Пример #1
0
func read() {
	log.Tracef("Reading settings messages!!")
	for msg := range service.In {
		log.Tracef("Read settings message!! %q", msg)
		settings := (msg).(map[string]interface{})
		config.Update(func(updated *config.Config) error {

			if autoReport, ok := settings["autoReport"].(bool); ok {
				// turn on/off analaytics reporting
				if autoReport {
					analytics.StartService()
				} else {
					analytics.StopService()
				}
				baseSettings.AutoReport = autoReport
				*updated.AutoReport = autoReport
			} else if proxyAll, ok := settings["proxyAll"].(bool); ok {
				baseSettings.ProxyAll = proxyAll
				updated.Client.ProxyAll = proxyAll
			} else if autoLaunch, ok := settings["autoLaunch"].(bool); ok {
				launcher.CreateLaunchFile(autoLaunch)
				baseSettings.AutoLaunch = autoLaunch
				*updated.AutoLaunch = autoLaunch
			}
			return nil
		})
	}
}
Пример #2
0
func read() {
	log.Tracef("Reading settings messages!!")
	for msg := range service.In {
		log.Tracef("Read settings message!! %q", msg)
		settings := (msg).(map[string]interface{})
		err := config.Update(func(updated *config.Config) error {

			if autoReport, ok := settings["autoReport"].(bool); ok {
				baseSettings.AutoReport = autoReport
				*updated.AutoReport = autoReport
			} else if proxyAll, ok := settings["proxyAll"].(bool); ok {
				baseSettings.ProxyAll = proxyAll
				updated.Client.ProxyAll = proxyAll
			} else if autoLaunch, ok := settings["autoLaunch"].(bool); ok {
				launcher.CreateLaunchFile(autoLaunch)
				baseSettings.AutoLaunch = autoLaunch
				*updated.AutoLaunch = autoLaunch
			}
			return nil
		})
		if err != nil {
			log.Errorf("Unable to update settings: %v", err)
		}
	}
}
Пример #3
0
func read() {
	for msg := range service.In {
		config.Update(func(updated *config.Config) error {
			log.Debugf("Applying update from UI")
			updated.ProxiedSites.Delta.Merge(msg.(*proxiedsites.Delta))
			return nil
		})
	}
}
Пример #4
0
// Runs the server-side proxy
func runServerProxy(cfg *config.Config) {
	useAllCores()

	pkFile, err := config.InConfigDir("proxypk.pem")
	if err != nil {
		log.Fatal(err)
	}
	certFile, err := config.InConfigDir("servercert.pem")
	if err != nil {
		log.Fatal(err)
	}

	updateServerSideConfigClient(cfg)

	srv := &server.Server{
		Addr:         cfg.Addr,
		ReadTimeout:  0, // don't timeout
		WriteTimeout: 0,
		CertContext: &fronted.CertContext{
			PKFile:         pkFile,
			ServerCertFile: certFile,
		},
		AllowedPorts: []int{80, 443, 8080, 8443, 5222, 5223, 5228},

		// We've observed high resource consumption from these countries for
		// purposes unrelated to Lantern's mission, so we disallow them.
		BannedCountries: []string{"PH"},
	}

	srv.Configure(cfg.Server)

	// Continually poll for config updates and update server accordingly
	go func() {
		for {
			cfg := <-configUpdates
			updateServerSideConfigClient(cfg)
			if err := statreporter.Configure(cfg.Stats); err != nil {
				log.Debugf("Error configuring statreporter: %v", err)
			}

			srv.Configure(cfg.Server)
		}
	}()

	err = srv.ListenAndServe(func(update func(*server.ServerConfig) error) {
		err := config.Update(func(cfg *config.Config) error {
			return update(cfg.Server)
		})
		if err != nil {
			log.Errorf("Error while trying to update: %v", err)
		}
	})
	if err != nil {
		log.Fatalf("Unable to run server proxy: %s", err)
	}
}
Пример #5
0
// Runs the server-side proxy
func runServerProxy(cfg *config.Config) {
	useAllCores()

	pkFile, err := config.InConfigDir("proxypk.pem")
	if err != nil {
		log.Fatal(err)
	}
	certFile, err := config.InConfigDir("servercert.pem")
	if err != nil {
		log.Fatal(err)
	}

	updateServerSideConfigClient(cfg)

	srv := &server.Server{
		Addr:         cfg.Addr,
		ReadTimeout:  0, // don't timeout
		WriteTimeout: 0,
		CertContext: &fronted.CertContext{
			PKFile:         pkFile,
			ServerCertFile: certFile,
		},
		AllowedPorts: []int{80, 443, 8080, 8443, 5222, 5223, 5228},

