root/gost_software
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add gost

Browse Source
This commit is contained in:
rui.zheng 2017-08-04 00:25:15 +08:00
parent 97d2de15a3
commit 6613df9960
7 changed files with 349 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gost/chain.go
View File

@ -78,12 +78,12 @@ func (c *Chain) Conn() (net.Conn, error) {
} }
nodes := c.nodes nodes := c.nodes
conn, err := nodes[0].Client.Dial(nodes[0].Addr, TimeoutDialOption(DialTimeout)) conn, err := nodes[0].Client.Dial(nodes[0].Addr, nodes[0].DialOptions...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
conn, err = nodes[0].Client.Handshake(conn, AddrHandshakeOption(nodes[0].Addr)) conn, err = nodes[0].Client.Handshake(conn, nodes[0].HandshakeOptions...)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -99,7 +99,7 @@ func (c *Chain) Conn() (net.Conn, error) {
conn.Close() conn.Close()
return nil, err return nil, err
} }
cc, err = next.Client.Handshake(cc, AddrHandshakeOption(next.Addr)) cc, err = next.Client.Handshake(cc, next.HandshakeOptions...)
if err != nil { if err != nil {
conn.Close() conn.Close()
return nil, err return nil, err

290
gost/cmd/gost/main.go
View File

@ -1,12 +1,20 @@
package main package main
import ( import (
"bufio"
"crypto/tls"
"encoding/json" "encoding/json"
"errors"
"flag" "flag"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net"
"net/url"
"os" "os"
"runtime" "runtime"
"strconv"
"strings"
"time"
"github.com/ginuerzh/gost/gost" "github.com/ginuerzh/gost/gost"
"github.com/go-log/log" "github.com/go-log/log"
@ -51,10 +59,19 @@ func init() {
} }
func main() { func main() {
chain, err := initChain()
if err != nil {
log.Log(err)
os.Exit(1)
}
if err := serve(chain); err != nil {
log.Log(err)
os.Exit(1)
}
select {}
} }
func buildChain() (*gost.Chain, error) { func initChain() (*gost.Chain, error) {
chain := gost.NewChain() chain := gost.NewChain()
for _, ns := range options.chainNodes { for _, ns := range options.chainNodes {
node, err := gost.ParseNode(ns) node, err := gost.ParseNode(ns)
@ -62,19 +79,41 @@ func buildChain() (*gost.Chain, error) {
return nil, err return nil, err
} }
serverName, _, _ := net.SplitHostPort(node.Addr)
if serverName == "" {
serverName = "localhost" // default server name
}
tlsCfg := &tls.Config{
ServerName: serverName,
InsecureSkipVerify: !toBool(node.Values.Get("scure")),
}
var tr gost.Transporter var tr gost.Transporter
switch node.Transport { switch node.Transport {
case "tls": case "tls":
tr = gost.TLSTransporter() tr = gost.TLSTransporter()
case "ws": case "ws":
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = toBool(node.Values.Get("compression"))
wsOpts.ReadBufferSize, _ = strconv.Atoi(node.Values.Get("rbuf"))
wsOpts.WriteBufferSize, _ = strconv.Atoi(node.Values.Get("wbuf"))
node.HandshakeOptions = append(node.HandshakeOptions,
gost.WSOptionsHandshakeOption(wsOpts),
)
tr = gost.WSTransporter(nil) tr = gost.WSTransporter(nil)
case "wss": case "wss":
tr = gost.WSSTransporter(nil) tr = gost.WSSTransporter(nil)
case "kcp": case "kcp":
if !chain.IsEmpty() { if !chain.IsEmpty() {
log.Log("KCP must be the first node in the proxy chain") return nil, errors.New("KCP must be the first node in the proxy chain")
return nil, err
} }
config, err := parseKCPConfig(node.Values.Get("c"))
if err != nil {
log.Log("[kcp]", err)
}
node.HandshakeOptions = append(node.HandshakeOptions,
gost.KCPConfigHandshakeOption(config),
)
tr = gost.KCPTransporter(nil) tr = gost.KCPTransporter(nil)
case "ssh": case "ssh":
if node.Protocol == "direct" || node.Protocol == "remote" { if node.Protocol == "direct" || node.Protocol == "remote" {
@ -82,14 +121,24 @@ func buildChain() (*gost.Chain, error) {
} else { } else {
tr = gost.SSHTunnelTransporter() tr = gost.SSHTunnelTransporter()
} }
node.Chain = chain // cutoff the chain for multiplex
chain = gost.NewChain()
case "quic": case "quic":
if !chain.IsEmpty() { if !chain.IsEmpty() {
