// dnsRoundTripUDP implements the dnsRoundTrip interface for RFC 1035's
// "UDP usage" transport mechanism. c should be a packet-oriented connection,
// such as a *UDPConn.
func dnsRoundTripUDP(c io.ReadWriter, query *dnsMsg) (*dnsMsg, error) {
b, ok := query.Pack()
if !ok {
return nil, errors.New("cannot marshal DNS message")
}
if _, err := c.Write(b); err != nil {
return nil, err
}
b = make([]byte, 512) // see RFC 1035
for {
n, err := c.Read(b)
if err != nil {
return nil, err
}
resp := &dnsMsg{}
if !resp.Unpack(b[:n]) || !resp.IsResponseTo(query) {
// Ignore invalid responses as they may be malicious
// forgery attempts. Instead continue waiting until
// timeout. See golang.org/issue/13281.
continue
}
return resp, nil
}
}
func negotiateMethod(c Context, rw io.ReadWriter) {
rw.Write(methodRequest(proxy.MethodNoPassword))
if _, err := rw.Read(make([]byte, 3)); err != nil {
c.Error(err)
}
return
}
// dnsRoundTripTCP implements the dnsRoundTrip interface for RFC 1035's
// "TCP usage" transport mechanism. c should be a stream-oriented connection,
// such as a *TCPConn.
func dnsRoundTripTCP(c io.ReadWriter, query *dnsMsg) (*dnsMsg, error) {
b, ok := query.Pack()
if !ok {
return nil, errors.New("cannot marshal DNS message")
}
l := len(b)
b = append([]byte{byte(l >> 8), byte(l)}, b...)
if _, err := c.Write(b); err != nil {
return nil, err
}
b = make([]byte, 1280) // 1280 is a reasonable initial size for IP over Ethernet, see RFC 4035
if _, err := io.ReadFull(c, b[:2]); err != nil {
return nil, err
}
l = int(b[0])<<8 | int(b[1])
if l > len(b) {
b = make([]byte, l)
}
n, err := io.ReadFull(c, b[:l])
if err != nil {
return nil, err
}
resp := &dnsMsg{}
if !resp.Unpack(b[:n]) {
return nil, errors.New("cannot unmarshal DNS message")
}
if !resp.IsResponseTo(query) {
return nil, errors.New("invalid DNS response")
}
return resp, nil
}
func (r *Receiver) handleTransfer(conn io.ReadWriter) (
transfer.TransferResults, error,
) {
if _, err := conn.Write([]byte("ok")); err != nil {
return transfer.TransferResults{}, err
}
res := transfer.TransferResults{}
buffer := make([]byte, 1024)
startTime := time.Now()
for {
n, err := conn.Read(buffer)
if err != nil { // done reading
break
}
res.BytesSent += uint32(n)
res.Checksum = crc32.Update(res.Checksum, crc32.IEEETable, buffer)
}
endTime := time.Now()
res.Duration = endTime.Sub(startTime)
return res, nil
}
func verifyPipe(t *testing.T, a, b io.ReadWriter) {
mes := make([]byte, 1024)
rand.Read(mes)
go func() {
b.Write(mes)
a.Write(mes)
}()
buf := make([]byte, len(mes))
n, err := a.Read(buf)
if err != nil {
t.Fatal(err)
}
if n != len(buf) {
t.Fatal("failed to read enough")
}
if string(buf) != string(mes) {
t.Fatal("somehow read wrong message")
}
n, err = b.Read(buf)
if err != nil {
t.Fatal(err)
}
if n != len(buf) {
t.Fatal("failed to read enough")
}
if string(buf) != string(mes) {
t.Fatal("somehow read wrong message")
}
}
// receiverEncHandshake negotiates a session token on conn.
// it should be called on the listening side of the connection.
//
// prv is the local client's private key.
