Optimization: use client session cache for TLS connection (#26)
This commit is contained in:
gVisor bot
parent
2ecfca0712
commit
e9dfbae5cb
4 changed files with 67 additions and 19 deletions
|
|
@ -32,6 +32,7 @@ type Socks5 struct {
|
||||||
name string
|
name string
|
||||||
tls bool
|
tls bool
|
||||||
skipCertVerify bool
|
skipCertVerify bool
|
||||||
|
tlsConfig *tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
type Socks5Option struct {
|
type Socks5Option struct {
|
||||||
|
|
@ -54,11 +55,9 @@ func (ss *Socks5) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err e
|
||||||
c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout)
|
c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout)
|
||||||
|
|
||||||
if err == nil && ss.tls {
|
if err == nil && ss.tls {
|
||||||
tlsConfig := tls.Config{
|
cc := tls.Client(c, ss.tlsConfig)
|
||||||
InsecureSkipVerify: ss.skipCertVerify,
|
err = cc.Handshake()
|
||||||
MaxVersion: tls.VersionTLS12,
|
c = cc
|
||||||
}
|
|
||||||
c = tls.Client(c, &tlsConfig)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -103,10 +102,22 @@ func (ss *Socks5) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSocks5(option Socks5Option) *Socks5 {
|
func NewSocks5(option Socks5Option) *Socks5 {
|
||||||
|
var tlsConfig *tls.Config
|
||||||
|
if option.TLS {
|
||||||
|
tlsConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: option.SkipCertVerify,
|
||||||
|
ClientSessionCache: getClientSessionCache(),
|
||||||
|
MinVersion: tls.VersionTLS11,
|
||||||
|
MaxVersion: tls.VersionTLS12,
|
||||||
|
ServerName: option.Server,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &Socks5{
|
return &Socks5{
|
||||||
addr: fmt.Sprintf("%s:%d", option.Server, option.Port),
|
addr: fmt.Sprintf("%s:%d", option.Server, option.Port),
|
||||||
name: option.Name,
|
name: option.Name,
|
||||||
tls: option.TLS,
|
tls: option.TLS,
|
||||||
skipCertVerify: option.SkipCertVerify,
|
skipCertVerify: option.SkipCertVerify,
|
||||||
|
tlsConfig: tlsConfig,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,12 @@
|
||||||
package adapters
|
package adapters
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
|
@ -14,6 +16,11 @@ const (
|
||||||
tcpTimeout = 5 * time.Second
|
tcpTimeout = 5 * time.Second
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
globalClientSessionCache tls.ClientSessionCache
|
||||||
|
once sync.Once
|
||||||
|
)
|
||||||
|
|
||||||
// DelayTest get the delay for the specified URL
|
// DelayTest get the delay for the specified URL
|
||||||
func DelayTest(proxy C.Proxy, url string) (t int16, err error) {
|
func DelayTest(proxy C.Proxy, url string) (t int16, err error) {
|
||||||
addr, err := urlToMetadata(url)
|
addr, err := urlToMetadata(url)
|
||||||
|
|
@ -95,3 +102,10 @@ func tcpKeepAlive(c net.Conn) {
|
||||||
tcp.SetKeepAlivePeriod(30 * time.Second)
|
tcp.SetKeepAlivePeriod(30 * time.Second)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getClientSessionCache() tls.ClientSessionCache {
|
||||||
|
once.Do(func() {
|
||||||
|
globalClientSessionCache = tls.NewLRUClientSessionCache(128)
|
||||||
|
})
|
||||||
|
return globalClientSessionCache
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -72,6 +72,7 @@ func NewVmess(option VmessOption) (*Vmess, error) {
|
||||||
NetWork: option.Network,
|
NetWork: option.Network,
|
||||||
WebSocketPath: option.WSPath,
|
WebSocketPath: option.WSPath,
|
||||||
SkipCertVerify: option.SkipCertVerify,
|
SkipCertVerify: option.SkipCertVerify,
|
||||||
|
SessionCacahe: getClientSessionCache(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gofrs/uuid"
|
"github.com/gofrs/uuid"
|
||||||
|
|
