remove shadowsosks ota (#238)

* remove shadowsosks ota

* remove unused buf.Reader

infra/conf/shadowsocks.go

@@ -39,7 +39,6 @@ type ShadowsocksServerConfig struct {
 	UDP         bool         `json:"udp"`
 	Level       byte         `json:"level"`
 	Email       string       `json:"email"`
-	OTA         *bool        `json:"ota"`
 	NetworkList *NetworkList `json:"network"`
 }
 
@@ -53,14 +52,6 @@ func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {
 	}
 	account := &shadowsocks.Account{
 		Password: v.Password,
-		Ota:      shadowsocks.Account_Auto,
-	}
-	if v.OTA != nil {
-		if *v.OTA {
-			account.Ota = shadowsocks.Account_Enabled
-		} else {
-			account.Ota = shadowsocks.Account_Disabled
-		}
 	}
 	account.CipherType = cipherFromString(v.Cipher)
 	if account.CipherType == shadowsocks.CipherType_UNKNOWN {
@@ -110,10 +101,6 @@ func (v *ShadowsocksClientConfig) Build() (proto.Message, error) {
 		}
 		account := &shadowsocks.Account{
 			Password: server.Password,
-			Ota:      shadowsocks.Account_Enabled,
-		}
-		if !server.Ota {
-			account.Ota = shadowsocks.Account_Disabled
 		}
 		account.CipherType = cipherFromString(server.Cipher)
 		if account.CipherType == shadowsocks.CipherType_UNKNOWN {

proxy/shadowsocks/client.go

@@ -90,16 +90,12 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
 	}
 
 	user := server.PickUser()
-	account, ok := user.Account.(*MemoryAccount)
+	_, ok := user.Account.(*MemoryAccount)
 	if !ok {
 		return newError("user account is not valid")
 	}
 	request.User = user
 
-	if account.OneTimeAuth == Account_Auto || account.OneTimeAuth == Account_Enabled {
-		request.Option |= RequestOptionOneTimeAuth
-	}
-
 	sessionPolicy := c.policyManager.ForLevel(user.Level)
 	ctx, cancel := context.WithCancel(ctx)
 	timer := signal.CancelAfterInactivity(ctx, cancel, sessionPolicy.Timeouts.ConnectionIdle)

proxy/shadowsocks/config.go

@@ -21,7 +21,6 @@ import (
 type MemoryAccount struct {
 	Cipher      Cipher
 	Key         []byte
-	OneTimeAuth Account_OneTimeAuth
 }
 
 // Equals implements protocol.Account.Equals().
@@ -90,7 +89,6 @@ func (a *Account) AsAccount() (protocol.Account, error) {
 	return &MemoryAccount{
 		Cipher:      cipher,
 		Key:         passwordToCipherKey([]byte(a.Password), cipher.KeySize()),
-		OneTimeAuth: a.Ota,
 	}, nil
 }
 

proxy/shadowsocks/config.pb.go

@@ -94,63 +94,13 @@ func (CipherType) EnumDescriptor() ([]byte, []int) {
 	return file_proxy_shadowsocks_config_proto_rawDescGZIP(), []int{0}
 }
 
