fix docs

Dev

.gitignore

@@ -1,10 +1,10 @@
-proxy
-goproxy
+/proxy
+/goproxy
 *.exe
 *.exe~
 .*
 *.prof
 !.gitignore
 release-*
-proxy.crt
-proxy.key
+/proxy.crt
+/proxy.key

AUTHORIZATION.md

@@ -0,0 +1,13 @@
+# GoProxy special authorization
+
+1. gproxy uses GPLv3 source code open agreement, without permission, based on the project development software, derivative software, related software, must strictly abide by GPLv3, otherwise once found,
+Will be harshly punished.
+
+2. If the company or individual uses the project code to develop related software, derivative software, and does not want to comply with the GPLv3 agreement, need to obtain the author's "GoProxy special authorization" written authorization.
+
+3. If "GoPro special authorization"is not available on this page,the" GoPro special authorization"is invalid.
+
+4. A valid authorization number and expiration date are listed below.
+
+Authorization number | Authorization validity period
+:--- | :---

AUTHORIZATION_ZH.md

@@ -0,0 +1,13 @@
+# GoProxy特殊授权
+
+1.goproxy采用GPLv3源代码开放协议,未经许可,基于本项目开发的软件,衍生软件,相关软件,必须严格遵守GPLv3,否则一经发现,
+将严厉追责.
+
+2.如果公司或个人使用本项目代码开发相关软件,衍生软件,又不想遵守GPLv3协议,需要取得作者的"GoProxy特殊授权"书面授权.
+
+3.如果本页面查询不到"GoProxy特殊授权"书面授权信息,则"GoProxy特殊授权"书面授权无效.
+
+4.下面列出了有效的授权编号和有效期.
+
+授权编号 | 授权有效期
+:--- | :---

CHANGELOG

@@ -1,4 +1,120 @@
 proxy更新日志
+
+v6.9
+1.修复了sps的start潜在的crash问题.
+2.sps代理增加了--parent-tls-single参数用来支持单向tls上级。
+3.sps代理增加了对单个上级认证信息的支持,如果没有单独设置,就使用全局-A设置.
+  现在上级格式: -P YTpi#2.2.2.2:33080@1
+  说明:
+  YTpi 是经过base64编码的认证信息,比如是http(s)/socks原始认证信息a:b,用户是a密码是b,base64编码之后是:YTpi
+     如果是ss,那么a就是加密方法,b是密码,比如:aes-192-cfb:your_pass,base64编码之后是:YWVzLTE5Mi1jZmI6eW91cl9wYXNz
+  # 是间隔符号,如果有认证信息,必须有#,没有认证信息可以省略#.
+  2.2.2.2:33080 是上级地址
+  @1 是设置权重,可以参考手册权重部分.
+4.修复了socks5代理错误处理超时的问题.
+5.修复了http(s)代理错误处理-Z的问题.
+
+v6.8
+1.HTTP(S)\SOCKS5代理,API认证功能,发送给认证接口的参数增加了本地IP,local_ip字段,
+ 代表用户访问的是本地服务器的哪个IP.
+2.fix #194 , fix #134 , 代理更稳定.
+3.增加了一波英文文档.
+
+v6.6
+1.优化了limitconn的关闭逻辑,释放更多资源.
+2.http(s)\socks代理增加了--intelligent,智能模式设置,可以是intelligent|direct|parent三者之一,
+默认是:intelligent.每个值的含义如下.
+--intelligent=direct,不在blocked里面的目标都直连. 
+--intelligent=parent,不在direct里面的目标都走上级. 
+--intelligent=intelligent,blocked和direct里面都没有的目标,智能判断是否使用上级访问目标. 
+
+v6.5
+1.修复了合并企业版遗留的一些bug. 
+
+v6.4
+1.http(s)代理增加了--jumper参数,可以穿透外部代理连接上级.
+2.优化了socks5代理UDP功能可能存在的内存占用过多问题.
+3.优化了jumper,避免某些情况下不能正确返回错误的问题.
+4.sps代理增加了--jumper参数,可以穿透外部代理连接上级.
+5.修复了--debug不能正常工作的问题.
+
+v6.3
+1.fixed #156
+2.修复DNS代理,没有定时保存缓存结果到文件.重启会降低查询速度.
+
+
+v6.2
+1.修复encrypt.Conn释放内存,导致的潜在panic问题.
+2.修复了basic认证,处理认证文件没有正确处理注释的bug.
+3.修正了ssh中转手册参数-A调整为-D.
+
+v6.1
+1.黑白名单支持设置顶级域了,比如:com,匹配所有的.com域名
+2.优化TCPS内存释放.
+3.优化了域名检查.
+4.内网穿透增加了TCPS和TOU协议,
+  TCPS提供了多种自定义加密TCP方式传输.
+  TOU提供了TCP over UDP,多种自定义加密UDP方式传输TCP数据.
+5.优化了DST,防止意外crash.
+6.修复了mapx的Keys()方法的bug导致内网穿透bridge不稳定的问题.
+7.修复了部分服务不能绑定IPv6地址的bug.
+
+v6.0 企业版开源啦
+本次更新主要是把企业版开源,把企业版代码合并到现在的开源goproxy当中,继续遵循GPLv3,免费开源,
+之所以直接跳过5.x,用6.0版本号是为了与现有开源版本做一个明显的区分,下面功能主要来自企业版.
+企业版代码结构更合理,核心与开源版本有很大区别,与此同时企业版有一个core开发库,基于此库可以
+几行代码实现自己高度定制化的各种网络安全传输服务器和客户端和代理服务器与客户端.与此同时企
+业版独创了TCPS协议,处于应用层和TCP层之间,可以为应用提供透明化的安全传输功能,另外还对dst协
+议进行了一些改造,集成到goproxy中,实现了tcp over udp功能,那么除了kcp之外现在还可以选择dst
+作为底层的tcp over udp的传输.下一步加入插件机制,定制功能可以使用插件方式开发了，热插拔，
+不需要修改goproxy二进制，可以插件so或者dylib注入.
+
+1.预编译的二进制增加了armv8支持.
+2.预编译的mipsle和mips二进制增加了softfloat支持.
+3.优化连接HTTP(s)上级代理的CONNECT指令,附带更多的信息.
+4.重构了内网穿透的UDP功能,性能大幅度提升,可以愉快的与异地基友玩依赖UDP的局域网游戏了.
+5.重构了UDP端口映射,性能大幅度提升.
+6.HTTP(S)\SOCKS5\SPS代理支持上级负载均衡,可以同时指定多个上级.
+7.SPS支持HTTP(S)\SOCKS5\SS协议相互转换.
+8.HTTP(S)\SOCKS5\SPS代理支持限速.
+9.HTTP(S)\SOCKS5代理支持指定出口IP.
+10.SOCKS5代理支持级联认证.
+11.修复了tclient可能意外退出的bug.
+12.优化了错误捕获,防止意外crash.
+13.优化了停止服务,释放内存.
+
+v5.4
+1.优化了获取本地IP信息导致CPU过高的问题.
+2.所有服务都增加了--nolog参数,可以关闭日志输出,节省CPU.
+3.优化sdk,支持并发启动/关闭操作.
+4.修复了多连接版本的内网穿透,tserver连接不能正确释放的bug.
+5.内网穿透增加了client/tclient和server/tserver使用代理连接bridge/tbridge的功能,详细内容参考手册.
+6.TCP端口映射(TCP代理)增加了使用代理连接上级的功能,详细内容参考手册.
+
+v5.3
+1.优化了socks_client握手端口判断,避免了sstap测试UDP失败的问题.
+
+v5.2
+1.修复了HTTP(S)\SPS反向代理无法正常工作的问题.
+2.优化了智能判断,减少不必要的DNS解析.
+3.重构了SOCKS和SPS的UDP功能,基于UDP的游戏加速嗖嗖的.
+
+v5.1
+1.优化了kcp默认mtu配置,调整为450.
+2.优化了HTTP(S)\SOCKS5代理智能判断，更加精确。
+3.fix #97 , 修复了RemoveProxyHeaders方法忽略了第一行的bug。
+4.修复了-g参数长格式没有连接符号的bug.
+5.重构了证书生成功能,不再有任何外部依赖,任何平台都可以独立生成证书.
+
+v5.0
+1.修复了SPS多端口无效的bug.
+2.增加了DNS代理功能，提供安全无污染的DNS解析.
+
+v4.9
+1.修复了HTTP Basic代理返回不合适的头部,导致浏览器不会弹框,个别代理插件无法认证的问题.
+2.内网穿透切换smux到yamux.
+3.优化了HTTP(S)\SOCKS5代理--always的处理逻辑.
+
 v4.8
 1.优化了SPS连接HTTP上级的指令,避免了某些代理不响应的问题.
 2.SPS功能增加了参数:

Dockerfile

@@ -1,9 +0,0 @@
-FROM golang:1.8.5-alpine as builder
-ARG GOPROXY_VERSION=master
-RUN apk update && apk upgrade && \
-    apk add --no-cache git && cd /go/src/ && git clone https://github.com/snail007/goproxy && \
-	cd goproxy && git checkout ${GOPROXY_VERSION} && \
-    go get && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o proxy
-FROM alpine:3.7
-COPY --from=builder /go/src/goproxy/proxy /
-CMD /proxy ${OPTS}

Godeps/Godeps.json

@@ -1,146 +0,0 @@
-{
-	"ImportPath": "github.com/snail007/goproxy",
-	"GoVersion": "go1.8",
-	"GodepVersion": "v80",
-	"Packages": [
-		"./..."
-	],
-	"Deps": [
-		{
-			"ImportPath": "github.com/Yawning/chacha20",
-			"Rev": "e3b1f968fc6397b51d963fee8ec8711a47bc0ce8"
-		},
-		{
-			"ImportPath": "github.com/alecthomas/template",
-			"Rev": "a0175ee3bccc567396460bf5acd36800cb10c49c"
-		},
-		{
-			"ImportPath": "github.com/alecthomas/template/parse",
-			"Rev": "a0175ee3bccc567396460bf5acd36800cb10c49c"
-		},
-		{
-			"ImportPath": "github.com/alecthomas/units",
-			"Rev": "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a"
-		},
-		{
-			"ImportPath": "github.com/golang/snappy",
-			"Rev": "553a641470496b2327abcac10b36396bd98e45c9"
-		},
-		{
-			"ImportPath": "github.com/miekg/dns",
-			"Comment": "v1.0.4-1-g40b5202",
-			"Rev": "40b520211179dbf7eaafaa7fe1ffaa1b7d929ee0"
-		},
-		{
-			"ImportPath": "github.com/pkg/errors",
-			"Comment": "v0.8.0-6-g602255c",
-			"Rev": "602255cdb6deaf1523ea53ac30eae5554ba7bee9"
-		},
-		{
-			"ImportPath": "github.com/templexxx/cpufeat",
-			"Rev": "3794dfbfb04749f896b521032f69383f24c3687e"
-		},
-		{
-			"ImportPath": "github.com/templexxx/reedsolomon",
-			"Comment": "0.1.1-4-g7092926",
-			"Rev": "7092926d7d05c415fabb892b1464a03f8228ab80"
-		},
-		{
-			"ImportPath": "github.com/templexxx/xor",
-			"Comment": "0.1.2",
-			"Rev": "0af8e873c554da75f37f2049cdffda804533d44c"
-		},
-		{
-			"ImportPath": "github.com/tjfoc/gmsm/sm4",
-			"Comment": "v1.0.1-3-g9d99fac",
-			"Rev": "9d99face20b0dd300b7db50b3f69758de41c096a"
-		},
-		{
-			"ImportPath": "github.com/xtaci/kcp-go",
-			"Comment": "v3.19-6-g21da33a",
-			"Rev": "21da33a6696d67c1bffb3c954366499d613097a6"
-		},
-		{
-			"ImportPath": "github.com/xtaci/smux",
-			"Comment": "v1.0.6",
-			"Rev": "ebec7ef2574b42a7088cd7751176483e0a27d458"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/blowfish",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/cast5",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/curve25519",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/ed25519",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/ed25519/internal/edwards25519",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/pbkdf2",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/salsa20",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/salsa20/salsa",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/ssh",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/tea",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/twofish",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/crypto/xtea",
-			"Rev": "0fcca4842a8d74bfddc2c96a073bd2a4d2a7a2e8"
-		},
-		{
-			"ImportPath": "golang.org/x/net/bpf",
-			"Rev": "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
-		},
-		{
-			"ImportPath": "golang.org/x/net/internal/iana",
-			"Rev": "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
-		},
-		{
-			"ImportPath": "golang.org/x/net/internal/socket",
-			"Rev": "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
-		},
-		{
-			"ImportPath": "golang.org/x/net/ipv4",
-			"Rev": "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
-		},
-		{
-			"ImportPath": "golang.org/x/net/ipv6",
-			"Rev": "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
-		},
-		{
-			"ImportPath": "golang.org/x/time/rate",
-			"Rev": "6dc17368e09b0e8634d71cac8168d853e869a0c7"
-		},
-		{
-			"ImportPath": "gopkg.in/alecthomas/kingpin.v2",
-			"Comment": "v2.2.5",
-			"Rev": "1087e65c9441605df944fb12c33f0fe7072d18ca"
-		}
-	]
-}

Godeps/Readme

@@ -1,5 +0,0 @@
-This directory tree is generated automatically by godep.
-
-Please do not edit.
-
-See https://github.com/tools/godep for more information.

Gopkg.lock

@@ -0,0 +1,157 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Yawning/chacha20"
+  packages = ["."]
+  revision = "e3b1f968fc6397b51d963fee8ec8711a47bc0ce8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/alecthomas/template"
+  packages = [
+    ".",
+    "parse"
+  ]
+  revision = "a0175ee3bccc567396460bf5acd36800cb10c49c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/alecthomas/units"
+  packages = ["."]
+  revision = "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/golang/snappy"
+  packages = ["."]
+  revision = "2e65f85255dbc3072edf28d6b5b8efc472979f5a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/yamux"
+  packages = ["."]
+  revision = "3520598351bb3500a49ae9563f5539666ae0a27c"
+
+[[projects]]
+  name = "github.com/juju/ratelimit"
+  packages = ["."]
+  revision = "59fac5042749a5afb9af70e813da1dd5474f0167"
+  version = "1.0.1"
+
+[[projects]]
+  name = "github.com/klauspost/cpuid"
+  packages = ["."]
+  revision = "ae7887de9fa5d2db4eaa8174a7eff2c1ac00f2da"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/klauspost/reedsolomon"
+  packages = ["."]
+  revision = "6bb6130ff6a76a904c1841707d65603aec9cc288"
+  version = "v1.6"
+
+[[projects]]
+  name = "github.com/miekg/dns"
+  packages = ["."]
+  revision = "5a2b9fab83ff0f8bfc99684bd5f43a37abe560f1"
+  version = "v1.0.8"
+
+[[projects]]
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
+[[projects]]
+  name = "github.com/pmylund/go-cache"
+  packages = ["."]
+  revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0"
+  version = "v2.1.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/templexxx/cpufeat"
+  packages = ["."]
+  revision = "3794dfbfb04749f896b521032f69383f24c3687e"
+
+[[projects]]
+  name = "github.com/templexxx/xor"
+  packages = ["."]
+  revision = "0af8e873c554da75f37f2049cdffda804533d44c"
+  version = "0.1.2"
+
+[[projects]]
+  name = "github.com/tjfoc/gmsm"
+  packages = ["sm4"]
+  revision = "98aa888b79d8de04afe0fccf45ed10594efc858b"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/xtaci/kcp-go"
+  packages = ["."]
+  revision = "42bc1dfefff592fdb3affa793980c4f6ab4213e5"
+  version = "v3.25"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+  packages = [
+    "blowfish",
+    "cast5",
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "internal/chacha20",
+    "internal/subtle",
+    "pbkdf2",
+    "poly1305",
+    "salsa20",
+    "salsa20/salsa",
+    "ssh",
+    "tea",
+    "twofish",
+    "xtea"
+  ]
+  revision = "a8fb68e7206f8c78be19b432c58eb52a6aa34462"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/net"
+  packages = [
+    "bpf",
+    "context",
+    "internal/iana",
+    "internal/socket",
+    "internal/socks",
+    "ipv4",
+    "ipv6",
+    "proxy"
+  ]
+  revision = "db08ff08e8622530d9ed3a0e8ac279f6d4c02196"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/sys"
+  packages = ["unix"]
+  revision = "dad3d9fb7b6e83d0f9ac8f54670f6334c3a287b4"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/time"
+  packages = ["rate"]
+  revision = "fbb02b2291d28baffd63558aa44b4b56f178d650"
+
+[[projects]]
+  name = "gopkg.in/alecthomas/kingpin.v2"
+  packages = ["."]
+  revision = "947dcec5ba9c011838740e680966fd7087a71d0d"
+  version = "v2.2.6"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  inputs-digest = "15e4e23c0695db1458b3dc5514c8765be091a420c923b24bb9e186f43400995f"
+  solver-name = "gps-cdcl"
+  solver-version = 1

Gopkg.toml

@@ -0,0 +1,66 @@
+# Gopkg.toml example
+#
+# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#   name = "github.com/x/y"
+#   version = "2.4.0"
+#
+# [prune]
+#   non-go = false
+#   go-tests = true
+#   unused-packages = true
+
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/golang/snappy"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/hashicorp/yamux"
+
+[[constraint]]
+  name = "github.com/miekg/dns"
+  version = "1.0.8"
+
+[[constraint]]
+  name = "github.com/pmylund/go-cache"
+  version = "2.1.0"
+
+[[constraint]]
+  name = "github.com/xtaci/kcp-go"
+  version = "3.25.0"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/net"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/time"
+
+[[constraint]]
+  name = "gopkg.in/alecthomas/kingpin.v2"
+  version = "2.2.6"
+
+[prune]
+  go-tests = true
+  unused-packages = true

README.md

@@ -1,12 +1,26 @@
 <img src="https://github.com/snail007/goproxy/blob/master/docs/images/logo.jpg?raw=true" width="200"/>
-Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer, TLS encrypted transmission, protocol conversion. you can expose a local server behind a NAT or firewall to the internet.  
+Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5, ss proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer, TLS encrypted transmission, protocol conversion. you can expose a local server behind a NAT or firewall to the internet, secure DNS proxy.  
+
+[Download](https://github.com/snail007/goproxy/releases) 
 
-  
 ---  
   
 [![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy/) [![license](https://img.shields.io/github/license/snail007/goproxy.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy/total.svg?style=plastic)](https://github.com/snail007/goproxy/releases) [![download](https://img.shields.io/github/release/snail007/goproxy.svg?style=plastic)](https://github.com/snail007/goproxy/releases)  
   
-[中文手册](/README_ZH.md)  **[全平台GUI版本](/gui/README.md)**  **[全平台SDK](/sdk/README.md)**   
+**[中文手册](/README_ZH.md)**  
+
+**[Full-platform graphical interface version](/gui/README.md)**  
+
+**[Full platform SDK](https://github.com/snail007/goproxy-sdk/blob/master/README.md)**
+
+**[GoProxy special authorization](/AUTHORIZATION.md)**
+
+### How to contribute to the code (Pull Request)?  
+
+Pull Request is welcomed.   
+First, you need to clone the project to your account, and then modify the code on the dev branch.   
+Finally, Pull Request to dev branch of goproxy project, and contribute code for efficiency.   
+PR needs to explain what changes have been made and why you change them.  
 
 ### Features  
 - chain-style proxy: the program itself can be a primary proxy, and if a parent proxy is set, it can be used as a second level proxy or even a N level proxy.  
@@ -22,9 +36,15 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox
 - The integrated external API, HTTP (S): SOCKS5 proxy authentication can be integrated with the external HTTP API, which can easily control the user's access through the external system.  
 - Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access.
 - Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy.  
-- Protocol conversion: The existing HTTP (S) or SOCKS5 proxy can be converted to a proxy which support both HTTP (S) and SOCKS5 by one port, but the converted SOCKS5 proxy does not support the UDP function.Also support powerful cascading authentication.  
+- Protocol conversion: The existing HTTP (S) or SOCKS5 or ss proxy can be converted to a proxy which support HTTP (S), SOCKS5 and ss by one port, if the converted SOCKS5 and ss proxy's parent proxy is SOCKS5, which can support the UDP function.Also support powerful cascading authentication.  
 - Custom underlying encrypted transmission, HTTP(s)\sps\socks proxy can encrypt TCP data through TLS standard encryption and KCP protocol encryption. In addition, it also supports custom encryption after TLS and KCP. That is to say, custom encryption and tls|kcp can be used together. The internal uses AES256 encryption, and it only needs to define one password by yourself when is used.   
 - Low level compression and efficient transmission，The HTTP(s)\sps\socks proxy can encrypt TCP data through a custom encryption and TLS standard encryption and KCP protocol encryption, and can also compress the data after encryption. That is to say, the compression and custom encryption and tls|kcp can be used together.
+- The secure DNS proxy, Through the DNS proxy provided by the local proxy, you can encrypted communicate with the father proxy to realize the DNS query of security and pollution prevention.
+- Load balance,High availability,HTTP(S)\SOCKS5\SPS proxy support Superior load balance and high availability. Multiple superiors repeat -P parameters.
+- Designated exporting IP,HTTP(S)\SOCKS5\SPS proxy supports the client to connect with the entry IP,Using the entry IP as the  exporting IP to visit the target website。If the entry IP is the intranet IP，Exporting IP will not use entry IP
+- Support speed limit. HTTP (S) \SOCKS5\SPS proxy supports speed limit.
+- SOCKS5 proxy supports cascade authentication.
+- Certificate parameters use base64 data. By default, the - C, - K parameters are the path of the CRT certificate and key file. If “base64://” begins, the subsequent data is thought to be Base64 encoded which will be decoded and used.
   
 ### Why need these?  
 - Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.  
@@ -36,23 +56,8 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox
 - ...  
 
  
-This page is the v4.7 manual, and the other version of the manual can be checked by the following link.  
-- [v4.6 manual](https://github.com/snail007/goproxy/tree/v4.6)
-- [v4.5 manual](https://github.com/snail007/goproxy/tree/v4.5)
-- [v4.4 manual](https://github.com/snail007/goproxy/tree/v4.4)
-- [v4.3 manual](https://github.com/snail007/goproxy/tree/v4.3)
-- [v4.2 manual](https://github.com/snail007/goproxy/tree/v4.2)
-- [v4.0-4.1 manual](https://github.com/snail007/goproxy/tree/v4.1)
-- [v3.9 manual](https://github.com/snail007/goproxy/tree/v3.9)
-- [v3.8 manual](https://github.com/snail007/goproxy/tree/v3.8)
-- [v3.6-v3.7 manual](https://github.com/snail007/goproxy/tree/v3.6)
-- [v3.5 manual](https://github.com/snail007/goproxy/tree/v3.5)
-- [v3.4 manual](https://github.com/snail007/goproxy/tree/v3.4)
-- [v3.3 manual](https://github.com/snail007/goproxy/tree/v3.3)
-- [v3.2 manual](https://github.com/snail007/goproxy/tree/v3.2)
-- [v3.1 manual](https://github.com/snail007/goproxy/tree/v3.1)
-- [v3.0 manual](https://github.com/snail007/goproxy/tree/v3.0)
-- [v2.x manual](https://github.com/snail007/goproxy/tree/v2.2)  
+This page is the v6.0 manual, and the other version of the manual can be checked by the following [link](docs/old-release.md).  
+
 
 ### How to find the organization?  
 [Click to join the proxy group of gitter](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link)  
@@ -75,6 +80,7 @@ This page is the v4.7 manual, and the other version of the manual can be checked
 - [Safety advice](#safety-advice)
 
 ### Manual catalogues
+- [Load balance and high available](#load-balance-and-high-available)
 - [1.HTTP proxy](#1http-proxy)
     - [1.1 Common HTTP proxy](#11common-http-proxy)
     - [1.2 Common HTTP second level proxy](#12common-http-second-level-proxy)
@@ -91,14 +97,20 @@ This page is the v4.7 manual, and the other version of the manual can be checked
     - [1.11 Custom DNS](#111custom-dns)
     - [1.12 Custom encryption](#112-custom-encryption)
     - [1.13 Compressed transmission](#113-compressed-transmission)
-    - [1.14 View help](#114view-help)
+    - [1.14 load balance](#114-load-balance)
+    - [1.15 speed limit](#115-speed-limit)
+    - [1.16 Designated exporting IP](#116-designated-export-ip)
+    - [1.17 Certificate parameters using Base64 data](#117-certificate-parameters-using-Base64-data)
+    - [1.18 Intelligent mode](#118-intelligent-mode)
+    - [1.19 View help](#119view-help)
 - [2.TCP proxy](#2tcp-proxy)
     - [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy)
     - [2.2 Common TCP second level proxy](#22common-tcp-second-level-proxy)
     - [2.3 Common TCP third level proxy](#23common-tcp-third-level-proxy)
     - [2.4 TCP second level encrypted proxy](#24tcp-second-level-encrypted-proxy)
     - [2.5 TCP third level encrypted proxy](#25tcp-third-level-encrypted-proxy)
-    - [2.6 View help](#26view-help)
+    - [2.6 Connect parents proxy through other proxy](#26connect-parents-proxy-through-other-proxy)
+    - [2.7 View help](#27view-help)
 - [3.UDP proxy](#3udp-proxy)
     - [3.1 Common UDP first level proxy](#31common-udp-first-level-proxy)
     - [3.2 Common UDP second level proxy](#32common-udp-second-level-proxy)
@@ -114,7 +126,8 @@ This page is the v4.7 manual, and the other version of the manual can be checked
     - [4.5 Advanced usage 1](#45advanced-usage-1)
     - [4.6 Advanced usage 2](#46advanced-usage-2)
     - [4.7 -r parameters of server](#47-r-parameters-of-server)
-    - [4.8 View help](#48view-help)
+    - [4.8 Server and client connect bridge through proxy](#48server-and-client-connect-bridge-through-proxy)
+    - [4.9 View help](#49view-help)
 - [5.SOCKS5 proxy](#5socks5-proxy)
     - [5.1 Common SOCKS5 proxy](#51common-socks5-proxy)
     - [5.2 Common SOCKS5 second level proxy](#52common-socks5-second-level-proxy)
@@ -129,20 +142,35 @@ This page is the v4.7 manual, and the other version of the manual can be checked
     - [5.9 Custom DNS](#59custom-dns)
     - [5.10 Custom encryption](#510custom-encryption)
     - [5.11 Compressed transmission](#511compressed-transmission)
-    - [5.12 View help](#512view-help)
+    - [5.12 load balance](#512-load-balance)
+    - [5.13 speed limit](#513-speed-limit)
+    - [5.14 Designated exporting IP](#514-designated-exporting-ip)
+    - [5.15 Cascade authentication](#515-cascade-authentication)
+    - [5.16 Certificate parameters using Base64 data](#516-certificate-parameters-using-base64-data)
+    - [5.17 Intelligent mode](#517-intelligent-mode)
+    - [5.18 View help](#518view-help)
 - [6.Proxy protocol conversion](#6proxy-protocol-conversion)
     - [6.1 Functional introduction](#61functional-introduction)
     - [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5)
     - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5)
-    - [6.4 Chain style connection](#64chain-style-connection)
-    - [6.5 Listening on multiple ports](#65listening-on-multiple-ports)
-    - [6.6 Authentication](#66authentication)
-    - [6.7 Custom encryption](#67-custom-encryption)
-    - [6.8 Compressed transmission](#68-compressed-transmission)
-    - [6.9 View Help](#69view-help)
+    - [6.4 SS to HTTP(S)+SOCKS5+SS](#64-ss-to-httpssocks5ss)
+    - [6.5 Chain style connection](#65chain-style-connection)
+    - [6.6 Listening on multiple ports](#66listening-on-multiple-ports)
+    - [6.7 Authentication](#67authentication)
+    - [6.8 Custom encryption](#68-custom-encryption)
+    - [6.9 Compressed transmission](#69-compressed-transmission)
+    - [6.10 Disable-protocol](#610-disable-protocol)
+    - [6.11 speed limit](#611-speed-limit)
+    - [6.12 Designated exporting IP](#612-designated-exporting-ip)
+    - [6.13 Certificate parameters using Base64 data](#613-certificate-parameters-using-base64-data)
+    - [6.14 View Help](#614view-help)
 - [7.KCP Configuration](#7kcp-configuration)
     - [7.1 Configuration introduction](#71configuration-introduction)
     - [7.2 Configuration details](#72configuration-details)
+- [8.DNS anti pollution server](#8dns-anti-pollution-server)
+    - [8.1 Introduction](#81introduction)
+    - [8.2 Use examples](#82use-examples)
+
 
 
 ### Fast Start  
@@ -152,7 +180,7 @@ tips:all operations require root permissions.
 ```shell  
 curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.sh | bash  
 ```  
-The installation is completed, the configuration directory is /etc/proxy, more detailed use of the method referred to the following manual for further understanding.  
+The installation is completed, the configuration directory is /etc/proxy, For more detailed usage, please refer to the manual above to further understand the functions you want to use.  
 If the installation fails or your VPS is not a linux64 system, please follow the semi-automatic step below:  
   
 #### Manual installation 
@@ -161,7 +189,8 @@ If the installation fails or your VPS is not a linux64 system, please follow the
 Download address: https://github.com/snail007/goproxy/releases  
 ```shell  
 cd /root/proxy/  
-wget https://github.com/snail007/goproxy/releases/download/v4.8/proxy-linux-amd64.tar.gz  
+wget https://github.com/snail007/goproxy/releases/download/v6.0/proxy-linux-amd64.tar.gz  
+
 ```  
 #### **2.Download the automatic installation script**  
 ```shell  
@@ -173,12 +202,14 @@ chmod +x install.sh
 
 #### Docker installation 
 
-Dockerfile root of project uses multistage build and alpine project to comply with best practices. Uses golang 1.8.5 for building as noted in the project README.md and will be pretty small image. total extracted size will be 17.3MB for goproxy version 4.7.
+[docker](https://hub.docker.com/r/snail007/goproxy)  
 
-The default build process builds the master branch (latest commits/ cutting edge), and it can be configured to build specific version, just edit Dockerfile before build, following builds release version 4.7:
+Dockerfile root of project uses multistage build and alpine project to comply with best practices. Uses golang 1.10.3 for building as noted in the project README.md and will be pretty small image. total extracted size will be 17.3MB for goproxy latest version.
+
+The default build process builds the master branch (latest commits/ cutting edge), and it can be configured to build specific version, just edit Dockerfile before build, following builds release version 6.0:
 
 ```
-ARG GOPROXY_VERSION=v4.7
+ARG GOPROXY_VERSION=v6.0
 ```
 
 To Run:
@@ -188,12 +219,12 @@ sudo docker build .
 ```
 2. Tag the image:
 ```
-sudo docker tag <id from previous step>  goproxy/goproxy:latest
+sudo docker tag <id from previous step>  snail007/goproxy:latest
 ```
 3. Run! 
 Just put your arguments to proxy binary in the OPTS environmental variable (this is just a sample http proxy):
 ```
-sudo docker run -d --restart=always --name goproxy -e OPTS="http -p :33080" -p 33080:33080 goproxy/goproxy:latest
+sudo docker run -d --restart=always --name goproxy -e OPTS="http -p :33080" -p 33080:33080 snail007/goproxy:latest
 ```
 4. View logs:
 ```
@@ -227,9 +258,18 @@ for example, --log proxy.log, The log will be exported to proxy.log file which i
 
 ### **Generating a communication certificate file**  
 HTTP, TCP, UDP proxy process will communicate with parent proxy. In order to secure, we use encrypted communication. Of course, we can choose not to encrypted communication. All communication with parent proxy in this tutorial is encrypted, requiring certificate files.    
-The OpenSSL command is installed on the Linux and encrypted certificate can be generated directly through the following command.    
-`./proxy keygen`  
-By default, the certificate file proxy.crt and the key file proxy.key are generated under the current program directory.  
+
+1.Generate signed certificates and key files through the following commands.  
+`./proxy keygen -C proxy`  
+The certificate file proxy.crt and key file proxy.key will be generated under the current directory.   
+
+2.Through the following commands, use the signed certificate proxy.crt and key file proxy.key to issue new certificates: goproxy.crt and goproxy.key.   
+`./proxy keygen -s -C proxy -c goproxy`  
+The certificate file goproxy.crt and key file goproxy.key will be generated under the current program directory.   
+
+3.By default, the domain name in the certificate is a random domain and can be specified using the `-n test.com` parameter.  
+
+4.More usage:`proxy keygen --help`。 
   
 ### **Daemon mode**
 After the default execution of proxy, if you want to keep proxy running, you can't close the command line. 
@@ -248,6 +288,20 @@ When vps is behind the NAT, the network card IP on VPS is an internal network IP
 Assuming that your VPS outer external network IP is 23.23.23.23, the following command sets the 23.23.23.23 through the -g parameter.  
 `./proxy http -g "23.23.23.23"`  
 
+### **Load balance and high available**
+HTTP(S)\SOCKS5\SPS proxy support Superior load balance and high availability. Multiple superiors repeat -P parameters.    
+Load balancing have 5 kinds of policy, It can be specified by the `--lb-method` parameter.:
+roundrobin take turns
+leastconn  Using minimum connection number
+leasttime  Use minimum connection time
+hash     Use the client address to calculate a fixed superior
+weight    According to the weight and connection number of each superior, choose a superior
+Tips:
+The load balance check interval can be set by `--lb-retrytime`, unit milliseconds.
+Load balancing connection timeout can be set by `--lb-timeout`, unit milliseconds.
+If the load balance policy is weighted (weight), the -P format is: 2.2.2.2:3880@1,1 is the weight which is greater than 0.
+If the load balance strategy is hash, the default is to select the parent based on the client address, and the parent can be selected by switching `- lb-hashtarget', using the access destination address.
+
 ### **1.HTTP proxy**  
 #### **1.1.common HTTP proxy**  
 ![1.1](/docs/images/http-1.png)  
@@ -274,7 +328,7 @@ accessing the local 8080 port is accessing the proxy port 38080 above VPS.
   
 HTTP second level proxy(local windows)  
 `./proxy.exe http -t tcp -p ":8080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`  
-In your windos system, the mode of the program that needs to surf the Internet by proxy is setted up as HTTP mode, the address is 127.0.0.1, the port is: 8080, the program can go through the encrypted channel through VPS to surf on the internet.  
+In your windows system, the mode of the program that needs to surf the Internet by proxy is setted up as HTTP mode, the address is 127.0.0.1, the port is: 8080, the program can go through the encrypted channel through VPS to surf on the internet.  
   
 #### **1.4.HTTP third level encrypted proxy**  
 ![1.4](/docs/images/http-tls-3.png)  
@@ -444,9 +498,42 @@ Second level VPS (ip:3.3.3.3) execution:
 `proxy http -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888` 
 Local third level execution:  
 `proxy http -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
-through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.  
+through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy. 
 
-#### **1.14.view help**  
+### **1.14 Load balance**  
+HTTP (S) proxy supports superior load balance, and multiple -P parameters can be repeated by multiple superiors.   
+`proxy http --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080`   
+
+#### **1.14.1 Set retry interval and timeout time**  
+`proxy http --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`   
+
+#### **1.14.2 Set weight**  
+`proxy http --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -t tcp -p :33080`
+
+#### **1.14.3 Use target address to select superior**  
+`proxy http --lb-hashtarget --lb-method=leasttime -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`
+
+### **1.15 Speed limit**  
+The speed limit is 100K, which can be specified through the `-l` parameter, for example: 100K 2000K 1M . 0 means unlimited.   
+`proxy http -t tcp -p 2.2.2.2:33080 -l 100K`
+
+### **1.16 Designated exporting IP**  
+The `--bind-listen` parameter open the client's ability to access the target site with an entry IP connection, using the entry IP as the exporting IP. If the entry IP is the intranet IP, the exporting IP will not use the entry IP..    
+`proxy http -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+### **1.17 Certificate parameters using Base64 data**  
+By default, the -C and -K parameters are the paths of CRT certificates and key files,
+If it is the beginning of base64://, then it is considered that the data behind is Base64 encoded and will be used after decoding.
+
+#### **1.18 Intelligent mode**  
+Intelligent mode setting which can be one of intelligent|direct|parent.  
+default:intelligent.  
+The meaning of each value is as follows:  
+`--intelligent=direct`, Targets that are not in blocked directly connected.  
+`--intelligent=parent`, Targets that are not in direct connect to parent proxy.  
+`--intelligent=intelligent`, Targets that are not in direct and blocked Neither can intelligently judge on whether to connetc parent proxy.  
+
+#### **1.19.view help**  
 `./proxy help http`  
   
 ### **2.TCP proxy**  
@@ -493,7 +580,26 @@ TCP third level proxy (local)
 `./proxy tcp -p ":8080" -T tls -P "33.33.33.33:28080" -C proxy.crt -K proxy.key`  
 Then access to the local 8080 port is to access the 8080 port of the 66.66.66.66 by encrypting the TCP tunnel.  
   
-#### **2.6.view help**  
+#### **2.6.Connect parents proxy through other proxy**  
+Sometimes the proxy network can not directly access the external network,which need to use a HTTPS or Socks5 proxy to access the Internet. then The -J parameter can help you connect to the parent proxy through the HTTPS or Socks5 proxy when proxy's TCP port is mapped, which can map external port to local.    
+-J param format:  
+
+https proxy:  
+proxy need authentication,username: username password:password  
+https://username:password@host:port  
+proxy don't need authentication  
+https://host:port  
+
+socks5 proxy:
+proxy need authentication,username: username password:password  
+socks5://username:password@host:port
+proxy don't need authentication  
+socks5://host:port
+
+host:proxy's domain or ip
+port:proxy's port
+  
+#### **2.7.view help**  
 `./proxy help tcp`  
   
 ### **3.UDP proxy**  
@@ -675,9 +781,28 @@ Procedure:
   If the --k parameter is specified, such as --k test, then `-r ":8080@:80"` CLIENT_KEY is 'test'.  
   If the --k parameter is not specified,then `-r ":8080@:80"`CLIENT_KEY is 'default'.  
   
-  4.7.3.LOCAL_IP is empty which means LOCAL_IP is `0.0.0.0`, CLIENT_LOCAL_HOST is empty which means LOCAL_IP is `127.0.0.1`. 
+  4.7.3.LOCAL_IP is empty which means LOCAL_IP is `0.0.0.0`, CLIENT_LOCAL_HOST is empty which means LOCAL_IP is `127.0.0.1`.
+  
+#### **4.8.server and client connect bridge through proxy**   
+Sometimes the server or client can not directly access the external network,which need to use a HTTPS or Socks5 proxy to access the Internet. then The -J parameter can help server and client connect to the bridge through the HTTPS or Socks5 proxy.    
+-J param format:  
 
-#### **4.8.view help**  
+https proxy:  
+proxy need authentication,username: username password:password  
+https://username:password@host:port  
+proxy don't need authentication  
+https://host:port  
+
+socks5 proxy:
+proxy need authentication,username: username password:password  
+socks5://username:password@host:port
+proxy don't need authentication  
+socks5://host:port
+
+host:proxy's domain or ip
+port:proxy's port
+
+#### **4.9.view help**  
 `./proxy help bridge`  
 `./proxy help server`  
 `./proxy help client`  
@@ -815,43 +940,90 @@ Second level VPS (ip:3.3.3.3) execution:
 `proxy socks -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888` 
 Local third level execution:  
 `proxy socks -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
-through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.  
+through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.    
 
-#### **5.12.view help**  
+#### **5.12 Load balance**  
+SOCKS proxy supports the load balancing of superior authorities, and the -P parameters can be repeated by multiple superiors.   
+`proxy socks --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080  -p :33080 -t tcp`
+
+#### **5.12.1 Set retry interval and timeout time**  
+`proxy socks --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.12.2 Set weight**  
+`proxy socks --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -p :33080 -t tcp`
+
+#### **5.12.3 Use target address to select parent proxy**  
+`proxy socks --lb-hashtarget --lb-method=leasttime -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.13 Speed limit**  
+The speed limit is 100K, which can be specified through the -l parameter, for example: 100K  2000K 1M . 0 means unlimited.   
+`proxy socks -t tcp -p 2.2.2.2:33080 -l 100K`
+
+#### **5.14 Designated exporting IP**  
+The `- bind-listen` parameter opens the client's ability to access the target site with an entry IP connection, using the entry IP as the exporting IP. If the entry IP is the intranet IP, the exporting IP will not use the entry IP..    
+`proxy socks -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+#### **5.15 Cascade authentication**  
+SOCKS5 supports cascading authentication, and -A can set up parents proxy's authentication information..    
+parents proxy:
+`proxy socks -t tcp -p 2.2.2.2:33080 -a user:pass`
+localhost:
+`proxy socks -T tcp -P 2.2.2.2:33080 -A user:pass -t tcp -p :33080`
+
+#### **5.16 Certificate parameters using Base64 data**  
+By default, the -C and -K parameters are the paths of CRT certificates and key files,    
+If it is the beginning of base64://, then it is considered that the data behind is Base64 encoded and will be used after decoding.   
+
+#### **5.17 Intelligent mode**  
+Intelligent mode setting which can be one of intelligent|direct|parent.  
+default:intelligent.  
+The meaning of each value is as follows:  
+`--intelligent=direct`, Targets that are not in blocked directly connected.  
+`--intelligent=parent`, Targets that are not in direct connect to parent proxy.  
+`--intelligent=intelligent`, Targets that are not in direct and blocked Neither can intelligently judge on whether to connetc parent proxy. 
+
+#### **5.18.view help**  
 `./proxy help socks`  
 
 ### **6.Proxy protocol conversion** 
 
 #### **6.1.Functional introduction** 
-The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel.
+The proxy protocol conversion use the SPS subcommand, SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is also does support UDP when parent is Socks5. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel.
 
 #### **6.2.HTTP(S) to HTTP(S) + SOCKS5** 
-Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080.  
+Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time. The local port after transformation is 18080. ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
 
-Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file.  
+Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time. The local port after transformation is 18080, TLS needs certificate file，ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`   
+`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`   
 
-Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080.  
+Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time. The local port after transformation is 18080. ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  
+`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`  
 
 #### **6.3.SOCKS5 to HTTP(S) + SOCKS5** 
-Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080.  
+Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time, and the local port after transformation is 18080. ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
 
-Suppose there is a TLS Socks5 proxy: 127.0.0.1:8080. Now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file.  
+Suppose there is a TLS Socks5 proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time. The local port after transformation is 18080, TLS needs certificate file. ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`   
+`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`   
 
-Suppose there is a KCP Socks5 proxy (password: demo123): 127.0.0.1:8080, now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080.  
+Suppose there is a KCP Socks5 proxy (password: demo123): 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s), Socks5 and ss at the same time, and the local port after transformation is 18080. ss's Encryption method is aes-192-cfb and its password is pass.  
 command：  
-`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  
+`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`  
 
-#### **6.4.Chain style connection** 
+#### **6.4 SS to HTTP(S)+SOCKS5+SS** 
+SPS support the SS protocol with the local authorities. The parent proxy can be SPS or standard SS services.  
+By default, SPS provides three proxies, HTTP (S), SOCKS5 and SPS. the converted SOCKS5 and SS support UDP when the parent proxy is SOCKS5.  
+Suppose there is an ordinary SS or SPS proxy (open SS, encryption: aes-256-cfb, password: Demo)：127.0.0.1:8080,Now we turn it into a common proxy that supports both http (s) and Socks5 and ss. The converted local port is 18080, and the converted ss encryption mode is aes-192-cfb, ss password:pass.  
+command：  
+`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  	`./proxy sps -S ss -H aes-256-cfb -J pass -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`.  
+
+#### **6.5.Chain style connection** 
 ![6.4](/docs/images/sps-tls.png)  
 It is mentioned above that multiple SPS nodes can be connected to build encrypted channels, assuming you have the following VPS and a PC.  
 vps01：2.2.2.2  
@@ -871,11 +1043,11 @@ Then run a SPS node on the PC，excute：
 
 finish。  
 
-#### **6.5.Listening on multiple ports**   
+#### **6.6.Listening on multiple ports**   
 In general, listening one port is enough, but if you need to monitor 80 and 443 ports at the same time as a reverse proxy, the -p parameter can support it.  
 The format is：`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma.  
 
-#### **6.6.Authentication** 
+#### **6.7.Authentication** 
 SPS supports HTTP(s)\socks5 proxy authentication, which can concatenate authentication, there are four important information:  
 1:Users send authentication information`user-auth`。   
 2:Local authentication information set up`local-auth`。  
@@ -917,7 +1089,20 @@ target: if the client is the HTTP (s) proxy request, this represents the complet
 If there is no -a or -F or --auth-url parameters, local authentication is closed.  
 If there is no -A parameter, the connection to the father proxy does not use authentication.  
 
-#### **6.7 Custom encryption**  
+**Setting up separate authentication information**
+
+If there are many different parent proxys and their passwords are the same or different, then authentication information can be set for each parent proxy.  
+At the same time, a global authentication information can be set with the - A parameter. If a parent proxy does not set the authentication information separately, the global authentication information can be used.  
+Authentication information is written together with parent proxy.  
+format: YTpi#2.2.2.2:33080@1  
+Explain:  
+YTpi is the Authentication information encoded by Base64, For example, http (s)/socks original authentication information, a:b,the user is a and the password is b, which is YTpi after Base64 encoding.   
+if it is ss, A is the encryption method and B is the password, for example, aes-192-cfb:your_pass, which is YWVzLTE5Mi1jZmI6eW91cl9wYXNz after Base64 encoding.  
+\# is an interval symbol. If there is authentication information, there must be #. No authentication information can be omitted #  
+2.2.2.2:33080 is parent proxy's address  
+@1 is weights, Nothing can be omitted. Detailed instructions can be referred to in the manual.***weights***  
+
+#### **6.8 Custom encryption**  
 HTTP(s) proxy can encrypt TCP data by TLS standard encryption and KCP protocol encryption, in addition to supporting custom encryption after TLS and KCP, That is to say, custom encryption and tls|kcp can be combined to use. The internal AES256 encryption is used, and it only needs to define one password by yourself. Encryption is divided into two parts, the one is whether the local (-z) is encrypted and decrypted, the other is whether the parents (-Z) is encrypted and decrypted.
 Custom encryption requires both ends are proxy. Next, we use two level example and three level example as examples:  
 Suppose there is already a HTTP (s) proxy:`6.6.6.6:6666`  
@@ -938,9 +1123,9 @@ Local third level execution:
 `proxy sps -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`  
 through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.  
 
-#### **6.8 Compressed transmission**  
-HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.
-That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.
+#### **6.9 Compressed transmission**  
+HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.    
+That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.    
 The compression requires both ends are proxy. Compression also protects the (encryption) data in certain extent. we use two level example and three level example as examples:  
 
 **two level example**  
@@ -953,13 +1138,36 @@ through this way, When you visits the website by local proxy 8080, it visits the
 **three level example**  
 First level VPS (ip:2.2.2.2) execution:  
 `proxy sps -t tcp -m -p :7777`  
-Second level VPS (ip:3.3.3.3) execution::  
+Second level VPS (ip:3.3.3.3) execution:  
 `proxy sps -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888` 
 Local third level execution:  
 `proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
-through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
+through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.    
 
-#### **6.9.view help** 
+#### **6.10 Disable protocol**  	
+By default, SPS's port supports two proxy protocols, http (s) and socks5, and we can disable a protocol with parameters.  	 
+for example:  
+1.Disable the HTTP (S) proxy, retaining only the SOCKS5 proxy,parameter:`--disable-http`.       
+`proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080 --disable-http`    
+1.Disable the SOCKS5 proxy, retaining only the HTTP (S) proxy,parameter:`--disable-socks`.     
+`proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080 --disable-http`     
+
+#### **6.11 Speed limit**  
+Suppose there has a SOCKS5 parent proxy:    
+`proxy socks -p 2.2.2.2:33080 -z password -t tcp`   
+SPS lower speed limit 100K    
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp -p :33080`   
+It can be specified through the `-l` parameter, for example: 100K  2000K 1M . 0 means unlimited.    
+
+#### **6.12 Designated exporting IP**  
+The `- bind-listen` parameter opens the client's ability to access the target site with an entry IP connection, using the entry IP as the exporting IP. If the entry IP is the intranet IP, the exporting IP will not use the entry IP.   
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp --bind-listen -p :33080`
+
+#### **6.13 Certificate parameters using Base64 data**  
+By default, the -C and -K parameters are the paths of CRT certificates and key files,   
+If it is the beginning of base64://, then it is considered that the data behind is Base64 encoded and will be used after decoding.    
+
+#### **6.14.view help** 
 `./proxy help sps` 
 
 ### **7.KCP Configuration**   
@@ -993,37 +1201,99 @@ If you want to get a more detailed configuration and explanation of the KCP para
 --kcp-keepalive=10         be carefull!
 ```
 
