diff --git a/README_ZH.md b/README_ZH.md
index e3df90b..0fce0ba 100644
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,5 +1,5 @@
-Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务器,支持正向代理、反向代理、透明代理、内网穿透、TCP/UDP端口映射、SSH中转、TLS加密传输、协议转换、防污染DNS代理。
+Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5,ss代理服务器,支持正向代理、反向代理、透明代理、内网穿透、TCP/UDP端口映射、SSH中转、TLS加密传输、协议转换、防污染DNS代理。
[点击下载](https://github.com/snail007/goproxy/releases) 官方QQ交流群:189618940
@@ -37,6 +37,13 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- 自定义底层加密传输,http(s)\sps\socks代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据,除此之外还支持在tls和kcp之后进行自定义加密,也就是说自定义加密和tls|kcp是可以联合使用的,内部采用AES256加密,使用的时候只需要自己定义一个密码即可。
- 底层压缩高效传输,http(s)\sps\socks代理在tcp之上可以通过自定义加密和tls标准加密以及kcp协议加密tcp数据,在加密之后还可以对数据进行压缩,也就是说压缩功能和自定义加密和tls|kcp是可以联合使用的。
- 安全的DNS代理,可以通过本地的proxy提供的DNS代理服务器与上级代理加密通讯实现安全防污染的DNS查询。
+- 负载均衡,高可用,HTTP(S)\SOCKS5\SPS代理支持上级负载均衡和高可用,多个上级重复-P参数即可.
+- 指定出口IP,HTTP(S)\SOCKS5\SPS代理支持客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP,出口IP不会使用入口IP
+- HTTP(S)\SOCKS5\SS协议相互转换,SPS提供此功能.
+- 支持限速,HTTP(S)\SOCKS5\SPS代理支持限速.
+- SOCKS5代理支持级联认证.
+- 证书参数使用base64数据,默认情况下-C,-K参数是crt证书和key文件的路径,如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
### Why need these?
- 当由于某某原因,我们不能访问我们在其它地方的服务,我们可以通过多个相连的proxy节点建立起一个安全的隧道访问我们的服务.
@@ -70,6 +77,7 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- [安全建议](#安全建议)
### 手册目录
+- [负载均衡和高可用](#负载均衡和高可用)
- [1. HTTP代理](#1http代理)
- [1.1 普通HTTP代理](#11普通一级http代理)
- [1.2 普通二级HTTP代理](#12普通二级http代理)
@@ -86,7 +94,11 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- [1.11 自定义DNS](#111-自定义dns)
- [1.12 自定义加密](#112-自定义加密)
- [1.13 压缩传输](#113-压缩传输)
- - [1.14 查看帮助](#114-查看帮助)
+ - [1.14 负载均衡](#114-负载均衡)
+ - [1.15 限速](#115-限速)
+ - [1.16 指定出口IP](#116-指定出口ip)
+ - [1.17 证书参数使用base64数据](#117-证书参数使用base64数据)
+ - [1.18 查看帮助](#118-查看帮助)
- [2. TCP代理(端口映射)](#2tcp代理)
- [2.1 普通一级TCP代理](#21普通一级tcp代理)
- [2.2 普通二级TCP代理](#22普通二级tcp代理)
@@ -126,18 +138,27 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
- [5.9 自定义DNS](#59自定义dns)
- [5.10 自定义加密](#510-自定义加密)
- [5.11 压缩传输](#511-压缩传输)
- - [5.12 查看帮助](#512查看帮助)
+ - [5.12 负载均衡](#512-负载均衡)
+ - [5.13 限速](#513-限速)
+ - [5.14 指定出口IP](#514-指定出口ip)
+ - [5.15 级联认证](#515-级联认证)
+ - [5.16 证书参数使用base64数据](#516-证书参数使用base64数据)
+ - [5.17 查看帮助](#517查看帮助)
- [6. 代理协议转换](#6代理协议转换)
- [6.1 功能介绍](#61-功能介绍)
- - [6.2 HTTP(S)转HTTP(S)+SOCKS5](#62-https转httpssocks5)
- - [6.3 SOCKS5转HTTP(S)+SOCKS5](#63-socks5转httpssocks5)
- - [6.4 链式连接](#64-链式连接)
- - [6.5 监听多个端口](#65-监听多个端口)
- - [6.6 认证功能](#66-认证功能)
- - [6.7 自定义加密](#67-自定义加密)
- - [6.8 压缩传输](#68-压缩传输)
- - [6.9 禁用协议](#69-禁用协议)
- - [6.10 查看帮助](#610-查看帮助)
+ - [6.2 HTTP(S)转HTTP(S)+SOCKS5+SS](#62-https转httpssocks5ss)
+ - [6.3 SOCKS5转HTTP(S)+SOCKS5+SS](#63-socks5转httpssocks5ss)
+ - [6.4 SS转HTTP(S)+SOCKS5+SS](#63-ss转httpssocks5ss)
+ - [6.5 链式连接](#64-链式连接)
+ - [6.6 监听多个端口](#65-监听多个端口)
+ - [6.7 认证功能](#66-认证功能)
+ - [6.8 自定义加密](#67-自定义加密)
+ - [6.9 压缩传输](#68-压缩传输)
+ - [6.10 禁用协议](#610-禁用协议)
+ - [6.11 限速](#611-限速)
+ - [6.12 指定出口IP](#612-指定出口ip)
+ - [6.13 证书参数使用base64数据](#613-证书参数使用base64数据)
+ - [6.14 查看帮助](#614-查看帮助)
- [7. KCP配置](#7kcp配置)
- [7.1 配置介绍](#71-配置介绍)
- [7.2 详细配置](#72-详细配置)
@@ -161,7 +182,7 @@ curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.s
下载地址:https://github.com/snail007/goproxy/releases
```shell
cd /root/proxy/
-wget https://github.com/snail007/goproxy/releases/download/v5.5/proxy-linux-amd64.tar.gz
+wget https://github.com/snail007/goproxy/releases/download/v6.0/proxy-linux-amd64.tar.gz
```
#### **2.下载自动安装脚本**
```shell
@@ -260,6 +281,32 @@ proxy会fork子进程,然后监控子进程,如果子进程异常退出,5秒后
假设你的vps外网ip是23.23.23.23,下面命令通过-g参数设置23.23.23.23
`./proxy http -g "23.23.23.23"`
+### **负载均衡和高可用**
+
+HTTP(S)\SOCKS5\SPS代理支持上级负载均衡和高可用,多个上级重复-P参数即可.
+
+负载均衡策略支持5种,可以通过`--lb-method`参数指定:
+
+roundrobin 轮流使用
+
+leastconn 使用最小连接数的
+
+leasttime 使用连接时间最小的
+
+hash 使用根据客户端地址计算出一个固定上级
+
+weight 根据每个上级的权重和连接数情况,选择出一个上级
+
+提示:
+
+负载均衡检查时间间隔可以通过`--lb-retrytime`设置,单位毫秒
+
+负载均衡连接超时时间可以通过`--lb-timeout`设置,单位毫秒
+
+如果负载均衡策略是权重(weight),-P格式为:2.2.2.2:3880@1,1就是权重,大于0的整数.
+
+如果负载均衡策略是hash,默认是根据客户端地址选择上级,可以通过开关`--lb-hashtarget`使用访问的目标地址选择上级.
+
### **1.HTTP代理**
#### **1.1.普通一级HTTP代理**
@@ -461,7 +508,43 @@ proxy的http(s)代理在tcp之上可以通过tls标准加密以及kcp协议加
`proxy http -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.
-#### **1.14 查看帮助**
+### **1.14 负载均衡**
+
+HTTP(S)代理支持上级负载均衡,多个上级重复-P参数即可.
+
+`proxy http --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080`
+
+#### **1.14.1 设置重试间隔和超时时间**
+
+`proxy http --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`
+
+#### **1.14.2 设置权重**
+
+`proxy http --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -t tcp -p :33080`
+
+#### **1.14.3 使用目标地址选择上级**
+
+`proxy http --lb-hashtarget --lb-method=leasttime -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`
+
+### **1.15 限速**
+
+限速100K,通过`-l`参数即可指定,比如:100K 1.5M . 0意味着无限制.
+
+`proxy http -t tcp -p 2.2.2.2:33080 -l 100K`
+
+### **1.16 指定出口IP**
+
+`--bind-listen`参数,就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP,出口IP不会使用入口IP。
+
+`proxy http -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+### **1.17 证书参数使用base64数据**
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+#### **1.18 查看帮助**
`./proxy help http`
### **2.TCP代理**
@@ -890,41 +973,98 @@ proxy的socks代理在tcp之上可以通过自定义加密和tls标准加密以
`proxy socks -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.
-#### **5.12.查看帮助**
+
+#### **5.12 负载均衡**
+
+SOCKS代理支持上级负载均衡,多个上级重复-P参数即可.
+
+`proxy socks --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.12.1 设置重试间隔和超时时间**
+
+`proxy socks --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.12.2 设置权重**
+
+`proxy socks --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -p :33080 -t tcp`
+
+#### **5.12.3 使用目标地址选择上级**
+
+`proxy socks --lb-hashtarget --lb-method=leasttime -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.13 限速**
+
+限速100K,通过`-l`参数即可指定,比如:100K 1.5M . 0意味着无限制.
+
+`proxy socks -t tcp -p 2.2.2.2:33080 -l 100K`
+
+#### **5.14 指定出口IP**
+
+`--bind-listen`参数,就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP,出口IP不会使用入口IP。
+
+`proxy socks -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+#### **5.15 级联认证**
+
+SOCKS5支持级联认证,-A可以设置上级认证信息.
+
+上级:
+
+`proxy socks -t tcp -p 2.2.2.2:33080 -a user:pass`
+
+本地:
+
+`proxy socks -T tcp -P 2.2.2.2:33080 -A user:pass -t tcp -p :33080`
+
+#### **5.16 证书参数使用base64数据**
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+
+#### **5.17.查看帮助**
`./proxy help socks`
### **6.代理协议转换**
#### **6.1 功能介绍**
-代理协议转换使用的是sps子命令(socks+https的缩写),sps本身不提供代理功能,只是接受代理请求"转换并转发"给已经存在的http(s)代理或者socks5代理;sps可以把已经存在的http(s)代理或者socks5代理转换为一个端口同时支持http(s)和socks5代理,而且http(s)代理支持正向代理和反向代理(SNI),转换后的SOCKS5代理,当上级是SOCKS5时仍然支持UDP功能;另外对于已经存在的http(s)代理或者socks5代理,支持tls、tcp、kcp三种模式,支持链式连接,也就是可以多个sps结点层级连接构建加密通道。
+代理协议转换使用的是sps子命令,sps本身不提供代理功能,只是接受代理请求"转换并转发"给已经存在的http(s)代理或者socks5代理或者ss代理;sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)和socks5和ss的代理,而且http(s)代理支持正向代理和反向代理(SNI),转换后的SOCKS5代理,当上级是SOCKS5或者SS时仍然支持UDP功能;另外对于已经存在的http(s)代理或者socks5代理,支持tls、tcp、kcp三种模式,支持链式连接,也就是可以多个sps结点层级连接构建加密通道。
-#### **6.2 HTTP(S)转HTTP(S)+SOCKS5**
-假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。
+#### **6.2 HTTP(S)转HTTP(S)+SOCKS5+SS**
+假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
-假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。
+假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,tls需要证书文件,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`
+`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`
-假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。
+假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`
+`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`
-#### **6.3 SOCKS5转HTTP(S)+SOCKS5**
-假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。
+#### **6.3 SOCKS5转HTTP(S)+SOCKS5+SS**
+假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
-假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。
+假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,tls需要证书文件,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`
+`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`
-假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。
+假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。
命令如下:
-`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`
+`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`
-#### **6.4 链式连接**
+#### **6.4 SS转HTTP(S)+SOCKS5+SS**
+SPS上级和本地支持ss协议,上级可以是SPS或者标准的ss服务.
+SPS本地默认提供HTTP(S)\SOCKS5\SPS三种代理,当上级是SOCKS5时转换后的SOCKS5和SS支持UDP功能.
+假设已经存在一个普通的SS或者SPS代理(开启了ss,加密方式:aes-256-cfb,密码:demo):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,转换后的ss加密方式:aes-192-cfb,ss密码:pass。
+命令如下:
+`./proxy sps -S ss -H aes-256-cfb -J pass -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`.
+
+#### **6.5 链式连接**
上面提过多个sps结点可以层级连接构建加密通道,假设有如下vps和家里的pc电脑。
vps01:2.2.2.2
@@ -944,11 +1084,11 @@ vps02:3.3.3.3
完成。
-#### **6.5 监听多个端口**
+#### **6.6 监听多个端口**
一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的,
格式是:`-p 0.0.0.0:80,0.0.0.0:443`,多个绑定用逗号分隔即可。
-#### **6.6 认证功能**
+#### **6.7 认证功能**
sps支持http(s)\socks5代理认证,可以级联认证,有四个重要的信息:
1:用户发送认证信息`user-auth`。
2:设置的本地认证信息`local-auth`。
@@ -991,7 +1131,7 @@ target:如果客户端是http(s)代理请求,这里代表的是请求的完整ur
如果没有-A参数,连接上级不使用认证.
-#### **6.7 自定义加密**
+#### **6.8 自定义加密**
proxy的sps代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据,除此之外还支持在tls和kcp之后进行
自定义加密,也就是说自定义加密和tls|kcp是可以联合使用的,内部采用AES256加密,使用的时候只需要自己定义
一个密码即可,加密分为两个部分,一部分是本地(-z)是否加密解密,一部分是与上级(-Z)传输是否加密解密.
@@ -1019,7 +1159,7 @@ proxy的sps代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp
`proxy sps -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`
这样通过本地代理8080访问网站的时候就是通过与上级加密传输访问目标网站.
-#### **6.8 压缩传输**
+#### **6.9 压缩传输**
proxy的sps代理在tcp之上可以通过自定义加密和tls标准加密以及kcp协议加密tcp数据,在自定义加密之前还可以
对数据进行压缩,也就是说压缩功能和自定义加密和tls|kcp是可以联合使用的,压缩分为两个部分,
一部分是本地(-m)是否压缩传输,一部分是与上级(-M)传输是否压缩.
@@ -1045,8 +1185,7 @@ proxy的sps代理在tcp之上可以通过自定义加密和tls标准加密以及
`proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.
-
-#### **6.9 禁用协议**
+#### **6.10 禁用协议**
SPS默认情况下一个端口支持http(s)和socks5两种代理协议,我们可以通过参数禁用某个协议
比如:
1.禁用HTTP(S)代理功能只保留SOCKS5代理功能,参数:`--disable-http`.
@@ -1055,7 +1194,31 @@ SPS默认情况下一个端口支持http(s)和socks5两种代理协议,我们可
1.禁用SOCKS5代理功能只保留HTTP(S)代理功能,参数:`--disable-socks`.
`proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080 --disable-http`
-#### **6.10 查看帮助**
+#### **6.11 限速**
+
+假设存在SOCKS5上级:
+
+`proxy socks -p 2.2.2.2:33080 -z password -t tcp`
+
+sps下级,限速100K
+
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp -p :33080`
+
+通过`-l`参数即可指定,比如:100K 1.5M . 0意味着无限制.
+
+#### **6.12 指定出口IP**
+
+`--bind-listen`参数,就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP,出口IP不会使用入口IP。
+
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp --bind-listen -p :33080`
+
+#### **6.13 证书参数使用base64数据**
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+#### **6.14 查看帮助**
`./proxy help sps`
### **7.KCP配置**
diff --git a/config.go b/config.go
index 0e9da16..7ceab35 100755
--- a/config.go
+++ b/config.go
@@ -13,20 +13,19 @@ import (
"runtime/pprof"
"time"
- sdk "github.com/snail007/goproxy/sdk/android-ios"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
-
- httpx "github.com/snail007/goproxy/services/http"
- keygenx "github.com/snail007/goproxy/services/keygen"
- mux "github.com/snail007/goproxy/services/mux"
- socksx "github.com/snail007/goproxy/services/socks"
- spsx "github.com/snail007/goproxy/services/sps"
- tcpx "github.com/snail007/goproxy/services/tcp"
- tunnel "github.com/snail007/goproxy/services/tunnel"
- udpx "github.com/snail007/goproxy/services/udp"
-
+ sdk "bitbucket.org/snail/proxy/sdk/android-ios"
+ services "bitbucket.org/snail/proxy/services"
+ httpx "bitbucket.org/snail/proxy/services/http"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ keygenx "bitbucket.org/snail/proxy/services/keygen"
+ mux "bitbucket.org/snail/proxy/services/mux"
+ socksx "bitbucket.org/snail/proxy/services/socks"
+ spsx "bitbucket.org/snail/proxy/services/sps"
+ tcpx "bitbucket.org/snail/proxy/services/tcp"
+ tunnelx "bitbucket.org/snail/proxy/services/tunnel"
+ udpx "bitbucket.org/snail/proxy/services/udp"
kcp "github.com/xtaci/kcp-go"
+
"golang.org/x/crypto/pbkdf2"
kingpin "gopkg.in/alecthomas/kingpin.v2"
)
@@ -43,9 +42,9 @@ func initConfig() (err error) {
//define args
tcpArgs := tcpx.TCPArgs{}
httpArgs := httpx.HTTPArgs{}
- tunnelServerArgs := tunnel.TunnelServerArgs{}
- tunnelClientArgs := tunnel.TunnelClientArgs{}
- tunnelBridgeArgs := tunnel.TunnelBridgeArgs{}
+ tunnelServerArgs := tunnelx.TunnelServerArgs{}
+ tunnelClientArgs := tunnelx.TunnelClientArgs{}
+ tunnelBridgeArgs := tunnelx.TunnelBridgeArgs{}
muxServerArgs := mux.MuxServerArgs{}
muxClientArgs := mux.MuxClientArgs{}
muxBridgeArgs := mux.MuxBridgeArgs{}
@@ -55,10 +54,9 @@ func initConfig() (err error) {
dnsArgs := sdk.DNSArgs{}
keygenArgs := keygenx.KeygenArgs{}
kcpArgs := kcpcfg.KCPConfigArgs{}
-
//build srvice args
app = kingpin.New("proxy", "happy with proxy")
- app.Author("snail").Version(APP_VERSION)
+ app.Author("snail").Version("v" + APP_VERSION + " enterprise version")
debug := app.Flag("debug", "debug log output").Default("false").Bool()
daemon := app.Flag("daemon", "run proxy in background").Default("false").Bool()
forever := app.Flag("forever", "run proxy in forever,fail and retry").Default("false").Bool()
@@ -84,7 +82,7 @@ func initConfig() (err error) {
//########http#########
http := app.Command("http", "proxy on http mode")
- httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
httpArgs.CaCertFile = http.Flag("ca", "ca cert file for tls").Default("").String()
httpArgs.CertFile = http.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
httpArgs.KeyFile = http.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
@@ -115,21 +113,29 @@ func initConfig() (err error) {
httpArgs.ParentKey = http.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
httpArgs.LocalCompress = http.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
httpArgs.ParentCompress = http.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
-
+ httpArgs.LoadBalanceMethod = http.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ httpArgs.LoadBalanceTimeout = http.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ httpArgs.LoadBalanceRetryTime = http.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ httpArgs.LoadBalanceHashTarget = http.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ httpArgs.LoadBalanceOnlyHA = http.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ httpArgs.RateLimit = http.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ httpArgs.BindListen = http.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+ httpArgs.Debug = debug
//########tcp#########
tcp := app.Command("tcp", "proxy on tcp mode")
- tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("[]").Short('P').String()
tcpArgs.CertFile = tcp.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
tcpArgs.KeyFile = tcp.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
tcpArgs.Timeout = tcp.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Short('e').Default("2000").Int()
tcpArgs.ParentType = tcp.Flag("parent-type", "parent protocol type ").Short('T').Enum("tls", "tcp", "udp", "kcp")
tcpArgs.LocalType = tcp.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
+ tcpArgs.CheckParentInterval = tcp.Flag("check-parent-interval", "check if proxy is okay every interval seconds,zero: means no check").Short('I').Default("3").Int()
tcpArgs.Local = tcp.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
tcpArgs.Jumper = tcp.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
//########udp#########
udp := app.Command("udp", "proxy on udp mode")
- udpArgs.Parent = udp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ udpArgs.Parent = udp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("[]").Short('P').String()
udpArgs.CertFile = udp.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
udpArgs.KeyFile = udp.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
udpArgs.Timeout = udp.Flag("timeout", "tcp timeout milliseconds when connect to parent proxy").Short('t').Default("2000").Int()
@@ -200,7 +206,7 @@ func initConfig() (err error) {
//########ssh#########
socks := app.Command("socks", "proxy on ssh mode")
- socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').String()
+ socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').Strings()
socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type ").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh")
socksArgs.LocalType = socks.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
@@ -210,7 +216,7 @@ func initConfig() (err error) {
socksArgs.SSHUser = socks.Flag("ssh-user", "user for ssh").Short('u').Default("").String()
socksArgs.SSHKeyFile = socks.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
socksArgs.SSHKeyFileSalt = socks.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
- socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
+ socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('D').Default("").String()
socksArgs.Always = socks.Flag("always", "always use parent proxy").Default("false").Bool()
socksArgs.Timeout = socks.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Default("5000").Int()
socksArgs.Interval = socks.Flag("interval", "check domain if blocked every interval seconds").Default("10").Int()
@@ -223,16 +229,25 @@ func initConfig() (err error) {
socksArgs.AuthURLTimeout = socks.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
socksArgs.AuthURLOkCode = socks.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
socksArgs.AuthURLRetry = socks.Flag("auth-retry", "access 'auth-url' fail and retry count").Default("0").Int()
+ socksArgs.ParentAuth = socks.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
socksArgs.DNSAddress = socks.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
socksArgs.DNSTTL = socks.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
socksArgs.LocalKey = socks.Flag("local-key", "the password for auto encrypt/decrypt local connection data").Short('z').Default("").String()
socksArgs.ParentKey = socks.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
socksArgs.LocalCompress = socks.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
socksArgs.ParentCompress = socks.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+ socksArgs.LoadBalanceMethod = socks.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ socksArgs.LoadBalanceTimeout = socks.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ socksArgs.LoadBalanceRetryTime = socks.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ socksArgs.LoadBalanceHashTarget = socks.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ socksArgs.LoadBalanceOnlyHA = socks.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ socksArgs.RateLimit = socks.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ socksArgs.BindListen = socks.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+ socksArgs.Debug = debug
//########socks+http(s)#########
sps := app.Command("sps", "proxy on socks+http(s) mode")
- spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
spsArgs.CertFile = sps.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
spsArgs.KeyFile = sps.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
spsArgs.CaCertFile = sps.Flag("ca", "ca cert file for tls").Default("").String()
@@ -240,7 +255,7 @@ func initConfig() (err error) {
spsArgs.ParentType = sps.Flag("parent-type", "parent protocol type ").Short('T').Enum("tls", "tcp", "kcp")
spsArgs.LocalType = sps.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
spsArgs.Local = sps.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String()
- spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type ").Short('S').Enum("http", "socks")
+ spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type ").Short('S').Enum("http", "socks", "ss")
spsArgs.DNSAddress = sps.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
spsArgs.DNSTTL = sps.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
spsArgs.AuthFile = sps.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
@@ -255,8 +270,20 @@ func initConfig() (err error) {
spsArgs.ParentKey = sps.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
spsArgs.LocalCompress = sps.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
spsArgs.ParentCompress = sps.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+ spsArgs.SSMethod = sps.Flag("ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss client , \"-t tcp\" is required").Short('h').Default("aes-256-cfb").String()
+ spsArgs.SSKey = sps.Flag("ss-key", "if you use ss client , \"-t tcp\" is required").Short('j').Default("sspassword").String()
+ spsArgs.ParentSSMethod = sps.Flag("parent-ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss server as parent, \"-T tcp\" is required").Short('H').Default("aes-256-cfb").String()
+ spsArgs.ParentSSKey = sps.Flag("parent-ss-key", "if you use ss server as parent, \"-T tcp\" is required").Short('J').Default("sspassword").String()
spsArgs.DisableHTTP = sps.Flag("disable-http", "disable http(s) proxy").Default("false").Bool()
spsArgs.DisableSocks5 = sps.Flag("disable-socks", "disable socks proxy").Default("false").Bool()
+ spsArgs.DisableSS = sps.Flag("disable-ss", "disable ss proxy").Default("false").Bool()
+ spsArgs.LoadBalanceMethod = sps.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ spsArgs.LoadBalanceTimeout = sps.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ spsArgs.LoadBalanceRetryTime = sps.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ spsArgs.LoadBalanceHashTarget = sps.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ spsArgs.LoadBalanceOnlyHA = sps.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ spsArgs.RateLimit = sps.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ spsArgs.Debug = debug
//########dns#########
dns := app.Command("dns", "proxy on dns server mode")
@@ -357,7 +384,6 @@ func initConfig() (err error) {
flags |= logger.Ltime
}
log.SetFlags(flags)
-
if *nolog {
log.SetOutput(ioutil.Discard)
} else if *logfile != "" {
@@ -444,7 +470,7 @@ func initConfig() (err error) {
log.Println("[profiling] threadcreate profiling save to file : threadcreate.prof")
}
}
- //regist services and run service
+
//regist services and run service
switch serviceName {
case "http":
@@ -454,11 +480,11 @@ func initConfig() (err error) {
case "udp":
services.Regist(serviceName, udpx.NewUDP(), udpArgs, log)
case "tserver":
- services.Regist(serviceName, tunnel.NewTunnelServerManager(), tunnelServerArgs, log)
+ services.Regist(serviceName, tunnelx.NewTunnelServerManager(), tunnelServerArgs, log)
case "tclient":
- services.Regist(serviceName, tunnel.NewTunnelClient(), tunnelClientArgs, log)
+ services.Regist(serviceName, tunnelx.NewTunnelClient(), tunnelClientArgs, log)
case "tbridge":
- services.Regist(serviceName, tunnel.NewTunnelBridge(), tunnelBridgeArgs, log)
+ services.Regist(serviceName, tunnelx.NewTunnelBridge(), tunnelBridgeArgs, log)
case "server":
services.Regist(serviceName, mux.NewMuxServerManager(), muxServerArgs, log)
case "client":
@@ -474,7 +500,6 @@ func initConfig() (err error) {
case "keygen":
services.Regist(serviceName, keygenx.NewKeygen(), keygenArgs, log)
}
-
service, err = services.Run(serviceName, nil)
if err != nil {
log.Fatalf("run service [%s] fail, ERR:%s", serviceName, err)
@@ -483,16 +508,7 @@ func initConfig() (err error) {
}
func poster() {
- fmt.Printf(`
- ######## ######## ####### ## ## ## ##
- ## ## ## ## ## ## ## ## ## ##
- ## ## ## ## ## ## ## ## ####
- ######## ######## ## ## ### ##
- ## ## ## ## ## ## ## ##
- ## ## ## ## ## ## ## ##
- ## ## ## ####### ## ## ##
-
- v%s`+" by snail , blog : http://www.host900.com/\n\n", APP_VERSION)
+ fmt.Printf(`Proxy Enterprise Version v%s`+" by snail , blog : http://www.host900.com/\n\n", APP_VERSION)
}
func saveProfiling() {
goroutine := pprof.Lookup("goroutine")
diff --git a/install_auto.sh b/install_auto.sh
index ab1eb11..32bf059 100755
--- a/install_auto.sh
+++ b/install_auto.sh
@@ -5,7 +5,7 @@ if [ -e /tmp/proxy ]; then
fi
mkdir /tmp/proxy
cd /tmp/proxy
-wget https://github.com/snail007/goproxy/releases/download/v5.5/proxy-linux-amd64.tar.gz
+wget https://github.com/snail007/goproxy/releases/download/v6.0/proxy-linux-amd64.tar.gz
# #install proxy
tar zxvf proxy-linux-amd64.tar.gz
diff --git a/main.go b/main.go
index 6ba262f..6df5fac 100644
--- a/main.go
+++ b/main.go
@@ -6,12 +6,22 @@ import (
"os/signal"
"syscall"
- "github.com/snail007/goproxy/services"
+ "bitbucket.org/snail/certverify/check"
+ "bitbucket.org/snail/proxy/services"
)
-const APP_VERSION = "5.5"
+const APP_VERSION = "6.0"
func main() {
+ isForever := false
+ for _, v := range os.Args[1:] {
+ if v == "--forever" {
+ isForever = true
+ }
+ }
+ if !isForever {
+ check.Init("proxy")
+ }
err := initConfig()
if err != nil {
log.Fatalf("err : %s", err)
diff --git a/release.sh b/release.sh
index ac0a83c..e25bce4 100755
--- a/release.sh
+++ b/release.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-VER="5.5"
+VER="6.0"
RELEASE="release-${VER}"
rm -rf .cert
mkdir .cert
diff --git a/sdk/CHANGELOG b/sdk/CHANGELOG
index 9336b59..ec15bce 100644
--- a/sdk/CHANGELOG
+++ b/sdk/CHANGELOG
@@ -1,21 +1,3 @@
-SDK更新日志
-v5.4
-1.去掉了无用参数
-
-
-v5.3
-1.增加了支持日志输出回调的方法:
- StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
-2.优化了socks_client握手端口判断,避免了sstap测试UDP失败的问题..
