Update README.md

* Custom Dns Rules + WhiteList Traffic

> - Use 4 spaces instead of Tabs.
> - Use hard-coded cert currently.
> +XmlParser & RulesParser.

* Update ECAgent

main.go:
* Move Start Client function into EasyConnectClient.go
+ Add two global flag into EasyConnectClient.go
ECAgent :
+ Auto port select
+ Auto generate server cert
Protocol :
+ fix fingerprint not correct

* Reformat: replace tabs with 4 spaces

* Remove cert

* Add domain WhiteList

* ParseServConfig Option & Fix Bugs

* Fix Bug

* Rcs parsing + Read all buf + Update gvisor + CIDR whitelist

* Fix cidr range

* Add wildcard handle

* Add check if IP range too large

* Optimize Performance

* Finish ECAgent Protocol + Fix bug

LICENSE

@@ -1,661 +0,0 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<https://www.gnu.org/licenses/>.

README.md

@@ -7,44 +7,10 @@
 
 ---
 
-### 背景
+由于深信服官方要求, 本项目不再维护, 如有需求建议使用虚拟机或 [docker-easyconnect](https://github.com/Hagb/docker-easyconnect) 的解决方案.
 
-国内众多高校都在使用深信服(Sangfor)公司的 EasyConnect 作为学校 VPN 的解决方案.
+~~p.s. 倒也不至于删库跑路, 如果没特殊需要不用 fork...~~
 
-但官方客户端使用上有诸多问题:
+代码仅供学习交流, 撤回 AGPLv3 的相关开源许可证.
 
-- L3 全局代理, 路由规则配置不当, 减慢网络速度, 劣化 NAT 类型
-
-  (比如想要 SSH 连接学校服务器的同时访问 Google 搜索资料, 代理也会经过 VPN, 速度可能大幅下降甚至不可用)
-- 与其他代理软件产生冲突, 与其他软件(如游戏反作弊)容易产生冲突
-- 安装驱动&后台常驻, 占用资源, 安装该公司自行签发的 CA, 劫持系统 DLL, 降低系统安全性
-- 软件设计对系统侵入性强, 卸载后仍有残留, 容易造成未知的问题
-
-现有如 @Hagb 实现的 [docker-easyconnect](https://github.com/Hagb/docker-easyconnect) 方案使用 Docker 容器封印 EasyConnect, 也可以使用虚拟机封印 EasyConnect.
-
-不过我们在一些如手机/笔记本电脑/路由器之类的"边缘设备"上部署 Docker/虚拟机还是开销相对较大, 使用 vps 中转 EasyConnect 的裸 socks 代理也有一定的安全风险和不便(国内 vps 带宽受限).
-
-于是有了这个应该是目前最优雅简洁, 易于使用的 EasyConnect 客户端的替代品.
-
-### 使用方法
-
-本软件为 EasyConnect 的开源实现, 可以直接提供 Socks5 代理供其他应用使用.
-
-在 Release 中下载或自行拉去代码编译对应平台/架构的独立二进制文件在 cli 下执行即可.
-
-目前正常情况下运行基本稳定, 性能对比官方客户端无明显下降, 但仍需在不同使用场景下的更多测试.
-
-
-Complete: 
-- [x] Web login & binary protocol reimplement
-- [x] Get Session ID & IP
-- [x] Socks to L3
-- [x] Support 7.6.x versions
-- [x] Better code formatting & better logging
-- [x] Performace improvement
-- [x] ~~**now Works on Linux TUN**~~
-- [x] **now Works on All platforms(maybe) with socks5**
-- [x] Pack & Release
-
-To-do: 
-- [ ] More tests
+感谢所有 issue 提出者和 Contributor 做出的贡献~

core/EasyConnectClient.go

@@ -1,12 +1,21 @@
 package core
 
 import (
+	"EasierConnect/parser"
 	"errors"
+	"fmt"
+	"log"
 	"net"
+	"runtime"
 
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 )
 
+// local socks5 binding
+var SocksBind string
+var DebugDump bool
+var ParseServConfig bool
+
 type EasyConnectClient struct {
 	queryConn net.Conn
 	clientIp  []byte
@@ -27,6 +36,53 @@ func NewEasyConnectClient(server string) *EasyConnectClient {
 	}
 }
 
+func StartClient(host string, port int, username string, password string, twfId string) {
+	server := fmt.Sprintf("%s:%d", host, port)
+
+	client := NewEasyConnectClient(server)
+
+	var ip []byte
+	var err error
+	if twfId != "" {
+		if len(twfId) != 16 {
+			panic("len(twfid) should be 16!")
+		}
+		ip, err = client.LoginByTwfId(twfId)
+	} else {
+		ip, err = client.Login(username, password)
+		if err == ERR_NEXT_AUTH_SMS {
+			fmt.Print(">>>Please enter your sms code<<<:")
+			smsCode := ""
+			_, err := fmt.Scan(&smsCode)
+			if err != nil {
+				panic(err)
+				return
+			}
+
+			ip, err = client.AuthSMSCode(smsCode)
+		} else if err == ERR_NEXT_AUTH_TOTP {
+			fmt.Print(">>>Please enter your TOTP Auth code<<<:")
+			TOTPCode := ""
+			_, err := fmt.Scan(&TOTPCode)
+			if err != nil {
+				panic(err)
+				return
+			}
+
+			ip, err = client.AuthTOTP(TOTPCode)
+		}
+	}
+
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+	log.Printf("Login success, your IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3])
+
+	client.ServeSocks5(SocksBind, DebugDump)
+
+	runtime.KeepAlive(client)
+}
+
 func (client *EasyConnectClient) Login(username string, password string) ([]byte, error) {
 	client.username = username
 	client.password = password
@@ -56,12 +112,31 @@ func (client *EasyConnectClient) AuthSMSCode(code string) ([]byte, error) {
 	return client.LoginByTwfId(twfId)
 }
 
+func (client *EasyConnectClient) AuthTOTP(code string) ([]byte, error) {
+	if client.twfId == "" {
+		return nil, errors.New("TOTP Auth not required")
+	}
+
+	twfId, err := TOTPAuth(client.server, client.username, client.password, client.twfId, code)
+	if err != nil {
+		return nil, err
+	}
+
+	return client.LoginByTwfId(twfId)
+}
+
 func (client *EasyConnectClient) LoginByTwfId(twfId string) ([]byte, error) {
 	agentToken, err := ECAgentToken(client.server, twfId)
 	if err != nil {
 		return nil, err
 	}
 
+	// Parse Server config
+	if ParseServConfig {
+		parser.ParseResourceLists(client.server, twfId, DebugDump)
+		parser.ParseConfLists(client.server, twfId, DebugDump)
+	}
+
 	client.token = (*[48]byte)([]byte(agentToken + twfId))
 
 	// Query IP (keep the connection used so it's not closed too early, otherwise i/o stream will be closed)

core/config/Constants.go

@@ -0,0 +1,4 @@
+package config
+
+const PathConf string = "/por/conf.csp"
+const PathRlist string = "/por/rclist.csp"

core/config/DnsRules.go

@@ -0,0 +1,37 @@
+package config
+
+import (
+	"github.com/cornelk/hashmap"
+	"log"
+)
+
+// domain[ip]
+var dnsRules *hashmap.Map[string, string]
+
+func AppendSingleDnsRule(domain, ip string, debug bool) {
+	if dnsRules == nil {
+		dnsRules = hashmap.New[string, string]()
+	}
+
+	if debug {
+		log.Printf("AppendSingleDnsRule: %s[%s]", domain, ip)
+	}
+
+	dnsRules.Set(domain, ip)
+}
+
+func GetSingleDnsRule(domain string) (string, bool) {
+	return dnsRules.Get(domain)
+}
+
+func IsDnsRuleAvailable() bool {
+	return dnsRules != nil
+}
+
+func GetDnsRuleLen() int {
+	if IsDnsRuleAvailable() {
+		return dnsRules.Len()
+	} else {
+		return 0
+	}
+}

core/config/DomainWhiteList.go

@@ -0,0 +1,37 @@
+package config
+
+import (
+	"github.com/cornelk/hashmap"
+	"log"
+)
+
+// domain[[]int {min, max}]
+var domainRules *hashmap.Map[string, []int]
+
+func AppendSingleDomainRule(domain string, ports []int, debug bool) {
+	if domainRules == nil {
+		domainRules = hashmap.New[string, []int]()
+	}
+
+	if debug {
+		log.Printf("AppendSingleDomainRule: %s[%v]", domain, ports)
+	}
+
+	domainRules.Set(domain, ports)
+}
+
+func GetSingleDomainRule(domain string) ([]int, bool) {
+	return domainRules.Get(domain)
+}
+
+func IsDomainRuleAvailable() bool {
+	return domainRules != nil
+}
+
+func GetDomainRuleLen() int {
+	if IsDomainRuleAvailable() {
+		return domainRules.Len()
+	} else {
+		return 0
+	}
+}

core/config/Ipv4RangeWhiteList.go

@@ -0,0 +1,42 @@
+package config
+
+import (
+	"log"
+)
+
+var Ipv4RangeRules *[]Ipv4RangeRule
+
+// Ipv4RangeRule Ipv4 rule with range
+type Ipv4RangeRule struct {
+	Rule  string
+	Ports []int
+	CIDR  bool
+}
+
+func AppendSingleIpv4RangeRule(rule string, ports []int, cidr bool, debug bool) {
+	if Ipv4RangeRules == nil {
+		Ipv4RangeRules = &[]Ipv4RangeRule{}
+	}
+
+	if debug {
+		log.Printf("AppendSingleIpv4RangeRule: %s%v cidr: %v", rule, ports, cidr)
+	}
+
+	*Ipv4RangeRules = append(*Ipv4RangeRules, Ipv4RangeRule{Rule: rule, Ports: ports, CIDR: cidr})
+}
+
+func GetIpv4Rules() *[]Ipv4RangeRule {
+	return Ipv4RangeRules
+}
+
+func IsIpv4RuleAvailable() bool {
+	return Ipv4RangeRules != nil
+}
+
+func GetIpv4RuleLen() int {
+	if IsDomainRuleAvailable() {
+		return len(*Ipv4RangeRules)
+	} else {
+		return 0
+	}
+}

