forked from ginuerzh/gost
-
Notifications
You must be signed in to change notification settings - Fork 0
/
handler.go
286 lines (249 loc) · 6.94 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
package gost
import (
"bufio"
"crypto/tls"
"net"
"net/url"
"time"
"github.com/go-gost/gosocks4"
"github.com/go-gost/gosocks5"
"github.com/go-log/log"
)
// Handler is a proxy server handler
type Handler interface {
Init(options ...HandlerOption)
Handle(net.Conn)
}
// HandlerOptions describes the options for Handler.
type HandlerOptions struct {
Addr string
Chain *Chain
Users []*url.Userinfo
Authenticator Authenticator
TLSConfig *tls.Config
Whitelist *Permissions
Blacklist *Permissions
Strategy Strategy
MaxFails int
FailTimeout time.Duration
Bypass *Bypass
Retries int
Timeout time.Duration
Resolver Resolver
Hosts *Hosts
ProbeResist string
KnockingHost string
Node Node
Host string
IPs []string
TCPMode bool
IPRoutes []IPRoute
ProxyAgent string
HTTPTunnel bool
}
// HandlerOption allows a common way to set handler options.
type HandlerOption func(opts *HandlerOptions)
// AddrHandlerOption sets the Addr option of HandlerOptions.
func AddrHandlerOption(addr string) HandlerOption {
return func(opts *HandlerOptions) {
opts.Addr = addr
}
}
// ChainHandlerOption sets the Chain option of HandlerOptions.
func ChainHandlerOption(chain *Chain) HandlerOption {
return func(opts *HandlerOptions) {
opts.Chain = chain
}
}
// UsersHandlerOption sets the Users option of HandlerOptions.
func UsersHandlerOption(users ...*url.Userinfo) HandlerOption {
return func(opts *HandlerOptions) {
opts.Users = users
kvs := make(map[string]string)
for _, u := range users {
if u != nil {
kvs[u.Username()], _ = u.Password()
}
}
if len(kvs) > 0 {
opts.Authenticator = NewLocalAuthenticator(kvs)
}
}
}
// AuthenticatorHandlerOption sets the Authenticator option of HandlerOptions.
func AuthenticatorHandlerOption(au Authenticator) HandlerOption {
return func(opts *HandlerOptions) {
opts.Authenticator = au
}
}
// TLSConfigHandlerOption sets the TLSConfig option of HandlerOptions.
func TLSConfigHandlerOption(config *tls.Config) HandlerOption {
return func(opts *HandlerOptions) {
opts.TLSConfig = config
}
}
// WhitelistHandlerOption sets the Whitelist option of HandlerOptions.
func WhitelistHandlerOption(whitelist *Permissions) HandlerOption {
return func(opts *HandlerOptions) {
opts.Whitelist = whitelist
}
}
// BlacklistHandlerOption sets the Blacklist option of HandlerOptions.
func BlacklistHandlerOption(blacklist *Permissions) HandlerOption {
return func(opts *HandlerOptions) {
opts.Blacklist = blacklist
}
}
// BypassHandlerOption sets the bypass option of HandlerOptions.
func BypassHandlerOption(bypass *Bypass) HandlerOption {
return func(opts *HandlerOptions) {
opts.Bypass = bypass
}
}
// StrategyHandlerOption sets the strategy option of HandlerOptions.
func StrategyHandlerOption(strategy Strategy) HandlerOption {
return func(opts *HandlerOptions) {
opts.Strategy = strategy
}
}
// MaxFailsHandlerOption sets the max_fails option of HandlerOptions.
func MaxFailsHandlerOption(n int) HandlerOption {
return func(opts *HandlerOptions) {
opts.MaxFails = n
}
}
// FailTimeoutHandlerOption sets the fail_timeout option of HandlerOptions.
func FailTimeoutHandlerOption(d time.Duration) HandlerOption {
return func(opts *HandlerOptions) {
opts.FailTimeout = d
}
}
// RetryHandlerOption sets the retry option of HandlerOptions.
