add tls padding, doh fragmentation, hosts feature

bepass-org · Aug 15, 2023 · ff5b713 · ff5b713
1 parent 0b427e8
commit ff5b713
Show file tree

Hide file tree

Showing 13 changed files with 465 additions and 118 deletions.
diff --git a/bepass/cmd/core/core.go b/bepass/cmd/core/core.go
@@ -2,8 +2,10 @@ package core
 
 import (
 	"bepass/cache"
+	"bepass/dialer"
 	"bepass/doh"
 	"bepass/logger"
+	"bepass/resolve"
 	"bepass/server"
 	"bepass/socks5"
 	"fmt"
@@ -16,21 +18,26 @@ import (
 )
 
 type Config struct {
-	TLSHeaderLength       int         `mapstructure:"TLSHeaderLength"`
-	DnsCacheTTL           int         `mapstructure:"DnsCacheTTL"`
-	WorkerAddress         string      `mapstructure:"WorkerAddress"`
-	WorkerIPPortAddress   string      `mapstructure:"WorkerIPPortAddress"`
-	WorkerEnabled         bool        `mapstructure:"WorkerEnabled"`
-	WorkerDNSOnly         bool        `mapstructure:"WorkerDNSOnly"`
-	EnableLowLevelSockets bool        `mapstructure:"EnableLowLevelSockets"`
-	RemoteDNSAddr         string      `mapstructure:"RemoteDNSAddr"`
-	BindAddress           string      `mapstructure:"BindAddress"`
-	ChunksLengthBeforeSni [2]int      `mapstructure:"ChunksLengthBeforeSni"`
-	SniChunksLength       [2]int      `mapstructure:"SniChunksLength"`
-	ChunksLengthAfterSni  [2]int      `mapstructure:"ChunksLengthAfterSni"`
-	DelayBetweenChunks    [2]int      `mapstructure:"DelayBetweenChunks"`
-	ResolveSystem         string      `mapstructure:"-"`
-	DoHClient             *doh.Client `mapstructure:"-"`
+	TLSHeaderLength        int             `mapstructure:"TLSHeaderLength"`
+	TLSPaddingEnabled      bool            `mapstructure:"TLSPaddingEnabled"`
+	TLSPaddingSize         [2]int          `mapstructure:"TLSPaddingSize"`
+	DnsCacheTTL            int             `mapstructure:"DnsCacheTTL"`
+	DnsRequestTimeout      int             `mapstructure:"DnsRequestTimeout"`
+	WorkerAddress          string          `mapstructure:"WorkerAddress"`
+	WorkerIPPortAddress    string          `mapstructure:"WorkerIPPortAddress"`
+	WorkerEnabled          bool            `mapstructure:"WorkerEnabled"`
+	WorkerDNSOnly          bool            `mapstructure:"WorkerDNSOnly"`
+	EnableLowLevelSockets  bool            `mapstructure:"EnableLowLevelSockets"`
+	EnableDNSFragmentation bool            `mapstructure:"EnableDNSFragmentation"`
+	RemoteDNSAddr          string          `mapstructure:"RemoteDNSAddr"`
+	BindAddress            string          `mapstructure:"BindAddress"`
+	ChunksLengthBeforeSni  [2]int          `mapstructure:"ChunksLengthBeforeSni"`
+	SniChunksLength        [2]int          `mapstructure:"SniChunksLength"`
+	ChunksLengthAfterSni   [2]int          `mapstructure:"ChunksLengthAfterSni"`
+	DelayBetweenChunks     [2]int          `mapstructure:"DelayBetweenChunks"`
+	Hosts                  []resolve.Hosts `mapstructure:"Hosts"`
+	ResolveSystem          string          `mapstructure:"-"`
+	DoHClient              *doh.Client     `mapstructure:"-"`
 }
 
 var s5 *socks5.Server
@@ -41,18 +48,33 @@ func RunServer(config *Config, captureCTRLC bool) error {
 	var resolveSystem string
 	var dohClient *doh.Client
 
+	stdLogger := log.New(os.Stderr, "", log.Ldate|log.Ltime)
+	appLogger := logger.NewLogger(stdLogger)
+
+	localResolver := &resolve.LocalResolver{
+		Logger: appLogger,
+		Hosts:  config.Hosts,
+	}
+
+	dialer_ := &dialer.Dialer{
+		Logger:                appLogger,
+		EnableLowLevelSockets: config.EnableLowLevelSockets,
+		TLSPaddingEnabled:     config.TLSPaddingEnabled,
+		TLSPaddingSize:        config.TLSPaddingSize,
+		ProxyAddress:          fmt.Sprintf("socks5://%s", config.BindAddress),
+	}
+
 	if strings.HasPrefix(config.RemoteDNSAddr, "https://") {
 		resolveSystem = "doh"
 		dohClient = doh.NewClient(
-			doh.WithTimeout(10*time.Second),
-			doh.WithSocks5(fmt.Sprintf("socks5://%s", config.BindAddress)),
+			doh.WithDNSFragmentation((config.WorkerEnabled && config.WorkerDNSOnly) || config.EnableDNSFragmentation),
+			doh.WithDialer(dialer_),
+			doh.WithLocalResolver(localResolver),
 		)
 	} else {
 		resolveSystem = "DNSCrypt"
 	}
 
