v1.4.1

qwj · web-flow · commit 06d8af0ff590 · 2018-08-08T13:13:13.000+08:00
diff --git a/pproxy/__init__.py b/pproxy/__init__.py
@@ -2,7 +2,7 @@
 from pproxy import proto
 
 __title__ = 'pproxy'
-__version__ = "1.5"
+__version__ = "1.5.1"
 __description__ = "Proxy server that can tunnel among remote servers by regex rules."
 __author__ = "Qian Wenjie"
 __license__ = "MIT License"
@@ -92,11 +92,11 @@ async def check_server_alive(interval, rserver, verbose):
                 reader, writer = await asyncio.wait_for(remote.connect(), timeout=SOCKET_TIMEOUT)
             except Exception as ex:
                 if remote.alive:
-                    verbose(f'{remote.bind}: OFFLINE')
+                    verbose(f'{remote.bind} -> OFFLINE')
                     remote.alive = False
                 continue
             if not remote.alive:
-                verbose(f'{remote.bind}: ONLINE')
+                verbose(f'{remote.bind} -> ONLINE')
                 remote.alive = True
             try:
                 writer.close()
@@ -156,7 +156,7 @@ def main():
     parser.add_argument('-i', dest='listen', default=[], action='append', type=uri_compile, help='proxy server setting uri (default: http+socks://:8080/)')
     parser.add_argument('-r', dest='rserver', default=[], action='append', type=uri_compile, help='remote server setting uri (default: direct)')
     parser.add_argument('-b', dest='block', type=pattern_compile, help='block regex rules')
-    parser.add_argument('-a', dest='alive', default=0, type=int, help='interval to check remote alive (default: no check)')
+    parser.add_argument('-a', dest='alived', default=0, type=int, help='interval to check remote alive (default: no check)')
     parser.add_argument('-v', dest='v', action='store_true', help='print verbose output')
     parser.add_argument('--ssl', dest='sslfile', help='certfile[,keyfile] if server listen in ssl mode')
     parser.add_argument('--pac', dest='pac', help='http PAC path')
@@ -193,15 +193,15 @@ def main():
     servers = []
     for option in args.listen:
         print('Serving on', option.bind, 'by', ",".join(i.name for i in option.protos) + ('(SSL)' if option.sslclient else ''), '({}{})'.format(option.cipher.name, ' '+','.join(i.name() for i in option.cipher.plugins) if option.cipher and option.cipher.plugins else '') if option.cipher else '')
-        handler = functools.partial(functools.partial(proxy_handler, **vars(args)), **vars(option))
+        handler = functools.partial(proxy_handler, **vars(args), **vars(option))
         try:
             server = loop.run_until_complete(option.server(handler))
             servers.append(server)
         except Exception as ex:
             print('Start server failed.\n\t==>', ex)
     if servers:
-        if args.alive > 0 and args.rserver:
-            asyncio.ensure_future(check_server_alive(args.alive, args.rserver, args.verbose if args.v else DUMMY))
+        if args.alived > 0 and args.rserver:
+            asyncio.ensure_future(check_server_alive(args.alived, args.rserver, args.verbose if args.v else DUMMY))
         try:
             loop.run_forever()
         except KeyboardInterrupt:
diff --git a/pproxy/cipher.py b/pproxy/cipher.py
@@ -28,6 +28,7 @@ def name(cls):
         return cls.__name__.replace('_Cipher', '').replace('_', '-').lower()
 
 class AEADCipher(BaseCipher):
+    PACKET_LIMIT = 16*1024-1
     def setup_iv(self, iv=None):
         self.iv = os.urandom(self.IV_LENGTH) if iv is None else iv
         randkey = hmac.new(self.iv, self.key, hashlib.sha1).digest()
@@ -50,24 +51,27 @@ def nonce(self):
     def decrypt(self, s):
         self._buffer.extend(s)
         ret = bytearray()
-        while 1:
-            if self._declen is None:
-                if len(self._buffer) < 2+self.TAG_LENGTH:
-                    break
-                self._declen = int.from_bytes(self.decrypt_and_verify(self._buffer[:2], self._buffer[2:2+self.TAG_LENGTH]), 'big')
-                assert self._declen <= 16*1024-1
-                del self._buffer[:2+self.TAG_LENGTH]
-            else:
-                if len(self._buffer) < self._declen+self.TAG_LENGTH:
-                    break
-                ret.extend(self.decrypt_and_verify(self._buffer[:self._declen], self._buffer[self._declen:self._declen+self.TAG_LENGTH]))
-                del self._buffer[:self._declen+self.TAG_LENGTH]
-                self._declen = None
+        try:
+            while 1:
+                if self._declen is None:
+                    if len(self._buffer) < 2+self.TAG_LENGTH:
+                        break
+                    self._declen = int.from_bytes(self.decrypt_and_verify(self._buffer[:2], self._buffer[2:2+self.TAG_LENGTH]), 'big')
+                    assert self._declen <= self.PACKET_LIMIT
+                    del self._buffer[:2+self.TAG_LENGTH]
+                else:
+                    if len(self._buffer) < self._declen+self.TAG_LENGTH:
+                        break
+                    ret.extend(self.decrypt_and_verify(self._buffer[:self._declen], self._buffer[self._declen:self._declen+self.TAG_LENGTH]))
+                    del self._buffer[:self._declen+self.TAG_LENGTH]
+                    self._declen = None
+        except Exception:
+            return bytes([0])
         return bytes(ret)
     def encrypt(self, s):
         ret = bytearray()
-        for i in range(0, len(s), 16*1024-1):
-            buf = s[i:i+16*1024-1]
+        for i in range(0, len(s), self.PACKET_LIMIT):
+            buf = s[i:i+self.PACKET_LIMIT]
             len_chunk, len_tag = self.encrypt_and_digest(len(buf).to_bytes(2, 'big'))
             body_chunk, body_tag = self.encrypt_and_digest(buf)
             ret.extend(len_chunk+len_tag+body_chunk+body_tag)
diff --git a/pproxy/cipherpy.py b/pproxy/cipherpy.py
@@ -264,7 +264,7 @@ def encrypt(self, data):
 
