From 240b60636f99bfe3119c4489d97b7907438e1948 Mon Sep 17 00:00:00 2001 From: alex Date: Tue, 31 Mar 2026 15:37:56 +0800 Subject: [PATCH] changed the verification from ip to domain --- Cargo.lock | 1 + Cargo.toml | 1 + src/bin/punchnet/main.rs | 3 ++- src/network/async_main.rs | 1 + src/quic/mod.rs | 13 +++++++++++++ src/tcp/quic.rs | 16 ++++++++++++---- src/utils/command.rs | 3 +++ 7 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6f9203a..0d01f04 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2173,6 +2173,7 @@ dependencies = [ "rpassword", "rsa", "rustls", + "rustls-native-certs", "rustls-pemfile", "sdlan-sn-rs", "serde", diff --git a/Cargo.toml b/Cargo.toml index 3e47c06..5943295 100755 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,6 +42,7 @@ hex = "0.4.3" ahash = "0.8.12" ipnet = "2.12.0" arc-swap = "1.9.0" +rustls-native-certs = "0.8.3" # rolling-file = { path = "../rolling-file" } [target.'cfg(unix)'.dependencies] diff --git a/src/bin/punchnet/main.rs b/src/bin/punchnet/main.rs index 0e590cd..7c04330 100755 --- a/src/bin/punchnet/main.rs +++ b/src/bin/punchnet/main.rs @@ -157,7 +157,8 @@ async fn daemonize_me( mac, CommandLine { sn: server.clone()+":1365", - quic: server.clone()+":443", + quic: server.clone() + ":443", + quic_domain: hostname, nat_server1: server.clone() +":1365", // nat_server2: "47.98.178.3:1265".to_owned(), nat_server2: server.clone() +":1366", diff --git a/src/network/async_main.rs b/src/network/async_main.rs index a7d8d79..d8e1ee2 100755 --- a/src/network/async_main.rs +++ b/src/network/async_main.rs @@ -40,6 +40,7 @@ pub async fn async_main( init_quic_conn( cancel_tcp, &args.quic, + &args.quic_domain, // |msg| handle_tcp_message(msg), edge.tcp_pong.clone(), // tcp_pong, diff --git a/src/quic/mod.rs b/src/quic/mod.rs index f0674e0..fc9a190 100644 --- a/src/quic/mod.rs +++ b/src/quic/mod.rs @@ -25,10 +25,23 @@ pub fn quic_init() -> Endpoint { } */ + let mut root_store = rustls::RootCertStore::empty(); + rustls_native_certs::load_native_certs().expect("could not load platform certs").into_iter().for_each(|cert| { + root_store.add(cert).unwrap(); + }); + + let mut rustls_config = rustls::ClientConfig::builder() + // .with_root_certificates(rustls::RootCertStore::empty()) + // .with_root_certificates(root_store) + .with_root_certificates(root_store) + .with_no_client_auth(); + + /* let mut rustls_config = rustls::ClientConfig::builder() .dangerous() .with_custom_certificate_verifier(Arc::new(SkipServerVerification{})) .with_no_client_auth(); + */ rustls_config.alpn_protocols = vec![b"punchnet/1.0".to_vec()]; diff --git a/src/tcp/quic.rs b/src/tcp/quic.rs index 6dcb7c7..81bec2f 100644 --- a/src/tcp/quic.rs +++ b/src/tcp/quic.rs @@ -39,6 +39,7 @@ impl ReadWriterHandle { fn new( cancel: CancellationToken, addr: &str, + domain: &str, // on_connected: OnConnectedCallback<'a>, // on_disconnected: T3, // on_message: T2, @@ -56,6 +57,7 @@ impl ReadWriterHandle { let actor = ReadWriteActor::new( cancel, addr, + domain, from_tcp, connected.clone(), pong_time, @@ -399,6 +401,7 @@ async fn handle_tcp_event(edge: &'static Node, eventtype: EventType, eventprotob pub fn init_quic_conn( cancel: CancellationToken, addr: &str, + domain: &str, // on_connected: OnConnectedCallback<'a>, // on_disconnected: T3, // on_message: T2, @@ -414,6 +417,7 @@ pub fn init_quic_conn( let tcp_handle = ReadWriterHandle::new( cancel, addr, + domain, // on_connected, // on_disconnected, // on_message, @@ -431,7 +435,11 @@ pub fn init_quic_conn( pub struct ReadWriteActor { // actor接收的发送给tcp的接收端,由handle存放发送端 // to_tcp: Receiver>, + // remote is the ip version of the remote server remote: String, + // hostname is the domain name of the remote server + domain: String, + connected: Arc, pong_time: Arc, // actor收到数据之后,发送给上层的发送端口,接收端由handle保存 @@ -445,6 +453,7 @@ impl ReadWriteActor { pub fn new( cancel: CancellationToken, remote: &str, + domain: &str, from_tcp: Sender, connected: Arc, pong_time: Arc, @@ -456,6 +465,7 @@ impl ReadWriteActor { _cancel: cancel, pong_time, connected, + domain: domain.to_owned(), remote: remote.to_owned(), from_tcp, connecting_chan, @@ -517,11 +527,9 @@ impl ReadWriteActor { let _ = connecting_chan.send(state).await; } - let host = self.remote.split(":").next().unwrap(); + debug!("try connecting to {}", self.domain); - debug!("try connecting to {}, host = {}", self.remote, host); - - let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), host) { + let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), &self.domain) { Ok(conn) => conn, Err(e) => { error!("failed to connect: {}", e); diff --git a/src/utils/command.rs b/src/utils/command.rs index 260c088..fa6237a 100755 --- a/src/utils/command.rs +++ b/src/utils/command.rs @@ -118,6 +118,8 @@ pub struct CommandLine { #[structopt(short = "t", long = "tcp", default_value = "127.0.0.1:7656")] pub quic: String, + pub quic_domain: String, + /// in the format of "localhost:1234" #[structopt(long = "nat1")] pub nat_server1: String, @@ -172,6 +174,7 @@ impl Clone for CommandLine { Self { sn: self.sn.clone(), quic: self.quic.clone(), + quic_domain: self.quic_domain.clone(), allow_routing: self.allow_routing, _drop_multicast: self._drop_multicast, register_ttl: self.register_ttl,