diff --git a/config.go b/config.go index 7b633db..547f26f 100755 --- a/config.go +++ b/config.go @@ -198,8 +198,6 @@ func initConfig() (err error) { socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type ").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh") socksArgs.LocalType = socks.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp") socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String() - socksArgs.UDPParent = socks.Flag("udp-parent", "udp parent address, such as: \"23.32.32.19:33090\"").Default("").Short('X').String() - socksArgs.UDPLocal = socks.Flag("udp-local", "udp local ip:port to listen").Short('x').Default(":33090").String() socksArgs.CertFile = socks.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String() socksArgs.CaCertFile = socks.Flag("ca", "ca cert file for tls").Default("").String() socksArgs.KeyFile = socks.Flag("key", "key file for tls").Short('K').Default("proxy.key").String() diff --git a/sdk/android-ios/sdk.go b/sdk/android-ios/sdk.go index 1033d62..db1882a 100644 --- a/sdk/android-ios/sdk.go +++ b/sdk/android-ios/sdk.go @@ -194,8 +194,6 @@ func Start(serviceID, serviceArgsStr string) (errStr string) { socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type ").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh") socksArgs.LocalType = socks.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp") socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String() - socksArgs.UDPParent = socks.Flag("udp-parent", "udp parent address, such as: \"23.32.32.19:33090\"").Default("").Short('X').String() - socksArgs.UDPLocal = socks.Flag("udp-local", "udp local ip:port to listen").Short('x').Default(":33090").String() socksArgs.CertFile = socks.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String() socksArgs.CaCertFile = socks.Flag("ca", "ca cert file for tls").Default("").String() socksArgs.KeyFile = socks.Flag("key", "key file for tls").Short('K').Default("proxy.key").String() diff --git a/services/socks/socks.go b/services/socks/socks.go index 99427a9..4aa35d0 100644 --- a/services/socks/socks.go +++ b/services/socks/socks.go @@ -1,6 +1,7 @@ package socks import ( + "crypto/md5" "crypto/tls" "fmt" "io" @@ -15,7 +16,7 @@ import ( "github.com/snail007/goproxy/services" "github.com/snail007/goproxy/services/kcpcfg" "github.com/snail007/goproxy/utils" - "github.com/snail007/goproxy/utils/aes" + goaes "github.com/snail007/goproxy/utils/aes" "github.com/snail007/goproxy/utils/conncrypt" "github.com/snail007/goproxy/utils/socks" "golang.org/x/crypto/ssh" @@ -50,8 +51,6 @@ type SocksArgs struct { AuthURLTimeout *int AuthURLRetry *int KCP kcpcfg.KCPConfigArgs - UDPParent *string - UDPLocal *string LocalIPS *[]string DNSAddress *string DNSTTL *int @@ -73,6 +72,8 @@ type Socks struct { userConns utils.ConcurrentMap log *logger.Logger udpRelatedPacketConns utils.ConcurrentMap + udpLocalKey []byte + udpParentKey []byte } func NewSocks() services.Service { @@ -107,17 +108,6 @@ func (s *Socks) CheckArgs() (err error) { err = fmt.Errorf("parent type unkown,use -T ") return } - host, _, e := net.SplitHostPort(*s.cfg.Parent) - if e != nil { - err = fmt.Errorf("parent format error : %s", e) - return - } - if *s.cfg.UDPParent == "" { - *s.cfg.UDPParent = net.JoinHostPort(host, "33090") - } - if strings.HasPrefix(*s.cfg.UDPParent, ":") { - *s.cfg.UDPParent = net.JoinHostPort(host, strings.TrimLeft(*s.cfg.UDPParent, ":")) - } if *s.cfg.ParentType == "ssh" { if *s.cfg.SSHUser == "" { err = fmt.Errorf("ssh user required") @@ -149,6 +139,9 @@ func (s *Socks) CheckArgs() (err error) { } } } + s.udpLocalKey = s.LocalUDPKey() + s.udpParentKey = s.ParentUDPKey() + //s.log.Printf("udpLocalKey : %v , udpParentKey : %v", s.udpLocalKey, s.udpParentKey) return } func (s *Socks) InitService() (err error) { @@ -190,14 +183,6 @@ func (s *Socks) InitService() (err error) { } if *s.cfg.ParentType == "ssh" { s.log.Printf("warn: socks udp not suppored for ssh") - } else { - s.udpSC = utils.NewServerChannelHost(*s.cfg.UDPLocal, s.log) - e := s.udpSC.ListenUDP(s.udpCallback) - if e != nil { - err = fmt.Errorf("init udp service fail, ERR: %s", e) - return - } - s.log.Printf("udp socks proxy on %s", s.udpSC.UDPListener.LocalAddr()) } return } @@ -241,9 +226,6 @@ func (s *Socks) Start(args interface{}, log *logger.Logger) (err error) { if *s.cfg.Parent != "" { s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent) } - if *s.cfg.UDPParent != "" { - s.log.Printf("use socks udp parent %s", *s.cfg.UDPParent) - } sc := utils.NewServerChannelHost(*s.cfg.Local, s.log) if *s.cfg.LocalType == "tcp" { err = sc.ListenTCP(s.socksConnCallback) @@ -262,165 +244,7 @@ func (s *Socks) Start(args interface{}, log *logger.Logger) (err error) { func (s *Socks) Clean() { s.StopService() } -func (s *Socks) UDPKey() []byte { - return s.cfg.KeyBytes[:32] -} -func (s *Socks) udpCallback(b []byte, localAddr, srcAddr *net.UDPAddr) { - rawB := b - var err error - if *s.cfg.LocalType == "tls" { - //decode b - rawB, err = goaes.Decrypt(s.UDPKey(), b) - if err != nil { - s.log.Printf("decrypt udp packet fail from %s", srcAddr.String()) - return - } - } - p, err := socks.ParseUDPPacket(rawB) - s.log.Printf("udp revecived:%v", len(p.Data())) - if err != nil { - s.log.Printf("parse udp packet fail, ERR:%s", err) - return - } - //防止死循环 - if s.IsDeadLoop((*localAddr).String(), p.Host()) { - s.log.Printf("dead loop detected , %s", p.Host()) - return - } - //s.log.Printf("##########udp to -> %s:%s###########", p.Host(), p.Port()) - if *s.cfg.Parent != "" { - //有上级代理,转发给上级 - if *s.cfg.ParentType == "tls" { - //encode b - rawB, err = goaes.Encrypt(s.UDPKey(), rawB) - if err != nil { - s.log.Printf("encrypt udp data fail to %s", *s.cfg.Parent) - return - } - } - parent := *s.cfg.UDPParent - if parent == "" { - parent = *s.cfg.Parent - } - dstAddr, err := net.ResolveUDPAddr("udp", s.Resolve(parent)) - if err != nil { - s.log.Printf("can't resolve address: %s", err) - return - } - clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0} - conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr) - if err != nil { - s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err) - return - } - conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout*5))) - _, err = conn.Write(rawB) - conn.SetDeadline(time.Time{}) - s.log.Printf("udp request:%v", len(rawB)) - if err != nil { - s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err) - conn.Close() - return - } - //s.log.Printf("send udp packet to %s success", dstAddr.String()) - buf := make([]byte, 10*1024) - conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - length, _, err := conn.ReadFromUDP(buf) - conn.SetDeadline(time.Time{}) - if err != nil { - s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err) - conn.Close() - return - } - respBody := buf[0:length] - s.log.Printf("udp response:%v", len(respBody)) - //s.log.Printf("revecived udp packet from %s", dstAddr.String()) - if *s.cfg.ParentType == "tls" { - //decode b - respBody, err = goaes.Decrypt(s.UDPKey(), respBody) - if err != nil { - s.log.Printf("encrypt udp data fail to %s", *s.cfg.Parent) - conn.Close() - return - } - } - if *s.cfg.LocalType == "tls" { - d, err := goaes.Encrypt(s.UDPKey(), respBody) - if err != nil { - s.log.Printf("encrypt udp data fail from %s", dstAddr.String()) - conn.Close() - return - } - s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - s.udpSC.UDPListener.WriteToUDP(d, srcAddr) - s.udpSC.UDPListener.SetDeadline(time.Time{}) - s.log.Printf("udp reply:%v", len(d)) - d = nil - } else { - s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - s.udpSC.UDPListener.WriteToUDP(respBody, srcAddr) - s.udpSC.UDPListener.SetDeadline(time.Time{}) - s.log.Printf("udp reply:%v", len(respBody)) - } - - } else { - //本地代理 - dstAddr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(s.Resolve(p.Host()), p.Port())) - if err != nil { - s.log.Printf("can't resolve address: %s", err) - return - } - clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0} - conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr) - if err != nil { - s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err) - return - } - conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout*3))) - _, err = conn.Write(p.Data()) - conn.SetDeadline(time.Time{}) - s.log.Printf("udp send:%v", len(p.Data())) - if err != nil { - s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err) - conn.Close() - return - } - //s.log.Printf("send udp packet to %s success", dstAddr.String()) - buf := make([]byte, 10*1024) - conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - length, _, err := conn.ReadFromUDP(buf) - conn.SetDeadline(time.Time{}) - - if err != nil { - s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err) - conn.Close() - return - } - respBody := buf[0:length] - //封装来自真实服务器的数据,返回给访问者 - respPacket := p.NewReply(respBody) - //s.log.Printf("revecived udp packet from %s", dstAddr.String()) - if *s.cfg.LocalType == "tls" { - d, err := goaes.Encrypt(s.UDPKey(), respPacket) - if err != nil { - s.log.Printf("encrypt udp data fail from %s", dstAddr.String()) - conn.Close() - return - } - s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - s.udpSC.UDPListener.WriteToUDP(d, srcAddr) - s.udpSC.UDPListener.SetDeadline(time.Time{}) - d = nil - } else { - s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout))) - s.udpSC.UDPListener.WriteToUDP(respPacket, srcAddr) - s.udpSC.UDPListener.SetDeadline(time.Time{}) - } - s.log.Printf("udp reply:%v", len(respPacket)) - } - -} func (s *Socks) socksConnCallback(inConn net.Conn) { defer func() { if err := recover(); err != nil { @@ -535,6 +359,36 @@ func (s *Socks) socksConnCallback(inConn net.Conn) { } } +func (s *Socks) ParentUDPKey() (key []byte) { + switch *s.cfg.ParentType { + case "tcp": + if *s.cfg.ParentKey != "" { + v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.ParentKey))) + return []byte(v)[:24] + } + case "tls": + return s.cfg.KeyBytes[:24] + case "kcp": + v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key))) + return []byte(v)[:24] + } + return +} +func (s *Socks) LocalUDPKey() (key []byte) { + switch *s.cfg.LocalType { + case "tcp": + if *s.cfg.LocalKey != "" { + v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.LocalKey))) + return []byte(v)[:24] + } + case "tls": + return s.cfg.KeyBytes[:24] + case "kcp": + v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key))) + return []byte(v)[:24] + } + return +} func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, request socks.Request) { if *s.cfg.ParentType == "ssh" { utils.CloseConn(inConn) @@ -589,16 +443,19 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque defer clean("", "") go func() { buf := make([]byte, 1) + (*inConn).SetReadDeadline(time.Time{}) if _, err := (*inConn).Read(buf); err != nil { clean("udp related tcp conn disconnected with read", err.Error()) } }() go func() { for { + (*inConn).SetWriteDeadline(time.Now().Add(time.Second * 5)) if _, err := (*inConn).Write([]byte{0x00}); err != nil { clean("udp related tcp conn disconnected with write", err.Error()) return } + (*inConn).SetWriteDeadline(time.Time{}) time.Sleep(time.Second * 5) } }() @@ -614,13 +471,17 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque s.checker.Add(request.Addr(), s.Resolve(request.Addr())) } } + } else { + useProxy = false + } + if useProxy { //parent proxy outconn, err := s.getOutConn(nil, nil, "", false) if err != nil { clean("connnect fail", fmt.Sprintf("%s", err)) return } - client := socks.NewClientConn(&outconn, "udp", "", time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil) + client := socks.NewClientConn(&outconn, "udp", request.Addr(), time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil) if err = client.Handshake(); err != nil { clean("handshake fail", fmt.Sprintf("%s", err)) return @@ -630,17 +491,16 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque s.userConns.Set(outconnLocalAddr, &outconn) go func() { buf := make([]byte, 1) + outconn.SetReadDeadline(time.Time{}) if _, err := outconn.Read(buf); err != nil { clean("udp parent tcp conn disconnected", fmt.Sprintf("%s", err)) } }() //forward to parent udp - s.log.Printf("parent udp address %s", client.UDPAddr) + //s.log.Printf("parent udp address %s", client.UDPAddr) destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr) - } else { - useProxy = false } - s.log.Printf("use proxy %v , udp %s", useProxy, request.Addr()) + s.log.Printf("use proxy %v : udp %s", useProxy, request.Addr()) //relay for { buf := utils.LeakyBuffer.Get() @@ -654,7 +514,17 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque continue } p := socks.NewPacketUDP() - err = p.Parse(buf[:n]) + //convert data to raw + if len(s.udpLocalKey) > 0 { + var v []byte + v, err = goaes.Decrypt(s.udpLocalKey, buf[:n]) + if err == nil { + err = p.Parse(v) + } + } else { + err = p.Parse(buf[:n]) + } + //err = p.Parse(buf[:n]) if err != nil { s.log.Printf("udp listener parse packet fail, %s", err.Error()) continue @@ -672,7 +542,6 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque continue } s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn) - go func() { defer s.udpRelatedPacketConns.Remove(srcAddr.String()) //out->local io copy @@ -688,16 +557,36 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque continue } - var dlen = n + //var dlen = n if useProxy { //forward to local - _, err = udpListener.WriteTo(buf[:n], srcAddr) + var v []byte + //convert parent data to raw + if len(s.udpParentKey) > 0 { + v, err = goaes.Decrypt(s.udpParentKey, buf[:n]) + if err != nil { + s.log.Printf("udp outconn parse packet fail, %s", err.Error()) + continue + } + } else { + v = buf[:n] + } + //now v is raw, try convert v to local + if len(s.udpLocalKey) > 0 { + v, _ = goaes.Encrypt(s.udpLocalKey, v) + } + _, err = udpListener.WriteTo(v, srcAddr) + // _, err = udpListener.WriteTo(buf[:n], srcAddr) } else { rp := socks.NewPacketUDP() rp.Build(srcAddr.String(), buf[:n]) - d := rp.Bytes() - dlen = len(d) - _, err = udpListener.WriteTo(d, srcAddr) + v := rp.Bytes() + //dlen = len(v) + //rp.Bytes() v is raw, try convert to local + if len(s.udpLocalKey) > 0 { + v, _ = goaes.Encrypt(s.udpLocalKey, v) + } + _, err = udpListener.WriteTo(v, srcAddr) } if err != nil { @@ -708,7 +597,7 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque } continue } else { - s.log.Printf("send udp data to local success , len %d, for : %s", dlen, srcAddr) + //s.log.Printf("send udp data to local success , len %d, for : %s", dlen, srcAddr) } } }() @@ -718,7 +607,15 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque //local->out io copy if useProxy { //forward to parent - _, err = outUDPConn.Write(buf[:n]) + //p is raw, now convert it to parent + var v []byte + if len(s.udpParentKey) > 0 { + v, _ = goaes.Encrypt(s.udpParentKey, p.Bytes()) + } else { + v = p.Bytes() + } + _, err = outUDPConn.Write(v) + // _, err = outUDPConn.Write(p.Bytes()) } else { _, err = outUDPConn.Write(p.Data()) } @@ -729,7 +626,7 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque s.log.Printf("send out udp data fail , %s , from : %s", err, srcAddr) continue } else { - s.log.Printf("send udp data to remote success , len %d, for : %s", len(p.Data()), srcAddr) + //s.log.Printf("send udp data to remote success , len %d, for : %s", len(p.Data()), srcAddr) } } diff --git a/utils/functions.go b/utils/functions.go index 29b4851..4d20b7c 100755 --- a/utils/functions.go +++ b/utils/functions.go @@ -17,7 +17,6 @@ import ( "net" "net/http" "os" - "os/exec" "github.com/snail007/goproxy/services/kcpcfg" @@ -209,98 +208,6 @@ func CloseConn(conn *net.Conn) { (*conn).Close() } } -func Keygen() (err error) { - CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"} - domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"} - C := CList[int(RandInt(4))%len(CList)] - ST := RandString(int(RandInt(4) % 10)) - O := RandString(int(RandInt(4) % 10)) - CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)]) - //log.Printf("C: %s, ST: %s, O: %s, CN: %s", C, ST, O, CN) - var out []byte - if len(os.Args) == 3 && os.Args[2] == "ca" { - cmd := exec.Command("sh", "-c", "openssl genrsa -out ca.key 2048") - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - - cmdStr := fmt.Sprintf("openssl req -new -key ca.key -x509 -days 36500 -out ca.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, "*."+CN) - cmd = exec.Command("sh", "-c", cmdStr) - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - } else if len(os.Args) == 5 && os.Args[2] == "ca" && os.Args[3] != "" && os.Args[4] != "" { - certBytes, _ := ioutil.ReadFile("ca.crt") - block, _ := pem.Decode(certBytes) - if block == nil || certBytes == nil { - panic("failed to parse ca certificate PEM") - } - x509Cert, _ := x509.ParseCertificate(block.Bytes) - if x509Cert == nil { - panic("failed to parse block") - } - name := os.Args[3] - days := os.Args[4] - cmd := exec.Command("sh", "-c", "openssl genrsa -out "+name+".key 2048") - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - - cmdStr := fmt.Sprintf("openssl req -new -key %s.key -out %s.csr -subj /C=%s/ST=%s/O=%s/CN=%s", name, name, C, ST, O, CN) - fmt.Printf("%s", cmdStr) - cmd = exec.Command("sh", "-c", cmdStr) - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - - cmdStr = fmt.Sprintf("openssl x509 -req -days %s -in %s.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out %s.crt", days, name, name) - fmt.Printf("%s", cmdStr) - cmd = exec.Command("sh", "-c", cmdStr) - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - - fmt.Println(string(out)) - } else if len(os.Args) == 3 && os.Args[2] == "usage" { - fmt.Println(`proxy keygen //generate proxy.crt and proxy.key -proxy keygen ca //generate ca.crt and ca.key -proxy keygen ca client0 30 //generate client0.crt client0.key and use ca.crt sign it with 30 days - `) - } else if len(os.Args) == 2 { - cmd := exec.Command("sh", "-c", "openssl genrsa -out proxy.key 2048") - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - - cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN) - cmd = exec.Command("sh", "-c", cmdStr) - out, err = cmd.CombinedOutput() - if err != nil { - logger.Printf("err:%s", err) - return - } - fmt.Println(string(out)) - } - - return -} func GetAllInterfaceAddr() ([]net.IP, error) { ifaces, err := net.Interfaces()