Documentation ¶
Index ¶
- Constants
- Variables
- func BindSockets(con1, con2 *QSocket) error
- func CalcChecksum(data []byte, base byte) byte
- func CreateSocketChan(sock *QSocket) chan []byte
- func GetArchTag() byte
- func GetOsTag() byte
- type KnockResponse
- type QSocket
- func (qs *QSocket) AddIdTag(idTag byte) error
- func (qs *QSocket) Close()
- func (qs *QSocket) Dial() error
- func (qs *QSocket) DialProxy(proxyAddr string, useTls bool) error
- func (qs *QSocket) DialTCP() error
- func (qs *QSocket) GetForwardAddr() string
- func (qs *QSocket) InitClientSRP() ([]byte, error)
- func (qs *QSocket) InitE2ECipher(key []byte) error
- func (qs *QSocket) InitServerSRP() ([]byte, error)
- func (qs *QSocket) IsClient() bool
- func (qs *QSocket) IsClosed() bool
- func (qs *QSocket) IsE2E() bool
- func (qs *QSocket) IsServer() bool
- func (qs *QSocket) IsTLS() bool
- func (qs *QSocket) LocalAddr() net.Addr
- func (qs *QSocket) NewKnockSequence() ([]byte, error)
- func (qs *QSocket) Read(b []byte) (int, error)
- func (qs *QSocket) RemoteAddr() net.Addr
- func (qs *QSocket) SendKnockSequence() (*KnockResponse, error)
- func (qs *QSocket) SetCertFingerprint(h string) error
- func (qs *QSocket) SetE2E(v bool) error
- func (qs *QSocket) SetForwardAddr(addr string)
- func (qs *QSocket) SetReadDeadline(t time.Time) error
- func (qs *QSocket) SetWriteDeadline(t time.Time) error
- func (qs *QSocket) Write(b []byte) (int, error)
Constants ¶
const ( // QSRN_GATE is the static gate address for the QSocket network. QSRN_GATE = "gate.qsocket.io" // QSRN_TOR_GATE is the static ONION address for the QSocket network. QSRN_TOR_GATE = "5cah65fto4tjklhocryenlgti6bfnh4y5szjfvxeqqh3vvw2ff4uq2id.onion" // QSRN_GATE_TLS_PORT Default TLS port for the QSocket gate. QSRN_GATE_TLS_PORT = 443 // QSRN_GATE_PORT Default TCP port for the QSocket gate. QSRN_GATE_PORT = 80 // KNOCK_CHECKSUM_BASE is the constant base value for calculating knock packet checksums. KNOCK_CHECKSUM_BASE = 0xEE CRLF = "\r\n" )
Some global constants for These values can be changed for obfuscating the knock protocol
const ( // ================ KNOCK RESPONSE CODES ================ // KNOCK_SUCCESS is the knock sequence response code indicating successful connection. KNOCK_SUCCESS = iota // Protocol switch // KNOCK_FAIL is the knock sequence response code indicating no peer is listening with the given secret. KNOCK_FAIL // KNOCK_COLLISION is the knock sequence response code indicating another server is already listening with the given secret. KNOCK_COLLISION )
const ( // Tag ID for representing server mode connections. TAG_PEER_SRV = iota // 00000000 => Server // Tag ID for representing client mode connections. TAG_PEER_CLI // TAG_PEER_PROXY Tag ID for representing proxy mode connections. TAG_PEER_PROXY SRP_BITS = 4096 )
const ( TAG_OS_UNKNOWN = iota TAG_OS_LINUX TAG_OS_DARWIN TAG_OS_WINDOWS TAG_OS_ANDROID TAG_OS_IOS TAG_OS_FREEBSD TAG_OS_OPENBSD TAG_OS_NETBSD TAG_OS_JS TAG_OS_SOLARIS TAG_OS_DRAGONFLY TAG_OS_ILLUMOS TAG_OS_AIX TAG_OS_ZOS TAG_OS_NACL TAG_OS_PLAN9 TAG_OS_HURD )
const ( TAG_ARCH_UNKNOWN = iota TAG_ARCH_386 TAG_ARCH_AMD64 TAG_ARCH_ARM64P32 TAG_ARCH_ARM TAG_ARCH_ARM64 TAG_ARCH_ARM64BE TAG_ARCH_ARMBE TAG_ARCH_LOONG64 TAG_ARCH_MIPS TAG_ARCH_MIPS64 TAG_ARCH_MIPS64LE TAG_ARCH_MIPS64P32 TAG_ARCH_MIPS64P32LE TAG_ARCH_MIPSLE TAG_ARCH_PPC TAG_ARCH_PPC64 TAG_ARCH_PPC64LE TAG_ARCH_RISCV TAG_ARCH_RISCV64 TAG_ARCH_S390 TAG_ARCH_S390X TAG_ARCH_SPARC TAG_ARCH_SPARC64 TAG_ARCH_WASM )
Variables ¶
var ( ErrFailedReadingKnockResponse = errors.New("failed reading knock response") ErrInvalidKnockResponse = errors.New("invalid knock response") ErrKnockSendFailed = errors.New("knock sequence send failed") ErrConnRefused = errors.New("connection refused (no server listening with given secret)") HttpResponseRgx = regexp.MustCompile(`^HTTP/([0-9]|[0-9]\.[0-9]) ([0-9]{1,3}) [a-z A-Z]+`) WebsocketAcceptRgx = regexp.MustCompile(`Sec-WebSocket-Accept: ([A-Za-z0-9+/]+={0,2})`) )
