socks5 icon indicating copy to clipboard operation
socks5 copied to clipboard
verified publisher icon txthinking

Send UDP ASSOCIATE command, DST.ADDR and DST.PORT should use zeros.

Open Laitr0n opened this issue 2 years ago • 2 comments

Describe actual behavior

When request the udp association command, the dst.addr and dst.port is set the destination address and the destination port.

What is your expected behavior

If the client is not in possesion of the information at the time of the UDP ASSOCIATE, the client MUST use a port number and address of all zeros. Come from the describe of UDP ASSOCIATE in rfc-1928

Specifications like the version of the project, operating system, or hardware

Steps to reproduce the problem

package main

import (
	"fmt"

	"github.com/txthinking/socks5"
)

func main() {
	server := "xxx"
	username := "xxx"
	password := "xxx"
	tcpTimeout := 10
	udpTimeout := 60

	client, err := socks5.NewClient(server, username, password, tcpTimeout, udpTimeout)
	if err != nil {
		return
	}

	network := "udp"
	addr := "xxx"
	conn, _ := client.Dial(network, addr)
	_, err = conn.Write([]byte("hello"))
	if err != nil {
		return
	}
	udpResp := make([]byte, 1024)

	_, err = conn.Read(udpResp)
	if err != nil {
		fmt.Println("Error receiving UDP data:", err)
		return
	}
	fmt.Println(udpResp)
}

Laitr0n avatar Mar 04 '23 17:03 Laitr0n

Section 7:

The UDP relay server *MUST* acquire from the SOCKS server the expected IP address of the client that will send datagrams to the BND.PORT given in the reply to UDP ASSOCIATE. It *MUST* drop any datagrams arriving from any source IP address other than the one recorded for the particular association. (C)

Section 6: The server *MAY* use this information to limit access to the association(B)

Section 6: If the client *is not* in possesion of the information at the time of the UDP ASSOCIATE, the client MUST use a port number and address of all zeros. (A)

Actually, ABC are a bit contradictory. Yes, we can ignore B because it is MAY, but can't ignore C with MUST.

Back to discuss A:

  • E: If there is NAT in the network between the client and the server, then it is is not
  • F: If there is no NAT in the network between the client and the server, then it is is
    • prepare the address, C will not be controversial.

We only need to add a variable to the client for caller to decide whether it is under NAT, and then whether to prepare the address that expects to use to send UDP. such as:

type Client struct{
    NoNAT bool
}
  • if (!NoNAT) then E;
  • if (NoNAT) then F;

txthinking avatar Mar 05 '23 03:03 txthinking

SGTM. Our usage is the case F, So ignore the E.

Laitr0n avatar Mar 05 '23 05:03 Laitr0n