tapdance

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 13, 2023 License: Apache-2.0 Imports: 34 Imported by: 4

Documentation

Overview

Package tapdance implements a refraction networking client in golang.

Index

Constants

View Source 
const (
	// Unreachable -Dial Error Unreachable -- likely network unavailable (i.e. ipv6 error)
	Unreachable = iota

	// DialFailure - Dial Error Other than unreachable
	DialFailure

	// NotImplemented - Related Function Not Implemented
	NotImplemented

	// TLSError (Expired, Wrong-Host, Untrusted-Root, ...)
	TLSError

	// Unknown - Error occurred without obvious explanation
	Unknown
)
View Source 
const AES_GCM_TAG_SIZE = 16

Variables

View Source 
var ErrNoOpenConns = errors.New("no open connections")

ErrNoOpenConns indicates that the client Failed to establish a connection with any phantom addr

Functions

func Assets 

func Assets() *assets

Assets is an access point to asset managing singleton. First access to singleton sets path. Assets(), if called before SetAssetsDir() sets path to "./assets/"

func AssetsSetDir 

func AssetsSetDir(dir string) (*assets, error)

AssetsSetDir sets the directory to read assets from. Functionally equivalent to Assets() after initialization, unless dir changes.

func Dial 

func Dial(network, address string) (net.Conn, error)

Dial connects to the address on the named network.

The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.

Example: Dial("tcp", "golang.org:80")

func DialConjure 

func DialConjure(ctx context.Context, cjSession *ConjureSession, registrationMethod Registrar) (net.Conn, error)

DialConjure - Perform Registration and Dial on an existing Conjure session

func EnableProxyProtocol 

func EnableProxyProtocol()

Global EnableProxyProtocol() is deprecated, use tapdance.Dialer with UseProxyHeader flag instead

Requests station to send client's IP to covert in following form: PROXY TCP4 x.x.x.x 127.0.0.1 1111 1234\r\n 

 ^__^ ^_____^ ^_________________^
proto clientIP      garbage

func LogConjureSession added in v1.3.4 

func LogConjureSession(cjSession *ConjureSession)

func Logger 

func Logger() *logrus.Logger

Logger is an access point for TapDance-wide logger

func NewTapDanceConn 

func NewTapDanceConn() (net.Conn, error)

NewTapDanceConn returns TapDance connection, that is ready to be Dial'd

func SelectPhantom 

func SelectPhantom(seed []byte, support uint) (*net.IP, *net.IP, bool, error)

SelectPhantom - select one phantom IP address based on shared secret

func SetLoggerOutput added in v1.3.0 

func SetLoggerOutput(out io.Writer)

SetLoggerOutput will allow a caller to change the Logger output from the default of os.Stderr

func SetTlsLogFilename 

func SetTlsLogFilename(filename string) error

func WriteTlsLog 

func WriteTlsLog(clientRandom, masterSecret []byte) error

Types

type ConjureReg 

type ConjureReg struct {
	Transport
	*ConjureSession

	// THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
	//		we use their dialer to prevent connection loopback into our own proxy
	//		connection when tunneling the whole device.
	Dialer func(context.Context, string, string) (net.Conn, error)
	// contains filtered or unexported fields
}

ConjureReg - Registration structure created for each individual registration within a session.

func (*ConjureReg) Connect 

func (reg *ConjureReg) Connect(ctx context.Context, dialer dialFunc) (net.Conn, error)

Connect - Use a registration (result of calling Register) to connect to a phantom Note: This is hacky but should work for v4, v6, or both as any nil phantom addr will return a dial error and be ignored.

func (*ConjureReg) GetRandomDuration added in v1.3.2 

func (reg *ConjureReg) GetRandomDuration(base, min, max int) time.Duration

GetRandomDuration returns a random duration that

func (*ConjureReg) Phantom4 added in v1.3.2 

func (reg *ConjureReg) Phantom4() net.IP

Phantom4 returns the ipv4 phantom address

func (*ConjureReg) Phantom6 added in v1.3.2 

func (reg *ConjureReg) Phantom6() net.IP

Phantom6 returns the ipv6 phantom address

func (*ConjureReg) UnpackRegResp added in v1.3.2 

func (reg *ConjureReg) UnpackRegResp(regResp *pb.RegistrationResponse) error

UnpackRegResp unpacks the RegistrationResponse message sent back by the station. This unpacks any field overrides sent by the registrar. When using a bidirectional registration method the server chooses the phantom IP and Port by default. Overrides to transport parameters are applied when reg.DisableRegistrarOverrides is false.

type ConjureSession 

type ConjureSession struct {
	Keys           *core.SharedKeys
	V6Support      *V6
	UseProxyHeader bool
	SessionID      uint64
	Phantom        *net.IP
	Transport      Transport
	CovertAddress  string

