kpx

package module
v1.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2024 License: MIT Imports: 55 Imported by: 0

README

kpx - Kerberos proxy with dynamic proxy selection

kpx is a configurable authentication proxy, that can be used to:

  • route traffic to different remote proxies based on url
  • stop traffic for specific url
  • inject credential for remote proxies, allowing to use proxy without setting credentials
  • support kerberos and basic credentials
  • support kerberos native authentication on Windows and Linux (and MacOS?)
  • support remote http and socks proxies
  • internally developed, allowing to add features when necessary, like proxy failover, regex rules, password caching, PAC support, ...
  • multi-platform binaries, for Windows, Linux and MacOS
  • support automatic update and restart when configured
  • experimental features like connection-pools (reuse http connections when possible) and hosts-cache (cache proxy lookup result by host:port, incompatible with url matching)

Alternatives tools that can be used:

Also check the Notes below for specific configuration tips.

Installation

Download the latest release from the releases page.

TL;DR

Start a krb-proxy on 127.0.0.1:8888:

$ krb-proxy -u user_login@example.com -l 8888 proxy:8080

Start a krb-proxy on 0.0.0.0:8888:

$ krb-proxy -u user_login@example.com -l 0.0.0.0:8888 proxy:8080

Start a krb-proxy with the default krb-proxy.yaml config file:

$ krb-proxy

Start a krb-proxy with a specific my-config.yaml file:

$ krb-proxy -c my-config.yaml

Usage

The kpx binary comes with default kerberos settings, however you might want to add specific configurations related to you kerberos environment, like default domain names or aliases.

An example of how to do this can be found here.

Temporary proxy without configuration file

When used like this, the program will exit automatically after 1 hour, to prevent kpx from running forever.

# Start a proxy on port 8888
$ kpx -u user_login@example.com -l 8888 proxy:8080
Credential [user] - Enter password for user 'user_login': *********
2022/08/24 09:07:17 [-] Proxy build 2022-08-23 15:30:59 started on 127.0.0.1:1237
2022/08/24 09:07:17 [-] Use http://127.0.0.1:1237 as you proxy url
2022/08/24 09:07:17 [-] Proxy pac is available at http://127.0.0.1:1237/proxy.pac
2022/08/24 09:07:17 [-] Proxy will exit automatically in 3600 seconds

# Check it
$ curl -x 127.0.0.1:8888 https://www.google.com -v |& grep HTTP/
> CONNECT www.google.com:443 HTTP/1.1
< HTTP/1.0 200 Connection established
> GET / HTTP/1.1
< HTTP/1.1 200 OK

# Alternative 1 - use proxy function to set proxy
$ proxy 8888
$ proxy curl https://www.google.com

# Alternative 2 - or in one-liner command
$ proxy 8888 curl https://www.google.com

# Alternative 3 - manually set https_proxy and/or http_prpxy
$ export https_proxy=http://127.0.0.1:8888
$ curl https://www.google.com

Common usage:

  • Bind to all networks and not only 127.0.0.1: -l 0.0.0.0:8888
Complex configuration with configuration file

Configure:

  • Create a kpx.yaml file, or use option -c to specify configuration file location
  • Configuration can contain encrypted password, to encrypt them use kpx -e
  • Start kpx with configuration file: kpx [-c CONFIG]

Configuration example:

bind: 127.0.0.1
port: 8888
verbose: true
debug: false

proxies:
  pac-mkt:
    type: pac
    url: http://broproxycfg.int.world.company/ProxyPac/proxy.pac
    credentials: kerberos   # use native OS kerberos
  pac-ret:
    type: pac
    url: http://broproxycfg.int.world.company/ProxyPac/proxy.pac
    credentials: user
  mkt:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-mkt.int.world.company
    port: 8080
    credential: kerberos   # use native OS kerberos
    pac: proxy-mkt*
  ret:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-sgt.si.company
    port: 8080
    credential: user
    pac: proxy-sgt*
  ret-o365:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-sgt-o365.si.company
    port: 8080
    credential: user
  mkt-o365:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-mkt-o365.si.company
    port: 8080
    credential: user