-3.修复了HTTP(S)\SPS反向代理无法正常工作的问题.
-4.优化了智能判断,减少不必要的DNS解析.
-5.重构了SOCKS和SPS的UDP功能,基于UDP的游戏加速嗖嗖的.
-
-v4.9
-1.修复了HTTP Basic代理返回不合适的头部,导致浏览器不会弹框,个别代理插件无法认证的问题.
-2.内网穿透切换smux到yamux.
-3.优化了HTTP(S)\SOCKS5代理--always的处理逻辑.
-
v4.8
1.修复了多个服务同时开启日志,只会输出到最后一个日志文件的bug.
2.增加了获取sdk版本的Version()方法.
diff --git a/sdk/README.md b/sdk/README.md
index f21503e..d65c405 100644
--- a/sdk/README.md
+++ b/sdk/README.md
@@ -25,7 +25,7 @@ proxy使用gombile实现了一份go代码编译为android和ios平台下面可
#### 1.导入包
```java
-import snail007.proxy.Proxy
+import snail007.proxy.Porxy
```
#### 2.启动一个服务
diff --git a/sdk/android-ios/dns.go b/sdk/android-ios/dns.go
index 375016d..b7cb2f7 100644
--- a/sdk/android-ios/dns.go
+++ b/sdk/android-ios/dns.go
@@ -11,10 +11,10 @@ import (
"golang.org/x/net/proxy"
+ services "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
"github.com/miekg/dns"
gocache "github.com/pmylund/go-cache"
- services "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
)
type DNSArgs struct {
@@ -76,7 +76,7 @@ func (s *DNS) InitService() (err error) {
nil,
&net.Dialer{
Timeout: 5 * time.Second,
- KeepAlive: 2 * time.Second,
+ KeepAlive: 5 * time.Second,
},
)
if err != nil {
@@ -117,7 +117,7 @@ func (s *DNS) StopService() {
if e != nil {
s.log.Printf("stop dns service crashed,%s", e)
} else {
- s.log.Printf("service dns stopped")
+ s.log.Printf("service dns stoped")
}
}()
Stop(s.serviceKey)
diff --git a/sdk/android-ios/release_android.sh b/sdk/android-ios/release_android.sh
index 7d28994..a52adfa 100755
--- a/sdk/android-ios/release_android.sh
+++ b/sdk/android-ios/release_android.sh
@@ -1,5 +1,5 @@
#/bin/bash
-VER="v5.5"
+VER="v5.3"
rm -rf sdk-android-*.tar.gz
rm -rf android
mkdir android
diff --git a/sdk/android-ios/release_ios.sh b/sdk/android-ios/release_ios.sh
index d8a11ed..633981c 100755
--- a/sdk/android-ios/release_ios.sh
+++ b/sdk/android-ios/release_ios.sh
@@ -1,5 +1,5 @@
#/bin/bash
-VER="v5.5"
+VER="v5.3"
rm -rf sdk-ios-*.tar.gz
rm -rf ios
mkdir ios
diff --git a/sdk/android-ios/sdk.go b/sdk/android-ios/sdk.go
index 831268a..91b4c22 100644
--- a/sdk/android-ios/sdk.go
+++ b/sdk/android-ios/sdk.go
@@ -10,21 +10,23 @@ import (
"path/filepath"
"strings"
- "github.com/snail007/goproxy/services"
- httpx "github.com/snail007/goproxy/services/http"
- "github.com/snail007/goproxy/services/kcpcfg"
- mux "github.com/snail007/goproxy/services/mux"
- socksx "github.com/snail007/goproxy/services/socks"
- spsx "github.com/snail007/goproxy/services/sps"
- tcpx "github.com/snail007/goproxy/services/tcp"
- tunnel "github.com/snail007/goproxy/services/tunnel"
- udpx "github.com/snail007/goproxy/services/udp"
+ "bitbucket.org/snail/proxy/services"
+ httpx "bitbucket.org/snail/proxy/services/http"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ keygenx "bitbucket.org/snail/proxy/services/keygen"
+ mux "bitbucket.org/snail/proxy/services/mux"
+ socksx "bitbucket.org/snail/proxy/services/socks"
+ spsx "bitbucket.org/snail/proxy/services/sps"
+ tcpx "bitbucket.org/snail/proxy/services/tcp"
+ tunnelx "bitbucket.org/snail/proxy/services/tunnel"
+ udpx "bitbucket.org/snail/proxy/services/udp"
+
kcp "github.com/xtaci/kcp-go"
"golang.org/x/crypto/pbkdf2"
kingpin "gopkg.in/alecthomas/kingpin.v2"
)
-const SDK_VERSION = "5.5"
+const SDK_VERSION = "5.3 enterprise"
var (
app *kingpin.Application
@@ -62,9 +64,9 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
//define args
tcpArgs := tcpx.TCPArgs{}
httpArgs := httpx.HTTPArgs{}
- tunnelServerArgs := tunnel.TunnelServerArgs{}
- tunnelClientArgs := tunnel.TunnelClientArgs{}
- tunnelBridgeArgs := tunnel.TunnelBridgeArgs{}
+ tunnelServerArgs := tunnelx.TunnelServerArgs{}
+ tunnelClientArgs := tunnelx.TunnelClientArgs{}
+ tunnelBridgeArgs := tunnelx.TunnelBridgeArgs{}
muxServerArgs := mux.MuxServerArgs{}
muxClientArgs := mux.MuxClientArgs{}
muxBridgeArgs := mux.MuxBridgeArgs{}
@@ -72,6 +74,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
socksArgs := socksx.SocksArgs{}
spsArgs := spsx.SPSArgs{}
dnsArgs := DNSArgs{}
+ keygenArgs := keygenx.KeygenArgs{}
kcpArgs := kcpcfg.KCPConfigArgs{}
//build srvice args
app = kingpin.New("proxy", "happy with proxy")
@@ -81,8 +84,8 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
nolog := app.Flag("nolog", "turn off logging").Default("false").Bool()
kcpArgs.Key = app.Flag("kcp-key", "pre-shared secret between client and server").Default("secrect").String()
kcpArgs.Crypt = app.Flag("kcp-method", "encrypt/decrypt method, can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none").Default("aes").Enum("aes", "aes-128", "aes-192", "salsa20", "blowfish", "twofish", "cast5", "3des", "tea", "xtea", "xor", "sm4", "none")
- kcpArgs.Mode = app.Flag("kcp-mode", "profiles: fast3, fast2, fast, normal, manual").Default("fast3").Enum("fast3", "fast2", "fast", "normal", "manual")
- kcpArgs.MTU = app.Flag("kcp-mtu", "set maximum transmission unit for UDP packets").Default("1350").Int()
+ kcpArgs.Mode = app.Flag("kcp-mode", "profiles: fast3, fast2, fast, normal, manual").Default("fast").Enum("fast3", "fast2", "fast", "normal", "manual")
+ kcpArgs.MTU = app.Flag("kcp-mtu", "set maximum transmission unit for UDP packets").Default("450").Int()
kcpArgs.SndWnd = app.Flag("kcp-sndwnd", "set send window size(num of packets)").Default("1024").Int()
kcpArgs.RcvWnd = app.Flag("kcp-rcvwnd", "set receive window size(num of packets)").Default("1024").Int()
kcpArgs.DataShard = app.Flag("kcp-ds", "set reed-solomon erasure coding - datashard").Default("10").Int()
@@ -99,7 +102,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
//########http#########
http := app.Command("http", "proxy on http mode")
- httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
httpArgs.CaCertFile = http.Flag("ca", "ca cert file for tls").Default("").String()
httpArgs.CertFile = http.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
httpArgs.KeyFile = http.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
@@ -130,21 +133,29 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
httpArgs.ParentKey = http.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
httpArgs.LocalCompress = http.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
httpArgs.ParentCompress = http.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
-
+ httpArgs.LoadBalanceMethod = http.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ httpArgs.LoadBalanceTimeout = http.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ httpArgs.LoadBalanceRetryTime = http.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ httpArgs.LoadBalanceHashTarget = http.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ httpArgs.LoadBalanceOnlyHA = http.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ httpArgs.RateLimit = http.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ httpArgs.BindListen = http.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+ httpArgs.Debug = debug
//########tcp#########
tcp := app.Command("tcp", "proxy on tcp mode")
- tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("[]").Short('P').String()
tcpArgs.CertFile = tcp.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
tcpArgs.KeyFile = tcp.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
tcpArgs.Timeout = tcp.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Short('e').Default("2000").Int()
tcpArgs.ParentType = tcp.Flag("parent-type", "parent protocol type ").Short('T').Enum("tls", "tcp", "udp", "kcp")
tcpArgs.LocalType = tcp.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
+ tcpArgs.CheckParentInterval = tcp.Flag("check-parent-interval", "check if proxy is okay every interval seconds,zero: means no check").Short('I').Default("3").Int()
tcpArgs.Local = tcp.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
tcpArgs.Jumper = tcp.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
//########udp#########
udp := app.Command("udp", "proxy on udp mode")
- udpArgs.Parent = udp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ udpArgs.Parent = udp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("[]").Short('P').String()
udpArgs.CertFile = udp.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
udpArgs.KeyFile = udp.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
udpArgs.Timeout = udp.Flag("timeout", "tcp timeout milliseconds when connect to parent proxy").Short('t').Default("2000").Int()
@@ -215,7 +226,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
//########ssh#########
socks := app.Command("socks", "proxy on ssh mode")
- socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').String()
+ socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').Strings()
socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type ").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh")
socksArgs.LocalType = socks.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
@@ -225,7 +236,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
socksArgs.SSHUser = socks.Flag("ssh-user", "user for ssh").Short('u').Default("").String()
socksArgs.SSHKeyFile = socks.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
socksArgs.SSHKeyFileSalt = socks.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
- socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
+ socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('D').Default("").String()
socksArgs.Always = socks.Flag("always", "always use parent proxy").Default("false").Bool()
socksArgs.Timeout = socks.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Default("5000").Int()
socksArgs.Interval = socks.Flag("interval", "check domain if blocked every interval seconds").Default("10").Int()
@@ -238,16 +249,25 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
socksArgs.AuthURLTimeout = socks.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
socksArgs.AuthURLOkCode = socks.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
socksArgs.AuthURLRetry = socks.Flag("auth-retry", "access 'auth-url' fail and retry count").Default("0").Int()
+ socksArgs.ParentAuth = socks.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
socksArgs.DNSAddress = socks.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
socksArgs.DNSTTL = socks.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
socksArgs.LocalKey = socks.Flag("local-key", "the password for auto encrypt/decrypt local connection data").Short('z').Default("").String()
socksArgs.ParentKey = socks.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
socksArgs.LocalCompress = socks.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
socksArgs.ParentCompress = socks.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+ socksArgs.LoadBalanceMethod = socks.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ socksArgs.LoadBalanceTimeout = socks.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ socksArgs.LoadBalanceRetryTime = socks.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ socksArgs.LoadBalanceHashTarget = socks.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ socksArgs.LoadBalanceOnlyHA = socks.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ socksArgs.RateLimit = socks.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ socksArgs.BindListen = socks.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+ socksArgs.Debug = debug
//########socks+http(s)#########
sps := app.Command("sps", "proxy on socks+http(s) mode")
- spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+ spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
spsArgs.CertFile = sps.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
spsArgs.KeyFile = sps.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
spsArgs.CaCertFile = sps.Flag("ca", "ca cert file for tls").Default("").String()
@@ -255,12 +275,12 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
spsArgs.ParentType = sps.Flag("parent-type", "parent protocol type ").Short('T').Enum("tls", "tcp", "kcp")
spsArgs.LocalType = sps.Flag("local-type", "local protocol type ").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
spsArgs.Local = sps.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String()
- spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type ").Short('S').Enum("http", "socks")
+ spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type ").Short('S').Enum("http", "socks", "ss")
spsArgs.DNSAddress = sps.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
spsArgs.DNSTTL = sps.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
spsArgs.AuthFile = sps.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
spsArgs.Auth = sps.Flag("auth", "socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings()
- spsArgs.LocalIPS = sps.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+ spsArgs.LocalIPS = sps.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
spsArgs.AuthURL = sps.Flag("auth-url", "auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
spsArgs.AuthURLTimeout = sps.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
spsArgs.AuthURLOkCode = sps.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
@@ -270,8 +290,21 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
spsArgs.ParentKey = sps.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
spsArgs.LocalCompress = sps.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
spsArgs.ParentCompress = sps.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+ spsArgs.SSMethod = sps.Flag("ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss client , \"-t tcp\" is required").Short('h').Default("aes-256-cfb").String()
+ spsArgs.SSKey = sps.Flag("ss-key", "if you use ss client , \"-t tcp\" is required").Short('j').Default("sspassword").String()
+ spsArgs.ParentSSMethod = sps.Flag("parent-ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss server as parent, \"-T tcp\" is required").Short('H').Default("aes-256-cfb").String()
+ spsArgs.ParentSSKey = sps.Flag("parent-ss-key", "if you use ss server as parent, \"-T tcp\" is required").Short('J').Default("sspassword").String()
spsArgs.DisableHTTP = sps.Flag("disable-http", "disable http(s) proxy").Default("false").Bool()
spsArgs.DisableSocks5 = sps.Flag("disable-socks", "disable socks proxy").Default("false").Bool()
+ spsArgs.DisableSS = sps.Flag("disable-ss", "disable ss proxy").Default("false").Bool()
+ spsArgs.LoadBalanceMethod = sps.Flag("lb-method", "load balance method when use multiple parent,can be ").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+ spsArgs.LoadBalanceTimeout = sps.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+ spsArgs.LoadBalanceRetryTime = sps.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+ spsArgs.LoadBalanceHashTarget = sps.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+ spsArgs.LoadBalanceOnlyHA = sps.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+ spsArgs.RateLimit = sps.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+ spsArgs.Debug = debug
+
//########dns#########
dns := app.Command("dns", "proxy on dns server mode")
dnsArgs.Parent = dns.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
@@ -280,7 +313,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
dnsArgs.CaCertFile = dns.Flag("ca", "ca cert file for tls").Default("").String()
dnsArgs.Timeout = dns.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Short('i').Default("2000").Int()
dnsArgs.ParentType = dns.Flag("parent-type", "parent protocol type ").Short('T').Enum("tls", "tcp", "kcp")
- dnsArgs.Local = dns.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String()
+ dnsArgs.Local = dns.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":53").String()
dnsArgs.ParentServiceType = dns.Flag("parent-service-type", "parent service type ").Short('S').Enum("http", "socks")
dnsArgs.RemoteDNSAddress = dns.Flag("dns-address", "remote dns for resolve doamin").Short('q').Default("8.8.8.8:53").String()
dnsArgs.DNSTTL = dns.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
@@ -290,6 +323,14 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
dnsArgs.CacheFile = dns.Flag("cache-file", "dns result cached file").Short('f').Default(filepath.Join(path.Dir(os.Args[0]), "cache.dat")).String()
dnsArgs.LocalSocks5Port = dns.Flag("socks-port", "local socks5 port").Short('s').Default("65501").String()
+ //########keygen#########
+ keygen := app.Command("keygen", "create certificate for proxy")
+ keygenArgs.CommonName = keygen.Flag("cn", "common name").Short('n').Default("").String()
+ keygenArgs.CaName = keygen.Flag("ca", "ca name").Short('C').Default("").String()
+ keygenArgs.CertName = keygen.Flag("cert", "cert name of sign to create").Short('c').Default("").String()
+ keygenArgs.SignDays = keygen.Flag("days", "days of sign").Short('d').Default("365").Int()
+ keygenArgs.Sign = keygen.Flag("sign", "cert is to signin").Short('s').Default("false").Bool()
+
//parse args
_args := strings.Fields(strings.Trim(serviceArgsStr, " "))
args := []string{}
@@ -387,11 +428,11 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
case "udp":
services.Regist(serviceID, udpx.NewUDP(), udpArgs, log)
case "tserver":
- services.Regist(serviceID, tunnel.NewTunnelServerManager(), tunnelServerArgs, log)
+ services.Regist(serviceID, tunnelx.NewTunnelServerManager(), tunnelServerArgs, log)
case "tclient":
- services.Regist(serviceID, tunnel.NewTunnelClient(), tunnelClientArgs, log)
+ services.Regist(serviceID, tunnelx.NewTunnelClient(), tunnelClientArgs, log)
case "tbridge":
- services.Regist(serviceID, tunnel.NewTunnelBridge(), tunnelBridgeArgs, log)
+ services.Regist(serviceID, tunnelx.NewTunnelBridge(), tunnelBridgeArgs, log)
case "server":
services.Regist(serviceID, mux.NewMuxServerManager(), muxServerArgs, log)
case "client":
@@ -403,7 +444,7 @@ func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback)
case "sps":
services.Regist(serviceID, spsx.NewSPS(), spsArgs, log)
case "dns":
- services.Regist(serviceName, NewDNS(), dnsArgs, log)
+ services.Regist(serviceID, NewDNS(), dnsArgs, log)
}
_, err = services.Run(serviceID, nil)
if err != nil {
diff --git a/sdk/windows-linux/release_linux.sh b/sdk/windows-linux/release_linux.sh
index e727a64..76aaf4b 100755
--- a/sdk/windows-linux/release_linux.sh
+++ b/sdk/windows-linux/release_linux.sh
@@ -1,5 +1,5 @@
#/bin/bash
-VER="v5.5"
+VER="v5.3"
rm -rf sdk-linux-*.tar.gz
rm -rf README.md libproxy-sdk.so libproxy-sdk.h libproxy-sdk.a
diff --git a/sdk/windows-linux/release_mac.sh b/sdk/windows-linux/release_mac.sh
index 3dc9359..b2b5e4e 100755
--- a/sdk/windows-linux/release_mac.sh
+++ b/sdk/windows-linux/release_mac.sh
@@ -1,5 +1,5 @@
#/bin/bash
-VER="v5.5"
+VER="v5.3"
rm -rf *.tar.gz
rm -rf README.md libproxy-sdk.dylib libproxy-sdk.h
diff --git a/sdk/windows-linux/release_windows.sh b/sdk/windows-linux/release_windows.sh
index cba2a7d..ab26512 100755
--- a/sdk/windows-linux/release_windows.sh
+++ b/sdk/windows-linux/release_windows.sh
@@ -1,5 +1,5 @@
#/bin/bash
-VER="v5.5"
+VER="v5.3"
#sudo rm /usr/local/go
#sudo ln -s /usr/local/go1.10.1 /usr/local/go
diff --git a/sdk/windows-linux/sdk.go b/sdk/windows-linux/sdk.go
index f3a5ce3..7b77366 100644
--- a/sdk/windows-linux/sdk.go
+++ b/sdk/windows-linux/sdk.go
@@ -3,7 +3,7 @@ package main
import (
"C"
- sdk "github.com/snail007/goproxy/sdk/android-ios"
+ sdk "bitbucket.org/snail/proxy/sdk/android-ios"
)
//export Start
diff --git a/services/http/http.go b/services/http/http.go
index 0d33093..673efc5 100644
--- a/services/http/http.go
+++ b/services/http/http.go
@@ -1,6 +1,7 @@
package http
import (
+ "crypto/tls"
"fmt"
"io"
"io/ioutil"
@@ -11,81 +12,100 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/conncrypt"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils/datasize"
+ "bitbucket.org/snail/proxy/utils/dnsx"
+ "bitbucket.org/snail/proxy/utils/iolimiter"
+ "bitbucket.org/snail/proxy/utils/lb"
+ "bitbucket.org/snail/proxy/utils/mapx"
+
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/conncrypt"
"golang.org/x/crypto/ssh"
)
type HTTPArgs struct {
- Parent *string
- CertFile *string
- KeyFile *string
- CaCertFile *string
- CaCertBytes []byte
- CertBytes []byte
- KeyBytes []byte
- Local *string
- Always *bool
- HTTPTimeout *int
- Interval *int
- Blocked *string
- Direct *string
- AuthFile *string
- Auth *[]string
- AuthURL *string
- AuthURLOkCode *int
- AuthURLTimeout *int
- AuthURLRetry *int
- ParentType *string
- LocalType *string
- Timeout *int
- CheckParentInterval *int
- SSHKeyFile *string
- SSHKeyFileSalt *string
- SSHPassword *string
- SSHUser *string
- SSHKeyBytes []byte
- SSHAuthMethod ssh.AuthMethod
- KCP kcpcfg.KCPConfigArgs
- LocalIPS *[]string
- DNSAddress *string
- DNSTTL *int
- LocalKey *string
- ParentKey *string
- LocalCompress *bool
- ParentCompress *bool
+ Parent *[]string
+ CertFile *string
+ KeyFile *string
+ CaCertFile *string
+ CaCertBytes []byte
+ CertBytes []byte
+ KeyBytes []byte
+ Local *string
+ Always *bool
+ HTTPTimeout *int
+ Interval *int
+ Blocked *string
+ Direct *string
+ AuthFile *string
+ Auth *[]string
+ AuthURL *string
+ AuthURLOkCode *int
+ AuthURLTimeout *int
+ AuthURLRetry *int
+ ParentType *string
+ LocalType *string
+ Timeout *int
+ CheckParentInterval *int
+ SSHKeyFile *string
+ SSHKeyFileSalt *string
+ SSHPassword *string
+ SSHUser *string
+ SSHKeyBytes []byte
+ SSHAuthMethod ssh.AuthMethod
+ KCP kcpcfg.KCPConfigArgs
+ LocalIPS *[]string
+ DNSAddress *string
+ DNSTTL *int
+ LocalKey *string
+ ParentKey *string
+ LocalCompress *bool
+ ParentCompress *bool
+ LoadBalanceMethod *string
+ LoadBalanceTimeout *int
+ LoadBalanceRetryTime *int
+ LoadBalanceHashTarget *bool
+ LoadBalanceOnlyHA *bool
+
+ RateLimit *string
+ RateLimitBytes float64
+ BindListen *bool
+ Debug *bool
}
type HTTP struct {
- outPool utils.OutConn
cfg HTTPArgs
checker utils.Checker
basicAuth utils.BasicAuth
sshClient *ssh.Client
lockChn chan bool
- domainResolver utils.DomainResolver
+ domainResolver dnsx.DomainResolver
isStop bool
serverChannels []*utils.ServerChannel
- userConns utils.ConcurrentMap
+ userConns mapx.ConcurrentMap
log *logger.Logger
+ lb *lb.Group
}
func NewHTTP() services.Service {
return &HTTP{
- outPool: utils.OutConn{},
cfg: HTTPArgs{},
checker: utils.Checker{},
basicAuth: utils.BasicAuth{},
lockChn: make(chan bool, 1),
isStop: false,
serverChannels: []*utils.ServerChannel{},
- userConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
}
}
func (s *HTTP) CheckArgs() (err error) {
- if *s.cfg.Parent != "" && *s.cfg.ParentType == "" {
+
+ if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+ (*s.cfg.Parent) = []string{}
+ }
+ if len(*s.cfg.Parent) > 0 && *s.cfg.ParentType == "" {
err = fmt.Errorf("parent type unkown,use -T ")
return
}
@@ -133,15 +153,26 @@ func (s *HTTP) CheckArgs() (err error) {
s.cfg.SSHAuthMethod = ssh.PublicKeys(SSHSigner)
}
}
+ if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+ var size uint64
+ size, err = datasize.Parse(*s.cfg.RateLimit)
+ if err != nil {
+ err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+ return
+ }
+ s.cfg.RateLimitBytes = float64(size)
+ }
return
}
func (s *HTTP) InitService() (err error) {
s.InitBasicAuth()
- if *s.cfg.Parent != "" {
+ //init lb
+ if len(*s.cfg.Parent) > 0 {
s.checker = utils.NewChecker(*s.cfg.HTTPTimeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log)
+ s.InitLB()
}
if *s.cfg.DNSAddress != "" {
- (*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+ (*s).domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
}
if *s.cfg.ParentType == "ssh" {
err = s.ConnectSSH()
@@ -155,7 +186,7 @@ func (s *HTTP) InitService() (err error) {
if s.isStop {
return
}
- conn, err := utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout*2)
+ conn, err := utils.ConnectHost(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), *s.cfg.Timeout*2)
if err == nil {
conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
_, err = conn.Write([]byte{0})
@@ -185,11 +216,11 @@ func (s *HTTP) StopService() {
if e != nil {
s.log.Printf("stop http(s) service crashed,%s", e)
} else {
- s.log.Printf("service http(s) stopped")
+ s.log.Printf("service http(s) stoped")
}
}()
s.isStop = true
- if *s.cfg.Parent != "" {
+ if len(*s.cfg.Parent) > 0 {
s.checker.Stop()
}
if s.sshClient != nil {
@@ -203,6 +234,9 @@ func (s *HTTP) StopService() {
(*sc.UDPListener).Close()
}
}
+ if s.lb != nil {
+ s.lb.Stop()
+ }
}
func (s *HTTP) Start(args interface{}, log *logger.Logger) (err error) {
s.log = log
@@ -215,9 +249,8 @@ func (s *HTTP) Start(args interface{}, log *logger.Logger) (err error) {
return
}
- if *s.cfg.Parent != "" {
- s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
- s.InitOutConnPool()
+ if len(*s.cfg.Parent) > 0 {
+ s.log.Printf("use %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
}
for _, addr := range strings.Split(*s.cfg.Local, ",") {
@@ -272,9 +305,9 @@ func (s *HTTP) callback(inConn net.Conn) {
address := req.Host
host, _, _ := net.SplitHostPort(address)
useProxy := false
- if !utils.IsIternalIP(host, *s.cfg.Always) {
+ if !utils.IsInternalIP(host, *s.cfg.Always) {
useProxy = true
- if *s.cfg.Parent == "" {
+ if len(*s.cfg.Parent) == 0 {
useProxy = false
} else if *s.cfg.Always {
useProxy = true
@@ -290,17 +323,17 @@ func (s *HTTP) callback(inConn net.Conn) {
s.log.Printf("use proxy : %v, %s", useProxy, address)
- err = s.OutToTCP(useProxy, address, &inConn, &req)
+ lbAddr, err := s.OutToTCP(useProxy, address, &inConn, &req)
if err != nil {
- if *s.cfg.Parent == "" {
+ if len(*s.cfg.Parent) == 0 {
s.log.Printf("connect to %s fail, ERR:%s", address, err)
} else {
- s.log.Printf("connect to %s parent %s fail", *s.cfg.ParentType, *s.cfg.Parent)
+ s.log.Printf("connect to %s parent %v fail", *s.cfg.ParentType, lbAddr)
}
utils.CloseConn(&inConn)
}
}
-func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *utils.HTTPRequest) (err interface{}) {
+func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *utils.HTTPRequest) (lbAddr string, err interface{}) {
inAddr := (*inConn).RemoteAddr().String()
inLocalAddr := (*inConn).LocalAddr().String()
//防止死循环
@@ -317,25 +350,26 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
return
}
if useProxy {
- if *s.cfg.ParentType == "ssh" {
- outConn, err = s.getSSHConn(address)
- } else {
- // s.log.Printf("%v", s.outPool)
- outConn, err = s.outPool.Get()
+ // s.log.Printf("%v", s.outPool)
+ selectAddr := (*inConn).RemoteAddr().String()
+ if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+ selectAddr = address
}
+ lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+ outConn, err = s.GetParentConn(lbAddr)
} else {
- outConn, err = utils.ConnectHost(s.Resolve(address), *s.cfg.Timeout)
+ outConn, err = s.GetDirectConn(s.Resolve(address), inLocalAddr)
}
tryCount++
if err == nil || tryCount > maxTryCount {
break
} else {
- s.log.Printf("connect to %s , err:%s,retrying...", *s.cfg.Parent, err)
+ s.log.Printf("connect to %s , err:%s,retrying...", lbAddr, err)
time.Sleep(time.Second * 2)
}
}
if err != nil {
- s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
+ s.log.Printf("connect to %s , err:%s", lbAddr, err)
utils.CloseConn(inConn)
return
}
@@ -347,6 +381,7 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
Password: *s.cfg.ParentKey,
})
}
+
outAddr := outConn.RemoteAddr().String()
//outLocalAddr := outConn.LocalAddr().String()
if req.IsHTTPS() && (!useProxy || *s.cfg.ParentType == "ssh") {
@@ -355,29 +390,39 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
} else {
//https或者http,上级是代理,proxy需要转发
outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- //直连目标或上级非代理或非SNI,清理HTTP头部的代理头信息.
