protocol

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2017 License: GPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TUNNEL_PROTOCOL_SSH                           = "SSH"
	TUNNEL_PROTOCOL_OBFUSCATED_SSH                = "OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK                = "UNFRONTED-MEEK-OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_HTTPS          = "UNFRONTED-MEEK-HTTPS-OSSH"
	TUNNEL_PROTOCOL_UNFRONTED_MEEK_SESSION_TICKET = "UNFRONTED-MEEK-SESSION-TICKET-OSSH"
	TUNNEL_PROTOCOL_FRONTED_MEEK                  = "FRONTED-MEEK-OSSH"
	TUNNEL_PROTOCOL_FRONTED_MEEK_HTTP             = "FRONTED-MEEK-HTTP-OSSH"

	SERVER_ENTRY_SOURCE_EMBEDDED   = "EMBEDDED"
	SERVER_ENTRY_SOURCE_REMOTE     = "REMOTE"
	SERVER_ENTRY_SOURCE_DISCOVERY  = "DISCOVERY"
	SERVER_ENTRY_SOURCE_TARGET     = "TARGET"
	SERVER_ENTRY_SOURCE_OBFUSCATED = "OBFUSCATED"

	CAPABILITY_SSH_API_REQUESTS            = "ssh-api-requests"
	CAPABILITY_UNTUNNELED_WEB_API_REQUESTS = "handshake"

	CLIENT_CAPABILITY_SERVER_REQUESTS = "server-requests"

	PSIPHON_API_HANDSHAKE_REQUEST_NAME           = "psiphon-handshake"
	PSIPHON_API_CONNECTED_REQUEST_NAME           = "psiphon-connected"
	PSIPHON_API_STATUS_REQUEST_NAME              = "psiphon-status"
	PSIPHON_API_CLIENT_VERIFICATION_REQUEST_NAME = "psiphon-client-verification"
	PSIPHON_API_OSL_REQUEST_NAME                 = "psiphon-osl"

	PSIPHON_API_CLIENT_SESSION_ID_LENGTH = 16

	PSIPHON_SSH_API_PROTOCOL = "ssh"
	PSIPHON_WEB_API_PROTOCOL = "web"
)

Variables

Functions

func EncodeServerEntry

func EncodeServerEntry(serverEntry *ServerEntry) (string, error)

EncodeServerEntry returns a string containing the encoding of a ServerEntry following Psiphon conventions.

func GetCapability

func GetCapability(protocol string) string

GetCapability returns the server capability corresponding to the protocol.

func TunnelProtocolUsesMeekHTTP

func TunnelProtocolUsesMeekHTTP(protocol string) bool

func TunnelProtocolUsesMeekHTTPS

func TunnelProtocolUsesMeekHTTPS(protocol string) bool

func TunnelProtocolUsesObfuscatedSSH

func TunnelProtocolUsesObfuscatedSSH(protocol string) bool

func TunnelProtocolUsesObfuscatedSessionTickets

func TunnelProtocolUsesObfuscatedSessionTickets(protocol string) bool

func TunnelProtocolUsesSSH

func TunnelProtocolUsesSSH(protocol string) bool

func UseClientTunnelProtocol

func UseClientTunnelProtocol(
	clientProtocol string,
	serverProtocols []string) bool

func ValidateServerEntry

func ValidateServerEntry(serverEntry *ServerEntry) error

ValidateServerEntry checks for malformed server entries. Currently, it checks for a valid ipAddress. This is important since handshake requests submit back to the server a list of known server IP addresses and the handshake API expects well-formed inputs. TODO: validate more fields

Types

type ConnectedResponse

type ConnectedResponse struct {
	ConnectedTimestamp string `json:"connected_timestamp"`
}

type HandshakeResponse

type HandshakeResponse struct {
	SSHSessionID         string              `json:"ssh_session_id"`
	Homepages            []string            `json:"homepages"`
	UpgradeClientVersion string              `json:"upgrade_client_version"`
	PageViewRegexes      []map[string]string `json:"page_view_regexes"`
	HttpsRequestRegexes  []map[string]string `json:"https_request_regexes"`
	EncodedServerList    []string            `json:"encoded_server_list"`
	ClientRegion         string              `json:"client_region"`
	ServerTimestamp      string              `json:"server_timestamp"`
}

type MeekCookieData

type MeekCookieData struct {
	ServerAddress        string `json:"p"`
	SessionID            string `json:"s"`
	MeekProtocolVersion  int    `json:"v"`
	ClientTunnelProtocol string `json:"t"`
}

type OSLRequest

type OSLRequest struct {
	ClearLocalSLOKs bool             `json:"clear_local_sloks"`
	SeedPayload     *osl.SeedPayload `json:"seed_payload"`
}