// token is the token from a previous session with this node.
func receiverEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, token []byte) (s secrets, err error) {
authMsg := new(authMsgV4)
authPacket, err := readHandshakeMsg(authMsg, encAuthMsgLen, prv, conn)
if err != nil {
return s, err
}
h := new(encHandshake)
if err := h.handleAuthMsg(authMsg, prv); err != nil {
return s, err
}
authRespMsg, err := h.makeAuthResp()
if err != nil {
return s, err
}
var authRespPacket []byte
if authMsg.gotPlain {
authRespPacket, err = authRespMsg.sealPlain(h)
} else {
authRespPacket, err = sealEIP8(authRespMsg, h)
}
if err != nil {
return s, err
}
if _, err = conn.Write(authRespPacket); err != nil {
return s, err
}
return h.secrets(authPacket, authRespPacket)
}
func handShake(rw io.ReadWriter) error {
// version(1)+numMethods(1)+[256]methods
buff := make([]byte, 258)
n, err := io.ReadAtLeast(rw, buff, 2)
if err != nil {
return err
}
// version
if buff[0] != 5 {
return errors.New("socks unsuported version")
}
// numMethods
numMethod := int(buff[1])
// methods
numMethod += 2
if n <= numMethod {
if _, err = io.ReadFull(rw, buff[n:numMethod]); err != nil {
return err
}
}
fmt.Println("Socks5: Step 1 -> ", buff[:numMethod])
// return data
buff[1] = 0 // no authentication
if _, err := rw.Write(buff[:2]); err != nil {
return err
}
fmt.Println("Socks5: Step 1 <- ", buff[:2])
return nil
}
func ClientHandshake(stream io.ReadWriter, local Certificate) (*Transport, error) {
pub, priv, err := GenerateExchangeKey()
if err != nil {
return nil, err
}
if _, err = stream.Write(pub); err != nil {
return nil, err
}
theirkey := make([]byte, PublicKeySize)
if _, err = stream.Read(theirkey); err != nil {
return nil, err
}
cipher1, cipher2, err := CreateExchangedCipher(theirkey, priv)
if err != nil {
return nil, err
}
macKey, err := GenerateMACKey()
if err != nil {
return nil, err
}
encryptedMACKey := make([]byte, MACSize)
cipher1.XORKeyStream(encryptedMACKey, macKey)
if _, err = stream.Write(encryptedMACKey); err != nil {
return nil, err
}
transport := new(Transport)
transport.stream = stream
transport.macKey = macKey
transport.readCipher = cipher2
transport.writeCipher = cipher1
if err := sendCertificate(transport, local); err != nil {
return nil, err
}
remote, err := requireCertificate(transport)
if err != nil {
return nil, err
}
transport.local = local
transport.remote = remote
return transport, nil
}
//throwBytes chucks bytes at the remote server then listens for a response
func throwBytes(conn io.ReadWriter, count uint64) error {
var writeBytes uint64
var b []byte
buff := make([]byte, 128)
for writeBytes < count {
if (count - writeBytes) >= uint64(len(dataBlock)) {
b = dataBlock
} else {
b = dataBlock[0:(count - writeBytes)]
}
n, err := conn.Write(b)
if err != nil {
return err
}
writeBytes += uint64(n)
}
//read the response
n, err := conn.Read(buff)
if err != nil {
return err
}
if n == 0 {
return fmt.Errorf("Failed to get OK on upload")
}
if !strings.HasPrefix(string(buff[0:n]), "OK ") {
return fmt.Errorf("Failed to get OK on upload")
}
return nil
}
// swapKeys generates a public/private key pair and swaps the public key with
// a corresponding call to swapKeys over the given ReadWriter.
