inbound tfo

This commit is contained in:
gVisor bot 2022-07-22 15:16:09 +08:00
parent 91af078580
commit 9daef5bf44
8 changed files with 43 additions and 12 deletions

View file

@ -67,6 +67,7 @@ type Inbound struct {
Authentication []string `json:"authentication"` Authentication []string `json:"authentication"`
AllowLan bool `json:"allow-lan"` AllowLan bool `json:"allow-lan"`
BindAddress string `json:"bind-address"` BindAddress string `json:"bind-address"`
InboundTfo bool `json:"inbound-tfo"`
} }
// Controller config // Controller config
@ -197,6 +198,7 @@ type RawConfig struct {
RedirPort int `yaml:"redir-port"` RedirPort int `yaml:"redir-port"`
TProxyPort int `yaml:"tproxy-port"` TProxyPort int `yaml:"tproxy-port"`
MixedPort int `yaml:"mixed-port"` MixedPort int `yaml:"mixed-port"`
InboundTfo bool `yaml:"inbound-tfo"`
Authentication []string `yaml:"authentication"` Authentication []string `yaml:"authentication"`
AllowLan bool `yaml:"allow-lan"` AllowLan bool `yaml:"allow-lan"`
BindAddress string `yaml:"bind-address"` BindAddress string `yaml:"bind-address"`
@ -423,6 +425,7 @@ func parseGeneral(cfg *RawConfig) (*General, error) {
MixedPort: cfg.MixedPort, MixedPort: cfg.MixedPort,
AllowLan: cfg.AllowLan, AllowLan: cfg.AllowLan,
BindAddress: cfg.BindAddress, BindAddress: cfg.BindAddress,
InboundTfo: cfg.InboundTfo,
}, },
Controller: Controller{ Controller: Controller{
ExternalController: cfg.ExternalController, ExternalController: cfg.ExternalController,

3
go.mod
View file

@ -31,7 +31,7 @@ require (
golang.org/x/exp v0.0.0-20220608143224-64259d1afd70 golang.org/x/exp v0.0.0-20220608143224-64259d1afd70
golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e
golang.org/x/time v0.0.0-20220411224347-583f2d630306 golang.org/x/time v0.0.0-20220411224347-583f2d630306
golang.zx2c4.com/wireguard v0.0.0-20220601130007-6a08d81f6bc4 golang.zx2c4.com/wireguard v0.0.0-20220601130007-6a08d81f6bc4
golang.zx2c4.com/wireguard/windows v0.5.4-0.20220328111914-004c22c5647e golang.zx2c4.com/wireguard/windows v0.5.4-0.20220328111914-004c22c5647e
@ -46,6 +46,7 @@ replace github.com/lucas-clemente/quic-go => github.com/tobyxdd/quic-go v0.28.1-
require ( require (
github.com/cheekybits/genny v1.0.0 // indirect github.com/cheekybits/genny v1.0.0 // indirect
github.com/database64128/tfo-go v1.1.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect

4
go.sum
View file

@ -20,6 +20,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk= github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/database64128/tfo-go v1.1.0 h1:VO0polyGNSAmr99nYw9GQeMz7ZOcQ/QbjlTwniHwfTQ=
github.com/database64128/tfo-go v1.1.0/go.mod h1:95pOT8bnV3P2Lmu9upHNWFHz6dYGJ9cr7pnb0tGQAG8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -334,6 +336,8 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU=
golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e h1:NHvCuwuS43lGnYhten69ZWqi2QOj/CiDNcKbVqwVoew=
golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

View file

@ -329,6 +329,8 @@ func updateGeneral(general *config.General, force bool) {
bindAddress := general.BindAddress bindAddress := general.BindAddress
P.SetBindAddress(bindAddress) P.SetBindAddress(bindAddress)
P.SetInboundTfo(general.InboundTfo)
tcpIn := tunnel.TCPIn() tcpIn := tunnel.TCPIn()
udpIn := tunnel.UDPIn() udpIn := tunnel.UDPIn()

