-
Notifications
You must be signed in to change notification settings - Fork 0
/
relay.js
112 lines (90 loc) · 2.86 KB
/
relay.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
"use strict";
const ALLOWED_IP = [];
const ALLOWED_MAC = [];
const ALLOWED_ORIGIN = [];
const BROADCAST = "ff:ff:ff:ff:ff:ff";
try {
const WebSocket = require("ws");
const { Tap } = require("tuntap2");
console.log("Network access enabled");
const tap = new Tap();
tap.ipv4 = "10.5.0.1/16";
//tun.ipv6 = 'abcd:1:2:3::/64';
tap.mtu = 1500;
tap.isUp = true;
console.log(`created tap: ${tap.name}, ip: ${tap.ipv4}, mtu: ${tap.mtu}`);
// MaxListenersExceededWarning: Possible EventEmitter memory leak detected.
// Use emitter.setMaxListeners() to increase limit
tap.setMaxListeners(0);
const wss = new WebSocket.Server({
port: 80,
perMessageDeflate: {
zlibDeflateOptions: {
chunkSize: 1024,
memLevel: 7,
level: 3,
},
zlibInflateOptions: {
chunkSize: 10 * 1024,
},
clientNoContextTakeover: true, // Defaults to negotiated value.
serverNoContextTakeover: true, // Defaults to negotiated value.
serverMaxWindowBits: 10, // Defaults to negotiated value.
// Below options specified as default values.
concurrencyLimit: 10, // Limits zlib concurrency for perf.
threshold: 1024, // Size (in bytes) below which messages should not be compressed.
},
});
const equals = (a, b) => JSON.stringify(a) === JSON.stringify(b);
function* hexFormatValues(buffer) {
for (let x of buffer) {
const hex = x.toString(16);
yield hex.padStart(2, "0");
}
}
wss.on("connection", (ws, req) => {
ws.ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress;
ws.origin = req.headers["origin"];
console.log("client connected: %s", ws.ip);
console.log("origin: %s", ws.origin);
ws.on("message", buf => {
if (!ws.mac) {
ws.mac = [];
for (let hex of hexFormatValues(new Int32Array(buf.slice(6, 12)))) {
ws.mac.push(hex);
}
ws.mac = ws.mac.join(":");
console.log("using mac: %s", ws.mac);
}
const allowIp = ALLOWED_IP.length > 0 ? ALLOWED_IP.includes(ws.ip) : true;
const allowMac =
ALLOWED_MAC.length > 0 ? ALLOWED_MAC.includes(ws.mac) : true;
const allowOrigin =
ALLOWED_ORIGIN.length > 0 ? ALLOWED_ORIGIN.includes(ws.origin) : true;
if (allowIp === true && allowMac === true && allowOrigin === true) {
tap.write(buf);
}
});
});
tap.on("data", buf => {
// MTU doesn't include header or CRC32
const buffer = new Int32Array(buf.slice(0, tap.mtu + 18));
let mac = [];
for (let hex of hexFormatValues(new Int32Array(buffer.slice(0, 6)))) {
mac.push(hex);
}
mac = mac.join(":");
wss.clients.forEach(function each(ws) {
if (equals(mac, BROADCAST)) {
ws.send(buf);
} else if (equals(mac, ws.mac)) {
ws.send(buf);
}
});
});
wss.on("error", e => {
console.log(`error: ${e}`);
});
} catch (e) {
console.log("Network access disabled.");
}