0.3.3

Changes

@@ -25,3 +25,7 @@
 0.3.2
     修复tunnel握手后转为tls的情况下udp无法代理
     优化TFO
+
+0.3.3
+    使用syscall设置TFO
+    tls可以不设置域名或证书(默认所有域名都可以)

cns.go

@@ -71,7 +71,7 @@ func handleCmd() {
 	if help == true {
 		fmt.Println("　/) /)\n" +
 			"ฅ(՞•ﻌ•՞)ฅ\n" +
-			"CuteBi Network Server 0.3.2\nAuthor: CuteBi(Mmmdbybyd)\nE-mail: 915445800@qq.com\n")
+			"CuteBi Network Server 0.3.3\nAuthor: CuteBi(Mmmdbybyd)\nE-mail: supercutename@gmail.com\n")
 		flag.Usage()
 		os.Exit(0)
 	}
@@ -81,6 +81,11 @@ func handleCmd() {
 		os.Exit(1)
 	}
 	if enable_daemon == true {
+		/*
+			cmd := exec.Command(os.Args[0], []string(append(os.Args[1:], "-daemon=false"))...)
+			cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
+			cmd.Start()
+		*/
 		exec.Command(os.Args[0], []string(append(os.Args[1:], "-daemon=false"))...).Start()
 		os.Exit(0)
 	}
@@ -93,7 +98,7 @@ func handleCmd() {
 	//有效uid不为0(root)的关闭tfo
 	if config.Enable_TFO == true && os.Geteuid() != 0 {
 		config.Enable_TFO = false
-		fmt.Println("TFO cannot be opened: CNS effective UID isn't 0(root).")
+		fmt.Println("Warnning: TFO cannot be opened: CNS effective UID isn't 0(root).")
 	}
 	if config.Pid_path != "" {
 		pidSaveToFile(config.Pid_path)
@@ -115,7 +120,7 @@ func initProcess() {
 func main() {
 	initProcess()
 	runtime.GOMAXPROCS(runtime.NumCPU())
-	if config.Tls.AutoCertHosts != nil || (config.Tls.CertFile != "" && config.Tls.KeyFile != "") {
+	if len(config.Tls.Listen_addr) > 0 {
 		config.Tls.makeCertificateConfig()
 		for i := len(config.Tls.Listen_addr) - 1; i >= 0; i-- {
 			go config.Tls.startTls(config.Tls.Listen_addr[i])

config/cns.json

@@ -21,14 +21,14 @@
 	"Enable_httpDNS": true,
 
 	"//": "开启tcpFastOpen, 可稍微加快创建连接速度(免流可能不适用), 默认关闭",
-	"Enable_TFO": true,
+	"Enable_TFO": false,
 
 	"//": "以下是tls配置",
 	"Tls": {
 		"//": "tls监听地址, 可设置多个",
 		"listen_addr": ["127.0.0.1:8978", "[::1]:1224", ":9635"],
 
-		"//": "自动生成指定host的ssl/tls证书",
+		"//": "自动生成指定host的ssl/tls证书(如果留空则所有host都可以连接)",
 		"AutoCertHosts": ["m.baidu.com", "yaohuo.me", "mymy.ip"],
 
 		"//": "手动指定cert和key文件, 两者必须同时存在",

dns.go

@@ -10,7 +10,7 @@ import (
 )
 
 func dns_tcpOverUdp(cConn net.Conn, host string, buffer []byte) {
-	//log.Println("Start dns_tcpOverUdp")
+	log.Println("Start dns_tcpOverUdp")
 	defer cConn.Close()
 
 	var err error
@@ -20,6 +20,7 @@ func dns_tcpOverUdp(cConn net.Conn, host string, buffer []byte) {
 		cConn.SetReadDeadline(time.Now().Add(config.Tcp_timeout))
 		RLen, err = cConn.Read(buffer[payloadLen:])
 		if RLen <= 0 || err != nil {
+			log.Println("cConn.Read():", err)
 			return
 		}
 		//解密
@@ -48,12 +49,15 @@ func dns_tcpOverUdp(cConn net.Conn, host string, buffer []byte) {
 	}
 	defer sConn.Close()
 	if WLen, err = sConn.Write(buffer[2:payloadLen]); WLen <= 0 || err != nil {
+		log.Println("sConn.Write():", err)
 		return
 	}
 	sConn.SetReadDeadline(time.Now().Add(config.Udp_timeout))
 	if RLen, err = sConn.Read(buffer[2:]); RLen <= 0 || err != nil {
+		log.Println("sConn.Read():", err)
 		return
 	}
+	fmt.Println("sConn.Read():", RLen)
 	//包长度转换
 	buffer[0] = byte(RLen >> 8)
 	buffer[1] = byte(RLen)

http_tunnel.go

@@ -6,8 +6,6 @@ import (
 	"log"
 	"net"
 	"time"
-
-	"./tfo"
 )
 
 func isHttpHeader(header []byte) bool {
@@ -42,6 +40,7 @@ func rspHeader(header []byte) []byte {
 
 func handleTunnel(cConn net.Conn, payload []byte, tlsConfig *tls.Config) {
 	cConn.SetReadDeadline(time.Now().Add(config.Tcp_timeout))
+
 	RLen, err := cConn.Read(payload)
 	if err != nil || RLen <= 0 {
 		cConn.Close()
@@ -79,10 +78,9 @@ func startHttpTunnel(listen_addr string) {
 		err      error
 	)
 