- if (!useProxy || *s.cfg.ParentType == "ssh") && !req.IsSNI {
+ //直连目标或上级非代理或非SNI,,清理HTTP头部的代理头信息
+ if !useProxy || *s.cfg.ParentType == "ssh" && !req.IsSNI {
_, err = outConn.Write(utils.RemoveProxyHeaders(req.HeadBuf))
} else {
_, err = outConn.Write(req.HeadBuf)
}
outConn.SetDeadline(time.Time{})
if err != nil {
- s.log.Printf("write to %s , err:%s", *s.cfg.Parent, err)
+ s.log.Printf("write to %s , err:%s", lbAddr, err)
utils.CloseConn(inConn)
return
}
}
+ if s.cfg.RateLimitBytes > 0 {
+ outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+ }
+
utils.IoBind((*inConn), outConn, func(err interface{}) {
s.log.Printf("conn %s - %s released [%s]", inAddr, outAddr, req.Host)
s.userConns.Remove(inAddr)
+ if len(*s.cfg.Parent) > 0 {
+ s.lb.DecreaseConns(lbAddr)
+ }
}, s.log)
s.log.Printf("conn %s - %s connected [%s]", inAddr, outAddr, req.Host)
if c, ok := s.userConns.Get(inAddr); ok {
(*c.(*net.Conn)).Close()
}
s.userConns.Set(inAddr, inConn)
+ if len(*s.cfg.Parent) > 0 {
+ s.lb.IncreasConns(lbAddr)
+ }
return
}
@@ -434,24 +479,11 @@ func (s *HTTP) ConnectSSH() (err error) {
if s.sshClient != nil {
s.sshClient.Close()
}
- s.sshClient, err = ssh.Dial("tcp", s.Resolve(*s.cfg.Parent), &config)
+ s.sshClient, err = ssh.Dial("tcp", s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), &config)
<-s.lockChn
return
}
-func (s *HTTP) InitOutConnPool() {
- if *s.cfg.ParentType == "tls" || *s.cfg.ParentType == "tcp" || *s.cfg.ParentType == "kcp" {
- //dur int, isTLS bool, certBytes, keyBytes []byte,
- //parent string, timeout int, InitialCap int, MaxCap int
- s.outPool = utils.NewOutConn(
- *s.cfg.CheckParentInterval,
- *s.cfg.ParentType,
- s.cfg.KCP,
- s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes,
- s.Resolve(*s.cfg.Parent),
- *s.cfg.Timeout,
- )
- }
-}
+
func (s *HTTP) InitBasicAuth() (err error) {
if *s.cfg.DNSAddress != "" {
s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
@@ -477,6 +509,27 @@ func (s *HTTP) InitBasicAuth() (err error) {
}
return
}
+func (s *HTTP) InitLB() {
+ configs := lb.BackendsConfig{}
+ for _, addr := range *s.cfg.Parent {
+ _addrInfo := strings.Split(addr, "@")
+ _addr := _addrInfo[0]
+ weight := 1
+ if len(_addrInfo) == 2 {
+ weight, _ = strconv.Atoi(_addrInfo[1])
+ }
+ configs = append(configs, &lb.BackendConfig{
+ Address: _addr,
+ Weight: weight,
+ ActiveAfter: 1,
+ InactiveAfter: 2,
+ Timeout: time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+ RetryTime: time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+ })
+ }
+ LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+ s.lb = &LB
+}
func (s *HTTP) IsBasicAuth() bool {
return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
}
@@ -494,7 +547,7 @@ func (s *HTTP) IsDeadLoop(inLocalAddr string, host string) bool {
if *s.cfg.DNSAddress != "" {
outIPs = []net.IP{net.ParseIP(s.Resolve(outDomain))}
} else {
- outIPs, err = utils.MyLookupIP(outDomain)
+ outIPs, err = utils.LookupIP(outDomain)
}
if err == nil {
for _, ip := range outIPs {
@@ -530,3 +583,39 @@ func (s *HTTP) Resolve(address string) string {
}
return ip
}
+func (s *HTTP) GetParentConn(address string) (conn net.Conn, err error) {
+ if *s.cfg.ParentType == "tls" {
+ var _conn tls.Conn
+ _conn, err = utils.TlsConnectHost(address, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+ if err == nil {
+ conn = net.Conn(&_conn)
+ }
+ } else if *s.cfg.ParentType == "kcp" {
+ conn, err = utils.ConnectKCPHost(address, s.cfg.KCP)
+ } else if *s.cfg.ParentType == "ssh" {
+ var e interface{}
+ conn, e = s.getSSHConn(address)
+ if e != nil {
+ err = fmt.Errorf("%s", e)
+ }
+ } else {
+ conn, err = utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ return
+}
+func (s *HTTP) GetDirectConn(address string, localAddr string) (conn net.Conn, err error) {
+ if !*s.cfg.BindListen {
+ return utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ ip, _, _ := net.SplitHostPort(localAddr)
+ if utils.IsInternalIP(ip, false) {
+ return utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ local, _ := net.ResolveTCPAddr("tcp", ip+":0")
+ d := net.Dialer{
+ Timeout: time.Millisecond * time.Duration(*s.cfg.Timeout),
+ LocalAddr: local,
+ }
+ conn, err = d.Dial("tcp", address)
+ return
+}
diff --git a/services/keygen/keygen.go b/services/keygen/keygen.go
index d3fbd2f..7fed826 100644
--- a/services/keygen/keygen.go
+++ b/services/keygen/keygen.go
@@ -6,9 +6,9 @@ import (
"os"
"strings"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/cert"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/cert"
)
type KeygenArgs struct {
diff --git a/services/mux/mux_bridge.go b/services/mux/mux_bridge.go
index 5268151..df8f702 100644
--- a/services/mux/mux_bridge.go
+++ b/services/mux/mux_bridge.go
@@ -12,18 +12,15 @@ import (
"sync"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/mapx"
+
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
)
-const (
- CONN_SERVER = uint8(4)
- CONN_CLIENT = uint8(5)
-)
-
type MuxBridgeArgs struct {
CertFile *string
KeyFile *string
@@ -37,8 +34,8 @@ type MuxBridgeArgs struct {
}
type MuxBridge struct {
cfg MuxBridgeArgs
- clientControlConns utils.ConcurrentMap
- serverConns utils.ConcurrentMap
+ clientControlConns mapx.ConcurrentMap
+ serverConns mapx.ConcurrentMap
router utils.ClientKeyRouter
l *sync.Mutex
isStop bool
@@ -49,8 +46,8 @@ type MuxBridge struct {
func NewMuxBridge() services.Service {
b := &MuxBridge{
cfg: MuxBridgeArgs{},
- clientControlConns: utils.NewConcurrentMap(),
- serverConns: utils.NewConcurrentMap(),
+ clientControlConns: mapx.NewConcurrentMap(),
+ serverConns: mapx.NewConcurrentMap(),
l: &sync.Mutex{},
isStop: false,
}
@@ -80,7 +77,7 @@ func (s *MuxBridge) StopService() {
if e != nil {
s.log.Printf("stop bridge service crashed,%s", e)
} else {
- s.log.Printf("service bridge stopped")
+ s.log.Printf("service bridge stoped")
}
}()
s.isStop = true
@@ -88,7 +85,7 @@ func (s *MuxBridge) StopService() {
(*(*s.sc).Listener).Close()
}
for _, g := range s.clientControlConns.Items() {
- for _, session := range g.(*utils.ConcurrentMap).Items() {
+ for _, session := range g.(*mapx.ConcurrentMap).Items() {
(session.(*smux.Session)).Close()
}
}
@@ -201,11 +198,11 @@ func (s *MuxBridge) handler(inConn net.Conn) {
s.l.Lock()
defer s.l.Unlock()
if !s.clientControlConns.Has(groupKey) {
- item := utils.NewConcurrentMap()
+ item := mapx.NewConcurrentMap()
s.clientControlConns.Set(groupKey, &item)
}
_group, _ := s.clientControlConns.Get(groupKey)
- group := _group.(*utils.ConcurrentMap)
+ group := _group.(*mapx.ConcurrentMap)
if v, ok := group.Get(index); ok {
v.(*smux.Session).Close()
}
@@ -254,7 +251,7 @@ func (s *MuxBridge) callback(inConn net.Conn, serverID, key string) {
time.Sleep(time.Second * 3)
continue
}
- group := _group.(*utils.ConcurrentMap)
+ group := _group.(*mapx.ConcurrentMap)
keys := group.Keys()
keysLen := len(keys)
i := 0
diff --git a/services/mux/mux_client.go b/services/mux/mux_client.go
index e340821..a21ff93 100644
--- a/services/mux/mux_client.go
+++ b/services/mux/mux_client.go
@@ -9,11 +9,13 @@ import (
"strings"
"time"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/jumper"
+ "bitbucket.org/snail/proxy/utils/mapx"
+
"github.com/golang/snappy"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/jumper"
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
)
@@ -43,18 +45,18 @@ type ClientUDPConnItem struct {
type MuxClient struct {
cfg MuxClientArgs
isStop bool
- sessions utils.ConcurrentMap
+ sessions mapx.ConcurrentMap
log *logger.Logger
jumper *jumper.Jumper
- udpConns utils.ConcurrentMap
+ udpConns mapx.ConcurrentMap
}
func NewMuxClient() services.Service {
return &MuxClient{
cfg: MuxClientArgs{},
isStop: false,
- sessions: utils.NewConcurrentMap(),
- udpConns: utils.NewConcurrentMap(),
+ sessions: mapx.NewConcurrentMap(),
+ udpConns: mapx.NewConcurrentMap(),
}
}
@@ -101,7 +103,7 @@ func (s *MuxClient) StopService() {
if e != nil {
s.log.Printf("stop client service crashed,%s", e)
} else {
- s.log.Printf("service client stopped")
+ s.log.Printf("service client stoped")
}
}()
s.isStop = true
@@ -341,7 +343,7 @@ func (s *MuxClient) UDPRevecive(key, ID string) {
}()
}
func (s *MuxClient) UDPGCDeamon() {
- gctime := int64(30)
+ gctime := int64(60)
go func() {
if s.isStop {
return
diff --git a/services/mux/mux_server.go b/services/mux/mux_server.go
index 2a9f70a..5319fb8 100644
--- a/services/mux/mux_server.go
+++ b/services/mux/mux_server.go
@@ -12,16 +12,23 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/jumper"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/jumper"
+ "bitbucket.org/snail/proxy/utils/mapx"
"github.com/golang/snappy"
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
)
+const (
+ CONN_CLIENT_CONTROL = uint8(1)
+ CONN_SERVER = uint8(4)
+ CONN_CLIENT = uint8(5)
+)
+
type MuxServerArgs struct {
Parent *string
ParentType *string
@@ -41,19 +48,17 @@ type MuxServerArgs struct {
KCP kcpcfg.KCPConfigArgs
Jumper *string
}
+type MuxServer struct {
+ cfg MuxServerArgs
+ sc utils.ServerChannel
+ sessions mapx.ConcurrentMap
+ lockChn chan bool
+ isStop bool
+ log *logger.Logger
+ jumper *jumper.Jumper
+ udpConns mapx.ConcurrentMap
+}
-type MuxUDPPacketItem struct {
- packet *[]byte
- localAddr *net.UDPAddr
- srcAddr *net.UDPAddr
-}
-type UDPConnItem struct {
- conn *net.Conn
- touchtime int64
- srcAddr *net.UDPAddr
- localAddr *net.UDPAddr
- connid string
-}
type MuxServerManager struct {
cfg MuxServerArgs
serverID string
@@ -162,36 +167,35 @@ func (s *MuxServerManager) InitService() (err error) {
return
}
-type MuxServer struct {
- cfg MuxServerArgs
- sc utils.ServerChannel
- sessions utils.ConcurrentMap
- lockChn chan bool
- isStop bool
- log *logger.Logger
- jumper *jumper.Jumper
- udpConns utils.ConcurrentMap
- // writelock *sync.Mutex
-}
-
func NewMuxServer() services.Service {
return &MuxServer{
cfg: MuxServerArgs{},
lockChn: make(chan bool, 1),
- sessions: utils.NewConcurrentMap(),
+ sessions: mapx.NewConcurrentMap(),
isStop: false,
- udpConns: utils.NewConcurrentMap(),
- // writelock: &sync.Mutex{},
}
}
+type MuxUDPPacketItem struct {
+ packet *[]byte
+ localAddr *net.UDPAddr
+ srcAddr *net.UDPAddr
+}
+type UDPConnItem struct {
+ conn *net.Conn
+ touchtime int64
+ srcAddr *net.UDPAddr
+ localAddr *net.UDPAddr
+ connid string
+}
+
func (s *MuxServer) StopService() {
defer func() {
e := recover()
if e != nil {
s.log.Printf("stop server service crashed,%s", e)
} else {
- s.log.Printf("service server stopped")
+ s.log.Printf("service server stoped")
}
}()
s.isStop = true
@@ -243,7 +247,7 @@ func (s *MuxServer) Start(args interface{}, log *logger.Logger) (err error) {
p, _ := strconv.Atoi(port)
s.sc = utils.NewServerChannel(host, p, s.log)
if *s.cfg.IsUDP {
- err = s.sc.ListenUDP(func(packet []byte, localAddr, srcAddr *net.UDPAddr) {
+ err = s.sc.ListenUDP(func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
s.UDPSend(packet, localAddr, srcAddr)
})
if err != nil {
@@ -425,7 +429,7 @@ func (s *MuxServer) getParentConn() (conn net.Conn, err error) {
return
}
func (s *MuxServer) UDPGCDeamon() {
- gctime := int64(30)
+ gctime := int64(60)
go func() {
if s.isStop {
return
diff --git a/services/socks/socks.go b/services/socks/socks.go
index b7856f2..434551e 100644
--- a/services/socks/socks.go
+++ b/services/socks/socks.go
@@ -8,53 +8,71 @@ import (
logger "log"
"net"
"runtime/debug"
+ "strconv"
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/conncrypt"
- "github.com/snail007/goproxy/utils/socks"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/conncrypt"
+ "bitbucket.org/snail/proxy/utils/datasize"
+ "bitbucket.org/snail/proxy/utils/dnsx"
+ "bitbucket.org/snail/proxy/utils/iolimiter"
+ "bitbucket.org/snail/proxy/utils/lb"
+ "bitbucket.org/snail/proxy/utils/mapx"
+ "bitbucket.org/snail/proxy/utils/socks"
+
"golang.org/x/crypto/ssh"
)
type SocksArgs struct {
- Parent *string
- ParentType *string
- Local *string
- LocalType *string
- CertFile *string
- KeyFile *string
- CaCertFile *string
- CaCertBytes []byte
- CertBytes []byte
- KeyBytes []byte
- SSHKeyFile *string
- SSHKeyFileSalt *string
- SSHPassword *string
- SSHUser *string
- SSHKeyBytes []byte
- SSHAuthMethod ssh.AuthMethod
- Timeout *int
- Always *bool
- Interval *int
- Blocked *string
- Direct *string
- AuthFile *string
- Auth *[]string
- AuthURL *string
- AuthURLOkCode *int
- AuthURLTimeout *int
- AuthURLRetry *int
- KCP kcpcfg.KCPConfigArgs
- LocalIPS *[]string
- DNSAddress *string
- DNSTTL *int
- LocalKey *string
- ParentKey *string
- LocalCompress *bool
- ParentCompress *bool
+ Parent *[]string
+ ParentType *string
+ Local *string
+ LocalType *string
+ CertFile *string
+ KeyFile *string
+ CaCertFile *string
+ CaCertBytes []byte
+ CertBytes []byte
+ KeyBytes []byte
+ SSHKeyFile *string
+ SSHKeyFileSalt *string
+ SSHPassword *string
+ SSHUser *string
+ SSHKeyBytes []byte
+ SSHAuthMethod ssh.AuthMethod
+ Timeout *int
+ Always *bool
+ Interval *int
+ Blocked *string
+ Direct *string
+ ParentAuth *string
+ AuthFile *string
+ Auth *[]string
+ AuthURL *string
+ AuthURLOkCode *int
+ AuthURLTimeout *int
+ AuthURLRetry *int
+ KCP kcpcfg.KCPConfigArgs
+ LocalIPS *[]string
+ DNSAddress *string
+ DNSTTL *int
+ LocalKey *string
+ ParentKey *string
+ LocalCompress *bool
+ ParentCompress *bool
+ LoadBalanceMethod *string
+ LoadBalanceTimeout *int
+ LoadBalanceRetryTime *int
+ LoadBalanceHashTarget *bool
+ LoadBalanceOnlyHA *bool
+
+ RateLimit *string
+ RateLimitBytes float64
+ BindListen *bool
+ Debug *bool
}
type Socks struct {
cfg SocksArgs
@@ -64,11 +82,12 @@ type Socks struct {
lockChn chan bool
udpSC utils.ServerChannel
sc *utils.ServerChannel
- domainResolver utils.DomainResolver
+ domainResolver dnsx.DomainResolver
isStop bool
- userConns utils.ConcurrentMap
+ userConns mapx.ConcurrentMap
log *logger.Logger
- udpRelatedPacketConns utils.ConcurrentMap
+ lb *lb.Group
+ udpRelatedPacketConns mapx.ConcurrentMap
udpLocalKey []byte
udpParentKey []byte
}
@@ -80,14 +99,14 @@ func NewSocks() services.Service {
basicAuth: utils.BasicAuth{},
lockChn: make(chan bool, 1),
isStop: false,
- userConns: utils.NewConcurrentMap(),
- udpRelatedPacketConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
+ udpRelatedPacketConns: mapx.NewConcurrentMap(),
}
}
func (s *Socks) CheckArgs() (err error) {
- if *s.cfg.LocalType == "tls" || (*s.cfg.Parent != "" && *s.cfg.ParentType == "tls") {
+ if *s.cfg.LocalType == "tls" || (len(*s.cfg.Parent) > 0 && *s.cfg.ParentType == "tls") {
s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
if err != nil {
return
@@ -100,7 +119,12 @@ func (s *Socks) CheckArgs() (err error) {
}
}
}
- if *s.cfg.Parent != "" {
+
+ if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+ (*s.cfg.Parent) = []string{}
+ }
+
+ if len(*s.cfg.Parent) > 0 {
if *s.cfg.ParentType == "" {
err = fmt.Errorf("parent type unkown,use -T ")
return
@@ -136,21 +160,30 @@ func (s *Socks) CheckArgs() (err error) {
}
}
}
+ if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+ var size uint64
+ size, err = datasize.Parse(*s.cfg.RateLimit)
+ if err != nil {
+ err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+ return
+ }
+ s.cfg.RateLimitBytes = float64(size)
+ }
s.udpLocalKey = s.LocalUDPKey()
s.udpParentKey = s.ParentUDPKey()
- //s.log.Printf("udpLocalKey : %v , udpParentKey : %v", s.udpLocalKey, s.udpParentKey)
return
}
func (s *Socks) InitService() (err error) {
s.InitBasicAuth()
if *s.cfg.DNSAddress != "" {
- (*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+ (*s).domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
}
- if *s.cfg.Parent != "" {
+ if len(*s.cfg.Parent) > 0 {
s.checker = utils.NewChecker(*s.cfg.Timeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log)
+ s.InitLB()
}
if *s.cfg.ParentType == "ssh" {
- e := s.ConnectSSH()
+ e := s.ConnectSSH(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)))
if e != nil {
err = fmt.Errorf("init service fail, ERR: %s", e)
return
@@ -161,7 +194,7 @@ func (s *Socks) InitService() (err error) {
if s.isStop {
return
}
- conn, err := utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout*2)
+ conn, err := utils.ConnectHost(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), *s.cfg.Timeout*2)
if err == nil {
conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
_, err = conn.Write([]byte{0})
@@ -172,7 +205,7 @@ func (s *Socks) InitService() (err error) {
s.sshClient.Close()
}
s.log.Printf("ssh offline, retrying...")
