shadowsocks-rust
shadowsocks-rust copied to clipboard
Published
20 hours ago •
shadowsocks
shadowsocks
shadowsocks-rust cannot communicate with python or libev versions
When using table encrypt method, a handshake with shadowsock (python) or shadowsocks-libev will fail, whether shadowsocks-rust is a server or a client, but the python version communicates with libev version normally. This problem is observable under both x86_64 and aarch64, and shadowsocks-rust enables stream-cipher feature, compiled using cargo 1.62.0. Below are the results of my test.
Server mode in landscape and client mode in portrait orientation (they are symmetrical)
| shadowsocks-rust (1.15.0-alpha.5) | shadowsocks (latest) | shadowsocks (2.6.2) | shadowsocks-libev (2.6.3) | |
|---|---|---|---|---|
| shadowsocks-rust (1.15.0-alpha.5) | YES | NO | NO | NO |
| shadowsocks (latest) | NO | YES | YES | YES |
| shadowsocks (2.6.2) | NO | YES | YES | YES |
| shadowsocks-libev (2.6.3) | NO | YES | YES | YES |
As the table shows, the rust version can only communicate with itself, and other versions can shake hands normally, but none of them can connect with the rust version. But other encryption methods do not exist this problem, such as rc4-md5, aes-128-ctr, etc., all versions including rust connections are available.
shadowsocks-rust as server and shadowsocks as client
We start a shadowsocks-rust server locally, use shadowsocks as a client connection and expose the socks5 port, and then use curl to test it.
shell> ss-rust-server -v -s 127.0.0.1:12345 -k dnomd343 -m table
2022-07-06T02:55:07.041733600+00:00 INFO [16168:139956110697200] [shadowsocks_rust::service::server] shadowsocks server 1.15.0-alpha.5 build 2022-07-04T14:13:56.247059100+00:00
2022-07-06T02:55:07.092846900+00:00 WARN [16168:139956110697200] [shadowsocks_service::server] stream cipher table for server 127.0.0.1:12345 have inherent weaknesses (see discussion in https://github.com/shadowsocks/shadowsocks-org/issues/36). DO NOT USE. It will be removed in the future.
2022-07-06T02:55:07.114177900+00:00 INFO [16168:139956110697200] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 127.0.0.1:12345, inbound address 127.0.0.1:12345
2022-07-06T02:55:16.283500+00:00 WARN [16168:139956091091744] [shadowsocks_service::server::tcprelay] handshake failed, maybe wrong method or key, or under replay attacks. peer: 127.0.0.1:39696, error: address type 0xb8 not supported
shell> ss-python-local -vv -s 127.0.0.1 -p 12345 -l 1080 -k dnomd343 -m table
2022-07-06 02:55:14 WARNING warning: server set to listen on 127.0.0.1:12345, are you sure?
2022-07-06 02:55:14 WARNING warning: table is not safe; please use a safer cipher, like AES-256-CFB
2022-07-06 02:55:14 INFO starting local at 127.0.0.1:1080
2022-07-06 02:55:14 DEBUG using event model: epoll
2022-07-06 02:55:16 VERBOSE fd 3 POLL_IN
2022-07-06 02:55:16 DEBUG accept
2022-07-06 02:55:16 DEBUG chosen server: 127.0.0.1:12345
2022-07-06 02:55:16 VERBOSE fd 7 POLL_IN
2022-07-06 02:55:16 VERBOSE fd 7 POLL_IN
2022-07-06 02:55:16 INFO connecting 220.181.38.148:80 from 127.0.0.1:56646
2022-07-06 02:55:16 VERBOSE fd 7 POLL_IN
2022-07-06 02:55:16 VERBOSE fd 8 POLL_OUT
2022-07-06 02:55:26 VERBOSE sweeping timeouts
2022-07-06 02:55:30 VERBOSE fd 7 POLL_IN
2022-07-06 02:55:30 DEBUG destroy: 220.181.38.148:80
2022-07-06 02:55:30 DEBUG destroying remote
2022-07-06 02:55:30 DEBUG destroying local
shell> curl baidu.com --socks5 127.0.0.1:1080
# no output until the timeout
shadowsocks-rust as client and shadowsocks as server
We start a shadowsocks server locally, use shadowsocks-rust as a client connection and expose the socks5 port, and then use curl to test it.
shell> ss-rust-local -v -s 127.0.0.1:12345 -b 0.0.0.0:1080 -k dnomd343 -m table
2022-07-06T03:03:01.286877300+00:00 INFO [16221:139902263984960] [shadowsocks_rust::service::local] shadowsocks local 1.15.0-alpha.5 build 2022-07-04T14:13:56.247059100+00:00
2022-07-06T03:03:01.290595900+00:00 WARN [16221:139902263984960] [shadowsocks_service::local] stream cipher table for server 127.0.0.1:12345 have inherent weaknesses (see discussion in https://github.com/shadowsocks/shadowsocks-org/issues/36). DO NOT USE. It will be removed in the future.
2022-07-06T03:03:01.291486+00:00 INFO [16221:139902253194016] [shadowsocks_service::local::socks::server] shadowsocks socks TCP listening on 0.0.0.0:1080
2022-07-06T03:03:04.255113100+00:00 DEBUG [16221:139902253194016] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT 220.181.38.148:80
2022-07-06T03:03:04.350905900+00:00 DEBUG [16221:139902253194016] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:56656 <-> 220.181.38.148:80 through sever 127.0.0.1:12345 (outbound: 127.0.0.1:12345)
shell> ss-python-server -vv -s 127.0.0.1 -p 12345 -k dnomd343 -m table
2022-07-06 03:02:56 WARNING warning: server set to listen on 127.0.0.1:12345, are you sure?
2022-07-06 03:02:56 WARNING warning: table is not safe; please use a safer cipher, like AES-256-CFB
2022-07-06 03:02:56 INFO starting server at 127.0.0.1:12345
2022-07-06 03:02:56 DEBUG using event model: epoll
2022-07-06 03:03:04 VERBOSE fd 3 POLL_IN
2022-07-06 03:03:04 DEBUG accept
2022-07-06 03:03:04 VERBOSE fd 7 POLL_IN
2022-07-06 03:03:04 WARNING unsupported addrtype 171, maybe wrong password or encryption method
2022-07-06 03:03:04 ERROR can not parse header
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/ss-python/shadowsocks/shell.py", line 88, in wrapper
func(self, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/ss-python/shadowsocks/tcprelay.py", line 335, in _handle_stage_addr
raise Exception('can not parse header')
Exception: can not parse header
2022-07-06 03:03:04 ERROR can not parse header when handling connection from 127.0.0.1:39706
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/ss-python/shadowsocks/shell.py", line 88, in wrapper
func(self, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/ss-python/shadowsocks/tcprelay.py", line 335, in _handle_stage_addr
raise Exception('can not parse header')
Exception: can not parse header
2022-07-06 03:03:04 DEBUG destroy
2022-07-06 03:03:04 DEBUG destroying local
2022-07-06 03:03:14 VERBOSE sweeping timeouts
shell> curl baidu.com --socks5 127.0.0.1:1080
curl: (52) Empty reply from server
