can't connect by xchacha20-ietf-poly1305

[sophauer]

server end : ShadowsSocksR (Python 3.8) from https://github.com/Anankke/shadowsocks-mod with same port ,passwd and using xchacha20-ietf-poly1305 as encryption scheme

client end: windows ss @https://github.com/shadowsocks/shadowsocks-windows >>work fine IOS shadowrocket >> work fine Linux shadowsocks-libev >> work fine

shadowsocks-android ,ver 5.2.3 >> not work,connection drop Android Device: Amazon FireTV Lite OS version: Fire OS 7.2.3.4(Android Kernel 9)

downgrade to ver v5.1.2. this issue was gone.no problem at all

[zonyitoo]

Assign @LuoZijun .

[zonyitoo]

shadowsocks-android ,ver 5.2.3 >> not work,connection drop

Is it 100% reproduciable? It doesn't show in our unit tests. Could you provide a reproduce method for us?

[zonyitoo]

I have done some unit tests

Environment

• macOS 11.4
• rustc 1.54.0-nightly (40d230204 2021-05-20)

Reproduce Steps

iperf -> sslocal (tunnel) -> ss-server -> iperf

Test script:

#!/bin/bash

set -x

key=""

trap 'exit 1' 2

for _ in {1..1024}; do
    key="1$key"

    iperf -s &
    ss-server -s 127.0.0.1 -p 8388 -m 'xchacha20-ietf-poly1305' -k "$key" &
    sslocal -b 127.0.0.1:3128 -m 'xchacha20-ietf-poly1305' -s 127.0.0.1:8388 --protocol tunnel --forward-addr 127.0.0.1:5001 -k "$key" &
    sleep 2
    iperf -c 127.0.0.1 -p 3128
    if [[ "$?" != "0" ]]; then
        exit $?
    fi

    kill $(jobs -p)

    jobs

    sleep 1
done

I have tried several keys, from 1, 11, 111, ... 1024 bytes of keys, and I couldn't find any failure.

Expecting more detail @sophauer

[sophauer]

shadowsocks-android ,ver 5.2.3 >> not work,connection drop

Is it 100% reproduciable? It doesn't show in our unit tests. Could you provide a reproduce method for us?

cuz i didn't have another android device,there's no way i can reproduce..sorry

[zonyitoo]

Just run the latest release of shadowsocks-android and see if the problem still exists?

[sophauer]

Just run the latest release of shadowsocks-android and see if the problem still exists?

shadowsocks-android ,ver 5.2.3 >> not work,connection drop 5.2.3 is the latest release of shadowsocks-android

[zonyitoo]

Please make one more test, download shadowsocks-rust and run on your server. Use shadowsocks-android 5.2.3 and run it again and see if the problem still exists.

This is a test for validating whether there are compatibility issues in the rust implementation.

If the problem still exists, then it should not related to the underlying shadowsocks-rust sslocal service.

[sophauer]

server end : shadowsocks-rustreleasesv1.11.0 /centos 7

client end 1.shadowsocks-android ,ver 5.2.3 >> worked 2.IOS shadowrocket >> work fine 3.Linux shadowsocks-libev >> work fine

Android Device: Amazon FireTV Lite OS version: Fire OS 7.2.3.4(Android Kernel 9)

[zonyitoo]

Interesting. So there is a compatible issue between shadowsocks-rust and your original server. What exactly implementation you were using when the problem still exists?

[sophauer]

Interesting. So there is a compatible issue between shadowsocks-rust and your original server. What exactly implementation you were using when the problem still exists?

ShadowsSocksR (Python 3.8) from https://github.com/Anankke/shadowsocks-mod it's no problem with all implementation i knew so far but shadowsocks-android ver 5.2.3 downgraded to ver v5.1.2. this issue was gone.no problem at all i think the problem is the back end of shadowsocks-android.cuz 5.1.2 was based on shadowsocks-libev

[zonyitoo]

How to run shadowsocks-mod in standalone mode? I just want to test it locally.

[LuoZijun]

@sophauer 你尝试过在本地运行 shadowsocks-mod-server 和 ss-rust-client 吗？如果依然出现问题，你可以提供一些你是 如何 运行 shadowsocks-mod-server 和 ss-rust-client 的信息，这样可以方便我们测试。

[sophauer]

@sophauer 你尝试过在本地运行 shadowsocks-mod-server 和 ss-rust-client 吗？如果依然出现问题，你可以提供一些你是 如何 运行 shadowsocks-mod-server 和 ss-rust-client 的信息，这样可以方便我们测试。

没办法作这件事,抱歉,我downgrade版本就好了,暂时没发现问题,我还是认为是rust的问题,ss-libev做backend的都好好的

[zonyitoo]

But ss-rust with ss-libev works fine together. So there must be something special in shadowsocks-mod-server.