credentials:
  user:
    login: x123456
    password: encrypted:sfjlqsjfljsdqklfjmsklqjfqzioeuripouzfjklsdjmflsd==

rules:
# broproxycfg must be excluded to allow downloading PAC directly - this is necessary only when working with intellij with a proxy configured 
  - host: "broproxycfg.int.world.company"
    proxy: direct
# redirect all to pac
  - host: "*"
    proxy: pac-ret
Help
$ kpx -h

# listen to this ip, use 0.0.0.0 to listen on all ips
bind: 127.0.0.1
# listen to this port
port: 7777
# set verbose to see all requests
verbose: true
# set debug to view all requests and responses headers
debug: true
# set debug to view everything
trace: false
# timeout for connecting
connectTimeout: 10
# timeout for existing connections, waiting for incoming data
idleTimeout: 0
# timeout for closing connections after one side closed it, allowing to flush the remaining buffered data
closeTimeout: 10
# check for updates, defaults to true
check: true
# automatically update, defaults to false
update: false
# exit after update, defaults to false, use only if a restart mechanism is implemented outside
restart: false

# list of proxies
proxies:
# sample of a PAC proxy. 'credentials' is used to list the users we need to get login/password on startup
  pac-mkt:
    type: pac
    url: http://broproxycfg.int.world.company/ProxyPac/proxy.pac
    credentials: user
# another PAC proxy. verbosity can also be set at proxy level. multiple credentials can also be used if resolved proxy may use different credentiels
  pac-ret:
    type: pac
    url: http://broproxycfg.int.world.company/ProxyPac/proxy.pac
    credentials: user user2
    verbose: true
# another PAC proxy. native kerberos can also be used on Windows and Linux (and MacOS?) 
  pac-krb:
    type: pac
    url: http://broproxycfg.int.world.company/ProxyPac/proxy.pac
    credentials: kerberos
# sample of kerberos proxy. 'pac' is used to get the kerberos realm in PAC proxies at runtime
  mkt:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-mkt.int.world.company
    port: 8080
    credential: user
    pac: proxy-mkt*
  ret:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-sgt.si.company
    port: 8080
    credential: user
    pac: proxy-sgt*
  krb:
    type: kerberos
    spn: HTTP
    realm: EUR.MSD.WORLD.COMPANY
    host: proxy-krb.si.company
    port: 8080
    credential: kerberos
    pac: proxy-krb*
# sample of anonymous (no authentication) proxy. 'ssl' for HTTPS proxy
  net:
    type: anonymous
    host: 127.0.0.1
    port: 3128
    ssl: false
# sample of socks proxy
  nets:
    type: socks
    host: localhost
    port: 1080
  dev:
    type: anonymous
    host: localhost
    port: 3129
  devs:
    type: socks
    host: localhost
    port: 1081
    ssl: false
# sample of basic (base64 encoding) proxy. 'credential' is the user to get login/password on startup
  basic:
    type: basic
    host: proxy-mkt.int.world.company
    port: 8080
    credential: user

# list of credentials
credentials:
# sample of credential. if no 'password', it will be asked on startup. the same for login
# password can be provided as clear text, or encrypted using '-e' option
# 'kerberos' is automatically created as native Windows/Linux/MacOS? kerberos
  user:
    login: a443939
    password: encrypted:SECRET_KEY
  user2:
    login: USER_NAME
    password: encrypted:SECRET_KEY

