Documentation ¶
Overview ¶
Package tapdance implements a refraction networking client in golang.
Index ¶
- Constants
- Variables
- func Assets() *assets
- func AssetsSetDir(dir string) (*assets, error)
- func Dial(network, address string) (net.Conn, error)
- func DialConjure(ctx context.Context, cjSession *ConjureSession, registrationMethod Registrar) (net.Conn, error)
- func EnableProxyProtocol()
- func LogConjureSession(cjSession *ConjureSession)
- func Logger() *logrus.Logger
- func NewTapDanceConn() (net.Conn, error)
- func SelectDecoys(sharedSecret []byte, version uint, width uint) ([]*pb.TLSDecoySpec, error)
- func SelectPhantom(seed []byte, support uint) (*net.IP, *net.IP, bool, error)
- func SetLoggerOutput(out io.Writer)
- func SetTlsLogFilename(filename string) error
- func WriteTlsLog(clientRandom, masterSecret []byte) error
- type ConjureReg
- func (reg *ConjureReg) Connect(ctx context.Context, dialer dialFunc) (net.Conn, error)
- func (reg *ConjureReg) GetRandomDuration(base, min, max int) time.Duration
- func (reg *ConjureReg) Phantom4() net.IP
- func (reg *ConjureReg) Phantom6() net.IP
- func (reg *ConjureReg) Send(ctx context.Context, decoy *pb.TLSDecoySpec, dialError chan error)
- func (reg *ConjureReg) UnpackRegResp(regResp *pb.RegistrationResponse) error
- type ConjureSession
- func (cjSession *ConjureSession) BidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)
- func (cjSession *ConjureSession) Decoys() ([]*pb.TLSDecoySpec, error)
- func (cjSession *ConjureSession) IDString() string
- func (cjSession *ConjureSession) String() string
- func (cjSession *ConjureSession) UnidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)
- type CounterUint64
- type Dialer
- type RegError
- type Registrar
- type TapdanceFlowConn
- func (flowConn *TapdanceFlowConn) Close() error
- func (flowConn *TapdanceFlowConn) DialContext(ctx context.Context) error
- func (flowConn *TapdanceFlowConn) LocalAddr() net.Addr
- func (flowConn *TapdanceFlowConn) Read(b []byte) (int, error)
- func (flowConn *TapdanceFlowConn) RemoteAddr() net.Addr
- func (flowConn *TapdanceFlowConn) SetDeadline(t time.Time) error
- func (flowConn *TapdanceFlowConn) SetReadDeadline(t time.Time) error
- func (flowConn *TapdanceFlowConn) SetWriteDeadline(t time.Time) error
- func (flowConn *TapdanceFlowConn) Write(b []byte) (int, error)
- type Transport
- type V6
Constants ¶
const ( // Unreachable -Dial Error Unreachable -- likely network unavailable (i.e. ipv6 error) Unreachable = iota // DialFailure - Dial Error Other than unreachable DialFailure // NotImplemented - Related Function Not Implemented NotImplemented // TLSError (Expired, Wrong-Host, Untrusted-Root, ...) TLSError // Unknown - Error occurred without obvious explanation Unknown )
const AES_GCM_TAG_SIZE = 16
Variables ¶
var ErrNoOpenConns = errors.New("no open connections")
ErrNoOpenConns indicates that the client Failed to establish a connection with any phantom addr
Functions ¶
func Assets ¶
func Assets() *assets
Assets is an access point to asset managing singleton. First access to singleton sets path. Assets(), if called before SetAssetsDir() sets path to "./assets/"
func AssetsSetDir ¶
AssetsSetDir sets the directory to read assets from. Functionally equivalent to Assets() after initialization, unless dir changes.
func Dial ¶
Dial connects to the address on the named network.
The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.
