mirror of https://github.com/XTLS/Xray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1243 lines
34 KiB
1243 lines
34 KiB
package scenarios |
|
|
|
import ( |
|
"crypto/x509" |
|
"runtime" |
|
"testing" |
|
"time" |
|
|
|
"github.com/xtls/xray-core/app/proxyman" |
|
"github.com/xtls/xray-core/common" |
|
"github.com/xtls/xray-core/common/net" |
|
"github.com/xtls/xray-core/common/protocol" |
|
"github.com/xtls/xray-core/common/protocol/tls/cert" |
|
"github.com/xtls/xray-core/common/serial" |
|
"github.com/xtls/xray-core/common/uuid" |
|
core "github.com/xtls/xray-core/core" |
|
"github.com/xtls/xray-core/proxy/dokodemo" |
|
"github.com/xtls/xray-core/proxy/freedom" |
|
"github.com/xtls/xray-core/proxy/vmess" |
|
"github.com/xtls/xray-core/proxy/vmess/inbound" |
|
"github.com/xtls/xray-core/proxy/vmess/outbound" |
|
"github.com/xtls/xray-core/testing/servers/tcp" |
|
"github.com/xtls/xray-core/testing/servers/udp" |
|
"github.com/xtls/xray-core/transport/internet" |
|
"github.com/xtls/xray-core/transport/internet/grpc" |
|
"github.com/xtls/xray-core/transport/internet/http" |
|
"github.com/xtls/xray-core/transport/internet/tls" |
|
"github.com/xtls/xray-core/transport/internet/websocket" |
|
"golang.org/x/sync/errgroup" |
|
) |
|
|
|
func TestSimpleTLSConnection(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestAutoIssuingCertificate(t *testing.T) { |
|
if runtime.GOOS == "windows" { |
|
// Not supported on Windows yet. |
|
return |
|
} |
|
|
|
if runtime.GOARCH == "arm64" { |
|
return |
|
} |
|
|
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
caCert, err := cert.Generate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign)) |
|
common.Must(err) |
|
certPEM, keyPEM := caCert.ToPEM() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{{ |
|
Certificate: certPEM, |
|
Key: keyPEM, |
|
Usage: tls.Certificate_AUTHORITY_ISSUE, |
|
}}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
ServerName: "example.com", |
|
Certificate: []*tls.Certificate{{ |
|
Certificate: certPEM, |
|
Usage: tls.Certificate_AUTHORITY_VERIFY, |
|
}}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
for i := 0; i < 10; i++ { |
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
} |
|
|
|
func TestTLSOverKCP(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := udp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_MKCP, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_MKCP, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
|
|
func TestTLSOverWebSocket(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_WebSocket, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_WebSocket, |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
Protocol: internet.TransportProtocol_WebSocket, |
|
Settings: serial.ToTypedMessage(&websocket.Config{}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
var errg errgroup.Group |
|
for i := 0; i < 10; i++ { |
|
errg.Go(testTCPConn(clientPort, 10240*1024, time.Second*20)) |
|
} |
|
if err := errg.Wait(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
|
|
func TestHTTP2(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_HTTP, |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
Protocol: internet.TransportProtocol_HTTP, |
|
Settings: serial.ToTypedMessage(&http.Config{ |
|
Host: []string{"example.com"}, |
|
Path: "/testpath", |
|
}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
Protocol: internet.TransportProtocol_HTTP, |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
Protocol: internet.TransportProtocol_HTTP, |
|
Settings: serial.ToTypedMessage(&http.Config{ |
|
Host: []string{"example.com"}, |
|
Path: "/testpath", |
|
}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
var errg errgroup.Group |
|
for i := 0; i < 10; i++ { |
|
errg.Go(testTCPConn(clientPort, 1024*1024, time.Second*40)) |
|
} |
|
if err := errg.Wait(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
|
|
func TestGRPC(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
ProtocolName: "grpc", |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
ProtocolName: "grpc", |
|
Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
ProtocolName: "grpc", |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
ProtocolName: "grpc", |
|
Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
var errg errgroup.Group |
|
for i := 0; i < 10; i++ { |
|
errg.Go(testTCPConn(clientPort, 1024*10240, time.Second*40)) |
|
} |
|
if err := errg.Wait(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
|
|
func TestGRPCMultiMode(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
|
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