# list of rules to determine which proxy to use
rules:
# sample: direct connection for this host
  - host: "test-proxy-pac1"
    proxy: direct
    dns: 127.0.0.1
# sample: alter ip and or port resolution for this host. syntax is [IP]:[PORT]. no port means use the same port as source
  - host: "test-proxy-pac2"
    dns: 127.0.0.1:7777
  - host: "test-socks-conf"
    proxy: devs
    dns: 127.0.0.1
# sample: multiple hosts, separated by '|'. add '!' at the beginning to inverse rule. verbosity can also be set at rule level
  - host: 192.168.2.6|project-homo*
    proxy: devs
  - host: "*.safe.company|*.si.company|*.ressources.company|*.world.company"
    proxy: direct
    verbose: true
# sample: regex can be used for host, add 're:' at the beginning. add '!re:' to inverse rule
  - host: "re:^github\.com$|^gitlab.com$"
    proxy: mkt
    verbose: true
# sample: use mitm to have man-in-the-middle hijacked connections, CA is written in kpx.ca.crt 
  - host: "update.microsoft.com"
    proxy: mkt
    verbose: true
    mitm: true
# sample: proxy 'none' goes nowhere, result is always 400 bad request
  - host: "microsoft.com"
    proxy: none
    verbose: true
# sample: use '*' host as a catch all
  - host: "*"
    proxy: pac-mkt
    verbose: true

# list some domain aliases, allowing to use 'EUR' instead of 'EUR.MSD.WORLD.COMPANY'
domains:
  EUR: EUR.MSD.WORLD.COMPANY
  ASI: ASI.MSD.WORLD.COMPANY
  AME: AME.MSD.WORLD.COMPANY
Notes
PAC configuration

Using PAC is a little tricky, these are a few things to know before using it:

  • a PAC file can return multiple proxies
  • among them, some can require authentication and some not
  • to configure authentication, the returned proxy is matched against pac: entries in other proxies configuration
    example: pac: proxy-mkt* will match any PAC returning a PROXY proxy-mkt*
  • once a proxy is identified, it uses the authentication mechanism configured (kerberos, basic, ...)
  • the credentials: specifies a space separated list of all the credentials that can be used by all returned proxies
    this allows to identify used credentials, i.e. credentials that must be initialized (ask for a password or do kerberos authentication)
Kerberos configuration

Using kerberos authentication can be done in two ways:

  • using native OS kerberos where supported (Windows/Linux/MacOS?), by using kerberos as proxy.credential or proxy.credentials (PAC)
  • using login/password by using a credential: with login and password to use
Credentials settings

While scanning rules and proxies, all credential: and credentials: settings also mark the target credentials as being used.
This allows to know which credentials must be initialized on startup, like asking for a missing password.

For credentials used in kerberos proxies, a login will be performed against the associated domain, to ensure password is correct.

To allows cross-domain kerberos authentication, it is possible to add domain information to the login, like this: login: username@DOMAIN.

Documentation

Overview

This is a modification of net.http.internal.chunked to also receive chunks line. The purpose is to have a raw header which understand chunks, but does not convert it. ALl changes are marked with "CHANGED" comment.

Index

Constants

View Source 
const CREDENTIAL_KERBEROS = "kerberos"
View Source 
const CT_PLAIN_UTF8 = "text/plain; charset=UTF-8"
View Source 
const DEFAULT_CLOSE_TIMEOUT = 10

timeout in seconds for closing infinite pipes once one peer has closed it's connection

View Source 
const DEFAULT_CONNECT_TIMEOUT = 10

timeout in seconds for dialing to peer

View Source 
const DEFAULT_IDLE_TIMOUT = 0

timeout in seconds for read/write operations, before automatically closing connections

View Source 
const ENCRYPTED = "encrypted:"

encrypted password

View Source 
const EXPERIMENTAL_CONNETION_POOLS = "connection-pools"
View Source 
const EXPERIMENTAL_HOSTS_CACHE = "hosts-cache"
View Source 
const HEADER_MAX_SIZE = 32 * 1024