log.Log("QUIC must be the first node in the proxy chain") return nil, errors.New("QUIC must be the first node in the proxy chain")
return nil, err
} }
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: toBool(node.Values.Get("keepalive")),
}
node.HandshakeOptions = append(node.HandshakeOptions,
gost.QUICConfigHandshakeOption(config),
)
tr = gost.QUICTransporter(nil) tr = gost.QUICTransporter(nil)
case "http2": case "http2":
tr = gost.HTTP2Transporter(nil) tr = gost.HTTP2Transporter(nil)
node.Chain = chain // cutoff the chain for multiplex
chain = gost.NewChain()
case "h2": case "h2":
tr = gost.H2Transporter(nil) tr = gost.H2Transporter(nil)
case "h2c": case "h2c":
@ -110,6 +159,10 @@ func buildChain() (*gost.Chain, error) {
connector = gost.SOCKS4AConnector() connector = gost.SOCKS4AConnector()
case "ss": case "ss":
connector = gost.ShadowConnector(nil) connector = gost.ShadowConnector(nil)
case "direct":
connector = gost.SSHDirectForwardConnector()
case "remote":
connector = gost.SSHRemoteForwardConnector()
case "http": case "http":
fallthrough fallthrough
default: default:
@ -117,6 +170,18 @@ func buildChain() (*gost.Chain, error) {
connector = gost.HTTPConnector(nil) connector = gost.HTTPConnector(nil)
} }
node.DialOptions = append(node.DialOptions,
gost.TimeoutDialOption(gost.DialTimeout),
gost.ChainDialOption(node.Chain),
)
interval, _ := strconv.Atoi(node.Values.Get("ping"))
node.HandshakeOptions = append(node.HandshakeOptions,
gost.AddrHandshakeOption(node.Addr),
gost.UserHandshakeOption(node.User),
gost.TLSConfigHandshakeOption(tlsCfg),
gost.IntervalHandshakeOption(time.Duration(interval)*time.Second),
)
node.Client = &gost.Client{ node.Client = &gost.Client{
Connector: connector, Connector: connector,
Transporter: tr, Transporter: tr,
@ -127,6 +192,166 @@ func buildChain() (*gost.Chain, error) {
return chain, nil return chain, nil
} }
func serve(chain *gost.Chain) error {
for _, ns := range options.serveNodes {
node, err := gost.ParseNode(ns)
if err != nil {
return err
}
users, err := parseUsers(node.Values.Get("secrets"))
if err != nil {
return err
}
tlsCfg, err := tlsConfig(node.Values.Get("cert"), node.Values.Get("key"))
if err != nil {
return err
}
var ln gost.Listener
switch node.Transport {
case "tls":
ln, err = gost.TLSListener(node.Addr, tlsCfg)
case "ws":
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = toBool(node.Values.Get("compression"))
wsOpts.ReadBufferSize, _ = strconv.Atoi(node.Values.Get("rbuf"))
wsOpts.WriteBufferSize, _ = strconv.Atoi(node.Values.Get("wbuf"))
ln, err = gost.WSListener(node.Addr, wsOpts)
case "wss":
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = toBool(node.Values.Get("compression"))
wsOpts.ReadBufferSize, _ = strconv.Atoi(node.Values.Get("rbuf"))
wsOpts.WriteBufferSize, _ = strconv.Atoi(node.Values.Get("wbuf"))
ln, err = gost.WSSListener(node.Addr, tlsCfg, wsOpts)
case "kcp":
config, err := parseKCPConfig(node.Values.Get("c"))
if err != nil {
log.Log("[kcp]", err)
}
ln, err = gost.KCPListener(node.Addr, config)
case "ssh":
config := &gost.SSHConfig{
Users: users,
TLSConfig: tlsCfg,
}
if node.Protocol == "forward" {
ln, err = gost.TCPListener(node.Addr)
} else {
ln, err = gost.SSHTunnelListener(node.Addr, config)
}
case "quic":
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: toBool(node.Values.Get("keepalive")),
}
timeout, _ := strconv.Atoi(node.Values.Get("timeout"))
config.Timeout = time.Duration(timeout) * time.Second
ln, err = gost.QUICListener(node.Addr, config)
case "http2":
ln, err = gost.HTTP2Listener(node.Addr, tlsCfg)
case "h2":
ln, err = gost.H2Listener(node.Addr, tlsCfg)
case "h2c":
ln, err = gost.H2CListener(node.Addr)
case "tcp":
ln, err = gost.TCPListener(node.Addr)
case "rtcp":
ln, err = gost.TCPRemoteForwardListener(node.Addr, chain)
case "udp":
ttl, _ := strconv.Atoi(node.Values.Get("ttl"))
ln, err = gost.UDPDirectForwardListener(node.Addr, time.Duration(ttl)*time.Second)
