relikd/appchk-app
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Cleanup NEKit

Browse Source
This commit is contained in:
relikd
2020-09-14 18:41:37 +02:00
parent d68e4ec869
commit 162e18c912
30 changed files with 1 additions and 1325 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
GlassVPN/zhuhaow-NEKit/Event/Event/RuleMatchEvent.swift
View File

@@ -1,16 +0,0 @@
import Foundation
public enum RuleMatchEvent: EventType {
public var description: String {
switch self {
case let .ruleMatched(session, rule: rule):
return "Rule \(rule) matched session \(session)."
case let .ruleDidNotMatch(session, rule: rule):
return "Rule \(rule) did not match session \(session)."
case let .dnsRuleMatched(session, rule: rule, type: type, result: result):
return "Rule \(rule) matched DNS session \(session) of type \(type), the result is \(result)."
}
}
case ruleMatched(ConnectSession, rule: Rule), ruleDidNotMatch(ConnectSession, rule: Rule), dnsRuleMatched(DNSSession, rule: Rule, type: DNSSessionMatchType, result: DNSSessionMatchResult)
}

4
GlassVPN/zhuhaow-NEKit/Event/ObserverFactory.swift
View File

@@ -20,8 +20,4 @@ open class ObserverFactory {
open func getObserverForProxyServer(_ server: ProxyServer) -> Observer<ProxyServerEvent>? {
return nil
}
open func getObserverForRuleManager(_ manager: RuleManager) -> Observer<RuleMatchEvent>? {
return nil
}
}

6
GlassVPN/zhuhaow-NEKit/IPStack/DNS/DNSServer.swift
View File

@@ -74,8 +74,6 @@ open class DNSServer: DNSResolverDelegate, IPStackProtocol {
return
}
RuleManager.currentManager.matchDNS(session, type: .domain)
switch session.matchResult! {
case .fake:
guard setUpFakeIP(session) else {
@@ -248,10 +246,6 @@ open class DNSServer: DNSResolverDelegate, IPStackProtocol {
session.realIP = message.resolvedIPv4Address
if session.matchResult != .fake && session.matchResult != .real {
RuleManager.currentManager.matchDNS(session, type: .ip)
}
switch session.matchResult! {
case .fake:
if !self.setUpFakeIP(session) {

1
GlassVPN/zhuhaow-NEKit/IPStack/DNS/DNSSession.swift
View File

@@ -7,7 +7,6 @@ open class DNSSession {
open var fakeIP: IPAddress?
open var realResponseMessage: DNSMessage?
var realResponseIPPacket: IPPacket?
open var matchedRule: Rule?
open var matchResult: DNSSessionMatchResult?
var indexToMatch = 0
var expireAt: Date?

8
GlassVPN/zhuhaow-NEKit/Messages/ConnectSession.swift
View File

@@ -21,9 +21,6 @@ public final class ConnectSession {
/// The requested port.
public let port: Int
/// The rule to use to connect to remote.
public var matchedRule: Rule?
/// Whether If the `requestedHost` is an IP address.
public let fakeIPEnabled: Bool
@@ -126,11 +123,6 @@ public final class ConnectSession {
host = session.requestMessage.queries[0].name
ipAddress = session.realIP?.presentation ?? ""
matchedRule = session.matchedRule
// if session.countryCode != nil {
// country = session.countryCode!
// }
return true
}

2
GlassVPN/zhuhaow-NEKit/Messages/HTTPHeader.swift
View File

@@ -17,7 +17,6 @@ open class HTTPHeader {
// Chunk is not supported yet.
open var contentLength: Int = 0
open var headers: [(String, String)] = []
open var rawHeader: Data?
public init(headerString: String) throws {
let lines = headerString.components(separatedBy: "\r\n")
@@ -127,7 +126,6 @@ open class HTTPHeader {
}
try self.init(headerString: headerString)
rawHeader = headerData
}
open subscript(index: String) -> String? {

24
GlassVPN/zhuhaow-NEKit/ProxyServer/GCDSOCKS5ProxyServer.swift
View File

@@ -1,24 +0,0 @@
import Foundation
/// The SOCKS5 proxy server.
public final class GCDSOCKS5ProxyServer: GCDProxyServer {
/**
Create an instance of SOCKS5 proxy server.
- parameter address: The address of proxy server.
- parameter port: The port of proxy server.
*/
override public init(address: IPAddress?, port: Port) {
super.init(address: address, port: port)
}
/**
Handle the new accepted socket as a SOCKS5 proxy connection.
- parameter socket: The accepted socket.
*/
override public func handleNewGCDSocket(_ socket: GCDTCPSocket) {
let proxySocket = SOCKS5ProxySocket(socket: socket)
didAcceptNewSocket(proxySocket)
}
}