//
// swapKeys returns the private key generated locally and the public key of it's
// counterpart.
func swapKeys(rw io.ReadWriter) (priv, peer *[32]byte, err error) {
// Always return nil for the keys if there is an error
defer func() {
if err != nil {
priv, peer = nil, nil
}
}()
pub, priv, err := box.GenerateKey(rand.Reader)
if err != nil {
return
}
// Write our public key
werr := make(chan error)
go func() {
_, err := rw.Write(pub[:])
werr <- err
}()
defer func() {
if err == nil {
err = <-werr
}
}()
// Read their public key
peer = new([32]byte)
_, err = io.ReadFull(rw, peer[:])
return
}
func performConnect(backend string, frontconn io.ReadWriter) {
log.Printf("trying to connect to %s...\n", backend)
backconn, err := net.Dial("tcp", backend)
if err != nil {
log.Printf("failed to connect to %s: %s\n", backend, err)
frontconn.Write(errorReplyConnect(0x05))
return
}
backaddr := backconn.RemoteAddr().String()
log.Println("CONNECTED backend", backconn, backaddr)
defer func() {
backconn.Close()
log.Println("DISCONNECTED backend", backconn, backaddr)
}()
// reply to the CONNECT command
buf := make([]byte, 10)
copy(buf, []byte{0x05, 0x00, 0x00, 0x01})
packNetAddr(backconn.RemoteAddr(), buf[4:])
frontconn.Write(buf)
// bridge connection
shutdown := make(chan bool, 2)
go common.IOBridge(frontconn, backconn, shutdown)
go common.IOBridge(backconn, frontconn, shutdown)
<-shutdown
}
// Query writes a question to rw and waits for an answer. It will pass the
// answer into the verify function. Verify should check the answer for
// validity, returning a failure reason as a string, or an empty string if the
// answer is valid.
func QueryVerify(
rw io.ReadWriter,
question []byte,
verify func(string) (string, error),
) (answer string, err error) {
scanner := bufio.NewScanner(rw)
for {
_, err = rw.Write(question)
if err != nil {
return "", err
}
if !scanner.Scan() {
if err = scanner.Err(); err != nil {
return "", err
}
return "", fmt.Errorf("Connection closed")
}
answer = scanner.Text()
failure, err := verify(answer)
if err != nil {
return "", err
}
if failure == "" {
return answer, nil
}
_, err = fmt.Fprintln(rw, failure)
if err != nil {
return "", err
}
}
}
// initiatorEncHandshake negotiates a session token on conn.
// it should be called on the dialing side of the connection.
//
// prv is the local client's private key.
func initiatorEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, remoteID discover.NodeID, token []byte) (s secrets, err error) {
h := &encHandshake{initiator: true, remoteID: remoteID}
authMsg, err := h.makeAuthMsg(prv, token)
if err != nil {
return s, err
}
var authPacket []byte
if configSendEIP {
authPacket, err = sealEIP8(authMsg, h)
} else {
authPacket, err = authMsg.sealPlain(h)
}
if err != nil {
return s, err
}
if _, err = conn.Write(authPacket); err != nil {
return s, err
}
authRespMsg := new(authRespV4)
authRespPacket, err := readHandshakeMsg(authRespMsg, encAuthRespLen, prv, conn)
if err != nil {
return s, err
}
if err := h.handleAuthResp(authRespMsg); err != nil {
return s, err
}
return h.secrets(authPacket, authRespPacket)
}
// ServeAgent serves the agent protocol on the given connection. It
// returns when an I/O error occurs.
func ServeAgent(agent Agent, c io.ReadWriter) error {
s := &server{agent}
var length [4]byte
for {
if _, err := io.ReadFull(c, length[:]); err != nil {
return err
}
l := binary.BigEndian.Uint32(length[:])
if l > maxAgentResponseBytes {
// We also cap requests.