var ( ErrUntrustedCert = errors.New("certificate fingerprint mismatch") ErrUninitializedSocket = errors.New("socket not initiated") ErrQSocketSessionEnd = errors.New("QSocket session has ended") ErrUnexpectedSocket = errors.New("unexpected socket type") ErrInvalidIdTag = errors.New("invalid peer ID tag") ErrNoTlsConnection = errors.New("TLS socket is nil") ErrSocketNotConnected = errors.New("socket is not connected") ErrSrpFailed = errors.New("SRP auth failed") ErrSocketInUse = errors.New("socket already dialed") ErrAddressInUse = errors.New("address already in use (server secret collision)") ErrInvalidCertFingerprint = errors.New("invalid TLS certificate fingerprint (expected MD5)") )
Functions ¶
func BindSockets ¶
BindSockets is used for creating a full duplex channel between `con1` and `con2` sockets, effectively binding two sockets.
func CalcChecksum ¶
CalcChecksum calculates the modulus based checksum of the given data, modulus base is given in the base variable.
func CreateSocketChan ¶
chanFromConn creates a channel from a Conn object, and sends everything it
Read()s from the socket to the channel.
func GetArchTag ¶
func GetArchTag() byte
Types ¶
type KnockResponse ¶
func ParseKnockResponse ¶
func ParseKnockResponse(buf []byte) (*KnockResponse, error)
type QSocket ¶
type QSocket struct {
// contains filtered or unexported fields
}
A QSocket structure contains required values for performing a knock sequence with the QSRN gate.
`Secret` value can be considered as the password for the QSocket connection, It will be used for generating a 128bit unique identifier (UID) for the connection.
`*tag` values are used internally for QoS purposes. It specifies the operating system, architecture and the type of connection initiated by the peers, the relay server uses these values for optimizing the connection performance.
func NewSocket ¶
NewSocket creates a new QSocket structure with the given secret. `certVerify` value is used for enabling the certificate validation on TLS connections
func (*QSocket) Close ¶
func (qs *QSocket) Close()
Close closes the QSocket connection and underlying TCP/TLS connections.
func (*QSocket) Dial ¶
Dial creates a TLS connection to the `QSRN_GATE` on `QSRN_GATE_TLS_PORT`. Based on the `VerifyCert` parameter, certificate fingerprint validation (a.k.a. SSL pinning) will be performed after establishing the TLS connection.
func (*QSocket) DialProxy ¶
DialProxy tries to create TCP/TLS connection to the `QSRN_GATE` using a SOCKS5 proxy. `proxyAddr` should contain a valid SOCKS5 proxy whitout the socks5:// schema. `useTls` used for enabling/disabling TLS connection.
func (*QSocket) GetForwardAddr ¶
func (*QSocket) InitClientSRP ¶
InitClientSRP performs the client SRP sequence for establishing PAKE.
func (*QSocket) InitE2ECipher ¶
InitE2ECipher initiates the end-to-end encrypted stream with the given key.
func (*QSocket) InitServerSRP ¶
InitServerSRP performs the server SRP sequence for establishing PAKE.
func (*QSocket) IsClient ¶
IsClient checks if the QSocket connection is initiated as a client or a server.
func (*QSocket) IsServer ¶
IsClient checks if the QSocket connection is initiated as a client or a server.
func (*QSocket) NewKnockSequence ¶
NewKnockSequence generates a new knock packet with given UUID and tag values.
func (*QSocket) Read ¶
Read reads data from the connection.
As Read calls Handshake, in order to prevent indefinite blocking a deadline must be set for both Read and Write before Read is called when the handshake has not yet completed. See SetDeadline, SetReadDeadline, and SetWriteDeadline.
func (*QSocket) RemoteAddr ¶
RemoteAddr returns the remote network address.
func (*QSocket) SendKnockSequence ¶
func (qs *QSocket) SendKnockSequence() (*KnockResponse, error)
SendKnockSequence sends a knock sequence to the QSRN gate with the socket properties.
func (*QSocket) SetCertFingerprint ¶
AddIdTag adds a peer identification tag to the QSocket.
func (*QSocket) SetForwardAddr ¶
func (*QSocket) SetReadDeadline ¶
SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.
func (*QSocket) SetWriteDeadline ¶
SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error. Even if write times out, it may return n > 0, indicating that some of the data was successfully written. A zero value for t means Write will not time out.