-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add some comments in code and improve README.md document
- Loading branch information
Showing
8 changed files
with
86 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -65,11 +65,77 @@ Start up client side endpoint | |
./quictun-client --listen-on tcp:127.0.0.1:6500 --server-endpoint 172.18.31.36:7500 --token-source tcp:172.18.30.117:22 --insecure-skip-verify True | ||
``` | ||
|
||
**Note:** The value specified by `--token` used to tell `quictun-server` the application address that the client want to access. | ||
**Note:** The value specified by `--token-source` used to tell `quictun-server` the application address that the client want to access. | ||
|
||
Use `ssh` command to test | ||
|
||
``` | ||
$ ssh [email protected] -p 6500 | ||
[email protected]'s password: | ||
``` | ||
|
||
|
||
## Concepts | ||
|
||
* **client endpoint:** A service run on client side, used to accept the client applications' connection request and convert the transport layer protocol from TCP/UNIX-SOCKET to QUIC. | ||
* **server endpoint:** A service run on server side, used to accept the data from client endpoint and forward these data to server application by TCP/UNIX-SOCKET protocol. | ||
* **token:** When a client endpoint receive a new connection request, the client endpoint will retrieve a token according to the request's source address and send the token to server endpoint, the server endpoint will parse and verify the token and get the server application socket address from parsed result. ``quic-tun`` provide multiple type token plugin in order to adapt different use cases. | ||
|
||
|
||
## Token plugin | ||
|
||
### quictun-client | ||
|
||
At client side, We address the token plugin as token source plugin, related command options ``--token-source-plugin``, ``--token-source``. Currently, ``quic-tun`` provide two type token source plugin: ``Fixed`` and ``File``. | ||
|
||
#### Fixed | ||
|
||
``Fixed`` token source plugin always provide one same token, this mean that all of client applications just only connect to one fixed server application. | ||
|
||
Example: | ||
|
||
``` | ||
./quictun-client --listen-on tcp:127.0.0.1:6500 --server-endpoint 172.18.31.36:7500 --token-source-plugin Fixed --token-source tcp:172.18.30.117:22 --insecure-skip-verify True | ||
``` | ||
|
||
### File | ||
|
||
``File`` token source plugin will read token from a file and return different token according to the client application's source address. The file path specified by ``--token-source``. | ||
|
||
The file's contents like below: | ||
|
||
``` | ||
172.26.106.191 tcp:10.20.30.5:2256 | ||
172.26.106.192 tcp:10.20.30.6:3306 | ||
172.26.106.193 tcp:10.20.30.6:3306 | ||
``` | ||
|
||
The first column are the client application's IP addresses, the second column are the token(The server application's socket addresses which the client application want to access.) | ||
|
||
Example: | ||
|
||
``` | ||
./quictun-client --insecure-skip-verify --server-endpoint 127.0.0.1:7500 --token-source-plugin File --token-source /etc/quictun/tokenfile --listen-on tcp:172.18.31.36:6622 | ||
``` | ||
|
||
### quictun-server | ||
|
||
At server side, we address the token plugin as token parser plugin, it used to parse and verify the token and get the server application socket address from the parse result, related command option ``--token-parser-plugin``, ``--token-parser-key``. Currently, ``quic-tun`` just provide one token parser plugin: ``Cleartext``. | ||
|
||
#### Cleartext | ||
|
||
``Cleartext`` token parser plugin require the token mustn't be encrypted. But you can use ``base64`` to encode token. | ||
|
||
Example: | ||
|
||
If the client endpoint token is not encoded. | ||
|
||
``` | ||
./quictun-server --listen-on 172.18.31.36:7500 --token-parser-plugin Cleartext | ||
``` | ||
|
||
If the client endpoint token is encoded by ``base64`` | ||
|
||
``` | ||
./quictun-server --listen-on 172.18.31.36:7500 --token-parser-plugin Cleartext --token-parser-key base64 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,13 @@ | ||
package token | ||
|
||
// Used to provide token to client endpoint | ||
type TokenSourcePlugin interface { | ||
// GetToken return a token string according to the addr (client application address) parameter | ||
GetToken(addr string) (string, error) | ||
} | ||
|
||
type TokenParsePlugin interface { | ||
// Used to parse token which form client endpoint | ||
type TokenParserPlugin interface { | ||
// ParseToken parse the token and return the parse result | ||
ParseToken(token string) (string, error) | ||
} |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters