add Dialer to create connection

dialer.go

@@ -0,0 +1,123 @@
+package obfssh
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"sync"
+	"time"
+
+	log "github.com/fangdingjun/go-log/v5"
+	"github.com/gorilla/websocket"
+	"golang.org/x/crypto/ssh"
+)
+
+type Dialer struct {
+	// NetDial specifies the dial function for creating TCP connections. If
+	// NetDial is nil, net.Dial is used.
+	NetDial func(network, addr string) (net.Conn, error)
+
+	Proxy func() (*url.URL, error)
+
+	// TLSClientConfig specifies the TLS configuration to use with tls.Client.
+	// If nil, the default configuration is used.
+	// If either NetDialTLS or NetDialTLSContext are set, Dial assumes the TLS handshake
+	// is done there and TLSClientConfig is ignored.
+	TLSClientConfig *tls.Config
+
+	NetConf *Conf
+}
+
+func (d *Dialer) Dial(addr string, conf *ssh.ClientConfig) (*Client, error) {
+	if d.NetConf.Timeout == 0 {
+		d.NetConf.Timeout = 15 * time.Second
+	}
+	if d.NetConf.KeepAliveInterval == 0 {
+		d.NetConf.KeepAliveInterval = 10
+	}
+	if d.NetConf.KeepAliveMax == 0 {
+		d.NetConf.KeepAliveMax = 3
+	}
+	var dialFunc func(network, addr string) (net.Conn, error)
+	if d.NetDial == nil {
+		dialFunc = dialer.Dial
+	}
+
+	u, err := url.Parse(addr)
+	if err != nil {
+		return nil, err
+	}
+
+	if d.Proxy != nil {
+		dialFunc = func(network, addr string) (net.Conn, error) {
+			var conn net.Conn
+			var err error
+			u1, _ := d.Proxy()
+			if u1 == nil {
+				return dialer.Dial(network, addr)
+			}
+			log.Debugf("connect to proxy %s", u1.String())
+			switch u1.Scheme {
+			case "http":
+				conn, err = dialHTTPProxy(addr, u1)
+			case "https":
+				conn, err = dialHTTPSProxy(addr, u1)
+			case "socks5":
+				conn, err = dialSocks5Proxy(addr, u1)
+			default:
+				return nil, fmt.Errorf("unknown proxy scheme %s", u1.Scheme)
+			}
+			if err != nil {
+				log.Errorf("connect to proxy error %s", err)
+			}
+			return conn, err
+		}
+	}
+
+	switch u.Scheme {
+	case "":
+		conn, err := dialFunc("tcp", u.Host)
+		if err != nil {
+			return nil, err
+		}
+		return NewClient(&TimedOutConn{Conn: conn, Timeout: d.NetConf.Timeout}, conf, u.Host, d.NetConf)
+	case "tls":
+		conn, err := dialFunc("tcp", u.Host)
+		if err != nil {
+			return nil, err
+		}
+		conn = tls.Client(&TimedOutConn{Conn: conn, Timeout: d.NetConf.Timeout}, d.TLSClientConfig)
+		return NewClient(conn, conf, u.Host, d.NetConf)
+	case "ws":
+		fallthrough
+	case "wss":
+		_addr := fmt.Sprintf("%s://%s%s", u.Scheme, u.Host, u.Path)
+		_dailer := websocket.Dialer{
+			NetDial: func(network, addr string) (net.Conn, error) {
+				c, err := dialFunc(network, addr)
+				return &TimedOutConn{Conn: c, Timeout: d.NetConf.Timeout}, err
+			},
+			TLSClientConfig: d.TLSClientConfig,
+		}
+		wsconn, res, err := _dailer.Dial(_addr, nil)
+		if err != nil {
+			return nil, err
+		}
+		if res.StatusCode != http.StatusSwitchingProtocols {
+			return nil, fmt.Errorf("websocket connect failed, http code %d", res.StatusCode)
+		}
+		_conn := &wsConn{Conn: wsconn, buf: new(bytes.Buffer), mu: new(sync.Mutex), ch: make(chan struct{})}
+		go _conn.readLoop()
+		return NewClient(_conn, conf, u.Host, d.NetConf)
+	default:
+		return nil, fmt.Errorf("unknow scheme %s", u.Scheme)
+	}
+}
+
+func (d *Dialer) DialContext(ctx context.Context, addr string, conf *ssh.ClientConfig) (*Client, error) {
+	return nil, nil
+}

