bdy 1.7.46-dev

package/src/tunnel.js

@@ -0,0 +1,696 @@
+const basicAuth = require('basic-auth');
+const {
+  DEFAULT_TIMEOUT,
+  isStringRegExp,
+  TARGET_HTTP_REGEX,
+  TARGET_ONLY_PORT_REGEX,
+  TARGET_TCP_TLS_REGEX,
+  TLS_TERMINATE_AT_AGENT,
+  TLS_TERMINATE_AT_REGION,
+  TLS_TERMINATE_AT_TARGET,
+  TUNNEL_CLOSED,
+  TUNNEL_HTTP,
+  TUNNEL_OPEN,
+  TUNNEL_TCP,
+  TUNNEL_TLS
+} = require('./utils.js');
+const TunnelLatency = require('./tunnel/latency.js');
+const SshClient = require('./ssh/client.js');
+const EventEmitter = require('events');
+const TunnelTcp = require('./tunnel/tcp.js');
+const ServerTls = require('./server/tls.js');
+const ServerSsh = require('./server/ssh.js');
+const logger = require('./logger.js');
+const TunnelIdentification = require('./tunnel/identification.js');
+const TunnelHttp = require('./tunnel/http.js');
+const ServerHttp2 = require('./server/http2.js');
+const ServerHttp1 = require('./server/http1.js');
+const TunnelHttpLog = require('./tunnel/http/log.js');
+const Format = require('./format');
+const {
+  LOG_STARTING_TUNNEL,
+  LOG_STOPPING_TUNNEL,
+  LOG_TUNNEL_CONNECTED,
+  LOG_TUNNEL_DISCONNECTED,
+  LOG_TUNNEL_FAILED,
+  LOG_TUNNEL_HTTP1_STREAM,
+  LOG_TUNNEL_HTTP2_STREAM,
+  LOG_TUNNEL_HTTP_CIRCUIT_BREAKER_OPEN,
+  LOG_TUNNEL_HTTP_RATE_LIMIT,
+  LOG_TUNNEL_HTTP_WRON_AUTH,
+  LOG_TUNNEL_HTTP_WRONG_USER_AGENTS,
+  LOG_TUNNEL_IDENTIFIED,
+  LOG_TUNNEL_TCP_STREAM,
+  LOG_TUNNEL_TLS_AGENT_STREAM,
+  LOG_TUNNEL_TLS_REGION_STREAM,
+  LOG_TUNNEL_TLS_TARGET_STREAM
+} = require('./texts.js');
+const TunnelDns = require('./tunnel/dns.js');
+const {
+  EVENT_TUNNEL_IDENTIFIED,
+  HTTP1_SOCKET_OPEN,
+  HTTP1_SOCKET_CLOSED,
+  HTTP1_REQUEST,
+  HTTP2_SESSION_OPEN,
+  HTTP2_SESSION_CLOSED,
+  HTTP2_REQUEST,
+  TLS_SOCKET,
+  SSH_CLIENT_EVENT_CONNECTED,
+  SSH_CLIENT_EVENT_DISCONNECTED,
+  SSH_CLIENT_EVENT_STREAM_TCP,
+  SSH_CLIENT_EVENT_STREAM_TLS,
+  SSH_CLIENT_EVENT_STREAM_HTTP1,
+  SSH_CLIENT_EVENT_STREAM_HTTP2,
+  EVENT_TUNNEL_HTTP_NEW_RESPONSE,
+  EVENT_TUNNEL_HTTP_NEW_REQUEST,
+  TUNNEL_LATENCY_EVENT_RECONNECTED,
+  TCP_EVENT_CLOSED,
+  TUNNEL_EVENT_OPEN,
+  TUNNEL_EVENT_CLOSED,
+  TUNNEL_EVENT_TCP_OPEN,
+  TUNNEL_EVENT_TCP_CLOSED,
+  TUNNEL_EVENT_TLS_OPEN,
+  TUNNEL_EVENT_TLS_CLOSED,
+  TUNNEL_EVENT_HTTP_IDENTIFIED,
+  TUNNEL_EVENT_HTTP_REQUEST,
+  TUNNEL_EVENT_HTTP_RESPONSE,
+  TUNNEL_EVENT_STOPPED,
+  TUNNEL_SSH,
+  SSH_CLIENT_EVENT_STREAM_SSH,
+  createSshHostKey,
+  TUNNEL_EVENT_HTTP_OPEN,
+  TUNNEL_EVENT_HTTP_CLOSED
+} = require('./utils');
+const { LOG_TUNNEL_SSH_STREAM } = require('./texts');
+
+class Tunnel extends EventEmitter {
+  constructor({
+    id,
+    type,
+    target,
+    region,
+    timeout,
+    domain,
+    subdomain,
+    whitelist,
+    tlsSettings,
+    httpSettings,
+    sshSettings,
+    sshHostKey
+  }) {
+    super();
+    if (!sshHostKey) sshHostKey = createSshHostKey();
+    this.id = id;
+    this.sshHostKey = sshHostKey;
+    this.create({
+      type,
+      target,
+      region,
+      timeout,
+      domain,
+      subdomain,
+      whitelist,
+      tlsSettings,
+      httpSettings,
+      sshSettings,
+    });
