root
/
telebit
mirror of https://github.com/therootcompany/telebit.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
telebit/rvpn/genericlistener/listener_generic.go

447 lines
12 KiB
Go
Raw Normal View History

Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
package genericlistener
import (
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"bytes"
"context"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
"crypto/tls"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"encoding/hex"
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
"encoding/json"
"fmt"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"log"
"net"
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
"strconv"
"strings"
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
"time"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
jwt "github.com/dgrijalva/jwt-go"
"github.com/gorilla/mux"
"github.com/gorilla/websocket"
"net/http"
"bufio"
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
"git.daplie.com/Daplie/go-rvpn-server/rvpn/packer"
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
type contextKey string
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
//CtxConnectionTrack
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
const (
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
ctxSecretKey contextKey = "secretKey"
ctxConnectionTable contextKey = "connectionTable"
ctxConfig contextKey = "config"
ctxDeadTime contextKey = "deadtime"
ctxListenerRegistration contextKey = "listenerRegistration"
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
ctxConnectionTrack contextKey = "connectionTrack"
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
ctxWssHostName contextKey = "wsshostname"
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
)
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
const (
encryptNone int = iota
encryptSSLV2
encryptSSLV3
encryptTLS10
encryptTLS11
encryptTLS12
)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
//GenericListenAndServe -- used to lisen for any https traffic on 443 (8443)
// - setup generic TCP listener, unencrypted TCP, with a Deadtime out
// - leaverage the wedgeConn to peek into the buffer.
// - if TLS, consume connection with TLS certbundle, pass to request identifier
// - else, just pass to the request identififer
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
func GenericListenAndServe(ctx context.Context, listenerRegistration *ListenerRegistration) {
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
loginfo.Println(":" + string(listenerRegistration.port))
listenAddr, err := net.ResolveTCPAddr("tcp", ":"+strconv.Itoa(listenerRegistration.port))
deadTime := ctx.Value(ctxDeadTime).(int)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if nil != err {
loginfo.Println(err)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
return
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
ln, err := net.ListenTCP("tcp", listenAddr)
if err != nil {
loginfo.Println("unable to bind", err)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
listenerRegistration.status = listenerFault
listenerRegistration.err = err
listenerRegistration.commCh <- listenerRegistration
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
listenerRegistration.status = listenerAdded
listenerRegistration.commCh <- listenerRegistration
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
for {
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
select {
case <-ctx.Done():
loginfo.Println("Cancel signal hit")
return
default:
ln.SetDeadline(time.Now().Add(time.Duration(deadTime) * time.Second))
conn, err := ln.Accept()
loginfo.Println("Deadtime reached")
if nil != err {
if opErr, ok := err.(*net.OpError); ok && opErr.Timeout() {
continue
}
log.Println(err)
return
}
wedgeConn := NewWedgeConn(conn)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
go handleConnection(ctx, wedgeConn)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
}
}
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
//handleConnection -
// - accept a wedgeConnection along with all the other required attritvues
// - peek into the buffer, determine TLS or unencrypted
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
// - if TSL, then terminate with a TLS endpoint, pass to handleStream
// - if clearText, pass to handleStream
func handleConnection(ctx context.Context, wConn *WedgeConn) {
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
defer wConn.Close()
peekCnt := 10
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
encryptMode := encryptNone
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
loginfo.Println("conn", wConn, wConn.LocalAddr().String(), wConn.RemoteAddr().String())
peek, err := wConn.Peek(peekCnt)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if err != nil {
loginfo.Println("error while peeking")
return
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
//take a look for a TLS header.
if bytes.Contains(peek[0:0], []byte{0x80}) && bytes.Contains(peek[2:4], []byte{0x01, 0x03}) {
encryptMode = encryptSSLV2
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x00}) {
encryptMode = encryptSSLV3
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x01}) {
encryptMode = encryptTLS10
loginfo.Println("TLS10")
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x02}) {
encryptMode = encryptTLS11
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x03}) {
encryptMode = encryptTLS12
}
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
oneConn := &oneConnListener{wConn}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
config := ctx.Value(ctxConfig).(*tls.Config)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if encryptMode == encryptSSLV2 {
loginfo.Println("SSLv2 is not accepted")
return
} else if encryptMode != encryptNone {
loginfo.Println("Handle Encryption")
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
// check SNI heading
// if matched, then looks like a WSS connection
// else external don't pull off TLS.
