ei
/
mtg
peilaus alkaen https://github.com/9seconds/mtg
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Julkaisut 48 Wiki Activity
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
565 Commitit
4 Branchit
Puu: f0efa4697e
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'f0efa4697e'
${ noResults }
mtg/mtglib/proxy.go

proxy.go 6.4KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272 
  1. package mtglib

  2. 

  3. import (

  4. 	"context"

  5. 	"errors"

  6. 	"fmt"

  7. 	"net"

  8. 	"sync"

  9. 	"time"

  10. 

  11. 	"github.com/9seconds/mtg/v2/mtglib/internal/faketls"

  12. 	"github.com/9seconds/mtg/v2/mtglib/internal/faketls/record"

  13. 	"github.com/9seconds/mtg/v2/mtglib/internal/obfuscated2"

  14. 	"github.com/9seconds/mtg/v2/mtglib/internal/relay"

  15. 	"github.com/9seconds/mtg/v2/mtglib/internal/telegram"

  16. 	"github.com/panjf2000/ants/v2"

  17. )

  18. 

  19. type Proxy struct {

  20. 	ctx             context.Context

  21. 	ctxCancel       context.CancelFunc

  22. 	streamWaitGroup sync.WaitGroup

  23. 

  24. 	idleTimeout time.Duration

  25. 	bufferSize  int

  26. 	workerPool  *ants.PoolWithFunc

  27. 	telegram    *telegram.Telegram

  28. 

  29. 	secret             Secret

  30. 	antiReplayCache    AntiReplayCache

  31. 	timeAttackDetector TimeAttackDetector

  32. 	ipBlocklist        IPBlocklist

  33. 	eventStream        EventStream

  34. 	logger             Logger

  35. }

  36. 

  37. func (p *Proxy) ServeConn(conn net.Conn) {

  38. 	ctx := newStreamContext(p.ctx, p.logger, conn)

  39. 	defer ctx.Close()

  40. 

  41. 	go func() {

  42. 		<-ctx.Done()

  43. 		ctx.Close()

  44. 	}()

  45. 

  46. 	p.eventStream.Send(ctx, EventStart{

  47. 		CreatedAt: time.Now(),

  48. 		ConnID:    ctx.connID,

  49. 		RemoteIP:  ctx.ClientIP(),

  50. 	})

  51. 	ctx.logger.Info("Stream has been started")

  52. 

  53. 	defer func() {

  54. 		p.eventStream.Send(ctx, EventFinish{

  55. 			CreatedAt: time.Now(),

  56. 			ConnID:    ctx.connID,

  57. 		})

  58. 		ctx.logger.Info("Stream has been finished")

  59. 	}()

  60. 

  61. 	if err := p.doFakeTLSHandshake(ctx); err != nil {

  62. 		p.logger.InfoError("faketls handshake is failed", err)

  63. 

  64. 		return

  65. 	}

  66. 

  67. 	if err := p.doObfuscated2Handshake(ctx); err != nil {

  68. 		p.logger.InfoError("obfuscated2 handshake is failed", err)

  69. 

  70. 		return

  71. 	}

  72. 

  73. 	if err := p.doTelegramCall(ctx); err != nil {

  74. 		p.logger.WarningError("cannot dial to telegram", err)

  75. 

  76. 		return

  77. 	}

  78. 

  79. 	rel := relay.AcquireRelay(ctx, p.logger.Named("relay"), p.bufferSize, p.idleTimeout)

  80. 	defer relay.ReleaseRelay(rel)

  81. 

  82. 	if err := rel.Process(ctx.clientConn, ctx.telegramConn); err != nil {

  83. 		p.logger.DebugError("relay has been finished", err)

  84. 	}

  85. }

  86. 

  87. func (p *Proxy) Serve(listener net.Listener) error {

  88. 	for {

  89. 		conn, err := listener.Accept()

  90. 		if err != nil {

  91. 			return fmt.Errorf("cannot accept a new connection: %w", err)

  92. 		}

  93. 

