x_net_proxy.go raw
1 // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT.
2 //go:generate bundle -o x_net_proxy.go golang.org/x/net/proxy
3
4 // Package proxy provides support for a variety of protocols to proxy network
5 // data.
6 //
7
8 package websocket
9
10 import (
11 "errors"
12 "io"
13 "net"
14 "net/url"
15 "os"
16 "strconv"
17 "strings"
18 "sync"
19 )
20
21 type proxy_direct struct{}
22
23 // Direct is a direct proxy: one that makes network connections directly.
24 var proxy_Direct = proxy_direct{}
25
26 func (proxy_direct) Dial(network, addr string) (net.Conn, error) {
27 return net.Dial(network, addr)
28 }
29
30 // A PerHost directs connections to a default Dialer unless the host name
31 // requested matches one of a number of exceptions.
32 type proxy_PerHost struct {
33 def, bypass proxy_Dialer
34
35 bypassNetworks []*net.IPNet
36 bypassIPs []net.IP
37 bypassZones []string
38 bypassHosts []string
39 }
40
41 // NewPerHost returns a PerHost Dialer that directs connections to either
42 // defaultDialer or bypass, depending on whether the connection matches one of
43 // the configured rules.
44 func proxy_NewPerHost(defaultDialer, bypass proxy_Dialer) *proxy_PerHost {
45 return &proxy_PerHost{
46 def: defaultDialer,
47 bypass: bypass,
48 }
49 }
50
51 // Dial connects to the address addr on the given network through either
52 // defaultDialer or bypass.
53 func (p *proxy_PerHost) Dial(network, addr string) (c net.Conn, err error) {
54 host, _, err := net.SplitHostPort(addr)
55 if err != nil {
56 return nil, err
57 }
58
59 return p.dialerForRequest(host).Dial(network, addr)
60 }
61
62 func (p *proxy_PerHost) dialerForRequest(host string) proxy_Dialer {
63 if ip := net.ParseIP(host); ip != nil {
64 for _, net := range p.bypassNetworks {
65 if net.Contains(ip) {
66 return p.bypass
67 }
68 }
69 for _, bypassIP := range p.bypassIPs {
70 if bypassIP.Equal(ip) {
71 return p.bypass
72 }
73 }
74 return p.def
75 }
76
77 for _, zone := range p.bypassZones {
78 if strings.HasSuffix(host, zone) {
79 return p.bypass
80 }
81 if host == zone[1:] {
82 // For a zone ".example.com", we match "example.com"
83 // too.
84 return p.bypass
85 }
86 }
87 for _, bypassHost := range p.bypassHosts {
88 if bypassHost == host {
89 return p.bypass
90 }
91 }
92 return p.def
93 }
94
95 // AddFromString parses a string that contains comma-separated values
96 // specifying hosts that should use the bypass proxy. Each value is either an
97 // IP address, a CIDR range, a zone (*.example.com) or a host name
98 // (localhost). A best effort is made to parse the string and errors are
99 // ignored.
100 func (p *proxy_PerHost) AddFromString(s string) {
101 hosts := strings.Split(s, ",")
102 for _, host := range hosts {
103 host = strings.TrimSpace(host)
104 if len(host) == 0 {
105 continue
106 }
107 if strings.Contains(host, "/") {
108 // We assume that it's a CIDR address like 127.0.0.0/8
109 if _, net, err := net.ParseCIDR(host); err == nil {
110 p.AddNetwork(net)
111 }
112 continue
113 }
114 if ip := net.ParseIP(host); ip != nil {
115 p.AddIP(ip)
116 continue
117 }
118 if strings.HasPrefix(host, "*.") {
119 p.AddZone(host[1:])
120 continue
121 }
122 p.AddHost(host)
123 }
124 }
125
126 // AddIP specifies an IP address that will use the bypass proxy. Note that
127 // this will only take effect if a literal IP address is dialed. A connection
128 // to a named host will never match an IP.
129 func (p *proxy_PerHost) AddIP(ip net.IP) {
130 p.bypassIPs = append(p.bypassIPs, ip)
131 }
132
133 // AddNetwork specifies an IP range that will use the bypass proxy. Note that
134 // this will only take effect if a literal IP address is dialed. A connection
135 // to a named host will never match.
136 func (p *proxy_PerHost) AddNetwork(net *net.IPNet) {
137 p.bypassNetworks = append(p.bypassNetworks, net)
138 }
139
140 // AddZone specifies a DNS suffix that will use the bypass proxy. A zone of
141 // "example.com" matches "example.com" and all of its subdomains.
142 func (p *proxy_PerHost) AddZone(zone string) {
143 if strings.HasSuffix(zone, ".") {
144 zone = zone[:len(zone)-1]
145 }
146 if !strings.HasPrefix(zone, ".") {
147 zone = "." + zone
148 }
149 p.bypassZones = append(p.bypassZones, zone)
150 }
151
152 // AddHost specifies a host name that will use the bypass proxy.
