Cloak/cmd/ck-client/ck-client.go

262 lines
6.1 KiB
Go
Raw Normal View History

2018-10-07 17:09:45 +00:00
// +build go1.11
package main
import (
2019-07-31 23:16:33 +00:00
"crypto/aes"
"encoding/base64"
"encoding/binary"
2018-10-07 17:09:45 +00:00
"flag"
"fmt"
"io"
"log"
2018-11-07 21:16:13 +00:00
"math/rand"
2018-10-07 17:09:45 +00:00
"net"
"os"
"sync"
2018-10-07 17:09:45 +00:00
"time"
"github.com/cbeuw/Cloak/internal/client"
"github.com/cbeuw/Cloak/internal/client/TLS"
mux "github.com/cbeuw/Cloak/internal/multiplex"
"github.com/cbeuw/Cloak/internal/util"
)
var version string
func pipe(dst io.ReadWriteCloser, src io.ReadWriteCloser) {
2019-06-15 01:56:52 +00:00
// The maximum size of TLS message will be 16380+12+16. 12 because of the stream header and 16
// because of the salt/mac
2018-10-20 20:41:01 +00:00
// 16408 is the max TLS message size on Firefox
2019-06-15 01:56:52 +00:00
buf := make([]byte, 16380)
2018-10-07 17:09:45 +00:00
for {
2018-10-20 10:35:50 +00:00
i, err := io.ReadAtLeast(src, buf, 1)
2019-01-12 17:06:14 +00:00
if err != nil {
2018-10-20 10:35:50 +00:00
go dst.Close()
go src.Close()
return
}
i, err = dst.Write(buf[:i])
2019-01-12 17:06:14 +00:00
if err != nil {
2018-10-07 17:09:45 +00:00
go dst.Close()
go src.Close()
return
}
}
}
// This establishes a connection with ckserver and performs a handshake
2018-10-09 20:53:55 +00:00
func makeRemoteConn(sta *client.State) (net.Conn, error) {
2018-10-07 17:09:45 +00:00
2018-10-20 20:41:01 +00:00
// For android
2018-10-07 17:09:45 +00:00
d := net.Dialer{Control: protector}
clientHello := TLS.ComposeInitHandshake(sta)
connectingIP := sta.RemoteHost
2019-03-23 07:02:01 +00:00
if net.ParseIP(connectingIP).To4() == nil {
// IPv6 needs square brackets
connectingIP = "[" + connectingIP + "]"
}
remoteConn, err := d.Dial("tcp", connectingIP+":"+sta.RemotePort)
2018-10-07 17:09:45 +00:00
if err != nil {
log.Printf("Connecting to remote: %v\n", err)
2018-10-09 20:53:55 +00:00
return nil, err
2018-10-07 17:09:45 +00:00
}
_, err = remoteConn.Write(clientHello)
if err != nil {
log.Printf("Sending ClientHello: %v\n", err)
2018-10-09 20:53:55 +00:00
return nil, err
2018-10-07 17:09:45 +00:00
}
// Three discarded messages: ServerHello, ChangeCipherSpec and Finished
discardBuf := make([]byte, 1024)
for c := 0; c < 3; c++ {
2018-11-07 21:16:13 +00:00
_, err = util.ReadTLS(remoteConn, discardBuf)
2018-10-07 17:09:45 +00:00
if err != nil {
log.Printf("Reading discarded message %v: %v\n", c, err)
2018-10-09 20:53:55 +00:00
return nil, err
2018-10-07 17:09:45 +00:00
}
}
reply := TLS.ComposeReply()
_, err = remoteConn.Write(reply)
if err != nil {
log.Printf("Sending reply to remote: %v\n", err)
2018-10-09 20:53:55 +00:00
return nil, err
2018-10-07 17:09:45 +00:00
}
2018-10-09 20:53:55 +00:00
return remoteConn, nil
2018-10-07 17:09:45 +00:00
}
func makeSession(sta *client.State) *mux.Session {
log.Println("Attemtping to start a new session")
2019-07-27 18:55:53 +00:00
if !sta.IsAdmin {
// sessionID is usergenerated. There shouldn't be a security concern because the scope of
// sessionID is limited to its UID.