-### TODO  
+### **8.DNS anti pollution server** 
+
+#### **8.1.Introduction** 
+It is well known that DNS is a service which use UDP protocol and 53 port，But with the development of network, some well-known DNS servers also support TCP protocol's DNS query，such as google's 8.8.8.8，Proxy's DNS anti pollution server theory is starting a local DNS proxy server，It uses TCP to conduct DNS queries through father proxy. If it encrypted communicate with father proxy，Then you can make a safe and pollution-free DNS analysis.    
+
+#### **8.2.Use examples** 
+
+***8.2.1 common HTTP(S) father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+local execution：  
+`proxy dns -S http -T tcp -P 2.2.2.2:33080 -p :53`  
+Then the local UDP port 53 provides the DNS analysis.  
+
+***8.2.2 common SOCKS5 father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+local execution：  
+`proxy dns -S socks -T tcp -P 2.2.2.2:33080 -p :53`  
+Then the local UDP port 53 provides the DNS analysis. 
+
+***8.2.3 TLS encrypted HTTP(S) father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+The orders executed by father proxy：    
+`proxy http -t tls -C proxy.crt -K proxy.key -p :33080`   
+local execution：  
+`proxy dns -S http -T tls -P 2.2.2.2:33080  -C proxy.crt -K proxy.key -p :53`  
+Then the local UDP port 53 provides a security and anti pollution DNS analysis.   
+
+***8.2.4 TLS encrypted SOCKS5 father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080   
+The orders executed by father proxy：    
+`proxy socks -t tls -C proxy.crt -K proxy.key -p :33080`    
+local execution：  
+`proxy dns -S socks -T tls -P 2.2.2.2:33080  -C proxy.crt -K proxy.key -p :53`     
+Then the local UDP port 53 provides a security and anti pollution DNS analysis.  
+
+***8.2.5 KCP encrypted HTTP(S) father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+The orders executed by father proxy：
+`proxy http -t kcp -p :33080`   
+local execution：  
+`proxy dns -S http -T kcp -P 2.2.2.2:33080 -p :53`  
+Then the local UDP port 53 provides a security and anti pollution DNS analysis. 
+
+***8.2.6 KCP encrypted SOCKS5 father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+The orders executed by father proxy：
+`proxy socks -t kcp -p :33080`    
+local execution：  
+`proxy dns -S socks -T kcp -P 2.2.2.2:33080 -p :53`     
+Then the local UDP port 53 provides a security and anti pollution DNS analysis. 
+
+***8.2.7 Custom encrypted HTTP(S) father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+The orders executed by father proxy：
+`proxy http -t tcp -p :33080 -z password`   
+local execution：  
+`proxy dns -S http -T tcp -Z password -P 2.2.2.2:33080 -p :53`      
+Then the local UDP port 53 provides a security and anti pollution DNS analysis. 
+
+***8.2.8 Custom encrypted SOCKS5 father proxy***   
+Suppose there is a father proxy：2.2.2.2:33080  
+The orders executed by father proxy：
+`proxy socks -t kcp -p :33080 -z password`    
+local execution：  
+`proxy dns -S socks -T tcp -Z password -P 2.2.2.2:33080 -p :53`  
+Then the local UDP port 53 provides a security and anti pollution DNS analysis.
+
+### TODO
 - HTTP, socks proxy which has multi parents proxy load balancing?
 - HTTP (s) proxy support PAC?
-- Welcome joining group feedback...   
+- Welcome joining group feedback...
 
-### How to contribute to the code (Pull Request)?  
-First, you need to clone the project to your account, and then modify the code on the dev branch.   
-Finally, Pull Request to dev branch of goproxy project, and contribute code for efficiency.   
-PR needs to explain what changes have been made and why you change them.  
+### How to use the source code?
 
-### How to use the source code?    
-Recommend go1.8.5, which does not guarantee that version >=1.9 can be used.   
+Recommend go1.10.1.   
 `go get github.com/snail007/goproxy`   
 use command cd to enter your go SRC directory   
 then cd to enter `github.com/snail007/goproxy`.    
 Direct compilation:`go build -o proxy`        
 execution: `go run *.go`       
-`utils` is a toolkit, and `service` is a specific service class.  
+`utils` is a toolkit, and `service` is a specific service class.
 
 ### License  
-Proxy is licensed under GPLv3 license.  
+Proxy is licensed under GPLv3 license.
+
 ### Contact  
-proxy QQ group:189618940  
+proxy QQ group: 793015219 , 189618940 (full)
   
 ### Donation  
-if proxy help you a lot,you can support us by:  
-### AliPay   
-<img src="https://github.com/snail007/goproxy/blob/master/docs/images/alipay.jpg?raw=true" width="200"/>  
-  
-### Wechat Pay  
-<img src="https://github.com/snail007/goproxy/blob/master/docs/images/wxpay.jpg?raw=true" width="200"/>  
+if proxy help you a lot,you can support us by:
 
+### AliPay
+<img src="https://github.com/snail007/goproxy/blob/master/docs/images/alipay.jpg?raw=true" width="200"/>
   
-  
+### Wechat Pay
+<img src="https://github.com/snail007/goproxy/blob/master/docs/images/wxpay.jpg?raw=true" width="200"/>

README_ZH.md

@@ -1,13 +1,25 @@
 <img src="https://github.com/snail007/goproxy/blob/master/docs/images/logo.jpg?raw=true" width="200"/>  
-Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务器,支持正向代理、反向代理、透明代理、内网穿透、TCP/UDP端口映射、SSH中转，TLS加密传输，协议转换。
+Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5,ss代理服务器,支持正向代理、反向代理、透明代理、内网穿透、TCP/UDP端口映射、SSH中转、TLS加密传输、协议转换、防污染DNS代理。
 
-[点击下载](https://github.com/snail007/goproxy/releases) 官方QQ交流群:189618940  
+[点击下载](https://github.com/snail007/goproxy/releases) 官方QQ交流群: 793015219 (2群), 189618940 (1群满)  
 
 ---  
   
 [![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy/) [![license](https://img.shields.io/github/license/snail007/goproxy.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy/total.svg?style=plastic)](https://github.com/snail007/goproxy/releases) [![download](https://img.shields.io/github/release/snail007/goproxy.svg?style=plastic)](https://github.com/snail007/goproxy/releases)  
   
-**[English Manual](/README.md)** **[全平台GUI版本](/gui/README.md)**  **[全平台SDK](/sdk/README.md)**
+**[English Manual](/README.md)**  
+
+**[全平台图形界面版本](/gui/README_ZH.md)**  
+
+**[全平台SDK](https://github.com/snail007/goproxy-sdk/blob/master/README_ZH.md)**
+
+**[GoProxy特殊授权](/AUTHORIZATION_ZH.md)**
+
+### 如何贡献代码(Pull Request)?  
+
+欢迎加入一起发展壮大proxy.首先需要clone本项目到自己的帐号下面,   
+然后在dev分支上面修改代码,最后发Pull Request到goproxy项目的dev分支即可,  
+为了高效贡献代码,pr的时候需要说明做了什么变更,原因是什么.  
 
 ### Features  
 - 链式代理,程序本身可以作为一级代理,如果设置了上级代理那么可以作为二级代理,乃至N级代理.  
@@ -23,9 +35,16 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
 - 集成外部API，HTTP(S),SOCKS5代理认证功能可以与外部HTTP API集成，可以方便的通过外部系统控制代理用户．  
 - 反向代理,支持直接把域名解析到proxy监听的ip,然后proxy就会帮你代理访问需要访问的HTTP(S)网站.
 - 透明HTTP(S)代理,配合iptables,在网关直接把出去的80,443方向的流量转发到proxy,就能实现无感知的智能路由器代理.  
-- 协议转换，可以把已经存在的HTTP(S)或SOCKS5代理转换为一个端口同时支持HTTP(S)和SOCKS5代理，转换后的SOCKS5代理不支持UDP功能,同时支持强大的级联认证功能。
+- 协议转换，可以把已经存在的HTTP(S)或SOCKS5或SS代理转换为一个端口同时支持HTTP(S)和SOCKS5和SS代理，转换后的SOCKS5和SS代理如果上级是SOCKS5代理,那么支持UDP功能,同时支持强大的级联认证功能。
 - 自定义底层加密传输，http(s)\sps\socks代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据,除此之外还支持在tls和kcp之后进行自定义加密,也就是说自定义加密和tls|kcp是可以联合使用的,内部采用AES256加密,使用的时候只需要自己定义一个密码即可。
 - 底层压缩高效传输，http(s)\sps\socks代理在tcp之上可以通过自定义加密和tls标准加密以及kcp协议加密tcp数据,在加密之后还可以对数据进行压缩,也就是说压缩功能和自定义加密和tls|kcp是可以联合使用的。
+- 安全的DNS代理，可以通过本地的proxy提供的DNS代理服务器与上级代理加密通讯实现安全防污染的DNS查询。
+- 负载均衡,高可用,HTTP(S)\SOCKS5\SPS代理支持上级负载均衡和高可用,多个上级重复-P参数即可.
+- 指定出口IP,HTTP(S)\SOCKS5\SPS代理支持客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP，出口IP不会使用入口IP
+- 支持限速,HTTP(S)\SOCKS5\SPS代理支持限速.
+- SOCKS5代理支持级联认证.
+- 证书参数使用base64数据,默认情况下-C,-K参数是crt证书和key文件的路径,如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
 
 ### Why need these?  
 - 当由于某某原因,我们不能访问我们在其它地方的服务,我们可以通过多个相连的proxy节点建立起一个安全的隧道访问我们的服务.  
@@ -37,23 +56,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
 - ...  
 
  
-本页是v4.7手册,其他版本手册请点击下面链接查看. 
-- [v4.6手册](https://github.com/snail007/goproxy/tree/v4.6) 
-- [v4.5手册](https://github.com/snail007/goproxy/tree/v4.5) 
-- [v4.4手册](https://github.com/snail007/goproxy/tree/v4.4) 
-- [v4.3手册](https://github.com/snail007/goproxy/tree/v4.3) 
-- [v4.2手册](https://github.com/snail007/goproxy/tree/v4.2) 
-- [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1)
-- [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9)
-- [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8)
-- [v3.6-v3.7手册](https://github.com/snail007/goproxy/tree/v3.6)
-- [v3.5手册](https://github.com/snail007/goproxy/tree/v3.5)
-- [v3.4手册](https://github.com/snail007/goproxy/tree/v3.4)
-- [v3.3手册](https://github.com/snail007/goproxy/tree/v3.3)
-- [v3.2手册](https://github.com/snail007/goproxy/tree/v3.2)
-- [v3.1手册](https://github.com/snail007/goproxy/tree/v3.1)
-- [v3.0手册](https://github.com/snail007/goproxy/tree/v3.0)
-- [v2.x手册](https://github.com/snail007/goproxy/tree/v2.2)  
+本页是v5.4手册,其他版本手册请点击[这里](docs/old-release-zh.md)查看. 
+ 
 
 ### 怎么找到组织?  
 [点击加入交流组织gitter](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link)  
@@ -74,8 +78,9 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
 - [安全建议](#安全建议)
 
 ### 手册目录
+- [负载均衡和高可用](#负载均衡和高可用)
 - [1. HTTP代理](#1http代理)
-    - [1.1 普通HTTP代理](#11普通http代理)
+    - [1.1 普通HTTP代理](#11普通一级http代理)
     - [1.2 普通二级HTTP代理](#12普通二级http代理)
     - [1.3 HTTP二级代理(加密)](#13http二级代理加密)
     - [1.4 HTTP三级代理(加密)](#14http三级代理加密)
@@ -90,15 +95,21 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
     - [1.11 自定义DNS](#111-自定义dns)
     - [1.12 自定义加密](#112-自定义加密)
     - [1.13 压缩传输](#113-压缩传输)
-    - [1.14 查看帮助](#114-查看帮助)
-- [2. TCP代理](#2tcp代理)
+    - [1.14 负载均衡](#114-负载均衡)
+    - [1.15 限速](#115-限速)
+    - [1.16 指定出口IP](#116-指定出口ip)
+    - [1.17 证书参数使用base64数据](#117-证书参数使用base64数据)
+    - [1.18 智能模式](#118-智能模式)
+    - [1.19 查看帮助](#119-查看帮助)
+- [2. TCP代理(端口映射)](#2tcp代理)
     - [2.1 普通一级TCP代理](#21普通一级tcp代理)
     - [2.2 普通二级TCP代理](#22普通二级tcp代理)
     - [2.3 普通三级TCP代理](#23普通三级tcp代理)
     - [2.4 加密二级TCP代理](#24加密二级tcp代理)
     - [2.5 加密三级TCP代理](#25加密三级tcp代理)
-    - [2.6 查看帮助](#26查看帮助)
-- [3. UDP代理](#3udp代理)
+    - [2.6 通过代理连接上级](#26通过代理连接上级)
+    - [2.7 查看帮助](#27查看帮助)
+- [3. UDP代理(端口映射)](#3udp代理)
     - [3.1 普通一级UDP代理](#31普通一级udp代理)
     - [3.2 普通二级UDP代理](#32普通二级udp代理)
     - [3.3 普通三级UDP代理](#33普通三级udp代理)
@@ -113,7 +124,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
     - [4.5 高级用法一](#45高级用法一)
     - [4.6 高级用法一](#46高级用法二)
     - [4.7 server的-r参数](#47server的-r参数)
-    - [4.8 查看帮助](#48查看帮助)
+    - [4.8 server和client通过代理连接bridge](#48server和client通过代理连接bridge)
+    - [4.9 查看帮助](#49查看帮助)
 - [5. SOCKS5代理](#5socks5代理)
     - [5.1 普通SOCKS5代理](#51普通socks5代理)
     - [5.2 普通二级SOCKS5代理](#52普通二级socks5代理)
@@ -128,41 +140,60 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务
     - [5.9 自定义DNS](#59自定义dns)
     - [5.10 自定义加密](#510-自定义加密)
     - [5.11 压缩传输](#511-压缩传输)
-    - [5.12 查看帮助](#512查看帮助)
+    - [5.12 负载均衡](#512-负载均衡)
+    - [5.13 限速](#513-限速)
+    - [5.14 指定出口IP](#514-指定出口ip)
+    - [5.15 级联认证](#515-级联认证)
+    - [5.16 证书参数使用base64数据](#516-证书参数使用base64数据)
+    - [5.17 智能模式](#517-智能模式)
+    - [5.18 查看帮助](#518-查看帮助)
 - [6. 代理协议转换](#6代理协议转换)
     - [6.1 功能介绍](#61-功能介绍)
-    - [6.2 HTTP(S)转HTTP(S)+SOCKS5](#62-https转httpssocks5)
-    - [6.3 SOCKS5转HTTP(S)+SOCKS5](#63-socks5转httpssocks5)
-    - [6.4 链式连接](#64-链式连接)
-    - [6.5 监听多个端口](#65-监听多个端口)
-    - [6.6 认证功能](#66-认证功能)
-    - [6.7 自定义加密](#67-自定义加密)
-    - [6.8 压缩传输](#68-压缩传输)
-    - [6.9 禁用协议](#69-禁用协议)
-    - [6.10 查看帮助](#610-查看帮助)
+    - [6.2 HTTP(S)转HTTP(S)+SOCKS5+SS](#62-https转httpssocks5ss)
+    - [6.3 SOCKS5转HTTP(S)+SOCKS5+SS](#63-socks5转httpssocks5ss)
+    - [6.4 SS转HTTP(S)+SOCKS5+SS](#64-ss转httpssocks5ss)
+    - [6.5 链式连接](#65-链式连接)
+    - [6.6 监听多个端口](#66-监听多个端口)
+    - [6.7 认证功能](#67-认证功能)
+    - [6.8 自定义加密](#68-自定义加密)
+    - [6.9 压缩传输](#69-压缩传输)
+    - [6.10 禁用协议](#610-禁用协议)
+    - [6.11 限速](#611-限速)
+    - [6.12 指定出口IP](#612-指定出口ip)
+    - [6.13 证书参数使用base64数据](#613-证书参数使用base64数据)
+    - [6.14 查看帮助](#614-查看帮助)
 - [7. KCP配置](#7kcp配置)
     - [7.1 配置介绍](#71-配置介绍)
     - [7.2 详细配置](#72-详细配置)
+- [8. DNS防污染服务器](#8dns防污染服务器)
+    - [8.1 介绍](#81-介绍)
+    - [8.2 使用示例](#82-使用示例)
 
 ### Fast Start  
 提示:所有操作需要root权限.  
 #### 自动安装
 #### **0.如果你的VPS是linux64位的系统,那么只需要执行下面一句,就可以完成自动安装和配置.**  
+
 ```shell  
 curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.sh | bash  
 ```  
-安装完成,配置目录是/etc/proxy,更详细的使用方法参考下面的进一步了解.  
+
+安装完成,配置目录是/etc/proxy,更详细的使用方法请参考上面的手册目录,进一步了解你想要使用的功能.  
 如果安装失败或者你的vps不是linux64位系统,请按照下面的半自动步骤安装:  
   
 #### 手动安装  
 
 #### **1.下载proxy**  
-下载地址:https://github.com/snail007/goproxy/releases  
+下载地址:https://github.com/snail007/goproxy/releases/latest   
+下面以v6.2为例,如果有最新版,请使用最新版链接.   
+
 ```shell  
 cd /root/proxy/  
-wget https://github.com/snail007/goproxy/releases/download/v4.8/proxy-linux-amd64.tar.gz  
+wget https://github.com/snail007/goproxy/releases/download/v6.2/proxy-linux-amd64.tar.gz  
 ```  
+
 #### **2.下载自动安装脚本**  
+
 ```shell  
 cd /root/proxy/  
 wget https://raw.githubusercontent.com/snail007/goproxy/master/install.sh  
@@ -171,11 +202,15 @@ chmod +x install.sh
 ```  
 
 #### Docker安装 
-项目根目录的Dockerfile文件用来构建,使用golang 1.8.5,构建基于goproxy v4.7,
-全部大小17.3MB,默认情况下使用master分支,不过可以通过修改配置文件Dockerfile,指定构建的goproxy版本.
+
+[docker](https://hub.docker.com/r/snail007/goproxy)  
+
+项目根目录的Dockerfile文件用来构建,使用golang 1.10.3,构建基于goproxy的master分支最新版本,  
+全部大小17.3MB,默认情况下使用master分支,不过可以通过修改配置文件Dockerfile  
+或者使用参数GOPROXY_VERSION指定构建的goproxy版本.  
 
 ```
-ARG GOPROXY_VERSION=v4.7
+ARG GOPROXY_VERSION=v5.3
 ```
 
 步骤:  
@@ -185,14 +220,14 @@ sudo docker build .
 ```
 2. 镜像打标签:
 ```
-sudo docker tag <上一步的结果ID> goproxy/goproxy:latest
+sudo docker tag <上一步的结果ID> snail007/goproxy:latest
 ```
 3. 运行 
 参数OPTS的值就是传递给proxy的所有参数
-比如下面的例子启动了一个http服务: 
+比如下面的例子启动了一个http服务:
 
 ```
-sudo docker run -d --restart=always --name goproxy -e OPTS="http -p :33080" -p 33080:33080 goproxy/goproxy:latest
+sudo docker run -d --restart=always --name goproxy -e OPTS="http -p :33080" -p 33080:33080 snail007/goproxy:latest
 ```
 4. 查看日志:
 ```
@@ -227,10 +262,18 @@ http
 
 ### **生成加密通讯需要的证书文件**  
 http,tcp,udp代理过程会和上级通讯,为了安全我们采用加密通讯,当然可以选择不加密通信通讯,本教程所有和上级通讯都采用加密,需要证书文件.  
-在linux上并安装了openssl命令，可以直接通过下面的命令生成证书和key文件.  
-`./proxy keygen`  
-默认会在当前程序目录下面生成证书文件proxy.crt和key文件proxy.key。  
-更多用法:`proxy keygen usage`。    
+
+1.通过下面的命令生成自签名的证书和key文件.  
+`./proxy keygen -C proxy`  
+会在当前程序目录下面生成证书文件proxy.crt和key文件proxy.key。   
+
+2.通过下面的命令生,使用自签名证书proxy.crt和key文件proxy.key签发新证书:goproxy.crt和goproxy.key.   
+`./proxy keygen -s -C proxy -c goproxy`  
+会在当前程序目录下面生成证书文件goproxy.crt和key文件goproxy.key。   
+
+3.默认情况下证书的里面的域名是随机的,可以使用`-n test.com`参数指定.  
+
+4.更多用法:`proxy keygen --help`。    
 
 ### **后台运行**
 默认执行proxy之后,如果要保持proxy运行,不能关闭命令行.  
@@ -250,6 +293,32 @@ proxy会fork子进程,然后监控子进程,如果子进程异常退出,5秒后
 假设你的vps外网ip是23.23.23.23,下面命令通过-g参数设置23.23.23.23  
 `./proxy http -g "23.23.23.23"`  
 
+### **负载均衡和高可用**
+
+HTTP(S)\SOCKS5\SPS代理支持上级负载均衡和高可用,多个上级重复-P参数即可.
+
+负载均衡策略支持5种,可以通过`--lb-method`参数指定:
+
+roundrobin 轮流使用
+
+leastconn  使用最小连接数的
+
+leasttime  使用连接时间最小的
+
+hash     使用根据客户端地址计算出一个固定上级
+
+weight    根据每个上级的权重和连接数情况,选择出一个上级
+
+提示:
+
+负载均衡检查时间间隔可以通过`--lb-retrytime`设置,单位毫秒
+
+负载均衡连接超时时间可以通过`--lb-timeout`设置,单位毫秒
+
+如果负载均衡策略是权重(weight),-P格式为:2.2.2.2:3880@1,1就是权重,大于0的整数.
+
+如果负载均衡策略是hash,默认是根据客户端地址选择上级,可以通过开关`--lb-hashtarget`使用访问的目标地址选择上级.
+
 ### **1.HTTP代理**  
 #### **1.1.普通一级HTTP代理**  
 ![1.1](/docs/images/http-1.png)  
@@ -300,11 +369,12 @@ proxy会fork子进程,然后监控子进程,如果子进程异常退出,5秒后
 比如:  
 `./proxy http -t tcp -p ":33080" --auth-url "http://test.com/auth.php"`  
 用户连接的时候,proxy会GET方式请求这url("http://test.com/auth.php"),  
-带上user,pass,ip,target四个参数:  
-http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}&target={TARGET}  
+带上user,pass,ip,local_ip,target五个参数:  
+http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}&local_ip={LOCAL_IP}&target={TARGET}  
 user:用户名  
 pass:密码  
 ip:用户的IP,比如:192.168.1.200  
+local_ip:用户访问的服务器的IP,比如:3.3.3.3  
 target:用户访问的URL,比如:http://demo.com:80/1.html或https://www.baidu.com:80  
 
 如果没有-a或-F或--auth-url参数,就是关闭Basic认证.   
@@ -312,7 +382,7 @@ target:用户访问的URL,比如:http://demo.com:80/1.html或https://www.baidu.c
 #### **1.6.HTTP代理流量强制走上级HTTP代理**  
 默认情况下,proxy会智能判断一个网站域名是否无法访问,如果无法访问才走上级HTTP代理.通过--always可以使全部HTTP代理流量强制走上级HTTP代理.  
 `./proxy http --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`  
-  
+
 #### **1.7.HTTP(S)通过SSH中转**  
 ![1.7](/docs/images/http-ssh-1.png)  
 说明:ssh中转的原理是利用了ssh的转发功能,就是你连接上ssh之后,可以通过ssh代理访问目标地址.  
@@ -322,7 +392,7 @@ target:用户访问的URL,比如:http://demo.com:80/1.html或https://www.baidu.c
 
 ##### ***1.7.1 ssh用户名和密码的方式***   
 本地HTTP(S)代理28080端口,执行:  
-`./proxy http -T ssh -P "2.2.2.2:22" -u user -A demo -t tcp -p ":28080"`  
+`./proxy http -T ssh -P "2.2.2.2:22" -u user -D demo -t tcp -p ":28080"`  
 ##### ***1.7.2 ssh用户名和密钥的方式***   
 本地HTTP(S)代理28080端口,执行:  
 `./proxy http -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"`  
@@ -451,7 +521,51 @@ proxy的http(s)代理在tcp之上可以通过tls标准加密以及kcp协议加
 `proxy http -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
 这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.  
 
-#### **1.14 查看帮助**  
+### **1.14 负载均衡**  
+
+HTTP(S)代理支持上级负载均衡,多个上级重复-P参数即可.
+
+`proxy http --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080`
+
+#### **1.14.1 设置重试间隔和超时时间**  
+
+`proxy http --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`
+
+#### **1.14.2 设置权重**  
+
+`proxy http --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -t tcp -p :33080`
+
+#### **1.14.3 使用目标地址选择上级**  
+
+`proxy http --lb-hashtarget --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080`
+
+### **1.15 限速**  
+
+限速100K,通过`-l`参数即可指定,比如:100K 2000K 1M . 0意味着无限制.
+
+`proxy http -t tcp -p 2.2.2.2:33080 -l 100K`
+
+### **1.16 指定出口IP**  
+
+`--bind-listen`参数，就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP，出口IP不会使用入口IP。
+
+`proxy http -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+### **1.17 证书参数使用base64数据**  
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+#### **1.18 智能模式**  
+智能模式设置,可以是intelligent|direct|parent三者之一.  
+默认是:intelligent.  
+每个值的含义如下:  
+`--intelligent=direct`,不在blocked里面的目标都直连.  
+`--intelligent=parent`,不在direct里面的目标都走上级.  
+`--intelligent=intelligent`,blocked和direct里面都没有的目标,智能判断是否使用上级访问目标.  
+
+#### **1.19 查看帮助**  
 `./proxy help http`  
   
 ### **2.TCP代理**  
@@ -498,7 +612,27 @@ VPS(IP:22.22.22.33)执行:
 `./proxy tcp -p ":8080" -T tls -P "33.33.33.33:28080" -C proxy.crt -K proxy.key`  
 那么访问本地8080端口就是通过加密TCP隧道访问66.66.66.66的8080端口.  
   
-#### **2.6.查看帮助**  
+#### **2.6.通过代理连接上级**  
+有时候proxy所在的网络不能直接访问外网,需要通过一个https或者socks5代理才能上网,那么这个时候  
+-J参数就可以帮助你让proxy的tcp端口映射的时候通过https或者socks5代理去连接上级-P,将外部端口映射到本地.    
+-J参数格式如下:  
+
+https代理写法:  
+代理需要认证,用户名:username 密码:password  
+https://username:password@host:port  
+代理不需要认证  
+https://host:port  
+
+socks5代理写法:
+代理需要认证,用户名:username 密码:password
+socks5://username:password@host:port
+代理不需要认证
+socks5://host:port
+
+host:代理的IP或者域名
+port:代理的端口
+
+#### **2.7.查看帮助**  
 `./proxy help tcp`  
   
 ### **3.UDP代理**  
@@ -685,13 +819,40 @@ server连接到bridge的时候,如果同时有多个client连接到同一个brid
   
   4.7.3.LOCAL_IP为空默认是:`0.0.0.0`,CLIENT_LOCAL_HOST为空默认是:`127.0.0.1`; 
 
-#### **4.8.查看帮助**  
+#### **4.8.server和client通过代理连接bridge**  
+有时候server或者client所在的网络不能直接访问外网,需要通过一个https或者socks5代理才能上网,那么这个时候  
+-J参数就可以帮助你让server或者client通过https或者socks5代理去连接bridge.  
+-J参数格式如下:  
+
+https代理写法:  
+代理需要认证,用户名:username 密码:password  
+https://username:password@host:port  
+代理不需要认证  
+https://host:port  
+
+socks5代理写法:
+代理需要认证,用户名:username 密码:password
+socks5://username:password@host:port
+代理不需要认证
+socks5://host:port
+
+host:代理的IP或者域名
+port:代理的端口
+
+#### **4.9.查看帮助**  
 `./proxy help bridge`  
 `./proxy help server`  
 `./proxy help client`  
   
 ### **5.SOCKS5代理**  
-提示:SOCKS5代理,支持CONNECT,UDP协议,不支持BIND,支持用户名密码认证.  
+提示:
+
+SOCKS5代理,支持CONNECT,UDP协议,不支持BIND,支持用户名密码认证.  
+
+***如果你的VPS是阿里云，腾讯云这种VPS，就是ifconfig看不见你的公网IP，只能看见内网IP，***
+
+***那么需要加上`-g VPS公网IP`参数，SOCKS5代理的UDP功能才能正常工作。***
+
 #### **5.1.普通SOCKS5代理**  
 `./proxy socks -t tcp -p "0.0.0.0:38080"`  
   
@@ -738,7 +899,7 @@ server连接到bridge的时候,如果同时有多个client连接到同一个brid
 
 ##### ***5.6.1 ssh用户名和密码的方式***  
 本地SOCKS5代理28080端口,执行:  
-`./proxy socks -T ssh -P "2.2.2.2:22" -u user -A demo -t tcp -p ":28080"`  
+`./proxy socks -T ssh -P "2.2.2.2:22" -u user -D demo -t tcp -p ":28080"`  
 ##### ***5.6.2 ssh用户名和密钥的方式***  
 本地SOCKS5代理28080端口,执行:  
 `./proxy socks -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"`  
@@ -758,11 +919,12 @@ server连接到bridge的时候,如果同时有多个client连接到同一个brid
 比如:  
 `./proxy socks -t tcp -p ":33080" --auth-url "http://test.com/auth.php"`  
 用户连接的时候,proxy会GET方式请求这url("http://test.com/auth.php"),  
-带上user,pass,ip,三个参数:  
-http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}  
+带上user,pass,ip,local_ip四个参数:  
+http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}&local_ip={LOCAL_IP}  
 user:用户名  
 pass:密码  
 ip:用户的IP,比如:192.168.1.200  
+local_ip:用户访问的服务器的IP,比如:3.3.3.3   
 
 如果没有-a或-F或--auth-url参数,就是关闭认证.    
 
@@ -833,41 +995,106 @@ proxy的socks代理在tcp之上可以通过自定义加密和tls标准加密以
 `proxy socks -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
 这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.  
 
-#### **5.12.查看帮助**  
+
+#### **5.12 负载均衡**  
+
+SOCKS代理支持上级负载均衡,多个上级重复-P参数即可.
+
+`proxy socks --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080  -p :33080 -t tcp`
+
+#### **5.12.1 设置重试间隔和超时时间**  
+
+`proxy socks --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.12.2 设置权重**  
+
+`proxy socks --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -p :33080 -t tcp`
+
+#### **5.12.3 使用目标地址选择上级**  
+
+`proxy socks --lb-hashtarget --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -p :33080 -t tcp`
+
+#### **5.13 限速**  
+
+限速100K,通过`-l`参数即可指定,比如:100K 2000K 1M . 0意味着无限制.
+
+`proxy socks -t tcp -p 2.2.2.2:33080 -l 100K`
+
+#### **5.14 指定出口IP**  
+
+`--bind-listen`参数，就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP，出口IP不会使用入口IP。
+
+`proxy socks -t tcp -p 2.2.2.2:33080 --bind-listen`
+
+#### **5.15 级联认证**  
+
+SOCKS5支持级联认证,-A可以设置上级认证信息.
+
+上级:
+
+`proxy socks -t tcp -p 2.2.2.2:33080 -a user:pass`
+
+本地:
+
+`proxy socks -T tcp -P 2.2.2.2:33080 -A user:pass -t tcp -p :33080`
+
+#### **5.16 证书参数使用base64数据**  
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+
+#### **5.17 智能模式**  
+智能模式设置,可以是intelligent|direct|parent三者之一.  
+默认是:intelligent.  
+每个值的含义如下:  
+`--intelligent=direct`,不在blocked里面的目标都直连.  
+`--intelligent=parent`,不在direct里面的目标都走上级.  
+`--intelligent=intelligent`,blocked和direct里面都没有的目标,智能判断是否使用上级访问目标.  
+
+#### **5.18.查看帮助**  
 `./proxy help socks`  
 
 ### **6.代理协议转换** 
 
 #### **6.1 功能介绍** 
-代理协议转换使用的是sps子命令(socks+https的缩写)，sps本身不提供代理功能，只是接受代理请求"转换并转发"给已经存在的http(s)代理或者socks5代理；sps可以把已经存在的http(s)代理或者socks5代理转换为一个端口同时支持http(s)和socks5代理，而且http(s)代理支持正向代理和反向代理(SNI)，转换后的SOCKS5代理不支持UDP功能；另外对于已经存在的http(s)代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
+代理协议转换使用的是sps子命令，sps本身不提供代理功能，只是接受代理请求"转换并转发"给已经存在的http(s)代理或者socks5代理或者ss代理；sps可以把已经存在的http(s)代理或者socks5代理或ss代理转换为一个端口同时支持http(s)和socks5和ss的代理，而且http(s)代理支持正向代理和反向代理(SNI)，转换后的SOCKS5代理，当上级是SOCKS5或者SS时仍然支持UDP功能；另外对于已经存在的http(s)代理或者socks5代理，支持tls、tcp、kcp三种模式，支持链式连接，也就是可以多个sps结点层级连接构建加密通道。
 
-#### **6.2 HTTP(S)转HTTP(S)+SOCKS5** 
-假设已经存在一个普通的http(s)代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。  
+#### **6.2 HTTP(S)转HTTP(S)+SOCKS5+SS** 
+假设已经存在一个普通的http(s)代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。  
 命令如下：  
-`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
 
-假设已经存在一个tls的http(s)代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080，tls需要证书文件。  
+假设已经存在一个tls的http(s)代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080，tls需要证书文件,ss加密方式:aes-192-cfb,ss密码:pass。  
 命令如下：  
-`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`   
+`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`   
 
-假设已经存在一个kcp的http(s)代理（密码是：demo123）：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。  
+假设已经存在一个kcp的http(s)代理（密码是：demo123）：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。  
 命令如下：  
-`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  
+`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`  
 
-#### **6.3 SOCKS5转HTTP(S)+SOCKS5** 
-假设已经存在一个普通的socks5代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。  
+#### **6.3 SOCKS5转HTTP(S)+SOCKS5+SS** 
+假设已经存在一个普通的socks5代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。    
 命令如下：  
-`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080`
+`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`
 
-假设已经存在一个tls的socks5代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080，tls需要证书文件。  
+假设已经存在一个tls的socks5代理：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080，tls需要证书文件,ss加密方式:aes-192-cfb,ss密码:pass。   
 命令如下：  
-`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key`   
+`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key -h aes-192-cfb -j pass`   
 
-假设已经存在一个kcp的socks5代理（密码是：demo123）：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。  
+假设已经存在一个kcp的socks5代理（密码是：demo123）：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,ss加密方式:aes-192-cfb,ss密码:pass。  
 命令如下：  
-`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  
+`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123 -h aes-192-cfb -j pass`  
 
-#### **6.4 链式连接**   
+#### **6.4 SS转HTTP(S)+SOCKS5+SS** 
+SPS上级和本地支持ss协议,上级可以是SPS或者标准的ss服务.  
+SPS本地默认提供HTTP(S)\SOCKS5\SPS三种代理,当上级是SOCKS5时转换后的SOCKS5和SS支持UDP功能.  
+假设已经存在一个普通的SS或者SPS代理(开启了ss,加密方式:aes-256-cfb,密码:demo)：127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5和ss的普通代理,转换后的本地端口为18080,转换后的ss加密方式:aes-192-cfb,ss密码:pass。  
+命令如下：  
+`./proxy sps -S ss -H aes-256-cfb -J pass -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass`.  
+
+#### **6.5 链式连接**   
 ![6.4](/docs/images/sps-tls.png)  
 上面提过多个sps结点可以层级连接构建加密通道，假设有如下vps和家里的pc电脑。  
 vps01：2.2.2.2  
@@ -887,11 +1114,11 @@ vps02：3.3.3.3
 
 完成。  
 
-#### **6.5 监听多个端口**   
+#### **6.6 监听多个端口**   
 一般情况下监听一个端口就可以，不过如果作为反向代理需要同时监听80和443两个端口，那么-p参数是支持的，  
 格式是：`-p 0.0.0.0:80,0.0.0.0:443`，多个绑定用逗号分隔即可。  
 
-#### **6.6 认证功能**   
+#### **6.7 认证功能**   
 sps支持http(s)\socks5代理认证,可以级联认证,有四个重要的信息:  
 1:用户发送认证信息`user-auth`。   
 2:设置的本地认证信息`local-auth`。  
@@ -933,8 +1160,20 @@ target:如果客户端是http(s)代理请求,这里代表的是请求的完整ur
 如果没有-a或-F或--auth-url参数,就是关闭本地认证.  
 如果没有-A参数,连接上级不使用认证.  
 
+**设置单独认证信息**
 
-#### **6.7 自定义加密**  
+如果存在多个不同上级,而且他们的密码有的一样有的不一样,那么可以针对每个上级设置认证信息,  
+同时还可以用-A参数设置一个全局认证信息,如果某个上级没有单独设置认证信息就使用全局设置的认证信息.  
+认证信息和上级写在一起.  
+格式是: YTpi#2.2.2.2:33080@1  
+说明:  
+YTpi 是经过base64编码的认证信息,比如是http(s)/socks原始认证信息a:b,用户是a密码是b,base64编码之后是:YTpi  
+    如果是ss,那么a就是加密方法,b是密码,比如:aes-192-cfb:your_pass,base64编码之后是:YWVzLTE5Mi1jZmI6eW91cl9wYXNz   
+# 是间隔符号,如果有认证信息,必须有#,没有认证信息可以省略#  
+2.2.2.2:33080 是上级地址  
+@1 是设置权重,没有可以省略,详细说明可以参考手册***权重部分***  
+
+#### **6.8 自定义加密**  
 proxy的sps代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp数据,除此之外还支持在tls和kcp之后进行  
 自定义加密,也就是说自定义加密和tls|kcp是可以联合使用的,内部采用AES256加密,使用的时候只需要自己定义  
 一个密码即可,加密分为两个部分,一部分是本地(-z)是否加密解密,一部分是与上级(-Z)传输是否加密解密.      
@@ -962,7 +1201,7 @@ proxy的sps代理在tcp之上可以通过tls标准加密以及kcp协议加密tcp
 `proxy sps -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`  
 这样通过本地代理8080访问网站的时候就是通过与上级加密传输访问目标网站.  
 
-#### **6.8 压缩传输**  
+#### **6.9 压缩传输**  
 proxy的sps代理在tcp之上可以通过自定义加密和tls标准加密以及kcp协议加密tcp数据,在自定义加密之前还可以  
 对数据进行压缩,也就是说压缩功能和自定义加密和tls|kcp是可以联合使用的,压缩分为两个部分,   
 一部分是本地(-m)是否压缩传输,一部分是与上级(-M)传输是否压缩.    
@@ -988,8 +1227,7 @@ proxy的sps代理在tcp之上可以通过自定义加密和tls标准加密以及
 `proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`  
 这样通过本地代理8080访问网站的时候就是通过与上级压缩传输访问目标网站.  
 
-
-#### **6.9 禁用协议** 
+#### **6.10 禁用协议**  
 SPS默认情况下一个端口支持http(s)和socks5两种代理协议,我们可以通过参数禁用某个协议  
 比如:  
 1.禁用HTTP(S)代理功能只保留SOCKS5代理功能,参数:`--disable-http`.   
@@ -998,7 +1236,31 @@ SPS默认情况下一个端口支持http(s)和socks5两种代理协议,我们可
 1.禁用SOCKS5代理功能只保留HTTP(S)代理功能,参数:`--disable-socks`.   
 `proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080 --disable-http`   
 
-#### **6.10 查看帮助** 
+#### **6.11 限速**  
+
+假设存在SOCKS5上级:
+
+`proxy socks -p 2.2.2.2:33080 -z password -t tcp`
+
+sps下级,限速100K
+
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp -p :33080`
+
+通过`-l`参数即可指定,比如:100K 2000K 1M . 0意味着无限制.
+
+#### **6.12 指定出口IP**  
+
+`--bind-listen`参数，就可以开启客户端用入口IP连接过来的,就用入口IP作为出口IP访问目标网站的功能。如果入口IP是内网IP，出口IP不会使用入口IP。
+
+`proxy sps -S socks -P 2.2.2.2:33080 -T tcp -Z password -l 100K -t tcp --bind-listen -p :33080`
+
+#### **6.13 证书参数使用base64数据**  
+
+默认情况下-C,-K参数是crt证书和key文件的路径,
+
+如果是base64://开头,那么就认为后面的数据是base64编码的,会解码后使用.
+
+#### **6.14 查看帮助** 
 `./proxy help sps`  
 
 ### **7.KCP配置**   
@@ -1039,18 +1301,80 @@ fast ：`--nodelay=0 --interval=30 --resend=2 --nc=1`
 fast2：`--nodelay=1 --interval=20 --resend=2 --nc=1`  
 fast3：`--nodelay=1 --interval=10 --resend=2 --nc=1`  
 
+### **8.DNS防污染服务器** 
+
+#### **8.1 介绍** 
+众所周知DNS是UDP端口53提供的服务，但是随着网络的发展一些知名DNS服务器也支持TCP方式dns查询，比如谷歌的8.8.8.8，proxy的DNS防污染服务器原理就是在本地启动一个proxy的DNS代理服务器，它用TCP的方式通过上级代理进行dns查询。如果它和上级代理通讯采用加密的方式，那么就可以进行安全无污染的DNS解析。
+
+#### **8.2 使用示例** 
+
+***8.2.1 普通HTTP(S)上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+本地执行：  
+`proxy dns -S http -T tcp -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了DNS解析功能。  
+
+***8.2.2 普通SOCKS5上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+本地执行：  
+`proxy dns -S socks -T tcp -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了DNS解析功能。 
+
+***8.2.3 TLS加密的HTTP(S)上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy http -t tls -C proxy.crt -K proxy.key -p :33080`
+本地执行：  
+`proxy dns -S http -T tls -P 2.2.2.2:33080  -C proxy.crt -K proxy.key -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。 
+
+***8.2.4 TLS加密的SOCKS5上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy socks -t tls -C proxy.crt -K proxy.key -p :33080`
+本地执行：  
+`proxy dns -S socks -T tls -P 2.2.2.2:33080  -C proxy.crt -K proxy.key -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。  
+
+***8.2.5 KCP加密的HTTP(S)上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy http -t kcp -p :33080`
+本地执行：  
+`proxy dns -S http -T kcp -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。 
+
+***8.2.6 KCP加密的SOCKS5上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy socks -t kcp -p :33080`
+本地执行：  
+`proxy dns -S socks -T kcp -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。 
+
+***8.2.7 自定义加密的HTTP(S)上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy http -t tcp -p :33080 -z password`
+本地执行：  
+`proxy dns -S http -T tcp -Z password -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。 
+
+***8.2.8 自定义加密的SOCKS5上级代理***   
+假设有一个上级代理：2.2.2.2:33080  
+上级代理执行的命令是：
+`proxy socks -t kcp -p :33080 -z password`
+本地执行：  
+`proxy dns -S socks -T tcp -Z password -P 2.2.2.2:33080 -p :53`  
+那么本地的UDP端口53就提供了安全防污染DNS解析功能。
+
 ### TODO  
 - http,socks代理多个上级负载均衡?
 - http(s)代理增加pac支持?
 - 欢迎加群反馈...
 
-### 如何贡献代码(Pull Request)?  
-首先需要clone本项目到自己的帐号下面,然后在dev分支上面修改代码,  
-最后发Pull Request到goproxy项目的dev分支即可,为了高效贡献代码,  
-pr的时候需要说明做了什么变更,原因是什么.  
-
 ### 如何使用源码?   
-建议go1.8.5,不保证>=1.9能用.       
+建议go1.10.1.       
 `go get github.com/snail007/goproxy`   
 cd进入你的go src目录  
 cd进入`github.com/snail007/goproxy`即可.    
@@ -1061,12 +1385,10 @@ utils是工具包,service是具体的每个服务类.
 ### License  
 Proxy is licensed under GPLv3 license.  
 ### Contact  
-QQ交流群:189618940  
+官方QQ交流群: 793015219 (2群), 189618940 (1群满)  
   
   
 ### Donation  
 如果proxy帮助你解决了很多问题,你可以通过下面的捐赠更好的支持proxy.  
 <img src="https://github.com/snail007/goproxy/blob/master/docs/images/alipay.jpg?raw=true" width="200"/>  
 <img src="https://github.com/snail007/goproxy/blob/master/docs/images/wxpay.jpg?raw=true" width="200"/>  
-
-  

VERSION

@@ -0,0 +1 @@
+6.9

config.go

@@ -4,62 +4,72 @@ import (
 	"bufio"
 	"crypto/sha1"
 	"fmt"
+	"io/ioutil"
 	logger "log"
 	"os"
 	"os/exec"
+	"path"
+	"path/filepath"
+	"runtime/debug"
 	"runtime/pprof"
+	"strings"
 	"time"
 
-	"github.com/snail007/goproxy/services"
-	"github.com/snail007/goproxy/services/kcpcfg"
-	"github.com/snail007/goproxy/utils"
-
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
+	sdk "github.com/snail007/goproxy/sdk/android-ios"
+	services "github.com/snail007/goproxy/services"
+	httpx "github.com/snail007/goproxy/services/http"
+	keygenx "github.com/snail007/goproxy/services/keygen"
+	mux "github.com/snail007/goproxy/services/mux"
+	socksx "github.com/snail007/goproxy/services/socks"
+	spsx "github.com/snail007/goproxy/services/sps"
+	tcpx "github.com/snail007/goproxy/services/tcp"
+	tunnelx "github.com/snail007/goproxy/services/tunnel"
+	udpx "github.com/snail007/goproxy/services/udp"
 	kcp "github.com/xtaci/kcp-go"
+
 	"golang.org/x/crypto/pbkdf2"
 	kingpin "gopkg.in/alecthomas/kingpin.v2"
 )
 
 var (
-	app                                                                                                       *kingpin.Application
-	service                                                                                                   *services.ServiceItem
-	cmd                                                                                                       *exec.Cmd
-	cpuProfilingFile, memProfilingFile, blockProfilingFile, goroutineProfilingFile, threadcreateProfilingFile *os.File
-	isDebug                                                                                                   bool
+	app     *kingpin.Application
+	service *services.ServiceItem
+	cmd     *exec.Cmd
+	cpuProfilingFile, memProfilingFile, blockProfilingFile,
+	goroutineProfilingFile, threadcreateProfilingFile *os.File
+	isDebug *bool
 )
 
 func initConfig() (err error) {
-	//keygen
-	if len(os.Args) > 1 {
-		if os.Args[1] == "keygen" {
-			utils.Keygen()
-			os.Exit(0)
-		}
-	}
-
 	//define  args
-	tcpArgs := services.TCPArgs{}
-	httpArgs := services.HTTPArgs{}
-	tunnelServerArgs := services.TunnelServerArgs{}
-	tunnelClientArgs := services.TunnelClientArgs{}
-	tunnelBridgeArgs := services.TunnelBridgeArgs{}
-	muxServerArgs := services.MuxServerArgs{}
-	muxClientArgs := services.MuxClientArgs{}
-	muxBridgeArgs := services.MuxBridgeArgs{}
-	udpArgs := services.UDPArgs{}
-	socksArgs := services.SocksArgs{}
-	spsArgs := services.SPSArgs{}
+	tcpArgs := tcpx.TCPArgs{}
+	httpArgs := httpx.HTTPArgs{}
+	tunnelServerArgs := tunnelx.TunnelServerArgs{}
+	tunnelClientArgs := tunnelx.TunnelClientArgs{}
+	tunnelBridgeArgs := tunnelx.TunnelBridgeArgs{}
+	muxServerArgs := mux.MuxServerArgs{}
+	muxClientArgs := mux.MuxClientArgs{}
+	muxBridgeArgs := mux.MuxBridgeArgs{}
+	udpArgs := udpx.UDPArgs{}
+	socksArgs := socksx.SocksArgs{}
+	spsArgs := spsx.SPSArgs{}
+	dnsArgs := sdk.DNSArgs{}
+	keygenArgs := keygenx.KeygenArgs{}
 	kcpArgs := kcpcfg.KCPConfigArgs{}
 	//build srvice args
 	app = kingpin.New("proxy", "happy with proxy")
 	app.Author("snail").Version(APP_VERSION)
-	debug := app.Flag("debug", "debug log output").Default("false").Bool()
+	isDebug = app.Flag("debug", "debug log output").Default("false").Bool()
 	daemon := app.Flag("daemon", "run proxy in background").Default("false").Bool()
 	forever := app.Flag("forever", "run proxy in forever,fail and retry").Default("false").Bool()
 	logfile := app.Flag("log", "log file path").Default("").String()
+	nolog := app.Flag("nolog", "turn off logging").Default("false").Bool()
 	kcpArgs.Key = app.Flag("kcp-key", "pre-shared secret between client and server").Default("secrect").String()
 	kcpArgs.Crypt = app.Flag("kcp-method", "encrypt/decrypt method, can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none").Default("aes").Enum("aes", "aes-128", "aes-192", "salsa20", "blowfish", "twofish", "cast5", "3des", "tea", "xtea", "xor", "sm4", "none")
 	kcpArgs.Mode = app.Flag("kcp-mode", "profiles: fast3, fast2, fast, normal, manual").Default("fast").Enum("fast3", "fast2", "fast", "normal", "manual")
-	kcpArgs.MTU = app.Flag("kcp-mtu", "set maximum transmission unit for UDP packets").Default("1350").Int()
+	kcpArgs.MTU = app.Flag("kcp-mtu", "set maximum transmission unit for UDP packets").Default("450").Int()
 	kcpArgs.SndWnd = app.Flag("kcp-sndwnd", "set send window size(num of packets)").Default("1024").Int()
 	kcpArgs.RcvWnd = app.Flag("kcp-rcvwnd", "set receive window size(num of packets)").Default("1024").Int()
 	kcpArgs.DataShard = app.Flag("kcp-ds", "set reed-solomon erasure coding - datashard").Default("10").Int()
@@ -76,7 +86,7 @@ func initConfig() (err error) {
 
 	//########http#########
 	http := app.Command("http", "proxy on http mode")
-	httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
 	httpArgs.CaCertFile = http.Flag("ca", "ca cert file for tls").Default("").String()
 	httpArgs.CertFile = http.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	httpArgs.KeyFile = http.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
@@ -96,7 +106,7 @@ func initConfig() (err error) {
 	httpArgs.SSHKeyFile = http.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
 	httpArgs.SSHKeyFileSalt = http.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
 	httpArgs.SSHPassword = http.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
-	httpArgs.LocalIPS = http.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	httpArgs.LocalIPS = http.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	httpArgs.AuthURL = http.Flag("auth-url", "http basic auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	httpArgs.AuthURLTimeout = http.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	httpArgs.AuthURLOkCode = http.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
@@ -107,7 +117,16 @@ func initConfig() (err error) {
 	httpArgs.ParentKey = http.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	httpArgs.LocalCompress = http.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	httpArgs.ParentCompress = http.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
-
+	httpArgs.Intelligent = http.Flag("intelligent", "settting intelligent HTTP, SOCKS5 proxy mode, can be <intelligent|direct|parent>").Default("intelligent").Enum("intelligent", "direct", "parent")
+	httpArgs.LoadBalanceMethod = http.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("roundrobin").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	httpArgs.LoadBalanceTimeout = http.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	httpArgs.LoadBalanceRetryTime = http.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	httpArgs.LoadBalanceHashTarget = http.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	httpArgs.LoadBalanceOnlyHA = http.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	httpArgs.RateLimit = http.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	httpArgs.BindListen = http.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+	httpArgs.Jumper = http.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	httpArgs.Debug = isDebug
 	//########tcp#########
 	tcp := app.Command("tcp", "proxy on tcp mode")
 	tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
@@ -118,6 +137,7 @@ func initConfig() (err error) {
 	tcpArgs.LocalType = tcp.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	tcpArgs.CheckParentInterval = tcp.Flag("check-parent-interval", "check if proxy is okay every interval seconds,zero: means no check").Short('I').Default("3").Int()
 	tcpArgs.Local = tcp.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
+	tcpArgs.Jumper = tcp.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########udp#########
 	udp := app.Command("udp", "proxy on udp mode")
@@ -132,7 +152,7 @@ func initConfig() (err error) {
 	//########mux-server#########
 	muxServer := app.Command("server", "proxy on mux server mode")
 	muxServerArgs.Parent = muxServer.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
-	muxServerArgs.ParentType = muxServer.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Default("tls").Short('T').Enum("tls", "tcp", "kcp")
+	muxServerArgs.ParentType = muxServer.Flag("parent-type", "parent protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('T').Enum("tls", "tcp", "tcps", "kcp", "tou")
 	muxServerArgs.CertFile = muxServer.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	muxServerArgs.KeyFile = muxServer.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxServerArgs.Timeout = muxServer.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
@@ -141,17 +161,27 @@ func initConfig() (err error) {
 	muxServerArgs.Route = muxServer.Flag("route", "local route to client's network, such as: PROTOCOL://LOCAL_IP:LOCAL_PORT@[CLIENT_KEY]CLIENT_LOCAL_HOST:CLIENT_LOCAL_PORT").Short('r').Default("").Strings()
 	muxServerArgs.IsCompress = muxServer.Flag("c", "compress data when tcp|tls mode").Default("false").Bool()
 	muxServerArgs.SessionCount = muxServer.Flag("session-count", "session count which connect to bridge").Short('n').Default("10").Int()
+	muxServerArgs.Jumper = muxServer.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	muxServerArgs.TCPSMethod = muxServer.Flag("tcps-method", "method of parent tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxServerArgs.TCPSPassword = muxServer.Flag("tcps-password", "password of parent tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxServerArgs.TOUMethod = muxServer.Flag("tou-method", "method of parent tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxServerArgs.TOUPassword = muxServer.Flag("tou-password", "password of parent tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########mux-client#########
 	muxClient := app.Command("client", "proxy on mux client mode")
 	muxClientArgs.Parent = muxClient.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
-	muxClientArgs.ParentType = muxClient.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Default("tls").Short('T').Enum("tls", "tcp", "kcp")
+	muxClientArgs.ParentType = muxClient.Flag("parent-type", "parent protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('T').Enum("tls", "tcp", "tcps", "kcp", "tou")
 	muxClientArgs.CertFile = muxClient.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	muxClientArgs.KeyFile = muxClient.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxClientArgs.Timeout = muxClient.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
 	muxClientArgs.Key = muxClient.Flag("k", "key same with server").Default("default").String()
 	muxClientArgs.IsCompress = muxClient.Flag("c", "compress data when tcp|tls mode").Default("false").Bool()
 	muxClientArgs.SessionCount = muxClient.Flag("session-count", "session count which connect to bridge").Short('n').Default("10").Int()
+	muxClientArgs.Jumper = muxClient.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	muxClientArgs.TCPSMethod = muxClient.Flag("tcps-method", "method of parent tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxClientArgs.TCPSPassword = muxClient.Flag("tcps-password", "password of parent tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxClientArgs.TOUMethod = muxClient.Flag("tou-method", "method of parent tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxClientArgs.TOUPassword = muxClient.Flag("tou-password", "password of parent tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########mux-bridge#########
 	muxBridge := app.Command("bridge", "proxy on mux bridge mode")
@@ -159,7 +189,11 @@ func initConfig() (err error) {
 	muxBridgeArgs.KeyFile = muxBridge.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxBridgeArgs.Timeout = muxBridge.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
 	muxBridgeArgs.Local = muxBridge.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
-	muxBridgeArgs.LocalType = muxBridge.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tls").Short('t').Enum("tls", "tcp", "kcp")
+	muxBridgeArgs.LocalType = muxBridge.Flag("local-type", "local protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('t').Enum("tls", "tcp", "tcps", "kcp", "tou")
+	muxBridgeArgs.TCPSMethod = muxBridge.Flag("tcps-method", "method of local tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxBridgeArgs.TCPSPassword = muxBridge.Flag("tcps-password", "password of local tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxBridgeArgs.TOUMethod = muxBridge.Flag("tou-method", "method of local tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxBridgeArgs.TOUPassword = muxBridge.Flag("tou-password", "password of local tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########tunnel-server#########
 	tunnelServer := app.Command("tserver", "proxy on tunnel server mode")
@@ -170,6 +204,7 @@ func initConfig() (err error) {
 	tunnelServerArgs.IsUDP = tunnelServer.Flag("udp", "proxy on udp tunnel server mode").Default("false").Bool()
 	tunnelServerArgs.Key = tunnelServer.Flag("k", "client key").Default("default").String()
 	tunnelServerArgs.Route = tunnelServer.Flag("route", "local route to client's network, such as: PROTOCOL://LOCAL_IP:LOCAL_PORT@[CLIENT_KEY]CLIENT_LOCAL_HOST:CLIENT_LOCAL_PORT").Short('r').Default("").Strings()
+	tunnelServerArgs.Jumper = tunnelServer.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########tunnel-client#########
 	tunnelClient := app.Command("tclient", "proxy on tunnel client mode")
@@ -178,6 +213,7 @@ func initConfig() (err error) {
 	tunnelClientArgs.KeyFile = tunnelClient.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	tunnelClientArgs.Timeout = tunnelClient.Flag("timeout", "tcp timeout with milliseconds").Short('t').Default("2000").Int()
 	tunnelClientArgs.Key = tunnelClient.Flag("k", "key same with server").Default("default").String()
+	tunnelClientArgs.Jumper = tunnelClient.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########tunnel-bridge#########
 	tunnelBridge := app.Command("tbridge", "proxy on tunnel bridge mode")
@@ -186,21 +222,19 @@ func initConfig() (err error) {
 	tunnelBridgeArgs.Timeout = tunnelBridge.Flag("timeout", "tcp timeout with milliseconds").Short('t').Default("2000").Int()
 	tunnelBridgeArgs.Local = tunnelBridge.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
 
-	//########ssh#########
+	//########socks#########
 	socks := app.Command("socks", "proxy on ssh mode")
-	socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').String()
+	socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').Strings()
 	socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type <tls|tcp|kcp|ssh>").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh")
 	socksArgs.LocalType = socks.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
-	socksArgs.UDPParent = socks.Flag("udp-parent", "udp parent address, such as: \"23.32.32.19:33090\"").Default("").Short('X').String()
-	socksArgs.UDPLocal = socks.Flag("udp-local", "udp local ip:port to listen").Short('x').Default(":33090").String()
 	socksArgs.CertFile = socks.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	socksArgs.CaCertFile = socks.Flag("ca", "ca cert file for tls").Default("").String()
 	socksArgs.KeyFile = socks.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	socksArgs.SSHUser = socks.Flag("ssh-user", "user for ssh").Short('u').Default("").String()
 	socksArgs.SSHKeyFile = socks.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
 	socksArgs.SSHKeyFileSalt = socks.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
-	socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
+	socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('D').Default("").String()
 	socksArgs.Always = socks.Flag("always", "always use parent proxy").Default("false").Bool()
 	socksArgs.Timeout = socks.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Default("5000").Int()
 	socksArgs.Interval = socks.Flag("interval", "check domain if blocked every interval seconds").Default("10").Int()
@@ -208,21 +242,31 @@ func initConfig() (err error) {
 	socksArgs.Direct = socks.Flag("direct", "direct domain file , one domain each line").Default("direct").Short('d').String()
 	socksArgs.AuthFile = socks.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
 	socksArgs.Auth = socks.Flag("auth", "socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings()
-	socksArgs.LocalIPS = socks.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	socksArgs.LocalIPS = socks.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	socksArgs.AuthURL = socks.Flag("auth-url", "auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	socksArgs.AuthURLTimeout = socks.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	socksArgs.AuthURLOkCode = socks.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
 	socksArgs.AuthURLRetry = socks.Flag("auth-retry", "access 'auth-url' fail and retry count").Default("0").Int()
+	socksArgs.ParentAuth = socks.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
 	socksArgs.DNSAddress = socks.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
 	socksArgs.DNSTTL = socks.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
 	socksArgs.LocalKey = socks.Flag("local-key", "the password for auto encrypt/decrypt local connection data").Short('z').Default("").String()
 	socksArgs.ParentKey = socks.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	socksArgs.LocalCompress = socks.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	socksArgs.ParentCompress = socks.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+	socksArgs.Intelligent = socks.Flag("intelligent", "settting intelligent HTTP, SOCKS5 proxy mode, can be <intelligent|direct|parent>").Default("intelligent").Enum("intelligent", "direct", "parent")
+	socksArgs.LoadBalanceMethod = socks.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("roundrobin").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	socksArgs.LoadBalanceTimeout = socks.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	socksArgs.LoadBalanceRetryTime = socks.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	socksArgs.LoadBalanceHashTarget = socks.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	socksArgs.LoadBalanceOnlyHA = socks.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	socksArgs.RateLimit = socks.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	socksArgs.BindListen = socks.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+	socksArgs.Debug = isDebug
 
-	//########socks+http(s)#########
+	//########sps#########
 	sps := app.Command("sps", "proxy on socks+http(s) mode")
-	spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
 	spsArgs.CertFile = sps.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	spsArgs.KeyFile = sps.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	spsArgs.CaCertFile = sps.Flag("ca", "ca cert file for tls").Default("").String()
@@ -230,12 +274,12 @@ func initConfig() (err error) {
 	spsArgs.ParentType = sps.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Short('T').Enum("tls", "tcp", "kcp")
 	spsArgs.LocalType = sps.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	spsArgs.Local = sps.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String()
-	spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type <http|socks>").Short('S').Enum("http", "socks", "ss")
+	spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type <http|socks|ss>").Short('S').Enum("http", "socks", "ss")
 	spsArgs.DNSAddress = sps.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
 	spsArgs.DNSTTL = sps.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
 	spsArgs.AuthFile = sps.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
 	spsArgs.Auth = sps.Flag("auth", "socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings()
-	spsArgs.LocalIPS = sps.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	spsArgs.LocalIPS = sps.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	spsArgs.AuthURL = sps.Flag("auth-url", "auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	spsArgs.AuthURLTimeout = sps.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	spsArgs.AuthURLOkCode = sps.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
@@ -245,14 +289,52 @@ func initConfig() (err error) {
 	spsArgs.ParentKey = sps.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	spsArgs.LocalCompress = sps.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	spsArgs.ParentCompress = sps.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+	spsArgs.SSMethod = sps.Flag("ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss client , \"-t tcp\" is required").Short('h').Default("aes-256-cfb").String()
+	spsArgs.SSKey = sps.Flag("ss-key", "if you use ss client , \"-t tcp\" is required").Short('j').Default("sspassword").String()
+	spsArgs.ParentSSMethod = sps.Flag("parent-ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss server as parent, \"-T tcp\" is required").Short('H').Default("aes-256-cfb").String()
+	spsArgs.ParentSSKey = sps.Flag("parent-ss-key", "if you use ss server as parent, \"-T tcp\" is required").Short('J').Default("sspassword").String()
 	spsArgs.DisableHTTP = sps.Flag("disable-http", "disable http(s) proxy").Default("false").Bool()
 	spsArgs.DisableSocks5 = sps.Flag("disable-socks", "disable socks proxy").Default("false").Bool()
+	spsArgs.DisableSS = sps.Flag("disable-ss", "disable ss proxy").Default("false").Bool()
+	spsArgs.LoadBalanceMethod = sps.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("roundrobin").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	spsArgs.LoadBalanceTimeout = sps.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	spsArgs.LoadBalanceRetryTime = sps.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	spsArgs.LoadBalanceHashTarget = sps.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	spsArgs.LoadBalanceOnlyHA = sps.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	spsArgs.RateLimit = sps.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	spsArgs.Jumper = sps.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Default("").String()
+	spsArgs.ParentTLSSingle = sps.Flag("parent-tls-single", "conntect to parent insecure skip verify").Default("false").Bool()
+	spsArgs.Debug = isDebug
+
+	//########dns#########
+	dns := app.Command("dns", "proxy on dns server mode")
+	dnsArgs.Parent = dns.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	dnsArgs.CertFile = dns.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
+	dnsArgs.KeyFile = dns.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
+	dnsArgs.CaCertFile = dns.Flag("ca", "ca cert file for tls").Default("").String()
+	dnsArgs.Timeout = dns.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Short('i').Default("2000").Int()
+	dnsArgs.ParentType = dns.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Short('T').Enum("tls", "tcp", "kcp")
+	dnsArgs.Local = dns.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":53").String()
+	dnsArgs.ParentServiceType = dns.Flag("parent-service-type", "parent service type <http|socks>").Short('S').Enum("http", "socks")
+	dnsArgs.RemoteDNSAddress = dns.Flag("dns-address", "remote dns for resolve doamin").Short('q').Default("8.8.8.8:53").String()
+	dnsArgs.DNSTTL = dns.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
+	dnsArgs.ParentAuth = dns.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
+	dnsArgs.ParentKey = dns.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
+	dnsArgs.ParentCompress = dns.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+	dnsArgs.CacheFile = dns.Flag("cache-file", "dns result cached file").Short('f').Default(filepath.Join(path.Dir(os.Args[0]), "cache.dat")).String()
+	dnsArgs.LocalSocks5Port = dns.Flag("socks-port", "local socks5 port").Short('s').Default("65501").String()
+
+	//########keygen#########
+	keygen := app.Command("keygen", "create certificate for proxy")
+	keygenArgs.CommonName = keygen.Flag("cn", "common name").Short('n').Default("").String()
+	keygenArgs.CaName = keygen.Flag("ca", "ca name").Short('C').Default("").String()
+	keygenArgs.CertName = keygen.Flag("cert", "cert name of sign to create").Short('c').Default("").String()
+	keygenArgs.SignDays = keygen.Flag("days", "days of sign").Short('d').Default("365").Int()
+	keygenArgs.Sign = keygen.Flag("sign", "cert is to signin").Short('s').Default("false").Bool()
 
 	//parse args
 	serviceName := kingpin.MustParse(app.Parse(os.Args[1:]))
 
-	isDebug = *debug
-
 	//set kcp config
 
 	switch *kcpArgs.Mode {
@@ -304,11 +386,12 @@ func initConfig() (err error) {
 	muxBridgeArgs.KCP = kcpArgs
 	muxServerArgs.KCP = kcpArgs
 	muxClientArgs.KCP = kcpArgs
+	dnsArgs.KCP = kcpArgs
 
 	log := logger.New(os.Stderr, "", logger.Ldate|logger.Ltime)
 
 	flags := logger.Ldate
-	if *debug {
+	if *isDebug {
 		flags |= logger.Lshortfile | logger.Lmicroseconds
 		cpuProfilingFile, _ = os.Create("cpu.prof")
 		memProfilingFile, _ = os.Create("memory.prof")
@@ -320,8 +403,9 @@ func initConfig() (err error) {
 		flags |= logger.Ltime
 	}
 	log.SetFlags(flags)
-
-	if *logfile != "" {
+	if *nolog {
+		log.SetOutput(ioutil.Discard)
+	} else if *logfile != "" {
 		f, e := os.OpenFile(*logfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
 		if e != nil {
 			log.Fatal(e)
@@ -352,9 +436,15 @@ func initConfig() (err error) {
 			}
 		}
 		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
 			for {
 				if cmd != nil {
 					cmd.Process.Kill()
+					time.Sleep(time.Second * 5)
 				}
 				cmd = exec.Command(os.Args[0], args...)
 				cmdReaderStderr, err := cmd.StderrPipe()
@@ -370,11 +460,21 @@ func initConfig() (err error) {
 				scanner := bufio.NewScanner(cmdReader)
 				scannerStdErr := bufio.NewScanner(cmdReaderStderr)
 				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+						}
+					}()
 					for scanner.Scan() {
 						fmt.Println(scanner.Text())
 					}
 				}()
 				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+						}
+					}()
 					for scannerStdErr.Scan() {
 						fmt.Println(scannerStdErr.Text())
 					}
@@ -390,14 +490,13 @@ func initConfig() (err error) {
 					continue
 				}
 				log.Printf("worker %s [PID] %d unexpected exited, restarting...\n", os.Args[0], pid)
-				time.Sleep(time.Second * 5)
 			}
 		}()
 		return
 	}
 	if *logfile == "" {
 		poster()
-		if *debug {
+		if *isDebug {
 			log.Println("[profiling] cpu profiling save to file : cpu.prof")
 			log.Println("[profiling] memory profiling save to file : memory.prof")
 			log.Println("[profiling] block profiling save to file : block.prof")
@@ -405,31 +504,35 @@ func initConfig() (err error) {
 			log.Println("[profiling] threadcreate profiling save to file : threadcreate.prof")
 		}
 	}
-	//regist services and run service
+
 	//regist services and run service
 	switch serviceName {
 	case "http":
-		services.Regist(serviceName, services.NewHTTP(), httpArgs, log)
+		services.Regist(serviceName, httpx.NewHTTP(), httpArgs, log)
 	case "tcp":
-		services.Regist(serviceName, services.NewTCP(), tcpArgs, log)
+		services.Regist(serviceName, tcpx.NewTCP(), tcpArgs, log)
 	case "udp":
-		services.Regist(serviceName, services.NewUDP(), udpArgs, log)
+		services.Regist(serviceName, udpx.NewUDP(), udpArgs, log)
 	case "tserver":
-		services.Regist(serviceName, services.NewTunnelServerManager(), tunnelServerArgs, log)
+		services.Regist(serviceName, tunnelx.NewTunnelServerManager(), tunnelServerArgs, log)
 	case "tclient":
-		services.Regist(serviceName, services.NewTunnelClient(), tunnelClientArgs, log)
+		services.Regist(serviceName, tunnelx.NewTunnelClient(), tunnelClientArgs, log)
 	case "tbridge":
-		services.Regist(serviceName, services.NewTunnelBridge(), tunnelBridgeArgs, log)
+		services.Regist(serviceName, tunnelx.NewTunnelBridge(), tunnelBridgeArgs, log)
 	case "server":
-		services.Regist(serviceName, services.NewMuxServerManager(), muxServerArgs, log)
+		services.Regist(serviceName, mux.NewMuxServerManager(), muxServerArgs, log)
 	case "client":
-		services.Regist(serviceName, services.NewMuxClient(), muxClientArgs, log)
+		services.Regist(serviceName, mux.NewMuxClient(), muxClientArgs, log)
 	case "bridge":
-		services.Regist(serviceName, services.NewMuxBridge(), muxBridgeArgs, log)
+		services.Regist(serviceName, mux.NewMuxBridge(), muxBridgeArgs, log)
 	case "socks":
-		services.Regist(serviceName, services.NewSocks(), socksArgs, log)
+		services.Regist(serviceName, socksx.NewSocks(), socksArgs, log)
 	case "sps":
-		services.Regist(serviceName, services.NewSPS(), spsArgs, log)
+		services.Regist(serviceName, spsx.NewSPS(), spsArgs, log)
+	case "dns":
+		services.Regist(serviceName, sdk.NewDNS(), dnsArgs, log)
+	case "keygen":
+		services.Regist(serviceName, keygenx.NewKeygen(), keygenArgs, log)
 	}
 	service, err = services.Run(serviceName, nil)
 	if err != nil {
@@ -439,16 +542,7 @@ func initConfig() (err error) {
 }
 
 func poster() {
-	fmt.Printf(`
-		########  ########   #######  ##     ## ##    ## 
-		##     ## ##     ## ##     ##  ##   ##   ##  ##  
-		##     ## ##     ## ##     ##   ## ##     ####   
-		########  ########  ##     ##    ###       ##    
-		##        ##   ##   ##     ##   ## ##      ##    
-		##        ##    ##  ##     ##  ##   ##     ##    
-		##        ##     ##  #######  ##     ##    ##    
-		
-		v%s`+" by snail , blog : http://www.host900.com/\n\n", APP_VERSION)
+	fmt.Printf(`Proxy Enterprise Version v%s`+" by snail , blog : http://www.host900.com/\n\n", APP_VERSION)
 }
 func saveProfiling() {
 	goroutine := pprof.Lookup("goroutine")

core/cs/client/client.go

@@ -0,0 +1,135 @@
+package client
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/core/dst"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	compressconn "github.com/snail007/goproxy/core/lib/transport"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
+	kcp "github.com/xtaci/kcp-go"
+)
+
+func TlsConnectHost(host string, timeout int, certBytes, keyBytes, caCertBytes []byte) (conn tls.Conn, err error) {
+	h := strings.Split(host, ":")
+	port, _ := strconv.Atoi(h[1])
+	return TlsConnect(h[0], port, timeout, certBytes, keyBytes, caCertBytes)
+}
+
+func TlsConnect(host string, port, timeout int, certBytes, keyBytes, caCertBytes []byte) (conn tls.Conn, err error) {
+	conf, err := getRequestTlsConfig(certBytes, keyBytes, caCertBytes)
+	if err != nil {
+		return
+	}
+	_conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), time.Duration(timeout)*time.Millisecond)
+	if err != nil {
+		return
+	}
+	return *tls.Client(_conn, conf), err
+}
+func TlsConfig(certBytes, keyBytes, caCertBytes []byte) (conf *tls.Config, err error) {
+	return getRequestTlsConfig(certBytes, keyBytes, caCertBytes)
+}
+func getRequestTlsConfig(certBytes, keyBytes, caCertBytes []byte) (conf *tls.Config, err error) {
+
+	var cert tls.Certificate
+	cert, err = tls.X509KeyPair(certBytes, keyBytes)
+	if err != nil {
+		return
+	}
+	serverCertPool := x509.NewCertPool()
+	caBytes := certBytes
+	if caCertBytes != nil {
+		caBytes = caCertBytes
+
+	}
+	ok := serverCertPool.AppendCertsFromPEM(caBytes)
+	if !ok {
+		err = errors.New("failed to parse root certificate")
+	}
+	block, _ := pem.Decode(caBytes)
+	if block == nil {
+		panic("failed to parse certificate PEM")
+	}
+	x509Cert, _ := x509.ParseCertificate(block.Bytes)
+	if x509Cert == nil {
+		panic("failed to parse block")
+	}
+	conf = &tls.Config{
+		RootCAs:            serverCertPool,
+		Certificates:       []tls.Certificate{cert},
+		InsecureSkipVerify: true,
+		ServerName:         x509Cert.Subject.CommonName,
+		VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+			opts := x509.VerifyOptions{
+				Roots: serverCertPool,
+			}
+			for _, rawCert := range rawCerts {
+				cert, _ := x509.ParseCertificate(rawCert)
+				_, err := cert.Verify(opts)
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		},
+	}
+	return
+}
+
+func TCPConnectHost(hostAndPort string, timeout int) (conn net.Conn, err error) {
+	conn, err = net.DialTimeout("tcp", hostAndPort, time.Duration(timeout)*time.Millisecond)
+	return
+}
+
+func TCPSConnectHost(hostAndPort string, method, password string, compress bool, timeout int) (conn net.Conn, err error) {
+	conn, err = net.DialTimeout("tcp", hostAndPort, time.Duration(timeout)*time.Millisecond)
+	if err != nil {
+		return
+	}
+	if compress {
+		conn = compressconn.NewCompConn(conn)
+	}
+	conn, err = encryptconn.NewConn(conn, method, password)
+	return
+}
+
+func TOUConnectHost(hostAndPort string, method, password string, compress bool, timeout int) (conn net.Conn, err error) {
+	udpConn, err := net.ListenUDP("udp", &net.UDPAddr{})
+	if err != nil {
+		panic(err)
+	}
+	// Create a DST mux around the packet connection with the default max
+	// packet size.
+	mux := dst.NewMux(udpConn, 0)
+	conn, err = mux.Dial("dst", hostAndPort)
+	if compress {
+		conn = compressconn.NewCompConn(conn)
+	}
+	conn, err = encryptconn.NewConn(conn, method, password)
+	return
+}
+func KCPConnectHost(hostAndPort string, config kcpcfg.KCPConfigArgs) (conn net.Conn, err error) {
+	kcpconn, err := kcp.DialWithOptions(hostAndPort, config.Block, *config.DataShard, *config.ParityShard)
+	if err != nil {
+		return
+	}
+	kcpconn.SetStreamMode(true)
+	kcpconn.SetWriteDelay(true)
+	kcpconn.SetNoDelay(*config.NoDelay, *config.Interval, *config.Resend, *config.NoCongestion)
+	kcpconn.SetMtu(*config.MTU)
+	kcpconn.SetWindowSize(*config.SndWnd, *config.RcvWnd)
+	kcpconn.SetACKNoDelay(*config.AckNodelay)
+	if *config.NoComp {
+		return kcpconn, err
+	}
+	return compressconn.NewCompStream(kcpconn), err
+}

core/cs/server/server.go

@@ -0,0 +1,341 @@
+package server
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strconv"
+
+	tou "github.com/snail007/goproxy/core/dst"
+	compressconn "github.com/snail007/goproxy/core/lib/transport"
+	transportc "github.com/snail007/goproxy/core/lib/transport"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
+
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+
+	kcp "github.com/xtaci/kcp-go"
+)
+
+func init() {
+
+}
+
+type ServerChannel struct {
+	ip               string
+	port             int
+	Listener         *net.Listener
+	UDPListener      *net.UDPConn
+	errAcceptHandler func(err error)
+	log              *logger.Logger
+	TOUServer        *tou.Mux
+}
+
+func NewServerChannel(ip string, port int, log *logger.Logger) ServerChannel {
+	return ServerChannel{
+		ip:   ip,
+		port: port,
+		log:  log,
+		errAcceptHandler: func(err error) {
+			log.Printf("accept error , ERR:%s", err)
+		},
+	}
+}
+func NewServerChannelHost(host string, log *logger.Logger) ServerChannel {
+	h, port, _ := net.SplitHostPort(host)
+	p, _ := strconv.Atoi(port)
+	return ServerChannel{
+		ip:   h,
+		port: p,
+		log:  log,
+		errAcceptHandler: func(err error) {
+			log.Printf("accept error , ERR:%s", err)
+		},
+	}
+}
+func (s *ServerChannel) SetErrAcceptHandler(fn func(err error)) {
+	s.errAcceptHandler = fn
+}
+func (s *ServerChannel) ListenSingleTLS(certBytes, keyBytes, caCertBytes []byte, fn func(conn net.Conn)) (err error) {
+	return s._ListenTLS(certBytes, keyBytes, caCertBytes, fn, true)
+
+}
+func (s *ServerChannel) ListenTLS(certBytes, keyBytes, caCertBytes []byte, fn func(conn net.Conn)) (err error) {
+	return s._ListenTLS(certBytes, keyBytes, caCertBytes, fn, false)
+}
+func (s *ServerChannel) _ListenTLS(certBytes, keyBytes, caCertBytes []byte, fn func(conn net.Conn), single bool) (err error) {
+	s.Listener, err = s.listenTLS(s.ip, s.port, certBytes, keyBytes, caCertBytes, single)
+	if err == nil {
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					s.log.Printf("ListenTLS crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+				}
+			}()
+			for {
+				var conn net.Conn
+				conn, err = (*s.Listener).Accept()
+				if err == nil {
+					go func() {
+						defer func() {
+							if e := recover(); e != nil {
+								s.log.Printf("tls connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+							}
+						}()
+						fn(conn)
+					}()
+				} else {
+					s.errAcceptHandler(err)
+					(*s.Listener).Close()
+					break
+				}
+			}
+		}()
+	}
+	return
+}
+func (s *ServerChannel) listenTLS(ip string, port int, certBytes, keyBytes, caCertBytes []byte, single bool) (ln *net.Listener, err error) {
+	var cert tls.Certificate
+	cert, err = tls.X509KeyPair(certBytes, keyBytes)
+	if err != nil {
+		return
+	}
+	config := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}
+	if !single {
+		clientCertPool := x509.NewCertPool()
+		caBytes := certBytes
+		if caCertBytes != nil {
+			caBytes = caCertBytes
+		}
+		ok := clientCertPool.AppendCertsFromPEM(caBytes)
+		if !ok {
+			err = errors.New("failed to parse root certificate")
+		}
+		config.ClientCAs = clientCertPool
+		config.ClientAuth = tls.RequireAndVerifyClientCert
+	}
+	_ln, err := tls.Listen("tcp", net.JoinHostPort(ip, fmt.Sprintf("%d", port)), config)
+	if err == nil {
+		ln = &_ln
+	}
+	return
+}
+func (s *ServerChannel) ListenTCPS(method, password string, compress bool, fn func(conn net.Conn)) (err error) {
+	_, err = encryptconn.NewCipher(method, password)
+	if err != nil {
+		return
+	}
+	return s.ListenTCP(func(c net.Conn) {
+		if compress {
+			c = transportc.NewCompConn(c)
+		}
+		c, _ = encryptconn.NewConn(c, method, password)
+		fn(c)
+	})
+}
+func (s *ServerChannel) ListenTCP(fn func(conn net.Conn)) (err error) {
+	var l net.Listener
+	l, err = net.Listen("tcp", net.JoinHostPort(s.ip, fmt.Sprintf("%d", s.port)))
+	if err == nil {
+		s.Listener = &l
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					s.log.Printf("ListenTCP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+				}
+			}()
+			for {
+				var conn net.Conn
+				conn, err = (*s.Listener).Accept()
+				if err == nil {
+					go func() {
+						defer func() {
+							if e := recover(); e != nil {
+								s.log.Printf("tcp connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+							}
+						}()
+						fn(conn)
+					}()
+				} else {
+					s.errAcceptHandler(err)
+					(*s.Listener).Close()
+					break
+				}
+			}
+		}()
+	}
+	return
+}
+func (s *ServerChannel) ListenUDP(fn func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr)) (err error) {
+	addr := &net.UDPAddr{IP: net.ParseIP(s.ip), Port: s.port}
+	l, err := net.ListenUDP("udp", addr)
+	if err == nil {
+		s.UDPListener = l
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					s.log.Printf("ListenUDP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+				}
+			}()
+			for {
+				var buf = make([]byte, 2048)
+				n, srcAddr, err := (*s.UDPListener).ReadFromUDP(buf)
+				if err == nil {
+					packet := buf[0:n]
+					go func() {
+						defer func() {
+							if e := recover(); e != nil {
+								s.log.Printf("udp data handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+							}
+						}()
+						fn(s.UDPListener, packet, addr, srcAddr)
+					}()
+				} else {
+					s.errAcceptHandler(err)
+					(*s.UDPListener).Close()
+					break
+				}
+			}
+		}()
+	}
+	return
+}
+func (s *ServerChannel) ListenKCP(config kcpcfg.KCPConfigArgs, fn func(conn net.Conn), log *logger.Logger) (err error) {
+	lis, err := kcp.ListenWithOptions(net.JoinHostPort(s.ip, fmt.Sprintf("%d", s.port)), config.Block, *config.DataShard, *config.ParityShard)
+	if err == nil {
+		if err = lis.SetDSCP(*config.DSCP); err != nil {
+			log.Println("SetDSCP:", err)
+			return
+		}
+		if err = lis.SetReadBuffer(*config.SockBuf); err != nil {
+			log.Println("SetReadBuffer:", err)
+			return
+		}
+		if err = lis.SetWriteBuffer(*config.SockBuf); err != nil {
+			log.Println("SetWriteBuffer:", err)
+			return
+		}
+		s.Listener = new(net.Listener)
+		*s.Listener = lis
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					s.log.Printf("ListenKCP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+				}
+			}()
+			for {
+				conn, err := lis.AcceptKCP()
+				if err == nil {
+					go func() {
+						defer func() {
+							if e := recover(); e != nil {
+								s.log.Printf("kcp connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+							}
+						}()
+						conn.SetStreamMode(true)
+						conn.SetWriteDelay(true)
+						conn.SetNoDelay(*config.NoDelay, *config.Interval, *config.Resend, *config.NoCongestion)
+						conn.SetMtu(*config.MTU)
+						conn.SetWindowSize(*config.SndWnd, *config.RcvWnd)
+						conn.SetACKNoDelay(*config.AckNodelay)
+						if *config.NoComp {
+							fn(conn)
+						} else {
+							cconn := transportc.NewCompStream(conn)
+							fn(cconn)
+						}
+					}()
+				} else {
+					s.errAcceptHandler(err)
+					(*s.Listener).Close()
+					break
+				}
+			}
+		}()
+	}
+	return
+}
+
+func (s *ServerChannel) ListenTOU(method, password string, compress bool, fn func(conn net.Conn)) (err error) {
+	addr := &net.UDPAddr{IP: net.ParseIP(s.ip), Port: s.port}
+	s.UDPListener, err = net.ListenUDP("udp", addr)
+	if err != nil {
+		s.log.Println(err)
+		return
+	}
+	s.TOUServer = tou.NewMux(s.UDPListener, 0)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("ListenRUDP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+			}
+		}()
+		for {
+			var conn net.Conn
+			conn, err = (*s.TOUServer).Accept()
+			if err == nil {
+				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							s.log.Printf("tcp connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
+						}
+					}()
+					if compress {
+						conn = compressconn.NewCompConn(conn)
+					}
+					conn, err = encryptconn.NewConn(conn, method, password)
+					if err != nil {
+						conn.Close()
+						s.log.Println(err)
+						return
+					}
+					fn(conn)
+				}()
+			} else {
+				s.errAcceptHandler(err)
+				s.TOUServer.Close()
+				s.UDPListener.Close()
+				break
+			}
+		}
+	}()
+
+	return
+}
+func (s *ServerChannel) Close() {
+	defer func() {
+		if e := recover(); e != nil {
+			s.log.Printf("close crashed :\n%s\n%s", e, string(debug.Stack()))
+		}
+	}()
+	if s.Listener != nil && *s.Listener != nil {
+		(*s.Listener).Close()
+	}
+	if s.TOUServer != nil {
+		s.TOUServer.Close()
+	}
+	if s.UDPListener != nil {
+		s.UDPListener.Close()
+	}
+}
+func (s *ServerChannel) Addr() string {
+	defer func() {
+		if e := recover(); e != nil {
+			s.log.Printf("close crashed :\n%s\n%s", e, string(debug.Stack()))
+		}
+	}()
+	if s.Listener != nil && *s.Listener != nil {
+		return (*s.Listener).Addr().String()
+	}
+
+	if s.UDPListener != nil {
+		return s.UDPListener.LocalAddr().String()
+	}
+	return ""
+}

core/cs/tests/transport_test.go

@@ -0,0 +1,49 @@
+package tests
+
+import (
+	"log"
+	"net"
+	"os"
+	"testing"
+
+	ctransport "github.com/snail007/goproxy/core/cs/client"
+	stransport "github.com/snail007/goproxy/core/cs/server"
+)
+
+func TestTCPS(t *testing.T) {
+	l := log.New(os.Stderr, "", log.LstdFlags)
+	s := stransport.NewServerChannelHost(":", l)
+	err := s.ListenTCPS("aes-256-cfb", "password", true, func(inconn net.Conn) {
+		buf := make([]byte, 2048)
+		_, err := inconn.Read(buf)
+		if err != nil {
+			t.Error(err)
+			return
+		}
+		_, err = inconn.Write([]byte("okay"))
+		if err != nil {
+			t.Error(err)
+			return
+		}
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	client, err := ctransport.TCPSConnectHost((*s.Listener).Addr().String(), "aes-256-cfb", "password", true, 1000)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer client.Close()
+	_, err = client.Write([]byte("test"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	b := make([]byte, 20)
+	n, err := client.Read(b)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(b[:n]) != "okay" {
+		t.Fatalf("client revecive okay excepted,revecived : %s", string(b[:n]))
+	}
+}

core/dst/conn.go

@@ -0,0 +1,603 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"bytes"
+	crand "crypto/rand"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"runtime/debug"
+
+	"math/rand"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+const (
+	defExpTime       = 100 * time.Millisecond // N * (4 * RTT + RTTVar + SYN)
+	expCountClose    = 8                      // close connection after this many Exps
+	minTimeClose     = 5 * time.Second        // if at least this long has passed
+	maxInputBuffer   = 8 << 20                // bytes
+	muxBufferPackets = 128                    // buffer size of channel between mux and reader routine
+	rttMeasureWindow = 32                     // number of packets to track for RTT averaging
+	rttMeasureSample = 128                    // Sample every ... packet for RTT
+
+	// number of bytes to subtract from MTU when chunking data, to try to
+	// avoid fragmentation
+	sliceOverhead = 8 /*pppoe, similar*/ + 20 /*ipv4*/ + 8 /*udp*/ + 16 /*dst*/
+)
+
+func init() {
+	// Properly seed the random number generator that we use for sequence
+	// numbers and stuff.
+	buf := make([]byte, 8)
+	if n, err := crand.Read(buf); n != 8 || err != nil {
+		panic("init random failure")
+	}
+	rand.Seed(int64(binary.BigEndian.Uint64(buf)))
+}
+
+// TODO: export this interface when it's usable from the outside
+type congestionController interface {
+	Ack()
+	NegAck()
+	Exp()
+	SendWindow() int
+	PacketRate() int // PPS
+	UpdateRTT(time.Duration)
+}
+
+// Conn is an SDT connection carried over a Mux.
+type Conn struct {
+	// Set at creation, thereafter immutable:
+
+	mux          *Mux
+	dst          net.Addr
+	connID       connectionID
+	remoteConnID connectionID
+	in           chan packet
+	cc           congestionController
+	packetSize   int
+	closed       chan struct{}
+	closeOnce    sync.Once
+
+	// Touched by more than one goroutine, needs locking.
+
+	nextSeqNoMut sync.Mutex
+	nextSeqNo    sequenceNo
+
+	inbufMut  sync.Mutex
+	inbufCond *sync.Cond
+	inbuf     bytes.Buffer
+
+	expMut sync.Mutex
+	exp    *time.Timer
+
+	sendBuffer *sendBuffer // goroutine safe
+
+	packetDelays     [rttMeasureWindow]time.Duration
+	packetDelaysSlot int
+	packetDelaysMut  sync.Mutex
+
+	// Owned by the reader routine, needs no locking
+
+	recvBuffer        packetList
+	nextRecvSeqNo     sequenceNo
+	lastAckedSeqNo    sequenceNo
+	lastNegAckedSeqNo sequenceNo
+	expCount          int
+	expReset          time.Time
+
+	// Only accessed atomically
+
+	packetsIn         int64
+	packetsOut        int64
+	bytesIn           int64
+	bytesOut          int64
+	resentPackets     int64
+	droppedPackets    int64
+	outOfOrderPackets int64
+
+	// Special
+
+	debugResetRecvSeqNo chan sequenceNo
+}
+
+func newConn(m *Mux, dst net.Addr) *Conn {
+	conn := &Conn{
+		mux:                 m,
+		dst:                 dst,
+		nextSeqNo:           sequenceNo(rand.Uint32()),
+		packetSize:          maxPacketSize,
+		in:                  make(chan packet, muxBufferPackets),
+		closed:              make(chan struct{}),
+		sendBuffer:          newSendBuffer(m),
+		exp:                 time.NewTimer(defExpTime),
+		debugResetRecvSeqNo: make(chan sequenceNo),
+		expReset:            time.Now(),
+	}
+
+	conn.lastAckedSeqNo = conn.nextSeqNo - 1
+	conn.inbufCond = sync.NewCond(&conn.inbufMut)
+
+	conn.cc = newWindowCC()
+	conn.sendBuffer.SetWindowAndRate(conn.cc.SendWindow(), conn.cc.PacketRate())
+	conn.recvBuffer.Resize(128)
+
+	return conn
+}
+
+func (c *Conn) start() {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		c.reader()
+	}()
+}
+
+func (c *Conn) reader() {
+	if debugConnection {
+		log.Println(c, "reader() starting")
+		defer log.Println(c, "reader() exiting")
+	}
+
+	for {
+		select {
+		case <-c.closed:
+			// Ack any received but not yet acked messages.
+			c.sendAck(0)
+
+			// Send a shutdown message.
+			c.nextSeqNoMut.Lock()
+			c.mux.write(packet{
+				src: c.connID,
+				dst: c.dst,
+				hdr: header{
+					packetType: typeShutdown,
+					connID:     c.remoteConnID,
+					sequenceNo: c.nextSeqNo,
+				},
+			})
+			c.nextSeqNo++
+			c.nextSeqNoMut.Unlock()
+			atomic.AddInt64(&c.packetsOut, 1)
+			atomic.AddInt64(&c.bytesOut, dstHeaderLen)
+			return
+
+		case pkt := <-c.in:
+			atomic.AddInt64(&c.packetsIn, 1)
+			atomic.AddInt64(&c.bytesIn, dstHeaderLen+int64(len(pkt.data)))
+
+			c.expCount = 1
+
+			switch pkt.hdr.packetType {
+			case typeData:
+				c.rcvData(pkt)
+			case typeAck:
+				c.rcvAck(pkt)
+			case typeNegAck:
+				c.rcvNegAck(pkt)
+			case typeShutdown:
+				c.rcvShutdown(pkt)
+			default:
+				log.Println("Unhandled packet", pkt)
+				continue
+			}
+
+		case <-c.exp.C:
+			c.eventExp()
+			c.resetExp()
+
+		case n := <-c.debugResetRecvSeqNo:
+			// Back door for testing
+			c.lastAckedSeqNo = n - 1
+			c.nextRecvSeqNo = n
+		}
+	}
+}
+
+func (c *Conn) eventExp() {
+	c.expCount++
+
+	if c.sendBuffer.lost.Len() > 0 || c.sendBuffer.send.Len() > 0 {
+		c.cc.Exp()
+		c.sendBuffer.SetWindowAndRate(c.cc.SendWindow(), c.cc.PacketRate())
+		c.sendBuffer.ScheduleResend()
+
+		if debugConnection {
+			log.Println(c, "did resends due to Exp")
+		}
+
+		if c.expCount > expCountClose && time.Since(c.expReset) > minTimeClose {
+			if debugConnection {
+				log.Println(c, "close due to Exp")
+			}
+
+			// We're shutting down due to repeated exp:s. Don't wait for the
+			// send buffer to drain, which it would otherwise do in
+			// c.Close()..
+			c.sendBuffer.CrashStop()
+
+			c.Close()
+		}
+	}
+}
+
+func (c *Conn) rcvAck(pkt packet) {
+	ack := pkt.hdr.sequenceNo
+
+	if debugConnection {
+		log.Printf("%v read Ack %v", c, ack)
+	}
+
+	c.cc.Ack()
+
+	if ack%rttMeasureSample == 0 {
+		if ts := timestamp(binary.BigEndian.Uint32(pkt.data)); ts > 0 {
+			if delay := time.Duration(timestampMicros()-ts) * time.Microsecond; delay > 0 {
+				c.packetDelaysMut.Lock()
+				c.packetDelays[c.packetDelaysSlot] = delay
+				c.packetDelaysSlot = (c.packetDelaysSlot + 1) % len(c.packetDelays)
+				c.packetDelaysMut.Unlock()
+
+				if rtt, n := c.averageDelay(); n > 8 {
+					c.cc.UpdateRTT(rtt)
+				}
+			}
+		}
+	}
+
+	c.sendBuffer.Acknowledge(ack)
+	c.sendBuffer.SetWindowAndRate(c.cc.SendWindow(), c.cc.PacketRate())
+
+	c.resetExp()
+}
+
+func (c *Conn) averageDelay() (time.Duration, int) {
+	var total time.Duration
+	var n int
+
+	c.packetDelaysMut.Lock()
+	for _, d := range c.packetDelays {
+		if d != 0 {
+			total += d
+			n++
+		}
+	}
+	c.packetDelaysMut.Unlock()
+
+	if n == 0 {
+		return 0, 0
+	}
+	return total / time.Duration(n), n
+}
+
+func (c *Conn) rcvNegAck(pkt packet) {
+	nak := pkt.hdr.sequenceNo
+
+	if debugConnection {
+		log.Printf("%v read NegAck %v", c, nak)
+	}
+
+	c.sendBuffer.NegativeAck(nak)
+
+	//c.cc.NegAck()
+	c.resetExp()
+}
+
+func (c *Conn) rcvShutdown(pkt packet) {
+	// XXX: We accept shutdown packets somewhat from the future since the
+	// sender will number the shutdown after any packets that might still be
+	// in the write buffer. This should be fixed to let the write buffer empty
+	// on close and reduce the window here.
+	if pkt.LessSeq(c.nextRecvSeqNo + 128) {
+		if debugConnection {
+			log.Println(c, "close due to shutdown")
+		}
+		c.Close()
+	}
+}
+
+func (c *Conn) rcvData(pkt packet) {
+	if debugConnection {
+		log.Println(c, "recv data", pkt.hdr)
+	}
+
+	if pkt.LessSeq(c.nextRecvSeqNo) {
+		if debugConnection {
+			log.Printf("%v old packet received; seq %v, expected %v", c, pkt.hdr.sequenceNo, c.nextRecvSeqNo)
+		}
+		atomic.AddInt64(&c.droppedPackets, 1)
+		return
+	}
+
+	if debugConnection {
+		log.Println(c, "into recv buffer:", pkt)
+	}
+	c.recvBuffer.InsertSorted(pkt)
+	if c.recvBuffer.LowestSeq() == c.nextRecvSeqNo {
+		for _, pkt := range c.recvBuffer.PopSequence(^sequenceNo(0)) {
+			if debugConnection {
+				log.Println(c, "from recv buffer:", pkt)
+			}
+
+			// An in-sequence packet.
+
+			c.nextRecvSeqNo = pkt.hdr.sequenceNo + 1
+
+			c.sendAck(pkt.hdr.timestamp)
+
+			c.inbufMut.Lock()
+			for c.inbuf.Len() > len(pkt.data)+maxInputBuffer {
+				c.inbufCond.Wait()
+				select {
+				case <-c.closed:
+					return
+				default:
+				}
+			}
+
+			c.inbuf.Write(pkt.data)
+			c.inbufCond.Broadcast()
+			c.inbufMut.Unlock()
+		}
+	} else {
+		if debugConnection {
+			log.Printf("%v lost; seq %v, expected %v", c, pkt.hdr.sequenceNo, c.nextRecvSeqNo)
+		}
+		c.recvBuffer.InsertSorted(pkt)
+		c.sendNegAck()
+		atomic.AddInt64(&c.outOfOrderPackets, 1)
+	}
+}
+
+func (c *Conn) sendAck(ts timestamp) {
+	if c.lastAckedSeqNo == c.nextRecvSeqNo {
+		return
+	}
+
+	var buf [4]byte
+	binary.BigEndian.PutUint32(buf[:], uint32(ts))
+	c.mux.write(packet{
+		src: c.connID,
+		dst: c.dst,
+		hdr: header{
+			packetType: typeAck,
+			connID:     c.remoteConnID,
+			sequenceNo: c.nextRecvSeqNo,
+		},
+		data: buf[:],
+	})
+
+	atomic.AddInt64(&c.packetsOut, 1)
+	atomic.AddInt64(&c.bytesOut, dstHeaderLen)
+	if debugConnection {
+		log.Printf("%v send Ack %v", c, c.nextRecvSeqNo)
+	}
+
+	c.lastAckedSeqNo = c.nextRecvSeqNo
+}
+
+func (c *Conn) sendNegAck() {
+	if c.lastNegAckedSeqNo == c.nextRecvSeqNo {
+		return
+	}
+
+	c.mux.write(packet{
+		src: c.connID,
+		dst: c.dst,
+		hdr: header{
+			packetType: typeNegAck,
+			connID:     c.remoteConnID,
+			sequenceNo: c.nextRecvSeqNo,
+		},
+	})
+
+	atomic.AddInt64(&c.packetsOut, 1)
+	atomic.AddInt64(&c.bytesOut, dstHeaderLen)
+	if debugConnection {
+		log.Printf("%v send NegAck %v", c, c.nextRecvSeqNo)
+	}
+
+	c.lastNegAckedSeqNo = c.nextRecvSeqNo
+}
+
+func (c *Conn) resetExp() {
+	d, _ := c.averageDelay()
+	d = d*4 + 10*time.Millisecond
+
+	if d < defExpTime {
+		d = defExpTime
+	}
+
+	c.expMut.Lock()
+	c.exp.Reset(d)
+	c.expMut.Unlock()
+}
+
+// String returns a string representation of the connection.
+func (c *Conn) String() string {
+	return fmt.Sprintf("%v/%v/%v", c.connID, c.LocalAddr(), c.RemoteAddr())
+}
+
+// Read reads data from the connection.
+// Read can be made to time out and return a Error with Timeout() == true
+// after a fixed time limit; see SetDeadline and SetReadDeadline.
+func (c *Conn) Read(b []byte) (n int, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			n = 0
+			err = io.EOF
+		}
+	}()
+	c.inbufMut.Lock()
+	defer c.inbufMut.Unlock()
+	for c.inbuf.Len() == 0 {
+		select {
+		case <-c.closed:
+			return 0, io.EOF
+		default:
+		}
+		c.inbufCond.Wait()
+	}
+	return c.inbuf.Read(b)
+}
+
+// Write writes data to the connection.
+// Write can be made to time out and return a Error with Timeout() == true
+// after a fixed time limit; see SetDeadline and SetWriteDeadline.
+func (c *Conn) Write(b []byte) (n int, err error) {
+	select {
+	case <-c.closed:
+		return 0, ErrClosedConn
+	default:
+	}
+
+	sent := 0
+	sliceSize := c.packetSize - sliceOverhead
+	for i := 0; i < len(b); i += sliceSize {
+		nxt := i + sliceSize
+		if nxt > len(b) {
+			nxt = len(b)
+		}
+		slice := b[i:nxt]
+		sliceCopy := c.mux.buffers.Get().([]byte)[:len(slice)]
+		copy(sliceCopy, slice)
+
+		c.nextSeqNoMut.Lock()
+		pkt := packet{
+			src: c.connID,
+			dst: c.dst,
+			hdr: header{
+				packetType: typeData,
+				sequenceNo: c.nextSeqNo,
+				connID:     c.remoteConnID,
+			},
+			data: sliceCopy,
+		}
+		c.nextSeqNo++
+		c.nextSeqNoMut.Unlock()
+
+		if err := c.sendBuffer.Write(pkt); err != nil {
+			return sent, err
+		}
+
+		atomic.AddInt64(&c.packetsOut, 1)
+		atomic.AddInt64(&c.bytesOut, int64(len(slice)+dstHeaderLen))
+
+		sent += len(slice)
+		c.resetExp()
+	}
+	return sent, nil
+}
+
+// Close closes the connection.
+// Any blocked Read or Write operations will be unblocked and return errors.
+func (c *Conn) Close() error {
+	defer func() {
+		_ = recover()
+	}()
+	c.closeOnce.Do(func() {
+		if debugConnection {
+			log.Println(c, "explicit close start")
+			defer log.Println(c, "explicit close done")
+		}
+
+		// XXX: Ugly hack to implement lingering sockets...
+		time.Sleep(4 * defExpTime)
+
+		c.sendBuffer.Stop()
+		c.mux.removeConn(c)
+		close(c.closed)
+
+		c.inbufMut.Lock()
+		c.inbufCond.Broadcast()
+		c.inbufMut.Unlock()
+	})
+	return nil
+}
+
+// LocalAddr returns the local network address.
+func (c *Conn) LocalAddr() net.Addr {
+	return c.mux.Addr()
+}
+
+// RemoteAddr returns the remote network address.
+func (c *Conn) RemoteAddr() net.Addr {
+	return c.dst
+}
+
+// SetDeadline sets the read and write deadlines associated
+// with the connection. It is equivalent to calling both
+// SetReadDeadline and SetWriteDeadline.
+//
+// A deadline is an absolute time after which I/O operations
+// fail with a timeout (see type Error) instead of
+// blocking. The deadline applies to all future I/O, not just
+// the immediately following call to Read or Write.
+//
+// An idle timeout can be implemented by repeatedly extending
+// the deadline after successful Read or Write calls.
+//
+// A zero value for t means I/O operations will not time out.
+//
+// BUG(jb): SetDeadline is not implemented.
+func (c *Conn) SetDeadline(t time.Time) error {
+	return ErrNotImplemented
+}
+
+// SetReadDeadline sets the deadline for future Read calls.
+// A zero value for t means Read will not time out.
+//
+// BUG(jb): SetReadDeadline is not implemented.
+func (c *Conn) SetReadDeadline(t time.Time) error {
+	return ErrNotImplemented
+}
+
+// SetWriteDeadline sets the deadline for future Write calls.
+// Even if write times out, it may return n > 0, indicating that
+// some of the data was successfully written.
+// A zero value for t means Write will not time out.
+//
+// BUG(jb): SetWriteDeadline is not implemented.
+func (c *Conn) SetWriteDeadline(t time.Time) error {
+	return ErrNotImplemented
+}
+
+type Statistics struct {
+	DataPacketsIn     int64
+	DataPacketsOut    int64
+	DataBytesIn       int64
+	DataBytesOut      int64
+	ResentPackets     int64
+	DroppedPackets    int64
+	OutOfOrderPackets int64
+}
+
+// String returns a printable represetnation of the Statistics.
+func (s Statistics) String() string {
+	return fmt.Sprintf("PktsIn: %d, PktsOut: %d, BytesIn: %d, BytesOut: %d, PktsResent: %d, PktsDropped: %d, PktsOutOfOrder: %d",
+		s.DataPacketsIn, s.DataPacketsOut, s.DataBytesIn, s.DataBytesOut, s.ResentPackets, s.DroppedPackets, s.OutOfOrderPackets)
+}
+
+// GetStatistics returns a snapsht of the current connection statistics.
+func (c *Conn) GetStatistics() Statistics {
+	return Statistics{
+		DataPacketsIn:     atomic.LoadInt64(&c.packetsIn),
+		DataPacketsOut:    atomic.LoadInt64(&c.packetsOut),
+		DataBytesIn:       atomic.LoadInt64(&c.bytesIn),
+		DataBytesOut:      atomic.LoadInt64(&c.bytesOut),
+		ResentPackets:     atomic.LoadInt64(&c.resentPackets),
+		DroppedPackets:    atomic.LoadInt64(&c.droppedPackets),
+		OutOfOrderPackets: atomic.LoadInt64(&c.outOfOrderPackets),
+	}
+}

core/dst/cookie.go

@@ -0,0 +1,29 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/binary"
+	"net"
+)
+
+var cookieKey = make([]byte, 16)
+
+func init() {
+	_, err := rand.Reader.Read(cookieKey)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func cookie(remote net.Addr) uint32 {
+	hash := sha256.New()
+	hash.Write([]byte(remote.String()))
+	hash.Write(cookieKey)
+	bs := hash.Sum(nil)
+	return binary.BigEndian.Uint32(bs)
+}

core/dst/debug.go

@@ -0,0 +1,26 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"os"
+	"strings"
+)
+
+var (
+	debugConnection bool
+	debugMux        bool
+	debugCC         bool
+)
+
+func init() {
+	debug := make(map[string]bool)
+	for _, s := range strings.Split(os.Getenv("DSTDEBUG"), ",") {
+		debug[strings.TrimSpace(s)] = true
+	}
+	debugConnection = debug["conn"]
+	debugMux = debug["mux"]
+	debugCC = debug["cc"]
+}

core/dst/doc.go

@@ -0,0 +1,12 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+/*
+
+Package dst implements the Datagram Stream Transfer protocol.
+
+DST is a way to get reliable stream connections (like TCP) on top of UDP.
+
+*/
+package dst

core/dst/errors.go

@@ -0,0 +1,23 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+// Error represents the various dst-internal error conditions.
+type Error struct {
+	Err string
+}
+
+// Error returns a string representation of the error.
+func (e Error) Error() string {
+	return e.Err
+}
+
+var (
+	ErrClosedConn       = &Error{"operation on closed connection"}
+	ErrClosedMux        = &Error{"operation on closed mux"}
+	ErrHandshakeTimeout = &Error{"handshake timeout"}
+	ErrNotDST           = &Error{"network is not dst"}
+	ErrNotImplemented   = &Error{"not implemented"}
+)

core/dst/mux.go

@@ -0,0 +1,429 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"fmt"
+	"runtime/debug"
+
+	"net"
+	"sync"
+	"time"
+)
+
+const (
+	maxIncomingRequests = 1024
+	maxPacketSize       = 500
+	handshakeTimeout    = 5 * time.Second
+	handshakeInterval   = 1 * time.Second
+)
+
+// Mux is a UDP multiplexer of DST connections.
+type Mux struct {
+	conn       net.PacketConn
+	packetSize int
+
+	conns      map[connectionID]*Conn
+	handshakes map[connectionID]chan packet
+	connsMut   sync.Mutex
+
+	incoming  chan *Conn
+	closed    chan struct{}
+	closeOnce sync.Once
+
+	buffers *sync.Pool
+}
+
+// NewMux creates a new DST Mux on top of a packet connection.
+func NewMux(conn net.PacketConn, packetSize int) *Mux {
+	if packetSize <= 0 {
+		packetSize = maxPacketSize
+	}
+	m := &Mux{
+		conn:       conn,
+		packetSize: packetSize,
+		conns:      map[connectionID]*Conn{},
+		handshakes: make(map[connectionID]chan packet),
+		incoming:   make(chan *Conn, maxIncomingRequests),
+		closed:     make(chan struct{}),
+		buffers: &sync.Pool{
+			New: func() interface{} {
+				return make([]byte, packetSize)
+			},
+		},
+	}
+
+	// Attempt to maximize buffer space. Start at 16 MB and work downwards 0.5
+	// MB at a time.
+
+	if conn, ok := conn.(*net.UDPConn); ok {
+		for buf := 16384 * 1024; buf >= 512*1024; buf -= 512 * 1024 {
+			err := conn.SetReadBuffer(buf)
+			if err == nil {
+				if debugMux {
+					log.Println(m, "read buffer is", buf)
+				}
+				break
+			}
+		}
+		for buf := 16384 * 1024; buf >= 512*1024; buf -= 512 * 1024 {
+			err := conn.SetWriteBuffer(buf)
+			if err == nil {
+				if debugMux {
+					log.Println(m, "write buffer is", buf)
+				}
+				break
+			}
+		}
+	}
+
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		m.readerLoop()
+	}()
+	return m
+}
+
+// Accept waits for and returns the next connection to the listener.
+func (m *Mux) Accept() (net.Conn, error) {
+	return m.AcceptDST()
+}
+
+// AcceptDST waits for and returns the next connection to the listener.
+func (m *Mux) AcceptDST() (*Conn, error) {
+	conn, ok := <-m.incoming
+	if !ok {
+		return nil, ErrClosedMux
+	}
+	return conn, nil
+}
+
+// Close closes the listener.
+// Any blocked Accept operations will be unblocked and return errors.
+func (m *Mux) Close() error {
+	var err error = ErrClosedMux
+	m.closeOnce.Do(func() {
+		err = m.conn.Close()
+		close(m.incoming)
+		close(m.closed)
+	})
+	return err
+}
+
+// Addr returns the listener's network address.
+func (m *Mux) Addr() net.Addr {
+	return m.conn.LocalAddr()
+}
+
+// Dial connects to the address on the named network.
+//
+// Network must be "dst".
+//
+// Addresses have the form host:port. If host is a literal IPv6 address or
+// host name, it must be enclosed in square brackets as in "[::1]:80",
+// "[ipv6-host]:http" or "[ipv6-host%zone]:80". The functions JoinHostPort and
+// SplitHostPort manipulate addresses in this form.
+//
+// Examples:
+//	Dial("dst", "12.34.56.78:80")
+//	Dial("dst", "google.com:http")
+//	Dial("dst", "[2001:db8::1]:http")
+//	Dial("dst", "[fe80::1%lo0]:80")
+func (m *Mux) Dial(network, addr string) (net.Conn, error) {
+	return m.DialDST(network, addr)
+}
+
+// Dial connects to the address on the named network.
+//
+// Network must be "dst".
+//
+// Addresses have the form host:port. If host is a literal IPv6 address or
+// host name, it must be enclosed in square brackets as in "[::1]:80",
+// "[ipv6-host]:http" or "[ipv6-host%zone]:80". The functions JoinHostPort and
+// SplitHostPort manipulate addresses in this form.
+//
+// Examples:
+//	Dial("dst", "12.34.56.78:80")
+//	Dial("dst", "google.com:http")
+//	Dial("dst", "[2001:db8::1]:http")
+//	Dial("dst", "[fe80::1%lo0]:80")
+func (m *Mux) DialDST(network, addr string) (*Conn, error) {
+	if network != "dst" {
+		return nil, ErrNotDST
+	}
+
+	dst, err := net.ResolveUDPAddr("udp", addr)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := make(chan packet)
+
+	m.connsMut.Lock()
+	connID := m.newConnID()
+	m.handshakes[connID] = resp
+	m.connsMut.Unlock()
+
+	conn, err := m.clientHandshake(dst, connID, resp)
+
+	m.connsMut.Lock()
+	defer m.connsMut.Unlock()
+	delete(m.handshakes, connID)
+
+	if err != nil {
+		return nil, err
+	}
+
+	m.conns[connID] = conn
+	return conn, nil
+}
+
+// handshake performs the client side handshake (i.e. Dial)
+func (m *Mux) clientHandshake(dst net.Addr, connID connectionID, resp chan packet) (*Conn, error) {
+	if debugMux {
+		log.Printf("%v dial %v connID %v", m, dst, connID)
+	}
+
+	nextHandshake := time.NewTimer(0)
+	defer nextHandshake.Stop()
+
+	handshakeTimeout := time.NewTimer(handshakeTimeout)
+	defer handshakeTimeout.Stop()
+
+	var remoteCookie uint32
+	seqNo := randomSeqNo()
+
+	for {
+		select {
+		case <-m.closed:
+			// Failure. The mux has been closed.
+			return nil, ErrClosedConn
+
+		case <-handshakeTimeout.C:
+			// Handshake timeout. Close and abort.
+			return nil, ErrHandshakeTimeout
+
+		case <-nextHandshake.C:
+			// Send a handshake request.
+
+			m.write(packet{
+				src: connID,
+				dst: dst,
+				hdr: header{
+					packetType: typeHandshake,
+					flags:      flagRequest,
+					connID:     0,
+					sequenceNo: seqNo,
+					timestamp:  timestampMicros(),
+				},
+				data: handshakeData{uint32(m.packetSize), connID, remoteCookie}.marshal(),
+			})
+			nextHandshake.Reset(handshakeInterval)
+
+		case pkt := <-resp:
+			hd := unmarshalHandshakeData(pkt.data)
+
+			if pkt.hdr.flags&flagCookie == flagCookie {
+				// We should resend the handshake request with a different cookie value.
+				remoteCookie = hd.cookie
+				nextHandshake.Reset(0)
+			} else if pkt.hdr.flags&flagResponse == flagResponse {
+				// Successfull handshake response.
+				conn := newConn(m, dst)
+
+				conn.connID = connID
+				conn.remoteConnID = hd.connID
+				conn.nextRecvSeqNo = pkt.hdr.sequenceNo + 1
+				conn.packetSize = int(hd.packetSize)
+				if conn.packetSize > m.packetSize {
+					conn.packetSize = m.packetSize
+				}
+
+				conn.nextSeqNo = seqNo + 1
+
+				conn.start()
+
+				return conn, nil
+			}
+		}
+	}
+}
+
+func (m *Mux) readerLoop() {
+	buf := make([]byte, m.packetSize)
+	for {
+		buf = buf[:cap(buf)]
+		n, from, err := m.conn.ReadFrom(buf)
+		if err != nil {
+			m.Close()
+			return
+		}
+		buf = buf[:n]
+
+		hdr := unmarshalHeader(buf)
+
+		var bufCopy []byte
+		if len(buf) > dstHeaderLen {
+			bufCopy = m.buffers.Get().([]byte)[:len(buf)-dstHeaderLen]
+			copy(bufCopy, buf[dstHeaderLen:])
+		}
+
+		pkt := packet{hdr: hdr, data: bufCopy}
+		if debugMux {
+			log.Println(m, "read", pkt)
+		}
+
+		if hdr.packetType == typeHandshake {
+			m.incomingHandshake(from, hdr, bufCopy)
+		} else {
+			m.connsMut.Lock()
+			conn, ok := m.conns[hdr.connID]
+			m.connsMut.Unlock()
+
+			if ok {
+				conn.in <- packet{
+					dst:  nil,
+					hdr:  hdr,
+					data: bufCopy,
+				}
+			} else if debugMux && hdr.packetType != typeShutdown {
+				log.Printf("packet %v for unknown conn %v", hdr, hdr.connID)
+			}
+		}
+	}
+}
+
+func (m *Mux) incomingHandshake(from net.Addr, hdr header, data []byte) {
+	if hdr.connID == 0 {
+		// A new incoming handshake request.
+		m.incomingHandshakeRequest(from, hdr, data)
+	} else {
+		// A response to an ongoing handshake.
+		m.incomingHandshakeResponse(from, hdr, data)
+	}
+}
+
+func (m *Mux) incomingHandshakeRequest(from net.Addr, hdr header, data []byte) {
+	if hdr.flags&flagRequest != flagRequest {
+		log.Printf("Handshake pattern with flags 0x%x to connID zero", hdr.flags)
+		return
+	}
+
+	hd := unmarshalHandshakeData(data)
+
+	correctCookie := cookie(from)
+	if hd.cookie != correctCookie {
+		// Incorrect or missing SYN cookie. Send back a handshake
+		// with the expected one.
+		m.write(packet{
+			dst: from,
+			hdr: header{
+				packetType: typeHandshake,
+				flags:      flagResponse | flagCookie,
+				connID:     hd.connID,
+				timestamp:  timestampMicros(),
+			},
+			data: handshakeData{
+				packetSize: uint32(m.packetSize),
+				cookie:     correctCookie,
+			}.marshal(),
+		})
+		return
+	}
+
+	seqNo := randomSeqNo()
+
+	m.connsMut.Lock()
+	connID := m.newConnID()
+
+	conn := newConn(m, from)
+	conn.connID = connID
+	conn.remoteConnID = hd.connID
+	conn.nextSeqNo = seqNo + 1
+	conn.nextRecvSeqNo = hdr.sequenceNo + 1
+	conn.packetSize = int(hd.packetSize)
+	if conn.packetSize > m.packetSize {
+		conn.packetSize = m.packetSize
+	}
+	conn.start()
+
+	m.conns[connID] = conn
+	m.connsMut.Unlock()
+
+	m.write(packet{
+		dst: from,
+		hdr: header{
+			packetType: typeHandshake,
+			flags:      flagResponse,
+			connID:     hd.connID,
+			sequenceNo: seqNo,
+			timestamp:  timestampMicros(),
+		},
+		data: handshakeData{
+			connID:     conn.connID,
+			packetSize: uint32(conn.packetSize),
+		}.marshal(),
+	})
+
+	m.incoming <- conn
+}
+
+func (m *Mux) incomingHandshakeResponse(from net.Addr, hdr header, data []byte) {
+	m.connsMut.Lock()
+	handShake, ok := m.handshakes[hdr.connID]
+	m.connsMut.Unlock()
+
+	if ok {
+		// This is a response to a handshake in progress.
+		handShake <- packet{
+			dst:  nil,
+			hdr:  hdr,
+			data: data,
+		}
+	} else if debugMux && hdr.packetType != typeShutdown {
+		log.Printf("Handshake packet %v for unknown conn %v", hdr, hdr.connID)
+	}
+}
+
+func (m *Mux) write(pkt packet) (int, error) {
+	buf := m.buffers.Get().([]byte)
+	buf = buf[:dstHeaderLen+len(pkt.data)]
+	pkt.hdr.marshal(buf)
+	copy(buf[dstHeaderLen:], pkt.data)
+	if debugMux {
+		log.Println(m, "write", pkt)
+	}
+	n, err := m.conn.WriteTo(buf, pkt.dst)
+	m.buffers.Put(buf)
+	return n, err
+}
+
+func (m *Mux) String() string {
+	return fmt.Sprintf("Mux-%v", m.Addr())
+}
+
+// Find a unique connection ID
+func (m *Mux) newConnID() connectionID {
+	for {
+		connID := randomConnID()
+		if _, ok := m.conns[connID]; ok {
+			continue
+		}
+		if _, ok := m.handshakes[connID]; ok {
+			continue
+		}
+		return connID
+	}
+}
+
+func (m *Mux) removeConn(c *Conn) {
+	m.connsMut.Lock()
+	delete(m.conns, c.connID)
+	m.connsMut.Unlock()
+}

