jjkiers/layer4-proxy
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 5 Activity

Compare commits

base: jjkiers:v0.1.1
Branches Tags
jjkiers:main
jjkiers:v0.1.11 jjkiers:v0.1.10 jjkiers:v0.1.9 jjkiers:v0.1.8 jjkiers:v0.1.7 jjkiers:v0.1.6 jjkiers:v0.1.5 jjkiers:v0.1.4 jjkiers:v0.1.3 jjkiers:v0.1.2 jjkiers:v0.1.1
...
compare: jjkiers:main
Branches Tags
jjkiers:main
jjkiers:v0.1.11 jjkiers:v0.1.10 jjkiers:v0.1.9 jjkiers:v0.1.8 jjkiers:v0.1.7 jjkiers:v0.1.6 jjkiers:v0.1.5 jjkiers:v0.1.4 jjkiers:v0.1.3 jjkiers:v0.1.2 jjkiers:v0.1.1

67 Commits
v0.1.1 ... main

Author SHA1 Message Date
Jacob Kiers
913e50ff1c Release version 0.1.11
All checks were successful
continuous-integration/drone/tag Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2025-05-01 22:04:59 +02:00
Jacob Kiers
aecffa0d14 Wait for the entire TLS header to become available, even if it takes 
multiple packets.

Closes: #10
 2025-05-01 22:01:54 +02:00
Jacob Kiers
4c2711fc81 Release version 0.1.10
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2025-01-09 21:13:07 +01:00
Jacob Kiers
1a9ca771ac Update based on lints
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2025-01-09 20:56:51 +01:00
Jacob Kiers
b7ec67ed07 Fix SNI header parsing 
When a listener is configured to deal with TLS upstreams, we use the SNI
field of the TLS ClientHello message to decide where to send the traffic.

Therefore, a buffer of 1024 bytes was used to temporarily store this
message. However, a TLS ClientHello message can be larger than that, up
to 16K bytes.

So now the first few bytes are read and manually parsed to find out how
long the message is. And then the entire ClientHello message is
retrieved.

So hopefully that will fix the issue causing the ClientHello
determination to fail.

Closes #10

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2025-01-09 20:56:51 +01:00
Jacob Kiers
aff46b6bfb Update dependencies to latest version 
This also fixes a build failure which would otherwise happen due to the
time crate.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2025-01-09 20:21:34 +01:00
Jacob Kiers
922ea1f030 Add help to main command 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-12-24 17:22:58 +01:00
Jacob Kiers
6300c43495 Upgrade toolchain to rust 1.79.0
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-22 15:44:13 +02:00
Jacob Kiers
c21ff86ee4 Add change log 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-22 15:43:58 +02:00
Jacob Kiers
8d6387773a Add self update functionality 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-22 15:43:58 +02:00
Jacob Kiers
95149ffd9f Update .gitignore
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-22 11:49:12 +02:00
Jacob Kiers
a140748647 Correct attribution to fourth
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Search and replace accidentally also renamed the original crate, called
fourth. But attributions should be correct.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-19 21:59:19 +02:00
Jacob Kiers
ad6955a30d Fix crate name and release v0.1.8
All checks were successful
continuous-integration/drone Build is passing
Details
continuous-integration/drone/tag Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-06-19 21:16:30 +02:00
Jacob Kiers
4592c94586 Reintroduce L4P_CONFIG environment variable
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details 
This points to a user-configured configuration file.

Closes #5.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 23:53:47 +01:00
Jacob Kiers
6284870059 Rename config::config to config::config_v1 
To prevent module inception, which was a clippy warning.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 23:34:19 +01:00
Jacob Kiers
97b4bf6bbe Solve synchronization issue 
The async mutex in the previous variant would fail when used in a single
threaded mode, because block_in_place() cannot be used there.

Instead, replace the code with a Arc<RwLock> inside of the
UpstreamAddress to let that class take care of its own mutability.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 23:31:23 +01:00
Jacob Kiers
59c7128f93 Remove kcp support 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 22:49:43 +01:00
Jacob Kiers
9d9f89881d Improve config file handling
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 22:03:25 +01:00
Jacob Kiers
ee67f7883e Rename to l4p, update references and README.md 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-23 22:03:25 +01:00
Jacob Kiers
77bc8364f2 Update dependencies to latest versions 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-22 21:59:14 +01:00
Jacob Kiers
ec9ab1d2bc Add example systemd unit with security protections 
This is just about as secure as this process can get

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2024-02-22 21:49:58 +01:00
Jacob Kiers
bb81a32349 Deduplicate some code 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-05 13:34:40 +02:00
Jacob Kiers
17b39dc6bc Prepare for new config version 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-05 13:34:40 +02:00
Jacob Kiers
07fccb6b2a Clippy 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-05 00:26:19 +02:00
Jacob Kiers
3a2367ef28 Moved upstreams to their own dedicated namespace 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-05 00:26:06 +02:00
Jacob Kiers
2116659a14 Sort dependencies 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 23:34:26 +02:00
Jacob Kiers
8404f38182 Move ProxyToUpstream parsing to TryFrom trait 
This seems cleaner to me than parsing it externally.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 23:27:42 +02:00
Jacob Kiers
23296c6436 Improve code style 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 23:27:42 +02:00
Jacob Kiers
84f0499ec8 Remove unnecessary manual Default implementations 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:32:36 +02:00
Jacob Kiers
ae594135a1 Update dependencies 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:31:43 +02:00
Jacob Kiers
9564fbed6e Fix clippy warnings 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:14:51 +02:00
Jacob Kiers
a574163aef Rename Upstream::Custom to Upstream::Proxy 
And CustomUpstream to ProxyToUpstream.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:14:51 +02:00
Jacob Kiers
2651ec1f4a Fix kcp module 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:14:51 +02:00
Jacob Kiers
8dae1126d5 Deduplicate copy method 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 22:14:50 +02:00
Jacob Kiers
da46c5873f Fix typo 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-10-04 20:48:01 +02:00
Jacob Kiers
086e2b4766 Tag 0.1.7
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details 
Critical bug fixes

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 23:11:29 +02:00
Jacob Kiers
5f0de72b88 Remove unused variable
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 22:56:46 +02:00
Jacob Kiers
40b890bc13 Add much better debug logging of address resolution 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 22:54:41 +02:00
Jacob Kiers
483c058105 Slightly better way of finding the config file 
It now also looks in the current working directory.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 22:53:46 +02:00
Jacob Kiers
6349fc6502 Prevent unnecessary clone 
This also ensures that the address resolver actually keeps state.
Otherwise it was cloned before each resolution, resulting in it never
keeping the resolved addresses.

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 22:52:46 +02:00
Jacob Kiers
cd35859c9b Initialize UpstreamAddress with actual address 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-25 22:51:25 +02:00
Jacob Kiers
7f399af713 Update rust and zig
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-24 18:45:04 +02:00
Jacob Kiers
fd86162450 Version 0.1.6
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 20:52:46 +02:00
Jacob Kiers
a6748f30d9 Make English readme the default
Some checks reported errors
continuous-integration/drone/pr Build was killed
Details
continuous-integration/drone/push Build is passing
Details 
Since I'm unable to read Chinese

Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 20:45:42 +02:00
Jacob Kiers
902b2c0d55 Update build file
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 20:33:18 +02:00
Jacob Kiers
fb7a7d9cae Update gitignore 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 20:33:07 +02:00
Jacob Kiers
1c325f45b4 Add sample configuration file
Some checks failed
continuous-integration/drone Build is failing
Details 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 19:29:49 +02:00
Jacob Kiers
79c931fc38 Add build instructions 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-23 19:29:29 +02:00
Jacob Kiers
915e39b684 Extract DNS address resolution 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-16 09:32:05 +02:00
Jacob Kiers
0c5153bbd6 Rename Proxy::default to ::default_action 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-08-16 09:31:20 +02:00
Jacob Kiers
01784ee3fd Update dependencies 2023-08-16 09:29:18 +02:00
Jacob Kiers
f4bc441ca8 Enable explicit ipv4 / ipv6 proxying 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-06-02 17:35:29 +02:00
Jacob Kiers
f010f8c76b Update dependencies 
Signed-off-by: Jacob Kiers <code@kiers.eu>
 2023-06-02 17:35:13 +02:00
KernelErr
8fbc0c370a Add error messages when failed to start server 2021-12-30 22:05:25 +08:00
KernelErr
bff92738d5 Allow config path from FOURTH_CONFIG 2021-11-01 16:06:47 +08:00
KernelErr
754a5af794 Add publish CI and run fmt 2021-11-01 15:56:57 +08:00
KernelErr
fc7a3038bd Add unknown protocol error 2021-11-01 15:32:08 +08:00
KernelErr
8a96de9666 Update README and minor refactor 2021-11-01 15:25:12 +08:00
KernelErr
0407f4b40c Add config validation 2021-11-01 13:45:47 +08:00
KernelErr
47be2568ba Add upstream scheme support 
Need to implement TCP and UDP upstream support.
 2021-10-31 19:21:32 +08:00
KernelErr
5944beb6a2 Combine TCP and KCP tests 2021-10-27 08:36:24 +08:00
KernelErr
4363e3f76a Publish 0.1.3 and update README 2021-10-26 23:58:00 +08:00
KernelErr
ee9d0685b3 Refactor TCP and KCP test 2021-10-26 23:52:07 +08:00
KernelErr
421ad8c979 Fix example config 2021-10-26 23:27:03 +08:00
KernelErr
a88a263d20 Move tokio_kcp to local files 2021-10-26 23:02:05 +08:00
KernelErr
bfce455a7e Add Cargo installation method 2021-10-26 21:40:40 +08:00
KernelErr
55eef8581c Add KCP support 2021-10-26 21:36:12 +08:00
26 changed files with 3235 additions and 749 deletions
Expand all files Collapse all files

3
.cargo/config.toml Normal file
View File

@ -0,0 +1,3 @@
[profile.release]
lto = "thin"
strip = true

92
.drone.jsonnet Normal file
View File

@ -0,0 +1,92 @@
local executableName = 'l4p';
local build_image = 'img.kie.rs/jjkiers/rust-crossbuild:rust1.79.0-zig0.11.0-zig';
local archs = [
{ target: 'aarch64-unknown-linux-musl', short: 'arm64-musl' },
{ target: 'x86_64-pc-windows-gnu', short: 'windows' },
{ target: 'x86_64-unknown-linux-musl', short: 'amd64-musl' },
];
local getStepName(arch) = 'Build for ' + arch.short;
local builtExecutableName(arch) = executableName + if std.length(std.findSubstr(arch.short, 'windows')) > 0 then '.exe' else '';
local targetExecutableName(arch) = executableName + '-' + arch.target + if std.length(std.findSubstr(arch.short, 'windows')) > 0 then '.exe' else '';
local getVolumeName(arch) = 'target-' + arch.target;
local getLocalVolumes(arch) = [
{
name: getVolumeName(arch),
temp: {},
}
for arch in archs
];
local add_build_steps() = [
{
name: getStepName(arch),
image: build_image,
commands: [
'echo Hello World from Jsonnet on ' + arch.target + '!',
'cargo zigbuild --release --target ' + arch.target,
'cp target/' + arch.target + '/release/' + builtExecutableName(arch) + ' artifacts/' + targetExecutableName(arch),
'rm -rf target/' + arch.target + '/release/*',
],
depends_on: ['Prepare'],
volumes: [{
name: getVolumeName(arch),
path: '/drone/src/target',
}],
}
for arch in archs
];
{
kind: 'pipeline',
type: 'docker',
name: 'default',
platform: {
arch: 'amd64',
},
steps:
[{
name: 'Prepare',
image: build_image,
commands: [
'mkdir artifacts',
'echo Using image: ' + build_image,
'cargo --version',
'rustc --version',
],
}] +
add_build_steps() +
[
{
name: 'Show built artifacts',
image: build_image,
commands: [
'ls -lah artifacts',
],
depends_on: [getStepName(a) for a in archs],
},
{
name: 'Create release on gitea',
image: 'plugins/gitea-release',
settings: {
api_key: {
from_secret: 'gitea_token',
},
base_url: 'https://code.kiers.eu',
files: 'artifacts/*',
checksum: 'sha256',
},
when: {
event: ['tag', 'promote'],
},
depends_on: ['Show built artifacts'],
},
],
volumes: getLocalVolumes(archs),
image_pull_secrets: ['docker_private_repo'],
}

