add handle options for sniffer

This commit is contained in:
ginuerzh
2024-10-10 22:49:56 +08:00
parent 9a56c8fba3
commit 8f994ab632
94 changed files with 416 additions and 240 deletions
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
const (
+1 -1
View File
@@ -2,7 +2,7 @@ package file
import (
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
type metadata struct {
+31 -2
View File
@@ -1,16 +1,27 @@
package local
import (
"crypto"
"crypto/tls"
"crypto/x509"
"time"
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
type metadata struct {
readTimeout time.Duration
readTimeout time.Duration
sniffing bool
sniffingTimeout time.Duration
certificate *x509.Certificate
privateKey crypto.PrivateKey
alpn string
mitmBypass bypass.Bypass
}
func (h *forwardHandler) parseMetadata(md mdata.Metadata) (err error) {
@@ -18,7 +29,25 @@ func (h *forwardHandler) parseMetadata(md mdata.Metadata) (err error) {
if h.md.readTimeout <= 0 {
h.md.readTimeout = 15 * time.Second
}
h.md.sniffing = mdutil.GetBool(md, "sniffing")
h.md.sniffingTimeout = mdutil.GetDuration(md, "sniffing.timeout")
certFile := mdutil.GetString(md, "mitm.certFile", "mitm.caCertFile")
keyFile := mdutil.GetString(md, "mitm.keyFile", "mitm.caKeyFile")
if certFile != "" && keyFile != "" {
tlsCert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err
}
h.md.certificate, err = x509.ParseCertificate(tlsCert.Certificate[0])
if err != nil {
return err
}
h.md.privateKey = tlsCert.PrivateKey
}
h.md.alpn = mdutil.GetString(md, "mitm.alpn")
h.md.mitmBypass = registry.BypassRegistry().Get(mdutil.GetString(md, "mitm.bypass"))
return
}
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
type metadata struct {
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
const (
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"strings"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
type metadata struct {
+1 -1
View File
@@ -2,7 +2,7 @@ package file
import (
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
const (
+20 -8
View File
@@ -162,6 +162,9 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
}
if cc == nil {
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", dstAddr.String()) {
return nil, xbypass.ErrBypass
}
var buf bytes.Buffer
cc, err = h.options.Router.Dial(ctxvalue.ContextWithBuffer(ctx, &buf), "tcp", dstAddr.String())
ro.Route = buf.String()
@@ -170,30 +173,39 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
return cc, err
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return dial(ctx, network, address)
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: dial,
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return dial(ctx, network, address)
},
}
conn = xnet.NewReadWriteConn(br, conn, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithBypass(h.options.Bypass),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithBypass(h.options.Bypass),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
+18 -10
View File
@@ -154,31 +154,39 @@ func (h *relayHandler) handleConnect(ctx context.Context, conn net.Conn, network
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, rw, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -9,7 +9,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/internal/util/mux"
"github.com/go-gost/x/registry"
)
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
const (
+31 -20
View File
@@ -112,40 +112,51 @@ func (h *sniHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.
proto, _ := sniffing.Sniff(ctx, br)
ro.Proto = proto
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
var buf bytes.Buffer
cc, err := h.options.Router.Dial(ctxvalue.ContextWithBuffer(ctx, &buf), "tcp", address)
ro.Route = buf.String()
return cc, err
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
var buf bytes.Buffer
cc, err := h.options.Router.Dial(ctxvalue.ContextWithBuffer(ctx, &buf), "tcp", address)
ro.Route = buf.String()
if err != nil {
return nil, err
}
cc = tls.Client(cc, cfg)
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
var buf bytes.Buffer
cc, err := h.options.Router.Dial(ctxvalue.ContextWithBuffer(ctx, &buf), "tcp", address)
ro.Route = buf.String()
return cc, err
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
var buf bytes.Buffer
cc, err := h.options.Router.Dial(ctxvalue.ContextWithBuffer(ctx, &buf), "tcp", address)
ro.Route = buf.String()
if err != nil {
return nil, err
}
cc = tls.Client(cc, cfg)
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, conn, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithBypass(h.options.Bypass),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithBypass(h.options.Bypass),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
default:
return errors.New("unknown traffic")
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
+18 -10
View File
@@ -246,31 +246,39 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, rw, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
+18 -10
View File
@@ -91,31 +91,39 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, networ
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, rw, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -9,7 +9,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/internal/util/mux"
"github.com/go-gost/x/registry"
)
+18 -10
View File
@@ -165,31 +165,39 @@ func (h *ssHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.H
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, conn, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
type metadata struct {
+18 -10
View File
@@ -161,30 +161,38 @@ func (h *forwardHandler) handleDirectForward(ctx context.Context, conn *sshd_uti
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, xnet.NewReadWriteConn(br, conn, conn))
return sniffer.HandleHTTP(ctx, xnet.NewReadWriteConn(br, conn, conn),
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, xnet.NewReadWriteConn(br, conn, conn))
return sniffer.HandleTLS(ctx, xnet.NewReadWriteConn(br, conn, conn),
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)
+1 -1
View File
@@ -2,7 +2,7 @@ package tap
import (
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
type metadata struct {
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"time"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
)
const (
+1 -1
View File
@@ -7,7 +7,7 @@ import (
"github.com/go-gost/core/ingress"
"github.com/go-gost/core/logger"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/core/sd"
"github.com/go-gost/relay"
xingress "github.com/go-gost/x/ingress"
+18 -10
View File
@@ -141,31 +141,39 @@ func (h *unixHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler
conn.SetReadDeadline(time.Time{})
}
dial := func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
}
dialTLS := func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
}
sniffer := &sniffing.Sniffer{
Recorder: h.recorder.Recorder,
RecorderOptions: h.recorder.Options,
RecorderObject: ro,
Certificate: h.md.certificate,
PrivateKey: h.md.privateKey,
NegotiatedProtocol: h.md.alpn,
CertPool: h.certPool,
MitmBypass: h.md.mitmBypass,
ReadTimeout: h.md.readTimeout,
Log: log,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
return cc, nil
},
DialTLS: func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error) {
return cc, nil
},
}
conn = xnet.NewReadWriteConn(br, conn, conn)
switch proto {
case sniffing.ProtoHTTP:
return sniffer.HandleHTTP(ctx, conn)
return sniffer.HandleHTTP(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
case sniffing.ProtoTLS:
return sniffer.HandleTLS(ctx, conn)
return sniffer.HandleTLS(ctx, conn,
sniffing.WithDial(dial),
sniffing.WithDialTLS(dialTLS),
sniffing.WithRecorderObject(ro),
sniffing.WithLog(log),
)
}
}
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"github.com/go-gost/core/bypass"
mdata "github.com/go-gost/core/metadata"
mdutil "github.com/go-gost/core/metadata/util"
mdutil "github.com/go-gost/x/metadata/util"
"github.com/go-gost/x/registry"
)