  94. 		if addr := conn.RemoteAddr().(*net.TCPAddr).IP; p.ipBlocklist.Contains(addr) {

  95. 			conn.Close()

  96. 			p.eventStream.Send(p.ctx, EventIPBlocklisted{

  97. 				CreatedAt: time.Now(),

  98. 				RemoteIP:  addr,

  99. 			})

  100. 

  101. 			continue

  102. 		}

  103. 

  104. 		err = p.workerPool.Invoke(conn)

  105. 

  106. 		switch {

  107. 		case err == nil:

  108. 		case errors.Is(err, ants.ErrPoolClosed):

  109. 			return nil

  110. 		case errors.Is(err, ants.ErrPoolOverload):

  111. 			p.eventStream.Send(p.ctx, EventConcurrencyLimited{

  112. 				CreatedAt: time.Now(),

  113. 			})

  114. 		}

  115. 	}

  116. }

  117. 

  118. func (p *Proxy) Shutdown() {

  119. 	p.ctxCancel()

  120. 	p.streamWaitGroup.Wait()

  121. 	p.workerPool.Release()

  122. }

  123. 

  124. func (p *Proxy) doFakeTLSHandshake(ctx *streamContext) error {

  125. 	rec := record.AcquireRecord()

  126. 	defer record.ReleaseRecord(rec)

  127. 

  128. 	if err := rec.Read(ctx.clientConn); err != nil {

  129. 		return fmt.Errorf("cannot read client hello: %w", err)

  130. 	}

  131. 

  132. 	hello, err := faketls.ParseClientHello(p.secret.Key[:], rec.Payload.Bytes())

  133. 	if err != nil {

  134. 		return fmt.Errorf("cannot parse client hello: %w", err)

  135. 	}

  136. 

  137. 	if err := p.timeAttackDetector.Valid(hello.Time); err != nil {

  138. 		return fmt.Errorf("invalid time: %w", err)

  139. 	}

  140. 

  141. 	if p.antiReplayCache.SeenBefore(hello.SessionID) {

  142. 		p.logger.Warning("anti replay attack was detected")

  143. 

  144. 		return fmt.Errorf("anti replay attack from %s", ctx.ClientIP().String())

  145. 	}

  146. 

  147. 	if err := faketls.SendWelcomePacket(ctx.clientConn, p.secret.Key[:], hello); err != nil {

  148. 		return fmt.Errorf("cannot send a welcome packet: %w", err)

  149. 	}

  150. 

  151. 	ctx.clientConn = &faketls.Conn{

  152. 		Conn: ctx.clientConn,

  153. 	}

  154. 

  155. 	return nil

  156. }

  157. 

  158. func (p *Proxy) doObfuscated2Handshake(ctx *streamContext) error {

  159. 	dc, encryptor, decryptor, err := obfuscated2.ClientHandshake(p.secret.Key[:], ctx.clientConn)

  160. 	if err != nil {

  161. 		return fmt.Errorf("cannot process client handshake: %w", err)

  162. 	}

  163. 

  164. 	ctx.dc = dc

  165. 	ctx.logger = ctx.logger.BindInt("dc", dc)

  166. 	ctx.clientConn = &obfuscated2.Conn{

  167. 		Conn:      ctx.clientConn,

  168. 		Encryptor: encryptor,

  169. 		Decryptor: decryptor,

  170. 	}

  171. 

  172. 	return nil

  173. }

  174. 

  175. func (p *Proxy) doTelegramCall(ctx *streamContext) error {

  176. 	conn, err := p.telegram.Dial(ctx, ctx.dc)

  177. 	if err != nil {

  178. 		return fmt.Errorf("cannot dial to Telegram: %w", err)

  179. 	}

  180. 

  181. 	encryptor, decryptor, err := obfuscated2.ServerHandshake(conn)

  182. 	if err != nil {

  183. 		conn.Close()

  184. 