-type Account_OneTimeAuth int32
-
-const (
-	Account_Auto     Account_OneTimeAuth = 0
-	Account_Disabled Account_OneTimeAuth = 1
-	Account_Enabled  Account_OneTimeAuth = 2
-)
-
-// Enum value maps for Account_OneTimeAuth.
-var (
-	Account_OneTimeAuth_name = map[int32]string{
-		0: "Auto",
-		1: "Disabled",
-		2: "Enabled",
-	}
-	Account_OneTimeAuth_value = map[string]int32{
-		"Auto":     0,
-		"Disabled": 1,
-		"Enabled":  2,
-	}
-)
-
-func (x Account_OneTimeAuth) Enum() *Account_OneTimeAuth {
-	p := new(Account_OneTimeAuth)
-	*p = x
-	return p
-}
-
-func (x Account_OneTimeAuth) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (Account_OneTimeAuth) Descriptor() protoreflect.EnumDescriptor {
-	return file_proxy_shadowsocks_config_proto_enumTypes[1].Descriptor()
-}
-
-func (Account_OneTimeAuth) Type() protoreflect.EnumType {
-	return &file_proxy_shadowsocks_config_proto_enumTypes[1]
-}
-
-func (x Account_OneTimeAuth) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use Account_OneTimeAuth.Descriptor instead.
-func (Account_OneTimeAuth) EnumDescriptor() ([]byte, []int) {
-	return file_proxy_shadowsocks_config_proto_rawDescGZIP(), []int{0, 0}
-}
-
 type Account struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Password   string              `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
-	CipherType CipherType          `protobuf:"varint,2,opt,name=cipher_type,json=cipherType,proto3,enum=v2ray.core.proxy.shadowsocks.CipherType" json:"cipher_type,omitempty"`
-	Ota        Account_OneTimeAuth `protobuf:"varint,3,opt,name=ota,proto3,enum=v2ray.core.proxy.shadowsocks.Account_OneTimeAuth" json:"ota,omitempty"`
+	Password   string     `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"`
+	CipherType CipherType `protobuf:"varint,2,opt,name=cipher_type,json=cipherType,proto3,enum=v2ray.core.proxy.shadowsocks.CipherType" json:"cipher_type,omitempty"`
 }
 
 func (x *Account) Reset() {
@@ -199,13 +149,6 @@ func (x *Account) GetCipherType() CipherType {
 	return CipherType_UNKNOWN
 }
 
-func (x *Account) GetOta() Account_OneTimeAuth {
-	if x != nil {
-		return x.Ota
-	}
-	return Account_Auto
-}
-
 type ServerConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -333,54 +276,47 @@ var file_proxy_shadowsocks_config_proto_rawDesc = []byte{
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x70, 0x65,
-	0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe9, 0x01, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12,
-	0x49, 0x0a, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f,
-	0x63, 0x6b, 0x73, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a,
-	0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x43, 0x0a, 0x03, 0x6f, 0x74,
-	0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e,
-	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f,
-	0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x2e, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x4f,
-	0x6e, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x41, 0x75, 0x74, 0x68, 0x52, 0x03, 0x6f, 0x74, 0x61, 0x22,
-	0x32, 0x0a, 0x0b, 0x4f, 0x6e, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x41, 0x75, 0x74, 0x68, 0x12, 0x08,
-	0x0a, 0x04, 0x41, 0x75, 0x74, 0x6f, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x69, 0x73, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x10, 0x02, 0x22, 0xa3, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x23, 0x0a, 0x0b, 0x75, 0x64, 0x70, 0x5f, 0x65, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x75,
-	0x64, 0x70, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x34, 0x0a, 0x04, 0x75, 0x73, 0x65,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e,
-	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12,
-	0x38, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e,
-	0x32, 0x1e, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
-	0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x22, 0x52, 0x0a, 0x0c, 0x43, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x06, 0x73, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x76, 0x32, 0x72, 0x61,
-	0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x64,
-	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2a, 0x9f, 0x01,