max header size, to buffer request headers

View Source 
const POOL_CLOSE_TIMEOUT = 30

timeout in seconds for a connection to stay in pool before closing

View Source 
const POOL_CLOSE_TIMEOUT_ADD = 5

Variables

View Source 
var AppDefaultDomain = ".EXAMPLE.COM"
View Source 
var AppDefaultKrb5 = `` /* 464-byte string literal not displayed */
View Source 
var AppName = "kpx"
View Source 
var AppUpdateUrl = "https://api.github.com/repos/momiji/kpx/releases/latest"
View Source 
var AppUrl = "https://github.com/momiji/kpx"
View Source 
var AppVersion = "dev"

program global settings

View Source 
var ConfProxyContinue = ConfProxy{}
View Source 
var ErrLineTooLong = errors.New("header line too long")
View Source 
var HelpTemplate = `` /* 3964-byte string literal not displayed */
View Source 
var HelpValue = ""
View Source 
var HttpVersions = [...]HttpVersion{Http10, Http11, Http2}
View Source 
var NativeKerberos = &LinuxKerberos{}
View Source 
var UsageTemplate = `` /* 2337-byte string literal not displayed */
View Source 
var UsageValue = ""
View Source 
var VersionTemplate = "{{.AppName}} {{.AppVersion}} - {{.AppUrl}}"
View Source 
var VersionValue = ""

Functions

func ConfigureConn added in v1.5.1 

func ConfigureConn(conn net.Conn)

func Main 

func Main()

func NewBasicCACertConfig 

func NewBasicCACertConfig(cn string, serial int64) *x509.Certificate

func NewBasicHttpsCertConfig 

func NewBasicHttpsCertConfig(cn string, names []string, serial int64) *x509.Certificate

func NewChunkedReader 

func NewChunkedReader(r io.Reader) io.Reader

NewChunkedReader returns a new chunkedReader that translates the data read from r out of HTTP "chunked" format before returning it. The chunkedReader returns io.EOF when the final 0-length chunk is read.

NewChunkedReader is not needed by normal applications. The http package automatically decodes chunking when reading response bodies.

func NewChunkedWriter 

func NewChunkedWriter(w io.Writer) io.WriteCloser

NewChunkedWriter returns a new chunkedWriter that translates writes into HTTP "chunked" format before writing them to w. Closing the returned chunkedWriter sends the final 0-length chunk that marks the end of the stream but does not send the final CRLF that appears after trailers; trailers and the last CRLF must be written separately.

NewChunkedWriter is not needed by normal applications. The http package adds chunking automatically if handlers don't set a Content-Length header. Using newChunkedWriter inside a handler would result in double chunking or chunking with a Content-Length length, both of which are wrong.

Types

type AtomicBool 

type AtomicBool int32

AtomicBool is an atomic Boolean Its methods are all atomic, thus safe to be called by multiple goroutines simultaneously Note: When embedding into a struct, one should always use *AtomicBool to avoid copy

func NewAtomicBool 

func NewAtomicBool(ok bool) *AtomicBool

NewBool creates an AtomicBool with given default value

func (*AtomicBool) IsSet 

func (ab *AtomicBool) IsSet() bool

IsSet returns whether the Boolean is true

func (*AtomicBool) Set 

func (ab *AtomicBool) Set()

Set sets the Boolean to true

func (*AtomicBool) SetTo 

func (ab *AtomicBool) SetTo(yes bool)

SetTo sets the boolean with given Boolean

func (*AtomicBool) SetToIf 

func (ab *AtomicBool) SetToIf(old, new bool) (set bool)

SetToIf sets the Boolean to new only if the Boolean matches the old Returns whether the set was done

func (*AtomicBool) UnSet 

func (ab *AtomicBool) UnSet()

UnSet sets the Boolean to false

type AtomicInt 

type AtomicInt int32

AtomicInt is an atomic Integer Its methods are all atomic, thus safe to be called by multiple goroutines simultaneously Note: When embedding into a struct, one should always use *AtomicInt to avoid copy

func NewAtomicInt 

func NewAtomicInt(val int32) *AtomicInt

NewAtomicInt creates an AtomicInt with given default value

func (*AtomicInt) DecrementAndGet 

func (ab *AtomicInt) DecrementAndGet(delta int32) int32

func (*AtomicInt) Get 

func (ab *AtomicInt) Get() int32

IsSet returns whether the Boolean is true

func (*AtomicInt) IncrementAndGet 

func (ab *AtomicInt) IncrementAndGet(delta int32) int32

func (*AtomicInt) Set 

func (ab *AtomicInt) Set(val int32)

