByte(OptionChunkStream)
+
+	p := rand.Intn(16)
+	// P Sec Reserve Cmd
+	buf.WriteByte(byte(p<<4) | byte(vc.security))
+	buf.WriteByte(0)
+	buf.WriteByte(CommandTCP)
+
+	// Port AddrType Addr
+	binary.Write(buf, binary.BigEndian, uint16(vc.dst.Port))
+	buf.WriteByte(vc.dst.AddrType)
+	buf.Write(vc.dst.Addr)
+
+	// padding
+	if p > 0 {
+		padding := make([]byte, p)
+		rand.Read(padding)
+		buf.Write(padding)
+	}
+
+	fnv1a := fnv.New32a()
+	fnv1a.Write(buf.Bytes())
+	buf.Write(fnv1a.Sum(nil))
+
+	block, err := aes.NewCipher(vc.id.CmdKey)
+	if err != nil {
+		return err
+	}
+
+	stream := cipher.NewCFBEncrypter(block, hashTimestamp(time.Now().UTC()))
+	stream.XORKeyStream(buf.Bytes(), buf.Bytes())
+	_, err = vc.Conn.Write(buf.Bytes())
+	return err
+}
+
+func (vc *Conn) recvResponse() error {
+	block, err := aes.NewCipher(vc.respBodyKey[:])
+	if err != nil {
+		return err
+	}
+
+	stream := cipher.NewCFBDecrypter(block, vc.respBodyIV[:])
+	buf := make([]byte, 4)
+	_, err = io.ReadFull(vc.Conn, buf)
+	if err != nil {
+		return err
+	}
+	stream.XORKeyStream(buf, buf)
+
+	if buf[0] != vc.respV {
+		return errors.New("unexpected response header")
+	}
+
+	if buf[2] != 0 {
+		return errors.New("dynamic port is not supported now")
+	}
+
+	return nil
+}
+
+func hashTimestamp(t time.Time) []byte {
+	md5hash := md5.New()
+	ts := make([]byte, 8)
+	binary.BigEndian.PutUint64(ts, uint64(t.UTC().Unix()))
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	md5hash.Write(ts)
+	return md5hash.Sum(nil)
+}
+
+// newConn return a Conn instance
+func newConn(conn net.Conn, id *ID, dst *DstAddr, security Security) *Conn {
+	randBytes := make([]byte, 33)
+	rand.Read(randBytes)
+	reqBodyIV := make([]byte, 16)
+	reqBodyKey := make([]byte, 16)
+	copy(reqBodyIV[:], randBytes[:16])
+	copy(reqBodyKey[:], randBytes[16:32])
+	respV := randBytes[32]
+
+	respBodyKey := md5.Sum(reqBodyKey[:])
+	respBodyIV := md5.Sum(reqBodyIV[:])
+
+	var writer io.Writer
+	var reader io.Reader
+	switch security {
+	case SecurityNone:
+		reader = newChunkReader(conn)
+		writer = newChunkWriter(conn)
+	case SecurityAES128GCM:
+		block, _ := aes.NewCipher(reqBodyKey[:])
+		aead, _ := cipher.NewGCM(block)
+		writer = newAEADWriter(conn, aead, reqBodyIV[:])
+
+		block, _ = aes.NewCipher(respBodyKey[:])
+		aead, _ = cipher.NewGCM(block)
+		reader = newAEADReader(conn, aead, respBodyIV[:])
+	case SecurityCHACHA20POLY1305:
+		key := make([]byte, 32)
+		t := md5.Sum(reqBodyKey[:])
+		copy(key, t[:])
+		t = md5.Sum(key[:16])
+		copy(key[16:], t[:])
+		aead, _ := chacha20poly1305.New(key)
+		writer = newAEADWriter(conn, aead, reqBodyIV[:])
+
+		t = md5.Sum(respBodyKey[:])
+		copy(key, t[:])
+		t = md5.Sum(key[:16])
+		copy(key[16:], t[:])
+		aead, _ = chacha20poly1305.New(key)
+		reader = newAEADReader(conn, aead, respBodyIV[:])
+	}
+
+	return &Conn{
+		Conn:        conn,
+		id:          id,
+		dst:         dst,
+		reqBodyIV:   reqBodyIV,
+		reqBodyKey:  reqBodyKey,
+		respV:       respV,
+		respBodyIV:  respBodyIV[:],
+		respBodyKey: respBodyKey[:],
+		reader:      reader,
+		writer:      writer,
+		security:    security,
+	}
+}