+	listener, err = net.Listen("tcp", listen_addr)
 	if config.Enable_TFO {
-		listener, err = tfo.Listen(listen_addr)
-	} else {
-		listener, err = net.Listen("tcp", listen_addr)
+		enableTcpFastopen(listener)
 	}
 	if err != nil {
 		log.Println(err)

sys_isNotWin.go

@@ -3,6 +3,8 @@
 package main
 
 import (
+	"log"
+	"net"
 	"syscall"
 )
 
@@ -13,3 +15,12 @@ func setMaxNofile() {
 func setsid() {
 	syscall.Setsid()
 }
+
+func enableTcpFastopen(listener net.Listener) {
+	const CNS_TCP_FASTOPEN int = 0x17
+	f, _ := listener.(*net.TCPListener).File()
+	if err := syscall.SetsockoptInt(int(f.Fd()), syscall.IPPROTO_TCP, CNS_TCP_FASTOPEN, 1); err != nil {
+		log.Println(err)
+	}
+	f.Close()
+}

sys_isWin.go

@@ -1,9 +1,29 @@
 // +build windows
 
+// isWin.go
 package main
 
+import (
+	"log"
+	"net"
+	"syscall"
+)
+
 func setMaxNofile() {
 }
 
 func setsid() {
 }
+
+func enableTcpFastopen(listener net.Listener) {
+	const CNS_TCP_FASTOPEN int = 0x17
+	f, err := listener.(*net.TCPListener).File()
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if err := syscall.SetsockoptInt(syscall.Handle(f.Fd()), syscall.IPPROTO_TCP, CNS_TCP_FASTOPEN, 1); err != nil {
+		log.Println(err)
+	}
+	f.Close()
+}

tcp.go

@@ -11,22 +11,24 @@ import (
 
 /* 把fromConn的数据转发到toConn */
 func tcpForward(fromConn, toConn net.Conn, payload []byte) {
-	defer fromConn.Close()
-	defer toConn.Close()
+	defer func() {
+		fromConn.Close()
+		toConn.Close()
+	}()
 
-	var RLen, CuteBi_XorCrypt_passwordSub int
+	var RLen, WLen, CuteBi_XorCrypt_passwordSub int
 	var err error
 	for {
 		fromConn.SetReadDeadline(time.Now().Add(config.Tcp_timeout))
 		toConn.SetReadDeadline(time.Now().Add(config.Tcp_timeout))
-		if RLen, err = fromConn.Read(payload); err != nil {
+		if RLen, err = fromConn.Read(payload); err != nil || RLen <= 0 {
 			return
 		}
 		if len(CuteBi_XorCrypt_password) != 0 {
 			CuteBi_XorCrypt_passwordSub = CuteBi_XorCrypt(payload[:RLen], CuteBi_XorCrypt_passwordSub)
 		}
 		toConn.SetWriteDeadline(time.Now().Add(config.Tcp_timeout))
-		if _, err = toConn.Write(payload[:RLen]); err != nil {
+		if WLen, err = toConn.Write(payload[:RLen]); err != nil || WLen <= 0 {
 			return
 		}
 	}

tlsSide.go

@@ -12,8 +12,6 @@ import (
 	"math/big"
 	"net"
 	"time"
-
-	"./tfo"
 )
 
 type TlsServer struct {
@@ -71,8 +69,10 @@ func (cnsTls *TlsServer) makeCertificateConfig() {
 			return
 		}
 		certs = append(certs, cer)
-	}
-	if cnsTls.AutoCertHosts != nil {
+	} else {
+		if cnsTls.AutoCertHosts == nil {
+			cnsTls.AutoCertHosts = []string{""}
+		}
 		for _, h := range cnsTls.AutoCertHosts {
 			cer, err := tls.X509KeyPair(createCertificate(h))
 			if err != nil {
@@ -91,10 +91,9 @@ func (cnsTls *TlsServer) startTls(listen_addr string) {
 		err      error
 	)
 
+	listener, err = net.Listen("tcp", listen_addr)
 	if config.Enable_TFO {
-		listener, err = tfo.Listen(listen_addr)
-	} else {
-		listener, err = net.Listen("tcp", listen_addr)
+		enableTcpFastopen(listener)
 	}
 	if err != nil {
 		log.Println(err)