6
GlassVPN/zhuhaow-NEKit/ResponseGeneratorFactory.swift
View File

@@ -1,6 +0,0 @@
import Foundation
open class ResponseGeneratorFactory {
static var HTTPProxyResponseGenerator: ResponseGenerator.Type?
static var SOCKS5ProxyResponseGenerator: ResponseGenerator.Type?
}

48
GlassVPN/zhuhaow-NEKit/Rule/AllRule.swift
View File

@@ -1,48 +0,0 @@
import Foundation
/// The rule matches all DNS and connect sessions.
open class AllRule: Rule {
fileprivate let adapterFactory: AdapterFactory
open override var description: String {
return "<AllRule>"
}
/**
Create a new `AllRule` instance.
- parameter adapterFactory: The factory which builds a corresponding adapter when needed.
*/
public init(adapterFactory: AdapterFactory) {
self.adapterFactory = adapterFactory
super.init()
}
/**
Match DNS session to this rule.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
- returns: The result of match.
*/
override open func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) -> DNSSessionMatchResult {
// only return real IP when we connect to remote directly
if let _ = adapterFactory as? DirectAdapterFactory {
return .real
} else {
return .fake
}
}
/**
Match connect session to this rule.
- parameter session: connect session to match.
- returns: The configured adapter.
*/
override open func match(_ session: ConnectSession) -> AdapterFactory? {
return adapterFactory
}
}

60
GlassVPN/zhuhaow-NEKit/Rule/DNSFailRule.swift
View File

@@ -1,60 +0,0 @@
import Foundation
/// The rule matches the request which failed to look up.
open class DNSFailRule: Rule {
fileprivate let adapterFactory: AdapterFactory
open override var description: String {
return "<DNSFailRule>"
}
/**
Create a new `DNSFailRule` instance.
- parameter adapterFactory: The factory which builds a corresponding adapter when needed.
*/
public init(adapterFactory: AdapterFactory) {
self.adapterFactory = adapterFactory
super.init()
}
/**
Match DNS request to this rule.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
- returns: The result of match.
*/
override open func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) -> DNSSessionMatchResult {
guard type == .ip else {
return .unknown
}
// only return real IP when we connect to remote directly
if session.realIP == nil {
if let _ = adapterFactory as? DirectAdapterFactory {
return .real
} else {
return .fake
}
} else {
return .pass
}
}
/**
Match connect session to this rule.
- parameter session: connect session to match.
- returns: The configured adapter.
*/
override open func match(_ session: ConnectSession) -> AdapterFactory? {
if session.ipAddress == "" {
return adapterFactory
} else {
return nil
}
}
}

16
GlassVPN/zhuhaow-NEKit/Rule/DirectRule.swift
View File

@@ -1,16 +0,0 @@
import Foundation
/// The rule matches every request and returns direct adapter.
///
/// This is equivalent to create an `AllRule` with a `DirectAdapterFactory`.
open class DirectRule: AllRule {
open override var description: String {
return "<DirectRule>"
}
/**
Create a new `DirectRule` instance.
*/
public init() {
super.init(adapterFactory: DirectAdapterFactory())
}
}

84
GlassVPN/zhuhaow-NEKit/Rule/DomainListRule.swift
View File

@@ -1,84 +0,0 @@
import Foundation
/// The rule matches the host domain to a list of predefined criteria.
open class DomainListRule: Rule {
public enum MatchCriterion {
case regex(NSRegularExpression), prefix(String), suffix(String), keyword(String), complete(String)
func match(_ domain: String) -> Bool {
switch self {
case .regex(let regex):
return regex.firstMatch(in: domain, options: [], range: NSRange(location: 0, length: domain.utf8.count)) != nil
case .prefix(let prefix):
return domain.hasPrefix(prefix)
case .suffix(let suffix):
return domain.hasSuffix(suffix)
case .keyword(let keyword):
return domain.contains(keyword)
case .complete(let match):
return domain == match
}
}
}
fileprivate let adapterFactory: AdapterFactory
open override var description: String {
return "<DomainListRule>"
}
/// The list of criteria to match to.
open var matchCriteria: [MatchCriterion] = []
/**
Create a new `DomainListRule` instance.
- parameter adapterFactory: The factory which builds a corresponding adapter when needed.
- parameter criteria: The list of criteria to match.
*/
public init(adapterFactory: AdapterFactory, criteria: [MatchCriterion]) {
self.adapterFactory = adapterFactory
self.matchCriteria = criteria
}
/**
Match DNS request to this rule.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
- returns: The result of match.
*/
override open func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) -> DNSSessionMatchResult {
if matchDomain(session.requestMessage.queries.first!.name) {
if let _ = adapterFactory as? DirectAdapterFactory {
return .real
}
return .fake
}
return .pass
}
/**
Match connect session to this rule.
- parameter session: connect session to match.
- returns: The configured adapter if matched, return `nil` if not matched.
*/
override open func match(_ session: ConnectSession) -> AdapterFactory? {
if matchDomain(session.host) {
return adapterFactory
}
return nil
}
fileprivate func matchDomain(_ domain: String) -> Bool {
for criterion in matchCriteria {
if criterion.match(domain) {
return true
}
}
return false
}
}

75
GlassVPN/zhuhaow-NEKit/Rule/IPRangeListRule.swift
View File

@@ -1,75 +0,0 @@
import Foundation
/// The rule matches the ip of the target hsot to a list of IP ranges.
open class IPRangeListRule: Rule {
fileprivate let adapterFactory: AdapterFactory
open override var description: String {
return "<IPRangeList>"
}
/// The list of regular expressions to match to.
open var ranges: [IPRange] = []
/**
Create a new `IPRangeListRule` instance.
- parameter adapterFactory: The factory which builds a corresponding adapter when needed.
- parameter ranges: The list of IP ranges to match. The IP ranges are expressed in CIDR form ("127.0.0.1/8") or range form ("127.0.0.1+16777216").
- throws: The error when parsing the IP range.
*/
public init(adapterFactory: AdapterFactory, ranges: [String]) throws {
self.adapterFactory = adapterFactory
self.ranges = try ranges.map {
let range = try IPRange(withString: $0)
return range
}
}
/**
Match DNS request to this rule.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
- returns: The result of match.
*/
override open func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) -> DNSSessionMatchResult {
guard type == .ip else {
return .unknown
}
// Probably we should match all answers?
guard let ip = session.realIP else {
return .pass
}
for range in ranges {
if range.contains(ip: ip) {
return .fake
}
}
return .pass
}
/**
Match connect session to this rule.
- parameter session: connect session to match.
- returns: The configured adapter if matched, return `nil` if not matched.
*/
override open func match(_ session: ConnectSession) -> AdapterFactory? {
guard let ip = IPAddress(fromString: session.ipAddress) else {
return nil
}
for range in ranges {
if range.contains(ip: ip) {
return adapterFactory
}
}
return nil
}
}

37
GlassVPN/zhuhaow-NEKit/Rule/Rule.swift
View File

@@ -1,37 +0,0 @@
import Foundation
/// The rule defines what to do for DNS requests and connect sessions.
open class Rule: CustomStringConvertible {
open var description: String {
return "<Rule>"
}
/**
Create a new rule.
*/
public init() {
}
/**
Match DNS request to this rule.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
- returns: The result of match.
*/
open func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) -> DNSSessionMatchResult {
return .real
}
/**
Match connect session to this rule.
- parameter session: connect session to match.
- returns: The configured adapter if matched, return `nil` if not matched.
*/
open func match(_ session: ConnectSession) -> AdapterFactory? {
return nil
}
}

80
GlassVPN/zhuhaow-NEKit/Rule/RuleManager.swift
View File

@@ -1,80 +0,0 @@
import Foundation
/// The class managing rules.
open class RuleManager {
/// The current used `RuleManager`, there is only one manager should be used at a time.
///
/// - note: This should be set before any DNS or connect sessions.
public static var currentManager: RuleManager = RuleManager(fromRules: [], appendDirect: true)
/// The rule list.
var rules: [Rule] = []
open var observer: Observer<RuleMatchEvent>?
/**
Create a new `RuleManager` from the given rules.
- parameter rules: The rules.
- parameter appendDirect: Whether to append a `DirectRule` at the end of the list so any request does not match with any rule go directly.
*/
public init(fromRules rules: [Rule], appendDirect: Bool = false) {
self.rules = []
if appendDirect || self.rules.count == 0 {
self.rules.append(DirectRule())
}
observer = ObserverFactory.currentFactory?.getObserverForRuleManager(self)
}
/**
Match DNS request to all rules.
- parameter session: The DNS session to match.
- parameter type: What kind of information is available.
*/
func matchDNS(_ session: DNSSession, type: DNSSessionMatchType) {
for (i, rule) in rules[session.indexToMatch..<rules.count].enumerated() {
let result = rule.matchDNS(session, type: type)
observer?.signal(.dnsRuleMatched(session, rule: rule, type: type, result: result))
switch result {
case .fake, .real, .unknown:
session.matchedRule = rule
session.matchResult = result
session.indexToMatch = i + session.indexToMatch // add the offset
return
case .pass:
break
}
}
}
/**
Match connect session to all rules.
- parameter session: connect session to match.
- returns: The matched configured adapter.
*/
func match(_ session: ConnectSession) -> AdapterFactory! {
if session.matchedRule != nil {
observer?.signal(.ruleMatched(session, rule: session.matchedRule!))
return session.matchedRule!.match(session)
}
for rule in rules {
if let adapterFactory = rule.match(session) {
observer?.signal(.ruleMatched(session, rule: rule))
session.matchedRule = rule
return adapterFactory
} else {
observer?.signal(.ruleDidNotMatch(session, rule: rule))
}
}
return nil // this should never happens
}
}