return fmt.Errorf("agent: request too large: %d", l)
}
req := make([]byte, l)
if _, err := io.ReadFull(c, req); err != nil {
return err
}
repData := s.processRequestBytes(req)
if len(repData) > maxAgentResponseBytes {
return fmt.Errorf("agent: reply too large: %d bytes", len(repData))
}
binary.BigEndian.PutUint32(length[:], uint32(len(repData)))
if _, err := c.Write(length[:]); err != nil {
return err
}
if _, err := c.Write(repData); err != nil {
return err
}
}
}
//从io接口中读取指定长度数据
func WriteAndReadLen(rw io.ReadWriter, writedata []byte, readlen int, timeout int) ([]byte, error) {
p := []byte(writedata)
_, err := rw.Write(p)
if err != nil {
return nil, err
}
return ReadWithLen(rw, readlen, timeout)
}
//从io接口中读取指定结束符数据
func WriteAndReadWithTer(rw io.ReadWriter, writedata []byte, ter []byte, timeout int) ([]byte, error) {
p := []byte(writedata)
_, err := rw.Write(p)
if err != nil {
return nil, err
}
return ReadWithTer(rw, ter, timeout)
}
func (r *Receiver) handleBusy(conn io.ReadWriter) error {
r.logger.Debugf("Server is busy!")
if _, err := conn.Write([]byte("i-am-busy")); err != nil {
return err
}
return nil
}
func echoOnce(rw io.ReadWriter) error {
buf := make([]byte, 256)
n, err := rw.Read(buf)
if err != nil {
return err
}
_, err = rw.Write(buf[:n])
return err
}
func ServerHandshake(stream io.ReadWriter, local Certificate) (*Transport, error) {
pub, priv, err := GenerateExchangeKey()
if err != nil {
return nil, err
}
theirkey := make([]byte, PublicKeySize)
if _, err = stream.Read(theirkey); err != nil {
return nil, err
}
if _, err = stream.Write(pub); err != nil {
return nil, err
}
cipher1, cipher2, err := CreateExchangedCipher(theirkey, priv)
if err != nil {
return nil, err
}
macKey := make([]byte, MACSize)
if n, err := stream.Read(macKey); err != nil {
return nil, err
} else if n < MACSize {
return nil, MacKeyTooSmallError
}
cipher1.XORKeyStream(macKey, macKey)
transport := new(Transport)
transport.stream = stream
transport.macKey = macKey
transport.readCipher = cipher1
transport.writeCipher = cipher2
remote, err := requireCertificate(transport)
if err != nil {
return nil, err
}
if err := sendCertificate(transport, local); err != nil {
return nil, err
}
transport.local = local
transport.remote = remote
return transport, nil
}
// exchangeKeys performs a key exchange with a remote peer
// and returns peer's public key after successfull exchange.
func exchangeKeys(conn io.ReadWriter, pub *[32]byte) (*[32]byte, error) {
var ppub [32]byte
if _, err := conn.Write(pub[:]); err != nil {
return nil, err
}
if _, err := conn.Read(ppub[:]); err != nil {
return nil, err
}
return &ppub, nil
}
// CopyToWebsocket copies pipe data to/from a websocket. It blocks.
func (p *pipe) CopyToWebsocket(end io.ReadWriter, conn *websocket.Conn) error {
p.mtx.Lock()
if p.closed {
p.mtx.Unlock()
return nil
}
p.wg.Add(1)
p.mtx.Unlock()
defer p.wg.Done()
errors := make(chan error, 1)
// Read-from-UI loop
go func() {
for {
_, buf, err := conn.ReadMessage() // TODO type should be binary message
if err != nil {
errors <- err
return
}
if _, err := end.Write(buf); err != nil {
errors <- err
return
}
}
}()
// Write-to-UI loop
go func() {
buf := make([]byte, 1024)
for {
n, err := end.Read(buf)
if err != nil {
errors <- err
return
}
if err := conn.WriteMessage(websocket.BinaryMessage, buf[:n]); err != nil {
errors <- err
return
}
}
}()
// block until one of the goroutines exits
// this convoluted mechanism is to ensure we only close the websocket once.