go.mod

@@ -3,14 +3,14 @@ module github.com/fangdingjun/obfssh
 go 1.13
 
 require (
-	github.com/containerd/console v1.0.0
+	github.com/containerd/console v1.0.3
 	github.com/fangdingjun/go-log/v5 v5.0.0
-	github.com/fangdingjun/protolistener v0.0.0-20200701071613-b79ebce338af
-	github.com/fangdingjun/socks-go v0.0.0-20180926100003-fc6f0a9ee1f4
+	github.com/fangdingjun/protolistener v0.0.0-20230216120836-271b401928b8
+	github.com/fangdingjun/socks-go v0.0.0-20220901073602-f35f0e0139ec
 	github.com/go-yaml/yaml v2.1.0+incompatible
-	github.com/gorilla/websocket v1.4.2
+	github.com/gorilla/websocket v1.5.0
 	github.com/kr/fs v0.1.0
 	github.com/pkg/sftp v1.11.0
 	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
-	golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e
+	golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c
 )

go.sum

@@ -1,43 +1,89 @@
-github.com/containerd/console v1.0.0 h1:fU3UuQapBs+zLJu82NhR11Rif1ny2zfMMAyPJzSN5tQ=
-github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
+github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fangdingjun/go-log/v5 v5.0.0 h1:vdh9Bk9C4ZFL6KoO6rII73zQIyaLf7hFdBvucO/ckiE=
 github.com/fangdingjun/go-log/v5 v5.0.0/go.mod h1:V012Oxo0/pSbccX4OFSp9MJglXwNsZo2ByBBorr7zzM=
-github.com/fangdingjun/protolistener v0.0.0-20200701071613-b79ebce338af h1:ktdWTFpcRv7TNea7+OE8gNDz2mCbFNXwxLJe7GfruQ4=
-github.com/fangdingjun/protolistener v0.0.0-20200701071613-b79ebce338af/go.mod h1:WYiFoA3d+VfM47p+FHCbDdnKR7eedUmUdwd8c07XT/0=
-github.com/fangdingjun/socks-go v0.0.0-20180926100003-fc6f0a9ee1f4 h1:c3Iw/znf2xe2uut9zUTueO6XHyTTLugrbN9fAE4NAkg=
-github.com/fangdingjun/socks-go v0.0.0-20180926100003-fc6f0a9ee1f4/go.mod h1:0P4kTlyyh76uY1Li3cyw4pOIKGL9RmXXWTQYFLS1ZaM=
+github.com/fangdingjun/protolistener v0.0.0-20230216120836-271b401928b8 h1:Fe7sbY3NZQBoHinferw+lJW2QdUeAMRfg4soVeRUC4I=
+github.com/fangdingjun/protolistener v0.0.0-20230216120836-271b401928b8/go.mod h1:JnZqYZE3SzLtua269awu+0zGWxN3++Ehmf25lUnslcw=
+github.com/fangdingjun/socks-go v0.0.0-20220901073602-f35f0e0139ec h1:gri5Uh0VMajB6oL9g+dvf/ZwoWSe4F5CaDzOKVQqc6s=
+github.com/fangdingjun/socks-go v0.0.0-20220901073602-f35f0e0139ec/go.mod h1:i5fUj/NaF32p2LLmn8EWHF1CQukVH8oMgPyhjC4JxFk=
 github.com/go-yaml/yaml v2.1.0+incompatible h1:RYi2hDdss1u4YE7GwixGzWwVo47T8UQwnTLB6vQiq+o=
 github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
-github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
-github.com/pires/go-proxyproto v0.0.0-20190111085350-4d51b51e3bfc h1:lNOt1SMsgHXTdpuGw+RpnJtzUcCb/oRKZP65pBy9pr8=
-github.com/pires/go-proxyproto v0.0.0-20190111085350-4d51b51e3bfc/go.mod h1:6/gX3+E/IYGa0wMORlSMla999awQFdbaeQCHjSMKIzY=
+github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
+github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.11.0 h1:4Zv0OGbpkg4yNuUtH0s8rvoYxRCNyT29NVUo6pgPmxI=
 github.com/pkg/sftp v1.11.0/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pkg/sftp v1.13.5 h1:a3RLUqkyjYRtBTZJZ1VRrKbN3zhuPLlUc3sphVz81go=
+github.com/pkg/sftp v1.13.5/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