-	stdLogger := log.New(os.Stderr, "", log.Ldate|log.Ltime)
-	appLogger := logger.NewLogger(stdLogger)
 	chunkConfig := server.ChunkConfig{
 		BeforeSniLength: config.SniChunksLength,
 		AfterSniLength:  config.ChunksLengthAfterSni,
@@ -77,6 +99,8 @@ func RunServer(config *Config, captureCTRLC bool) error {
 		WorkerConfig:          workerConfig,
 		BindAddress:           config.BindAddress,
 		EnableLowLevelSockets: config.EnableLowLevelSockets,
+		Dialer:                dialer_,
+		LocalResolver:         localResolver,
 	}
 
 	if captureCTRLC {
@@ -93,7 +117,7 @@ func RunServer(config *Config, captureCTRLC bool) error {
 		socks5.WithConnectHandle(serverHandler.Handle),
 	)
 
-	fmt.Println("Starting socks server:", config.BindAddress)
+	fmt.Println("Starting socks, http server:", config.BindAddress)
 	if err := s5.ListenAndServe("tcp", config.BindAddress); err != nil {
 		return err
 	}

diff --git a/bepass/config.json b/bepass/config.json
@@ -1,7 +1,11 @@
 {
   "TLSHeaderLength": 5,
+  "TLSPaddingEnabled": false,
+  "TLSPaddingSize": [10, 50],
   "RemoteDNSAddr": "https://yarp.lefolgoc.net/dns-query",
+  "EnableDNSFragmentation": true,
   "DnsCacheTTL": 30,
+  "DnsRequestTimeout": 10,
   "BindAddress": "0.0.0.0:8085",
   "ChunksLengthBeforeSni": [1, 5],
   "SniChunksLength": [1, 5],
@@ -11,5 +15,11 @@
   "WorkerIPPortAddress": "104.31.16.104:443",
   "WorkerEnabled": true,
   "WorkerDNSOnly": false,
-  "EnableLowLevelSockets": false
+  "EnableLowLevelSockets": false,
+  "Hosts": [
+    {
+      "Domain": "yarp.lefolgoc.net",
+      "IP": "5.39.88.20"
+    }
+  ]
 }
diff --git a/bepass/dialer/dialer.go b/bepass/dialer/dialer.go
@@ -0,0 +1,16 @@
+package dialer
+
+import (
+	"bepass/logger"
+	"net"
+)
+
+type PlainTCPDial func(network, addr, hostPort string) (net.Conn, error)
+
+type Dialer struct {
+	Logger                *logger.Std
+	EnableLowLevelSockets bool
+	TLSPaddingEnabled     bool
+	TLSPaddingSize        [2]int
+	ProxyAddress          string
+}
diff --git a/bepass/dialer/http.go b/bepass/dialer/http.go
@@ -0,0 +1,29 @@
+package dialer
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/url"
+)
+
+func (d *Dialer) MakeHTTPClient(hostPort string, enableProxy bool) *http.Client {
+	transport := &http.Transport{
+		ForceAttemptHTTP2: false,
+		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			return d.TCPDial(network, addr, hostPort)
+		},
+		DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			return d.TLSDial(func(network, addr, hostPort string) (net.Conn, error) {
+				return d.TCPDial(network, addr, hostPort)
+			}, network, addr, hostPort)
+		},
+	}
+	if enableProxy {
+		proxyUrl, _ := url.Parse(d.ProxyAddress)
+
+		// Create dialer
+		transport.Proxy = http.ProxyURL(proxyUrl)
+	}
+	return &http.Client{Transport: transport}
+}
diff --git a/bepass/dialer/tcp.go b/bepass/dialer/tcp.go
@@ -0,0 +1,38 @@
+package dialer
+
+import (
+	"bepass/protect"
+	"net"
+	"runtime"
+	"strconv"
+)
+
+// TCPDial connects to the destination address.
+func (d *Dialer) TCPDial(network, addr, hostPort string) (*net.TCPConn, error) {
+	var (
+		tcpAddr *net.TCPAddr
+		err     error
+	)
+	if hostPort != "" {
+		tcpAddr, err = net.ResolveTCPAddr(network, hostPort)
+	} else {
+		tcpAddr, err = net.ResolveTCPAddr(network, addr)
+	}
+	if err != nil {
+		return nil, err
+	}
+	if d.EnableLowLevelSockets && (runtime.GOOS == "android" || runtime.GOOS == "linux") {
+		dialer := protect.NewClientDialer()
+		conn, err := dialer.Dial("tcp", net.JoinHostPort(tcpAddr.IP.String(), strconv.Itoa(tcpAddr.Port)))
+		if err != nil {
+			return nil, err
+		}
+		return conn.(*net.TCPConn), nil
+	}
+	conn, err := net.DialTCP("tcp", nil, tcpAddr)
+	if err != nil {
+		d.Logger.Errorf("failed to connect to %v: %v", tcpAddr, err)
+		return nil, err
+	}
+	return conn, nil
+}