core/dst/packetlist.go

@@ -0,0 +1,119 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+type packetList struct {
+	packets []packet
+	slot    int
+}
+
+// CutLessSeq cuts packets from the start of the list with sequence numbers
+// lower than seq. Returns the number of packets that were cut.
+func (l *packetList) CutLessSeq(seq sequenceNo) int {
+	var i, cut int
+	for i = range l.packets {
+		if i == l.slot {
+			break
+		}
+		if !l.packets[i].LessSeq(seq) {
+			break
+		}
+		cut++
+	}
+	if cut > 0 {
+		l.Cut(cut)
+	}
+	return cut
+}
+
+func (l *packetList) Cut(n int) {
+	copy(l.packets, l.packets[n:])
+	l.slot -= n
+}
+
+func (l *packetList) Full() bool {
+	return l.slot == len(l.packets)
+}
+
+func (l *packetList) All() []packet {
+	return l.packets[:l.slot]
+}
+
+func (l *packetList) Append(pkt packet) bool {
+	if l.slot == len(l.packets) {
+		return false
+	}
+	l.packets[l.slot] = pkt
+	l.slot++
+	return true
+}
+
+func (l *packetList) AppendAll(pkts []packet) {
+	l.packets = append(l.packets[:l.slot], pkts...)
+	l.slot += len(pkts)
+}
+
+func (l *packetList) Cap() int {
+	return len(l.packets)
+}
+
+func (l *packetList) Len() int {
+	return l.slot
+}
+
+func (l *packetList) Resize(s int) {
+	if s <= cap(l.packets) {
+		l.packets = l.packets[:s]
+	} else {
+		t := make([]packet, s)
+		copy(t, l.packets)
+		l.packets = t
+	}
+}
+
+func (l *packetList) InsertSorted(pkt packet) {
+	for i := range l.packets {
+		if i >= l.slot {
+			l.packets[i] = pkt
+			l.slot++
+			return
+		}
+		if pkt.hdr.sequenceNo == l.packets[i].hdr.sequenceNo {
+			return
+		}
+		if pkt.Less(l.packets[i]) {
+			copy(l.packets[i+1:], l.packets[i:])
+			l.packets[i] = pkt
+			if l.slot < len(l.packets) {
+				l.slot++
+			}
+			return
+		}
+	}
+}
+
+func (l *packetList) LowestSeq() sequenceNo {
+	return l.packets[0].hdr.sequenceNo
+}
+
+func (l *packetList) PopSequence(maxSeq sequenceNo) []packet {
+	highSeq := l.packets[0].hdr.sequenceNo
+	if highSeq >= maxSeq {
+		return nil
+	}
+
+	var i int
+	for i = 1; i < l.slot; i++ {
+		seq := l.packets[i].hdr.sequenceNo
+		if seq != highSeq+1 || seq >= maxSeq {
+			break
+		}
+		highSeq++
+	}
+	pkts := make([]packet, i)
+	copy(pkts, l.packets[:i])
+	l.Cut(i)
+	return pkts
+}

core/dst/packets.go

@@ -0,0 +1,155 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net"
+)
+
+const dstHeaderLen = 12
+
+type packetType int8
+
+const (
+	typeHandshake packetType = 0x0
+	typeData                 = 0x1
+	typeAck                  = 0x2
+	typeNegAck               = 0x3
+	typeShutdown             = 0x4
+)
+
+func (t packetType) String() string {
+	switch t {
+	case typeData:
+		return "data"
+	case typeHandshake:
+		return "handshake"
+	case typeAck:
+		return "ack"
+	case typeNegAck:
+		return "negAck"
+	case typeShutdown:
+		return "shutdown"
+	default:
+		return "unknown"
+	}
+}
+
+type connectionID uint32
+
+func (c connectionID) String() string {
+	return fmt.Sprintf("Ci%08x", uint32(c))
+}
+
+type sequenceNo uint32
+
+func (s sequenceNo) String() string {
+	return fmt.Sprintf("Sq%d", uint32(s))
+}
+
+type timestamp uint32
+
+func (t timestamp) String() string {
+	return fmt.Sprintf("Ts%d", uint32(t))
+}
+
+const (
+	flagRequest  = 1 << 0 // This packet is a handshake request
+	flagResponse = 1 << 1 // This packet is a handshake response
+	flagCookie   = 1 << 2 // This packet contains a coookie challenge
+)
+
+type header struct {
+	packetType packetType   // 4 bits
+	flags      uint8        // 4 bits
+	connID     connectionID // 24 bits
+	sequenceNo sequenceNo
+	timestamp  timestamp
+}
+
+func (h header) marshal(bs []byte) {
+	binary.BigEndian.PutUint32(bs, uint32(h.connID&0xffffff))
+	bs[0] = h.flags | uint8(h.packetType)<<4
+	binary.BigEndian.PutUint32(bs[4:], uint32(h.sequenceNo))
+	binary.BigEndian.PutUint32(bs[8:], uint32(h.timestamp))
+}
+
+func unmarshalHeader(bs []byte) header {
+	var h header
+	h.packetType = packetType(bs[0] >> 4)
+	h.flags = bs[0] & 0xf
+	h.connID = connectionID(binary.BigEndian.Uint32(bs) & 0xffffff)
+	h.sequenceNo = sequenceNo(binary.BigEndian.Uint32(bs[4:]))
+	h.timestamp = timestamp(binary.BigEndian.Uint32(bs[8:]))
+	return h
+}
+
+func (h header) String() string {
+	return fmt.Sprintf("header{type=%s flags=0x%x connID=%v seq=%v time=%v}", h.packetType, h.flags, h.connID, h.sequenceNo, h.timestamp)
+}
+
+type handshakeData struct {
+	packetSize uint32
+	connID     connectionID
+	cookie     uint32
+}
+
+func (h handshakeData) marshalInto(data []byte) {
+	binary.BigEndian.PutUint32(data[0:], h.packetSize)
+	binary.BigEndian.PutUint32(data[4:], uint32(h.connID))
+	binary.BigEndian.PutUint32(data[8:], h.cookie)
+}
+
+func (h handshakeData) marshal() []byte {
+	var data [12]byte
+	h.marshalInto(data[:])
+	return data[:]
+}
+
+func unmarshalHandshakeData(data []byte) handshakeData {
+	var h handshakeData
+	h.packetSize = binary.BigEndian.Uint32(data[0:])
+	h.connID = connectionID(binary.BigEndian.Uint32(data[4:]))
+	h.cookie = binary.BigEndian.Uint32(data[8:])
+	return h
+}
+
+func (h handshakeData) String() string {
+	return fmt.Sprintf("handshake{size=%d connID=%v cookie=0x%08x}", h.packetSize, h.connID, h.cookie)
+}
+
+type packet struct {
+	src  connectionID
+	dst  net.Addr
+	hdr  header
+	data []byte
+}
+
+func (p packet) String() string {
+	var dst string
+	if p.dst != nil {
+		dst = "dst=" + p.dst.String() + " "
+	}
+	switch p.hdr.packetType {
+	case typeHandshake:
+		return fmt.Sprintf("%spacket{src=%v %v %v}", dst, p.src, p.hdr, unmarshalHandshakeData(p.data))
+	default:
+		return fmt.Sprintf("%spacket{src=%v %v data[:%d]}", dst, p.src, p.hdr, len(p.data))
+	}
+}
+
+func (p packet) LessSeq(seq sequenceNo) bool {
+	diff := seq - p.hdr.sequenceNo
+	if diff == 0 {
+		return false
+	}
+	return diff < 1<<31
+}
+
+func (a packet) Less(b packet) bool {
+	return a.LessSeq(b.hdr.sequenceNo)
+}

core/dst/sendbuffer.go

@@ -0,0 +1,268 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"fmt"
+	"runtime/debug"
+
+	"sync"
+
+	"github.com/juju/ratelimit"
+)
+
+/*
+	                          sendWindow
+	                         v
+		[S|S|S|S|Q|Q|Q|Q| | | | | | | | | ]
+		         ^       ^writeSlot
+		          sendSlot
+*/
+type sendBuffer struct {
+	mux       *Mux              // we send packets here
+	scheduler *ratelimit.Bucket // sets send rate for packets
+
+	sendWindow int // maximum number of outstanding non-acked packets
+	packetRate int // target pps
+
+	send     packetList // buffered packets
+	sendSlot int        // buffer slot from which to send next packet
+
+	lost     packetList // list of packets reported lost by timeout
+	lostSlot int        // next lost packet to resend
+
+	closed  bool
+	closing bool
+	mut     sync.Mutex
+	cond    *sync.Cond
+}
+
+const (
+	schedulerRate     = 1e6
+	schedulerCapacity = schedulerRate / 40
+)
+
+// newSendBuffer creates a new send buffer with a zero window.
+// SetRateAndWindow() must be called to set an initial packet rate and send
+// window before using.
+func newSendBuffer(m *Mux) *sendBuffer {
+	b := &sendBuffer{
+		mux:       m,
+		scheduler: ratelimit.NewBucketWithRate(schedulerRate, schedulerCapacity),
+	}
+	b.cond = sync.NewCond(&b.mut)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		b.writerLoop()
+	}()
+	return b
+}
+
+// Write puts a new packet in send buffer and schedules a send. Blocks when
+// the window size is or would be exceeded.
+func (b *sendBuffer) Write(pkt packet) error {
+	b.mut.Lock()
+	defer b.mut.Unlock()
+
+	for b.send.Full() || b.send.Len() >= b.sendWindow {
+		if b.closing {
+			return ErrClosedConn
+		}
+		if debugConnection {
+			log.Println(b, "Write blocked")
+		}
+		b.cond.Wait()
+	}
+	if !b.send.Append(pkt) {
+		panic("bug: append failed")
+	}
+	b.cond.Broadcast()
+	return nil
+}
+
+// Acknowledge removes packets with lower sequence numbers from the loss list
+// or send buffer.
+func (b *sendBuffer) Acknowledge(seq sequenceNo) {
+	b.mut.Lock()
+
+	if cut := b.lost.CutLessSeq(seq); cut > 0 {
+		if debugConnection {
+			log.Println(b, "cut", cut, "from loss list")
+		}
+		// Next resend should always start with the first packet, regardless
+		// of what we might already have resent previously.
+		b.lostSlot = 0
+		b.cond.Broadcast()
+	}
+
+	if cut := b.send.CutLessSeq(seq); cut > 0 {
+		if debugConnection {
+			log.Println(b, "cut", cut, "from send list")
+		}
+		b.sendSlot -= cut
+		b.cond.Broadcast()
+	}
+
+	b.mut.Unlock()
+}
+
+func (b *sendBuffer) NegativeAck(seq sequenceNo) {
+	b.mut.Lock()
+
+	pkts := b.send.PopSequence(seq)
+	if cut := len(pkts); cut > 0 {
+		b.lost.AppendAll(pkts)
+		if debugConnection {
+			log.Println(b, "cut", cut, "from send list, adding to loss list")
+			log.Println(seq, pkts)
+		}
+		b.sendSlot -= cut
+		b.lostSlot = 0
+		b.cond.Broadcast()
+	}
+
+	b.mut.Unlock()
+}
+
+// ScheduleResend arranges for a resend of all currently unacknowledged
+// packets.
+func (b *sendBuffer) ScheduleResend() {
+	b.mut.Lock()
+
+	if b.sendSlot > 0 {
+		// There are packets that have been sent but not acked. Move them from
+		// the send buffer to the loss list for retransmission.
+		if debugConnection {
+			log.Println(b, "scheduled resend from send list", b.sendSlot)
+		}
+
+		// Append the packets to the loss list and rewind the send buffer
+		b.lost.AppendAll(b.send.All()[:b.sendSlot])
+		b.send.Cut(b.sendSlot)
+		b.sendSlot = 0
+		b.cond.Broadcast()
+	}
+
+	if b.lostSlot > 0 {
+		// Also resend whatever was already in the loss list
+		if debugConnection {
+			log.Println(b, "scheduled resend from loss list", b.lostSlot)
+		}
+		b.lostSlot = 0
+		b.cond.Broadcast()
+	}
+
+	b.mut.Unlock()
+}
+
+// SetWindowAndRate sets the window size (in packets) and packet rate (in
+// packets per second) to use when sending.
+func (b *sendBuffer) SetWindowAndRate(sendWindow, packetRate int) {
+	b.mut.Lock()
+	if debugConnection {
+		log.Println(b, "new window & rate", sendWindow, packetRate)
+	}
+	b.packetRate = packetRate
+	b.sendWindow = sendWindow
+	if b.sendWindow > b.send.Cap() {
+		b.send.Resize(b.sendWindow)
+		b.cond.Broadcast()
+	}
+	b.mut.Unlock()
+}
+
+// Stop stops the send buffer from any doing further sending, but waits for
+// the current buffers to be drained.
+func (b *sendBuffer) Stop() {
+	b.mut.Lock()
+
+	if b.closed || b.closing {
+		return
+	}
+
+	b.closing = true
+	for b.lost.Len() > 0 || b.send.Len() > 0 {
+		b.cond.Wait()
+	}
+
+	b.closed = true
+	b.cond.Broadcast()
+	b.mut.Unlock()
+}
+
+// CrashStop stops the send buffer from any doing further sending, without
+// waiting for buffers to drain.
+func (b *sendBuffer) CrashStop() {
+	b.mut.Lock()
+
+	if b.closed || b.closing {
+		return
+	}
+
+	b.closing = true
+	b.closed = true
+	b.cond.Broadcast()
+	b.mut.Unlock()
+}
+
+func (b *sendBuffer) String() string {
+	return fmt.Sprintf("sendBuffer@%p", b)
+}
+
+func (b *sendBuffer) writerLoop() {
+	if debugConnection {
+		log.Println(b, "writer() starting")
+		defer log.Println(b, "writer() exiting")
+	}
+
+	b.scheduler.Take(schedulerCapacity)
+	for {
+		var pkt packet
+		b.mut.Lock()
+		for b.lostSlot >= b.sendWindow ||
+			(b.sendSlot == b.send.Len() && b.lostSlot == b.lost.Len()) {
+			if b.closed {
+				b.mut.Unlock()
+				return
+			}
+
+			if debugConnection {
+				log.Println(b, "writer() paused", b.lostSlot, b.sendSlot, b.sendWindow, b.lost.Len())
+			}
+			b.cond.Wait()
+		}
+
+		if b.lostSlot < b.lost.Len() {
+			pkt = b.lost.All()[b.lostSlot]
+			pkt.hdr.timestamp = timestampMicros()
+			b.lostSlot++
+
+			if debugConnection {
+				log.Println(b, "resend", b.lostSlot, b.lost.Len(), b.sendWindow, pkt.hdr.connID, pkt.hdr.sequenceNo)
+			}
+		} else if b.sendSlot < b.send.Len() {
+			pkt = b.send.All()[b.sendSlot]
+			pkt.hdr.timestamp = timestampMicros()
+			b.sendSlot++
+
+			if debugConnection {
+				log.Println(b, "send", b.sendSlot, b.send.Len(), b.sendWindow, pkt.hdr.connID, pkt.hdr.sequenceNo)
+			}
+		}
+
+		b.cond.Broadcast()
+		packetRate := b.packetRate
+		b.mut.Unlock()
+
+		if pkt.dst != nil {
+			b.scheduler.Wait(schedulerRate / int64(packetRate))
+			b.mux.write(pkt)
+		}
+	}
+}

core/dst/util.go

@@ -0,0 +1,29 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	logger "log"
+	"math/rand"
+	"os"
+	"time"
+)
+
+var log = logger.New(os.Stderr, "", logger.LstdFlags)
+
+func SetLogger(l *logger.Logger) {
+	log = l
+}
+func timestampMicros() timestamp {
+	return timestamp(time.Now().UnixNano() / 1000)
+}
+
+func randomSeqNo() sequenceNo {
+	return sequenceNo(rand.Uint32())
+}
+
+func randomConnID() connectionID {
+	return connectionID(rand.Uint32() & 0xffffff)
+}

core/dst/windowcc.go

@@ -0,0 +1,144 @@
+// Copyright 2014 The DST Authors. All rights reserved.
+// Use of this source code is governed by an MIT-style
+// license that can be found in the LICENSE file.
+
+package dst
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"time"
+)
+
+type windowCC struct {
+	minWindow     int
+	maxWindow     int
+	currentWindow int
+	minRate       int
+	maxRate       int
+	currentRate   int
+	targetRate    int
+
+	curRTT time.Duration
+	minRTT time.Duration
+
+	statsFile io.WriteCloser
+	start     time.Time
+}
+
+func newWindowCC() *windowCC {
+	var statsFile io.WriteCloser
+
+	if debugCC {
+		statsFile, _ = os.Create(fmt.Sprintf("cc-log-%d.csv", time.Now().Unix()))
+		fmt.Fprintf(statsFile, "ms,minWin,maxWin,curWin,minRate,maxRate,curRate,minRTT,curRTT\n")
+	}
+
+	return &windowCC{
+		minWindow:     1, // Packets
+		maxWindow:     16 << 10,
+		currentWindow: 1,
+
+		minRate:     100,  // PPS
+		maxRate:     80e3, // Roughly 1 Gbps at 1500 bytes per packet
+		currentRate: 100,
+		targetRate:  1000,
+
+		minRTT:    10 * time.Second,
+		statsFile: statsFile,
+		start:     time.Now(),
+	}
+}
+
+func (w *windowCC) Ack() {
+	if w.curRTT > w.minRTT+100*time.Millisecond {
+		return
+	}
+
+	changed := false
+
+	if w.currentWindow < w.maxWindow {
+		w.currentWindow++
+		changed = true
+	}
+
+	if w.currentRate != w.targetRate {
+		w.currentRate = (w.currentRate*7 + w.targetRate) / 8
+		changed = true
+	}
+
+	if changed && debugCC {
+		w.log()
+		log.Println("Ack", w.currentWindow, w.currentRate)
+	}
+}
+
+func (w *windowCC) NegAck() {
+	if w.currentWindow > w.minWindow {
+		w.currentWindow /= 2
+	}
+	if w.currentRate > w.minRate {
+		w.currentRate /= 2
+	}
+	if debugCC {
+		w.log()
+		log.Println("NegAck", w.currentWindow, w.currentRate)
+	}
+}
+
+func (w *windowCC) Exp() {
+	w.currentWindow = w.minWindow
+	if debugCC {
+		w.log()
+		log.Println("Exp", w.currentWindow, w.currentRate)
+	}
+}
+
+func (w *windowCC) SendWindow() int {
+	if w.currentWindow < w.minWindow {
+		return w.minWindow
+	}
+	if w.currentWindow > w.maxWindow {
+		return w.maxWindow
+	}
+	return w.currentWindow
+}
+
+func (w *windowCC) PacketRate() int {
+	if w.currentRate < w.minRate {
+		return w.minRate
+	}
+	if w.currentRate > w.maxRate {
+		return w.maxRate
+	}
+	return w.currentRate
+}
+
+func (w *windowCC) UpdateRTT(rtt time.Duration) {
+	w.curRTT = rtt
+	if w.curRTT < w.minRTT {
+		w.minRTT = w.curRTT
+		if debugCC {
+			log.Println("Min RTT", w.minRTT)
+		}
+	}
+
+	if w.curRTT > w.minRTT+200*time.Millisecond && w.targetRate > 2*w.minRate {
+		w.targetRate -= w.minRate
+	} else if w.curRTT < w.minRTT+20*time.Millisecond && w.targetRate < w.maxRate {
+		w.targetRate += w.minRate
+	}
+
+	if debugCC {
+		w.log()
+		log.Println("RTT", w.curRTT, "target rate", w.targetRate, "current rate", w.currentRate, "current window", w.currentWindow)
+	}
+}
+
+func (w *windowCC) log() {
+	if w.statsFile == nil {
+		return
+	}
+	fmt.Fprintf(w.statsFile, "%.02f,%d,%d,%d,%d,%d,%d,%.02f,%.02f\n", time.Since(w.start).Seconds()*1000, w.minWindow, w.maxWindow, w.currentWindow, w.minRate, w.maxRate, w.currentRate, w.minRTT.Seconds()*1000, w.curRTT.Seconds()*1000)
+}

core/lib/buf/leakybuf.go

@@ -0,0 +1,52 @@
+// Provides leaky buffer, based on the example in Effective Go.
+package buf
+
+type LeakyBuf struct {
+	bufSize  int // size of each buffer
+	freeList chan []byte
+}
+
+const LeakyBufSize = 2048 // data.len(2) + hmacsha1(10) + data(4096)
+const maxNBuf = 2048
+
+var LeakyBuffer = NewLeakyBuf(maxNBuf, LeakyBufSize)
+
+func Get() (b []byte) {
+	return LeakyBuffer.Get()
+}
+func Put(b []byte) {
+	LeakyBuffer.Put(b)
+}
+
+// NewLeakyBuf creates a leaky buffer which can hold at most n buffer, each
+// with bufSize bytes.
+func NewLeakyBuf(n, bufSize int) *LeakyBuf {
+	return &LeakyBuf{
+		bufSize:  bufSize,
+		freeList: make(chan []byte, n),
+	}
+}
+
+// Get returns a buffer from the leaky buffer or create a new buffer.
+func (lb *LeakyBuf) Get() (b []byte) {
+	select {
+	case b = <-lb.freeList:
+	default:
+		b = make([]byte, lb.bufSize)
+	}
+	return
+}
+
+// Put add the buffer into the free buffer pool for reuse. Panic if the buffer
+// size is not the same with the leaky buffer's. This is intended to expose
+// error usage of leaky buffer.
+func (lb *LeakyBuf) Put(b []byte) {
+	if len(b) != lb.bufSize {
+		panic("invalid buffer size that's put into leaky buffer")
+	}
+	select {
+	case lb.freeList <- b:
+	default:
+	}
+	return
+}

core/lib/ioutils/utils.go

@@ -0,0 +1,68 @@
+package ioutils
+
+import (
+	"io"
+	logger "log"
+
+	lbuf "github.com/snail007/goproxy/core/lib/buf"
+)
+
+func IoBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger) {
+	go func() {
+		defer func() {
+			if err := recover(); err != nil {
+				log.Printf("bind crashed %s", err)
+			}
+		}()
+		e1 := make(chan interface{}, 1)
+		e2 := make(chan interface{}, 1)
+		go func() {
+			defer func() {
+				if err := recover(); err != nil {
+					log.Printf("bind crashed %s", err)
+				}
+			}()
+			//_, err := io.Copy(dst, src)
+			err := ioCopy(dst, src)
+			e1 <- err
+		}()
+		go func() {
+			defer func() {
+				if err := recover(); err != nil {
+					log.Printf("bind crashed %s", err)
+				}
+			}()
+			//_, err := io.Copy(src, dst)
+			err := ioCopy(src, dst)
+			e2 <- err
+		}()
+		var err interface{}
+		select {
+		case err = <-e1:
+			//log.Printf("e1")
+		case err = <-e2:
+			//log.Printf("e2")
+		}
+		src.Close()
+		dst.Close()
+		if fn != nil {
+			fn(err)
+		}
+	}()
+}
+func ioCopy(dst io.ReadWriter, src io.ReadWriter) (err error) {
+	buf := lbuf.LeakyBuffer.Get()
+	defer lbuf.LeakyBuffer.Put(buf)
+	n := 0
+	for {
+		n, err = src.Read(buf)
+		if n > 0 {
+			if _, e := dst.Write(buf[0:n]); e != nil {
+				return e
+			}
+		}
+		if err != nil {
+			return
+		}
+	}
+}

core/lib/kcpcfg/args.go

@@ -0,0 +1,24 @@
+package kcpcfg
+
+import kcp "github.com/xtaci/kcp-go"
+
+type KCPConfigArgs struct {
+	Key          *string
+	Crypt        *string
+	Mode         *string
+	MTU          *int
+	SndWnd       *int
+	RcvWnd       *int
+	DataShard    *int
+	ParityShard  *int
+	DSCP         *int
+	NoComp       *bool
+	AckNodelay   *bool
+	NoDelay      *int
+	Interval     *int
+	Resend       *int
+	NoCongestion *int
+	SockBuf      *int
+	KeepAlive    *int
+	Block        kcp.BlockCrypt
+}

core/lib/mapx/map.go

@@ -0,0 +1,355 @@
+package mapx
+
+import (
+	"encoding/json"
+	"fmt"
+	"runtime/debug"
+	"sync"
+)
+
+var SHARD_COUNT = 32
+
+// A "thread" safe map of type string:Anything.
+// To avoid lock bottlenecks this map is dived to several (SHARD_COUNT) map shards.
+type ConcurrentMap []*ConcurrentMapShared
+
+// A "thread" safe string to anything map.
+type ConcurrentMapShared struct {
+	items        map[string]interface{}
+	sync.RWMutex // Read Write mutex, guards access to internal map.
+}
+
+// Creates a new concurrent map.
+func NewConcurrentMap() ConcurrentMap {
+	m := make(ConcurrentMap, SHARD_COUNT)
+	for i := 0; i < SHARD_COUNT; i++ {
+		m[i] = &ConcurrentMapShared{items: make(map[string]interface{})}
+	}
+	return m
+}
+
+// Returns shard under given key
+func (m ConcurrentMap) GetShard(key string) *ConcurrentMapShared {
+	return m[uint(fnv32(key))%uint(SHARD_COUNT)]
+}
+
+func (m ConcurrentMap) MSet(data map[string]interface{}) {
+	for key, value := range data {
+		shard := m.GetShard(key)
+		shard.Lock()
+		shard.items[key] = value
+		shard.Unlock()
+	}
+}
+
+// Sets the given value under the specified key.
+func (m ConcurrentMap) Set(key string, value interface{}) {
+	// Get map shard.
+	shard := m.GetShard(key)
+	shard.Lock()
+	shard.items[key] = value
+	shard.Unlock()
+}
+
+// Callback to return new element to be inserted into the map
+// It is called while lock is held, therefore it MUST NOT
+// try to access other keys in same map, as it can lead to deadlock since
+// Go sync.RWLock is not reentrant
+type UpsertCb func(exist bool, valueInMap interface{}, newValue interface{}) interface{}
+
+// Insert or Update - updates existing element or inserts a new one using UpsertCb
+func (m ConcurrentMap) Upsert(key string, value interface{}, cb UpsertCb) (res interface{}) {
+	shard := m.GetShard(key)
+	shard.Lock()
+	v, ok := shard.items[key]
+	res = cb(ok, v, value)
+	shard.items[key] = res
+	shard.Unlock()
+	return res
+}
+
+// Sets the given value under the specified key if no value was associated with it.
+func (m ConcurrentMap) SetIfAbsent(key string, value interface{}) bool {
+	// Get map shard.
+	shard := m.GetShard(key)
+	shard.Lock()
+	_, ok := shard.items[key]
+	if !ok {
+		shard.items[key] = value
+	}
+	shard.Unlock()
+	return !ok
+}
+
+// Retrieves an element from map under given key.
+func (m ConcurrentMap) Get(key string) (interface{}, bool) {
+	// Get shard
+	shard := m.GetShard(key)
+	shard.RLock()
+	// Get item from shard.
+	val, ok := shard.items[key]
+	shard.RUnlock()
+	return val, ok
+}
+
+// Returns the number of elements within the map.
+func (m ConcurrentMap) Count() int {
+	count := 0
+	for i := 0; i < SHARD_COUNT; i++ {
+		shard := m[i]
+		shard.RLock()
+		count += len(shard.items)
+		shard.RUnlock()
+	}
+	return count
+}
+
+// Looks up an item under specified key
+func (m ConcurrentMap) Has(key string) bool {
+	// Get shard
+	shard := m.GetShard(key)
+	shard.RLock()
+	// See if element is within shard.
+	_, ok := shard.items[key]
+	shard.RUnlock()
+	return ok
+}
+
+// Removes an element from the map.
+func (m ConcurrentMap) Remove(key string) {
+	// Try to get shard.
+	shard := m.GetShard(key)
+	shard.Lock()
+	delete(shard.items, key)
+	shard.Unlock()
+}
+
+// Removes an element from the map and returns it
+func (m ConcurrentMap) Pop(key string) (v interface{}, exists bool) {
+	// Try to get shard.
+	shard := m.GetShard(key)
+	shard.Lock()
+	v, exists = shard.items[key]
+	delete(shard.items, key)
+	shard.Unlock()
+	return v, exists
+}
+
+// Checks if map is empty.
+func (m ConcurrentMap) IsEmpty() bool {
+	return m.Count() == 0
+}
+
+// Used by the Iter & IterBuffered functions to wrap two variables together over a channel,
+type Tuple struct {
+	Key string
+	Val interface{}
+}
+
+// Returns an iterator which could be used in a for range loop.
+//
+// Deprecated: using IterBuffered() will get a better performence
+func (m ConcurrentMap) Iter() <-chan Tuple {
+	chans := snapshot(m)
+	ch := make(chan Tuple)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		fanIn(chans, ch)
+	}()
+	return ch
+}
+
+// Returns a buffered iterator which could be used in a for range loop.
+func (m ConcurrentMap) IterBuffered() <-chan Tuple {
+	chans := snapshot(m)
+	total := 0
+	for _, c := range chans {
+		total += cap(c)
+	}
+	ch := make(chan Tuple, total)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		fanIn(chans, ch)
+	}()
+	return ch
+}
+
+// Returns a array of channels that contains elements in each shard,
+// which likely takes a snapshot of `m`.
+// It returns once the size of each buffered channel is determined,
+// before all the channels are populated using goroutines.
+func snapshot(m ConcurrentMap) (chans []chan Tuple) {
+	chans = make([]chan Tuple, SHARD_COUNT)
+	wg := sync.WaitGroup{}
+	wg.Add(SHARD_COUNT)
+	// Foreach shard.
+	for index, shard := range m {
+		go func(index int, shard *ConcurrentMapShared) {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+				}
+			}()
+			// Foreach key, value pair.
+			shard.RLock()
+			chans[index] = make(chan Tuple, len(shard.items))
+			wg.Done()
+			for key, val := range shard.items {
+				chans[index] <- Tuple{key, val}
+			}
+			shard.RUnlock()
+			close(chans[index])
+		}(index, shard)
+	}
+	wg.Wait()
+	return chans
+}
+
+// fanIn reads elements from channels `chans` into channel `out`
+func fanIn(chans []chan Tuple, out chan Tuple) {
+	wg := sync.WaitGroup{}
+	wg.Add(len(chans))
+	for _, ch := range chans {
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+				}
+			}()
+			func(ch chan Tuple) {
+				for t := range ch {
+					out <- t
+				}
+				wg.Done()
+			}(ch)
+		}()
+	}
+	wg.Wait()
+	close(out)
+}
+
+// Returns all items as map[string]interface{}
+func (m ConcurrentMap) Items() map[string]interface{} {
+	tmp := make(map[string]interface{})
+
+	// Insert items to temporary map.
+	for item := range m.IterBuffered() {
+		tmp[item.Key] = item.Val
+	}
+
+	return tmp
+}
+
+// Iterator callback,called for every key,value found in
+// maps. RLock is held for all calls for a given shard
+// therefore callback sess consistent view of a shard,
+// but not across the shards
+type IterCb func(key string, v interface{})
+
+// Callback based iterator, cheapest way to read
+// all elements in a map.
+func (m ConcurrentMap) IterCb(fn IterCb) {
+	for idx := range m {
+		shard := (m)[idx]
+		shard.RLock()
+		for key, value := range shard.items {
+			fn(key, value)
+		}
+		shard.RUnlock()
+	}
+}
+
+// Return all keys as []string
+func (m ConcurrentMap) Keys() []string {
+	count := m.Count()
+	ch := make(chan string, count)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		// Foreach shard.
+		wg := sync.WaitGroup{}
+		wg.Add(SHARD_COUNT)
+		for _, shard := range m {
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+					}
+				}()
+				func(shard *ConcurrentMapShared) {
+					// Foreach key, value pair.
+					shard.RLock()
+					for key := range shard.items {
+						ch <- key
+					}
+					shard.RUnlock()
+					wg.Done()
+				}(shard)
+			}()
+		}
+		wg.Wait()
+		close(ch)
+	}()
+
+	// Generate keys
+	keys := make([]string, 0, count)
+	for k := range ch {
+		keys = append(keys, k)
+	}
+	return keys
+}
+
+//Reviles ConcurrentMap "private" variables to json marshal.
+func (m ConcurrentMap) MarshalJSON() ([]byte, error) {
+	// Create a temporary map, which will hold all item spread across shards.
+	tmp := make(map[string]interface{})
+
+	// Insert items to temporary map.
+	for item := range m.IterBuffered() {
+		tmp[item.Key] = item.Val
+	}
+	return json.Marshal(tmp)
+}
+
+func fnv32(key string) uint32 {
+	hash := uint32(2166136261)
+	const prime32 = uint32(16777619)
+	for i := 0; i < len(key); i++ {
+		hash *= prime32
+		hash ^= uint32(key[i])
+	}
+	return hash
+}
+
+// Concurrent map uses Interface{} as its value, therefor JSON Unmarshal
+// will probably won't know which to type to unmarshal into, in such case
+// we'll end up with a value of type map[string]interface{}, In most cases this isn't
+// out value type, this is why we've decided to remove this functionality.
+
+// func (m *ConcurrentMap) UnmarshalJSON(b []byte) (err error) {
+// 	// Reverse process of Marshal.
+
+// 	tmp := make(map[string]interface{})
+
+// 	// Unmarshal into a single map.
+// 	if err := json.Unmarshal(b, &tmp); err != nil {
+// 		return nil
+// 	}
+
+// 	// foreach key,value pair in temporary map insert into our concurrent map.
+// 	for key, val := range tmp {
+// 		m.Set(key, val)
+// 	}
+// 	return nil
+// }

core/lib/socks5/socks5.go

@@ -0,0 +1,159 @@
+package socks5
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"net"
+	"strconv"
+)
+
+const (
+	Method_NO_AUTH         = uint8(0x00)
+	Method_GSSAPI          = uint8(0x01)
+	Method_USER_PASS       = uint8(0x02)
+	Method_IANA            = uint8(0x7F)
+	Method_RESVERVE        = uint8(0x80)
+	Method_NONE_ACCEPTABLE = uint8(0xFF)
+	VERSION_V5             = uint8(0x05)
+	CMD_CONNECT            = uint8(0x01)
+	CMD_BIND               = uint8(0x02)
+	CMD_ASSOCIATE          = uint8(0x03)
+	ATYP_IPV4              = uint8(0x01)
+	ATYP_DOMAIN            = uint8(0x03)
+	ATYP_IPV6              = uint8(0x04)
+	REP_SUCCESS            = uint8(0x00)
+	REP_REQ_FAIL           = uint8(0x01)
+	REP_RULE_FORBIDDEN     = uint8(0x02)
+	REP_NETWOR_UNREACHABLE = uint8(0x03)
+	REP_HOST_UNREACHABLE   = uint8(0x04)
+	REP_CONNECTION_REFUSED = uint8(0x05)
+	REP_TTL_TIMEOUT        = uint8(0x06)
+	REP_CMD_UNSUPPORTED    = uint8(0x07)
+	REP_ATYP_UNSUPPORTED   = uint8(0x08)
+	REP_UNKNOWN            = uint8(0x09)
+	RSV                    = uint8(0x00)
+)
+
+var (
+	ZERO_IP   = []byte{0x00, 0x00, 0x00, 0x00}
+	ZERO_PORT = []byte{0x00, 0x00}
+)
+var Socks5Errors = []string{
+	"",
+	"general failure",
+	"connection forbidden",
+	"network unreachable",
+	"host unreachable",
+	"connection refused",
+	"TTL expired",
+	"command not supported",
+	"address type not supported",
+}
+
+// Auth contains authentication parameters that specific Dialers may require.
+type UsernamePassword struct {
+	Username, Password string
+}
+
+type PacketUDP struct {
+	rsv     uint16
+	frag    uint8
+	atype   uint8
+	dstHost string
+	dstPort string
+	data    []byte
+}
+
+func NewPacketUDP() (p PacketUDP) {
+	return PacketUDP{}
+}
+func (p *PacketUDP) Build(destAddr string, data []byte) (err error) {
+	host, port, err := net.SplitHostPort(destAddr)
+	if err != nil {
+		return
+	}
+	p.rsv = 0
+	p.frag = 0
+	p.dstHost = host
+	p.dstPort = port
+	p.atype = ATYP_IPV4
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			p.atype = ATYP_IPV4
+			ip = ip4
+		} else {
+			p.atype = ATYP_IPV6
+		}
+	} else {
+		if len(host) > 255 {
+			err = errors.New("proxy: destination host name too long: " + host)
+			return
+		}
+		p.atype = ATYP_DOMAIN
+	}
+	p.data = data
+
+	return
+}
+func (p *PacketUDP) Parse(b []byte) (err error) {
+	p.frag = uint8(b[2])
+	if p.frag != 0 {
+		err = fmt.Errorf("FRAG only support for 0 , %v ,%v", p.frag, b[:4])
+		return
+	}
+	portIndex := 0
+	p.atype = b[3]
+	switch p.atype {
+	case ATYP_IPV4: //IP V4
+		p.dstHost = net.IPv4(b[4], b[5], b[6], b[7]).String()
+		portIndex = 8
+	case ATYP_DOMAIN: //域名
+		domainLen := uint8(b[4])
+		p.dstHost = string(b[5 : 5+domainLen]) //b[4]表示域名的长度
+		portIndex = int(5 + domainLen)
+	case ATYP_IPV6: //IP V6
+		p.dstHost = net.IP{b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19]}.String()
+		portIndex = 20
+	}
+	p.dstPort = strconv.Itoa(int(b[portIndex])<<8 | int(b[portIndex+1]))
+	p.data = b[portIndex+2:]
+	return
+}
+func (p *PacketUDP) Header() []byte {
+	header := new(bytes.Buffer)
+	header.Write([]byte{0x00, 0x00, p.frag, p.atype})
+	if p.atype == ATYP_IPV4 {
+		ip := net.ParseIP(p.dstHost)
+		header.Write(ip.To4())
+	} else if p.atype == ATYP_IPV6 {
+		ip := net.ParseIP(p.dstHost)
+		header.Write(ip.To16())
+	} else if p.atype == ATYP_DOMAIN {
+		hBytes := []byte(p.dstHost)
+		header.WriteByte(byte(len(hBytes)))
+		header.Write(hBytes)
+	}
+	port, _ := strconv.ParseUint(p.dstPort, 10, 64)
+	portBytes := new(bytes.Buffer)
+	binary.Write(portBytes, binary.BigEndian, port)
+	header.Write(portBytes.Bytes()[portBytes.Len()-2:])
+	return header.Bytes()
+}
+func (p *PacketUDP) Bytes() []byte {
+	packBytes := new(bytes.Buffer)
+	packBytes.Write(p.Header())
+	packBytes.Write(p.data)
+	return packBytes.Bytes()
+}
+func (p *PacketUDP) Host() string {
+	return p.dstHost
+}
+
+func (p *PacketUDP) Port() string {
+	return p.dstPort
+}
+func (p *PacketUDP) Data() []byte {
+	return p.data
+}