@ -39,6 +40,11 @@ var CipherMapping = map[string]byte{
|
||||||
"chacha20-poly1305": SecurityCHACHA20POLY1305,
|
"chacha20-poly1305": SecurityCHACHA20POLY1305,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var (
|
||||||
|
clientSessionCache tls.ClientSessionCache
|
||||||
|
once sync.Once
|
||||||
|
)
|
||||||
|
|
||||||
// Command types
|
// Command types
|
||||||
const (
|
const (
|
||||||
CommandTCP byte = 1
|
CommandTCP byte = 1
|
||||||
|
|
@ -68,7 +74,7 @@ type Client struct {
|
||||||
host string
|
host string
|
||||||
websocket bool
|
websocket bool
|
||||||
websocketPath string
|
websocketPath string
|
||||||
skipCertVerify bool
|
tlsConfig *tls.Config
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config of vmess
|
// Config of vmess
|
||||||
|
|
@ -81,6 +87,7 @@ type Config struct {
|
||||||
NetWork string
|
NetWork string
|
||||||
WebSocketPath string
|
WebSocketPath string
|
||||||
SkipCertVerify bool
|
SkipCertVerify bool
|
||||||
|
SessionCacahe tls.ClientSessionCache
|
||||||
}
|
}
|
||||||
|
|
||||||
// New return a Conn with net.Conn and DstAddr
|
// New return a Conn with net.Conn and DstAddr
|
||||||
|
|
@ -98,9 +105,7 @@ func (c *Client) New(conn net.Conn, dst *DstAddr) (net.Conn, error) {
|
||||||
scheme := "ws"
|
scheme := "ws"
|
||||||
if c.tls {
|
if c.tls {
|
||||||
scheme = "wss"
|
scheme = "wss"
|
||||||
dialer.TLSClientConfig = &tls.Config{
|
dialer.TLSClientConfig = c.tlsConfig
|
||||||
InsecureSkipVerify: c.skipCertVerify,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
host, port, err := net.SplitHostPort(c.host)
|
host, port, err := net.SplitHostPort(c.host)
|
||||||
|
|
@ -125,9 +130,7 @@ func (c *Client) New(conn net.Conn, dst *DstAddr) (net.Conn, error) {
|
||||||
|
|
||||||
conn = newWebsocketConn(wsConn, conn.RemoteAddr())
|
conn = newWebsocketConn(wsConn, conn.RemoteAddr())
|
||||||
} else if c.tls {
|
} else if c.tls {
|
||||||
conn = tls.Client(conn, &tls.Config{
|
conn = tls.Client(conn, c.tlsConfig)
|
||||||
InsecureSkipVerify: c.skipCertVerify,
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
return newConn(conn, c.user[r], dst, c.security), nil
|
return newConn(conn, c.user[r], dst, c.security), nil
|
||||||
}
|
}
|
||||||
|
|
@ -160,6 +163,17 @@ func NewClient(config Config) (*Client, error) {
|
||||||
return nil, fmt.Errorf("Unknown network type: %s", config.NetWork)
|
return nil, fmt.Errorf("Unknown network type: %s", config.NetWork)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var tlsConfig *tls.Config
|
||||||
|
if config.TLS {
|
||||||
|
tlsConfig = &tls.Config{
|
||||||
|
InsecureSkipVerify: config.SkipCertVerify,
|
||||||
|
ClientSessionCache: config.SessionCacahe,
|
||||||
|
}
|
||||||
|
if tlsConfig.ClientSessionCache == nil {
|
||||||
|
tlsConfig.ClientSessionCache = getClientSessionCache()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return &Client{
|
return &Client{
|
||||||
user: newAlterIDs(newID(&uid), config.AlterID),
|
user: newAlterIDs(newID(&uid), config.AlterID),
|
||||||
uuid: &uid,
|
uuid: &uid,
|
||||||
|
|
@ -168,5 +182,13 @@ func NewClient(config Config) (*Client, error) {
|
||||||
host: config.Host,
|
host: config.Host,
|
||||||
websocket: config.NetWork == "ws",
|
websocket: config.NetWork == "ws",
|
||||||
websocketPath: config.WebSocketPath,
|
websocketPath: config.WebSocketPath,
|
||||||
|
tlsConfig: tlsConfig,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getClientSessionCache() tls.ClientSessionCache {
|
||||||
|
once.Do(func() {
|
||||||
|
clientSessionCache = tls.NewLRUClientSessionCache(128)
|
||||||
|
})
|
||||||
|
return clientSessionCache
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue