Documentation
¶
Overview ¶
dnstt-client is the client end of a DNS tunnel.
Usage:
dnstt-client [-doh URL|-dot ADDR|-udp ADDR] (-pubkey PUBKEY|-pubkey-file PUBKEYFILE) DOMAIN LOCALADDR
Examples:
dnstt-client -doh https://resolver.example/dns-query -pubkey-file server.pub t.example.com 127.0.0.1:7000 dnstt-client -dot resolver.example:853 -pubkey-file server.pub t.example.com 127.0.0.1:7000
The program supports DNS over HTTPS (DoH), DNS over TLS (DoT), and UDP DNS. Use one of these options:
-doh https://resolver.example/dns-query -dot resolver.example:853 -udp resolver.example:53
You can give the server's public key as a file or as a hex string. Use "dnstt-server -gen-key" to get the public key.
-pubkey-file server.pub -pubkey 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff
DOMAIN is the root of the DNS zone reserved for the tunnel. See README for instructions on setting it up.
LOCALADDR is the TCP address that will listen for connections and forward them over the tunnel.
In -doh and -dot modes, the program's TLS fingerprint is camouflaged with uTLS by default. The specific TLS fingerprint is selected randomly from a weighted distribution. You can set your own distribution (or specific single fingerprint) using the -utls option. The special value "none" disables uTLS.
-utls '3*Firefox,2*Chrome,1*iOS' -utls Firefox -utls none
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewUTLSRoundTripper ¶
func NewUTLSRoundTripper(config *utls.Config, id *utls.ClientHelloID) *utlsRoundTripper
NewUTLSRoundTripper creates a utlsRoundTripper with the given TLS configuration and ClientHelloID.
func SampleUTLSDistribution ¶
func SampleUTLSDistribution(spec string) (*utls.ClientHelloID, error)
SampleUTLSDistribution parses a weighted uTLS Client Hello ID distribution string of the form "3*Firefox,2*Chrome,1*iOS", matches each label to a utls.ClientHelloID from utlsClientHelloIDMap, and randomly samples one utls.ClientHelloID from the distribution.
Types ¶
type DNSPacketConn ¶
type DNSPacketConn struct {
// QueuePacketConn is the direct receiver of ReadFrom and WriteTo calls.
// recvLoop and sendLoop take the messages out of the receive and send
// queues and actually put them on the network.
*turbotunnel.QueuePacketConn
// contains filtered or unexported fields
}
DNSPacketConn provides a packet-sending and -receiving interface over various forms of DNS. It handles the details of how packets and padding are encoded as a DNS name in the Question section of an upstream query, and as a TXT RR in downstream responses.
DNSPacketConn does not handle the mechanics of actually sending and receiving encoded DNS messages. That is rather the responsibility of some other net.PacketConn such as net.UDPConn, HTTPPacketConn, or TLSPacketConn, one of which must be provided to NewDNSPacketConn.
We don't have a need to match up a query and a response by ID. Queries and responses are vehicles for carrying data and for our purposes don't need to be correlated. When sending a query, we generate a random ID, and when receiving a response, we ignore the ID.
func NewDNSPacketConn ¶
func NewDNSPacketConn(transport net.PacketConn, addr net.Addr, domain dns.Name) *DNSPacketConn
NewDNSPacketConn creates a new DNSPacketConn. transport, through its WriteTo and ReadFrom methods, handles the actual sending and receiving the DNS messages encoded by DNSPacketConn. addr is the address to be passed to transport.WriteTo whenever a message needs to be sent.
type HTTPPacketConn ¶
type HTTPPacketConn struct {
// QueuePacketConn is the direct receiver of ReadFrom and WriteTo calls.
// sendLoop, via send, removes messages from the outgoing queue that
// were placed there by WriteTo, and inserts messages into the incoming
// queue to be returned from ReadFrom.
*turbotunnel.QueuePacketConn
// contains filtered or unexported fields
}
HTTPPacketConn is an HTTP-based transport for DNS messages, used for DNS over HTTPS (DoH). Its WriteTo and ReadFrom methods exchange DNS messages over HTTP requests and responses.
HTTPPacketConn deals only with already formatted DNS messages. It does not handle encoding information into the messages. That is rather the responsibility of DNSPacketConn.
https://tools.ietf.org/html/rfc8484
func NewHTTPPacketConn ¶
func NewHTTPPacketConn(rt http.RoundTripper, urlString string, numSenders int) (*HTTPPacketConn, error)
NewHTTPPacketConn creates a new HTTPPacketConn configured to use the HTTP server at urlString as a DNS over HTTP resolver. client is the http.Client that will be used to make requests. urlString should include any necessary path components; e.g., "/dns-query". numSenders is the number of concurrent sender-receiver goroutines to run.
type TLSPacketConn ¶
type TLSPacketConn struct {
// QueuePacketConn is the direct receiver of ReadFrom and WriteTo calls.
// recvLoop and sendLoop take the messages out of the receive and send
// queues and actually put them on the network.
*turbotunnel.QueuePacketConn
}
TLSPacketConn is a TLS- and TCP-based transport for DNS messages, used for DNS over TLS (DoT). Its WriteTo and ReadFrom methods exchange DNS messages over a TLS channel, prefixing each message with a two-octet length field as in DNS over TCP.
TLSPacketConn deals only with already formatted DNS messages. It does not handle encoding information into the messages. That is rather the responsibility of DNSPacketConn.
https://tools.ietf.org/html/rfc7858
func NewTLSPacketConn ¶
func NewTLSPacketConn(addr string, dialTLSContext func(ctx context.Context, network, addr string) (net.Conn, error)) (*TLSPacketConn, error)
NewTLSPacketConn creates a new TLSPacketConn configured to use the TLS server at addr as a DNS over TLS resolver. It maintains a TLS connection to the resolver, reconnecting as necessary. It closes the connection if any reconnection attempt fails.
Source Files