From c438bf433458fa3ae7c0ef29f6a0fff08a301cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=90=98=F0=9D=90=A8=F0=9D=90=AC=F0=9D=90=9E?= =?UTF-8?q?=F0=9D=90=9B=F0=9D=90=B2=F0=9D=90=AD=F0=9D=90=9E?= <54016243+yosebyte@users.noreply.github.com> Date: Sat, 14 Dec 2024 01:23:13 +0000 Subject: [PATCH] Change to explicit handshake --- internal/tunnel/client.go | 3 +++ internal/tunnel/server.go | 12 ++++++++++-- internal/tunnel/tcp.go | 23 ++++++++++++++++++----- internal/tunnel/udp.go | 37 ++++++++++++++++++++++++++----------- 4 files changed, 57 insertions(+), 18 deletions(-) diff --git a/internal/tunnel/client.go b/internal/tunnel/client.go index 5605f19..c15d539 100644 --- a/internal/tunnel/client.go +++ b/internal/tunnel/client.go @@ -32,6 +32,9 @@ func Client(parsedURL *url.URL) error { return err } defer linkConn.Close() + if err := linkConn.Handshake(); err != nil { + return err + } log.Info("Tunnel connection established to: [%v]", linkAddr) buffer := make([]byte, internal.MaxSignalBuffer) for { diff --git a/internal/tunnel/server.go b/internal/tunnel/server.go index cfb11b0..dbf940a 100644 --- a/internal/tunnel/server.go +++ b/internal/tunnel/server.go @@ -38,13 +38,21 @@ func Server(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) erro return err } defer linkConn.Close() + linkTLS, ok := linkConn.(*tls.Conn) + if !ok { + log.Error("Non-TLS connection received") + return nil + } + if err := linkTLS.Handshake(); err != nil { + return err + } log.Info("Tunnel connection established from: [%v]", linkConn.RemoteAddr().String()) errChan := make(chan error, 2) go func() { - errChan <- ServeTCP(parsedURL, whiteList, linkAddr, targetTCPAddr, linkListen, linkConn) + errChan <- ServeTCP(parsedURL, whiteList, linkAddr, targetTCPAddr, linkListen, linkTLS) }() go func() { - errChan <- ServeUDP(parsedURL, whiteList, linkAddr, targetUDPAddr, linkListen, linkConn) + errChan <- ServeUDP(parsedURL, whiteList, linkAddr, targetUDPAddr, linkListen, linkTLS) }() return <-errChan } diff --git a/internal/tunnel/tcp.go b/internal/tunnel/tcp.go index 233f617..7a1710b 100644 --- a/internal/tunnel/tcp.go +++ b/internal/tunnel/tcp.go @@ -13,7 +13,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen net.Listener, linkConn net.Conn) error { +func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen net.Listener, linkTLS net.Conn) error { targetListen, err := net.ListenTCP("tcp", targetAddr) if err != nil { log.Error("Unable to listen target address: [%v]", targetAddr) @@ -49,7 +49,7 @@ func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net go func(targetConn *net.TCPConn) { defer func() { <-sem }() mu.Lock() - _, err = linkConn.Write([]byte("[PASSPORT]\n")) + _, err = linkTLS.Write([]byte("[PASSPORT]\n")) mu.Unlock() if err != nil { log.Error("Unable to send signal: %v", err) @@ -61,8 +61,17 @@ func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net log.Error("Unable to accept connections form link address: [%v] %v", linkAddr, err) return } + remoteTLS, ok := remoteConn.(*tls.Conn) + if !ok { + log.Error("Non-TLS connection received") + return + } + if err := remoteTLS.Handshake(); err != nil { + log.Error("TLS handshake failed: %v", err) + return + } log.Info("Starting data exchange: [%v] <-> [%v]", clientAddr, targetAddr) - if err := conn.DataExchange(remoteConn, targetConn); err != nil { + if err := conn.DataExchange(remoteTLS, targetConn); err != nil { if err == io.EOF { log.Info("Connection closed successfully: %v", err) } else { @@ -80,13 +89,17 @@ func ClientTCP(linkAddr, targetTCPAddr *net.TCPAddr) { return } log.Info("Target connection established: [%v]", targetTCPAddr) - remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) + remoteTLS, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) if err != nil { log.Error("Unable to dial target address: [%v], %v", linkAddr, err) return } + if err := remoteTLS.Handshake(); err != nil { + log.Error("TLS handshake failed: %v", err) + return + } log.Info("Starting data exchange: [%v] <-> [%v]", linkAddr, targetTCPAddr) - if err := conn.DataExchange(remoteConn, targetConn); err != nil { + if err := conn.DataExchange(remoteTLS, targetConn); err != nil { if err == io.EOF { log.Info("Connection closed successfully: %v", err) } else { diff --git a/internal/tunnel/udp.go b/internal/tunnel/udp.go index 9c73695..1db643c 100644 --- a/internal/tunnel/udp.go +++ b/internal/tunnel/udp.go @@ -11,7 +11,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen net.Listener, linkConn net.Conn) error { +func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen net.Listener, linkTLS net.Conn) error { targetConn, err := net.ListenUDP("udp", targetAddr) if err != nil { log.Error("Unable to listen target address: [%v]", targetAddr) @@ -36,7 +36,7 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta } } mu.Lock() - _, err = linkConn.Write([]byte("[PASSPORT]\n")) + _, err = linkTLS.Write([]byte("[PASSPORT]\n")) mu.Unlock() if err != nil { log.Error("Unable to send signal: %v", err) @@ -49,19 +49,30 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta time.Sleep(1 * time.Second) continue } + remoteTLS, ok := remoteConn.(*tls.Conn) + if !ok { + log.Error("Non-TLS connection received") + time.Sleep(1 * time.Second) + continue + } + if err := remoteTLS.Handshake(); err != nil { + log.Error("TLS handshake failed: %v", err) + time.Sleep(1 * time.Second) + continue + } sem <- struct{}{} - go func(buffer []byte, n int, remoteConn net.Conn, clientAddr *net.UDPAddr) { + go func(buffer []byte, n int, remoteTLS *tls.Conn, clientAddr *net.UDPAddr) { defer func() { <-sem - remoteConn.Close() + remoteTLS.Close() }() log.Info("Starting data transfer: [%v] <-> [%v]", clientAddr, targetAddr) - _, err = remoteConn.Write(buffer[:n]) + _, err = remoteTLS.Write(buffer[:n]) if err != nil { log.Error("Unable to write to link address: [%v] %v", linkAddr, err) return } - n, err = remoteConn.Read(buffer) + n, err = remoteTLS.Read(buffer) if err != nil { log.Error("Unable to read from link address: [%v] %v", linkAddr, err) return @@ -72,20 +83,24 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta return } log.Info("Transfer completed successfully") - }(buffer, n, remoteConn, clientAddr) + }(buffer, n, remoteTLS, clientAddr) } } func ClientUDP(linkAddr *net.TCPAddr, targetUDPAddr *net.UDPAddr) { - remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) + remoteTLS, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) if err != nil { log.Error("Unable to dial target address: [%v] %v", linkAddr, err) return } - defer remoteConn.Close() + defer remoteTLS.Close() + if err := remoteTLS.Handshake(); err != nil { + log.Error("TLS handshake failed: %v", err) + return + } log.Info("Remote connection established: [%v]", linkAddr) buffer := make([]byte, internal.MaxDataBuffer) - n, err := remoteConn.Read(buffer) + n, err := remoteTLS.Read(buffer) if err != nil { log.Error("Unable to read from remote address: [%v] %v", linkAddr, err) return @@ -113,7 +128,7 @@ func ClientUDP(linkAddr *net.TCPAddr, targetUDPAddr *net.UDPAddr) { log.Error("Unable to read from target address: [%v] %v", targetUDPAddr, err) return } - _, err = remoteConn.Write(buffer[:n]) + _, err = remoteTLS.Write(buffer[:n]) if err != nil { log.Error("Unable to write to remote address: [%v] %v", linkAddr, err) return