24
.github/workflows/rust.yml vendored
View File

@ -1,24 +0,0 @@
name: Rust
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
CARGO_TERM_COLOR: always
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Upgrade Rust
run: rustup update
- name: Build
run: cargo build --verbose
- name: Run tests
run: cargo test --verbose

3
.gitignore vendored
View File

@ -1 +1,4 @@
/.idea
/.vscode
/target
config.yaml

55
CHANGELOG.md Normal file
View File

@ -0,0 +1,55 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.1.10] - 2025-01-09
### Fixed
* The ClientHello TLS header is now read in full before it is parsed, solving
an error where there was not enough data to fully read it. In those cases
it was not possible to determine the upstream address and therefore the proxy
would go the the default action instead.
### Changed
* Updated some dependencies to prevent the build from breaking.
## [0.1.9] - 2024-06-22
### Deprecated
The ability to run `l4p` without arguments is now deprecated. Please use
`l4p serve` going forward.
### Added
* Added self update functionality. Just run `l4p update` to use it.
* Now keeping a change log in the `CHANGELOG.md` file.
### Changed
* Updated build pipeline to generate much smaller binaries
-------
## Previous versions
[unreleased]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...HEAD
[0.1.10]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.9...v0.1.10
[0.1.9]: https://code.kiers.eu/jjkiers/layer4-proxy/compare/v0.1.8...v0.1.9
Types of changes:
* `Added` for new features.
* `Changed` for changes in existing functionality.
* `Deprecated` for soon-to-be removed features.
* `Removed` for now removed features.
* `Fixed` for any bug fixes.
* `Security` in case of vulnerabilities.

1664
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

42
Cargo.toml
View File

@ -1,24 +1,40 @@
[package]
name = "fourth"
version = "0.1.1"
name = "l4p"
version = "0.1.11"
edition = "2021"
authors = ["LI Rui <lr_cn@outlook.com>"]
authors = ["Jacob Kiers <code@kiers.eu>"]
license = "Apache-2.0"
description = "Simple and fast layer 4 proxy in Rust"
readme = "README.md"
homepage = "https://github.com/KernelErr/fourth"
repository = "https://github.com/KernelErr/fourth"
homepage = "https://code.kiers.eu/jjkiers/layer4-proxy"
repository = "https://code.kiers.eu/jjkiers/layer4-proxy"
keywords = ["proxy", "network"]
categories = ["web-programming"]
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
log = "0.4"
pretty_env_logger = "0.4"
serde = { version = "1.0", features = ["derive"] }
serde_yaml = "0.8"
futures = "0.3"
tls-parser = "0.11"
exclude = [".*"]
tokio = { version = "1.0", features = ["full"] }
[[bin]]
name = "l4p"
path = "src/main.rs"
[dependencies]
async-trait = "0.1.73"
byte_string = "1"
bytes = "1.1"
futures = "0.3"
log = "0.4"
pico-args = "0.5.0"
pretty_env_logger = "0.5"
serde = { version = "1.0", features = ["derive"] }
serde_yaml = "0.9.21"
time = { version = "0.3.37", features = ["local-offset", "formatting"] }
tls-parser = "0.12.2"
tokio = { version = "1.0", features = ["full"] }
url = "2.2.2"
[dependencies.self_update]
version = "0.42.0"
default-features = false
features = ["rustls"]

58
README-EN.md
View File

@ -1,58 +0,0 @@
# Fourth
> Hey, now we are on level 4!
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml)
Fourth is a layer 4 proxy implemented by Rust to listen on specific ports and transfer data to remote addresses according to configuration.
## Features
- Listen on specific port and proxy to local or remote port
- SNI-based rule without terminating TLS connection
## Installation
To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).
```bash
$ cd fourth
$ cargo build --release
```
Binary file will be generated at `target/release/fourth`, or you can use `cargo install --path .` to install.
## Configuration
Fourth will read yaml format configuration file from `/etc/fourth/config.yaml`, here is an example:
```yaml
version: 1
log: info
servers:
example_server:
listen:
- "0.0.0.0:443"
- "[::]:443"
tls: true # Enable TLS features like SNI
sni:
proxy.example.com: proxy
www.example.com: nginx
default: ban
relay_server:
listen:
- "127.0.0.1:8081"
default: remote
upstream:
nginx: "127.0.0.1:8080"
proxy: "127.0.0.1:1024"
other: "www.remote.example.com:8082" # proxy to remote address
```
Built-in two upstreams: ban(terminate connection immediately), echo
## License
Fourth is available under terms of Apache-2.0.

66
README.md
View File

@ -1,66 +1,64 @@
# Fourth
# l4p
> 这一波在第四层。
> Hey, now we are on level 4!
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml)
![CI](https://drone-ci.kiers.eu/api/badges/jjkiers/layer4-proxy/status.svg)
[English](/README-EN.md)
`l4p` is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP data to remote addresses (only TCP) according to the configuration.
Fourth是一个Rust实现的Layer 4代理用于监听指定端口TCP流量并根据规则转发到指定目标。
## Features
## 功能
- Listen on specific port and proxy to local or remote port
- SNI-based rule without terminating TLS connection
- DNS-based backend with periodic resolution
- 监听指定端口代理到本地或远端指定端口
- 监听指定端口通过TLS ClientHello消息中的SNI进行分流
## Installation
## 安装方法
为了确保获得您架构下的最佳性能,请考虑自行编译,首选需要确保您拥有[Rust工具链](https://rustup.rs/)。
To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).
```bash
$ cd fourth
$ cd l4p
$ cargo build --release
```
将在`target/release/fourth`生成二进制文件,您也可以使用`cargo install --path . `来安装二进制文件。
Binary file will be generated at `target/release/l4p`, or you can use `cargo install --path .` to install.
## 配置
Or you can use Cargo to install `l4p`:
Fourth使用yaml格式的配置文件默认情况下会读取`/etc/fourth/config.yaml`,如下是一个示例配置。
```bash
$ cargo install l4p
```
Or you can download binary file form the Release page.
## Configuration
`l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:
```yaml
version: 1
log: info
servers:
example_server:
listen:
- "0.0.0.0:443"
- "[::]:443"
tls: true # 启动SNI分流将根据TLS请求中的主机名分流
sni:
proxy.example.com: proxy
www.example.com: nginx
default: ban
relay_server:
proxy_server:
listen:
- "127.0.0.1:8081"
default: remote
upstream:
nginx: "127.0.0.1:8080"
proxy: "127.0.0.1:1024"
other: "www.remote.example.com:8082" # 代理到远端地址
remote: "tcp://www.remote.example.com:8082" # proxy to remote address
```
内置两个的upstreamban立即中断连接、echo返回读到的数据
There are two upstreams built in:
* Ban, which terminates the connection immediately
* Echo, which reflects back with the input
## io_uring?
For detailed configuration, check [this example](./config.yaml.example).
尽管经过了很多尝试我们发现目前一些Rust下面的io_uring实现存在问题我们使用的io_uring库实现尽管在吞吐量上可以做到单线程20Gbps相比之下Tokio仅有8Gbps但在QPS上存在性能损失较大的问题。因此在有成熟的io_uring实现之前我们仍然选择epoll。之后我们会持续关注相关进展。
## Thanks
可能以后会为Linux高内核版本的用户提供可选的io_uring加速。
- [`fourth`](https://crates.io/crates/fourth), of which this is a heavily modified fork.
## 协议
## License
Fourth以Apache-2.0协议开源。
`l4p` is available under terms of Apache-2.0.

21
config.yaml.example Normal file
View File

@ -0,0 +1,21 @@
version: 1
log: debug
servers:
first_server:
listen:
- "0.0.0.0:8443"
- "[::]:8443"
tls: true # Enable TLS features like SNI filtering
sni:
api.example.org: example-api
www.example.org: proxy
default: ban
second-server:
listen: [ "127.0.0.1:8080" ]
default: echo
upstream:
proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443

6
example-config.yaml
View File

@ -17,6 +17,6 @@ servers:
default: remote
upstream:
nginx: "127.0.0.1:8080"
proxy: "127.0.0.1:1024"
other: "www.remote.example.com:8082" # proxy to remote address
nginx: "tcp://127.0.0.1:8080"
proxy: "tcp://127.0.0.1:1024"
remote: "tcp://www.remote.example.com:8082" # proxy to remote address

51
l4p.service Normal file
View File

@ -0,0 +1,51 @@
[Unit]
Description=l4p - Layer 4 proxy
After=network-online.target
Wants=network-online.target
[Install]
WantedBy=default.target
[Service]
Type=simple
# Allow read-only access to the config directory
ReadOnlyPaths=/etc/l4p
# Path to the binary
ExecStart=/usr/local/bin/l4p
# Needs CAP_NET_BIND_SERVICE in order to bind to lower ports
# When using ports above 1024, these should be made empty
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
# Run as a dynamic user
DynamicUser=yes
# Security
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
SystemCallFilter=@basic-io @file-system @network-io @system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
NoNewPrivileges=yes
ProtectProc=invisible
RemoveIPC=yes
RestrictAddressFamilies=AF_INET AF_INET6
RestrictNamespaces=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
ProcSubset=pid
UMask=0077
SystemCallArchitectures=native
RestrictSUIDSGID=yes
ProtectKernelTunables=yes

92
src/config.rs
View File

@ -1,92 +0,0 @@
use log::debug;
use serde::Deserialize;
use std::collections::HashMap;
use std::fs::File;
use std::io::{Error as IOError, Read};
#[derive(Debug, Clone)]
pub struct Config {
pub base: BaseConfig,
}
#[derive(Debug, Default, Deserialize, Clone)]
pub struct BaseConfig {
pub version: i32,
pub log: Option<String>,
pub servers: HashMap<String, ServerConfig>,
pub upstream: HashMap<String, String>,
}
#[derive(Debug, Default, Deserialize, Clone)]
pub struct ServerConfig {
pub listen: Vec<String>,
pub tls: Option<bool>,
pub sni: Option<HashMap<String, String>>,
pub default: Option<String>,
}
#[derive(Debug)]
pub enum ConfigError {
IO(IOError),
Yaml(serde_yaml::Error),
Custom(String),
}
impl Config {
pub fn new(path: &str) -> Result<Config, ConfigError> {
let base = (load_config(path))?;
Ok(Config { base })
}
}
fn load_config(path: &str) -> Result<BaseConfig, ConfigError> {
let mut contents = String::new();
let mut file = (File::open(path))?;
(file.read_to_string(&mut contents))?;
let parsed: BaseConfig = serde_yaml::from_str(&contents)?;
if parsed.version != 1 {
return Err(ConfigError::Custom(
"Unsupported config version".to_string(),
));
}
let log_level = parsed.log.clone().unwrap_or_else(|| "info".to_string());
if !log_level.eq("disable") {
std::env::set_var("FOURTH_LOG", log_level.clone());
pretty_env_logger::init_custom_env("FOURTH_LOG");
debug!("Set log level to {}", log_level);
}
debug!("Config version {}", parsed.version);
Ok(parsed)
}
impl From<IOError> for ConfigError {
fn from(err: IOError) -> ConfigError {
ConfigError::IO(err)
}
}
impl From<serde_yaml::Error> for ConfigError {
fn from(err: serde_yaml::Error) -> ConfigError {
ConfigError::Yaml(err)
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_load_config() {
let config = Config::new("tests/config.yaml").unwrap();
assert_eq!(config.base.version, 1);
assert_eq!(config.base.log.unwrap(), "disable");
assert_eq!(config.base.servers.len(), 2);
assert_eq!(config.base.upstream.len(), 2);
}
}

228
src/config/config_v1.rs Normal file
View File

@ -0,0 +1,228 @@
use crate::upstreams::ProxyToUpstream;
use crate::upstreams::Upstream;
use log::{debug, info, warn};
use serde::Deserialize;
use std::collections::{HashMap, HashSet};
use std::fs::File;
use std::io::{Error as IOError, Read};
use url::Url;
#[derive(Debug, Clone)]
pub struct ConfigV1 {
pub base: ParsedConfigV1,
}
#[derive(Debug, Default, Deserialize, Clone)]
pub struct ParsedConfigV1 {
pub version: i32,
pub log: Option<String>,
pub servers: HashMap<String, ServerConfig>,
pub upstream: HashMap<String, Upstream>,
}
#[derive(Debug, Default, Deserialize, Clone)]
pub struct BaseConfig {
pub version: i32,
pub log: Option<String>,
pub servers: HashMap<String, ServerConfig>,
pub upstream: HashMap<String, String>,
}
#[derive(Debug, Default, Deserialize, Clone)]
pub struct ServerConfig {
pub listen: Vec<String>,
pub protocol: Option<String>,
pub tls: Option<bool>,
pub sni: Option<HashMap<String, String>>,
pub default: Option<String>,
}
impl TryInto<ProxyToUpstream> for &str {
type Error = ConfigError;
fn try_into(self) -> Result<ProxyToUpstream, Self::Error> {
let upstream_url = match Url::parse(self) {
Ok(url) => url,
Err(_) => {
return Err(ConfigError::Custom(format!(
"Invalid upstream url {}",
self
)))
}
};
let upstream_host = match upstream_url.host_str() {
Some(host) => host,
None => {
return Err(ConfigError::Custom(format!(
"Invalid upstream url {}",
self
)))
}
};
let upstream_port = match upstream_url.port_or_known_default() {
Some(port) => port,
None => {
return Err(ConfigError::Custom(format!(
"Invalid upstream url {}",
self
)))
}
};
match upstream_url.scheme() {
"tcp" | "tcp4" | "tcp6" => {}
_ => {
return Err(ConfigError::Custom(format!(
"Invalid upstream scheme {}",
self
)))
}
}
Ok(ProxyToUpstream::new(
format!("{}:{}", upstream_host, upstream_port),
upstream_url.scheme().to_string(),
))
}
}
#[derive(Debug)]
pub enum ConfigError {
IO(IOError),
Yaml(serde_yaml::Error),
Custom(String),
}
impl ConfigV1 {
pub fn new(path: &str) -> Result<ConfigV1, ConfigError> {
let base = load_config(path)?;
Ok(ConfigV1 { base })
}
}
fn load_config(path: &str) -> Result<ParsedConfigV1, ConfigError> {
let mut contents = String::new();
let mut file = File::open(path)?;
file.read_to_string(&mut contents)?;
let base: BaseConfig = serde_yaml::from_str(&contents)?;
if base.version != 1 {
return Err(ConfigError::Custom(
"Unsupported config version".to_string(),
));
}
let log_level = base.log.clone().unwrap_or_else(|| "info".to_string());
if !log_level.eq("disable") {
std::env::set_var("FOURTH_LOG", log_level.clone());
pretty_env_logger::init_custom_env("FOURTH_LOG");
}
info!("Using config file: {}", &path);
debug!("Set log level to {}", log_level);
debug!("Config version {}", base.version);
let mut parsed_upstream: HashMap<String, Upstream> = HashMap::new();
parsed_upstream.insert("ban".to_string(), Upstream::Ban);
parsed_upstream.insert("echo".to_string(), Upstream::Echo);
for (name, upstream) in base.upstream.iter() {
let ups = upstream.as_str().try_into()?;
parsed_upstream.insert(name.to_string(), Upstream::Proxy(ups));
}
let parsed = ParsedConfigV1 {
version: base.version,
log: base.log,
servers: base.servers,
upstream: parsed_upstream,
};
verify_config(parsed)
}
fn verify_config(config: ParsedConfigV1) -> Result<ParsedConfigV1, ConfigError> {
let mut used_upstreams: HashSet<String> = HashSet::new();
let mut upstream_names: HashSet<String> = HashSet::new();
let mut listen_addresses: HashSet<String> = HashSet::new();
// Check for duplicate upstream names
for (name, _) in config.upstream.iter() {
if upstream_names.contains(name) {
return Err(ConfigError::Custom(format!(
"Duplicate upstream name {}",
name
)));
}
upstream_names.insert(name.to_string());
}
for (_, server) in config.servers.clone() {
// check for duplicate listen addresses
for listen in server.listen {
if listen_addresses.contains(&listen) {
return Err(ConfigError::Custom(format!(
"Duplicate listen address {}",
listen
)));
}
listen_addresses.insert(listen.to_string());
}
if server.tls.unwrap_or_default() && server.sni.is_some() {
for (_, val) in server.sni.unwrap() {
used_upstreams.insert(val.to_string());
}
}
if server.default.is_some() {
used_upstreams.insert(server.default.unwrap().to_string());
}
for key in &used_upstreams {
if !config.upstream.contains_key(key) {
return Err(ConfigError::Custom(format!("Upstream {} not found", key)));
}
}
}
for key in &upstream_names {
if !used_upstreams.contains(key) && !key.eq("echo") && !key.eq("ban") {
warn!("Upstream {} not used", key);
}
}
Ok(config)
}
impl From<IOError> for ConfigError {
fn from(err: IOError) -> ConfigError {
ConfigError::IO(err)
}
}
impl From<serde_yaml::Error> for ConfigError {
fn from(err: serde_yaml::Error) -> ConfigError {
ConfigError::Yaml(err)
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_load_config() {
let config = ConfigV1::new("tests/config.yaml").unwrap();
assert_eq!(config.base.version, 1);
assert_eq!(config.base.log.unwrap(), "disable");
assert_eq!(config.base.servers.len(), 3);
assert_eq!(config.base.upstream.len(), 3 + 2); // Add ban and echo upstreams
}
}

3
src/config/mod.rs Normal file
View File

@ -0,0 +1,3 @@
mod config_v1;
pub(crate) use config_v1::ConfigV1;
pub(crate) use config_v1::ParsedConfigV1;

95
src/main.rs
View File

@ -1,13 +1,64 @@
mod config;
mod servers;
mod update;
mod upstreams;
use crate::config::Config;
use crate::config::ConfigV1;
use crate::servers::Server;
use std::io::{stderr, stdout, Write};
use log::{debug, error};
use pico_args::Arguments;
use std::path::PathBuf;
fn main() {
let config = match Config::new("/etc/fourth/config.yaml") {
let mut args = Arguments::from_env();
match args.subcommand().expect("Unexpected error").as_deref() {
Some("serve") => serve(),
Some("update") => update::update(),
Some("help") => {
let _ = print_usage(&mut stdout().lock());
}
Some(cmd) => {
eprintln!("Invalid command: {cmd}");
std::process::exit(1);
}
None => {
eprintln!("Calling l4p without argument is deprecated now. Please use: l4p serve");
let _ = print_usage(&mut stderr().lock());
serve();
}
}
}
fn print_usage(out: &mut dyn Write) -> std::io::Result<()> {
writeln!(
out,
"{} v{}",
env!("CARGO_PKG_NAME"),
env!("CARGO_PKG_VERSION")
)?;
writeln!(out, "Usage:")?;
writeln!(out, "\tupdate\tUpdate l4p to the latest version")?;
writeln!(out, "\tserve\tServe the proxy")?;
writeln!(out, "\thelp\tPrint this message")?;
Ok(())
}
fn serve() {
let config_path = match find_config() {
Ok(p) => p,
Err(paths) => {
println!("Could not find config file. Tried paths:");
for p in paths {
println!("- {}", p);
}
std::process::exit(1);
}
};
let config = match ConfigV1::new(&config_path) {
Ok(config) => config,
Err(e) => {
println!("Could not load config: {:?}", e);
@ -16,9 +67,43 @@ fn main() {
};
debug!("{:?}", config);
let mut server = Server::new(config.base);
let mut server = Server::new_from_v1_config(config.base);
debug!("{:?}", server);
let res = server.run();
error!("Server returned an error: {:?}", res);
let _ = server.run();
error!("Server ended with errors");
}
fn find_config() -> Result<String, Vec<String>> {
let possible_locations = ["/etc/l4p", ""];
let possible_names = ["l4p.yaml", "config.yaml"];
let mut tried_paths = Vec::<String>::new();
let mut possible_paths = Vec::<PathBuf>::new();
if let Ok(env_path) = std::env::var("L4P_CONFIG") {
possible_paths.push(PathBuf::from(env_path));
}
possible_paths.append(
&mut possible_locations
.iter()
.flat_map(|&path| {
possible_names
.iter()
.map(move |&file| PathBuf::new().join(path).join(file))
})
.collect::<Vec<PathBuf>>(),
);
for path in possible_paths {
let path_str = path.to_string_lossy().to_string();
if path.exists() {
return Ok(path_str);
}
tried_paths.push(path_str);
}
Err(tried_paths)
}

