2021-12-29 17:08:30 +00:00
|
|
|
package proxy
|
|
|
|
|
|
|
|
import (
|
2023-09-08 08:35:41 +00:00
|
|
|
"fmt"
|
2024-07-22 10:59:11 +00:00
|
|
|
"net"
|
2021-12-29 17:08:30 +00:00
|
|
|
"os"
|
2024-07-22 04:49:18 +00:00
|
|
|
"regexp"
|
2024-07-22 10:59:11 +00:00
|
|
|
"strconv"
|
2022-01-03 07:24:39 +00:00
|
|
|
|
2022-01-11 15:05:16 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
2024-07-21 07:57:47 +00:00
|
|
|
"github.com/xvzc/SpoofDPI/dns"
|
2022-01-08 06:35:32 +00:00
|
|
|
"github.com/xvzc/SpoofDPI/packet"
|
2023-09-08 08:35:41 +00:00
|
|
|
"github.com/xvzc/SpoofDPI/util"
|
2021-12-29 17:08:30 +00:00
|
|
|
)
|
|
|
|
|
2024-08-14 08:01:14 +00:00
|
|
|
const BufferSize = 1024
|
2024-08-10 16:19:52 +00:00
|
|
|
|
2022-01-08 15:48:19 +00:00
|
|
|
type Proxy struct {
|
2024-07-22 04:49:18 +00:00
|
|
|
addr string
|
|
|
|
port int
|
|
|
|
timeout int
|
|
|
|
resolver *dns.DnsResolver
|
|
|
|
windowSize int
|
2024-08-06 08:48:18 +00:00
|
|
|
allowedPattern []*regexp.Regexp
|
2024-08-08 18:47:34 +00:00
|
|
|
bufferSize int
|
2022-01-08 15:48:19 +00:00
|
|
|
}
|
|
|
|
|
2023-09-08 08:35:41 +00:00
|
|
|
func New(config *util.Config) *Proxy {
|
2022-01-08 15:48:19 +00:00
|
|
|
return &Proxy{
|
2024-07-22 04:49:18 +00:00
|
|
|
addr: *config.Addr,
|
|
|
|
port: *config.Port,
|
|
|
|
timeout: *config.Timeout,
|
|
|
|
windowSize: *config.WindowSize,
|
|
|
|
allowedPattern: config.AllowedPattern,
|
|
|
|
resolver: dns.NewResolver(config),
|
2024-08-14 08:01:14 +00:00
|
|
|
bufferSize: BufferSize,
|
2022-01-08 15:48:19 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-07-22 04:49:18 +00:00
|
|
|
func (pxy *Proxy) Start() {
|
2024-07-22 10:59:11 +00:00
|
|
|
l, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.ParseIP(pxy.addr), Port: pxy.port})
|
2021-12-29 17:08:30 +00:00
|
|
|
if err != nil {
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Fatal("[PROXY] Error creating listener: ", err)
|
2022-01-04 16:47:18 +00:00
|
|
|
os.Exit(1)
|
2021-12-29 17:08:30 +00:00
|
|
|
}
|
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
if pxy.timeout > 0 {
|
|
|
|
log.Println(fmt.Sprintf("[PROXY] Connection timeout is set to %dms", pxy.timeout))
|
|
|
|
}
|
2023-09-08 08:35:41 +00:00
|
|
|
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Println("[PROXY] Created a listener on port", pxy.port)
|
2024-08-06 08:48:18 +00:00
|
|
|
if len(pxy.allowedPattern) > 0 {
|
2024-08-08 18:47:34 +00:00
|
|
|
log.Println("[PROXY] Number of white-listed pattern:", len(pxy.allowedPattern))
|
2024-08-06 08:48:18 +00:00
|
|
|
}
|
2021-12-29 17:08:30 +00:00
|
|
|
|
2022-01-04 16:47:18 +00:00
|
|
|
for {
|
2022-01-10 19:27:12 +00:00
|
|
|
conn, err := l.Accept()
|
2021-12-29 17:08:30 +00:00
|
|
|
if err != nil {
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Fatal("[PROXY] Error accepting connection: ", err)
|
2021-12-29 17:08:30 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2022-01-04 16:47:18 +00:00
|
|
|
go func() {
|
2024-08-14 08:01:14 +00:00
|
|
|
pkt, err := packet.ReadHttpPacket(conn)
|
2022-11-29 07:54:28 +00:00
|
|
|
if err != nil {
|
2024-08-08 22:07:29 +00:00
|
|
|
log.Debug("[PROXY] Error while parsing request: ", string(pkt.Raw()))
