def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
rule = g.user_rules.check_host(host, port)
if not rule:
if host == "www.twitter.com":
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
return try_loop("domain user", [rule], sock, host, port, client_address, left_buf)
record = g.domain_cache.get(host)
if record:
rule = record["r"]
if rule == "gae":
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
if not g.domain_cache.accept_gae(host):
rule_list.remove("gae")
elif g.gfwlist.check(host):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
try_loop("domain", rule_list, sock, host, port, client_address, left_buf)
def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
global fake_host
if not fake_host and g.gae_proxy:
fake_host = g.gae_proxy.web_control.get_fake_host()
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
rule = g.user_rules.check_host(host, port)
if not rule:
if host == fake_host:
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
return try_loop("domain user", [rule], sock, host, port,
client_address, left_buf)
record = g.domain_cache.get(host)
ips = g.dns_srv.query(host)
if check_local_network.IPv6.is_ok() and have_ipv6(ips):
rule_list = ["direct", "gae", "socks", "redirect_https"]
elif record:
rule = record["r"]
if rule == "gae" or not g.ip_region.check_ips(record["ip"]):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
if not g.domain_cache.accept_gae(host):
rule_list.remove("gae")
elif g.gfwlist.check(host):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
ips = g.dns_srv.query(host)
if g.ip_region.check_ips(ips):
rule_list = ["direct", "gae", "socks", "redirect_https"]
else:
rule_list = ["gae", "socks", "redirect_https", "direct"]
if not g.config.auto_direct and "direct" in rule_list:
try:
rule_list.remove("direct")
rule_list.remove("redirect_https")
except:
pass
if not g.config.auto_gae and "gae" in rule_list:
try:
rule_list.remove("gae")
except:
pass
try_loop("domain", rule_list, sock, host, port, client_address, left_buf)
def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
global fake_host
if not fake_host and g.gae_proxy:
fake_host = g.gae_proxy.web_control.get_fake_host()
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
rule = g.user_rules.check_host(host, port)
if not rule:
if host == fake_host:
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
return try_loop("domain user", [rule], sock, host, port, client_address, left_buf)
record = g.domain_cache.get(host)
ips = g.dns_srv.query(host)
if check_local_network.IPv6.is_ok() and have_ipv6(ips):
rule_list = ["direct", "gae", "socks", "redirect_https"]
elif record:
rule = record["r"]
if rule == "gae" or not g.ip_region.check_ips(record["ip"]):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
if not g.domain_cache.accept_gae(host):
rule_list.remove("gae")
elif g.gfwlist.check(host):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
ips = g.dns_srv.query(host)
if g.ip_region.check_ips(ips):
rule_list = ["direct", "gae", "socks", "redirect_https"]
else:
rule_list = ["gae", "socks", "redirect_https", "direct"]
if not g.config.auto_direct and "direct" in rule_list:
try:
rule_list.remove("direct")
rule_list.remove("redirect_https")
except:
pass
if not g.config.auto_gae and "gae" in rule_list:
try:
rule_list.remove("gae")
except:
pass
try_loop("domain", rule_list, sock, host, port, client_address, left_buf)
def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
global fake_host
if not fake_host and g.gae_proxy:
fake_host = g.gae_proxy.web_control.get_fake_host()
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
rule = g.user_rules.check_host(host, port)
if not rule:
if host == fake_host:
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
return try_loop("domain user", [rule], sock, host, port,
client_address, left_buf)
if g.config.block_advertisement and g.gfwlist.is_advertisement(host):
xlog.info("block advertisement %s:%d", host, port)
sock.close()
return
#ips = g.dns_srv.query(host)
#if check_local_network.IPv6.is_ok() and have_ipv6(ips) and port == 443:
# rule_list = ["direct", "gae", "socks", "redirect_https"]
# gae is more faster then direct.
record = g.domain_cache.get(host)
if record and record["r"] != "unknown":
rule = record["r"]
if rule == "gae":
rule_list = ["gae", "socks", "redirect_https", "direct"]
elif rule == "socks":
rule_list = ["socks", "gae", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
if not g.domain_cache.accept_gae(host):
rule_list.remove("gae")
elif g.gfwlist.is_white(host):
rule_list = ["direct", "gae", "socks", "redirect_https"]
elif g.gfwlist.check(host):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
ips = g.dns_srv.query(host)
if g.ip_region.check_ips(ips):
rule_list = ["direct", "socks", "redirect_https"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
try_loop("domain", rule_list, sock, host, port, client_address, left_buf)
def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
start_time = time.time()
rule = g.user_rules.check_host(host, port)
if not rule:
if host == "www.twitter.com":
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
if rule == "direct":
ips = g.dns_srv.query(host)
try:
do_direct(sock, host, ips, port, client_address, left_buf)
xlog.info("host:%s:%d user direct", host, port)
except ConnectFail:
xlog.warn("host:%s:%d user rule:%s connect fail", host, port,
rule)
sock.close()
return
elif rule == "redirect_https":
ips = g.dns_srv.query(host)
try:
do_redirect_https(sock, host, ips, port, client_address,
left_buf)
xlog.info("host:%s:%d user redirect_https", host, port)
except RedirectHttpsFail:
xlog.warn("host:%s:%d user rule:%s connect fail", host, port,
rule)
sock.close()
return
elif rule == "gae":
if not is_gae_workable():
xlog.debug("host:%s:%d user rule:%s, but gae not work", host,
port, rule)
sock.close()
return
try:
host = get_sni(sock)
do_gae(sock, host, port, client_address, left_buf)
xlog.info("host:%s:%d user gae", host, port)
except ssl.SSLError as e:
xlog.warn("host:%s:%d user rule gae, GetReqTimeout:%d e:%r",
host, port, (time.time() - start_time) * 1000, e)
sock.close()
except simple_http_server.GetReqTimeout as e:
# xlog.warn("host:%s:%d user rule gae, GetReqTimeout:%d e:%r", host, port, (time.time()-start_time)*1000, e)
sock.close()
except Exception as e:
xlog.warn("host:%s:%d user rule:%s except:%r", host, port,
rule, e)
sock.close()
return
elif rule == "socks":
do_socks(sock, host, port, client_address, left_buf)
xlog.info("host:%s:%d user rule:socks", host, port)
return
elif rule == "black":
xlog.info("host:%s:%d user rule black", host, port)
sock.close()
return
else:
xlog.error("get rule:%s unknown", rule)
sock.close()
return
record = g.domain_cache.get(host)
if not record:
rule = "direct"
else:
rule = record["r"]
if not rule or rule == "direct":
if g.config.auto_direct:
ips = g.dns_srv.query(host)
try:
if port == 80 and g.gfwlist.check(host):
do_redirect_https(sock, host, ips, port, client_address,
left_buf)
xlog.info("%s:%d redirect_https", host, port)
return
else:
do_direct(sock, host, ips, port, client_address, left_buf)
xlog.info("%s:%d direct", host, port)
return
except (ConnectFail, RedirectHttpsFail) as e:
xlog.debug("%s:%d try direct/redirect fail:%r", host, port, e)
rule = "gae"
else:
rule = "gae"
if rule == "gae":
if g.config.auto_gae and is_gae_workable(
) and g.domain_cache.accept_gae(host, port):
try:
sni_host = get_sni(sock)
do_gae(sock, host, port, client_address, left_buf)
xlog.info("%s:%d gae", host, port)
return
except SniNotExist:
xlog.debug("domain:%s get sni fail", host)
rule = "socks"
except (SslWrapFail, simple_http_server.ParseReqFail) as e:
xlog.warn("domain:%s sni:%s fail:%r", host, sni_host, e)
g.domain_cache.report_gae_deny(host, port)
sock.close()
return
except simple_http_server.GetReqTimeout:
# Happen sometimes, don't known why.
# xlog.warn("host:%s:%d try gae, GetReqTimeout:%d", host, port,
# (time.time() - start_time) * 1000)
sock.close()
return
except Exception as e:
xlog.warn("host:%s:%d cache rule:%s except:%r", host, port,
rule, e)
g.domain_cache.report_gae_deny(host, port)
sock.close()
return
else:
rule = "socks"
if rule == "socks":
do_socks(sock, host, port, client_address, left_buf)
xlog.info("%s:%d socks", host, port)
return
else:
xlog.error("domain:%s get rule:%s unknown", host, rule)
sock.close()
return
def handle_domain_proxy(sock, host, port, client_address, left_buf=""):
global fake_host
if not fake_host and g.gae_proxy:
fake_host = g.gae_proxy.web_control.get_fake_host()
if not isinstance(sock, SocketWrap):
sock = SocketWrap(sock, client_address[0], client_address[1])
sock.target = "%s:%d" % (host, port)
rule = g.user_rules.check_host(host, port)
if not rule:
if host == fake_host:
rule = "gae"
elif utils.check_ip_valid(host) and utils.is_private_ip(host):
rule = "direct"
if rule:
return try_loop("domain user", [rule], sock, host, port, client_address, left_buf)
if g.config.block_advertisement and g.gfwlist.is_advertisement(host):
xlog.info("block advertisement %s:%d", host, port)
sock.close()
return
#ips = g.dns_srv.query(host)
#if check_local_network.IPv6.is_ok() and have_ipv6(ips) and port == 443:
# rule_list = ["direct", "gae", "socks", "redirect_https"]
# gae is more faster then direct.
record = g.domain_cache.get(host)
if record and record["r"] != "unknown":
rule = record["r"]
if rule == "gae":
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
rule_list = ["direct", "gae", "socks", "redirect_https"]
if not g.domain_cache.accept_gae(host):
rule_list.remove("gae")
elif g.gfwlist.is_white(host):
rule_list = ["direct", "gae", "socks", "redirect_https"]
elif g.gfwlist.check(host):
rule_list = ["gae", "socks", "redirect_https", "direct"]
else:
ips = g.dns_srv.query(host)
if g.ip_region.check_ips(ips):
rule_list = ["direct", "gae", "socks", "redirect_https"]
else:
rule_list = ["gae", "socks", "redirect_https", "direct"]
if not g.config.auto_direct and "direct" in rule_list:
try:
rule_list.remove("direct")
rule_list.remove("redirect_https")
except:
pass
if not g.config.enable_fake_ca and port == 443 and "gae" in rule_list:
try:
rule_list.remove("gae")
except:
pass
if not g.config.auto_gae and "gae" in rule_list:
try:
rule_list.remove("gae")
except:
pass
try_loop("domain", rule_list, sock, host, port, client_address, left_buf)