Add support for tls in client

When local-tls is passed we forward tls traffic to another port than
none tls traffic if local-tls is ommited all traffic goes to local

Fixes: #27

Signed-off-by: Jo De Boeck <deboeck.jo@gmail.com>

Author: grimpy

README.md

@@ -231,4 +231,9 @@ Second starts the tcp router client and make it opens a connection to the tcp ro
 The following command will connect the the server located at `tcprouter-1.com`, forward traffic for `mydomain.com` to the local application running at `localhost:8080` and send the response back.
 
 
-`trc -local localhost:8080 -remote tcprouter-1.com -secret TB2pbZ5FR8GQZp9W2z97jBjxSgWgQKaQTxEgrZNBa4pEFzv3PJcRVEtG2a5BU9qd`
+`trc -local localhost:8080 -remote tcprouter-1.com -secret TB2pbZ5FR8GQZp9W2z97jBjxSgWgQKaQTxEgrZNBa4pEFzv3PJcRVEtG2a5BU9qd`
+
+
+To forward tls traffic to a difference port than none-tls traffic add the `--local-tls` flag
+
+`trc -local localhost:8080 -local-tls localhost:443 -remote tcprouter-1.com -secret TB2pbZ5FR8GQZp9W2z97jBjxSgWgQKaQTxEgrZNBa4pEFzv3PJcRVEtG2a5BU9qd`

client.go

@@ -1,6 +1,7 @@
 package tcprouter
 
 import (
+	"bufio"
 	"context"
 	"fmt"
 	"io"
@@ -12,8 +13,9 @@ import (
 
 // Client connect to a tpc router server and opens a reverse tunnel
 type Client struct {
-	localAddr  string
-	remoteAddr string
+	localAddr    string
+	localTLSAddr string
+	remoteAddr   string
 	// secret used to identify the connection in the tcp router server
 	secret []byte
 
@@ -22,11 +24,12 @@ type Client struct {
 }
 
 // NewClient creates a new TCP router client
-func NewClient(secret, local, remote string) *Client {
+func NewClient(secret, local, localTLS, remote string) *Client {
 	return &Client{
-		localAddr:  local,
-		remoteAddr: remote,
-		secret:     []byte(secret),
+		localAddr:    local,
+		localTLSAddr: localTLS,
+		remoteAddr:   remote,
+		secret:       []byte(secret),
 	}
 }
 
@@ -139,10 +142,19 @@ func (c *Client) listen(ctx context.Context) error {
 				Str("remote add", remote.RemoteAddr().String()).
 				Msg("incoming stream, connect to local application")
 
-			local, err := c.connectLocal(c.localAddr)
+			var err error
+			var local WriteCloser
+			br := bufio.NewReader(remote)
+			_, isTLS, peeked := clientHelloServerName(br)
+			if isTLS {
+				local, err = c.connectLocal(c.localTLSAddr)
+			} else {
+				local, err = c.connectLocal(c.localAddr)
+			}
 			if err != nil {
 				return fmt.Errorf("failed to connect to local application: %w", err)
 			}
+			incoming := GetConn(remote, peeked)
 
 			go func(remote, local WriteCloser) {
 				log.Info().Msg("start forwarding")
@@ -164,7 +176,7 @@ func (c *Client) listen(ctx context.Context) error {
 				if err := local.Close(); err != nil {
 					log.Error().Err(err).Msg("Error while terminating connection")
 				}
-			}(remote, local)
+			}(incoming, local)
 		}
 	}
 }

cmds/client/main.go

@@ -36,6 +36,11 @@ func main() {
 			Usage:   "address to the local application",
 			EnvVars: []string{"TRC_LOCAL"},
 		},
+		&cli.StringFlag{
+			Name:    "local-tls",
+			Usage:   "address to the local tls application",
+			EnvVars: []string{"TRC_LOCAL"},
+		},
 		&cli.IntFlag{
 			Name:    "backoff",
 			Value:   5,
@@ -47,6 +52,10 @@ func main() {
 	app.Action = func(c *cli.Context) error {
 		remotes := c.StringSlice("remote")
 		local := c.String("local")
+		localtls := c.String("local-tls")
+		if len(localtls) == 0 {
+			localtls = local
+		}
 		backoff := c.Int("backoff")
 		secret := c.String("secret")
 
@@ -60,10 +69,11 @@ func main() {
 
 		for _, remote := range remotes {
 			c := connection{
-				Secret:  secret,
-				Remote:  remote,
-				Local:   local,
-				Backoff: backoff,
+				Secret:   secret,
+				Remote:   remote,
+				Local:    local,
+				LocalTLS: localtls,
+				Backoff:  backoff,
 			}
 			go func() {
 				defer func() {
@@ -89,14 +99,15 @@ func main() {
 }
 
 type connection struct {
-	Secret  string
-	Remote  string
-	Local   string
-	Backoff int
+	Secret   string
+	Remote   string
+	Local    string
+	LocalTLS string
+	Backoff  int
 }
 
 func start(ctx context.Context, c connection) {
-	client := tcprouter.NewClient(c.Secret, c.Local, c.Remote)
+	client := tcprouter.NewClient(c.Secret, c.Local, c.LocalTLS, c.Remote)
 
 	op := func() error {
 		for {

e2e_test.go

@@ -74,7 +74,7 @@ func testEnd2End(t *testing.T, size int) {
 		local := u.Host
 		remote := fmt.Sprintf("%s:%d", domain, clientPort)
 		log.Printf("start client local:%v remote:%v\n", local, remote)
-		client := NewClient(secret, local, remote)
+		client := NewClient(secret, local, local, remote)
 		client.Start(ctx)
 	}()