Merge pull request #74 from darhwa/http-outbound

Fix http outbound to get correct TLS negotiated protocol when "stats" setting exists
pull/2667/head
RPRX 2020-08-01 09:40:42 +00:00 committed by GitHub
commit 7ec05363f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 48 deletions

View File

@ -71,6 +71,7 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
return newError("target not specified.") return newError("target not specified.")
} }
target := outbound.Target target := outbound.Target
targetAddr := target.NetAddr()
if target.Network == net.Network_UDP { if target.Network == net.Network_UDP {
return newError("UDP is not supported by HTTP outbound") return newError("UDP is not supported by HTTP outbound")
@ -83,9 +84,8 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
server := c.serverPicker.PickServer() server := c.serverPicker.PickServer()
dest := server.Destination() dest := server.Destination()
user = server.PickUser() user = server.PickUser()
targetAddr := target.NetAddr()
netConn, err := setUpHttpTunnel(ctx, dest, targetAddr, user, dialer) netConn, err := setUpHTTPTunnel(ctx, dest, targetAddr, user, dialer)
if netConn != nil { if netConn != nil {
conn = internet.Connection(netConn) conn = internet.Connection(netConn)
} }
@ -125,27 +125,22 @@ func (c *Client) Process(ctx context.Context, link *transport.Link, dialer inter
return nil return nil
} }
// setUpHttpTunnel will create a socket tunnel via HTTP CONNECT method // setUpHTTPTunnel will create a socket tunnel via HTTP CONNECT method
func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, user *protocol.MemoryUser, dialer internet.Dialer) (net.Conn, error) { func setUpHTTPTunnel(ctx context.Context, dest net.Destination, target string, user *protocol.MemoryUser, dialer internet.Dialer) (net.Conn, error) {
req := (&http.Request{ req := &http.Request{
Method: "CONNECT", Method: http.MethodConnect,
URL: &url.URL{Host: target}, URL: &url.URL{Host: target},
Header: make(http.Header), Header: http.Header{"Proxy-Connection": []string{"Keep-Alive"}},
Host: target, Host: target,
}).WithContext(ctx) }
if user != nil && user.Account != nil { if user != nil && user.Account != nil {
account := user.Account.(*Account) account := user.Account.(*Account)
auth := account.GetUsername() + ":" + account.GetPassword() auth := account.GetUsername() + ":" + account.GetPassword()
req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth))) req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(auth)))
} }
req.Header.Set("Proxy-Connection", "Keep-Alive")
connectHttp1 := func(rawConn net.Conn) (net.Conn, error) {
req.Proto = "HTTP/1.1"
req.ProtoMajor = 1
req.ProtoMinor = 1
connectHTTP1 := func(rawConn net.Conn) (net.Conn, error) {
err := req.Write(rawConn) err := req.Write(rawConn)
if err != nil { if err != nil {
rawConn.Close() rawConn.Close()
@ -165,10 +160,7 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
return rawConn, nil return rawConn, nil
} }
connectHttp2 := func(rawConn net.Conn, h2clientConn *http2.ClientConn) (net.Conn, error) { connectHTTP2 := func(rawConn net.Conn, h2clientConn *http2.ClientConn) (net.Conn, error) {
req.Proto = "HTTP/2.0"
req.ProtoMajor = 2
req.ProtoMinor = 0
pr, pw := io.Pipe() pr, pw := io.Pipe()
req.Body = pr req.Body = pr
@ -182,18 +174,16 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
rawConn.Close() rawConn.Close()
return nil, newError("Proxy responded with non 200 code: " + resp.Status) return nil, newError("Proxy responded with non 200 code: " + resp.Status)
} }
return newHttp2Conn(rawConn, pw, resp.Body), nil return newHTTP2Conn(rawConn, pw, resp.Body), nil
} }
cachedH2Mutex.Lock() cachedH2Mutex.Lock()
defer cachedH2Mutex.Unlock() defer cachedH2Mutex.Unlock()
if cachedConn, found := cachedH2Conns[dest]; found { if cachedConn, found := cachedH2Conns[dest]; found {
if cachedConn.rawConn != nil && cachedConn.h2Conn != nil { rc, cc := cachedConn.rawConn, cachedConn.h2Conn
rc := cachedConn.rawConn
cc := cachedConn.h2Conn
if cc.CanTakeNewRequest() { if cc.CanTakeNewRequest() {
proxyConn, err := connectHttp2(rc, cc) proxyConn, err := connectHTTP2(rc, cc)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -201,15 +191,19 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
return proxyConn, nil return proxyConn, nil
} }
} }
}
rawConn, err := dialer.Dial(ctx, dest) rawConn, err := dialer.Dial(ctx, dest)
if err != nil { if err != nil {
return nil, err return nil, err
} }
iConn := rawConn
if statConn, ok := iConn.(*internet.StatCouterConnection); ok {
iConn = statConn.Connection
}
nextProto := "" nextProto := ""
if tlsConn, ok := rawConn.(*tls.Conn); ok { if tlsConn, ok := iConn.(*tls.Conn); ok {
if err := tlsConn.Handshake(); err != nil { if err := tlsConn.Handshake(); err != nil {
rawConn.Close() rawConn.Close()
return nil, err return nil, err
@ -218,10 +212,8 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
} }
switch nextProto { switch nextProto {
case "": case "", "http/1.1":
fallthrough return connectHTTP1(rawConn)
case "http/1.1":
return connectHttp1(rawConn)
case "h2": case "h2":
t := http2.Transport{} t := http2.Transport{}
h2clientConn, err := t.NewClientConn(rawConn) h2clientConn, err := t.NewClientConn(rawConn)
@ -230,7 +222,7 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
return nil, err return nil, err
} }
proxyConn, err := connectHttp2(rawConn, h2clientConn) proxyConn, err := connectHTTP2(rawConn, h2clientConn)
if err != nil { if err != nil {
rawConn.Close() rawConn.Close()
return nil, err return nil, err
@ -251,7 +243,7 @@ func setUpHttpTunnel(ctx context.Context, dest net.Destination, target string, u
} }
} }
func newHttp2Conn(c net.Conn, pipedReqBody *io.PipeWriter, respBody io.ReadCloser) net.Conn { func newHTTP2Conn(c net.Conn, pipedReqBody *io.PipeWriter, respBody io.ReadCloser) net.Conn {
return &http2Conn{Conn: c, in: pipedReqBody, out: respBody} return &http2Conn{Conn: c, in: pipedReqBody, out: respBody}
} }
@ -274,18 +266,6 @@ func (h *http2Conn) Close() error {
return h.out.Close() return h.out.Close()
} }
func (h *http2Conn) CloseConn() error {
return h.Conn.Close()
}
func (h *http2Conn) CloseWrite() error {
return h.in.Close()
}
func (h *http2Conn) CloseRead() error {
return h.out.Close()
}
func init() { func init() {
common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { common.Must(common.RegisterConfig((*ClientConfig)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
return NewClient(ctx, config.(*ClientConfig)) return NewClient(ctx, config.(*ClientConfig))