Example: Dial("tcp", "golang.org:80")
func DialConjure ¶
func DialConjure(ctx context.Context, cjSession *ConjureSession, registrationMethod Registrar) (net.Conn, error)
DialConjure - Perform Registration and Dial on an existing Conjure session
func EnableProxyProtocol ¶
func EnableProxyProtocol()
Global EnableProxyProtocol() is deprecated, use tapdance.Dialer with UseProxyHeader flag instead
Requests station to send client's IP to covert in following form: PROXY TCP4 x.x.x.x 127.0.0.1 1111 1234\r\n
^__^ ^_____^ ^_________________^ proto clientIP garbage
func LogConjureSession ¶ added in v1.3.4
func LogConjureSession(cjSession *ConjureSession)
func NewTapDanceConn ¶
NewTapDanceConn returns TapDance connection, that is ready to be Dial'd
func SelectDecoys ¶
SelectDecoys - Get an array of `width` decoys to be used for registration
func SelectPhantom ¶
SelectPhantom - select one phantom IP address based on shared secret
func SetLoggerOutput ¶ added in v1.3.0
SetLoggerOutput will allow a caller to change the Logger output from the default of os.Stderr
func SetTlsLogFilename ¶
func WriteTlsLog ¶
Types ¶
type ConjureReg ¶
type ConjureReg struct { Transport *ConjureSession // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID // we use their dialer to prevent connection loopback into our own proxy // connection when tunneling the whole device. Dialer func(context.Context, string, string) (net.Conn, error) // contains filtered or unexported fields }
ConjureReg - Registration structure created for each individual registration within a session.
func (*ConjureReg) Connect ¶
Connect - Use a registration (result of calling Register) to connect to a phantom Note: This is hacky but should work for v4, v6, or both as any nil phantom addr will return a dial error and be ignored.
func (*ConjureReg) GetRandomDuration ¶ added in v1.3.2
func (reg *ConjureReg) GetRandomDuration(base, min, max int) time.Duration
GetRandomDuration returns a random duration that
func (*ConjureReg) Phantom4 ¶ added in v1.3.2
func (reg *ConjureReg) Phantom4() net.IP
Phantom4 returns the ipv4 phantom address
func (*ConjureReg) Phantom6 ¶ added in v1.3.2
func (reg *ConjureReg) Phantom6() net.IP
Phantom6 returns the ipv6 phantom address
func (*ConjureReg) Send ¶ added in v1.3.2
func (reg *ConjureReg) Send(ctx context.Context, decoy *pb.TLSDecoySpec, dialError chan error)
Being called in parallel -> no changes to ConjureReg allowed in this function
func (*ConjureReg) UnpackRegResp ¶ added in v1.3.2
func (reg *ConjureReg) UnpackRegResp(regResp *pb.RegistrationResponse) error
UnpackRegResp unpacks the RegistrationResponse message sent back by the station. This unpacks any field overrides sent by the registrar. When using a bidirectional registration method the server chooses the phantom IP and Port by default. Overrides to transport parameters are applied when reg.DisableRegistrarOverrides is false.
type ConjureSession ¶
type ConjureSession struct { Keys *sharedKeys Width uint V6Support *V6 UseProxyHeader bool SessionID uint64 Phantom *net.IP Transport Transport CovertAddress string DisableRegistrarOverrides bool // TcpDialer allows the caller to provide a custom dialer for outgoing proxy connections. // // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID // we use their dialer to prevent connection loopback into our own proxy // connection when tunneling the whole device. Dialer dialFunc // RegDelay is the delay duration to wait for registration ingest. RegDelay time.Duration // contains filtered or unexported fields }
ConjureSession - Create a session with details for registration and connection
func FindConjureSessionInRange ¶ added in v1.3.4
func FindConjureSessionInRange(covert string, transport Transport, phantomSubnet *net.IPNet) *ConjureSession
func MakeConjureSession ¶ added in v1.3.2
func MakeConjureSession(covert string, transport Transport) *ConjureSession
func MakeConjureSessionSilent ¶ added in v1.3.4
func MakeConjureSessionSilent(covert string, transport Transport) *ConjureSession
MakeConjureSessionSilent creates a conjure session without logging anything
func (*ConjureSession) BidirectionalRegData ¶ added in v1.3.2
func (cjSession *ConjureSession) BidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)
BidirectionalRegData returns a C2SWrapper for bidirectional registration
func (*ConjureSession) Decoys ¶ added in v1.3.2
func (cjSession *ConjureSession) Decoys() ([]*pb.TLSDecoySpec, error)
Decoys returns the set of usable decoys for a given conjure session.
func (*ConjureSession) IDString ¶
func (cjSession *ConjureSession) IDString() string
IDString - Get the ID string for the session
func (*ConjureSession) String ¶
func (cjSession *ConjureSession) String() string
String - Print the string for debug and/or logging
func (*ConjureSession) UnidirectionalRegData ¶ added in v1.3.2
func (cjSession *ConjureSession) UnidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)
UnidirectionalRegData returns a C2SWrapper for unidirectional registration
type CounterUint64 ¶
CounterUint64 is a goroutine-safe uint64 counter. Wraps, if underflows/overflows.