func RetryHandlerOption(retries int) HandlerOption {
return func(opts *HandlerOptions) {
opts.Retries = retries
}
}
// TimeoutHandlerOption sets the timeout option of HandlerOptions.
func TimeoutHandlerOption(timeout time.Duration) HandlerOption {
return func(opts *HandlerOptions) {
opts.Timeout = timeout
}
}
// ResolverHandlerOption sets the resolver option of HandlerOptions.
func ResolverHandlerOption(resolver Resolver) HandlerOption {
return func(opts *HandlerOptions) {
opts.Resolver = resolver
}
}
// HostsHandlerOption sets the Hosts option of HandlerOptions.
func HostsHandlerOption(hosts *Hosts) HandlerOption {
return func(opts *HandlerOptions) {
opts.Hosts = hosts
}
}
// ProbeResistHandlerOption adds the probe resistance for HTTP proxy.
func ProbeResistHandlerOption(pr string) HandlerOption {
return func(opts *HandlerOptions) {
opts.ProbeResist = pr
}
}
// KnockingHandlerOption adds the knocking host for probe resistance.
func KnockingHandlerOption(host string) HandlerOption {
return func(opts *HandlerOptions) {
opts.KnockingHost = host
}
}
// NodeHandlerOption set the server node for server handler.
func NodeHandlerOption(node Node) HandlerOption {
return func(opts *HandlerOptions) {
opts.Node = node
}
}
// HostHandlerOption sets the target host for SNI proxy.
func HostHandlerOption(host string) HandlerOption {
return func(opts *HandlerOptions) {
opts.Host = host
}
}
// IPsHandlerOption sets the ip list for port forward.
func IPsHandlerOption(ips []string) HandlerOption {
return func(opts *HandlerOptions) {
opts.IPs = ips
}
}
// TCPModeHandlerOption sets the tcp mode for tun/tap device.
func TCPModeHandlerOption(b bool) HandlerOption {
return func(opts *HandlerOptions) {
opts.TCPMode = b
}
}
// IPRoutesHandlerOption sets the IP routes for tun tunnel.
func IPRoutesHandlerOption(routes ...IPRoute) HandlerOption {
return func(opts *HandlerOptions) {
opts.IPRoutes = routes
}
}
// ProxyAgentHandlerOption sets the proxy agent for http handler.
func ProxyAgentHandlerOption(agent string) HandlerOption {
return func(opts *HandlerOptions) {
opts.ProxyAgent = agent
}
}
// HTTPTunnelHandlerOption sets the Tunnel mode for HTTP client used in HTTP handler.
func HTTPTunnelHandlerOption(tunnelMode bool) HandlerOption {
return func(opts *HandlerOptions) {
opts.HTTPTunnel = tunnelMode
}
}
type autoHandler struct {
options *HandlerOptions
}
// AutoHandler creates a server Handler for auto proxy server.
func AutoHandler(opts ...HandlerOption) Handler {
h := &autoHandler{}
h.Init(opts...)
return h
}
func (h *autoHandler) Init(options ...HandlerOption) {
if h.options == nil {
h.options = &HandlerOptions{}
}
for _, opt := range options {
opt(h.options)
}
}
func (h *autoHandler) Handle(conn net.Conn) {
br := bufio.NewReader(conn)
b, err := br.Peek(1)
if err != nil {
log.Logf("[auto] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), err)
conn.Close()
return
}
cc := &bufferdConn{Conn: conn, br: br}
var handler Handler
switch b[0] {
case gosocks4.Ver4:
// SOCKS4(a) does not suppport authentication method,
// so we ignore it when credentials are specified for security reason.
if len(h.options.Users) > 0 {
cc.Close()
return
}
handler = &socks4Handler{options: h.options}
case gosocks5.Ver5: // socks5
handler = &socks5Handler{options: h.options}
default: // http
handler = &httpHandler{options: h.options}
}
handler.Init()
handler.Handle(cc)
}
type bufferdConn struct {
net.Conn
br *bufio.Reader
}
func (c *bufferdConn) Read(b []byte) (int, error) {
return c.br.Read(b)
}