forked from jpillora/go-tcp-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
proxy.go
168 lines (146 loc) · 3.23 KB
/
proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
package proxy
import (
"crypto/tls"
"crypto/x509"
"io"
"net"
)
// Proxy - Manages a Proxy connection, piping data between local and remote.
type Proxy struct {
sentBytes uint64
receivedBytes uint64
laddr, raddr *net.TCPAddr
lconn, rconn io.ReadWriteCloser
erred bool
errsig chan bool
tlsUnwrapp bool
tlsAddress string
Matcher func([]byte)
Replacer func([]byte) []byte
// Settings
Nagles bool
Log Logger
OutputHex bool
PemCert string
}
// New - Create a new Proxy instance. Takes over local connection passed in,
// and closes it when finished.
func New(lconn *net.TCPConn, laddr, raddr *net.TCPAddr) *Proxy {
return &Proxy{
lconn: lconn,
laddr: laddr,
raddr: raddr,
erred: false,
errsig: make(chan bool),
Log: NullLogger{},
}
}
// NewTLSUnwrapped - Create a new Proxy instance with a remote TLS server for
// which we want to unwrap the TLS to be able to connect without encryption
// locally
func NewTLSUnwrapped(lconn *net.TCPConn, laddr, raddr *net.TCPAddr, addr string) *Proxy {
p := New(lconn, laddr, raddr)
p.tlsUnwrapp = true
p.tlsAddress = addr
return p
}
type setNoDelayer interface {
SetNoDelay(bool) error
}
// Start - open connection to remote and start proxying data.
func (p *Proxy) Start() {
defer p.lconn.Close()
var err error
//connect to remote
if p.tlsUnwrapp {
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(p.PemCert))
if !ok {
panic("failed to parse root certificate")
}
p.rconn, err = tls.Dial("tcp", p.tlsAddress, &tls.Config{
RootCAs: roots,
})
} else {
p.rconn, err = net.DialTCP("tcp", nil, p.raddr)
}
if err != nil {
p.Log.Warn("Remote connection failed: %s", err)
return
}
defer p.rconn.Close()
//nagles?
if p.Nagles {
if conn, ok := p.lconn.(setNoDelayer); ok {
conn.SetNoDelay(true)
}
if conn, ok := p.rconn.(setNoDelayer); ok {
conn.SetNoDelay(true)
}
}
//display both ends
p.Log.Info("Opened %s >>> %s", p.laddr.String(), p.raddr.String())
//bidirectional copy
go p.pipe(p.lconn, p.rconn)
go p.pipe(p.rconn, p.lconn)
//wait for close...
<-p.errsig
p.Log.Info("Closed (%d bytes sent, %d bytes recieved)", p.sentBytes, p.receivedBytes)
}
func (p *Proxy) err(s string, err error) {
if p.erred {
return
}
if err != io.EOF {
p.Log.Warn(s, err)
}
p.errsig <- true
p.erred = true
}
func (p *Proxy) pipe(src, dst io.ReadWriter) {
islocal := src == p.lconn
var dataDirection string
if islocal {
dataDirection = ">>> %d bytes sent%s"
} else {
dataDirection = "<<< %d bytes recieved%s"
}
var byteFormat string
if p.OutputHex {
byteFormat = "%x"
} else {
byteFormat = "%s"
}
//directional copy (64k buffer)
buff := make([]byte, 0xffff)
for {
n, err := src.Read(buff)
if err != nil {
p.err("Read failed '%s'\n", err)
return
}
b := buff[:n]
//execute match
if p.Matcher != nil {
p.Matcher(b)
}
//execute replace
if p.Replacer != nil {
b = p.Replacer(b)
}
//show output
p.Log.Debug(dataDirection, n, "")
p.Log.Trace(byteFormat, b)
//write out result
n, err = dst.Write(b)
if err != nil {
p.err("Write failed '%s'\n", err)
return
}
if islocal {
p.sentBytes += uint64(n)
} else {
p.receivedBytes += uint64(n)
}
}
}