Merge pull request #133 from LiquidTheDangerous/client-hello-fix/main

perf: reuse allocated buffer
This commit is contained in:
xvzc 2024-08-14 16:23:50 +09:00 committed by GitHub
commit c76e21cec0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 123 additions and 63 deletions

View File

@ -2,6 +2,7 @@ package packet
import ( import (
"bufio" "bufio"
"io"
"net" "net"
"net/http" "net/http"
"strings" "strings"
@ -56,12 +57,16 @@ func ParseUrl(raw []byte) {
} }
func NewHttpPacket(raw []byte) (*HttpPacket, error) { func NewHttpPacketFromReader(rdr io.Reader) (*HttpPacket, error) {
pkt := &HttpPacket{raw: raw} sb := strings.Builder{}
tee := io.TeeReader(rdr, &sb)
pkt.parse() p := &HttpPacket{}
err := parse(p, bufio.NewReader(tee))
return pkt, nil if err != nil {
return nil, err
}
p.raw = []byte(sb.String())
return p, nil
} }
func (p *HttpPacket) Raw() []byte { func (p *HttpPacket) Raw() []byte {
@ -123,8 +128,7 @@ func (p *HttpPacket) Tidy() {
p.raw = []byte(result) p.raw = []byte(result)
} }
func (p *HttpPacket) parse() error { func parse(p *HttpPacket, reader *bufio.Reader) error {
reader := bufio.NewReader(strings.NewReader(string(p.raw)))
request, err := http.ReadRequest(reader) request, err := http.ReadRequest(reader)
if err != nil { if err != nil {
return err return err
@ -152,6 +156,5 @@ func (p *HttpPacket) parse() error {
} }
request.Body.Close() request.Body.Close()
return nil return nil
} }

66
proxy/client_hello.go Normal file
View File

@ -0,0 +1,66 @@
package proxy
import (
"encoding/binary"
"io"
)
const headerLen = 5
type TLSMessageType byte
const (
TLSInvalid TLSMessageType = 0x0
TLSChangeCipherSpec TLSMessageType = 0x14
TLSAlert TLSMessageType = 0x15
TLSHandshake TLSMessageType = 0x16
TLSApplicationData TLSMessageType = 0x17
TLSHeartbeat TLSMessageType = 0x18
)
type TlsMessage struct {
Header TlsHeader
Raw []byte //Header + Payload
RawHeader []byte
RawPayload []byte
}
type TlsHeader struct {
Type TLSMessageType
ProtoVersion uint16 // major | minor
PayloadLen uint16
}
func ReadTlsMessage(r io.Reader) (*TlsMessage, error) {
var rawHeader [5]byte
_, err := io.ReadFull(r, rawHeader[:])
if err != nil {
return nil, err
}
header := TlsHeader{
Type: TLSMessageType(rawHeader[0]),
ProtoVersion: binary.BigEndian.Uint16(rawHeader[1:3]),
PayloadLen: binary.BigEndian.Uint16(rawHeader[3:5]),
}
raw := make([]byte, header.PayloadLen+headerLen)
copy(raw[0:headerLen], rawHeader[:])
_, err = io.ReadFull(r, raw[headerLen:])
if err != nil {
return nil, err
}
hello := &TlsMessage{
Header: header,
Raw: raw,
RawHeader: raw[:headerLen],
RawPayload: raw[headerLen:],
}
return hello, nil
}
func IsClientHello(message *TlsMessage) bool {
// According to RFC 8446 section 4.
// first byte (Raw[5]) of handshake message should be 0x1 - means client_hello
return message.Header.Type == TLSHandshake &&
message.Raw[5] == 0x1
}

View File

@ -39,7 +39,7 @@ func (pxy *Proxy) handleHttp(lConn *net.TCPConn, pkt *packet.HttpPacket, ip stri
log.Debug("[HTTP] New connection to the server ", pkt.Domain(), " ", rConn.LocalAddr()) log.Debug("[HTTP] New connection to the server ", pkt.Domain(), " ", rConn.LocalAddr())
go Serve(rConn, lConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout) go Serve(rConn, lConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout, pxy.bufferSize)
_, err = rConn.Write(pkt.Raw()) _, err = rConn.Write(pkt.Raw())
if err != nil { if err != nil {
@ -49,5 +49,5 @@ func (pxy *Proxy) handleHttp(lConn *net.TCPConn, pkt *packet.HttpPacket, ip stri
log.Debug("[HTTP] Sent a request to ", pkt.Domain()) log.Debug("[HTTP] Sent a request to ", pkt.Domain())
Serve(lConn, rConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout) Serve(lConn, rConn, "[HTTP]", lConn.RemoteAddr().String(), pkt.Domain(), pxy.timeout, pxy.bufferSize)
} }

