put ssh detection on full auto
This commit is contained in:
parent
4368569b25
commit
af9a7c5812
|
@ -1,6 +1,7 @@
|
|||
agree_tos: true # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
|
||||
community_member: true # receive infrequent relevant updates
|
||||
telemetry: true # contribute to project telemetric data
|
||||
ssh_auto: 22 # forward ssh-looking packets, from any connection, to port 22
|
||||
remote_options:
|
||||
https_redirect: true # redirect http to https remotely (default)
|
||||
local_ports: # ports to forward
|
||||
|
|
|
@ -56,6 +56,16 @@ module.exports.assign = function (state, tun, cb) {
|
|||
console.log('first message from', tun);
|
||||
var net = state.net || require('net');
|
||||
|
||||
function trySsh(tun, cb) {
|
||||
// https://security.stackexchange.com/questions/43231/plausibly-deniable-ssh-does-it-make-sense?rq=1
|
||||
// https://tools.ietf.org/html/rfc4253#section-4.2
|
||||
if (false === state.config.ssh_auto || 'SSH-2.0-' !== tun.data.slice(0, 8).toString()) {
|
||||
cb(null, false);
|
||||
return;
|
||||
}
|
||||
cb(null, getNetConn(state.config.sshPort || 22));
|
||||
}
|
||||
|
||||
var handlers = {};
|
||||
handlers.http = function (socket) {
|
||||
if (!state.greenlock) {
|
||||
|
@ -201,11 +211,30 @@ module.exports.assign = function (state, tun, cb) {
|
|||
//console.log('[hit tls server]', tlsSocket.remoteFamily, tlsSocket.remoteAddress, tlsSocket.remotePort, tlsSocket.localPort);
|
||||
//console.log(addr);
|
||||
var conf = state.config.servernames[tlsSocket.servername];
|
||||
if (!conf || !conf.handler) {
|
||||
handlers.https(tlsSocket);
|
||||
return;
|
||||
}
|
||||
invokeHandler(conf, tlsSocket, tun, id);
|
||||
tlsSocket.once('data', function (firstChunk) {
|
||||
tlsSocket.pause();
|
||||
//tlsSocket.unshift(firstChunk);
|
||||
tlsSocket._handle.onread(firstChunk.length, firstChunk);
|
||||
|
||||
trySsh({ data: firstChunk }, function (err, conn) {
|
||||
process.nextTick(function () { tlsSocket.resume(); });
|
||||
|
||||
if (conn) {
|
||||
conn.pipe(tlsSocket);
|
||||
tlsSocket.pipe(conn);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!conf || !conf.handler) {
|
||||
console.log('https default handler');
|
||||
handlers.https(tlsSocket);
|
||||
return;
|
||||
}
|
||||
|
||||
console.log('https invokeHandler');
|
||||
invokeHandler(conf, tlsSocket, tun, id);
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -284,19 +313,11 @@ module.exports.assign = function (state, tun, cb) {
|
|||
return;
|
||||
}
|
||||
|
||||
function trySsh(tun) {
|
||||
// https://security.stackexchange.com/questions/43231/plausibly-deniable-ssh-does-it-make-sense?rq=1
|
||||
// https://tools.ietf.org/html/rfc4253#section-4.2
|
||||
if ('SSH-2.0-' !== tun.data.slice(0, 8).toString()) {
|
||||
return false;
|
||||
}
|
||||
cb(null, getNetConn(state.config.sshPort || 22));
|
||||
return true;
|
||||
}
|
||||
|
||||
if ('tcp' === tun.service) {
|
||||
if (trySsh(tun)) { return; }
|
||||
cb(new Error("No TCP handler"));
|
||||
trySsh(tun, function (err, conn) {
|
||||
if (conn) { cb(null, conn); return; }
|
||||
cb(new Error("No TCP handler"));
|
||||
});
|
||||
}
|
||||
|
||||
console.warn("Unknown service '" + tun.service + "'");
|
||||
|
|
Loading…
Reference in New Issue