-	0x0a, 0x0a, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07,
-	0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53,
-	0x5f, 0x31, 0x32, 0x38, 0x5f, 0x43, 0x46, 0x42, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45,
-	0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x43, 0x46, 0x42, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x43,
-	0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x48, 0x41,
-	0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x49, 0x45, 0x54, 0x46, 0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b,
-	0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43, 0x4d, 0x10, 0x05, 0x12, 0x0f, 0x0a,
-	0x0b, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x47, 0x43, 0x4d, 0x10, 0x06, 0x12, 0x15,
-	0x0a, 0x11, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31,
-	0x33, 0x30, 0x35, 0x10, 0x07, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x08, 0x42,
-	0x65, 0x0a, 0x20, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f,
-	0x63, 0x6b, 0x73, 0x50, 0x01, 0x5a, 0x20, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x73, 0x68, 0x61, 0x64,
-	0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0xaa, 0x02, 0x1c, 0x56, 0x32, 0x52, 0x61, 0x79, 0x2e,
-	0x43, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f,
-	0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x70, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x49,
+	0x0a, 0x0b, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f, 0x63,
+	0x6b, 0x73, 0x2e, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x63,
+	0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x22, 0xa3, 0x01, 0x0a, 0x0c, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x23, 0x0a, 0x0b, 0x75, 0x64,
+	0x70, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x42,
+	0x02, 0x18, 0x01, 0x52, 0x0a, 0x75, 0x64, 0x70, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12,
+	0x34, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e,
+	0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x55, 0x73, 0x65, 0x72, 0x52,
+	0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63,
+	0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x2e, 0x4e,
+	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x22,
+	0x52, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
+	0x42, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x2a, 0x2e, 0x76, 0x32, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x53, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x2a, 0x9f, 0x01, 0x0a, 0x0a, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x54, 0x79,
+	0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
+	0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x43, 0x46, 0x42, 0x10, 0x01,
+	0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x43, 0x46, 0x42, 0x10,
+	0x02, 0x12, 0x0c, 0x0a, 0x08, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x10, 0x03, 0x12,
+	0x11, 0x0a, 0x0d, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30, 0x5f, 0x49, 0x45, 0x54, 0x46,
+	0x10, 0x04, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x31, 0x32, 0x38, 0x5f, 0x47, 0x43,
+	0x4d, 0x10, 0x05, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x32, 0x35, 0x36, 0x5f, 0x47,
+	0x43, 0x4d, 0x10, 0x06, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x48, 0x41, 0x43, 0x48, 0x41, 0x32, 0x30,
+	0x5f, 0x50, 0x4f, 0x4c, 0x59, 0x31, 0x33, 0x30, 0x35, 0x10, 0x07, 0x12, 0x08, 0x0a, 0x04, 0x4e,
+	0x4f, 0x4e, 0x45, 0x10, 0x08, 0x42, 0x65, 0x0a, 0x20, 0x63, 0x6f, 0x6d, 0x2e, 0x76, 0x32, 0x72,
+	0x61, 0x79, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x73, 0x68,
+	0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x50, 0x01, 0x5a, 0x20, 0x76, 0x32, 0x72,
+	0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x2f, 0x73, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0xaa, 0x02, 0x1c,
+	0x56, 0x32, 0x52, 0x61, 0x79, 0x2e, 0x43, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x73, 0x6f, 0x63, 0x6b, 0x73, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -395,29 +331,27 @@ func file_proxy_shadowsocks_config_proto_rawDescGZIP() []byte {
 	return file_proxy_shadowsocks_config_proto_rawDescData
 }
 
-var file_proxy_shadowsocks_config_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
+var file_proxy_shadowsocks_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
 var file_proxy_shadowsocks_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
 var file_proxy_shadowsocks_config_proto_goTypes = []interface{}{
 	(CipherType)(0),                 // 0: v2ray.core.proxy.shadowsocks.CipherType
-	(Account_OneTimeAuth)(0),        // 1: v2ray.core.proxy.shadowsocks.Account.OneTimeAuth
-	(*Account)(nil),                 // 2: v2ray.core.proxy.shadowsocks.Account
-	(*ServerConfig)(nil),            // 3: v2ray.core.proxy.shadowsocks.ServerConfig
-	(*ClientConfig)(nil),            // 4: v2ray.core.proxy.shadowsocks.ClientConfig
-	(*protocol.User)(nil),           // 5: v2ray.core.common.protocol.User
-	(net.Network)(0),                // 6: v2ray.core.common.net.Network
-	(*protocol.ServerEndpoint)(nil), // 7: v2ray.core.common.protocol.ServerEndpoint
+	(*Account)(nil),                 // 1: v2ray.core.proxy.shadowsocks.Account
+	(*ServerConfig)(nil),            // 2: v2ray.core.proxy.shadowsocks.ServerConfig
+	(*ClientConfig)(nil),            // 3: v2ray.core.proxy.shadowsocks.ClientConfig
+	(*protocol.User)(nil),           // 4: v2ray.core.common.protocol.User
+	(net.Network)(0),                // 5: v2ray.core.common.net.Network
+	(*protocol.ServerEndpoint)(nil), // 6: v2ray.core.common.protocol.ServerEndpoint
 }
 var file_proxy_shadowsocks_config_proto_depIdxs = []int32{
 	0, // 0: v2ray.core.proxy.shadowsocks.Account.cipher_type:type_name -> v2ray.core.proxy.shadowsocks.CipherType
-	1, // 1: v2ray.core.proxy.shadowsocks.Account.ota:type_name -> v2ray.core.proxy.shadowsocks.Account.OneTimeAuth
-	5, // 2: v2ray.core.proxy.shadowsocks.ServerConfig.user:type_name -> v2ray.core.common.protocol.User
-	6, // 3: v2ray.core.proxy.shadowsocks.ServerConfig.network:type_name -> v2ray.core.common.net.Network
-	7, // 4: v2ray.core.proxy.shadowsocks.ClientConfig.server:type_name -> v2ray.core.common.protocol.ServerEndpoint
-	5, // [5:5] is the sub-list for method output_type
-	5, // [5:5] is the sub-list for method input_type
-	5, // [5:5] is the sub-list for extension type_name
-	5, // [5:5] is the sub-list for extension extendee
-	0, // [0:5] is the sub-list for field type_name
+	4, // 1: v2ray.core.proxy.shadowsocks.ServerConfig.user:type_name -> v2ray.core.common.protocol.User
+	5, // 2: v2ray.core.proxy.shadowsocks.ServerConfig.network:type_name -> v2ray.core.common.net.Network
+	6, // 3: v2ray.core.proxy.shadowsocks.ClientConfig.server:type_name -> v2ray.core.common.protocol.ServerEndpoint
+	4, // [4:4] is the sub-list for method output_type
+	4, // [4:4] is the sub-list for method input_type
+	4, // [4:4] is the sub-list for extension type_name
+	4, // [4:4] is the sub-list for extension extendee
+	0, // [0:4] is the sub-list for field type_name
 }
 