- s.ConnectSSH()
+ s.ConnectSSH(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)))
} else {
conn.Close()
}
@@ -191,11 +224,11 @@ func (s *Socks) StopService() {
if e != nil {
s.log.Printf("stop socks service crashed,%s", e)
} else {
- s.log.Printf("service socks stopped")
+ s.log.Printf("service socks stoped")
}
}()
s.isStop = true
- if *s.cfg.Parent != "" {
+ if len(*s.cfg.Parent) > 0 {
s.checker.Stop()
}
if s.sshClient != nil {
@@ -210,6 +243,9 @@ func (s *Socks) StopService() {
for _, c := range s.userConns.Items() {
(*c.(*net.Conn)).Close()
}
+ if s.lb != nil {
+ s.lb.Stop()
+ }
for _, c := range s.udpRelatedPacketConns.Items() {
(*c.(*net.UDPConn)).Close()
}
@@ -224,14 +260,14 @@ func (s *Socks) Start(args interface{}, log *logger.Logger) (err error) {
if err = s.InitService(); err != nil {
s.InitService()
}
- if *s.cfg.Parent != "" {
- s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
+ if len(*s.cfg.Parent) > 0 {
+ s.log.Printf("use %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
}
sc := utils.NewServerChannelHost(*s.cfg.Local, s.log)
if *s.cfg.LocalType == "tcp" {
err = sc.ListenTCP(s.socksConnCallback)
} else if *s.cfg.LocalType == "tls" {
- err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.socksConnCallback)
+ err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.socksConnCallback)
} else if *s.cfg.LocalType == "kcp" {
err = sc.ListenKCP(s.cfg.KCP, s.socksConnCallback, s.log)
}
@@ -261,116 +297,40 @@ func (s *Socks) socksConnCallback(inConn net.Conn) {
Password: *s.cfg.LocalKey,
})
}
- //协商开始
- //method select request
- inConn.SetReadDeadline(time.Now().Add(time.Second * 3))
- methodReq, err := socks.NewMethodsRequest(inConn)
- inConn.SetReadDeadline(time.Time{})
- if err != nil {
- methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
- utils.CloseConn(&inConn)
- if err != io.EOF {
- s.log.Printf("new methods request fail,ERR: %s", err)
- }
- return
- }
-
- if !s.IsBasicAuth() {
- if !methodReq.Select(socks.Method_NO_AUTH) {
- methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
- utils.CloseConn(&inConn)
- s.log.Printf("none method found : Method_NO_AUTH")
- return
- }
- //method select reply
- err = methodReq.Reply(socks.Method_NO_AUTH)
- if err != nil {
- s.log.Printf("reply answer data fail,ERR: %s", err)
- utils.CloseConn(&inConn)
- return
- }
- // s.log.Printf("% x", methodReq.Bytes())
+ //socks5 server
+ var serverConn *socks.ServerConn
+ udpIP, _, _ := net.SplitHostPort(inConn.LocalAddr().String())
+ if s.IsBasicAuth() {
+ serverConn = socks.NewServerConn(&inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), &s.basicAuth, true, udpIP, nil)
} else {
- //auth
- if !methodReq.Select(socks.Method_USER_PASS) {
- methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
- utils.CloseConn(&inConn)
- s.log.Printf("none method found : Method_USER_PASS")
- return
- }
- //method reply need auth
- err = methodReq.Reply(socks.Method_USER_PASS)
- if err != nil {
- s.log.Printf("reply answer data fail,ERR: %s", err)
- utils.CloseConn(&inConn)
- return
- }
- //read auth
- buf := make([]byte, 500)
- inConn.SetReadDeadline(time.Now().Add(time.Second * 3))
- n, err := inConn.Read(buf)
- inConn.SetReadDeadline(time.Time{})
- if err != nil {
- utils.CloseConn(&inConn)
- return
- }
- r := buf[:n]
- user := string(r[2 : r[1]+2])
- pass := string(r[2+r[1]+1:])
- //s.log.Printf("user:%s,pass:%s", user, pass)
- //auth
- _addr := strings.Split(inConn.RemoteAddr().String(), ":")
- if s.basicAuth.CheckUserPass(user, pass, _addr[0], "") {
- inConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- inConn.Write([]byte{0x01, 0x00})
- inConn.SetDeadline(time.Time{})
-
- } else {
- inConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- inConn.Write([]byte{0x01, 0x01})
- inConn.SetDeadline(time.Time{})
-
- utils.CloseConn(&inConn)
- return
- }
+ serverConn = socks.NewServerConn(&inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, true, udpIP, nil)
}
-
- //request detail
- request, err := socks.NewRequest(inConn)
- if err != nil {
- s.log.Printf("read request data fail,ERR: %s", err)
- utils.CloseConn(&inConn)
+ if err := serverConn.Handshake(); err != nil {
+ if !strings.HasSuffix(err.Error(), "EOF") {
+ s.log.Printf("handshake fail, ERR: %s", err)
+ }
+ inConn.Close()
return
}
- //协商结束
-
- switch request.CMD() {
- case socks.CMD_BIND:
- //bind 不支持
- request.TCPReply(socks.REP_UNKNOWN)
- utils.CloseConn(&inConn)
- return
- case socks.CMD_CONNECT:
- //tcp
- s.proxyTCP(&inConn, methodReq, request)
- case socks.CMD_ASSOCIATE:
- //udp
- s.proxyUDP(&inConn, methodReq, request)
+ if serverConn.IsUDP() {
+ s.proxyUDP(&inConn, serverConn)
+ } else if serverConn.IsTCP() {
+ s.proxyTCP(&inConn, serverConn)
}
-
}
-func (s *Socks) proxyTCP(inConn *net.Conn, methodReq socks.MethodsRequest, request socks.Request) {
+func (s *Socks) proxyTCP(inConn *net.Conn, serverConn *socks.ServerConn) {
var outConn net.Conn
var err interface{}
+ lbAddr := ""
useProxy := true
tryCount := 0
maxTryCount := 5
//防止死循环
- if s.IsDeadLoop((*inConn).LocalAddr().String(), request.Host()) {
+ if s.IsDeadLoop((*inConn).LocalAddr().String(), serverConn.Host()) {
utils.CloseConn(inConn)
- s.log.Printf("dead loop detected , %s", request.Host())
+ s.log.Printf("dead loop detected , %s", serverConn.Host())
utils.CloseConn(inConn)
return
}
@@ -378,33 +338,70 @@ func (s *Socks) proxyTCP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
if s.isStop {
return
}
+
if *s.cfg.Always {
- outConn, err = s.getOutConn(methodReq.Bytes(), request.Bytes(), request.Addr(), true)
+ selectAddr := (*inConn).RemoteAddr().String()
+ if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+ selectAddr = serverConn.Target()
+ }
+ lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+ //lbAddr = s.lb.Select((*inConn).RemoteAddr().String())
+ outConn, err = s.GetParentConn(lbAddr, serverConn)
+ if err != nil {
+ s.log.Printf("connect to parent fail, %s", err)
+ return
+ }
+ //handshake
+ //socks client
+ _, err = s.HandshakeSocksParent(&outConn, "tcp", serverConn.Target(), serverConn.AuthData(), false)
+ if err != nil {
+ if err != io.EOF {
+ s.log.Printf("handshake fail, %s", err)
+ }
+ return
+ }
} else {
- if *s.cfg.Parent != "" {
- host, _, _ := net.SplitHostPort(request.Addr())
+ if len(*s.cfg.Parent) > 0 {
+ host, _, _ := net.SplitHostPort(serverConn.Target())
useProxy := false
- if utils.IsIternalIP(host, *s.cfg.Always) {
+ if utils.IsInternalIP(host, *s.cfg.Always) {
useProxy = false
} else {
var isInMap bool
- useProxy, isInMap, _, _ = s.checker.IsBlocked(request.Addr())
+ useProxy, isInMap, _, _ = s.checker.IsBlocked(serverConn.Target())
if !isInMap {
- s.checker.Add(request.Addr(), s.Resolve(request.Addr()))
+ s.checker.Add(serverConn.Target(), s.Resolve(serverConn.Target()))
}
}
if useProxy {
- outConn, err = s.getOutConn(methodReq.Bytes(), request.Bytes(), request.Addr(), true)
+ selectAddr := (*inConn).RemoteAddr().String()
+ if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+ selectAddr = serverConn.Target()
+ }
+ lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+ //lbAddr = s.lb.Select((*inConn).RemoteAddr().String())
+ outConn, err = s.GetParentConn(lbAddr, serverConn)
+ if err != nil {
+ s.log.Printf("connect to parent fail, %s", err)
+ return
+ }
+ //handshake
+ //socks client
+ _, err = s.HandshakeSocksParent(&outConn, "tcp", serverConn.Target(), serverConn.AuthData(), false)
+ if err != nil {
+ s.log.Printf("handshake fail, %s", err)
+ return
+ }
} else {
- outConn, err = utils.ConnectHost(s.Resolve(request.Addr()), *s.cfg.Timeout)
+ outConn, err = s.GetDirectConn(s.Resolve(serverConn.Target()), (*inConn).LocalAddr().String())
}
} else {
- outConn, err = utils.ConnectHost(s.Resolve(request.Addr()), *s.cfg.Timeout)
+ outConn, err = s.GetDirectConn(s.Resolve(serverConn.Target()), (*inConn).LocalAddr().String())
useProxy = false
}
}
tryCount++
- if err == nil || tryCount > maxTryCount || *s.cfg.Parent == "" {
+ if err == nil || tryCount > maxTryCount || len(*s.cfg.Parent) == 0 {
break
} else {
s.log.Printf("get out conn fail,%s,retrying...", err)
@@ -413,28 +410,37 @@ func (s *Socks) proxyTCP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
}
if err != nil {
s.log.Printf("get out conn fail,%s", err)
- request.TCPReply(socks.REP_NETWOR_UNREACHABLE)
return
}
- s.log.Printf("use proxy %v : %s", useProxy, request.Addr())
+ s.log.Printf("use proxy %v : %s", useProxy, serverConn.Target())
- request.TCPReply(socks.REP_SUCCESS)
inAddr := (*inConn).RemoteAddr().String()
+ //outRemoteAddr := outConn.RemoteAddr().String()
//inLocalAddr := (*inConn).LocalAddr().String()
- s.log.Printf("conn %s - %s connected", inAddr, request.Addr())
+ if s.cfg.RateLimitBytes > 0 {
+ outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+ }
+
utils.IoBind(*inConn, outConn, func(err interface{}) {
- s.log.Printf("conn %s - %s released", inAddr, request.Addr())
+ s.log.Printf("conn %s - %s released", inAddr, serverConn.Target())
s.userConns.Remove(inAddr)
+ if len(*s.cfg.Parent) > 0 {
+ s.lb.DecreaseConns(lbAddr)
+ }
}, s.log)
if c, ok := s.userConns.Get(inAddr); ok {
(*c.(*net.Conn)).Close()
s.userConns.Remove(inAddr)
}
s.userConns.Set(inAddr, inConn)
+ if len(*s.cfg.Parent) > 0 {
+ s.lb.IncreasConns(lbAddr)
+ }
+ s.log.Printf("conn %s - %s connected", inAddr, serverConn.Target())
}
-func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string, handshake bool) (outConn net.Conn, err interface{}) {
+func (s *Socks) GetParentConn(parentAddress string, serverConn *socks.ServerConn) (outConn net.Conn, err interface{}) {
switch *s.cfg.ParentType {
case "kcp":
fallthrough
@@ -442,13 +448,15 @@ func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string, handshake
fallthrough
case "tcp":
if *s.cfg.ParentType == "tls" {
- var _outConn tls.Conn
- _outConn, err = utils.TlsConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
- outConn = net.Conn(&_outConn)
+ var _conn tls.Conn
+ _conn, err = utils.TlsConnectHost(parentAddress, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+ if err == nil {
+ outConn = net.Conn(&_conn)
+ }
} else if *s.cfg.ParentType == "kcp" {
- outConn, err = utils.ConnectKCPHost(s.Resolve(*s.cfg.Parent), s.cfg.KCP)
+ outConn, err = utils.ConnectKCPHost(parentAddress, s.cfg.KCP)
} else {
- outConn, err = utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout)
+ outConn, err = utils.ConnectHost(parentAddress, *s.cfg.Timeout)
}
if err != nil {
err = fmt.Errorf("connect fail,%s", err)
@@ -462,44 +470,6 @@ func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string, handshake
Password: *s.cfg.ParentKey,
})
}
- if !handshake {
- return
- }
- var buf = make([]byte, 1024)
- //var n int
- outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- _, err = outConn.Write(methodBytes)
- outConn.SetDeadline(time.Time{})
- if err != nil {
- err = fmt.Errorf("write method fail,%s", err)
- return
- }
- outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- _, err = outConn.Read(buf)
- outConn.SetDeadline(time.Time{})
- if err != nil {
- err = fmt.Errorf("read method reply fail,%s", err)
- return
- }
- //resp := buf[:n]
- //s.log.Printf("resp:%v", resp)
- outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- _, err = outConn.Write(reqBytes)
- outConn.SetDeadline(time.Time{})
- if err != nil {
- err = fmt.Errorf("write req detail fail,%s", err)
- return
- }
- outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
- _, err = outConn.Read(buf)
- outConn.SetDeadline(time.Time{})
- if err != nil {
- err = fmt.Errorf("read req reply fail,%s", err)
- return
- }
- //result := buf[:n]
- //s.log.Printf("result:%v", result)
-
case "ssh":
maxTryCount := 1
tryCount := 0
@@ -515,17 +485,17 @@ func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string, handshake
}
wait <- true
}()
- outConn, err = s.sshClient.Dial("tcp", host)
+ outConn, err = s.sshClient.Dial("tcp", serverConn.Target())
}()
select {
case <-wait:
case <-time.After(time.Millisecond * time.Duration(*s.cfg.Timeout) * 2):
- err = fmt.Errorf("ssh dial %s timeout", host)
+ err = fmt.Errorf("ssh dial %s timeout", serverConn.Target())
s.sshClient.Close()
}
if err != nil {
s.log.Printf("connect ssh fail, ERR: %s, retrying...", err)
- e := s.ConnectSSH()
+ e := s.ConnectSSH(parentAddress)
if e == nil {
tryCount++
time.Sleep(time.Second * 3)
@@ -538,7 +508,7 @@ func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string, handshake
return
}
-func (s *Socks) ConnectSSH() (err error) {
+func (s *Socks) ConnectSSH(lbAddr string) (err error) {
select {
case s.lockChn <- true:
default:
@@ -556,7 +526,7 @@ func (s *Socks) ConnectSSH() (err error) {
if s.sshClient != nil {
s.sshClient.Close()
}
- s.sshClient, err = ssh.Dial("tcp", s.Resolve(*s.cfg.Parent), &config)
+ s.sshClient, err = ssh.Dial("tcp", s.Resolve(lbAddr), &config)
<-s.lockChn
return
}
@@ -585,6 +555,27 @@ func (s *Socks) InitBasicAuth() (err error) {
}
return
}
+func (s *Socks) InitLB() {
+ configs := lb.BackendsConfig{}
+ for _, addr := range *s.cfg.Parent {
+ _addrInfo := strings.Split(addr, "@")
+ _addr := _addrInfo[0]
+ weight := 1
+ if len(_addrInfo) == 2 {
+ weight, _ = strconv.Atoi(_addrInfo[1])
+ }
+ configs = append(configs, &lb.BackendConfig{
+ Address: _addr,
+ Weight: weight,
+ ActiveAfter: 1,
+ InactiveAfter: 2,
+ Timeout: time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+ RetryTime: time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+ })
+ }
+ LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+ s.lb = &LB
+}
func (s *Socks) IsBasicAuth() bool {
return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
}
@@ -602,7 +593,7 @@ func (s *Socks) IsDeadLoop(inLocalAddr string, host string) bool {
if *s.cfg.DNSAddress != "" {
outIPs = []net.IP{net.ParseIP(s.Resolve(outDomain))}
} else {
- outIPs, err = utils.MyLookupIP(outDomain)
+ outIPs, err = utils.LookupIP(outDomain)
}
if err == nil {
for _, ip := range outIPs {
@@ -638,3 +629,37 @@ func (s *Socks) Resolve(address string) string {
}
return ip
}
+func (s *Socks) GetDirectConn(address string, localAddr string) (conn net.Conn, err error) {
+ if !*s.cfg.BindListen {
+ return utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ ip, _, _ := net.SplitHostPort(localAddr)
+ if utils.IsInternalIP(ip, false) {
+ return utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ local, _ := net.ResolveTCPAddr("tcp", ip+":0")
+ d := net.Dialer{
+ Timeout: time.Millisecond * time.Duration(*s.cfg.Timeout),
+ LocalAddr: local,
+ }
+ conn, err = d.Dial("tcp", address)
+ return
+}
+func (s *Socks) HandshakeSocksParent(outconn *net.Conn, network, dstAddr string, auth socks.Auth, fromSS bool) (client *socks.ClientConn, err error) {
+ if *s.cfg.ParentAuth != "" {
+ a := strings.Split(*s.cfg.ParentAuth, ":")
+ if len(a) != 2 {
+ err = fmt.Errorf("parent auth data format error")
+ return
+ }
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
+ } else {
+ if !fromSS && !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
+ } else {
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
+ }
+ }
+ err = client.Handshake()
+ return
+}
diff --git a/services/socks/udp.go b/services/socks/udp.go
index ad71a01..69090e5 100644
--- a/services/socks/udp.go
+++ b/services/socks/udp.go
@@ -9,9 +9,9 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/utils"
- goaes "github.com/snail007/goproxy/utils/aes"
- "github.com/snail007/goproxy/utils/socks"
+ "bitbucket.org/snail/proxy/utils"
+ goaes "bitbucket.org/snail/proxy/utils/aes"
+ "bitbucket.org/snail/proxy/utils/socks"
)
func (s *Socks) ParentUDPKey() (key []byte) {
@@ -44,7 +44,7 @@ func (s *Socks) LocalUDPKey() (key []byte) {
}
return
}
-func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, request socks.Request) {
+func (s *Socks) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
defer func() {
if e := recover(); e != nil {
s.log.Printf("udp local->out io copy crashed:\n%s\n%s", e, string(debug.Stack()))
@@ -54,23 +54,12 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
utils.CloseConn(inConn)
return
}
- srcIP, _, _ := net.SplitHostPort((*inConn).RemoteAddr().String())
inconnRemoteAddr := (*inConn).RemoteAddr().String()
localAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
- udpListener, err := net.ListenUDP("udp", localAddr)
- if err != nil {
- (*inConn).Close()
- udpListener.Close()
- s.log.Printf("udp bind fail , %s", err)
- return
- }
- host, _, _ := net.SplitHostPort((*inConn).LocalAddr().String())
- _, port, _ := net.SplitHostPort(udpListener.LocalAddr().String())
- if len(*s.cfg.LocalIPS) > 0 {
- host = (*s.cfg.LocalIPS)[0]
- }
- s.log.Printf("proxy udp on %s , for %s", net.JoinHostPort(host, port), inconnRemoteAddr)
- request.UDPReply(socks.REP_SUCCESS, net.JoinHostPort(host, port))
+ udpListener := serverConn.UDPConnListener
+ srcIP, _, _ := net.SplitHostPort((*inConn).RemoteAddr().String())
+ s.log.Printf("proxy udp on %s , for %s", udpListener.LocalAddr(), inconnRemoteAddr)
+
s.userConns.Set(inconnRemoteAddr, inConn)
var (
outUDPConn *net.UDPConn
@@ -134,15 +123,15 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
}
}()
useProxy := true
- if *s.cfg.Parent != "" {
- dstHost, _, _ := net.SplitHostPort(request.Addr())
- if utils.IsIternalIP(dstHost, *s.cfg.Always) {
+ if len(*s.cfg.Parent) > 0 {
+ dstHost, _, _ := net.SplitHostPort(serverConn.Target())
+ if utils.IsInternalIP(dstHost, *s.cfg.Always) {
useProxy = false
} else {
var isInMap bool
- useProxy, isInMap, _, _ = s.checker.IsBlocked(request.Addr())
+ useProxy, isInMap, _, _ = s.checker.IsBlocked(serverConn.Target())
if !isInMap {
- s.checker.Add(request.Addr(), s.Resolve(request.Addr()))
+ s.checker.Add(serverConn.Target(), s.Resolve(serverConn.Target()))
}
}
} else {
@@ -150,13 +139,17 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
}
if useProxy {
//parent proxy
- outconn, err := s.getOutConn(nil, nil, "", false)
+ lbAddr := s.lb.Select((*inConn).RemoteAddr().String(), *s.cfg.LoadBalanceOnlyHA)
+ outconn, err := s.GetParentConn(lbAddr, serverConn)
+ //outconn, err := s.GetParentConn(nil, nil, "", false)
if err != nil {
clean("connnect fail", fmt.Sprintf("%s", err))
return
}
- client := socks.NewClientConn(&outconn, "udp", request.Addr(), time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
- if err = client.Handshake(); err != nil {
+
+ client, err := s.HandshakeSocksParent(&outconn, "udp", serverConn.Target(), serverConn.AuthData(), false)
+
+ if err != nil {
clean("handshake fail", fmt.Sprintf("%s", err))
return
}
@@ -179,7 +172,7 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
//s.log.Printf("parent udp address %s", client.UDPAddr)
destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
}
- s.log.Printf("use proxy %v : udp %s", useProxy, request.Addr())
+ s.log.Printf("use proxy %v : udp %s", useProxy, serverConn.Target())
//relay
for {
buf := utils.LeakyBuffer.Get()
@@ -245,6 +238,7 @@ func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, reque
}
continue
}
+
//var dlen = n
if useProxy {
//forward to local
diff --git a/services/sps/socksudp.go b/services/sps/socksudp.go
index e59c7d9..8b6e87a 100644
--- a/services/sps/socksudp.go
+++ b/services/sps/socksudp.go
@@ -1,50 +1,17 @@
package sps
import (
- "crypto/md5"
"fmt"
"net"
"runtime/debug"
- "strconv"
"strings"
"time"
- "github.com/snail007/goproxy/utils"
- goaes "github.com/snail007/goproxy/utils/aes"
- "github.com/snail007/goproxy/utils/conncrypt"
- "github.com/snail007/goproxy/utils/socks"
+ "bitbucket.org/snail/proxy/utils"
+ goaes "bitbucket.org/snail/proxy/utils/aes"
+ "bitbucket.org/snail/proxy/utils/socks"
)
-func (s *SPS) ParentUDPKey() (key []byte) {
- switch *s.cfg.ParentType {
- case "tcp":
- if *s.cfg.ParentKey != "" {
- v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.ParentKey)))
- return []byte(v)[:24]
- }
- case "tls":
- return s.cfg.KeyBytes[:24]
- case "kcp":
- v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
- return []byte(v)[:24]
- }
- return
-}
-func (s *SPS) LocalUDPKey() (key []byte) {
- switch *s.cfg.LocalType {
- case "tcp":
- if *s.cfg.LocalKey != "" {
- v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.LocalKey)))
- return []byte(v)[:24]
- }
- case "tls":
- return s.cfg.KeyBytes[:24]
- case "kcp":
- v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
- return []byte(v)[:24]
- }
- return
-}
func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
defer func() {
if e := recover(); e != nil {
@@ -123,41 +90,19 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
}
}()
//parent proxy
- outconn, err := s.outPool.Get()
+ lbAddr := s.lb.Select((*inConn).RemoteAddr().String(), *s.cfg.LoadBalanceOnlyHA)
+
+ outconn, err := s.GetParentConn(lbAddr)
//outconn, err := s.GetParentConn(nil, nil, "", false)
if err != nil {
clean("connnect fail", fmt.Sprintf("%s", err))
return
}
- if *s.cfg.ParentCompress {
- outconn = utils.NewCompConn(outconn)
- }
- if *s.cfg.ParentKey != "" {
- outconn = conncrypt.New(outconn, &conncrypt.Config{
- Password: *s.cfg.ParentKey,
- })
- }
-
s.log.Printf("connect %s for udp", serverConn.Target())
//socks client
- var client *socks.ClientConn
- auth := serverConn.AuthData()
- if *s.cfg.ParentAuth != "" {
- a := strings.Split(*s.cfg.ParentAuth, ":")
- if len(a) != 2 {
- err = fmt.Errorf("parent auth data format error")
- return
- }
- client = socks.NewClientConn(&outconn, "udp", serverConn.Target(), time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
- } else {
- if !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
- client = socks.NewClientConn(&outconn, "udp", serverConn.Target(), time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
- } else {
- client = socks.NewClientConn(&outconn, "udp", serverConn.Target(), time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
- }
- }
- if err = client.Handshake(); err != nil {
+ client, err := s.HandshakeSocksParent(&outconn, "udp", serverConn.Target(), serverConn.AuthData(), false)
+ if err != nil {
clean("handshake fail", fmt.Sprintf("%s", err))
return
}
@@ -181,9 +126,9 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
//s.log.Printf("parent udp address %s", client.UDPAddr)
destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
//relay
- buf := utils.LeakyBuffer.Get()
- defer utils.LeakyBuffer.Put(buf)
for {
+ buf := utils.LeakyBuffer.Get()
+ defer utils.LeakyBuffer.Put(buf)
n, srcAddr, err := udpListener.ReadFromUDP(buf)
if err != nil {
s.log.Printf("udp listener read fail, %s", err.Error())
@@ -208,76 +153,42 @@ func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
} else {
err = p.Parse(buf[:n])
}
+ //err = p.Parse(buf[:n])
if err != nil {
s.log.Printf("udp listener parse packet fail, %s", err.Error())
continue
}
-
- port, _ := strconv.Atoi(p.Port())
-
if v, ok := s.udpRelatedPacketConns.Get(srcAddr.String()); !ok {
- if destAddr == nil {
- destAddr = &net.UDPAddr{IP: net.ParseIP(p.Host()), Port: port}
- }
outUDPConn, err = net.DialUDP("udp", localAddr, destAddr)
if err != nil {
s.log.Printf("create out udp conn fail , %s , from : %s", err, srcAddr)
continue
}
s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn)
- go func() {
- defer func() {
- if e := recover(); e != nil {
- s.log.Printf("udp out->local io copy crashed:\n%s\n%s", e, string(debug.Stack()))
- }
- }()
- defer s.udpRelatedPacketConns.Remove(srcAddr.String())
- //out->local io copy
- buf := utils.LeakyBuffer.Get()
- defer utils.LeakyBuffer.Put(buf)
- for {
- outUDPConn.SetReadDeadline(time.Now().Add(time.Second * 5))
- n, err := outUDPConn.Read(buf)
- outUDPConn.SetReadDeadline(time.Time{})
+ utils.UDPCopy(udpListener, outUDPConn, srcAddr, 0, func(data []byte) []byte {
+ //forward to local
+ var v []byte
+ //convert parent data to raw
+ if len(s.udpParentKey) > 0 {
+ v, err = goaes.Decrypt(s.udpParentKey, data)
if err != nil {
- s.log.Printf("read out udp data fail , %s , from : %s", err, srcAddr)
- if isClosedErr(err) {
- return
- }
- continue
- }
- //var dlen = n
- //forward to local
- var v []byte
- //convert parent data to raw
- if len(s.udpParentKey) > 0 {
- v, err = goaes.Decrypt(s.udpParentKey, buf[:n])
- if err != nil {
- s.log.Printf("udp outconn parse packet fail, %s", err.Error())
- continue
- }
- } else {
- v = buf[:n]
- }
- //now v is raw, try convert v to local
- if len(s.udpLocalKey) > 0 {
- v, _ = goaes.Encrypt(s.udpLocalKey, v)
- }
- _, err = udpListener.WriteTo(v, srcAddr)
- // _, err = udpListener.WriteTo(buf[:n], srcAddr)
-
- if err != nil {
- s.udpRelatedPacketConns.Remove(srcAddr.String())
- s.log.Printf("write out data to local fail , %s , from : %s", err, srcAddr)
- if isClosedErr(err) {
- return
- }
- continue
- } else {
- //s.log.Printf("send udp data to local success , len %d, for : %s", dlen, srcAddr)
+ s.log.Printf("udp outconn parse packet fail, %s", err.Error())
+ return []byte{}
}
+ } else {
+ v = data
}
- }()
+ //now v is raw, try convert v to local
+ if len(s.udpLocalKey) > 0 {
+ v, _ = goaes.Encrypt(s.udpLocalKey, v)
+ }
+ return v
+ }, func(err interface{}) {
+ s.udpRelatedPacketConns.Remove(srcAddr.String())
+ if err != nil {
+ s.log.Printf("udp out->local io copy crashed:\n%s\n%s", err, string(debug.Stack()))
+ }
+ })
} else {
outUDPConn = v.(*net.UDPConn)
}
diff --git a/services/sps/sps.go b/services/sps/sps.go
index 1da298b..10c9603 100644
--- a/services/sps/sps.go
+++ b/services/sps/sps.go
@@ -2,6 +2,8 @@ package sps
import (
"bytes"
+ "crypto/md5"
