Archives
/
Cloak
mirror of https://github.com/cbeuw/Cloak
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/go_modules/golang.org/x/net-0.23.0
ptspec
legacy-v1
v0.1.0
v0.2.0
v1.0.0
v1.1.0
v1.1.1
v1.1.2
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0
v2.6.1
v2.7.0
v2.7.1-pre
v2.8.0
v2.9.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '15f343db31'
${ noResults }
Cloak/internal/server/dispatcher.go

182 lines
4.4 KiB
Go
Raw Blame History

package server
import (
"bytes"
"encoding/base64"
"github.com/cbeuw/Cloak/internal/util"
"io"
"net"
"net/http"
"time"
mux "github.com/cbeuw/Cloak/internal/multiplex"
log "github.com/sirupsen/logrus"
)
var b64 = base64.StdEncoding.EncodeToString
func DispatchConnection(conn net.Conn, sta *State) {
remoteAddr := conn.RemoteAddr()
var err error
buf := make([]byte, 1500)
// TODO: potential fingerprint for active probers here
conn.SetReadDeadline(time.Now().Add(3 * time.Second))
i, err := io.ReadAtLeast(conn, buf, 1)
if err != nil {
log.WithField("remoteAddr", remoteAddr).
Infof("failed to read anything after connection is established: %v", err)
conn.Close()
return
}
conn.SetReadDeadline(time.Time{})
data := buf[:i]
goWeb := func() {
redirPort := sta.RedirPort
if redirPort == "" {
_, redirPort, _ = net.SplitHostPort(conn.LocalAddr().String())
}
webConn, err := sta.RedirDialer.Dial("tcp", net.JoinHostPort(sta.RedirHost.String(), redirPort))
if err != nil {
log.Errorf("Making connection to redirection server: %v", err)
return
}
_, err = webConn.Write(data)
if err != nil {
log.Error("Failed to send first packet to redirection server", err)
}
go util.Pipe(webConn, conn, 0)
go util.Pipe(conn, webConn, 0)
}
ci, finishHandshake, err := AuthFirstPacket(data, sta)
if err != nil {
log.WithFields(log.Fields{
"remoteAddr": remoteAddr,
"UID": b64(ci.UID),
"sessionId": ci.SessionId,
"proxyMethod": ci.ProxyMethod,
"encryptionMethod": ci.EncryptionMethod,
}).Warn(err)
goWeb()
return
}
var sessionKey [32]byte
util.CryptoRandRead(sessionKey[:])
obfuscator, err := mux.MakeObfuscator(ci.EncryptionMethod, sessionKey)
if err != nil {
log.Error(err)
goWeb()
return
}
// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
// added to the userinfo database. The distinction between going into the admin mode
// and normal proxy mode is that sessionID needs == 0 for admin mode
if bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 {
preparedConn, err := finishHandshake(conn, sessionKey)
if err != nil {
log.Error(err)
return
}
log.Trace("finished handshake")
seshConfig := mux.SessionConfig{
Obfuscator: obfuscator,
Valve: nil,
}
sesh := mux.MakeSession(0, seshConfig)
sesh.AddConnection(preparedConn)
//TODO: Router could be nil in cnc mode
log.WithField("remoteAddr", preparedConn.RemoteAddr()).Info("New admin session")
err = http.Serve(sesh, sta.LocalAPIRouter)
if err != nil {
log.Error(err)
return
}
}
var user *ActiveUser
if sta.IsBypass(ci.UID) {
user, err = sta.Panel.GetBypassUser(ci.UID)
} else {
user, err = sta.Panel.GetUser(ci.UID)
}
if err != nil {
log.WithFields(log.Fields{
"UID": b64(ci.UID),
"remoteAddr": remoteAddr,
"error": err,
}).Warn("+1 unauthorised UID")
goWeb()
return
}
sesh, existing, err := user.GetSession(ci.SessionId, mux.SessionConfig{
Obfuscator: obfuscator,
Valve: nil,
Unordered: ci.Unordered,
})
if err != nil {
user.CloseSession(ci.SessionId, "")
log.Error(err)
return
}
if existing {
preparedConn, err := finishHandshake(conn, sesh.SessionKey)
if err != nil {
log.Error(err)
return
}
log.Trace("finished handshake")
sesh.AddConnection(preparedConn)
return
}
preparedConn, err := finishHandshake(conn, sessionKey)
if err != nil {
log.Error(err)
return
}
log.Trace("finished handshake")
log.WithFields(log.Fields{
"UID": b64(ci.UID),
"sessionID": ci.SessionId,
}).Info("New session")
sesh.AddConnection(preparedConn)
for {
newStream, err := sesh.Accept()
if err != nil {
if err == mux.ErrBrokenSession {
log.WithFields(log.Fields{
"UID": b64(ci.UID),
"sessionID": ci.SessionId,
"reason": sesh.TerminalMsg(),
}).Info("Session closed")
user.CloseSession(ci.SessionId, "")
return
} else {
// TODO: other errors
continue
}
}
proxyAddr := sta.ProxyBook[ci.ProxyMethod]
localConn, err := sta.ProxyDialer.Dial(proxyAddr.Network(), proxyAddr.String())
if err != nil {
log.Errorf("Failed to connect to %v: %v", ci.ProxyMethod, err)
user.CloseSession(ci.SessionId, "Failed to connect to proxy server")
continue
}
log.Tracef("%v endpoint has been successfully connected", ci.ProxyMethod)
go util.Pipe(localConn, newStream, sta.Timeout)
go util.Pipe(newStream, localConn, 0)
}
}
Reference in New Issue View Git Blame Copy Permalink