Add option for concurrent transport

Useful only for high-end situations where a single connection
is throttled at 10MB/s somehow.

Makes traffic obfuscation less secure.
This commit is contained in:
klzgrad 2020-05-21 22:55:01 +08:00
parent 413194a1fa
commit 9313cff51d
5 changed files with 48 additions and 6 deletions

View File

@ -55,6 +55,7 @@ NaiveConnection::NaiveConnection(
const SSLConfig& proxy_ssl_config, const SSLConfig& proxy_ssl_config,
RedirectResolver* resolver, RedirectResolver* resolver,
HttpNetworkSession* session, HttpNetworkSession* session,
const NetworkIsolationKey& network_isolation_key,
const NetLogWithSource& net_log, const NetLogWithSource& net_log,
std::unique_ptr<StreamSocket> accepted_socket, std::unique_ptr<StreamSocket> accepted_socket,
const NetworkTrafficAnnotationTag& traffic_annotation) const NetworkTrafficAnnotationTag& traffic_annotation)
@ -66,6 +67,7 @@ NaiveConnection::NaiveConnection(
proxy_ssl_config_(proxy_ssl_config), proxy_ssl_config_(proxy_ssl_config),
resolver_(resolver), resolver_(resolver),
session_(session), session_(session),
network_isolation_key_(network_isolation_key),
net_log_(net_log), net_log_(net_log),
next_state_(STATE_NONE), next_state_(STATE_NONE),
client_socket_(std::move(accepted_socket)), client_socket_(std::move(accepted_socket)),
@ -239,8 +241,9 @@ int NaiveConnection::DoConnectServer() {
// Ignores socket limit set by socket pool for this type of socket. // Ignores socket limit set by socket pool for this type of socket.
return InitSocketHandleForRawConnect2( return InitSocketHandleForRawConnect2(
origin, session_, LOAD_IGNORE_LIMITS, MAXIMUM_PRIORITY, proxy_info_, origin, session_, LOAD_IGNORE_LIMITS, MAXIMUM_PRIORITY, proxy_info_,
server_ssl_config_, proxy_ssl_config_, PRIVACY_MODE_DISABLED, net_log_, server_ssl_config_, proxy_ssl_config_, PRIVACY_MODE_DISABLED,
server_socket_handle_.get(), io_callback_); network_isolation_key_, net_log_, server_socket_handle_.get(),
io_callback_);
} }
int NaiveConnection::DoConnectServerComplete(int result) { int NaiveConnection::DoConnectServerComplete(int result) {

View File

@ -28,6 +28,7 @@ class StreamSocket;
struct NetworkTrafficAnnotationTag; struct NetworkTrafficAnnotationTag;
struct SSLConfig; struct SSLConfig;
class RedirectResolver; class RedirectResolver;
class NetworkIsolationKey;
class NaiveConnection { class NaiveConnection {
public: public:
@ -55,6 +56,7 @@ class NaiveConnection {
const SSLConfig& proxy_ssl_config, const SSLConfig& proxy_ssl_config,
RedirectResolver* resolver, RedirectResolver* resolver,
HttpNetworkSession* session, HttpNetworkSession* session,
const NetworkIsolationKey& network_isolation_key,
const NetLogWithSource& net_log, const NetLogWithSource& net_log,
std::unique_ptr<StreamSocket> accepted_socket, std::unique_ptr<StreamSocket> accepted_socket,
const NetworkTrafficAnnotationTag& traffic_annotation); const NetworkTrafficAnnotationTag& traffic_annotation);
@ -107,6 +109,7 @@ class NaiveConnection {
const SSLConfig& proxy_ssl_config_; const SSLConfig& proxy_ssl_config_;
RedirectResolver* resolver_; RedirectResolver* resolver_;
HttpNetworkSession* session_; HttpNetworkSession* session_;
const NetworkIsolationKey& network_isolation_key_;
const NetLogWithSource& net_log_; const NetLogWithSource& net_log_;
CompletionRepeatingCallback io_callback_; CompletionRepeatingCallback io_callback_;