153 func (p *proxy_PerHost) AddHost(host string) {
154 if strings.HasSuffix(host, ".") {
155 host = host[:len(host)-1]
156 }
157 p.bypassHosts = append(p.bypassHosts, host)
158 }
159
160 // A Dialer is a means to establish a connection.
161 type proxy_Dialer interface {
162 // Dial connects to the given address via the proxy.
163 Dial(network, addr string) (c net.Conn, err error)
164 }
165
166 // Auth contains authentication parameters that specific Dialers may require.
167 type proxy_Auth struct {
168 User, Password string
169 }
170
171 // FromEnvironment returns the dialer specified by the proxy related variables in
172 // the environment.
173 func proxy_FromEnvironment() proxy_Dialer {
174 allProxy := proxy_allProxyEnv.Get()
175 if len(allProxy) == 0 {
176 return proxy_Direct
177 }
178
179 proxyURL, err := url.Parse(allProxy)
180 if err != nil {
181 return proxy_Direct
182 }
183 proxy, err := proxy_FromURL(proxyURL, proxy_Direct)
184 if err != nil {
185 return proxy_Direct
186 }
187
188 noProxy := proxy_noProxyEnv.Get()
189 if len(noProxy) == 0 {
190 return proxy
191 }
192
193 perHost := proxy_NewPerHost(proxy, proxy_Direct)
194 perHost.AddFromString(noProxy)
195 return perHost
196 }
197
198 // proxySchemes is a map from URL schemes to a function that creates a Dialer
199 // from a URL with such a scheme.
200 var proxy_proxySchemes map[string]func(*url.URL, proxy_Dialer) (proxy_Dialer, error)
201
202 // RegisterDialerType takes a URL scheme and a function to generate Dialers from
203 // a URL with that scheme and a forwarding Dialer. Registered schemes are used
204 // by FromURL.
205 func proxy_RegisterDialerType(scheme string, f func(*url.URL, proxy_Dialer) (proxy_Dialer, error)) {
206 if proxy_proxySchemes == nil {
207 proxy_proxySchemes = make(map[string]func(*url.URL, proxy_Dialer) (proxy_Dialer, error))
208 }
209 proxy_proxySchemes[scheme] = f
210 }
211
212 // FromURL returns a Dialer given a URL specification and an underlying
213 // Dialer for it to make network requests.
214 func proxy_FromURL(u *url.URL, forward proxy_Dialer) (proxy_Dialer, error) {
215 var auth *proxy_Auth
216 if u.User != nil {
217 auth = new(proxy_Auth)
218 auth.User = u.User.Username()
219 if p, ok := u.User.Password(); ok {
220 auth.Password = p
221 }
222 }
223
224 switch u.Scheme {
225 case "socks5":
226 return proxy_SOCKS5("tcp", u.Host, auth, forward)
227 }
228
229 // If the scheme doesn't match any of the built-in schemes, see if it
230 // was registered by another package.
231 if proxy_proxySchemes != nil {
232 if f, ok := proxy_proxySchemes[u.Scheme]; ok {
233 return f(u, forward)
234 }
235 }
236
237 return nil, errors.New("proxy: unknown scheme: " + u.Scheme)
238 }
239
240 var (
241 proxy_allProxyEnv = &proxy_envOnce{
242 names: []string{"ALL_PROXY", "all_proxy"},
243 }
244 proxy_noProxyEnv = &proxy_envOnce{
245 names: []string{"NO_PROXY", "no_proxy"},
246 }
247 )
248
249 // envOnce looks up an environment variable (optionally by multiple
250 // names) once. It mitigates expensive lookups on some platforms
251 // (e.g. Windows).
252 // (Borrowed from net/http/transport.go)
253 type proxy_envOnce struct {
254 names []string
255 once sync.Once
256 val string
257 }
258
259 func (e *proxy_envOnce) Get() string {
260 e.once.Do(e.init)
261 return e.val
262 }
263
264 func (e *proxy_envOnce) init() {
265 for _, n := range e.names {
266 e.val = os.Getenv(n)
267 if e.val != "" {
268 return
269 }
270 }
271 }
272
273 // SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given address
274 // with an optional username and password. See RFC 1928 and RFC 1929.
275 func proxy_SOCKS5(network, addr string, auth *proxy_Auth, forward proxy_Dialer) (proxy_Dialer, error) {
276 s := &proxy_socks5{
277 network: network,
278 addr: addr,
279 forward: forward,
280 }
281 if auth != nil {
282 s.user = auth.User
283 s.password = auth.Password
284 }
285
286 return s, nil
287 }
288
289 type proxy_socks5 struct {
290 user, password string
291 network, addr string
292 forward proxy_Dialer
293 }
294
295 const proxy_socks5Version = 5
296
297 const (
298 proxy_socks5AuthNone = 0
299 proxy_socks5AuthPassword = 2
300 )
301
302 const proxy_socks5Connect = 1
303
304 const (
305 proxy_socks5IP4 = 1
306 proxy_socks5Domain = 3
307 proxy_socks5IP6 = 4
308 )
309
310 var proxy_socks5Errors = []string{
311 "",
312 "general failure",
313 "connection forbidden",
314 "network unreachable",
315 "host unreachable",
316 "connection refused",
317 "TTL expired",
318 "command not supported",
319 "address type not supported",
320 }
321
322 // Dial connects to the address addr on the given network via the SOCKS5 proxy.