common/vmess/user.go

@@ -0,0 +1,54 @@
+package vmess
+
+import (
+	"bytes"
+	"crypto/md5"
+
+	"github.com/gofrs/uuid"
+)
+
+// ID cmdKey length
+const (
+	IDBytesLen = 16
+)
+
+// The ID of en entity, in the form of a UUID.
+type ID struct {
+	UUID   *uuid.UUID
+	CmdKey []byte
+}
+
+// newID returns an ID with given UUID.
+func newID(uuid *uuid.UUID) *ID {
+	id := &ID{UUID: uuid, CmdKey: make([]byte, IDBytesLen)}
+	md5hash := md5.New()
+	md5hash.Write(uuid.Bytes())
+	md5hash.Write([]byte("c48619fe-8f02-49e0-b9e9-edf763e17e21"))
+	md5hash.Sum(id.CmdKey[:0])
+	return id
+}
+
+func nextID(u *uuid.UUID) *uuid.UUID {
+	md5hash := md5.New()
+	md5hash.Write(u.Bytes())
+	md5hash.Write([]byte("16167dc8-16b6-4e6d-b8bb-65dd68113a81"))
+	var newid uuid.UUID
+	for {
+		md5hash.Sum(newid[:0])
+		if !bytes.Equal(newid.Bytes(), u.Bytes()) {
+			return &newid
+		}
+		md5hash.Write([]byte("533eff8a-4113-4b10-b5ce-0f5d76b98cd2"))
+	}
+}
+
+func newAlterIDs(primary *ID, alterIDCount uint16) []*ID {
+	alterIDs := make([]*ID, alterIDCount)
+	prevID := primary.UUID
+	for idx := range alterIDs {
+		newid := nextID(prevID)
+		alterIDs[idx] = &ID{UUID: newid, CmdKey: primary.CmdKey[:]}
+		prevID = newid
+	}
+	return alterIDs
+}

common/vmess/vmess.go

@@ -0,0 +1,117 @@
+package vmess
+
+import (
+	"crypto/tls"
+	"fmt"
+	"math/rand"
+	"net"
+	"runtime"
+
+	"github.com/gofrs/uuid"
+)
+
+// Version of vmess
+const Version byte = 1
+
+// Request Options
+const (
+	OptionChunkStream  byte = 1
+	OptionChunkMasking byte = 4
+)
+
+// Security type vmess
+type Security = byte
+
+// Cipher types
+const (
+	SecurityAES128GCM        Security = 3
+	SecurityCHACHA20POLY1305 Security = 4
+	SecurityNone             Security = 5
+)
+
+// CipherMapping return
+var CipherMapping = map[string]byte{
+	"none":              SecurityNone,
+	"aes-128-gcm":       SecurityAES128GCM,
+	"chacha20-poly1305": SecurityCHACHA20POLY1305,
+}
+
+var tlsConfig = &tls.Config{
+	InsecureSkipVerify: true,
+}
+
+// Command types
+const (
+	CommandTCP byte = 1
+	CommandUDP byte = 2
+)
+
+// Addr types
+const (
+	AtypIPv4       byte = 1
+	AtypDomainName byte = 2
+	AtypIPv6       byte = 3
+)
+
+// DstAddr store destination address
+type DstAddr struct {
+	AddrType byte
+	Addr     []byte
+	Port     uint
+}
+
+// Client is vmess connection generator
+type Client struct {
+	user     []*ID
+	uuid     *uuid.UUID
+	security Security
+	tls      bool
+}
+
+// Config of vmess
+type Config struct {
+	UUID     string
+	AlterID  uint16
+	Security string
+	TLS      bool
+}
+
+// New return a Conn with net.Conn and DstAddr
+func (c *Client) New(conn net.Conn, dst *DstAddr) net.Conn {
+	r := rand.Intn(len(c.user))
+	if c.tls {
+		conn = tls.Client(conn, tlsConfig)
+	}
+	return newConn(conn, c.user[r], dst, c.security)
+}
+
+// NewClient return Client instance
+func NewClient(config Config) (*Client, error) {
+	uid, err := uuid.FromString(config.UUID)
+	if err != nil {
+		return nil, err
+	}
+
+	var security Security
+	switch config.Security {
+	case "aes-128-gcm":
+		security = SecurityAES128GCM
+	case "chacha20-poly1305":
+		security = SecurityCHACHA20POLY1305
+	case "none":
+		security = SecurityNone
+	case "auto":
+		security = SecurityCHACHA20POLY1305
+		if runtime.GOARCH == "amd64" || runtime.GOARCH == "s390x" || runtime.GOARCH == "arm64" {
+			security = SecurityAES128GCM
+		}
+	default:
+		return nil, fmt.Errorf("Unknown security type: %s", config.Security)
+	}
+	return &Client{
+		user:     newAlterIDs(newID(&uid), config.AlterID),
+		uuid:     &uid,
+		security: security,
+		tls:      config.TLS,
+	}, nil
+}

