root
/
telebit
mirror of https://github.com/therootcompany/telebit.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
telebit/relay/mplexy/listener.go

362 lines
9.9 KiB
Go
Raw Normal View History

squash refactor
2020-05-01 06:12:16 +00:00
package mplexy
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
import (
cleaned up a few import statements
2017-03-22 21:43:36 +00:00
"bufio"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"bytes"
"context"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
"crypto/tls"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"encoding/hex"
heavier refactoring
2020-04-30 10:43:36 +00:00
"fmt"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"net"
cleaned up a few import statements
2017-03-22 21:43:36 +00:00
"net/http"
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
"strconv"
"strings"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"time"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
minor fs denesting
2020-04-30 05:52:44 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/packer"
move to packages
2020-05-01 05:47:46 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/relay/api"
squash refactor
2020-05-01 07:06:14 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/relay/tunnel"
minor fs denesting
2020-04-30 05:52:44 +00:00
"git.coolaj86.com/coolaj86/go-telebitd/sni"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
type contextKey string
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
//CtxConnectionTrack
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
const (
move to packages
2020-05-01 05:47:46 +00:00
ctxServerStatus contextKey = "serverstatus"
heavier refactoring
2020-04-30 10:43:36 +00:00
ctxConfig contextKey = "tlsConfig"
Added support for default load balancer method.
2017-03-19 14:56:33 +00:00
ctxListenerRegistration contextKey = "listenerRegistration"
ctxConnectionTrack contextKey = "connectionTrack"
ctxWssHostName contextKey = "wsshostname"
ctxCancelCheck contextKey = "cancelcheck"
ctxLoadbalanceDefaultMethod contextKey = "lbdefaultmethod"
move to packages
2020-05-01 05:47:46 +00:00
//ctxConnectionTable contextKey = "connectionTable"
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
)
heavier refactoring
2020-04-30 10:43:36 +00:00
// TODO isn't this restriction in the TLS lib?
// or are we just pre-checking for remote hosts?
type tlsScheme int
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
const (
heavier refactoring
2020-04-30 10:43:36 +00:00
encryptNone tlsScheme = iota
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
encryptSSLV2
encryptSSLV3
encryptTLS10
encryptTLS11
encryptTLS12
heavier refactoring
2020-04-30 10:43:36 +00:00
encryptTLS13
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
heavier refactoring
2020-04-30 10:43:36 +00:00
// multiListenAndServe -- used to lisen for any https traffic on 443 (8443)
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
// - setup generic TCP listener, unencrypted TCP, with a Deadtime out
// - leaverage the wedgeConn to peek into the buffer.
// - if TLS, consume connection with TLS certbundle, pass to request identifier
// - else, just pass to the request identififer
heavier refactoring
2020-04-30 10:43:36 +00:00
func (mx *MPlexy) multiListenAndServe(ctx context.Context, listenerRegistration *ListenerRegistration) {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println(":" + string(listenerRegistration.port))
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
cancelCheck := ctx.Value(ctxCancelCheck).(int)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
listenAddr, err := net.ResolveTCPAddr("tcp", ":"+strconv.Itoa(listenerRegistration.port))
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if nil != err {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println(err)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
return
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
ln, err := net.ListenTCP("tcp", listenAddr)
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to bind", err)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
listenerRegistration.status = listenerFault
listenerRegistration.err = err
listenerRegistration.commCh <- listenerRegistration
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
listenerRegistration.status = listenerAdded
listenerRegistration.commCh <- listenerRegistration
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
for {
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
select {
case <-ctx.Done():
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Cancel signal hit")
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
default:
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
ln.SetDeadline(time.Now().Add(time.Duration(cancelCheck) * time.Second))
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
conn, err := ln.Accept()
if nil != err {
if opErr, ok := err.(*net.OpError); ok && opErr.Timeout() {
continue
}
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println(err)
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
heavier refactoring
2020-04-30 10:43:36 +00:00
fmt.Println("New connection from %v on %v", conn.LocalAddr(), conn.RemoteAddr())
// TODO maybe put these into something like mx.newConnCh and have an mx.Accept()?