core/config/conf.go

@@ -0,0 +1,207 @@
+package config
+
+type ConfWeb struct {
+	Conf      Conf
+	LocalConf struct {
+		Session struct {
+			NameFix string `xml:"nameFix,attr" json:"nameFix"`
+		} `xml:"Session,attr" json:"Session"`
+	} `xml:"LocalConf,attr" json:"LocalConf"`
+}
+
+type Conf struct {
+	EMM struct {
+		NetworkWhiteList struct {
+			ForbidIntranet string `xml:"forbid_intranet,attr"`
+			ForbidInternet string `xml:"forbid_internet,attr"`
+		} `xml:"NetworkWhiteList"`
+		TicketEnable    string `xml:"TicketEnable"`
+		TicketLoginType string `xml:"TicketLoginType"`
+		TicketLoginCode string `xml:"TicketLoginCode"`
+		MdmPolicyEnable string `xml:"MdmPolicyEnable"`
+		RdbUpdateTime   string `xml:"RdbUpdateTime"`
+	} `xml:"EMM"`
+	AworkName   string `xml:"AworkName"`
+	WebSecLogin struct {
+		LastLoginRes      string `xml:"LastLoginRes"`
+		LastLoginTime     string `xml:"LastLoginTime"`
+		LastLoginType     string `xml:"LastLoginType"`
+		LastOsType        string `xml:"LastOsType"`
+		LastLoginIp       string `xml:"LastLoginIp"`
+		LastLoginFails    string `xml:"LastLoginFails"`
+		LastLoginSuccTime string `xml:"LastLoginSuccTime"`
+		LastLoginSwitch   string `xml:"LastLoginSwitch"`
+	} `xml:"WebSecLogin"`
+	SysTray struct {
+		Enable          string `xml:"enable,attr"`
+		SSLTrayIconMd5  string `xml:"SSLTrayIconMd5,attr"`
+		SysShortCutName string `xml:"SysShortCutName,attr"`
+		SSLTrayIconPath string `xml:"SSLTrayIconPath,attr"`
+	} `xml:"SysTray"`
+	Webagent struct {
+		Enable  string `xml:"enable,attr"`
+		Address string `xml:"address,attr"`
+	} `xml:"Webagent"`
+	Mline struct {
+		Enable   string `xml:"enable,attr"`
+		Number   string `xml:"number,attr"`
+		List     string `xml:"list,attr"`
+		Interval string `xml:"interval,attr"`
+		Timeout  string `xml:"timeout,attr"`
+	} `xml:"Mline"`
+	Vpnline struct {
+		Address string `xml:"address,attr"`
+	} `xml:"Vpnline"`
+	Htp struct {
+		Enable string `xml:"enable,attr"`
+		Auto   string `xml:"auto,attr"`
+		Param  string `xml:"param,attr"`
+		Port   string `xml:"port,attr"`
+		Mtu    string `xml:"mtu,attr"`
+	} `xml:"Htp"`
+	WebCache struct {
+		Enable string `xml:"enable,attr"`
+		Mode   string `xml:"mode,attr"`
+		Count  string `xml:"count,attr"`
+		URL    string `xml:"url,attr"`
+	} `xml:"WebCache"`
+	WebOpt    string `xml:"WebOpt"`
+	Bandwidth struct {
+		Recvlimit string `xml:"recvlimit,attr"`
+		Sendlimit string `xml:"sendlimit,attr"`
+	} `xml:"Bandwidth"`
+	TcpApplication struct {
+		UserMode   string `xml:"userMode,attr"`
+		Compress   string `xml:"compress,attr"`
+		Maxthread  string `xml:"maxthread,attr"`
+		Maxsession string `xml:"maxsession,attr"`
+	} `xml:"TcpApplication"`
+	L3VPN struct {
+		IptunDns    string `xml:"iptunDns,attr"`
+		IptunDnsBak string `xml:"iptunDnsBak,attr"`
+	} `xml:"L3VPN"`
+	SCache struct {
+		Enable string `xml:"enable,attr"`
+		Gwid   string `xml:"gwid,attr"`
+		ID     string `xml:"id,attr"`
+		Cfgmd5 string `xml:"cfgmd5,attr"`
+		Dllmd5 string `xml:"dllmd5,attr"`
+	} `xml:"SCache"`
+	DnsRuleExceptions struct {
+		Text      string   `xml:",chardata"`
+		Exception []string `xml:"Exception"`
+	} `xml:"DnsRuleExceptions"`
+	UsbKey struct {
+		Version   string `xml:"version,attr"`
+		Certinput string `xml:"certinput,attr"`
+		Typeinfo  string `xml:"typeinfo,attr"`
+		Typecount string `xml:"typecount,attr"`
+	} `xml:"UsbKey"`
+	CDC struct {
+		Enable      string `xml:"enable,attr"`
+		LogKey      string `xml:"LogKey,attr"`
+		UseUsersLog string `xml:"useUsersLog,attr"`
+		LogInterval string `xml:"LogInterval,attr"`
+		GrpIdInt    string `xml:"GrpIdInt,attr"`
+		AuthPast    string `xml:"AuthPast,attr"`
+	} `xml:"CDC"`
+	Autorule struct {
+		Enable          string `xml:"enable,attr"`
+		EnableLimit     string `xml:"enable_limit,attr"`
+		GatherRuleLimit string `xml:"gather_rule_limit,attr"`
+		Mode            string `xml:"mode,attr"`
+		Count           string `xml:"count,attr"`
+		RuleLimit       string `xml:"rule_limit,attr"`
+		Domain          string `xml:"domain,attr"`
+	} `xml:"Autorule"`
+	Other struct {
+		LoginName           string `xml:"login_name,attr"`
+		SddnEnable          string `xml:"sddn_enable,attr"`
+		Sslctx              string `xml:"sslctx,attr"`
+		Displayhost         string `xml:"displayhost,attr"`
+		DenyNormalAccess    string `xml:"denyNormalAccess,attr"`
+		EnableAutoRelogin   string `xml:"enableAutoRelogin,attr"`
+		Autorelogininterval string `xml:"autorelogininterval,attr"`
+		Autorelogintimes    string `xml:"autorelogintimes,attr"`
+		IsRelogin           string `xml:"isRelogin,attr"`
+		RelogTimeLast       string `xml:"RelogTimeLast,attr"`
+		RelogIPLast         string `xml:"RelogIPLast,attr"`
+		AutoStartCS         string `xml:"autoStartCS,attr"`
+		PwpRemindMsg        string `xml:"pwp_remind_msg,attr"`
+		Svpnlanaddr         string `xml:"svpnlanaddr,attr"`
+		IsPubUser           string `xml:"isPubUser,attr"`
+		IsExtern            string `xml:"isExtern,attr"`
+		IsHidUser           string `xml:"isHidUser,attr"`
+		Enablesavepwd       string `xml:"enablesavepwd,attr"`
+		EnableCsRcWindows   string `xml:"enable_cs_rc_windows,attr"`
+		Enableautologin     string `xml:"enableautologin,attr"`
+		ChgPwdEnable        string `xml:"chg_pwd_enable,attr"`
+		ChgPhoneEnable      string `xml:"chg_phone_enable,attr"`
+		ChgNoteEnable       string `xml:"chg_note_enable,attr"`
+		AuthSms             string `xml:"auth_sms,attr"`
+		Mobilephone         string `xml:"mobilephone,attr"`
+		UserNote            string `xml:"user_note,attr"`
+		PswMinlen           string `xml:"psw_minlen,attr"`
+		PptpGrpolicy        string `xml:"pptp_grpolicy,attr"`
+		PptpDetaddr         string `xml:"pptp_detaddr,attr"`
+		Vpntype             string `xml:"vpntype,attr"`
+		Deviceversion       string `xml:"deviceversion,attr"`
+		UserAuthPast        string `xml:"UserAuthPast,attr"`
+		UserPwd             string `xml:"UserPwd,attr"`
+		AccessibleAddr      string `xml:"AccessibleAddr,attr"`
+	} `xml:"Other"`
+	RemoteApp struct {
+		AccountPolicy     string `xml:"account_policy,attr"`
+		SessionKeeptime   string `xml:"session_keeptime,attr"`
+		MapDisk           string `xml:"MapDisk,attr"`
+		MapClipboard      string `xml:"MapClipboard,attr"`
+		MapPrinter        string `xml:"MapPrinter,attr"`
+		VirtualPrinter    string `xml:"VirtualPrinter,attr"`
+		RappResuse        string `xml:"rapp_resuse,attr"`
+		VirtualPrintMode  string `xml:"VirtualPrintMode,attr"`
+		UseRdp            string `xml:"UseRdp,attr"`
+		PrintPaper        string `xml:"PrintPaper"`
+		PrivateFolderName string `xml:"PrivateFolderName"`
+		SRAPOption        struct {
+			LossCompressor struct {
+				Type    string `xml:"type,attr"`
+				Ratio   string `xml:"ratio,attr"`
+				Quality string `xml:"quality,attr"`
+			} `xml:"LossCompressor"`
+			GlyphCompress struct {
+				Option      string `xml:"option,attr"`
+				JpegQuality string `xml:"jpeg_quality,attr"`
+			} `xml:"GlyphCompress"`
+			NoLossCompressor struct {
+				BmpCompressor  string `xml:"bmp_compressor,attr"`
+				CompressorType string `xml:"compressor_type,attr"`
+			} `xml:"NoLossCompressor"`
+			CacheHash struct {
+				OpType string `xml:"op_type,attr"`
+			} `xml:"CacheHash"`
+			StreamMerge struct {
+				Type      string `xml:"type,attr"`
+				Threshold string `xml:"threshold,attr"`
+				Uptime    string `xml:"uptime,attr"`
+			} `xml:"StreamMerge"`
+		} `xml:"SRAPOption"`
+	} `xml:"RemoteApp"`
+	SSLCipherSuite struct {
+		EC    string `xml:"EC"`
+		TCP   string `xml:"TCP"`
+		L3VPN string `xml:"L3VPN"`
+	} `xml:"SSLCipherSuite"`
+	SSLEigenvalue struct {
+		TCP   string `xml:"TCP"`
+		L3VPN string `xml:"L3VPN"`
+	} `xml:"SSLEigenvalue"`
+	Logo struct {
+		Custom   string `xml:"custom,attr"`
+		LogoMd5  string `xml:"LogoMd5,attr"`
+		LogoPath string `xml:"LogoPath,attr"`
+	} `xml:"Logo"`
+	WebHttpEnable struct {
+		HttpPort string `xml:"httpPort,attr"`
+		Enable   string `xml:"enable,attr"`
+	} `xml:"WebHttpEnable"`
+}

