ei
/
mtg
mirror of https://github.com/9seconds/mtg
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 48 Wiki Activity
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1114 Commits
11 Branches
Tree: ec5e97cf78
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ec5e97cf78'
${ noResults }
mtg/internal/cli/sni_check.go

sni_check.go 2.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. package cli

  2. 

  3. import (

  4. 	"context"

  5. 	"net"

  6. 	"sync"

  7. 

  8. 	"github.com/9seconds/mtg/v2/internal/config"

  9. 	"github.com/9seconds/mtg/v2/mtglib"

  10. )

  11. 

  12. // sniCheckResult captures the outcome of comparing the secret hostname's DNS

  13. // records with this server's public IP addresses.

  14. //

  15. // IPv4Match/IPv6Match are true when either a matching record was found, or

  16. // when the corresponding public IP could not be detected — in which case

  17. // there is nothing to compare against.

  18. type sniCheckResult struct {

  19. 	Host       string

  20. 	Resolved   []net.IP

  21. 	OurIPv4    net.IP

  22. 	OurIPv6    net.IP

  23. 	IPv4Match  bool

  24. 	IPv6Match  bool

  25. 	ResolveErr error

  26. }

  27. 

  28. // Known reports whether at least one public IP family was detected.

  29. func (r sniCheckResult) Known() bool {

  30. 	return r.OurIPv4 != nil || r.OurIPv6 != nil

  31. }

  32. 

  33. // OK reports whether the check produced a clean result: the hostname was

  34. // resolved, at least one public IP family is known, and every known family

  35. // matches a resolved record.

  36. func (r sniCheckResult) OK() bool {

  37. 	if r.Host == "" {

  38. 		return true

  39. 	}

  40. 

  41. 	if r.ResolveErr != nil || !r.Known() {

  42. 		return false

  43. 	}

  44. 

  45. 	return r.IPv4Match && r.IPv6Match

  46. }

  47. 

  48. // runSNICheck resolves conf.Secret.Host and compares the result with the

  49. // server's public IPv4 and IPv6. Public IPs come from config first and fall

  50. // back to on-the-fly detection via ntw. IP detection for the two families

  51. // runs concurrently.

  52. func runSNICheck(ctx context.Context,

  53. 	resolver *net.Resolver,

  54. 	conf *config.Config,

  55. 	ntw mtglib.Network,

  56. ) sniCheckResult {

  57. 	res := sniCheckResult{Host: conf.Secret.Host}

  58. 

  59. 	if res.Host == "" {

  60. 		res.IPv4Match = true

  61. 		res.IPv6Match = true

  62. 

  63. 		return res

  64. 	}

  65. 

  66. 	addrs, err := resolver.LookupIPAddr(ctx, res.Host)

  67. 	if err != nil {

  68. 		res.ResolveErr = err

  69. 

  70. 		return res

  71. 	}

  72. 

  73. 	res.Resolved = make([]net.IP, 0, len(addrs))

  74. 	for _, a := range addrs {

  75. 		res.Resolved = append(res.Resolved, a.IP)

  76. 	}

  77. 

  78. 	wg := sync.WaitGroup{}

  79. 

  80. 	wg.Go(func() {

  81. 		res.OurIPv4 = conf.PublicIPv4.Get(nil)

  82. 		if res.OurIPv4 == nil {

  83. 			res.OurIPv4 = getIP(ntw, "tcp4")

  84. 		}

  85. 	})

  86. 

  87. 	wg.Go(func() {

  88. 		res.OurIPv6 = conf.PublicIPv6.Get(nil)

  89. 		if res.OurIPv6 == nil {

  90. 			res.OurIPv6 = getIP(ntw, "tcp6")

  91. 		}

  92. 	})

  93. 

  94. 	wg.Wait()

  95. 

  96. 	res.IPv4Match = res.OurIPv4 == nil

  97. 	res.IPv6Match = res.OurIPv6 == nil

  98. 

  99. 	for _, ip := range res.Resolved {

  100. 		if res.OurIPv4 != nil && ip.String() == res.OurIPv4.String() {

  101. 			res.IPv4Match = true

  102. 		}

  103. 

  104. 		if res.OurIPv6 != nil && ip.String() == res.OurIPv6.String() {

  105. 			res.IPv6Match = true

  106. 		}

  107. 	}

  108. 

  109. 	return res

  110. }