Upgrade to v0.4, see CHANGELOG for details

EddieIvan01 · Sep 22, 2020 · 0db18f3 · 0db18f3
1 parent 93b673f
commit 0db18f3
Show file tree

Hide file tree

Showing 20 changed files with 208 additions and 659 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,10 @@
+v0.4:
+    1. Add TCP multiplexing in ProxyRemote(reverse proxy), only one TCP connection will be 
+       established between the victim and our forward server
+
+    2. `-l/--local` parameter could specify which IP to listen on now
+
+
 v0.3:
     1. Replace AES-CTR with XChaCha20.
        Because in Golang, only AES-GCM on AMD64/ARM64 has special assembly-speed-up

diff --git a/README.md b/README.md
@@ -26,11 +26,21 @@ Of course, because `iox` is written in Go, the static-link-program is a little l
 + Humanized CLI option
 + Logic optimization
 + UDP traffic forward
++ TCP multiplexing in reverse proxy mode
 
 # Usage
 
 You can see, all params are uniform. `-l/--local` means listen on a local port; `-r/--remote` means connect to remote host
 
+**Note: after v0.4, `-l` could specify which IP to listen on. If only ports are specified, the default is `0.0.0.0:PORT`** 
+
+```
+-l 127.0.0.1:9999      -l *127.0.0.1:9999      # 127.0.0.1:9999
+-l 9999                -l *9999                # 0.0.0.0:9999
+
+`-l :9999` is also OK, but it's not recommended. Because `-l *:9999`(listen on 0.0.0.0:9999 with encryption) is ambiguous
+```
+
 ## Working mode
 
 ### fwd

diff --git a/crypto/xchacha20.go b/crypto/xchacha20.go
@@ -13,21 +13,33 @@ var (
 	NONCE      []byte
 )
 
-func expand32(key []byte) ([]byte, []byte) {
-	if len(key) >= 0x20 {
-		return key[:0x20], append(key[:0xC], key[len(key)-0xC:]...)
+func shuffle(bs []byte) {
+	for i := range bs {
+		bs[i] ^= byte(i) ^ bs[(i+1)%len(bs)]*((bs[len(bs)-1-i]*bs[i])%255)
 	}
+}
+
+func ExpandKey(key []byte) {
+	SECRET_KEY = make([]byte, 0x20)
+	NONCE = make([]byte, 0x18)
 
-	var c byte = 0x20 - byte(len(key)&0x1F)
+	if len(key) < 0x20 {
+		var c byte = 0x20 - byte(len(key)&0x1F)
 
-	for i := 0; i < int(c); i++ {
-		key = append(key, c)
+		for i := 0; i < int(c); i++ {
+			key = append(key, c)
+		}
 	}
-	return key[:0x20], append(key[:0xC], key[len(key)-0xC:]...)
-}
 
-func ExpandKey(key []byte) {
-	SECRET_KEY, NONCE = expand32(key)
+	copy(SECRET_KEY, key[:0x20])
+	copy(NONCE, append(key[:0xC], key[len(key)-0xC:]...))
+
+	for i := range SECRET_KEY {
+		SECRET_KEY[i] = (SECRET_KEY[i] + byte(i)%255)
+	}
+
+	shuffle(SECRET_KEY)
+	shuffle(NONCE)
 }
 
 type Cipher struct {

diff --git a/crypto/xchacha20_test.go b/crypto/xchacha20_test.go
diff --git a/docs/README_CN.md b/docs/README_CN.md
@@ -26,11 +26,21 @@
 + 友好的命令行参数
 + 逻辑优化
 + UDP流量转发
++ 反向代理模式中使用TCP多路复用
 
 # 用法
 
 所有的参数都是统一的。`-l/--local`意为监听本地端口；`-r/--remote`意为连接远端主机
 
+**注意: v0.4版本之后, `-l`参数可以指定监听哪个IP。如果只指定了端口，则默认是`0.0.0.0:PORT`**
+
+```
+-l 127.0.0.1:9999      -l *127.0.0.1:9999      # 127.0.0.1:9999
+-l 9999                -l *9999                # 0.0.0.0:9999
+
+`-l :9999`也是可以的，但并不推荐。因为`-l *:9999`(监听0.0.0.0:9999，开启加密)会有歧义
+```
+
 ## 工作模式
 
 ### fwd

diff --git a/go.mod b/go.mod
@@ -1,5 +1,8 @@
 module iox
 
-go 1.12
+go 1.13
 
-require golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
+require (
+	github.com/xtaci/smux v1.5.14
+	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
+)
diff --git a/go.sum b/go.sum
@@ -1,2 +1,4 @@
+github.com/xtaci/smux v1.5.14 h1:1j+zJYDZRv9FHaWqCJfH5RPizIm0fSzJIFbfVn8zsfg=
+github.com/xtaci/smux v1.5.14/go.mod h1:OMlQbT5vcgl2gb49mFkYo6SMf+zP3rcjcwQz7ZU7IGY=
 golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
 golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/main.go b/main.go
@@ -7,16 +7,16 @@ import (
 	"os"
 )
 
-const VERSION = "0.3"
+const VERSION = "0.4"
 
 func Usage() {
 	fmt.Printf(
 		"iox v%v\n"+
 			"    Roaming intranet easier (https://github.com/eddieivan01/iox)\n\n"+
-			"Usage: iox fwd/proxy [-l [*]PORT] [-r [*]HOST:PORT] [-k HEX] [-t TIMEOUT] [-u] [-h] [-v]\n\n"+
+			"Usage: iox fwd/proxy [-l [*][HOST:]PORT] [-r [*]HOST:PORT] [-k HEX] [-t TIMEOUT] [-u] [-h] [-v]\n\n"+
 			"Options:\n"+
-			"  -l [*]PORT\n"+
-			"      port to listen on. `*` means encrypted socket\n"+
+			"  -l [*][HOST:]PORT\n"+
+			"      address to listen on. `*` means encrypted socket\n"+
 			"  -r [*]HOST:PORT\n"+
 			"      remote host to connect, HOST can be IP or Domain. `*` means encrypted socket\n"+
 			"  -k HEX\n"+

diff --git a/netio/handler.go → netio/context.go b/netio/handler.go → netio/context.go
@@ -13,6 +13,9 @@ type Ctx interface {
 	net.Conn
 }
 
+var _ Ctx = &TCPCtx{}
+var _ Ctx = &UDPCtx{}
+
 type TCPCtx struct {
 	net.Conn
 	encrypted bool