Fix handling of TLS-Connections
Signed-off-by: Mathias Kaufmann <me@stei.gr>
This commit is contained in:
parent
30151254c2
commit
b0536016a1
@ -21,11 +21,10 @@ package main
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
proxyproto "github.com/Freeaqingme/go-proxyproto"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -38,7 +37,7 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
conn *proxyproto.Conn
|
conn net.Conn
|
||||||
registered bool
|
registered bool
|
||||||
nickname *string
|
nickname *string
|
||||||
username *string
|
username *string
|
||||||
@ -56,7 +55,7 @@ func (c Client) String() string {
|
|||||||
return *c.nickname + "!" + *c.username + "@" + c.conn.RemoteAddr().String()
|
return *c.nickname + "!" + *c.username + "@" + c.conn.RemoteAddr().String()
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClient(conn *proxyproto.Conn) *Client {
|
func NewClient(conn net.Conn) *Client {
|
||||||
nickname := "*"
|
nickname := "*"
|
||||||
username := ""
|
username := ""
|
||||||
c := Client{
|
c := Client{
|
||||||
|
46
goircd.go
46
goircd.go
@ -32,21 +32,22 @@ import (
|
|||||||
proxyproto "github.com/Freeaqingme/go-proxyproto"
|
proxyproto "github.com/Freeaqingme/go-proxyproto"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
const (
|
||||||
version string
|
PROXY_TIMEOUT = 5
|
||||||
hostname = flag.String("hostname", "localhost", "Hostname")
|
|
||||||
bind = flag.String("bind", ":6667", "Address to bind to")
|
|
||||||
motd = flag.String("motd", "", "Path to MOTD file")
|
|
||||||
logdir = flag.String("logdir", "", "Absolute path to directory for logs")
|
|
||||||
statedir = flag.String("statedir", "", "Absolute path to directory for states")
|
|
||||||
passwords = flag.String("passwords", "", "Optional path to passwords file")
|
|
||||||
tlsBind = flag.String("tlsbind", "", "TLS address to bind to")
|
|
||||||
tlsPEM = flag.String("tlspem", "", "Path to TLS certificat+key PEM file")
|
|
||||||
verbose = flag.Bool("v", false, "Enable verbose logging.")
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
var (
|
||||||
PROXY_TIMEOUT = 5 * time.Second
|
version string
|
||||||
|
hostname = flag.String("hostname", "localhost", "Hostname")
|
||||||
|
bind = flag.String("bind", ":6667", "Address to bind to")
|
||||||
|
motd = flag.String("motd", "", "Path to MOTD file")
|
||||||
|
logdir = flag.String("logdir", "", "Absolute path to directory for logs")
|
||||||
|
statedir = flag.String("statedir", "", "Absolute path to directory for states")
|
||||||
|
passwords = flag.String("passwords", "", "Optional path to passwords file")
|
||||||
|
tlsBind = flag.String("tlsbind", "", "TLS address to bind to")
|
||||||
|
tlsPEM = flag.String("tlspem", "", "Path to TLS certificat+key PEM file")
|
||||||
|
proxyTimeout = flag.Uint("proxytimeout", PROXY_TIMEOUT, "Timeout when using proxy protocol")
|
||||||
|
verbose = flag.Bool("v", false, "Enable verbose logging.")
|
||||||
)
|
)
|
||||||
|
|
||||||
func listenerLoop(sock net.Listener, events chan ClientEvent) {
|
func listenerLoop(sock net.Listener, events chan ClientEvent) {
|
||||||
@ -56,8 +57,7 @@ func listenerLoop(sock net.Listener, events chan ClientEvent) {
|
|||||||
log.Println("Error during accepting connection", err)
|
log.Println("Error during accepting connection", err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
proxied_conn := proxyproto.NewConn(conn, PROXY_TIMEOUT)
|
client := NewClient(conn)
|
||||||
client := NewClient(proxied_conn)
|
|
||||||
go client.Processor(events)
|
go client.Processor(events)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -114,25 +114,39 @@ func Run() {
|
|||||||
log.Println(*statedir, "statekeeper initialized")
|
log.Println(*statedir, "statekeeper initialized")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxyTimeout := time.Duration(uint(*proxyTimeout)) * time.Second
|
||||||
|
|
||||||
if *bind != "" {
|
if *bind != "" {
|
||||||
listener, err := net.Listen("tcp", *bind)
|
listener, err := net.Listen("tcp", *bind)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Can not listen on %s: %v", *bind, err)
|
log.Fatalf("Can not listen on %s: %v", *bind, err)
|
||||||
}
|
}
|
||||||
|
// Add PROXY-Protocol support
|
||||||
|
listener = &proxyproto.Listener{Listener: listener, ProxyHeaderTimeout: proxyTimeout}
|
||||||
|
|
||||||
log.Println("Raw listening on", *bind)
|
log.Println("Raw listening on", *bind)
|
||||||
go listenerLoop(listener, events)
|
go listenerLoop(listener, events)
|
||||||
}
|
}
|
||||||
|
|
||||||
if *tlsBind != "" {
|
if *tlsBind != "" {
|
||||||
cert, err := tls.LoadX509KeyPair(*tlsPEM, *tlsPEM)
|
cert, err := tls.LoadX509KeyPair(*tlsPEM, *tlsPEM)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Could not load TLS keys from %s: %s", *tlsPEM, err)
|
log.Fatalf("Could not load TLS keys from %s: %s", *tlsPEM, err)
|
||||||
}
|
}
|
||||||
config := tls.Config{Certificates: []tls.Certificate{cert}}
|
config := tls.Config{Certificates: []tls.Certificate{cert}}
|
||||||
listenerTLS, err := tls.Listen("tcp", *tlsBind, &config)
|
|
||||||
|
listenerTLS, err := net.Listen("tcp", *tlsBind)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Can not listen on %s: %v", *tlsBind, err)
|
log.Fatalf("Can not listen on %s: %v", *tlsBind, err)
|
||||||
}
|
}
|
||||||
log.Println("TLS listening on", *tlsBind)
|
log.Println("TLS listening on", *tlsBind)
|
||||||
|
|
||||||
|
// Add PROXY-Protocol support
|
||||||
|
|
||||||
|
listenerTLS = &proxyproto.Listener{Listener: listenerTLS, ProxyHeaderTimeout: proxyTimeout}
|
||||||
|
|
||||||
|
listenerTLS = tls.NewListener(listenerTLS, &config)
|
||||||
|
|
||||||
go listenerLoop(listenerTLS, events)
|
go listenerLoop(listenerTLS, events)
|
||||||
}
|
}
|
||||||
Processor(events, make(chan struct{}))
|
Processor(events, make(chan struct{}))
|
||||||
|
Loading…
Reference in New Issue
Block a user