|
| 1 | +package main |
| 2 | + |
| 3 | +import ( |
| 4 | + "context" |
| 5 | + "flag" |
| 6 | + "fmt" |
| 7 | + "log" |
| 8 | + "net" |
| 9 | + "strings" |
| 10 | + |
| 11 | + "inet.af/tcpproxy" |
| 12 | +) |
| 13 | + |
| 14 | +var ( |
| 15 | + httpAddrs = flag.String("http_addrs", "0.0.0.0:80", "comma-separated addresses to listen for HTTP traffic on") |
| 16 | + sniAddrs = flag.String("sni_addrs", "0.0.0.0:443,0.0.0.0:444", "comma-separated addresses to listen for SNI traffic on") |
| 17 | + defaultHost = flag.String("default_host", "scripts.mit.edu", "default host to route traffic to if SNI/Host header cannot be parsed or cannot be found in LDAP") |
| 18 | +) |
| 19 | + |
| 20 | +func always(context.Context, string) bool { |
| 21 | + return true |
| 22 | +} |
| 23 | + |
| 24 | +type ldapTarget struct { |
| 25 | +} |
| 26 | + |
| 27 | +// HandleConn is called by tcpproxy after receiving a connection and sniffing the host. |
| 28 | +// If a host could be identified, netConn is an instance of *tcpproxy.Conn. |
| 29 | +// If not, it is just an instance of the net.Conn interface. |
| 30 | +func (l *ldapTarget) HandleConn(netConn net.Conn) { |
| 31 | + var pool string |
| 32 | + var err error |
| 33 | + if conn, ok := netConn.(*tcpproxy.Conn); ok { |
| 34 | + pool, err = l.resolvePool(conn.HostName) |
| 35 | + if err != nil { |
| 36 | + log.Printf("resolving %q: %v", conn.HostName, err) |
| 37 | + } |
| 38 | + } |
| 39 | + if pool == "" { |
| 40 | + pool, err = l.resolvePool(*defaultHost) |
| 41 | + if err != nil { |
| 42 | + log.Printf("resolving default pool: %v", err) |
| 43 | + } |
| 44 | + } |
| 45 | + if pool == "" { |
| 46 | + netConn.Close() |
| 47 | + return |
| 48 | + } |
| 49 | + laddr := netConn.LocalAddr().(*net.TCPAddr) |
| 50 | + dp := &tcpproxy.DialProxy{ |
| 51 | + Addr: fmt.Sprintf("%s:%d", pool, laddr.Port), |
| 52 | + // TODO: Set DialContext to override the source address |
| 53 | + } |
| 54 | + dp.HandleConn(netConn) |
| 55 | +} |
| 56 | + |
| 57 | +func (l *ldapTarget) resolvePool(hostname string) (string, error) { |
| 58 | + // TODO: Hardcoding F20 pool until we can resolve the pool. |
| 59 | + return "18.4.86.22", nil |
| 60 | +} |
| 61 | + |
| 62 | +func main() { |
| 63 | + flag.Parse() |
| 64 | + |
| 65 | + var p tcpproxy.Proxy |
| 66 | + t := &ldapTarget{} |
| 67 | + for _, addr := range strings.Split(*httpAddrs, ",") { |
| 68 | + p.AddHTTPHostMatchRoute(addr, always, t) |
| 69 | + } |
| 70 | + for _, addr := range strings.Split(*sniAddrs, ",") { |
| 71 | + p.AddStopACMESearch(addr) |
| 72 | + p.AddSNIMatchRoute(addr, always, t) |
| 73 | + } |
| 74 | + log.Fatal(p.Run()) |
| 75 | +} |
0 commit comments