Add other parts of session init.

Author: masterking32

internal/config/server.go

@@ -18,21 +18,23 @@ import (
 )
 
 type ServerConfig struct {
-	ConfigDir             string   `toml:"-"`
-	ConfigPath            string   `toml:"-"`
-	UDPHost               string   `toml:"UDP_HOST"`
-	UDPPort               int      `toml:"UDP_PORT"`
-	UDPReaders            int      `toml:"UDP_READERS"`
-	SocketBufferSize      int      `toml:"SOCKET_BUFFER_SIZE"`
-	MaxConcurrentRequests int      `toml:"MAX_CONCURRENT_REQUESTS"`
-	DNSRequestWorkers     int      `toml:"DNS_REQUEST_WORKERS"`
-	MaxPacketSize         int      `toml:"MAX_PACKET_SIZE"`
-	DropLogIntervalSecs   float64  `toml:"DROP_LOG_INTERVAL_SECONDS"`
-	Domain                []string `toml:"DOMAIN"`
-	MinVPNLabelLength     int      `toml:"MIN_VPN_LABEL_LENGTH"`
-	DataEncryptionMethod  int      `toml:"DATA_ENCRYPTION_METHOD"`
-	EncryptionKeyFile     string   `toml:"ENCRYPTION_KEY_FILE"`
-	LogLevel              string   `toml:"LOG_LEVEL"`
+	ConfigDir                         string   `toml:"-"`
+	ConfigPath                        string   `toml:"-"`
+	UDPHost                           string   `toml:"UDP_HOST"`
+	UDPPort                           int      `toml:"UDP_PORT"`
+	UDPReaders                        int      `toml:"UDP_READERS"`
+	SocketBufferSize                  int      `toml:"SOCKET_BUFFER_SIZE"`
+	MaxConcurrentRequests             int      `toml:"MAX_CONCURRENT_REQUESTS"`
+	DNSRequestWorkers                 int      `toml:"DNS_REQUEST_WORKERS"`
+	MaxPacketSize                     int      `toml:"MAX_PACKET_SIZE"`
+	DropLogIntervalSecs               float64  `toml:"DROP_LOG_INTERVAL_SECONDS"`
+	Domain                            []string `toml:"DOMAIN"`
+	MinVPNLabelLength                 int      `toml:"MIN_VPN_LABEL_LENGTH"`
+	SupportedUploadCompressionTypes   []int    `toml:"SUPPORTED_UPLOAD_COMPRESSION_TYPES"`
+	SupportedDownloadCompressionTypes []int    `toml:"SUPPORTED_DOWNLOAD_COMPRESSION_TYPES"`
+	DataEncryptionMethod              int      `toml:"DATA_ENCRYPTION_METHOD"`
+	EncryptionKeyFile                 string   `toml:"ENCRYPTION_KEY_FILE"`
+	LogLevel                          string   `toml:"LOG_LEVEL"`
 }
 
 func defaultServerConfig() ServerConfig {
@@ -41,19 +43,21 @@ func defaultServerConfig() ServerConfig {
 	readers := min(max(runtime.NumCPU()/2, 1), 4)
 
 	return ServerConfig{
-		UDPHost:               "0.0.0.0",
-		UDPPort:               53,
-		UDPReaders:            readers,
-		SocketBufferSize:      8 * 1024 * 1024,
-		MaxConcurrentRequests: 4096,
-		DNSRequestWorkers:     workers,
-		MaxPacketSize:         65535,
-		DropLogIntervalSecs:   2.0,
-		Domain:                nil,
-		MinVPNLabelLength:     3,
-		DataEncryptionMethod:  1,
-		EncryptionKeyFile:     "encrypt_key.txt",
-		LogLevel:              "INFO",
+		UDPHost:                           "0.0.0.0",
+		UDPPort:                           53,
+		UDPReaders:                        readers,
+		SocketBufferSize:                  8 * 1024 * 1024,
+		MaxConcurrentRequests:             4096,
+		DNSRequestWorkers:                 workers,
+		MaxPacketSize:                     65535,
+		DropLogIntervalSecs:               2.0,
+		Domain:                            nil,
+		MinVPNLabelLength:                 3,
+		SupportedUploadCompressionTypes:   []int{0, 1, 2, 3},
+		SupportedDownloadCompressionTypes: []int{0, 1, 2, 3},
+		DataEncryptionMethod:              1,
+		EncryptionKeyFile:                 "encrypt_key.txt",
+		LogLevel:                          "INFO",
 	}
 }
 
