glider/proxy/tls/tls.go

package tls

import (
	stdtls "crypto/tls"
	"errors"
	"net"
	"net/url"
	"strings"

	"github.com/nadoo/glider/log"
	"github.com/nadoo/glider/proxy"
)

// TLS struct.
type TLS struct {
	dialer proxy.Dialer
	proxy  proxy.Proxy
	addr   string

	config *stdtls.Config

	serverName string
	skipVerify bool

	certFile string
	keyFile  string

	server proxy.Server
}

func init() {
	proxy.RegisterDialer("tls", NewTLSDialer)
	proxy.RegisterServer("tls", NewTLSServer)
}

// NewTLS returns a tls struct.
func NewTLS(s string, d proxy.Dialer, p proxy.Proxy) (*TLS, error) {
	u, err := url.Parse(s)
	if err != nil {
		log.F("[tls] parse url err: %s", err)
		return nil, err
	}

	query := u.Query()
	t := &TLS{
		dialer:     d,
		proxy:      p,
		addr:       u.Host,
		serverName: query.Get("serverName"),
		skipVerify: query.Get("skipVerify") == "true",
		certFile:   query.Get("cert"),
		keyFile:    query.Get("key"),
	}

	if _, port, _ := net.SplitHostPort(t.addr); port == "" {
		t.addr = net.JoinHostPort(t.addr, "443")
	}

	if t.serverName == "" {
		t.serverName = t.addr[:strings.LastIndex(t.addr, ":")]
	}

	return t, nil
}

// NewTLSDialer returns a tls dialer.
func NewTLSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {
	p, err := NewTLS(s, d, nil)
	if err != nil {
		return nil, err
	}

	p.config = &stdtls.Config{
		ServerName:         p.serverName,
		InsecureSkipVerify: p.skipVerify,
		ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
		MinVersion:         stdtls.VersionTLS12,
	}

	return p, err
}

// NewTLSServer returns a tls transport layer before the real server.
func NewTLSServer(s string, p proxy.Proxy) (proxy.Server, error) {
	transport := strings.Split(s, ",")

	t, err := NewTLS(transport[0], nil, p)
	if err != nil {
		return nil, err
	}

	if t.certFile == "" || t.keyFile == "" {
		return nil, errors.New("[tls] cert and key file path must be spcified")
	}

	cert, err := stdtls.LoadX509KeyPair(t.certFile, t.keyFile)
	if err != nil {
		log.F("[tls] unable to load cert: %s, key %s", t.certFile, t.keyFile)
		return nil, err
	}

	t.config = &stdtls.Config{
		Certificates: []stdtls.Certificate{cert},
		MinVersion:   stdtls.VersionTLS12,
	}

	if len(transport) > 1 {
		t.server, err = proxy.ServerFromURL(transport[1], p)
		if err != nil {
			return nil, err
		}
	}

	return t, nil
}

// ListenAndServe listens on server's addr and serves connections.
func (s *TLS) ListenAndServe() {
	l, err := net.Listen("tcp", s.addr)
	if err != nil {
		log.F("[tls] failed to listen on %s: %v", s.addr, err)
		return
	}
	defer l.Close()

	log.F("[tls] listening TCP on %s with TLS", s.addr)

	for {
		c, err := l.Accept()
		if err != nil {
			log.F("[tls] failed to accept: %v", err)
			continue
		}

		go s.Serve(c)
	}
}

// Serve serves a connection.
func (s *TLS) Serve(cc net.Conn) {
	c := stdtls.Server(cc, s.config)

	if s.server != nil {
		s.server.Serve(c)
		return
	}

	defer c.Close()

	rc, dialer, err := s.proxy.Dial("tcp", "")
	if err != nil {
		log.F("[tls] %s <-> %s via %s, error in dial: %v", c.RemoteAddr(), s.addr, dialer.Addr(), err)
		s.proxy.Record(dialer, false)
		return
	}
	defer rc.Close()

	log.F("[tls] %s <-> %s", c.RemoteAddr(), dialer.Addr())

	if err = proxy.Relay(c, rc); err != nil {
		log.F("[tls] %s <-> %s, relay error: %v", c.RemoteAddr(), dialer.Addr(), err)
		// record remote conn failure only
		if !strings.Contains(err.Error(), s.addr) {
			s.proxy.Record(dialer, false)
		}
	}
}

// Addr returns forwarder's address.
func (s *TLS) Addr() string {
	if s.addr == "" {
		return s.dialer.Addr()
	}
	return s.addr
}