config/config.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"bufio"
 	"fmt"
 	"os"
 	"strconv"
@@ -74,7 +75,10 @@ func (c *Config) readConfig() (*ini.File, error) {
 		return nil, err
 	}
 	return ini.LoadSources(
-		ini.LoadOptions{AllowBooleanKeys: true},
+		ini.LoadOptions{
+			AllowBooleanKeys:    true,
+			UnparseableSections: []string{"Rule"},
+		},
 		C.ConfigPath,
 	)
 }
@@ -189,19 +193,19 @@ func (c *Config) UpdateProxy(pc ProxyConfig) {
 		c.general.AllowLan = *pc.AllowLan
 	}
 
-	if (pc.AllowLan != nil || pc.Port != nil) && *pc.Port != 0 {
-		c.general.Port = *pc.Port
-		c.event <- &Event{Type: "http-addr", Payload: genAddr(*pc.Port, c.general.AllowLan)}
+	c.general.Port = *or(pc.Port, &c.general.Port)
+	if c.general.Port != 0 && (pc.AllowLan != nil || pc.Port != nil) {
+		c.event <- &Event{Type: "http-addr", Payload: genAddr(c.general.Port, c.general.AllowLan)}
 	}
 
-	if (pc.AllowLan != nil || pc.SocksPort != nil) && *pc.SocksPort != 0 {
-		c.general.SocksPort = *pc.SocksPort
-		c.event <- &Event{Type: "socks-addr", Payload: genAddr(*pc.SocksPort, c.general.AllowLan)}
+	c.general.SocksPort = *or(pc.SocksPort, &c.general.SocksPort)
+	if c.general.SocksPort != 0 && (pc.AllowLan != nil || pc.SocksPort != nil) {
+		c.event <- &Event{Type: "socks-addr", Payload: genAddr(c.general.SocksPort, c.general.AllowLan)}
 	}
 
-	if (pc.AllowLan != nil || pc.RedirPort != nil) && *pc.RedirPort != 0 {
-		c.general.RedirPort = *pc.RedirPort
-		c.event <- &Event{Type: "redir-addr", Payload: genAddr(*pc.RedirPort, c.general.AllowLan)}
+	c.general.RedirPort = *or(pc.RedirPort, &c.general.RedirPort)
+	if c.general.RedirPort != 0 && (pc.AllowLan != nil || pc.RedirPort != nil) {
+		c.event <- &Event{Type: "redir-addr", Payload: genAddr(c.general.RedirPort, c.general.AllowLan)}
 	}
 }
 
@@ -223,7 +227,8 @@ func (c *Config) parseProxies(cfg *ini.File) error {
 				continue
 			}
 			ssURL := fmt.Sprintf("ss://%s:%s@%s:%s", proxy[3], proxy[4], proxy[1], proxy[2])
-			ss, err := adapters.NewShadowSocks(key.Name(), ssURL)
+			option := parseOptions(5, proxy...)
+			ss, err := adapters.NewShadowSocks(key.Name(), ssURL, option)
 			if err != nil {
 				return err
 			}
@@ -236,6 +241,22 @@ func (c *Config) parseProxies(cfg *ini.File) error {
 			addr := fmt.Sprintf("%s:%s", proxy[1], proxy[2])
 			socks5 := adapters.NewSocks5(key.Name(), addr)
 			proxies[key.Name()] = socks5
+		// vmess, server, port, uuid, alterId, security
+		case "vmess":
+			if len(proxy) < 6 {
+				continue
+			}
+			addr := fmt.Sprintf("%s:%s", proxy[1], proxy[2])
+			alterID, err := strconv.Atoi(proxy[4])
+			if err != nil {
+				return err
+			}
+			option := parseOptions(6, proxy...)
+			vmess, err := adapters.NewVmess(key.Name(), addr, proxy[3], uint16(alterID), proxy[5], option)
+			if err != nil {
+				return err
+			}
+			proxies[key.Name()] = vmess
 		}
 	}
 
