From 65e0951b31afcbd4e64c5a2ab9bcb4d3b627c317 Mon Sep 17 00:00:00 2001 From: pagefault Date: Sat, 21 Mar 2020 10:36:21 +0800 Subject: [PATCH] fix trival bugs --- README.md | 2 +- protocol/trojan/outbound.go | 6 +++--- proxy/proxy_test.go | 40 +++++++++++++++++++++++++++++++++++++ proxy/server.go | 4 +++- proxy/server_test.go | 32 +++++++++++++++++++++++++++++ stat/db.go | 1 + 6 files changed, 80 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7f61c5d47..94c01062f 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ The format of the configuration file is compatible, see [here](https://trojan-gf - [x] Mux - [x] TLS Settings - [x] TLS redirecting -- [ ] non-TLS redirecting +- [X] non-TLS redirecting - [ ] Cert utils - [x] Database support - [x] Traffic stats diff --git a/protocol/trojan/outbound.go b/protocol/trojan/outbound.go index a78fa23d0..e97f5ecc8 100644 --- a/protocol/trojan/outbound.go +++ b/protocol/trojan/outbound.go @@ -69,14 +69,14 @@ func NewOutboundConnSession(req *protocol.Request, conn io.ReadWriteCloser, conf ClientSessionCache: tls.NewLRUClientSessionCache(-1), } tlsConn, err := tls.Dial("tcp", config.RemoteAddr.String(), tlsConfig) + if err != nil { + return nil, common.NewError("cannot dial to the remote server").Base(err) + } if config.TLS.VerifyHostname { if err := tlsConn.VerifyHostname(config.TLS.SNI); err != nil { return nil, common.NewError("failed to verify hostname").Base(err) } } - if err != nil { - return nil, common.NewError("cannot dial to the remote server").Base(err) - } conn = tlsConn } o := &TrojanOutboundConnSession{ diff --git a/proxy/proxy_test.go b/proxy/proxy_test.go index 1952611cd..496d5af35 100644 --- a/proxy/proxy_test.go +++ b/proxy/proxy_test.go @@ -1,7 +1,9 @@ package proxy import ( + "crypto/x509" "io/ioutil" + "net" "sync" "testing" "time" @@ -40,6 +42,44 @@ func TestClientToPortReusingServer(t *testing.T) { time.Sleep(time.Hour) } +func TestSNIConfig(t *testing.T) { + go ClientWithWrongSNI(t) + TestServer(t) +} + +func ClientWithWrongSNI(t *testing.T) { + serverCertBytes, err := ioutil.ReadFile("./server.crt") + common.Must(err) + pool := x509.NewCertPool() + pool.AppendCertsFromPEM(serverCertBytes) + ip := net.IPv4(127, 0, 0, 1) + port := 4444 + password := "pass123123" + config := &conf.GlobalConfig{ + LocalAddr: &net.TCPAddr{ + IP: ip, + Port: port, + }, + LocalIP: ip, + LocalPort: uint16(port), + RemoteAddr: &net.TCPAddr{ + IP: ip, + Port: 4445, + }, + Hash: map[string]string{common.SHA224String(password): password}, + } + config.TLS.Verify = true + config.TLS.CertPool = pool + config.TLS.SNI = "localhost123" + config.TLS.VerifyHostname = true + + c := Client{ + config: config, + } + c.Run() + time.Sleep(time.Hour) +} + func BenchmarkClientToServerHugePayload(b *testing.B) { b.StopTimer() data, err := ioutil.ReadFile("client.json") diff --git a/proxy/server.go b/proxy/server.go index f22f5fc2c..aa8a19592 100644 --- a/proxy/server.go +++ b/proxy/server.go @@ -164,7 +164,9 @@ func (s *Server) Run() error { err = tlsConn.Handshake() if err != nil { logger.Warn(common.NewError("failed to handshake, response http payload").Base(err)) - conn.Write(s.config.TLS.HTTPResponse) + if len(s.config.TLS.HTTPResponse) > 0 { + conn.Write(s.config.TLS.HTTPResponse) + } conn.Close() continue } diff --git a/proxy/server_test.go b/proxy/server_test.go index 07d43b252..535df524a 100644 --- a/proxy/server_test.go +++ b/proxy/server_test.go @@ -128,3 +128,35 @@ func TestPortReusingServer(t *testing.T) { //common.Must(server2.Run()) //time.Sleep(time.Hour) } + +func TestServerTCPRedirecting(t *testing.T) { + key, err := tls.LoadX509KeyPair("server.crt", "server.key") + common.Must(err) + ip := net.IPv4(127, 0, 0, 1) + port := 4445 + password := "pass123123" + config := &conf.GlobalConfig{ + LocalAddr: &net.TCPAddr{ + IP: ip, + Port: port, + }, + LocalIP: ip, + LocalPort: uint16(port), + RemoteAddr: &net.TCPAddr{ + IP: ip, + Port: 80, + }, + RemoteIP: ip, + RemotePort: 80, + Hash: map[string]string{common.SHA224String(password): password}, + } + config.TLS.KeyPair = []tls.Certificate{key} + config.TLS.SNI = "localhost" + payload, err := ioutil.ReadFile("http.txt") + common.Must(err) + config.TLS.HTTPResponse = payload + server := Server{ + config: config, + } + server.Run() +} diff --git a/stat/db.go b/stat/db.go index 06a38538a..4ed43f1c6 100644 --- a/stat/db.go +++ b/stat/db.go @@ -144,6 +144,7 @@ func (a *DBAuthenticator) updateDaemon() { rows, err := a.db.Query("SELECT username,password,quota,download,upload FROM users") if err != nil { logger.Error(common.NewError("failed to pull data from the database").Base(err)) + time.Sleep(statsUpdateDuration) continue } newValidUsers := make(map[string]string)