fangdingjun
/
sniproxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: fangdingjun:c43912d0312dc03d61dc082fc5a0a94189803123
Branches Tags
fangdingjun:master
..
compare: fangdingjun:12f4938134abe858b393f14333976b87ad1bd0b7
Branches Tags
fangdingjun:master

No commits in common. 'c43912d0312dc03d61dc082fc5a0a94189803123' and '12f4938134abe858b393f14333976b87ad1bd0b7' have entirely different histories.
c43912d031 ... 12f4938134

7 changed files with 360 additions and 378 deletions
Show Stats

16
common.go
Unescape Escape View File

@ -69,11 +69,9 @@ const (
) )
// TLS compression types. // TLS compression types.
/*
const ( const (
compressionNone uint8 = 0 compressionNone uint8 = 0
) )
*/
// TLS extension numbers // TLS extension numbers
const ( const (
@ -109,11 +107,9 @@ const (
// TLS Elliptic Curve Point Formats // TLS Elliptic Curve Point Formats
// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9
/*
const ( const (
pointFormatUncompressed uint8 = 0 pointFormatUncompressed uint8 = 0
) )
*/
// TLS CertificateStatusType (RFC 3546) // TLS CertificateStatusType (RFC 3546)
const ( const (
@ -121,7 +117,6 @@ const (
) )
// Certificate types (for certificateRequestMsg) // Certificate types (for certificateRequestMsg)
/*
const ( const (
certTypeRSASign = 1 // A certificate containing an RSA key certTypeRSASign = 1 // A certificate containing an RSA key
certTypeDSSSign = 2 // A certificate containing a DSA key certTypeDSSSign = 2 // A certificate containing a DSA key
@ -135,24 +130,19 @@ const (
// Rest of these are reserved by the TLS spec // Rest of these are reserved by the TLS spec
) )
*/
// Hash functions for TLS 1.2 (See RFC 5246, section A.4.1) // Hash functions for TLS 1.2 (See RFC 5246, section A.4.1)
/*
const ( const (
hashSHA1 uint8 = 2 hashSHA1 uint8 = 2
hashSHA256 uint8 = 4 hashSHA256 uint8 = 4
hashSHA384 uint8 = 5 hashSHA384 uint8 = 5
) )
*/
// Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1) // Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1)
/*
const ( const (
signatureRSA uint8 = 1 signatureRSA uint8 = 1
signatureECDSA uint8 = 3 signatureECDSA uint8 = 3
) )
*/
// signatureAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See // signatureAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See
// RFC 5246, section A.4.1. // RFC 5246, section A.4.1.
@ -163,7 +153,6 @@ type signatureAndHash struct {
// supportedSignatureAlgorithms contains the signature and hash algorithms that // supportedSignatureAlgorithms contains the signature and hash algorithms that
// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2 // the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2
// CertificateRequest. // CertificateRequest.
/*
var supportedSignatureAlgorithms = []signatureAndHash{ var supportedSignatureAlgorithms = []signatureAndHash{
{hashSHA256, signatureRSA}, {hashSHA256, signatureRSA},
{hashSHA256, signatureECDSA}, {hashSHA256, signatureECDSA},
@ -172,7 +161,6 @@ var supportedSignatureAlgorithms = []signatureAndHash{
{hashSHA1, signatureRSA}, {hashSHA1, signatureRSA},
{hashSHA1, signatureECDSA}, {hashSHA1, signatureECDSA},
} }
*/
// ConnectionState records basic TLS details about the connection. // ConnectionState records basic TLS details about the connection.
type ConnectionState struct { type ConnectionState struct {
@ -213,7 +201,6 @@ const (
// ClientSessionState contains the state needed by clients to resume TLS // ClientSessionState contains the state needed by clients to resume TLS
// sessions. // sessions.
/*
type ClientSessionState struct { type ClientSessionState struct {
sessionTicket []uint8 // Encrypted ticket used for session resumption with server sessionTicket []uint8 // Encrypted ticket used for session resumption with server
vers uint16 // SSL/TLS version negotiated for the session vers uint16 // SSL/TLS version negotiated for the session
@ -222,14 +209,12 @@ type ClientSessionState struct {
serverCertificates []*x509.Certificate // Certificate chain presented by the server serverCertificates []*x509.Certificate // Certificate chain presented by the server
verifiedChains [][]*x509.Certificate // Certificate chains we built for verification verifiedChains [][]*x509.Certificate // Certificate chains we built for verification
} }
*/
// ClientSessionCache is a cache of ClientSessionState objects that can be used // ClientSessionCache is a cache of ClientSessionState objects that can be used
// by a client to resume a TLS session with a given server. ClientSessionCache // by a client to resume a TLS session with a given server. ClientSessionCache
// implementations should expect to be called concurrently from different // implementations should expect to be called concurrently from different
// goroutines. Only ticket-based resumption is supported, not SessionID-based // goroutines. Only ticket-based resumption is supported, not SessionID-based
// resumption. // resumption.
/*
type ClientSessionCache interface { type ClientSessionCache interface {
// Get searches for a ClientSessionState associated with the given key. // Get searches for a ClientSessionState associated with the given key.
// On return, ok is true if one was found. // On return, ok is true if one was found.
@ -238,7 +223,6 @@ type ClientSessionCache interface {
// Put adds the ClientSessionState to the cache with the given key. // Put adds the ClientSessionState to the cache with the given key.
Put(sessionKey string, cs *ClientSessionState) Put(sessionKey string, cs *ClientSessionState)
} }
*/
/* /*
// SignatureScheme identifies a signature algorithm supported by TLS. See // SignatureScheme identifies a signature algorithm supported by TLS. See