peek, err := wConn.PeekAll()
if err != nil {
loginfo.Println("error while peeking")
loginfo.Println(hex.Dump(peek[0:]))
return
}
wssHostName := ctx.Value(ctxWssHostName).(string)
sniHostName, err := getHello(peek)
if err != nil {
loginfo.Println(err)
return
}
loginfo.Println("sni:", sniHostName)
if wssHostName != sniHostName {
//traffic not terminating on the rvpn do not decrypt
loginfo.Println("processing non terminating traffic")
handleExternalHTTPRequest(ctx, wConn, sniHostName)
}
loginfo.Println("processing traffic terminating on RVPN")
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
tlsListener := tls.NewListener(oneConn, config)
conn, err := tlsListener.Accept()
if err != nil {
loginfo.Println(err)
return
}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
tlsWedgeConn := NewWedgeConn(conn)
handleStream(ctx, tlsWedgeConn)
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
loginfo.Println("Handle Unencrypted")
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
handleStream(ctx, wConn)
Support for generic listeners, with protocol detection - connectionWedge supports reading from a connection without consuming bytes (peeking) - allowing protocol detection - was still connections to 3502, it will support any port (443), admin follows this port. - matches RVPN.DAPLIE.INVALID and redirects to admin — AJ to provide authentication framework. - api/servers is also served by this path as we’ll. - listener_generic is the beginngins of protocol detections. - listener_wedge is an matches the net.Listener interface, and allows passing to other processes an already accepted connection - this does not work for HTTP for some reason. - spent a lot of time trying to figure out why. Posted to go-nuts
2017-02-25 05:56:40 +00:00
return
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
//handleStream --
// - we have an unencrypted stream connection with the ability to peek
// - attempt to identify HTTP
// - handle http
// - attempt to identify as WSS session
// - attempt to identify as ADMIN/API session
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
// - else handle as raw http
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
// - handle other?
func handleStream(ctx context.Context, wConn *WedgeConn) {
loginfo.Println("handle Stream")
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
loginfo.Println("conn", wConn.LocalAddr().String(), wConn.RemoteAddr().String())
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
Fixed PeekAll - added to handleStream for protocol detection
2017-02-26 18:40:10 +00:00
peek, err := wConn.PeekAll()
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
if err != nil {
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
loginfo.Println("error while peeking", err)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
loginfo.Println(hex.Dump(peek[0:]))
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
return
}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
// HTTP Identifcation
if bytes.Contains(peek[:], []byte{0x0d, 0x0a}) {
//string protocol
if bytes.ContainsAny(peek[:], "HTTP/") {
loginfo.Println("identifed HTTP")
r, err := http.ReadRequest(bufio.NewReader(bytes.NewReader(peek)))
if err != nil {
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
loginfo.Println("identifed as HTTP, failed request parsing", err)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
return
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
// do we have a valid wss_client?
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
secretKey := ctx.Value(ctxSecretKey).(string)
tokenString := r.URL.Query().Get("access_token")
result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(secretKey), nil
})
if err == nil && result.Valid {
loginfo.Println("Valid WSS dected...sending to handler")
oneConn := &oneConnListener{wConn}
handleWssClient(ctx, oneConn)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
//do we have a invalid domain indicating Admin?
//if yes, prep the oneConn and send it to the handler
} else if strings.Contains(r.Host, "rvpn.daplie.invalid") {
loginfo.Println("admin")
oneConn := &oneConnListener{wConn}
handleAdminClient(ctx, oneConn)
return
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
} else {
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
loginfo.Println("unsupported")
loginfo.Println(hex.Dump(peek))
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
return
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
}
}
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
//handleExternalHTTPRequest -
// - get a wConn and start processing requests
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
func handleExternalHTTPRequest(ctx context.Context, extConn net.Conn, hostname string) {
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
connectionTracking := ctx.Value(ctxConnectionTrack).(*Tracking)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
defer func() {
Implemented Docker Container Testing. - a few other minor fixes. - removed RVPNMAIN - there is a bunch of other clean up I want to do…
2017-03-04 18:18:08 +00:00
connectionTracking.unregister <- extConn
extConn.Close()
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
}()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
connectionTable := ctx.Value(ctxConnectionTable).(*Table)
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
//find the connection by domain name
conn, ok := connectionTable.ConnByDomain(hostname)
if !ok {
//matching connection can not be found based on ConnByDomain
loginfo.Println("unable to match ", hostname, " to an existing connection")
//http.Error(, "Domain not supported", http.StatusBadRequest)
return
}
track := NewTrack(extConn, hostname)
connectionTracking.register <- track
loginfo.Println("Domain Accepted", hostname, extConn.RemoteAddr().String())
rAddr, rPort, err := net.SplitHostPort(extConn.RemoteAddr().String())
if err != nil {
loginfo.Println("unable to decode hostport", extConn.RemoteAddr().String())
return
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
var buffer [512]byte
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
for {
Implemented Docker Container Testing. - a few other minor fixes. - removed RVPNMAIN - there is a bunch of other clean up I want to do…
2017-03-04 18:18:08 +00:00
cnt, err := extConn.Read(buffer[0:])
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
if err != nil {
return
}
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
p := packer.NewPacker()
p.Header.SetAddress(rAddr)
p.Header.Port, err = strconv.Atoi(rPort)
if err != nil {
loginfo.Println("Unable to set Remote port", err)
return
}
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
p.Header.Service = "http"
p.Data.AppendBytes(buffer[0:cnt])
buf := p.PackV1()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
got non-terminating traffic identified, and used SNI to figure direction
2017-03-11 05:36:42 +00:00
loginfo.Println(hex.Dump(buf.Bytes()))
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
sendTrack := NewSendTrack(buf.Bytes(), hostname)
Debugging, return traffic is coming back, unpacker build - it does not look like the client is limiting the amount of traffic coming in, and it does not look like it is chunking. - need to know the max chunk. - increased to 64K - unpacker code v1 - fixed packer logging.