@@ -299,13 +320,21 @@ func (c *Config) parseRules(cfg *ini.File) error {
 
 	rulesConfig := cfg.Section("Rule")
 	// parse rules
-	for _, key := range rulesConfig.Keys() {
-		rule := strings.Split(key.Name(), ",")
+	reader := bufio.NewReader(strings.NewReader(rulesConfig.Body()))
+	for {
+		line, _, err := reader.ReadLine()
+		if err != nil {
+			break
+		}
+
+		rule := strings.Split(string(line), ",")
 		if len(rule) < 3 {
 			continue
 		}
 		rule = trimArr(rule)
 		switch rule[0] {
+		case "DOMAIN":
+			rules = append(rules, R.NewDomain(rule[1], rule[2]))
 		case "DOMAIN-SUFFIX":
 			rules = append(rules, R.NewDomainSuffix(rule[1], rule[2]))
 		case "DOMAIN-KEYWORD":
@@ -330,17 +359,17 @@ func (c *Config) handleResponseMessage() {
 		switch event.Type {
 		case "http-addr":
 			if event.Payload.(bool) == false {
-				log.Errorf("Listening HTTP proxy at %s error", c.general.Port)
+				log.Errorf("Listening HTTP proxy at %d error", c.general.Port)
 				c.general.Port = 0
 			}
 		case "socks-addr":
 			if event.Payload.(bool) == false {
-				log.Errorf("Listening SOCKS proxy at %s error", c.general.SocksPort)
+				log.Errorf("Listening SOCKS proxy at %d error", c.general.SocksPort)
 				c.general.SocksPort = 0
 			}
 		case "redir-addr":
 			if event.Payload.(bool) == false {
-				log.Errorf("Listening Redir proxy at %s error", c.general.RedirPort)
+				log.Errorf("Listening Redir proxy at %d error", c.general.RedirPort)
 				c.general.RedirPort = 0
 			}
 		}

config/utils.go

@@ -18,3 +18,29 @@ func genAddr(port int, allowLan bool) string {
 	}
 	return fmt.Sprintf("127.0.0.1:%d", port)
 }
+
+func or(pointers ...*int) *int {
+	for _, p := range pointers {
+		if p != nil {
+			return p
+		}
+	}
+	return pointers[len(pointers)-1]
+}
+
+func parseOptions(startIdx int, params ...string) map[string]string {
+	mapping := make(map[string]string)
+	if len(params) <= startIdx {
+		return mapping
+	}
+
+	for _, option := range params[startIdx:] {
+		pair := strings.SplitN(option, "=", 2)
+		if len(pair) != 2 {
+			continue
+		}
+
+		mapping[strings.Trim(pair[0], " ")] = strings.Trim(pair[1], " ")
+	}
+	return mapping
+}

constant/adapters.go

@@ -12,6 +12,7 @@ const (
 	Shadowsocks
 	Socks5
 	URLTest
+	Vmess
 )
 
 type ProxyAdapter interface {
@@ -47,6 +48,8 @@ func (at AdapterType) String() string {
 		return "Socks5"
 	case URLTest:
 		return "URLTest"
+	case Vmess:
+		return "Vmess"
 	default:
 		return "Unknow"
 	}

constant/config.go

@@ -23,6 +23,7 @@ type General struct {
 	AllowLan  *bool   `json:"allow-lan,omitempty"`
 	Port      *int    `json:"port,omitempty"`
 	SocksPort *int    `json:"socks-port,omitempty"`
+	RedirPort *int    `json:"redir-port,omitempty"`
 	LogLevel  *string `json:"log-level,omitempty"`
 }
 

