fixes in merge

mosajjal · Nov 6, 2022 · 13b325c · 13b325c
1 parent 237f391
commit 13b325c
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 204 deletions.
diff --git a/go.sum b/go.sum
@@ -128,8 +128,6 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20221010195024-131d412537ea h1:R3VfsTXMMK4JCWZDdxScmnTzu9n9YRsDvguLis0U/b8=
-github.com/google/pprof v0.0.0-20221010195024-131d412537ea/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c h1:lvddKcYTQ545ADhBujtIJmqQrZBDsGo7XIMbAQe/sNY=
 github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
@@ -191,8 +189,6 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
-github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_golang v1.13.1 h1:3gMjIY2+/hzmqhtUC/aQNYldJA6DtH3CgQvwS+02K1c=
 github.com/prometheus/client_golang v1.13.1/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -257,8 +253,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f h1:Al51T6tzvuh3oiwX11vex3QgJ2XTedFPGmbEVh8cdoc=
-golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/exp v0.0.0-20221031165847-c99f073a8326 h1:QfTh0HpN6hlw6D3vu8DAwC8pBIwikq0AI1evdm+FksE=
 golang.org/x/exp v0.0.0-20221031165847-c99f073a8326/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=

diff --git a/main.go b/main.go
@@ -1,12 +1,7 @@
 package main
 
 import (
-
-	"crypto/rand"
-	"crypto/tls"
-	"crypto/x509"
 	"encoding/json"
-	"fmt"
 	"io"
 	"net"
 	"net/http"
@@ -66,7 +61,6 @@ var c runConfig
 
 var log = slog.New(slog.NewTextHandler(os.Stderr))
 
-
 func pipe(conn1 net.Conn, conn2 net.Conn) {
 	chan1 := getChannel(conn1)
 	chan2 := getChannel(conn2)
@@ -146,198 +140,8 @@ func getPublicIPInner() (string, error) {
 		}
 		log.Error("Could not automatically find the public IP address. Please specify it in the configuration.", nil)
 