+ "crypto/tls"
"encoding/base64"
"errors"
"fmt"
@@ -13,70 +15,96 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/conncrypt"
- "github.com/snail007/goproxy/utils/sni"
- "github.com/snail007/goproxy/utils/socks"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/conncrypt"
+ "bitbucket.org/snail/proxy/utils/datasize"
+ "bitbucket.org/snail/proxy/utils/dnsx"
+ "bitbucket.org/snail/proxy/utils/iolimiter"
+ "bitbucket.org/snail/proxy/utils/lb"
+ "bitbucket.org/snail/proxy/utils/mapx"
+ "bitbucket.org/snail/proxy/utils/sni"
+ "bitbucket.org/snail/proxy/utils/socks"
+ "bitbucket.org/snail/proxy/utils/ss"
)
type SPSArgs struct {
- Parent *string
- CertFile *string
- KeyFile *string
- CaCertFile *string
- CaCertBytes []byte
- CertBytes []byte
- KeyBytes []byte
- Local *string
- ParentType *string
- LocalType *string
- Timeout *int
- KCP kcpcfg.KCPConfigArgs
- ParentServiceType *string
- DNSAddress *string
- DNSTTL *int
- AuthFile *string
- Auth *[]string
- AuthURL *string
- AuthURLOkCode *int
- AuthURLTimeout *int
- AuthURLRetry *int
- LocalIPS *[]string
- ParentAuth *string
- LocalKey *string
- ParentKey *string
- LocalCompress *bool
- ParentCompress *bool
- DisableHTTP *bool
- DisableSocks5 *bool
+ Parent *[]string
+ CertFile *string
+ KeyFile *string
+ CaCertFile *string
+ CaCertBytes []byte
+ CertBytes []byte
+ KeyBytes []byte
+ Local *string
+ ParentType *string
+ LocalType *string
+ Timeout *int
+ KCP kcpcfg.KCPConfigArgs
+ ParentServiceType *string
+ DNSAddress *string
+ DNSTTL *int
+ AuthFile *string
+ Auth *[]string
+ AuthURL *string
+ AuthURLOkCode *int
+ AuthURLTimeout *int
+ AuthURLRetry *int
+ LocalIPS *[]string
+ ParentAuth *string
+ LocalKey *string
+ ParentKey *string
+ LocalCompress *bool
+ ParentCompress *bool
+ SSMethod *string
+ SSKey *string
+ ParentSSMethod *string
+ ParentSSKey *string
+ DisableHTTP *bool
+ DisableSocks5 *bool
+ DisableSS *bool
+ LoadBalanceMethod *string
+ LoadBalanceTimeout *int
+ LoadBalanceRetryTime *int
+ LoadBalanceHashTarget *bool
+ LoadBalanceOnlyHA *bool
+
+ RateLimit *string
+ RateLimitBytes float64
+ Debug *bool
}
type SPS struct {
- outPool utils.OutConn
cfg SPSArgs
- domainResolver utils.DomainResolver
+ domainResolver dnsx.DomainResolver
basicAuth utils.BasicAuth
serverChannels []*utils.ServerChannel
- userConns utils.ConcurrentMap
+ userConns mapx.ConcurrentMap
log *logger.Logger
- udpRelatedPacketConns utils.ConcurrentMap
+ localCipher *ss.Cipher
+ parentCipher *ss.Cipher
+ udpRelatedPacketConns mapx.ConcurrentMap
+ lb *lb.Group
udpLocalKey []byte
udpParentKey []byte
}
func NewSPS() services.Service {
return &SPS{
- outPool: utils.OutConn{},
cfg: SPSArgs{},
basicAuth: utils.BasicAuth{},
serverChannels: []*utils.ServerChannel{},
- userConns: utils.NewConcurrentMap(),
- udpRelatedPacketConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
+ udpRelatedPacketConns: mapx.NewConcurrentMap(),
}
}
func (s *SPS) CheckArgs() (err error) {
- if *s.cfg.Parent == "" {
+
+ if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+ (*s.cfg.Parent) = []string{}
+ }
+
+ if len(*s.cfg.Parent) == 0 {
err = fmt.Errorf("parent required for %s %s", *s.cfg.LocalType, *s.cfg.Local)
return
}
@@ -84,6 +112,10 @@ func (s *SPS) CheckArgs() (err error) {
err = fmt.Errorf("parent type unkown,use -T ")
return
}
+ if *s.cfg.ParentType == "ss" && (*s.cfg.ParentSSKey == "" || *s.cfg.ParentSSMethod == "") {
+ err = fmt.Errorf("ss parent need a ss key, set it by : -J ")
+ return
+ }
if *s.cfg.ParentType == "tls" || *s.cfg.LocalType == "tls" {
s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
if err != nil {
@@ -97,31 +129,45 @@ func (s *SPS) CheckArgs() (err error) {
}
}
}
+ if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+ var size uint64
+ size, err = datasize.Parse(*s.cfg.RateLimit)
+ if err != nil {
+ err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+ return
+ }
+ s.cfg.RateLimitBytes = float64(size)
+ }
s.udpLocalKey = s.LocalUDPKey()
s.udpParentKey = s.ParentUDPKey()
return
}
func (s *SPS) InitService() (err error) {
+
if *s.cfg.DNSAddress != "" {
- (*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+ (*s).domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
}
- s.InitOutConnPool()
+
+ if len(*s.cfg.Parent) > 0 {
+ s.InitLB()
+ }
+
err = s.InitBasicAuth()
- return
-}
-func (s *SPS) InitOutConnPool() {
- if *s.cfg.ParentType == "tls" || *s.cfg.ParentType == "tcp" || *s.cfg.ParentType == "kcp" {
- //dur int, isTLS bool, certBytes, keyBytes []byte,
- //parent string, timeout int, InitialCap int, MaxCap int
- s.outPool = utils.NewOutConn(
- 0,
- *s.cfg.ParentType,
- s.cfg.KCP,
- s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes,
- *s.cfg.Parent,
- *s.cfg.Timeout,
- )
+ if *s.cfg.SSMethod != "" && *s.cfg.SSKey != "" {
+ s.localCipher, err = ss.NewCipher(*s.cfg.SSMethod, *s.cfg.SSKey)
+ if err != nil {
+ s.log.Printf("error generating cipher : %s", err)
+ return
+ }
}
+ if *s.cfg.ParentServiceType == "ss" {
+ s.parentCipher, err = ss.NewCipher(*s.cfg.ParentSSMethod, *s.cfg.ParentSSKey)
+ if err != nil {
+ s.log.Printf("error generating cipher : %s", err)
+ return
+ }
+ }
+ return
}
func (s *SPS) StopService() {
@@ -130,7 +176,7 @@ func (s *SPS) StopService() {
if e != nil {
s.log.Printf("stop sps service crashed,%s", e)
} else {
- s.log.Printf("service sps stopped")
+ s.log.Printf("service sps stoped")
}
}()
for _, sc := range s.serverChannels {
@@ -149,6 +195,12 @@ func (s *SPS) StopService() {
(*(*c.(**net.Conn))).Close()
}
}
+ if s.lb != nil {
+ s.lb.Stop()
+ }
+ for _, c := range s.udpRelatedPacketConns.Items() {
+ (*c.(*net.UDPConn)).Close()
+ }
}
func (s *SPS) Start(args interface{}, log *logger.Logger) (err error) {
s.log = log
@@ -159,24 +211,30 @@ func (s *SPS) Start(args interface{}, log *logger.Logger) (err error) {
if err = s.InitService(); err != nil {
return
}
- s.log.Printf("use %s %s parent %s", *s.cfg.ParentType, *s.cfg.ParentServiceType, *s.cfg.Parent)
+
+ s.log.Printf("use %s %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.ParentServiceType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
for _, addr := range strings.Split(*s.cfg.Local, ",") {
if addr != "" {
host, port, _ := net.SplitHostPort(addr)
p, _ := strconv.Atoi(port)
sc := utils.NewServerChannel(host, p, s.log)
+ s.serverChannels = append(s.serverChannels, &sc)
if *s.cfg.LocalType == "tcp" {
err = sc.ListenTCP(s.callback)
} else if *s.cfg.LocalType == "tls" {
err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.callback)
- } else if *s.cfg.LocalType == "kcp" {
+ } else if *s.cfg.LocalType == "tcp" {
err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
}
+ if *s.cfg.ParentServiceType == "socks" {
+ err = s.RunSSUDP(addr)
+ } else {
+ s.log.Println("warn : udp only for socks parent ")
+ }
if err != nil {
return
}
- s.log.Printf("%s http(s)+socks proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
- s.serverChannels = append(s.serverChannels, &sc)
+ s.log.Printf("%s http(s)+socks+ss proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
}
}
return
@@ -200,22 +258,23 @@ func (s *SPS) callback(inConn net.Conn) {
})
}
var err error
+ lbAddr := ""
switch *s.cfg.ParentType {
case "kcp":
fallthrough
case "tcp":
fallthrough
case "tls":
- err = s.OutToTCP(&inConn)
+ lbAddr, err = s.OutToTCP(&inConn)
default:
err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
}
if err != nil {
- s.log.Printf("connect to %s parent %s fail, ERR:%s from %s", *s.cfg.ParentType, *s.cfg.Parent, err, inConn.RemoteAddr())
+ s.log.Printf("connect to %s parent %s fail, ERR:%s from %s", *s.cfg.ParentType, lbAddr, err, inConn.RemoteAddr())
utils.CloseConn(&inConn)
}
}
-func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
+func (s *SPS) OutToTCP(inConn *net.Conn) (lbAddr string, err error) {
enableUDP := *s.cfg.ParentServiceType == "socks"
udpIP, _, _ := net.SplitHostPort((*inConn).LocalAddr().String())
if len(*s.cfg.LocalIPS) > 0 {
@@ -243,9 +302,9 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
isSNI, _ := sni.ServerNameFromBytes(h)
*inConn = bInConn
address := ""
- var auth socks.Auth
+ var auth = socks.Auth{}
var forwardBytes []byte
- //fmt.Printf("%v", h)
+ //fmt.Printf("%v", header)
if utils.IsSocks5(h) {
if *s.cfg.DisableSocks5 {
(*inConn).Close()
@@ -306,6 +365,25 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
auth = socks.Auth{User: userpassA[0], Password: userpassA[1]}
}
}
+ } else {
+ //ss
+ if *s.cfg.DisableSS {
+ (*inConn).Close()
+ return
+ }
+ (*inConn).SetDeadline(time.Now().Add(time.Second * 5))
+ ssConn := ss.NewConn(*inConn, s.localCipher.Copy())
+ address, err = ss.GetRequest(ssConn)
+ (*inConn).SetDeadline(time.Time{})
+ if err != nil {
+ return
+ }
+ // ensure the host does not contain some illegal characters, NUL may panic on Win32
+ if strings.ContainsRune(address, 0x00) {
+ err = errors.New("invalid domain name")
+ return
+ }
+ *inConn = ssConn
}
if err != nil || address == "" {
s.log.Printf("unknown request from: %s,%s", (*inConn).RemoteAddr(), string(h))
@@ -316,22 +394,20 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
}
//connect to parent
var outConn net.Conn
- outConn, err = s.outPool.Get()
+ selectAddr := (*inConn).RemoteAddr().String()
+ if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+ selectAddr = address
+ }
+ lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+ //lbAddr = s.lb.Select((*inConn).RemoteAddr().String())
+ outConn, err = s.GetParentConn(lbAddr)
if err != nil {
- s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
+ s.log.Printf("connect to %s , err:%s", lbAddr, err)
utils.CloseConn(inConn)
return
}
- if *s.cfg.ParentCompress {
- outConn = utils.NewCompConn(outConn)
- }
- if *s.cfg.ParentKey != "" {
- outConn = conncrypt.New(outConn, &conncrypt.Config{
- Password: *s.cfg.ParentKey,
- })
- }
- if *s.cfg.ParentAuth != "" || s.IsBasicAuth() {
+ if *s.cfg.ParentAuth != "" || *s.cfg.ParentSSKey != "" || s.IsBasicAuth() {
forwardBytes = utils.RemoveProxyHeaders(forwardBytes)
}
@@ -380,7 +456,7 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
_, err = outConn.Write(pb.Bytes())
outConn.SetDeadline(time.Time{})
if err != nil {
- s.log.Printf("write CONNECT to %s , err:%s", *s.cfg.Parent, err)
+ s.log.Printf("write CONNECT to %s , err:%s", lbAddr, err)
utils.CloseConn(inConn)
utils.CloseConn(&outConn)
return
@@ -392,7 +468,7 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
_, err = outConn.Read(reply)
outConn.SetDeadline(time.Time{})
if err != nil {
- s.log.Printf("read reply from %s , err:%s", *s.cfg.Parent, err)
+ s.log.Printf("read reply from %s , err:%s", lbAddr, err)
utils.CloseConn(inConn)
utils.CloseConn(&outConn)
return
@@ -401,23 +477,24 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
}
} else if *s.cfg.ParentServiceType == "socks" {
s.log.Printf("connect %s", address)
+
//socks client
- var clientConn *socks.ClientConn
- if *s.cfg.ParentAuth != "" {
- a := strings.Split(*s.cfg.ParentAuth, ":")
- if len(a) != 2 {
- err = fmt.Errorf("parent auth data format error")
- return
- }
- clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
- } else {
- if !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
- clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
- } else {
- clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
- }
+ _, err = s.HandshakeSocksParent(&outConn, "tcp", address, auth, false)
+ if err != nil {
+ s.log.Printf("handshake fail, %s", err)
+ return
}
- if err = clientConn.Handshake(); err != nil {
+
+ } else if *s.cfg.ParentServiceType == "ss" {
+ ra, e := ss.RawAddr(address)
+ if e != nil {
+ err = fmt.Errorf("build ss raw addr fail, err: %s", e)
+ return
+ }
+
+ outConn, err = ss.DialWithRawAddr(&outConn, ra, "", s.parentCipher.Copy())
+ if err != nil {
+ err = fmt.Errorf("dial ss parent fail, err : %s", err)
return
}
}
@@ -427,18 +504,27 @@ func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
outConn.Write(forwardBytes)
}
+ if s.cfg.RateLimitBytes > 0 {
+ outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+ }
+
//bind
inAddr := (*inConn).RemoteAddr().String()
outAddr := outConn.RemoteAddr().String()
utils.IoBind((*inConn), outConn, func(err interface{}) {
s.log.Printf("conn %s - %s released [%s]", inAddr, outAddr, address)
s.userConns.Remove(inAddr)
+ s.lb.DecreaseConns(lbAddr)
}, s.log)
s.log.Printf("conn %s - %s connected [%s]", inAddr, outAddr, address)
+
+ s.lb.IncreasConns(lbAddr)
+
if c, ok := s.userConns.Get(inAddr); ok {
(*c.(*net.Conn)).Close()
}
s.userConns.Set(inAddr, inConn)
+
return
}
func (s *SPS) InitBasicAuth() (err error) {
@@ -466,6 +552,27 @@ func (s *SPS) InitBasicAuth() (err error) {
}
return
}
+func (s *SPS) InitLB() {
+ configs := lb.BackendsConfig{}
+ for _, addr := range *s.cfg.Parent {
+ _addrInfo := strings.Split(addr, "@")
+ _addr := _addrInfo[0]
+ weight := 1
+ if len(_addrInfo) == 2 {
+ weight, _ = strconv.Atoi(_addrInfo[1])
+ }
+ configs = append(configs, &lb.BackendConfig{
+ Address: _addr,
+ Weight: weight,
+ ActiveAfter: 1,
+ InactiveAfter: 2,
+ Timeout: time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+ RetryTime: time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+ })
+ }
+ LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+ s.lb = &LB
+}
func (s *SPS) IsBasicAuth() bool {
return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
}
@@ -518,3 +625,75 @@ func (s *SPS) Resolve(address string) string {
}
return ip
}
+func (s *SPS) GetParentConn(address string) (conn net.Conn, err error) {
+ if *s.cfg.ParentType == "tls" {
+ var _conn tls.Conn
+ _conn, err = utils.TlsConnectHost(address, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+ if err == nil {
+ conn = net.Conn(&_conn)
+ }
+ } else if *s.cfg.ParentType == "kcp" {
+ conn, err = utils.ConnectKCPHost(address, s.cfg.KCP)
+ } else {
+ conn, err = utils.ConnectHost(address, *s.cfg.Timeout)
+ }
+ if err == nil {
+ if *s.cfg.ParentCompress {
+ conn = utils.NewCompConn(conn)
+ }
+ if *s.cfg.ParentKey != "" {
+ conn = conncrypt.New(conn, &conncrypt.Config{
+ Password: *s.cfg.ParentKey,
+ })
+ }
+ }
+ return
+}
+func (s *SPS) HandshakeSocksParent(outconn *net.Conn, network, dstAddr string, auth socks.Auth, fromSS bool) (client *socks.ClientConn, err error) {
+ if *s.cfg.ParentAuth != "" {
+ a := strings.Split(*s.cfg.ParentAuth, ":")
+ if len(a) != 2 {
+ err = fmt.Errorf("parent auth data format error")
+ return
+ }
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
+ } else {
+ if !fromSS && !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
+ } else {
+ client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
+ }
+ }
+ err = client.Handshake()
+ return
+}
+func (s *SPS) ParentUDPKey() (key []byte) {
+ switch *s.cfg.ParentType {
+ case "tcp":
+ if *s.cfg.ParentKey != "" {
+ v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.ParentKey)))
+ return []byte(v)[:24]
+ }
+ case "tls":
+ return s.cfg.KeyBytes[:24]
+ case "kcp":
+ v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+ return []byte(v)[:24]
+ }
+ return
+}
+func (s *SPS) LocalUDPKey() (key []byte) {
+ switch *s.cfg.LocalType {
+ case "tcp":
+ if *s.cfg.LocalKey != "" {
+ v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.LocalKey)))
+ return []byte(v)[:24]
+ }
+ case "tls":
+ return s.cfg.KeyBytes[:24]
+ case "kcp":
+ v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+ return []byte(v)[:24]
+ }
+ return
+}
diff --git a/services/sps/ssudp.go b/services/sps/ssudp.go
new file mode 100644
index 0000000..7f75cfa
--- /dev/null
+++ b/services/sps/ssudp.go
@@ -0,0 +1,161 @@
+package sps
+
+import (
+ "bytes"
+ "fmt"
+ "net"
+ "runtime/debug"
+ "time"
+
+ "bitbucket.org/snail/proxy/utils"
+ goaes "bitbucket.org/snail/proxy/utils/aes"
+ "bitbucket.org/snail/proxy/utils/socks"
+)
+
+func (s *SPS) RunSSUDP(addr string) (err error) {
+ a, _ := net.ResolveUDPAddr("udp", addr)
+ listener, err := net.ListenUDP("udp", a)
+ if err != nil {
+ s.log.Printf("ss udp bind error %s", err)
+ return
+ }
+ s.log.Printf("ss udp on %s", listener.LocalAddr())
+ s.udpRelatedPacketConns.Set(addr, listener)
+ go func() {
+ defer func() {
+ if e := recover(); e != nil {
+ s.log.Printf("udp local->out io copy crashed:\n%s\n%s", e, string(debug.Stack()))
+ }
+ }()
+ for {
+ buf := utils.LeakyBuffer.Get()
+ defer utils.LeakyBuffer.Put(buf)
+ n, srcAddr, err := listener.ReadFrom(buf)
+ if err != nil {
+ s.log.Printf("read from client error %s", err)
+ if utils.IsNetClosedErr(err) {
+ return
+ }
+ continue
+ }
+ var (
+ inconnRemoteAddr = srcAddr.String()
+ outUDPConn *net.UDPConn
+ outconn net.Conn
+ outconnLocalAddr string
+ destAddr *net.UDPAddr
+ clean = func(msg, err string) {
+ raddr := ""
+ if outUDPConn != nil {
+ raddr = outUDPConn.RemoteAddr().String()
+ outUDPConn.Close()
+ }
+ if msg != "" {
+ if raddr != "" {
+ s.log.Printf("%s , %s , %s -> %s", msg, err, inconnRemoteAddr, raddr)
+ } else {
+ s.log.Printf("%s , %s , from : %s", msg, err, inconnRemoteAddr)
+ }
+ }
+ s.userConns.Remove(inconnRemoteAddr)
+ if outconn != nil {
+ outconn.Close()
+ }
+ if outconnLocalAddr != "" {
+ s.userConns.Remove(outconnLocalAddr)
+ }
+ }
+ )
+ defer clean("", "")
+
+ raw := new(bytes.Buffer)
+ raw.Write([]byte{0x00, 0x00, 0x00})
+ raw.Write(s.localCipher.Decrypt(buf[:n]))
+ socksPacket := socks.NewPacketUDP()
+ err = socksPacket.Parse(raw.Bytes())
+ raw = nil
+ if err != nil {
+ s.log.Printf("udp parse error %s", err)
+ return
+ }
+
+ if v, ok := s.udpRelatedPacketConns.Get(inconnRemoteAddr); !ok {
+ //socks client
+ lbAddr := s.lb.Select(inconnRemoteAddr, *s.cfg.LoadBalanceOnlyHA)
+ outconn, err := s.GetParentConn(lbAddr)
+ if err != nil {
+ clean("connnect fail", fmt.Sprintf("%s", err))
+ return
+ }
+
+ client, err := s.HandshakeSocksParent(&outconn, "udp", socksPacket.Addr(), socks.Auth{}, true)
+ if err != nil {
+ clean("handshake fail", fmt.Sprintf("%s", err))
+ return
+ }
+
+ outconnLocalAddr = outconn.LocalAddr().String()
+ s.userConns.Set(outconnLocalAddr, &outconn)
+ go func() {
+ defer func() {
+ if e := recover(); e != nil {
+ s.log.Printf("udp related parent tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+ }
+ }()
+ buf := make([]byte, 1)
+ outconn.SetReadDeadline(time.Time{})
+ if _, err := outconn.Read(buf); err != nil {
+ clean("udp parent tcp conn disconnected", fmt.Sprintf("%s", err))
+ }
+ }()
+ destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
+ localZeroAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+ outUDPConn, err = net.DialUDP("udp", localZeroAddr, destAddr)
+ if err != nil {
+ s.log.Printf("create out udp conn fail , %s , from : %s", err, srcAddr)
+ return
+ }
+ s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn)
+ utils.UDPCopy(listener, outUDPConn, srcAddr, time.Second*5, func(data []byte) []byte {
+ //forward to local
+ var v []byte
+ //convert parent data to raw
+ if len(s.udpParentKey) > 0 {
+ v, err = goaes.Decrypt(s.udpParentKey, data)
+ if err != nil {
+ s.log.Printf("udp outconn parse packet fail, %s", err.Error())
+ return []byte{}
+ }
+ } else {
+ v = data
+ }
+ return s.localCipher.Encrypt(v[3:])
+ }, func(err interface{}) {
+ s.udpRelatedPacketConns.Remove(srcAddr.String())
+ if err != nil {
+ s.log.Printf("udp out->local io copy crashed:\n%s\n%s", err, string(debug.Stack()))
+ }
+ })
+ } else {
+ outUDPConn = v.(*net.UDPConn)
+ }
+ //forward to parent
+ //p is raw, now convert it to parent
+ var v []byte
+ if len(s.udpParentKey) > 0 {
+ v, _ = goaes.Encrypt(s.udpParentKey, socksPacket.Bytes())
+ } else {
+ v = socksPacket.Bytes()
+ }
+ _, err = outUDPConn.Write(v)
+ socksPacket = socks.PacketUDP{}
+ if err != nil {
+ if utils.IsNetClosedErr(err) {
+ return
+ }
+ s.log.Printf("send out udp data fail , %s , from : %s", err, srcAddr)
+ }
+ }
+ }()
+ return
+}
diff --git a/services/tcp/tcp.go b/services/tcp/tcp.go
index 1ca2105..b58b8cb 100644
--- a/services/tcp/tcp.go
+++ b/services/tcp/tcp.go
@@ -10,33 +10,35 @@ import (
"runtime/debug"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/jumper"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/jumper"
+ "bitbucket.org/snail/proxy/utils/mapx"
"strconv"
)
type TCPArgs struct {
- Parent *string
- CertFile *string
- KeyFile *string
- CertBytes []byte
- KeyBytes []byte
- Local *string
- ParentType *string
- LocalType *string
- Timeout *int
- KCP kcpcfg.KCPConfigArgs
- Jumper *string
+ Parent *string
+ CertFile *string
+ KeyFile *string
+ CertBytes []byte
+ KeyBytes []byte
+ Local *string
+ ParentType *string
+ LocalType *string
+ Timeout *int
+ CheckParentInterval *int
+ KCP kcpcfg.KCPConfigArgs
+ Jumper *string
}
type TCP struct {
cfg TCPArgs
sc *utils.ServerChannel
isStop bool
- userConns utils.ConcurrentMap
+ userConns mapx.ConcurrentMap
log *logger.Logger
jumper *jumper.Jumper
}
@@ -45,11 +47,11 @@ func NewTCP() services.Service {
return &TCP{
cfg: TCPArgs{},
isStop: false,
- userConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
}
}
func (s *TCP) CheckArgs() (err error) {
- if *s.cfg.Parent == "" {
+ if len(*s.cfg.Parent) == 0 {
err = fmt.Errorf("parent required for %s %s", *s.cfg.LocalType, *s.cfg.Local)
return
}
@@ -88,7 +90,7 @@ func (s *TCP) StopService() {
if e != nil {
s.log.Printf("stop tcp service crashed,%s", e)
} else {
- s.log.Printf("service tcp stopped")
+ s.log.Printf("service tcp stoped")
}
}()
s.isStop = true
@@ -111,7 +113,7 @@ func (s *TCP) Start(args interface{}, log *logger.Logger) (err error) {
if err = s.InitService(); err != nil {
return
}
- s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
+ s.log.Printf("use %s parent %v", *s.cfg.ParentType, *s.cfg.Parent)
host, port, _ := net.SplitHostPort(*s.cfg.Local)
p, _ := strconv.Atoi(port)
sc := utils.NewServerChannel(host, p, s.log)
@@ -141,6 +143,7 @@ func (s *TCP) callback(inConn net.Conn) {
}
}()
var err error
+ lbAddr := ""
switch *s.cfg.ParentType {
case "kcp":
fallthrough
@@ -154,11 +157,12 @@ func (s *TCP) callback(inConn net.Conn) {
err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
}
if err != nil {
- s.log.Printf("connect to %s parent %s fail, ERR:%s", *s.cfg.ParentType, *s.cfg.Parent, err)
+ s.log.Printf("connect to %s parent %s fail, ERR:%s", *s.cfg.ParentType, lbAddr, err)
utils.CloseConn(&inConn)
}
}
func (s *TCP) OutToTCP(inConn *net.Conn) (err error) {
+
var outConn net.Conn
outConn, err = s.GetParentConn()
if err != nil {
diff --git a/services/tunnel/tunnel_bridge.go b/services/tunnel/tunnel_bridge.go
index f2e8d8f..c9f142c 100644
--- a/services/tunnel/tunnel_bridge.go
+++ b/services/tunnel/tunnel_bridge.go
@@ -9,8 +9,9 @@ import (
"strconv"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/utils"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/mapx"
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
@@ -37,8 +38,8 @@ type ServerConn struct {
}
type TunnelBridge struct {
cfg TunnelBridgeArgs
- serverConns utils.ConcurrentMap
- clientControlConns utils.ConcurrentMap
+ serverConns mapx.ConcurrentMap
+ clientControlConns mapx.ConcurrentMap
isStop bool
log *logger.Logger
}
@@ -46,8 +47,8 @@ type TunnelBridge struct {
func NewTunnelBridge() services.Service {
return &TunnelBridge{
cfg: TunnelBridgeArgs{},
- serverConns: utils.NewConcurrentMap(),
- clientControlConns: utils.NewConcurrentMap(),
+ serverConns: mapx.NewConcurrentMap(),
+ clientControlConns: mapx.NewConcurrentMap(),
isStop: false,
}
}
@@ -69,7 +70,7 @@ func (s *TunnelBridge) StopService() {
if e != nil {
s.log.Printf("stop tbridge service crashed,%s", e)
} else {
- s.log.Printf("service tbridge stopped")
+ s.log.Printf("service tbridge stoped")
}
}()
s.isStop = true
diff --git a/services/tunnel/tunnel_client.go b/services/tunnel/tunnel_client.go
index 9841577..edb5389 100644
--- a/services/tunnel/tunnel_client.go
+++ b/services/tunnel/tunnel_client.go
@@ -9,18 +9,15 @@ import (
"os"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/jumper"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/jumper"
+ "bitbucket.org/snail/proxy/utils/mapx"
+
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
)
-const (
- CONN_SERVER_MUX = uint8(6)
- CONN_CLIENT_MUX = uint8(7)
-)
-
type TunnelClientArgs struct {
Parent *string
CertFile *string
@@ -35,7 +32,7 @@ type TunnelClient struct {
cfg TunnelClientArgs
ctrlConn net.Conn
isStop bool
- userConns utils.ConcurrentMap
+ userConns mapx.ConcurrentMap
log *logger.Logger
jumper *jumper.Jumper
}
@@ -43,7 +40,7 @@ type TunnelClient struct {
func NewTunnelClient() services.Service {
return &TunnelClient{
cfg: TunnelClientArgs{},
- userConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
isStop: false,
}
}
@@ -84,7 +81,7 @@ func (s *TunnelClient) StopService() {
if e != nil {
s.log.Printf("stop tclient service crashed,%s", e)
} else {
- s.log.Printf("service tclient stopped")
+ s.log.Printf("service tclient stoped")
}
}()
s.isStop = true
diff --git a/services/tunnel/tunnel_server.go b/services/tunnel/tunnel_server.go
index 98f4904..d26bea5 100644
--- a/services/tunnel/tunnel_server.go
+++ b/services/tunnel/tunnel_server.go
@@ -12,9 +12,10 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/utils"
- "github.com/snail007/goproxy/utils/jumper"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/jumper"
+ "bitbucket.org/snail/proxy/utils/mapx"
//"github.com/xtaci/smux"
smux "github.com/hashicorp/yamux"
@@ -35,11 +36,17 @@ type TunnelServerArgs struct {
Mgr *TunnelServerManager
Jumper *string
}
-type UDPItem struct {
- packet *[]byte
- localAddr *net.UDPAddr
