Optimization: use client session cache for TLS connection (#26)

This commit is contained in:
changx 2018-11-01 11:54:45 +08:00 committed by Dreamacro
parent c5757a9b11
commit fd63707399
4 changed files with 67 additions and 19 deletions

View file

@ -32,6 +32,7 @@ type Socks5 struct {
name string name string
tls bool tls bool
skipCertVerify bool skipCertVerify bool
tlsConfig *tls.Config
} }
type Socks5Option struct { type Socks5Option struct {
@ -54,11 +55,9 @@ func (ss *Socks5) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err e
c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout) c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout)
if err == nil && ss.tls { if err == nil && ss.tls {
tlsConfig := tls.Config{ cc := tls.Client(c, ss.tlsConfig)
InsecureSkipVerify: ss.skipCertVerify, err = cc.Handshake()
MaxVersion: tls.VersionTLS12, c = cc
}
c = tls.Client(c, &tlsConfig)
} }
if err != nil { if err != nil {
@ -103,10 +102,22 @@ func (ss *Socks5) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
} }
func NewSocks5(option Socks5Option) *Socks5 { func NewSocks5(option Socks5Option) *Socks5 {
var tlsConfig *tls.Config
if option.TLS {
tlsConfig = &tls.Config{
InsecureSkipVerify: option.SkipCertVerify,
ClientSessionCache: getClientSessionCache(),
MinVersion: tls.VersionTLS11,
MaxVersion: tls.VersionTLS12,
ServerName: option.Server,
}
}
return &Socks5{ return &Socks5{
addr: fmt.Sprintf("%s:%d", option.Server, option.Port), addr: fmt.Sprintf("%s:%d", option.Server, option.Port),
name: option.Name, name: option.Name,
tls: option.TLS, tls: option.TLS,
skipCertVerify: option.SkipCertVerify, skipCertVerify: option.SkipCertVerify,
tlsConfig: tlsConfig,
} }
} }

View file

@ -1,10 +1,12 @@
package adapters package adapters
import ( import (
"crypto/tls"
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
"sync"
"time" "time"
C "github.com/Dreamacro/clash/constant" C "github.com/Dreamacro/clash/constant"
@ -14,6 +16,11 @@ const (
tcpTimeout = 5 * time.Second tcpTimeout = 5 * time.Second
) )
var (
globalClientSessionCache tls.ClientSessionCache
once sync.Once
)
// DelayTest get the delay for the specified URL // DelayTest get the delay for the specified URL
func DelayTest(proxy C.Proxy, url string) (t int16, err error) { func DelayTest(proxy C.Proxy, url string) (t int16, err error) {
addr, err := urlToMetadata(url) addr, err := urlToMetadata(url)
@ -95,3 +102,10 @@ func tcpKeepAlive(c net.Conn) {
tcp.SetKeepAlivePeriod(30 * time.Second) tcp.SetKeepAlivePeriod(30 * time.Second)
} }
} }
func getClientSessionCache() tls.ClientSessionCache {
once.Do(func() {
globalClientSessionCache = tls.NewLRUClientSessionCache(128)
})
return globalClientSessionCache
}

View file

@ -72,6 +72,7 @@ func NewVmess(option VmessOption) (*Vmess, error) {
NetWork: option.Network, NetWork: option.Network,
WebSocketPath: option.WSPath, WebSocketPath: option.WSPath,
SkipCertVerify: option.SkipCertVerify, SkipCertVerify: option.SkipCertVerify,
SessionCacahe: getClientSessionCache(),
}) })
if err != nil { if err != nil {
return nil, err return nil, err

View file

@ -7,6 +7,7 @@ import (
"net" "net"
"net/url" "net/url"
"runtime" "runtime"
"sync"
"time" "time"
"github.com/gofrs/uuid" "github.com/gofrs/uuid"
@ -39,6 +40,11 @@ var CipherMapping = map[string]byte{
"chacha20-poly1305": SecurityCHACHA20POLY1305, "chacha20-poly1305": SecurityCHACHA20POLY1305,
} }
var (
clientSessionCache tls.ClientSessionCache
once sync.Once
)
// Command types // Command types
const ( const (
CommandTCP byte = 1 CommandTCP byte = 1
@ -61,14 +67,14 @@ type DstAddr struct {
// Client is vmess connection generator // Client is vmess connection generator
type Client struct { type Client struct {
user []*ID user []*ID
uuid *uuid.UUID uuid *uuid.UUID
security Security security Security
tls bool tls bool
host string host string
websocket bool websocket bool
websocketPath string websocketPath string
skipCertVerify bool tlsConfig *tls.Config
} }
// Config of vmess // Config of vmess
@ -81,6 +87,7 @@ type Config struct {
NetWork string NetWork string
WebSocketPath string WebSocketPath string
SkipCertVerify bool SkipCertVerify bool
SessionCacahe tls.ClientSessionCache
} }
// New return a Conn with net.Conn and DstAddr // New return a Conn with net.Conn and DstAddr
@ -98,9 +105,7 @@ func (c *Client) New(conn net.Conn, dst *DstAddr) (net.Conn, error) {
scheme := "ws" scheme := "ws"
if c.tls { if c.tls {
scheme = "wss" scheme = "wss"
dialer.TLSClientConfig = &tls.Config{ dialer.TLSClientConfig = c.tlsConfig
InsecureSkipVerify: c.skipCertVerify,
}
} }
host, port, err := net.SplitHostPort(c.host) host, port, err := net.SplitHostPort(c.host)
@ -125,9 +130,7 @@ func (c *Client) New(conn net.Conn, dst *DstAddr) (net.Conn, error) {
conn = newWebsocketConn(wsConn, conn.RemoteAddr()) conn = newWebsocketConn(wsConn, conn.RemoteAddr())
} else if c.tls { } else if c.tls {
conn = tls.Client(conn, &tls.Config{ conn = tls.Client(conn, c.tlsConfig)
InsecureSkipVerify: c.skipCertVerify,
})
} }
return newConn(conn, c.user[r], dst, c.security), nil return newConn(conn, c.user[r], dst, c.security), nil
} }
@ -160,6 +163,17 @@ func NewClient(config Config) (*Client, error) {
return nil, fmt.Errorf("Unknown network type: %s", config.NetWork) return nil, fmt.Errorf("Unknown network type: %s", config.NetWork)
} }
var tlsConfig *tls.Config
if config.TLS {
tlsConfig = &tls.Config{
InsecureSkipVerify: config.SkipCertVerify,
ClientSessionCache: config.SessionCacahe,
}
if tlsConfig.ClientSessionCache == nil {
tlsConfig.ClientSessionCache = getClientSessionCache()
}
}
return &Client{ return &Client{
user: newAlterIDs(newID(&uid), config.AlterID), user: newAlterIDs(newID(&uid), config.AlterID),
uuid: &uid, uuid: &uid,
@ -168,5 +182,13 @@ func NewClient(config Config) (*Client, error) {
host: config.Host, host: config.Host,
websocket: config.NetWork == "ws", websocket: config.NetWork == "ws",
websocketPath: config.WebSocketPath, websocketPath: config.WebSocketPath,
tlsConfig: tlsConfig,
}, nil }, nil
} }
func getClientSessionCache() tls.ClientSessionCache {
once.Do(func() {
clientSessionCache = tls.NewLRUClientSessionCache(128)
})
return clientSessionCache
}