226
src/servers/mod.rs
View File

@ -1,41 +1,41 @@
use futures::future::try_join;
use log::{debug, error, info, warn};
use log::{error, info};
use std::collections::{HashMap, HashSet};
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::io;
use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
use tokio::net::{TcpListener, TcpStream};
use tokio::task::JoinHandle;
mod tls;
use self::tls::get_sni;
use crate::config::BaseConfig;
mod protocol;
pub(crate) mod upstream_address;
use crate::config::ParsedConfigV1;
use crate::upstreams::Upstream;
use protocol::tcp;
#[derive(Debug)]
pub struct Server {
pub(crate) struct Server {
pub proxies: Vec<Arc<Proxy>>,
pub config: BaseConfig,
}
#[derive(Debug, Clone)]
pub struct Proxy {
pub(crate) struct Proxy {
pub name: String,
pub listen: SocketAddr,
pub protocol: String,
pub tls: bool,
pub sni: Option<HashMap<String, String>>,
pub default: String,
pub upstream: HashMap<String, String>,
pub default_action: String,
pub upstream: HashMap<String, Upstream>,
}
impl Server {
pub fn new(config: BaseConfig) -> Self {
pub fn new_from_v1_config(config: ParsedConfigV1) -> Self {
let mut new_server = Server {
proxies: Vec::new(),
config: config.clone(),
};
for (name, proxy) in config.servers.iter() {
let protocol = proxy.protocol.clone().unwrap_or_else(|| "tcp".to_string());
let tls = proxy.tls.unwrap_or(false);
let sni = proxy.sni.clone();
let default = proxy.default.clone().unwrap_or_else(|| "ban".to_string());
@ -48,7 +48,6 @@ impl Server {
upstream_set.insert(key.clone());
}
for listen in proxy.listen.clone() {
println!("{:?}", listen);
let listen_addr: SocketAddr = match listen.parse() {
Ok(addr) => addr,
Err(_) => {
@ -56,12 +55,14 @@ impl Server {
continue;
}
};
let proxy = Proxy {
name: name.clone(),
listen: listen_addr,
protocol: protocol.clone(),
tls,
sni: sni.clone(),
default: default.clone(),
default_action: default.clone(),
upstream: upstream.clone(),
};
new_server.proxies.push(Arc::new(proxy));
@ -77,9 +78,22 @@ impl Server {
let mut handles: Vec<JoinHandle<()>> = Vec::new();
for config in proxies {
info!("Starting server {} on {}", config.name, config.listen);
info!(
"Starting {} server {} on {}",
config.protocol, config.name, config.listen
);
let handle = tokio::spawn(async move {
let _ = proxy(config).await;
match config.protocol.as_ref() {
"tcp" | "tcp4" | "tcp6" => {
let res = tcp::proxy(config.clone()).await;
if res.is_err() {
error!("Failed to start {}: {}", config.name, res.err().unwrap());
}
}
_ => {
error!("Invalid protocol: {}", config.protocol)
}
}
});
handles.push(handle);
}
@ -91,143 +105,67 @@ impl Server {
}
}
async fn proxy(config: Arc<Proxy>) -> Result<(), Box<dyn std::error::Error>> {
let listener = TcpListener::bind(config.listen).await?;
let config = config.clone();
loop {
let thread_proxy = config.clone();
match listener.accept().await {
Err(err) => {
error!("Failed to accept connection: {}", err);
return Err(Box::new(err));
}
Ok((stream, _)) => {
tokio::spawn(async move {
match accept(stream, thread_proxy).await {
Ok(_) => {}
Err(err) => {
error!("Relay thread returned an error: {}", err);
}
};
});
}
}
}
}
async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<(), Box<dyn std::error::Error>> {
debug!("New connection from {:?}", inbound.peer_addr()?);
let upstream_name = match proxy.tls {
false => proxy.default.clone(),
true => {
let mut hello_buf = [0u8; 1024];
inbound.peek(&mut hello_buf).await?;
let snis = get_sni(&hello_buf);
if snis.is_empty() {
proxy.default.clone()
} else {
match proxy.sni.clone() {
Some(sni_map) => {
let mut upstream = proxy.default.clone();
for sni in snis {
let m = sni_map.get(&sni);
if m.is_some() {
upstream = m.unwrap().clone();
break;
}
}
upstream
}
None => proxy.default.clone(),
}
}
}
};
debug!("Upstream: {}", upstream_name);
let upstream = match proxy.upstream.get(&upstream_name) {
Some(upstream) => upstream,
None => {
warn!(
"No upstream named {:?} on server {:?}",
proxy.default, proxy.name
);
return process(inbound, &proxy.default).await;
}
};
return process(inbound, upstream).await;
}
async fn process(mut inbound: TcpStream, upstream: &str) -> Result<(), Box<dyn std::error::Error>> {
if upstream == "ban" {
let _ = inbound.shutdown();
return Ok(());
} else if upstream == "echo" {
loop {
let mut buf = [0u8; 1];
let b = inbound.read(&mut buf).await?;
if b == 0 {
break;
} else {
inbound.write(&buf).await?;
}
}
return Ok(());
}
let outbound = TcpStream::connect(upstream).await?;
let (mut ri, mut wi) = io::split(inbound);
let (mut ro, mut wo) = io::split(outbound);
let inbound_to_outbound = copy(&mut ri, &mut wo);
let outbound_to_inbound = copy(&mut ro, &mut wi);
let (bytes_tx, bytes_rx) = try_join(inbound_to_outbound, outbound_to_inbound).await?;
debug!("Bytes read: {:?} write: {:?}", bytes_tx, bytes_rx);
Ok(())
}
async fn copy<'a, R, W>(reader: &'a mut R, writer: &'a mut W) -> io::Result<u64>
where
R: AsyncRead + Unpin + ?Sized,
W: AsyncWrite + Unpin + ?Sized,
{
match io::copy(reader, writer).await {
Ok(u64) => {
let _ = writer.shutdown().await;
Ok(u64)
}
Err(_) => Ok(0),
}
}
#[cfg(test)]
mod test {
mod tests {
use std::thread::{self, sleep};
use std::time::Duration;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::net::TcpListener;
use super::*;
#[tokio::main]
async fn tcp_mock_server() {
let server_addr: SocketAddr = "127.0.0.1:54599".parse().unwrap();
let listener = TcpListener::bind(server_addr).await.unwrap();
loop {
let (mut stream, _) = listener.accept().await.unwrap();
let mut buf = [0u8; 2];
let mut n = stream.read(&mut buf).await.unwrap();
while n > 0 {
let _ = stream.write(b"hello").await.unwrap();
if buf.eq(b"by") {
stream.shutdown().await.unwrap();
break;
}
n = stream.read(&mut buf).await.unwrap();
}
stream.shutdown().await.unwrap();
}
}
#[tokio::test]
async fn test_echo_server() {
use crate::config::Config;
let config = Config::new("tests/config.yaml").unwrap();
let mut server = Server::new(config.base);
async fn test_proxy() {
use crate::config::ConfigV1;
let config = ConfigV1::new("tests/config.yaml").unwrap();
let mut server = Server::new_from_v1_config(config.base);
thread::spawn(move || {
tcp_mock_server();
});
sleep(Duration::from_secs(1)); // wait for server to start
thread::spawn(move || {
let _ = server.run();
});
sleep(Duration::from_secs(1)); // wait for server to start
let mut conn = TcpStream::connect("127.0.0.1:54956").await.unwrap();
// test TCP proxy
let mut conn = tokio::net::TcpStream::connect("127.0.0.1:54500")
.await
.unwrap();
let mut buf = [0u8; 5];
let _ = conn.write(b"hi").await.unwrap();
let _ = conn.read(&mut buf).await.unwrap();
assert_eq!(&buf, b"hello");
conn.shutdown().await.unwrap();
// test TCP echo
let mut conn = tokio::net::TcpStream::connect("127.0.0.1:54956")
.await
.unwrap();
let mut buf = [0u8; 1];
for i in 0..=255u8 {
conn.write(&[i]).await.unwrap();
conn.read(&mut buf).await.unwrap();
for i in 0..=10u8 {
let _ = conn.write(&[i]).await.unwrap();
let _ = conn.read(&mut buf).await.unwrap();
assert_eq!(&buf, &[i]);
}
conn.shutdown().await.unwrap();

2
src/servers/protocol/mod.rs Normal file
View File

@ -0,0 +1,2 @@
pub mod tcp;
pub mod tls;

55
src/servers/protocol/tcp.rs Normal file
View File

@ -0,0 +1,55 @@
use crate::servers::protocol::tls::determine_upstream_name;
use crate::servers::Proxy;
use log::{debug, error, info, warn};
use std::error::Error;
use std::sync::Arc;
use tokio::net::{TcpListener, TcpStream};
pub(crate) async fn proxy(config: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
let listener = TcpListener::bind(config.listen).await?;
let config = config.clone();
loop {
let thread_proxy = config.clone();
match listener.accept().await {
Err(err) => {
error!("Failed to accept connection: {}", err);
return Err(Box::new(err));
}
Ok((stream, _)) => {
tokio::spawn(async move {
match accept(stream, thread_proxy).await {
Ok(_) => {}
Err(err) => {
error!("Relay thread returned an error: {}", err);
}
};
});
}
}
}
}
async fn accept(inbound: TcpStream, proxy: Arc<Proxy>) -> Result<(), Box<dyn Error>> {
info!("New connection from {:?}", inbound.peer_addr()?);
let upstream_name = match proxy.tls {
false => proxy.default_action.clone(),
true => determine_upstream_name(&inbound, &proxy).await?,
};
debug!("Upstream: {}", upstream_name);
let upstream = match proxy.upstream.get(&upstream_name) {
Some(upstream) => upstream,
None => {
warn!(
"No upstream named {:?} on server {:?}",
proxy.default_action, proxy.name
);
proxy.upstream.get(&proxy.default_action).unwrap()
}
};
upstream.process(inbound).await
}

