Skip to content

Commit

Permalink
Add some comments in code and improve README.md document
Browse files Browse the repository at this point in the history
  • Loading branch information
jeffyjf committed May 9, 2022
1 parent a1ecbdc commit 3da649a
Show file tree
Hide file tree
Showing 8 changed files with 86 additions and 6 deletions.
68 changes: 67 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,77 @@ Start up client side endpoint
./quictun-client --listen-on tcp:127.0.0.1:6500 --server-endpoint 172.18.31.36:7500 --token-source tcp:172.18.30.117:22 --insecure-skip-verify True
```

**Note:** The value specified by `--token` used to tell `quictun-server` the application address that the client want to access.
**Note:** The value specified by `--token-source` used to tell `quictun-server` the application address that the client want to access.

Use `ssh` command to test

```
$ ssh [email protected] -p 6500
[email protected]'s password:
```


## Concepts

* **client endpoint:** A service run on client side, used to accept the client applications' connection request and convert the transport layer protocol from TCP/UNIX-SOCKET to QUIC.
* **server endpoint:** A service run on server side, used to accept the data from client endpoint and forward these data to server application by TCP/UNIX-SOCKET protocol.
* **token:** When a client endpoint receive a new connection request, the client endpoint will retrieve a token according to the request's source address and send the token to server endpoint, the server endpoint will parse and verify the token and get the server application socket address from parsed result. ``quic-tun`` provide multiple type token plugin in order to adapt different use cases.


## Token plugin

### quictun-client

At client side, We address the token plugin as token source plugin, related command options ``--token-source-plugin``, ``--token-source``. Currently, ``quic-tun`` provide two type token source plugin: ``Fixed`` and ``File``.

#### Fixed

``Fixed`` token source plugin always provide one same token, this mean that all of client applications just only connect to one fixed server application.

Example:

```
./quictun-client --listen-on tcp:127.0.0.1:6500 --server-endpoint 172.18.31.36:7500 --token-source-plugin Fixed --token-source tcp:172.18.30.117:22 --insecure-skip-verify True
```

### File

``File`` token source plugin will read token from a file and return different token according to the client application's source address. The file path specified by ``--token-source``.

The file's contents like below:

```
172.26.106.191 tcp:10.20.30.5:2256
172.26.106.192 tcp:10.20.30.6:3306
172.26.106.193 tcp:10.20.30.6:3306
```

The first column are the client application's IP addresses, the second column are the token(The server application's socket addresses which the client application want to access.)

Example:

```
./quictun-client --insecure-skip-verify --server-endpoint 127.0.0.1:7500 --token-source-plugin File --token-source /etc/quictun/tokenfile --listen-on tcp:172.18.31.36:6622
```

### quictun-server

At server side, we address the token plugin as token parser plugin, it used to parse and verify the token and get the server application socket address from the parse result, related command option ``--token-parser-plugin``, ``--token-parser-key``. Currently, ``quic-tun`` just provide one token parser plugin: ``Cleartext``.

#### Cleartext

``Cleartext`` token parser plugin require the token mustn't be encrypted. But you can use ``base64`` to encode token.

Example:

If the client endpoint token is not encoded.

```
./quictun-server --listen-on 172.18.31.36:7500 --token-parser-plugin Cleartext
```

If the client endpoint token is encoded by ``base64``

```
./quictun-server --listen-on 172.18.31.36:7500 --token-parser-plugin Cleartext --token-parser-key base64
```
5 changes: 4 additions & 1 deletion pkg/token/cleartext_token_parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ func (t cleartextTokerParser) ParseToken(token string) (string, error) {
}
}

func NewCleartextTokenParser(key string) cleartextTokerParser {
// NewCleartextTokenParserPlugin return a ``Cleartext`` type token parser plugin.
// The token parser plugin require the token from client endpoint mustn't be encrypted.
// The key specify the token's enctype, it can be ``base64`` or a ""(null chart string).
func NewCleartextTokenParserPlugin(key string) cleartextTokerParser {
return cleartextTokerParser{enctype: key}
}
3 changes: 3 additions & 0 deletions pkg/token/file_token_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ func (t fileTokenSourcePlugin) GetToken(addr string) (string, error) {
return "", errors.New("Don't find valid token.")
}

// NewFileTokenSourcePlugin return a ``File`` type token source plugin.
// ``File`` type token source plugin will read the token from a file.
// The tokenSource is the file path.
func NewFileTokenSourcePlugin(tokenSource string) fileTokenSourcePlugin {
return fileTokenSourcePlugin{filePath: tokenSource}
}
4 changes: 4 additions & 0 deletions pkg/token/fixed_token_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ func (t fixedTokenSourcePlugin) GetToken(addr string) (string, error) {
return t.token, nil
}

// NewFixedTokenPlugin return a ``Fixed`` type token source plugin.
// ``Fixed`` token source plugin will return a fixed token always, this mean that all
// client applications always assess same server application.
// The plugin directly return the value tokenSource
func NewFixedTokenPlugin(tokenSource string) fixedTokenSourcePlugin {
return fixedTokenSourcePlugin{token: tokenSource}
}
6 changes: 5 additions & 1 deletion pkg/token/interface.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
package token

// Used to provide token to client endpoint
type TokenSourcePlugin interface {
// GetToken return a token string according to the addr (client application address) parameter
GetToken(addr string) (string, error)
}

type TokenParsePlugin interface {
// Used to parse token which form client endpoint
type TokenParserPlugin interface {
// ParseToken parse the token and return the parse result
ParseToken(token string) (string, error)
}
Binary file modified quic-tun.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 2 additions & 2 deletions server/cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@ func generateTLSConfig() *tls.Config {
}
}

func loadTokenParserPlugin(plugin string, key string) token.TokenParsePlugin {
func loadTokenParserPlugin(plugin string, key string) token.TokenParserPlugin {
switch strings.ToLower(plugin) {
case "cleartext":
return token.NewCleartextTokenParser(key)
return token.NewCleartextTokenParserPlugin(key)
default:
panic(fmt.Sprintf("Token parser plugin %s don't support", plugin))
}
Expand Down
2 changes: 1 addition & 1 deletion server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
type ServerEndpoint struct {
Address string
TlsConfig *tls.Config
TokenParser token.TokenParsePlugin
TokenParser token.TokenParserPlugin
}

func (s *ServerEndpoint) Start() error {
Expand Down

0 comments on commit 3da649a

Please sign in to comment.