mirror of https://github.com/cbeuw/Cloak
Merge with v2.12.0
This commit is contained in:
notsure2
commit
f0ec1e6562
|
|
@ -12,7 +12,7 @@
|
|||
<img src="https://user-images.githubusercontent.com/7034308/155629720-54dd8758-ec98-4fed-b603-623f0ad83b6c.svg" />
|
||||
</p>
|
||||
|
||||
Cloak is a [pluggable transport](https://www.ietf.org/proceedings/103/slides/slides-103-pearg-pt-slides-01) that enhances
|
||||
Cloak is a [pluggable transport](https://datatracker.ietf.org/meeting/103/materials/slides-103-pearg-pt-slides-01) that enhances
|
||||
traditional proxy tools like OpenVPN to evade [sophisticated censorship](https://en.wikipedia.org/wiki/Deep_packet_inspection) and [data discrimination](https://en.wikipedia.org/wiki/Net_bias).
|
||||
|
||||
Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing
|
||||
|
|
|
|||
7
go.mod
7
go.mod
|
|
@ -2,12 +2,14 @@ module github.com/cbeuw/Cloak
|
|||
|
||||
go 1.24.0
|
||||
|
||||
toolchain go1.24.2
|
||||
|
||||
require (
|
||||
github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3
|
||||
github.com/gorilla/mux v1.8.1
|
||||
github.com/gorilla/websocket v1.5.3
|
||||
github.com/juju/ratelimit v1.0.2
|
||||
github.com/refraction-networking/utls v1.7.1
|
||||
github.com/refraction-networking/utls v1.8.0
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/stretchr/testify v1.10.0
|
||||
go.etcd.io/bbolt v1.4.0
|
||||
|
|
@ -21,7 +23,8 @@ require (
|
|||
github.com/klauspost/compress v1.18.0 // indirect
|
||||
github.com/kr/pretty v0.3.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.14.1 // indirect
|
||||
golang.org/x/sys v0.32.0 // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
)
|
||||
|
|
|
|||
19
go.sum
19
go.sum
|
|
@ -16,17 +16,26 @@ github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI=
|
|||
github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
|
||||
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
|
||||
github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
|
||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/refraction-networking/utls v1.7.1 h1:dxg+jla3uocgN8HtX+ccwDr68uCBBO3qLrkZUbqkcw0=
|
||||
github.com/refraction-networking/utls v1.7.1/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
||||
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
|
||||
github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig=
|
||||
github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
|
||||
github.com/refraction-networking/utls v1.7.0/go.mod h1:lV0Gwc1/Fi+HYH8hOtgFRdHfKo4FKSn6+FdyOz9hRms=
|
||||
github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo=
|
||||
github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
||||
github.com/refraction-networking/utls v1.8.0 h1:L38krhiTAyj9EeiQQa2sg+hYb4qwLCqdMcpZrRfbONE=
|
||||
github.com/refraction-networking/utls v1.8.0/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
|
||||
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
|
||||
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
|
||||
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
|
||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
|
|
@ -45,8 +54,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
|
||||
golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
|
|
|
|||
|
|
@ -22,8 +22,10 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
|
|||
var wg sync.WaitGroup
|
||||
for i := 0; i < connConfig.NumConn; i++ {
|
||||
wg.Add(1)
|
||||
transportConfig := connConfig.Transport
|
||||
go func() {
|
||||
makeconn:
|
||||
transportConn := transportConfig.CreateTransport()
|
||||
remoteConn, err := dialer.Dial("tcp", connConfig.RemoteAddr)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to establish new connections to remote: %v", err)
|
||||
|
|
@ -50,12 +52,20 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
|
|||
}
|
||||
}
|
||||
|
||||
transportConn := connConfig.TransportMaker()
|
||||
sk, err := transportConn.Handshake(remoteConn, authInfo)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to prepare connection to remote: %v", err)
|
||||
transportConn.Close()
|
||||
|
||||
// In Cloak v2.11.0, we've updated uTLS version and subsequently increased the first packet size for chrome above 1500
|
||||
// https://github.com/cbeuw/Cloak/pull/306#issuecomment-2862728738. As a backwards compatibility feature, if we fail
|
||||
// to connect using chrome signature, retry with firefox which has a smaller packet size.
