Implement support for the QUIC protocol and intelligent switching policy

.gitignore

@@ -16,3 +16,4 @@ build
 release
 .vscode
 .dockerignore
+.idea

README.md

@@ -326,6 +326,23 @@ options:
 ./release/linux-amd64-client -local tcp://127.0.0.1:22 -remote tcp://id1.example.com:8080 -id id1 -secret secret1 -remoteTCPPort 2222 -remoteTCPRandom
 ```
 
+#### Internal QUIC Penetration
+
+- Requirements: There is an intranet server and a public network server, and id1.example.com resolves to the address of the public network server. Hopefully by accessing id1.example.com:8080
+  To access the web page served by port 80 on the intranet server. At the same time, QUIC is used to build a transport connection between the client and the server.
+
+- Server (Public network server)
+
+```shell
+./release/linux-amd64-server -addr 8080 -quicAddr 10080 -id id1 -secret secret1
+```
+
+- Client (Internal network server)
+
+```shell
+./release/linux-amd64-client -local http://127.0.0.1:80 -remote quic://id1.example.com:10080 -id id1 -secret secret1
+```
+
 #### Client Start Multiple Services Simultaneously
 
 - Requirement: There is an internal network server and a public network server, and id1-1.example.com and

README_CN.md

@@ -308,6 +308,23 @@ options:
 ./release/linux-amd64-client -local tcp://127.0.0.1:22 -remote tcp://id1.example.com:8080 -id id1 -secret secret1 -remoteTCPPort 2222 -remoteTCPRandom
 ```
 
+#### QUIC 内网穿透
+
+- 需求：有一台内网服务器和一台公网服务器，id1.example.com 解析到公网服务器的地址。希望通过访问 id1.example.com:8080
+  来访问内网服务器上 80 端口服务的网页。同时用 QUIC 为客户端与服务端之间构建传输连接。
+
+- 服务端（公网服务器）
+
+```shell
+./release/linux-amd64-server -addr 8080 -quicAddr 10080 -id id1 -secret secret1
+```
+
+- 客户端（内网服务器）
+
+```shell
+./release/linux-amd64-client -local http://127.0.0.1:80 -remote quic://id1.example.com:10080 -id id1 -secret secret1
+```
+
 #### 客户端同时开启多个服务
 
 - 需求：有一台内网服务器和一台公网服务器，id1-1.example.com 和 id1-2.example.com 解析到公网服务器的地址。希望通过访问

client/client.go

@@ -227,6 +227,12 @@ func (d *dialer) init(c *Client, remote string, stun string) (err error) {
 		}
 		d.host = u.Host
 		d.dialFn = d.dial
+	case "quic":
+		if len(u.Port()) < 1 {
+			u.Host = net.JoinHostPort(u.Host, "10080")
+		}
+		d.host = u.Host
+		d.dialFn = d.quicDial
 	default:
 		err = fmt.Errorf("remote url (-remote option) '%s' is invalid", remote)
 	}
@@ -284,6 +290,10 @@ func (d *dialer) tlsDial() (conn net.Conn, err error) {
 	return tls.Dial("tcp", d.host, d.tlsConfig)
 }
 
+func (d *dialer) quicDial() (conn net.Conn, err error) {
+	return connection.QuicDial(d.host)
+}
+
 // Start runs the client agent.
 func (c *Client) Start() (err error) {
 	c.Logger.Info().Msg(predef.Version)

conn/quicConn.go

@@ -0,0 +1,80 @@
+package conn
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"github.com/quic-go/quic-go"
+	"math/big"
+	"net"
+)
+
+type QuicConnection struct {
+	quic.Connection
+	quic.Stream
+}
+
+type QuicListener struct {
+	quic.Listener
+}
+
+var _ net.Conn = &QuicConnection{}
+var _ net.Listener = &QuicListener{}
+
+func QuicDial(addr string) (net.Conn, error) {
+	tlsConf := &tls.Config{
+		InsecureSkipVerify: true,
+		NextProtos:         []string{"quic-echo-example"},
+	}
+	conn, _ := quic.DialAddr(context.Background(), addr, tlsConf, &quic.Config{})
+	stream, err := conn.OpenStreamSync(context.Background())
+	nc := &QuicConnection{
+		Connection: conn,
+		Stream:     stream,
+	}
+	return nc, err
+}
+
+func QuicListen(addr string) (net.Listener, error) {
+	listener, err := quic.ListenAddr(addr, GenerateTLSConfig(), nil)
+	ln := &QuicListener{
+		Listener: *listener,
+	}
+	return ln, err
+}
+
+func (ln *QuicListener) Accept() (net.Conn, error) {
+	conn, _ := ln.Listener.Accept(context.Background())
+	stream, err := conn.AcceptStream(context.Background())
+	nc := &QuicConnection{
+		Connection: conn,
+		Stream:     stream,
+	}
+	return nc, err
+}
+
+func GenerateTLSConfig() *tls.Config {
+	key, err := rsa.GenerateKey(rand.Reader, 1024)
+	if err != nil {
+		panic(err)
+	}
+	template := x509.Certificate{SerialNumber: big.NewInt(1)}
+	certDER, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
+	if err != nil {
+		panic(err)
+	}
+	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)})
+	certPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER})
+
+	tlsCert, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		panic(err)
+	}
+	return &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+		NextProtos:   []string{"quic-echo-example"},
+	}
+}

go.mod

@@ -15,6 +15,7 @@ require (
 	github.com/pion/logging v0.2.2
 	github.com/pion/turn/v3 v3.0.1
 	github.com/pkg/errors v0.9.1
+	github.com/quic-go/quic-go v0.35.0
 	github.com/rs/zerolog v1.30.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/stretchr/testify v1.8.4
@@ -24,20 +25,30 @@ require (
 require (
 	github.com/getsentry/sentry-go v0.24.1 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
 	github.com/pion/dtls/v2 v2.2.7 // indirect
 	github.com/pion/randutil v0.1.0 // indirect
 	github.com/pion/stun/v2 v2.0.0 // indirect
 	github.com/pion/transport/v2 v2.2.4 // indirect
 	github.com/pion/transport/v3 v3.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
+	github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
 	github.com/tklauser/go-sysconf v0.3.11 // indirect
 	github.com/tklauser/numcpus v0.6.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	golang.org/x/crypto v0.13.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.15.0 // indirect
 	golang.org/x/sys v0.12.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 )