core/config/rlist.go

@@ -0,0 +1,276 @@
+package config
+
+type RcData struct {
+	ID             string `xml:"id,attr"`
+	Name           string `xml:"name,attr"`
+	Type           string `xml:"type,attr"`
+	Proto          string `xml:"proto,attr"`
+	Svc            string `xml:"svc,attr"`
+	Host           string `xml:"host,attr"`
+	Port           string `xml:"port,attr"`
+	EnableDisguise string `xml:"enable_disguise,attr"`
+	Note           string `xml:"note,attr"`
+	Attr           string `xml:"attr,attr"`
+	AppPath        string `xml:"app_path,attr"`
+	RcGrpID        string `xml:"rc_grp_id,attr"`
+	RcLogo         string `xml:"rc_logo,attr"`
+	Authorization  string `xml:"authorization,attr"`
+	AuthSpID       string `xml:"auth_sp_id,attr"`
+	Selectid       string `xml:"selectid,attr"`
+}
+
+type ResourceWeb struct {
+	Resource  Resource
+	LocalConf struct {
+		Session struct {
+			NameFix string `xml:"nameFix,attr" json:"nameFix"`
+		} `xml:"Session,attr" json:"Session"`
+	} `xml:"LocalConf,attr" json:"LocalConf"`
+}
+
+type Resource struct {
+	Rcs struct {
+		Rc []struct {
+			ID             string `xml:"id,attr"`
+			Name           string `xml:"name,attr"`
+			Type           string `xml:"type,attr"`
+			Proto          string `xml:"proto,attr"`
+			Svc            string `xml:"svc,attr"`
+			Host           string `xml:"host,attr"`
+			Port           string `xml:"port,attr"`
+			EnableDisguise string `xml:"enable_disguise,attr"`
+			Note           string `xml:"note,attr"`
+			Attr           string `xml:"attr,attr"`
+			AppPath        string `xml:"app_path,attr"`
+			RcGrpID        string `xml:"rc_grp_id,attr"`
+			RcLogo         string `xml:"rc_logo,attr"`
+			Authorization  string `xml:"authorization,attr"`
+			AuthSpID       string `xml:"auth_sp_id,attr"`
+			Selectid       string `xml:"selectid,attr"`
+		} `xml:"Rc"`
+	} `xml:"Rcs"`
+	RcGroups struct {
+		Group []struct {
+			ID          string `xml:"id,attr"`
+			Name        string `xml:"name,attr"`
+			Type        string `xml:"type,attr"`
+			Logowidth   string `xml:"logowidth,attr"`
+			Logoheight  string `xml:"logoheight,attr"`
+			LoadBalance string `xml:"load_balance,attr"`
+			ShowNote    string `xml:"show_note,attr"`
+		} `xml:"Group"`
+	} `xml:"RcGroups"`
+	SD struct {
+		Global struct {
+			Enable         string `xml:"enable,attr"`
+			SDRedirectFile string `xml:"SDRedirectFile,attr"`
+		} `xml:"Global"`
+		Policy struct {
+			ID string `xml:"id,attr"`
+		} `xml:"Policy"`
+		DesktopFormat struct {
+			Safedesk               string `xml:"safedesk,attr"`
+			Com                    string `xml:"com,attr"`
+			Infrared               string `xml:"infrared,attr"`
+			Bluetooth              string `xml:"bluetooth,attr"`
+			Printer                string `xml:"printer,attr"`
+			Changedesk             string `xml:"changedesk,attr"`
+			RegisterUnMon          string `xml:"register_un_mon,attr"`
+			SafedeskLocalTransport string `xml:"safedesk_local_transport,attr"`
+			RappInSafedesk         string `xml:"rapp_in_safedesk,attr"`
+		} `xml:"DesktopFormat"`
+		Internet struct {
+			Tempbuf string `xml:"tempbuf,attr"`
+			History string `xml:"history,attr"`
+			Tables  string `xml:"tables,attr"`
+			Cookies string `xml:"cookies,attr"`
+		} `xml:"Internet"`
+		Iplist struct {
+			Iplist string `xml:"iplist,attr"`
+		} `xml:"iplist"`
+		Rclist struct {
+			Rclist string `xml:"rclist,attr"`
+		} `xml:"rclist"`
+	} `xml:"SD"`
+	Dns struct {
+		Dnsserver string `xml:"dnsserver,attr"`
+		Data      string `xml:"data,attr"`
+		Filter    string `xml:"filter,attr"`
+	} `xml:"Dns"`
+	FileLock struct {
+		Data         string `xml:"data,attr"`
+		Filecount    string `xml:"filecount,attr"`
+		Maxfilecount string `xml:"maxfilecount,attr"`
+	} `xml:"FileLock"`
+	UB struct {
+		IndexInner string `xml:"index_inner,attr"`
+		Ubdllinfo  string `xml:"ubdllinfo,attr"`
+	} `xml:"UB"`
+	Easylink struct {
+		ElnkRc struct {
+			ID          string `xml:"Id"`
+			ElnkRewrite string `xml:"ElnkRewrite"`
+			Mode        string `xml:"Mode"`
+			MapAddr     string `xml:"MapAddr"`
+		} `xml:"ElnkRc"`
+	} `xml:"Easylink"`
+	Other struct {
+		DefaultRcId string `xml:"defaultRcId,attr"`
+		AllocateVip string `xml:"allocateVip,attr"`
+		Balanceinfo string `xml:"balanceinfo,attr"`
+	} `xml:"Other"`
+	UrlWarrentRules struct {
+		Enable string `xml:"enable,attr"`
+		Filter string `xml:"filter,attr"`
+		Tips   string `xml:"tips,attr"`
+	} `xml:"UrlWarrentRules"`
+	MSGINFO     string `xml:"MSG_INFO"`
+	WebSsoInfos string `xml:"WebSsoInfos"`
+	VSP         struct {
+		Misc struct {
+			SDTitle                  string `xml:"SDTitle,attr"`
+			ShowRcInSD               string `xml:"ShowRcInSD,attr"`
+			ShowUserShortCutIconInSD string `xml:"ShowUserShortCutIconInSD,attr"`
+		} `xml:"Misc"`
+		WallPaper struct {
+			Type     string `xml:"Type,attr"`
+			URL      string `xml:"Url,attr"`
+			Compress string `xml:"Compress,attr"`
+			MD5      string `xml:"MD5,attr"`
+		} `xml:"WallPaper"`
+		Inject struct {
+			Type string `xml:"Type,attr"`
+		} `xml:"Inject"`
+		NavBar struct {
+			IconUrl string `xml:"IconUrl,attr"`
+			MD5     string `xml:"MD5,attr"`
+		} `xml:"NavBar"`
+		OfflineVisit struct {
+			Enable    string `xml:"Enable,attr"`
+			VisitTime string `xml:"VisitTime,attr"`
+			IsBind    string `xml:"IsBind,attr"`
+		} `xml:"OfflineVisit"`
+		RedirectData struct {
+			ProcessType     string `xml:"ProcessType,attr"`
+			UseCustomDefine string `xml:"UseCustomDefine,attr"`
+		} `xml:"RedirectData"`
+		Crypto struct {
+			Type   string `xml:"Type,attr"`
+			Length string `xml:"Length,attr"`
+			Ctx    string `xml:"Ctx,attr"`
+		} `xml:"Crypto"`
+		ReDirect struct {
+			NameRule string `xml:"NameRule,attr"`
+			Ctx      string `xml:"Ctx,attr"`
+		} `xml:"ReDirect"`
+		FileExport struct {
+			Enable           string `xml:"Enable,attr"`
+			AuditLog         string `xml:"AuditLog,attr"`
+			MaxAuditFileSize string `xml:"MaxAuditFileSize,attr"`
+			Compress         string `xml:"Compress,attr"`
+		} `xml:"FileExport"`
+		ActiveXProxyInstall struct {
+			Enable string `xml:"Enable,attr"`
+		} `xml:"ActiveXProxyInstall"`
+		LocalCommunication struct {
+			Enable string `xml:"Enable,attr"`
+		} `xml:"LocalCommunication"`
+		ExecutableProcess struct {
+			Enable string `xml:"Enable,attr"`
+		} `xml:"ExecutableProcess"`
+	} `xml:"VSP"`
+	StaticSd struct {
+		SpecileFile string `xml:"SpecileFile"`
+		SpecileKey  struct {
+			Text    string   `xml:",chardata"`
+			KeyList []string `xml:"KeyList"`
+		} `xml:"SpecileKey"`
+		SpecileProc struct {
+			ProcList string `xml:"ProcList"`
+		} `xml:"SpecileProc"`
+		DefaultExecutableProcess struct {
+			WhiteListItem []struct {
+				FileName   string `xml:"FileName"`
+				Value      string `xml:"Value"`
+				VerifyType string `xml:"VerifyType"`
+			} `xml:"WhiteListItem"`
+		} `xml:"DefaultExecutableProcess"`
+		NotifySize          string `xml:"NotifySize"`
+		EnTopTool           string `xml:"EnTopTool"`
+		ActiveXProxyProcess struct {
+			Process struct {
+				Name string `xml:"Name,attr"`
+			} `xml:"Process"`
+		} `xml:"ActiveXProxyProcess"`
+		RedirectObjectRule struct {
+			Count string `xml:"Count,attr"`
+			Rule  []struct {
+				ObjectType  string `xml:"ObjectType,attr"`
+				Disable     string `xml:"Disable,attr"`
+				MatchRule   string `xml:"MatchRule,attr"`
+				ObjectName  string `xml:"ObjectName,attr"`
+				ProcessName string `xml:"ProcessName,attr"`
+			} `xml:"Rule"`
+		} `xml:"RedirectObjectRule"`
+		DeniService struct {
+			Count   string `xml:"Count,attr"`
+			Service []struct {
+				Name string `xml:"name,attr"`
+			} `xml:"Service"`
+		} `xml:"DeniService"`
+		InterceptSet struct {
+			Count string `xml:"Count,attr"`
+			Item  []struct {
+				Type string `xml:"Type,attr"`
+				Name string `xml:"Name,attr"`
+			} `xml:"Item"`
+		} `xml:"InterceptSet"`
+		InjectAgentWhiteList struct {
+			Count    string `xml:"Count,attr"`
+			ProcName []struct {
+				Name string `xml:"name,attr"`
+			} `xml:"ProcName"`
+		} `xml:"InjectAgentWhiteList"`
+		VBRule struct {
+			Text     string   `xml:",chardata"`
+			Enable   string   `xml:"Enable,attr"`
+			ProcName []string `xml:"ProcName"`
+		} `xml:"VBRule"`
+		NetDrvInfo struct {
+			WorkMode      string `xml:"WorkMode,attr"`
+			WhiteListItem []struct {
+				FileName   string `xml:"FileName,attr"`
+				VerifyType string `xml:"VerifyType,attr"`
+				Value      string `xml:"Value,attr"`
+			} `xml:"WhiteListItem"`
+		} `xml:"NetDrvInfo"`
+		DenyProcess struct {
+			Item []struct {
+				FileName string `xml:"FileName,attr"`
+				Info     string `xml:"Info,attr"`
+			} `xml:"Item"`
+		} `xml:"DenyProcess"`
+		WhitePipeOfProcess struct {
+			EnablePipeRule string `xml:"EnablePipeRule,attr"`
+			Item           []struct {
+				FileName string `xml:"FileName,attr"`
+				Info     string `xml:"Info,attr"`
+				PipeName string `xml:"PipeName,attr"`
+			} `xml:"Item"`
+		} `xml:"WhitePipeOfProcess"`
+		Drivers struct {
+			Enable string `xml:"Enable,attr"`
+			Driver []struct {
+				Name   string `xml:"Name,attr"`
+				Enable string `xml:"Enable,attr"`
+			} `xml:"Driver"`
+		} `xml:"Drivers"`
+		UsbWhiteProcess struct {
+			Rule []struct {
+				ProcessName string `xml:"ProcessName,attr"`
+				Info        string `xml:"Info,attr"`
+				Type        string `xml:"Type,attr"`
+			} `xml:"Rule"`
+		} `xml:"UsbWhiteProcess"`
+	} `xml:"StaticSd"`
+}

core/protocol.go

@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"errors"
+	"io"
 	"log"
 	"net"
 	"os"
@@ -12,6 +13,25 @@ import (
 	tls "github.com/refraction-networking/utls"
 )
 
+type FakeHeartBeatExtension struct {
+	*tls.GenericExtension
+}
+
+func (e *FakeHeartBeatExtension) Len() int {
+	return 5
+}
+
+func (e *FakeHeartBeatExtension) Read(b []byte) (n int, err error) {
+	if len(b) < e.Len() {
+		return 0, io.ErrShortBuffer
+	}
+	b[1] = 0x0f
+	b[3] = 1
+	b[4] = 1
+
+	return e.Len(), io.EOF
+}
+
 func DumpHex(buf []byte) {
 	stdoutDumper := hex.Dumper(os.Stdout)
 	defer stdoutDumper.Close()
@@ -36,8 +56,11 @@ func TLSConn(server string) (*tls.UConn, error) {
 	conn.SetTLSVers(tls.VersionTLS11, tls.VersionTLS11, []tls.TLSExtension{})
 	conn.HandshakeState.Hello.Vers = tls.VersionTLS11
 	conn.HandshakeState.Hello.CipherSuites = []uint16{tls.TLS_RSA_WITH_RC4_128_SHA, tls.FAKE_TLS_EMPTY_RENEGOTIATION_INFO_SCSV}
-	conn.HandshakeState.Hello.CompressionMethods = []uint8{0}
+	conn.HandshakeState.Hello.CompressionMethods = []uint8{1, 0}
 	conn.HandshakeState.Hello.SessionId = []byte{'L', '3', 'I', 'P', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+	conn.Extensions = []tls.TLSExtension{
+		&FakeHeartBeatExtension{},
+	}
 
 	log.Println("tls: connected to: ", conn.RemoteAddr())
 
@@ -168,7 +191,7 @@ func BlockTXStream(server string, token *[48]byte, ipRev *[4]byte, ep *EasyConne
 	errCh := make(chan error)
 
 	ep.OnRecv = func(buf []byte) {
-		n, err = conn.Write(buf)
+		var n, err = conn.Write(buf)
 		if err != nil {
 			errCh <- err
 			return
@@ -189,11 +212,11 @@ func StartProtocol(endpoint *EasyConnectEndpoint, server string, token *[48]byte
 		for counter < 5 {
 			err := BlockRXStream(server, token, ipRev, endpoint, debug)
 			if err != nil {
-				log.Print("Error occurred while recv, retrying: " + err.Error())
+				log.Print("Error occurred while receiving, retrying: " + err.Error())
 			}
 			counter += 1
 		}
-		panic("recv retry limit exceeded.")
+		panic("receive retry limit exceeded.")
 	}
 
 	go RX()

core/socks.go

@@ -1,13 +1,17 @@
 package core
 
 import (
+	"bytes"
 	"context"
 	"errors"
 	"log"
+	"math"
 	"net"
 	"strconv"
 	"strings"
 
+	"EasierConnect/core/config"
+
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
@@ -21,33 +25,121 @@ func ServeSocks5(ipStack *stack.Stack, selfIp []byte, bindAddr string) {
 
 			log.Printf("socks dial: %s", addr)
 
-			if network != "tcp" {
-				return nil, errors.New("only support tcp")
-			}
-
 			parts := strings.Split(addr, ":")
-			target, err := net.ResolveIPAddr("ip", parts[0])
-			if err != nil {
-				return nil, errors.New("resolve ip addr failed: " + parts[0])
-			}
 
+			ip := parts[0]
 			port, err := strconv.Atoi(parts[1])
 			if err != nil {
 				return nil, errors.New("invalid port: " + parts[1])
 			}
 
-			addrTarget := tcpip.FullAddress{
-				NIC:  defaultNIC,
-				Port: uint16(port),
-				Addr: tcpip.Address(target.IP),
+			var allowedPorts = []int{1, 65535} // [0] -> Min, [1] -> Max
+			var useL3transport = true
+			var hasDnsRule = false
+
+			var target *net.IPAddr
+
+			if config.IsDomainRuleAvailable() {
+				allowedPorts, useL3transport = config.GetSingleDomainRule(ip)
 			}
 
-			bind := tcpip.FullAddress{
-				NIC:  defaultNIC,
-				Addr: tcpip.Address(selfIp),
+			if config.IsDnsRuleAvailable() {
+				var dnsRules string
+				dnsRules, hasDnsRule = config.GetSingleDnsRule(ip)
+
+				if hasDnsRule {
+					ip = dnsRules
+				}
 			}
 
-			return gonet.DialTCPWithBind(context.Background(), ipStack, bind, addrTarget, header.IPv4ProtocolNumber)
+			target, err = net.ResolveIPAddr("ip", ip)
+			if err != nil {
+				return nil, errors.New("resolve ip addr failed: " + ip)
+			}
+
+			if !useL3transport && config.IsDomainRuleAvailable() {
+				log.Printf("final ip: %s", target.IP.String())
+				allowedPorts, useL3transport = config.GetSingleDomainRule(target.IP.String())
+			}
+
+			if !useL3transport && config.IsIpv4RuleAvailable() {
+				if DebugDump {
+					log.Printf("Ipv4Rule is available ")
+				}
+				for _, rule := range *config.GetIpv4Rules() {
+					if rule.CIDR {
+						_, cidr, _ := net.ParseCIDR(rule.Rule)
+						if DebugDump {
+							log.Printf("Cidr test: %s %s %v", target.IP, rule.Rule, cidr.Contains(target.IP))
+						}
+
+						if cidr.Contains(target.IP) {
+							if DebugDump {
+								log.Printf("Cidr matched: %s %s", target.IP, rule.Rule)
+							}
+
+							useL3transport = true
+							allowedPorts = rule.Ports
+						}
+					} else {
+						if DebugDump {
+							log.Printf("raw match test: %s %s", target.IP, rule.Rule)
+						}
+
+						ip1 := net.ParseIP(strings.Split(rule.Rule, "~")[0])
+						ip2 := net.ParseIP(strings.Split(rule.Rule, "~")[1])
+
+						if bytes.Compare(target.IP, ip1) >= 0 && bytes.Compare(target.IP, ip2) <= 0 {
+							if DebugDump {
+								log.Printf("raw matched: %s %s", ip1, ip2)
+							}
+
+							useL3transport = true
+							allowedPorts = rule.Ports
+						}
+					}
+				}
+			}
+
+			if config.IsDomainRuleAvailable() {
+				allowAllWebSitesPorts, allowAllWebSites := config.GetSingleDomainRule("*")
+
+				if allowAllWebSites {
+					if allowAllWebSitesPorts[0] > 0 && allowAllWebSitesPorts[1] > 0 {
+						allowedPorts[0] = int(math.Min(float64(allowedPorts[0]), float64(allowAllWebSitesPorts[0])))
+						allowedPorts[1] = int(math.Max(float64(allowedPorts[1]), float64(allowAllWebSitesPorts[1])))
+
+						useL3transport = true
+					}
+				}
+			}
+
+			log.Printf("Addr: %s, AllowedPorts: %v, useL3transport: %v, useCustomDns: %v, ResolvedIp: %s", addr, allowedPorts, useL3transport, hasDnsRule, ip)
+
+			if (!useL3transport && hasDnsRule) || (useL3transport && port >= allowedPorts[0] && port <= allowedPorts[1]) {
+				if network != "tcp" {
+					return nil, errors.New("only support tcp")
+				}
+
+				addrTarget := tcpip.FullAddress{
+					NIC:  defaultNIC,
+					Port: uint16(port),
+					Addr: tcpip.Address(target.IP),
+				}
+
+				bind := tcpip.FullAddress{
+					NIC:  defaultNIC,
+					Addr: tcpip.Address(selfIp),
+				}
+
+				return gonet.DialTCPWithBind(context.Background(), ipStack, bind, addrTarget, header.IPv4ProtocolNumber)
+			}
+			goDialer := &net.Dialer{}
+			goDial := goDialer.DialContext
+
+			log.Printf("skip: %s", addr)
+
+			return goDial(ctx, network, addr)
 		},
 	}
 

core/tun_stack.go

@@ -49,11 +49,11 @@ func (ep *EasyConnectEndpoint) ARPHardwareType() header.ARPHardwareType {
 	return header.ARPHardwareNone
 }
 
-func (ep *EasyConnectEndpoint) AddHeader(buffer *stack.PacketBuffer) {}
+func (ep *EasyConnectEndpoint) AddHeader(stack.PacketBufferPtr) {}
 
 func (ep *EasyConnectEndpoint) WritePackets(list stack.PacketBufferList) (int, tcpip.Error) {
 	for _, packetBuffer := range list.AsSlice() {
-		buf := []byte{}
+		var buf []byte
 		for _, t := range packetBuffer.AsSlices() {
 			buf = append(buf, t...)
 		}

core/web_login.go

@@ -1,6 +1,7 @@
 package core
 
 import (
+	"bytes"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
@@ -20,7 +21,8 @@ import (
 	utls "github.com/refraction-networking/utls"
 )
 
