tls: optimized code

proxy/redir/redir_linux.go

@@ -116,7 +116,7 @@ func (s *RedirProxy) ListenAndServe() {
 
 // Serve .
 func (s *RedirProxy) Serve(c net.Conn) {
-
+	log.F("[redir] func Serve: can not be called directly")
 }
 
 // Get the original destination of a TCP connection.

proxy/tls/tls.go

@@ -17,11 +17,14 @@ type TLS struct {
 	dialer proxy.Dialer
 	addr   string
 
+	tlsConfig *stdtls.Config
+
 	serverName string
 	skipVerify bool
 
 	certFile string
 	keyFile  string
+	cert     stdtls.Certificate
 
 	server proxy.Server
 }
@@ -69,7 +72,20 @@ func NewTLS(s string, dialer proxy.Dialer) (*TLS, error) {
 
 // NewTLSDialer returns a tls proxy dialer.
 func NewTLSDialer(s string, dialer proxy.Dialer) (proxy.Dialer, error) {
-	return NewTLS(s, dialer)
+	p, err := NewTLS(s, dialer)
+	if err != nil {
+		return nil, err
+	}
+
+	p.tlsConfig = &stdtls.Config{
+		ServerName:         p.serverName,
+		InsecureSkipVerify: p.skipVerify,
+		ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
+		MinVersion:         stdtls.VersionTLS10,
+		MaxVersion:         stdtls.VersionTLS12,
+	}
+
+	return p, err
 }
 
 // NewTLSServer returns a tls transport layer before the real server
@@ -89,6 +105,18 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
 		return nil, err
 	}
 
+	cert, err := stdtls.LoadX509KeyPair(p.certFile, p.keyFile)
+	if err != nil {
+		log.F("[tls] unabled load cert: %s, key %s", p.certFile, p.keyFile)
+		return nil, err
+	}
+
+	p.tlsConfig = &stdtls.Config{
+		Certificates: []stdtls.Certificate{cert},
+		MinVersion:   stdtls.VersionTLS10,
+		MaxVersion:   stdtls.VersionTLS12,
+	}
+
 	p.server, err = proxy.ServerFromURL(transport[1], dialer)
 
 	return p, err
@@ -96,19 +124,7 @@ func NewTLSServer(s string, dialer proxy.Dialer) (proxy.Server, error) {
 
 // ListenAndServe .
 func (s *TLS) ListenAndServe() {
-	cert, err := stdtls.LoadX509KeyPair(s.certFile, s.keyFile)
+	l, err := net.Listen("tcp", s.addr)
-	if err != nil {
-		log.F("[tls] unabled load cert: %s, key %s", s.certFile, s.keyFile)
-		return
-	}
-
-	tlsConfig := &stdtls.Config{
-		Certificates: []stdtls.Certificate{cert},
-		MinVersion:   stdtls.VersionTLS10,
-		MaxVersion:   stdtls.VersionTLS12,
-	}
-
-	l, err := stdtls.Listen("tcp", s.addr, tlsConfig)
 	if err != nil {
 		log.F("[tls] failed to listen on tls %s: %v", s.addr, err)
 		return
@@ -130,8 +146,10 @@ func (s *TLS) ListenAndServe() {
 
 // Serve .
 func (s *TLS) Serve(c net.Conn) {
-	// TODO: check here
+	if s.server != nil {
-	s.server.Serve(c)
+		cc := stdtls.Server(c, s.tlsConfig)
+		s.server.Serve(cc)
+	}
 }
 
 // Addr returns forwarder's address
@@ -148,15 +166,7 @@ func (s *TLS) Dial(network, addr string) (net.Conn, error) {
 		return nil, err
 	}
 
-	conf := &stdtls.Config{
+	c := stdtls.Client(cc, s.tlsConfig)
-		ServerName:         s.serverName,
-		InsecureSkipVerify: s.skipVerify,
-		ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
-		MinVersion:         stdtls.VersionTLS10,
-		MaxVersion:         stdtls.VersionTLS12,
-	}
-
-	c := stdtls.Client(cc, conf)
 	err = c.Handshake()
 	return c, err
 }

proxy/tproxy/tproxy_linux.go

@@ -115,7 +115,9 @@ func (s *TProxy) ListenAndServeUDP() {
 }
 
 // Serve .
-func (s *TProxy) Serve(c net.Conn) {}
+func (s *TProxy) Serve(c net.Conn) {
+	log.F("[tproxy] func Serve: can not be called directly")
+}
 
 // ReadFromUDP reads a UDP packet from c, copying the payload into b.
 // It returns the number of bytes copied into b and the return address

proxy/udptun/udptun.go

@@ -107,5 +107,5 @@ func (s *UDPTun) ListenAndServe() {
 
 // Serve .
 func (s *UDPTun) Serve(c net.Conn) {
-
+	log.F("[udptun] func Serve: can not be called directly")
 }

proxy/uottun/uottun.go

@@ -106,5 +106,5 @@ func (s *UoTTun) ListenAndServe() {
 // Serve .
 func (s *UoTTun) Serve(c net.Conn) {
 	// TODO
-
+	log.F("[uottun] func Serve: can not be called directly")
 }