constant/rule.go

@@ -2,7 +2,8 @@ package constant
 
 // Rule Type
 const (
-	DomainSuffix RuleType = iota
+	Domain RuleType = iota
+	DomainSuffix
 	DomainKeyword
 	GEOIP
 	IPCIDR
@@ -13,6 +14,8 @@ type RuleType int
 
 func (rt RuleType) String() string {
 	switch rt {
+	case Domain:
+		return "Domain"
 	case DomainSuffix:
 		return "DomainSuffix"
 	case DomainKeyword:

hub/configs.go

@@ -21,6 +21,7 @@ func configRouter() http.Handler {
 type configSchema struct {
 	Port      int    `json:"port"`
 	SocksPort int    `json:"socket-port"`
+	RedirPort int    `json:"redir-port"`
 	AllowLan  bool   `json:"allow-lan"`
 	Mode      string `json:"mode"`
 	LogLevel  string `json:"log-level"`
@@ -31,6 +32,7 @@ func getConfigs(w http.ResponseWriter, r *http.Request) {
 	render.JSON(w, r, configSchema{
 		Port:      general.Port,
 		SocksPort: general.SocksPort,
+		RedirPort: general.RedirPort,
 		AllowLan:  general.AllowLan,
 		Mode:      general.Mode.String(),
 		LogLevel:  general.LogLevel.String(),
@@ -87,6 +89,7 @@ func updateConfigs(w http.ResponseWriter, r *http.Request) {
 		AllowLan:  general.AllowLan,
 		Port:      general.Port,
 		SocksPort: general.SocksPort,
+		RedirPort: general.RedirPort,
 	})
 
 	w.WriteHeader(http.StatusNoContent)

hub/server.go

@@ -82,23 +82,18 @@ func traffic(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-type GetLogs struct {
-	Level string `json:"level"`
-}
-
 type Log struct {
 	Type    string `json:"type"`
 	Payload string `json:"payload"`
 }
 
 func getLogs(w http.ResponseWriter, r *http.Request) {
-	req := &GetLogs{}
-	render.DecodeJSON(r.Body, req)
-	if req.Level == "" {
-		req.Level = "info"
+	levelText := r.URL.Query().Get("level")
+	if levelText == "" {
+		levelText = "info"
 	}
 
-	level, ok := C.LogLevelMapping[req.Level]
+	level, ok := C.LogLevelMapping[levelText]
 	if !ok {
 		w.WriteHeader(http.StatusBadRequest)
 		render.JSON(w, r, Error{

proxy/http/server.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"net"
 	"net/http"
-	"strings"
 
 	"github.com/Dreamacro/clash/adapters/local"
 	C "github.com/Dreamacro/clash/constant"
@@ -56,24 +55,20 @@ func NewHttpProxy(addr string) (*C.ProxySignal, error) {
 
 func handleConn(conn net.Conn) {
 	br := bufio.NewReader(conn)
-	method, hostName := adapters.ParserHTTPHostHeader(br)
-	if hostName == "" {
+	request, err := http.ReadRequest(br)
+	if err != nil {
+		conn.Close()
 		return
 	}
 
-	if !strings.Contains(hostName, ":") {
-		hostName += ":80"
-	}
-
-	var peeked []byte
-	if method == http.MethodConnect {
+	if request.Method == http.MethodConnect {
 		_, err := conn.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
 		if err != nil {
 			return
 		}
-	} else if n := br.Buffered(); n > 0 {
-		peeked, _ = br.Peek(br.Buffered())
+		tun.Add(adapters.NewHTTPS(request, conn))
+		return
 	}
 
-	tun.Add(adapters.NewHTTP(hostName, peeked, method != http.MethodConnect, conn))
+	tun.Add(adapters.NewHTTP(request, conn))
 }

proxy/redir/tcp.go

@@ -58,5 +58,5 @@ func handleRedir(conn net.Conn) {
 		return
 	}
 	conn.(*net.TCPConn).SetKeepAlive(true)
-	tun.Add(adapters.NewSocks(target, conn))
+	tun.Add(adapters.NewSocket(target, conn))
 }

proxy/socks/tcp.go

@@ -59,5 +59,5 @@ func handleSocks(conn net.Conn) {
 		return
 	}
 	conn.(*net.TCPConn).SetKeepAlive(true)
-	tun.Add(adapters.NewSocks(target, conn))
+	tun.Add(adapters.NewSocket(target, conn))
 }