select {
case err := <-errors:
return err
case <-p.quit:
return nil
}
}
func (p *Proxy) pipe(src, dst io.ReadWriter) {
islocal := src == p.lconn
var dataDirection string
if islocal {
dataDirection = ">>> %d bytes sent%s"
} else {
dataDirection = "<<< %d bytes recieved%s"
}
var byteFormat string
if p.OutputHex {
byteFormat = "%x"
} else {
byteFormat = "%s"
}
//directional copy (64k buffer)
buff := make([]byte, 0xffff)
for {
n, err := src.Read(buff)
if err != nil {
p.err("Read failed '%s'\n", err)
return
}
b := buff[:n]
//execute match
if p.Matcher != nil {
p.Matcher(b)
}
//execute replace
if p.Replacer != nil {
b = p.Replacer(b)
}
//show output
p.Log.Debug(dataDirection, n, "")
p.Log.Trace(byteFormat, b)
//write out result
n, err = dst.Write(b)
if err != nil {
p.err("Write failed '%s'\n", err)
return
}
if islocal {
p.sentBytes += uint64(n)
} else {
p.receivedBytes += uint64(n)
}
}
}
func (s SimpleAuth) Connect(rw io.ReadWriter) (io.ReadWriter, error) {
out := []byte(s.User)
out = append(out, 0)
out = append(out, s.Pass...)
if _, err := rw.Write(out); err != nil {
return nil, err
}
return nil, nil
}
// exchangeKeys performs the exchange of the keys
// by writing the public key into the data stream first and
// then reading the shared key from the data stream.
func exchangeKeys(pub, peerPub *[32]byte, rw io.ReadWriter) error {
if _, err := rw.Write(pub[:]); err != nil {
return err
}
if _, err := rw.Read(peerPub[:]); err != nil {
return err
}
return nil
}
// handshake sends our public key and returns the peer public key.
// The key exchange is done in plain text as allowed by the exercise.
func handshake(rw io.ReadWriter, pub *[32]byte) (*[32]byte, error) {
// send our public key
if _, err := rw.Write(pub[:]); err != nil {
return nil, err
}
// receive peer public key
var peerpub [32]byte
if _, err := io.ReadFull(rw, peerpub[:]); err != nil {
return nil, err
}
return &peerpub, nil
}
func runEcho(fd io.ReadWriter, done chan<- int) {
var buf [1024]byte
for {
n, err := fd.Read(buf[0:])
if err != nil || n == 0 || string(buf[:n]) == "END" {
break
}
fd.Write(buf[0:n])
}
done <- 1
}
func fsm_msg(conn io.ReadWriter, log io.Writer, args string) (next transition, rest string, err error) {
if !strings.HasSuffix(args, "\n") {
args = args + "\n"
}
_, err = fmt.Fprintf(log, "Message: %s", args)
if err == nil {
conn.Write(TEXT_message_logged)
} else {
conn.Write(TEXT_message_failed)
}
return fsm_start, "", err
}
func (r *Receiver) handleTransfer(conn io.ReadWriter) (
transfer.TransferResults, error,
) {
msg := fmt.Sprintf("ok - %d", r.iperfPort)
if _, err := conn.Write([]byte(msg)); err != nil {
return transfer.TransferResults{}, err
}
return runner.ListenAndServe(runner.ServerConfig{
ListenPort: r.iperfPort,
})
}
func runEcho(fd io.ReadWriter, done chan<- int) {
var buf [1024]byte;
for {
n, err := fd.Read(&buf);
if err != nil || n == 0 {
break
}
fd.Write(buf[0:n]);
}
done <- 1;
}
func exchangeKeys(pub *[32]byte, conn io.ReadWriter) (*[32]byte, error) {
_, err := conn.Write(pub[:])
if err != nil {
return nil, err
}
otherPub := [32]byte{}
_, err = conn.Read(otherPub[:])
if err != nil {
return nil, err
}
return &otherPub, nil
}