websocket over TLS

pull/71/head
Andy Wang 5 years ago
parent 854dc422a2
commit 98b77afb91

@ -1,5 +1,5 @@
{ {
"Transport": "TLS", "Transport": "direct",
"ProxyMethod":"shadowsocks", "ProxyMethod":"shadowsocks",
"EncryptionMethod":"plain", "EncryptionMethod":"plain",
"UID":"5nneblJy6lniPJfr81LuYQ==", "UID":"5nneblJy6lniPJfr81LuYQ==",

@ -3,11 +3,13 @@ module github.com/cbeuw/Cloak
go 1.12 go 1.12
require ( require (
github.com/Yawning/chacha20 v0.0.0-20170904085104-e3b1f968fc63 // indirect
github.com/boltdb/bolt v1.3.1 github.com/boltdb/bolt v1.3.1
github.com/gorilla/mux v1.7.3 github.com/gorilla/mux v1.7.3
github.com/gorilla/websocket v1.4.1 github.com/gorilla/websocket v1.4.1
github.com/juju/ratelimit v1.0.1 github.com/juju/ratelimit v1.0.1
github.com/kr/pretty v0.1.0 // indirect github.com/kr/pretty v0.1.0 // indirect
github.com/refraction-networking/utls v0.0.0-20190824032329-cc2996c81813
github.com/sirupsen/logrus v1.4.2 github.com/sirupsen/logrus v1.4.2
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect

@ -37,16 +37,16 @@ func addExtRec(typ []byte, data []byte) []byte {
return ret return ret
} }
type TLS struct { type DirectTLS struct {
Transport Transport
} }
func (*TLS) HasRecordLayer() bool { return true } func (DirectTLS) HasRecordLayer() bool { return true }
func (*TLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadTLS } func (DirectTLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadTLS }
// PrepareConnection handles the TLS handshake for a given conn and returns the sessionKey // PrepareConnection handles the TLS handshake for a given conn and returns the sessionKey
// if the server proceed with Cloak authentication // if the server proceed with Cloak authentication
func (*TLS) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) { func (DirectTLS) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) {
preparedConn = conn preparedConn = conn
hd, sharedSecret := makeHiddenData(sta) hd, sharedSecret := makeHiddenData(sta)
chOnly := sta.browser.composeClientHello(hd) chOnly := sta.browser.composeClientHello(hd)

@ -119,12 +119,12 @@ func (sta *State) ParseConfig(conf string) (err error) {
} }
switch strings.ToLower(preParse.Transport) { switch strings.ToLower(preParse.Transport) {
case "tls": case "direct":
sta.Transport = &TLS{} sta.Transport = DirectTLS{}
case "websocket": case "cdn":
sta.Transport = &WebSocket{} sta.Transport = WSOverTLS{}
default: default:
sta.Transport = &TLS{} sta.Transport = &DirectTLS{}
} }
sta.ProxyMethod = preParse.ProxyMethod sta.ProxyMethod = preParse.ProxyMethod

@ -9,17 +9,29 @@ import (
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
utls "github.com/refraction-networking/utls"
) )
type WebSocket struct { type WSOverTLS struct {
Transport Transport
} }
func (*WebSocket) HasRecordLayer() bool { return false } func (WSOverTLS) HasRecordLayer() bool { return false }
func (*WebSocket) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket } func (WSOverTLS) UnitReadFunc() func(net.Conn, []byte) (int, error) { return util.ReadWebSocket }
func (WSOverTLS) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) {
utlsConfig := &utls.Config{
ServerName: sta.ServerName,
InsecureSkipVerify: true,
}
uconn := utls.UClient(conn, utlsConfig, utls.HelloChrome_Auto)
err = uconn.Handshake()
preparedConn = uconn
if err != nil {
return
}
func (WebSocket) PrepareConnection(sta *State, conn net.Conn) (preparedConn net.Conn, sessionKey []byte, err error) {
preparedConn = conn
u, err := url.Parse("ws://" + sta.RemoteHost + ":" + sta.RemotePort) //TODO IPv6 u, err := url.Parse("ws://" + sta.RemoteHost + ":" + sta.RemotePort) //TODO IPv6
if err != nil { if err != nil {
return preparedConn, nil, fmt.Errorf("failed to parse ws url: %v", err) return preparedConn, nil, fmt.Errorf("failed to parse ws url: %v", err)

Loading…
Cancel
Save