Set sets the Integer to value

type Cert 

type Cert struct {
	Priv *rsa.PrivateKey
	Pub  *x509.Certificate
}

func NewCert 

func NewCert(cert *x509.Certificate, bits int, ca *Cert) (*Cert, error)

func NewCertFromFiles 

func NewCertFromFiles(public, private string) (*Cert, error)

func NewCertFromPEM 

func NewCertFromPEM(public, private string) (*Cert, error)

func NewPbkdfCert 

func NewPbkdfCert(cert *x509.Certificate, bits int, ca *Cert, password []byte, salt []byte, iter int) (*Cert, error)

func (*Cert) SaveToFiles 

func (c *Cert) SaveToFiles(public, private string) error

func (*Cert) ToPEM 

func (c *Cert) ToPEM() (string, string, error)

type CertsManager 

type CertsManager struct {
	// contains filtered or unexported fields
}

func NewCertsManager 

func NewCertsManager(ca *Cert, prefix string, names []string) (*CertsManager, error)

func (*CertsManager) GetCertificate 

func (c *CertsManager) GetCertificate(dns string) (*tls.Certificate, error)

type CloseAwareConn added in v1.5.1 

type CloseAwareConn struct {
	// contains filtered or unexported fields
}

CloseAwareConn is a connection that can detect if underlying connection is closed, but only on first Write() after Reset() has been called. This way, we can choose when the closed connection can be replaced by a new one, ensuring connection closed is only handled when expected.

This allows to detect a restart of a remote proxy, for example.

On linux and Windows (and MacOS?), a double .Write() allows to detect a closed connection, but this trick does not work all the time.

func NewCloseAwareConn added in v1.5.1 

func NewCloseAwareConn(dialer *net.Dialer, network string, proxy string, reqId int32) (*CloseAwareConn, error)

func (*CloseAwareConn) Close added in v1.5.1 

func (cc *CloseAwareConn) Close() error

func (*CloseAwareConn) LocalAddr added in v1.5.1 

func (cc *CloseAwareConn) LocalAddr() net.Addr

func (*CloseAwareConn) ReOpen added in v1.5.1 

func (cc *CloseAwareConn) ReOpen() error

func (*CloseAwareConn) Read added in v1.5.1 

func (cc *CloseAwareConn) Read(b []byte) (n int, err error)

func (*CloseAwareConn) RemoteAddr added in v1.5.1 

func (cc *CloseAwareConn) RemoteAddr() net.Addr

func (*CloseAwareConn) Reset added in v1.5.1 

func (cc *CloseAwareConn) Reset(reqId int32)

func (*CloseAwareConn) SetDeadline added in v1.5.1 

func (cc *CloseAwareConn) SetDeadline(t time.Time) error

func (*CloseAwareConn) SetReadDeadline added in v1.5.1 

func (cc *CloseAwareConn) SetReadDeadline(t time.Time) error

func (*CloseAwareConn) SetWriteDeadline added in v1.5.1 

func (cc *CloseAwareConn) SetWriteDeadline(t time.Time) error

func (*CloseAwareConn) Write added in v1.5.1 

func (cc *CloseAwareConn) Write(b []byte) (n int, err error)

type Conf 

type Conf struct {
	Bind        string
	Port        int
	Verbose     bool
	Debug       bool
	Trace       bool
	Proxies     map[string]*ConfProxy
	Credentials map[string]*ConfCred
	Domains     map[string]*string
	Rules       []*ConfRule