 for method in (CFBCipher, CFB8Cipher, CFB1Cipher, CTRCipher, OFBCipher, GCMCipher):
     for key in (32, 24, 16):
-        name = 'AES_{}_{}_Cipher'.format(key*8, method.__name__[:-6])
+        name = f'AES_{key*8}_{method.__name__[:-6]}_Cipher'
         globals()[name] = type(name, (method,), dict(KEY_LENGTH=key, IV_LENGTH=key if method is GCMCipher else 16, CIPHER=AES))
 
 class Blowfish(RAW):
@@ -361,8 +361,7 @@ class SEED(RAW):
     S1 = base64.b64decode(b'OOgtps/es7ivYFXHRG9rW8NiM7UpoOKn05ERBhy8NkvviGyoF8QW9MJF4dY/PY6YKE72PqX5Dd/YK2Z6Jy/xckLUQcBzZ6yL962AH8osqjTSC+7pXZQY+FeuCMUTzYa5/33BMfWKarHRINcCIgRocQfbnZlhvuZZ3VGQ3Jqjq9CBD0ca4+yNv5Z7XKKhYyNNyJ6cOgwuum6fWvKS80l4zBX7cHV/NRADZG3GdNW06gl2Gf5AEuC9BfoB8CpeqVZDhRSJm7DlSHmX/B6CIYwbX3dUsh0lTwBG7VhS637ayf0wlWU8tuS7fA5QOSYyhGmTN+ckpMtTCofZTIOPzjtKtw==')
     G = lambda self, x, M=b'\xfc\xf3\xcf\x3f': sum((self.S0[x&0xff]&M[i]^self.S1[x>>8&0xff]&M[i+1&3]^self.S0[x>>16&0xff]&M[i+2&3]^self.S1[x>>24&0xff]&M[i+3&3])<<i*8 for i in range(4))
     def __init__(self, key):
-        self.e = []
-        key0, key1 = struct.unpack('>QQ', key)
+        self.e, key0, key1 = [], *struct.unpack('>QQ', key)
         for i, kc in enumerate((0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc, 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf, 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1, 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b)):
             self.e.append((self.G((key0>>32)+(key1>>32)-kc), self.G(key0-key1+kc)))
             key0, key1 = (key0, (key1<<8|key1>>56)&(1<<64)-1) if i&1 else ((key0<<56|key0>>8)&(1<<64)-1, key1)
diff --git a/pproxy/proto.py b/pproxy/proto.py
@@ -61,7 +61,7 @@ def patch_ota_reader(self, cipher, reader):
         async def patched_read():
             nonlocal chunk_id
             try:
-                data_len = int.from_bytes((await reader.readexactly(2)), 'big')
+                data_len = int.from_bytes(await reader.readexactly(2), 'big')
             except Exception:
                 return None
             checksum_client = await reader.readexactly(10)
@@ -92,7 +92,7 @@ async def parse(self, header, reader, auth, authtable, reader_cipher, **kw):
         assert ota or not reader_cipher or not reader_cipher.ota, 'SS client must support OTA'
         if ota and reader_cipher:
             checksum = hmac.new(reader_cipher.iv+reader_cipher.key, header+data, hashlib.sha1).digest()
-            assert checksum[:10] == (await reader.read_n(10)), 'Unknown OTA checksum'
+            assert checksum[:10] == await reader.read_n(10), 'Unknown OTA checksum'
             self.patch_ota_reader(reader_cipher, reader)
         return host_name, port, b''
     async def connect(self, reader_remote, writer_remote, rauth, host_name, port, initbuf, writer_cipher_r, **kw):
@@ -140,7 +140,7 @@ class HTTP(BaseProtocol):
     def correct_header(self, header, **kw):
         return header and header.isalpha()
     async def parse(self, header, reader, writer, auth, authtable, httpget, **kw):
-        lines = header + (await reader.read_until(b'\r\n\r\n'))
+        lines = header + await reader.read_until(b'\r\n\r\n')
         headers = lines[:-4].decode().split('\r\n')
         method, path, ver = HTTP_LINE.match(headers.pop(0)).groups()
         lines = '\r\n'.join(i for i in headers if not i.startswith('Proxy-'))
