From 64166bf580fe89c2ab2bf2b8341a62f503ac1902 Mon Sep 17 00:00:00 2001 From: zaferatli Date: Thu, 2 Jan 2025 00:01:32 +0300 Subject: [PATCH 1/9] chore: doc link fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index de6dbbc..e4c0511 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@

-Cloak is a [pluggable transport](https://www.ietf.org/proceedings/103/slides/slides-103-pearg-pt-slides-01) that enhances +Cloak is a [pluggable transport](https://datatracker.ietf.org/meeting/103/materials/slides-103-pearg-pt-slides-01) that enhances traditional proxy tools like OpenVPN to evade [sophisticated censorship](https://en.wikipedia.org/wiki/Deep_packet_inspection) and [data discrimination](https://en.wikipedia.org/wiki/Net_bias). Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing From 07aa197061e3321d7ad39a28379c2d40b24bc101 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Wed, 30 Apr 2025 20:39:09 +0100 Subject: [PATCH 2/9] Go mod tidy --- go.sum | 4 ---- 1 file changed, 4 deletions(-) diff --git a/go.sum b/go.sum index a1e2ec4..eb3f889 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/refraction-networking/utls v1.6.4 h1:aeynTroaYn7y+mFtqv8D0bQ4bw0y9nJHneGxJ7lvRDM= -github.com/refraction-networking/utls v1.6.4/go.mod h1:2VL2xfiqgFAZtJKeUTlf+PSYFs3Eu7km0gCtXJ3m8zs= github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig= github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= @@ -39,8 +37,6 @@ go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= From 9800e3685da578c506c90fac911dccdc89fd9176 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Wed, 30 Apr 2025 20:48:17 +0100 Subject: [PATCH 3/9] Update deps --- go.mod | 24 ++++++++++++------------ go.sum | 50 +++++++++++++++++++++++++++----------------------- 2 files changed, 39 insertions(+), 35 deletions(-) diff --git a/go.mod b/go.mod index 39be8d1..a78fbe7 100644 --- a/go.mod +++ b/go.mod @@ -1,30 +1,30 @@ module github.com/cbeuw/Cloak -go 1.21 +go 1.24 -toolchain go1.22.2 +toolchain go1.24.2 require ( github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3 github.com/gorilla/mux v1.8.1 - github.com/gorilla/websocket v1.5.1 + github.com/gorilla/websocket v1.5.3 github.com/juju/ratelimit v1.0.2 github.com/refraction-networking/utls v1.6.6 github.com/sirupsen/logrus v1.9.3 - github.com/stretchr/testify v1.9.0 - go.etcd.io/bbolt v1.3.9 - golang.org/x/crypto v0.22.0 + github.com/stretchr/testify v1.10.0 + go.etcd.io/bbolt v1.4.0 + golang.org/x/crypto v0.37.0 ) require ( - github.com/andybalholm/brotli v1.0.6 // indirect - github.com/cloudflare/circl v1.3.7 // indirect + github.com/andybalholm/brotli v1.1.1 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/klauspost/compress v1.17.4 // indirect + github.com/klauspost/compress v1.18.0 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sys v0.19.0 // indirect - gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect + github.com/rogpeppe/go-internal v1.14.1 // indirect + golang.org/x/sys v0.32.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index eb3f889..7c83b92 100644 --- a/go.sum +++ b/go.sum @@ -1,23 +1,26 @@ -github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= -github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA= +github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA= github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3 h1:LRxW8pdmWmyhoNh+TxUjxsAinGtCsVGjsl3xg6zoRSs= github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3/go.mod h1:6jR2SzckGv8hIIS9zWJ160mzGVVOYp4AXZMDtacL6LE= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= -github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI= github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -25,28 +28,29 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig= github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= -go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= +github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= +go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk= +go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk= +golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE= +golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20= +golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From d06c208acee50e7acfe88be11139877399c82d24 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Wed, 30 Apr 2025 20:57:23 +0100 Subject: [PATCH 4/9] Fix IP resolution in test --- internal/server/state_test.go | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/internal/server/state_test.go b/internal/server/state_test.go