+  }
+
+  create({
+    type,
+    target,
+    region,
+    timeout,
+    domain,
+    subdomain,
+    whitelist,
+    tlsSettings,
+    httpSettings,
+    sshSettings,
+  }) {
+    this.type = type;
+    this.region = region;
+    this.target = target;
+    this.whitelist = whitelist || [];
+    this.domain = domain;
+    this.subdomain = subdomain;
+    this.timeout = timeout || DEFAULT_TIMEOUT;
+    this.useragents = [];
+    this.headers = [];
+    this.responseHeaders = [];
+    if (tlsSettings) {
+      this.terminate = tlsSettings.terminate;
+      this.key = tlsSettings.key;
+      this.cert = tlsSettings.cert;
+      this.ca = tlsSettings.ca;
+    }
+    if (httpSettings) {
+      this.host = httpSettings.host;
+      this.login = httpSettings.login;
+      this.password = httpSettings.password;
+      this.ca = httpSettings.ca;
+      this.serve = httpSettings.serve;
+      this.useragents = httpSettings.userAgents || [];
+      this.headers = httpSettings.headers || [];
+      this.responseHeaders = httpSettings.responseHeaders || [];
+      this.circuitBreaker = httpSettings.circuitBreaker;
+      this.log = httpSettings.log;
+      this.verify = httpSettings.verify;
+      this.compression = httpSettings.compression;
+      this.http2 = httpSettings.http2;
+    }
+    if (sshSettings) {
+      this.sshIp = sshSettings.ip;
+      this.sshId = sshSettings.sshId;
+      this.sshPort = sshSettings.port;
+      this.sshUser = sshSettings.user;
+      this.sshPassword = sshSettings.password;
+      this.sshForwardPort = sshSettings.forwardPort;
+      this.sshClientUser = sshSettings.clientUser;
+      this.sshClientPassword = sshSettings.clientPassword;
+    }
+    this.targetProto = 'http';
+    this.targetHost = 'localhost';
+    this.targetPort = 80;
+    this.targetAuth = null;
+
+    if (this.type === TUNNEL_HTTP) {
+      let m = this.target.match(TARGET_ONLY_PORT_REGEX);
+      if (m) {
+        this.targetPort = parseInt(m[0], 10);
+      } else {
+        m = this.target.match(TARGET_HTTP_REGEX);
+        if (m) {
+          if (m[2]) this.targetProto = m[2];
+          if (m[6]) this.targetPort = parseInt(m[6], 10);
+          else if (this.targetProto === 'https') this.targetPort = 443;
+          if (m[4]) this.targetHost = m[4];
+          if (m[3]) this.targetAuth = m[3].replace(/@$/, '');
+        }
+      }
+    } else if (this.type === TUNNEL_SSH) {
+      this.targetHost = 'localhost';
+      this.targetProto = 'ssh://';
+      this.targetPort = 22;
+    } else {
+      const m = this.target.match(TARGET_TCP_TLS_REGEX);
+      if (m) {
+        this.targetPort = parseInt(m[3], 10);
+        if (m[2]) this.targetHost = m[2];
+      }
+    }
+    this.connections = {};
+    this.totalConnections = 0;
+    this.status = TUNNEL_CLOSED;
+    this.dns = null;
+    this.regionLatency = null;
+    this.targetLatency = null;
+    this.tls = null;
+    this.httpLog = null;
+    this.identify = null;
+    this.http2server = null;
+    this.http1server = null;
+    this.sshServer = null;
+    this.ssh = null;
+    this.started = false;
+  }
+
+  recreate({
+    type,
+    target,
+    region,
+    timeout,
+    domain,
+    subdomain,
+    whitelist,
+    tlsSettings,
+    httpSettings,
+    sshSettings,
+  }) {
+    const started = this.started;
+    this.stop(false);
+    this.create({
+      type,
+      target,
+      region,
+      timeout,
+      domain,
+      subdomain,
+      whitelist,
+      tlsSettings,
+      httpSettings,
+      sshSettings,
+    });
+    if (started) this.start();
+  }
+
+  hasChanged(data) {
+    const tunnel = new Tunnel({
+      ...data,
+      sshHostKey: this.sshHostKey
+    });
+    if (this.type !== tunnel.type) return true;
+    if (this.target !== tunnel.target) return true;
+    if (this.region !== tunnel.region) return true;
+    if (this.timeout !== tunnel.timeout) return true;
+    if (this.domain !== tunnel.domain) return true;
+    if (this.subdomain !== tunnel.subdomain) return true;
+    if (this.terminate !== tunnel.terminate) return true;
+    if (this.key !== tunnel.key) return true;
+    if (this.cert !== tunnel.cert) return true;
+    if (this.ca !== tunnel.ca) return true;
+    if (this.host !== tunnel.host) return true;
+    if (this.login !== tunnel.login) return true;
+    if (this.password !== tunnel.password) return true;
+    if (this.serve !== tunnel.serve) return true;
+    if (this.circuitBreaker !== tunnel.circuitBreaker) return true;
+    if (this.log !== tunnel.log) return true;
+    if (this.verify !== tunnel.verify) return true;
+    if (this.http2 !== tunnel.http2) return true;
+    if (this.compression !== tunnel.compression) return true;
+    if (this.sshIp !== tunnel.sshIp) return true;
+    if (this.sshId !== tunnel.sshId) return true;
+    if (this.sshPort !== tunnel.sshPort) return true;
+    if (this.sshUser !== tunnel.sshUser) return true;
+    if (this.sshPassword !== tunnel.sshPassword) return true;
+    if (this.sshForwardPort !== tunnel.sshForwardPort) return true;
+    if (this.sshClientPassword !== tunnel.sshClientPassword) return true;
+    if (this.sshClientUser !== tunnel.sshClientUser) return true;
+    if (this.whitelist.length !== tunnel.whitelist.length) return true;
+    this.whitelist.sort();
+    tunnel.whitelist.sort();
+    for (let i = 0; i < this.whitelist.length; i += 1) {
+      if (this.whitelist[i] !== tunnel.whitelist[i]) return true;
+    }
+    if (this.useragents.length !== tunnel.useragents.length) return true;
+    this.useragents.sort();
+    tunnel.useragents.sort();
+    for (let i = 0; i < this.useragents.length; i += 1) {
+      if (this.useragents[i] !== tunnel.useragents[i]) return true;
+    }
+    const sortHeaders = (a, b) => a.name.localeCompare(b.name);
+    if (this.headers.length !== tunnel.headers.length) return true;
+    this.headers.sort(sortHeaders);
+    tunnel.headers.sort(sortHeaders);
+    for (let i = 0; i < this.headers.length; i += 1) {
+      const thisH = this.headers[i];
+      const tunnelH = tunnel.headers[i];
+      if (thisH.name !== tunnelH.name) return true;
+      if (thisH.value !== tunnelH.value) return true;
+    }
+    if (this.responseHeaders.length !== tunnel.responseHeaders.length) return true;