 func init() { file_proxy_shadowsocks_config_proto_init() }
@@ -468,7 +402,7 @@ func file_proxy_shadowsocks_config_proto_init() {
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_proxy_shadowsocks_config_proto_rawDesc,
-			NumEnums:      2,
+			NumEnums:      1,
 			NumMessages:   3,
 			NumExtensions: 0,
 			NumServices:   0,

proxy/shadowsocks/config.proto

@@ -11,14 +11,8 @@ import "common/protocol/user.proto";
 import "common/protocol/server_spec.proto";
 
 message Account {
-  enum OneTimeAuth {
-    Auto = 0;
-    Disabled = 1;
-    Enabled = 2;
-  }
   string password = 1;
   CipherType cipher_type = 2;
-  OneTimeAuth ota = 3;
 }
 
 enum CipherType {

proxy/shadowsocks/ota.go

@@ -1,132 +0,0 @@
-// +build !confonly
-
-package shadowsocks
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha1"
-	"encoding/binary"
-	"io"
-
-	"v2ray.com/core/common"
-	"v2ray.com/core/common/buf"
-	"v2ray.com/core/common/bytespool"
-	"v2ray.com/core/common/serial"
-)
-
-const (
-	// AuthSize is the number of extra bytes for Shadowsocks OTA.
-	AuthSize = 10
-)
-
-type KeyGenerator func() []byte
-
-type Authenticator struct {
-	key KeyGenerator
-}
-
-func NewAuthenticator(keygen KeyGenerator) *Authenticator {
-	return &Authenticator{
-		key: keygen,
-	}
-}
-
-func (v *Authenticator) Authenticate(data []byte, dest []byte) {
-	hasher := hmac.New(sha1.New, v.key())
-	common.Must2(hasher.Write(data))
-	res := hasher.Sum(nil)
-	copy(dest, res[:AuthSize])
-}
-
-func HeaderKeyGenerator(key []byte, iv []byte) func() []byte {
-	return func() []byte {
-		newKey := make([]byte, 0, len(key)+len(iv))
-		newKey = append(newKey, iv...)
-		newKey = append(newKey, key...)
-		return newKey
-	}
-}
-
-func ChunkKeyGenerator(iv []byte) func() []byte {
-	chunkID := uint32(0)
-	return func() []byte {
-		newKey := make([]byte, len(iv)+4)
-		copy(newKey, iv)
-		binary.BigEndian.PutUint32(newKey[len(iv):], chunkID)
-		chunkID++
-		return newKey
-	}
-}
-
-type ChunkReader struct {
-	reader io.Reader
-	auth   *Authenticator
-}
-
-func NewChunkReader(reader io.Reader, auth *Authenticator) *ChunkReader {
-	return &ChunkReader{
-		reader: reader,
-		auth:   auth,
-	}
-}
-
-func (v *ChunkReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
-	size, err := serial.ReadUint16(v.reader)
-	if err != nil {
-		return nil, newError("failed to read size").Base(err)
-	}
-	size += AuthSize
-
-	buffer := bytespool.Alloc(int32(size))
-	defer bytespool.Free(buffer)
-
-	if _, err := io.ReadFull(v.reader, buffer[:size]); err != nil {
-		return nil, err
-	}
-
-	authBytes := buffer[:AuthSize]
-	payload := buffer[AuthSize:size]
-
-	actualAuthBytes := make([]byte, AuthSize)
-	v.auth.Authenticate(payload, actualAuthBytes)
-	if !bytes.Equal(authBytes, actualAuthBytes) {
-		return nil, newError("invalid auth")
-	}
-
-	mb := buf.MergeBytes(nil, payload)
-
-	return mb, nil
-}
-
-type ChunkWriter struct {
-	writer io.Writer
-	auth   *Authenticator
-	buffer []byte
-}
-
-func NewChunkWriter(writer io.Writer, auth *Authenticator) *ChunkWriter {
-	return &ChunkWriter{
-		writer: writer,
-		auth:   auth,
-		buffer: make([]byte, 32*1024),
-	}
-}
-
-// WriteMultiBuffer implements buf.Writer.
-func (w *ChunkWriter) WriteMultiBuffer(mb buf.MultiBuffer) error {
-	defer buf.ReleaseMulti(mb)
-
-	for {
-		mb, payloadLen := buf.SplitBytes(mb, w.buffer[2+AuthSize:])
-		binary.BigEndian.PutUint16(w.buffer, uint16(payloadLen))
-		w.auth.Authenticate(w.buffer[2+AuthSize:2+AuthSize+payloadLen], w.buffer[2:])
-		if err := buf.WriteAllBytes(w.writer, w.buffer[:2+AuthSize+payloadLen]); err != nil {
-			return err
-		}
-		if mb.IsEmpty() {
-			break
-		}
-	}
-	return nil
-}

proxy/shadowsocks/ota_test.go

@@ -1,37 +0,0 @@
-package shadowsocks_test
-
-import (
-	"testing"
-
-	"github.com/google/go-cmp/cmp"
-
-	"v2ray.com/core/common"
-	"v2ray.com/core/common/buf"
-	. "v2ray.com/core/proxy/shadowsocks"
-)
-
-func TestNormalChunkReading(t *testing.T) {
-	buffer := buf.New()
-	buffer.Write([]byte{0, 8, 39, 228, 69, 96, 133, 39, 254, 26, 201, 70, 11, 12, 13, 14, 15, 16, 17, 18})
-	reader := NewChunkReader(buffer, NewAuthenticator(ChunkKeyGenerator(
-		[]byte{21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36})))
-	payload, err := reader.ReadMultiBuffer()
-	common.Must(err)
-
-	if diff := cmp.Diff(payload[0].Bytes(), []byte{11, 12, 13, 14, 15, 16, 17, 18}); diff != "" {
-		t.Error(diff)
-	}
-}
-
-func TestNormalChunkWriting(t *testing.T) {
-	buffer := buf.New()
-	writer := NewChunkWriter(buffer, NewAuthenticator(ChunkKeyGenerator(
-		[]byte{21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36})))
-
-	b := buf.New()
-	b.Write([]byte{11, 12, 13, 14, 15, 16, 17, 18})
-	common.Must(writer.WriteMultiBuffer(buf.MultiBuffer{b}))
-	if diff := cmp.Diff(buffer.Bytes(), []byte{0, 8, 39, 228, 69, 96, 133, 39, 254, 26, 201, 70, 11, 12, 13, 14, 15, 16, 17, 18}); diff != "" {
-		t.Error(diff)
-	}
-}

proxy/shadowsocks/protocol.go

@@ -3,7 +3,6 @@
 package shadowsocks
 
 import (
-	"bytes"
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha256"
@@ -14,7 +13,6 @@ import (
 	"v2ray.com/core/common/dice"
 