case "rudp":
ttl, _ := strconv.Atoi(node.Values.Get("ttl"))
ln, err = gost.UDPRemoteForwardListener(node.Addr, chain, time.Duration(ttl)*time.Second)
case "redirect":
ln, err = gost.TCPListener(node.Addr)
case "ssu":
ttl, _ := strconv.Atoi(node.Values.Get("ttl"))
ln, err = gost.ShadowUDPListener(node.Addr, node.User, time.Duration(ttl)*time.Second)
default:
ln, err = gost.TCPListener(node.Addr)
}
if err != nil {
return err
}
var whitelist, blacklist *gost.Permissions
if node.Values.Get("whitelist") != "" {
if whitelist, err = gost.ParsePermissions(node.Values.Get("whitelist")); err != nil {
return err
}
} else {
// By default allow for everyting
whitelist, _ = gost.ParsePermissions("*:*:*")
}
if node.Values.Get("blacklist") != "" {
if blacklist, err = gost.ParsePermissions(node.Values.Get("blacklist")); err != nil {
return err
}
} else {
// By default block nothing
blacklist, _ = gost.ParsePermissions("")
}
var handlerOptions []gost.HandlerOption
handlerOptions = append(handlerOptions,
gost.AddrHandlerOption(node.Addr),
gost.ChainHandlerOption(chain),
gost.UsersHandlerOption(users...),
gost.TLSConfigHandlerOption(tlsCfg),
gost.WhitelistHandlerOption(whitelist),
gost.BlacklistHandlerOption(blacklist),
)
var handler gost.Handler
switch node.Protocol {
case "http2":
handler = gost.HTTP2Handler(handlerOptions...)
case "socks", "socks5":
handler = gost.SOCKS5Handler(handlerOptions...)
case "socks4", "socks4a":
handler = gost.SOCKS4Handler(handlerOptions...)
case "ss":
handler = gost.ShadowHandler(handlerOptions...)
case "http":
handler = gost.HTTPHandler(handlerOptions...)
case "tcp":
handler = gost.TCPDirectForwardHandler(node.Remote, handlerOptions...)
case "rtcp":
handler = gost.TCPRemoteForwardHandler(node.Remote, handlerOptions...)
case "udp":
handler = gost.UDPDirectForwardHandler(node.Remote, handlerOptions...)
case "rudp":
handler = gost.UDPRemoteForwardHandler(node.Remote, handlerOptions...)
case "forward":
handler = gost.SSHForwardHandler(handlerOptions...)
case "redirect":
handler = gost.TCPRedirectHandler(handlerOptions...)
case "ssu":
handler = gost.ShadowUDPdHandler(handlerOptions...)
default:
// TODO: auto poroxy handler
handler = gost.HTTPHandler(handlerOptions...)
}
go new(gost.Server).Serve(ln, handler)
}
return nil
}
// Load the certificate from cert and key files, will use the default certificate if the provided info are invalid.
func tlsConfig(certFile, keyFile string) (*tls.Config, error) {
if certFile == "" || keyFile == "" {
return nil, nil
}
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
return &tls.Config{Certificates: []tls.Certificate{cert}}, nil
}
func loadConfigureFile(configureFile string) error { func loadConfigureFile(configureFile string) error {
if configureFile == "" { if configureFile == "" {
return nil return nil
@ -150,3 +375,56 @@ func (l *stringList) Set(value string) error {
*l = append(*l, value) *l = append(*l, value)
return nil return nil
} }
func toBool(s string) bool {
if b, _ := strconv.ParseBool(s); b {
return b
}
n, _ := strconv.Atoi(s)
return n > 0
}
func parseKCPConfig(configFile string) (*gost.KCPConfig, error) {
if configFile == "" {
return nil, nil
}
file, err := os.Open(configFile)
if err != nil {
return nil, err
}
defer file.Close()
config := &gost.KCPConfig{}
if err = json.NewDecoder(file).Decode(config); err != nil {
return nil, err
}
return config, nil
}
func parseUsers(authFile string) (users []*url.Userinfo, err error) {
if authFile == "" {
return
}
file, err := os.Open(authFile)
if err != nil {
return
}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
if line == "" || strings.HasPrefix(line, "#") {
continue
}
s := strings.SplitN(line, " ", 2)
if len(s) == 1 {
users = append(users, url.User(strings.TrimSpace(s[0])))
} else if len(s) == 2 {
users = append(users, url.UserPassword(strings.TrimSpace(s[0]), strings.TrimSpace(s[1])))
}
}
err = scanner.Err()
return
}