	Krb5           string
	ConnectTimeout int `yaml:"connectTimeout"`
	IdleTimeout    int `yaml:"idleTimeout"`
	CloseTimeout   int `yaml:"closeTimeout"`
	Check          *bool
	Update         bool
	Restart        bool
	Experimental   string // space/comma separated list of features
	// contains filtered or unexported fields
}

type ConfCred 

type ConfCred struct {
	Login    *string
	Password *string
	// contains filtered or unexported fields
}

type ConfProxy 

type ConfProxy struct {
	Type *ProxyType

	Host        *string
	Port        int
	Verbose     *bool
	Ssl         bool
	Spn         *string
	Realm       *string
	Credential  *string
	Credentials *string

	Pac *string

	Url *string
	// contains filtered or unexported fields
}

type ConfRegex 

type ConfRegex struct {
	// contains filtered or unexported fields
}

type ConfRule 

type ConfRule struct {
	Host    *string
	Proxy   *string //
	Dns     *string
	Verbose *bool
	Mitm    bool
	// contains filtered or unexported fields
}

type Config 

type Config struct {
	// contains filtered or unexported fields
}

func NewConfig 

func NewConfig(name string) (*Config, error)

type FlushAfterChunkWriter 

type FlushAfterChunkWriter struct {
	*bufio.Writer
}

FlushAfterChunkWriter signals from the caller of NewChunkedWriter that each chunk should be followed by a flush. It is used by the http.Transport code to keep the buffering behavior for headers and trailers, but flush out chunks aggressively in the middle for request bodies which may be generated slowly. See Issue 6574.

type HostCache added in v1.6.0 

type HostCache struct {
	// contains filtered or unexported fields
}

type HttpVersion 

type HttpVersion string
const (
	Http10 HttpVersion = "1.0"
	Http11 HttpVersion = "1.1"
	Http2  HttpVersion = "2"
)

func GetHttpVersion 

func GetHttpVersion(version string) HttpVersion

func (HttpVersion) Order 

func (hv HttpVersion) Order() int

func (HttpVersion) Version 

func (hv HttpVersion) Version() string

type Kerberos 

type Kerberos struct {
	// contains filtered or unexported fields
}

func NewKerberos 

func NewKerberos(config *Config) *Kerberos

func (*Kerberos) NewWithPassword 

func (k *Kerberos) NewWithPassword(username, realm, password string) *client.Client

type KerberosClient 

type KerberosClient struct {
	// contains filtered or unexported fields
}

func NewKerberosClient 

func NewKerberosClient(krbClient *client.Client) *KerberosClient

type KerberosStore 

type KerberosStore struct {
	// contains filtered or unexported fields
}

func NewKerberosStore 

func NewKerberosStore(config *Config) (*KerberosStore, error)

type LinuxKerberos added in v1.7.0 

type LinuxKerberos struct {
	// contains filtered or unexported fields
}

func (*LinuxKerberos) SafeGetToken added in v1.7.0 

func (k *LinuxKerberos) SafeGetToken(protocol string, host string) (*string, error)

func (*LinuxKerberos) SafeTryLogin added in v1.7.0 

func (k *LinuxKerberos) SafeTryLogin() error

type ManualResetEvent 

type ManualResetEvent struct {
	// contains filtered or unexported fields
}

ManualResetEvent notifies one or more waiting goroutines that an event has occurred.

Once it has been signaled, ManualResetEvent remains signaled until it is manually reset. When signaled, all waiting goroutines are released, and all calls to Wait return immediately.

func NewManualResetEvent 

func NewManualResetEvent(s bool) *ManualResetEvent

NewManualResetEvent returns a new ManualResetEvent with initial state s

func (*ManualResetEvent) Channel 

func (e *ManualResetEvent) Channel() chan struct{}

func (*ManualResetEvent) IsSignaled 

func (e *ManualResetEvent) IsSignaled() bool

func (*ManualResetEvent) Reset 

func (e *ManualResetEvent) Reset()

Reset sets the state of e to nonsignaled.

func (*ManualResetEvent) Signal 

func (e *ManualResetEvent) Signal()