 	"v2ray.com/core/common"
-	"v2ray.com/core/common/bitmask"
 	"v2ray.com/core/common/buf"
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/common/protocol"
@@ -22,7 +20,6 @@ import (
 
 const (
 	Version                               = 1
-	RequestOptionOneTimeAuth bitmask.Byte = 0x01
 )
 
 var addrParser = protocol.NewAddressParser(
@@ -73,7 +70,6 @@ func ReadTCPSession(user *protocol.MemoryUser, reader io.Reader) (*protocol.Requ
 	}
 	br := &buf.BufferedReader{Reader: r}
 
-	authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
 	request := &protocol.RequestHeader{
 		Version: Version,
 		User:    user,
@@ -93,56 +89,13 @@ func ReadTCPSession(user *protocol.MemoryUser, reader io.Reader) (*protocol.Requ
 	request.Address = addr
 	request.Port = port
 
-	if !account.Cipher.IsAEAD() {
-		if (buffer.Byte(0) & 0x10) == 0x10 {
-			request.Option.Set(RequestOptionOneTimeAuth)
-		}
-
-		if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
-			readSizeRemain -= int(buffer.Len())
-			DrainConnN(reader, readSizeRemain)
-			return nil, nil, newError("rejecting connection with OTA enabled, while server disables OTA")
-		}
-
-		if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
-			readSizeRemain -= int(buffer.Len())
-			DrainConnN(reader, readSizeRemain)
-			return nil, nil, newError("rejecting connection with OTA disabled, while server enables OTA")
-		}
-	}
-
-	if request.Option.Has(RequestOptionOneTimeAuth) {
-		actualAuth := make([]byte, AuthSize)
-		authenticator.Authenticate(buffer.Bytes(), actualAuth)
-
-		_, err := buffer.ReadFullFrom(br, AuthSize)
-		if err != nil {
-			readSizeRemain -= int(buffer.Len())
-			DrainConnN(reader, readSizeRemain)
-			return nil, nil, newError("Failed to read OTA").Base(err)
-		}
-
-		if !bytes.Equal(actualAuth, buffer.BytesFrom(-AuthSize)) {
-			readSizeRemain -= int(buffer.Len())
-			DrainConnN(reader, readSizeRemain)
-			return nil, nil, newError("invalid OTA")
-		}
-	}
-
 	if request.Address == nil {
 		readSizeRemain -= int(buffer.Len())
 		DrainConnN(reader, readSizeRemain)
 		return nil, nil, newError("invalid remote address.")
 	}
 
-	var chunkReader buf.Reader
-	if request.Option.Has(RequestOptionOneTimeAuth) {
-		chunkReader = NewChunkReader(br, NewAuthenticator(ChunkKeyGenerator(iv)))
-	} else {
-		chunkReader = buf.NewReader(br)
-	}
-
-	return request, chunkReader, nil
+	return request, br, nil
 }
 
 func DrainConnN(reader io.Reader, n int) error {
@@ -155,10 +108,6 @@ func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Wri
 	user := request.User
 	account := user.Account.(*MemoryAccount)
 
-	if account.Cipher.IsAEAD() {
-		request.Option.Clear(RequestOptionOneTimeAuth)
-	}
-
 	var iv []byte
 	if account.Cipher.IVSize() > 0 {
 		iv = make([]byte, account.Cipher.IVSize())
@@ -179,27 +128,11 @@ func WriteTCPRequest(request *protocol.RequestHeader, writer io.Writer) (buf.Wri
 		return nil, newError("failed to write address").Base(err)
 	}
 