type SSHPasswordPayload

type SSHPasswordPayload struct {
	SessionId          string   `json:"SessionId"`
	SshPassword        string   `json:"SshPassword"`
	ClientCapabilities []string `json:"ClientCapabilities"`
}

type ServerEntry

type ServerEntry struct {
	IpAddress                     string   `json:"ipAddress"`
	WebServerPort                 string   `json:"webServerPort"` // not an int
	WebServerSecret               string   `json:"webServerSecret"`
	WebServerCertificate          string   `json:"webServerCertificate"`
	SshPort                       int      `json:"sshPort"`
	SshUsername                   string   `json:"sshUsername"`
	SshPassword                   string   `json:"sshPassword"`
	SshHostKey                    string   `json:"sshHostKey"`
	SshObfuscatedPort             int      `json:"sshObfuscatedPort"`
	SshObfuscatedKey              string   `json:"sshObfuscatedKey"`
	Capabilities                  []string `json:"capabilities"`
	Region                        string   `json:"region"`
	MeekServerPort                int      `json:"meekServerPort"`
	MeekCookieEncryptionPublicKey string   `json:"meekCookieEncryptionPublicKey"`
	MeekObfuscatedKey             string   `json:"meekObfuscatedKey"`
	MeekFrontingHost              string   `json:"meekFrontingHost"`
	MeekFrontingHosts             []string `json:"meekFrontingHosts"`
	MeekFrontingDomain            string   `json:"meekFrontingDomain"`
	MeekFrontingAddresses         []string `json:"meekFrontingAddresses"`
	MeekFrontingAddressesRegex    string   `json:"meekFrontingAddressesRegex"`
	MeekFrontingDisableSNI        bool     `json:"meekFrontingDisableSNI"`

	// These local fields are not expected to be present in downloaded server
	// entries. They are added by the client to record and report stats about
	// how and when server entries are obtained.
	LocalSource    string `json:"localSource"`
	LocalTimestamp string `json:"localTimestamp"`
}

ServerEntry represents a Psiphon server. It contains information about how to establish a tunnel connection to the server through several protocols. Server entries are JSON records downloaded from various sources.

func DecodeAndValidateServerEntryList

func DecodeAndValidateServerEntryList(
	encodedServerEntryList, timestamp,
	serverEntrySource string) (serverEntries []*ServerEntry, err error)

DecodeAndValidateServerEntryList extracts server entries from the list encoding used by remote server lists and Psiphon server handshake requests. Each server entry is validated and invalid entries are skipped. See DecodeServerEntry for note on serverEntrySource/timestamp.

func DecodeServerEntry

func DecodeServerEntry(
	encodedServerEntry, timestamp,
	serverEntrySource string) (serverEntry *ServerEntry, err error)

DecodeServerEntry extracts server entries from the encoding used by remote server lists and Psiphon server handshake requests.

The resulting ServerEntry.LocalSource is populated with serverEntrySource, which should be one of SERVER_ENTRY_SOURCE_EMBEDDED, SERVER_ENTRY_SOURCE_REMOTE, SERVER_ENTRY_SOURCE_DISCOVERY, SERVER_ENTRY_SOURCE_TARGET, SERVER_ENTRY_SOURCE_OBFUSCATED. ServerEntry.LocalTimestamp is populated with the provided timestamp, which should be a RFC 3339 formatted string. These local fields are stored with the server entry and reported to the server as stats (a coarse granularity timestamp is reported).

func (*ServerEntry) DisableImpairedProtocols

func (serverEntry *ServerEntry) DisableImpairedProtocols(impairedProtocols []string)

DisableImpairedProtocols modifies the ServerEntry to disable the specified protocols. Note: this assumes that protocol capabilities are 1-to-1.

func (*ServerEntry) GetSupportedProtocols

func (serverEntry *ServerEntry) GetSupportedProtocols() []string

GetSupportedProtocols returns a list of tunnel protocols supported by the ServerEntry's capabilities.

func (*ServerEntry) GetUntunneledWebRequestPorts

func (serverEntry *ServerEntry) GetUntunneledWebRequestPorts() []string

func (*ServerEntry) SupportsProtocol

func (serverEntry *ServerEntry) SupportsProtocol(protocol string) bool

SupportsProtocol returns true if and only if the ServerEntry has the necessary capability to support the specified tunnel protocol.

func (*ServerEntry) SupportsSSHAPIRequests

func (serverEntry *ServerEntry) SupportsSSHAPIRequests() bool

SupportsSSHAPIRequests returns true when the server supports SSH API requests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL