From 20273b48bebdd1803ebf44f736f25b16bf0cd99d Mon Sep 17 00:00:00 2001 From: nadoo <287492+nadoo@users.noreply.github.com> Date: Thu, 28 Jun 2018 20:45:24 +0800 Subject: [PATCH] tls: add experimental tls support --- ipset_linux.go | 6 ++-- main.go | 1 + proxy/tls/tls.go | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+), 3 deletions(-) create mode 100644 proxy/tls/tls.go diff --git a/ipset_linux.go b/ipset_linux.go index f0c15b1..aade239 100644 --- a/ipset_linux.go +++ b/ipset_linux.go @@ -304,14 +304,14 @@ func (m *NfGenMsg) Serialize() []byte { return buf } -// Extend RtAttr to handle data and children +// RtAttr Extend RtAttr to handle data and children type RtAttr struct { syscall.RtAttr Data []byte children []NetlinkRequestData } -// Create a new Extended RtAttr object +// NewRtAttr Create a new Extended RtAttr object func NewRtAttr(attrType int, data []byte) *RtAttr { return &RtAttr{ RtAttr: syscall.RtAttr{ @@ -322,7 +322,7 @@ func NewRtAttr(attrType int, data []byte) *RtAttr { } } -// Create a new RtAttr obj anc add it as a child of an existing object +// NewRtAttrChild Create a new RtAttr obj anc add it as a child of an existing object func NewRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr { attr := NewRtAttr(attrType, data) parent.children = append(parent.children, attr) diff --git a/main.go b/main.go index 565e40d..d3a5a0d 100644 --- a/main.go +++ b/main.go @@ -18,6 +18,7 @@ import ( _ "github.com/nadoo/glider/proxy/ss" _ "github.com/nadoo/glider/proxy/ssr" _ "github.com/nadoo/glider/proxy/tcptun" + _ "github.com/nadoo/glider/proxy/tls" _ "github.com/nadoo/glider/proxy/udptun" _ "github.com/nadoo/glider/proxy/uottun" _ "github.com/nadoo/glider/proxy/vmess" diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go new file mode 100644 index 0000000..f36e812 --- /dev/null +++ b/proxy/tls/tls.go @@ -0,0 +1,83 @@ +package tls + +import ( + stdtls "crypto/tls" + "errors" + "net" + "net/url" + "strings" + + "github.com/nadoo/glider/common/log" + "github.com/nadoo/glider/proxy" +) + +// TLS . +type TLS struct { + dialer proxy.Dialer + addr string + + serverName string +} + +func init() { + proxy.RegisterDialer("tls", NewTLSDialer) +} + +// NewTLS returns a tls proxy. +func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) { + u, err := url.Parse(s) + if err != nil { + log.F("parse url err: %s", err) + return nil, err + } + + addr := u.Host + + colonPos := strings.LastIndex(addr, ":") + if colonPos == -1 { + colonPos = len(addr) + } + serverName := addr[:colonPos] + + p := &TLS{ + dialer: dialer, + addr: addr, + serverName: serverName, + } + + return p, nil +} + +// NewTLSDialer returns a tls proxy dialer. +func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) { + return NewTLS(s, dialer) +} + +// Addr returns forwarder's address +func (s *TLS) Addr() string { return s.addr } + +// NextDialer returns the next dialer +func (s *TLS) NextDialer(dstAddr string) proxy.Dialer { return s.dialer.NextDialer(dstAddr) } + +// Dial connects to the address addr on the network net via the proxy. +func (s *TLS) Dial(network, addr string) (net.Conn, error) { + cc, err := s.dialer.Dial("tcp", s.addr) + if err != nil { + log.F("proxy-tls dial to %s error: %s", s.addr, err) + return nil, err + } + + conf := &stdtls.Config{ + ServerName: s.serverName, + //InsecureSkipVerify: true, + } + + c := stdtls.Client(cc, conf) + err = c.Handshake() + return c, err +} + +// DialUDP connects to the given address via the proxy. +func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) { + return nil, nil, errors.New("tls client does not support udp now") +}