rules/domian.go

@@ -0,0 +1,36 @@
+package rules
+
+import (
+	C "github.com/Dreamacro/clash/constant"
+)
+
+type Domain struct {
+	domain  string
+	adapter string
+}
+
+func (d *Domain) RuleType() C.RuleType {
+	return C.Domain
+}
+
+func (d *Domain) IsMatch(addr *C.Addr) bool {
+	if addr.AddrType != C.AtypDomainName {
+		return false
+	}
+	return addr.Host == d.domain
+}
+
+func (d *Domain) Adapter() string {
+	return d.adapter
+}
+
+func (d *Domain) Payload() string {
+	return d.domain
+}
+
+func NewDomain(domain string, adapter string) *Domain {
+	return &Domain{
+		domain:  domain,
+		adapter: adapter,
+	}
+}

tunnel/connection.go

@@ -1,7 +1,10 @@
 package tunnel
 
 import (
+	"bufio"
 	"io"
+	"net"
+	"net/http"
 
 	"github.com/Dreamacro/clash/adapters/local"
 	C "github.com/Dreamacro/clash/constant"
@@ -9,21 +12,63 @@ import (
 
 func (t *Tunnel) handleHTTP(request *adapters.HTTPAdapter, proxy C.ProxyAdapter) {
 	conn := newTrafficTrack(proxy.Conn(), t.traffic)
+	req := request.R
+	host := req.Host
 
-	// Before we unwrap src and/or dst, copy any buffered data.
-	if wc, ok := request.Conn().(*adapters.PeekedConn); ok && len(wc.Peeked) > 0 {
-		if _, err := conn.Write(wc.Peeked); err != nil {
-			return
+	for {
+		req.Header.Set("Connection", "close")
+		req.RequestURI = ""
+		adapters.RemoveHopByHopHeaders(req.Header)
+		err := req.Write(conn)
+		if err != nil {
+			break
+		}
+		br := bufio.NewReader(conn)
+		resp, err := http.ReadResponse(br, req)
+		if err != nil {
+			break
+		}
+		adapters.RemoveHopByHopHeaders(resp.Header)
+		if resp.ContentLength >= 0 {
+			resp.Header.Set("Proxy-Connection", "keep-alive")
+			resp.Header.Set("Connection", "keep-alive")
+			resp.Header.Set("Keep-Alive", "timeout=4")
+			resp.Close = false
+		} else {
+			resp.Close = true
+		}
+		err = resp.Write(request.Conn())
+		if err != nil || resp.Close {
+			break
+		}
+
+		req, err = http.ReadRequest(bufio.NewReader(request.Conn()))
+		if err != nil {
+			break
+		}
+
+		// Sometimes firefox just open a socket to process multiple domains in HTTP
+		// The temporary solution is close connection when encountering different HOST
+		if req.Host != host {
+			break
 		}
-		wc.Peeked = nil
 	}
-
-	go io.Copy(request.Conn(), conn)
-	io.Copy(conn, request.Conn())
 }
 
-func (t *Tunnel) handleSOCKS(request *adapters.SocksAdapter, proxy C.ProxyAdapter) {
+func (t *Tunnel) handleSOCKS(request *adapters.SocketAdapter, proxy C.ProxyAdapter) {
 	conn := newTrafficTrack(proxy.Conn(), t.traffic)
-	go io.Copy(request.Conn(), conn)
-	io.Copy(conn, request.Conn())
+	relay(request.Conn(), conn)
+}
+
+// relay copies between left and right bidirectionally.
+func relay(leftConn, rightConn net.Conn) {
+	ch := make(chan error)
+
+	go func() {
+		_, err := io.Copy(leftConn, rightConn)
+		ch <- err
+	}()
+
+	io.Copy(rightConn, leftConn)
+	<-ch
 }

tunnel/tunnel.go

@@ -106,7 +106,7 @@ func (t *Tunnel) handleConn(localConn C.ServerAdapter) {
 	switch adapter := localConn.(type) {
 	case *LocalAdapter.HTTPAdapter:
 		t.handleHTTP(adapter, remoConn)
-	case *LocalAdapter.SocksAdapter:
+	case *LocalAdapter.SocketAdapter:
 		t.handleSOCKS(adapter, remoConn)
 	}
 }