27
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/AdapterFactoryManager.swift
View File

@@ -1,27 +0,0 @@
import Foundation
/// This is a very simple wrapper of a dict of type `[String: AdapterFactory]`.
///
/// Use it as a normal dict.
public class AdapterFactoryManager {
private var factoryDict: [String: AdapterFactory]
public subscript(index: String) -> AdapterFactory? {
get {
if index == "direct" {
return DirectAdapterFactory()
}
return factoryDict[index]
}
set { factoryDict[index] = newValue }
}
/**
Initialize a new factory manager.
- parameter factoryDict: The factory dict.
*/
public init(factoryDict: [String: AdapterFactory]) {
self.factoryDict = factoryDict
}
}

11
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/AuthenticationServerAdapterFactory.swift
View File

@@ -1,11 +0,0 @@
import Foundation
/// Factory building server adapter which requires authentication.
open class HTTPAuthenticationAdapterFactory: ServerAdapterFactory {
let auth: HTTPAuthentication?
required public init(serverHost: String, serverPort: Int, auth: HTTPAuthentication?) {
self.auth = auth
super.init(serverHost: serverHost, serverPort: serverPort)
}
}

21
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/HTTPAdapterFactory.swift
View File

@@ -1,21 +0,0 @@
import Foundation
/// Factory building HTTP adapter.
open class HTTPAdapterFactory: HTTPAuthenticationAdapterFactory {
required public init(serverHost: String, serverPort: Int, auth: HTTPAuthentication?) {
super.init(serverHost: serverHost, serverPort: serverPort, auth: auth)
}
/**
Get a HTTP adapter.
- parameter session: The connect session.
- returns: The built adapter.
*/
override open func getAdapterFor(session: ConnectSession) -> AdapterSocket {
let adapter = HTTPAdapter(serverHost: serverHost, serverPort: serverPort, auth: auth)
adapter.socket = RawSocketFactory.getRawSocket()
return adapter
}
}

13
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/RejectAdapterFactory.swift
View File

@@ -1,13 +0,0 @@
import Foundation
open class RejectAdapterFactory: AdapterFactory {
public let delay: Int
public init(delay: Int = Opt.RejectAdapterDefaultDelay) {
self.delay = delay
}
override open func getAdapterFor(session: ConnectSession) -> AdapterSocket {
return RejectAdapter(delay: delay)
}
}

21
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/SOCKS5AdapterFactory.swift
View File

@@ -1,21 +0,0 @@
import Foundation
/// Factory building SOCKS5 adapter.
open class SOCKS5AdapterFactory: ServerAdapterFactory {
override public init(serverHost: String, serverPort: Int) {
super.init(serverHost: serverHost, serverPort: serverPort)
}
/**
Get a SOCKS5 adapter.
- parameter session: The connect session.
- returns: The built adapter.
*/
override open func getAdapterFor(session: ConnectSession) -> AdapterSocket {
let adapter = SOCKS5Adapter(serverHost: serverHost, serverPort: serverPort)
adapter.socket = RawSocketFactory.getRawSocket()
return adapter
}
}

21
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/SecureHTTPAdapterFactory.swift
View File

@@ -1,21 +0,0 @@
import Foundation
/// Factory building secured HTTP (HTTP with SSL) adapter.
open class SecureHTTPAdapterFactory: HTTPAdapterFactory {
required public init(serverHost: String, serverPort: Int, auth: HTTPAuthentication?) {
super.init(serverHost: serverHost, serverPort: serverPort, auth: auth)
}
/**
Get a secured HTTP adapter.
- parameter session: The connect session.
- returns: The built adapter.
*/
override open func getAdapterFor(session: ConnectSession) -> AdapterSocket {
let adapter = SecureHTTPAdapter(serverHost: serverHost, serverPort: serverPort, auth: auth)
adapter.socket = RawSocketFactory.getRawSocket()
return adapter
}
}