4
conf_test.go
Unescape Escape View File

@ -1,14 +1,14 @@
package main package main
import ( import (
"os" "io/ioutil"
"testing" "testing"
yaml "gopkg.in/yaml.v2" yaml "gopkg.in/yaml.v2"
) )
func TestConf(t *testing.T) { func TestConf(t *testing.T) {
data, err := os.ReadFile("config.sample.yaml") data, err := ioutil.ReadFile("config.sample.yaml")
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }

2
go.mod
Unescape Escape View File

@ -5,7 +5,7 @@ go 1.17
require ( require (
github.com/fangdingjun/go-log/v5 v5.0.0 github.com/fangdingjun/go-log/v5 v5.0.0
github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7 github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7
github.com/pires/go-proxyproto v0.6.1 github.com/pires/go-proxyproto v0.6.0
gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 v2.4.0
) )

3
go.sum
Unescape Escape View File

@ -2,9 +2,8 @@ github.com/fangdingjun/go-log/v5 v5.0.0 h1:vdh9Bk9C4ZFL6KoO6rII73zQIyaLf7hFdBvuc
github.com/fangdingjun/go-log/v5 v5.0.0/go.mod h1:V012Oxo0/pSbccX4OFSp9MJglXwNsZo2ByBBorr7zzM= github.com/fangdingjun/go-log/v5 v5.0.0/go.mod h1:V012Oxo0/pSbccX4OFSp9MJglXwNsZo2ByBBorr7zzM=
github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7 h1:z5NlLvUNbGZxQhtUZELvIorAqpDmcIhGQXE5GdO7+5I= github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7 h1:z5NlLvUNbGZxQhtUZELvIorAqpDmcIhGQXE5GdO7+5I=
github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7/go.mod h1:ljbjhI4fVrT5GwMu1iBhWTZwLJSqsXKwKlGKas5GudM= github.com/fangdingjun/protolistener v0.0.0-20210804081554-626e6590d6e7/go.mod h1:ljbjhI4fVrT5GwMu1iBhWTZwLJSqsXKwKlGKas5GudM=
github.com/pires/go-proxyproto v0.6.0 h1:cLJUPnuQdiNf7P/wbeOKmM1khVdaMgTFDLj8h9ZrVYk=
github.com/pires/go-proxyproto v0.6.0/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= github.com/pires/go-proxyproto v0.6.0/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=

8
handshake_messages.go
Unescape Escape View File

@ -33,7 +33,7 @@ type clientHelloMsg struct {
} }
/* /*
func (m *clientHelloMsg) equal(i interface{}) bool { func (m *clientHelloMsg) equal(i interface{}) bool {
m1, ok := i.(*clientHelloMsg) m1, ok := i.(*clientHelloMsg)
if !ok { if !ok {
return false return false
@ -57,9 +57,9 @@ type clientHelloMsg struct {
m.secureRenegotiationSupported == m1.secureRenegotiationSupported && m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
eqStrings(m.alpnProtocols, m1.alpnProtocols) eqStrings(m.alpnProtocols, m1.alpnProtocols)
} }
func (m *clientHelloMsg) marshal() []byte { func (m *clientHelloMsg) marshal() []byte {
if m.raw != nil { if m.raw != nil {
return m.raw return m.raw
} }
@ -298,7 +298,7 @@ type clientHelloMsg struct {
m.raw = x m.raw = x
return x return x
} }
*/ */
func (m *clientHelloMsg) unmarshal(data []byte) bool { func (m *clientHelloMsg) unmarshal(data []byte) bool {
if len(data) < 42 { if len(data) < 42 {

13
main.go
Unescape Escape View File

@ -5,6 +5,7 @@ import (
"flag" "flag"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"net" "net"
"os" "os"
"os/signal" "os/signal"
@ -77,11 +78,7 @@ func forward(ctx context.Context, c net.Conn, data []byte, dst string) {
Command: proxyproto.PROXY, Command: proxyproto.PROXY,
TransportProtocol: proxyproto.TCPv4, TransportProtocol: proxyproto.TCPv4,
SourceAddr: raddr, SourceAddr: raddr,
DestinationAddr: &net.TCPAddr{ DestinationAddr: &net.TCPAddr{},
IP: []byte{0, 0, 0, 0},
Port: 0,
Zone: "",
},
} }
switch strings.ToLower(ss[1]) { switch strings.ToLower(ss[1]) {
@ -189,7 +186,7 @@ func main() {
flag.StringVar(&loglevel, "log_level", "INFO", "log level") flag.StringVar(&loglevel, "log_level", "INFO", "log level")
flag.Parse() flag.Parse()
data, err := os.ReadFile(cfgfile) data, err := ioutil.ReadFile(cfgfile)
if err != nil { if err != nil {
glog.Fatal(err) glog.Fatal(err)
} }
@ -234,7 +231,9 @@ func main() {
ch := make(chan os.Signal, 2) ch := make(chan os.Signal, 2)
signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM) signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
s := <-ch select {
case s := <-ch:
cancel() cancel()
glog.Printf("received signal %s, exit.", s) glog.Printf("received signal %s, exit.", s)
}
} }

4
proto_test.go
Unescape Escape View File

@ -3,8 +3,8 @@ package main
import ( import (
"context" "context"
"crypto/tls" "crypto/tls"
"io/ioutil"
"net" "net"
"os"
"testing" "testing"
"github.com/fangdingjun/go-log/v5" "github.com/fangdingjun/go-log/v5"
@ -15,7 +15,7 @@ import (
func TestProxyProto(t *testing.T) { func TestProxyProto(t *testing.T) {
log.Default.Level = log.DEBUG log.Default.Level = log.DEBUG
data, err := os.ReadFile("config.sample.yaml") data, err := ioutil.ReadFile("config.sample.yaml")
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }

Write Preview
Loading…
Cancel
Save