Fix serverside TLS support of SplitHTTP H1/H2 (#3567)

Fix #3566

Also update testsuite so that all tests read and write some data. Opening a connection is not enough to trigger connection errors, because the connection is so lazy.
This commit is contained in:
mmmray 2024-07-21 02:29:50 +02:00
parent 964859b4bc
commit 529f206d33
2 changed files with 73 additions and 15 deletions

View file

@ -269,7 +269,6 @@ func ListenSH(ctx context.Context, address net.Address, port net.Port, streamSet
tlsConfig := getTLSConfig(streamSettings) tlsConfig := getTLSConfig(streamSettings)
l.isH3 = len(tlsConfig.NextProtos) == 1 && tlsConfig.NextProtos[0] == "h3" l.isH3 = len(tlsConfig.NextProtos) == 1 && tlsConfig.NextProtos[0] == "h3"
if port == net.Port(0) { // unix if port == net.Port(0) { // unix
listener, err = internet.ListenSystem(ctx, &net.UnixAddr{ listener, err = internet.ListenSystem(ctx, &net.UnixAddr{
Name: address.Domain(), Name: address.Domain(),
@ -285,9 +284,9 @@ func ListenSH(ctx context.Context, address net.Address, port net.Port, streamSet
Port: int(port), Port: int(port),
}, streamSettings.SocketSettings) }, streamSettings.SocketSettings)
if err != nil { if err != nil {
return nil, errors.New("failed to listen UDP(for SH3) on ", address, ":", port).Base(err) return nil, errors.New("failed to listen UDP(for SH3) on ", address, ":", port).Base(err)
} }
h3listener, err := quic.ListenEarly(Conn,tlsConfig, nil) h3listener, err := quic.ListenEarly(Conn, tlsConfig, nil)
if err != nil { if err != nil {
return nil, errors.New("failed to listen QUIC(for SH3) on ", address, ":", port).Base(err) return nil, errors.New("failed to listen QUIC(for SH3) on ", address, ":", port).Base(err)
} }
@ -314,7 +313,6 @@ func ListenSH(ctx context.Context, address net.Address, port net.Port, streamSet
if err != nil { if err != nil {
return nil, errors.New("failed to listen TCP(for SH) on ", address, ":", port).Base(err) return nil, errors.New("failed to listen TCP(for SH) on ", address, ":", port).Base(err)
} }
l.listener = listener
errors.LogInfo(ctx, "listening TCP(for SH) on ", address, ":", port) errors.LogInfo(ctx, "listening TCP(for SH) on ", address, ":", port)
// h2cHandler can handle both plaintext HTTP/1.1 and h2c // h2cHandler can handle both plaintext HTTP/1.1 and h2c
@ -324,18 +322,24 @@ func ListenSH(ctx context.Context, address net.Address, port net.Port, streamSet
ReadHeaderTimeout: time.Second * 4, ReadHeaderTimeout: time.Second * 4,
MaxHeaderBytes: 8192, MaxHeaderBytes: 8192,
} }
}
// tcp/unix (h1/h2)
if listener != nil {
if config := v2tls.ConfigFromStreamSettings(streamSettings); config != nil {
if tlsConfig := config.GetTLSConfig(); tlsConfig != nil {
listener = tls.NewListener(listener, tlsConfig)
}
}
l.listener = listener
go func() { go func() {
if err := l.server.Serve(l.listener); err != nil { if err := l.server.Serve(l.listener); err != nil {
errors.LogWarningInner(ctx, err, "failed to serve http for splithttp") errors.LogWarningInner(ctx, err, "failed to serve http for splithttp")
} }
}() }()
} }
l.listener = listener
if config := v2tls.ConfigFromStreamSettings(streamSettings); config != nil {
if tlsConfig := config.GetTLSConfig(); tlsConfig != nil {
listener = tls.NewListener(listener, tlsConfig)
}
}
return l, err return l, err
} }

View file

@ -2,6 +2,7 @@ package splithttp_test
import ( import (
"context" "context"
"crypto/rand"
gotls "crypto/tls" gotls "crypto/tls"
"fmt" "fmt"
gonet "net" gonet "net"
@ -10,7 +11,9 @@ import (
"testing" "testing"
"time" "time"
"github.com/google/go-cmp/cmp"
"github.com/xtls/xray-core/common" "github.com/xtls/xray-core/common"
"github.com/xtls/xray-core/common/buf"
"github.com/xtls/xray-core/common/net" "github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/common/protocol/tls/cert" "github.com/xtls/xray-core/common/protocol/tls/cert"
"github.com/xtls/xray-core/testing/servers/tcp" "github.com/xtls/xray-core/testing/servers/tcp"
@ -143,7 +146,16 @@ func Test_listenSHAndDial_TLS(t *testing.T) {
} }
listen, err := ListenSH(context.Background(), net.LocalHostIP, listenPort, streamSettings, func(conn stat.Connection) { listen, err := ListenSH(context.Background(), net.LocalHostIP, listenPort, streamSettings, func(conn stat.Connection) {
go func() { go func() {
_ = conn.Close() defer conn.Close()
var b [1024]byte
conn.SetReadDeadline(time.Now().Add(2 * time.Second))
_, err := conn.Read(b[:])
if err != nil {
return
}
common.Must2(conn.Write([]byte("Response")))
}() }()
}) })
common.Must(err) common.Must(err)
@ -151,7 +163,15 @@ func Test_listenSHAndDial_TLS(t *testing.T) {
conn, err := Dial(context.Background(), net.TCPDestination(net.DomainAddress("localhost"), listenPort), streamSettings) conn, err := Dial(context.Background(), net.TCPDestination(net.DomainAddress("localhost"), listenPort), streamSettings)
common.Must(err) common.Must(err)
_ = conn.Close()
_, err = conn.Write([]byte("Test connection 1"))
common.Must(err)
var b [1024]byte
n, _ := conn.Read(b[:])
if string(b[:n]) != "Response" {
t.Error("response: ", string(b[:n]))
}
end := time.Now() end := time.Now()
if !end.Before(start.Add(time.Second * 5)) { if !end.Before(start.Add(time.Second * 5)) {
@ -229,18 +249,52 @@ func Test_listenSHAndDial_QUIC(t *testing.T) {
} }
listen, err := ListenSH(context.Background(), net.LocalHostIP, listenPort, streamSettings, func(conn stat.Connection) { listen, err := ListenSH(context.Background(), net.LocalHostIP, listenPort, streamSettings, func(conn stat.Connection) {
go func() { go func() {
_ = conn.Close() defer conn.Close()
b := buf.New()
defer b.Release()
for {
b.Clear()
if _, err := b.ReadFrom(conn); err != nil {
return
}
common.Must2(conn.Write(b.Bytes()))
}
}() }()
}) })
common.Must(err) common.Must(err)
defer listen.Close() defer listen.Close()
time.Sleep(time.Second)
conn, err := Dial(context.Background(), net.UDPDestination(net.DomainAddress("localhost"), listenPort), streamSettings) conn, err := Dial(context.Background(), net.UDPDestination(net.DomainAddress("localhost"), listenPort), streamSettings)
common.Must(err) common.Must(err)
_ = conn.Close() defer conn.Close()
const N = 1024
b1 := make([]byte, N)
common.Must2(rand.Read(b1))
b2 := buf.New()
common.Must2(conn.Write(b1))
b2.Clear()
common.Must2(b2.ReadFullFrom(conn, N))
if r := cmp.Diff(b2.Bytes(), b1); r != "" {
t.Error(r)
}
common.Must2(conn.Write(b1))
b2.Clear()
common.Must2(b2.ReadFullFrom(conn, N))
if r := cmp.Diff(b2.Bytes(), b1); r != "" {
t.Error(r)
}
end := time.Now() end := time.Now()
if !end.Before(start.Add(time.Second * 5)) { if !end.Before(start.Add(time.Second * 5)) {
t.Error("end: ", end, " start: ", start) t.Error("end: ", end, " start: ", start)
} }
} }