-var ERR_NEXT_AUTH_SMS = errors.New("SMS Code required.")
+var ERR_NEXT_AUTH_SMS = errors.New("SMS Code required")
+var ERR_NEXT_AUTH_TOTP = errors.New("current user's TOTP bound")
 
 func WebLogin(server string, username string, password string) (string, error) {
 	server = "https://" + server
@@ -41,19 +43,26 @@ func WebLogin(server string, username string, password string) (string, error) {
 
 	defer resp.Body.Close()
 
-	buf := make([]byte, 40960)
-	n, _ := resp.Body.Read(buf)
+	var buf bytes.Buffer
+	io.Copy(&buf, resp.Body)
 
-	twfId := string(regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf[:n])[1])
+	twfId := string(regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf.Bytes())[1])
 	log.Printf("Twf Id: %s", twfId)
 
-	rsaKey := string(regexp.MustCompile(`<RSA_ENCRYPT_KEY>(.*)</RSA_ENCRYPT_KEY>`).FindSubmatch(buf[:n])[1])
+	rsaKey := string(regexp.MustCompile(`<RSA_ENCRYPT_KEY>(.*)</RSA_ENCRYPT_KEY>`).FindSubmatch(buf.Bytes())[1])
 	log.Printf("RSA Key: %s", rsaKey)
 
-	rsaExp := string(regexp.MustCompile(`<RSA_ENCRYPT_EXP>(.*)</RSA_ENCRYPT_EXP>`).FindSubmatch(buf[:n])[1])
+	rsaExpMatch := regexp.MustCompile(`<RSA_ENCRYPT_EXP>(.*)</RSA_ENCRYPT_EXP>`).FindSubmatch(buf.Bytes())
+	rsaExp := ""
+	if rsaExpMatch != nil {
+		rsaExp = string(rsaExpMatch[1])
+	} else {
+		log.Printf("Warning: No RSA_ENCRYPT_EXP, using default.")
+		rsaExp = "65537"
+	}
 	log.Printf("RSA Exp: %s", rsaExp)
 
-	csrfMatch := regexp.MustCompile(`<CSRF_RAND_CODE>(.*)</CSRF_RAND_CODE>`).FindSubmatch(buf[:n])
+	csrfMatch := regexp.MustCompile(`<CSRF_RAND_CODE>(.*)</CSRF_RAND_CODE>`).FindSubmatch(buf.Bytes())
 	csrfCode := ""
 	if csrfMatch != nil {
 		csrfCode = string(csrfMatch[1])
@@ -98,13 +107,14 @@ func WebLogin(server string, username string, password string) (string, error) {
 		return "", err
 	}
 
-	n, _ = resp.Body.Read(buf)
+	buf.Reset()
+	io.Copy(&buf, resp.Body)
 	defer resp.Body.Close()
 
 	// log.Printf("First stage login response: %s", string(buf[:n]))
 
 	// SMS Code Process
-	if strings.Contains(string(buf[:n]), "<NextService>auth/sms</NextService>") {
+	if strings.Contains(buf.String(), "<NextService>auth/sms</NextService>") || strings.Contains(buf.String(), "<NextAuth>2</NextAuth>") {
 		log.Print("SMS code required.")
 
 		addr = server + "/por/login_sms.csp?apiversion=1"
@@ -118,12 +128,13 @@ func WebLogin(server string, username string, password string) (string, error) {
 			return "", err
 		}
 
-		n, _ := resp.Body.Read(buf)
+		buf.Reset()
+		io.Copy(&buf, resp.Body)
 		defer resp.Body.Close()
 
-		if !strings.Contains(string(buf[:n]), "验证码已发送到您的手机") {
+		if !strings.Contains(buf.String(), "验证码已发送到您的手机") && !strings.Contains(buf.String(), "<USER_PHONE>") {
 			debug.PrintStack()
-			return "", errors.New("unexpected sms resp: " + string(buf[:n]))
+			return "", errors.New("unexpected sms resp: " + buf.String())
 		}
 
 		log.Printf("SMS Code is sent or still valid.")
@@ -131,19 +142,25 @@ func WebLogin(server string, username string, password string) (string, error) {
 		return twfId, ERR_NEXT_AUTH_SMS
 	}
 
-	if strings.Contains(string(buf[:n]), "<NextAuth>-1</NextAuth>") || !strings.Contains(string(buf[:n]), "<NextAuth>") {
+	// TOTP Authnication Process (Edited by JHong)
+	if strings.Contains(buf.String(), "<NextService>auth/token</NextService>") || strings.Contains(buf.String(), "<NextServiceSubType>totp</NextServiceSubType>") {
+		log.Print("TOTP Authnication required.")
+		return twfId, ERR_NEXT_AUTH_TOTP
+	}
+
+	if strings.Contains(buf.String(), "<NextAuth>-1</NextAuth>") || !strings.Contains(buf.String(), "<NextAuth>") {
 		log.Print("No NextAuth found.")
 	} else {
 		debug.PrintStack()
-		return "", errors.New("Not implemented auth: " + string(buf[:n]))
+		return "", errors.New("Not implemented auth: " + buf.String())
 	}
 
-	if !strings.Contains(string(buf[:n]), "<Result>1</Result>") {
+	if !strings.Contains(buf.String(), "<Result>1</Result>") {
 		debug.PrintStack()
-		return "", errors.New("Login FAILED: " + string(buf[:n]))
+		return "", errors.New("Login FAILED: " + buf.String())
 	}
 
-	twfIdMatch := regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf[:n])
+	twfIdMatch := regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf.Bytes())
 	if twfIdMatch != nil {
 		twfId = string(twfIdMatch[1])
 		log.Printf("Update twfId: %s", twfId)
@@ -160,8 +177,6 @@ func AuthSms(server string, username string, password string, twfId string, smsC
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		}}
 
-	buf := make([]byte, 40960)
-
 	addr := "https://" + server + "/por/login_sms1.csp?apiversion=1"
 	log.Printf("SMS Request: " + addr)
 	form := url.Values{
@@ -177,20 +192,59 @@ func AuthSms(server string, username string, password string, twfId string, smsC
 		return "", err
 	}
 
-	n, _ := resp.Body.Read(buf)
+	var buf bytes.Buffer
+	io.Copy(&buf, resp.Body)
 	defer resp.Body.Close()
 
-	if !strings.Contains(string(buf[:n]), "Auth sms suc") {
+	if !strings.Contains(buf.String(), "Auth sms suc") {
 		debug.PrintStack()
-		return "", errors.New("SMS Code verification FAILED: " + string(buf[:n]))
+		return "", errors.New("SMS Code verification FAILED: " + buf.String())
 	}
 
-	twfId = string(regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf[:n])[1])
+	twfId = string(regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf.Bytes())[1])
 	log.Print("SMS Code verification SUCCESS")
 
 	return twfId, nil
 }
 
+// JHong Implementing.......
+func TOTPAuth(server string, username string, password string, twfId string, TOTPCode string) (string, error) {
+	c := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}}
+
+	addr := "https://" + server + "/por/login_token.csp"
+	log.Printf("TOTP token Request: " + addr)
+	form := url.Values{
+		"svpn_inputtoken": {TOTPCode},
+	}
+
+	req, err := http.NewRequest("POST", addr, strings.NewReader(form.Encode()))
+	req.Header.Set("Cookie", "TWFID="+twfId)
+
+	resp, err := c.Do(req)
+	if err != nil {
+		debug.PrintStack()
+		return "", err
+	}
+
+	var buf bytes.Buffer
+	io.Copy(&buf, resp.Body)
+
+	defer resp.Body.Close()
+
+	if !strings.Contains(buf.String(), "suc") {
+		debug.PrintStack()
+		return "", errors.New("TOTP token verification FAILED: " + buf.String())
+	}
+
+	twfId = string(regexp.MustCompile(`<TwfID>(.*)</TwfID>`).FindSubmatch(buf.Bytes())[1])
+	log.Print("TOTP verification SUCCESS")
+
+	return twfId, nil
+}
+
 func ECAgentToken(server string, twfId string) (string, error) {
 	dialConn, err := net.Dial("tcp", server)
 	defer dialConn.Close()
@@ -201,15 +255,18 @@ func ECAgentToken(server string, twfId string) (string, error) {
 	// When you establish a HTTPS connection to server and send a valid request with TWFID to it
 	// The **TLS ServerHello SessionId** is the first part of token
 	log.Printf("ECAgent Request: /por/conf.csp & /por/rclist.csp")
-	io.WriteString(conn, "GET /por/conf.csp HTTP/1.1\r\nHost: "+server+"\r\nCookie: TWFID="+twfId+"\r\n\r\nGET /por/rclist.csp HTTP/1.1\r\nHost: "+server+"\r\nCookie: TWFID="+twfId+"\r\n\r\n")
+	_, err = io.WriteString(conn, "GET /por/conf.csp HTTP/1.1\r\nHost: "+server+"\r\nCookie: TWFID="+twfId+"\r\n\r\nGET /por/rclist.csp HTTP/1.1\r\nHost: "+server+"\r\nCookie: TWFID="+twfId+"\r\n\r\n")
+	if err != nil {
+		panic(err)
+	}
 
 	log.Printf("Server Session ID: %q", conn.HandshakeState.ServerHello.SessionId)
 