core/lib/transport/compress.go

@@ -0,0 +1,62 @@
+package transport
+
+import (
+	"net"
+	"time"
+
+	"github.com/golang/snappy"
+)
+
+func NewCompStream(conn net.Conn) *CompStream {
+	c := new(CompStream)
+	c.conn = conn
+	c.w = snappy.NewBufferedWriter(conn)
+	c.r = snappy.NewReader(conn)
+	return c
+}
+func NewCompConn(conn net.Conn) net.Conn {
+	c := CompStream{}
+	c.conn = conn
+	c.w = snappy.NewBufferedWriter(conn)
+	c.r = snappy.NewReader(conn)
+	return &c
+}
+
+type CompStream struct {
+	net.Conn
+	conn net.Conn
+	w    *snappy.Writer
+	r    *snappy.Reader
+}
+
+func (c *CompStream) Read(p []byte) (n int, err error) {
+	return c.r.Read(p)
+}
+
+func (c *CompStream) Write(p []byte) (n int, err error) {
+	n, err = c.w.Write(p)
+	err = c.w.Flush()
+	return n, err
+}
+
+func (c *CompStream) Close() (err error) {
+	err = c.conn.Close()
+	c.r = nil
+	c.w = nil
+	return
+}
+func (c *CompStream) LocalAddr() net.Addr {
+	return c.conn.LocalAddr()
+}
+func (c *CompStream) RemoteAddr() net.Addr {
+	return c.conn.RemoteAddr()
+}
+func (c *CompStream) SetDeadline(t time.Time) error {
+	return c.conn.SetDeadline(t)
+}
+func (c *CompStream) SetReadDeadline(t time.Time) error {
+	return c.conn.SetReadDeadline(t)
+}
+func (c *CompStream) SetWriteDeadline(t time.Time) error {
+	return c.conn.SetWriteDeadline(t)
+}

core/lib/transport/encrypt/conn.go

@@ -0,0 +1,56 @@
+package encrypt
+
+import (
+	"crypto/cipher"
+	"fmt"
+	"io"
+	"net"
+
+	lbuf "github.com/snail007/goproxy/core/lib/buf"
+)
+
+var (
+	lBuf = lbuf.NewLeakyBuf(2048, 2048)
+)
+
+type Conn struct {
+	net.Conn
+	*Cipher
+	w io.Writer
+	r io.Reader
+}
+
+func NewConn(c net.Conn, method, password string) (conn net.Conn, err error) {
+	cipher0, err := NewCipher(method, password)
+	if err != nil {
+		return
+	}
+	conn = &Conn{
+		Conn:   c,
+		Cipher: cipher0,
+		r:      &cipher.StreamReader{S: cipher0.ReadStream, R: c},
+		w:      &cipher.StreamWriter{S: cipher0.WriteStream, W: c},
+	}
+	return
+}
+func (s *Conn) Read(b []byte) (n int, err error) {
+	if s.r == nil {
+		return 0, fmt.Errorf("use of closed network connection")
+	}
+	return s.r.Read(b)
+}
+func (s *Conn) Write(b []byte) (n int, err error) {
+	if s.w == nil {
+		return 0, fmt.Errorf("use of closed network connection")
+	}
+	return s.w.Write(b)
+}
+func (s *Conn) Close() (err error) {
+	if s.Cipher != nil {
+		err = s.Conn.Close()
+		s.Cipher = nil
+		s.r = nil
+		s.w = nil
+	}
+	return
+}

core/lib/transport/encrypt/encrypt.go

@@ -0,0 +1,185 @@
+package encrypt
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/des"
+	"crypto/md5"
+	"crypto/rc4"
+	"crypto/sha256"
+	"errors"
+
+	lbuf "github.com/snail007/goproxy/core/lib/buf"
+	"github.com/Yawning/chacha20"
+	"golang.org/x/crypto/blowfish"
+	"golang.org/x/crypto/cast5"
+)
+
+const leakyBufSize = 2048
+const maxNBuf = 2048
+
+var leakyBuf = lbuf.NewLeakyBuf(maxNBuf, leakyBufSize)
+var errEmptyPassword = errors.New("proxy key")
+
+func md5sum(d []byte) []byte {
+	h := md5.New()
+	h.Write(d)
+	return h.Sum(nil)
+}
+
+func evpBytesToKey(password string, keyLen int) (key []byte) {
+	const md5Len = 16
+	cnt := (keyLen-1)/md5Len + 1
+	m := make([]byte, cnt*md5Len)
+	copy(m, md5sum([]byte(password)))
+
+	// Repeatedly call md5 until bytes generated is enough.
+	// Each call to md5 uses data: prev md5 sum + password.
+	d := make([]byte, md5Len+len(password))
+	start := 0
+	for i := 1; i < cnt; i++ {
+		start += md5Len
+		copy(d, m[start-md5Len:start])
+		copy(d[md5Len:], password)
+		copy(m[start:], md5sum(d))
+	}
+	return m[:keyLen]
+}
+
+type DecOrEnc int
+
+const (
+	Decrypt DecOrEnc = iota
+	Encrypt
+)
+
+func newStream(block cipher.Block, err error, key, iv []byte,
+	doe DecOrEnc) (cipher.Stream, error) {
+	if err != nil {
+		return nil, err
+	}
+	if doe == Encrypt {
+		return cipher.NewCFBEncrypter(block, iv), nil
+	} else {
+		return cipher.NewCFBDecrypter(block, iv), nil
+	}
+}
+
+func newAESCFBStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := aes.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newAESCTRStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	return cipher.NewCTR(block, iv), nil
+}
+
+func newDESStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := des.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newBlowFishStream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := blowfish.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newCast5Stream(key, iv []byte, doe DecOrEnc) (cipher.Stream, error) {
+	block, err := cast5.NewCipher(key)
+	return newStream(block, err, key, iv, doe)
+}
+
+func newRC4MD5Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+	h := md5.New()
+	h.Write(key)
+	h.Write(iv)
+	rc4key := h.Sum(nil)
+
+	return rc4.NewCipher(rc4key)
+}
+
+func newChaCha20Stream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+	return chacha20.NewCipher(key, iv)
+}
+
+func newChaCha20IETFStream(key, iv []byte, _ DecOrEnc) (cipher.Stream, error) {
+	return chacha20.NewCipher(key, iv)
+}
+
+type cipherInfo struct {
+	keyLen    int
+	ivLen     int
+	newStream func(key, iv []byte, doe DecOrEnc) (cipher.Stream, error)
+}
+
+var cipherMethod = map[string]*cipherInfo{
+	"aes-128-cfb":   {16, 16, newAESCFBStream},
+	"aes-192-cfb":   {24, 16, newAESCFBStream},
+	"aes-256-cfb":   {32, 16, newAESCFBStream},
+	"aes-128-ctr":   {16, 16, newAESCTRStream},
+	"aes-192-ctr":   {24, 16, newAESCTRStream},
+	"aes-256-ctr":   {32, 16, newAESCTRStream},
+	"des-cfb":       {8, 8, newDESStream},
+	"bf-cfb":        {16, 8, newBlowFishStream},
+	"cast5-cfb":     {16, 8, newCast5Stream},
+	"rc4-md5":       {16, 16, newRC4MD5Stream},
+	"rc4-md5-6":     {16, 6, newRC4MD5Stream},
+	"chacha20":      {32, 8, newChaCha20Stream},
+	"chacha20-ietf": {32, 12, newChaCha20IETFStream},
+}
+
+func GetCipherMethods() (keys []string) {
+	keys = []string{}
+	for k := range cipherMethod {
+		keys = append(keys, k)
+	}
+	return
+}
+func CheckCipherMethod(method string) error {
+	if method == "" {
+		method = "aes-256-cfb"
+	}
+	_, ok := cipherMethod[method]
+	if !ok {
+		return errors.New("Unsupported encryption method: " + method)
+	}
+	return nil
+}
+
+type Cipher struct {
+	WriteStream cipher.Stream
+	ReadStream  cipher.Stream
+	key         []byte
+	info        *cipherInfo
+}
+
+func NewCipher(method, password string) (c *Cipher, err error) {
+	if password == "" {
+		return nil, errEmptyPassword
+	}
+	mi, ok := cipherMethod[method]
+	if !ok {
+		return nil, errors.New("Unsupported encryption method: " + method)
+	}
+	key := evpBytesToKey(password, mi.keyLen)
+	c = &Cipher{key: key, info: mi}
+	if err != nil {
+		return nil, err
+	}
+	//hash(key) -> read IV
+	riv := sha256.New().Sum(c.key)[:c.info.ivLen]
+	c.ReadStream, err = c.info.newStream(c.key, riv, Decrypt)
+	if err != nil {
+		return nil, err
+	} //hash(read IV) -> write IV
+	wiv := sha256.New().Sum(riv)[:c.info.ivLen]
+	c.WriteStream, err = c.info.newStream(c.key, wiv, Encrypt)
+	if err != nil {
+		return nil, err
+	}
+	return c, nil
+}

core/lib/udp/udp.go

@@ -0,0 +1,234 @@
+package udputils
+
+import (
+	"fmt"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strings"
+	"time"
+
+	bufx "github.com/snail007/goproxy/core/lib/buf"
+	mapx "github.com/snail007/goproxy/core/lib/mapx"
+)
+
+type CreateOutUDPConnFn func(listener *net.UDPConn, srcAddr *net.UDPAddr, packet []byte) (outconn *net.UDPConn, err error)
+type CleanFn func(srcAddr string)
+type BeforeSendFn func(listener *net.UDPConn, srcAddr *net.UDPAddr, b []byte) (sendB []byte, err error)
+type BeforeReplyFn func(listener *net.UDPConn, srcAddr *net.UDPAddr, outconn *net.UDPConn, b []byte) (replyB []byte, err error)
+
+type IOBinder struct {
+	outConns           mapx.ConcurrentMap
+	listener           *net.UDPConn
+	createOutUDPConnFn CreateOutUDPConnFn
+	log                *logger.Logger
+	timeout            time.Duration
+	cleanFn            CleanFn
+	inTCPConn          *net.Conn
+	outTCPConn         *net.Conn
+	beforeSendFn       BeforeSendFn
+	beforeReplyFn      BeforeReplyFn
+}
+
+func NewIOBinder(listener *net.UDPConn, log *logger.Logger) *IOBinder {
+	return &IOBinder{
+		listener: listener,
+		outConns: mapx.NewConcurrentMap(),
+		log:      log,
+	}
+}
+func (s *IOBinder) Factory(fn CreateOutUDPConnFn) *IOBinder {
+	s.createOutUDPConnFn = fn
+	return s
+}
+func (s *IOBinder) AfterReadFromClient(fn BeforeSendFn) *IOBinder {
+	s.beforeSendFn = fn
+	return s
+}
+func (s *IOBinder) AfterReadFromServer(fn BeforeReplyFn) *IOBinder {
+	s.beforeReplyFn = fn
+	return s
+}
+func (s *IOBinder) Timeout(timeout time.Duration) *IOBinder {
+	s.timeout = timeout
+	return s
+}
+func (s *IOBinder) Clean(fn CleanFn) *IOBinder {
+	s.cleanFn = fn
+	return s
+}
+func (s *IOBinder) AliveWithServeConn(srcAddr string, inTCPConn *net.Conn) *IOBinder {
+	s.inTCPConn = inTCPConn
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		buf := make([]byte, 1)
+		(*inTCPConn).SetReadDeadline(time.Time{})
+		if _, err := (*inTCPConn).Read(buf); err != nil {
+			s.log.Printf("udp related tcp conn of client disconnected with read , %s", err.Error())
+			s.clean(srcAddr)
+		}
+	}()
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		for {
+			(*inTCPConn).SetWriteDeadline(time.Now().Add(time.Second * 5))
+			if _, err := (*inTCPConn).Write([]byte{0x00}); err != nil {
+				s.log.Printf("udp related tcp conn of client disconnected with write , %s", err.Error())
+				s.clean(srcAddr)
+				return
+			}
+			(*inTCPConn).SetWriteDeadline(time.Time{})
+			time.Sleep(time.Second * 5)
+		}
+	}()
+	return s
+}
+func (s *IOBinder) AliveWithClientConn(srcAddr string, outTCPConn *net.Conn) *IOBinder {
+	s.outTCPConn = outTCPConn
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		buf := make([]byte, 1)
+		(*outTCPConn).SetReadDeadline(time.Time{})
+		if _, err := (*outTCPConn).Read(buf); err != nil {
+			s.log.Printf("udp related tcp conn to parent disconnected with read , %s", err.Error())
+			s.clean(srcAddr)
+		}
+	}()
+	return s
+}
+func (s *IOBinder) Run() (err error) {
+	var (
+		isClosedErr = func(err error) bool {
+			return err != nil && strings.Contains(err.Error(), "use of closed network connection")
+		}
+		isTimeoutErr = func(err error) bool {
+			if err == nil {
+				return false
+			}
+			e, ok := err.(net.Error)
+			return ok && e.Timeout()
+		}
+		isRefusedErr = func(err error) bool {
+			return err != nil && strings.Contains(err.Error(), "connection refused")
+		}
+	)
+	for {
+		buf := bufx.Get()
+		defer bufx.Put(buf)
+		n, srcAddr, err := s.listener.ReadFromUDP(buf)
+		if err != nil {
+			s.log.Printf("read from client error %s", err)
+			if isClosedErr(err) {
+				return err
+			}
+			continue
+		}
+		var data []byte
+		if s.beforeSendFn != nil {
+			data, err = s.beforeSendFn(s.listener, srcAddr, buf[:n])
+			if err != nil {
+				s.log.Printf("beforeSend retured an error , %s", err)
+				continue
+			}
+		} else {
+			data = buf[:n]
+		}
+		inconnRemoteAddr := srcAddr.String()
+		var outconn *net.UDPConn
+		if v, ok := s.outConns.Get(inconnRemoteAddr); !ok {
+			outconn, err = s.createOutUDPConnFn(s.listener, srcAddr, data)
+			if err != nil {
+				s.log.Printf("connnect fail %s", err)
+				return err
+			}
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+					}
+				}()
+				defer func() {
+					s.clean(srcAddr.String())
+				}()
+				buf := bufx.Get()
+				defer bufx.Put(buf)
+				for {
+					if s.timeout > 0 {
+						outconn.SetReadDeadline(time.Now().Add(s.timeout))
+					}
+					n, srcAddr, err := outconn.ReadFromUDP(buf)
+					if err != nil {
+						s.log.Printf("read from remote error %s", err)
+						if isClosedErr(err) || isTimeoutErr(err) || isRefusedErr(err) {
+							return
+						}
+						continue
+					}
+					data := buf[:n]
+					if s.beforeReplyFn != nil {
+						data, err = s.beforeReplyFn(s.listener, srcAddr, outconn, buf[:n])
+						if err != nil {
+							s.log.Printf("beforeReply retured an error , %s", err)
+							continue
+						}
+					}
+					_, err = s.listener.WriteTo(data, srcAddr)
+					if err != nil {
+						s.log.Printf("write to remote error %s", err)
+						if isClosedErr(err) {
+							return
+						}
+						continue
+					}
+				}
+			}()
+		} else {
+			outconn = v.(*net.UDPConn)
+		}
+
+		s.log.Printf("use decrpyted data , %v", data)
+
+		_, err = outconn.Write(data)
+
+		if err != nil {
+			s.log.Printf("write to remote error %s", err)
+			if isClosedErr(err) {
+				return err
+			}
+		}
+	}
+}
+func (s *IOBinder) clean(srcAddr string) *IOBinder {
+	if v, ok := s.outConns.Get(srcAddr); ok {
+		(*v.(*net.UDPConn)).Close()
+		s.outConns.Remove(srcAddr)
+	}
+	if s.inTCPConn != nil {
+		(*s.inTCPConn).Close()
+	}
+	if s.outTCPConn != nil {
+		(*s.outTCPConn).Close()
+	}
+	if s.cleanFn != nil {
+		s.cleanFn(srcAddr)
+	}
+	return s
+}
+
+func (s *IOBinder) Close() {
+	for _, c := range s.outConns.Items() {
+		(*c.(*net.UDPConn)).Close()
+	}
+}

core/proxy/client/proxy.go

@@ -0,0 +1,31 @@
+// Package proxy provides support for a variety of protocols to proxy network
+// data.
+package client
+
+import (
+	"net"
+	"time"
+
+	socks5c "github.com/snail007/goproxy/core/lib/socks5"
+	socks5 "github.com/snail007/goproxy/core/proxy/client/socks5"
+)
+
+// A Dialer is a means to establish a connection.
+type Dialer interface {
+	// Dial connects to the given address via the proxy.
+	DialConn(conn *net.Conn, network, addr string) (err error)
+}
+
+// Auth contains authentication parameters that specific Dialers may require.
+type Auth struct {
+	User, Password string
+}
+
+func SOCKS5(timeout time.Duration, auth *Auth) (Dialer, error) {
+	var a *socks5c.UsernamePassword
+	if auth != nil {
+		a = &socks5c.UsernamePassword{auth.User, auth.Password}
+	}
+	d := socks5.NewDialer(a, timeout)
+	return d, nil
+}

core/proxy/client/socks5/socks5.go

@@ -0,0 +1,263 @@
+package socks5
+
+import (
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"time"
+
+	socks5c "github.com/snail007/goproxy/core/lib/socks5"
+)
+
+type Dialer struct {
+	timeout          time.Duration
+	usernamePassword *socks5c.UsernamePassword
+}
+
+// NewDialer returns a new Dialer that dials through the provided
+// proxy server's network and address.
+func NewDialer(auth *socks5c.UsernamePassword, timeout time.Duration) *Dialer {
+	if auth != nil && auth.Password == "" && auth.Username == "" {
+		auth = nil
+	}
+	return &Dialer{
+		usernamePassword: auth,
+		timeout:          timeout,
+	}
+}
+
+func (d *Dialer) DialConn(conn *net.Conn, network, addr string) (err error) {
+	client := NewClientConn(conn, network, addr, d.timeout, d.usernamePassword, nil)
+	err = client._Handshake()
+	return
+}
+
+type ClientConn struct {
+	user     string
+	password string
+	conn     *net.Conn
+	header   []byte
+	timeout  time.Duration
+	addr     string
+	network  string
+	udpAddr  string
+}
+
+// SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given address
+// with an optional username and password. See RFC 1928 and RFC 1929.
+// target must be a canonical address with a host and port.
+// network : tcp udp
+func NewClientConn(conn *net.Conn, network, target string, timeout time.Duration, auth *socks5c.UsernamePassword, header []byte) *ClientConn {
+	s := &ClientConn{
+		conn:    conn,
+		network: network,
+		timeout: timeout,
+	}
+	if auth != nil {
+		s.user = auth.Username
+		s.password = auth.Password
+	}
+	if header != nil && len(header) > 0 {
+		s.header = header
+	}
+	if network == "udp" && target == "" {
+		target = "0.0.0.0:1"
+	}
+	s.addr = target
+	return s
+}
+
+// connect takes an existing connection to a socks5 proxy server,
+// and commands the server to extend that connection to target,
+// which must be a canonical address with a host and port.
+func (s *ClientConn) _Handshake() error {
+	host, portStr, err := net.SplitHostPort(s.addr)
+	if err != nil {
+		return err
+	}
+	port, err := strconv.Atoi(portStr)
+	if err != nil {
+		return errors.New("proxy: failed to parse port number: " + portStr)
+	}
+	if port < 1 || port > 0xffff {
+		return errors.New("proxy: port number out of range: " + portStr)
+	}
+
+	if err := s.auth(host); err != nil {
+		return err
+	}
+	buf := []byte{}
+	if s.network == "tcp" {
+		buf = append(buf, socks5c.VERSION_V5, socks5c.CMD_CONNECT, 0 /* reserved */)
+
+	} else {
+		buf = append(buf, socks5c.VERSION_V5, socks5c.CMD_ASSOCIATE, 0 /* reserved */)
+	}
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			buf = append(buf, socks5c.ATYP_IPV4)
+			ip = ip4
+		} else {
+			buf = append(buf, socks5c.ATYP_IPV6)
+		}
+		buf = append(buf, ip...)
+	} else {
+		if len(host) > 255 {
+			return errors.New("proxy: destination host name too long: " + host)
+		}
+		buf = append(buf, socks5c.ATYP_DOMAIN)
+		buf = append(buf, byte(len(host)))
+		buf = append(buf, host...)
+	}
+	buf = append(buf, byte(port>>8), byte(port))
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := (*s.conn).Write(buf); err != nil {
+		return errors.New("proxy: failed to write connect request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	(*s.conn).SetDeadline(time.Time{})
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := io.ReadFull((*s.conn), buf[:4]); err != nil {
+		return errors.New("proxy: failed to read connect reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	(*s.conn).SetDeadline(time.Time{})
+	failure := "unknown error"
+	if int(buf[1]) < len(socks5c.Socks5Errors) {
+		failure = socks5c.Socks5Errors[buf[1]]
+	}
+
+	if len(failure) > 0 {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " failed to connect: " + failure)
+	}
+
+	bytesToDiscard := 0
+	switch buf[3] {
+	case socks5c.ATYP_IPV4:
+		bytesToDiscard = net.IPv4len
+	case socks5c.ATYP_IPV6:
+		bytesToDiscard = net.IPv6len
+	case socks5c.ATYP_DOMAIN:
+		(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+		_, err := io.ReadFull((*s.conn), buf[:1])
+		(*s.conn).SetDeadline(time.Time{})
+		if err != nil {
+			return errors.New("proxy: failed to read domain length from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+		bytesToDiscard = int(buf[0])
+	default:
+		return errors.New("proxy: got unknown address type " + strconv.Itoa(int(buf[3])) + " from SOCKS5 proxy at " + s.addr)
+	}
+
+	if cap(buf) < bytesToDiscard {
+		buf = make([]byte, bytesToDiscard)
+	} else {
+		buf = buf[:bytesToDiscard]
+	}
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := io.ReadFull((*s.conn), buf); err != nil {
+		return errors.New("proxy: failed to read address from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	(*s.conn).SetDeadline(time.Time{})
+	var ip net.IP
+	ip = buf
+	ipStr := ""
+	if bytesToDiscard == net.IPv4len || bytesToDiscard == net.IPv6len {
+		if ipv4 := ip.To4(); ipv4 != nil {
+			ipStr = ipv4.String()
+		} else {
+			ipStr = ip.To16().String()
+		}
+	}
+	//log.Printf("%v", ipStr)
+	// Also need to discard the port number
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := io.ReadFull((*s.conn), buf[:2]); err != nil {
+		return errors.New("proxy: failed to read port from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	p := binary.BigEndian.Uint16([]byte{buf[0], buf[1]})
+	//log.Printf("%v", p)
+	s.udpAddr = net.JoinHostPort(ipStr, fmt.Sprintf("%d", p))
+	//log.Printf("%v", s.udpAddr)
+	(*s.conn).SetDeadline(time.Time{})
+	return nil
+}
+func (s *ClientConn) SendUDP(data []byte, addr string) (respData []byte, err error) {
+
+	c, err := net.DialTimeout("udp", s.udpAddr, s.timeout)
+	if err != nil {
+		return
+	}
+	conn := c.(*net.UDPConn)
+
+	p := socks5c.NewPacketUDP()
+	p.Build(addr, data)
+	conn.SetDeadline(time.Now().Add(s.timeout))
+	conn.Write(p.Bytes())
+	conn.SetDeadline(time.Time{})
+
+	buf := make([]byte, 1024)
+	conn.SetDeadline(time.Now().Add(s.timeout))
+	n, _, err := conn.ReadFrom(buf)
+	conn.SetDeadline(time.Time{})
+	if err != nil {
+		return
+	}
+	respData = buf[:n]
+	return
+}
+func (s *ClientConn) auth(host string) error {
+
+	// the size here is just an estimate
+	buf := make([]byte, 0, 6+len(host))
+
+	buf = append(buf, socks5c.VERSION_V5)
+	if len(s.user) > 0 && len(s.user) < 256 && len(s.password) < 256 {
+		buf = append(buf, 2 /* num auth methods */, socks5c.Method_NO_AUTH, socks5c.Method_USER_PASS)
+	} else {
+		buf = append(buf, 1 /* num auth methods */, socks5c.Method_NO_AUTH)
+	}
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := (*s.conn).Write(buf); err != nil {
+		return errors.New("proxy: failed to write greeting to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	(*s.conn).SetDeadline(time.Time{})
+
+	(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+	if _, err := io.ReadFull((*s.conn), buf[:2]); err != nil {
+		return errors.New("proxy: failed to read greeting from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+	}
+	(*s.conn).SetDeadline(time.Time{})
+
+	if buf[0] != 5 {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " has unexpected version " + strconv.Itoa(int(buf[0])))
+	}
+	if buf[1] == 0xff {
+		return errors.New("proxy: SOCKS5 proxy at " + s.addr + " requires authentication")
+	}
+
+	// See RFC 1929
+	if buf[1] == socks5c.Method_USER_PASS {
+		buf = buf[:0]
+		buf = append(buf, 1 /* password protocol version */)
+		buf = append(buf, uint8(len(s.user)))
+		buf = append(buf, s.user...)
+		buf = append(buf, uint8(len(s.password)))
+		buf = append(buf, s.password...)
+		(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+		if _, err := (*s.conn).Write(buf); err != nil {
+			return errors.New("proxy: failed to write authentication request to SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+		(*s.conn).SetDeadline(time.Time{})
+		(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+		if _, err := io.ReadFull((*s.conn), buf[:2]); err != nil {
+			return errors.New("proxy: failed to read authentication reply from SOCKS5 proxy at " + s.addr + ": " + err.Error())
+		}
+		(*s.conn).SetDeadline(time.Time{})
+		if buf[1] != 0 {
+			return errors.New("proxy: SOCKS5 proxy at " + s.addr + " rejected username/password")
+		}
+	}
+	return nil
+}

core/proxy/client/tests/proxy_test.go

@@ -0,0 +1,79 @@
+package tests
+
+import (
+	"io/ioutil"
+	"net"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	proxyclient "github.com/snail007/goproxy/core/proxy/client"
+	sdk "github.com/snail007/goproxy/sdk/android-ios"
+)
+
+func TestSocks5(t *testing.T) {
+	estr := sdk.Start("s1", "socks -p :8185 --log test.log")
+	if estr != "" {
+		t.Fatal(estr)
+	}
+	p, e := proxyclient.SOCKS5(time.Second, nil)
+	if e != nil {
+		t.Error(e)
+	} else {
+		c, e := net.Dial("tcp", "127.0.0.1:8185")
+		if e != nil {
+			t.Fatal(e)
+		}
+		e = p.DialConn(&c, "tcp", "www.baidu.com:80")
+		if e != nil {
+			t.Fatal(e)
+		}
+		_, e = c.Write([]byte("Get / http/1.1\r\nHost: www.baidu.com\r\n"))
+		if e != nil {
+			t.Fatal(e)
+		}
+		b, e := ioutil.ReadAll(c)
+		if e != nil {
+			t.Fatal(e)
+		}
+		if !strings.HasPrefix(string(b), "HTTP") {
+			t.Fatalf("request baidu fail:%s", string(b))
+		}
+	}
+	sdk.Stop("s1")
+	os.Remove("test.log")
+}
+
+func TestSocks5Auth(t *testing.T) {
+	estr := sdk.Start("s1", "socks -p :8185 -a u:p --log test.log")
+	if estr != "" {
+		t.Fatal(estr)
+	}
+	p, e := proxyclient.SOCKS5(time.Second, &proxyclient.Auth{User: "u", Password: "p"})
+	if e != nil {
+		t.Error(e)
+	} else {
+		c, e := net.Dial("tcp", "127.0.0.1:8185")
+		if e != nil {
+			t.Fatal(e)
+		}
+		e = p.DialConn(&c, "tcp", "www.baidu.com:80")
+		if e != nil {
+			t.Fatal(e)
+		}
+		_, e = c.Write([]byte("Get / http/1.1\r\nHost: www.baidu.com\r\n"))
+		if e != nil {
+			t.Fatal(e)
+		}
+		b, e := ioutil.ReadAll(c)
+		if e != nil {
+			t.Fatal(e)
+		}
+		if !strings.HasPrefix(string(b), "HTTP") {
+			t.Fatalf("request baidu fail:%s", string(b))
+		}
+	}
+	sdk.Stop("s1")
+	os.Remove("test.log")
+}

core/proxy/server/socks5/server.go

@@ -0,0 +1,375 @@
+package socks5
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"strings"
+	"time"
+
+	socks5c "github.com/snail007/goproxy/core/lib/socks5"
+)
+
+type BasicAuther interface {
+	CheckUserPass(username, password, userIP, localIP, toTarget string) bool
+}
+type Request struct {
+	ver         uint8
+	cmd         uint8
+	reserve     uint8
+	addressType uint8
+	dstAddr     string
+	dstPort     string
+	dstHost     string
+	bytes       []byte
+	rw          io.ReadWriter
+}
+
+func NewRequest(rw io.ReadWriter, header ...[]byte) (req Request, err interface{}) {
+	var b = make([]byte, 1024)
+	var n int
+	req = Request{rw: rw}
+	if header != nil && len(header) == 1 && len(header[0]) > 1 {
+		b = header[0]
+		n = len(header[0])
+	} else {
+		n, err = rw.Read(b[:])
+		if err != nil {
+			err = fmt.Errorf("read req data fail,ERR: %s", err)
+			return
+		}
+	}
+	req.ver = uint8(b[0])
+	req.cmd = uint8(b[1])
+	req.reserve = uint8(b[2])
+	req.addressType = uint8(b[3])
+	if b[0] != 0x5 {
+		err = fmt.Errorf("sosck version supported")
+		req.TCPReply(socks5c.REP_REQ_FAIL)
+		return
+	}
+	switch b[3] {
+	case 0x01: //IP V4
+		req.dstHost = net.IPv4(b[4], b[5], b[6], b[7]).String()
+	case 0x03: //域名
+		req.dstHost = string(b[5 : n-2]) //b[4]表示域名的长度
+	case 0x04: //IP V6
+		req.dstHost = net.IP{b[4], b[5], b[6], b[7], b[8], b[9], b[10], b[11], b[12], b[13], b[14], b[15], b[16], b[17], b[18], b[19]}.String()
+	}
+	req.dstPort = strconv.Itoa(int(b[n-2])<<8 | int(b[n-1]))
+	req.dstAddr = net.JoinHostPort(req.dstHost, req.dstPort)
+	req.bytes = b[:n]
+	return
+}
+func (s *Request) Bytes() []byte {
+	return s.bytes
+}
+func (s *Request) Addr() string {
+	return s.dstAddr
+}
+func (s *Request) Host() string {
+	return s.dstHost
+}
+func (s *Request) Port() string {
+	return s.dstPort
+}
+func (s *Request) AType() uint8 {
+	return s.addressType
+}
+func (s *Request) CMD() uint8 {
+	return s.cmd
+}
+
+func (s *Request) TCPReply(rep uint8) (err error) {
+	_, err = s.rw.Write(s.NewReply(rep, "0.0.0.0:0"))
+	return
+}
+func (s *Request) UDPReply(rep uint8, addr string) (err error) {
+	_, err = s.rw.Write(s.NewReply(rep, addr))
+	return
+}
+func (s *Request) NewReply(rep uint8, addr string) []byte {
+	var response bytes.Buffer
+	host, port, _ := net.SplitHostPort(addr)
+	ip := net.ParseIP(host)
+	ipb := ip.To4()
+	atyp := socks5c.ATYP_IPV4
+	ipv6 := ip.To16()
+	zeroiIPv6 := fmt.Sprintf("%d%d%d%d%d%d%d%d%d%d%d%d",
+		ipv6[0], ipv6[1], ipv6[2], ipv6[3],
+		ipv6[4], ipv6[5], ipv6[6], ipv6[7],
+		ipv6[8], ipv6[9], ipv6[10], ipv6[11],
+	)
+	if ipb == nil && ipv6 != nil && "0000000000255255" != zeroiIPv6 {
+		atyp = socks5c.ATYP_IPV6
+		ipb = ip.To16()
+	}
+	porti, _ := strconv.Atoi(port)
+	portb := make([]byte, 2)
+	binary.BigEndian.PutUint16(portb, uint16(porti))
+	// log.Printf("atyp : %v", atyp)
+	// log.Printf("ip : %v", []byte(ip))
+	response.WriteByte(socks5c.VERSION_V5)
+	response.WriteByte(rep)
+	response.WriteByte(socks5c.RSV)
+	response.WriteByte(atyp)
+	response.Write(ipb)
+	response.Write(portb)
+	return response.Bytes()
+}
+
+type MethodsRequest struct {
+	ver          uint8
+	methodsCount uint8
+	methods      []uint8
+	bytes        []byte
+	rw           *io.ReadWriter
+}
+
+func NewMethodsRequest(r io.ReadWriter, header ...[]byte) (s MethodsRequest, err interface{}) {
+	defer func() {
+		if err == nil {
+			err = recover()
+		}
+	}()
+	s = MethodsRequest{}
+	s.rw = &r
+	var buf = make([]byte, 300)
+	var n int
+	if header != nil && len(header) == 1 && len(header[0]) > 1 {
+		buf = header[0]
+		n = len(header[0])
+	} else {
+		n, err = r.Read(buf)
+		if err != nil {
+			return
+		}
+	}
+	if buf[0] != 0x05 {
+		err = fmt.Errorf("socks version not supported")
+		return
+	}
+	if n != int(buf[1])+int(2) {
+		err = fmt.Errorf("socks methods data length error")
+		return
+	}
+	s.ver = buf[0]
+	s.methodsCount = buf[1]
+	s.methods = buf[2:n]
+	s.bytes = buf[:n]
+	return
+}
+func (s *MethodsRequest) Version() uint8 {
+	return s.ver
+}
+func (s *MethodsRequest) MethodsCount() uint8 {
+	return s.methodsCount
+}
+func (s *MethodsRequest) Methods() []uint8 {
+	return s.methods
+}
+func (s *MethodsRequest) Select(method uint8) bool {
+	for _, m := range s.methods {
+		if m == method {
+			return true
+		}
+	}
+	return false
+}
+func (s *MethodsRequest) Reply(method uint8) (err error) {
+	_, err = (*s.rw).Write([]byte{byte(socks5c.VERSION_V5), byte(method)})
+	return
+}
+func (s *MethodsRequest) Bytes() []byte {
+	return s.bytes
+}
+
+type ServerConn struct {
+	target   string
+	user     string
+	password string
+	conn     *net.Conn
+	timeout  time.Duration
+	auth     *BasicAuther
+	header   []byte
+	ver      uint8
+	//method
+	methodsCount uint8
+	methods      []uint8
+	method       uint8
+	//request
+	cmd         uint8
+	reserve     uint8
+	addressType uint8
+	dstAddr     string
+	dstPort     string
+	dstHost     string
+	udpAddress  string
+}
+
+func NewServerConn(conn *net.Conn, timeout time.Duration, auth *BasicAuther, udpAddress string, header []byte) *ServerConn {
+	if udpAddress == "" {
+		udpAddress = "0.0.0.0:16666"
+	}
+	s := &ServerConn{
+		conn:       conn,
+		timeout:    timeout,
+		auth:       auth,
+		header:     header,
+		ver:        socks5c.VERSION_V5,
+		udpAddress: udpAddress,
+	}
+	return s
+
+}
+func (s *ServerConn) Close() {
+	(*s.conn).Close()
+}
+func (s *ServerConn) AuthData() socks5c.UsernamePassword {
+	return socks5c.UsernamePassword{s.user, s.password}
+}
+func (s *ServerConn) Method() uint8 {
+	return s.method
+}
+func (s *ServerConn) Target() string {
+	return s.target
+}
+func (s *ServerConn) Handshake() (err error) {
+	remoteAddr := (*s.conn).RemoteAddr()
+	localAddr := (*s.conn).LocalAddr()
+	//协商开始
+	//method select request
+	var methodReq MethodsRequest
+	(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+
+	methodReq, e := NewMethodsRequest((*s.conn), s.header)
+	(*s.conn).SetReadDeadline(time.Time{})
+	if e != nil {
+		(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+		methodReq.Reply(socks5c.Method_NONE_ACCEPTABLE)
+		(*s.conn).SetReadDeadline(time.Time{})
+		err = fmt.Errorf("new methods request fail,ERR: %s", e)
+		return
+	}
+	//log.Printf("%v,s.auth == %v && methodReq.Select(Method_NO_AUTH) %v", methodReq.methods, s.auth, methodReq.Select(Method_NO_AUTH))
+	if s.auth == nil && methodReq.Select(socks5c.Method_NO_AUTH) && !methodReq.Select(socks5c.Method_USER_PASS) {
+		// if !methodReq.Select(Method_NO_AUTH) {
+		// 	(*s.conn).SetReadDeadline(time.Now().Add(time.Second * s.timeout))
+		// 	methodReq.Reply(Method_NONE_ACCEPTABLE)
+		// 	(*s.conn).SetReadDeadline(time.Time{})
+		// 	err = fmt.Errorf("none method found : Method_NO_AUTH")
+		// 	return
+		// }
+		s.method = socks5c.Method_NO_AUTH
+		//method select reply
+		(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+		err = methodReq.Reply(socks5c.Method_NO_AUTH)
+		(*s.conn).SetReadDeadline(time.Time{})
+		if err != nil {
+			err = fmt.Errorf("reply answer data fail,ERR: %s", err)
+			return
+		}
+		// err = fmt.Errorf("% x", methodReq.Bytes())
+	} else {
+		//auth
+		if !methodReq.Select(socks5c.Method_USER_PASS) {
+			(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+			methodReq.Reply(socks5c.Method_NONE_ACCEPTABLE)
+			(*s.conn).SetReadDeadline(time.Time{})
+			err = fmt.Errorf("none method found : Method_USER_PASS")
+			return
+		}
+		s.method = socks5c.Method_USER_PASS
+		//method reply need auth
+		(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+		err = methodReq.Reply(socks5c.Method_USER_PASS)
+		(*s.conn).SetReadDeadline(time.Time{})
+		if err != nil {
+			err = fmt.Errorf("reply answer data fail,ERR: %s", err)
+			return
+		}
+		//read auth
+		buf := make([]byte, 500)
+		var n int
+		(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+		n, err = (*s.conn).Read(buf)
+		(*s.conn).SetReadDeadline(time.Time{})
+		if err != nil {
+			err = fmt.Errorf("read auth info fail,ERR: %s", err)
+			return
+		}
+		r := buf[:n]
+		s.user = string(r[2 : r[1]+2])
+		s.password = string(r[2+r[1]+1:])
+		//err = fmt.Errorf("user:%s,pass:%s", user, pass)
+		//auth
+		_userAddr := strings.Split(remoteAddr.String(), ":")
+		_localAddr := strings.Split(localAddr.String(), ":")
+		if s.auth == nil || (*s.auth).CheckUserPass(s.user, s.password, _userAddr[0], _localAddr[0], "") {
+			(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+			_, err = (*s.conn).Write([]byte{0x01, 0x00})
+			(*s.conn).SetDeadline(time.Time{})
+			if err != nil {
+				err = fmt.Errorf("answer auth success to %s fail,ERR: %s", remoteAddr, err)
+				return
+			}
+		} else {
+			(*s.conn).SetDeadline(time.Now().Add(s.timeout))
+			_, err = (*s.conn).Write([]byte{0x01, 0x01})
+			(*s.conn).SetDeadline(time.Time{})
+			if err != nil {
+				err = fmt.Errorf("answer auth fail to %s fail,ERR: %s", remoteAddr, err)
+				return
+			}
+			err = fmt.Errorf("auth fail from %s", remoteAddr)
+			return
+		}
+	}
+	//request detail
+	(*s.conn).SetReadDeadline(time.Now().Add(s.timeout))
+	request, e := NewRequest(*s.conn)
+	(*s.conn).SetReadDeadline(time.Time{})
+	if e != nil {
+		err = fmt.Errorf("read request data fail,ERR: %s", e)
+		return
+	}
+	//协商结束
+
+	switch request.CMD() {
+	case socks5c.CMD_BIND:
+		err = request.TCPReply(socks5c.REP_UNKNOWN)
+		if err != nil {
+			err = fmt.Errorf("TCPReply REP_UNKNOWN to %s fail,ERR: %s", remoteAddr, err)
+			return
+		}
+		err = fmt.Errorf("cmd bind not supported, form: %s", remoteAddr)
+		return
+	case socks5c.CMD_CONNECT:
+		err = request.TCPReply(socks5c.REP_SUCCESS)
+		if err != nil {
+			err = fmt.Errorf("TCPReply REP_SUCCESS to %s fail,ERR: %s", remoteAddr, err)
+			return
+		}
+	case socks5c.CMD_ASSOCIATE:
+		err = request.UDPReply(socks5c.REP_SUCCESS, s.udpAddress)
+		if err != nil {
+			err = fmt.Errorf("UDPReply REP_SUCCESS to %s fail,ERR: %s", remoteAddr, err)
+			return
+		}
+	}
+
+	//fill socks info
+	s.target = request.Addr()
+	s.methodsCount = methodReq.MethodsCount()
+	s.methods = methodReq.Methods()
+	s.cmd = request.CMD()
+	s.reserve = request.reserve
+	s.addressType = request.addressType
+	s.dstAddr = request.dstAddr
+	s.dstHost = request.dstHost
+	s.dstPort = request.dstPort
+	return
+}