806
src/servers/protocol/tls.rs Normal file
View File

@ -0,0 +1,806 @@
use crate::servers::Proxy;
use log::{debug, error, trace, warn};
use std::error::Error;
use std::io; // Import io for ErrorKind
use std::sync::Arc;
use std::time::Duration; // For potential delays
use tls_parser::{
parse_tls_extensions, parse_tls_raw_record, parse_tls_record_with_header, TlsMessage,
TlsMessageHandshake,
};
use tokio::net::TcpStream;
use tokio::time::timeout; // Use timeout for peek operations
fn get_sni(buf: &[u8]) -> Vec<String> {
let mut snis: Vec<String> = Vec::new();
match parse_tls_raw_record(buf) {
Ok((_, ref r)) => match parse_tls_record_with_header(r.data, &r.hdr) {
Ok((_, ref msg_list)) => {
for msg in msg_list {
if let TlsMessage::Handshake(TlsMessageHandshake::ClientHello(ref content)) =
*msg
{
debug!("TLS ClientHello version: {}", content.version);
let ext = parse_tls_extensions(content.ext.unwrap_or(b""));
match ext {
Ok((_, ref extensions)) => {
for ext in extensions {
if let tls_parser::TlsExtension::SNI(ref v) = *ext {
for &(t, sni) in v {
match String::from_utf8(sni.to_vec()) {
Ok(s) => {
debug!("TLS SNI: {} {}", t, s);
snis.push(s);
}
Err(e) => {
warn!("Failed to parse SNI: {} {}", t, e);
}
}
}
}
}
}
Err(e) => {
warn!("TLS extensions error: {}", e);
}
}
}
}
}
Err(err) => {
warn!("Failed to parse TLS: {}", err);
}
},
Err(err) => {
warn!("Failed to parse TLS: {}", err);
}
}
debug!("Found SNIs: {:?}", &snis);
snis
}
// Timeout duration for waiting for TLS Hello data
const TLS_PEEK_TIMEOUT: Duration = Duration::from_secs(5); // Adjust as needed
pub(crate) async fn determine_upstream_name(
inbound: &TcpStream,
proxy: &Arc<Proxy>,
) -> Result<String, Box<dyn Error>> {
let default_upstream = proxy.default_action.clone();
let mut header = [0u8; 9];
// --- Step 1: Peek the initial header (9 bytes) with timeout ---
match timeout(TLS_PEEK_TIMEOUT, async {
loop {
match inbound.peek(&mut header).await {
Ok(n) if n >= header.len() => return Ok::<usize, io::Error>(n), // Got enough bytes
Ok(0) => {
// Connection closed cleanly before sending enough data
trace!("Connection closed while peeking for TLS header");
return Err(io::Error::new(
io::ErrorKind::UnexpectedEof,
"Connection closed while peeking for TLS header",
)
.into()); // Convert to Box<dyn Error>
}
Ok(_) => {
// Not enough bytes yet, yield and loop again
tokio::task::yield_now().await;
}
Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
// Should not happen with await, but yield defensively
tokio::task::yield_now().await;
}
Err(e) => {
// Other I/O error
warn!("Error peeking for TLS header: {}", e);
return Err(e.into()); // Convert to Box<dyn Error>
}
}
}
})
.await
{
Ok(Ok(_)) => { /* Header peeked successfully */ }
Ok(Err(e)) => {
// Inner loop returned an error (e.g., EOF, IO error)
trace!("Failed to peek header (inner error): {}", e);
return Ok(default_upstream); // Fallback on error/EOF
}
Err(_) => {
// Timeout occurred
error!("Timeout waiting for TLS header");
return Ok(default_upstream); // Fallback on timeout
}
}
// --- Step 2: Calculate required size ---
let required_bytes = match client_hello_buffer_size(&header) {
Ok(size) => size,
Err(e) => {
// Header was invalid or not a ClientHello
trace!("Could not determine required buffer size: {}", e);
return Ok(default_upstream);
}
};
// Basic sanity check on size
if required_bytes > 16384 + 9 {
// TLS max record size + header approx
error!(
"Calculated required TLS buffer size is too large: {}",
required_bytes
);
return Ok(default_upstream);
}
// --- Step 3: Peek the full ClientHello with timeout ---
let mut hello_buf = vec![0; required_bytes];
match timeout(TLS_PEEK_TIMEOUT, async {
let mut total_peeked = 0;
loop {
// Peek into the portion of the buffer that hasn't been filled yet.
match inbound.peek(&mut hello_buf[total_peeked..]).await {
Ok(0) => {
// Connection closed cleanly before sending full ClientHello
trace!(
"Connection closed while peeking for full ClientHello (peeked {}/{} bytes)",
total_peeked,
required_bytes
);
return Err::<usize, io::Error>(
io::Error::new(
io::ErrorKind::UnexpectedEof,
"Connection closed while peeking for full ClientHello",
)
.into(),
);
}
Ok(n) => {
total_peeked += n;
if total_peeked >= required_bytes {
trace!("Successfully peeked {} bytes for ClientHello", total_peeked);
return Ok(total_peeked); // Got enough
} else {
// Not enough bytes yet, yield and loop again
trace!(
"Peeked {}/{} bytes for ClientHello, waiting for more...",
total_peeked,
required_bytes
);
tokio::task::yield_now().await;
}
}
Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => {
tokio::task::yield_now().await;
}
Err(e) => {
warn!("Error peeking for full ClientHello: {}", e);
return Err(e.into());
}
}
}
})
.await
{
Ok(Ok(_)) => { /* Full hello peeked successfully */ }
Ok(Err(e)) => {
error!("Could not peek full ClientHello (inner error): {}", e);
return Ok(default_upstream); // Fallback on error/EOF
}
Err(_) => {
error!(
"Timeout waiting for full ClientHello (needed {} bytes)",
required_bytes
);
return Ok(default_upstream); // Fallback on timeout
}
}
// --- Step 4: Parse SNI ---
let snis = get_sni(&hello_buf);
// --- Step 5: Determine upstream based on SNI ---
if snis.is_empty() {
debug!("No SNI found in ClientHello, using default upstream.");
return Ok(default_upstream);
} else {
match proxy.sni.clone() {
Some(sni_map) => {
let mut upstream = default_upstream.clone(); // Clone here for default case
let mut found_match = false;
for sni in snis {
// snis is already Vec<String>
if let Some(target_upstream) = sni_map.get(&sni) {
debug!(
"Found matching SNI '{}', routing to upstream: {}",
sni, target_upstream
);
upstream = target_upstream.clone();
found_match = true;
break;
} else {
trace!("SNI '{}' not found in map.", sni);
}
}
if !found_match {
debug!("SNI(s) found but none matched configuration, using default upstream.");
}
Ok(upstream)
}
None => {
debug!("SNI found but no SNI map configured, using default upstream.");
Ok(default_upstream)
}
}
}
}
fn client_hello_buffer_size(data: &[u8]) -> Result<usize, String> {
// TLS record header
// -----------------
// byte 0: rec type (should be 0x16 == Handshake)
// byte 1-2: version (should be 0x3000 < v < 0x3003)
// byte 3-4: rec len
if data.len() < 9 {
trace!("Not enough bytes to even check the TLS header.");
return Err("Not enough bytes to even check the TLS header.".into());
}
if data[0] != 0x16 {
trace!("Not a TLS handshake.");
return Err("Not a TLS handshake.".into());
}
// Check the record length
let record_length = ((data[3] as u16) << 8) | (data[4] as u16);
if record_length == 0 || record_length > 16384 {
trace!("Client send invalid header: way too long record header.");
return Err("Client send invalid header: way too long record header.".into());
}
// Handshake record header
// -----------------------
// byte 5: hs msg type (should be 0x01 == client_hello)
// byte 6-8: hs msg len
if data[5] != 0x01 {
trace!("Not a ClientHello message");
return Err("Not a ClientHello message".into());
}
// Check the handshake message length
let handshake_length =
((data[6] as usize) << 16) | ((data[7] as usize) << 8) | (data[8] as usize);
if handshake_length <= 0 || handshake_length > (record_length - 4).into() {
warn!("Invalid client hello length (fragmentation not implemented)");
return Err("Invalid client hello length (fragmentation not implemented)".into());
}
// Calculate the handshake length and return it
Ok(handshake_length + 9)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_too_little_data_end() {
let length = client_hello_buffer_size(&TOO_LITTLE_DATA_END);
if length.is_ok() {
assert!(false);
}
let msg = length.unwrap_err();
dbg!(msg);
assert!(true);
}
#[test]
fn test_too_little_data_start() {
let length = client_hello_buffer_size(&TOO_LITTLE_DATA_START);
assert!(length.is_ok());
assert_eq!(1712, length.unwrap())
}
#[test]
fn test_sni_extract() {
const BUF: [u8; 517] = [
0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x35, 0x7a, 0xba,
0x3d, 0x89, 0xd2, 0x5e, 0x7a, 0xa2, 0xd4, 0xe5, 0x6d, 0xd5, 0xa3, 0x98, 0x41, 0xb0,
