'use strict'; module.exports.create = function (deps, config) { console.log('config', config); //var PromiseA = global.Promise; var PromiseA = require('bluebird'); var listeners = require('./servers').listeners; var modules; function loadModules() { modules = {}; modules.tls = require('./modules/tls').create(deps, config, netHandler); modules.http = require('./modules/http.js').create(deps, config, modules.tls.middleware); } // opts = { servername, encrypted, peek, data, remoteAddress, remotePort } function peek(conn, firstChunk, opts) { if (!modules) { loadModules(); } opts.firstChunk = firstChunk; conn.__opts = opts; // TODO port/service-based routing can do here // TLS byte 1 is handshake and byte 6 is client hello if (0x16 === firstChunk[0]/* && 0x01 === firstChunk[5]*/) { modules.tls.emit('connection', conn); return; } // This doesn't work with TLS, but now that we know this isn't a TLS connection we can // unshift the first chunk back onto the connection for future use. The unshift should // happen after any listeners are attached to it but before any new data comes in. if (!opts.hyperPeek) { process.nextTick(function () { conn.unshift(firstChunk); }); } // Connection is not TLS, check for HTTP next. if (firstChunk[0] > 32 && firstChunk[0] < 127) { var firstStr = firstChunk.toString(); if (/HTTP\//i.test(firstStr)) { modules.http.emit('connection', conn); return; } } console.warn('failed to identify protocol from first chunk', firstChunk); conn.close(); } function netHandler(conn, opts) { opts = opts || {}; console.log('[netHandler]', conn.localAddress, conn.localPort, opts.encrypted); // XXX PEEK COMMENT XXX // TODO we can have our cake and eat it too // we can skip the need to wrap the TLS connection twice // because we've already peeked at the data, // but this needs to be handled better before we enable that // (because it creates new edge cases) if (opts.hyperPeek) { console.log('hyperpeek'); peek(conn, opts.firstChunk, opts); return; } conn.once('data', function (chunk) { peek(conn, chunk, opts); }); } function dnsListener(msg) { var dgram = require('dgram'); var socket = dgram.createSocket('udp4'); socket.send(msg, config.dns.proxy.port, config.dns.proxy.address || '127.0.0.1'); } function createTcpForwarder(mod) { return function (conn) { var newConnOpts = require('./domain-utils').separatePort(mod.address); ['remote', 'local'].forEach(function (end) { ['Family', 'Address', 'Port'].forEach(function (name) { newConnOpts[end+name] = conn[end+name]; }); }); deps.proxy(conn, newConnOpts); }; } deps.tunnel = deps.tunnel || {}; deps.tunnel.net = { createConnection: function (opts, cb) { console.log('[gl.tunnel] creating connection'); // here "reader" means the socket that looks like the connection being accepted // here "writer" means the remote-looking part of the socket that driving the connection var writer; var wrapOpts = {}; var rawTls = opts.tls || (0x16 === opts.data[0]) && (0x01 === opts.data[5]); function usePair(err, reader) { if (err) { process.nextTick(function () { writer.emit('error', err); }); return; } // this has the normal net/tcp stuff plus our custom stuff // opts = { address, port, // hostname, servername, tls, encrypted, data, localAddress, localPort, remoteAddress, remotePort, remoteFamily } Object.keys(opts).forEach(function (key) { wrapOpts[key] = opts[key]; try { reader[key] = opts[key]; } catch(e) { // can't set real socket getters, like remoteAddr } }); // A few more extra specialty options wrapOpts.localAddress = wrapOpts.localAddress || '127.0.0.2'; // TODO use the tunnel's external address wrapOpts.localPort = wrapOpts.localPort || 'tunnel-0'; try { reader._remoteAddress = wrapOpts.remoteAddress; reader._remotePort = wrapOpts.remotePort; reader._remoteFamily = wrapOpts.remoteFamily; reader._localAddress = wrapOpts.localAddress; reader._localPort = wrapOpts.localPort; reader._localFamily = wrapOpts.localFamily; } catch(e) { } netHandler(reader, wrapOpts); process.nextTick(function () { //opts.data = wrapOpts.data; // this cb will cause the stream to emit its (actually) first data event // (even though it already gave a peek into that first data chunk) console.log('[tunnel] callback, data should begin to flow'); cb(); }); } wrapOpts.firstChunk = opts.data; wrapOpts.hyperPeek = !!opts.data; // encrypted meaning is *terminated* TLS // tls meaning is *raw* TLS if (rawTls) { // TLS sockets must actually use a socket with a file descriptor // https://nodejs.org/api/net.html#net_class_net_socket writer = require('socket-pair').create(function (err, other) { usePair(err, other); }); } else { // stream-pair can only be used by TCP sockets, not tls writer = require('stream-pair').create(); usePair(null, writer.other); } return writer; } }; var listenPromises = []; var tcpPortMap = {}; function addPorts(bindList) { if (!bindList) { return; } if (Array.isArray(bindList)) { bindList.forEach(function (port) { tcpPortMap[port] = true; }); } else { tcpPortMap[bindList] = true; } } addPorts(config.tcp.bind); (config.tcp.modules || []).forEach(function (mod) { if (mod.name === 'forward') { var forwarder = createTcpForwarder(mod); mod.ports.forEach(function (port) { if (!tcpPortMap[port]) { console.log("forwarding port", port, "that wasn't specified in bind"); } else { delete tcpPortMap[port]; } listenPromises.push(listeners.tcp.add(port, forwarder)); }); } else { console.warn('unknown TCP module specified', mod); } }); // Even though these ports were specified in different places we treat any TCP // connections we haven't been told to just forward exactly as is equal so that // we can potentially use the same ports for different protocols. addPorts(config.tls.bind); addPorts(config.http.bind); Object.keys(tcpPortMap).forEach(function (port) { listenPromises.push(listeners.tcp.add(port, netHandler)); }); if (config.dns.bind) { if (Array.isArray(config.dns.bind)) { config.dns.bind.map(function (port) { listenPromises.push(listeners.udp.add(port, dnsListener)); }); } else { listenPromises.push(listeners.udp.add(config.dns.bind, dnsListener)); } } if (!config.mdns.disabled) { require('./mdns').start(deps, config); } return PromiseA.all(listenPromises); };