mirror of
https://github.com/net-byte/vtun
synced 2024-03-14 10:50:03 +08:00
203 lines
5.3 KiB
Go
203 lines
5.3 KiB
Go
package h1
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"errors"
|
|
"fmt"
|
|
"github.com/golang/snappy"
|
|
"github.com/net-byte/vtun/common/cache"
|
|
"github.com/net-byte/vtun/common/cipher"
|
|
"github.com/net-byte/vtun/common/config"
|
|
"github.com/net-byte/vtun/common/counter"
|
|
"github.com/net-byte/vtun/common/netutil"
|
|
"github.com/net-byte/vtun/common/xcrypto"
|
|
"github.com/net-byte/vtun/common/xproto"
|
|
"github.com/net-byte/water"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
// StartServer starts the h1 server
|
|
func StartServer(iFace *water.Interface, config config.Config) {
|
|
log.Printf("vtun h1 server started on %v", config.LocalAddr)
|
|
websrv := NewHandle(http.NotFoundHandler())
|
|
http.Handle("/", websrv)
|
|
srv := &http.Server{Addr: config.LocalAddr, Handler: nil}
|
|
go func(srv *http.Server) {
|
|
var err error
|
|
if config.Protocol == "https" {
|
|
tlsConfig := &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
|
|
CipherSuites: []uint16{
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
},
|
|
}
|
|
srv.TLSConfig = tlsConfig
|
|
err = srv.ListenAndServeTLS(config.TLSCertificateFilePath, config.TLSCertificateKeyFilePath)
|
|
} else {
|
|
err = srv.ListenAndServe()
|
|
}
|
|
if err != ErrServerClose {
|
|
panic(err)
|
|
}
|
|
}(srv)
|
|
// server -> client
|
|
go toClient(config, iFace)
|
|
// client -> server
|
|
for {
|
|
conn, err := websrv.Accept()
|
|
if err != nil {
|
|
continue
|
|
}
|
|
go toServer(config, conn, iFace)
|
|
}
|
|
}
|
|
|
|
// toClient sends packets from tun to h1
|
|
func toClient(config config.Config, iFace *water.Interface) {
|
|
buffer := make([]byte, config.BufferSize)
|
|
xp := &xcrypto.XCrypto{}
|
|
err := xp.Init(config.Key)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
return
|
|
}
|
|
for {
|
|
n, err := iFace.Read(buffer)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
continue
|
|
}
|
|
b := buffer[:n]
|
|
if key := netutil.GetDstKey(b); key != "" {
|
|
if v, ok := cache.GetCache().Get(key); ok {
|
|
if config.Obfs {
|
|
b = cipher.XOR(b)
|
|
}
|
|
b, err = xp.Encode(b)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
if config.Compress {
|
|
b = snappy.Encode(nil, b)
|
|
}
|
|
ph := &xproto.ServerSendPacketHeader{
|
|
ProtocolVersion: xproto.ProtocolVersion,
|
|
Length: len(b),
|
|
}
|
|
conn := v.(net.Conn)
|
|
_, err := conn.Write(ph.Bytes())
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
cache.GetCache().Delete(key)
|
|
conn.Close()
|
|
continue
|
|
}
|
|
n, err := conn.Write(b[:])
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
cache.GetCache().Delete(key)
|
|
conn.Close()
|
|
continue
|
|
}
|
|
counter.IncrWrittenBytes(n)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// toServer sends packets from h1 to tun
|
|
func toServer(config config.Config, conn net.Conn, iFace *water.Interface) {
|
|
defer conn.Close()
|
|
handshake := make([]byte, xproto.ClientHandshakePacketLength)
|
|
header := make([]byte, xproto.ClientSendPacketHeaderLength)
|
|
packet := make([]byte, config.BufferSize)
|
|
authKey := xproto.ParseAuthKeyFromString(config.Key)
|
|
xp := &xcrypto.XCrypto{}
|
|
err := xp.Init(config.Key)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
return
|
|
}
|
|
n, err := conn.Read(handshake)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
return
|
|
}
|
|
if n != xproto.ClientHandshakePacketLength {
|
|
netutil.PrintErr(errors.New(fmt.Sprintf("received handshake length <%d> not equals <%d>!", n, xproto.ClientHandshakePacketLength)), config.Verbose)
|
|
return
|
|
}
|
|
hs := xproto.ParseClientHandshakePacket(handshake[:n])
|
|
if hs == nil {
|
|
netutil.PrintErr(errors.New("hs == nil"), config.Verbose)
|
|
return
|
|
}
|
|
if !hs.Key.Equals(authKey) {
|
|
netutil.PrintErr(errors.New("authentication failed"), config.Verbose)
|
|
return
|
|
}
|
|
cache.GetCache().Set(hs.CIDRv4.String(), conn, 24*time.Hour)
|
|
cache.GetCache().Set(hs.CIDRv6.String(), conn, 24*time.Hour)
|
|
for {
|
|
n, err := conn.Read(header)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
if n != xproto.ClientSendPacketHeaderLength {
|
|
netutil.PrintErr(errors.New(fmt.Sprintf("received length <%d> not equals <%d>!", n, xproto.ClientSendPacketHeaderLength)), config.Verbose)
|
|
break
|
|
}
|
|
ph := xproto.ParseClientSendPacketHeader(header[:n])
|
|
if ph == nil {
|
|
netutil.PrintErr(errors.New("ph == nil"), config.Verbose)
|
|
break
|
|
}
|
|
if !ph.Key.Equals(authKey) {
|
|
netutil.PrintErr(errors.New("authentication failed"), config.Verbose)
|
|
break
|
|
}
|
|
n, err = splitRead(conn, ph.Length, packet[:ph.Length])
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
if n != ph.Length {
|
|
netutil.PrintErr(errors.New(fmt.Sprintf("received length <%d> not equals <%d>!", n, ph.Length)), config.Verbose)
|
|
break
|
|
}
|
|
b := packet[:n]
|
|
if config.Compress {
|
|
b, err = snappy.Decode(nil, b)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
}
|
|
b, err = xp.Decode(b)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
if config.Obfs {
|
|
b = cipher.XOR(b)
|
|
}
|
|
n, err = iFace.Write(b)
|
|
if err != nil {
|
|
netutil.PrintErr(err, config.Verbose)
|
|
break
|
|
}
|
|
counter.IncrReadBytes(n)
|
|
}
|
|
}
|