@@ -110,6 +114,8 @@ func LoadServerConfig(filename string) (ServerConfig, error) {
 	if cfg.MinVPNLabelLength <= 0 {
 		cfg.MinVPNLabelLength = 3
 	}
+	cfg.SupportedUploadCompressionTypes = normalizeCompressionTypeList(cfg.SupportedUploadCompressionTypes)
+	cfg.SupportedDownloadCompressionTypes = normalizeCompressionTypeList(cfg.SupportedDownloadCompressionTypes)
 
 	if cfg.DataEncryptionMethod < 0 || cfg.DataEncryptionMethod > 5 {
 		cfg.DataEncryptionMethod = 1
@@ -143,3 +149,23 @@ func (c ServerConfig) EncryptionKeyPath() string {
 	}
 	return filepath.Join(c.ConfigDir, c.EncryptionKeyFile)
 }
+
+func normalizeCompressionTypeList(values []int) []int {
+	if len(values) == 0 {
+		return []int{0}
+	}
+
+	seen := [4]bool{}
+	out := make([]int, 0, len(values))
+	for _, value := range values {
+		if value < 0 || value > 3 || seen[value] {
+			continue
+		}
+		seen[value] = true
+		out = append(out, value)
+	}
+	if len(out) == 0 {
+		return []int{0}
+	}
+	return out
+}

internal/enums/dns.go

@@ -14,8 +14,6 @@ const (
 	PacketMTUDownRes                      = 0x04
 	PacketSessionInit                     = 0x05
 	PacketSessionAccept                   = 0x06
-	PacketSetMTUReq                       = 0x07
-	PacketSetMTURes                       = 0x08
 	PacketPing                            = 0x09
 	PacketPong                            = 0x0A
 	PacketStreamSyn                       = 0x0B

internal/enums/dns_test.go

@@ -32,8 +32,6 @@ func TestPacketEnumValuesAreUnique(t *testing.T) {
 		PacketMTUDownRes,
 		PacketSessionInit,
 		PacketSessionAccept,
-		PacketSetMTUReq,
-		PacketSetMTURes,
 		PacketPing,
 		PacketPong,
 		PacketStreamSyn,

internal/udpserver/server.go

@@ -35,14 +35,16 @@ const (
 )
 
 type Server struct {
-	cfg             config.ServerConfig
-	log             *logger.Logger
-	codec           *security.Codec
-	domainMatcher   *domainmatcher.Matcher
-	sessions        *sessionStore
-	packetPool      sync.Pool
-	droppedPackets  atomic.Uint64
-	lastDropLogUnix atomic.Int64
+	cfg                     config.ServerConfig
+	log                     *logger.Logger
+	codec                   *security.Codec
+	domainMatcher           *domainmatcher.Matcher
+	sessions                *sessionStore
+	uploadCompressionMask   uint8
+	downloadCompressionMask uint8
+	packetPool              sync.Pool
+	droppedPackets          atomic.Uint64
+	lastDropLogUnix         atomic.Int64
 }
 
 type request struct {
@@ -53,11 +55,13 @@ type request struct {
 
 func New(cfg config.ServerConfig, log *logger.Logger, codec *security.Codec) *Server {
 	return &Server{
-		cfg:           cfg,
-		log:           log,
-		codec:         codec,
-		domainMatcher: domainmatcher.New(cfg.Domain, cfg.MinVPNLabelLength),
-		sessions:      newSessionStore(),
+		cfg:                     cfg,
+		log:                     log,
+		codec:                   codec,
+		domainMatcher:           domainmatcher.New(cfg.Domain, cfg.MinVPNLabelLength),
+		sessions:                newSessionStore(),
+		uploadCompressionMask:   buildCompressionMask(cfg.SupportedUploadCompressionTypes),
+		downloadCompressionMask: buildCompressionMask(cfg.SupportedDownloadCompressionTypes),
 		packetPool: sync.Pool{
 			New: func() any {
 				return make([]byte, cfg.MaxPacketSize)
@@ -273,7 +277,11 @@ func (s *Server) handleSessionInitRequest(questionPacket []byte, decision domain
 	if vpnPacket.SessionID != 0 {
 		return nil
 	}
-	record, _, err := s.sessions.findOrCreate(vpnPacket.Payload)
+	requestedUpload, requestedDownload := compression.SplitPair(vpnPacket.Payload[1])
+	resolvedUpload := resolveCompressionType(requestedUpload, s.uploadCompressionMask)
+	resolvedDownload := resolveCompressionType(requestedDownload, s.downloadCompressionMask)
+
+	record, _, err := s.sessions.findOrCreate(vpnPacket.Payload, resolvedUpload, resolvedDownload)
 	if err != nil || record == nil {
 		return nil
 	}
@@ -295,6 +303,25 @@ func (s *Server) handleSessionInitRequest(questionPacket []byte, decision domain
 	return response
 }
 
