Commit Graph

71 Commits

Author SHA1 Message Date
klzgrad
689f16f0d7 Revert "Remove concurrency limit"
This reverts commit f1a4973601.

This iss actually mistakenly added due to incorrect test setup.
2020-10-09 22:01:37 +08:00
klzgrad
c773f0ceb1 Revert "Use python3 in build if python2 is not found"
This reverts commit b63fbe9d8a.

Sysroot scripts still use python2
2020-10-03 16:11:27 +08:00
klzgrad
f1a4973601 Remove concurrency limit 2020-10-03 09:01:43 +08:00
klzgrad
33ddf2955b
Update README.md [skip ci] 2020-10-02 15:53:57 +08:00
klzgrad
411f0e042c Enable QUIC support 2020-10-02 14:54:13 +08:00
klzgrad
55e0f463be
Update README.md [skip ci]
In Caddyfile rename forwardproxy to forward_proxy and basicauth to basic_auth.
2020-10-02 11:24:04 +08:00
klzgrad
b6f7075332
Update README.md
[skip ci]
2020-10-02 02:57:24 +08:00
CN_SZTL
a6f5b9e126
build: Add mips64el & i386 OpenWrt toolchain definitions
OpenWrt has arch mips64el and i386, add here to support them.

Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
2020-10-01 08:42:11 +08:00
klzgrad
b63fbe9d8a Use python3 in build if python2 is not found 2020-09-30 21:57:59 +08:00
klzgrad
abc2387bd4
Update README.md to Caddy v2 with Caddyfile 2020-09-27 04:40:39 +08:00
klzgrad
4a944da697 Fix HttpProxySocket early data return value 2020-09-10 19:43:49 +08:00
klzgrad
458c165811 Fix lint 2020-09-06 17:19:23 +08:00
klzgrad
529ff77c85 Disable logging in example caddy.json 2020-09-04 22:33:08 +08:00
klzgrad
6aa7923585 Fix special characters in password 2020-09-04 22:32:56 +08:00
klzgrad
e9ff6f6092 Add PGO build for Win and Mac 2020-08-30 01:26:25 +08:00
klzgrad
0c40902920 Add continuous integration and tests 2020-08-30 01:26:24 +08:00
klzgrad
b615fd8d2d Add build scripts 2020-08-30 01:26:24 +08:00
klzgrad
a9b601e4cf Add example config.json 2020-08-30 01:26:24 +08:00
klzgrad
1d5de4752d Add README 2020-08-30 01:26:24 +08:00
klzgrad
45cab09c9c Add LICENSE 2020-08-30 01:26:24 +08:00
klzgrad
6cceaadff1 Add source import tool 2020-08-30 01:26:24 +08:00
klzgrad
282854dcb9 Add .gitignore 2020-08-30 01:26:24 +08:00
klzgrad
51b2b9de15 Raise initial padding number to 8
Protect initial handshake lengths.

Common client initial sequence:

- TLS: ClientHello
- TLS: ChangeCipherSpec, Finished
- H2: Magic, SETTINGS, WINDOW_UPDATE
- H2: HEADERS: GET
- H2: SETTINGS ACK

Common server initial sequence:

- TLS: ServerHello, ChangeCipherSpec, ...
- TLS: Certificate, ...
- H2: SETTINGS
- H2: WINDOW_UPDATE
- H2: SETTINGS ACK
- H2: HEADERS: 200 OK
2020-08-30 01:26:24 +08:00
klzgrad
c6cbfd3297 Negotiate padding capability automatically
Client: On the first connection does a full Open and detects if the
server supports padding by checking for "Padding" header in the
response. Applies padding if the server does. In the following
connections it's back to Fast Open.

Server: Detects if the client supports padding by checking for "Padding"
header in the CONNECT request. Applies padding if the client does.

Both client and server always send "Padding" headers to somewhat protect
the request and response headers' packet lengths, even if the other side
may not acknowledge padding negotiation, either due to old version or
"Padding" headers being dropped by the frontend.

The manual option --padding is removed.
2020-08-30 01:26:24 +08:00
klzgrad
08a1dafc3a Prevents padding headers from being indexed 2020-08-30 01:26:24 +08:00
klzgrad
a00a2ec912 Add option for concurrent transport
Useful only for high-end situations where a single connection
is throttled at 10MB/s somehow.

Makes traffic obfuscation less secure.
2020-08-30 01:26:24 +08:00
klzgrad
747beed87b Add --extra-headers option 2020-08-30 01:26:24 +08:00
klzgrad
ba26797078 Add cert net fetcher 2020-08-30 01:26:24 +08:00
klzgrad
337bcbe062 Redirect DNS for redir://
Run a fake stub DNS resolver at the same port with redir://.
2020-08-30 01:26:24 +08:00
klzgrad
3e97ce7c5f Handle payload data immediately after HTTP headers
In HttpProxySocket there can be data immediately after HTTP headers,
as in the case of fast HTTP CONNECT.

Instead of reporting an error, handle this case by returning
the data after HTTP headers in the next Read() call.
2020-08-30 01:26:24 +08:00
klzgrad
c430844821 Support TCP transparent proxying
Enable with naive --listen=redir:// and iptables ... -j REDIRECT
--to-ports 1080.
2020-08-30 01:26:24 +08:00
klzgrad
dd32fee7af Support loading config.json 2020-08-30 01:26:24 +08:00
klzgrad
ac4c924d09 Add QUIC client 2020-08-30 01:26:24 +08:00
klzgrad
b8f94cc4b5 Add http_proxy_socket to BUILD.gn 2020-08-30 01:26:24 +08:00
klzgrad
3fb58d483a Add server implementation and tunnel padding 2020-08-30 01:26:24 +08:00
klzgrad
05e45f459b Add Naive client to BUILD.gn 2020-08-30 01:26:24 +08:00
klzgrad
9a0bbc2e30 naive proxy bin Fix base::Value usage 2020-08-30 01:26:24 +08:00
klzgrad
6fe3ed64af Add initial implementation of Naive client 2020-08-30 01:26:24 +08:00
klzgrad
3fcb1cdfdd build: Add sysroot creator script 2020-08-30 01:26:23 +08:00
klzgrad
6d1ff2da90 build: Remove sysroot pipewire workaround 2020-08-30 01:26:23 +08:00
klzgrad
0e46847022 build: Pass extra flags to gcc toolchains 2020-08-30 01:26:23 +08:00
klzgrad
779806dbf0 build: Add OpenWrt toolchain definitions 2020-08-30 01:26:23 +08:00
klzgrad
25bd7cd9cc build: Support MIPS -mtune= flag 2020-08-30 01:26:23 +08:00
klzgrad
e62818b75a build: Support ARM build without FPU 2020-08-30 01:26:23 +08:00
klzgrad
dfc2c39507 build: Support ARM -mcpu= flag 2020-08-30 01:26:22 +08:00
klzgrad
69a6617c0f build: Don't use sysroot for host_toolchain
protoc should be built with the host toolchain, usually not needing
the sysroot.
2020-08-29 23:06:39 +08:00
klzgrad
1120f63c39 build: Support non-standard ldso in executables 2020-08-29 23:06:39 +08:00
klzgrad
da114a105a allocator: Improve MIPS coverage of spinlocks 2020-08-29 23:06:39 +08:00
klzgrad
97e197e9fe debug: Fix obsolete max check 2020-08-29 23:06:39 +08:00
klzgrad
a6d62f2910 debug: Fix uClibc macro condition 2020-08-29 23:06:39 +08:00