|
||||
if transportConfig.mode == "direct" && transportConfig.browser == chrome {
|
||||
transportConfig.browser = firefox
|
||||
log.Warnf("failed to connect with chrome signature, falling back to retry with firefox")
|
||||
}
|
||||
time.Sleep(time.Second * 3)
|
||||
|
||||
goto makeconn
|
||||
}
|
||||
// sessionKey given by each connection should be identical
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ type RemoteConnConfig struct {
|
|||
NumConn int
|
||||
KeepAlive time.Duration
|
||||
RemoteAddr string
|
||||
TransportMaker func() Transport
|
||||
Transport TransportConfig
|
||||
TcpSendBuffer int
|
||||
TcpReceiveBuffer int
|
||||
}
|
||||
|
|
@ -247,10 +247,9 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca
|
|||
raw.CDNWsUrlPath = "/"
|
||||
}
|
||||
|
||||
remote.TransportMaker = func() Transport {
|
||||
return &WSOverTLS{
|
||||
wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath,
|
||||
}
|
||||
remote.Transport = TransportConfig{
|
||||
mode: "cdn",
|
||||
wsUrl: "ws://" + cdnDomainPort + raw.CDNWsUrlPath,
|
||||
}
|
||||
case "direct":
|
||||
fallthrough
|
||||
|
|
@ -266,10 +265,9 @@ func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local Loca
|
|||
default:
|
||||
browser = chrome
|
||||
}
|
||||
remote.TransportMaker = func() Transport {
|
||||
return &DirectTLS{
|
||||
browser: browser,
|
||||
}
|
||||
remote.Transport = TransportConfig{
|
||||
mode: "direct",
|
||||
browser: browser,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,3 +8,26 @@ type Transport interface {
|
|||
Handshake(rawConn net.Conn, authInfo AuthInfo) (sessionKey [32]byte, err error)
|
||||
net.Conn
|
||||
}
|
||||
|
||||
type TransportConfig struct {
|
||||
mode string
|
||||
|
||||
wsUrl string
|
||||
|
||||
browser browser
|
||||
}
|
||||
|
||||
func (t TransportConfig) CreateTransport() Transport {
|
||||
switch t.mode {
|
||||
case "cdn":
|
||||
return &WSOverTLS{
|
||||
wsUrl: t.wsUrl,
|
||||
}
|
||||
case "direct":
|
||||
return &DirectTLS{
|
||||
browser: t.browser,
|
||||
}
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@ import (
|
|||
|
||||
var b64 = base64.StdEncoding.EncodeToString
|
||||
|
||||
const firstPacketSize = 3000
|
||||
|
||||
func Serve(l net.Listener, sta *State) {
|
||||
waitDur := [10]time.Duration{
|
||||
50 * time.Millisecond, 100 * time.Millisecond, 300 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second,
|
||||
|
|
@ -125,7 +127,7 @@ func readFirstPacket(conn net.Conn, buf []byte, timeout time.Duration) (int, Tra
|
|||
|
||||
func dispatchConnection(conn net.Conn, sta *State) {
|
||||
var err error
|
||||
buf := make([]byte, 2000)
|
||||
buf := make([]byte, firstPacketSize)
|
||||
|
||||
i, transport, redirOnErr, err := readFirstPacket(conn, buf, 15*time.Second)
|
||||
data := buf[:i]
|
||||
|
|
|
|||
|
|
@ -43,13 +43,22 @@ func TestParseRedirAddr(t *testing.T) {
|
|||
t.Errorf("parsing %v error: %v", domainNoPort, err)
|
||||
return
|
||||
}
|
||||
expHost, err := net.ResolveIPAddr("ip", "example.com")
|
||||
|
||||
expIPs, err := net.LookupIP("example.com")
|
||||
if err != nil {
|
||||
t.Errorf("tester error: cannot resolve example.com: %v", err)
|
||||
return
|
||||
}
|
||||
if host.String() != expHost.String() {
|
||||
t.Errorf("expected %v got %v", expHost.String(), host.String())
|
||||
|
||||
contain := false
|
||||
for _, expIP := range expIPs {
|
||||
if expIP.String() == host.String() {
|
||||
contain = true
|
||||
}
|
||||
}
|
||||
|
||||
if !contain {
|
||||
t.Errorf("expected one of %v got %v", expIPs, host.String())
|
||||
}
|
||||
if port != "" {
|
||||
t.Errorf("port not empty when there is no port")
|
||||
|
|
@ -63,13 +72,22 @@ func TestParseRedirAddr(t *testing.T) {
|
|||
t.Errorf("parsing %v error: %v", domainWPort, err)
|
||||
return
|
||||
}
|
||||
expHost, err := net.ResolveIPAddr("ip", "example.com")
|
||||
|
||||
expIPs, err := net.LookupIP("example.com")
|
||||
if err != nil {
|
||||
t.Errorf("tester error: cannot resolve example.com: %v", err)
|
||||
return
|
||||
}
|
||||
if host.String() != expHost.String() {
|
||||
t.Errorf("expected %v got %v", expHost.String(), host.String())
|
||||
|
||||
contain := false
|
||||
for _, expIP := range expIPs {
|
||||
if expIP.String() == host.String() {
|
||||
contain = true
|
||||
}
|
||||
}
|
||||
|
||||
if !contain {
|
||||
t.Errorf("expected one of %v got %v", expIPs, host.String())
|
||||
}
|
||||
if port != "80" {
|
||||
t.Errorf("wrong port: expected %v, got %v", "80", port)
|
||||
|
|
|
|||
Loading…
Reference in New Issue