move to packages
2020-05-01 05:47:46 +00:00
wedgeConn := tunnel.NewWedgeConn(conn)
heavier refactoring
2020-04-30 10:43:36 +00:00
go mx.accept(ctx, wedgeConn)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
}
}
}
heavier refactoring
2020-04-30 10:43:36 +00:00
//accept -
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
// - accept a wedgeConnection along with all the other required attritvues
// - peek into the buffer, determine TLS or unencrypted
move to packages
2020-05-01 05:47:46 +00:00
// - if TSL, then terminate with a TLS endpoint, pass to acceptEcryptedStream
// - if clearText, pass to acceptPlainStream
func (mx *MPlexy) accept(ctx context.Context, wConn *tunnel.WedgeConn) {
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
peekCnt := 10
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
encryptMode := encryptNone
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("new conn", wConn, wConn.LocalAddr().String(), wConn.RemoteAddr().String())
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
peek, err := wConn.Peek(peekCnt)
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("error while peeking")
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
//take a look for a TLS header.
if bytes.Contains(peek[0:0], []byte{0x80}) && bytes.Contains(peek[2:4], []byte{0x01, 0x03}) {
encryptMode = encryptSSLV2
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x00}) {
encryptMode = encryptSSLV3
various bugfixes and enhancements
2020-05-05 04:49:38 +00:00
loginfo.Println("SSLV3")
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x01}) {
encryptMode = encryptTLS10
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("TLS10")
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x02}) {
encryptMode = encryptTLS11
various bugfixes and enhancements
2020-05-05 04:49:38 +00:00
loginfo.Println("TLS11")
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x03}) {
encryptMode = encryptTLS12
various bugfixes and enhancements
2020-05-05 04:49:38 +00:00
loginfo.Println("TLS12")
heavier refactoring
2020-04-30 10:43:36 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x04}) {
encryptMode = encryptTLS13
various bugfixes and enhancements
2020-05-05 04:49:38 +00:00
loginfo.Println("TLS13")
heavier refactoring
2020-04-30 10:43:36 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if encryptMode == encryptSSLV2 {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("<= SSLv2 is not accepted")
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
minor denesting
2020-04-30 05:49:09 +00:00
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
minor denesting
2020-04-30 05:49:09 +00:00
if encryptMode == encryptNone {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Handle Unencrypted")
move to packages
2020-05-01 05:47:46 +00:00
mx.acceptPlainStream(ctx, wConn, false)
minor denesting
2020-04-30 05:49:09 +00:00
return
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Handle Encryption")
move to packages
2020-05-01 05:47:46 +00:00
mx.acceptEncryptedStream(ctx, wConn)
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
move to packages
2020-05-01 05:47:46 +00:00
func (mx *MPlexy) acceptEncryptedStream(ctx context.Context, wConn *tunnel.WedgeConn) {
// Peek at SNI (ServerName) from TLS Hello header
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
move to packages
2020-05-01 05:47:46 +00:00
peek, err := wConn.PeekAll()
minor denesting
2020-04-30 05:49:09 +00:00
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Bad socket: read error from", wConn.RemoteAddr(), err)
loginfo.Println(hex.Dump(peek[0:]))
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
minor denesting
2020-04-30 05:49:09 +00:00
return
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
minor denesting
2020-04-30 05:49:09 +00:00
sniHostName, err := sni.GetHostname(peek)
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Bad socket: no SNI from", wConn.RemoteAddr(), err)
loginfo.Println(err)
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
minor denesting
2020-04-30 05:49:09 +00:00
return
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("SNI:", sniHostName)
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
move to packages
2020-05-01 05:47:46 +00:00
if sniHostName == mx.wssHostName || sniHostName == mx.adminHostName {
// The TLS should be terminated and handled internally
tlsConfig := ctx.Value(ctxConfig).(*tls.Config)
various bugfixes and enhancements
2020-05-05 04:49:38 +00:00
conn := tls.Server(wConn, tlsConfig)
move to packages
2020-05-01 05:47:46 +00:00
tlsWedgeConn := tunnel.NewWedgeConn(conn)
mx.acceptPlainStream(ctx, tlsWedgeConn, true)
minor denesting
2020-04-30 05:49:09 +00:00
return
heavier refactoring
2020-04-30 10:43:36 +00:00
}
move to packages
2020-05-01 05:47:46 +00:00
//oneConn := &oneConnListener{wConn}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
move to packages
2020-05-01 05:47:46 +00:00
// TLS remains intact and shall be routed downstream, wholesale
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("processing non terminating traffic", mx.wssHostName, sniHostName)
move to packages
2020-05-01 05:47:46 +00:00
go mx.routeToTarget(ctx, wConn, sniHostName, "https")
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
move to packages
2020-05-01 05:47:46 +00:00
//acceptPlainStream --
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
// - we have an unencrypted stream connection with the ability to peek
// - attempt to identify HTTP
// - handle http
// - attempt to identify as WSS session
// - attempt to identify as ADMIN/API session
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
// - else handle as raw http
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
// - handle other?