quad := make([]byte, 4)
rand.Read(quad)
sta.SessionID = binary.BigEndian.Uint32(quad)
}
sta.UpdateIntervalKeys()
2019-07-31 22:58:15 +00:00
_, tthKey := sta.GetIntervalKeys()
2019-07-31 23:16:33 +00:00
headerCipher, err := aes.NewCipher(tthKey)
if err != nil {
log.Fatal(err)
}
sesh := mux.MakeSession(sta.SessionID, mux.UNLIMITED_VALVE, mux.MakeObfs(headerCipher, sta.Cipher), mux.MakeDeobfs(headerCipher, sta.Cipher), util.ReadTLS)
var wg sync.WaitGroup
for i := 0; i < sta.NumConn; i++ {
wg.Add(1)
go func() {
makeconn:
conn, err := makeRemoteConn(sta)
if err != nil {
log.Printf("Failed to establish new connections to remote: %v\n", err)
time.Sleep(time.Second * 3)
goto makeconn
}
sesh.AddConnection(conn)
wg.Done()
}()
}
wg.Wait()
log.Printf("Session %v established", sta.SessionID)
return sesh
}
2018-10-07 17:09:45 +00:00
func main() {
// Should be 127.0.0.1 to listen to a proxy client on this machine
2018-10-07 17:09:45 +00:00
var localHost string
// port used by proxy clients to communicate with cloak client
2018-10-07 17:09:45 +00:00
var localPort string
// The ip of the proxy server
var remoteHost string
// The proxy port,should be 443
var remotePort string
var config string
var b64AdminUID string
2018-11-22 21:55:23 +00:00
2018-10-07 17:09:45 +00:00
log.SetFlags(log.LstdFlags | log.Lshortfile)
log_init()
if os.Getenv("SS_LOCAL_HOST") != "" {
localHost = os.Getenv("SS_LOCAL_HOST")
localPort = os.Getenv("SS_LOCAL_PORT")
remoteHost = os.Getenv("SS_REMOTE_HOST")
remotePort = os.Getenv("SS_REMOTE_PORT")
config = os.Getenv("SS_PLUGIN_OPTIONS")
2018-10-07 17:09:45 +00:00
} else {
localHost = "127.0.0.1"
2019-07-31 18:27:05 +00:00
flag.StringVar(&localPort, "l", "1984", "localPort: Cloak listens to proxy clients on this port")
2018-10-07 17:09:45 +00:00
flag.StringVar(&remoteHost, "s", "", "remoteHost: IP of your proxy server")
flag.StringVar(&remotePort, "p", "443", "remotePort: proxy port, should be 443")
flag.StringVar(&config, "c", "ckclient.json", "config: path to the configuration file or options seperated with semicolons")
flag.StringVar(&b64AdminUID, "a", "", "adminUID: enter the adminUID to serve the admin api")
2018-10-07 17:09:45 +00:00
askVersion := flag.Bool("v", false, "Print the version number")
printUsage := flag.Bool("h", false, "Print this message")
flag.Parse()
if *askVersion {
fmt.Printf("ck-client %s\n", version)
return
}
if *printUsage {
flag.Usage()
return
}
2018-12-30 01:15:46 +00:00
log.Println("Starting standalone mode")
2018-10-07 17:09:45 +00:00
}
2019-01-22 21:51:57 +00:00
sta := client.InitState(localHost, localPort, remoteHost, remotePort, time.Now)
err := sta.ParseConfig(config)
2018-10-07 17:09:45 +00:00
if err != nil {
log.Fatal(err)
}
if os.Getenv("SS_LOCAL_HOST") != "" {
sta.ProxyMethod = "shadowsocks"
}
if sta.LocalPort == "" {
2018-10-07 17:09:45 +00:00
log.Fatal("Must specify localPort")
}
if sta.RemoteHost == "" {
2018-10-07 17:09:45 +00:00
log.Fatal("Must specify remoteHost")
}
if sta.TicketTimeHint == 0 {
log.Fatal("TicketTimeHint cannot be empty or 0")
}
listeningIP := sta.LocalHost
2019-03-23 07:02:01 +00:00
if net.ParseIP(listeningIP).To4() == nil {
// IPv6 needs square brackets
listeningIP = "[" + listeningIP + "]"
}
listener, err := net.Listen("tcp", listeningIP+":"+sta.LocalPort)
log.Println("Listening on " + listeningIP + ":" + sta.LocalPort)
2018-12-30 21:36:44 +00:00
if err != nil {
log.Fatal(err)
}
2018-10-07 17:09:45 +00:00
var adminUID []byte
if b64AdminUID != "" {
adminUID, err = base64.StdEncoding.DecodeString(b64AdminUID)
if err != nil {
log.Fatal(err)
}
}
if adminUID != nil {
2019-07-27 18:55:53 +00:00
sta.IsAdmin = true
sta.SessionID = 0
sta.UID = adminUID
sta.NumConn = 1
}
var sesh *mux.Session
2019-01-21 21:29:18 +00:00
2018-10-07 17:09:45 +00:00
for {
localConn, err := listener.Accept()
2018-10-07 17:09:45 +00:00
if err != nil {
log.Println(err)
continue
}
2019-07-28 22:27:59 +00:00
if sesh == nil || sesh.IsClosed() {
sesh = makeSession(sta)
}
2018-10-07 17:09:45 +00:00
go func() {
2018-10-09 20:53:55 +00:00
data := make([]byte, 10240)
i, err := io.ReadAtLeast(localConn, data, 1)
2018-10-09 20:53:55 +00:00
if err != nil {
2018-12-09 23:45:06 +00:00
log.Println(err)
localConn.Close()
2018-10-09 20:53:55 +00:00
return
}
2018-10-07 17:09:45 +00:00
stream, err := sesh.OpenStream()
if err != nil {
2018-12-09 23:45:06 +00:00
log.Println(err)
localConn.Close()
2018-11-07 21:16:13 +00:00
return
}
_, err = stream.Write(data[:i])
if err != nil {
log.Println(err)
localConn.Close()
2018-12-09 23:45:06 +00:00
stream.Close()
return
2018-10-07 17:09:45 +00:00
}
go pipe(localConn, stream)
pipe(stream, localConn)
2018-10-07 17:09:45 +00:00
}()
}
}