|
2024-07-22 10:59:11 +00:00
|
|
|
conn.Close()
|
2022-11-29 07:54:28 +00:00
|
|
|
return
|
|
|
|
}
|
2022-01-07 15:39:58 +00:00
|
|
|
|
2024-08-14 08:01:14 +00:00
|
|
|
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(pkt.Raw()))
|
|
|
|
|
2022-01-11 17:15:45 +00:00
|
|
|
if !pkt.IsValidMethod() {
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Debug("[PROXY] Unsupported method: ", pkt.Method())
|
|
|
|
conn.Close()
|
2024-07-22 04:49:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-08-08 18:47:34 +00:00
|
|
|
matched := pxy.patternMatches([]byte(pkt.Domain()))
|
|
|
|
useSystemDns := !matched
|
2024-08-06 08:48:18 +00:00
|
|
|
|
|
|
|
ip, err := pxy.resolver.Lookup(pkt.Domain(), useSystemDns)
|
2024-07-22 04:49:18 +00:00
|
|
|
if err != nil {
|
2024-08-06 08:48:18 +00:00
|
|
|
log.Debug("[PROXY] Error while dns lookup: ", pkt.Domain(), " ", err)
|
2024-07-22 04:49:18 +00:00
|
|
|
conn.Write([]byte(pkt.Version() + " 502 Bad Gateway\r\n\r\n"))
|
2024-07-22 10:59:11 +00:00
|
|
|
conn.Close()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Avoid recursively querying self
|
|
|
|
if pkt.Port() == strconv.Itoa(pxy.port) && isLoopedRequest(net.ParseIP(ip)) {
|
2024-07-22 11:24:35 +00:00
|
|
|
log.Error("[PROXY] Looped request has been detected. aborting.")
|
2024-07-22 10:59:11 +00:00
|
|
|
conn.Close()
|
2022-01-07 14:04:09 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-01-11 17:15:45 +00:00
|
|
|
if pkt.IsConnectMethod() {
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Debug("[PROXY] Start HTTPS")
|
2024-08-06 08:48:18 +00:00
|
|
|
pxy.handleHttps(conn.(*net.TCPConn), matched, pkt, ip)
|
2022-01-04 16:47:18 +00:00
|
|
|
} else {
|
2024-07-22 10:59:11 +00:00
|
|
|
log.Debug("[PROXY] Start HTTP")
|
2024-07-22 11:58:30 +00:00
|
|
|
pxy.handleHttp(conn.(*net.TCPConn), pkt, ip)
|
2022-01-04 16:47:18 +00:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
2021-12-29 17:08:30 +00:00
|
|
|
}
|
2024-07-22 10:59:11 +00:00
|
|
|
|
2024-08-06 08:48:18 +00:00
|
|
|
func (pxy *Proxy) patternMatches(bytes []byte) bool {
|
|
|
|
if pxy.allowedPattern == nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, pattern := range pxy.allowedPattern {
|
|
|
|
if pattern.Match(bytes) {
|
2024-08-08 18:47:34 +00:00
|
|
|
return true
|
|
|
|
}
|
2024-08-06 08:48:18 +00:00
|
|
|
}
|
|
|
|
|
2024-08-08 18:47:34 +00:00
|
|
|
return false
|
2024-08-06 08:48:18 +00:00
|
|
|
}
|
|
|
|
|
2024-07-22 10:59:11 +00:00
|
|
|
func isLoopedRequest(ip net.IP) bool {
|
|
|
|
// we don't handle IPv6 at all it seems
|
|
|
|
if ip.To4() == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if ip.IsLoopback() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get list of available addresses
|
|
|
|
// See `ip -4 addr show`
|
|
|
|
addr, err := net.InterfaceAddrs() // needs AF_NETLINK on linux
|
|
|
|
if err != nil {
|
|
|
|
log.Error("[PROXY] Error while getting addresses of our network interfaces: ", err)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, addr := range addr {
|
|
|
|
if ipnet, ok := addr.(*net.IPNet); ok {
|
|
|
|
if ipnet.IP.To4() != nil && ipnet.IP.To4().Equal(ip) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|