// SPDX-FileCopyrightText: 2023 The Pion community // SPDX-License-Identifier: MIT package main import ( "context" "crypto/tls" "flag" "fmt" "log" "net" "os" "os/signal" "strings" "sync" "sync/atomic" "syscall" "time" "github.com/cbeuw/connutil" "github.com/google/uuid" "github.com/pion/dtls/v3" "github.com/pion/dtls/v3/pkg/crypto/selfsign" "github.com/pion/logging" "github.com/pion/turn/v5" ) func dtlsFunc(ctx context.Context, conn net.PacketConn, peer *net.UDPAddr) (net.Conn, error) { certificate, err := selfsign.GenerateSelfSigned() if err != nil { return nil, err } config := &dtls.Config{ Certificates: []tls.Certificate{certificate}, InsecureSkipVerify: true, ExtendedMasterSecret: dtls.RequireExtendedMasterSecret, CipherSuites: []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, ConnectionIDGenerator: dtls.OnlySendCIDGenerator(), } // Extended timeout to accommodate serialized credential fetching via mutex ctx1, cancel := context.WithTimeout(ctx, 120*time.Second) defer cancel() dtlsConn, err := dtls.Client(conn, peer, config) if err != nil { return nil, err } if err := dtlsConn.HandshakeContext(ctx1); err != nil { return nil, err } return dtlsConn, nil } func oneDtlsConnection(ctx context.Context, peer *net.UDPAddr, listenConn net.PacketConn, connchan chan<- net.PacketConn, okchan chan<- struct{}, c chan<- error, sessionID []byte, streamID byte) { var err error = nil defer func() { c <- err }() dtlsctx, dtlscancel := context.WithCancel(ctx) defer dtlscancel() var conn1, conn2 net.PacketConn conn1, conn2 = connutil.AsyncPacketPipe() go func() { for { select { case <-dtlsctx.Done(): return case connchan <- conn2: } } }() dtlsConn, err1 := dtlsFunc(dtlsctx, conn1, peer) if err1 != nil { err = fmt.Errorf("failed to connect DTLS: %s", err1) return } defer func() { if closeErr := dtlsConn.Close(); closeErr != nil { err = fmt.Errorf("failed to close DTLS connection: %s", closeErr) return } log.Printf("Closed DTLS connection\n") }() // Phase 1: Send Session ID + Stream ID (17 bytes) dtlsConn.SetWriteDeadline(time.Now().Add(time.Second * 5)) idBuf := make([]byte, 17) copy(idBuf[:16], sessionID) idBuf[16] = streamID if _, err1 = dtlsConn.Write(idBuf); err1 != nil { err = fmt.Errorf("failed to send session ID: %s", err1) return } log.Printf("Established DTLS connection and sent session ID with stream %d!\n", streamID) go func() { for { select { case <-dtlsctx.Done(): return case okchan <- struct{}{}: } } }() wg := sync.WaitGroup{} wg.Add(2) context.AfterFunc(dtlsctx, func() { listenConn.SetDeadline(time.Now()) dtlsConn.SetDeadline(time.Now()) }) var addr atomic.Value // Start read-loop on listenConn go func() { defer wg.Done() defer dtlscancel() buf := make([]byte, 1600) for { select { case <-dtlsctx.Done(): return default: } n, addr1, err1 := listenConn.ReadFrom(buf) if err1 != nil { log.Printf("Failed: %s", err1) return } addr.Store(addr1) // store peer _, err1 = dtlsConn.Write(buf[:n]) if err1 != nil { log.Printf("Failed: %s", err1) return } } }() // Start read-loop on dtlsConn go func() { defer wg.Done() defer dtlscancel() buf := make([]byte, 1600) for { select { case <-dtlsctx.Done(): return default: } n, err1 := dtlsConn.Read(buf) if err1 != nil { log.Printf("Failed: %s", err1) return } addr1, ok := addr.Load().(net.Addr) if !ok { log.Printf("Failed: no listener ip") return } _, err1 = listenConn.WriteTo(buf[:n], addr1) if err1 != nil { log.Printf("Failed: %s", err1) return } } }() wg.Wait() listenConn.SetDeadline(time.Time{}) dtlsConn.SetDeadline(time.Time{}) } type connectedUDPConn struct { *net.UDPConn } func (c *connectedUDPConn) WriteTo(p []byte, _ net.Addr) (int, error) { return c.Write(p) } type turnParams struct { host string port string link string udp bool streamID int getCreds getCredsFunc } func oneTurnConnection(ctx context.Context, turnParams *turnParams, peer *net.UDPAddr, conn2 net.PacketConn, c chan<- error) { var err error = nil defer func() { c <- err }() user, pass, url, err1 := turnParams.getCreds(ctx, turnParams.link, turnParams.streamID) if err1 != nil { err = fmt.Errorf("failed to get TURN credentials: %s", err1) return } urlhost, urlport, err1 := net.SplitHostPort(url) if