-	buf := make([]byte, 40960)
+	buf := make([]byte, 8)
 	n, err := conn.Read(buf)
 	if n == 0 || err != nil {
 		debug.PrintStack()
-		return "", errors.New("ECAgent Request invalid: error " + err.Error() + "\n" + string(buf[:n]))
+		return "", errors.New("ECAgent Request invalid: error " + err.Error() + "\n" + string(buf[:]))
 	}
 
 	return hex.EncodeToString(conn.HandshakeState.ServerHello.SessionId)[:31] + "\x00", nil

go.mod

@@ -6,8 +6,10 @@ require github.com/refraction-networking/utls v1.2.0
 
 require (
 	fyne.io/fyne/v2 v2.3.0
-	gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c
-	tailscale.com v1.34.2
+	github.com/cornelk/hashmap v1.0.8
+	github.com/dlclark/regexp2 v1.8.0
+	gvisor.dev/gvisor v0.0.0-20230128000341-b7014294633b
+	tailscale.com v1.36.0
 )
 
 require (
@@ -35,13 +37,15 @@ require (
 	github.com/stretchr/testify v1.8.0 // indirect
 	github.com/tevino/abool v1.2.0 // indirect
 	github.com/yuin/goldmark v1.4.1 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	go4.org/mem v0.0.0-20210711025021-927187094b94 // indirect
+	golang.org/x/crypto v0.3.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
 	golang.org/x/image v0.0.0-20220601225756-64ec528b34cd // indirect
 	golang.org/x/mobile v0.0.0-20211207041440-4e6c2922fdee // indirect
-	golang.org/x/net v0.1.0 // indirect
-	golang.org/x/sys v0.3.1-0.20221220025402-2204b6615fb8 // indirect
-	golang.org/x/text v0.4.0 // indirect
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
+	golang.org/x/net v0.5.0 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
+	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	honnef.co/go/js/dom v0.0.0-20210725211120-f030747120f2 // indirect
 )

go.sum

@@ -68,11 +68,15 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cornelk/hashmap v1.0.8 h1:nv0AWgw02n+iDcawr5It4CjQIAcdMMKRrs10HOJYlrc=
+github.com/cornelk/hashmap v1.0.8/go.mod h1:RfZb7JO3RviW/rT6emczVuC/oxpdz4UsSB2LJSclR1k=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dlclark/regexp2 v1.8.0 h1:rJD5HeGIT/2b5CDk63FVCwZA3qgYElfg+oQK7uH5pfE=
+github.com/dlclark/regexp2 v1.8.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -317,6 +321,7 @@ go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go4.org/mem v0.0.0-20210711025021-927187094b94 h1:OAAkygi2Js191AJP1Ds42MhJRgeofeKGjuoUqNp1QC4=
+go4.org/mem v0.0.0-20210711025021-927187094b94/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -325,8 +330,8 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -338,7 +343,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20210504121937-7319ad40d33e/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -410,8 +416,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
-golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -483,8 +489,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.1-0.20221220025402-2204b6615fb8 h1:/VqMvhQCyzfuc826eNrpWmMb3AwD2Sxz/HMsYIhwcIs=
-golang.org/x/sys v0.3.1-0.20221220025402-2204b6615fb8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -495,13 +501,13 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220609170525-579cf78fd858 h1:Dpdu/EMxGMFgq0CeYMh4fazTD2vtlZRYE7wyynxJb9U=
+golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -675,8 +681,8 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c h1:m5lcgWnL3OElQNVyp3qcncItJ2c0sQlSGjYK2+nJTA4=
-gvisor.dev/gvisor v0.0.0-20220901235040-6ca97ef2ce1c/go.mod h1:TIvkJD0sxe8pIob3p6T8IzxXunlp6yfgktvTNp+DGNM=
+gvisor.dev/gvisor v0.0.0-20230128000341-b7014294633b h1:XFXNTjVvJrnFnXCo3TjLyMi/GqFqb/Hh5mfDW5aY5uw=
+gvisor.dev/gvisor v0.0.0-20230128000341-b7014294633b/go.mod h1:94x/o/BlxPAbw4phqHRac0/IzpcQRUP7ZQldDWV3TKU=
 honnef.co/go/js/dom v0.0.0-20210725211120-f030747120f2 h1:oomkgU6VaQDsV6qZby2uz1Lap0eXmku8+2em3A/l700=
 honnef.co/go/js/dom v0.0.0-20210725211120-f030747120f2/go.mod h1:sUMDUKNB2ZcVjt92UnLy3cdGs+wDAcrPdV3JP6sVgA4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -689,5 +695,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-tailscale.com v1.34.2 h1:g6n9HEZjQfTQfXyeiGeuxPPqSQKhtdmXIbyUxd76O9U=
-tailscale.com v1.34.2/go.mod h1:xA1XYcaHK0BIyCETEkTuaj3M3uOe/zNJ5G/Sb9oNU3k=
+tailscale.com v1.36.0 h1:wJXQMp6DB8Y+HHSbDuHYckmeqiqZ3dU/lWg2/MRd6uM=
+tailscale.com v1.36.0/go.mod h1:YIVXRZAr+Bzm3pICntGE6KjXzkQP5xOiliA8DrGW5W4=

listener/ECAgent.go

@@ -0,0 +1,439 @@
+package listener
+
+import (
+	"EasierConnect/core"
+	"EasierConnect/core/config"
+	"EasierConnect/parser"
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"os"
+	"os/exec"
+	REGEXP "regexp"
+	"runtime"
+	"strconv"
+	"time"
+
+	"encoding/hex"
+
+	"fmt"
+	"strings"
+
+	"log"
+	"net/http"
+)
+
+type Env_ struct {
+	privateKey *rsa.PrivateKey
+	publicKey  *rsa.PublicKey
+	regexp     *REGEXP.Regexp
+}
+
+type ECAgentResult_ struct {
+	server string
+	port   string
+	twfID  string
+}
+
+var Env Env_
+var ECAgentResult ECAgentResult_
+var ECAgentPort int
+
+/** This is a quick implementation of ECAgent listener protocol
+ */
+
+func HelloServer(w http.ResponseWriter, req *http.Request) {
+	reqMap := make(map[string]string)
+	log.Printf("Simple ECAgent #> ClientRequest: %s \n", req.RequestURI)
+
+	if req.RequestURI == "/ECAgent/" {
+		_, err := w.Write([]byte("Init ECAgent env successfully. You can login to vpn now."))
+		if err != nil {
+			panic(err)
+		}
+		return
+	}
+
+	constructRespon := func(operate, result, message, debug string) string {
+		return "(\"{\\\"type\\\":\\\"" + operate + "\\\",\\\"result\\\":\\\"" + result + "\\\",\\\"message\\\":\\\"" + message + "\\\",\\\"debug\\\":\\\"" + debug + "\\\"}\");"
+	}
+
+	form := Env.regexp.FindAllString(req.RequestURI, -1)
+
+	for _, ent := range form {
+		entry := strings.Split(ent, "=")
+		reqMap[entry[0]] = entry[1]
+
+		if core.DebugDump {
+			fmt.Printf("request > %s\n", ent)
+		}
+	}
+
+	response := strings.Builder{}
+
+	action := reqMap["op"]
+	//token := reqMap["token"]
+	//Guid := reqMap["Guid"]
+	callback := reqMap["callback"]
+
+	response.WriteString(callback)
+
+	//TODO:: Optimize & reformat
+	switch {
+	case action == "InitECAgent":
+		response.WriteString(constructRespon(action, "1", "", "CSCM_EXIST, init ok"))
+		break
+	case action == "GetEncryptKey":
+		//https://github.com/creationix/jsbn/blob/master/README.md
+
+		modulus := fmt.Sprintf("%02X", Env.publicKey.N)
+		response.WriteString(constructRespon(action, modulus, "", "CSCM_EXIST, init ok"))
+		break
+	case action == "DoConfigure":
+		/*
+		   op=DoConfigure
+		   arg1=
+		   token= hex_md5(session + '__md5_salt_for_ecagent_session__')
+		   Guid=
+		   callback=EA_cbxxxxx
+		*/
+		arg1 := reqMap["arg1"]
+
+		Configure := strings.Split(arg1, "%20")
+
+		switch Configure[0] {
+		case "SET":
+			switch Configure[1] {
+			case "SERVADDR":
+				server := Configure[2]
+				port := Configure[3]
+
+				ECAgentResult.server = server
+				ECAgentResult.port = port
+
+				log.Printf("server: %s port: %s\n", server, port)
+
+				break
+			case "TWFID":
+				EncryptedTwfIDHex := Configure[2]
+
+				EncryptedTwfID, err := hex.DecodeString(EncryptedTwfIDHex)
+				if err != nil {
+					fmt.Println(err)
+				}
+
+				DecryptedTwfid, err := rsa.DecryptPKCS1v15(rand.Reader, Env.privateKey, EncryptedTwfID)
+				if err != nil {
+					fmt.Println(err)
+				}
+
+				if ECAgentResult.twfID == "" {
+					ECAgentResult.twfID = string(DecryptedTwfid[:])
+
+					log.Printf("Encrypted twfid: %s \n", EncryptedTwfIDHex)
+					log.Printf("Decrypted twfid: %s \n", ECAgentResult.twfID)
+
+					go startClient(ECAgentResult)
+				}
+				break
+			}
+		}
+
+		response.WriteString(constructRespon(action, "1", "", ""))
+		break
+	case action == "CheckProxySetting":
+		response.WriteString(constructRespon(action, "-1", "", ""))
+		break
+	case action == "TestProxyServer":
+		response.WriteString(constructRespon(action, "-1", "", ""))
+		break
+	case action == "GetConfig":
+		//op=GetConfig&arg1=1&token=&Guid=&callback=EA_cbxxxxx
+
+		if reqMap["arg1"] == "1" {
+			conf := config.Conf{}
+			_, ok := parser.ParseXml(&conf, ECAgentResult.server, config.PathConf, ECAgentResult.twfID)
+
+			confWeb := config.ConfWeb{Conf: conf}
+
+			if ok {
+				result, err := json.Marshal(confWeb)
+				if err != nil {
+					fmt.Println("Cannot convert Json.", err)
+					return
+				}
+
+				replacementMap := map[string]string{}
+
+				sh1t := strings.ReplaceAll(strings.ReplaceAll(string(result), "\\", "\\\\"), "\"", "\\\"")
+
+				for from, to := range replacementMap {
+					sh1t = strings.ReplaceAll(sh1t, from, to)
+				}
+
+				response.WriteString("(\"" + sh1t + "\");")
+			} else {
+				response.WriteString("(\"" + "\");")
+			}
+		} else if reqMap["arg1"] == "2" {
+			res := config.Resource{}
+			_, ok := parser.ParseXml(&res, ECAgentResult.server, config.PathRlist, ECAgentResult.twfID)
+
+			ResourceList := config.ResourceWeb{Resource: res}
+
+			if ok {
+				result, err := json.Marshal(ResourceList)
+				if err != nil {
+					fmt.Println("Cannot convert Json.", err)
+					return
+				}
+
+				replacementMap := map[string]string{
+					"ID":             "id",
+					"Name":           "name",
+					"Type":           "type",
+					"Proto":          "proto",
+					"Svc":            "svc",
+					"Host":           "host",
+					"Port":           "port",
+					"EnableDisguise": "enable_disguise",
+					"Note":           "note",
+					"Attr":           "attr",
+					"AppPath":        "app_path",
+					"RcGrpID":        "rc_grp_id",
+					"RcLogo":         "rc_logo",
+					"Authorization":  "authorization",
+					"AuthSpID":       "auth_sp_id",
+					"Selectid":       "selectid",
+				}
+
+				sh1t := strings.ReplaceAll(strings.ReplaceAll(string(result), "\\", "\\\\"), "\"", "\\\"")
+
+				for from, to := range replacementMap {
+					sh1t = strings.ReplaceAll(sh1t, from, to)
+				}
+
+				response.WriteString("(\"" + sh1t + "\");")
+			} else {
+				response.WriteString("(\"" + "\");")
+			}
+		}
+		break
+	case action == "CheckReLogin":
+		response.WriteString(constructRespon(action, "1", "", ""))
+		break
+	case action == "UpdateControls":
+		response.WriteString(constructRespon(action, "1", "", ""))
+		break
+	case action == "DoQueryService":
+		//TODO:: handle diff types
+		response.WriteString(constructRespon(action, "26", "", ""))
+		break
+	case action == "StartService":
+		response.WriteString(constructRespon(action, "1", "", ""))
+		break
+	case action == "doXmlConfigure":
+		response.WriteString(constructRespon(action, "1", "", ""))
+		break
+	case action == "__check_alive__":
+		response.Reset()
+		response.WriteString("e(\"1\");")
+		break
+	default:
+		log.Printf("Unknown action %s\n", action)
+	}
+
+	w.Header().Set("Content-Type", "text/javascript; charset=UTF-8")
+
+	if core.DebugDump {
+		fmt.Printf("response > %s \n", response.String())
+	}
+
+	_, err := w.Write([]byte(response.String()))
+	if err != nil {
+		return
+	}
+}
+
+func startClient(config ECAgentResult_) {
+	port, err := strconv.Atoi(config.port)
+	if err != nil {
+		log.Fatal("Cannot parse port!")
+	}
+
+	log.Printf("Starting Client ..... \n")
+
+	core.StartClient(config.server, port, "", "", config.twfID)
+}
+
+/*
+*
+generate Pkcs1 keys (to decrypt the twfID from javascript's request)
+*/
+func generateKey() {
+	var err error
+	// generate private key
+	Env.privateKey, err = rsa.GenerateKey(rand.Reader, 1024)
+	if err != nil {
+		log.Fatal("Failed generating private key")
+	}
+
+	go Env.privateKey.Precompute()
+	// validate private key
+	err = Env.privateKey.Validate()
+	if err != nil {
+		log.Fatal("Failed validating private key")
+	}
+
+	Env.publicKey = &Env.privateKey.PublicKey
+}
+
+func initRegExp() {
+	var err error
+	Env.regexp, err = REGEXP.Compile("[a-zA-Z0-9]*=[a-zA-Z0-9_.%]*")
+
+	if err != nil {
+		log.Fatal(err)
+		return
+	}
+}
+
+/*
+*
+Create the cert which server uses
+*/
+func generateServerCert() (string, string) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	x509temple := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		NotBefore:    time.UnixMilli(0),
+		NotAfter:     time.Now().Add(time.Hour * 24 * 365),
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+
+		IsCA:        true,
+		IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
+	}
+	cert, err := x509.CreateCertificate(rand.Reader, &x509temple, &x509temple, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		panic(err)
+	}
+
+	buffer := &bytes.Buffer{}
+	err = pem.Encode(buffer, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
+	if err != nil {
+		panic(err)
+	}
+	certStr := buffer.String()
+	buffer.Reset()
+
+	certPrivKey := x509.MarshalPKCS1PrivateKey(privateKey)
+
+	err = pem.Encode(buffer, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: certPrivKey})
+	if err != nil {
+		panic(err)
+	}
+	key := buffer.String()
+
+	return certStr, key
+}
+
+// TODO:: Move to utils\FileUtils.go
+func createTempFile(fileNamePattern, data string) *os.File {
+	f, err := os.CreateTemp("", fileNamePattern)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	defer func(f *os.File) {
+		err := f.Close()
+		if err != nil {
+			panic(err)
+		}
+	}(f)
+
+	_, err = f.Write([]byte(data))
+	if err != nil {
+		panic(err)
+	}
+
+	return f
+}
+
+func checkPort() {
+	ECAgentPort = 54530
+	Ports := []int{54530, 54541, 54552, 54563, 54574, 54585, 54596, 54607}
+	/* available ports: 54530, 54541, 54552, 54563, 54574, 54585, 54596, 54607
+	 */
+
+	log.Printf("Checking available port...")
+
+	for index, port := range Ports {
+		ln, err := net.Listen("tcp", fmt.Sprintf(":%v", port))
+		ln.Close()
+
+		if err == nil {
+			ECAgentPort = port
+			break
+		}
+
+		if index == 7 {
+			log.Fatal("Cannot find available port!")
+		}
+	}
+}
+
+func StartECAgent() {
+	Env = Env_{}
+	ECAgentResult = ECAgentResult_{}
+
+	checkPort()
+	initRegExp()
+	generateKey()
+
+	cert, key := generateServerCert()
+	certFile := createTempFile("ECAgent-*.crt", cert)
+	keyFile := createTempFile("ECAgent-*.key", key)
+
+	go func() {
+		<-time.After(500 * time.Millisecond)
+		url := fmt.Sprintf("https://127.0.0.1:%v/ECAgent/", ECAgentPort)
+
+		switch runtime.GOOS {
+		case "windows":
+			err := exec.Command("cmd", "/c", "start", url).Run()
+			if err != nil {
+				panic(err)
+			}
+		case "darwin":
+			err := exec.Command("open", url).Run()
+			if err != nil {
+				panic(err)
+			}
+		default:
+			err := exec.Command("xdg-open", url).Run()
+			if err != nil {
+				panic(err)
+			}
+		}
+	}()
+
+	log.Printf(fmt.Sprintf("ECAgent is Listening on %v. (EXPERIMENT)\n", ECAgentPort))
+
+	//TODO:: Handle port in use error
+	http.HandleFunc("/ECAgent/", HelloServer)
+	if err := http.ListenAndServeTLS(fmt.Sprintf(":%v", ECAgentPort), certFile.Name(), keyFile.Name(), nil); err != nil {
+		log.Fatal("ListenAndServe: ", err)
+	}
+}