10
gost/forward.go
View File

@ -367,12 +367,16 @@ func (c *udpServerConn) writeLoop() {
} }
func (c *udpServerConn) ttlWait() { func (c *udpServerConn) ttlWait() {
timer := time.NewTimer(c.ttl) ttl := c.ttl
if ttl == 0 {
ttl = defaultTTL
}
timer := time.NewTimer(ttl)
for { for {
select { select {
case <-c.nopChan: case <-c.nopChan:
timer.Reset(c.ttl) timer.Reset(ttl)
case <-timer.C: case <-timer.C:
close(c.brokenChan) close(c.brokenChan)
return return
@ -452,7 +456,7 @@ func (l *tcpRemoteForwardListener) Accept() (net.Conn, error) {
func (l *tcpRemoteForwardListener) accept() (conn net.Conn, err error) { func (l *tcpRemoteForwardListener) accept() (conn net.Conn, err error) {
lastNode := l.chain.LastNode() lastNode := l.chain.LastNode()
if lastNode.Protocol == "forward" && lastNode.Transport == "ssh" { if lastNode.Protocol == "remote" && lastNode.Transport == "ssh" {
conn, err = l.chain.Dial(l.addr.String()) conn, err = l.chain.Dial(l.addr.String())
} else if lastNode.Protocol == "socks5" { } else if lastNode.Protocol == "socks5" {
cc, er := l.chain.Conn() cc, er := l.chain.Conn()

