Merge remote-tracking branch 'origin/master' into stable

.gitignore

@@ -9,3 +9,4 @@ mtg
 vendor/
 version.go
 ccbuilds/
+.bin/

.golangci.toml

@@ -10,4 +10,4 @@ format = "colored-line-number"
 
 [linters]
 enable-all = true
-disable = ["gochecknoglobals", "gomnd"]
+disable = ["gochecknoglobals", "gas", "gomnd", "goerr113"]

.travis.yml

@@ -5,6 +5,7 @@ sudo: false
 dist: trusty
 
 go:
+  - 1.14.x
   - 1.13.x
   - master
 

Dockerfile

@@ -1,7 +1,7 @@
 ###############################################################################
 # BUILD STAGE
 
-FROM golang:1.14-alpine
+FROM golang:1.14-alpine AS build
 
 RUN set -x \
   && apk --no-cache --update add \
@@ -13,9 +13,9 @@ RUN set -x \
     upx
 
 COPY . /go/src/github.com/9seconds/mtg/
+WORKDIR /go/src/github.com/9seconds/mtg
 
 RUN set -x \
-  && cd /go/src/github.com/9seconds/mtg \
   && make -j 4 static \
   && upx --ultra-brute -qq ./mtg
 
@@ -26,11 +26,9 @@ RUN set -x \
 FROM scratch
 
 ENTRYPOINT ["/mtg"]
-ENV MTG_IP=0.0.0.0 \
-    MTG_PORT=3128 \
-    MTG_STATS_IP=0.0.0.0 \
-    MTG_STATS_PORT=3129
+ENV MTG_BIND=0.0.0.0:3128 \
+    MTG_STATS_BIND=0.0.0.0:3129
 EXPOSE 3128 3129
 
-COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-COPY --from=0 /go/src/github.com/9seconds/mtg/mtg /mtg
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /go/src/github.com/9seconds/mtg/mtg /mtg

Makefile

@@ -4,7 +4,7 @@ APP_NAME     := $(IMAGE_NAME)
 
 CC_BINARIES  := $(shell bash -c "echo -n $(APP_NAME)-{linux,freebsd,openbsd}-{386,amd64} $(APP_NAME)-linux-{arm,arm64}")
 
-GOLANGCI_LINT_VERSION := v1.24.0
+GOLANGCI_LINT_VERSION := v1.30.0
 
 VERSION_GO         := $(shell go version)
 VERSION_DATE       := $(shell date -Ru)
@@ -53,7 +53,7 @@ crosscompile-dir:
 
 .PHONY: lint
 lint: vendor
-	@$(MOD_OFF) golangci-lint run
+	@$(MOD_OFF) "$(ROOT_DIR)/.bin/golangci-lint" run
 
 .PHONY: clean
 clean:
@@ -70,5 +70,6 @@ prepare: install-lint
 
 .PHONY: install-lint
 install-lint:
-	@curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh \
-		| $(MOD_OFF) bash -s -- -b $(GOPATH)/bin $(GOLANGCI_LINT_VERSION)
+	@mkdir -p ./bin || true && \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh \
+		| $(MOD_OFF) bash -s -- -b "$(ROOT_DIR)/.bin" $(GOLANGCI_LINT_VERSION)

antireplay/init.go

@@ -3,9 +3,8 @@ package antireplay
 import (
 	"sync"
 
-	"github.com/VictoriaMetrics/fastcache"
-
 	"github.com/9seconds/mtg/config"
+	"github.com/VictoriaMetrics/fastcache"
 )
 
 type CacheInterface interface {

cli/proxy.go

@@ -5,9 +5,6 @@ import (
 	"os"
 	"time"
 
-	"go.uber.org/zap"
-	"go.uber.org/zap/zapcore"
-
 	"github.com/9seconds/mtg/antireplay"
 	"github.com/9seconds/mtg/config"
 	"github.com/9seconds/mtg/faketls"
@@ -18,6 +15,8 @@ import (
 	"github.com/9seconds/mtg/stats"
 	"github.com/9seconds/mtg/telegram"
 	"github.com/9seconds/mtg/utils"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
 )
 
 func Proxy() error { // nolint: funlen

config/config.go

@@ -22,6 +22,8 @@ func (s SecretMode) String() string {
 		return "simple"
 	case SecretModeSecured:
 		return "secured"
+	case SecretModeTLS:
+		return "tls"
 	}
 
 	return "tls"

config/global_ips.go

@@ -60,7 +60,7 @@ func fetchIP(ctx context.Context, network string) (net.IP, error) {
 		return nil, fmt.Errorf("cannot perform a request: %w", err)
 	}
 
-	defer resp.Body.Close() // nolint: errcheck
+	defer resp.Body.Close()
 
 	respDataBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {

conntypes/protocol.go

@@ -8,6 +8,8 @@ func (c ConnectionProtocol) String() string {
 		return "any"
 	case ConnectionProtocolIPv4:
 		return "ipv4"
+	case ConnectionProtocolIPv6:
+		return "ipv6"
 	}
 
 	return "ipv6"

conntypes/type.go

@@ -21,7 +21,9 @@ func (t ConnectionType) Tag() []byte {
 		return ConnectionTagAbridged
 	case ConnectionTypeIntermediate:
 		return ConnectionTagIntermediate
-	default:
+	case ConnectionTypeSecure, ConnectionTypeUnknown:
 		return ConnectionTagSecure
 	}
+
+	return ConnectionTagSecure
 }

faketls/client_protocol.go

@@ -2,6 +2,7 @@ package faketls
 
 import (
 	"bufio"
+	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -48,8 +49,8 @@ func (c *ClientProtocol) Handshake(socket conntypes.StreamReadWriteCloser) (conn
 	}
 
 	conn := stream.NewFakeTLS(socket)
-	conn, err := c.ClientProtocol.Handshake(conn)
 
+	conn, err := c.ClientProtocol.Handshake(conn)
 	if err != nil {
 		return nil, err
 	}
@@ -63,9 +64,7 @@ func (c *ClientProtocol) tlsHandshake(conn io.ReadWriter) error {
 		return fmt.Errorf("cannot read initial record: %w", err)
 	}
 
-	buf := acquireBytesBuffer()
-	defer releaseBytesBuffer(buf)
-
+	buf := &bytes.Buffer{}
 	helloRecord.Data.WriteBytes(buf)
 
 	clientHello, err := tlstypes.ParseClientHello(buf.Bytes())
@@ -90,6 +89,7 @@ func (c *ClientProtocol) tlsHandshake(conn io.ReadWriter) error {
 
 	if antireplay.Cache.HasTLS(clientHello.Random[:]) {
 		stats.Stats.ReplayDetected()
+
 		return errors.New("replay attack is detected")
 	}
 
@@ -108,8 +108,8 @@ func (c *ClientProtocol) cloakHost(clientConn io.ReadWriteCloser) {
 	stats.Stats.CloakedRequest()
 
 	addr := net.JoinHostPort(config.C.CloakHost, strconv.Itoa(config.C.CloakPort))
-	hostConn, err := net.Dial("tcp", addr)
 
+	hostConn, err := net.Dial("tcp", addr)
 	if err != nil {
 		return
 	}

faketls/cloak.go

@@ -53,9 +53,11 @@ func cloak(one, another io.ReadWriteCloser) {
 				return
 			case <-lastActivityTimer.C:
 				cancel()
+
 				return
 			case <-maxTimer.C:
 				cancel()
+
 				return
 			}
 		}
@@ -67,8 +69,5 @@ func cloak(one, another io.ReadWriteCloser) {
 func cloakPipe(one io.Writer, another io.Reader, wg *sync.WaitGroup) {
 	defer wg.Done()
 
-	buf := acquireCloakBuffer()
-	defer releaseCloakBuffer(buf)
-
-	io.CopyBuffer(one, another, *buf) // nolint: errcheck
+	io.Copy(one, another) // nolint: errcheck
 }

go.mod

@@ -6,16 +6,16 @@ require (
 	github.com/VictoriaMetrics/fastcache v1.5.7
 	github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d
 	github.com/beevik/ntp v0.3.0
-	github.com/golang/protobuf v1.3.5 // indirect
-	github.com/prometheus/client_golang v1.5.1
-	github.com/prometheus/procfs v0.0.11 // indirect
+	github.com/prometheus/client_golang v1.7.1
+	github.com/prometheus/common v0.11.1 // indirect
 	github.com/smira/go-statsd v1.3.1
-	go.uber.org/zap v1.14.1
-	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
+	go.uber.org/zap v1.15.0
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
 	golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
-	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e // indirect
-	golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775
+	golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect
+	golang.org/x/sys v0.0.0-20200808120158-1030fc2bf1d9
 	golang.org/x/tools v0.0.0-20200319210407-521f4a0cd458 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	honnef.co/go/tools v0.0.1-2020.1.3 // indirect
 )