bughz/glider
1
0
Fork 0
mirror of https://github.com/nadoo/glider.git synced 2025-02-23 01:15:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

tls: added new param alpn

Browse Source
This commit is contained in:
nadoo 2021-08-17 09:39:24 +08:00
parent 8b29af3c0c
commit c055c33143
7 changed files with 26 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -226,7 +226,7 @@ Available securities for vmess:
none, aes-128-gcm, chacha20-poly1305
TLS client scheme:
tls://host:port[?serverName=SERVERNAME][&skipVerify=true]
tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&alpn=proto1][&alpn=proto2]
Proxy over tls client:
tls://host:port[?skipVerify=true][&serverName=SERVERNAME],scheme://
@ -235,7 +235,7 @@ Proxy over tls client:
tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
TLS server scheme:
tls://host:port?cert=PATH&key=PATH
tls://host:port?cert=PATH&key=PATH[&alpn=proto1][&alpn=proto2]
Proxy over tls server:
tls://host:port?cert=PATH&key=PATH,scheme://

4
config.go
View File

@ -204,7 +204,7 @@ func usage() {
fmt.Fprintf(w, "\n")
fmt.Fprintf(w, "TLS client scheme:\n")
fmt.Fprintf(w, " tls://host:port[?serverName=SERVERNAME][&skipVerify=true]\n")
fmt.Fprintf(w, " tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&alpn=proto1][&alpn=proto2]\n")
fmt.Fprintf(w, "\n")
fmt.Fprintf(w, "Proxy over tls client:\n")
@ -215,7 +215,7 @@ func usage() {
fmt.Fprintf(w, "\n")
fmt.Fprintf(w, "TLS server scheme:\n")
fmt.Fprintf(w, " tls://host:port?cert=PATH&key=PATH\n")
fmt.Fprintf(w, " tls://host:port?cert=PATH&key=PATH[&alpn=proto1][&alpn=proto2]\n")
fmt.Fprintf(w, "\n")
fmt.Fprintf(w, "Proxy over tls server:\n")

8
go.mod
View File

@ -7,12 +7,12 @@ require (
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d
github.com/dgryski/go-idea v0.0.0-20170306091226-d2fb45a411fb
github.com/dgryski/go-rc2 v0.0.0-20150621095337-8a9021637152
github.com/insomniacslk/dhcp v0.0.0-20210812084645-decc701b3665
github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e
github.com/nadoo/conflag v0.2.3
github.com/nadoo/ipset v0.3.0
github.com/xtaci/kcp-go/v5 v5.6.1
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e
golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e
golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912
)
require (
@ -26,7 +26,7 @@ require (
github.com/templexxx/xorsimd v0.4.1 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
github.com/u-root/uio v0.0.0-20210528151154-e40b768296a7 // indirect
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d // indirect
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
)
// Replace dependency modules with local developing copy

16
go.sum
View File

@ -39,8 +39,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
github.com/insomniacslk/dhcp v0.0.0-20210812084645-decc701b3665 h1:skMK5bGMStbk2T6am4JEOtm4KWiRB6/bLSeUHPzf88Y=
github.com/insomniacslk/dhcp v0.0.0-20210812084645-decc701b3665/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e h1:ttrVy1tKtnMySMy7pbVtMQSweHyLLQuLCcRj4lbGCBQ=
github.com/insomniacslk/dhcp v0.0.0-20210813103503-c143d771146e/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok=
@ -104,8 +104,8 @@ golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e h1:VvfwVmMH40bpMeizC9/K7ipM5Qjucuu16RWfneFPyhQ=
golang.org/x/crypto v0.0.0-20210813211128-0a44fdfbc16e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@ -129,8 +129,8 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d h1:20cMwl2fHAzkJMEA+8J4JgqBQcQGzbisXo31MIeenXI=
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -156,8 +156,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA=
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912 h1:uCLL3g5wH2xjxVREVuAbP9JM5PPKjRbXKRa6IBjkzmU=
golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

15
proxy/tls/tls.go
View File

@ -25,6 +25,8 @@ type TLS struct {
certFile string
keyFile string
alpn []string
server proxy.Server
}
@ -50,6 +52,7 @@ func NewTLS(s string, d proxy.Dialer, p proxy.Proxy) (*TLS, error) {
skipVerify: query.Get("skipVerify") == "true",
certFile: query.Get("cert"),
keyFile: query.Get("key"),
alpn: query["alpn"],
}
if _, port, _ := net.SplitHostPort(t.addr); port == "" {
@ -65,18 +68,19 @@ func NewTLS(s string, d proxy.Dialer, p proxy.Proxy) (*TLS, error) {
// NewTLSDialer returns a tls dialer.
func NewTLSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {
p, err := NewTLS(s, d, nil)
t, err := NewTLS(s, d, nil)
if err != nil {
return nil, err
}
p.config = &stdtls.Config{
ServerName: p.serverName,
InsecureSkipVerify: p.skipVerify,
t.config = &stdtls.Config{
ServerName: t.serverName,
InsecureSkipVerify: t.skipVerify,
NextProtos: t.alpn,
MinVersion: stdtls.VersionTLS12,
}
return p, err
return t, err
}
// NewTLSServer returns a tls transport layer before the real server.
@ -99,6 +103,7 @@ func NewTLSServer(s string, p proxy.Proxy) (proxy.Server, error) {
t.config = &stdtls.Config{
Certificates: []stdtls.Certificate{cert},
NextProtos: t.alpn,
MinVersion: stdtls.VersionTLS12,
}

1
proxy/trojan/client.go
View File

@ -31,7 +31,6 @@ func NewTrojanDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {
t.tlsConfig = &tls.Config{
ServerName: t.serverName,
InsecureSkipVerify: t.skipVerify,
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
}

1
proxy/ws/client.go
View File

@ -31,7 +31,6 @@ func NewWSSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {
w.tlsConfig = &tls.Config{
ServerName: w.serverName,
InsecureSkipVerify: w.skipVerify,
NextProtos: []string{"http/1.1"},
MinVersion: tls.VersionTLS12,
}