Răsfoiți Sursa

add option to skip hello verify

Vladislav Yarmak 2 ani în urmă
părinte
comite
3f6e706109
3 a modificat fișierele cu 29 adăugiri și 25 ștergeri
  1. 16 14
      cmd/dtlspipe/main.go
  2. 8 7
      server/config.go
  3. 5 4
      server/server.go

+ 16 - 14
cmd/dtlspipe/main.go

@@ -26,13 +26,14 @@ const (
 var (
 	version = "undefined"
 
-	timeout    = flag.Duration("timeout", 10*time.Second, "network operation timeout")
-	idleTime   = flag.Duration("idle-time", 90*time.Second, "max idle time for UDP session")
-	pskHexOpt  = flag.String("psk", "", "hex-encoded pre-shared key. Can be generated with genpsk subcommand")
-	keyLength  = flag.Uint("key-length", 16, "generate key with specified length")
-	identity   = flag.String("identity", "", "client identity sent to server")
-	mtu        = flag.Int("mtu", 1400, "MTU used for DTLS fragments")
-	cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file")
+	timeout         = flag.Duration("timeout", 10*time.Second, "network operation timeout")
+	idleTime        = flag.Duration("idle-time", 90*time.Second, "max idle time for UDP session")
+	pskHexOpt       = flag.String("psk", "", "hex-encoded pre-shared key. Can be generated with genpsk subcommand")
+	keyLength       = flag.Uint("key-length", 16, "generate key with specified length")
+	identity        = flag.String("identity", "", "client identity sent to server")
+	mtu             = flag.Int("mtu", 1400, "MTU used for DTLS fragments")
+	cpuprofile      = flag.String("cpuprofile", "", "write cpu profile to file")
+	skipHelloVerify = flag.Bool("skip-hello-verify", false, "(server only) skip hello verify request. Useful to workaround DPI")
 )
 
 func usage() {
@@ -115,13 +116,14 @@ func cmdServer(bindAddress, remoteAddress string) int {
 	defer cancel()
 
 	cfg := server.Config{
-		BindAddress:   bindAddress,
-		RemoteAddress: remoteAddress,
-		PSKCallback:   keystore.NewStaticKeystore(psk).PSKCallback,
-		Timeout:       *timeout,
-		IdleTimeout:   *idleTime,
-		BaseContext:   appCtx,
-		MTU:           *mtu,
+		BindAddress:     bindAddress,
+		RemoteAddress:   remoteAddress,
+		PSKCallback:     keystore.NewStaticKeystore(psk).PSKCallback,
+		Timeout:         *timeout,
+		IdleTimeout:     *idleTime,
+		BaseContext:     appCtx,
+		MTU:             *mtu,
+		SkipHelloVerify: *skipHelloVerify,
 	}
 
 	srv, err := server.New(&cfg)

+ 8 - 7
server/config.go

@@ -6,13 +6,14 @@ import (
 )
 
 type Config struct {
-	BindAddress   string
-	RemoteAddress string
-	Timeout       time.Duration
-	IdleTimeout   time.Duration
-	BaseContext   context.Context
-	PSKCallback   func([]byte) ([]byte, error)
-	MTU           int
+	BindAddress     string
+	RemoteAddress   string
+	Timeout         time.Duration
+	IdleTimeout     time.Duration
+	BaseContext     context.Context
+	PSKCallback     func([]byte) ([]byte, error)
+	MTU             int
+	SkipHelloVerify bool
 }
 
 func (cfg *Config) populateDefaults() *Config {

+ 5 - 4
server/server.go

@@ -59,10 +59,11 @@ func New(cfg *Config) (*Server, error) {
 			dtls.TLS_PSK_WITH_AES_128_GCM_SHA256,
 			dtls.TLS_PSK_WITH_AES_128_CBC_SHA256,
 		},
-		ExtendedMasterSecret: dtls.RequireExtendedMasterSecret,
-		ConnectContextMaker:  srv.contextMaker,
-		PSK:                  srv.psk,
-		MTU:                  cfg.MTU,
+		ExtendedMasterSecret:    dtls.RequireExtendedMasterSecret,
+		ConnectContextMaker:     srv.contextMaker,
+		PSK:                     srv.psk,
+		MTU:                     cfg.MTU,
+		InsecureSkipVerifyHello: cfg.SkipHelloVerify,
 	}
 	lc := udp.ListenConfig{
 		AcceptFilter: func(packet []byte) bool {