// Dial connects to the address addr on the network net via the proxy.
func (s *TLS) Dial(network, addr string) (net.Conn, error) {
	cc, err := s.dialer.Dial("tcp", s.addr)
	if err != nil {
		log.F("[tls] dial to %s error: %s", s.addr, err)
		return nil, err
	}

	c := stdtls.Client(cc, s.config)
	err = c.Handshake()
	return c, err
}

// DialUDP connects to the given address via the proxy.
func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
	return nil, nil, proxy.ErrNotSupported
}
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`package tls`

			`import (`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`stdtls "crypto/tls"`
			`"errors"`
			`"net"`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`"net/url"`
			`"strings"`

general: restructure package, move socks to proxy 2020-10-01 22:49:14 +08:00			`"github.com/nadoo/glider/log"`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`"github.com/nadoo/glider/proxy"`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`)`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// TLS struct.`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`type TLS struct {`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`dialer proxy.Dialer`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`proxy proxy.Proxy`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`addr string`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00
doc: add info for customize building 2020-10-02 00:03:49 +08:00			`config *stdtls.Config`
tls: optimized code 2018-11-25 15:41:47 +08:00
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`serverName string`
tls: add skipVerify param in url 2018-07-04 16:55:45 +08:00			`skipVerify bool`
listener with tls transport layer 2018-10-29 16:18:51 +08:00
			`certFile string`
			`keyFile string`

server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`server proxy.Server`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`}`

forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`func init() {`
			`proxy.RegisterDialer("tls", NewTLSDialer)`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`proxy.RegisterServer("tls", NewTLSServer)`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`}`

pool: added bufio.Reader pool 2020-11-03 22:52:50 +08:00			`// NewTLS returns a tls struct.`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`func NewTLS(s string, d proxy.Dialer, p proxy.Proxy) (*TLS, error) {`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`u, err := url.Parse(s)`
			`if err != nil {`
tls, trojan: use 443 as default port if not specified 2020-10-07 21:06:49 +08:00			`log.F("[tls] parse url err: %s", err)`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`return nil, err`
			`}`

server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`query := u.Query()`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`t := &TLS{`
			`dialer: d,`
			`proxy: p,`
tls, trojan: use 443 as default port if not specified 2020-10-07 21:06:49 +08:00			`addr: u.Host,`
			`serverName: query.Get("serverName"),`
			`skipVerify: query.Get("skipVerify") == "true",`
			`certFile: query.Get("cert"),`
			`keyFile: query.Get("key"),`
tls: add skipVerify param in url 2018-07-04 16:55:45 +08:00			`}`

ci: added freebsd version 2021-04-19 10:39:40 +08:00			`if _, port, _ := net.SplitHostPort(t.addr); port == "" {`
tls,trojan: optimize the default port handling 2021-03-21 00:08:00 +08:00			`t.addr = net.JoinHostPort(t.addr, "443")`
			`}`

tls, trojan: use 443 as default port if not specified 2020-10-07 21:06:49 +08:00			`if t.serverName == "" {`
tls,trojan: optimize the default port handling 2021-03-21 00:08:00 +08:00			`t.serverName = t.addr[:strings.LastIndex(t.addr, ":")]`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`}`

proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`return t, nil`
tls: add experimental tls support 2018-06-28 20:45:24 +08:00			`}`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00
pool: added bufio.Reader pool 2020-11-03 22:52:50 +08:00			`// NewTLSDialer returns a tls dialer.`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`func NewTLSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {`
			`p, err := NewTLS(s, d, nil)`
tls: optimized code 2018-11-25 15:41:47 +08:00			`if err != nil {`
			`return nil, err`
			`}`

doc: add info for customize building 2020-10-02 00:03:49 +08:00			`p.config = &stdtls.Config{`
tls: optimized code 2018-11-25 15:41:47 +08:00			`ServerName: p.serverName,`
			`InsecureSkipVerify: p.skipVerify,`
			`ClientSessionCache: stdtls.NewLRUClientSessionCache(64),`
trojan: support listen as trojan server 2020-10-10 19:04:33 +08:00			`MinVersion: stdtls.VersionTLS12,`
tls: optimized code 2018-11-25 15:41:47 +08:00			`}`

			`return p, err`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`}`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// NewTLSServer returns a tls transport layer before the real server.`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`func NewTLSServer(s string, p proxy.Proxy) (proxy.Server, error) {`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`transport := strings.Split(s, ",")`

proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`t, err := NewTLS(transport[0], nil, p)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`if err != nil {`
			`return nil, err`
			`}`

proxy: optimize NewConn, avoid loop 2020-10-11 18:46:15 +08:00			`if t.certFile == "" \|\| t.keyFile == "" {`
			`return nil, errors.New("[tls] cert and key file path must be spcified")`
			`}`

proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`cert, err := stdtls.LoadX509KeyPair(t.certFile, t.keyFile)`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`if err != nil {`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`log.F("[tls] unable to load cert: %s, key %s", t.certFile, t.keyFile)`
tls: optimized code 2018-11-25 15:41:47 +08:00			`return nil, err`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`}`
listener with tls transport layer 2018-10-29 16:18:51 +08:00
doc: add info for customize building 2020-10-02 00:03:49 +08:00			`t.config = &stdtls.Config{`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`Certificates: []stdtls.Certificate{cert},`
conn: optimize relay operation 2020-09-03 00:12:00 +08:00			`MinVersion: stdtls.VersionTLS12,`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`}`

proxy: support tunnel mode in`kcp` `tls` `ws` 2020-11-29 23:13:19 +08:00			`if len(transport) > 1 {`
			`t.server, err = proxy.ServerFromURL(transport[1], p)`
			`if err != nil {`
			`return nil, err`
			`}`
unix: add unix domain socket support. #59 2018-11-25 17:56:59 +08:00			`}`
tls: optimized code 2018-11-25 15:41:47 +08:00
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`return t, nil`
tls: optimized code 2018-11-25 15:41:47 +08:00			`}`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// ListenAndServe listens on server's addr and serves connections.`
tls: optimized code 2018-11-25 15:41:47 +08:00			`func (s *TLS) ListenAndServe() {`
			`l, err := net.Listen("tcp", s.addr)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`if err != nil {`
unix: add unix domain socket support. #59 2018-11-25 17:56:59 +08:00			`log.F("[tls] failed to listen on %s: %v", s.addr, err)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`return`
			`}`
			`defer l.Close()`

server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`log.F("[tls] listening TCP on %s with TLS", s.addr)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00
			`for {`
			`c, err := l.Accept()`
			`if err != nil {`
server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`log.F("[tls] failed to accept: %v", err)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`continue`
			`}`

server: changed interface definition and implementation 2018-11-25 13:18:15 +08:00			`go s.Serve(c)`
listener with tls transport layer 2018-10-29 16:18:51 +08:00			`}`
			`}`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// Serve serves a connection.`
proxy: support tunnel mode in`kcp` `tls` `ws` 2020-11-29 23:13:19 +08:00			`func (s *TLS) Serve(cc net.Conn) {`
			`c := stdtls.Server(cc, s.config)`
ipset: only allow to set ipset in rule files #69 2018-11-27 23:25:20 +08:00
tls: optimized code 2018-11-25 15:41:47 +08:00			`if s.server != nil {`
proxy: support tunnel mode in`kcp` `tls` `ws` 2020-11-29 23:13:19 +08:00			`s.server.Serve(c)`
			`return`
			`}`

			`defer c.Close()`

			`rc, dialer, err := s.proxy.Dial("tcp", "")`
			`if err != nil {`
			`log.F("[tls] %s <-> %s via %s, error in dial: %v", c.RemoteAddr(), s.addr, dialer.Addr(), err)`
			`s.proxy.Record(dialer, false)`
			`return`
			`}`
			`defer rc.Close()`

			`log.F("[tls] %s <-> %s", c.RemoteAddr(), dialer.Addr())`

			`if err = proxy.Relay(c, rc); err != nil {`
			`log.F("[tls] %s <-> %s, relay error: %v", c.RemoteAddr(), dialer.Addr(), err)`
			`// record remote conn failure only`
			`if !strings.Contains(err.Error(), s.addr) {`
			`s.proxy.Record(dialer, false)`
			`}`
tls: optimized code 2018-11-25 15:41:47 +08:00			`}`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`}`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// Addr returns forwarder's address.`
			`func (s *TLS) Addr() string {`
			`if s.addr == "" {`
			`return s.dialer.Addr()`
			`}`
			`return s.addr`
			`}`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00
log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// Dial connects to the address addr on the network net via the proxy.`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`func (s *TLS) Dial(network, addr string) (net.Conn, error) {`
			`cc, err := s.dialer.Dial("tcp", s.addr)`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`if err != nil {`
			`log.F("[tls] dial to %s error: %s", s.addr, err)`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`return nil, err`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`}`

doc: add info for customize building 2020-10-02 00:03:49 +08:00			`c := stdtls.Client(cc, s.config)`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`err = c.Handshake()`
proxy: add a new interface proxy to distinguish client and server 2019-09-18 19:40:14 +08:00			`return c, err`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`}`

log: show proxy info in log, `via PROXY` 2019-09-18 22:08:48 +08:00			`// DialUDP connects to the given address via the proxy.`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {`
chore: document works and code optimizations 2020-12-02 19:00:39 +08:00			`return nil, nil, proxy.ErrNotSupported`
forwarder: add the ability to get parameters like 'priority' 2018-08-12 12:37:25 +08:00			`}`