ProtocolName: "grpc", |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
ProtocolName: "grpc", |
|
Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉"}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
ProtocolName: "grpc", |
|
TransportSettings: []*internet.TransportConfig{ |
|
{ |
|
ProtocolName: "grpc", |
|
Settings: serial.ToTypedMessage(&grpc.Config{ServiceName: "🍉", MultiMode: true}), |
|
}, |
|
}, |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
var errg errgroup.Group |
|
for i := 0; i < 10; i++ { |
|
errg.Go(testTCPConn(clientPort, 1024*10240, time.Second*40)) |
|
} |
|
if err := errg.Wait(); err != nil { |
|
t.Error(err) |
|
} |
|
} |
|
|
|
func TestSimpleTLSConnectionPinned(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
certificateDer := cert.MustGenerate(nil) |
|
certificate := tls.ParseCertificate(certificateDer) |
|
certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) |
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{certificate}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
PinnedPeerCertificateChainSha256: [][]byte{certHash}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestSimpleTLSConnectionPinnedWrongCert(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
certificateDer := cert.MustGenerate(nil) |
|
certificate := tls.ParseCertificate(certificateDer) |
|
certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) |
|
certHash[1] += 1 |
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{certificate}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
AllowInsecure: true, |
|
PinnedPeerCertificateChainSha256: [][]byte{certHash}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestUTLSConnectionPinned(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
certificateDer := cert.MustGenerate(nil) |
|
certificate := tls.ParseCertificate(certificateDer) |
|
certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) |
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{certificate}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Fingerprint: "random", |
|
AllowInsecure: true, |
|
PinnedPeerCertificateChainSha256: [][]byte{certHash}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil { |
|
t.Fatal(err) |
|
} |
|
} |
|
|
|
func TestUTLSConnectionPinnedWrongCert(t *testing.T) { |
|
tcpServer := tcp.Server{ |
|
MsgProcessor: xor, |
|
} |
|
dest, err := tcpServer.Start() |
|
common.Must(err) |
|
defer tcpServer.Close() |
|
certificateDer := cert.MustGenerate(nil) |
|
certificate := tls.ParseCertificate(certificateDer) |
|
certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate}) |
|
certHash[1] += 1 |
|
userID := protocol.NewID(uuid.New()) |
|
serverPort := tcp.PickPort() |
|
serverConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(serverPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Certificate: []*tls.Certificate{certificate}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&inbound.Config{ |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&freedom.Config{}), |
|
}, |
|
}, |
|
} |
|
|
|
clientPort := tcp.PickPort() |
|
clientConfig := &core.Config{ |
|
Inbound: []*core.InboundHandlerConfig{ |
|
{ |
|
ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{ |
|
PortList: &net.PortList{Range: []*net.PortRange{net.SinglePortRange(clientPort)}}, |
|
Listen: net.NewIPOrDomain(net.LocalHostIP), |
|
}), |
|
ProxySettings: serial.ToTypedMessage(&dokodemo.Config{ |
|
Address: net.NewIPOrDomain(dest.Address), |
|
Port: uint32(dest.Port), |
|
NetworkList: &net.NetworkList{ |
|
Network: []net.Network{net.Network_TCP}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
Outbound: []*core.OutboundHandlerConfig{ |
|
{ |
|
ProxySettings: serial.ToTypedMessage(&outbound.Config{ |
|
Receiver: []*protocol.ServerEndpoint{ |
|
{ |
|
Address: net.NewIPOrDomain(net.LocalHostIP), |
|
Port: uint32(serverPort), |
|
User: []*protocol.User{ |
|
{ |
|
Account: serial.ToTypedMessage(&vmess.Account{ |
|
Id: userID.String(), |
|
}), |
|
}, |
|
}, |
|
}, |
|
}, |
|
}), |
|
SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{ |
|
StreamSettings: &internet.StreamConfig{ |
|
SecurityType: serial.GetMessageType(&tls.Config{}), |
|
SecuritySettings: []*serial.TypedMessage{ |
|
serial.ToTypedMessage(&tls.Config{ |
|
Fingerprint: "random", |
|
AllowInsecure: true, |
|
PinnedPeerCertificateChainSha256: [][]byte{certHash}, |
|
}), |
|
}, |
|
}, |
|
}), |
|
}, |
|
}, |
|
} |
|
|
|
servers, err := InitializeServerConfigs(serverConfig, clientConfig) |
|
common.Must(err) |
|
defer CloseAllServers(servers) |
|
|
|
if err := testTCPConn(clientPort, 1024, time.Second*20)(); err == nil { |
|
t.Fatal(err) |
|
} |
|
}
|
|
|