		// We allow all censored countries plus us, es, mx, and gb because we do work
		// and testing from those countries.
		AllowedCountries: []string{"US", "ES", "MX", "GB", "CN", "VN", "IN", "IQ", "IR", "CU", "SY", "SA", "BH", "ET", "ER", "UZ", "TM", "PK", "TR", "VE"},
	}

	srv.Configure(cfg.Server)

	// Continually poll for config updates and update server accordingly
	go func() {
		for {
			cfg := <-configUpdates
			updateServerSideConfigClient(cfg)
			statreporter.Configure(cfg.Stats)
			srv.Configure(cfg.Server)
		}
	}()

	err = srv.ListenAndServe(func(update func(*server.ServerConfig) error) {
		err := config.Update(func(cfg *config.Config) error {
			return update(cfg.Server)
		})
		if err != nil {
			log.Errorf("Error while trying to update: %v", err)
		}
	})
	if err != nil {
		log.Fatalf("Unable to run server proxy: %s", err)
	}
}
Пример #6
0
// TestCloudFlare tests to make sure that a client and server can communicate
// with each other to proxy traffic for an HTTP client using the CloudFlare
// protocol.  This does not test actually running through CloudFlare and just
// uses a local HTTP server to serve the test content.
func TestCloudFlare(t *testing.T) {
	// Set up a mock HTTP server
	mockServer := &MockServer{}
	err := mockServer.init()
	if err != nil {
		t.Fatalf("Unable to init mock HTTP(S) server: %s", err)
	}
	defer mockServer.deleteCerts()

	mockServer.run(t)
	waitForServer(HTTP_ADDR, 5*time.Second, t)
	waitForServer(HTTPS_ADDR, 5*time.Second, t)

	// Set up a mock CloudFlare
	cf := &MockCloudFlare{}
	err = cf.init()
	if err != nil {
		t.Fatalf("Unable to init mock CloudFlare: %s", err)
	}
	defer cf.deleteCerts()

	go func() {
		err := cf.run(t)
		if err != nil {
			t.Fatalf("Unable to run mock CloudFlare: %s", err)
		}
	}()
	waitForServer(CF_ADDR, 5*time.Second, t)

	// Set up common certContext for proxies
	certContext := &fronted.CertContext{
		PKFile:         randomTempPath(),
		ServerCertFile: randomTempPath(),
	}
	defer os.Remove(certContext.PKFile)
	defer os.Remove(certContext.ServerCertFile)

	// Run server proxy
	srv := &server.Server{
		Addr:                       SERVER_ADDR,
		ReadTimeout:                0, // don't timeout
		WriteTimeout:               0,
		CertContext:                certContext,
		AllowNonGlobalDestinations: true,
	}
	srv.Configure(&server.ServerConfig{})
	go func() {
		err := srv.ListenAndServe(func(update func(*server.ServerConfig) error) {
			err := config.Update(func(cfg *config.Config) error {
				return update(cfg.Server)
			})
			if err != nil {
				log.Errorf("Error while trying to update: %v", err)
			}
		})
		if err != nil {
			t.Fatalf("Unable to run server: %s", err)
		}
	}()
	waitForServer(SERVER_ADDR, 5*time.Second, t)

	// Give servers time to finish startup
	time.Sleep(250 * time.Millisecond)

	clt := &client.Client{
		Addr:         CLIENT_ADDR,
		ReadTimeout:  0, // don't timeout
		WriteTimeout: 0,
	}

	globals.SetTrustedCAs([]string{
		"-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n",
		string(cf.certContext.ServerCert.PEMEncoded()),
	})
	clt.Configure(&client.ClientConfig{
		MasqueradeSets: map[string][]*fronted.Masquerade{
			"cloudflare": []*fronted.Masquerade{
				&fronted.Masquerade{
					Domain: HOST,
				},
			},
		},
		FrontedServers: []*client.FrontedServerInfo{
			&client.FrontedServerInfo{Host: HOST, Port: CF_PORT, Weight: 100, MasqueradeSet: "cloudflare"},
		},
	})
	go func() {
		err := clt.ListenAndServe(func() {})
		if err != nil {
			t.Fatalf("Unable to run client: %s", err)
		}
	}()
	waitForServer(CLIENT_ADDR, 2*time.Second, t)

	// Test various scenarios
	certPool := mockServer.certContext.ServerCert.PoolContainingCert()
	testRequest("Plain Text Request", t, mockServer.requests, false, certPool, 200, nil)
	testRequest("HTTPS Request", t, mockServer.requests, true, certPool, 200, nil)
	testRequest("HTTPS Request without server Cert", t, mockServer.requests, true, nil, 200, fmt.Errorf("Get https://"+HTTPS_ADDR+": x509: certificate signed by unknown authority"))
}