move to packages
2020-05-01 05:47:46 +00:00
func (mx *MPlexy) acceptPlainStream(ctx context.Context, wConn *tunnel.WedgeConn, encrypted bool) {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Plain Conn", wConn.LocalAddr().String(), wConn.RemoteAddr().String())
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
move to packages
2020-05-01 05:47:46 +00:00
// TODO couldn't reading everything be dangerous? Or is it limited to a single packet?
Fixed PeekAll - added to handleStream for protocol detection
2017-02-26 18:40:10 +00:00
peek, err := wConn.PeekAll()
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("error while peeking", err)
loginfo.Println(hex.Dump(peek[0:]))
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
heavier refactoring
2020-04-30 10:43:36 +00:00
// TODO handle by TCP port as well
// (which needs a short read timeout since servers expect clients to say hello)
minor denesting
2020-04-30 05:49:09 +00:00
// HTTP Identifcation // CRLF
if !bytes.Contains(peek[:], []byte{0x0d, 0x0a}) {
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
minor denesting
2020-04-30 05:49:09 +00:00
return
}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
minor denesting
2020-04-30 05:49:09 +00:00
//string protocol
if !bytes.ContainsAny(peek[:], "HTTP/") {
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
minor denesting
2020-04-30 05:49:09 +00:00
return
}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("identified HTTP")
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
minor denesting
2020-04-30 05:49:09 +00:00
r, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(peek)))
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("identified as HTTP, failed request parsing", err)
move to packages
2020-05-01 05:47:46 +00:00
wConn.Close()
minor denesting
2020-04-30 05:49:09 +00:00
return
}
squash refactor
2020-05-01 07:06:14 +00:00
var hostname string
host := strings.Split(r.Host, ":")
if len(host) > 0 {
hostname = host[0]
}
if hostname == InvalidAdminDomain {
loginfo.Println("admin.invalid")
move to packages
2020-05-01 05:47:46 +00:00
// TODO mx.Admin.CheckRemoteIP(conn) here
// handle admin path
mx.AcceptAdminClient(wConn)
return
}
bugfix relay and update client
2020-05-05 06:44:21 +00:00
if hostname == mx.wssHostName &&
("Upgrade" == r.Header.Get("Connection") || "WebSocket" == r.Header.Get("Upgrade")) {
loginfo.Println("WebSocket Upgrade is in order...")
mx.AcceptTargetServer(wConn)
return
}
squash refactor
2020-05-01 07:06:14 +00:00
if hostname == mx.adminHostName {
bugfix relay and update client
2020-05-05 06:44:21 +00:00
loginfo.Println("matched admin hostname")
squash refactor
2020-05-01 07:06:14 +00:00
// TODO mx.Admin.CheckRemoteIP(conn) here
// handle admin path
mx.AcceptAdminClient(wConn)
return
}
move to packages
2020-05-01 05:47:46 +00:00
// TODO sniHostName is the key to the route, which could also be a port or hostname
//traffic not terminating on the rvpn do not decrypt
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("processing non terminating traffic", mx.wssHostName, r.Host)
loginfo.Println(hex.Dump(peek))
move to packages
2020-05-01 05:47:46 +00:00
if !encrypted {
// TODO request and cache http resources as a feature??