-	if request.Option.Has(RequestOptionOneTimeAuth) {
-		header.SetByte(0, header.Byte(0)|0x10)
-
-		authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
-		authPayload := header.Bytes()
-		authBuffer := header.Extend(AuthSize)
-		authenticator.Authenticate(authPayload, authBuffer)
-	}
-
 	if err := w.WriteMultiBuffer(buf.MultiBuffer{header}); err != nil {
 		return nil, newError("failed to write header").Base(err)
 	}
 
-	var chunkWriter buf.Writer
-	if request.Option.Has(RequestOptionOneTimeAuth) {
-		chunkWriter = NewChunkWriter(w.(io.Writer), NewAuthenticator(ChunkKeyGenerator(iv)))
-	} else {
-		chunkWriter = w
-	}
-
-	return chunkWriter, nil
+	return w, nil
 }
 
 func ReadTCPResponse(user *protocol.MemoryUser, reader io.Reader) (buf.Reader, error) {
@@ -241,7 +174,6 @@ func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buff
 	if ivLen > 0 {
 		common.Must2(buffer.ReadFullFrom(rand.Reader, ivLen))
 	}
-	iv := buffer.Bytes()
 
 	if err := addrParser.WriteAddressPort(buffer, request.Address, request.Port); err != nil {
 		return nil, newError("failed to write address").Base(err)
@@ -249,14 +181,6 @@ func EncodeUDPPacket(request *protocol.RequestHeader, payload []byte) (*buf.Buff
 
 	buffer.Write(payload)
 
-	if !account.Cipher.IsAEAD() && request.Option.Has(RequestOptionOneTimeAuth) {
-		authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
-		buffer.SetByte(ivLen, buffer.Byte(ivLen)|0x10)
-
-		authPayload := buffer.BytesFrom(ivLen)
-		authBuffer := buffer.Extend(AuthSize)
-		authenticator.Authenticate(authPayload, authBuffer)
-	}
 	if err := account.Cipher.EncodePacket(account.Key, buffer); err != nil {
 		return nil, newError("failed to encrypt UDP payload").Base(err)
 	}
@@ -284,34 +208,6 @@ func DecodeUDPPacket(user *protocol.MemoryUser, payload *buf.Buffer) (*protocol.
 		Command: protocol.RequestCommandUDP,
 	}
 
-	if !account.Cipher.IsAEAD() {
-		if (payload.Byte(0) & 0x10) == 0x10 {
-			request.Option |= RequestOptionOneTimeAuth
-		}
-
-		if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
-			return nil, nil, newError("rejecting packet with OTA enabled, while server disables OTA").AtWarning()
-		}
-
-		if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
-			return nil, nil, newError("rejecting packet with OTA disabled, while server enables OTA").AtWarning()
-		}
-
-		if request.Option.Has(RequestOptionOneTimeAuth) {
-			payloadLen := payload.Len() - AuthSize
-			authBytes := payload.BytesFrom(payloadLen)
-
-			authenticator := NewAuthenticator(HeaderKeyGenerator(account.Key, iv))
-			actualAuth := make([]byte, AuthSize)
-			authenticator.Authenticate(payload.BytesTo(payloadLen), actualAuth)
-			if !bytes.Equal(actualAuth, authBytes) {
-				return nil, nil, newError("invalid OTA")
-			}
-
-			payload.Resize(0, payloadLen)
-		}
-	}
-
 	payload.SetByte(0, payload.Byte(0)&0x0F)
 
 	addr, port, err := addrParser.ReadAddressPort(nil, payload)