+    this.responseHeaders.sort(sortHeaders);
+    tunnel.responseHeaders.sort(sortHeaders);
+    for (let i = 0; i < this.responseHeaders.length; i += 1) {
+      const thisRH = this.responseHeaders[i];
+      const tunnelRH = tunnel.responseHeaders[i];
+      if (thisRH.name !== tunnelRH.name) return true;
+      if (thisRH.value !== tunnelRH.value) return true;
+    }
+    return false;
+  }
+
+  async sshConnected() {
+    try {
+      logger.debug(LOG_TUNNEL_CONNECTED(this.id, this.sshForwardPort));
+      await this.ssh.forwardIn(this.sshForwardPort);
+      this.status = TUNNEL_OPEN;
+    } catch (err) {
+      // reconnect
+      logger.debug(LOG_TUNNEL_FAILED(this.id));
+      logger.debug(err);
+      this.ssh.close();
+      return;
+    }
+    this.emit(TUNNEL_EVENT_OPEN, this);
+  }
+
+  sshDisconnected() {
+    if (this.status !== TUNNEL_CLOSED) {
+      logger.debug(LOG_TUNNEL_DISCONNECTED(this.id));
+      this.status = TUNNEL_CLOSED;
+      this.emit(TUNNEL_EVENT_CLOSED, this);
+    }
+  }
+
+  tunnelToTarget(stream, onClose) {
+    this.totalConnections += 1;
+    const tcp = new TunnelTcp(this.targetHost, this.targetPort, stream);
+    this.connections[tcp.id] = tcp;
+    tcp.on(TCP_EVENT_CLOSED, () => {
+      this.connections[tcp.id].removeAllListeners();
+      delete this.connections[tcp.id];
+      onClose();
+    });
+    tcp.pipe();
+  }
+
+  httpIdentified(type) {
+    logger.info(LOG_TUNNEL_IDENTIFIED(this.id, type));
+    this.emit(TUNNEL_EVENT_HTTP_IDENTIFIED, this, type);
+  }
+
+  httpConnectionOpen(s) {
+    this.totalConnections += 1;
+    this.connections[s.id] = s;
+    this.emit(TUNNEL_EVENT_HTTP_OPEN, this);
+  }
+
+  httpConnectionClosed(s) {
+    delete this.connections[s.id];
+    this.emit(TUNNEL_EVENT_HTTP_CLOSED, this);
+  }
+
+  httpBasicAuth(req, res) {
+    if (this.login || this.password) {
+      const user = basicAuth(req);
+      if (!user || user.name !== this.login || user.pass !== this.password) {
+        logger.debug(LOG_TUNNEL_HTTP_WRON_AUTH);
+        this.httpEndFast(req, res, 401, 'Unauthorised', {
+          'WWW-Authenticate': 'Basic real="Buddy"'
+        });
+        return false;
+      }
+    }
+    return true;
+  }
+
+  httpEndFast(req, res, statusCode, msg, headers = {}) {
+    const log = this.httpLog.newRequest(req.method, req.headers, req.url, req.httpVersion, req);
+    if (!log) {
+      this.httpLog.newResponse(req, statusCode, headers);
+      res.statusCode = statusCode;
+      Object.keys(headers).forEach((k) => {
+        res.setHeader(k, headers[k]);
+      });
+      res.end(msg);
+    } else {
+      req.pipe(log.requestBody);
+      log.requestBody.pipeToNothing(() => {
+        this.httpLog.newResponse(req, statusCode, headers, log);
+        res.statusCode = statusCode;
+        Object.keys(headers).forEach((k) => {
+          res.setHeader(k, headers[k]);
+        });
+        res.end(msg);
+      });
+    }
+  }
+
+  httpRateLimit(req, res) {
+    const isRateLimited = this.httpLog.isRateLimited(req);
+    if (isRateLimited) {
+      logger.debug(LOG_TUNNEL_HTTP_RATE_LIMIT);
+      this.httpEndFast(req, res, 429, 'Too Many Requests', {
