gotapdance: github.com/refraction-networking/gotapdance/tapdance Index | Files

package tapdance

import "github.com/refraction-networking/gotapdance/tapdance"

Index

Package Files

assets.go common.go conjure.go conn_flow.go conn_raw.go counter.go dialer.go logger.go utils.go

Constants

const (
    // Unreachable -Dial Error Unreachable -- likely network unavailable (i.e. ipv6 error)
    Unreachable = iota

    // DialFailure - Dial Error Other than unreachable
    DialFailure

    // NotImplemented - Related Function Not Implemented
    NotImplemented

    // TLS Error (Expired, Wrong-Host, Untrusted-Root, ...)
    TLSError

    // Unknown - Error occurred without obvious explanation
    Unknown
)
const AES_GCM_TAG_SIZE = 16

func Assets Uses

func Assets() *assets

Assets is an access point to asset managing singleton. First access to singleton sets path. Assets(), if called before SetAssetsDir() sets path to "./assets/"

func AssetsSetDir Uses

func AssetsSetDir(dir string) *assets

AssetsSetDir sets the directory to read assets from. Functionally equivalent to Assets() after initialization, unless dir changes.

func Connect Uses

func Connect(ctx context.Context, reg *ConjureReg) (net.Conn, error)

Connect - Dial the Phantom IP address after registration

func Dial Uses

func Dial(network, address string) (net.Conn, error)

Dial connects to the address on the named network.

The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.

Example: Dial("tcp", "golang.org:80")

func DialConjure Uses

func DialConjure(ctx context.Context, cjSession *ConjureSession, registrationMethod Registrar) (net.Conn, error)

DialConjure - Perform Registration and Dial on an existing Conjure session

func DialConjureAddr Uses

func DialConjureAddr(ctx context.Context, address string, registrationMethod Registrar) (net.Conn, error)

DialConjureAddr - Perform Registration and Dial after creating a Conjure session from scratch

func EnableProxyProtocol Uses

func EnableProxyProtocol()

Global EnableProxyProtocol() is deprecated, use tapdance.Dialer with UseProxyHeader flag instead

Requests station to send client's IP to covert in following form: PROXY TCP4 x.x.x.x 127.0.0.1 1111 1234\r\n

 ^__^ ^_____^ ^_________________^
proto clientIP      garbage

func Logger Uses

func Logger() *logrus.Logger

Logger is an access point for TapDance-wide logger

func NewTapDanceConn Uses

func NewTapDanceConn() (net.Conn, error)

NewTapDanceConn returns TapDance connection, that is ready to be Dial'd

func SelectDecoys Uses

func SelectDecoys(sharedSecret []byte, version uint, width uint) []*pb.TLSDecoySpec

SelectDecoys - Get an array of `width` decoys to be used for registration

func SelectPhantom Uses

func SelectPhantom(seed []byte, support uint) (*net.IP, *net.IP, error)

SelectPhantom - select one phantom IP address based on shared secret

func SetTlsLogFilename Uses

func SetTlsLogFilename(filename string) error

func WriteTlsLog Uses

func WriteTlsLog(clientRandom, masterSecret []byte) error

type APIRegistrar Uses

type APIRegistrar struct {
    // Endpoint to use in registration request
    Endpoint string

    // HTTP client to use in request
    Client *http.Client

    // Length of time to delay after confirming successful
    // registration before attempting a connection,
    // allowing for propagation throughout the stations.
    ConnectionDelay time.Duration

    // Maximum number of retries before giving up
    MaxRetries int

    // A secondary registration method to use on failure.
    // Because the API registration can give us definite
    // indication of a failure to register, this can be
    // used as a "backup" in the case of the API being
    // down or being blocked.
    //
    // If this field is nil, no secondary registration will
    // be attempted. If it is non-nil, after failing to register
    // (retrying MaxRetries times) we will fall back to
    // the Register method on this field.
    SecondaryRegistrar Registrar
}

Registration strategy using a centralized REST API to create registrations. Only the Endpoint need be specified; the remaining fields are valid with their zero values and provide the opportunity for additional control over the process.

func (APIRegistrar) Register Uses

func (r APIRegistrar) Register(cjSession *ConjureSession, ctx context.Context) (*ConjureReg, error)

type ConjureReg Uses

type ConjureReg struct {

    // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
    //		we use their dialer to prevent connection loopback into our own proxy
    //		connection when tunneling the whole device.
    TcpDialer func(context.Context, string, string) (net.Conn, error)
    // contains filtered or unexported fields
}

ConjureReg - Registration structure created for each individual registration within a session.

func (*ConjureReg) Connect Uses

func (reg *ConjureReg) Connect(ctx context.Context) (net.Conn, error)

Connect - Use a registration (result of calling Register) to connect to a phantom Note: This is hacky but should work for v4, v6, or both as any nil phantom addr will return a dial error and be ignored.

type ConjureSession Uses

type ConjureSession struct {
    Keys           *sharedKeys
    Width          uint
    V6Support      *V6
    UseProxyHeader bool
    SessionID      uint64
    RegDecoys      []*pb.TLSDecoySpec // pb.DecoyList
    Phantom        *net.IP
    Transport      pb.TransportType
    CovertAddress  string

    // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
    //		we use their dialer to prevent connection loopback into our own proxy
    //		connection when tunneling the whole device.
    TcpDialer func(context.Context, string, string) (net.Conn, error)
    // contains filtered or unexported fields
}