View File

@ -45,11 +45,12 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr()) log.Debug("[HTTPS] Sent 200 Connection Estabalished to ", lConn.RemoteAddr())
// Read client hello // Read client hello
clientHello, err := ReadBytes(lConn) m, err := ReadTlsMessage(lConn)
if err != nil { if err != nil || !IsClientHello(m) {
log.Debug("[HTTPS] Error reading client hello from the client", err) log.Debug("[HTTPS] Error reading client hello from the client", err)
return return
} }
clientHello := m.Raw
log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes") log.Debug("[HTTPS] Client sent hello ", len(clientHello), "bytes")
@ -60,7 +61,7 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
// lConn.SetLinger(3) // lConn.SetLinger(3)
// rConn.SetLinger(3) // rConn.SetLinger(3)
go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout) go Serve(rConn, lConn, "[HTTPS]", rConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
if exploit { if exploit {
log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain()) log.Debug("[HTTPS] Writing chunked client hello to ", initPkt.Domain())
@ -77,7 +78,7 @@ func (pxy *Proxy) handleHttps(lConn *net.TCPConn, exploit bool, initPkt *packet.
} }
} }
Serve(lConn, rConn, "[HTTPS]", lConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout) Serve(lConn, rConn, "[HTTPS]", lConn.RemoteAddr().String(), initPkt.Domain(), pxy.timeout, pxy.bufferSize)
} }
func splitInChunks(bytes []byte, size int) [][]byte { func splitInChunks(bytes []byte, size int) [][]byte {

View File

@ -9,8 +9,6 @@ import (
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
) )
const BUF_SIZE = 1024
func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) { func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
total := 0 total := 0
for i := 0; i < len(c); i++ { for i := 0; i < len(c); i++ {
@ -25,37 +23,27 @@ func WriteChunks(conn *net.TCPConn, c [][]byte) (n int, err error) {
return total, nil return total, nil
} }
func ReadBytes(conn *net.TCPConn) ([]byte, error) { func ReadBytes(conn *net.TCPConn, dest []byte) ([]byte, error) {
ret := make([]byte, 0) n, err := readBytesInternal(conn, dest)
buf := make([]byte, BUF_SIZE) return dest[:n], err
}
for { func readBytesInternal(conn *net.TCPConn, dest []byte) (int, error) {
n, err := conn.Read(buf) totalRead, err := conn.Read(dest)
if err != nil { if err != nil {
switch err.(type) { switch err.(type) {
case *net.OpError: case *net.OpError:
return nil, errors.New("timed out") return totalRead, errors.New("timed out")
default: default:
return nil, err return totalRead, err
} }
} }
ret = append(ret, buf[:n]...) return totalRead, nil
if n < BUF_SIZE {
break
}
} }
if len(ret) == 0 { func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td string, timeout int, bufferSize int) {
return nil, io.EOF
}
return ret, nil
}
func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td string, timeout int) {
proto += " " proto += " "
buf := make([]byte, bufferSize)
for { for {
if timeout > 0 { if timeout > 0 {
from.SetReadDeadline( from.SetReadDeadline(
@ -63,7 +51,7 @@ func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td strin
) )
} }
buf, err := ReadBytes(from) bytesRead, err := ReadBytes(from, buf)
if err != nil { if err != nil {
if err == io.EOF { if err == io.EOF {
log.Debug(proto, "Finished ", fd) log.Debug(proto, "Finished ", fd)
@ -73,7 +61,7 @@ func Serve(from *net.TCPConn, to *net.TCPConn, proto string, fd string, td strin
return return
} }
if _, err := to.Write(buf); err != nil { if _, err := to.Write(bytesRead); err != nil {
log.Debug(proto, "Error Writing to ", td) log.Debug(proto, "Error Writing to ", td)
return return
} }

View File

@ -13,6 +13,8 @@ import (
"github.com/xvzc/SpoofDPI/util" "github.com/xvzc/SpoofDPI/util"
) )
const BUFFER_SIZE = 1024
type Proxy struct { type Proxy struct {
addr string addr string
port int port int
@ -20,6 +22,7 @@ type Proxy struct {
resolver *dns.DnsResolver resolver *dns.DnsResolver
windowSize int windowSize int
allowedPattern []*regexp.Regexp allowedPattern []*regexp.Regexp
bufferSize int
} }
func New(config *util.Config) *Proxy { func New(config *util.Config) *Proxy {
@ -30,6 +33,7 @@ func New(config *util.Config) *Proxy {
windowSize: *config.WindowSize, windowSize: *config.WindowSize,
allowedPattern: config.AllowedPattern, allowedPattern: config.AllowedPattern,
resolver: dns.NewResolver(config), resolver: dns.NewResolver(config),
bufferSize: BUFFER_SIZE,
} }
} }
@ -57,16 +61,15 @@ func (pxy *Proxy) Start() {
} }
go func() { go func() {
b, err := ReadBytes(conn.(*net.TCPConn)) pkt, err := packet.NewHttpPacketFromReader(conn)
if err != nil { if err != nil {
return return
} }
log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(b)) log.Debug("[PROXY] Request from ", conn.RemoteAddr(), "\n\n", string(pkt.Raw()))
pkt, err := packet.NewHttpPacket(b)
if err != nil { if err != nil {
log.Debug("[PROXY] Error while parsing request: ", string(b)) log.Debug("[PROXY] Error while parsing request: ", string(pkt.Raw()))
conn.Close() conn.Close()
return return
} }

View File

@ -58,7 +58,6 @@ when not given, the client hello packet will be sent in two parts:
fragmentation for the first data packet and the rest fragmentation for the first data packet and the rest
`) `)
config.Version = flag.Bool("v", false, "print spoof-dpi's version; this may contain some other relevant information") config.Version = flag.Bool("v", false, "print spoof-dpi's version; this may contain some other relevant information")
var allowedPattern StringArray var allowedPattern StringArray
flag.Var( flag.Var(
&allowedPattern, &allowedPattern,