index 7226fe4..6465659 100644 --- a/internal/server/state_test.go +++ b/internal/server/state_test.go @@ -43,13 +43,22 @@ func TestParseRedirAddr(t *testing.T) { t.Errorf("parsing %v error: %v", domainNoPort, err) return } - expHost, err := net.ResolveIPAddr("ip", "example.com") + + expIPs, err := net.LookupIP("example.com") if err != nil { t.Errorf("tester error: cannot resolve example.com: %v", err) return } - if host.String() != expHost.String() { - t.Errorf("expected %v got %v", expHost.String(), host.String()) + + contain := false + for _, expIP := range expIPs { + if expIP.String() == host.String() { + contain = true + } + } + + if !contain { + t.Errorf("expected one of %v got %v", expIPs, host.String()) } if port != "" { t.Errorf("port not empty when there is no port") @@ -63,13 +72,22 @@ func TestParseRedirAddr(t *testing.T) { t.Errorf("parsing %v error: %v", domainWPort, err) return } - expHost, err := net.ResolveIPAddr("ip", "example.com") + + expIPs, err := net.LookupIP("example.com") if err != nil { t.Errorf("tester error: cannot resolve example.com: %v", err) return } - if host.String() != expHost.String() { - t.Errorf("expected %v got %v", expHost.String(), host.String()) + + contain := false + for _, expIP := range expIPs { + if expIP.String() == host.String() { + contain = true + } + } + + if !contain { + t.Errorf("expected one of %v got %v", expIPs, host.String()) } if port != "80" { t.Errorf("wrong port: expected %v, got %v", "80", port) From c15fd730dea1525d2f69c24dd76b5d75fb0b18d1 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Wed, 30 Apr 2025 21:00:54 +0100 Subject: [PATCH 5/9] Update Go in CI --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff85f31..1ce92ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '^1.22' # The Go version to download (if necessary) and use. + go-version: '^1.24' # The Go version to download (if necessary) and use. - run: go test -race -coverprofile coverage.txt -coverpkg ./... -covermode atomic ./... - uses: codecov/codecov-action@v4 with: @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: '^1.22' + go-version: '^1.24' - name: Build Cloak run: make - name: Create configs From 5146ea8503d6a333e995b6e228cb84fd08a396bd Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sat, 7 Jun 2025 11:31:28 +0100 Subject: [PATCH 6/9] Increase server first packet buffer size to 3000 --- internal/server/dispatcher.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/server/dispatcher.go b/internal/server/dispatcher.go index 4285ed3..2633030 100644 --- a/internal/server/dispatcher.go +++ b/internal/server/dispatcher.go @@ -20,6 +20,8 @@ import ( var b64 = base64.StdEncoding.EncodeToString +const firstPacketSize = 3000 + func Serve(l net.Listener, sta *State) { waitDur := [10]time.Duration{ 50 * time.Millisecond, 100 * time.Millisecond, 300 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second, @@ -124,7 +126,7 @@ func readFirstPacket(conn net.Conn, buf []byte, timeout time.Duration) (int, Tra func dispatchConnection(conn net.Conn, sta *State) { var err error - buf := make([]byte, 1500) + buf := make([]byte, firstPacketSize) i, transport, redirOnErr, err := readFirstPacket(conn, buf, 15*time.Second) data := buf[:i] From 51ed286f3503cafa4c667666197e27c99716e7d2 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sat, 7 Jun 2025 11:32:01 +0100 Subject: [PATCH 7/9] Update utls to 1.7.3 --- go.mod | 4 ++-- go.sum | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a78fbe7..09e9560 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cbeuw/Cloak -go 1.24 +go 1.24.0 toolchain go1.24.2 @@ -9,7 +9,7 @@ require ( github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.3 github.com/juju/ratelimit v1.0.2 - github.com/refraction-networking/utls v1.6.6 + github.com/refraction-networking/utls v1.7.3 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 go.etcd.io/bbolt v1.4.0 diff --git a/go.sum b/go.sum index 7c83b92..2bdf5ce 100644 --- a/go.sum +++ b/go.sum @@ -28,6 +28,9 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig= github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= +github.com/refraction-networking/utls v1.7.0/go.mod h1:lV0Gwc1/Fi+HYH8hOtgFRdHfKo4FKSn6+FdyOz9hRms= +github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo= +github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= From 8af137637e646253ceef125e18fada2536404c45 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 8 Jun 2025 18:14:39 +0100 Subject: [PATCH 8/9] Add backwards compatibility fallback to firefox --- internal/client/connector.go | 12 +++++++++++- internal/client/state.go | 24 +++++++++++------------- internal/client/transport.go | 23 +++++++++++++++++++++++ 3 files changed, 45 insertions(+), 14 deletions(-) diff --git a/internal/client/connector.go b/internal/client/connector.go index 9bd1f7b..610ce5b 100644 --- a/internal/client/connector.go +++ b/internal/client/connector.go @@ -21,8 +21,10 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D var wg sync.WaitGroup for i := 0; i < connConfig.NumConn; i++ { wg.Add(1) + transportConfig := connConfig.Transport go func() { makeconn: + transportConn := transportConfig.CreateTransport() remoteConn, err := dialer.Dial("tcp", connConfig.RemoteAddr) if err != nil { log.Errorf("Failed to establish new connections to remote: %v", err) @@ -31,12 +33,20 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D goto makeconn } - transportConn := connConfig.TransportMaker() sk, err := transportConn.Handshake(remoteConn, authInfo) if err != nil { log.Errorf("Failed to prepare connection to remote: %v", err) transportConn.Close() + + // In Cloak v2.11.0, we've updated uTLS version and subsequently increased the first packet size for chrome above 1500 + // https://github.com/cbeuw/Cloak/pull/306#issuecomment-2862728738. As a backwards compatibility feature, if we fail + // to connect using chrome signature, retry with firefox which has a smaller packet size. + if transportConfig.mode == "direct" && transportConfig.browser == chrome { + transportConfig.browser = firefox + log.Warnf("failed to connect with chrome signature, falling back to retry with firefox") + } time.Sleep(time.Second * 3) + goto makeconn } // sessionKey given by each connection should be identical diff --git a/internal/client/state.go b/internal/client/state.go index c3d1ded..dbbb929 100644 --- a/internal/client/state.go +++ b/internal/client/state.go @@ -43,11 +43,11 @@ type RawConfig struct { } type RemoteConnConfig struct { - Singleplex bool - NumConn int - KeepAlive time.Duration - RemoteAddr string - TransportMaker func() Transport + Singleplex bool + NumConn int + KeepAlive time.Duration + RemoteAddr string + Transport TransportConfig } type LocalConnConfig struct { @@ -230,10 +230,9 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca raw.CDNWsUrlPath = "/" } - remote.TransportMaker = func() Transport { - return &WSOverTLS{ - wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath, - } + remote.Transport = TransportConfig{ + mode: "cdn", + wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath, } case "direct": fallthrough @@ -249,10 +248,9 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca default: browser = chrome } - remote.TransportMaker = func() Transport { - return &DirectTLS{ - browser: browser, - } + remote.Transport = TransportConfig{ + mode: "direct", + browser: browser, } } diff --git a/internal/client/transport.go b/internal/client/transport.go index e86ffd5..539600c 100644 --- a/internal/client/transport.go +++ b/internal/client/transport.go @@ -8,3 +8,26 @@ type Transport interface { Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error) net.Conn } + +type TransportConfig struct { + mode string + + wsUrl string + + browser browser +} + +func (t TransportConfig) CreateTransport() Transport { + switch t.mode { + case "cdn": + return &WSOverTLS{ + wsUrl: t.wsUrl, + } + case "direct": + return &DirectTLS{ + browser: t.browser, + } + default: + return nil + } +} From 8f629c7b2ef73c4c6286afeea87c3521cd7a076b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 22 Jul 2025 08:50:24 +0000 Subject: [PATCH 9/9] fix(deps): update module github.com/refraction-networking/utls to v1.8.0 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 09e9560..b053dd4 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.3 github.com/juju/ratelimit v1.0.2 - github.com/refraction-networking/utls v1.7.3 + github.com/refraction-networking/utls v1.8.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.10.0 go.etcd.io/bbolt v1.4.0 diff --git a/go.sum b/go.sum index 2bdf5ce..e9be021 100644 --- a/go.sum +++ b/go.sum @@ -31,6 +31,8 @@ github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5D github.com/refraction-networking/utls v1.7.0/go.mod h1:lV0Gwc1/Fi+HYH8hOtgFRdHfKo4FKSn6+FdyOz9hRms= github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo= github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ= +github.com/refraction-networking/utls v1.8.0 h1:L38krhiTAyj9EeiQQa2sg+hYb4qwLCqdMcpZrRfbONE= +github.com/refraction-networking/utls v1.8.0/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=