func (*CounterUint64) Dec ¶
func (c *CounterUint64) Dec() uint64
Dec decrements the counter and returns resulting value
func (*CounterUint64) Get ¶
func (c *CounterUint64) Get() (value uint64)
Get returns current counter value
func (*CounterUint64) GetAndInc ¶
func (c *CounterUint64) GetAndInc() uint64
GetAndInc returns current value and then increases the counter
func (*CounterUint64) Inc ¶
func (c *CounterUint64) Inc() uint64
Inc increases the counter and returns resulting value
func (*CounterUint64) Set ¶
func (c *CounterUint64) Set(value uint64)
Set assigns current counter value
type Dialer ¶
type Dialer struct { SplitFlows bool // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID // we use their dialer to prevent connection loopback into our own proxy // connection when tunneling the whole device. // // Deprecated: Dialer does not allow specifying the local address used for NAT traversal in // some transports. Use DialerWithLaddr instead. Dialer func(context.Context, string, string) (net.Conn, error) // DialerWithLaddr allows a custom dialer to be used for the underlying TCP/UDP connection. // // THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID // we use their dialer to prevent connection loopback into our own proxy // connection when tunneling the whole device. DialerWithLaddr dialFunc DarkDecoy bool // The type of registrar to use when performing Conjure registrations. DarkDecoyRegistrar Registrar // DisableRegistrarOverrides Indicates whether the client will allow the registrar to provide // alternative parameters that may work better in substitute for the deterministically selected // parameters. This only works for bidirectional registration methods where the client receives // a RegistrationResponse. DisableRegistrarOverrides bool // The type of transport to use for Conjure connections. Transport pb.TransportType TransportConfig Transport // RegDelay is the delay duration to wait for registration ingest. RegDelay time.Duration UseProxyHeader bool V6Support bool Width int // Subnet that we want to limit to (or empty if they're all fine) PhantomNet string }
Dialer contains options and implements advanced functions for establishing TapDance connection.
func (*Dialer) DialContext ¶
DialContext connects to the address on the named network using the provided context. Long deadline is strongly advised, since tapdance will try multiple decoys.
The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.
Example: Dial("tcp", "golang.org:80")
type RegError ¶
type RegError struct {
// contains filtered or unexported fields
}
RegError - Registration Error passed during registration to indicate failure mode
func NewRegError ¶ added in v1.3.2
type Registrar ¶
type Registrar interface {
Register(*ConjureSession, context.Context) (*ConjureReg, error)
}
Registrar defines the interface for a service executing decoy registrations.
type TapdanceFlowConn ¶
type TapdanceFlowConn struct {
// contains filtered or unexported fields
}
TapdanceFlowConn represents single TapDance flow.
func (*TapdanceFlowConn) Close ¶
func (flowConn *TapdanceFlowConn) Close() error
Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.
func (*TapdanceFlowConn) DialContext ¶
func (flowConn *TapdanceFlowConn) DialContext(ctx context.Context) error
Dial establishes direct connection to TapDance station proxy. Users are expected to send HTTP CONNECT request next.
func (*TapdanceFlowConn) LocalAddr ¶
func (flowConn *TapdanceFlowConn) LocalAddr() net.Addr
LocalAddr returns the local network address.
func (*TapdanceFlowConn) RemoteAddr ¶
func (flowConn *TapdanceFlowConn) RemoteAddr() net.Addr
RemoteAddr returns the address of current decoy. Not goroutine-safe, mostly here to satisfy net.Conn
func (*TapdanceFlowConn) SetDeadline ¶
func (flowConn *TapdanceFlowConn) SetDeadline(t time.Time) error
SetDeadline is supposed to set the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.
TODO: In reality, SetDeadline doesn't do that yet, but existence of this function is mandatory to implement net.Conn
A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future I/O, not just the immediately following call to Read or Write.
An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.
A zero value for t means I/O operations will not time out.
func (*TapdanceFlowConn) SetReadDeadline ¶
func (flowConn *TapdanceFlowConn) SetReadDeadline(t time.Time) error
SetReadDeadline sets the deadline for future Read calls. A zero value for t means Read will not time out.
func (*TapdanceFlowConn) SetWriteDeadline ¶
func (flowConn *TapdanceFlowConn) SetWriteDeadline(t time.Time) error
SetWriteDeadline sets the deadline for future Write calls. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.
type Transport ¶ added in v1.5.0
type Transport interfaces.Transport