bugfix port in hostname
2020-05-01 08:29:36 +00:00
go mx.routeToTarget(ctx, wConn, hostname, "http")
minor denesting
2020-04-30 05:49:09 +00:00
return
}
move to packages
2020-05-01 05:47:46 +00:00
// This is not presently possible
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("impossible condition: local decryption of routable client", mx.wssHostName, r.Host)
move to packages
2020-05-01 05:47:46 +00:00
go mx.routeToTarget(ctx, wConn, r.Host, "https")
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
}
move to packages
2020-05-01 05:47:46 +00:00
//routeToTarget -
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
// - get a wConn and start processing requests
move to packages
2020-05-01 05:47:46 +00:00
func (mx *MPlexy) routeToTarget(ctx context.Context, extConn *tunnel.WedgeConn, hostname, service string) {
// TODO is this the right place to do this?
defer extConn.Close()
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
//connectionTracking := ctx.Value(ctxConnectionTrack).(*Tracking)
move to packages
2020-05-01 05:47:46 +00:00
serverStatus := ctx.Value(ctxServerStatus).(*api.Status)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
defer func() {
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
serverStatus.ExtConnectionUnregister(extConn)
Implemented Docker Container Testing. - a few other minor fixes. - removed RVPNMAIN - there is a bunch of other clean up I want to do…
2017-03-04 18:18:08 +00:00
extConn.Close()
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
}()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
//find the connection by domain name
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
conn, ok := serverStatus.ConnectionTable.ConnByDomain(hostname)
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
if !ok {
//matching connection can not be found based on ConnByDomain
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to match ", hostname, " to an existing connection")
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
//http.Error(, "Domain not supported", http.StatusBadRequest)
return
}
move to packages
2020-05-01 05:47:46 +00:00
track := api.NewTrack(extConn, hostname)
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
serverStatus.ExtConnectionRegister(track)
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
remoteStr := extConn.RemoteAddr().String()
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Domain Accepted", hostname, remoteStr)
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
var header *packer.Header
if rAddr, rPort, err := net.SplitHostPort(remoteStr); err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to decode hostport", remoteStr, err)
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
} else if port, err := strconv.Atoi(rPort); err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Printf("unable to parse port string %q: %v\n", rPort, err)
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
} else if header, err = packer.NewHeader(rAddr, port, service); err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to create packer header", err)
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
}
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
if header == nil {
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
return
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
for {
use DuckDNS for demo
2020-05-06 17:11:13 +00:00
fmt.Println("xxyyzz buffer")
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
buffer, err := extConn.PeekAll()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
if err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to peekAll", err)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
return
}
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("Before Packer", hex.Dump(buffer))
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
p := packer.NewPacker(header)
p.Data.AppendBytes(buffer)
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
buf := p.PackV1()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
squash refactor
2020-05-01 07:06:14 +00:00
//loginfo.Println(hex.Dump(buf.Bytes()))
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
//Bundle up the send request and dispatch
move to packages
2020-05-01 05:47:46 +00:00
sendTrack := api.NewSendTrack(buf.Bytes(), hostname)
Several Considerations for Load Balancing, Collection of Bulk ServerStatus - added a number of global status collections - this requires wedging into things.. - removing direct address to come functions putting them though serverStatus
2017-03-20 00:04:47 +00:00
serverStatus.SendExtRequest(conn, sendTrack)
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
made it easier to send multiple messages with the same header
2017-03-30 19:28:00 +00:00
cnt := len(buffer)
if _, err = extConn.Discard(cnt); err != nil {
squash refactor
2020-05-01 07:06:14 +00:00
loginfo.Println("unable to discard", cnt, err)
Added support for YAML configuration file - implemented viper module in code. - removed all the older configuration, not sure if we want to use flags or just the configuration files. - added support for dwell, idle and cancelceck timers - generic binding is now an int passing to the generic manager. - passing dwell, and idle directly to connection table. - adjusted all dead time structures, the system supports a map(string)interface{} of various dead time counters - this version also supports variable sized buffers for each request by using the bufio.reader - we peek all, and then pass everything down the channel we have. - I am wondering if this will be a problem is someone just starts pouring data down never ending. - direct support now for terminating domains - there is a domain for admin, and wss. Each shared the external address listener (testing 9999) Additions - added support for Discard for wedge connections - added support for ReadByte to wedge conn
2017-03-11 20:28:49 +00:00
return
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
}
}