err1 != nil { err = fmt.Errorf("failed to parse TURN server address: %s", err1) return } if turnParams.host != "" { urlhost = turnParams.host } if turnParams.port != "" { urlport = turnParams.port } var turnServerAddr string turnServerAddr = net.JoinHostPort(urlhost, urlport) turnServerUdpAddr, err1 := net.ResolveUDPAddr("udp", turnServerAddr) if err1 != nil { err = fmt.Errorf("failed to resolve TURN server address: %s", err1) return } turnServerAddr = turnServerUdpAddr.String() fmt.Println(turnServerUdpAddr.IP) // Dial TURN Server var cfg *turn.ClientConfig var turnConn net.PacketConn var d net.Dialer ctx1, cancel := context.WithTimeout(ctx, 5*time.Second) defer cancel() if turnParams.udp { conn, err2 := net.DialUDP("udp", nil, turnServerUdpAddr) // nolint: noctx if err2 != nil { err = fmt.Errorf("failed to connect to TURN server: %s", err2) return } defer func() { if err1 = conn.Close(); err1 != nil { err = fmt.Errorf("failed to close TURN server connection: %s", err1) return } }() turnConn = &connectedUDPConn{conn} } else { conn, err2 := d.DialContext(ctx1, "tcp", turnServerAddr) // nolint: noctx if err2 != nil { err = fmt.Errorf("failed to connect to TURN server: %s", err2) return } defer func() { if err1 = conn.Close(); err1 != nil { err = fmt.Errorf("failed to close TURN server connection: %s", err1) return } }() turnConn = turn.NewSTUNConn(conn) } var addrFamily turn.RequestedAddressFamily if peer.IP.To4() != nil { addrFamily = turn.RequestedAddressFamilyIPv4 } else { addrFamily = turn.RequestedAddressFamilyIPv6 } // Start a new TURN Client and wrap our net.Conn in a STUNConn // This allows us to simulate datagram based communication over a net.Conn cfg = &turn.ClientConfig{ STUNServerAddr: turnServerAddr, TURNServerAddr: turnServerAddr, Conn: turnConn, Username: user, Password: pass, RequestedAddressFamily: addrFamily, LoggerFactory: logging.NewDefaultLoggerFactory(), } client, err1 := turn.NewClient(cfg) if err1 != nil { err = fmt.Errorf("failed to create TURN client: %s", err1) return } defer client.Close() // Start listening on the conn provided. err1 = client.Listen() if err1 != nil { err = fmt.Errorf("failed to listen: %s", err1) return } // Allocate a relay socket on the TURN server. On success, it // will return a net.PacketConn which represents the remote // socket. relayConn, err1 := client.Allocate() if err1 != nil { err = fmt.Errorf("failed to allocate: %s", err1) return } defer func() { if err1 := relayConn.Close(); err1 != nil { err = fmt.Errorf("failed to close TURN allocated connection: %s", err1) } }() // The relayConn's local address is actually the transport // address assigned on the TURN server. log.Printf("relayed-address=%s", relayConn.LocalAddr().String()) wg := sync.WaitGroup{} wg.Add(2) turnctx, turncancel := context.WithCancel(context.Background()) context.AfterFunc(turnctx, func() { relayConn.SetDeadline(time.Now()) conn2.SetDeadline(time.Now()) }) var addr atomic.Value // Start read-loop on conn2 (output of DTLS) go func() { defer wg.Done() defer turncancel() buf := make([]byte, 1600) for { select { case <-turnctx.Done(): return default: } n, addr1, err1 := conn2.ReadFrom(buf) if err1 != nil { log.Printf("Failed: %s", err1) return } addr.Store(addr1) // store peer _, err1 = relayConn.WriteTo(buf[:n], peer) if err1 != nil { log.Printf("Failed: %s", err1) return } } }() // Start read-loop on relayConn go func() { defer wg.Done() defer turncancel() buf := make([]byte, 1600) for { select { case <-turnctx.Done(): return default: } n, _, err1 := relayConn.ReadFrom(buf) if err1 != nil { log.Printf("Failed: %s", err1) return } addr1, ok := addr.Load().