+func buildCompressionMask(values []int) uint8 {
+	var mask uint8 = 1 << compression.TypeOff
+	for _, value := range values {
+		if value < compression.TypeOff || value > compression.TypeZLIB {
+			continue
+		}
+		mask |= 1 << uint8(value)
+	}
+	return mask
+}
+
+func resolveCompressionType(requested uint8, allowedMask uint8) uint8 {
+	requested = compression.NormalizeType(requested)
+	if allowedMask&(1<<requested) != 0 {
+		return requested
+	}
+	return compression.TypeOff
+}
+
 func (s *Server) onDrop(addr *net.UDPAddr) {
 	total := s.droppedPackets.Add(1)
 

internal/udpserver/server_test.go

@@ -249,11 +249,41 @@ func TestHandlePacketRejectsMalformedSessionInit(t *testing.T) {
 	}
 }
 
+func TestHandlePacketNegotiatesUnsupportedCompressionToOff(t *testing.T) {
+	codec, err := security.NewCodec(0, "")
+	if err != nil {
+		t.Fatalf("NewCodec returned error: %v", err)
+	}
+
+	srv := New(config.ServerConfig{
+		MaxPacketSize:                     65535,
+		Domain:                            []string{"a.com"},
+		MinVPNLabelLength:                 3,
+		SupportedUploadCompressionTypes:   []int{0, 1},
+		SupportedDownloadCompressionTypes: []int{0},
+	}, nil, codec)
+
+	payload := []byte{1, 0x13, 0x00, 0x96, 0x00, 0xC8, 0x44, 0x33, 0x22, 0x11}
+	query := buildTunnelQueryWithSessionID(t, codec, "a.com", 0, ENUMS.PacketSessionInit, payload)
+	response := srv.handlePacket(query)
+	if len(response) == 0 {
+		t.Fatal("handlePacket should return a session accept response")
+	}
+
+	packet, err := DnsParser.ExtractVPNResponse(response, true)
+	if err != nil {
+		t.Fatalf("ExtractVPNResponse returned error: %v", err)
+	}
+	if got := packet.Payload[2]; got != 0x10 {
+		t.Fatalf("unexpected negotiated compression pair: got=%#x want=%#x", got, 0x10)
+	}
+}
+
 func TestSessionStoreExpiresReuseSignatureWithoutDroppingSession(t *testing.T) {
 	store := newSessionStore()
 	payload := []byte{1, 0x21, 0x00, 0x96, 0x00, 0xC8, 0x44, 0x33, 0x22, 0x11}
 
-	record, reused, err := store.findOrCreate(payload)
+	record, reused, err := store.findOrCreate(payload, 2, 1)
 	if err != nil {
 		t.Fatalf("findOrCreate returned error: %v", err)
 	}

internal/udpserver/session.go

@@ -54,7 +54,7 @@ func newSessionStore() *sessionStore {
 	}
 }
 
-func (s *sessionStore) findOrCreate(payload []byte) (*sessionRecord, bool, error) {
+func (s *sessionStore) findOrCreate(payload []byte, uploadCompressionType uint8, downloadCompressionType uint8) (*sessionRecord, bool, error) {
 	if len(payload) != sessionInitDataSize || !isValidSessionResponseMode(payload[0]) {
 		return nil, false, nil
 	}
@@ -89,7 +89,8 @@ func (s *sessionStore) findOrCreate(payload []byte) (*sessionRecord, bool, error
 		ReuseUntil:   now.Add(sessionInitTTL),
 		Signature:    signature,
 	}
-	record.UploadCompression, record.DownloadCompression = compression.SplitPair(payload[1])
+	record.UploadCompression = compression.NormalizeType(uploadCompressionType)
+	record.DownloadCompression = compression.NormalizeType(downloadCompressionType)
 	record.UploadMTU = clampMTU(binary.BigEndian.Uint16(payload[2:4]))
 	record.DownloadMTU = clampMTU(binary.BigEndian.Uint16(payload[4:6]))
 	copy(record.VerifyCode[:], payload[6:10])

internal/vpnproto/parser.go

@@ -223,8 +223,6 @@ func buildPacketFlags() [256]uint8 {
 		ENUMS.PacketMTUDownReq,
 		ENUMS.PacketSessionInit,
 		ENUMS.PacketSessionAccept,
-		ENUMS.PacketSetMTUReq,
-		ENUMS.PacketSetMTURes,
 		ENUMS.PacketPing,
 		ENUMS.PacketPong,
 		ENUMS.PacketErrorDrop,

server_config.toml.simple

@@ -34,6 +34,11 @@ DROP_LOG_INTERVAL_SECONDS = 2.0
 # Allowed tunnel domains.
 DOMAIN = ["v.domain.com"]
 
+# Compression types allowed by server policy:
+# 0=OFF, 1=ZSTD, 2=LZ4, 3=ZLIB
+SUPPORTED_UPLOAD_COMPRESSION_TYPES = [0, 1, 2, 3]
+SUPPORTED_DOWNLOAD_COMPRESSION_TYPES = [0, 1, 2, 3]
+
 # Encryption method:
 # 0=None, 1=XOR, 2=ChaCha20, 3=AES-128-GCM, 4=AES-192-GCM, 5=AES-256-GCM
 DATA_ENCRYPTION_METHOD = 1