0xae, 0x41, 0xfc, 0xe6, 0x64, 0xfd, 0xae, 0x0b, 0x27, 0x6d, 0x90, 0xa8, 0x0a, 0xfa,
0x90, 0x20, 0x59, 0x6f, 0x13, 0x18, 0x4a, 0xd1, 0x1c, 0xc4, 0x83, 0x8c, 0xfc, 0x93,
0xac, 0x6b, 0x3b, 0xac, 0x67, 0xd0, 0x36, 0xb0, 0xa2, 0x1b, 0x04, 0xf7, 0xde, 0x02,
0xfb, 0x96, 0x1e, 0xdc, 0x76, 0xa8, 0x00, 0x20, 0x2a, 0x2a, 0x13, 0x01, 0x13, 0x02,
0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8,
0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00,
0x01, 0x93, 0xea, 0xea, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00,
0x0e, 0x77, 0x77, 0x77, 0x2e, 0x6c, 0x69, 0x72, 0x75, 0x69, 0x2e, 0x74, 0x65, 0x63,
0x68, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
0x00, 0x08, 0xba, 0xba, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02,
0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68,
0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x03, 0x08,
0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00,
0x12, 0x00, 0x00, 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xba, 0xba, 0x00, 0x01, 0x00,
0x00, 0x1d, 0x00, 0x20, 0x3b, 0x45, 0xf9, 0xbc, 0x6e, 0x23, 0x86, 0x41, 0xa5, 0xb2,
0xf5, 0x03, 0xec, 0x67, 0x4a, 0xd7, 0x9a, 0x17, 0x9f, 0x0c, 0x38, 0x6d, 0x36, 0xf3,
0x4e, 0x5d, 0xa4, 0x7d, 0x15, 0x79, 0xa4, 0x3f, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01,
0x00, 0x2b, 0x00, 0x0b, 0x0a, 0xba, 0xba, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03,
0x01, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, 0x02, 0x44, 0x69, 0x00, 0x05, 0x00, 0x03,
0x02, 0x68, 0x32, 0xda, 0xda, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0xc5, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
];
let sni = get_sni(&BUF);
assert_eq!(sni[0], *"www.lirui.tech");
}
#[test]
fn test_sni_extract_tiny() {
const BUF: [u8; 1712] = [
0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
// Cutoff here.
0x8c, 0x49, 0xbe, 0xfc, 0x61, 0x54, 0xd7, 0x18, // |.I..aT..|
0x9d, 0x21, 0x10, 0x14, 0xe2, 0x6d, 0x5b, 0x4b, // |.!...m[K|
0xb0, 0x94, 0xaa, 0x6e, 0xd5, 0x7b, 0xba, 0x6e, // |...n.{.n|
0xe0, 0x03, 0xac, 0x9a, 0xbb, 0xe1, 0x17, 0x9b, // |........|
0x18, 0x0c, 0x33, 0xcc, 0x05, 0x91, 0x1c, 0x43, // |..3....C|
0x37, 0xd2, 0x10, 0xb7, 0xc6, 0xc7, 0x6b, 0xda, // |7.....k.|
0x87, 0x9c, 0xaf, 0x93, 0x52, 0x2f, 0x4c, 0x6e, // |....R/Ln|
0x14, 0xdb, 0x49, 0xbc, 0xeb, 0x96, 0xda, 0xb6, // |..I.....|
0x3b, 0xf8, 0xc0, 0x33, 0xba, 0x15, 0x37, 0x39, // |;..3..79|
0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
];
let sni = get_sni(&BUF);
assert_eq!(sni[0], *"ha.home.kie.rs");
}
#[test]
fn test_too_little_data() {
let sni = get_sni(&TOO_LITTLE_DATA_END);
assert_eq!(0, sni.len());
}
const TOO_LITTLE_DATA_START: [u8; 1392] = [
0x16, 0x03, 0x01, 0x06, 0xab, 0x01, 0x00, 0x06, // |........|
0xa7, 0x03, 0x03, 0x84, 0x53, 0xb2, 0xd7, 0x37, // |....S..7|
0xcd, 0x27, 0xda, 0xf4, 0x70, 0xd8, 0x78, 0x26, // |.'..p.x&|
0x34, 0x7f, 0xe3, 0xa7, 0x5d, 0xfe, 0x97, 0x29, // |4...]..)|
0x89, 0x29, 0xa2, 0xd8, 0x62, 0x05, 0x7b, 0x13, // |.)..b.{.|
0xcf, 0x4b, 0x13, 0x20, 0x5b, 0x74, 0x4e, 0x23, // |.K. [tN#|
0x90, 0x08, 0x5a, 0x43, 0xbf, 0xe0, 0x0d, 0xeb, // |..ZC....|
0x8a, 0xc8, 0x4d, 0x14, 0x1e, 0x35, 0x43, 0x04, // |..M..5C.|
0x36, 0x32, 0xdc, 0x71, 0xff, 0xcc, 0xb3, 0x5b, // |62.q...[|
0x63, 0x4b, 0x2b, 0xee, 0x00, 0x20, 0xba, 0xba, // |cK+.. ..|
0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, // |.......+|
0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, // |./.,.0..|
0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, // |........|
0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00, // |.../.5..|
0x06, 0x3e, 0x7a, 0x7a, 0x00, 0x00, 0x00, 0x0a, // |.>zz....|
0x00, 0x0c, 0x00, 0x0a, 0xda, 0xda, 0x11, 0xec, // |........|
0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0xff, 0x01, // |........|
0x00, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, // |........|
0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, // |........|
0x68, 0x61, 0x2e, 0x68, 0x6f, 0x6d, 0x65, 0x2e, // |ha.home.|
0x6b, 0x69, 0x65, 0x2e, 0x72, 0x73, 0xfe, 0x0d, // |kie.rs..|
0x00, 0xba, 0x00, 0x00, 0x01, 0x00, 0x01, 0x11, // |........|
0x00, 0x20, 0xf7, 0xf4, 0x20, 0xc8, 0xb7, 0xeb, // |. .. ...|
0xf1, 0x2d, 0x8b, 0x30, 0x2c, 0xc8, 0x5e, 0xd3, // |.-.0,.^.|
0xa3, 0x02, 0x38, 0xf2, 0x41, 0xf7, 0x3f, 0x2d, // |..8.A.?-|
0xb4, 0xf0, 0xd7, 0x3b, 0xe5, 0x19, 0x3f, 0xc3, // |...;..?.|
0xae, 0x1f, 0x00, 0x90, 0x27, 0x8d, 0x4c, 0xc9, // |....'.L.|
0xb3, 0xd1, 0x63, 0x20, 0xe4, 0x33, 0x18, 0x56, // |..c .3.V|
0xd5, 0x9b, 0xd5, 0xf9, 0xf2, 0x94, 0x1d, 0xe4, // |........|
0xa6, 0x88, 0x47, 0xd2, 0x85, 0x4f, 0xf4, 0x30, // |..G..O.0|
0x22, 0xff, 0x67, 0x80, 0x60, 0x33, 0x17, 0xa0, // |".g.`3..|
0x4f, 0xdb, 0x98, 0x53, 0x00, 0xa4, 0xc8, 0x89, // |O..S....|
0xb8, 0x1b, 0x3f, 0xbd, 0xdf, 0xeb, 0x48, 0x1a, // |..?...H.|
0xa1, 0x33, 0xd7, 0xc1, 0x8d, 0x76, 0xf2, 0xcf, // |.3...v..|
0xbe, 0x30, 0x1d, 0xcd, 0x3a, 0xfe, 0xf1, 0xb0, // |.0..:...|
0x86, 0xbc, 0x28, 0x74, 0x78, 0xa1, 0x9a, 0x60, // |..(tx..`|
0x14, 0xfe, 0x12, 0x92, 0x4d, 0xb5, 0x9e, 0x85, // |....M...|
0x79, 0x62, 0x9c, 0x68, 0x73, 0xc6, 0x0e, 0xe5, // |yb.hs...|
0xad, 0x5b, 0xe2, 0x69, 0x00, 0xc0, 0x26, 0x24, // |.[.i..&$|
0x88, 0xfa, 0x22, 0x29, 0x36, 0x7b, 0x16, 0x59, // |..")6{.Y|
0x48, 0xbe, 0xf9, 0x1c, 0x86, 0x55, 0xcb, 0x67, // |H....U.g|
0xae, 0xb6, 0x7b, 0x69, 0x3e, 0xd0, 0x48, 0x31, // |..{i>.H1|
0x58, 0x8a, 0xd8, 0xba, 0x06, 0x21, 0xf0, 0xd4, // |X....!..|
0x4e, 0xef, 0xcf, 0x67, 0xc5, 0x63, 0x97, 0x59, // |N..g.c.Y|
0x95, 0x12, 0x47, 0x90, 0x00, 0x2d, 0x00, 0x02, // |..G..-..|
0x01, 0x01, 0x00, 0x10, 0x00, 0x0b, 0x00, 0x09, // |........|
0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, // |.http/1.|
0x31, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, // |1.......|
0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, // |........|
0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00, // |........|
0x2b, 0x00, 0x07, 0x06, 0x0a, 0x0a, 0x03, 0x04, // |+.......|
0x03, 0x03, 0x00, 0x23, 0x00, 0x00, 0x00, 0x12, // |...#....|
0x00, 0x00, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, // |........|
0x02, 0x00, 0x33, 0x04, 0xef, 0x04, 0xed, 0xda, // |..3.....|
0xda, 0x00, 0x01, 0x00, 0x11, 0xec, 0x04, 0xc0, // |........|
0xc6, 0x12, 0x85, 0x0b, 0xba, 0x73, 0x9d, 0x00, // |.....s..|
0x29, 0x08, 0x40, 0x3a, 0xb8, 0xfc, 0x9e, 0x99, // |).@:....|
0x25, 0xbd, 0x60, 0xb6, 0x8a, 0x56, 0x51, 0xac, // |%.`..VQ.|
0x38, 0xa3, 0x15, 0x37, 0x21, 0x80, 0x86, 0x02, // |8..7!...|
0xb2, 0x10, 0x4b, 0x29, 0xeb, 0x37, 0x04, 0x47, // |..K).7.G|
0x16, 0x12, 0x0e, 0x63, 0x2d, 0x32, 0xf6, 0x2a, // |...c-2.*|
0x86, 0x09, 0x7b, 0x41, 0x28, 0x8c, 0xcf, 0xfa, // |..{A(...|
0x08, 0x2e, 0x0c, 0xb2, 0x55, 0xb4, 0xb4, 0xd2, // |....U...|
0x76, 0x38, 0x47, 0x44, 0x78, 0xf0, 0x01, 0xb6, // |v8GDx...|
0xee, 0xf0, 0x1f, 0x4b, 0xc5, 0x6b, 0xb3, 0x93, // |...K.k..|
0x4d, 0xa5, 0x25, 0x29, 0xda, 0x33, 0x1e, 0xc5, // |M.%).3..|
0x15, 0x98, 0xf5, 0x41, 0x3e, 0xd2, 0xf7, 0x82, // |...A>...|
0xd7, 0xbb, 0x56, 0xf0, 0x86, 0x29, 0xa3, 0x56, // |..V..).V|
0x25, 0xdc, 0xaa, 0x03, 0xaa, 0x28, 0xa7, 0x2b, // |%....(.+|
0xc0, 0x41, 0xca, 0x66, 0x3e, 0xcc, 0x21, 0x40, // |.A.f>.!@|
0x60, 0x34, 0x5f, 0x9f, 0x69, 0x37, 0xac, 0x30, // |`4_.i7.0|
0x06, 0x7a, 0xf9, 0x26, 0xfe, 0x3c, 0x13, 0x05, // |.z.&.<..|
0xf6, 0xbe, 0x5f, 0x0c, 0x9a, 0x43, 0x18, 0xa2, // |.._..C..|
0xd9, 0xc5, 0xa0, 0x06, 0x0b, 0x0a, 0x21, 0xf1, // |......!.|
0x6b, 0x12, 0x4a, 0x5d, 0xec, 0xf6, 0x01, 0x30, // |k.J]...0|
0xb6, 0x3b, 0x34, 0x62, 0xcd, 0x5a, 0x6a, 0x26, // |.;4b.Zj&|
0x08, 0x98, 0xc9, 0xd0, 0x8a, 0x49, 0x94, 0x07, // |.....I..|
0x48, 0x45, 0x78, 0x45, 0xae, 0x24, 0x2b, 0x83, // |HExE.$+.|
0xb6, 0x69, 0x6c, 0x20, 0x33, 0xa9, 0xc4, 0x8e, // |.il 3...|
0xe7, 0x1a, 0x90, 0x28, 0xc6, 0x3f, 0x16, 0xf2, // |...(.?..|
0xae, 0x3e, 0x22, 0x17, 0x26, 0x9c, 0x38, 0xf5, // |.>".&.8.|
0x88, 0x60, 0x79, 0x16, 0x28, 0xce, 0x05, 0x72, // |.`y.(..r|
0x2f, 0x64, 0x99, 0xdd, 0x8c, 0x5b, 0xa6, 0xe2, // |/d...[..|
0x65, 0x8a, 0xe2, 0x8d, 0xb6, 0x24, 0x9e, 0x6d, // |e....$.m|