(net.Addr) if !ok { log.Printf("Failed: no listener ip") return } _, err1 = conn2.WriteTo(buf[:n], addr1) if err1 != nil { log.Printf("Failed: %s", err1) return } } }() wg.Wait() relayConn.SetDeadline(time.Time{}) conn2.SetDeadline(time.Time{}) } func oneDtlsConnectionLoop(ctx context.Context, peer *net.UDPAddr, listenConnChan <-chan net.PacketConn, connchan chan<- net.PacketConn, okchan chan<- struct{}, sessionID []byte, streamID byte) { for { select { case <-ctx.Done(): return case listenConn := <-listenConnChan: c := make(chan error) go oneDtlsConnection(ctx, peer, listenConn, connchan, okchan, c, sessionID, streamID) if err := <-c; err != nil { log.Printf("%s", err) } } } } func oneTurnConnectionLoop(ctx context.Context, turnParams *turnParams, peer *net.UDPAddr, connchan <-chan net.PacketConn, t <-chan time.Time, streamID int) { // Create a copy of turnParams with the streamID tp := *turnParams tp.streamID = streamID for { select { case <-ctx.Done(): return case conn2 := <-connchan: select { case <-t: c := make(chan error) go oneTurnConnection(ctx, &tp, peer, conn2, c) if err := <-c; err != nil { log.Printf("%s", err) } default: } } } } func main() { //nolint:cyclop ctx, cancel := context.WithCancel(context.Background()) defer cancel() signalChan := make(chan os.Signal, 1) signal.Notify(signalChan, syscall.SIGTERM, syscall.SIGINT) go func() { <-signalChan log.Printf("Terminating...\n") cancel() select { case <-signalChan: case <-time.After(5 * time.Second): } log.Fatalf("Exit...\n") }() host := flag.String("turn", "", "override TURN server ip") port := flag.String("port", "", "override TURN port") listen := flag.String("listen", "127.0.0.1:9000", "listen on ip:port") vklink := flag.String("vk-link", "", "VK calls invite link \"https://vk.com/call/join/...\"") wb := flag.Bool("wb", false, "use WB Stream instead of VK") peerAddr := flag.String("peer", "", "peer server address (host:port)") n := flag.Int("n", 0, "connections to TURN (default 4)") udp := flag.Bool("udp", false, "connect to TURN with UDP") direct := flag.Bool("no-dtls", false, "connect without obfuscation. DO NOT USE") sessionIDFlag := flag.String("session-id", "", "override session ID (hex, 32 chars)") flag.Parse() if *peerAddr == "" { log.Panicf("Need peer address!") } peer, err := net.ResolveUDPAddr("udp", *peerAddr) if err != nil { panic(err) } if !*wb && *vklink == "" { log.Panicf("Need either -wb or -vk-link!") } var link string var getCreds getCredsFunc if *wb { link = "wb" getCreds = func(ctx context.Context, lk string, streamID int) (string, string, string, error) { return getCredsCached(ctx, lk, streamID, wbFetch) } } else { parts := strings.Split(*vklink, "join/") link = parts[len(parts)-1] getCreds = func(ctx context.Context, lk string, streamID int) (string, string, string, error) { return getCredsCached(ctx, lk, streamID, getVkCreds) } } if *n <= 0 { *n = 4 } if idx := strings.IndexAny(link, "/?#"); idx != -1 { link = link[:idx] } params := &turnParams{ host: *host, port: *port, link: link, udp: *udp, streamID: 0, getCreds: getCreds, } var sessionID []byte if *sessionIDFlag != "" { sessionID = make([]byte, 16) if _, err := fmt.Sscanf(*sessionIDFlag, "%x", &sessionID); err != nil { log.Panicf("Invalid session ID: %v", err) } } else { sessionID, _ = uuid.New().MarshalBinary() } log.Printf("Session ID: %x", sessionID) listenConnChan := make(chan net.PacketConn) listenConn, err := net.ListenPacket("udp", *listen) // nolint: noctx if err != nil { log.Panicf("Failed to listen: %s", err) } context.AfterFunc(ctx, func() { if closeErr := listenConn.Close(); closeErr != nil { log.Panicf("Failed to close local connection: %s", closeErr) } }) go func() { for { select { case <-ctx.Done(): return case listenConnChan <- listenConn: } } }() wg1 := sync.WaitGroup{} t := time.Tick(100 * time.Millisecond) if *direct { for i := 0; i < *n; i++ { wg1.Add(1) streamID := i go func() { defer wg1.Done() oneTurnConnectionLoop(ctx, params, peer, listenConnChan, t, streamID) }() } } else { okchan := make(chan struct{}) connchan := make(chan net.PacketConn) wg1.Add(1) go func() { defer wg1.Done() oneDtlsConnectionLoop(ctx, peer, listenConnChan, connchan, okchan, sessionID, 0) }() wg1.Add(1) go func() { defer wg1.Done() oneTurnConnectionLoop(ctx, params, peer, connchan, t, 0) }() select { case <-okchan: case <-ctx.Done(): } for i := 0; i < *n-1; i++ { connchan := make(chan net.PacketConn) streamID := i + 1 wg1.Add(1) go func(sID byte) { defer wg1.Done() oneDtlsConnectionLoop(ctx, peer, listenConnChan, connchan, nil, sessionID, sID) }(byte(streamID)) wg1.Add(1) go func() { defer wg1.Done() oneTurnConnectionLoop(ctx, params, peer, connchan, t, streamID) }() } } wg1.Wait() }