From 9daef5bf443a4d9ba06a8159991ffb7766f4e0f2 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Fri, 22 Jul 2022 15:16:09 +0800 Subject: [PATCH] inbound tfo --- config/config.go | 3 +++ go.mod | 3 ++- go.sum | 4 ++++ hub/executor/executor.go | 2 ++ listener/http/server.go | 14 ++++++++++---- listener/listener.go | 11 ++++++++--- listener/mixed/mixed.go | 9 +++++++-- listener/socks/tcp.go | 9 +++++++-- 8 files changed, 43 insertions(+), 12 deletions(-) diff --git a/config/config.go b/config/config.go index da8fb828..6bd501ad 100644 --- a/config/config.go +++ b/config/config.go @@ -67,6 +67,7 @@ type Inbound struct { Authentication []string `json:"authentication"` AllowLan bool `json:"allow-lan"` BindAddress string `json:"bind-address"` + InboundTfo bool `json:"inbound-tfo"` } // Controller config @@ -197,6 +198,7 @@ type RawConfig struct { RedirPort int `yaml:"redir-port"` TProxyPort int `yaml:"tproxy-port"` MixedPort int `yaml:"mixed-port"` + InboundTfo bool `yaml:"inbound-tfo"` Authentication []string `yaml:"authentication"` AllowLan bool `yaml:"allow-lan"` BindAddress string `yaml:"bind-address"` @@ -423,6 +425,7 @@ func parseGeneral(cfg *RawConfig) (*General, error) { MixedPort: cfg.MixedPort, AllowLan: cfg.AllowLan, BindAddress: cfg.BindAddress, + InboundTfo: cfg.InboundTfo, }, Controller: Controller{ ExternalController: cfg.ExternalController, diff --git a/go.mod b/go.mod index 4cf7b776..81cf747a 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( golang.org/x/exp v0.0.0-20220608143224-64259d1afd70 golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f - golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c + golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e golang.org/x/time v0.0.0-20220411224347-583f2d630306 golang.zx2c4.com/wireguard v0.0.0-20220601130007-6a08d81f6bc4 golang.zx2c4.com/wireguard/windows v0.5.4-0.20220328111914-004c22c5647e @@ -46,6 +46,7 @@ replace github.com/lucas-clemente/quic-go => github.com/tobyxdd/quic-go v0.28.1- require ( github.com/cheekybits/genny v1.0.0 // indirect + github.com/database64128/tfo-go v1.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect diff --git a/go.sum b/go.sum index 80f8e638..45d99639 100644 --- a/go.sum +++ b/go.sum @@ -20,6 +20,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk= github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/database64128/tfo-go v1.1.0 h1:VO0polyGNSAmr99nYw9GQeMz7ZOcQ/QbjlTwniHwfTQ= +github.com/database64128/tfo-go v1.1.0/go.mod h1:95pOT8bnV3P2Lmu9upHNWFHz6dYGJ9cr7pnb0tGQAG8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -334,6 +336,8 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e h1:NHvCuwuS43lGnYhten69ZWqi2QOj/CiDNcKbVqwVoew= +golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/hub/executor/executor.go b/hub/executor/executor.go index 6918fd47..18c4e6db 100644 --- a/hub/executor/executor.go +++ b/hub/executor/executor.go @@ -329,6 +329,8 @@ func updateGeneral(general *config.General, force bool) { bindAddress := general.BindAddress P.SetBindAddress(bindAddress) + P.SetInboundTfo(general.InboundTfo) + tcpIn := tunnel.TCPIn() udpIn := tunnel.UDPIn() diff --git a/listener/http/server.go b/listener/http/server.go index 6b966143..edbca1b2 100644 --- a/listener/http/server.go +++ b/listener/http/server.go @@ -1,6 +1,8 @@ package http import ( + "context" + "github.com/database64128/tfo-go" "net" "time" @@ -30,12 +32,16 @@ func (l *Listener) Close() error { return l.listener.Close() } -func New(addr string, in chan<- C.ConnContext) (*Listener, error) { - return NewWithAuthenticate(addr, in, true) +func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) { + return NewWithAuthenticate(addr, in, true, inboundTfo) } -func NewWithAuthenticate(addr string, in chan<- C.ConnContext, authenticate bool) (*Listener, error) { - l, err := net.Listen("tcp", addr) +func NewWithAuthenticate(addr string, in chan<- C.ConnContext, authenticate bool, inboundTfo bool) (*Listener, error) { + lc := tfo.ListenConfig{ + DisableTFO: !inboundTfo, + } + l, err := lc.Listen(context.Background(), "tcp", addr) + if err != nil { return nil, err } diff --git a/listener/listener.go b/listener/listener.go index 29f6d441..0dc3a316 100644 --- a/listener/listener.go +++ b/listener/listener.go @@ -26,6 +26,7 @@ var ( allowLan = false bindAddress = "*" lastTunConf *config.Tun + inboundTfo = false socksListener *socks.Listener socksUDPListener *socks.UDPListener @@ -80,6 +81,10 @@ func SetBindAddress(host string) { bindAddress = host } +func SetInboundTfo(itfo bool) { + inboundTfo = itfo +} + func NewInner(tcpIn chan<- C.ConnContext) { inner.New(tcpIn) } @@ -109,7 +114,7 @@ func ReCreateHTTP(port int, tcpIn chan<- C.ConnContext) { return } - httpListener, err = http.New(addr, tcpIn) + httpListener, err = http.New(addr, inboundTfo, tcpIn) if err != nil { log.Errorln("Start HTTP server error: %s", err.Error()) return @@ -160,7 +165,7 @@ func ReCreateSocks(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P return } - tcpListener, err := socks.New(addr, tcpIn) + tcpListener, err := socks.New(addr, inboundTfo, tcpIn) if err != nil { return } @@ -310,7 +315,7 @@ func ReCreateMixed(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P return } - mixedListener, err = mixed.New(addr, tcpIn) + mixedListener, err = mixed.New(addr, inboundTfo, tcpIn) if err != nil { return } diff --git a/listener/mixed/mixed.go b/listener/mixed/mixed.go index 14a81bc3..feaf73aa 100644 --- a/listener/mixed/mixed.go +++ b/listener/mixed/mixed.go @@ -1,6 +1,8 @@ package mixed import ( + "context" + "github.com/database64128/tfo-go" "net" "time" @@ -36,8 +38,11 @@ func (l *Listener) Close() error { return l.listener.Close() } -func New(addr string, in chan<- C.ConnContext) (*Listener, error) { - l, err := net.Listen("tcp", addr) +func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) { + lc := tfo.ListenConfig{ + DisableTFO: !inboundTfo, + } + l, err := lc.Listen(context.Background(), "tcp", addr) if err != nil { return nil, err } diff --git a/listener/socks/tcp.go b/listener/socks/tcp.go index 7cce32ee..8b505e74 100644 --- a/listener/socks/tcp.go +++ b/listener/socks/tcp.go @@ -1,6 +1,8 @@ package socks import ( + "context" + "github.com/database64128/tfo-go" "io" "net" @@ -34,8 +36,11 @@ func (l *Listener) Close() error { return l.listener.Close() } -func New(addr string, in chan<- C.ConnContext) (*Listener, error) { - l, err := net.Listen("tcp", addr) +func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) { + lc := tfo.ListenConfig{ + DisableTFO: !inboundTfo, + } + l, err := lc.Listen(context.Background(), "tcp", addr) if err != nil { return nil, err }