I can't debug if I can't reproduce it locally.

• Client (Rust) -> Server (libev) OK
• Client (libev) -> Server (Rust) OK
• Client (Rust) -> Server (Rust) OK

There must be a compatible issue with shadowsocks-mod-server.

[LuoZijun]

@sophauer 没问题，那就关闭这个 issue 吧。

[zonyitoo]

I was trying to run shadowsocks-mod locally and nearly success.

[zonyitoo]

I tested with the laster master of shadowsocks-mod and run it with this config:

{
    "server": "127.0.0.1",
    "server_port": 8388,
    "method": "xchacha20-ietf-poly1305",
    "password": "1",
    "obfs": "plain",
    "protocol": "origin",
    "detect_hex_list": [],
    "detect_text_list": [],
    "is_multi_user": 0,
    "out_bind": "MY_LOCAL_IP"
}

And then run it with

python shadowsocks-mod/shadowsocks/server.py -c config.json -vv

Run shadowsocks-rust's sslocal with the following command:

sslocal -b '127.0.0.1:1080' -m 'xchacha20-ietf-poly1305' -k '1' -s '127.0.0.1:8388' -vvv

And then test with curl:

curl 'https://www.baidu.com' -v --socks5-hostname 127.0.0.1:1080

curl -> sslocal (RUST) -> server.py (shadowsocks-mod) -> baidu.com

Everything works correctly.

shadowsocks-mod's LOG:

loaded collections.OrderedDict
IPv6 not support
INFO: loading config from config.json
2021-06-07 21:39:40 WARNING  shell.py:140 warning: server set to listen on 127.0.0.1:8388, are you sure?
2021-06-07 21:39:40 INFO     util.py:47 loading libsodium from /usr/local/lib/libsodium.dylib
2021-06-07 21:39:40 INFO     shell.py:75 ShadowsocksR 2021.5 for SSPanel-UIM by M1Screw
2021-06-07 21:39:40 INFO     asyncdns.py:323 dns server: [('192.168.2.1', 53)]
2021-06-07 21:39:40 INFO     server.py:102 server start with protocol[origin] password [b'1'] method [xchacha20-ietf-poly1305] obfs [plain] obfs_param []
2021-06-07 21:39:40 INFO     server.py:150 starting server at 127.0.0.1:8388
2021-06-07 21:39:40 DEBUG    eventloop.py:162 using event model: kqueue
2021-06-07 21:39:44 VERBOSE  tcprelay.py:1859 fd 4 POLL_IN
2021-06-07 21:39:44 DEBUG    tcprelay.py:1868 accept
2021-06-07 21:39:44 DEBUG    tcprelay.py:272 TCP MSS = 1460
2021-06-07 21:39:44 DEBUG    tcprelay.py:1735 server port  8388 connections = 1
2021-06-07 21:39:44 DEBUG    tcprelay.py:1778 port 8388 addr 127.0.0.1 connections 1
2021-06-07 21:39:44 DEBUG    tcprelay.py:1762 port 8388 connections 1
2021-06-07 21:39:44 DEBUG    tcprelay.py:1791 Total connections 1
2021-06-07 21:39:44 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:44 DEBUG    tcprelay.py:732 TCP connecting www.baidu.com:443 from 127.0.0.1:50978 via port 8388
2021-06-07 21:39:44 DEBUG    tcprelay.py:745 TCP connecting www.baidu.com:443 from 127.0.0.1:50978 via port 8388,hex data : b'030d7777772e62616964752e636f6d01bb1603010200010001fc03031ce0d790ebf34174723c79a8f0442d75cef53c603325283a71ec8ac7ccb4f23e203124e53f43002e2371323a1d9f38819d0e128e77df569ca8a418d169ca8a25fb003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100017500000012001000000d7777772e62616964752e636f6d000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602002b0009080304030303020301002d00020101003300260024001d002091415ac5dcc84f79960734f01bc6827cb6d8a8dd08e57928bf9862e4eb904150001500b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
2021-06-07 21:39:44 DEBUG    asyncdns.py:448 resolving b'www.baidu.com' with type 1 using server ('192.168.2.1', 53)
2021-06-07 21:39:45 DEBUG    tcprelay.py:868 bind b'192.168.2.157'
2021-06-07 21:39:45 DEBUG    tcprelay.py:1016 TCP connecting www.baidu.com(14.215.177.38):443 from 192.168.2.157:50979 by user 0
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_OUT
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:45 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:45 DEBUG    tcprelay.py:1507 destroy: www.baidu.com:443
2021-06-07 21:39:45 DEBUG    tcprelay.py:1512 destroying remote
2021-06-07 21:39:45 DEBUG    tcprelay.py:1538 destroying local
2021-06-07 21:39:45 DEBUG    tcprelay.py:1735 server port  8388 connections = 0
2021-06-07 21:39:45 DEBUG    tcprelay.py:1778 port 8388 addr 127.0.0.1 connections 0
2021-06-07 21:39:45 DEBUG    tcprelay.py:1762 port 8388 connections 0
2021-06-07 21:39:45 DEBUG    tcprelay.py:1791 Total connections 0
2021-06-07 21:39:47 VERBOSE  tcprelay.py:1826 sweeping timeouts
2021-06-07 21:39:49 VERBOSE  tcprelay.py:1826 sweeping timeouts
2021-06-07 21:39:51 VERBOSE  tcprelay.py:1826 sweeping timeouts
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1826 sweeping timeouts
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 4 POLL_IN
2021-06-07 21:39:53 DEBUG    tcprelay.py:1868 accept
2021-06-07 21:39:53 DEBUG    tcprelay.py:272 TCP MSS = 1460
2021-06-07 21:39:53 DEBUG    tcprelay.py:1735 server port  8388 connections = 1
2021-06-07 21:39:53 DEBUG    tcprelay.py:1778 port 8388 addr 127.0.0.1 connections 1
2021-06-07 21:39:53 DEBUG    tcprelay.py:1762 port 8388 connections 1
2021-06-07 21:39:53 DEBUG    tcprelay.py:1791 Total connections 1
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:53 DEBUG    tcprelay.py:732 TCP connecting www.baidu.com:443 from 127.0.0.1:50985 via port 8388
2021-06-07 21:39:53 DEBUG    tcprelay.py:745 TCP connecting www.baidu.com:443 from 127.0.0.1:50985 via port 8388,hex data : b'030d7777772e62616964752e636f6d01bb1603010200010001fc0303751eaac4d7e9246cfcdd9153a9ab8e05b8caa36fdc789f47c28b01262e15f23f20af37552c3bacbd1e1a10a986087e24c1f59e7d2231d5e61f5cb19aef5b537112003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100017500000012001000000d7777772e62616964752e636f6d000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602002b0009080304030303020301002d00020101003300260024001d0020be4064f8de8960075c366c6b229ef1648c8c898ab5d862dbe2d6a78e32d1e855001500b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
2021-06-07 21:39:53 DEBUG    asyncdns.py:464 hit cache: b'www.baidu.com'
2021-06-07 21:39:53 DEBUG    tcprelay.py:868 bind b'MY_LOCAL_IP'
2021-06-07 21:39:53 DEBUG    tcprelay.py:1016 TCP connecting www.baidu.com(14.215.177.38):443 from 192.168.2.157:50986 by user 0
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_OUT
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:53 VERBOSE  tcprelay.py:1859 fd 9 POLL_IN
2021-06-07 21:39:54 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:54 VERBOSE  tcprelay.py:1859 fd 8 POLL_IN
2021-06-07 21:39:54 DEBUG    tcprelay.py:1507 destroy: www.baidu.com:443
2021-06-07 21:39:54 DEBUG    tcprelay.py:1512 destroying remote
2021-06-07 21:39:54 DEBUG    tcprelay.py:1538 destroying local

And shadowsocks-rust's LOG:

2021-06-07T21:39:51.857348+08:00 INFO  [14734:4680805888] [sslocal] shadowsocks 1.11.1
2021-06-07T21:39:51.859555+08:00 TRACE [14734:4680805888] [shadowsocks_service::local] Config { server: [ServerConfig { addr: SocketAddr(127.0.0.1:8388), password: "1", method: XCHACHA20_POLY1305, enc_key: [196, 202, 66, 56, 160, 185, 35, 130, 13, 204, 80, 154, 111, 117, 132, 155, 121, 118, 199, 22, 20, 21, 200, 48, 129, 109, 212, 6, 138, 29, 154, 82], timeout: None, plugin: None, plugin_addr: None, remarks: None, id: None, mode: TcpOnly, weight: ServerWeight { tcp_weight: 1.0, udp_weight: 1.0 } }], local_addr: None, local: [LocalConfig { addr: SocketAddr(127.0.0.1:1080), protocol: Socks, mode: TcpOnly, udp_addr: None, forward_addr: None }], dns: System, ipv6_first: false, no_delay: false, fast_open: false, keep_alive: None, nofile: None, outbound_bind_interface: None, inbound_send_buffer_size: None, inbound_recv_buffer_size: None, outbound_send_buffer_size: None, outbound_recv_buffer_size: None, manager: None, config_type: Local, udp_timeout: None, udp_max_associations: None, acl: None }
2021-06-07T21:39:51.862331+08:00 TRACE [14734:4680805888] [shadowsocks::dns_resolver::trust_dns_resolver] initializing DNS resolver with system-config ResolverConfig { domain: None, search: [Name { is_fqdn: false, label_data: [116, 101, 110, 99, 101, 110, 116, 99, 111, 109], label_ends: [7, 10] }], name_servers: NameServerConfigGroup([NameServerConfig { socket_addr: 192.168.2.1:53, protocol: Udp, tls_dns_name: None, trust_nx_responses: false }, NameServerConfig { socket_addr: 192.168.2.1:53, protocol: Tcp, tls_dns_name: None, trust_nx_responses: false }, NameServerConfig { socket_addr: [fdd1:19f2:c1ab::1]:53, protocol: Udp, tls_dns_name: None, trust_nx_responses: false }, NameServerConfig { socket_addr: [fdd1:19f2:c1ab::1]:53, protocol: Tcp, tls_dns_name: None, trust_nx_responses: false }]) } opts ResolverOpts { ndots: 1, timeout: 5s, attempts: 2, rotate: false, check_names: true, edns0: false, validate: false, ip_strategy: Ipv4thenIpv6, cache_size: 32, use_hosts_file: true, positive_min_ttl: None, negative_min_ttl: None, positive_max_ttl: None, negative_max_ttl: None, num_concurrent_reqs: 2, preserve_intermediates: false }
2021-06-07T21:39:51.863848+08:00 INFO  [14734:4680805888] [shadowsocks_service::local::socks::server] shadowsocks socks TCP listening on 127.0.0.1:1080
2021-06-07T21:39:53.931248+08:00 TRACE [14734:123145514942464] [shadowsocks_service::local::socks::server::socks5::tcprelay] socks5 HandshakeRequest { methods: [0, 1] }
2021-06-07T21:39:53.931646+08:00 TRACE [14734:123145514942464] [shadowsocks_service::local::socks::server::socks5::tcprelay] reply handshake HandshakeResponse { chosen_method: 0 }
2021-06-07T21:39:53.932134+08:00 TRACE [14734:123145491738624] [shadowsocks_service::local::socks::server::socks5::tcprelay] socks5 TcpRequestHeader { command: TcpConnect, address: www.baidu.com:443 }
2021-06-07T21:39:53.932172+08:00 DEBUG [14734:123145491738624] [shadowsocks_service::local::socks::server::socks5::tcprelay] CONNECT www.baidu.com:443
2021-06-07T21:39:53.932373+08:00 TRACE [14734:123145508614144] [shadowsocks::relay::tcprelay::proxy_stream::client] connected tcp remote 127.0.0.1:8388 (outbound: 127.0.0.1:8388) with ConnectOpts { bind_local_addr: None, bind_interface: None, tcp: TcpSocketOpts { send_buffer_size: None, recv_buffer_size: None, nodelay: false, fastopen: false, keepalive: Some(15s) } }
2021-06-07T21:39:53.932474+08:00 TRACE [14734:123145508614144] [shadowsocks::relay::tcprelay::crypto_io] generated AEAD cipher salt b"\xce\x80]\xe6D\xbb\xe9\xbeB\xad]x\xf0\xa5\x0c\x9b \x91\xd2\x99hD\x81S\xe3\xb2\xa5\xa0\x90O\xb7\xbf"
2021-06-07T21:39:53.932616+08:00 TRACE [14734:123145508614144] [shadowsocks_service::local::socks::server::socks5::tcprelay] sent header: TcpResponseHeader { reply: Succeeded, address: 127.0.0.1:50985 }
2021-06-07T21:39:53.932666+08:00 DEBUG [14734:123145508614144] [shadowsocks_service::local::utils] established tcp tunnel 127.0.0.1:50984 <-> www.baidu.com:443 through sever 127.0.0.1:8388 (outbound: 127.0.0.1:8388)
2021-06-07T21:39:53.974500+08:00 TRACE [14734:123145508614144] [shadowsocks::relay::tcprelay::aead] got AEAD salt b"\xa2/s\x8d6,\xe1A\x99\x1dHW\x04\xb7\xa7\x05r^\x16$\xf8r\xd3\xca\xb2\x0fF\x924\x8f\xe2D"
2021-06-07T21:39:54.003694+08:00 TRACE [14734:123145508614144] [shadowsocks_service::local::utils] tcp tunnel 127.0.0.1:50984 <-> www.baidu.com:443 (proxied) closed, L2R 263 bytes, R2L 7132 bytes

I cannot reproduce with the underlying shadowsocks-rust and shadowsocks-mod.

It works perfectly.