obfssh/proxy.go

@@ -1,61 +1,14 @@
 package main
 
 import (
-	"bufio"
-	"crypto/tls"
-	"fmt"
-	"io"
 	"net"
-	"net/textproto"
 	"net/url"
 	"os"
 	"strconv"
-	"strings"
-	"time"
 
 	"github.com/fangdingjun/go-log/v5"
-	socks "github.com/fangdingjun/socks-go"
 )
 
-type httpProxyConn struct {
-	c net.Conn
-	r io.Reader
-}
-
-func (hc *httpProxyConn) Read(b []byte) (int, error) {
-	return hc.r.Read(b)
-}
-
-func (hc *httpProxyConn) Write(b []byte) (int, error) {
-	return hc.c.Write(b)
-}
-
-func (hc *httpProxyConn) Close() error {
-	return hc.c.Close()
-}
-func (hc *httpProxyConn) LocalAddr() net.Addr {
-	return hc.c.LocalAddr()
-}
-
-func (hc *httpProxyConn) RemoteAddr() net.Addr {
-	return hc.c.RemoteAddr()
-}
-
-func (hc *httpProxyConn) SetDeadline(t time.Time) error {
-	return hc.c.SetDeadline(t)
-}
-
-func (hc *httpProxyConn) SetReadDeadline(t time.Time) error {
-	return hc.c.SetReadDeadline(t)
-}
-
-func (hc *httpProxyConn) SetWriteDeadline(t time.Time) error {
-	return hc.c.SetWriteDeadline(t)
-}
-
-// validate the interface implements
-var _ net.Conn = &httpProxyConn{}
-
 func updateProxyFromEnv(cfg *config) {
 	if cfg.Proxy.Scheme != "" && cfg.Proxy.Host != "" && cfg.Proxy.Port != 0 {
 		log.Debugf("proxy already specified by config, not parse environment proxy")
@@ -108,99 +61,3 @@ func updateProxyFromEnv(cfg *config) {
 		}
 	}
 }
-
-func httpProxyHandshake(c net.Conn, host string, port int) (net.Conn, error) {
-	fmt.Fprintf(c, "CONNECT %s:%d HTTP/1.1\r\n", host, port)
-	fmt.Fprintf(c, "Host: %s:%d\r\n", host, port)
-	fmt.Fprintf(c, "User-Agent: go/1.7\r\n")
-	fmt.Fprintf(c, "\r\n")
-
-	r := bufio.NewReader(c)
-	tp := textproto.NewReader(r)
-
-	// read status line
-	statusLine, err := tp.ReadLine()
-	if err != nil {
-		return nil, err
-	}
-
-	if statusLine[0:4] != "HTTP" {
-		return nil, fmt.Errorf("not http reply")
-	}
-
-	status := strings.Fields(statusLine)[1]
-
-	statusCode, err := strconv.Atoi(status)
-	if err != nil {
-		return nil, err
-	}
-
-	if statusCode != 200 {
-		return nil, fmt.Errorf("http status error %d", statusCode)
-	}
-
-	// read header
-	if _, err = tp.ReadMIMEHeader(); err != nil {
-		return nil, err
-	}
-
-	return &httpProxyConn{c: c, r: r}, nil
-}
-
-func dialHTTPProxy(host string, port int, p proxy) (net.Conn, error) {
-	c, err := dialer.Dial("tcp", net.JoinHostPort(p.Host, fmt.Sprintf("%d", p.Port)))
-	if err != nil {
-		return nil, err
-	}
-
-	c1, err := httpProxyHandshake(c, host, port)
-	if err != nil {
-		c.Close()
-		return nil, err
-	}
-	return c1, nil
-}
-
-func dialHTTPSProxy(host string, port int, p proxy) (net.Conn, error) {
-	hostname := p.Host
-	if p.SNI != "" {
-		hostname = p.SNI
-	}
-
-	tlsconfig := &tls.Config{
-		ServerName:         hostname,
-		InsecureSkipVerify: p.Insecure,
-	}
-
-	c, err := tls.DialWithDialer(dialer, "tcp", net.JoinHostPort(p.Host, fmt.Sprintf("%d", p.Port)), tlsconfig)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := c.Handshake(); err != nil {
-		c.Close()
-		return nil, err
-	}
-
-	c1, err := httpProxyHandshake(c, host, port)
-	if err != nil {
-		c.Close()
-		return nil, err
-	}
-	return c1, nil
-}
-
-func dialSocks5Proxy(host string, port int, p proxy) (net.Conn, error) {
-	c, err := dialer.Dial("tcp", net.JoinHostPort(p.Host, fmt.Sprintf("%d", p.Port)))
-	if err != nil {
-		return nil, err
-	}
-
-	c1 := &socks.Client{Conn: c}
-	c2, err := c1.Dial("tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port)))
-	if err != nil {
-		c1.Close()
-		return nil, err
-	}
-	return c2, err
-}