2017-03-02 03:02:20 +00:00
conn.SendCh() <- sendTrack
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
}
}
//handleAdminClient -
// - expecting an existing oneConnListener with a qualified wss client connected.
// - auth will happen again since we were just peeking at the token.
func handleAdminClient(ctx context.Context, oneConn *oneConnListener) {
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
connectionTable := ctx.Value(ctxConnectionTable).(*Table)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
router := mux.NewRouter().StrictSlash(true)
router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
loginfo.Println("HandleFunc /")
switch url := r.URL.Path; url {
case "/":
// check to see if we are using the administrative Host
if strings.Contains(r.Host, "rvpn.daplie.invalid") {
http.Redirect(w, r, "/admin", 301)
}
default:
http.Error(w, "Not Found", 404)
}
})
router.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
fmt.Fprintln(w, "<html>Welcome..press <a href=/api/servers>Servers</a> to access stats</html>")
})
router.HandleFunc("/api/servers", func(w http.ResponseWriter, r *http.Request) {
fmt.Println("here")
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
serverContainer := NewServerAPIContainer()
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
for c := range connectionTable.Connections() {
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
serverAPI := NewServerAPI(c)
Added support for a Listener Manager - I anticipated having to bring up new listeners as tunnel-clients connect allowing different port use for a single domain - completed the code, however did not see any port information coming back from WSS client. - opened an issue with AJ. - all listeners are now dynamically generated. The run method takes an initial port, once functioning, the runner send down the channel a registration for the initial port.
2017-02-26 23:27:38 +00:00
serverContainer.Servers = append(serverContainer.Servers, serverAPI)
}
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
json.NewEncoder(w).Encode(serverContainer)
})
s := &http.Server{
Addr: ":80",
Handler: router,
}
err := s.Serve(oneConn)
if err != nil {
loginfo.Println("Serve error: ", err)
}
select {
case <-ctx.Done():
loginfo.Println("Cancel signal hit")
return
}
}
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
//handleWssClient -
// - expecting an existing oneConnListener with a qualified wss client connected.
// - auth will happen again since we were just peeking at the token.
func handleWssClient(ctx context.Context, oneConn *oneConnListener) {
secretKey := ctx.Value(ctxSecretKey).(string)
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
connectionTable := ctx.Value(ctxConnectionTable).(*Table)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
router := mux.NewRouter().StrictSlash(true)
router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
loginfo.Println("HandleFunc /")
switch url := r.URL.Path; url {
case "/":
loginfo.Println("websocket opening ", r.RemoteAddr, " ", r.Host)
tokenString := r.URL.Query().Get("access_token")
result, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return []byte(secretKey), nil
})
if err != nil || !result.Valid {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte("Not Authorized"))
loginfo.Println("access_token invalid...closing connection")
return
}
claims := result.Claims.(jwt.MapClaims)
domains, ok := claims["domains"].([]interface{})
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
var upgrader = websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
conn, err := upgrader.Upgrade(w, r, nil)
if err != nil {
loginfo.Println("WebSocket upgrade failed", err)
return
}
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
loginfo.Println("before connection table")
Generic Listener supporting unencrypted, encrypted, with TLS version detection before TLS Accept - added support for context passing between the various functions - support for withCancel, allowing administrative canceling, and a clean up of Go Routines. - generic listener now supports a single port for both encrypted and clear text protocols. - employee the buffered wedge connection for peaking into the protocol - implementation of the oneListener. - when TLS, leveraged the NewListener which uses oneListener as n inner lister. - once the stream is decrypted, or if it was already clear text it is passed to handleStream which performs application detection.
2017-02-26 05:17:39 +00:00
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
//newConnection := connection.NewConnection(connectionTable, conn, r.RemoteAddr, domains)
Working version of RVPN - got too cute with the package names, needed to bring everything into one package, except for packer. - system is passing traffic now, ran a load test generating 1000 connections, seems ok. - removed a lot of message logging since traffic is passing.
2017-03-03 00:47:59 +00:00
connectionTrack := ctx.Value(ctxConnectionTrack).(*Tracking)
newRegistration := NewRegistration(conn, r.RemoteAddr, domains, connectionTrack)
WSS Client now working with protocol detection - added support for PeekAll…still not working 100%. - passing important values inside the context, no longer on arguments - stream handler now detects wss_client, validates the token to make sure. - then passes to was handler which invokes http.Server with oneConnListener - removing listener wedge, going to stay with oneConnListener. It is working.
2017-02-26 18:35:06 +00:00
connectionTable.Register() <- newRegistration
ok = <-newRegistration.CommCh()
if !ok {
loginfo.Println("connection registration failed ", newRegistration)
return
}
loginfo.Println("connection registration accepted ", newRegistration)
}
})
s := &http.Server{
Addr: ":80",
Handler: router,
}
err := s.Serve(oneConn)
if err != nil {
loginfo.Println("Serve error: ", err)
}
select {
case <-ctx.Done():
loginfo.Println("Cancel signal hit")
return
}
}