EntryPoint入口点处理流量报错

[laneluo]

gost配置如下：

访问端：
services:

• name: service-0
  addr: ":1080"
  handler:
  type: http
  chain: chain-0
  listener:
  type: tcp
  chains:
• name: chain-0
  hops:
  • name: hop-0
    nodes:
    • name: node-0
      addr: :10013
      connector:
      type: forward
      dialer:
      type: tcp

---

服务端：
services:

• name: service-0
  addr: :12345
  handler:
  type: tunnel
  metadata:
  ingress: ingress-0
  entrypoint: ":10013"
  sniffing: true
  listener:
  type: tcp
  ingresses:
• name: ingress-0
  rules:
  • hostname: ".ip138.com"
    endpoint: ac74d9dd-3125-442a-a7c1-f9e49e05fac1

---

客户端：
services:

• name: service-0
  addr: :0
  handler:
  type: rtcp
  listener:
  type: rtcp
  chain: chain-0
  chains:
• name: chain-0
  hops:
  • name: hop-0
    nodes:
    • name: node-0
      addr: 10.0.80.67:12345
      connector:
      type: tunnel
      metadata:
      tunnel.id: ac74d9dd-3125-442a-a7c1-f9e49e05fac1
      mux.maxStreamBuffer: 1048576
      dialer:
      type: tcp

三个服务启动后使用如下命令访问ip138.com报错：
curl -x "http://10.0.80.67:1080" "https://ip138.com/" -vvv

• About to connect() to proxy 10.0.80.67 port 1080 (#0)
• Trying 10.0.80.67...
• Connected to 10.0.80.67 (10.0.80.67) port 1080 (#0)
• Establish HTTP proxy tunnel to ip138.com:443

CONNECT ip138.com:443 HTTP/1.1
Host: ip138.com:443
User-Agent: curl/7.29.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established
< Connection: close
< Proxy-Agent: gost/3.0
<

• Proxy replied OK to CONNECT request
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• NSS error -5938 (PR_END_OF_FILE_ERROR)
• Encountered end of file
• Closing connection 0
  curl: (35) Encountered end of file

此时服务端报错如下：
{"caller":"tunnel\entrypoint.go:82","handler":"tunnel","kind":"entrypoint","level":"info","listener":"tcp","local":"127.0.0.1:10013","msg":"127.0.0.1:63829 <> 127.0.0.1:10013","node":"844e47b9-cb10-4aed-95b8-a623aef5acdf","remote":"127.0.0.1:63829","service":"service-0","sid":"ctkj2i6uf5lhj00oagpg","time":"2024-12-23T17:45:47.304+08:00"}
{"caller":"tunnel\entrypoint.go:102","duration":2049518800,"handler":"tunnel","inputBytes":195,"kind":"entrypoint","level":"info","listener":"tcp","local":"127.0.0.1:10013","msg":"127.0.0.1:63829 >< 127.0.0.1:10013","node":"844e47b9-cb10-4aed-95b8-a623aef5acdf","outputBytes":0,"remote":"127.0.0.1:63829","service":"service-0","sid":"ctkj2i6uf5lhj00oagpg","time":"2024-12-23T17:45:49.354+08:00"}
{"caller":"service\service.go:247","handler":"tunnel-ep","kind":"service","level":"error","listener":"tcp","msg":"malformed HTTP request "\x16\x03\x01\x00\xbe\x01\x00\x00\xba\x03\x032g\xe6\xffӦ\xab/\x1dG̼\xff\xb7\xfaܸ>\xd3\\\xf3\x8cV\xaa\vf\x9e\xe1Q\x93m\x02\x00\x008\xc0,\xc0"","node":"844e47b9-cb10-4aed-95b8-a623aef5acdf","service":"service-0-ep-[::]:10013","sid":"ctkj2i6uf5lhj00oagpg","time":"2024-12-23T17:45:49.354+08:00"}

我的理解如下：
curl使用http connect请求访问端服务，访问端服务处理http connect请求，并与服务端的10013端口建立tcp隧道。
访问端转发接下来的数据到服务端，服务端嗅探目的地址进行ingresses，最后转发给客户端。

但是现在的问题是服务端把访问端转发过来的tls握手数据当作http请求处理，其中的"\x16\x03\x01\x00\xbe\x01\x00\x00\xba\x03\x032g\xe6\xffӦ\xab/\x1dG̼\xff\xb7\xfaܸ>\xd3\\\xf3\x8cV\xaa\vf\x9e\xe1Q\x93m\x02\x00\x008\xc0,\xc0"这些信息与我抓包中的client hello一致。

请问是什么原因呢？
我理解的入口点(EntryPoint) 是接受用户的流量，并进行嗅探，最后作出响应的路由，是不是我理解的入口点(EntryPoint)使用方式是错误的呢？

[ginuerzh]

新版本中entrypoint已经添加对TLS流量的支持。