obfssh/ssh.go

@@ -34,7 +34,6 @@ func main() {
 	flag.StringVar(&cfg.Password, "pw", "", "ssh password")
 	flag.IntVar(&cfg.Port, "p", 22, "remote port")
 	flag.StringVar(&cfg.PrivateKey, "i", "", "private key file")
-	flag.BoolVar(&cfg.TLS, "tls", false, "use tls or not")
 	flag.BoolVar(&cfg.TLSInsecure, "tls-insecure", false, "insecure tls connnection")
 	flag.Var(&cfg.LocalForwards, "L", "forward local port to remote, format [local_host:]local_port:remote_host:remote_port")
 	flag.Var(&cfg.RemoteForwards, "R", "forward remote port to local, format [remote_host:]remote_port:local_host:local_port")
@@ -148,10 +147,13 @@ func main() {
 		cmd = strings.Join(args, " ")
 	}
 
+	var serverName string
 	if strings.Contains(host, "@") {
-		ss := strings.SplitN(host, "@", 2)
-		cfg.Username = ss[0]
-		host = ss[1]
+		u, _ := url.Parse(host)
+		cfg.Username = u.User.Username()
+		u.User = nil
+		host = u.String()
+		serverName, _, _ = net.SplitHostPort(u.Host)
 	}
 
 	// process user specified private key
@@ -193,74 +195,33 @@ func main() {
 	// parse environment proxy
 	updateProxyFromEnv(&cfg)
 
-	var c net.Conn
-	var rhost string
-
-	if strings.HasPrefix(host, "ws://") || strings.HasPrefix(host, "wss://") {
-		c, err = obfssh.NewWSConn(host)
-		u, _ := url.Parse(host)
-		rhost = u.Host
-	} else {
-		rhost = net.JoinHostPort(host, fmt.Sprintf("%d", cfg.Port))
-		if cfg.Proxy.Scheme != "" && cfg.Proxy.Host != "" && cfg.Proxy.Port != 0 {
-			switch cfg.Proxy.Scheme {
-			case "http":
-				log.Debugf("use http proxy %s:%d to connect to server",
-					cfg.Proxy.Host, cfg.Proxy.Port)
-				c, err = dialHTTPProxy(host, cfg.Port, cfg.Proxy)
-			case "https":
-				log.Debugf("use https proxy %s:%d to connect to server",
-					cfg.Proxy.Host, cfg.Proxy.Port)
-				c, err = dialHTTPSProxy(host, cfg.Port, cfg.Proxy)
-			case "socks5":
-				log.Debugf("use socks proxy %s:%d to connect to server",
-					cfg.Proxy.Host, cfg.Proxy.Port)
-				c, err = dialSocks5Proxy(host, cfg.Port, cfg.Proxy)
-			default:
-				err = fmt.Errorf("unsupported scheme: %s", cfg.Proxy.Scheme)
-			}
-		} else {
-			log.Debugf("dail to %s", rhost)
-			c, err = dialer.Dial("tcp", rhost)
-		}
-	}
-
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	log.Debugf("dail success")
-
 	timeout := time.Duration(cfg.KeepaliveInterval*2) * time.Second
 
