rust-vhost 0.1.3

a simple tool for extract SNI from tls handshake where you transfer traffic to any destination you want
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168




///! vhost
///!  vhost is to fetch sni info and return value is still available
///
///! # Example
/// ```
/// let tls_conn = new(conn);
/// let sni = tls_conn.get_sni();
/// assert!("google.com", sni);
/// ```

pub mod vhost {
    use std::io::{self, Cursor, Read, Write};
    use std::net::TcpStream;
    use std::sync::{Arc, Mutex};

    pub fn new(mut stream: TcpStream) -> Result<SharedConn, io::Error> {
        let buffer = Arc::new(Mutex::new(Cursor::new(Vec::new())));

        // read tls handshake from stream, and then put data into buffer
        let mut buf: [u8; 1024] = [0_u8; 1024];
        let n = stream.read(&mut buf)?;
        if n > 0 {
            let mut buffer = buffer.lock().unwrap();
            buffer.get_mut().extend_from_slice(&buf[..n]);
        }

        let sni = parse_sni(&buf, n)?;

        Ok(SharedConn {
            stream,
            buffer,
            sni,
        })
    }

    pub struct SharedConn {
        pub stream: TcpStream,
        buffer: Arc<Mutex<Cursor<Vec<u8>>>>,

        sni: String,
    }

    impl SharedConn {
        pub fn get_sni(&self) -> String {
            self.sni.clone()
        }
    }

    impl Read for SharedConn {
        fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
            let mut buffer = self.buffer.lock().unwrap();
            if buffer.position() < buffer.get_ref().len() as u64 {
                buffer.read(buf)
            } else {
                self.stream.read(buf)
            }
        }
    }

    impl Write for SharedConn {
        fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
            self.stream.write(buf)
        }

        // 实现flush方法
        fn flush(&mut self) -> io::Result<()> {
            // 同样,这里简单地将标准输出的缓冲区刷新,实际应用中应根据需要进行操作
            self.stream.flush()
        }
    }

    fn parse_sni(buf: &[u8], n: usize) -> Result<String, io::Error> {
        // 提取出 server name
        if n < 42 {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }

        let mut m: String = "".to_string();

        //m.vers = (buf[4] << 8 | buf[5]) as u16;

        let session_id_len = buf[43] as usize;
        if n < 44 + session_id_len {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }

        let mut cur = 44 + session_id_len;
        if n < cur + 2 {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }

        let cipher_suites_len = ((buf[cur] as usize) << 8 | buf[cur + 1] as usize) as usize;
        if n < cur + 2 + cipher_suites_len {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }
        cur = cur + 2 + cipher_suites_len;

        let compression_methods_len = buf[cur] as usize;
        if n < cur + 3 + cipher_suites_len + compression_methods_len {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }

        cur = cur + 1 + compression_methods_len;

        let extension_len = (buf[cur] as usize) << 8 | (buf[cur + 1] as usize);
        if n < cur + extension_len {
            return Err(io::Error::new(
                io::ErrorKind::Other,
                "tls handshake is too short",
            ));
        }

        cur = cur + 2;

        let mut ext_cur = 0;
        while ext_cur < extension_len {
            let ext_type = (buf[cur] as u16) << 8 | buf[cur + 1] as u16;
            let ext_len = (buf[cur + 2] as usize) << 8 | buf[cur + 3] as usize;
            if ext_type == 0 {
                m = String::from_utf8(buf[cur + 9..cur + 4 + ext_len].to_vec()).unwrap();
                break;
            }
            cur += 4 + ext_len;
            ext_cur += 4 + ext_len;
        }

        Ok(m)
    }
}

// 为上面的代码添加测试
#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_parse_sni() {
        // 监听 443 端口,来获取 tls 握手信息
        use std::net::TcpListener;
        let listener = TcpListener::bind("0.0.0.0:443").unwrap();
        let (stream, _) = listener.accept().unwrap();
        let tls_conn = vhost::new(stream).unwrap();
        let sni = tls_conn.get_sni();
        // 添加  assert 确保 sni 为 www.baidu.com
        assert_eq!(sni, "www.baidu.com");

        // local test curl
        //  curl -vv --resolve www.baidu.com:443:127.0.0.1 https://www.baidu.com
    }
}