View file

@ -1,6 +1,8 @@
package http package http
import ( import (
"context"
"github.com/database64128/tfo-go"
"net" "net"
"time" "time"
@ -30,12 +32,16 @@ func (l *Listener) Close() error {
return l.listener.Close() return l.listener.Close()
} }
func New(addr string, in chan<- C.ConnContext) (*Listener, error) { func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) {
return NewWithAuthenticate(addr, in, true) return NewWithAuthenticate(addr, in, true, inboundTfo)
} }
func NewWithAuthenticate(addr string, in chan<- C.ConnContext, authenticate bool) (*Listener, error) { func NewWithAuthenticate(addr string, in chan<- C.ConnContext, authenticate bool, inboundTfo bool) (*Listener, error) {
l, err := net.Listen("tcp", addr) lc := tfo.ListenConfig{
DisableTFO: !inboundTfo,
}
l, err := lc.Listen(context.Background(), "tcp", addr)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -26,6 +26,7 @@ var (
allowLan = false allowLan = false
bindAddress = "*" bindAddress = "*"
lastTunConf *config.Tun lastTunConf *config.Tun
inboundTfo = false
socksListener *socks.Listener socksListener *socks.Listener
socksUDPListener *socks.UDPListener socksUDPListener *socks.UDPListener
@ -80,6 +81,10 @@ func SetBindAddress(host string) {
bindAddress = host bindAddress = host
} }
func SetInboundTfo(itfo bool) {
inboundTfo = itfo
}
func NewInner(tcpIn chan<- C.ConnContext) { func NewInner(tcpIn chan<- C.ConnContext) {
inner.New(tcpIn) inner.New(tcpIn)
} }
@ -109,7 +114,7 @@ func ReCreateHTTP(port int, tcpIn chan<- C.ConnContext) {
return return
} }
httpListener, err = http.New(addr, tcpIn) httpListener, err = http.New(addr, inboundTfo, tcpIn)
if err != nil { if err != nil {
log.Errorln("Start HTTP server error: %s", err.Error()) log.Errorln("Start HTTP server error: %s", err.Error())
return return
@ -160,7 +165,7 @@ func ReCreateSocks(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P
return return
} }
tcpListener, err := socks.New(addr, tcpIn) tcpListener, err := socks.New(addr, inboundTfo, tcpIn)
if err != nil { if err != nil {
return return
} }
@ -310,7 +315,7 @@ func ReCreateMixed(port int, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.P
return return
} }
mixedListener, err = mixed.New(addr, tcpIn) mixedListener, err = mixed.New(addr, inboundTfo, tcpIn)
if err != nil { if err != nil {
return return
} }

View file

@ -1,6 +1,8 @@
package mixed package mixed
import ( import (
"context"
"github.com/database64128/tfo-go"
"net" "net"
"time" "time"
@ -36,8 +38,11 @@ func (l *Listener) Close() error {
return l.listener.Close() return l.listener.Close()
} }
func New(addr string, in chan<- C.ConnContext) (*Listener, error) { func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) {
l, err := net.Listen("tcp", addr) lc := tfo.ListenConfig{
DisableTFO: !inboundTfo,
}
l, err := lc.Listen(context.Background(), "tcp", addr)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -1,6 +1,8 @@
package socks package socks
import ( import (
"context"
"github.com/database64128/tfo-go"
"io" "io"
"net" "net"
@ -34,8 +36,11 @@ func (l *Listener) Close() error {
return l.listener.Close() return l.listener.Close()
} }
func New(addr string, in chan<- C.ConnContext) (*Listener, error) { func New(addr string, inboundTfo bool, in chan<- C.ConnContext) (*Listener, error) {
l, err := net.Listen("tcp", addr) lc := tfo.ListenConfig{
DisableTFO: !inboundTfo,
}
l, err := lc.Listen(context.Background(), "tcp", addr)
if err != nil { if err != nil {
return nil, err return nil, err
} }