-	var _conn net.Conn = &obfssh.TimedOutConn{Conn: c, Timeout: timeout}
-
-	if cfg.TLS {
-		log.Debugf("begin tls handshake")
-		_conn = tls.Client(_conn, &tls.Config{
-			ServerName:         host,
-			InsecureSkipVerify: cfg.TLSInsecure,
-		})
-		if err := _conn.(*tls.Conn).Handshake(); err != nil {
-			log.Fatal(err)
-		}
-		log.Debugf("tls handshake done")
-	}
-
 	conf := &obfssh.Conf{
 		Timeout:           timeout,
 		KeepAliveInterval: time.Duration(cfg.KeepaliveInterval) * time.Second,
 		KeepAliveMax:      cfg.KeepaliveMax,
 	}
 
-	log.Debugf("ssh negotation")
-	client, err := obfssh.NewClient(_conn, config, rhost, conf)
+	dialer := &obfssh.Dialer{
+		Proxy: func() (*url.URL, error) {
+			if cfg.Proxy.Scheme != "" && cfg.Proxy.Host != "" && cfg.Proxy.Port != 0 {
+				return &url.URL{
+					Scheme: cfg.Proxy.Scheme,
+					Host:   fmt.Sprintf("%s:%d", cfg.Proxy.Host, cfg.Proxy.Port),
+				}, nil
+			}
+			return nil, nil
+		},
+		TLSClientConfig: &tls.Config{ServerName: serverName, InsecureSkipVerify: cfg.TLSInsecure},
+		NetConf:         conf,
+	}
+
+	client, err := dialer.Dial(host, config)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	log.Debugf("ssh negotation success")
-
 	if agentClient != nil {
 		client.SetAuthAgent(agentClient)
 	}
@@ -394,13 +355,19 @@ func passwordAuth() (string, error) {
 func usage() {
 	usageStr := `Usage:
   obfssh -N -d -D [bind_address:]port -f configfile
-   -tls -tls-insecure -log_file /path/to/file
+    -tls-insecure -log_file /path/to/file
    -log_count 10 -log_size 10
    -log_level INFO
    -i identity_file -L [bind_address:]port:host:hostport
    -l login_name -pw password -p port 
    -http [bind_addr:]port
-   -R [bind_address:]port:host:hostport [user@]hostname [command]
+   -R [bind_address:]port:host:hostport host [command]
+
+   host can be multiple forms, example:
+		user@example.com 
+		tls://hostname
+		ws://hostname/path
+		wss://hostname/path
 
 Options:
     -d verbose mode
@@ -461,11 +428,8 @@ Options:
        encrypt ssh connection
        similar like -D, but input is http, not socks5
 
-    -tls
-       connect to server via TLS
-
     -tls-insecure
-       do not verify server's tls ceritificate
+       do not verify server's tls ceritificate when use tls:// or wss://
        
     -log_file
        log file, default stdout

proxy.go

@@ -0,0 +1,151 @@
+package obfssh
+
+import (
+	"bufio"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"net"
+	"net/textproto"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	log "github.com/fangdingjun/go-log/v5"
+	socks "github.com/fangdingjun/socks-go"
+)
+
+type httpProxyConn struct {
+	c net.Conn
+	r io.Reader
+}
+
+func (hc *httpProxyConn) Read(b []byte) (int, error) {
+	return hc.r.Read(b)
+}
+
+func (hc *httpProxyConn) Write(b []byte) (int, error) {
+	return hc.c.Write(b)
+}
+
+func (hc *httpProxyConn) Close() error {
+	return hc.c.Close()
+}
+func (hc *httpProxyConn) LocalAddr() net.Addr {
+	return hc.c.LocalAddr()
+}
+
+func (hc *httpProxyConn) RemoteAddr() net.Addr {
+	return hc.c.RemoteAddr()
+}
+
+func (hc *httpProxyConn) SetDeadline(t time.Time) error {
+	return hc.c.SetDeadline(t)
+}
+
+func (hc *httpProxyConn) SetReadDeadline(t time.Time) error {
+	return hc.c.SetReadDeadline(t)
+}
+
+func (hc *httpProxyConn) SetWriteDeadline(t time.Time) error {
+	return hc.c.SetWriteDeadline(t)
+}
+
+// validate the interface implements
+var _ net.Conn = &httpProxyConn{}
+
+func httpProxyHandshake(c net.Conn, addr string) (net.Conn, error) {
+	log.Debugf("http handshake with %s", addr)
+	fmt.Fprintf(c, "CONNECT %s HTTP/1.1\r\n", addr)
+	fmt.Fprintf(c, "Host: %s\r\n", addr)
+	fmt.Fprintf(c, "User-Agent: go/1.7\r\n")
+	fmt.Fprintf(c, "\r\n")
+
+	r := bufio.NewReader(c)
+	tp := textproto.NewReader(r)
+
+	// read status line
+	statusLine, err := tp.ReadLine()
+	if err != nil {
+		return nil, err
+	}
+
+	if statusLine[0:4] != "HTTP" {
+		return nil, fmt.Errorf("not http reply")
+	}
+
+	status := strings.Fields(statusLine)[1]
+
+	statusCode, err := strconv.Atoi(status)
+	if err != nil {
+		return nil, err
+	}
+
+	if statusCode != 200 {
+		return nil, fmt.Errorf("http status error %d", statusCode)
+	}
+
+	// read header
+	if _, err = tp.ReadMIMEHeader(); err != nil {
+		return nil, err
+	}
+
+	return &httpProxyConn{c: c, r: r}, nil
+}
+
+func dialHTTPProxy(addr string, p *url.URL) (net.Conn, error) {
+	log.Debugf("dial to %s", p.Host)
+	c, err := dialer.Dial("tcp", p.Host)
+	if err != nil {
+		return nil, err
+	}
+
+	c1, err := httpProxyHandshake(c, addr)
+	if err != nil {
+		c.Close()
+		return nil, err
+	}
+	return c1, nil
+}
+
+func dialHTTPSProxy(addr string, p *url.URL) (net.Conn, error) {
+	hostname := p.Host
+
+	tlsconfig := &tls.Config{
+		ServerName:         hostname,
+		InsecureSkipVerify: true,
+	}
+
+	c, err := tls.DialWithDialer(dialer, "tcp", p.Host, tlsconfig)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := c.Handshake(); err != nil {
+		c.Close()
+		return nil, err
+	}
+
+	c1, err := httpProxyHandshake(c, addr)
+	if err != nil {
+		c.Close()
+		return nil, err
+	}
+	return c1, nil
+}
+
+func dialSocks5Proxy(addr string, p *url.URL) (net.Conn, error) {
+	c, err := dialer.Dial("tcp", p.Host)
+	if err != nil {
+		return nil, err
+	}
+
+	c1 := &socks.Client{Conn: c}
+	c2, err := c1.Dial("tcp", addr)
+	if err != nil {
+		c1.Close()
+		return nil, err
+	}
+	return c2, err
+}

ws.go

@@ -3,14 +3,12 @@ package obfssh
 import (
 	"bytes"
 	"errors"
-	"fmt"
 	"io"
 	"net"
-	"net/http"
 	"sync"
 	"time"
 
-	"github.com/fangdingjun/go-log/v5"
+	log "github.com/fangdingjun/go-log/v5"
 	"github.com/gorilla/websocket"
 )
 
@@ -23,29 +21,6 @@ type wsConn struct {
 
 var _ net.Conn = &wsConn{}
 
-// NewWSConn dial to websocket server and return net.Conn
-func NewWSConn(p string) (net.Conn, error) {
-	conn, resp, err := websocket.DefaultDialer.Dial(p, nil)
-	if err != nil {
-		return nil, err
-	}
-	resp.Body.Close()
-
-	if resp.StatusCode != http.StatusSwitchingProtocols {
-		return nil, fmt.Errorf("http status %d", resp.StatusCode)
-	}
-
-	c := &wsConn{Conn: conn,
-		buf: bytes.NewBuffer(nil),
-		mu:  new(sync.Mutex),
-		ch:  make(chan struct{}),
-	}
-
-	go c.readLoop()
-
-	return c, nil
-}
-
 func (wc *wsConn) readLoop() {
 	for {
 		_, data, err := wc.ReadMessage()