+        'Retry-After': '60'
+      });
+      return false;
+    }
+    return true;
+  }
+
+  httpCircuitBreaker(req, res) {
+    const isOpen = this.httpLog.isCircuitBreakerOpen();
+    if (isOpen) {
+      logger.debug(LOG_TUNNEL_HTTP_CIRCUIT_BREAKER_OPEN);
+      this.httpEndFast(req, res, 503, 'Service Unavailable', {});
+      return false;
+    }
+    return true;
+  }
+
+  httpUserAgent(req, res) {
+    if (this.useragents && this.useragents.length > 0) {
+      const ua = req.headers['user-agent'] || '';
+      for (let i = 0; i < this.useragents.length; i += 1) {
+        const str = this.useragents[i];
+        if (isStringRegExp(str)) {
+          try {
+            const r = new RegExp(str, 'i');
+            if (r.test(ua)) return true;
+          } catch (err) {
+            // do nothing
+          }
+        } else if (ua.includes(str)) {
+          return true;
+        }
+      }
+      logger.debug(LOG_TUNNEL_HTTP_WRONG_USER_AGENTS);
+      this.httpEndFast(req, res, 401, 'Unauthorised', {});
+      return false;
+    }
+    return true;
+  }
+
+  targetReconnected() {
+    if (this.identify) this.identify.identify();
+  }
+
+  httpLogRequest(logRequest) {
+    this.emit(TUNNEL_EVENT_HTTP_REQUEST, this, logRequest);
+  }
+
+  httpLogResponse(logRequest) {
+    this.emit(TUNNEL_EVENT_HTTP_RESPONSE, this, logRequest);
+  }
+
+  retryHttpLogRequest(logRequest) {
+    if (logRequest.requestBody.tooLarge) return;
+    if (logRequest.httpVersion === '2.0') return this.http2server.retryRequest(logRequest);
+    return this.http1server.retryRequest(logRequest);
+  }
+
+  httpRequest(req, res) {
+    const isAuth = this.httpBasicAuth(req, res)
+      && this.httpUserAgent(req, res)
+      && this.httpRateLimit(req, res)
+      && this.httpCircuitBreaker(req, res);
+    if (!isAuth) return;
+    const http = new TunnelHttp({
+      req,
+      res,
+      auth: this.targetAuth,
+      proto: this.targetProto,
+      host: this.targetHost,
+      port: this.targetPort,
+      hostHeader: this.host,
+      timeout: this.timeout,
+      verify: this.verify,
+      compression: this.compression,
+      headers: this.headers,
+      serve: this.serve,
+      responseHeaders: this.responseHeaders,
+      httpIdentify: this.identify.type,
+      httpLog: this.httpLog,
+    });
+    http.pipe().then();
+  }
+
+  tlsSocket(tlsSocket) {
+    this.tunnelToTarget(tlsSocket, () => {
+      this.emit(TUNNEL_EVENT_TLS_CLOSED, this);
+    });
+    this.emit(TUNNEL_EVENT_TLS_OPEN, this);
+  }
+
+  canStreamTcp() {
+    if (this.type === TUNNEL_TCP) return true;
+    return this.type === TUNNEL_TLS && [TLS_TERMINATE_AT_TARGET, TLS_TERMINATE_AT_REGION].includes(this.terminate);
+  }
+
+  canStreamTls() {
+    return this.type === TUNNEL_TLS;
+  }
+
+  canStreamSsh() {
+    return this.type === TUNNEL_SSH;
+  }
+
+  canStreamHttp() {
+    return this.type === TUNNEL_HTTP;
+  }
+
+  sshStreamTcp(stream) {
+    if (!this.canStreamTcp()) {
+      stream.end();
+      return;
+    }
+    logger.debug(LOG_TUNNEL_TCP_STREAM(this.id));
+    this.tunnelToTarget(stream, () => {