Signal sets the state of e to signaled, waking one or more waiting goroutines.

func (*ManualResetEvent) Wait 

func (e *ManualResetEvent) Wait()

Wait suspends execution of the calling goroutine until e receives a signal.

func (*ManualResetEvent) WaitContext 

func (e *ManualResetEvent) WaitContext(ctx context.Context) error

WaitContext suspends execution of the calling goroutine until e receives a signal, or until the context is cancelled. The returned error is nil if e received a signal, or ctx.Err()

type Options 

type Options struct {
	ShowHelp    bool
	ShowVersion bool
	User        string
	Timeout     int
	Encrypt     bool
	Config      string
	Listen      string
	Proxy       string
	Debug       bool
	Trace       bool
	Verbose     bool
	// contains filtered or unexported fields
}

type PacExecutor 

type PacExecutor struct {
	// contains filtered or unexported fields
}

func NewPac 

func NewPac(pacJs string) (*PacExecutor, error)

func (*PacExecutor) Run 

func (p *PacExecutor) Run(url, host string) (string, error)

type PacResult 

type PacResult struct {
	// contains filtered or unexported fields
}

type PooledConnection 

type PooledConnection struct {
	// contains filtered or unexported fields
}

type PooledConnectionInfo 

type PooledConnectionInfo struct {
	// contains filtered or unexported fields
}

type Process 

type Process struct {
	// contains filtered or unexported fields
}

func NewProcess 

func NewProcess(proxy *Proxy, conn net.Conn) *Process

type Proxy 

type Proxy struct {
	// contains filtered or unexported fields
}

type ProxyRequest 

type ProxyRequest struct {
	// contains filtered or unexported fields
}

func (*ProxyRequest) ReadFull 

func (r *ProxyRequest) ReadFull(buffer []byte) (int, error)

type ProxyType 

type ProxyType string
const (
	ProxyKerberos  ProxyType = "kerberos"
	ProxySocks     ProxyType = "socks"
	ProxyAnonymous ProxyType = "anonymous"
	ProxyDirect    ProxyType = "direct"
	ProxyBasic     ProxyType = "basic"
	ProxyNone      ProxyType = "none"
	ProxyPac       ProxyType = "pac"
)

func (ProxyType) Name 

func (pt ProxyType) Name() string

func (ProxyType) Value 

func (pt ProxyType) Value() int

type RandomReader 

type RandomReader struct {
	// contains filtered or unexported fields
}

func (RandomReader) Read 

func (r RandomReader) Read(p []byte) (n int, err error)

type RequestHeader 

type RequestHeader struct {
	// contains filtered or unexported fields
}

type TimedConn 

type TimedConn struct {
	// contains filtered or unexported fields
}

TimedConn is a wrapper around net.Conn which provides automatic read/write timeouts: - if timeout > 0, set an absolute timeout on first read - if timeout = 0, do not set timeout - if timeout < 0, set a sliding timeout, which automatically increases each min( 30s , timeout/2 ).

func NewTimedConn 

func NewTimedConn(conn net.Conn, ti *traceInfo) *TimedConn

func (*TimedConn) Close 

func (tc *TimedConn) Close() error

func (*TimedConn) LocalAddr 

func (tc *TimedConn) LocalAddr() net.Addr

func (*TimedConn) Read 

func (tc *TimedConn) Read(b []byte) (n int, err error)

func (*TimedConn) RemoteAddr 

func (tc *TimedConn) RemoteAddr() net.Addr

func (*TimedConn) SetDeadline 

func (tc *TimedConn) SetDeadline(_ time.Time) error

func (*TimedConn) SetReadDeadline 

func (tc *TimedConn) SetReadDeadline(_ time.Time) error

func (*TimedConn) SetWriteDeadline 

func (tc *TimedConn) SetWriteDeadline(_ time.Time) error

func (*TimedConn) Write 

func (tc *TimedConn) Write(b []byte) (n int, err error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.