summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYawning Angel <yawning@schwanenlied.me>2014-05-25 09:14:14 +0000
committerYawning Angel <yawning@schwanenlied.me>2014-05-25 09:14:14 +0000
commit92494597ce18e21ca8db4d0cd7ba1be3ba05e735 (patch)
tree41961f5677bfcce4c01646aaa3afdfb87d1d5e3f
parentb3d17c327b3d0f8cfd3ebf91e776e1f99bb81004 (diff)
Wire in go.net/proxy, enabling SOCKS5 via TOR_PT_PROXY.
With tor patched to support 8402, obfs4 bootstraps via a SOCKSv5 proxy now. Other schemes will bail with a PROXY-ERROR, as the go.net/proxy package does not support them, and I have not gotten around to writing dialers for them yet (next on my TODO list). Part of issue #7.
-rw-r--r--obfs4.go15
-rw-r--r--obfs4proxy/obfs4proxy.go29
-rw-r--r--obfs4proxy/proxy_extras.go51
3 files changed, 83 insertions, 12 deletions
diff --git a/obfs4.go b/obfs4.go
index 6978a97..e4c22f8 100644
--- a/obfs4.go
+++ b/obfs4.go
@@ -533,10 +533,21 @@ func (c *Obfs4Conn) SetWriteDeadline(t time.Time) error {
return syscall.ENOTSUP
}
+// DialFn is a function pointer to a dial routine that matches the
+// net.Dialer.Dial routine.
+type DialFn func(string, string) (net.Conn, error)
+
// DialObfs4 connects to the remote address on the network, and handshakes with
// the peer's obfs4 Node ID and Identity Public Key. nodeID and publicKey are
// expected as strings containing the Base64 encoded values.
func DialObfs4(network, address, nodeID, publicKey string, iatObfuscation bool) (*Obfs4Conn, error) {
+
+ return DialObfs4DialFn(net.Dial, network, address, nodeID, publicKey, iatObfuscation)
+}
+
+// DialObfs4DialFn connects to the remote address on the network via DialFn,
+// and handshakes with the peers' obfs4 Node ID and Identity Public Key.
+func DialObfs4DialFn(dialFn DialFn, network, address, nodeID, publicKey string, iatObfuscation bool) (*Obfs4Conn, error) {
// Decode the node_id/public_key.
pub, err := ntor.PublicKeyFromBase64(publicKey)
if err != nil {
@@ -553,13 +564,13 @@ func DialObfs4(network, address, nodeID, publicKey string, iatObfuscation bool)
return nil, err
}
- // Connect to the peer.
+ // Generate the Obfs4Conn.
c := new(Obfs4Conn)
c.lenProbDist = newWDist(seed, 0, framing.MaximumSegmentLength)
if iatObfuscation {
c.iatProbDist = newWDist(seed, 0, maxIatDelay)
}
- c.conn, err = net.Dial(network, address)
+ c.conn, err = dialFn(network, address)
if err != nil {
return nil, err
}
diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index 2e8a011..c00ee88 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -53,6 +53,7 @@ import (
"io/ioutil"
"log"
"net"
+ "net/url"
"os"
"os/signal"
"path"
@@ -222,7 +223,7 @@ func serverSetup() (launched bool) {
return
}
-func clientHandler(conn *pt.SocksConn) error {
+func clientHandler(conn *pt.SocksConn, proxyURI *url.URL) error {
defer conn.Close()
var addr string
@@ -254,8 +255,13 @@ func clientHandler(conn *pt.SocksConn) error {
}()
defer logAndRecover(nil)
- remote, err := obfs4.DialObfs4("tcp", conn.Req.Target, nodeID, publicKey,
- iatObfuscation)
+ dialFn, err := getProxyDialer(proxyURI)
+ if err != nil {
+ log.Printf("[ERROR] client: failed to get proxy dialer: %s", err)
+ conn.Reject()
+ return err
+ }
+ remote, err := obfs4.DialObfs4DialFn(dialFn, "tcp", conn.Req.Target, nodeID, publicKey, iatObfuscation)
if err != nil {
log.Printf("[ERROR] client: %p: Handshake failed: %s", remote, err)
conn.Reject()
@@ -272,7 +278,7 @@ func clientHandler(conn *pt.SocksConn) error {
return nil
}
-func clientAcceptLoop(ln *pt.SocksListener) error {
+func clientAcceptLoop(ln *pt.SocksListener, proxyURI *url.URL) error {
defer ln.Close()
for {
conn, err := ln.AcceptSocks()
@@ -282,7 +288,7 @@ func clientAcceptLoop(ln *pt.SocksListener) error {
}
continue
}
- go clientHandler(conn)
+ go clientHandler(conn, proxyURI)
}
}
@@ -296,17 +302,20 @@ func clientSetup() (launched bool) {
ptClientInfo, err := pt.ClientSetup([]string{obfs4Method})
if err != nil {
log.Fatal(err)
- return
}
ptClientProxy, err := ptGetProxy()
if err != nil {
log.Fatal(err)
- return
}
if ptClientProxy != nil {
- // XXX: Remove this once done.
- ptProxyError("proxy are not supported yet")
+ // XXX: Limit this to SOCKS5 for now.
+ if ptClientProxy.Scheme != "socks5" {
+ ptProxyError(fmt.Sprintf("proxy scheme not supported: %s",
+ ptClientProxy.Scheme))
+ return
+ }
+ ptProxyDone()
}
for _, methodName := range ptClientInfo.MethodNames {
@@ -317,7 +326,7 @@ func clientSetup() (launched bool) {
pt.CmethodError(methodName, err.Error())
break
}
- go clientAcceptLoop(ln)
+ go clientAcceptLoop(ln, ptClientProxy)
pt.Cmethod(methodName, ln.Version(), ln.Addr())
ptListeners = append(ptListeners, ln)
launched = true
diff --git a/obfs4proxy/proxy_extras.go b/obfs4proxy/proxy_extras.go
new file mode 100644
index 0000000..27b638b
--- /dev/null
+++ b/obfs4proxy/proxy_extras.go
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package main
+
+import (
+ "net/url"
+
+ "code.google.com/p/go.net/proxy"
+
+ "github.com/yawning/obfs4"
+)
+
+// getProxyDialer is a trival wrapper around the go.net/proxy package to avoid
+// having it as a dependency for anything else.
+func getProxyDialer(uri *url.URL) (obfs4.DialFn, error) {
+ if uri == nil {
+ return proxy.Direct.Dial, nil
+ }
+
+ dialer, err := proxy.FromURL(uri, proxy.Direct)
+ if err != nil {
+ return nil, err
+ }
+
+ return dialer.Dial, nil
+}