+      this.emit(TUNNEL_EVENT_TCP_CLOSED, this);
+    });
+    this.emit(TUNNEL_EVENT_TCP_OPEN, this);
+  }
+
+  sshStreamHttp1(stream, info, ip) {
+    if (!this.canStreamHttp()) {
+      stream.end();
+      return;
+    }
+    logger.debug(LOG_TUNNEL_HTTP1_STREAM(this.id));
+    if (this.http1server) {
+      this.http1server.handleSshTunnel(stream, info, ip);
+      return;
+    }
+    stream.end();
+  }
+
+  sshStreamHttp2(stream, info, ip) {
+    if (!this.canStreamHttp()) {
+      stream.end();
+      return;
+    }
+    logger.debug(LOG_TUNNEL_HTTP2_STREAM(this.id));
+    if (this.http2server) {
+      this.http2server.handleSshTunnel(stream, info, ip);
+      return;
+    }
+    stream.end();
+  }
+
+  sshStreamSsh(stream) {
+    if (!this.canStreamSsh()) {
+      stream.end();
+      return;
+    }
+    logger.debug(LOG_TUNNEL_SSH_STREAM(this.id));
+    if (this.sshServer) {
+      this.sshServer.handleSshTunnel(stream);
+      return;
+    }
+    stream.end();
+  }
+
+  sshStreamTls(stream) {
+    if (!this.canStreamTls()) {
+      stream.end();
+      return;
+    }
+    if (this.terminate === TLS_TERMINATE_AT_TARGET) {
+      logger.debug(LOG_TUNNEL_TLS_TARGET_STREAM(this.id));
+      this.sshStreamTcp(stream);
+      return;
+    }
+    if (this.terminate === TLS_TERMINATE_AT_REGION) {
+      logger.debug(LOG_TUNNEL_TLS_REGION_STREAM(this.id));
+      this.sshStreamTcp(stream);
+      return;
+    }
+    if (this.tls) {
+      logger.debug(LOG_TUNNEL_TLS_AGENT_STREAM(this.id));
+      this.tls.handleSshTunnel(stream);
+      return;
+    }
+    stream.end();
+  }
+
+  start() {
+    if (this.started) return;
+    this.started = true;
+    logger.info(LOG_STARTING_TUNNEL(this.id));
+    // region latency
+    this.regionLatency = new TunnelLatency(this.sshIp, this.sshPort);
+    this.regionLatency.startChecking();
+    // target latency
+    if (!this.serve && this.type !== TUNNEL_SSH) {
+      this.targetLatency = new TunnelLatency(this.targetHost, this.targetPort);
+      this.targetLatency.on(TUNNEL_LATENCY_EVENT_RECONNECTED, () => this.targetReconnected());
+      this.targetLatency.startChecking();
+    }
+    // dns health
+    this.dns = new TunnelDns(this.sshIp, this.domain, this.subdomain, this.region, this.sshId);
+    this.dns.startChecking();
+    if (this.type === TUNNEL_TLS && this.terminate === TLS_TERMINATE_AT_AGENT) {
+      // tls
+      this.tls = new ServerTls(this.key, this.cert, this.ca);
+      this.tls.on(TLS_SOCKET, (socket) => this.tlsSocket(socket));
+    } else if (this.type === TUNNEL_HTTP) {
+      // http
+      this.httpLog = new TunnelHttpLog(this.log, this.circuitBreaker);
+      this.httpLog.on(EVENT_TUNNEL_HTTP_NEW_REQUEST, (logRequest) => this.httpLogRequest(logRequest));
+      this.httpLog.on(EVENT_TUNNEL_HTTP_NEW_RESPONSE, (logRequest) => this.httpLogResponse(logRequest));
+      this.identify = new TunnelIdentification(this.targetProto, this.targetHost, this.targetPort, this.http2 || !!this.serve);
+      this.identify.on(EVENT_TUNNEL_IDENTIFIED, (type) => this.httpIdentified(type));
+      const host = Format.entryHost(this);