View File

@ -5,6 +5,7 @@
#include "net/tools/naive/naive_proxy.h" #include "net/tools/naive/naive_proxy.h"
#include <algorithm>
#include <utility> #include <utility>
#include "base/bind.h" #include "base/bind.h"
@ -28,12 +29,14 @@ namespace net {
NaiveProxy::NaiveProxy(std::unique_ptr<ServerSocket> listen_socket, NaiveProxy::NaiveProxy(std::unique_ptr<ServerSocket> listen_socket,
NaiveConnection::Protocol protocol, NaiveConnection::Protocol protocol,
bool use_padding, bool use_padding,
int concurrency,
RedirectResolver* resolver, RedirectResolver* resolver,
HttpNetworkSession* session, HttpNetworkSession* session,
const NetworkTrafficAnnotationTag& traffic_annotation) const NetworkTrafficAnnotationTag& traffic_annotation)
: listen_socket_(std::move(listen_socket)), : listen_socket_(std::move(listen_socket)),
protocol_(protocol), protocol_(protocol),
use_padding_(use_padding), use_padding_(use_padding),
concurrency_(std::min(4, std::max(1, concurrency))),
resolver_(resolver), resolver_(resolver),
session_(session), session_(session),
net_log_( net_log_(
@ -54,6 +57,10 @@ NaiveProxy::NaiveProxy(std::unique_ptr<ServerSocket> listen_socket,
session_->GetSSLConfig(&server_ssl_config_, &proxy_ssl_config_); session_->GetSSLConfig(&server_ssl_config_, &proxy_ssl_config_);
proxy_ssl_config_.disable_cert_verification_network_fetches = true; proxy_ssl_config_.disable_cert_verification_network_fetches = true;
for (int i = 0; i < concurrency_; i++) {
network_isolation_keys_.push_back(NetworkIsolationKey::CreateTransient());
}
DCHECK(listen_socket_); DCHECK(listen_socket_);
// Start accepting connections in next run loop in case when delegate is not // Start accepting connections in next run loop in case when delegate is not
// ready to get callbacks. // ready to get callbacks.
@ -110,9 +117,11 @@ void NaiveProxy::DoConnect() {
if (!use_padding_) { if (!use_padding_) {
pad_direction = NaiveConnection::kNone; pad_direction = NaiveConnection::kNone;
} }
last_id_++;
const auto& nik = network_isolation_keys_[last_id_ % concurrency_];
auto connection_ptr = std::make_unique<NaiveConnection>( auto connection_ptr = std::make_unique<NaiveConnection>(
++last_id_, protocol_, pad_direction, proxy_info_, server_ssl_config_, last_id_, protocol_, pad_direction, proxy_info_, server_ssl_config_,
proxy_ssl_config_, resolver_, session_, net_log_, std::move(socket), proxy_ssl_config_, resolver_, session_, nik, net_log_, std::move(socket),
traffic_annotation_); traffic_annotation_);
auto* connection = connection_ptr.get(); auto* connection = connection_ptr.get();
connection_by_id_[connection->id()] = std::move(connection_ptr); connection_by_id_[connection->id()] = std::move(connection_ptr);

View File

@ -8,10 +8,12 @@
#include <map> #include <map>
#include <memory> #include <memory>
#include <vector>
#include "base/macros.h" #include "base/macros.h"
#include "base/memory/weak_ptr.h" #include "base/memory/weak_ptr.h"
#include "net/base/completion_repeating_callback.h" #include "net/base/completion_repeating_callback.h"
#include "net/base/network_isolation_key.h"
#include "net/log/net_log_with_source.h" #include "net/log/net_log_with_source.h"
#include "net/proxy_resolution/proxy_info.h" #include "net/proxy_resolution/proxy_info.h"
#include "net/ssl/ssl_config.h" #include "net/ssl/ssl_config.h"
@ -32,6 +34,7 @@ class NaiveProxy {
NaiveProxy(std::unique_ptr<ServerSocket> server_socket, NaiveProxy(std::unique_ptr<ServerSocket> server_socket,
NaiveConnection::Protocol protocol, NaiveConnection::Protocol protocol,
bool use_padding, bool use_padding,
int concurrency,
RedirectResolver* resolver, RedirectResolver* resolver,
HttpNetworkSession* session, HttpNetworkSession* session,
const NetworkTrafficAnnotationTag& traffic_annotation); const NetworkTrafficAnnotationTag& traffic_annotation);
@ -57,6 +60,7 @@ class NaiveProxy {
std::unique_ptr<ServerSocket> listen_socket_; std::unique_ptr<ServerSocket> listen_socket_;
NaiveConnection::Protocol protocol_; NaiveConnection::Protocol protocol_;
bool use_padding_; bool use_padding_;
int concurrency_;
ProxyInfo proxy_info_; ProxyInfo proxy_info_;
SSLConfig server_ssl_config_; SSLConfig server_ssl_config_;
SSLConfig proxy_ssl_config_; SSLConfig proxy_ssl_config_;
@ -68,6 +72,8 @@ class NaiveProxy {
std::unique_ptr<StreamSocket> accepted_socket_; std::unique_ptr<StreamSocket> accepted_socket_;
std::vector<NetworkIsolationKey> network_isolation_keys_;
std::map<unsigned int, std::unique_ptr<NaiveConnection>> connection_by_id_; std::map<unsigned int, std::unique_ptr<NaiveConnection>> connection_by_id_;
const NetworkTrafficAnnotationTag& traffic_annotation_; const NetworkTrafficAnnotationTag& traffic_annotation_;