proxy/shadowsocks/protocol_test.go

@@ -29,7 +29,6 @@ func TestUDPEncoding(t *testing.T) {
 			Account: toAccount(&Account{
 				Password:   "shadowsocks-password",
 				CipherType: CipherType_AES_128_CFB,
-				Ota:        Account_Disabled,
 			}),
 		},
 	}
@@ -61,7 +60,6 @@ func TestTCPRequest(t *testing.T) {
 				Version: Version,
 				Command: protocol.RequestCommandTCP,
 				Address: net.LocalHostIP,
-				Option:  RequestOptionOneTimeAuth,
 				Port:    1234,
 				User: &protocol.MemoryUser{
 					Email: "love@v2ray.com",
@@ -78,7 +76,6 @@ func TestTCPRequest(t *testing.T) {
 				Version: Version,
 				Command: protocol.RequestCommandTCP,
 				Address: net.LocalHostIPv6,
-				Option:  RequestOptionOneTimeAuth,
 				Port:    1234,
 				User: &protocol.MemoryUser{
 					Email: "love@v2ray.com",
@@ -95,7 +92,6 @@ func TestTCPRequest(t *testing.T) {
 				Version: Version,
 				Command: protocol.RequestCommandTCP,
 				Address: net.DomainAddress("v2ray.com"),
-				Option:  RequestOptionOneTimeAuth,
 				Port:    1234,
 				User: &protocol.MemoryUser{
 					Email: "love@v2ray.com",
@@ -157,7 +153,6 @@ func TestUDPReaderWriter(t *testing.T) {
 			Address: net.DomainAddress("v2ray.com"),
 			Port:    123,
 			User:    user,
-			Option:  RequestOptionOneTimeAuth,
 		},
 	}}
 

proxy/shadowsocks/server.go

@@ -90,7 +90,6 @@ func (s *Server) handlerUDPPayload(ctx context.Context, conn internet.Connection
 		conn.Write(data.Bytes())
 	})
 
-	account := s.user.Account.(*MemoryAccount)
 	inbound := session.InboundFromContext(ctx)
 	if inbound == nil {
 		panic("no inbound metadata")
@@ -120,18 +119,6 @@ func (s *Server) handlerUDPPayload(ctx context.Context, conn internet.Connection
 				continue
 			}
 
-			if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
-				newError("client payload enables OTA but server doesn't allow it").WriteToLog(session.ExportIDToError(ctx))
-				payload.Release()
-				continue
-			}
-
-			if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
-				newError("client payload disables OTA but server forces it").WriteToLog(session.ExportIDToError(ctx))
-				payload.Release()
-				continue
-			}
-
 			currentPacketCtx := ctx
 			dest := request.Destination()
 			if inbound.Source.IsValid() {

proxy/shadowsocks/shadowsocks.go

@@ -2,14 +2,6 @@
 //
 // Shadowsocks client and server are implemented as outbound and inbound respectively in V2Ray's term.
 //
-// Shadowsocks OTA is fully supported. By default both client and server enable OTA, but it can be optionally disabled.
-//
-// Supperted Ciphers:
-// * AES-256-CFB
-// * AES-128-CFB
-// * Chacha20
-// * Chacha20-IEFT
-//
 // R.I.P Shadowsocks
 package shadowsocks
 

testing/scenarios/shadowsocks_test.go

@@ -35,7 +35,6 @@ func TestShadowsocksAES256TCP(t *testing.T) {
 	account := serial.ToTypedMessage(&shadowsocks.Account{
 		Password:   "shadowsocks-password",
 		CipherType: shadowsocks.CipherType_AES_256_CFB,
-		Ota:        shadowsocks.Account_Enabled,
 	})
 
 	serverPort := tcp.PickPort()
@@ -134,7 +133,6 @@ func TestShadowsocksAES128UDP(t *testing.T) {
 	account := serial.ToTypedMessage(&shadowsocks.Account{
 		Password:   "shadowsocks-password",
 		CipherType: shadowsocks.CipherType_AES_128_CFB,
-		Ota:        shadowsocks.Account_Enabled,
 	})
 
 	serverPort := tcp.PickPort()
@@ -261,7 +259,6 @@ func TestShadowsocksChacha20TCP(t *testing.T) {
 	account := serial.ToTypedMessage(&shadowsocks.Account{
 		Password:   "shadowsocks-password",
 		CipherType: shadowsocks.CipherType_CHACHA20_IETF,
-		Ota:        shadowsocks.Account_Enabled,
 	})
 
 	serverPort := tcp.PickPort()
@@ -749,7 +746,6 @@ func TestShadowsocksNone(t *testing.T) {
 	account := serial.ToTypedMessage(&shadowsocks.Account{
 		Password:   "shadowsocks-password",
 		CipherType: shadowsocks.CipherType_NONE,
-		Ota:        shadowsocks.Account_Enabled,
 	})
 
 	serverPort := tcp.PickPort()