  185. 		return fmt.Errorf("cannot perform obfuscated2 handshake: %w", err)

  186. 	}

  187. 

  188. 	ctx.telegramConn = &obfuscated2.Conn{

  189. 		Conn: connTelegramTraffic{

  190. 			Conn:   conn,

  191. 			connID: ctx.connID,

  192. 			stream: p.eventStream,

  193. 			ctx:    ctx,

  194. 		},

  195. 		Encryptor: encryptor,

  196. 		Decryptor: decryptor,

  197. 	}

  198. 

  199. 	p.eventStream.Send(ctx, EventConnectedToDC{

  200. 		CreatedAt: time.Now(),

  201. 		ConnID:    ctx.connID,

  202. 		RemoteIP:  conn.RemoteAddr().(*net.TCPAddr).IP,

  203. 		DC:        ctx.dc,

  204. 	})

  205. 

  206. 	return nil

  207. }

  208. 

  209. func NewProxy(opts ProxyOpts) (*Proxy, error) { // nolint: cyclop, funlen

  210. 	switch {

  211. 	case opts.Network == nil:

  212. 		return nil, ErrNetworkIsNotDefined

  213. 	case opts.AntiReplayCache == nil:

  214. 		return nil, ErrAntiReplayCacheIsNotDefined

  215. 	case opts.IPBlocklist == nil:

  216. 		return nil, ErrIPBlocklistIsNotDefined

  217. 	case opts.EventStream == nil:

  218. 		return nil, ErrEventStreamIsNotDefined

  219. 	case opts.TimeAttackDetector == nil:

  220. 		return nil, ErrTimeAttackDetectorIsNotDefined

  221. 	case opts.Logger == nil:

  222. 		return nil, ErrLoggerIsNotDefined

  223. 	case !opts.Secret.Valid():

  224. 		return nil, ErrSecretInvalid

  225. 	}

  226. 

  227. 	tg, err := telegram.New(opts.Network, opts.PreferIP)

  228. 	if err != nil {

  229. 		return nil, fmt.Errorf("cannot build telegram dialer: %w", err)

  230. 	}

  231. 

  232. 	concurrency := opts.Concurrency

  233. 	if concurrency == 0 {

  234. 		concurrency = DefaultConcurrency

  235. 	}

  236. 

  237. 	idleTimeout := opts.IdleTimeout

  238. 	if idleTimeout < 1 {

  239. 		idleTimeout = DefaultIdleTimeout

  240. 	}

  241. 

  242. 	bufferSize := opts.BufferSize

  243. 	if bufferSize < 1 {

  244. 		bufferSize = DefaultBufferSize

  245. 	}

  246. 

  247. 	ctx, cancel := context.WithCancel(context.Background())

  248. 	proxy := &Proxy{

  249. 		ctx:                ctx,

  250. 		ctxCancel:          cancel,

  251. 		secret:             opts.Secret,

  252. 		antiReplayCache:    opts.AntiReplayCache,

  253. 		timeAttackDetector: opts.TimeAttackDetector,

  254. 		ipBlocklist:        opts.IPBlocklist,

  255. 		eventStream:        opts.EventStream,

  256. 		logger:             opts.Logger.Named("proxy"),

  257. 		idleTimeout:        idleTimeout,

  258. 		bufferSize:         int(bufferSize),

  259. 		telegram:           tg,

  260. 	}

  261. 

  262. 	pool, err := ants.NewPoolWithFunc(int(concurrency), func(arg interface{}) {

  263. 		proxy.ServeConn(arg.(net.Conn))

  264. 	}, ants.WithLogger(opts.Logger.Named("ants")))

  265. 	if err != nil {

  266. 		return nil, fmt.Errorf("cannot initialize a pool: %w", err)

  267. 	}

  268. 

  269. 	proxy.workerPool = pool

  270. 

  271. 	return proxy, nil

  272. }