	DisableRegistrarOverrides bool

	// TcpDialer allows the caller to provide a custom dialer for outgoing proxy connections.
	//
	// THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
	//		we use their dialer to prevent connection loopback into our own proxy
	//		connection when tunneling the whole device.
	Dialer dialFunc

	// RegDelay is the delay duration to wait for registration ingest.
	RegDelay time.Duration
	// contains filtered or unexported fields
}

ConjureSession - Create a session with details for registration and connection

func FindConjureSessionInRange added in v1.3.4 

func FindConjureSessionInRange(covert string, transport Transport, phantomSubnet *net.IPNet) *ConjureSession

func MakeConjureSession added in v1.3.2 

func MakeConjureSession(covert string, transport Transport) *ConjureSession

func MakeConjureSessionSilent added in v1.3.4 

func MakeConjureSessionSilent(covert string, transport Transport) *ConjureSession

MakeConjureSessionSilent creates a conjure session without logging anything

func (*ConjureSession) BidirectionalRegData added in v1.3.2 

func (cjSession *ConjureSession) BidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)

BidirectionalRegData returns a C2SWrapper for bidirectional registration

func (*ConjureSession) GetV4Support added in v1.7.0 

func (cjSession *ConjureSession) GetV4Support() *bool

GetV4Support created for the sake of removing ConjureReg

func (*ConjureSession) GetV6Include added in v1.7.0 

func (cjSession *ConjureSession) GetV6Include() uint

GetV6Include - returns the Include var of the clients V6 support

func (*ConjureSession) GetV6Support added in v1.7.0 

func (cjSession *ConjureSession) GetV6Support() *bool

GetV6Support created for the sake of removing ConjureReg

func (*ConjureSession) IDString 

func (cjSession *ConjureSession) IDString() string

IDString - Get the ID string for the session

func (*ConjureSession) String 

func (cjSession *ConjureSession) String() string

String - Print the string for debug and/or logging

func (*ConjureSession) UnidirectionalRegData added in v1.3.2 

func (cjSession *ConjureSession) UnidirectionalRegData(regSource *pb.RegistrationSource) (*ConjureReg, *pb.C2SWrapper, error)

UnidirectionalRegData returns a C2SWrapper for unidirectional registration

type CounterUint64 

type CounterUint64 struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CounterUint64 is a goroutine-safe uint64 counter. Wraps, if underflows/overflows.

func (*CounterUint64) Dec 

func (c *CounterUint64) Dec() uint64

Dec decrements the counter and returns resulting value

func (*CounterUint64) Get 

func (c *CounterUint64) Get() (value uint64)

Get returns current counter value

func (*CounterUint64) GetAndInc 

func (c *CounterUint64) GetAndInc() uint64

GetAndInc returns current value and then increases the counter

func (*CounterUint64) Inc 

func (c *CounterUint64) Inc() uint64

Inc increases the counter and returns resulting value

func (*CounterUint64) Set 

func (c *CounterUint64) Set(value uint64)

Set assigns current counter value

type Dialer 

type Dialer struct {
	SplitFlows bool

	// THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
	//		we use their dialer to prevent connection loopback into our own proxy
	//		connection when tunneling the whole device.
	//
	// Deprecated: Dialer does not allow specifying the local address used for NAT traversal in
	// some transports. Use DialerWithLaddr instead.
	Dialer func(context.Context, string, string) (net.Conn, error)

	// DialerWithLaddr allows a custom dialer to be used for the underlying TCP/UDP connection.
	//
	// THIS IS REQUIRED TO INTERFACE WITH PSIPHON ANDROID
	//		we use their dialer to prevent connection loopback into our own proxy
	//		connection when tunneling the whole device.
	DialerWithLaddr dialFunc

	DarkDecoy bool

	// The type of registrar to use when performing Conjure registrations.
	DarkDecoyRegistrar Registrar

	// DisableRegistrarOverrides Indicates whether the client will allow the registrar to provide
	// alternative parameters that may work better in substitute for the deterministically selected
	// parameters. This only works for bidirectional registration methods where the client receives
	// a RegistrationResponse.
	DisableRegistrarOverrides bool

	// The type of transport to use for Conjure connections.
	Transport       pb.TransportType
	TransportConfig Transport

	// RegDelay is the delay duration to wait for registration ingest.
	RegDelay time.Duration

	UseProxyHeader bool
	V6Support      bool

	// Width indicates the number of independent decoy registrations to send in parallel as success
	// rates for individual decoy registrations are relatively low. (Default 5)
	//
	// Deprecated: Use the Width parameter in the Decoy Registrar.
	Width int

	// Subnet that we want to limit to (or empty if they're all fine)
	PhantomNet string
}

Dialer contains options and implements advanced functions for establishing TapDance connection.

func (*Dialer) Dial 

func (d *Dialer) Dial(network, address string) (net.Conn, error)

Dial connects to the address on the named network.

func (*Dialer) DialContext 

func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

DialContext connects to the address on the named network using the provided context. Long deadline is strongly advised, since tapdance will try multiple decoys.