main.go

@@ -2,53 +2,30 @@ package main
 
 import (
 	"EasierConnect/core"
+	"EasierConnect/listener"
 	"flag"
-	"fmt"
 	"log"
 )
 
 func main() {
 	// CLI args
-	host, port, username, password, socksBind, twfId := "", 0, "", "", "", ""
-	flag.StringVar(&host, "server", "", "EasyConnect server address (e.g. vpn.nju.edu.cn)")
+	host, port, username, password, twfId := "", 0, "", "", ""
+	flag.StringVar(&host, "server", "", "EasyConnect server address (e.g. vpn.nju.edu.cn, sslvpn.sysu.edu.cn)")
 	flag.StringVar(&username, "username", "", "Your username")
 	flag.StringVar(&password, "password", "", "Your password")
-	flag.StringVar(&socksBind, "socks-bind", ":1080", "The addr socks5 server listens on (e.g. 0.0.0.0:1080)")
+	flag.StringVar(&core.SocksBind, "socks-bind", ":1080", "The addr socks5 server listens on (e.g. 0.0.0.0:1080)")
 	flag.StringVar(&twfId, "twf-id", "", "Login using twfID captured (mostly for debug usage)")
 	flag.IntVar(&port, "port", 443, "EasyConnect port address (e.g. 443)")
-	debugDump := false
-	flag.BoolVar(&debugDump, "debug-dump", false, "Enable traffic debug dump (only for debug usage)")
+	core.DebugDump = false
+	core.ParseServConfig = true
+	flag.BoolVar(&core.DebugDump, "debug-dump", false, "Enable traffic debug dump (only for debug usage)")
+	flag.BoolVar(&core.ParseServConfig, "parse", true, "parse server config")
 	flag.Parse()
 
 	if host == "" || ((username == "" || password == "") && twfId == "") {
-		log.Fatal("Missing required cli args, refer to `EasierConnect --help`.")
-	}
-	server := fmt.Sprintf("%s:%d", host, port)
-
-	client := core.NewEasyConnectClient(server)
-
-	var ip []byte
-	var err error
-	if twfId != "" {
-		if len(twfId) != 16 {
-			panic("len(twfid) should be 16!")
-		}
-		ip, err = client.LoginByTwfId(twfId)
+		log.Printf("Starting as ECAgent mode. For more infomations: `EasierConnect --help`.\n")
+		listener.StartECAgent()
 	} else {
-		ip, err = client.Login(username, password)
-		if err == core.ERR_NEXT_AUTH_SMS {
-			fmt.Print(">>>Please enter your sms code<<<:")
-			smsCode := ""
-			fmt.Scan(&smsCode)
-
-			ip, err = client.AuthSMSCode(smsCode)
-		}
+		core.StartClient(host, port, username, password, twfId)
 	}
-
-	if err != nil {
-		log.Fatal(err.Error())
-	}
-	log.Printf("Login success, your IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3])
-
-	client.ServeSocks5(socksBind, debugDump)
 }