- srcAddr *net.UDPAddr
+type TunnelServer struct {
+ cfg TunnelServerArgs
+ udpChn chan UDPItem
+ sc utils.ServerChannel
+ isStop bool
+ udpConn *net.Conn
+ userConns mapx.ConcurrentMap
+ log *logger.Logger
+ jumper *jumper.Jumper
}
+
type TunnelServerManager struct {
cfg TunnelServerArgs
udpChn chan UDPItem
@@ -136,33 +143,28 @@ func (s *TunnelServerManager) InitService() (err error) {
return
}
-type TunnelServer struct {
- cfg TunnelServerArgs
- udpChn chan UDPItem
- sc utils.ServerChannel
- isStop bool
- udpConn *net.Conn
- userConns utils.ConcurrentMap
- log *logger.Logger
- jumper *jumper.Jumper
-}
-
func NewTunnelServer() services.Service {
return &TunnelServer{
cfg: TunnelServerArgs{},
udpChn: make(chan UDPItem, 50000),
isStop: false,
- userConns: utils.NewConcurrentMap(),
+ userConns: mapx.NewConcurrentMap(),
}
}
+type UDPItem struct {
+ packet *[]byte
+ localAddr *net.UDPAddr
+ srcAddr *net.UDPAddr
+}
+
func (s *TunnelServer) StopService() {
defer func() {
e := recover()
if e != nil {
s.log.Printf("stop server service crashed,%s", e)
} else {
- s.log.Printf("service server stopped")
+ s.log.Printf("service server stoped")
}
}()
s.isStop = true
@@ -214,7 +216,7 @@ func (s *TunnelServer) Start(args interface{}, log *logger.Logger) (err error) {
p, _ := strconv.Atoi(port)
s.sc = utils.NewServerChannel(host, p, s.log)
if *s.cfg.IsUDP {
- err = s.sc.ListenUDP(func(packet []byte, localAddr, srcAddr *net.UDPAddr) {
+ err = s.sc.ListenUDP(func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
s.udpChn <- UDPItem{
packet: &packet,
localAddr: localAddr,
diff --git a/services/udp/udp.go b/services/udp/udp.go
index cf2d46f..6ea08bc 100644
--- a/services/udp/udp.go
+++ b/services/udp/udp.go
@@ -2,6 +2,7 @@ package udp
import (
"bufio"
+ "crypto/tls"
"fmt"
"hash/crc32"
"io"
@@ -12,9 +13,9 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/services"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils"
+ "bitbucket.org/snail/proxy/services"
+ "bitbucket.org/snail/proxy/utils"
+ "bitbucket.org/snail/proxy/utils/mapx"
)
type UDPArgs struct {
@@ -29,23 +30,21 @@ type UDPArgs struct {
CheckParentInterval *int
}
type UDP struct {
- p utils.ConcurrentMap
- outPool utils.OutConn
- cfg UDPArgs
- sc *utils.ServerChannel
- isStop bool
- log *logger.Logger
+ p mapx.ConcurrentMap
+ cfg UDPArgs
+ sc *utils.ServerChannel
+ isStop bool
+ log *logger.Logger
}
func NewUDP() services.Service {
return &UDP{
- outPool: utils.OutConn{},
- p: utils.NewConcurrentMap(),
- isStop: false,
+ p: mapx.NewConcurrentMap(),
+ isStop: false,
}
}
func (s *UDP) CheckArgs() (err error) {
- if *s.cfg.Parent == "" {
+ if len(*s.cfg.Parent) == 0 {
err = fmt.Errorf("parent required for udp %s", *s.cfg.Local)
return
}
@@ -62,9 +61,7 @@ func (s *UDP) CheckArgs() (err error) {
return
}
func (s *UDP) InitService() (err error) {
- if *s.cfg.ParentType != "udp" {
- s.InitOutConnPool()
- }
+
return
}
func (s *UDP) StopService() {
@@ -73,7 +70,7 @@ func (s *UDP) StopService() {
if e != nil {
s.log.Printf("stop udp service crashed,%s", e)
} else {
- s.log.Printf("service udp stopped")
+ s.log.Printf("service udp stoped")
}
}()
s.isStop = true
@@ -109,7 +106,7 @@ func (s *UDP) Start(args interface{}, log *logger.Logger) (err error) {
func (s *UDP) Clean() {
s.StopService()
}
-func (s *UDP) callback(packet []byte, localAddr, srcAddr *net.UDPAddr) {
+func (s *UDP) callback(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
defer func() {
if err := recover(); err != nil {
s.log.Printf("udp conn handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
@@ -134,7 +131,7 @@ func (s *UDP) GetConn(connKey string) (conn net.Conn, isNew bool, err error) {
isNew = !s.p.Has(connKey)
var _conn interface{}
if isNew {
- _conn, err = s.outPool.Get()
+ _conn, err = s.GetParentConn()
if err != nil {
return nil, false, err
}
@@ -245,17 +242,15 @@ func (s *UDP) OutToUDP(packet []byte, localAddr, srcAddr *net.UDPAddr) (err erro
//s.log.Printf("send udp response to cluster success ,from:%s", dstAddr.String())
return
}
-func (s *UDP) InitOutConnPool() {
- if *s.cfg.ParentType == "tls" || *s.cfg.ParentType == "tcp" {
- //dur int, isTLS bool, certBytes, keyBytes []byte,
- //parent string, timeout int, InitialCap int, MaxCap int
- s.outPool = utils.NewOutConn(
- *s.cfg.CheckParentInterval,
- *s.cfg.ParentType,
- kcpcfg.KCPConfigArgs{},
- s.cfg.CertBytes, s.cfg.KeyBytes, nil,
- *s.cfg.Parent,
- *s.cfg.Timeout,
- )
+func (s *UDP) GetParentConn() (conn net.Conn, err error) {
+ if *s.cfg.ParentType == "tls" {
+ var _conn tls.Conn
+ _conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+ if err == nil {
+ conn = net.Conn(&_conn)
+ }
+ } else {
+ conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
}
+ return
}
diff --git a/utils/conncrypt/conncrypt.go b/utils/conncrypt/conncrypt.go
index 82641e8..f3115e7 100644
--- a/utils/conncrypt/conncrypt.go
+++ b/utils/conncrypt/conncrypt.go
@@ -12,8 +12,8 @@ import (
)
//Confg defaults
-const DefaultIterations = 1024
-const DefaultKeySize = 24 //256bits
+const DefaultIterations = 2048
+const DefaultKeySize = 32 //256bits
var DefaultHashFunc = sha256.New
var DefaultSalt = []byte(`
(;QUHj.BQ?RXzYSO]ifkXp/G!kFmWyXyEV6Nt!d|@bo+N$L9+ EB:
+ return fmt.Sprintf("%.1f EB", b.EBytes())
+ case b > PB:
+ return fmt.Sprintf("%.1f PB", b.PBytes())
+ case b > TB:
+ return fmt.Sprintf("%.1f TB", b.TBytes())
+ case b > GB:
+ return fmt.Sprintf("%.1f GB", b.GBytes())
+ case b > MB:
+ return fmt.Sprintf("%.1f MB", b.MBytes())
+ case b > KB:
+ return fmt.Sprintf("%.1f KB", b.KBytes())
+ default:
+ return fmt.Sprintf("%d B", b)
+ }
+}
+
+func (b ByteSize) MarshalText() ([]byte, error) {
+ return []byte(b.String()), nil
+}
+
+func (b *ByteSize) UnmarshalText(t []byte) error {
+ var val uint64
+ var unit string
+
+ // copy for error message
+ t0 := t
+
+ var c byte
+ var i int
+
+ParseLoop:
+ for i < len(t) {
+ c = t[i]
+ switch {
+ case '0' <= c && c <= '9':
+ if val > cutoff {
+ goto Overflow
+ }
+
+ c = c - '0'
+ val *= 10
+
+ if val > val+uint64(c) {
+ // val+v overflows
+ goto Overflow
+ }
+ val += uint64(c)
+ i++
+
+ default:
+ if i == 0 {
+ goto SyntaxError
+ }
+ break ParseLoop
+ }
+ }
+
+ unit = strings.TrimSpace(string(t[i:]))
+ switch unit {
+ case "Kb", "Mb", "Gb", "Tb", "Pb", "Eb":
+ goto BitsError
+ }
+ unit = strings.ToLower(unit)
+ switch unit {
+ case "", "b", "byte":
+ // do nothing - already in bytes
+
+ case "k", "kb", "kilo", "kilobyte", "kilobytes":
+ if val > maxUint64/uint64(KB) {
+ goto Overflow
+ }
+ val *= uint64(KB)
+
+ case "m", "mb", "mega", "megabyte", "megabytes":
+ if val > maxUint64/uint64(MB) {
+ goto Overflow
+ }
+ val *= uint64(MB)
+
+ case "g", "gb", "giga", "gigabyte", "gigabytes":
+ if val > maxUint64/uint64(GB) {
+ goto Overflow
+ }
+ val *= uint64(GB)
+
+ case "t", "tb", "tera", "terabyte", "terabytes":
+ if val > maxUint64/uint64(TB) {
+ goto Overflow
+ }
+ val *= uint64(TB)
+
+ case "p", "pb", "peta", "petabyte", "petabytes":
+ if val > maxUint64/uint64(PB) {
+ goto Overflow
+ }
+ val *= uint64(PB)
+
+ case "E", "EB", "e", "eb", "eB":
+ if val > maxUint64/uint64(EB) {
+ goto Overflow
+ }
+ val *= uint64(EB)
+
+ default:
+ goto SyntaxError
+ }
+
+ *b = ByteSize(val)
+ return nil
+
+Overflow:
+ *b = ByteSize(maxUint64)
+ return &strconv.NumError{fnUnmarshalText, string(t0), strconv.ErrRange}
+
+SyntaxError:
+ *b = 0
+ return &strconv.NumError{fnUnmarshalText, string(t0), strconv.ErrSyntax}
+
+BitsError:
+ *b = 0
+ return &strconv.NumError{fnUnmarshalText, string(t0), ErrBits}
+}
diff --git a/utils/dnsx/resolver.go b/utils/dnsx/resolver.go
new file mode 100644
index 0000000..f1a6514
--- /dev/null
+++ b/utils/dnsx/resolver.go
@@ -0,0 +1,114 @@
+package dnsx
+
+import (
+ "fmt"
+ logger "log"
+ "net"
+ "strings"
+ "time"
+
+ "bitbucket.org/snail/proxy/utils/mapx"
+ dns "github.com/miekg/dns"
+)
+
+type DomainResolver struct {
+ ttl int
+ dnsAddrress string
+ data mapx.ConcurrentMap
+ log *logger.Logger
+}
+type DomainResolverItem struct {
+ ip string
+ domain string
+ expiredAt int64
+}
+
+func NewDomainResolver(dnsAddrress string, ttl int, log *logger.Logger) DomainResolver {
+ return DomainResolver{
+ ttl: ttl,
+ dnsAddrress: dnsAddrress,
+ data: mapx.NewConcurrentMap(),
+ log: log,
+ }
+}
+func (a *DomainResolver) DnsAddress() (address string) {
+ address = a.dnsAddrress
+ return
+}
+func (a *DomainResolver) MustResolve(address string) (ip string) {
+ ip, _ = a.Resolve(address)
+ return
+}
+func (a *DomainResolver) Resolve(address string) (ip string, err error) {
+ domain := address
+ port := ""
+ fromCache := "false"
+ defer func() {
+ if port != "" {
+ ip = net.JoinHostPort(ip, port)
+ }
+ a.log.Printf("dns:%s->%s,cache:%s", address, ip, fromCache)
+ //a.PrintData()
+ }()
+ if strings.Contains(domain, ":") {
+ domain, port, err = net.SplitHostPort(domain)
+ if err != nil {
+ return
+ }
+ }
+ if net.ParseIP(domain) != nil {
+ ip = domain
+ fromCache = "ip ignore"
+ return
+ }
+ item, ok := a.data.Get(domain)
+ if ok {
+ //log.Println("find ", domain)
+ if (*item.(*DomainResolverItem)).expiredAt > time.Now().Unix() {
+ ip = (*item.(*DomainResolverItem)).ip
+ fromCache = "true"
+ //log.Println("from cache ", domain)
+ return
+ }
+ } else {
+ item = &DomainResolverItem{
+ domain: domain,
+ }
+
+ }
+ c := new(dns.Client)
+ c.DialTimeout = time.Millisecond * 5000
+ c.ReadTimeout = time.Millisecond * 5000
+ c.WriteTimeout = time.Millisecond * 5000
+ m := new(dns.Msg)
+ m.SetQuestion(dns.Fqdn(domain), dns.TypeA)
+ m.RecursionDesired = true
+ r, _, err := c.Exchange(m, a.dnsAddrress)
+ if r == nil {
+ return
+ }
+ if r.Rcode != dns.RcodeSuccess {
+ err = fmt.Errorf(" *** invalid answer name %s after A query for %s", domain, a.dnsAddrress)
+ return
+ }
+ for _, answer := range r.Answer {
+ if answer.Header().Rrtype == dns.TypeA {
+ info := strings.Fields(answer.String())
+ if len(info) >= 5 {
+ ip = info[4]
+ _item := item.(*DomainResolverItem)
+ (*_item).expiredAt = time.Now().Unix() + int64(a.ttl)
+ (*_item).ip = ip
+ a.data.Set(domain, item)
+ return
+ }
+ }
+ }
+ return
+}
+func (a *DomainResolver) PrintData() {
+ for k, item := range a.data.Items() {
+ d := item.(*DomainResolverItem)
+ a.log.Printf("%s:ip[%s],domain[%s],expired at[%d]\n", k, (*d).ip, (*d).domain, (*d).expiredAt)
+ }
+}
diff --git a/utils/functions.go b/utils/functions.go
index 28064c2..4b1f470 100755
--- a/utils/functions.go
+++ b/utils/functions.go
@@ -3,10 +3,13 @@ package utils
import (
"bufio"
"bytes"
+ "context"
"crypto/sha1"
"crypto/tls"
"crypto/x509"
+ "encoding/base64"
"encoding/binary"
+ "encoding/hex"
"encoding/pem"
"errors"
"fmt"
@@ -17,22 +20,30 @@ import (
"net"
"net/http"
"os"
+ "os/exec"
+ "strings"
- "github.com/snail007/goproxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/utils/lb"
"golang.org/x/crypto/pbkdf2"
- "context"
"strconv"
- "strings"
+
"time"
- "github.com/snail007/goproxy/utils/id"
+ "bitbucket.org/snail/proxy/utils/id"
kcp "github.com/xtaci/kcp-go"
)
func IoBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger) {
+ ioBind(dst, src, fn, log, true)
+}
+func IoBindNoClose(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger) {
+ ioBind(dst, src, fn, log, false)
+}
+func ioBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger, close bool) {
go func() {
defer func() {
if err := recover(); err != nil {
@@ -68,20 +79,41 @@ func IoBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interfac
case err = <-e2:
//log.Printf("e2")
}
- src.Close()
- dst.Close()
+ func() {
+ defer func() {
+ _ = recover()
+ }()
+ if close {
+ src.Close()
+ }
+ }()
+ func() {
+ defer func() {
+ _ = recover()
+ }()
+ if close {
+ dst.Close()
+ }
+ }()
if fn != nil {
fn(err)
}
}()
}
func ioCopy(dst io.ReadWriter, src io.ReadWriter) (err error) {
+ defer func() {
+ if e := recover(); e != nil {
+ }
+ }()
buf := LeakyBuffer.Get()
defer LeakyBuffer.Put(buf)
n := 0
for {
n, err = src.Read(buf)
if n > 0 {
+ if n > len(buf) {
+ n = len(buf)
+ }
if _, e := dst.Write(buf[0:n]); e != nil {
return e
}
@@ -122,6 +154,7 @@ func getRequestTlsConfig(certBytes, keyBytes, caCertBytes []byte) (conf *tls.Con
caBytes := certBytes
if caCertBytes != nil {
caBytes = caCertBytes
+
}
ok := serverCertPool.AppendCertsFromPEM(caBytes)
if !ok {
@@ -212,6 +245,98 @@ func CloseConn(conn *net.Conn) {
(*conn).Close()
}
}
+func Keygen() (err error) {
+ CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"}
+ domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"}
+ C := CList[int(RandInt(4))%len(CList)]
+ ST := RandString(int(RandInt(4) % 10))
+ O := RandString(int(RandInt(4) % 10))
+ CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)])
+ //log.Printf("C: %s, ST: %s, O: %s, CN: %s", C, ST, O, CN)
+ var out []byte
+ if len(os.Args) == 3 && os.Args[2] == "ca" {
+ cmd := exec.Command("sh", "-c", "openssl genrsa -out ca.key 2048")
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+
+ cmdStr := fmt.Sprintf("openssl req -new -key ca.key -x509 -days 36500 -out ca.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, "*."+CN)
+ cmd = exec.Command("sh", "-c", cmdStr)
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+ } else if len(os.Args) == 5 && os.Args[2] == "ca" && os.Args[3] != "" && os.Args[4] != "" {
+ certBytes, _ := ioutil.ReadFile("ca.crt")
+ block, _ := pem.Decode(certBytes)
+ if block == nil || certBytes == nil {
+ panic("failed to parse ca certificate PEM")
+ }
+ x509Cert, _ := x509.ParseCertificate(block.Bytes)
+ if x509Cert == nil {
+ panic("failed to parse block")
+ }
+ name := os.Args[3]
+ days := os.Args[4]
+ cmd := exec.Command("sh", "-c", "openssl genrsa -out "+name+".key 2048")
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+
+ cmdStr := fmt.Sprintf("openssl req -new -key %s.key -out %s.csr -subj /C=%s/ST=%s/O=%s/CN=%s", name, name, C, ST, O, CN)
+ fmt.Printf("%s", cmdStr)
+ cmd = exec.Command("sh", "-c", cmdStr)
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+
+ cmdStr = fmt.Sprintf("openssl x509 -req -days %s -in %s.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out %s.crt", days, name, name)
+ fmt.Printf("%s", cmdStr)
+ cmd = exec.Command("sh", "-c", cmdStr)
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+
+ fmt.Println(string(out))
+ } else if len(os.Args) == 3 && os.Args[2] == "usage" {
+ fmt.Println(`proxy keygen //generate proxy.crt and proxy.key
+proxy keygen ca //generate ca.crt and ca.key
+proxy keygen ca client0 30 //generate client0.crt client0.key and use ca.crt sign it with 30 days
+ `)
+ } else if len(os.Args) == 2 {
+ cmd := exec.Command("sh", "-c", "openssl genrsa -out proxy.key 2048")
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+
+ cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN)
+ cmd = exec.Command("sh", "-c", cmdStr)
+ out, err = cmd.CombinedOutput()
+ if err != nil {
+ logger.Printf("err:%s", err)
+ return
+ }
+ fmt.Println(string(out))
+ }
+
+ return
+}
var allInterfaceAddrCache []net.IP
@@ -310,10 +435,10 @@ func ReadUDPPacket(_reader io.Reader) (srcAddr string, packet []byte, err error)
return
}
func Uniqueid() string {
- return xid.New().String()
- // var src = rand.NewSource(time.Now().UnixNano())
- // s := fmt.Sprintf("%d", src.Int63())
- // return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:]
+ str := fmt.Sprintf("%d%s", time.Now().UnixNano(), xid.New().String())
+ hash := sha1.New()
+ hash.Write([]byte(str))
+ return hex.EncodeToString(hash.Sum(nil))
}
func RandString(strlen int) string {
codes := "QWERTYUIOPLKJHGFDSAZXCVBNMabcdefghijklmnopqrstuvwxyz0123456789"
@@ -338,15 +463,15 @@ func RandInt(strLen int) int64 {
i, _ := strconv.ParseInt(string(data), 10, 64)
return i
}
-func ReadData(r io.Reader) (data string, err error) {
- var len uint16
+func ReadBytes(r io.Reader) (data []byte, err error) {
+ var len uint64
err = binary.Read(r, binary.LittleEndian, &len)
if err != nil {
return
}
var n int
- _data := make([]byte, len)
- n, err = r.Read(_data)
+ data = make([]byte, len)
+ n, err = r.Read(data)
if err != nil {
return
}
@@ -354,9 +479,37 @@ func ReadData(r io.Reader) (data string, err error) {
err = fmt.Errorf("error data len")
return
}
+ return
+}
+func ReadData(r io.Reader) (data string, err error) {
+ _data, err := ReadBytes(r)
+ if err != nil {
+ return
+ }
data = string(_data)
return
}
+
+//non typed packet with Bytes
+func ReadPacketBytes(r io.Reader, data ...*[]byte) (err error) {
+ for _, d := range data {
+ *d, err = ReadBytes(r)
+ if err != nil {
+ return
+ }
+ }
+ return
+}
+func BuildPacketBytes(data ...[]byte) []byte {
+ pkg := new(bytes.Buffer)
+ for _, d := range data {
+ binary.Write(pkg, binary.LittleEndian, uint64(len(d)))
+ binary.Write(pkg, binary.LittleEndian, d)
+ }
+ return pkg.Bytes()
+}
+
+//non typed packet with string
func ReadPacketData(r io.Reader, data ...*string) (err error) {
for _, d := range data {
*d, err = ReadData(r)
@@ -366,13 +519,50 @@ func ReadPacketData(r io.Reader, data ...*string) (err error) {
}
return
}
-func ReadPacket(r io.Reader, typ *uint8, data ...*string) (err error) {
+func BuildPacketData(data ...string) []byte {
+ pkg := new(bytes.Buffer)
+ for _, d := range data {
+ bytes := []byte(d)
+ binary.Write(pkg, binary.LittleEndian, uint64(len(bytes)))
+ binary.Write(pkg, binary.LittleEndian, bytes)
+ }
+ return pkg.Bytes()
+}
+
+//typed packet with bytes
+func ReadBytesPacket(r io.Reader, packetType *uint8, data ...*[]byte) (err error) {
var connType uint8
err = binary.Read(r, binary.LittleEndian, &connType)
if err != nil {
return
}
- *typ = connType
+ *packetType = connType
+ for _, d := range data {
+ *d, err = ReadBytes(r)
+ if err != nil {
+ return
+ }
+ }
+ return
+}
+func BuildBytesPacket(packetType uint8, data ...[]byte) []byte {
+ pkg := new(bytes.Buffer)
+ binary.Write(pkg, binary.LittleEndian, packetType)
+ for _, d := range data {
+ binary.Write(pkg, binary.LittleEndian, uint64(len(d)))
+ binary.Write(pkg, binary.LittleEndian, d)
+ }
+ return pkg.Bytes()
+}
+
+//typed packet with string
+func ReadPacket(r io.Reader, packetType *uint8, data ...*string) (err error) {
+ var connType uint8
+ err = binary.Read(r, binary.LittleEndian, &connType)
+ if err != nil {
+ return
+ }
+ *packetType = connType
for _, d := range data {
*d, err = ReadData(r)
if err != nil {
@@ -381,18 +571,10 @@ func ReadPacket(r io.Reader, typ *uint8, data ...*string) (err error) {
}
return
}
-func BuildPacket(typ uint8, data ...string) []byte {
- pkg := new(bytes.Buffer)
- binary.Write(pkg, binary.LittleEndian, typ)
- for _, d := range data {
- bytes := []byte(d)
- binary.Write(pkg, binary.LittleEndian, uint16(len(bytes)))
- binary.Write(pkg, binary.LittleEndian, bytes)
- }
- return pkg.Bytes()
-}
-func BuildPacketData(data ...string) []byte {
+
+func BuildPacket(packetType uint8, data ...string) []byte {
pkg := new(bytes.Buffer)
+ binary.Write(pkg, binary.LittleEndian, packetType)
for _, d := range data {
bytes := []byte(d)
binary.Write(pkg, binary.LittleEndian, uint16(len(bytes)))
@@ -400,6 +582,7 @@ func BuildPacketData(data ...string) []byte {
}
return pkg.Bytes()
}
+
func SubStr(str string, start, end int) string {
if len(str) == 0 {
return ""
@@ -419,12 +602,21 @@ func SubBytes(bytes []byte, start, end int) []byte {
return bytes[start:end]
}
func TlsBytes(cert, key string) (certBytes, keyBytes []byte, err error) {
- certBytes, err = ioutil.ReadFile(cert)
+ base64Prefix := "base64://"
+ if strings.HasPrefix(cert, base64Prefix) {
+ certBytes, err = base64.StdEncoding.DecodeString(cert[len(base64Prefix):])
+ } else {
+ certBytes, err = ioutil.ReadFile(cert)
+ }
if err != nil {
err = fmt.Errorf("err : %s", err)
return
}
- keyBytes, err = ioutil.ReadFile(key)
+ if strings.HasPrefix(key, base64Prefix) {
+ keyBytes, err = base64.StdEncoding.DecodeString(key[len(base64Prefix):])
+ } else {
+ keyBytes, err = ioutil.ReadFile(key)
+ }
if err != nil {
err = fmt.Errorf("err : %s", err)
return
@@ -495,7 +687,7 @@ func HttpGet(URL string, timeout int, host ...string) (body []byte, code int, er
body, err = ioutil.ReadAll(resp.Body)
return
}
-func IsIternalIP(domainOrIP string, always bool) bool {
+func IsInternalIP(domainOrIP string, always bool) bool {
var outIPs []net.IP
var err error
var isDomain bool
@@ -507,7 +699,7 @@ func IsIternalIP(domainOrIP string, always bool) bool {
}
if isDomain {
- outIPs, err = MyLookupIP(domainOrIP)
+ outIPs, err = LookupIP(domainOrIP)
} else {
outIPs = []net.IP{net.ParseIP(domainOrIP)}
}
@@ -515,6 +707,7 @@ func IsIternalIP(domainOrIP string, always bool) bool {
if err != nil {
return false
}
+
for _, ip := range outIPs {
if ip.IsLoopback() {
return true
@@ -522,7 +715,7 @@ func IsIternalIP(domainOrIP string, always bool) bool {
if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "10.0.0.0" {
return true
}
- if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "192.168.0.0" {
+ if ip.To4().Mask(net.IPv4Mask(255, 255, 0, 0)).String() == "192.168.0.0" {
return true
}
if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "172.0.0.0" {
@@ -585,6 +778,41 @@ func RemoveProxyHeaders(head []byte) []byte {
func InsertProxyHeaders(head []byte, headers string) []byte {
return bytes.Replace(head, []byte("\r\n"), []byte("\r\n"+headers), 1)
}
+func LBMethod(key string) int {
+ typs := map[string]int{"weight": lb.SELECT_WEITHT, "leasttime": lb.SELECT_LEASTTIME, "leastconn": lb.SELECT_LEASTCONN, "hash": lb.SELECT_HASH, "roundrobin": lb.SELECT_ROUNDROBIN}
+ return typs[key]
+}
+func UDPCopy(dst, src *net.UDPConn, dstAddr net.Addr, readTimeout time.Duration, beforeWriteFn func(data []byte) []byte, deferFn func(e interface{})) {
+ go func() {
+ defer func() {
+ deferFn(recover())
+ }()
+ buf := LeakyBuffer.Get()
+ defer LeakyBuffer.Put(buf)
+ for {
+ if readTimeout > 0 {
+ src.SetReadDeadline(time.Now().Add(readTimeout))
+ }
+ n, err := src.Read(buf)
+ if readTimeout > 0 {
+ src.SetReadDeadline(time.Time{})
+ }
+ if err != nil {
+ if IsNetClosedErr(err) || IsNetTimeoutErr(err) || IsNetRefusedErr(err) {
+ return
+ }
+ continue
+ }
+ _, err = dst.WriteTo(beforeWriteFn(buf[:n]), dstAddr)
+ if err != nil {
+ if IsNetClosedErr(err) {
+ return
+ }
+ continue
+ }
+ }
+ }()
+}
func IsNetClosedErr(err error) bool {
return err != nil && strings.Contains(err.Error(), "use of closed network connection")
}
@@ -595,16 +823,18 @@ func IsNetTimeoutErr(err error) bool {
e, ok := err.(net.Error)
return ok && e.Timeout()
}
-func IsNetDeadlineErr(err error) bool {
- return err != nil && strings.Contains(err.Error(), "i/o deadline reached")
-}
-
func IsNetRefusedErr(err error) bool {
return err != nil && strings.Contains(err.Error(), "connection refused")
}
+func IsNetDeadlineErr(err error) bool {
+ return err != nil && strings.Contains(err.Error(), "i/o deadline reached")
+}
func IsNetSocketNotConnectedErr(err error) bool {
return err != nil && strings.Contains(err.Error(), "socket is not connected")
}
+func NewDefaultLogger() *logger.Logger {
+ return logger.New(os.Stderr, "", logger.LstdFlags)
+}
// type sockaddr struct {
// family uint16
@@ -667,7 +897,8 @@ func IsNetSocketNotConnectedErr(err error) bool {
net.LookupIP may cause deadlock in windows
https://github.com/golang/go/issues/24178
*/
-func MyLookupIP(host string) ([]net.IP, error) {
+
+func LookupIP(host string) ([]net.IP, error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(3))
defer func() {
diff --git a/utils/io-limiter.go b/utils/iolimiter/iolimiter.go
similarity index 51%
rename from utils/io-limiter.go
rename to utils/iolimiter/iolimiter.go
index 5162d15..8bc478f 100644
--- a/utils/io-limiter.go
+++ b/utils/iolimiter/iolimiter.go
@@ -1,8 +1,9 @@
-package utils
+package iolimiter
import (
"context"
"io"
+ "net"
"time"
"golang.org/x/time/rate"
@@ -22,6 +23,86 @@ type Writer struct {
ctx context.Context
}
+type conn struct {
+ net.Conn
+ r io.Reader
+ w io.Writer
+ readLimiter *rate.Limiter
+ writeLimiter *rate.Limiter
+ ctx context.Context
+}
+
+//NewtRateLimitConn sets rate limit (bytes/sec) to the Conn read and write.
+func NewtConn(c net.Conn, bytesPerSec float64) net.Conn {
+ s := &conn{
+ Conn: c,
+ r: c,
+ w: c,
+ ctx: context.Background(),
+ }
+ s.readLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+ s.readLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+ s.writeLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+ s.writeLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+ return s
+}
+
+//NewtRateLimitReaderConn sets rate limit (bytes/sec) to the Conn read.
+func NewReaderConn(c net.Conn, bytesPerSec float64) net.Conn {
+ s := &conn{
+ Conn: c,
+ r: c,
+ w: c,
+ ctx: context.Background(),
+ }
+ s.readLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+ s.readLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+ return s
+}
+
+//NewtRateLimitWriterConn sets rate limit (bytes/sec) to the Conn write.
+func NewWriterConn(c net.Conn, bytesPerSec float64) net.Conn {
+ s := &conn{
+ Conn: c,
+ r: c,
+ w: c,
+ ctx: context.Background(),
+ }
+ s.writeLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+ s.writeLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+ return s
+}
+
+// Read reads bytes into p.
+func (s *conn) Read(p []byte) (int, error) {
+ if s.readLimiter == nil {
+ return s.r.Read(p)
+ }
+ n, err := s.r.Read(p)
+ if err != nil {
+ return n, err
+ }
+ if err := s.readLimiter.WaitN(s.ctx, n); err != nil {
+ return n, err
+ }
+ return n, nil
+}
+
+// Write writes bytes from p.