View File

@ -11,6 +11,7 @@
#include "base/at_exit.h" #include "base/at_exit.h"
#include "base/command_line.h" #include "base/command_line.h"
#include "base/feature_list.h"
#include "base/files/file_path.h" #include "base/files/file_path.h"
#include "base/json/json_file_value_serializer.h" #include "base/json/json_file_value_serializer.h"
#include "base/json/json_writer.h" #include "base/json/json_writer.h"
@ -83,6 +84,7 @@ struct CommandLine {
std::string listen; std::string listen;
std::string proxy; std::string proxy;
bool padding; bool padding;
std::string concurrency;
std::string extra_headers; std::string extra_headers;
std::string host_resolver_rules; std::string host_resolver_rules;
std::string resolver_range; std::string resolver_range;
@ -97,6 +99,7 @@ struct Params {
std::string listen_addr; std::string listen_addr;
int listen_port; int listen_port;
bool use_padding; bool use_padding;
int concurrency;
net::HttpRequestHeaders extra_headers; net::HttpRequestHeaders extra_headers;
std::string proxy_url; std::string proxy_url;
base::string16 proxy_user; base::string16 proxy_user;
@ -136,6 +139,7 @@ void GetCommandLine(const base::CommandLine& proc, CommandLine* cmdline) {
"--proxy=<proto>://[<user>:<pass>@]<hostname>[:<port>]\n" "--proxy=<proto>://[<user>:<pass>@]<hostname>[:<port>]\n"
" proto: https, quic\n" " proto: https, quic\n"
"--padding Use padding\n" "--padding Use padding\n"
"--concurrency=<N> Use N connections, less secure\n"
"--extra-headers=... Extra headers split by CRLF\n" "--extra-headers=... Extra headers split by CRLF\n"
"--host-resolver-rules=... Resolver rules\n" "--host-resolver-rules=... Resolver rules\n"
"--resolver-range=... Redirect resolver range\n" "--resolver-range=... Redirect resolver range\n"
@ -154,6 +158,7 @@ void GetCommandLine(const base::CommandLine& proc, CommandLine* cmdline) {
cmdline->listen = proc.GetSwitchValueASCII("listen"); cmdline->listen = proc.GetSwitchValueASCII("listen");
cmdline->proxy = proc.GetSwitchValueASCII("proxy"); cmdline->proxy = proc.GetSwitchValueASCII("proxy");
cmdline->padding = proc.HasSwitch("padding"); cmdline->padding = proc.HasSwitch("padding");
cmdline->concurrency = proc.GetSwitchValueASCII("concurrency");
cmdline->extra_headers = proc.GetSwitchValueASCII("extra-headers"); cmdline->extra_headers = proc.GetSwitchValueASCII("extra-headers");
cmdline->host_resolver_rules = cmdline->host_resolver_rules =
proc.GetSwitchValueASCII("host-resolver-rules"); proc.GetSwitchValueASCII("host-resolver-rules");
@ -188,6 +193,10 @@ void GetCommandLineFromConfig(const base::FilePath& config_path,
cmdline->proxy = *proxy; cmdline->proxy = *proxy;
} }
cmdline->padding = value->FindBoolKey("padding").value_or(false); cmdline->padding = value->FindBoolKey("padding").value_or(false);
const auto* concurrency = value->FindStringKey("concurrency");
if (concurrency) {
cmdline->concurrency = *concurrency;
}
const auto* extra_headers = value->FindStringKey("extra-headers"); const auto* extra_headers = value->FindStringKey("extra-headers");
if (extra_headers) { if (extra_headers) {
cmdline->extra_headers = *extra_headers; cmdline->extra_headers = *extra_headers;
@ -286,6 +295,16 @@ bool ParseCommandLine(const CommandLine& cmdline, Params* params) {
params->use_padding = cmdline.padding; params->use_padding = cmdline.padding;
if (!cmdline.concurrency.empty()) {
if (!base::StringToInt(cmdline.concurrency, &params->concurrency) ||
params->concurrency < 1 || params->concurrency > 4) {
std::cerr << "Invalid concurrency" << std::endl;
return false;
}
} else {
params->concurrency = 1;
}
params->extra_headers.AddHeadersFromString(cmdline.extra_headers); params->extra_headers.AddHeadersFromString(cmdline.extra_headers);
params->host_resolver_rules = cmdline.host_resolver_rules; params->host_resolver_rules = cmdline.host_resolver_rules;
@ -473,6 +492,8 @@ std::unique_ptr<URLRequestContext> BuildURLRequestContext(
} // namespace net } // namespace net
int main(int argc, char* argv[]) { int main(int argc, char* argv[]) {
base::FeatureList::InitializeInstance(
"PartitionConnectionsByNetworkIsolationKey", std::string());
base::SingleThreadTaskExecutor io_task_executor(base::MessagePumpType::IO); base::SingleThreadTaskExecutor io_task_executor(base::MessagePumpType::IO);
base::ThreadPoolInstance::CreateAndStartWithDefaultParams("naive"); base::ThreadPoolInstance::CreateAndStartWithDefaultParams("naive");
base::AtExitManager exit_manager; base::AtExitManager exit_manager;
@ -588,8 +609,8 @@ int main(int argc, char* argv[]) {
} }
net::NaiveProxy naive_proxy(std::move(listen_socket), params.protocol, net::NaiveProxy naive_proxy(std::move(listen_socket), params.protocol,
params.use_padding, resolver.get(), session, params.use_padding, params.concurrency,
kTrafficAnnotation); resolver.get(), session, kTrafficAnnotation);
base::RunLoop().Run(); base::RunLoop().Run();