+      this.http2server = new ServerHttp2(host);
+      this.http2server.on(HTTP2_SESSION_OPEN, (session) => this.httpConnectionOpen(session));
+      this.http2server.on(HTTP2_SESSION_CLOSED, (session) => this.httpConnectionClosed(session));
+      this.http2server.on(HTTP2_REQUEST, (req, res) => this.httpRequest(req, res));
+      this.http1server = new ServerHttp1(host);
+      this.http1server.on(HTTP1_SOCKET_OPEN, (socket) => this.httpConnectionOpen(socket));
+      this.http1server.on(HTTP1_SOCKET_CLOSED, (socket) => this.httpConnectionClosed(socket));
+      this.http1server.on(HTTP1_REQUEST, (req, res) => this.httpRequest(req, res));
+    } else if (this.type === TUNNEL_SSH) {
+      // ssh server
+      this.sshServer = new ServerSsh(this.sshClientUser, this.sshClientPassword, this.sshHostKey);
+    }
+    // ssh
+    this.ssh = new SshClient(this.sshIp, this.sshPort, this.sshUser, this.sshPassword);
+    this.ssh.on(SSH_CLIENT_EVENT_CONNECTED, () => this.sshConnected());
+    this.ssh.on(SSH_CLIENT_EVENT_DISCONNECTED, () => this.sshDisconnected());
+    this.ssh.on(SSH_CLIENT_EVENT_STREAM_TCP, (stream) => this.sshStreamTcp(stream));
+    this.ssh.on(SSH_CLIENT_EVENT_STREAM_TLS, (stream) => this.sshStreamTls(stream));
+    this.ssh.on(SSH_CLIENT_EVENT_STREAM_HTTP1, (stream, info, ip) => this.sshStreamHttp1(stream, info, ip));
+    this.ssh.on(SSH_CLIENT_EVENT_STREAM_HTTP2, (stream, info, ip) => this.sshStreamHttp2(stream, info, ip));
+    this.ssh.on(SSH_CLIENT_EVENT_STREAM_SSH, (stream) => this.sshStreamSsh(stream));
+    this.ssh.openKeepAlive();
+  }
+
+  stop(emitEvent = true) {
+    if (!this.started) return;
+    this.started = false;
+    logger.info(LOG_STOPPING_TUNNEL(this.id));
+    if (emitEvent) this.emit(TUNNEL_EVENT_STOPPED, this);
+    if (this.regionLatency) {
+      this.regionLatency.removeAllListeners();
+      this.regionLatency.stopChecking();
+      this.regionLatency = null;
+    }
+    if (this.dns) {
+      this.dns.stopChecking();
+      this.dns = null;
+    }
+    if (this.targetLatency) {
+      this.targetLatency.removeAllListeners();
+      this.targetLatency.stopChecking();
+      this.targetLatency = null;
+    }
+    if (this.tls) {
+      this.tls.removeAllListeners();
+      this.tls.stop();
+      this.tls = null;
+    }
+    if (this.httpLog) {
+      this.httpLog.removeAllListeners();
+      this.httpLog.stop();
+      this.httpLog = null;
+    }
+    if (this.sshServer) {
+      this.sshServer.removeAllListeners();
+      this.sshServer.stop();
+      this.sshServer = null;
+    }
+    if (this.identify) {
+      this.identify.removeAllListeners();
+      this.identify.stop();
+      this.identify = null;
+    }
+    if (this.http2server) {
+      this.http2server.removeAllListeners();
+      this.http2server.stop();
+      this.http2server = null;
+    }
+    if (this.http1server) {
+      this.http1server.removeAllListeners();
+      this.http1server.stop();
+      this.http1server = null;
+    }
+    if (this.ssh) {
+      this.ssh.removeAllListeners();
+      this.ssh.closeKeepAlive();
+      this.ssh = null;
+    }
+  }
+}
+
+module.exports = Tunnel;