+func (s *conn) Write(p []byte) (int, error) {
+ if s.writeLimiter == nil {
+ return s.w.Write(p)
+ }
+ n, err := s.w.Write(p)
+ if err != nil {
+ return n, err
+ }
+ if err := s.writeLimiter.WaitN(s.ctx, n); err != nil {
+ return n, err
+ }
+ return n, err
+}
+
// NewReader returns a reader that implements io.Reader with rate limiting.
func NewReader(r io.Reader) *Reader {
return &Reader{
diff --git a/utils/lb/backend.go b/utils/lb/backend.go
new file mode 100644
index 0000000..90af686
--- /dev/null
+++ b/utils/lb/backend.go
@@ -0,0 +1,203 @@
+package lb
+
+import (
+ "errors"
+ "log"
+ "net"
+ "sync"
+ "time"
+
+ "bitbucket.org/snail/proxy/utils/dnsx"
+)
+
+// BackendConfig it's the configuration loaded
+type BackendConfig struct {
+ Address string
+
+ ActiveAfter int
+ InactiveAfter int
+ Weight int
+
+ Timeout time.Duration
+ RetryTime time.Duration
+
+ IsMuxCheck bool
+ ConnFactory func(address string, timeout time.Duration) (net.Conn, error)
+}
+type BackendsConfig []*BackendConfig
+
+// BackendControl keep the control data
+type BackendControl struct {
+ Failed bool // The last request failed
+ Active bool
+
+ InactiveTries int
+ ActiveTries int
+
+ Connections int
+
+ ConnectUsedMillisecond int
+
+ isStop bool
+}
+
+// Backend structure
+type Backend struct {
+ BackendConfig
+ BackendControl
+ sync.RWMutex
+ log *log.Logger
+ dr *dnsx.DomainResolver
+}
+
+type Backends []*Backend
+
+func NewBackend(backendConfig BackendConfig, dr *dnsx.DomainResolver, log *log.Logger) (*Backend, error) {
+
+ if backendConfig.Address == "" {
+ return nil, errors.New("Address rquired")
+ }
+ if backendConfig.ActiveAfter == 0 {
+ backendConfig.ActiveAfter = 2
+ }
+ if backendConfig.InactiveAfter == 0 {
+ backendConfig.InactiveAfter = 3
+ }
+ if backendConfig.Weight == 0 {
+ backendConfig.Weight = 1
+ }
+ if backendConfig.Timeout == 0 {
+ backendConfig.Timeout = time.Millisecond * 1500
+ }
+ if backendConfig.RetryTime == 0 {
+ backendConfig.RetryTime = time.Millisecond * 2000
+ }
+ return &Backend{
+ dr: dr,
+ log: log,
+ BackendConfig: backendConfig,
+ BackendControl: BackendControl{
+ Failed: true,
+ Active: false,
+ InactiveTries: 0,
+ ActiveTries: 0,
+ Connections: 0,
+ ConnectUsedMillisecond: 0,
+ isStop: false,
+ },
+ }, nil
+}
+func (b *Backend) StopHeartCheck() {
+ b.isStop = true
+}
+
+func (b *Backend) IncreasConns() {
+ b.RWMutex.Lock()
+ b.Connections++
+ b.RWMutex.Unlock()
+}
+
+func (b *Backend) DecreaseConns() {
+ b.RWMutex.Lock()
+ b.Connections--
+ b.RWMutex.Unlock()
+}
+
+func (b *Backend) StartHeartCheck() {
+ if b.IsMuxCheck {
+ b.startMuxHeartCheck()
+ } else {
+ b.startTCPHeartCheck()
+ }
+}
+func (b *Backend) startMuxHeartCheck() {
+ go func() {
+ for {
+ if b.isStop {
+ return
+ }
+ var c net.Conn
+ var err error
+ start := time.Now().UnixNano() / int64(time.Microsecond)
+ c, err = b.getConn()
+ b.ConnectUsedMillisecond = int(time.Now().UnixNano()/int64(time.Microsecond) - start)
+ if err != nil {
+ b.Active = false
+ time.Sleep(time.Second * 2)
+ continue
+ } else {
+ b.Active = true
+ }
+ for {
+ buf := make([]byte, 1)
+ c.Read(buf)
+ buf = nil
+ break
+ }
+ b.Active = false
+ }
+ }()
+}
+
+// Monitoring the backend
+func (b *Backend) startTCPHeartCheck() {
+ go func() {
+ for {
+ if b.isStop {
+ return
+ }
+ var c net.Conn
+ var err error
+ start := time.Now().UnixNano() / int64(time.Microsecond)
+ c, err = b.getConn()
+ b.ConnectUsedMillisecond = int(time.Now().UnixNano()/int64(time.Microsecond) - start)
+ if err == nil {
+ c.Close()
+ }
+ if err != nil {
+ b.RWMutex.Lock()
+ // Max tries before consider inactive
+ if b.InactiveTries >= b.InactiveAfter {
+ //b.log.Printf("Backend inactive [%s]", b.Address)
+ b.Active = false
+ b.ActiveTries = 0
+ } else {
+ // Ok that guy it's out of the game
+ b.Failed = true
+ b.InactiveTries++
+ //b.log.Printf("Error to check address [%s] tries [%d]", b.Address, b.InactiveTries)
+ }
+ b.RWMutex.Unlock()
+ } else {
+
+ // Ok, let's keep working boys
+ b.RWMutex.Lock()
+ if b.ActiveTries >= b.ActiveAfter {
+ if b.Failed {
+ //log.Printf("Backend active [%s]", b.Address)
+ }
+ b.Failed = false
+ b.Active = true
+ b.InactiveTries = 0
+ } else {
+ b.ActiveTries++
+ }
+ b.RWMutex.Unlock()
+ }
+ time.Sleep(b.RetryTime)
+ }
+ }()
+}
+func (b *Backend) getConn() (conn net.Conn, err error) {
+ address := b.Address
+ if b.dr != nil && b.dr.DnsAddress() != "" {
+ address, err = b.dr.Resolve(b.Address)
+ if err != nil {
+ b.log.Printf("dns error %s , ERR:%s", b.Address, err)
+ }
+ }
+ if b.ConnFactory != nil {
+ return b.ConnFactory(address, b.Timeout)
+ }
+ return net.DialTimeout("tcp", address, b.Timeout)
+}
diff --git a/utils/lb/lb.go b/utils/lb/lb.go
new file mode 100644
index 0000000..f1ae994
--- /dev/null
+++ b/utils/lb/lb.go
@@ -0,0 +1,687 @@
+package lb
+
+import (
+ "crypto/md5"
+ "log"
+ "net"
+ "sync"
+
+ "bitbucket.org/snail/proxy/utils/dnsx"
+)
+
+const (
+ SELECT_ROUNDROBIN = iota
+ SELECT_LEASTCONN
+ SELECT_HASH
+ SELECT_WEITHT
+ SELECT_LEASTTIME
+)
+
+type Selector interface {
+ Select(srcAddr string) (addr string)
+ SelectBackend(srcAddr string) (b *Backend)
+ IncreasConns(addr string)
+ DecreaseConns(addr string)
+ Stop()
+ Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger)
+ IsActive() bool
+ ActiveCount() (count int)
+ Backends() (bs []*Backend)
+}
+
+type Group struct {
+ selector *Selector
+ log *log.Logger
+ dr *dnsx.DomainResolver
+ lock *sync.Mutex
+ last *Backend
+ debug bool
+}
+
+func NewGroup(selectType int, configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger, debug bool) Group {
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ var s Selector
+ switch selectType {
+ case SELECT_ROUNDROBIN:
+ s = NewRoundRobin(bks, log, debug)
+ case SELECT_LEASTCONN:
+ s = NewLeastConn(bks, log, debug)
+ case SELECT_HASH:
+ s = NewHash(bks, log, debug)
+ case SELECT_WEITHT:
+ s = NewWeight(bks, log, debug)
+ case SELECT_LEASTTIME:
+ s = NewLeastTime(bks, log, debug)
+ }
+ return Group{
+ selector: &s,
+ log: log,
+ dr: dr,
+ lock: &sync.Mutex{},
+ debug: debug,
+ }
+}
+func (g *Group) Select(srcAddr string, onlyHa bool) (addr string) {
+ if onlyHa {
+ g.lock.Lock()
+ defer g.lock.Unlock()
+ if g.last != nil && (g.last.Active || g.last.ConnectUsedMillisecond == 0) {
+ if g.debug {
+ g.log.Printf("############ choosed %s from lastest ############", g.last.Address)
+ printDebug(true, g.log, nil, srcAddr, (*g.selector).Backends())
+ }
+ return g.last.Address
+ }
+ g.last = (*g.selector).SelectBackend(srcAddr)
+ if !g.last.Active && g.last.ConnectUsedMillisecond > 0 {
+ g.log.Printf("###warn### lb selected empty , return default , for : %s", srcAddr)
+ }
+ return g.last.Address
+ }
+ b := (*g.selector).SelectBackend(srcAddr)
+ return b.Address
+
+}
+func (g *Group) IncreasConns(addr string) {
+ (*g.selector).IncreasConns(addr)
+}
+func (g *Group) DecreaseConns(addr string) {
+ (*g.selector).DecreaseConns(addr)
+}
+func (g *Group) Stop() {
+ if g.selector != nil {
+ (*g.selector).Stop()
+ }
+}
+func (g *Group) IsActive() bool {
+ return (*g.selector).IsActive()
+}
+func (g *Group) ActiveCount() (count int) {
+ return (*g.selector).ActiveCount()
+}
+func (g *Group) Reset(addrs []string) {
+ bks := (*g.selector).Backends()
+ if len(bks) == 0 {
+ return
+ }
+ cfg := bks[0].BackendConfig
+ configs := BackendsConfig{}
+ for _, addr := range addrs {
+ c := cfg
+ c.Address = addr
+ configs = append(configs, &c)
+ }
+ (*g.selector).Reset(configs, g.dr, g.log)
+}
+func (g *Group) Backends() []*Backend {
+ return (*g.selector).Backends()
+}
+
+//########################RoundRobin##########################
+type RoundRobin struct {
+ sync.Mutex
+ backendIndex int
+ backends Backends
+ log *log.Logger
+ debug bool
+}
+
+func NewRoundRobin(backends Backends, log *log.Logger, debug bool) Selector {
+ return &RoundRobin{
+ backends: backends,
+ log: log,
+ debug: debug,
+ }
+
+}
+func (r *RoundRobin) Select(srcAddr string) (addr string) {
+ return r.SelectBackend(srcAddr).Address
+}
+func (r *RoundRobin) SelectBackend(srcAddr string) (b *Backend) {
+ r.Lock()
+ defer r.Unlock()
+ defer func() {
+ printDebug(r.debug, r.log, b, srcAddr, r.backends)
+ }()
+ if len(r.backends) == 0 {
+ return
+ }
+ if len(r.backends) == 1 {
+ return r.backends[0]
+ }
+RETRY:
+ found := false
+ for _, b := range r.backends {
+ if b.Active {
+ found = true
+ break
+ }
+ }
+ if !found {
+ return r.backends[0]
+ }
+ r.backendIndex++
+ if r.backendIndex > len(r.backends)-1 {
+ r.backendIndex = 0
+ }
+ if !r.backends[r.backendIndex].Active {
+ goto RETRY
+ }
+ return r.backends[r.backendIndex]
+}
+func (r *RoundRobin) IncreasConns(addr string) {
+
+}
+func (r *RoundRobin) DecreaseConns(addr string) {
+
+}
+func (r *RoundRobin) Stop() {
+ for _, b := range r.backends {
+ b.StopHeartCheck()
+ }
+}
+func (r *RoundRobin) Backends() []*Backend {
+ return r.backends
+}
+func (r *RoundRobin) IsActive() bool {
+ for _, b := range r.backends {
+ if b.Active {
+ return true
+ }
+ }
+ return false
+}
+func (r *RoundRobin) ActiveCount() (count int) {
+ for _, b := range r.backends {
+ if b.Active {
+ count++
+ }
+ }
+ return
+}
+func (r *RoundRobin) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+ r.Lock()
+ defer r.Unlock()
+ r.Stop()
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ r.backends = bks
+}
+
+//########################LeastConn##########################
+
+type LeastConn struct {
+ sync.Mutex
+ backends Backends
+ log *log.Logger
+ debug bool
+}
+
+func NewLeastConn(backends []*Backend, log *log.Logger, debug bool) Selector {
+ lc := LeastConn{
+ backends: backends,
+ log: log,
+ debug: debug,
+ }
+ return &lc
+}
+
+func (lc *LeastConn) Select(srcAddr string) (addr string) {
+ return lc.SelectBackend(srcAddr).Address
+}
+func (lc *LeastConn) SelectBackend(srcAddr string) (b *Backend) {
+ lc.Lock()
+ defer lc.Unlock()
+ defer func() {
+ printDebug(lc.debug, lc.log, b, srcAddr, lc.backends)
+ }()
+ if len(lc.backends) == 0 {
+ return
+ }
+ if len(lc.backends) == 1 {
+ return lc.backends[0]
+ }
+ found := false
+ for _, b := range lc.backends {
+ if b.Active {
+ found = true
+ break
+ }
+ }
+ if !found {
+ return lc.backends[0]
+ }
+ min := lc.backends[0].Connections
+ index := 0
+ for i, b := range lc.backends {
+ if b.Active {
+ min = b.Connections
+ index = i
+ break
+ }
+ }
+ for i, b := range lc.backends {
+ if b.Active && b.Connections <= min {
+ min = b.Connections
+ index = i
+ }
+ }
+ return lc.backends[index]
+}
+func (lc *LeastConn) IncreasConns(addr string) {
+ for _, a := range lc.backends {
+ if a.Address == addr {
+ a.IncreasConns()
+ return
+ }
+ }
+}
+func (lc *LeastConn) DecreaseConns(addr string) {
+ for _, a := range lc.backends {
+ if a.Address == addr {
+ a.DecreaseConns()
+ return
+ }
+ }
+}
+func (lc *LeastConn) Stop() {
+ for _, b := range lc.backends {
+ b.StopHeartCheck()
+ }
+}
+func (lc *LeastConn) IsActive() bool {
+ for _, b := range lc.backends {
+ if b.Active {
+ return true
+ }
+ }
+ return false
+}
+func (lc *LeastConn) ActiveCount() (count int) {
+ for _, b := range lc.backends {
+ if b.Active {
+ count++
+ }
+ }
+ return
+}
+func (lc *LeastConn) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+ lc.Lock()
+ defer lc.Unlock()
+ lc.Stop()
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ lc.backends = bks
+}
+func (lc *LeastConn) Backends() []*Backend {
+ return lc.backends
+}
+
+//########################Hash##########################
+type Hash struct {
+ sync.Mutex
+ backends Backends
+ log *log.Logger
+ debug bool
+}
+
+func NewHash(backends Backends, log *log.Logger, debug bool) Selector {
+ return &Hash{
+ backends: backends,
+ log: log,
+ debug: debug,
+ }
+}
+func (h *Hash) Select(srcAddr string) (addr string) {
+ return h.SelectBackend(srcAddr).Address
+}
+func (h *Hash) SelectBackend(srcAddr string) (b *Backend) {
+ h.Lock()
+ defer h.Unlock()
+ defer func() {
+ printDebug(h.debug, h.log, b, srcAddr, h.backends)
+ }()
+ if len(h.backends) == 0 {
+ return
+ }
+ if len(h.backends) == 1 {
+ return h.backends[0]
+ }
+ i := 0
+ host, _, err := net.SplitHostPort(srcAddr)
+ if err != nil {
+ return
+ }
+ //porti, _ := strconv.Atoi(port)
+ //i += porti
+ for _, b := range md5.Sum([]byte(host)) {
+ i += int(b)
+ }
+RETRY:
+ found := false
+ for _, b := range h.backends {
+ if b.Active {
+ found = true
+ break
+ }
+ }
+ if !found {
+ return h.backends[0]
+ }
+ k := i % len(h.backends)
+ if !h.backends[k].Active {
+ i++
+ goto RETRY
+ }
+ return h.backends[k]
+}
+func (h *Hash) IncreasConns(addr string) {
+
+}
+func (h *Hash) DecreaseConns(addr string) {
+
+}
+func (h *Hash) Stop() {
+ for _, b := range h.backends {
+ b.StopHeartCheck()
+ }
+}
+func (h *Hash) IsActive() bool {
+ for _, b := range h.backends {
+ if b.Active {
+ return true
+ }
+ }
+ return false
+}
+func (h *Hash) ActiveCount() (count int) {
+ for _, b := range h.backends {
+ if b.Active {
+ count++
+ }
+ }
+ return
+}
+func (h *Hash) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+ h.Lock()
+ defer h.Unlock()
+ h.Stop()
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ h.backends = bks
+}
+func (h *Hash) Backends() []*Backend {
+ return h.backends
+}
+
+//########################Weight##########################
+type Weight struct {
+ sync.Mutex
+ backends Backends
+ log *log.Logger
+ debug bool
+}
+
+func NewWeight(backends Backends, log *log.Logger, debug bool) Selector {
+ return &Weight{
+ backends: backends,
+ log: log,
+ debug: debug,
+ }
+}
+func (w *Weight) Select(srcAddr string) (addr string) {
+ return w.SelectBackend(srcAddr).Address
+}
+func (w *Weight) SelectBackend(srcAddr string) (b *Backend) {
+ w.Lock()
+ defer w.Unlock()
+ defer func() {
+ printDebug(w.debug, w.log, b, srcAddr, w.backends)
+ }()
+ if len(w.backends) == 0 {
+ return
+ }
+ if len(w.backends) == 1 {
+ return w.backends[0]
+ }
+
+ found := false
+ for _, b := range w.backends {
+ if b.Active {
+ found = true
+ break
+ }
+ }
+ if !found {
+ return w.backends[0]
+ }
+
+ min := w.backends[0].Connections / w.backends[0].Weight
+ index := 0
+ for i, b := range w.backends {
+ if b.Active {
+ min = b.Connections / b.Weight
+ index = i
+ break
+ }
+ }
+ for i, b := range w.backends {
+ if b.Active && b.Connections/b.Weight <= min {
+ min = b.Connections
+ index = i
+ }
+ }
+ return w.backends[index]
+}
+func (w *Weight) IncreasConns(addr string) {
+ w.Lock()
+ defer w.Unlock()
+ for _, a := range w.backends {
+ if a.Address == addr {
+ a.IncreasConns()
+ return
+ }
+ }
+}
+func (w *Weight) DecreaseConns(addr string) {
+ w.Lock()
+ defer w.Unlock()
+ for _, a := range w.backends {
+ if a.Address == addr {
+ a.DecreaseConns()
+ return
+ }
+ }
+}
+func (w *Weight) Stop() {
+ for _, b := range w.backends {
+ b.StopHeartCheck()
+ }
+}
+func (w *Weight) IsActive() bool {
+ for _, b := range w.backends {
+ if b.Active {
+ return true
+ }
+ }
+ return false
+}
+func (w *Weight) ActiveCount() (count int) {
+ for _, b := range w.backends {
+ if b.Active {
+ count++
+ }
+ }
+ return
+}
+func (w *Weight) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+ w.Lock()
+ defer w.Unlock()
+ w.Stop()
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ w.backends = bks
+}
+func (w *Weight) Backends() []*Backend {
+ return w.backends
+}
+
+//########################LeastTime##########################
+
+type LeastTime struct {
+ sync.Mutex
+ backends Backends
+ log *log.Logger
+ debug bool
+}
+
+func NewLeastTime(backends []*Backend, log *log.Logger, debug bool) Selector {
+ lt := LeastTime{
+ backends: backends,
+ log: log,
+ debug: debug,
+ }
+ return <
+}
+
+func (lt *LeastTime) Select(srcAddr string) (addr string) {
+ return lt.SelectBackend(srcAddr).Address
+}
+func (lt *LeastTime) SelectBackend(srcAddr string) (b *Backend) {
+ lt.Lock()
+ defer lt.Unlock()
+ defer func() {
+ printDebug(lt.debug, lt.log, b, srcAddr, lt.backends)
+ }()
+ if len(lt.backends) == 0 {
+ return
+ }
+ if len(lt.backends) == 1 {
+ return lt.backends[0]
+ }
+ found := false
+ for _, b := range lt.backends {
+ if b.Active {
+ found = true
+ break
+ }
+ }
+ if !found {
+ return lt.backends[0]
+ }
+ min := lt.backends[0].ConnectUsedMillisecond
+ index := 0
+ for i, b := range lt.backends {
+ if b.Active {
+ min = b.ConnectUsedMillisecond
+ index = i
+ break
+ }
+ }
+ for i, b := range lt.backends {
+ if b.Active && b.ConnectUsedMillisecond > 0 && b.ConnectUsedMillisecond <= min {
+ min = b.ConnectUsedMillisecond
+ index = i
+ }
+ }
+ return lt.backends[index]
+}
+func (lt *LeastTime) IncreasConns(addr string) {
+
+}
+func (lt *LeastTime) DecreaseConns(addr string) {
+
+}
+func (lt *LeastTime) Stop() {
+ for _, b := range lt.backends {
+ b.StopHeartCheck()
+ }
+}
+func (lt *LeastTime) IsActive() bool {
+ for _, b := range lt.backends {
+ if b.Active {
+ return true
+ }
+ }
+ return false
+}
+func (lt *LeastTime) ActiveCount() (count int) {
+ for _, b := range lt.backends {
+ if b.Active {
+ count++
+ }
+ }
+ return
+}
+func (lt *LeastTime) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+ lt.Lock()
+ defer lt.Unlock()
+ lt.Stop()
+ bks := []*Backend{}
+ for _, c := range configs {
+ b, _ := NewBackend(*c, dr, log)
+ bks = append(bks, b)
+ }
+ if len(bks) > 1 {
+ for _, b := range bks {
+ b.StartHeartCheck()
+ }
+ }
+ lt.backends = bks
+}
+func (lt *LeastTime) Backends() []*Backend {
+ return lt.backends
+}
+func printDebug(isDebug bool, log *log.Logger, selected *Backend, srcAddr string, backends []*Backend) {
+ if isDebug {
+ log.Printf("############ LB start ############\n")
+ if selected != nil {
+ log.Printf("choosed %s for %s\n", selected.Address, srcAddr)
+ }
+ for _, v := range backends {
+ log.Printf("addr:%s,conns:%d,time:%d,weight:%d,active:%v\n", v.Address, v.Connections, v.ConnectUsedMillisecond, v.Weight, v.Active)
+ }
+ log.Printf("############ LB end ############\n")
+ }
+}
diff --git a/utils/map.go b/utils/mapx/map.go
similarity index 99%
rename from utils/map.go
rename to utils/mapx/map.go
index 8ec82cf..3c10df9 100644
--- a/utils/map.go
+++ b/utils/mapx/map.go
@@ -1,4 +1,4 @@
-package utils
+package mapx
import (
"encoding/json"
diff --git a/utils/serve-channel.go b/utils/serve-channel.go
index 80d6fcc..61e3b7c 100644
--- a/utils/serve-channel.go
+++ b/utils/serve-channel.go
@@ -10,7 +10,7 @@ import (
"runtime/debug"
"strconv"
- "github.com/snail007/goproxy/services/kcpcfg"
+ "bitbucket.org/snail/proxy/services/kcpcfg"
kcp "github.com/xtaci/kcp-go"
)
@@ -139,7 +139,7 @@ func (sc *ServerChannel) ListenTCP(fn func(conn net.Conn)) (err error) {
}
return
}
-func (sc *ServerChannel) ListenUDP(fn func(packet []byte, localAddr, srcAddr *net.UDPAddr)) (err error) {
+func (sc *ServerChannel) ListenUDP(fn func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr)) (err error) {
addr := &net.UDPAddr{IP: net.ParseIP(sc.ip), Port: sc.port}
l, err := net.ListenUDP("udp", addr)
if err == nil {
@@ -161,7 +161,7 @@ func (sc *ServerChannel) ListenUDP(fn func(packet []byte, localAddr, srcAddr *ne
sc.log.Printf("udp data handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
}
}()
- fn(packet, addr, srcAddr)
+ fn(l, packet, addr, srcAddr)
}()
} else {
sc.errAcceptHandler(err)
@@ -172,6 +172,7 @@ func (sc *ServerChannel) ListenUDP(fn func(packet []byte, localAddr, srcAddr *ne
}
return
}
+
func (sc *ServerChannel) ListenKCP(config kcpcfg.KCPConfigArgs, fn func(conn net.Conn), log *logger.Logger) (err error) {
lis, err := kcp.ListenWithOptions(fmt.Sprintf("%s:%d", sc.ip, sc.port), config.Block, *config.DataShard, *config.ParityShard)
if err == nil {
diff --git a/utils/socks/client.go b/utils/socks/client.go
index 2460b3b..b173b3a 100644
--- a/utils/socks/client.go
+++ b/utils/socks/client.go
@@ -54,7 +54,7 @@ func NewClientConn(conn *net.Conn, network, target string, timeout time.Duration
s.header = header
}
if network == "udp" && target == "" {
- target = "0.0.0.0:1"
+ target = "0.0.0.0:0"
}
s.addr = target
return s
diff --git a/utils/socks/server.go b/utils/socks/server.go
index 8808562..2c124d2 100644
--- a/utils/socks/server.go
+++ b/utils/socks/server.go
@@ -6,7 +6,7 @@ import (
"strings"
"time"
- "github.com/snail007/goproxy/utils"
+ "bitbucket.org/snail/proxy/utils"
)
const (
@@ -98,6 +98,12 @@ func (s *ServerConn) Method() uint8 {
func (s *ServerConn) Target() string {
return s.target
}
+func (s *ServerConn) Host() string {
+ return s.dstHost
+}
+func (s *ServerConn) Port() string {
+ return s.dstPort
+}
func (s *ServerConn) Handshake() (err error) {
remoteAddr := (*s.conn).RemoteAddr()
//协商开始
diff --git a/utils/socks/structs.go b/utils/socks/structs.go
index a5ec922..1d90df8 100644
--- a/utils/socks/structs.go
+++ b/utils/socks/structs.go
@@ -281,6 +281,9 @@ func (p *PacketUDP) Build(destAddr string, data []byte) (err error) {
return
}
func (p *PacketUDP) Parse(b []byte) (err error) {
+ if len(b) < 9 {
+ return fmt.Errorf("too short packet")
+ }
p.frag = uint8(b[2])
if p.frag != 0 {
err = fmt.Errorf("FRAG only support for 0 , %v ,%v", p.frag, b[:4])
@@ -290,13 +293,22 @@ func (p *PacketUDP) Parse(b []byte) (err error) {
p.atype = b[3]
switch p.atype {
case ATYP_IPV4: //IP V4
+ if len(b) < 11 {
+ return fmt.Errorf("too short packet")
+ }
p.dstHost = net.IPv4(b[4], b[5], b[6], b[7]).String()
portIndex = 8
case ATYP_DOMAIN: //域名
domainLen := uint8(b[4])
+ if len(b) < int(domainLen)+7 {
+ return fmt.Errorf("too short packet")
+ }
p.dstHost = string(b[5 : 5+domainLen]) //b[4]表示域名的长度
portIndex = int(5 + domainLen)
case ATYP_IPV6: //IP V6
+ if len(b) < 22 {
+ return fmt.Errorf("too short packet")
+ }
p.dstHost = net.IP{b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19]}.String()
portIndex = 20
}
@@ -333,7 +345,9 @@ func (p *PacketUDP) Bytes() []byte {
func (p *PacketUDP) Host() string {
return p.dstHost
}
-
+func (p *PacketUDP) Addr() string {
+ return net.JoinHostPort(p.dstHost, p.dstPort)
+}
func (p *PacketUDP) Port() string {
return p.dstPort
}
diff --git a/utils/ss/conn.go b/utils/ss/conn.go
new file mode 100644
index 0000000..83f0681
--- /dev/null
+++ b/utils/ss/conn.go
@@ -0,0 +1,193 @@
+package ss
+
+import (
+ "encoding/binary"
+ "fmt"
+ "io"
+ "net"
+ "strconv"
+)
+
+const (
+ OneTimeAuthMask byte = 0x10
+ AddrMask byte = 0xf
+)
+
+type Conn struct {
+ net.Conn
+ *Cipher
+ readBuf []byte
+ writeBuf []byte
+ chunkId uint32
+}
+
+func NewConn(c net.Conn, cipher *Cipher) *Conn {
+ return &Conn{
+ Conn: c,
+ Cipher: cipher,
+ readBuf: leakyBuf.Get(),
+ writeBuf: leakyBuf.Get()}
+}
+
+func (c *Conn) Close() error {
+ leakyBuf.Put(c.readBuf)
+ leakyBuf.Put(c.writeBuf)
+ return c.Conn.Close()
+}
+
+func RawAddr(addr string) (buf []byte, err error) {
+ host, portStr, err := net.SplitHostPort(addr)
+ if err != nil {
+ return nil, fmt.Errorf("ss: address error %s %v", addr, err)
+ }
+ port, err := strconv.Atoi(portStr)
+ if err != nil {
+ return nil, fmt.Errorf("ss: invalid port %s", addr)
+ }
+
+ hostLen := len(host)
+ l := 1 + 1 + hostLen + 2 // addrType + lenByte + address + port
+ buf = make([]byte, l)
+ buf[0] = 3 // 3 means the address is domain name
+ buf[1] = byte(hostLen) // host address length followed by host address
+ copy(buf[2:], host)
+ binary.BigEndian.PutUint16(buf[2+hostLen:2+hostLen+2], uint16(port))
+ return
+}
+
+// This is intended for use by users implementing a local socks proxy.