parser/RulesParser.go

@@ -0,0 +1,296 @@
+package parser
+
+import (
+	"EasierConnect/core/config"
+	"fmt"
+	"github.com/dlclark/regexp2"
+	"log"
+	"math"
+	"net"
+	"net/url"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+)
+
+var domainRegExp *regexp.Regexp
+
+func StringArrToIntArr(strArr []string) [4]int {
+	var intArr [4]int
+
+	for index, str := range strArr {
+		intArr[index], _ = strconv.Atoi(str)
+	}
+
+	return intArr
+}
+
+func getMaskByIpRange(fromIp string, toIp string) (ones int, bits int) {
+	fromIpSplit := StringArrToIntArr(strings.Split(fromIp, "."))
+	toIpSplit := StringArrToIntArr(strings.Split(toIp, "."))
+
+	fromIpSplit[3] = int(math.Max(float64(fromIpSplit[3]-1), 0))
+	toIpSplit[3] = int(math.Min(float64(toIpSplit[3]+1), 255))
+
+	var mask [4]byte
+	for i := 3; i >= 0; i-- {
+		mask[i] = uint8(255 - toIpSplit[i] + fromIpSplit[i])
+	}
+
+	return net.IPv4Mask(mask[0], mask[1], mask[2], mask[3]).Size()
+}
+
+// from https://github.com/dromara/hutool/blob/fc091b01a23271e02f3174c45942105048155c90/hutool-core/src/main/java/cn/hutool/core/net/Ipv4Util.java#L114
+func getIPsInRange(from, to string) *[]string {
+	ipf := StringArrToIntArr(strings.Split(from, "."))
+	ipt := StringArrToIntArr(strings.Split(to, "."))
+
+	ips := make([]string, 4096)
+
+	equ := func(condition bool, yes int, no int) int {
+		if condition {
+			return yes
+		} else {
+			return no
+		}
+	}
+
+	var a, b, c int
+
+	for a = ipf[0]; a <= ipt[0]; a++ {
+		for b = equ(a == ipf[0], ipf[1], 0); b <= equ(a == ipt[0], ipt[1], 255); b++ {
+			for c = equ(b == ipf[1], ipf[2], 0); c <= equ(b == ipt[1], ipt[2], 255); c++ {
+				for d := equ(c == ipf[2], ipf[3], 0); d <= equ(c == ipt[2], ipt[3], 255); d++ {
+					ips = append(ips, strconv.Itoa(a)+"."+strconv.Itoa(b)+"."+strconv.Itoa(c)+"."+strconv.Itoa(d))
+				}
+			}
+		}
+	}
+
+	return &ips
+}
+
+func countByIpRange(from string, to string) int {
+	count := 1
+	ipf := StringArrToIntArr(strings.Split(from, "."))
+	ipt := StringArrToIntArr(strings.Split(to, "."))
+
+	for i := 3; i >= 0; i-- {
+		count += (ipt[i] - ipf[i]) * int(math.Pow(256, float64(3-i)))
+	}
+
+	return count
+}
+
+func processSingleIpRule(rule, port string, debug bool, waitChan *chan int) {
+	appendRule := func(value *string, isIPV4RangeRule bool, isCIDR bool) {
+		minValue := port
+		maxValue := port
+
+		if strings.Contains(port, "~") {
+			minValue = strings.Split(port, "~")[0]
+			maxValue = strings.Split(port, "~")[1]
+		}
+
+		minValueInt, err := strconv.Atoi(minValue)
+		if err != nil {
+			log.Printf("Cannot parse port value from string")
+			return
+		}
+
+		maxValueInt, err := strconv.Atoi(maxValue)
+		if err != nil {
+			log.Printf("Cannot parse port value from string")
+			return
+		}
+
+		if debug {
+			log.Printf("Appending Domain rule for: %s%v isIpv4RangeRule: %v isCIDR: %v", *value, []int{minValueInt, maxValueInt}, isIPV4RangeRule, isCIDR)
+		}
+
+		if isIPV4RangeRule {
+			config.AppendSingleIpv4RangeRule(*value, []int{minValueInt, maxValueInt}, isCIDR, debug)
+		} else {
+			config.AppendSingleDomainRule(*value, []int{minValueInt, maxValueInt}, debug)
+		}
+	}
+
+	if strings.Contains(rule, "~") { // ip range 1.1.1.7~1.1.7.9
+		from := strings.Split(rule, "~")[0]
+		to := strings.Split(rule, "~")[1]
+		size := countByIpRange(from, to)
+
+		mask, k := getMaskByIpRange(from, to)
+
+		if debug {
+			log.Printf("Handling rule for: %s-%s mask: %v", from, to, mask)
+		}
+
+		// mask == 0 -> cannot cover to cidr
+		if mask != 0 && mask <= 28 {
+			if debug {
+				log.Printf("using Cidr %s-%s mask: %v %v", from, to, mask, k)
+			}
+
+			cidr := fmt.Sprintf("%s/%v", from, mask)
+
+			appendRule(&cidr, true, true)
+		} else {
+			if size > 4096 {
+				log.Printf("Super large rule detected for: %s-%s mask: %v", from, to, mask)
+
+				appendRule(&rule, true, false)
+			} else {
+				if size > 1024 {
+					log.Printf("Large rule detected for: %s-%s mask: %v", from, to, mask)
+				}
+
+				for _, domain := range *getIPsInRange(from, to) {
+					appendRule(&domain, false, false)
+				}
+			}
+		}
+	} else { // http://domain.example.com/path/to&something=good#extra
+		appendRule(&rule, false, false)
+
+		if domainRegExp == nil {
+			domainRegExp, _ = regexp.Compile("(?:\\w+\\.)+\\w+")
+		}
+
+		pureDomain := domainRegExp.FindString(rule)
+
+		appendRule(&pureDomain, false, false) //TODO::FIXME:: remove this when using Http(s) proxy
+	}
+
+	*waitChan <- 1
+}
+
+func processDnsData(dnsData string, debug bool) {
+	for _, ent := range strings.Split(dnsData, ";") {
+		dnsEntry := strings.Split(ent, ":")
+
+		if len(dnsEntry) >= 3 {
+			RcID := dnsEntry[0]
+			domain := dnsEntry[1]
+			ip := dnsEntry[2]
+
+			if debug {
+				log.Printf("[%s] %s %s", RcID, domain, ip)
+			}
+
+			if domain != "" && ip != "" {
+				config.AppendSingleDnsRule(domain, ip, debug)
+			}
+		}
+	}
+}
+
+func processRcsData(rcsData config.Resource, debug bool, waitChan *chan int, cpuNumber *int) {
+	RcsLen := len(rcsData.Rcs.Rc)
+	for RcsIndex, ent := range rcsData.Rcs.Rc {
+		if debug {
+			log.Printf("[%s] %s %s", ent.Name, ent.Host, ent.Port)
+		}
+
+		if ent.Host == "" || ent.Port == "" {
+			log.Printf("Found null entry when processing RcsData: [%s] %s %s", ent.Name, ent.Host, ent.Port)
+			continue
+		}
+
+		domains := strings.Split(ent.Host, ";")
+		ports := strings.Split(ent.Port, ";")
+
+		if len(domains) >= 1 && len(ports) >= 1 {
+			for index, domain := range domains {
+				portRange := ports[index]
+
+				if *cpuNumber > 0 {
+					*cpuNumber--
+				} else {
+					<-*waitChan
+				}
+				processSingleIpRule(domain, portRange, debug, waitChan)
+			}
+		}
+
+		log.Printf("Progress: %v/100 (ResourceList.Rcs)", int(float32(RcsIndex)/float32(RcsLen)*100))
+	}
+}
+
+func ParseResourceLists(host, twfID string, debug bool) {
+	ResourceList := config.Resource{}
+	res, ok := ParseXml(&ResourceList, host, config.PathRlist, twfID)
+
+	cpuNumber := runtime.NumCPU()
+	waitChan := make(chan int, cpuNumber)
+
+	if !ok || ResourceList.Rcs.Rc == nil || len(ResourceList.Rcs.Rc) <= 0 || ResourceList.Dns.Data == "" {
+		if res != "" {
+			log.Printf("try parsing by regexp")
+
+			escapeReplacementMap := map[string]string{
+				"&nbsp;": string(rune(160)),
+				"&amp;":  "&",
+				"&quot;": "\"",
+				"&lt;":   "<",
+				"&gt;":   ">",
+			}
+
+			for from, to := range escapeReplacementMap {
+				res = strings.ReplaceAll(res, from, to)
+			}
+
+			resUrlDecodedValue, err := url.QueryUnescape(res)
+			if err != nil {
+				log.Printf("Cannot do UrlDecode")
+				return
+			}
+
+			ResourceListRegexp := regexp2.MustCompile("(?<=\" host=\").*?(?=\" enable_disguise=)", 0)
+			ResourceListMatches, _ := ResourceListRegexp.FindStringMatch(resUrlDecodedValue)
+			for ; ResourceListMatches != nil; ResourceListMatches, _ = ResourceListRegexp.FindNextMatch(ResourceListMatches) {
+
+				if debug {
+					log.Printf("ResourceListMatch -> " + ResourceListMatches.String() + "\n")
+				}
+
+				ResourceListData := ResourceListMatches.String()
+
+				ResourceListDataHost := strings.Split(ResourceListData, "\" port=\"")[0]
+				ResourceListDataPort := strings.Split(ResourceListData, "\" port=\"")[1]
+
+				entry := config.RcData{Host: ResourceListDataHost, Port: ResourceListDataPort}
+				ResourceList.Rcs.Rc = append(ResourceList.Rcs.Rc, entry)
+			}
+
+			processRcsData(ResourceList, debug, &waitChan, &cpuNumber)
+
+			log.Printf("Parsed %v Domain rules", config.GetDomainRuleLen())
+			log.Printf("Parsed %v Ipv4 rules", config.GetIpv4RuleLen())
+
+			DnsDataRegexp := regexp2.MustCompile("(?<=<Dns dnsserver=\"\" data=\")[0-9A-Za-z:;.-]*?(?=\")", 0)
+			DnsDataRegexpMatches, _ := DnsDataRegexp.FindStringMatch(resUrlDecodedValue)
+
+			processDnsData(DnsDataRegexpMatches.String(), debug)
+
+			log.Printf("Parsed %v Dns rules", config.GetDnsRuleLen())
+		}
+	} else {
+		log.Printf("try parsing by goXml")
+
+		processRcsData(ResourceList, debug, &waitChan, &cpuNumber)
+
+		log.Printf("Parsed %v Domain rules", config.GetDomainRuleLen())
+		log.Printf("Parsed %v Ipv4 rules", config.GetIpv4RuleLen())
+
+		processDnsData(ResourceList.Dns.Data, debug)
+
+		log.Printf("Parsed %v Dns rules", config.GetDnsRuleLen())
+	}
+}
+
+func ParseConfLists(host, twfID string, debug bool) {
+	conf := config.Conf{}
+	_, _ = ParseXml(&conf, host, config.PathConf, twfID)
+}

parser/XmlParser.go

@@ -0,0 +1,52 @@
+package parser
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/xml"
+	"io"
+	"log"
+	"net/http"
+)
+
+func ParseXml(in any, host string, path string, twfid string) (string, bool) {
+	c := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}}
+
+	addr := "https://" + host + path
+	req, err := http.NewRequest("GET", addr, nil)
+	req.Header.Set("Cookie", "TWFID="+twfid)
+	req.Header.Set("Content-Type", "text/html; charset=utf-8")
+
+	resp, err := c.Do(req)
+	if err != nil {
+		log.Print(err)
+		log.Printf("Cannot request %s \n", path)
+		return "", false
+	}
+
+	var buf bytes.Buffer
+	io.Copy(&buf, resp.Body)
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+		}
+	}(resp.Body)
+
+	//    log.Printf("%s \n", string(buf[:]))
+
+	err = xml.Unmarshal(buf.Bytes(), &in)
+	if err != nil {
+		log.Print(err)
+		log.Printf("Cannot parse %s \n", path)
+
+		return buf.String(), false
+	} else {
+		log.Printf("Parsed %s \n", path)
+
+		return buf.String(), true
+	}
+
+}