0x5a, 0x70, 0xfd, 0xea, 0xca, 0xec, 0x77, 0x46, // |Zp....wF|
0x20, 0xa8, 0x1f, 0x78, 0xf6, 0x34, 0x52, 0x13, // | ..x.4R.|
0x97, 0xef, 0x60, 0xb9, 0xe5, 0xc6, 0x85, 0xf2, // |..`.....|
0x84, 0x64, 0xdc, 0x08, 0x07, 0xe2, 0x63, 0xa6, // |.d....c.|
0x23, 0x64, 0x54, 0xb8, 0x72, 0xac, 0x23, 0xda, // |#dT.r.#.|
0x8f, 0x73, 0xe4, 0x9b, 0x80, 0x77, 0x66, 0x3f, // |.s...wf?|
0x69, 0x34, 0xc4, 0xfb, 0x45, 0x3d, 0x1c, 0xa7, // |i4..E=..|
0x86, 0x98, 0x2e, 0xb4, 0xe0, 0x84, 0xb6, 0x47, // |.......G|
0x78, 0xeb, 0x2b, 0x10, 0x17, 0x45, 0x8a, 0xcf, // |x.+..E..|
0xea, 0xb5, 0x58, 0x42, 0x93, 0xbe, 0x4b, 0xad, // |..XB..K.|
0xfb, 0x28, 0x11, 0x12, 0xe0, 0x7c, 0x3d, 0x34, // |.(...|=4|
0x8c, 0x82, 0x07, 0x84, 0xda, 0x8b, 0x35, 0x86, // |......5.|
0x37, 0x35, 0x1d, 0x1a, 0xa2, 0xbf, 0x0a, 0xb4, // |75......|
0x8e, 0xf0, 0x91, 0xc4, 0xa8, 0x3f, 0x38, 0x03, // |.....?8.|
0x37, 0xc1, 0x9a, 0x94, 0x43, 0x09, 0x57, 0xee, // |7...C.W.|
0xaa, 0xcb, 0x3d, 0x13, 0xa2, 0x33, 0xd1, 0x04, // |..=..3..|
0x2c, 0x6c, 0xb4, 0x1c, 0x86, 0x07, 0x0c, 0x3c, // |,l.....<|
0x5c, 0xc9, 0x8c, 0xc8, 0x1a, 0x85, 0xa6, 0xdd, // |\.......|
0xd3, 0xc5, 0xae, 0x84, 0x4d, 0xfe, 0xa2, 0x99, // |....M...|
0xd3, 0x0b, 0x1f, 0x43, 0x01, 0xa6, 0x7b, 0xb2, // |...C..{.|
0x5b, 0xd5, 0xa0, 0x3e, 0xd4, 0x6c, 0x65, 0x75, // |[..>.leu|
0x55, 0x28, 0x4d, 0x1c, 0x28, 0x86, 0xda, 0x94, // |U(M.(...|
0xbe, 0x0a, 0x99, 0x61, 0xa4, 0x88, 0xd9, 0x6a, // |...a...j|
0x20, 0x1d, 0x78, 0x45, 0x5f, 0x66, 0xcc, 0x8c, // | .xE_f..|
0xe1, 0xba, 0x4c, 0x51, 0x99, 0x54, 0x27, 0x77, // |..LQ.T'w|
0xb4, 0x84, 0x61, 0x4e, 0xf9, 0x90, 0x6f, 0x19, // |..aN..o.|
0x44, 0x93, 0x27, 0x1d, 0x95, 0x82, 0x74, 0x7f, // |D.'...t.|
0x35, 0xaf, 0x04, 0xe4, 0x58, 0x41, 0x3a, 0x51, // |5...XA:Q|
0x0b, 0x22, 0x45, 0xaf, 0x44, 0x2a, 0xe9, 0xa3, // |."E.D*..|
0x71, 0x65, 0x15, 0x22, 0xea, 0x40, 0x10, 0xaf, // |qe.".@..|
0x5b, 0x27, 0xfc, 0x02, 0x00, 0x23, 0xa3, 0x70, // |['...#.p|
0xa9, 0x6c, 0xa7, 0xf7, 0x29, 0x5c, 0x75, 0x9b, // |.l..)\u.|
0x4c, 0x23, 0x14, 0x51, 0x12, 0x62, 0x71, 0xbb, // |L#.Q.bq.|
0x75, 0x64, 0x65, 0xb3, 0xaa, 0x1e, 0x10, 0x14, // |ude.....|
0xbf, 0xd0, 0x8b, 0xe0, 0xe4, 0x51, 0x6e, 0xa8, // |.....Qn.|
0x1a, 0x95, 0x21, 0xa9, 0x9f, 0xf7, 0x2a, 0xac, // |..!...*.|
0x5c, 0x1c, 0x12, 0xac, 0x9d, 0xac, 0x57, 0x14, // |\.....W.|
0x27, 0xaa, 0xa7, 0xee, 0xc3, 0x9d, 0x63, 0x48, // |'.....cH|
0x0e, 0xd7, 0xf8, 0x92, 0x9f, 0x28, 0xb9, 0x82, // |.....(..|
0x71, 0x99, 0xa1, 0xcb, 0x69, 0x0c, 0x29, 0x7d, // |q...i.)}|
0x67, 0x73, 0xae, 0x9d, 0xd7, 0xc7, 0x51, 0x7a, // |gs....Qz|
0x2c, 0x3a, 0x74, 0x89, 0x7d, 0x76, 0x35, 0xb5, // |,:t.}v5.|
0x97, 0x73, 0x4a, 0xfc, 0x29, 0x9a, 0x1a, 0x06, // |.sJ.)...|
0x2f, 0xd0, 0x89, 0x32, 0xfc, 0x3b, 0x17, 0xec, // |/..2.;..|
0x7a, 0xb5, 0x3c, 0x66, 0x0f, 0x43, 0x55, 0x41, // |z.<f.CUA|
0x49, 0x3f, 0xbf, 0xa1, 0x6f, 0x8a, 0x05, 0x76, // |I?..o..v|
0xd4, 0x02, 0x33, 0x52, 0x78, 0xc8, 0x08, 0xe9, // |..3Rx...|
0x49, 0xb8, 0x42, 0x05, 0xed, 0x34, 0x0a, 0xb1, // |I.B..4..|
0xa8, 0x32, 0x00, 0x6b, 0x00, 0x42, 0x56, 0x8a, // |.2.k.BV.|
0xe9, 0x04, 0x7a, 0xac, 0xc8, 0x72, 0x7f, 0x40, // |..z..r.@|
0x4c, 0xd6, 0xa9, 0x34, 0x0b, 0xc3, 0x63, 0x39, // |L..4..c9|
0x21, 0xbf, 0x04, 0xb0, 0x2b, 0x81, 0xf9, 0x07, // |!...+...|
0xe6, 0x15, 0x92, 0x89, 0x9b, 0x1e, 0xe6, 0x4b, // |.......K|
0x5b, 0x0b, 0x33, 0x5f, 0x89, 0x96, 0xa2, 0x74, // |[.3_...t|
0x41, 0x6b, 0x15, 0xe8, 0x8a, 0x62, 0xf5, 0x1c, // |Ak...b..|
0x37, 0x38, 0x62, 0x77, 0xd4, 0x57, 0x7b, 0x43, // |78bw.W{C|
0x42, 0x4f, 0x01, 0x9c, 0xf2, 0xe0, 0x68, 0xb7, // |BO....h.|
0xf1, 0x66, 0x93, 0xd8, 0x8e, 0x78, 0x80, 0x24, // |.f...x.$|
0x4c, 0x61, 0x11, 0xbb, 0xf2, 0x79, 0xf7, 0x96, // |La...y..|
0x02, 0x80, 0xaa, 0xc7, 0xcd, 0xbb, 0x55, 0x03, // |......U.|
0x22, 0x5e, 0xda, 0xa2, 0x44, 0x7d, 0x82, 0x41, // |"^..D}.A|
0x86, 0x9b, 0x92, 0x0a, 0xd5, 0x7e, 0xf2, 0x78, // |.....~.x|
0x84, 0x50, 0x00, 0x2d, 0x0b, 0xab, 0x92, 0x7a, // |.P.-...z|
0x96, 0x15, 0xcf, 0x5a, 0x34, 0x45, 0x35, 0xa7, // |...Z4E5.|
0x18, 0x61, 0x2b, 0x88, 0x45, 0xaa, 0xd3, 0xe2, // |.a+.E...|
0x54, 0xf9, 0xc7, 0xbb, 0xe7, 0x00, 0x86, 0xbd, // |T.......|
0x8b, 0xbb, 0x6d, 0x3b, 0x0f, 0x8d, 0xfb, 0x4d, // |..m;...M|
0x5d, 0x8b, 0x50, 0x2e, 0x68, 0x74, 0x5d, 0x03, // |].P.ht].|
0x16, 0x2a, 0x49, 0x24, 0x54, 0x5b, 0xa9, 0x34, // |.*I$T[.4|
0x25, 0x17, 0x79, 0xe3, 0xc3, 0x3a, 0x2a, 0x12, // |%.y..:*.|
0x75, 0x64, 0x16, 0xa4, 0xb7, 0x7e, 0x39, 0x5a, // |ud...~9Z|
0x4e, 0x3e, 0x53, 0x2b, 0x49, 0x1b, 0x26, 0xdf, // |N>S+I.&.|
0xfc, 0x29, 0x99, 0xcb, 0xad, 0x29, 0x2c, 0x72, // |.)...),r|
0x3f, 0xa7, 0xcb, 0x45, 0x4c, 0x14, 0xee, 0x46, // |?..EL..F|
0x74, 0x64, 0xdb, 0x4b, 0x4b, 0xa4, 0x35, 0x3c, // |td.KK.5<|
0x91, 0xc4, 0x9b, 0xb0, 0x66, 0xc6, 0x70, 0xb6, // |....f.p.|
0xf2, 0x07, 0x3b, 0xbf, 0x74, 0x72, 0xb4, 0x24, // |..;.tr.$|
0x7e, 0x87, 0xd4, 0x0a, 0x37, 0xd9, 0x49, 0x04, // |~...7.I.|
0x09, 0x36, 0xd1, 0x63, 0x88, 0xe1, 0xe8, 0x08, // |.6.c....|
0xbf, 0x17, 0xc4, 0xcd, 0xcb, 0x3c, 0xef, 0x88, // |.....<..|
0x2c, 0xf6, 0xa3, 0x6d, 0x89, 0x39, 0xc9, 0xfe, // |,..m.9..|
0x97, 0x25, 0xb3, 0x9a, 0x02, 0x40, 0xd4, 0x90, // |.%...@..|
0x28, 0x6a, 0x79, 0xbd, 0x4b, 0x8e, 0x10, 0x18, // |(jy.K...|
0xc9, 0xaf, 0xe9, 0xc0, 0x6e, 0xd5, 0xb1, 0xcf, // |....n...|
0xe8, 0xa4, 0xdc, 0x94, 0x12, 0x82, 0xfb, 0x08, // |........|
0x42, 0xd4, 0x1a, 0x76, 0xa2, 0x4b, 0x3f, 0xc3, // |B..v.K?.|
0xb4, 0x0b, 0xa3, 0x0c, 0xec, 0x19, 0x7c, 0x5f, // |......|_|
0xd5, 0x98, 0x99, 0xf4, 0x1a, 0xca, 0x83, 0xaa, // |........|
0xbd, 0x26, 0x31, 0x95, 0x77, 0x90, 0x43, 0x7a, // |.&1.w.Cz|
0x75, 0x15, 0xcb, 0x68, 0xae, 0x24, 0xc5, 0x1b, // |u..h.$..|
];
const TOO_LITTLE_DATA_END: [u8; 312] = [
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, // |........|
0x00, 0x01, 0x00, 0x06, 0x14, 0x49, 0xbc, 0x07, // |.....I..|
0xd1, 0x60, 0x00, 0x00, 0x45, 0x00, 0x01, 0x24, // |.`..E..$|
0x46, 0x04, 0x40, 0x00, 0x7f, 0x06, 0x11, 0x27, // |F.@....'|
0x4d, 0xaf, 0x56, 0xec, 0xc0, 0xa8, 0x3e, 0x65, // |M.V...>e|
0xbf, 0x7f, 0x01, 0xbb, 0xaf, 0x09, 0x43, 0xb4, // |......C.|
0xde, 0x93, 0xcc, 0x66, 0x50, 0x18, 0x02, 0x01, // |...fP...|
0xd3, 0x21, 0x00, 0x00, 0xba, 0x15, 0x37, 0x39, // |.!....79|
0xe7, 0xae, 0xb6, 0x48, 0x3e, 0xd8, 0x57, 0x67, // |...H>.Wg|
0x9c, 0xb6, 0x9c, 0xc0, 0x18, 0x0e, 0x74, 0x67, // |......tg|
0xae, 0x8e, 0xc6, 0x80, 0x7f, 0x81, 0x25, 0xc4, // |......%.|
0xe9, 0x04, 0xe8, 0xd9, 0x98, 0xb6, 0x99, 0x93, // |........|
0xa1, 0xa4, 0x5e, 0x57, 0x74, 0x89, 0x30, 0x38, // |..^Wt.08|
0xa9, 0xbb, 0x99, 0x4a, 0x7e, 0x42, 0x3c, 0xd2, // |...J~B<.|
0x59, 0xb6, 0x49, 0xb0, 0xc7, 0x11, 0x57, 0x03, // |Y.I...W.|
0x6d, 0x23, 0x1b, 0x72, 0xe7, 0x24, 0xdb, 0x75, // |m#.r.$.u|
0x78, 0xd1, 0x38, 0x01, 0x46, 0xb6, 0x8c, 0x1b, // |x.8.F...|
0x41, 0xb4, 0xbd, 0xc1, 0xa2, 0x00, 0x63, 0xa5, // |A.....c.|
0x97, 0x30, 0x5d, 0xbe, 0xd1, 0x37, 0x31, 0xf1, // |.0]..71.|
0xbb, 0xc6, 0xf8, 0x81, 0x35, 0x86, 0x32, 0xa6, // |....5.2.|
0xc3, 0x35, 0x54, 0x45, 0x50, 0xdf, 0x61, 0x46, // |.5TEP.aF|
0x5b, 0x83, 0x6b, 0xac, 0x5c, 0x2d, 0xa2, 0xc3, // |[.k.\-..|
0x2e, 0x71, 0x32, 0x18, 0x41, 0x29, 0x99, 0x66, // |.q2.A).f|
0x8c, 0x50, 0x28, 0x92, 0x45, 0xae, 0x96, 0x38, // |.P(.E..8|
0xa4, 0x83, 0x94, 0x4a, 0x2f, 0x0e, 0x62, 0x13, // |...J/.b.|
0x07, 0x13, 0xc2, 0x0b, 0x84, 0xfd, 0x27, 0xab, // |......'.|
0x6c, 0xb4, 0x69, 0x0d, 0xd2, 0xdb, 0xfb, 0x8e, // |l.i.....|
0xa7, 0x09, 0x65, 0x76, 0x7e, 0x09, 0xa4, 0x7a, // |..ev~..z|
0xe9, 0xfe, 0xec, 0x52, 0x89, 0x7d, 0x07, 0x6f, // |...R.}.o|
0xff, 0xa0, 0xde, 0x8a, 0x42, 0x2d, 0xc3, 0x75, // |....B-.u|
0x05, 0x6d, 0x60, 0x76, 0xce, 0xe1, 0x6c, 0xfd, // |.m`v..l.|
0xae, 0x1f, 0x5e, 0x02, 0x94, 0x39, 0x2a, 0x55, // |..^..9*U|
0x00, 0x1d, 0x00, 0x20, 0x8d, 0x89, 0x9a, 0x19, // |... ....|
0x1d, 0x53, 0x52, 0xd5, 0xc1, 0x3e, 0x3a, 0x1d, // |.SR..>:.|
0x12, 0x15, 0xae, 0x33, 0x2e, 0x54, 0xd1, 0x6f, // |...3.T.o|
0xd6, 0xb1, 0x73, 0xd9, 0x56, 0x98, 0x6f, 0x8f, // |..s.V.o.|
0x7e, 0xf5, 0xd9, 0x75, 0x00, 0x0b, 0x00, 0x02, // |~..u....|
0x01, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, // |........|
0x00, 0x00, 0x00, 0x9a, 0x9a, 0x00, 0x01, 0x00, // |........|
];
}