+// rawaddr shoud contain part of the data in socks request, starting from the
+// ATYP field. (Refer to rfc1928 for more information.)
+func DialWithRawAddr(rawConn *net.Conn, rawaddr []byte, server string, cipher *Cipher) (c *Conn, err error) {
+ var conn net.Conn
+ if rawConn == nil {
+ conn, err = net.Dial("tcp", server)
+ }
+ if err != nil {
+ return
+ }
+ if rawConn != nil {
+ c = NewConn(*rawConn, cipher)
+ } else {
+ c = NewConn(conn, cipher)
+ }
+ if cipher.ota {
+ if c.enc == nil {
+ if _, err = c.initEncrypt(); err != nil {
+ return
+ }
+ }
+ // since we have initEncrypt, we must send iv manually
+ conn.Write(cipher.iv)
+ rawaddr[0] |= OneTimeAuthMask
+ rawaddr = otaConnectAuth(cipher.iv, cipher.key, rawaddr)
+ }
+ if _, err = c.write(rawaddr); err != nil {
+ c.Close()
+ return nil, err
+ }
+ return
+}
+
+// addr should be in the form of host:port
+func Dial(addr, server string, cipher *Cipher) (c *Conn, err error) {
+ ra, err := RawAddr(addr)
+ if err != nil {
+ return
+ }
+ return DialWithRawAddr(nil, ra, server, cipher)
+}
+
+func (c *Conn) GetIv() (iv []byte) {
+ iv = make([]byte, len(c.iv))
+ copy(iv, c.iv)
+ return
+}
+
+func (c *Conn) GetKey() (key []byte) {
+ key = make([]byte, len(c.key))
+ copy(key, c.key)
+ return
+}
+
+func (c *Conn) IsOta() bool {
+ return c.ota
+}
+
+func (c *Conn) GetAndIncrChunkId() (chunkId uint32) {
+ chunkId = c.chunkId
+ c.chunkId += 1
+ return
+}
+
+func (c *Conn) Read(b []byte) (n int, err error) {
+ if c.dec == nil {
+ iv := make([]byte, c.info.ivLen)
+ if _, err = io.ReadFull(c.Conn, iv); err != nil {
+ return
+ }
+ if err = c.initDecrypt(iv); err != nil {
+ return
+ }
+ if len(c.iv) == 0 {
+ c.iv = iv
+ }
+ }
+
+ cipherData := c.readBuf
+ if len(b) > len(cipherData) {
+ cipherData = make([]byte, len(b))
+ } else {
+ cipherData = cipherData[:len(b)]
+ }
+
+ n, err = c.Conn.Read(cipherData)
+ if n > 0 {
+ c.decrypt(b[0:n], cipherData[0:n])
+ }
+ return
+}
+
+func (c *Conn) Write(b []byte) (n int, err error) {
+ nn := len(b)
+ if c.ota {
+ chunkId := c.GetAndIncrChunkId()
+ b = otaReqChunkAuth(c.iv, chunkId, b)
+ }
+ headerLen := len(b) - nn
+
+ n, err = c.write(b)
+ // Make sure <= 0 <= len(b), where b is the slice passed in.
+ if n >= headerLen {
+ n -= headerLen
+ }
+ return
+}
+
+func (c *Conn) write(b []byte) (n int, err error) {
+ var iv []byte
+ if c.enc == nil {
+ iv, err = c.initEncrypt()
+ if err != nil {
+ return
+ }
+ }
+
+ cipherData := c.writeBuf
+ dataSize := len(b) + len(iv)
+ if dataSize > len(cipherData) {
+ cipherData = make([]byte, dataSize)
+ } else {
+ cipherData = cipherData[:dataSize]
+ }
+
+ if iv != nil {
+ // Put initialization vector in buffer, do a single write to send both
+ // iv and data.
+ copy(cipherData, iv)
+ }
+
+ c.encrypt(cipherData[len(iv):], b)
+ n, err = c.Conn.Write(cipherData)
+ return
+}
diff --git a/utils/ss/encrypt.go b/utils/ss/encrypt.go
new file mode 100644
index 0000000..3a40d64
--- /dev/null
+++ b/utils/ss/encrypt.go
@@ -0,0 +1,301 @@
+package ss
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/des"
+ "crypto/md5"
+ "crypto/rand"
+ "crypto/rc4"
+ "encoding/binary"
+ "errors"
+ "io"
+ "strings"
+
+ "github.com/Yawning/chacha20"
+ "golang.org/x/crypto/blowfish"
+ "golang.org/x/crypto/cast5"
+ "golang.org/x/crypto/salsa20/salsa"
+)
+
+var errEmptyPassword = errors.New("empty key")
+
+func md5sum(d []byte) []byte {
+ h := md5.New()
+ h.Write(d)
+ return h.Sum(nil)
+}
+
+func evpBytesToKey(password string, keyLen int) (key []byte) {
+ const md5Len = 16
+
+ cnt := (keyLen-1)/md5Len + 1
+ m := make([]byte, cnt*md5Len)
+ copy(m, md5sum([]byte(password)))
+
+ // Repeatedly call md5 until bytes generated is enough.
+ // Each call to md5 uses data: prev md5 sum + password.
+ d := make([]byte, md5Len+len(password))
+ start := 0
+ for i := 1; i < cnt; i++ {
+ start += md5Len
+ copy(d, m[start-md5Len:start])
+ copy(d[md5Len:], password)
+ copy(m[start:], md5sum(d))
+ }
+ return m[:keyLen]
+}
+
+type DecOrEnc int
+
+const (
+ Decrypt DecOrEnc = iota
+ Encrypt
+)
+
+func newStream(block cipher.Block, err error, key, iv []byte,
+ doe DecOrEnc) (cipher.Stream, error) {
+ if err != nil {
+ return nil, err
+ }
+ if doe == Encrypt {
+ return cipher.NewCFBEncrypter(block, iv), nil
+ } else {
+ return cipher.NewCFBDecrypter(block, iv), nil
+ }
+}
+
+func newAESCFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ return newStream(block, err, key, iv, doe)
+}
+
+func newAESCTRStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, err
+ }
+ return cipher.NewCTR(block, iv), nil
+}
+
+func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := des.NewCipher(key)
+ return newStream(block, err, key, iv, doe)
+}
+
+func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := blowfish.NewCipher(key)
+ return newStream(block, err, key, iv, doe)
+}
+
+func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+ block, err := cast5.NewCipher(key)
+ return newStream(block, err, key, iv, doe)
+}
+
+func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ h := md5.New()
+ h.Write(key)
+ h.Write(iv)
+ rc4key := h.Sum(nil)
+
+ return rc4.NewCipher(rc4key)
+}
+
+func newChaCha20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+func newChaCha20IETFStream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ return chacha20.NewCipher(key, iv)
+}
+
+type salsaStreamCipher struct {
+ nonce [8]byte
+ key [32]byte
+ counter int
+}
+
+func (c *salsaStreamCipher) XORKeyStream(dst, src []byte) {
+ var buf []byte
+ padLen := c.counter % 64
+ dataSize := len(src) + padLen
+ if cap(dst) >= dataSize {
+ buf = dst[:dataSize]
+ } else if leakyBufSize >= dataSize {
+ buf = leakyBuf.Get()
+ defer leakyBuf.Put(buf)
+ buf = buf[:dataSize]
+ } else {
+ buf = make([]byte, dataSize)
+ }
+
+ var subNonce [16]byte
+ copy(subNonce[:], c.nonce[:])
+ binary.LittleEndian.PutUint64(subNonce[len(c.nonce):], uint64(c.counter/64))
+
+ // It's difficult to avoid data copy here. src or dst maybe slice from
+ // Conn.Read/Write, which can't have padding.
+ copy(buf[padLen:], src[:])
+ salsa.XORKeyStream(buf, buf, &subNonce, &c.key)
+ copy(dst, buf[padLen:])
+
+ c.counter += len(src)
+}
+
+func newSalsa20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+ var c salsaStreamCipher
+ copy(c.nonce[:], iv[:8])
+ copy(c.key[:], key[:32])
+ return &c, nil
+}
+
+type cipherInfo struct {
+ keyLen int
+ ivLen int
+ newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
+}
+
+var cipherMethod = map[string]*cipherInfo{
+ "aes-128-cfb": {16, 16, newAESCFBStream},
+ "aes-192-cfb": {24, 16, newAESCFBStream},
+ "aes-256-cfb": {32, 16, newAESCFBStream},
+ "aes-128-ctr": {16, 16, newAESCTRStream},
+ "aes-192-ctr": {24, 16, newAESCTRStream},
+ "aes-256-ctr": {32, 16, newAESCTRStream},
+ "des-cfb": {8, 8, newDESStream},
+ "bf-cfb": {16, 8, newBlowFishStream},
+ "cast5-cfb": {16, 8, newCast5Stream},
+ "rc4-md5": {16, 16, newRC4MD5Stream},
+ "rc4-md5-6": {16, 6, newRC4MD5Stream},
+ "chacha20": {32, 8, newChaCha20Stream},
+ "chacha20-ietf": {32, 12, newChaCha20IETFStream},
+ "salsa20": {32, 8, newSalsa20Stream},
+}
+
+func CheckCipherMethod(method string) error {
+ if method == "" {
+ method = "aes-256-cfb"
+ }
+ _, ok := cipherMethod[method]
+ if !ok {
+ return errors.New("Unsupported encryption method: " + method)
+ }
+ return nil
+}
+
+type Cipher struct {
+ enc cipher.Stream
+ dec cipher.Stream
+ key []byte
+ info *cipherInfo
+ ota bool // one-time auth
+ iv []byte
+}
+
+// NewCipher creates a cipher that can be used in Dial() etc.
+// Use cipher.Copy() to create a new cipher with the same method and password
+// to avoid the cost of repeated cipher initialization.
+func NewCipher(method, password string) (c *Cipher, err error) {
+ if password == "" {
+ return nil, errEmptyPassword
+ }
+ var ota bool
+ if strings.HasSuffix(strings.ToLower(method), "-auth") {
+ method = method[:len(method)-5] // len("-auth") = 5
+ ota = true
+ } else {
+ ota = false
+ }
+ mi, ok := cipherMethod[method]
+ if !ok {
+ return nil, errors.New("Unsupported encryption method: " + method)
+ }
+
+ key := evpBytesToKey(password, mi.keyLen)
+
+ c = &Cipher{key: key, info: mi}
+
+ if err != nil {
+ return nil, err
+ }
+ c.ota = ota
+ return c, nil
+}
+
+// Initializes the block cipher with CFB mode, returns IV.
+func (c *Cipher) initEncrypt() (iv []byte, err error) {
+ if c.iv == nil {
+ iv = make([]byte, c.info.ivLen)
+ if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+ return nil, err
+ }
+ c.iv = iv
+ } else {
+ iv = c.iv
+ }
+ c.enc, err = c.info.newStream(c.key, iv, Encrypt)
+ return
+}
+
+func (c *Cipher) initDecrypt(iv []byte) (err error) {
+ c.dec, err = c.info.newStream(c.key, iv, Decrypt)
+ return
+}
+
+func (c *Cipher) encrypt(dst, src []byte) {
+ c.enc.XORKeyStream(dst, src)
+}
+
+func (c *Cipher) decrypt(dst, src []byte) {
+ c.dec.XORKeyStream(dst, src)
+}
+func (c *Cipher) Encrypt(src []byte) (cipherData []byte) {
+ cipher := c.Copy()
+ iv, err := cipher.initEncrypt()
+ if err != nil {
+ return
+ }
+ packetLen := len(src) + len(iv)
+ cipherData = make([]byte, packetLen)
+ copy(cipherData, iv)
+ cipher.encrypt(cipherData[len(iv):], src)
+ return
+}
+
+func (c *Cipher) Decrypt(src []byte) (data []byte) {
+ cipher := c.Copy()
+ if len(src) < c.info.ivLen {
+ return
+ }
+ iv := make([]byte, c.info.ivLen)
+ copy(iv, src[:c.info.ivLen])
+ if err := cipher.initDecrypt(iv); err != nil {
+ return
+ }
+ data = make([]byte, len(src)-len(iv))
+ cipher.decrypt(data[0:], src[c.info.ivLen:])
+ return
+}
+
+// Copy creates a new cipher at it's initial state.
+func (c *Cipher) Copy() *Cipher {
+ // This optimization maybe not necessary. But without this function, we
+ // need to maintain a table cache for newTableCipher and use lock to
+ // protect concurrent access to that cache.
+
+ // AES and DES ciphers does not return specific types, so it's difficult
+ // to create copy. But their initizliation time is less than 4000ns on my
+ // 2.26 GHz Intel Core 2 Duo processor. So no need to worry.
+
+ // Currently, blow-fish and cast5 initialization cost is an order of
+ // maganitude slower than other ciphers. (I'm not sure whether this is
+ // because the current implementation is not highly optimized, or this is
+ // the nature of the algorithm.)
+
+ nc := *c
+ nc.enc = nil
+ nc.dec = nil
+ nc.ota = c.ota
+ return &nc
+}
diff --git a/utils/ss/util.go b/utils/ss/util.go
new file mode 100644
index 0000000..d4ae108
--- /dev/null
+++ b/utils/ss/util.go
@@ -0,0 +1,131 @@
+package ss
+
+import (
+ "crypto/hmac"
+ "crypto/sha1"
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "io"
+ "net"
+ "os"
+ "strconv"
+
+ "bitbucket.org/snail/proxy/utils"
+)
+
+const leakyBufSize = 4108 // data.len(2) + hmacsha1(10) + data(4096)
+const maxNBuf = 2048
+
+var leakyBuf = utils.NewLeakyBuf(maxNBuf, leakyBufSize)
+
+func IsFileExists(path string) (bool, error) {
+ stat, err := os.Stat(path)
+ if err == nil {
+ if stat.Mode()&os.ModeType == 0 {
+ return true, nil
+ }
+ return false, errors.New(path + " exists but is not regular file")
+ }
+ if os.IsNotExist(err) {
+ return false, nil
+ }
+ return false, err
+}
+
+func HmacSha1(key []byte, data []byte) []byte {
+ hmacSha1 := hmac.New(sha1.New, key)
+ hmacSha1.Write(data)
+ return hmacSha1.Sum(nil)[:10]
+}
+
+func otaConnectAuth(iv, key, data []byte) []byte {
+ return append(data, HmacSha1(append(iv, key...), data)...)
+}
+
+func otaReqChunkAuth(iv []byte, chunkId uint32, data []byte) []byte {
+ nb := make([]byte, 2)
+ binary.BigEndian.PutUint16(nb, uint16(len(data)))
+ chunkIdBytes := make([]byte, 4)
+ binary.BigEndian.PutUint32(chunkIdBytes, chunkId)
+ header := append(nb, HmacSha1(append(iv, chunkIdBytes...), data)...)
+ return append(header, data...)
+}
+
+const (
+ idType = 0 // address type index
+ idIP0 = 1 // ip addres start index
+ idDmLen = 1 // domain address length index
+ idDm0 = 2 // domain address start index
+
+ typeIPv4 = 1 // type is ipv4 address
+ typeDm = 3 // type is domain address
+ typeIPv6 = 4 // type is ipv6 address
+
+ lenIPv4 = net.IPv4len + 2 // ipv4 + 2port
+ lenIPv6 = net.IPv6len + 2 // ipv6 + 2port
+ lenDmBase = 2 // 1addrLen + 2port, plus addrLen
+ lenHmacSha1 = 10
+)
+
+func GetRequest(conn *Conn) (host string, err error) {
+
+ // buf size should at least have the same size with the largest possible
+ // request size (when addrType is 3, domain name has at most 256 bytes)
+ // 1(addrType) + 1(lenByte) + 255(max length address) + 2(port) + 10(hmac-sha1)
+ buf := make([]byte, 269)
+ // read till we get possible domain length field
+ if _, err = io.ReadFull(conn, buf[:idType+1]); err != nil {
+ return
+ }
+
+ var reqStart, reqEnd int
+ addrType := buf[idType]
+ switch addrType & AddrMask {
+ case typeIPv4:
+ reqStart, reqEnd = idIP0, idIP0+lenIPv4
+ case typeIPv6:
+ reqStart, reqEnd = idIP0, idIP0+lenIPv6
+ case typeDm:
+ if _, err = io.ReadFull(conn, buf[idType+1:idDmLen+1]); err != nil {
+ return
+ }
+ reqStart, reqEnd = idDm0, idDm0+int(buf[idDmLen])+lenDmBase
+ default:
+ err = fmt.Errorf("addr type %d not supported", addrType&AddrMask)
+ return
+ }
+
+ if _, err = io.ReadFull(conn, buf[reqStart:reqEnd]); err != nil {
+ return
+ }
+
+ // Return string for typeIP is not most efficient, but browsers (Chrome,
+ // Safari, Firefox) all seems using typeDm exclusively. So this is not a
+ // big problem.
+ switch addrType & AddrMask {
+ case typeIPv4:
+ host = net.IP(buf[idIP0 : idIP0+net.IPv4len]).String()
+ case typeIPv6:
+ host = net.IP(buf[idIP0 : idIP0+net.IPv6len]).String()
+ case typeDm:
+ host = string(buf[idDm0 : idDm0+int(buf[idDmLen])])
+ }
+ // parse port
+ port := binary.BigEndian.Uint16(buf[reqEnd-2 : reqEnd])
+ host = net.JoinHostPort(host, strconv.Itoa(int(port)))
+
+ return
+}
+
+type ClosedFlag struct {
+ flag bool
+}
+
+func (flag *ClosedFlag) SetClosed() {
+ flag.flag = true
+}
+
+func (flag *ClosedFlag) IsClosed() bool {
+ return flag.flag
+}
diff --git a/utils/structs.go b/utils/structs.go
index 06a1ead..f38aac6 100644
--- a/utils/structs.go
+++ b/utils/structs.go
@@ -3,7 +3,6 @@ package utils
import (
"bufio"
"bytes"
- "crypto/tls"
"encoding/base64"
"errors"
"fmt"
@@ -16,17 +15,17 @@ import (
"sync"
"time"
- "github.com/snail007/goproxy/services/kcpcfg"
- "github.com/snail007/goproxy/utils/sni"
+ "bitbucket.org/snail/proxy/utils/dnsx"
+ "bitbucket.org/snail/proxy/utils/mapx"
+ "bitbucket.org/snail/proxy/utils/sni"
"github.com/golang/snappy"
- "github.com/miekg/dns"
)
type Checker struct {
- data ConcurrentMap
- blockedMap ConcurrentMap
- directMap ConcurrentMap
+ data mapx.ConcurrentMap
+ blockedMap mapx.ConcurrentMap
+ directMap mapx.ConcurrentMap
interval int64
timeout int
isStop bool
@@ -45,7 +44,7 @@ type CheckerItem struct {
//interval: recheck domain interval seconds
func NewChecker(timeout int, interval int64, blockedFile, directFile string, log *logger.Logger) Checker {
ch := Checker{
- data: NewConcurrentMap(),
+ data: mapx.NewConcurrentMap(),
interval: interval,
timeout: timeout,
isStop: false,
@@ -66,8 +65,8 @@ func NewChecker(timeout int, interval int64, blockedFile, directFile string, log
return ch
}
-func (c *Checker) loadMap(f string) (dataMap ConcurrentMap) {
- dataMap = NewConcurrentMap()
+func (c *Checker) loadMap(f string) (dataMap mapx.ConcurrentMap) {
+ dataMap = mapx.NewConcurrentMap()
if PathExists(f) {
_contents, err := ioutil.ReadFile(f)
if err != nil {
@@ -198,18 +197,18 @@ func (c *Checker) Add(domain, address string) {
}
type BasicAuth struct {
- data ConcurrentMap
+ data mapx.ConcurrentMap
authURL string
authOkCode int
authTimeout int
authRetry int
- dns *DomainResolver
+ dns *dnsx.DomainResolver
log *logger.Logger
}
-func NewBasicAuth(dns *DomainResolver, log *logger.Logger) BasicAuth {
+func NewBasicAuth(dns *dnsx.DomainResolver, log *logger.Logger) BasicAuth {
return BasicAuth{
- data: NewConcurrentMap(),
+ data: mapx.NewConcurrentMap(),
dns: dns,
log: log,
}
@@ -528,53 +527,15 @@ func (req *HTTPRequest) addPortIfNot() (newHost string) {
return
}
-type OutConn struct {
- dur int
- typ string
- certBytes []byte
- keyBytes []byte
- caCertBytes []byte
- kcp kcpcfg.KCPConfigArgs
- address string
- timeout int
-}
-
-func NewOutConn(dur int, typ string, kcp kcpcfg.KCPConfigArgs, certBytes, keyBytes, caCertBytes []byte, address string, timeout int) (op OutConn) {
- return OutConn{
- dur: dur,
- typ: typ,
- certBytes: certBytes,
- keyBytes: keyBytes,
- caCertBytes: caCertBytes,
- kcp: kcp,
- address: address,
- timeout: timeout,
- }
-}
-func (op *OutConn) Get() (conn net.Conn, err error) {
- if op.typ == "tls" {
- var _conn tls.Conn
- _conn, err = TlsConnectHost(op.address, op.timeout, op.certBytes, op.keyBytes, op.caCertBytes)
- if err == nil {
- conn = net.Conn(&_conn)
- }
- } else if op.typ == "kcp" {
- conn, err = ConnectKCPHost(op.address, op.kcp)
- } else {
- conn, err = ConnectHost(op.address, op.timeout)
- }
- return
-}
-
type ConnManager struct {
- pool ConcurrentMap
+ pool mapx.ConcurrentMap
l *sync.Mutex
log *logger.Logger
}
func NewConnManager(log *logger.Logger) ConnManager {
cm := ConnManager{
- pool: NewConcurrentMap(),
+ pool: mapx.NewConcurrentMap(),
l: &sync.Mutex{},
log: log,
}
@@ -582,11 +543,11 @@ func NewConnManager(log *logger.Logger) ConnManager {
}
func (cm *ConnManager) Add(key, ID string, conn *net.Conn) {
cm.pool.Upsert(key, nil, func(exist bool, valueInMap interface{}, newValue interface{}) interface{} {
- var conns ConcurrentMap
+ var conns mapx.ConcurrentMap
if !exist {
- conns = NewConcurrentMap()
+ conns = mapx.NewConcurrentMap()
} else {
- conns = valueInMap.(ConcurrentMap)
+ conns = valueInMap.(mapx.ConcurrentMap)
}
if conns.Has(ID) {
v, _ := conns.Get(ID)
@@ -598,9 +559,9 @@ func (cm *ConnManager) Add(key, ID string, conn *net.Conn) {
})
}
func (cm *ConnManager) Remove(key string) {
- var conns ConcurrentMap
+ var conns mapx.ConcurrentMap
if v, ok := cm.pool.Get(key); ok {
- conns = v.(ConcurrentMap)
+ conns = v.(mapx.ConcurrentMap)
conns.IterCb(func(key string, v interface{}) {
CloseConn(v.(*net.Conn))
})
@@ -611,9 +572,9 @@ func (cm *ConnManager) Remove(key string) {
func (cm *ConnManager) RemoveOne(key string, ID string) {
defer cm.l.Unlock()
cm.l.Lock()
- var conns ConcurrentMap
+ var conns mapx.ConcurrentMap
if v, ok := cm.pool.Get(key); ok {
- conns = v.(ConcurrentMap)
+ conns = v.(mapx.ConcurrentMap)
if conns.Has(ID) {
v, _ := conns.Get(ID)
(*v.(*net.Conn)).Close()
@@ -631,11 +592,11 @@ func (cm *ConnManager) RemoveAll() {
type ClientKeyRouter struct {
keyChan chan string
- ctrl *ConcurrentMap
+ ctrl *mapx.ConcurrentMap
lock *sync.Mutex
}
-func NewClientKeyRouter(ctrl *ConcurrentMap, size int) ClientKeyRouter {
+func NewClientKeyRouter(ctrl *mapx.ConcurrentMap, size int) ClientKeyRouter {
return ClientKeyRouter{
keyChan: make(chan string, size),
ctrl: ctrl,
@@ -671,103 +632,6 @@ func (c *ClientKeyRouter) GetKey() string {
}
-type DomainResolver struct {
- ttl int
- dnsAddrress string
- data ConcurrentMap
- log *logger.Logger
-}
-type DomainResolverItem struct {
- ip string
- domain string
- expiredAt int64
-}
-
-func NewDomainResolver(dnsAddrress string, ttl int, log *logger.Logger) DomainResolver {
- return DomainResolver{
- ttl: ttl,
- dnsAddrress: dnsAddrress,
- data: NewConcurrentMap(),
- log: log,
- }
-}
-func (a *DomainResolver) MustResolve(address string) (ip string) {
- ip, _ = a.Resolve(address)
- return
-}
-func (a *DomainResolver) Resolve(address string) (ip string, err error) {
- domain := address
- port := ""
- fromCache := "false"
- defer func() {
- if port != "" {
- ip = net.JoinHostPort(ip, port)
- }
- a.log.Printf("dns:%s->%s,cache:%s", address, ip, fromCache)
- //a.PrintData()
- }()
- if strings.Contains(domain, ":") {
- domain, port, err = net.SplitHostPort(domain)
- if err != nil {
- return
- }
- }
- if net.ParseIP(domain) != nil {
- ip = domain
- fromCache = "ip ignore"
- return
- }
- item, ok := a.data.Get(domain)
- if ok {
- //log.Println("find ", domain)
- if (*item.(*DomainResolverItem)).expiredAt > time.Now().Unix() {
- ip = (*item.(*DomainResolverItem)).ip
- fromCache = "true"
- //log.Println("from cache ", domain)
- return
- }
- } else {
- item = &DomainResolverItem{
- domain: domain,
- }
-
- }
- c := new(dns.Client)
- c.DialTimeout = time.Millisecond * 5000
- c.ReadTimeout = time.Millisecond * 5000
- c.WriteTimeout = time.Millisecond * 5000
- m := new(dns.Msg)
- m.SetQuestion(dns.Fqdn(domain), dns.TypeA)
- m.RecursionDesired = true
- r, _, err := c.Exchange(m, a.dnsAddrress)
- if r == nil {
- return
- }
- if r.Rcode != dns.RcodeSuccess {
- err = fmt.Errorf(" *** invalid answer name %s after A query for %s", domain, a.dnsAddrress)
- return
- }
- for _, answer := range r.Answer {
- if answer.Header().Rrtype == dns.TypeA {
- info := strings.Fields(answer.String())
- if len(info) >= 5 {
- ip = info[4]
- _item := item.(*DomainResolverItem)
- (*_item).expiredAt = time.Now().Unix() + int64(a.ttl)
- (*_item).ip = ip
- a.data.Set(domain, item)
- return
- }
- }
- }
- return
-}
-func (a *DomainResolver) PrintData() {
- for k, item := range a.data.Items() {
- d := item.(*DomainResolverItem)
- a.log.Printf("%s:ip[%s],domain[%s],expired at[%d]\n", k, (*d).ip, (*d).domain, (*d).expiredAt)
- }
-}
func NewCompStream(conn net.Conn) *CompStream {
c := new(CompStream)
c.conn = conn