4
gost/gost.go
View File

@ -13,7 +13,7 @@ import (
) )
// Version is the gost version. // Version is the gost version.
const Version = "2.4-dev20170722" const Version = "2.4-dev20170803"
// Debug is a flag that enables the debug log. // Debug is a flag that enables the debug log.
var Debug bool var Debug bool
@ -39,7 +39,7 @@ var (
// PingRetries is the reties of ping. // PingRetries is the reties of ping.
PingRetries = 3 PingRetries = 3
// default udp node TTL in second for udp port forwarding. // default udp node TTL in second for udp port forwarding.
defaultTTL = 60 defaultTTL = 60 * time.Second
) )
var ( var (

20
gost/http2.go
View File

@ -391,6 +391,15 @@ func HTTP2Listener(addr string, config *tls.Config) (Listener, error) {
connChan: make(chan *http2ServerConn, 1024), connChan: make(chan *http2ServerConn, 1024),
errChan: make(chan error, 1), errChan: make(chan error, 1),
} }
if config == nil {
cert, err := tls.X509KeyPair(defaultRawCert, defaultRawKey)
if err != nil {
return nil, err
}
config = &tls.Config{
Certificates: []tls.Certificate{cert},
}
}
server := &http.Server{ server := &http.Server{
Addr: addr, Addr: addr,
Handler: http.HandlerFunc(l.handleFunc), Handler: http.HandlerFunc(l.handleFunc),
@ -400,6 +409,7 @@ func HTTP2Listener(addr string, config *tls.Config) (Listener, error) {
return nil, err return nil, err
} }
l.server = server l.server = server
go server.ListenAndServeTLS("", "") go server.ListenAndServeTLS("", "")
return l, nil return l, nil
@ -462,6 +472,16 @@ func H2Listener(addr string, config *tls.Config) (Listener, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
if config == nil {
cert, err := tls.X509KeyPair(defaultRawCert, defaultRawKey)
if err != nil {
return nil, err
}
config = &tls.Config{
Certificates: []tls.Certificate{cert},
}
}
l := &h2Listener{ l := &h2Listener{
Listener: ln, Listener: ln,
server: &http2.Server{ server: &http2.Server{