103
src/servers/tls.rs
View File

@ -1,103 +0,0 @@
use log::{debug, warn};
use tls_parser::{
parse_tls_extensions, parse_tls_raw_record, parse_tls_record_with_header, TlsMessage,
TlsMessageHandshake,
};
pub fn get_sni(buf: &[u8]) -> Vec<String> {
let mut snis: Vec<String> = Vec::new();
match parse_tls_raw_record(buf) {
Ok((_, ref r)) => match parse_tls_record_with_header(r.data, &r.hdr) {
Ok((_, ref msg_list)) => {
for msg in msg_list {
if let TlsMessage::Handshake(TlsMessageHandshake::ClientHello(ref content)) =
*msg
{
debug!("TLS ClientHello version: {}", content.version);
let ext = parse_tls_extensions(content.ext.unwrap_or(b""));
match ext {
Ok((_, ref extensions)) => {
for ext in extensions {
if let tls_parser::TlsExtension::SNI(ref v) = *ext {
for &(t, sni) in v {
match String::from_utf8(sni.to_vec()) {
Ok(s) => {
debug!("TLS SNI: {} {}", t, s);
snis.push(s);
}
Err(e) => {
warn!("Failed to parse SNI: {} {}", t, e);
}
}
}
}
}
}
Err(e) => {
warn!("TLS extensions error: {}", e);
}
}
}
}
}
Err(err) => {
warn!("Failed to parse TLS: {}", err);
}
},
Err(err) => {
warn!("Failed to parse TLS: {}", err);
}
}
snis
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_sni_extract() {
const BUF: [u8; 517] = [
0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x35, 0x7a, 0xba,
0x3d, 0x89, 0xd2, 0x5e, 0x7a, 0xa2, 0xd4, 0xe5, 0x6d, 0xd5, 0xa3, 0x98, 0x41, 0xb0,
0xae, 0x41, 0xfc, 0xe6, 0x64, 0xfd, 0xae, 0x0b, 0x27, 0x6d, 0x90, 0xa8, 0x0a, 0xfa,
0x90, 0x20, 0x59, 0x6f, 0x13, 0x18, 0x4a, 0xd1, 0x1c, 0xc4, 0x83, 0x8c, 0xfc, 0x93,
0xac, 0x6b, 0x3b, 0xac, 0x67, 0xd0, 0x36, 0xb0, 0xa2, 0x1b, 0x04, 0xf7, 0xde, 0x02,
0xfb, 0x96, 0x1e, 0xdc, 0x76, 0xa8, 0x00, 0x20, 0x2a, 0x2a, 0x13, 0x01, 0x13, 0x02,
0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8,
0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, 0x01, 0x00,
0x01, 0x93, 0xea, 0xea, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00,
0x0e, 0x77, 0x77, 0x77, 0x2e, 0x6c, 0x69, 0x72, 0x75, 0x69, 0x2e, 0x74, 0x65, 0x63,
0x68, 0x00, 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
0x00, 0x08, 0xba, 0xba, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02,
0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68,
0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x03, 0x08,
0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x00,
0x12, 0x00, 0x00, 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xba, 0xba, 0x00, 0x01, 0x00,
0x00, 0x1d, 0x00, 0x20, 0x3b, 0x45, 0xf9, 0xbc, 0x6e, 0x23, 0x86, 0x41, 0xa5, 0xb2,
0xf5, 0x03, 0xec, 0x67, 0x4a, 0xd7, 0x9a, 0x17, 0x9f, 0x0c, 0x38, 0x6d, 0x36, 0xf3,
0x4e, 0x5d, 0xa4, 0x7d, 0x15, 0x79, 0xa4, 0x3f, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01,
0x00, 0x2b, 0x00, 0x0b, 0x0a, 0xba, 0xba, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03,
0x01, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, 0x02, 0x44, 0x69, 0x00, 0x05, 0x00, 0x03,
0x02, 0x68, 0x32, 0xda, 0xda, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0xc5, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
];
let sni = get_sni(&BUF);
assert!(sni[0] == "www.lirui.tech".to_string());
}
}

148
src/servers/upstream_address.rs Normal file
View File

@ -0,0 +1,148 @@
use log::debug;
use std::fmt::{Display, Formatter};
use std::io::Result;
use std::net::SocketAddr;
use std::sync::Arc;
use std::sync::RwLock;
use std::time::Instant;
use time::{Duration, OffsetDateTime};
#[derive(Debug, Clone, Default)]
pub(crate) struct UpstreamAddress {
address: String,
resolved_addresses: Arc<RwLock<Vec<SocketAddr>>>,
resolved_time: Arc<RwLock<Option<Instant>>>,
ttl: Arc<RwLock<Option<Duration>>>,
}
impl Display for UpstreamAddress {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
self.address.fmt(f)
}
}
impl UpstreamAddress {
pub fn new(address: String) -> Self {
UpstreamAddress {
address,
..Default::default()
}
}
pub fn is_valid(&self) -> bool {
let r = { *self.resolved_time.read().unwrap() };
if let Some(resolved) = r {
if let Some(ttl) = { *self.ttl.read().unwrap() } {
return resolved.elapsed() < ttl;
}
}
false
}
fn is_resolved(&self) -> bool {
!self.resolved_addresses.read().unwrap().is_empty()
}
fn time_remaining(&self) -> Duration {
if !self.is_valid() {
return Duration::seconds(0);
}
let rt = { *self.resolved_time.read().unwrap() };
let ttl = { *self.ttl.read().unwrap() };
ttl.unwrap() - rt.unwrap().elapsed()
}
pub async fn resolve(&self, mode: ResolutionMode) -> Result<Vec<SocketAddr>> {
if self.is_resolved() && self.is_valid() {
debug!(
"Already got address {:?}, still valid for {:.3}s",
&self.resolved_addresses,
self.time_remaining().as_seconds_f64()
);
return Ok(self.resolved_addresses.read().unwrap().clone());
}
debug!(
"Resolving addresses for {} with mode {:?}",
&self.address, &mode
);
let lookup_result = tokio::net::lookup_host(&self.address).await;
let resolved_addresses: Vec<SocketAddr> = match lookup_result {
Ok(resolved_addresses) => resolved_addresses.into_iter().collect(),
Err(e) => {
debug!("Failed looking up {}: {}", &self.address, &e);
// Protect against DNS flooding. Cache the result for 1 second.
*self.resolved_time.write().unwrap() = Some(Instant::now());
*self.ttl.write().unwrap() = Some(Duration::seconds(3));
return Err(e);
}
};
debug!("Resolved addresses: {:?}", &resolved_addresses);
let addresses: Vec<SocketAddr> = match mode {
ResolutionMode::Ipv4 => resolved_addresses
.into_iter()
.filter(|a| a.is_ipv4())
.collect(),
ResolutionMode::Ipv6 => resolved_addresses
.into_iter()
.filter(|a| a.is_ipv6())
.collect(),
_ => resolved_addresses,
};
debug!(
"Got {} addresses for {}: {:?}",
&mode, &self.address, &addresses
);
debug!(
"Resolved at {}",
OffsetDateTime::now_utc()
.format(&time::format_description::well_known::Rfc3339)
.expect("Format")
);
*self.resolved_addresses.write().unwrap() = addresses.clone();
*self.resolved_time.write().unwrap() = Some(Instant::now());
*self.ttl.write().unwrap() = Some(Duration::minutes(1));
Ok(addresses)
}
}
#[derive(Debug, Default, Clone)]
pub(crate) enum ResolutionMode {
#[default]
Ipv4AndIpv6,
Ipv4,
Ipv6,
}
impl From<&str> for ResolutionMode {
fn from(value: &str) -> Self {
match value {
"tcp4" => ResolutionMode::Ipv4,
"tcp6" => ResolutionMode::Ipv6,
"tcp" => ResolutionMode::Ipv4AndIpv6,
_ => panic!("This should never happen. Please check configuration parser."),
}
}
}
impl Display for ResolutionMode {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self {
ResolutionMode::Ipv4 => write!(f, "IPv4Only"),
ResolutionMode::Ipv6 => write!(f, "IPv6Only"),
ResolutionMode::Ipv4AndIpv6 => write!(f, "IPv4 and IPv6"),
}
}
}

22
src/update.rs Normal file
View File

@ -0,0 +1,22 @@
use self_update::cargo_crate_version;
pub(crate) fn update() {
println!("Updating to the latest version...");
let backend = self_update::backends::gitea::Update::configure()
.with_host("https://code.kiers.eu")
.repo_owner("jjkiers")
.repo_name("layer4-proxy")
.bin_name("l4p")
.show_download_progress(true)
.current_version(cargo_crate_version!())
.build()
.expect("Should initialize correctly.");
let status = backend.update_extended();
match status {
Err(e) => eprintln!("Error updating: {e}"),
Ok(_) => (),
}
}

51
src/upstreams/mod.rs Normal file
View File

@ -0,0 +1,51 @@
mod proxy_to_upstream;
use log::debug;
use serde::Deserialize;
use std::error::Error;
use tokio::io;
use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
use tokio::net::TcpStream;
pub use crate::upstreams::proxy_to_upstream::ProxyToUpstream;
#[derive(Debug, Clone, Deserialize)]
pub enum Upstream {
Ban,
Echo,
Proxy(ProxyToUpstream),
}
impl Upstream {
pub(crate) async fn process(&self, mut inbound: TcpStream) -> Result<(), Box<dyn Error>> {
match self {
Upstream::Ban => {
inbound.shutdown().await?;
}
Upstream::Echo => {
let (mut ri, mut wi) = io::split(inbound);
let inbound_to_inbound = copy(&mut ri, &mut wi);
let bytes_tx = inbound_to_inbound.await;
debug!("Bytes read: {:?}", bytes_tx);
}
Upstream::Proxy(config) => {
config.proxy(inbound).await?;
}
};
Ok(())
}
}
async fn copy<'a, R, W>(reader: &'a mut R, writer: &'a mut W) -> io::Result<u64>
where
R: AsyncRead + Unpin + ?Sized,
W: AsyncWrite + Unpin + ?Sized,
{
match io::copy(reader, writer).await {
Ok(u64) => {
let _ = writer.shutdown().await;
Ok(u64)
}
Err(_) => Ok(0),
}
}

57
src/upstreams/proxy_to_upstream.rs Normal file
View File

@ -0,0 +1,57 @@
use crate::servers::upstream_address::UpstreamAddress;
use crate::upstreams::copy;
use futures::future::try_join;
use log::{debug, error};
use serde::Deserialize;
use std::net::SocketAddr;
use tokio::io;
use tokio::net::TcpStream;
#[derive(Debug, Clone, Deserialize, Default)]
pub struct ProxyToUpstream {
pub addr: String,
pub protocol: String,
#[serde(skip_deserializing)]
addresses: UpstreamAddress,
}
impl ProxyToUpstream {
pub async fn resolve_addresses(&self) -> std::io::Result<Vec<SocketAddr>> {
self.addresses.resolve((*self.protocol).into()).await
}
pub fn new(address: String, protocol: String) -> Self {
Self {
addr: address.clone(),
protocol,
addresses: UpstreamAddress::new(address),
}
}
pub(crate) async fn proxy(&self, inbound: TcpStream) -> Result<(), Box<dyn std::error::Error>> {
let outbound = match self.protocol.as_ref() {
"tcp4" | "tcp6" | "tcp" => {
TcpStream::connect(self.resolve_addresses().await?.as_slice()).await?
}
_ => {
error!("Reached unknown protocol: {:?}", self.protocol);
return Err("Reached unknown protocol".into());
}
};
debug!("Connected to {:?}", outbound.peer_addr().unwrap());
let (mut ri, mut wi) = io::split(inbound);
let (mut ro, mut wo) = io::split(outbound);
let inbound_to_outbound = copy(&mut ri, &mut wo);
let outbound_to_inbound = copy(&mut ro, &mut wi);
let (bytes_tx, bytes_rx) = try_join(inbound_to_outbound, outbound_to_inbound).await?;
debug!("Bytes read: {:?} write: {:?}", bytes_tx, bytes_rx);
Ok(())
}
}

11
tests/config.yaml
View File

@ -11,11 +11,16 @@ servers:
proxy.test.com: proxy
www.test.com: web
default: ban
echo_server:
tcp_server:
listen:
- "127.0.0.1:54500"
default: tester
tcp_echo_server:
listen:
- "0.0.0.0:54956"
default: echo
upstream:
web: "127.0.0.1:8080"
proxy: "www.example.com:1024"
web: "tcp://127.0.0.1:8080"
proxy: "tcp://www.example.com:1024"
tester: "tcp://127.0.0.1:54599"