-
-	}
-	return ""
-
-}
-
-func lookupDomain4(domain string) (net.IP, error) {
-	if !strings.HasSuffix(domain, ".") {
-		domain = domain + "."
-	}
-	rAddrDNS, _, err := performExternalAQuery(domain)
-	// if err != nil {
-	// 	return nil, err
-	// }
-	if len(rAddrDNS) > 0 {
-		if rAddrDNS[0].Header().Rrtype == dns.TypeCNAME {
-			return lookupDomain4(rAddrDNS[0].(*dns.CNAME).Target)
-		}
-		if rAddrDNS[0].Header().Rrtype == dns.TypeA {
-			return rAddrDNS[0].(*dns.A).A, nil
-		}
-	} else {
-		return nil, fmt.Errorf("[DNS] Empty DNS response for %s with error %s", domain, err)
 	}
-	return nil, fmt.Errorf("[DNS] Unknown type %s", dns.TypeToString[rAddrDNS[0].Header().Rrtype])
-}
-
-// handle HTTPS connections coming to the reverse proxy. this will get a connction from the handle443 function
-// need to grab the HTTP request from this, and pass it on to the HTTP handler.
-func handleReverse(conn net.Conn) error {
-	log.Infof("[Reverse] connecting to HTTP")
-	// send the reverse conn to local HTTP listner
-	srcAddr := net.TCPAddr{
-		IP:   c.sourceAddr,
-		Port: 0,
-	}
-	target, err := net.DialTCP("tcp", &srcAddr, &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: int(c.HTTPPort)})
-	if err != nil {
-		return err
-	}
-	pipe(conn, target)
-	return nil
-}
-
-func handle443(conn net.Conn) error {
-	defer conn.Close()
-	incoming := make([]byte, 2048)
-	n, err := conn.Read(incoming)
-	if err != nil {
-		log.Errorln(err)
-		return err
-	}
-	sni, err := GetHostname(incoming)
-	if err != nil {
-		log.Errorln(err)
-		return err
-	}
-	// check SNI against domainlist for an extra layer of security
-	if !c.AllDomains && inDomainList(sni+".") {
-		log.Warnf("[TCP] a client requested connection to %s, but it's not allowed as per configuration.. resetting TCP", sni)
-		conn.Close()
-		return nil
-	}
-	rAddr, err := lookupDomain4(sni)
-	rPort := 443
-	if err != nil || rAddr == nil {
-		log.Warnln(err)
-		return err
-	}
-	// TODO: handle timeout and context here
-	if rAddr.IsLoopback() || rAddr.IsPrivate() || rAddr.Equal(net.IPv4(0, 0, 0, 0)) {
-		log.Infoln("[TLS] connection to private IP ignored")
-		return nil
-	}
-	// if SNI is the reverse proxy, this request needs to be handled by a HTTPS handler
-	if sni == c.reverseProxySNI {
-		rAddr = net.IPv4(127, 0, 0, 1)
-		rPort = 65000
-	}
-	log.Infof("[TLS] connecting to %s (%s)", rAddr, sni)
-	// with the manipulation of the soruce address, we can set the outbound interface
-	srcAddr := net.TCPAddr{
-		IP:   c.sourceAddr,
-		Port: 0,
-	}
-	target, err := net.DialTCP("tcp", &srcAddr, &net.TCPAddr{IP: rAddr, Port: rPort})
-	if err != nil {
-		log.Errorln("could not connect to target", err)
-		conn.Close()
-		return err
-	}
-	defer target.Close()
-	target.Write(incoming[:n])
-	pipe(conn, target)
-	return nil
-}
-
-func handleDNS(w dns.ResponseWriter, r *dns.Msg) {
-	m := new(dns.Msg)
-	m.SetReply(r)
-	m.Compress = false
-
-	if r.Opcode != dns.OpcodeQuery {
-		m.SetRcode(r, dns.RcodeNotImplemented)
-		w.WriteMsg(m)
-		return
-	}
-
-	for _, q := range m.Question {
-		answers, err := processQuestion(q)
-		if err != nil {
-			log.Error(err)
-			continue
-		}
-		m.Answer = append(m.Answer, answers...)
-	}
-
-	w.WriteMsg(m)
-}
-
-func runReverse() {
-	// reverse https can't run on 443. we'll pick a random port and pipe the 443 traffic back to it.
-	cert, err := tls.LoadX509KeyPair(c.ReverseProxyCert, c.ReverseProxyKey)
-	if err != nil {
-		log.Fatalf("server: loadkeys: %s", err)
-	}
-	config := tls.Config{Certificates: []tls.Certificate{cert}}
-	config.Rand = rand.Reader
-	listener, err := tls.Listen("tcp", ":65000", &config)
-	for {
-		conn, err := listener.Accept()
-		if err != nil {
-			log.Printf("server: accept: %s", err)
-			break
-		}
-		defer conn.Close()
-		tlscon, ok := conn.(*tls.Conn)
-		if ok {
-			state := tlscon.ConnectionState()
-			for _, v := range state.PeerCertificates {
-				log.Print(x509.MarshalPKIXPublicKey(v.PublicKey))
-			}
-		}
-		go handleReverse(conn)
-	}
-}
-
-func runHTTPS() {
-
-	l, err := net.Listen("tcp", c.BindIP+fmt.Sprintf(":%d", c.HTTPSPort))
-	if err != nil {
-		log.Fatalln(err)
-	}
-	defer l.Close()
-	for {
-		c, err := l.Accept()
-		if err != nil {
-			log.Fatalln(err)
-		}
-		go func() {
-			go handle443(c)
-			// c.Close()
-		}()
-	}
-}
-
-func runDNS() {
-	dns.HandleFunc(".", handleDNS)
-	// start DNS UDP serverUdp
-	go func() {
-		serverUDP := &dns.Server{Addr: fmt.Sprintf(":%d", c.DNSPort), Net: "udp"}
-		log.Infof("Started UDP DNS on %s:%d -- listening", "0.0.0.0", c.DNSPort)
-		err := serverUDP.ListenAndServe()
-		defer serverUDP.Shutdown()
-		if err != nil {
-			log.Fatalf("Failed to start server: %s\nYou can run the following command to pinpoint which process is listening on port %d\nsudo ss -pltun -at '( dport = :%d or sport = :%d )'", err.Error(), c.DNSPort, c.DNSPort, c.DNSPort)
-		}
-	}()
-
-	// start DNS UDP serverTcp
-	if c.BindDNSOverTCP {
-		go func() {
-			serverTCP := &dns.Server{Addr: fmt.Sprintf(":%d", c.DNSPort), Net: "tcp"}
-			log.Infof("Started TCP DNS on %s:%d -- listening", "0.0.0.0", c.DNSPort)
-			err := serverTCP.ListenAndServe()
-			defer serverTCP.Shutdown()
-			if err != nil {
-				log.Fatalf("Failed to start server: %s\nYou can run the following command to pinpoint which process is listening on port %d\nsudo ss -pltun -at '( dport = :%d or sport = :%d )'", err.Error(), c.DNSPort, c.DNSPort, c.DNSPort)
-			}
-		}()
-	}
-	return "", fmt.Errorf("Can't determine the public IP")
+	return "", nil
 
 }
 
@@ -365,7 +169,6 @@ func main() {
 	flag.StringSliceVar(&c.GeoIPExclude, "geoipExclude", []string{""}, "Exclude countries to be allowed to connect. example: US,CA")
 	flag.StringSliceVar(&c.GeoIPInclude, "geoipInclude", []string{""}, "Include countries to be allowed to connect. example: US,CA")
 
-
 	flag.UintVar(&c.HTTPPort, "httpPort", 80, "HTTP Port to listen on. Should remain 80 in most cases")
 	flag.UintVar(&c.HTTPSPort, "httpsPort", 443, "HTTPS Port to listen on. Should remain 443 in most cases")
 	flag.UintVar(&c.DNSPort, "dnsPort", 53, "HTTP Port to listen on. Should remain 53 in most cases")