diff --git a/proxy/redir/redir_linux.go b/proxy/redir/redir_linux.go index d84707b..4e1ffca 100644 --- a/proxy/redir/redir_linux.go +++ b/proxy/redir/redir_linux.go @@ -116,7 +116,7 @@ func (s *RedirProxy) ListenAndServe() { // Serve . func (s *RedirProxy) Serve(c net.Conn) { - + log.F("[redir] func Serve: can not be called directly") } // Get the original destination of a TCP connection. diff --git a/proxy/tls/tls.go b/proxy/tls/tls.go index f166239..19e499a 100644 --- a/proxy/tls/tls.go +++ b/proxy/tls/tls.go @@ -17,11 +17,14 @@ type TLS struct { dialer proxy.Dialer addr string + tlsConfig *stdtls.Config + serverName string skipVerify bool certFile string keyFile string + cert stdtls.Certificate server proxy.Server } @@ -69,7 +72,20 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) { // NewTLSDialer returns a tls proxy dialer. func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) { - return NewTLS(s, dialer) + p, err := NewTLS(s, dialer) + if err != nil { + return nil, err + } + + p.tlsConfig = &stdtls.Config{ + ServerName: p.serverName, + InsecureSkipVerify: p.skipVerify, + ClientSessionCache: stdtls.NewLRUClientSessionCache(64), + MinVersion: stdtls.VersionTLS10, + MaxVersion: stdtls.VersionTLS12, + } + + return p, err } // NewTLSServer returns a tls transport layer before the real server @@ -89,6 +105,18 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) { return nil, err } + cert, err := stdtls.LoadX509KeyPair(p.certFile, p.keyFile) + if err != nil { + log.F("[tls] unabled load cert: %s, key %s", p.certFile, p.keyFile) + return nil, err + } + + p.tlsConfig = &stdtls.Config{ + Certificates: []stdtls.Certificate{cert}, + MinVersion: stdtls.VersionTLS10, + MaxVersion: stdtls.VersionTLS12, + } + p.server, err = proxy.ServerFromURL(transport[1], dialer) return p, err @@ -96,19 +124,7 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) { // ListenAndServe . func (s *TLS) ListenAndServe() { - cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile) - if err != nil { - log.F("[tls] unabled load cert: %s, key %s", s.certFile, s.keyFile) - return - } - - tlsConfig := &stdtls.Config{ - Certificates: []stdtls.Certificate{cert}, - MinVersion: stdtls.VersionTLS10, - MaxVersion: stdtls.VersionTLS12, - } - - l, err := stdtls.Listen("tcp", s.addr, tlsConfig) + l, err := net.Listen("tcp", s.addr) if err != nil { log.F("[tls] failed to listen on tls %s: %v", s.addr, err) return @@ -130,8 +146,10 @@ func (s *TLS) ListenAndServe() { // Serve . func (s *TLS) Serve(c net.Conn) { - // TODO: check here - s.server.Serve(c) + if s.server != nil { + cc := stdtls.Server(c, s.tlsConfig) + s.server.Serve(cc) + } } // Addr returns forwarder's address @@ -148,15 +166,7 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) { return nil, err } - conf := &stdtls.Config{ - ServerName: s.serverName, - InsecureSkipVerify: s.skipVerify, - ClientSessionCache: stdtls.NewLRUClientSessionCache(64), - MinVersion: stdtls.VersionTLS10, - MaxVersion: stdtls.VersionTLS12, - } - - c := stdtls.Client(cc, conf) + c := stdtls.Client(cc, s.tlsConfig) err = c.Handshake() return c, err } diff --git a/proxy/tproxy/tproxy_linux.go b/proxy/tproxy/tproxy_linux.go index 64c723c..b338803 100644 --- a/proxy/tproxy/tproxy_linux.go +++ b/proxy/tproxy/tproxy_linux.go @@ -115,7 +115,9 @@ func (s *TProxy) ListenAndServeUDP() { } // Serve . -func (s *TProxy) Serve(c net.Conn) {} +func (s *TProxy) Serve(c net.Conn) { + log.F("[tproxy] func Serve: can not be called directly") +} // ReadFromUDP reads a UDP packet from c, copying the payload into b. // It returns the number of bytes copied into b and the return address diff --git a/proxy/udptun/udptun.go b/proxy/udptun/udptun.go index 3018c15..4d43045 100644 --- a/proxy/udptun/udptun.go +++ b/proxy/udptun/udptun.go @@ -107,5 +107,5 @@ func (s *UDPTun) ListenAndServe() { // Serve . func (s *UDPTun) Serve(c net.Conn) { - + log.F("[udptun] func Serve: can not be called directly") } diff --git a/proxy/uottun/uottun.go b/proxy/uottun/uottun.go index d66a075..445c9b7 100644 --- a/proxy/uottun/uottun.go +++ b/proxy/uottun/uottun.go @@ -106,5 +106,5 @@ func (s *UoTTun) ListenAndServe() { // Serve . func (s *UoTTun) Serve(c net.Conn) { // TODO - + log.F("[uottun] func Serve: can not be called directly") }