12
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/Factory/ServerAdapterFactory.swift
View File

@@ -1,12 +0,0 @@
import Foundation
/// Factory building adapter with proxy server host and port.
open class ServerAdapterFactory: AdapterFactory {
let serverHost: String
let serverPort: Int
public init(serverHost: String, serverPort: Int) {
self.serverHost = serverHost
self.serverPort = serverPort
}
}

110
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/HTTPAdapter.swift
View File

@@ -1,110 +0,0 @@
import Foundation
public enum HTTPAdapterError: Error, CustomStringConvertible {
case invalidURL, serailizationFailure
public var description: String {
switch self {
case .invalidURL:
return "Invalid url when connecting through proxy"
case .serailizationFailure:
return "Failed to serialize HTTP CONNECT header"
}
}
}
/// This adapter connects to remote host through a HTTP proxy.
public class HTTPAdapter: AdapterSocket {
enum HTTPAdapterStatus {
case invalid,
connecting,
readingResponse,
forwarding,
stopped
}
/// The host domain of the HTTP proxy.
let serverHost: String
/// The port of the HTTP proxy.
let serverPort: Int
/// The authentication information for the HTTP proxy.
let auth: HTTPAuthentication?
/// Whether the connection to the proxy should be secured or not.
var secured: Bool
var internalStatus: HTTPAdapterStatus = .invalid
public init(serverHost: String, serverPort: Int, auth: HTTPAuthentication?) {
self.serverHost = serverHost
self.serverPort = serverPort
self.auth = auth
secured = false
super.init()
}
override public func openSocketWith(session: ConnectSession) {
super.openSocketWith(session: session)
guard !isCancelled else {
return
}
do {
internalStatus = .connecting
try socket.connectTo(host: serverHost, port: serverPort, enableTLS: secured, tlsSettings: nil)
} catch {}
}
override public func didConnectWith(socket: RawTCPSocketProtocol) {
super.didConnectWith(socket: socket)
guard let url = URL(string: "\(session.host):\(session.port)") else {
observer?.signal(.errorOccured(HTTPAdapterError.invalidURL, on: self))
disconnect()
return
}
let message = CFHTTPMessageCreateRequest(kCFAllocatorDefault, "CONNECT" as CFString, url as CFURL, kCFHTTPVersion1_1).takeRetainedValue()
if let authData = auth {
CFHTTPMessageSetHeaderFieldValue(message, "Proxy-Authorization" as CFString, authData.authString() as CFString?)
}
CFHTTPMessageSetHeaderFieldValue(message, "Host" as CFString, "\(session.host):\(session.port)" as CFString?)
CFHTTPMessageSetHeaderFieldValue(message, "Content-Length" as CFString, "0" as CFString?)
guard let requestData = CFHTTPMessageCopySerializedMessage(message)?.takeRetainedValue() else {
observer?.signal(.errorOccured(HTTPAdapterError.serailizationFailure, on: self))
disconnect()
return
}
internalStatus = .readingResponse
write(data: requestData as Data)
socket.readDataTo(data: Utils.HTTPData.DoubleCRLF)
}
override public func didRead(data: Data, from socket: RawTCPSocketProtocol) {
super.didRead(data: data, from: socket)
switch internalStatus {
case .readingResponse:
internalStatus = .forwarding
observer?.signal(.readyForForward(self))
delegate?.didBecomeReadyToForwardWith(socket: self)
case .forwarding:
observer?.signal(.readData(data, on: self))
delegate?.didRead(data: data, from: self)
default:
return
}
}
override public func didWrite(data: Data?, by socket: RawTCPSocketProtocol) {
super.didWrite(data: data, by: socket)
if internalStatus == .forwarding {
observer?.signal(.wroteData(data, on: self))
delegate?.didWrite(data: data, by: self)
}
}
}

49
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/RejectAdapter.swift
View File

@@ -1,49 +0,0 @@
import Foundation
public class RejectAdapter: AdapterSocket {
public let delay: Int
public init(delay: Int) {
self.delay = delay
}
override public func openSocketWith(session: ConnectSession) {
super.openSocketWith(session: session)
QueueFactory.getQueue().asyncAfter(deadline: DispatchTime.now() + DispatchTimeInterval.milliseconds(delay)) {
[weak self] in
self?.disconnect()
}
}
/**
Disconnect the socket elegantly.
*/
public override func disconnect(becauseOf error: Error? = nil) {
guard !isCancelled else {
return
}
_cancelled = true
session.disconnected(becauseOf: error, by: .adapter)
observer?.signal(.disconnectCalled(self))
_status = .closed
delegate?.didDisconnectWith(socket: self)
}
/**
Disconnect the socket immediately.
*/
public override func forceDisconnect(becauseOf error: Error? = nil) {
guard !isCancelled else {
return
}
_cancelled = true
session.disconnected(becauseOf: error, by: .adapter)
observer?.signal(.forceDisconnectCalled(self))
_status = .closed
delegate?.didDisconnectWith(socket: self)
}
}

112
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/SOCKS5Adapter.swift
View File

@@ -1,112 +0,0 @@
import Foundation
public class SOCKS5Adapter: AdapterSocket {
enum SOCKS5AdapterStatus {
case invalid,
connecting,
readingMethodResponse,
readingResponseFirstPart,
readingResponseSecondPart,
forwarding
}
public let serverHost: String
public let serverPort: Int
var internalStatus: SOCKS5AdapterStatus = .invalid
let helloData = Data([0x05, 0x01, 0x00])
public enum ReadTag: Int {
case methodResponse = -20000, connectResponseFirstPart, connectResponseSecondPart
}
public enum WriteTag: Int {
case open = -21000, connectIPv4, connectIPv6, connectDomainLength, connectPort
}
public init(serverHost: String, serverPort: Int) {
self.serverHost = serverHost
self.serverPort = serverPort
super.init()
}
public override func openSocketWith(session: ConnectSession) {
super.openSocketWith(session: session)
guard !isCancelled else {
return
}
do {
internalStatus = .connecting
try socket.connectTo(host: serverHost, port: serverPort, enableTLS: false, tlsSettings: nil)
} catch {}
}
public override func didConnectWith(socket: RawTCPSocketProtocol) {
super.didConnectWith(socket: socket)
write(data: helloData)
internalStatus = .readingMethodResponse
socket.readDataTo(length: 2)
}
public override func didRead(data: Data, from socket: RawTCPSocketProtocol) {
super.didRead(data: data, from: socket)
switch internalStatus {
case .readingMethodResponse:
var response: [UInt8]
if session.isIPv4() {
response = [0x05, 0x01, 0x00, 0x01]
let address = IPAddress(fromString: session.host)!
response += [UInt8](address.dataInNetworkOrder)
} else if session.isIPv6() {
response = [0x05, 0x01, 0x00, 0x04]
let address = IPAddress(fromString: session.host)!
response += [UInt8](address.dataInNetworkOrder)
} else {
response = [0x05, 0x01, 0x00, 0x03]
response.append(UInt8(session.host.utf8.count))
response += [UInt8](session.host.utf8)
}
let portBytes: [UInt8] = Utils.toByteArray(UInt16(session.port)).reversed()
response.append(contentsOf: portBytes)
write(data: Data(response))
internalStatus = .readingResponseFirstPart
socket.readDataTo(length: 5)
case .readingResponseFirstPart:
var readLength = 0
switch data[3] {
case 1:
readLength = 3 + 2
case 3:
readLength = Int(data[4]) + 2
case 4:
readLength = 15 + 2
default:
break
}
internalStatus = .readingResponseSecondPart
socket.readDataTo(length: readLength)
case .readingResponseSecondPart:
internalStatus = .forwarding
observer?.signal(.readyForForward(self))
delegate?.didBecomeReadyToForwardWith(socket: self)
case .forwarding:
delegate?.didRead(data: data, from: self)
default:
return
}
}
override open func didWrite(data: Data?, by socket: RawTCPSocketProtocol) {
super.didWrite(data: data, by: socket)
if internalStatus == .forwarding {
delegate?.didWrite(data: data, by: self)
}
}
}

9
GlassVPN/zhuhaow-NEKit/Socket/AdapterSocket/SecureHTTPAdapter.swift
View File

@@ -1,9 +0,0 @@
import Foundation
/// This adapter connects to remote host through a HTTP proxy with SSL.
public class SecureHTTPAdapter: HTTPAdapter {
override public init(serverHost: String, serverPort: Int, auth: HTTPAuthentication?) {
super.init(serverHost: serverHost, serverPort: serverPort, auth: auth)
secured = true
}
}

113
GlassVPN/zhuhaow-NEKit/Socket/ProxySocket/DirectProxySocket.swift
View File

@@ -1,113 +0,0 @@
import Foundation
/// This class just forwards data directly.
/// - note: It is designed to work with tun2socks only.
public class DirectProxySocket: ProxySocket {
enum DirectProxyReadStatus: CustomStringConvertible {
case invalid,
forwarding,
stopped
var description: String {
switch self {
case .invalid:
return "invalid"
case .forwarding:
return "forwarding"
case .stopped:
return "stopped"
}
}
}
enum DirectProxyWriteStatus {
case invalid,
forwarding,
stopped
var description: String {
switch self {
case .invalid:
return "invalid"
case .forwarding:
return "forwarding"
case .stopped:
return "stopped"
}
}
}
private var readStatus: DirectProxyReadStatus = .invalid
private var writeStatus: DirectProxyWriteStatus = .invalid
public var readStatusDescription: String {
return readStatus.description
}
public var writeStatusDescription: String {
return writeStatus.description
}
/**
Begin reading and processing data from the socket.
- note: Since there is nothing to read and process before forwarding data, this just calls `delegate?.didReceiveRequest`.
*/
override public func openSocket() {
super.openSocket()
guard !isCancelled else {
return
}
if let address = socket.destinationIPAddress, let port = socket.destinationPort {
session = ConnectSession(host: address.presentation, port: Int(port.value))
observer?.signal(.receivedRequest(session!, on: self))
delegate?.didReceive(session: session!, from: self)
} else {
forceDisconnect()
}
}
/**
Response to the `AdapterSocket` on the other side of the `Tunnel` which has succefully connected to the remote server.
- parameter adapter: The `AdapterSocket`.
*/
override public func respondTo(adapter: AdapterSocket) {
super.respondTo(adapter: adapter)
guard !isCancelled else {
return
}
readStatus = .forwarding
writeStatus = .forwarding
observer?.signal(.readyForForward(self))
delegate?.didBecomeReadyToForwardWith(socket: self)
}
/**
The socket did read some data.
- parameter data: The data read from the socket.
- parameter from: The socket where the data is read from.
*/
override open func didRead(data: Data, from: RawTCPSocketProtocol) {
super.didRead(data: data, from: from)
delegate?.didRead(data: data, from: self)
}
/**
The socket did send some data.
- parameter data: The data which have been sent to remote (acknowledged). Note this may not be available since the data may be released to save memory.
- parameter by: The socket where the data is sent out.
*/
override open func didWrite(data: Data?, by: RawTCPSocketProtocol) {
super.didWrite(data: data, by: by)
delegate?.didWrite(data: data, by: self)
}
}

244
GlassVPN/zhuhaow-NEKit/Socket/ProxySocket/SOCKS5ProxySocket.swift
View File

@@ -1,244 +0,0 @@
import Foundation
public class SOCKS5ProxySocket: ProxySocket {
enum SOCKS5ProxyReadStatus: CustomStringConvertible {
case invalid,
readingVersionIdentifierAndNumberOfMethods,
readingMethods,
readingConnectHeader,
readingIPv4Address,
readingDomainLength,
readingDomain,
readingIPv6Address,
readingPort,
forwarding,
stopped
var description: String {
switch self {
case .invalid:
return "invalid"
case .readingVersionIdentifierAndNumberOfMethods:
return "reading version and methods"
case .readingMethods:
return "reading methods"
case .readingConnectHeader:
return "reading connect header"
case .readingIPv4Address:
return "IPv4 address"
case .readingDomainLength:
return "domain length"
case .readingDomain:
return "domain"
case .readingIPv6Address:
return "IPv6 address"
case .readingPort:
return "reading port"
case .forwarding:
return "forwarding"
case .stopped:
return "stopped"
}
}
}
enum SOCKS5ProxyWriteStatus: CustomStringConvertible {
case invalid,
sendingResponse,
forwarding,
stopped
var description: String {
switch self {
case .invalid:
return "invalid"
case .sendingResponse:
return "sending response"
case .forwarding:
return "forwarding"
case .stopped:
return "stopped"
}
}
}
/// The remote host to connect to.
public var destinationHost: String!
/// The remote port to connect to.
public var destinationPort: Int!
private var readStatus: SOCKS5ProxyReadStatus = .invalid
private var writeStatus: SOCKS5ProxyWriteStatus = .invalid
public var readStatusDescription: String {
return readStatus.description
}
public var writeStatusDescription: String {
return writeStatus.description
}
/**
Begin reading and processing data from the socket.
*/
override public func openSocket() {
super.openSocket()
guard !isCancelled else {
return
}
readStatus = .readingVersionIdentifierAndNumberOfMethods
socket.readDataTo(length: 2)
}
// swiftlint:disable function_body_length
// swiftlint:disable cyclomatic_complexity
/**
The socket did read some data.
- parameter data: The data read from the socket.
- parameter from: The socket where the data is read from.
*/
override public func didRead(data: Data, from: RawTCPSocketProtocol) {
super.didRead(data: data, from: from)
switch readStatus {
case .forwarding:
delegate?.didRead(data: data, from: self)
case .readingVersionIdentifierAndNumberOfMethods:
data.withUnsafeBytes { pointer in
let p = pointer.bindMemory(to: Int8.self)
guard p.baseAddress!.pointee == 5 else {
// TODO: notify observer
self.disconnect()
return
}
guard p.baseAddress!.successor().pointee > 0 else {
// TODO: notify observer
self.disconnect()
return
}
self.readStatus = .readingMethods
self.socket.readDataTo(length: Int(p.baseAddress!.successor().pointee))
}
case .readingMethods:
// TODO: check for 0x00 in read data
let response = Data([0x05, 0x00])
// we would not be able to read anything before the data is written out, so no need to handle the dataWrote event.
write(data: response)
readStatus = .readingConnectHeader
socket.readDataTo(length: 4)
case .readingConnectHeader:
data.withUnsafeBytes { pointer in
let p = pointer.bindMemory(to: Int8.self)
guard p.baseAddress!.pointee == 5 && p.baseAddress!.successor().pointee == 1 else {
// TODO: notify observer
self.disconnect()
return
}
switch p.baseAddress!.advanced(by: 3).pointee {
case 1:
readStatus = .readingIPv4Address
socket.readDataTo(length: 4)
case 3:
readStatus = .readingDomainLength
socket.readDataTo(length: 1)
case 4:
readStatus = .readingIPv6Address
socket.readDataTo(length: 16)
default:
break
}
}
case .readingIPv4Address:
var address = Data(count: Int(INET_ADDRSTRLEN))
_ = data.withUnsafeBytes { data_ptr in
address.withUnsafeMutableBytes { addr_ptr in
inet_ntop(AF_INET, data_ptr.baseAddress!, addr_ptr.bindMemory(to: Int8.self).baseAddress!, socklen_t(INET_ADDRSTRLEN))
}
}
destinationHost = String(data: address, encoding: .utf8)
readStatus = .readingPort
socket.readDataTo(length: 2)
case .readingIPv6Address:
var address = Data(count: Int(INET6_ADDRSTRLEN))
_ = data.withUnsafeBytes { data_ptr in
address.withUnsafeMutableBytes { addr_ptr in
inet_ntop(AF_INET6, data_ptr.baseAddress!, addr_ptr.bindMemory(to: Int8.self).baseAddress!, socklen_t(INET6_ADDRSTRLEN))
}
}
destinationHost = String(data: address, encoding: .utf8)
readStatus = .readingPort
socket.readDataTo(length: 2)
case .readingDomainLength:
readStatus = .readingDomain
socket.readDataTo(length: Int(data.first!))
case .readingDomain:
destinationHost = String(data: data, encoding: .utf8)
readStatus = .readingPort
socket.readDataTo(length: 2)
case .readingPort:
data.withUnsafeBytes {
destinationPort = Int($0.load(as: UInt16.self).bigEndian)
}
readStatus = .forwarding
session = ConnectSession(host: destinationHost, port: destinationPort)
observer?.signal(.receivedRequest(session!, on: self))
delegate?.didReceive(session: session!, from: self)
default:
return
}
}
/**
The socket did send some data.
- parameter data: The data which have been sent to remote (acknowledged). Note this may not be available since the data may be released to save memory.
- parameter from: The socket where the data is sent out.
*/
override public func didWrite(data: Data?, by: RawTCPSocketProtocol) {
super.didWrite(data: data, by: by)
switch writeStatus {
case .forwarding:
delegate?.didWrite(data: data, by: self)
case .sendingResponse:
writeStatus = .forwarding
observer?.signal(.readyForForward(self))
delegate?.didBecomeReadyToForwardWith(socket: self)
default:
return
}
}
/**
Response to the `AdapterSocket` on the other side of the `Tunnel` which has succefully connected to the remote server.
- parameter adapter: The `AdapterSocket`.
*/
override public func respondTo(adapter: AdapterSocket) {
super.respondTo(adapter: adapter)
guard !isCancelled else {
return
}
var responseBytes = [UInt8](repeating: 0, count: 10)
responseBytes[0...3] = [0x05, 0x00, 0x00, 0x01]
let responseData = Data(responseBytes)
writeStatus = .sendingResponse
write(data: responseData)
}
}

4
GlassVPN/zhuhaow-NEKit/Tunnel/Tunnel.swift
View File

@@ -170,9 +170,7 @@ public class Tunnel: NSObject, SocketDelegate {
return
}
let manager = RuleManager.currentManager
let factory = manager.match(session)!
adapterSocket = factory.getAdapterFor(session: session)
adapterSocket = DirectAdapterFactory().getAdapterFor(session: session)
adapterSocket!.delegate = self
adapterSocket!.openSocketWith(session: session)
}