90
gost/node.go
View File

@ -1,10 +1,8 @@
package gost package gost
import ( import (
"bufio"
"net" "net"
"net/url" "net/url"
"os"
"strconv" "strconv"
"strings" "strings"
@ -18,13 +16,11 @@ type Node struct {
Transport string Transport string
Remote string // remote address, used by tcp/udp port forwarding Remote string // remote address, used by tcp/udp port forwarding
User *url.Userinfo User *url.Userinfo
users []*url.Userinfo // authentication or cipher for proxy Chain *Chain
Whitelist *Permissions Values url.Values
Blacklist *Permissions
values url.Values
serverName string
Client *Client Client *Client
Server *Server DialOptions []DialOption
HandshakeOptions []HandshakeOption
} }
func ParseNode(s string) (node Node, err error) { func ParseNode(s string) (node Node, err error) {
@ -36,49 +32,10 @@ func ParseNode(s string) (node Node, err error) {
return return
} }
query := u.Query()
node = Node{ node = Node{
Addr: u.Host, Addr: u.Host,
values: query, Values: u.Query(),
serverName: u.Host, User: u.User,
}
if query.Get("whitelist") != "" {
if node.Whitelist, err = ParsePermissions(query.Get("whitelist")); err != nil {
return
}
} else {
// By default allow for everyting
node.Whitelist, _ = ParsePermissions("*:*:*")
}
if query.Get("blacklist") != "" {
if node.Blacklist, err = ParsePermissions(query.Get("blacklist")); err != nil {
return
}
} else {
// By default block nothing
node.Blacklist, _ = ParsePermissions("")
}
if u.User != nil {
node.User = u.User
node.users = append(node.users, u.User)
}
users, er := parseUsers(node.values.Get("secrets"))
if users != nil {
node.users = append(node.users, users...)
}
if er != nil {
log.Log("load secrets:", er)
}
if strings.Contains(u.Host, ":") {
node.serverName, _, _ = net.SplitHostPort(u.Host)
if node.serverName == "" {
node.serverName = "localhost" // default server name
}
} }
schemes := strings.Split(u.Scheme, "+") schemes := strings.Split(u.Scheme, "+")
@ -105,9 +62,9 @@ func ParseNode(s string) (node Node, err error) {
} }
switch node.Protocol { switch node.Protocol {
case "http", "http2", "socks4", "socks4a", "socks", "socks5", "ss": case "http", "http2", "socks4", "socks4a", "socks", "socks5", "ss", "ssu":
case "tcp", "udp", "rtcp", "rudp": // port forwarding case "tcp", "udp", "rtcp", "rudp": // port forwarding
case "direct", "remote": // SSH port forwarding case "direct", "remote", "forward": // SSH port forwarding
default: default:
node.Protocol = "" node.Protocol = ""
} }
@ -115,34 +72,6 @@ func ParseNode(s string) (node Node, err error) {
return return
} }
func parseUsers(authFile string) (users []*url.Userinfo, err error) {
if authFile == "" {
return
}
file, err := os.Open(authFile)
if err != nil {
return
}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
if line == "" || strings.HasPrefix(line, "#") {
continue
}
s := strings.SplitN(line, " ", 2)
if len(s) == 1 {
users = append(users, url.User(strings.TrimSpace(s[0])))
} else if len(s) == 2 {
users = append(users, url.UserPassword(strings.TrimSpace(s[0]), strings.TrimSpace(s[1])))
}
}
err = scanner.Err()
return
}
func Can(action string, addr string, whitelist, blacklist *Permissions) bool { func Can(action string, addr string, whitelist, blacklist *Permissions) bool {
if !strings.Contains(addr, ":") { if !strings.Contains(addr, ":") {
addr = addr + ":80" addr = addr + ":80"
@ -159,7 +88,8 @@ func Can(action string, addr string, whitelist, blacklist *Permissions) bool {
return false return false
} }
if Debug {
log.Logf("Can action: %s, host: %s, port %d", action, host, port) log.Logf("Can action: %s, host: %s, port %d", action, host, port)
}
return whitelist.Can(action, host, port) && !blacklist.Can(action, host, port) return whitelist.Can(action, host, port) && !blacklist.Can(action, host, port)
} }

18
gost/ssh.go
View File

@ -318,7 +318,6 @@ type sshSession struct {
} }
func (s *sshSession) Ping(interval time.Duration, retries int) { func (s *sshSession) Ping(interval time.Duration, retries int) {
interval = 30 * time.Second
if interval <= 0 { if interval <= 0 {
return return
} }
@ -620,13 +619,24 @@ func SSHTunnelListener(addr string, config *SSHConfig) (Listener, error) {
if len(config.Users) == 0 { if len(config.Users) == 0 {
sshConfig.NoClientAuth = true sshConfig.NoClientAuth = true
} }
if config.TLSConfig != nil && len(config.TLSConfig.Certificates) > 0 { if config.TLSConfig == nil {
cert, err := tls.X509KeyPair(defaultRawCert, defaultRawKey)
if err != nil {
ln.Close()
return nil, err
}
config.TLSConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
}
}
signer, err := ssh.NewSignerFromKey(config.TLSConfig.Certificates[0].PrivateKey) signer, err := ssh.NewSignerFromKey(config.TLSConfig.Certificates[0].PrivateKey)
if err != nil { if err != nil {
log.Log("[sshf]", err) ln.Close()
return nil, err
} }
sshConfig.AddHostKey(signer) sshConfig.AddHostKey(signer)
}
l := &sshTunnelListener{ l := &sshTunnelListener{
Listener: ln, Listener: ln,