The only supported network at this time: "tcp". The address has the form "host:port". The host must be a literal IP address, or a host name that can be resolved to IP addresses. To avoid abuse, only certain whitelisted ports are allowed.

Example: Dial("tcp", "golang.org:80")

func (*Dialer) DialProxy 

func (d *Dialer) DialProxy() (net.Conn, error)

DialProxy establishes direct connection to TapDance station proxy. Users are expected to send HTTP CONNECT request next.

func (*Dialer) DialProxyContext 

func (d *Dialer) DialProxyContext(ctx context.Context) (net.Conn, error)

DialProxyContext establishes direct connection to TapDance station proxy using the provided context. Users are expected to send HTTP CONNECT request next.

type RegError 

type RegError struct {
	// contains filtered or unexported fields
}

RegError - Registration Error passed during registration to indicate failure mode

func NewRegError added in v1.3.2 

func NewRegError(code uint, msg string) RegError

func (RegError) Code added in v1.3.2 

func (err RegError) Code() uint

func (RegError) CodeStr 

func (err RegError) CodeStr() string

CodeStr - Get desctriptor associated with error code

func (RegError) Error 

func (err RegError) Error() string

type Registrar 

type Registrar interface {
	Register(*ConjureSession, context.Context) (*ConjureReg, error)

	// PrepareRegKeys prepares key materials specific to the registrar
	PrepareRegKeys(pubkey [32]byte) error
}

Registrar defines the interface for a module completing the initial portion of the conjure protocol which registers the clients intent to connect, along with the specifics of the session they wish to establish.

type TapdanceFlowConn 

type TapdanceFlowConn struct {
	// contains filtered or unexported fields
}

TapdanceFlowConn represents single TapDance flow.

func (*TapdanceFlowConn) Close 

func (flowConn *TapdanceFlowConn) Close() error

Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.

func (*TapdanceFlowConn) DialContext 

func (flowConn *TapdanceFlowConn) DialContext(ctx context.Context) error

Dial establishes direct connection to TapDance station proxy. Users are expected to send HTTP CONNECT request next.

func (*TapdanceFlowConn) LocalAddr 

func (flowConn *TapdanceFlowConn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*TapdanceFlowConn) Read 

func (flowConn *TapdanceFlowConn) Read(b []byte) (int, error)

func (*TapdanceFlowConn) RemoteAddr 

func (flowConn *TapdanceFlowConn) RemoteAddr() net.Addr

RemoteAddr returns the address of current decoy. Not goroutine-safe, mostly here to satisfy net.Conn

func (*TapdanceFlowConn) SetDeadline 

func (flowConn *TapdanceFlowConn) SetDeadline(t time.Time) error

SetDeadline is supposed to set the read and write deadlines associated with the connection. It is equivalent to calling both SetReadDeadline and SetWriteDeadline.

TODO: In reality, SetDeadline doesn't do that yet, but existence of this function is mandatory to implement net.Conn

A deadline is an absolute time after which I/O operations fail with a timeout (see type Error) instead of blocking. The deadline applies to all future I/O, not just the immediately following call to Read or Write.

An idle timeout can be implemented by repeatedly extending the deadline after successful Read or Write calls.

A zero value for t means I/O operations will not time out.

func (*TapdanceFlowConn) SetReadDeadline 

func (flowConn *TapdanceFlowConn) SetReadDeadline(t time.Time) error

SetReadDeadline sets the deadline for future Read calls. A zero value for t means Read will not time out.

func (*TapdanceFlowConn) SetWriteDeadline 

func (flowConn *TapdanceFlowConn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the deadline for future Write calls. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.

func (*TapdanceFlowConn) Write 

func (flowConn *TapdanceFlowConn) Write(b []byte) (int, error)

Write writes data to the connection. Write can be made to time out and return an Error with Timeout() == true after a fixed time limit; see SetDeadline and SetWriteDeadline.

type Transport added in v1.5.0 

type Transport interfaces.Transport

Transport provides a generic interface for utilities that allow the client to dial and connect to a phantom address when creating a Conjure connection.

type V6 

type V6 struct {
	// contains filtered or unexported fields
}

V6 - Struct to track V6 support and cache result across sessions

func (*V6) Include added in v1.7.0 

func (v *V6) Include() uint

Include returns a private field of the V6 Support struct.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.