Code review for TLS proxies

<p>My school uses DPI (deep packet inspection) to block protocols like SSH and OpenVPN. Additionally, few remote ports are enabled. Sometimes I want to login to my VPS from school to fix or work on something, but I cannot because SSH is blocked. Furthermore, my school has a approved (yes, approved by the school administration) League Of Legends team but they cannot play League Of Legends at school because it is blocked...</p> <p>In order to get around these limitations, I&#39;ve written <a href="https://github.com/nhooyr/tlswrapd">tlswrapd</a> and <a href="https://github.com/nhooyr/tlsmuxd">tlsmuxd</a>.</p> <p>tlswrapd accepts a local connection, dials a remote address with TLS and then copies all data between the two connections. tlsmuxd accepts a remote connection with TLS, dials a local address and then copies all data between the two connections. Both also support ALPN to serve multiple protocols over a single port.</p> <p>Since TLS and port 443 are not blocked, this allows me to serve protocols like SSH and OpenVPN over TLS on port 443 on my VPS. I use tlswrapd on my laptop to &#34;wrap&#34; SSH connections to my VPS where tlsmuxd is running. tlsmuxd then proxies these SSH connections back to the locally running sshd. It does essentially the same thing for OpenVPN.</p> <p>I&#39;ve put in a lot of effort to make the code idiomatic and secure but I would appreciate some feedback.</p> <p>Thanks in advance!</p> <hr/>**评论：**<br/><br/>boshlol: <pre><p>Nice. could you explain what is going on here?</p> <p><a href="https://github.com/nhooyr/tlswrapd/blob/master/proxy.go#L102-L121" rel="nofollow">https://github.com/nhooyr/tlswrapd/blob/master/proxy.go#L102-L121</a></p> <ul> <li>what&#39;s the reasoning behind using a buffer pool?</li> <li>is there a particular reason that you are <code>struct{}{}</code>?</li> <li>is <code>go cp(c1, c2)</code> just there for clean up? as you are closing the connections does this not create a bunch of orphaned routines?</li> </ul></pre>analogphototaker: <pre><p>How did you learn enough network programming to understand all this stuff? I wish I knew more about all these protocols and how to work with them in go...</p></pre>mwholt: <pre><p>Man, I wish I was this smart in high school.</p></pre>jammerlt: <pre><p>Why not just use stunnel?</p></pre>singron: <pre><p>What school/Country is this? Do they have a computer science department? This seems ridiculous.</p></pre>nhooyr: <pre><p>Canadian High School. No computer science department.</p></pre>