ConjureSession - Create a session with details for registration and connection

func (*ConjureSession) IDString Uses

func (cjSession *ConjureSession) IDString() string

IDString - Get the ID string for the session

func (*ConjureSession) String Uses

func (cjSession *ConjureSession) String() string

String - Print the string for debug and/or logging

type CounterUint64 Uses

type CounterUint64 struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

CounterUint64 is a goroutine-safe uint64 counter. Wraps, if underflows/overflows.

func (*CounterUint64) Dec Uses

func (c *CounterUint64) Dec() uint64

Dec decrements the counter and returns resulting value

func (*CounterUint64) Get Uses

func (c *CounterUint64) Get() (value uint64)

Get returns current counter value

func (*CounterUint64) GetAndInc Uses

func (c *CounterUint64) GetAndInc() uint64

GetAndInc returns current value and then increases the counter

func (*CounterUint64) Inc Uses

func (c *CounterUint64) Inc() uint64

Inc increases the counter and returns resulting value

func (*CounterUint64) Set Uses

func (c *CounterUint64) Set(value uint64)

Set assigns current counter value

type DecoyRegistrar Uses

type DecoyRegistrar struct{}

func (DecoyRegistrar) Register Uses

func (DecoyRegistrar) Register(cjSession *ConjureSession, ctx context.Context) (*ConjureReg, error)

type Dialer Uses

type Dialer struct {
    SplitFlows bool

    // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
    //		we use their dialer to prevent connection loopback into our own proxy
    //		connection when tunneling the whole device.
    TcpDialer func(context.Context, string, string) (net.Conn, error)

    DarkDecoy bool

    // The type of registrar to use when performing Conjure registrations.
    DarkDecoyRegistrar Registrar

    // The type of transport to use for Conjure connections.
    Transport pb.TransportType

    UseProxyHeader bool
    V6Support      bool // *bool so that it is a nullable type. that can be overridden
    Width          int
}

Dialer contains options and implements advanced functions for establishing TapDance connection.

func (*Dialer) Dial Uses

func (d *Dialer) Dial(network, address string) (net.Conn, error)

Dial connects to the address on the named network.

func (*Dialer) DialContext Uses

func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext connects to the address on the named network using the provided context. Long deadline is strongly advised, since tapdance will try multiple decoys.

The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.

Example: Dial("tcp", "golang.org:80")

func (*Dialer) DialProxy Uses

func (d *Dialer) DialProxy() (net.Conn, error)

DialProxy establishes direct connection to TapDance station proxy. Users are expected to send HTTP CONNECT request next.

func (*Dialer) DialProxyContext Uses

func (d *Dialer) DialProxyContext(ctx context.Context) (net.Conn, error)

DialProxyContext establishes direct connection to TapDance station proxy using the provided context. Users are expected to send HTTP CONNECT request next.

type Obfs4Keys Uses

type Obfs4Keys struct {
    PrivateKey *ntor.PrivateKey
    PublicKey  *ntor.PublicKey
    NodeID     *ntor.NodeID
}

type RegError Uses

type RegError struct {
    // contains filtered or unexported fields
}

RegError - Registration Error passed during registration to indicate failure mode

func (RegError) CodeStr Uses

func (err RegError) CodeStr() string

CodeStr - Get desctriptor associated with error code

func (RegError) Error Uses

func (err RegError) Error() string

type Registrar Uses

type Registrar interface {
    Register(*ConjureSession, context.Context) (*ConjureReg, error)
}

Registrar defines the interface for a service executing decoy registrations.

type TapdanceFlowConn Uses

type TapdanceFlowConn struct {
    // contains filtered or unexported fields
}

TapdanceFlowConn represents single TapDance flow.

func (*TapdanceFlowConn) Close Uses

func (flowConn *TapdanceFlowConn) Close() error

Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.

func (*TapdanceFlowConn) DialContext Uses

func (flowConn *TapdanceFlowConn) DialContext(ctx context.Context) error

Dial establishes direct connection to TapDance station proxy. Users are expected to send HTTP CONNECT request next.

func (*TapdanceFlowConn) LocalAddr Uses

func (flowConn *TapdanceFlowConn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*TapdanceFlowConn) Read Uses

func (flowConn *TapdanceFlowConn) Read(b []byte) (int, error)

func (*TapdanceFlowConn) RemoteAddr Uses

func (flowConn *TapdanceFlowConn) RemoteAddr() net.Addr

RemoteAddr returns the address of current decoy. Not goroutine-safe, mostly here to satisfy net.Conn

func (*TapdanceFlowConn) SetDeadline Uses

func (flowConn *TapdanceFlowConn) SetDeadline(t time.Time) error

SetDeadline is supposed to set the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.

TODO: In reality, SetDeadline doesn't do that yet, but existence of this function is mandatory to implement net.Conn

A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future I/O, not just the immediately following call to Read or Write.

An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.

A zero value for t means I/O operations will not time out.

func (*TapdanceFlowConn) SetReadDeadline Uses

func (flowConn *TapdanceFlowConn) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for future Read calls. A zero value for t means Read will not time out.

func (*TapdanceFlowConn) SetWriteDeadline Uses

func (flowConn *TapdanceFlowConn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for future Write calls. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.

func (*TapdanceFlowConn) Write Uses

func (flowConn *TapdanceFlowConn) Write(b []byte) (int, error)

Write writes data to the connection. Write can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetWriteDeadline.

type V6 Uses

type V6 struct {
    // contains filtered or unexported fields
}

V6 - Struct to track V6 support and cache result across sessions

Package tapdance imports 37 packages (graph) and is imported by 3 packages. Updated 2020-10-24. Refresh now. Tools for package owners.