323 func (s *proxy_socks5) Dial(network, addr string) (net.Conn, error) {
324 switch network {
325 case "tcp", "tcp6", "tcp4":
326 default:
327 return nil, errors.New("proxy: no support for SOCKS5 proxy connections of type " + network)
328 }
329
330 conn, err := s.forward.Dial(s.network, s.addr)
331 if err != nil {
332 return nil, err
333 }
334 if err := s.connect(conn, addr); err != nil {
335 conn.Close()
336 return nil, err
337 }
338 return conn, nil
339 }
340
341 // connect takes an existing connection to a socks5 proxy server,
342 // and commands the server to extend that connection to target,
343 // which must be a canonical address with a host and port.
344 func (s *proxy_socks5) connect(conn net.Conn, target string) error {
345 host, portStr, err := net.SplitHostPort(target)
346 if err != nil {
347 return err
348 }
349
350 port, err := strconv.Atoi(portStr)
351 if err != nil {
352 return errors.New("proxy: failed to parse port number: " + portStr)
353 }
354 if port < 1 || port > 0xffff {
355 return errors.New("proxy: port number out of range: " + portStr)
356 }
357
358 // the size here is just an estimate
359 buf := make([]byte, 0, 6+len(host))
360
361 buf = append(buf, proxy_socks5Version)
362 if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
363 buf = append(buf, 2 /* num auth methods */, proxy_socks5AuthNone, proxy_socks5AuthPassword)
364 } else {
365 buf = append(buf, 1 /* num auth methods */, proxy_socks5AuthNone)
366 }
367
368 if _, err := conn.Write(buf); err != nil {
369 return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
370 }
371
372 if _, err := io.ReadFull(conn, buf[:2]); err != nil {
373 return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
374 }
375 if buf[0] != 5 {
376 return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
377 }
378 if buf[1] == 0xff {
379 return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
380 }
381
382 // See RFC 1929
383 if buf[1] == proxy_socks5AuthPassword {
384 buf = buf[:0]
385 buf = append(buf, 1 /* password protocol version */)
386 buf = append(buf, uint8(len(s.user)))
387 buf = append(buf, s.user...)
388 buf = append(buf, uint8(len(s.password)))
389 buf = append(buf, s.password...)
390
391 if _, err := conn.Write(buf); err != nil {
392 return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
393 }
394
395 if _, err := io.ReadFull(conn, buf[:2]); err != nil {
396 return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
397 }
398
399 if buf[1] != 0 {
400 return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
401 }
402 }
403
404 buf = buf[:0]
405 buf = append(buf, proxy_socks5Version, proxy_socks5Connect, 0 /* reserved */)
406
407 if ip := net.ParseIP(host); ip != nil {
408 if ip4 := ip.To4(); ip4 != nil {
409 buf = append(buf, proxy_socks5IP4)
410 ip = ip4
411 } else {
412 buf = append(buf, proxy_socks5IP6)
413 }
414 buf = append(buf, ip...)
415 } else {
416 if len(host) > 255 {
417 return errors.New("proxy: destination host name too long: " + host)
418 }
419 buf = append(buf, proxy_socks5Domain)
420 buf = append(buf, byte(len(host)))
421 buf = append(buf, host...)
422 }
423 buf = append(buf, byte(port>>8), byte(port))
424
425 if _, err := conn.Write(buf); err != nil {
426 return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
427 }
428
429 if _, err := io.ReadFull(conn, buf[:4]); err != nil {
430 return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
431 }
432
433 failure := "unknown error"
434 if int(buf[1]) < len(proxy_socks5Errors) {
435 failure = proxy_socks5Errors[buf[1]]
436 }
437
438 if len(failure) > 0 {
439 return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
440 }
441
442 bytesToDiscard := 0
443 switch buf[3] {
444 case proxy_socks5IP4:
445 bytesToDiscard = net.IPv4len
446 case proxy_socks5IP6:
447 bytesToDiscard = net.IPv6len
448 case proxy_socks5Domain:
449 _, err := io.ReadFull(conn, buf[:1])
450 if err != nil {
451 return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
452 }
453 bytesToDiscard = int(buf[0])
454 default:
455 return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
456 }
457
458 if cap(buf) < bytesToDiscard {
459 buf = make([]byte, bytesToDiscard)
460 } else {
461 buf = buf[:bytesToDiscard]
462 }
463 if _, err := io.ReadFull(conn, buf); err != nil {
464 return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
465 }
466
467 // Also need to discard the port number
468 if _, err := io.ReadFull(conn, buf[:2]); err != nil {
469 return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
470 }
471
472 return nil
473 }
474