// PipeThenClose copies data from src to dst, closes dst when done, with ota verification.
func PipeThenCloseOta(src *Conn, dst net.Conn, timeout time.Duration) {
const (
dataLenLen = 2
hmacSha1Len = 10
idxData0 = dataLenLen + hmacSha1Len
)
defer func() {
dst.Close()
}()
// sometimes it have to fill large block
buf := leakyBuf.Get()
defer leakyBuf.Put(buf)
i := 0
for {
i += 1
SetReadTimeout(src, timeout)
if n, err := io.ReadFull(src, buf[:dataLenLen+hmacSha1Len]); err != nil {
if err == io.EOF {
break
}
glog.Errorf("conn=%p #%v read header error n=%v: %v", src, i, n, err)
break
}
dataLen := binary.BigEndian.Uint16(buf[:dataLenLen])
expectedHmacSha1 := buf[dataLenLen:idxData0]
var dataBuf []byte
if len(buf) < int(idxData0+dataLen) {
dataBuf = make([]byte, dataLen)
} else {
dataBuf = buf[idxData0 : idxData0+dataLen]
}
if n, err := io.ReadFull(src, dataBuf); err != nil {
if err == io.EOF {
break
}
glog.V(5).Infof("conn=%p #%v read data error n=%v: %v", src, i, n, err)
break
}
chunkIdBytes := make([]byte, 4)
chunkId := src.GetAndIncrChunkId()
binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
actualHmacSha1 := util.HmacSha1(append(src.GetIv(), chunkIdBytes...), dataBuf)
if !bytes.Equal(expectedHmacSha1, actualHmacSha1) {
glog.V(5).Infof("conn=%p #%v read data hmac-sha1 mismatch, iv=%v chunkId=%v src=%v dst=%v len=%v expeced=%v actual=%v", src, i, src.GetIv(), chunkId, src.RemoteAddr(), dst.RemoteAddr(), dataLen, expectedHmacSha1, actualHmacSha1)
break
}
if n, err := dst.Write(dataBuf); err != nil {
glog.V(5).Infof("conn=%p #%v write data error n=%v: %v", dst, i, n, err)
break
}
}
}
func getRequest(conn *connection.Conn, auth bool, timeout time.Duration) (host string, ota bool, err error) {
glog.V(5).Infoln("getRequest from remote34342")
connection.SetReadTimeout(conn, timeout)
// buf size should at least have the same size with the largest possible
// request size (when addrType is 3, domain name has at most 256 bytes)
// 1(addrType) + 1(lenByte) + 256(max length address) + 2(port) + 10(hmac-sha1)
buf := make([]byte, 270)
// read till we get possible domain length field
if _, err = io.ReadFull(conn, buf[:idType+1]); err != nil {
glog.Errorln("read buffer from remote connection error:", err)
return
}
// if _, err = io.ReadFull(conn, buf[:64]); err != nil {
// glog.Errorln("read buffer from remote connection error:", err)
// return
// }
// glog.V(5).Infof("Got a Request string is byte:%v string:%v)\r\n", buf, string(buf))
// return
var reqStart, reqEnd int
addrType := buf[idType]
switch addrType & connection.AddrMask {
case typeIPv4:
reqStart, reqEnd = idIP0, idIP0+lenIPv4
case typeIPv6:
reqStart, reqEnd = idIP0, idIP0+lenIPv6
case typeDm:
glog.V(5).Infoln("Got a Domain Addr Type, read start(%v) end(%v)\r\n", idType+1, idDmLen+1)
if _, err = io.ReadFull(conn, buf[idType+1:idDmLen+1]); err != nil {
glog.Errorf("Read from remote err:%v\r\n", err)
return
}
reqStart, reqEnd = idDm0, int(idDm0+buf[idDmLen]+lenDmBase)
default:
err = fmt.Errorf("addr type %d not supported", addrType&connection.AddrMask)
return
}
if _, err = io.ReadFull(conn, buf[reqStart:reqEnd]); err != nil {
return
}
glog.V(5).Infof("Got string from remote %v \r\n", buf[reqStart:reqEnd])
// Return string for typeIP is not most efficient, but browsers (Chrome,
// Safari, Firefox) all seems using typeDm exclusively. So this is not a
// big problem.
switch addrType & connection.AddrMask {
case typeIPv4:
host = net.IP(buf[idIP0 : idIP0+net.IPv4len]).String()
case typeIPv6:
host = net.IP(buf[idIP0 : idIP0+net.IPv6len]).String()
case typeDm:
host = string(buf[idDm0 : idDm0+buf[idDmLen]])
}
glog.V(5).Infof("Got host from remote: %v\r\n", host)
// parse port
port := binary.BigEndian.Uint16(buf[reqEnd-2 : reqEnd])
host = net.JoinHostPort(host, strconv.Itoa(int(port)))
// if specified one time auth enabled, we should verify this
if auth || addrType&connection.OneTimeAuthMask > 0 {
ota = true
if _, err = io.ReadFull(conn, buf[reqEnd:reqEnd+lenHmacSha1]); err != nil {
return
}
iv := conn.GetIv()
key := conn.GetKey()
actualHmacSha1Buf := util.HmacSha1(append(iv, key...), buf[:reqEnd])
if !bytes.Equal(buf[reqEnd:reqEnd+lenHmacSha1], actualHmacSha1Buf) {
err = fmt.Errorf("verify one time auth failed, iv=%v key=%v data=%v", iv, key, buf[:reqEnd])
return
}
}
return
}