core/tproxy/README.md

@@ -0,0 +1,35 @@
+# Pass-through user IP manual
+
+## Description:
+
+By Linux TPROXY function,you can achieve the source Station service program can see the client's real IP, to achieve this feature requires linux operating systems and programs must meet certain conditions.
+
+## Environmental requirements:
+
+The source station must be a service program running on Linux, and Linux needs to meet the following conditions:
+
+1. Linux kernel version >= 2.6.28
+
+2. Determine whether the system supports TPROXY, execute:
+
+    grep TPROXY /boot/config-`uname -r`
+
+    If the output has the following result description is supported.
+
+    CONFIG_NETFILTER_XT_TARGET_TPROXY=m
+
+## Deployment steps:
+
+1. The tproxy environment setup script should be executed with root privileges every time the boot from the source Linux system: tproxy_setup.sh
+
+2. Execute proxy proxy with root access on the source Linux system
+
+## Parameter-tproxy is the tproxy function that turns on the proxy.
+
+./proxy -tproxy
+
+2. The IP address of the source station to listen to the program requires the use of: `127.0.1.1`
+
+For example, the address of the source station before listening is: `0.0.0.0:8800`, now need to be modified to: `127.0.1.1:8800`
+
+3. Forwarding rules inside the source address must be the corresponding, such as the above: `127.0.1.1:8800`

core/tproxy/README_ZH.md

@@ -0,0 +1,35 @@
+# 透传用户IP手册
+
+## 说明:
+
+通过Linux的TPROXY功能,可以实现源站服务程序可以看见客户端真实IP,实现该功能需要linux操作系统和程序都要满足一定的条件.
+
+## 环境要求:
+
+源站必须是运行在Linux上面的服务程序,同时Linux需要满足下面条件:
+
+1. Linux内核版本 >= 2.6.28
+
+2. 判断系统是否支持TPROXY,执行:
+
+    grep TPROXY /boot/config-`uname -r`
+
+    如果输出有下面的结果说明支持.
+
+    CONFIG_NETFILTER_XT_TARGET_TPROXY=m
+
+## 部署步骤:
+
+1. 在源站的linux系统里面每次开机启动都要用root权限执行tproxy环境设置脚本:tproxy_setup.sh
+
+2. 在源站的linux系统里面使用root权限执行代理proxy
+
+## 参数 -tproxy 是开启代理的tproxy功能.
+
+./proxy -tproxy
+
+2. 源站的程序监听的地址IP需要使用:127.0.1.1
+
+比如源站以前监听的地址是: 0.0.0.0:8800 , 现在需要修改为:127.0.1.1:8800
+
+3. 转发规则里面源站地址必须是对应的,比如上面的:127.0.1.1:8800

core/tproxy/tproxy.go

@@ -0,0 +1,249 @@
+// Package tproxy provides the TCPDial and TCPListen tproxy equivalent of the
+// net package Dial and Listen with tproxy support for linux ONLY.
+package tproxy
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"time"
+
+	"golang.org/x/sys/unix"
+)
+
+const big = 0xFFFFFF
+const IP_ORIGADDRS = 20
+
+// Debug outs the library in Debug mode
+var Debug = false
+
+func ipToSocksAddr(family int, ip net.IP, port int, zone string) (unix.Sockaddr, error) {
+	switch family {
+	case unix.AF_INET:
+		if len(ip) == 0 {
+			ip = net.IPv4zero
+		}
+		if ip = ip.To4(); ip == nil {
+			return nil, net.InvalidAddrError("non-IPv4 address")
+		}
+		sa := new(unix.SockaddrInet4)
+		for i := 0; i < net.IPv4len; i++ {
+			sa.Addr[i] = ip[i]
+		}
+		sa.Port = port
+		return sa, nil
+	case unix.AF_INET6:
+		if len(ip) == 0 {
+			ip = net.IPv6zero
+		}
+		// IPv4 callers use 0.0.0.0 to mean "announce on any available address".
+		// In IPv6 mode, Linux treats that as meaning "announce on 0.0.0.0",
+		// which it refuses to do.  Rewrite to the IPv6 unspecified address.
+		if ip.Equal(net.IPv4zero) {
+			ip = net.IPv6zero
+		}
+		if ip = ip.To16(); ip == nil {
+			return nil, net.InvalidAddrError("non-IPv6 address")
+		}
+		sa := new(unix.SockaddrInet6)
+		for i := 0; i < net.IPv6len; i++ {
+			sa.Addr[i] = ip[i]
+		}
+		sa.Port = port
+		sa.ZoneId = uint32(zoneToInt(zone))
+		return sa, nil
+	}
+	return nil, net.InvalidAddrError("unexpected socket family")
+}
+
+func zoneToInt(zone string) int {
+	if zone == "" {
+		return 0
+	}
+	if ifi, err := net.InterfaceByName(zone); err == nil {
+		return ifi.Index
+	}
+	n, _, _ := dtoi(zone, 0)
+	return n
+}
+
+func dtoi(s string, i0 int) (n int, i int, ok bool) {
+	n = 0
+	for i = i0; i < len(s) && '0' <= s[i] && s[i] <= '9'; i++ {
+		n = n*10 + int(s[i]-'0')
+		if n >= big {
+			return 0, i, false
+		}
+	}
+	if i == i0 {
+		return 0, i, false
+	}
+	return n, i, true
+}
+
+// IPTcpAddrToUnixSocksAddr returns Sockaddr for specified TCP addr.
+func IPTcpAddrToUnixSocksAddr(addr string) (sa unix.Sockaddr, err error) {
+	if Debug {
+		fmt.Println("DEBUG: IPTcpAddrToUnixSocksAddr recieved address:", addr)
+	}
+	addressNet := "tcp6"
+	if addr[0] != '[' {
+		addressNet = "tcp4"
+	}
+	tcpAddr, err := net.ResolveTCPAddr(addressNet, addr)
+	if err != nil {
+		return nil, err
+	}
+	return ipToSocksAddr(ipType(addr), tcpAddr.IP, tcpAddr.Port, tcpAddr.Zone)
+}
+
+// IPv6UdpAddrToUnixSocksAddr returns Sockaddr for specified IPv6 addr.
+func IPv6UdpAddrToUnixSocksAddr(addr string) (sa unix.Sockaddr, err error) {
+	tcpAddr, err := net.ResolveTCPAddr("udp6", addr)
+	if err != nil {
+		return nil, err
+	}
+	return ipToSocksAddr(unix.AF_INET6, tcpAddr.IP, tcpAddr.Port, tcpAddr.Zone)
+}
+
+// TCPListen is listening for incoming IP packets which are being intercepted.
+// In conflict to regular Listen mehtod the socket destination and source addresses
+// are of the intercepted connection.
+// Else then that it works exactly like net package net.Listen.
+func TCPListen(listenAddr string) (listener net.Listener, err error) {
+	s, err := unix.Socket(unix.AF_INET6, unix.SOCK_STREAM, 0)
+	if err != nil {
+		return nil, err
+	}
+	defer unix.Close(s)
+	err = unix.SetsockoptInt(s, unix.SOL_IP, unix.IP_TRANSPARENT, 1)
+	if err != nil {
+		return nil, err
+	}
+
+	sa, err := IPTcpAddrToUnixSocksAddr(listenAddr)
+	if err != nil {
+		return nil, err
+	}
+	err = unix.Bind(s, sa)
+	if err != nil {
+		return nil, err
+	}
+	err = unix.Listen(s, unix.SOMAXCONN)
+	if err != nil {
+		return nil, err
+	}
+	f := os.NewFile(uintptr(s), "TProxy")
+	defer f.Close()
+	return net.FileListener(f)
+}
+func ipType(localAddr string) int {
+	host, _, _ := net.SplitHostPort(localAddr)
+	if host != "" {
+		ip := net.ParseIP(host)
+		if ip == nil || ip.To4() != nil {
+			return unix.AF_INET
+		}
+		return unix.AF_INET6
+	}
+	return unix.AF_INET
+}
+
+// TCPDial is a special tcp connection which binds a non local address as the source.
+// Except then the option to bind to a specific local address which the machine doesn't posses
+// it is exactly like any other net.Conn connection.
+// It is advised to use port numbered 0 in the localAddr and leave the kernel to choose which
+// Local port to use in order to avoid errors and binding conflicts.
+func TCPDial(localAddr, remoteAddr string, timeout time.Duration) (conn net.Conn, err error) {
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+	if Debug {
+		fmt.Println("TCPDial from:", localAddr, "to:", remoteAddr)
+	}
+	s, err := unix.Socket(ipType(localAddr), unix.SOCK_STREAM, 0)
+
+	//In a case there was a need for a non-blocking socket an example
+	//s, err := unix.Socket(unix.AF_INET6, unix.SOCK_STREAM |unix.SOCK_NONBLOCK, 0)
+	if err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+	defer unix.Close(s)
+	err = unix.SetsockoptInt(s, unix.SOL_IP, unix.IP_TRANSPARENT, 1)
+	if err != nil {
+		if Debug {
+			fmt.Println("ERROR setting the socket in IP_TRANSPARENT mode", err)
+		}
+
+		return nil, err
+	}
+	err = unix.SetsockoptInt(s, unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
+	if err != nil {
+		if Debug {
+			fmt.Println("ERROR setting the socket in unix.SO_REUSEADDR mode", err)
+		}
+		return nil, err
+	}
+
+	rhost, _, err := net.SplitHostPort(localAddr)
+	if err != nil {
+		if Debug {
+			// fmt.Fprintln(os.Stderr, err)
+			fmt.Println("ERROR", err, "running net.SplitHostPort on address:", localAddr)
+		}
+	}
+
+	sa, err := IPTcpAddrToUnixSocksAddr(rhost + ":0")
+	if err != nil {
+		if Debug {
+			fmt.Println("ERROR creating a hostaddres for the socker with IPTcpAddrToUnixSocksAddr", err)
+		}
+		return nil, err
+	}
+
+	remoteSocket, err := IPTcpAddrToUnixSocksAddr(remoteAddr)
+	if err != nil {
+		if Debug {
+			fmt.Println("ERROR creating a remoteSocket for the socker with IPTcpAddrToUnixSocksAddr on the remote addres", err)
+		}
+		return nil, err
+	}
+
+	err = unix.Bind(s, sa)
+	if err != nil {
+		fmt.Println(err)
+		return nil, err
+	}
+
+	errChn := make(chan error, 1)
+	func() {
+		err = unix.Connect(s, remoteSocket)
+		if err != nil {
+			if Debug {
+				fmt.Println("ERROR Connecting from", s, "to:", remoteSocket, "ERROR:", err)
+			}
+		}
+		errChn <- err
+	}()
+
+	select {
+	case err = <-errChn:
+		if err != nil {
+			return nil, err
+		}
+	case <-timer.C:
+		return nil, fmt.Errorf("ERROR connect to %s timeout", remoteAddr)
+	}
+	f := os.NewFile(uintptr(s), "TProxyTCPClient")
+	client, err := net.FileConn(f)
+	if err != nil {
+		if Debug {
+			fmt.Println("ERROR os.NewFile", err)
+		}
+		return nil, err
+	}
+	if Debug {
+		fmt.Println("FINISHED Creating net.coo from:", client.LocalAddr().String(), "to:", client.RemoteAddr().String())
+	}
+	return client, err
+}

core/tproxy/tproxy_setup.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+SOURCE_BIND_IP="127.0.1.1"
+
+echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
+echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
+echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
+echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects
+echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+# 本地的话,貌似这段不需要
+# iptables -t mangle -N DIVERT >/dev/null 2>&1
+# iptables -t mangle -F DIVERT
+# iptables -t mangle -D PREROUTING -p tcp -m socket -j DIVERT >/dev/null 2>&1
+# iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+# iptables -t mangle -A DIVERT -j MARK --set-mark 1
+# iptables -t mangle -A DIVERT -j ACCEPT
+
+ip rule del fwmark 1 lookup 100
+ip rule add fwmark 1 lookup 100
+ip route del local 0.0.0.0/0 dev lo table 100
+ip route add local 0.0.0.0/0 dev lo table 100
+
+ip rule del from ${SOURCE_BIND_IP} table 101
+ip rule add from ${SOURCE_BIND_IP} table 101
+ip route del default via 127.0.0.1 dev lo table 101
+ip route add default via 127.0.0.1 dev lo table 101
+
+ip route flush cache
+ip ro flush cache

docker/Dockerfile

@@ -0,0 +1,19 @@
+FROM golang:alpine AS builder
+WORKDIR $GOPATH
+ARG GOPROXY_VERSION=master
+RUN apk update; apk upgrade; \
+    apk add --no-cache ca-certificates git; \
+    cd /go/src/; \
+    mkdir -p github.com/snail007; \
+    cd github.com/snail007; \
+    git clone --depth=1 https://github.com/snail007/goproxy.git; \
+	cd goproxy; \
+    git checkout ${GOPROXY_VERSION}; \
+    CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o proxy; \
+    chmod 0777 proxy
+
+FROM debian:stable-slim
+COPY --from=builder /go/src/github.com/snail007/goproxy/proxy /usr/local/bin/
+# RUN chmod 0777 /usr/local/bin/proxy
+EXPOSE 80 443
+CMD /usr/local/bin/proxy http -t tcp -p :80,:443

docs/old-release-zh.md

@@ -0,0 +1,25 @@
+# Old Versions of Proxy
+
+- [v5.3手册](https://github.com/snail007/goproxy/tree/v5.3) 
+- [v5.2手册](https://github.com/snail007/goproxy/tree/v5.2) 
+- [v5.1手册](https://github.com/snail007/goproxy/tree/v5.1) 
+- [v5.0手册](https://github.com/snail007/goproxy/tree/v5.0) 
+- [v4.9手册](https://github.com/snail007/goproxy/tree/v4.9) 
+- [v4.8手册](https://github.com/snail007/goproxy/tree/v4.8) 
+- [v4.7手册](https://github.com/snail007/goproxy/tree/v4.7) 
+- [v4.6手册](https://github.com/snail007/goproxy/tree/v4.6) 
+- [v4.5手册](https://github.com/snail007/goproxy/tree/v4.5) 
+- [v4.4手册](https://github.com/snail007/goproxy/tree/v4.4) 
+- [v4.3手册](https://github.com/snail007/goproxy/tree/v4.3) 
+- [v4.2手册](https://github.com/snail007/goproxy/tree/v4.2) 
+- [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1)
+- [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9)
+- [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8)
+- [v3.6-v3.7手册](https://github.com/snail007/goproxy/tree/v3.6)
+- [v3.5手册](https://github.com/snail007/goproxy/tree/v3.5)
+- [v3.4手册](https://github.com/snail007/goproxy/tree/v3.4)
+- [v3.3手册](https://github.com/snail007/goproxy/tree/v3.3)
+- [v3.2手册](https://github.com/snail007/goproxy/tree/v3.2)
+- [v3.1手册](https://github.com/snail007/goproxy/tree/v3.1)
+- [v3.0手册](https://github.com/snail007/goproxy/tree/v3.0)
+- [v2.x手册](https://github.com/snail007/goproxy/tree/v2.2) 

docs/old-release.md

@@ -0,0 +1,25 @@
+# Old Versions of Proxy
+
+- [v5.3 Manual](https://github.com/snail007/goproxy/tree/v5.3) 
+- [v5.2 Manual](https://github.com/snail007/goproxy/tree/v5.2) 
+- [v5.1 Manual](https://github.com/snail007/goproxy/tree/v5.1) 
+- [v5.0 Manual](https://github.com/snail007/goproxy/tree/v5.0) 
+- [v4.9 Manual](https://github.com/snail007/goproxy/tree/v4.9) 
+- [v4.8 Manual](https://github.com/snail007/goproxy/tree/v4.8) 
+- [v4.7 Manual](https://github.com/snail007/goproxy/tree/v4.7) 
+- [v4.6 Manual](https://github.com/snail007/goproxy/tree/v4.6) 
+- [v4.5 Manual](https://github.com/snail007/goproxy/tree/v4.5) 
+- [v4.4 Manual](https://github.com/snail007/goproxy/tree/v4.4) 
+- [v4.3 Manual](https://github.com/snail007/goproxy/tree/v4.3) 
+- [v4.2 Manual](https://github.com/snail007/goproxy/tree/v4.2) 
+- [v4.0-v4.1 Manual](https://github.com/snail007/goproxy/tree/v4.1)
+- [v3.9 Manual](https://github.com/snail007/goproxy/tree/v3.9)
+- [v3.8 Manual](https://github.com/snail007/goproxy/tree/v3.8)
+- [v3.6-v3.7 Manual](https://github.com/snail007/goproxy/tree/v3.6)
+- [v3.5 Manual](https://github.com/snail007/goproxy/tree/v3.5)
+- [v3.4 Manual](https://github.com/snail007/goproxy/tree/v3.4)
+- [v3.3 Manual](https://github.com/snail007/goproxy/tree/v3.3)
+- [v3.2 Manual](https://github.com/snail007/goproxy/tree/v3.2)
+- [v3.1 Manual](https://github.com/snail007/goproxy/tree/v3.1)
+- [v3.0 Manual](https://github.com/snail007/goproxy/tree/v3.0)
+- [v2.x Manual](https://github.com/snail007/goproxy/tree/v2.2) 

gui/README.md

@@ -1,13 +1,13 @@
 # Proxy-GUI
-基于proxy的各平台SDK,作者和众多热心人士开发了各平台的GUI版本的proxy,下面分平台介绍.  
+Based on the proxy platform SDK, the author and many enthusiasts have developed the GUI version of the proxy for each platform.
 
 ## Windows
 
-- 官方java版本,项目主页:[goproxy-jui](https://github.com/snail007/goproxy-jui)
+- Official java version, Project Homepage:[goproxy-jui](https://github.com/snail007/goproxy-jui)
 
 ## Linux
 
-- 官方java版本,项目主页:[goproxy-jui](https://github.com/snail007/goproxy-jui)
+- Official java version, Project Homepage:[goproxy-jui](https://github.com/snail007/goproxy-jui)
 
 ## MacOS
 
@@ -15,13 +15,13 @@
 
 ## Android
 
-- proxy-go,一个非官方实现版本,界面比较简陋,但是够用.下载地址:[proxy-go](https://github.com/snail007/goproxy-gui-stuff/releases/tag/proxy-go-release)
+- proxy-go,An unofficial implementation version, the interface is relatively simple, but enough.Download address:[proxy-go](https://github.com/snail007/goproxy-gui-stuff/releases/tag/proxy-go-release)
 
 
 ## IOS
 
 - Coming Soon ...
 
-## 跨平台
+## Cross-platform
 
-- proxy-web,一个跨平台的web UI版本,项目主页:[proxy-web](https://github.com/yincongcyincong/proxy-web)
+- proxy-web,A cross-platform web UI version,project home page:[proxy-web](https://github.com/yincongcyincong/proxy-web)

gui/README_ZH.md

@@ -0,0 +1,27 @@
+# Proxy-GUI
+基于proxy的各平台SDK,作者和众多热心人士开发了各平台的GUI版本的proxy,下面分平台介绍.  
+
+## Windows
+
+- 官方java版本,项目主页:[goproxy-jui](https://github.com/snail007/goproxy-jui)
+
+## Linux
+
+- 官方java版本,项目主页:[goproxy-jui](https://github.com/snail007/goproxy-jui)
+
+## MacOS
+
+- Coming Soon ...
+
+## Android
+
+- proxy-go,一个非官方实现版本,界面比较简陋,但是够用.下载地址:[proxy-go](https://github.com/snail007/goproxy-gui-stuff/releases/tag/proxy-go-release)
+
+
+## IOS
+
+- Coming Soon ...
+
+## 跨平台
+
+- proxy-web,一个跨平台的web UI版本,项目主页:[proxy-web](https://github.com/yincongcyincong/proxy-web)

install_auto.sh

@@ -5,7 +5,10 @@ if [ -e /tmp/proxy ]; then
 fi
 mkdir /tmp/proxy
 cd /tmp/proxy
-wget https://github.com/snail007/goproxy/releases/download/v4.8/proxy-linux-amd64.tar.gz
+
+LAST_VERSION=$(curl --silent "https://api.github.com/repos/snail007/goproxy/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')
+
+wget "https://github.com/snail007/goproxy/releases/download/${LAST_VERSION}/proxy-linux-amd64.tar.gz"
 
 # #install proxy
 tar zxvf proxy-linux-amd64.tar.gz
@@ -19,7 +22,7 @@ fi
 
 if [ ! -e /etc/proxy/proxy.crt ]; then
     cd /etc/proxy/
-    proxy keygen >/dev/null 2>&1 
+    proxy keygen -C proxy >/dev/null 2>&1 
 fi
 rm -rf /tmp/proxy
 echo "install done"

keygen.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-openssl genrsa -out proxy.key 2048
-openssl req -new -key proxy.key -x509 -days 3650 -out proxy.crt -subj /C=CN/ST=BJ/O="Localhost Ltd"/CN=proxy

main.go

@@ -1,15 +1,17 @@
 package main
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"os/signal"
+	"runtime/debug"
 	"syscall"
 
 	"github.com/snail007/goproxy/services"
 )
 
-const APP_VERSION = "4.8"
+var APP_VERSION = "No Version Provided"
 
 func main() {
 	err := initConfig()
@@ -32,7 +34,12 @@ func Clean(s *services.Service) {
 		syscall.SIGTERM,
 		syscall.SIGQUIT)
 	go func() {
-		for _ = range signalChan {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		for range signalChan {
 			log.Println("Received an interrupt, stopping services...")
 			if s != nil && *s != nil {
 				(*s).Clean()
@@ -41,11 +48,12 @@ func Clean(s *services.Service) {
 				log.Printf("clean process %d", cmd.Process.Pid)
 				cmd.Process.Kill()
 			}
-			if isDebug {
+			if *isDebug {
 				saveProfiling()
 			}
 			cleanupDone <- true
 		}
 	}()
 	<-cleanupDone
+	os.Exit(0)
 }

release.sh

@@ -1,74 +1,84 @@
 #!/bin/bash
-VER="4.8"
-RELEASE="release-${VER}"
+VERSION=$(cat VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X main.APP_VERSION=$VER"
+RELEASE="release-${VERSION}"
+TRIMPATH1="/Users/snail/go/src/github.com/snail007"
+TRIMPATH=$(dirname ~/go/src/github.com/snail007)/snail007
+if [ -d "$TRIMPATH1" ];then
+	TRIMPATH=$TRIMPATH1
+fi
+OPTS="-gcflags=-trimpath=$TRIMPATH -asmflags=-trimpath=$TRIMPATH"
+
 rm -rf .cert
 mkdir .cert
-go build -o proxy 
+go build $OPTS -ldflags "$X" -o proxy 
 cd .cert
-../proxy keygen
+../proxy keygen -C proxy
 cd ..
 rm -rf ${RELEASE}
 mkdir ${RELEASE}
 #linux
-CGO_ENABLED=0 GOOS=linux GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-386.tar.gz" proxy direct blocked
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=6 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v6.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=6 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v6.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v7.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=7 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v7.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=5 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v5.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=5 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v5.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=mips go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64le.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=mipsle go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-mipsle.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=ppc64 go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-ppc64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-ppc64le.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=linux GOARCH=s390x go build -o proxy && tar zcfv "${RELEASE}/proxy-linux-s390x.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-386.tar.gz" proxy direct blocked
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=6 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v6.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=6 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v6.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v7.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=7 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v7.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=5 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v5.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 GOARM=5 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v5.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm64-v8.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-arm-v8.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips64le go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64le.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mipsle go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mipsle.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips-softfloat.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips64 GOMIPS=softfloat go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64-softfloat.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mips64le GOMIPS=softfloat go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mips64le-softfloat.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-mipsle-softfloat.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=ppc64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-ppc64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-ppc64le.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=linux GOARCH=s390x go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-linux-s390x.tar.gz" proxy direct blocked 
 #android
-CGO_ENABLED=0 GOOS=android GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-android-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=android GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-android-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=android GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-android-arm.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=android GOARCH=arm64 go build -o proxy && tar zcfv "${RELEASE}/proxy-android-arm64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=android GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-android-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=android GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-android-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=android GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-android-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=android GOARCH=arm64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-android-arm64.tar.gz" proxy direct blocked 
 #darwin
-CGO_ENABLED=0 GOOS=darwin GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-darwin-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-darwin-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=darwin GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-darwin-arm.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o proxy && tar zcfv "${RELEASE}/proxy-darwin-arm64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=darwin GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-darwin-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-darwin-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=darwin GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-darwin-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-darwin-arm64.tar.gz" proxy direct blocked 
 #dragonfly
-CGO_ENABLED=0 GOOS=dragonfly GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-dragonfly-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=dragonfly GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-dragonfly-amd64.tar.gz" proxy direct blocked 
 #freebsd
-CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=freebsd GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=freebsd GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=freebsd GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=freebsd GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-freebsd-arm.tar.gz" proxy direct blocked 
 #nacl
-CGO_ENABLED=0 GOOS=nacl GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-nacl-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=nacl GOARCH=amd64p32 go build -o proxy && tar zcfv "${RELEASE}/proxy-nacl-amd64p32.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=nacl GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-nacl-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=nacl GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-nacl-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=nacl GOARCH=amd64p32 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-nacl-amd64p32.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=nacl GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-nacl-arm.tar.gz" proxy direct blocked 
 #netbsd
-CGO_ENABLED=0 GOOS=netbsd GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=netbsd GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=netbsd GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=netbsd GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=netbsd GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=netbsd GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-netbsd-arm.tar.gz" proxy direct blocked 
 #openbsd
-CGO_ENABLED=0 GOOS=openbsd GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=openbsd GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=openbsd GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=openbsd GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=openbsd GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=openbsd GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-openbsd-arm.tar.gz" proxy direct blocked 
 #plan9
-CGO_ENABLED=0 GOOS=plan9 GOARCH=386 go build -o proxy && tar zcfv "${RELEASE}/proxy-plan9-386.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=plan9 GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-plan9-amd64.tar.gz" proxy direct blocked 
-CGO_ENABLED=0 GOOS=plan9 GOARCH=arm go build -o proxy && tar zcfv "${RELEASE}/proxy-plan9-arm.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=plan9 GOARCH=386 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-plan9-386.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=plan9 GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-plan9-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=plan9 GOARCH=arm go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-plan9-arm.tar.gz" proxy direct blocked 
 #solaris
-CGO_ENABLED=0 GOOS=solaris GOARCH=amd64 go build -o proxy && tar zcfv "${RELEASE}/proxy-solaris-amd64.tar.gz" proxy direct blocked 
+CGO_ENABLED=0 GOOS=solaris GOARCH=amd64 go build $OPTS -ldflags "$X" -o proxy && tar zcfv "${RELEASE}/proxy-solaris-amd64.tar.gz" proxy direct blocked 
 #windows
-CGO_ENABLED=0 GOOS=windows GOARCH=386 go build  -ldflags="-H=windowsgui" -o proxy-wingui.exe
-CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -o proxy.exe && tar zcfv "${RELEASE}/proxy-windows-386.tar.gz" proxy.exe proxy-wingui.exe direct blocked .cert/proxy.crt .cert/proxy.key
-CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags="-H=windowsgui" -o proxy-wingui.exe
-CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o proxy.exe && tar zcfv "${RELEASE}/proxy-windows-amd64.tar.gz" proxy.exe proxy-wingui.exe direct blocked .cert/proxy.crt .cert/proxy.key
+CGO_ENABLED=0 GOOS=windows GOARCH=386 go build $OPTS -ldflags="-H=windowsgui $X" -o proxy-noconsole.exe
+CGO_ENABLED=0 GOOS=windows GOARCH=386 go build $OPTS  -ldflags "$X" -o proxy.exe && tar zcfv "${RELEASE}/proxy-windows-386.tar.gz" proxy.exe proxy-noconsole.exe direct blocked .cert/proxy.crt .cert/proxy.key
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build $OPTS -ldflags="-H=windowsgui $X" -o proxy-noconsole.exe
+CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build $OPTS  -ldflags "$X" -o proxy.exe && tar zcfv "${RELEASE}/proxy-windows-amd64.tar.gz" proxy.exe proxy-noconsole.exe direct blocked .cert/proxy.crt .cert/proxy.key
 
-rm -rf proxy proxy.exe proxy-wingui.exe .cert
+rm -rf proxy proxy.exe proxy-noconsole.exe .cert
 
-#todo
-#1.release.sh        VER="xxx"
-#2.main.go           APP_VERSION="xxx"
-#3.install_auto.sh   goproxy/releases/download/vxxx
-#4.README            goproxy/releases/download/vxxx

sdk/CHANGELOG

@@ -1,3 +0,0 @@
-v4.8
-1.修复了多个服务同时开启日志,只会输出到最后一个日志文件的bug.  
-2.增加了获取sdk版本的Version()方法.  

sdk/README.md

@@ -1,259 +0,0 @@
-
-# Proxy SDK 使用说明  
-
-支持以下平台:  
-- Android,`.arr`库
-- IOS,`.framework`库
-- Windows,`.dll`库
-- Linux,`.so`库
-- MacOS,`.dylib`库
-
-proxy使用gombile实现了一份go代码编译为android和ios平台下面可以直接调用的sdk类库, 
-另外还为linux和windows,MacOS提供sdk支持，基于这些类库,APP开发者可以轻松的开发出各种形式的代理工具。    
-
-# 下面分平台介绍SDK的用法  
-
-## Android SDK
-  
-[![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy-sdk-android/) [![license](https://img.shields.io/github/license/snail007/goproxy-sdk-android.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy-sdk-android/total.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-android/releases) [![download](https://img.shields.io/github/release/snail007/goproxy-sdk-android.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-android/releases)  
-  
-[点击下载Android-SDK](https://github.com/snail007/goproxy-sdk-android/releases)  
-在Android系统提供的sdk形式是一个后缀为.aar的类库文件,开发的时候只需要把arr类库文件引入android项目即可.  
-
-### Android-SDK使用实例
-
-#### 1.导入包
-
-```java
-import snail007.proxy.Porxy
-```
-
-#### 2.启动一个服务
-
-```java
-String serviceID="http01";//这里serviceID是自定义的唯一标识字符串,保证每个启动的服务不一样即可
-String serviceArgs="http -p :8080";
-String err=Proxy.start(serviceID,serviceArgs);
-if (!err.isEmpty()){
-    //启动失败
-    System.out.println("start fail,error:"+err);
-}else{
-    //启动成功
-}
-```
-
-#### 3.停止一个服务
-
-```java
-String serviceID="http01";
-Proxy.stop(serviceID);
-//停止完毕
-
-```
-
-## IOS SDK
-  
-[![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy-sdk-ios/) [![license](https://img.shields.io/github/license/snail007/goproxy-sdk-ios.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy-sdk-ios/total.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-ios/releases) [![download](https://img.shields.io/github/release/snail007/goproxy-sdk-ios.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-ios/releases)  
-  
-[点击下载IOS-SDK](https://github.com/snail007/goproxy-sdk-ios/releases)  
-在IOS系统提供的sdk形式是一个后缀为.framework的类库文件夹,开发的时候只需要把类库文件引入项目,然后调用方法即可.  
-
-### IOS-SDK使用实例
-
-#### 导入包
-
-```objc
-#import <Proxy/Proxy.objc.h>
-```
-
-#### 2.启动一个服务
-
-```objc
--(IBAction)doStart:(id)sender
-{
-	//这里serviceID是自定义的唯一标识字符串,保证每个启动的服务不一样
-	NSString *serviceID = @"http01";
-    NSString *serviceArgs = @"http -p :8080";
-    NSString *error = ProxyStart(serviceID,serviceArgs);
-    
-    if (error != nil && error.length > 0)
-    {
-        NSLog(@"start error %@",error);
-    }else{
-        NSLog(@"启动成功");
-    }
-}
-```
-
-#### 3.停止一个服务
-
-```objc
--(IBAction)doStop:(id)sender
-{
-    NSString *serviceID = @"http01";
-    ProxyStop(serviceID);
-    //停止完毕
-}
-```
-
-
-## Windows SDK
-[![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy-sdk-windows/) [![license](https://img.shields.io/github/license/snail007/goproxy-sdk-windows.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy-sdk-windows/total.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-windows/releases) [![download](https://img.shields.io/github/release/snail007/goproxy-sdk-windows.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-windows/releases)  
-  
-[点击下载Windows-SDK](https://github.com/snail007/goproxy-sdk-windows/releases)  
-在Windows系统提供的sdk形式是一个后缀为.dll的类库文件,开发的时候只需要把dll类库文件加载,然后调用方法即可.  
-
-### Windows-SDK使用实例  
-C++示例，不需要包含头文件，只需要加载proxy-sdk.dll即可，ieshims.dll需要和proxy-sdk.dll在一起。  
-作者：[yjbdsky](https://github.com/yjbdsky)     
-
-```cpp
-#include <stdio.h>
-#include<stdlib.h>
-#include <string.h>
-#include<pthread.h>
-#include<Windows.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef char *(*GOSTART)(char *s);
-typedef char *(*GOSTOP)(char *s);
-typedef int(*GOISRUN)(char *s);
-HMODULE GODLL = LoadLibrary("proxy-sdk.dll");
-
-char * Start(char * p0,char * p1)
-{
-	if (GODLL != NULL)
-	{
-		GOSTART gostart = *(GOSTART)(GetProcAddress(GODLL, "Start"));
-		if (gostart != NULL){
-			printf("%s:%s\n",p0, p1);
-			char *ret = gostart(p0,p1);
-			return ret;
-		}
-	}
-	return "Cannot Find dll";
-}
-char * Stop(char * p)
-{
-	if (GODLL != NULL)
-	{
-		GOSTOP gostop = *(GOSTOP)(GetProcAddress(GODLL, "Stop"));
-		if (gostop != NULL){
-			printf("%s\n", p);
-			char *ret = gostop(p);
-			return ret;
-		}
-	}
-	return "Cannot Find dll";
-}
-
-int main()
-{
-	//这里p0是自定义的唯一标识字符串,保证每个启动的服务不一样
-	char *p0 = "http01";
-	char *p1 = "http -t tcp -p :38080";
-	printf("This is demo application.\n");
-	//启动服务,返回空字符串说明启动成功;返回非空字符串说明启动失败,返回的字符串是错误原因
-	printf("start result %s\n", Start(p0,p1));
-	//停止服务,没有返回值
-	Stop(p0);
-	return 0;
-}
-
-
-#ifdef __cplusplus
-}
-#endif
-```
-
-C++示例2，请移步：[GoProxyForC](https://github.com/SuperPowerLF2/GoProxyForC)   
-
-## Linux SDK
-[![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy-sdk-linux/) [![license](https://img.shields.io/github/license/snail007/goproxy-sdk-linux.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy-sdk-linux/total.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-linux/releases) [![download](https://img.shields.io/github/release/snail007/goproxy-sdk-linux.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-linux/releases)  
-  
-[点击下载Linux-SDK](https://github.com/snail007/goproxy-sdk-linux/releases)  
-在Linux系统提供的sdk形式是一个后缀为.so的类库文件,开发的时候只需要把so类库加载,调用方法即可.  
-
-### Linux-SDK使用实例
-Linux下面使用的sdk是so文件即libproxy-sdk.so,下面写一个简单的C程序示例,调用so库里面的方法.  
-
-`vi test-proxy.c`  
-
-```c
-#include <stdio.h>
-#include "libproxy-sdk.h"
-
-int main() {
-     printf("This is demo application.\n");
-	 //这里p0是自定义的唯一标识字符串,保证每个启动的服务不一样
-	 char *p0 = "http01";
-     char *p1 = "http -t tcp -p :38080";
-     //启动服务,返回空字符串说明启动成功;返回非空字符串说明启动失败,返回的字符串是错误原因
-     printf("start result %s\n",Start(p0,p1));
-     //停止服务,没有返回值
-     Stop(p0);
-     return 0;
-}
-```
-
-#### 编译test-proxy.c ####  
-`export LD_LIBRARY_PATH=./ && gcc -o test-proxy test.c libproxy-sdk.so`  
-
-#### 执行 ####  
-`./test-proxy`  
-
-## MacOS SDK
-[![stable](https://img.shields.io/badge/stable-stable-green.svg)](https://github.com/snail007/goproxy-sdk-mac/) [![license](https://img.shields.io/github/license/snail007/goproxy-sdk-mac.svg?style=plastic)]() [![download_count](https://img.shields.io/github/downloads/snail007/goproxy-sdk-mac/total.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-mac/releases) [![download](https://img.shields.io/github/release/snail007/goproxy-sdk-mac.svg?style=plastic)](https://github.com/snail007/goproxy-sdk-mac/releases)  
-  
-[点击下载MacOS-SDK](https://github.com/snail007/goproxy-sdk-mac/releases)  
-在MacOS系统提供的sdk形式是一个后缀为.dylib的类库文件,开发的时候只需要把so类库加载,调用方法即可.  
-
-### MacOS-SDK使用实例
-MacOS下面使用的sdk是dylib文件即libproxy-sdk.dylib,下面写一个简单的Obj-C程序示例,调用dylib库里面的方法.  
-
-```objc
-#import "libproxy-sdk.h"
--(IBAction)doStart:(id)sender
-{
-    char *result =  Start("http01", "http -t tcp -p :38080");
-    
-    if (result)
-    {
-        printf("started");
-    }else{
-        printf("not started");
-    }
-  
-}
--(IBAction)doStop:(id)sender
-{
-     Stop("http01");
-
-}
-```
-
-### 关于服务  
-proxy的服务有11种,分别是:  
-
-```shell
-http  
-socks  
-sps  
-tcp  
-udp  
-bridge  
-server  
-client  
-tbridge  
-tserver  
-tclient  
-```
-服务启动时,如果存在正在运行的相同ID的服务,那么之前的服务会被停掉,后面启动的服务覆盖之前的服务.  
-所以要保证每次启动服务的时候,第一个ID参数唯一.  
-上面这些服务的具体使用方式和具体参数,可以参考[proxy手册](https://github.com/snail007/goproxy/blob/master/README_ZH.md)  
-sdk里面的服务不支持手册里面的：--daemon和--forever参数.  
-
-

sdk/android-ios/dns.go

@@ -0,0 +1,277 @@
+package proxy
+
+import (
+	"crypto/md5"
+	"encoding/hex"
+	"fmt"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"time"
+
+	"golang.org/x/net/proxy"
+
+	"github.com/miekg/dns"
+	gocache "github.com/pmylund/go-cache"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	services "github.com/snail007/goproxy/services"
+)
+
+type DNSArgs struct {
+	ParentServiceType *string
+	ParentType        *string
+	Parent            *string
+	ParentAuth        *string
+	ParentKey         *string
+	ParentCompress    *bool
+	KCP               kcpcfg.KCPConfigArgs
+	CertFile          *string
+	KeyFile           *string
+	CaCertFile        *string
+	Local             *string
+	Timeout           *int
+	RemoteDNSAddress  *string
+	DNSTTL            *int
+	CacheFile         *string
+	LocalSocks5Port   *string
+}
+type DNS struct {
+	cfg        DNSArgs
+	log        *logger.Logger
+	cache      *gocache.Cache
+	exitSig    chan bool
+	serviceKey string
+	dialer     proxy.Dialer
+}
+
+func NewDNS() services.Service {
+	return &DNS{
+		cfg:        DNSArgs{},
+		exitSig:    make(chan bool, 1),
+		serviceKey: "dns-service-" + fmt.Sprintf("%d", time.Now().UnixNano()),
+	}
+}
+func (s *DNS) CheckArgs() (err error) {
+	return
+}
+func (s *DNS) InitService() (err error) {
+	s.cache = gocache.New(time.Second*time.Duration(*s.cfg.DNSTTL), time.Second*60)
+	s.cache.LoadFile(*s.cfg.CacheFile)
+	go func() {
+		for {
+			select {
+			case <-s.exitSig:
+				return
+			case <-time.After(time.Second * 300):
+				s.cache.DeleteExpired()
+				s.cache.SaveFile(*s.cfg.CacheFile)
+			}
+		}
+	}()
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		for {
+			select {
+			case <-s.exitSig:
+				return
+			case <-time.After(time.Second * 60):
+				err := s.cache.SaveFile(*s.cfg.CacheFile)
+				if err == nil {
+					//s.log.Printf("cache saved: %s", *s.cfg.CacheFile)
+				} else {
+					s.log.Printf("cache save failed: %s, %s", *s.cfg.CacheFile, err)
+				}
+			}
+		}
+	}()
+	s.dialer, err = proxy.SOCKS5("tcp", *s.cfg.Parent,
+		nil,
+		&net.Dialer{
+			Timeout:   5 * time.Second,
+			KeepAlive: 2 * time.Second,
+		},
+	)
+	if err != nil {
+		return
+	}
+
+	sdkArgs := fmt.Sprintf("sps -S %s -T %s -P %s -C %s -K %s -i %d -p 127.0.0.1:%s --disable-http",
+		*s.cfg.ParentServiceType,
+		*s.cfg.ParentType,
+		*s.cfg.Parent,
+		*s.cfg.CertFile,
+		*s.cfg.KeyFile,
+		*s.cfg.Timeout,
+		*s.cfg.LocalSocks5Port,
+	)
+	if *s.cfg.ParentKey != "" {
+		sdkArgs += " -Z " + *s.cfg.ParentKey
+	}
+	if *s.cfg.ParentAuth != "" {
+		sdkArgs += " -A " + *s.cfg.ParentAuth
+	}
+	if *s.cfg.CaCertFile != "" {
+		sdkArgs += " --ca " + *s.cfg.CaCertFile
+	}
+	if *s.cfg.ParentCompress {
+		sdkArgs += " -M"
+	}
+	s.log.Printf("start sps with : %s", sdkArgs)
+	errStr := Start(s.serviceKey, sdkArgs)
+	if errStr != "" {
+		err = fmt.Errorf("start sps service fail,%s", errStr)
+	}
+	return
+}
+func (s *DNS) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop dns service crashed,%s", e)
+		} else {
+			s.log.Printf("service dns stopped")
+		}
+	}()
+	Stop(s.serviceKey)
+	s.cache.Flush()
+	s.exitSig <- true
+}
+func (s *DNS) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(DNSArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		return
+	}
+	dns.HandleFunc(".", s.callback)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		log.Printf("dns server on udp %s", *s.cfg.Local)
+		err := dns.ListenAndServe(*s.cfg.Local, "udp", nil)
+		if err != nil {
+			log.Printf("dns listen error: %s", err)
+		}
+	}()
+	return
+}
+
+func (s *DNS) Clean() {
+	s.StopService()
+}
+func (s *DNS) callback(w dns.ResponseWriter, req *dns.Msg) {
+	defer func() {
+		if err := recover(); err != nil {
+			s.log.Printf("dns handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
+		}
+	}()
+	var (
+		key       string
+		m         *dns.Msg
+		err       error
+		data      []byte
+		id        uint16
+		query     []string
+		questions []dns.Question
+	)
+	if req.MsgHdr.Response == true {
+		return
+	}
+	query = make([]string, len(req.Question))
+	for i, q := range req.Question {
+		if q.Qtype != dns.TypeAAAA {
+			questions = append(questions, q)
+		}
+		query[i] = fmt.Sprintf("(%s %s %s)", q.Name, dns.ClassToString[q.Qclass], dns.TypeToString[q.Qtype])
+	}
+
+	if len(questions) == 0 {
+		return
+	}
+
+	req.Question = questions
+	id = req.Id
+	req.Id = 0
+	key = s.toMd5(req.String())
+	req.Id = id
+	if reply, ok := s.cache.Get(key); ok {
+		data, _ = reply.([]byte)
+	}
+	if data != nil && len(data) > 0 {
+		m = &dns.Msg{}
+		m.Unpack(data)
+		m.Id = id
+		err = w.WriteMsg(m)
+		s.log.Printf("id: %5d cache: HIT %v", id, query)
+		return
+
+	} else {
+		s.log.Printf("id: %5d cache: MISS %v", id, query)
+	}
+
+	s.log.Printf("id: %5d resolve: %v %s", id, query, *s.cfg.RemoteDNSAddress)
+
+	rawConn, err := s.dialer.Dial("tcp", *s.cfg.RemoteDNSAddress)
+	if err != nil {
+		s.log.Printf("dail to %s fail,%s", *s.cfg.RemoteDNSAddress, err)
+		return
+	}
+	defer rawConn.Close()
+	co := new(dns.Conn)
+	co.Conn = rawConn
+	defer co.Close()
+	if err = co.WriteMsg(req); err != nil {
+		s.log.Printf("write dns query fail,%s", err)
+		return
+	}
+	m, err = co.ReadMsg()
+	if err == nil && m.Id != req.Id {
+		s.log.Printf("id: %5d mismath", id)
+		return
+	}
+	if err != nil || len(m.Answer) == 0 {
+		s.log.Printf("dns query fail,%s", err)
+		return
+	}
+	data, err = m.Pack()
+	if err != nil {
+		s.log.Printf("dns query fail,%s", err)
+		return
+	}
+
+	_, err = w.Write(data)
+	if err != nil {
+		s.log.Printf("dns query fail,%s", err)
+		return
+	}
+	m.Id = 0
+	data, _ = m.Pack()
+	ttl := 0
+	if len(m.Answer) > 0 {
+		if *s.cfg.DNSTTL > 0 {
+			ttl = *s.cfg.DNSTTL
+		} else {
+			ttl = int(m.Answer[0].Header().Ttl)
+			if ttl < 0 {
+				ttl = *s.cfg.DNSTTL
+			}
+		}
+	}
+	s.cache.Set(key, data, time.Second*time.Duration(ttl))
+	m.Id = id
+	s.log.Printf("id: %5d cache: CACHED %v TTL %v", id, query, ttl)
+}
+func (s *DNS) toMd5(data string) string {
+	m := md5.New()
+	m.Write([]byte(data))
+	return hex.EncodeToString(m.Sum(nil))
+}

sdk/android-ios/release_android.sh

@@ -1,5 +1,8 @@
 #/bin/bash
-VER="v4.8"
+VERSION=$(cat ../../VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X github.com/snail007/goproxy/sdk/android-ios.SDK_VERSION=$VER -X main.APP_VERSION=$VER"
+
 rm -rf sdk-android-*.tar.gz
 rm -rf android
 mkdir android
@@ -14,11 +17,11 @@ mkdir android
 #go get -v golang.org/x/mobile/cmd/gomobile
 #gomobile init
 
-gomobile bind -v -target=android -javapkg=snail007 -ldflags="-s -w"
+gomobile bind -v -target=android -javapkg=snail007 -ldflags="-s -w $X"
 mv proxy.aar android/snail007.goproxy.sdk.aar
 mv proxy-sources.jar android/snail007.goproxy.sdk-sources.jar
 cp ../README.md android
-tar zcfv sdk-android-${VER}.tar.gz android
+tar zcfv sdk-android-${VERSION}.tar.gz android
 rm -rf android
 
 echo "done."

sdk/android-ios/release_ios.sh

@@ -1,14 +1,17 @@
 #/bin/bash
-VER="v4.8"
+VERSION=$(cat ../../VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X github.com/snail007/goproxy/sdk/android-ios.SDK_VERSION=$VER -X main.APP_VERSION=$VER"
+
 rm -rf sdk-ios-*.tar.gz
 rm -rf ios
 mkdir ios
 
 #ios  XCode required
-gomobile bind -v -target=ios -ldflags="-s -w"
+gomobile bind -v -target=ios -ldflags="-s -w $X"
 mv Proxy.framework ios
 cp ../README.md ios
-tar zcfv sdk-ios-${VER}.tar.gz ios
+tar zcfv sdk-ios-${VERSION}.tar.gz ios
 rm -rf ios
 
 echo "done."

sdk/android-ios/sdk.go

@@ -3,24 +3,61 @@ package proxy
 import (
 	"crypto/sha1"
 	"fmt"
+	"io/ioutil"
 	logger "log"
 	"os"
+	"path"
+	"path/filepath"
+	"runtime/pprof"
 	"strings"
+	"sync"
 
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
 	"github.com/snail007/goproxy/services"
-	"github.com/snail007/goproxy/services/kcpcfg"
+	httpx "github.com/snail007/goproxy/services/http"
+	keygenx "github.com/snail007/goproxy/services/keygen"
+	mux "github.com/snail007/goproxy/services/mux"
+	socksx "github.com/snail007/goproxy/services/socks"
+	spsx "github.com/snail007/goproxy/services/sps"
+	tcpx "github.com/snail007/goproxy/services/tcp"
+	tunnelx "github.com/snail007/goproxy/services/tunnel"
+	udpx "github.com/snail007/goproxy/services/udp"
 
 	kcp "github.com/xtaci/kcp-go"
 	"golang.org/x/crypto/pbkdf2"
 	kingpin "gopkg.in/alecthomas/kingpin.v2"
 )
 
-const SDK_VERSION = "4.8"
+var SDK_VERSION = "No Version Provided"
 
 var (
 	app *kingpin.Application
+	cpuProfilingFile, memProfilingFile, blockProfilingFile,
+	goroutineProfilingFile, threadcreateProfilingFile *os.File
+	isProfiling   bool
+	profilingLock = &sync.Mutex{}
 )
 
+type LogCallback interface {
+	Write(line string)
+}
+type logCallback interface {
+	Write(line string)
+}
+type logWriter struct {
+	callback LogCallback
+}
+
+func (s *logWriter) Write(p []byte) (n int, err error) {
+	s.callback.Write(string(p))
+	return
+}
+
+func Start(serviceID, serviceArgsStr string) (errStr string) {
+	return StartWithLog(serviceID, serviceArgsStr, nil)
+}
+
 //Start
 //serviceID : is service identify id,different service's id should be difference
 //serviceArgsStr: is the whole command line args string
@@ -30,25 +67,28 @@ var (
 //and so on.
 //if an error occured , errStr will be the error reason
 //if start success, errStr is empty.
-func Start(serviceID, serviceArgsStr string) (errStr string) {
+func StartWithLog(serviceID, serviceArgsStr string, loggerCallback LogCallback) (errStr string) {
 	//define  args
-	tcpArgs := services.TCPArgs{}
-	httpArgs := services.HTTPArgs{}
-	tunnelServerArgs := services.TunnelServerArgs{}
-	tunnelClientArgs := services.TunnelClientArgs{}
-	tunnelBridgeArgs := services.TunnelBridgeArgs{}
-	muxServerArgs := services.MuxServerArgs{}
-	muxClientArgs := services.MuxClientArgs{}
-	muxBridgeArgs := services.MuxBridgeArgs{}
-	udpArgs := services.UDPArgs{}
-	socksArgs := services.SocksArgs{}
-	spsArgs := services.SPSArgs{}
+	tcpArgs := tcpx.TCPArgs{}
+	httpArgs := httpx.HTTPArgs{}
+	tunnelServerArgs := tunnelx.TunnelServerArgs{}
+	tunnelClientArgs := tunnelx.TunnelClientArgs{}
+	tunnelBridgeArgs := tunnelx.TunnelBridgeArgs{}
+	muxServerArgs := mux.MuxServerArgs{}
+	muxClientArgs := mux.MuxClientArgs{}
+	muxBridgeArgs := mux.MuxBridgeArgs{}
+	udpArgs := udpx.UDPArgs{}
+	socksArgs := socksx.SocksArgs{}
+	spsArgs := spsx.SPSArgs{}
+	dnsArgs := DNSArgs{}
+	keygenArgs := keygenx.KeygenArgs{}
 	kcpArgs := kcpcfg.KCPConfigArgs{}
 	//build srvice args
 	app = kingpin.New("proxy", "happy with proxy")
 	app.Author("snail").Version(SDK_VERSION)
 	debug := app.Flag("debug", "debug log output").Default("false").Bool()
 	logfile := app.Flag("log", "log file path").Default("").String()
+	nolog := app.Flag("nolog", "turn off logging").Default("false").Bool()
 	kcpArgs.Key = app.Flag("kcp-key", "pre-shared secret between client and server").Default("secrect").String()
 	kcpArgs.Crypt = app.Flag("kcp-method", "encrypt/decrypt method, can be: aes, aes-128, aes-192, salsa20, blowfish, twofish, cast5, 3des, tea, xtea, xor, sm4, none").Default("aes").Enum("aes", "aes-128", "aes-192", "salsa20", "blowfish", "twofish", "cast5", "3des", "tea", "xtea", "xor", "sm4", "none")
 	kcpArgs.Mode = app.Flag("kcp-mode", "profiles: fast3, fast2, fast, normal, manual").Default("fast3").Enum("fast3", "fast2", "fast", "normal", "manual")
@@ -69,7 +109,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 
 	//########http#########
 	http := app.Command("http", "proxy on http mode")
-	httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	httpArgs.Parent = http.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
 	httpArgs.CaCertFile = http.Flag("ca", "ca cert file for tls").Default("").String()
 	httpArgs.CertFile = http.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	httpArgs.KeyFile = http.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
@@ -89,7 +129,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	httpArgs.SSHKeyFile = http.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
 	httpArgs.SSHKeyFileSalt = http.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
 	httpArgs.SSHPassword = http.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
-	httpArgs.LocalIPS = http.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	httpArgs.LocalIPS = http.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	httpArgs.AuthURL = http.Flag("auth-url", "http basic auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	httpArgs.AuthURLTimeout = http.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	httpArgs.AuthURLOkCode = http.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
@@ -100,7 +140,16 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	httpArgs.ParentKey = http.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	httpArgs.LocalCompress = http.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	httpArgs.ParentCompress = http.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
-
+	httpArgs.Intelligent = http.Flag("intelligent", "settting intelligent HTTP, SOCKS5 proxy mode, can be <intelligent|direct|parent>").Default("intelligent").Enum("intelligent", "direct", "parent")
+	httpArgs.LoadBalanceMethod = http.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("roundrobin").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	httpArgs.LoadBalanceTimeout = http.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	httpArgs.LoadBalanceRetryTime = http.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	httpArgs.LoadBalanceHashTarget = http.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	httpArgs.LoadBalanceOnlyHA = http.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	httpArgs.RateLimit = http.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	httpArgs.BindListen = http.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+	httpArgs.Jumper = http.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	httpArgs.Debug = debug
 	//########tcp#########
 	tcp := app.Command("tcp", "proxy on tcp mode")
 	tcpArgs.Parent = tcp.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
@@ -111,6 +160,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	tcpArgs.LocalType = tcp.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	tcpArgs.CheckParentInterval = tcp.Flag("check-parent-interval", "check if proxy is okay every interval seconds,zero: means no check").Short('I').Default("3").Int()
 	tcpArgs.Local = tcp.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
+	tcpArgs.Jumper = tcp.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########udp#########
 	udp := app.Command("udp", "proxy on udp mode")
@@ -125,7 +175,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	//########mux-server#########
 	muxServer := app.Command("server", "proxy on mux server mode")
 	muxServerArgs.Parent = muxServer.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
-	muxServerArgs.ParentType = muxServer.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Default("tls").Short('T').Enum("tls", "tcp", "kcp")
+	muxServerArgs.ParentType = muxServer.Flag("parent-type", "parent protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('T').Enum("tls", "tcp", "tcps", "kcp", "tou")
 	muxServerArgs.CertFile = muxServer.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	muxServerArgs.KeyFile = muxServer.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxServerArgs.Timeout = muxServer.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
@@ -134,17 +184,27 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	muxServerArgs.Route = muxServer.Flag("route", "local route to client's network, such as: PROTOCOL://LOCAL_IP:LOCAL_PORT@[CLIENT_KEY]CLIENT_LOCAL_HOST:CLIENT_LOCAL_PORT").Short('r').Default("").Strings()
 	muxServerArgs.IsCompress = muxServer.Flag("c", "compress data when tcp|tls mode").Default("false").Bool()
 	muxServerArgs.SessionCount = muxServer.Flag("session-count", "session count which connect to bridge").Short('n').Default("10").Int()
+	muxServerArgs.Jumper = muxServer.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	muxServerArgs.TCPSMethod = muxServer.Flag("tcps-method", "method of parent tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxServerArgs.TCPSPassword = muxServer.Flag("tcps-password", "password of parent tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxServerArgs.TOUMethod = muxServer.Flag("tou-method", "method of parent tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxServerArgs.TOUPassword = muxServer.Flag("tou-password", "password of parent tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########mux-client#########
 	muxClient := app.Command("client", "proxy on mux client mode")
 	muxClientArgs.Parent = muxClient.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
-	muxClientArgs.ParentType = muxClient.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Default("tls").Short('T').Enum("tls", "tcp", "kcp")
+	muxClientArgs.ParentType = muxClient.Flag("parent-type", "parent protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('T').Enum("tls", "tcp", "tcps", "kcp", "tou")
 	muxClientArgs.CertFile = muxClient.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	muxClientArgs.KeyFile = muxClient.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxClientArgs.Timeout = muxClient.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
 	muxClientArgs.Key = muxClient.Flag("k", "key same with server").Default("default").String()
 	muxClientArgs.IsCompress = muxClient.Flag("c", "compress data when tcp|tls mode").Default("false").Bool()
 	muxClientArgs.SessionCount = muxClient.Flag("session-count", "session count which connect to bridge").Short('n').Default("10").Int()
+	muxClientArgs.Jumper = muxClient.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
+	muxClientArgs.TCPSMethod = muxClient.Flag("tcps-method", "method of parent tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxClientArgs.TCPSPassword = muxClient.Flag("tcps-password", "password of parent tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxClientArgs.TOUMethod = muxClient.Flag("tou-method", "method of parent tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxClientArgs.TOUPassword = muxClient.Flag("tou-password", "password of parent tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########mux-bridge#########
 	muxBridge := app.Command("bridge", "proxy on mux bridge mode")
@@ -152,7 +212,11 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	muxBridgeArgs.KeyFile = muxBridge.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	muxBridgeArgs.Timeout = muxBridge.Flag("timeout", "tcp timeout with milliseconds").Short('i').Default("2000").Int()
 	muxBridgeArgs.Local = muxBridge.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
-	muxBridgeArgs.LocalType = muxBridge.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tls").Short('t').Enum("tls", "tcp", "kcp")
+	muxBridgeArgs.LocalType = muxBridge.Flag("local-type", "local protocol type <tls|tcp|tcps|kcp|tou>").Default("tls").Short('t').Enum("tls", "tcp", "tcps", "kcp", "tou")
+	muxBridgeArgs.TCPSMethod = muxBridge.Flag("tcps-method", "method of local tcps's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxBridgeArgs.TCPSPassword = muxBridge.Flag("tcps-password", "password of local tcps's encrpyt/decrypt").Default("snail007's_goproxy").String()
+	muxBridgeArgs.TOUMethod = muxBridge.Flag("tou-method", "method of local tou's encrpyt/decrypt, these below are supported :\n"+strings.Join(encryptconn.GetCipherMethods(), ",")).Default("aes-192-cfb").String()
+	muxBridgeArgs.TOUPassword = muxBridge.Flag("tou-password", "password of local tou's encrpyt/decrypt").Default("snail007's_goproxy").String()
 
 	//########tunnel-server#########
 	tunnelServer := app.Command("tserver", "proxy on tunnel server mode")
@@ -163,6 +227,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	tunnelServerArgs.IsUDP = tunnelServer.Flag("udp", "proxy on udp tunnel server mode").Default("false").Bool()
 	tunnelServerArgs.Key = tunnelServer.Flag("k", "client key").Default("default").String()
 	tunnelServerArgs.Route = tunnelServer.Flag("route", "local route to client's network, such as: PROTOCOL://LOCAL_IP:LOCAL_PORT@[CLIENT_KEY]CLIENT_LOCAL_HOST:CLIENT_LOCAL_PORT").Short('r').Default("").Strings()
+	tunnelServerArgs.Jumper = tunnelServer.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########tunnel-client#########
 	tunnelClient := app.Command("tclient", "proxy on tunnel client mode")
@@ -171,6 +236,7 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	tunnelClientArgs.KeyFile = tunnelClient.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	tunnelClientArgs.Timeout = tunnelClient.Flag("timeout", "tcp timeout with milliseconds").Short('t').Default("2000").Int()
 	tunnelClientArgs.Key = tunnelClient.Flag("k", "key same with server").Default("default").String()
+	tunnelClientArgs.Jumper = tunnelClient.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Short('J').Default("").String()
 
 	//########tunnel-bridge#########
 	tunnelBridge := app.Command("tbridge", "proxy on tunnel bridge mode")
@@ -181,19 +247,17 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 
 	//########ssh#########
 	socks := app.Command("socks", "proxy on ssh mode")
-	socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').String()
+	socksArgs.Parent = socks.Flag("parent", "parent ssh address, such as: \"23.32.32.19:22\"").Default("").Short('P').Strings()
 	socksArgs.ParentType = socks.Flag("parent-type", "parent protocol type <tls|tcp|kcp|ssh>").Default("tcp").Short('T').Enum("tls", "tcp", "kcp", "ssh")
 	socksArgs.LocalType = socks.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	socksArgs.Local = socks.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String()
-	socksArgs.UDPParent = socks.Flag("udp-parent", "udp parent address, such as: \"23.32.32.19:33090\"").Default("").Short('X').String()
-	socksArgs.UDPLocal = socks.Flag("udp-local", "udp local ip:port to listen").Short('x').Default(":33090").String()
 	socksArgs.CertFile = socks.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	socksArgs.CaCertFile = socks.Flag("ca", "ca cert file for tls").Default("").String()
 	socksArgs.KeyFile = socks.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	socksArgs.SSHUser = socks.Flag("ssh-user", "user for ssh").Short('u').Default("").String()
 	socksArgs.SSHKeyFile = socks.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String()
 	socksArgs.SSHKeyFileSalt = socks.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String()
-	socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('A').Default("").String()
+	socksArgs.SSHPassword = socks.Flag("ssh-password", "password for ssh").Short('D').Default("").String()
 	socksArgs.Always = socks.Flag("always", "always use parent proxy").Default("false").Bool()
 	socksArgs.Timeout = socks.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Default("5000").Int()
 	socksArgs.Interval = socks.Flag("interval", "check domain if blocked every interval seconds").Default("10").Int()
@@ -201,21 +265,31 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	socksArgs.Direct = socks.Flag("direct", "direct domain file , one domain each line").Default("direct").Short('d').String()
 	socksArgs.AuthFile = socks.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
 	socksArgs.Auth = socks.Flag("auth", "socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings()
-	socksArgs.LocalIPS = socks.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	socksArgs.LocalIPS = socks.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	socksArgs.AuthURL = socks.Flag("auth-url", "auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	socksArgs.AuthURLTimeout = socks.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	socksArgs.AuthURLOkCode = socks.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
 	socksArgs.AuthURLRetry = socks.Flag("auth-retry", "access 'auth-url' fail and retry count").Default("0").Int()
+	socksArgs.ParentAuth = socks.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
 	socksArgs.DNSAddress = socks.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
 	socksArgs.DNSTTL = socks.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
 	socksArgs.LocalKey = socks.Flag("local-key", "the password for auto encrypt/decrypt local connection data").Short('z').Default("").String()
 	socksArgs.ParentKey = socks.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	socksArgs.LocalCompress = socks.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	socksArgs.ParentCompress = socks.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+	socksArgs.Intelligent = socks.Flag("intelligent", "settting intelligent HTTP, SOCKS5 proxy mode, can be <intelligent|direct|parent>").Default("intelligent").Enum("intelligent", "direct", "parent")
+	socksArgs.LoadBalanceMethod = socks.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("roundrobin").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	socksArgs.LoadBalanceTimeout = socks.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	socksArgs.LoadBalanceRetryTime = socks.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	socksArgs.LoadBalanceHashTarget = socks.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	socksArgs.LoadBalanceOnlyHA = socks.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	socksArgs.RateLimit = socks.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	socksArgs.BindListen = socks.Flag("bind-listen", "using listener binding IP when connect to target").Short('B').Default("false").Bool()
+	socksArgs.Debug = debug
 
 	//########socks+http(s)#########
 	sps := app.Command("sps", "proxy on socks+http(s) mode")
-	spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	spsArgs.Parent = sps.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').Strings()
 	spsArgs.CertFile = sps.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
 	spsArgs.KeyFile = sps.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
 	spsArgs.CaCertFile = sps.Flag("ca", "ca cert file for tls").Default("").String()
@@ -223,12 +297,12 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	spsArgs.ParentType = sps.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Short('T').Enum("tls", "tcp", "kcp")
 	spsArgs.LocalType = sps.Flag("local-type", "local protocol type <tls|tcp|kcp>").Default("tcp").Short('t').Enum("tls", "tcp", "kcp")
 	spsArgs.Local = sps.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String()
-	spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type <http|socks>").Short('S').Enum("http", "socks")
+	spsArgs.ParentServiceType = sps.Flag("parent-service-type", "parent service type <http|socks|ss>").Short('S').Enum("http", "socks", "ss")
 	spsArgs.DNSAddress = sps.Flag("dns-address", "if set this, proxy will use this dns for resolve doamin").Short('q').Default("").String()
 	spsArgs.DNSTTL = sps.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
 	spsArgs.AuthFile = sps.Flag("auth-file", "http basic auth file,\"username:password\" each line in file").Short('F').String()
 	spsArgs.Auth = sps.Flag("auth", "socks auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings()
-	spsArgs.LocalIPS = sps.Flag("local bind ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
+	spsArgs.LocalIPS = sps.Flag("local-bind-ips", "if your host behind a nat,set your public ip here avoid dead loop").Short('g').Strings()
 	spsArgs.AuthURL = sps.Flag("auth-url", "auth username and password will send to this url,response http code equal to 'auth-code' means ok,others means fail.").Default("").String()
 	spsArgs.AuthURLTimeout = sps.Flag("auth-timeout", "access 'auth-url' timeout milliseconds").Default("3000").Int()
 	spsArgs.AuthURLOkCode = sps.Flag("auth-code", "access 'auth-url' success http code").Default("204").Int()
@@ -238,13 +312,48 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	spsArgs.ParentKey = sps.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
 	spsArgs.LocalCompress = sps.Flag("local-compress", "auto compress/decompress data on local connection").Short('m').Default("false").Bool()
 	spsArgs.ParentCompress = sps.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
-	spsArgs.SSMethod = sps.Flag("ss-method", "").Hidden().Short('h').Default("aes-256-cfb").String()
-	spsArgs.SSKey = sps.Flag("ss-key", "").Hidden().Short('j').Default("sspassword").String()
-	spsArgs.ParentSSMethod = sps.Flag("parent-ss-method", "").Hidden().Short('H').Default("aes-256-cfb").String()
-	spsArgs.ParentSSKey = sps.Flag("parent-ss-key", "").Hidden().Short('J').Default("sspassword").String()
+	spsArgs.SSMethod = sps.Flag("ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss client , \"-t tcp\" is required").Short('h').Default("aes-256-cfb").String()
+	spsArgs.SSKey = sps.Flag("ss-key", "if you use ss client , \"-t tcp\" is required").Short('j').Default("sspassword").String()
+	spsArgs.ParentSSMethod = sps.Flag("parent-ss-method", "the following methods are supported: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4-md5-6, chacha20, salsa20, rc4, table, des-cfb, chacha20-ietf; if you use ss server as parent, \"-T tcp\" is required").Short('H').Default("aes-256-cfb").String()
+	spsArgs.ParentSSKey = sps.Flag("parent-ss-key", "if you use ss server as parent, \"-T tcp\" is required").Short('J').Default("sspassword").String()
 	spsArgs.DisableHTTP = sps.Flag("disable-http", "disable http(s) proxy").Default("false").Bool()
 	spsArgs.DisableSocks5 = sps.Flag("disable-socks", "disable socks proxy").Default("false").Bool()
-	spsArgs.DisableSS = sps.Flag("disable-ss", "").Hidden().Default("false").Bool()
+	spsArgs.DisableSS = sps.Flag("disable-ss", "disable ss proxy").Default("false").Bool()
+	spsArgs.LoadBalanceMethod = sps.Flag("lb-method", "load balance method when use multiple parent,can be <roundrobin|leastconn|leasttime|hash|weight>").Default("hash").Enum("roundrobin", "weight", "leastconn", "leasttime", "hash")
+	spsArgs.LoadBalanceTimeout = sps.Flag("lb-timeout", "tcp milliseconds timeout of connecting to parent").Default("500").Int()
+	spsArgs.LoadBalanceRetryTime = sps.Flag("lb-retrytime", "sleep time milliseconds after checking").Default("1000").Int()
+	spsArgs.LoadBalanceHashTarget = sps.Flag("lb-hashtarget", "use target address to choose parent for LB").Default("false").Bool()
+	spsArgs.LoadBalanceOnlyHA = sps.Flag("lb-onlyha", "use only `high availability mode` to choose parent for LB").Default("false").Bool()
+	spsArgs.RateLimit = sps.Flag("rate-limit", "rate limit (bytes/second) of each connection, such as: 100K 1.5M . 0 means no limitation").Short('l').Default("0").String()
+	spsArgs.Jumper = sps.Flag("jumper", "https or socks5 proxies used when connecting to parent, only worked of -T is tls or tcp, format is https://username:password@host:port https://host:port or socks5://username:password@host:port socks5://host:port").Default("").String()
+	spsArgs.ParentTLSSingle = sps.Flag("parent-tls-single", "conntect to parent insecure skip verify").Default("false").Bool()
+	spsArgs.Debug = debug
+
+	//########dns#########
+	dns := app.Command("dns", "proxy on dns server mode")
+	dnsArgs.Parent = dns.Flag("parent", "parent address, such as: \"23.32.32.19:28008\"").Default("").Short('P').String()
+	dnsArgs.CertFile = dns.Flag("cert", "cert file for tls").Short('C').Default("proxy.crt").String()
+	dnsArgs.KeyFile = dns.Flag("key", "key file for tls").Short('K').Default("proxy.key").String()
+	dnsArgs.CaCertFile = dns.Flag("ca", "ca cert file for tls").Default("").String()
+	dnsArgs.Timeout = dns.Flag("timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Short('i').Default("2000").Int()
+	dnsArgs.ParentType = dns.Flag("parent-type", "parent protocol type <tls|tcp|kcp>").Short('T').Enum("tls", "tcp", "kcp")
+	dnsArgs.Local = dns.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":53").String()
+	dnsArgs.ParentServiceType = dns.Flag("parent-service-type", "parent service type <http|socks>").Short('S').Enum("http", "socks")
+	dnsArgs.RemoteDNSAddress = dns.Flag("dns-address", "remote dns for resolve doamin").Short('q').Default("8.8.8.8:53").String()
+	dnsArgs.DNSTTL = dns.Flag("dns-ttl", "caching seconds of dns query result").Short('e').Default("300").Int()
+	dnsArgs.ParentAuth = dns.Flag("parent-auth", "parent socks auth username and password, such as: -A user1:pass1").Short('A').String()
+	dnsArgs.ParentKey = dns.Flag("parent-key", "the password for auto encrypt/decrypt parent connection data").Short('Z').Default("").String()
+	dnsArgs.ParentCompress = dns.Flag("parent-compress", "auto compress/decompress data on parent connection").Short('M').Default("false").Bool()
+	dnsArgs.CacheFile = dns.Flag("cache-file", "dns result cached file").Short('f').Default(filepath.Join(path.Dir(os.Args[0]), "cache.dat")).String()
+	dnsArgs.LocalSocks5Port = dns.Flag("socks-port", "local socks5 port").Short('s').Default("65501").String()
+
+	//########keygen#########
+	keygen := app.Command("keygen", "create certificate for proxy")
+	keygenArgs.CommonName = keygen.Flag("cn", "common name").Short('n').Default("").String()
+	keygenArgs.CaName = keygen.Flag("ca", "ca name").Short('C').Default("").String()
+	keygenArgs.CertName = keygen.Flag("cert", "cert name of sign to create").Short('c').Default("").String()
+	keygenArgs.SignDays = keygen.Flag("days", "days of sign").Short('d').Default("365").Int()
+	keygenArgs.Sign = keygen.Flag("sign", "cert is to signin").Short('s').Default("false").Bool()
 
 	//parse args
 	_args := strings.Fields(strings.Trim(serviceArgsStr, " "))
@@ -307,8 +416,9 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	muxBridgeArgs.KCP = kcpArgs
 	muxServerArgs.KCP = kcpArgs
 	muxClientArgs.KCP = kcpArgs
+	dnsArgs.KCP = kcpArgs
 
-	log := logger.New(os.Stderr, "", logger.Ldate|logger.Ltime)
+	log := logger.New(os.Stdout, "", logger.Ldate|logger.Ltime)
 	flags := logger.Ldate
 	if *debug {
 		flags |= logger.Lshortfile | logger.Lmicroseconds
@@ -317,38 +427,48 @@ func Start(serviceID, serviceArgsStr string) (errStr string) {
 	}
 	log.SetFlags(flags)
 
-	if *logfile != "" {
-		f, e := os.OpenFile(*logfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
-		if e != nil {
-			log.Fatal(e)
+	if loggerCallback == nil {
+		if *nolog {
+			log.SetOutput(ioutil.Discard)
+		} else if *logfile != "" {
+			f, e := os.OpenFile(*logfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
+			if e != nil {
+				log.Fatal(e)
+			}
+			log.SetOutput(f)
 		}
-		log.SetOutput(f)
+	} else {
+		log.SetOutput(&logWriter{
+			callback: loggerCallback,
+		})
 	}
 
 	//regist services and run service
 	switch serviceName {
 	case "http":
-		services.Regist(serviceID, services.NewHTTP(), httpArgs, log)
+		services.Regist(serviceID, httpx.NewHTTP(), httpArgs, log)
 	case "tcp":
-		services.Regist(serviceID, services.NewTCP(), tcpArgs, log)
+		services.Regist(serviceID, tcpx.NewTCP(), tcpArgs, log)
 	case "udp":
-		services.Regist(serviceID, services.NewUDP(), udpArgs, log)
+		services.Regist(serviceID, udpx.NewUDP(), udpArgs, log)
 	case "tserver":
-		services.Regist(serviceID, services.NewTunnelServerManager(), tunnelServerArgs, log)
+		services.Regist(serviceID, tunnelx.NewTunnelServerManager(), tunnelServerArgs, log)
 	case "tclient":
-		services.Regist(serviceID, services.NewTunnelClient(), tunnelClientArgs, log)
+		services.Regist(serviceID, tunnelx.NewTunnelClient(), tunnelClientArgs, log)
 	case "tbridge":
-		services.Regist(serviceID, services.NewTunnelBridge(), tunnelBridgeArgs, log)
+		services.Regist(serviceID, tunnelx.NewTunnelBridge(), tunnelBridgeArgs, log)
 	case "server":
-		services.Regist(serviceID, services.NewMuxServerManager(), muxServerArgs, log)
+		services.Regist(serviceID, mux.NewMuxServerManager(), muxServerArgs, log)
 	case "client":
-		services.Regist(serviceID, services.NewMuxClient(), muxClientArgs, log)
+		services.Regist(serviceID, mux.NewMuxClient(), muxClientArgs, log)
 	case "bridge":
-		services.Regist(serviceID, services.NewMuxBridge(), muxBridgeArgs, log)
+		services.Regist(serviceID, mux.NewMuxBridge(), muxBridgeArgs, log)
 	case "socks":
-		services.Regist(serviceID, services.NewSocks(), socksArgs, log)
+		services.Regist(serviceID, socksx.NewSocks(), socksArgs, log)
 	case "sps":
-		services.Regist(serviceID, services.NewSPS(), spsArgs, log)
+		services.Regist(serviceID, spsx.NewSPS(), spsArgs, log)
+	case "dns":
+		services.Regist(serviceID, NewDNS(), dnsArgs, log)
 	}
 	_, err = services.Run(serviceID, nil)
 	if err != nil {
@@ -364,3 +484,41 @@ func Stop(serviceID string) {
 func Version() string {
 	return SDK_VERSION
 }
+func StartProfiling(storePath string) {
+	profilingLock.Lock()
+	defer profilingLock.Unlock()
+	if !isProfiling {
+		isProfiling = true
+		if storePath == "" {
+			storePath = "."
+		}
+		cpuProfilingFile, _ = os.Create(filepath.Join(storePath, "cpu.prof"))
+		memProfilingFile, _ = os.Create(filepath.Join(storePath, "memory.prof"))
+		blockProfilingFile, _ = os.Create(filepath.Join(storePath, "block.prof"))
+		goroutineProfilingFile, _ = os.Create(filepath.Join(storePath, "goroutine.prof"))
+		threadcreateProfilingFile, _ = os.Create(filepath.Join(storePath, "threadcreate.prof"))
+		pprof.StartCPUProfile(cpuProfilingFile)
+	}
+}
+func StopProfiling() {
+	profilingLock.Lock()
+	defer profilingLock.Unlock()
+	if isProfiling {
+		isProfiling = false
+		pprof.StopCPUProfile()
+		goroutine := pprof.Lookup("goroutine")
+		goroutine.WriteTo(goroutineProfilingFile, 1)
+		heap := pprof.Lookup("heap")
+		heap.WriteTo(memProfilingFile, 1)
+		block := pprof.Lookup("block")
+		block.WriteTo(blockProfilingFile, 1)
+		threadcreate := pprof.Lookup("threadcreate")
+		threadcreate.WriteTo(threadcreateProfilingFile, 1)
+		//close
+		goroutineProfilingFile.Close()
+		memProfilingFile.Close()
+		blockProfilingFile.Close()
+		threadcreateProfilingFile.Close()
+	}
+
+}

sdk/windows-linux/release_linux.sh

@@ -1,21 +1,29 @@
 #/bin/bash
-VER="v4.8"
+VERSION=$(cat ../../VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X github.com/snail007/goproxy/sdk/android-ios.SDK_VERSION=$VER -X main.APP_VERSION=$VER"
+TRIMPATH1="/Users/snail/go/src/github.com/snail007"
+TRIMPATH=$(dirname ~/go/src/github.com/snail007)/snail007
+if [ -d "$TRIMPATH1" ];then
+	TRIMPATH=$TRIMPATH1
+fi
+OPTS="-gcflags=-trimpath=$TRIMPATH -asmflags=-trimpath=$TRIMPATH"
 
 rm -rf sdk-linux-*.tar.gz
 rm -rf README.md libproxy-sdk.so libproxy-sdk.h libproxy-sdk.a
 
 #linux 32bit
-CGO_ENABLED=1 GOARCH=386 GOOS=linux go build -buildmode=c-archive -ldflags "-s -w" -o libproxy-sdk.a sdk.go
-CGO_ENABLED=1 GOARCH=386 GOOS=linux go build -buildmode=c-shared -ldflags "-s -w" -o libproxy-sdk.so sdk.go
+CGO_ENABLED=1 GOARCH=386 GOOS=linux go build -buildmode=c-archive $OPTS -ldflags "-s -w $X" -o libproxy-sdk.a sdk.go
+CGO_ENABLED=1 GOARCH=386 GOOS=linux go build -buildmode=c-shared $OPTS -ldflags "-s -w $X" -o libproxy-sdk.so sdk.go
 cp ../README.md .
-tar zcf sdk-linux-32bit-${VER}.tar.gz README.md libproxy-sdk.so libproxy-sdk.a libproxy-sdk.h
+tar zcf sdk-linux-32bit-${VERSION}.tar.gz README.md libproxy-sdk.so libproxy-sdk.a libproxy-sdk.h
 rm -rf README.md libproxy-sdk.so libproxy-sdk.h libproxy-sdk.a
 
 #linux 64bit
-CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=c-archive -ldflags "-s -w" -o libproxy-sdk.a sdk.go
-CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=c-shared -ldflags "-s -w" -o libproxy-sdk.so sdk.go
+CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=c-archive $OPTS -ldflags "-s -w $X" -o libproxy-sdk.a sdk.go
+CGO_ENABLED=1 GOARCH=amd64 GOOS=linux go build -buildmode=c-shared $OPTS -ldflags "-s -w $X" -o libproxy-sdk.so sdk.go
 cp ../README.md .
-tar zcf sdk-linux-64bit-${VER}.tar.gz README.md libproxy-sdk.so libproxy-sdk.a libproxy-sdk.h
+tar zcf sdk-linux-64bit-${VERSION}.tar.gz README.md libproxy-sdk.so libproxy-sdk.a libproxy-sdk.h
 rm -rf README.md libproxy-sdk.so libproxy-sdk.h libproxy-sdk.a
 
 echo "done."

sdk/windows-linux/release_mac.sh

@@ -1,13 +1,21 @@
 #/bin/bash
-VER="v4.8"
+VERSION=$(cat ../../VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X github.com/snail007/goproxy/sdk/android-ios.SDK_VERSION=$VER -X main.APP_VERSION=$VER"
+TRIMPATH1="/Users/snail/go/src/github.com/snail007"
+TRIMPATH=$(dirname ~/go/src/github.com/snail007)/snail007
+if [ -d "$TRIMPATH1" ];then
+	TRIMPATH=$TRIMPATH1
+fi
+OPTS="-gcflags=-trimpath=$TRIMPATH -asmflags=-trimpath=$TRIMPATH"
 
 rm -rf *.tar.gz
 rm -rf README.md libproxy-sdk.dylib libproxy-sdk.h
 
 #mac  , macos required
-CGO_ENABLED=1 GOARCH=amd64 GOOS=darwin go build -buildmode=c-shared -ldflags "-s -w" -o libproxy-sdk.dylib sdk.go
+CGO_ENABLED=1 GOARCH=amd64 GOOS=darwin go build -buildmode=c-shared $OPTS -ldflags "-s -w $X" -o libproxy-sdk.dylib sdk.go
 cp ../README.md .
-tar zcf sdk-mac-${VER}.tar.gz README.md libproxy-sdk.dylib libproxy-sdk.h
+tar zcf sdk-mac-${VERSION}.tar.gz README.md libproxy-sdk.dylib libproxy-sdk.h
 rm -rf README.md libproxy-sdk.dylib libproxy-sdk.h
 
 echo "done."

sdk/windows-linux/release_windows.sh

@@ -1,8 +1,16 @@
 #/bin/bash
-VER="v4.8"
+VERSION=$(cat ../../VERSION)
+VER="${VERSION}_$(date '+%Y%m%d%H%M%S')"
+X="-X github.com/snail007/goproxy/sdk/android-ios.SDK_VERSION=$VER -X main.APP_VERSION=$VER"
+TRIMPATH1="/Users/snail/go/src/github.com/snail007"
+TRIMPATH=$(dirname ~/go/src/github.com/snail007)/snail007
+if [ -d "$TRIMPATH1" ];then
+	TRIMPATH=$TRIMPATH1
+fi
+OPTS="-gcflags=-trimpath=$TRIMPATH -asmflags=-trimpath=$TRIMPATH"
 
-sudo rm /usr/local/go
-sudo ln -s /usr/local/go1.10.1 /usr/local/go
+#sudo rm /usr/local/go
+#sudo ln -s /usr/local/go1.10.1 /usr/local/go
 rm -rf sdk-windows-*.tar.gz
 rm -rf README.md proxy-sdk.h proxy-sdk.dll
 
@@ -11,18 +19,18 @@ rm -rf README.md proxy-sdk.h proxy-sdk.dll
 #apt-get install gcc-mingw-w64
 
 #windows 64bit
-CC=x86_64-w64-mingw32-gcc GOARCH=amd64 CGO_ENABLED=1 GOOS=windows go build -buildmode=c-shared -ldflags "-s -w" -o proxy-sdk.dll sdk.go
+CC=x86_64-w64-mingw32-gcc GOARCH=amd64 CGO_ENABLED=1 GOOS=windows go build $OPTS -buildmode=c-shared -ldflags "-s -w $X" -o proxy-sdk.dll sdk.go
 cp ../README.md .
-tar zcf sdk-windows-64bit-${VER}.tar.gz README.md proxy-sdk.dll proxy-sdk.h ieshims.dll
+tar zcf sdk-windows-64bit-${VERSION}.tar.gz README.md proxy-sdk.dll proxy-sdk.h ieshims.dll
 rm -rf README.md proxy-sdk.h proxy-sdk.dll
 
 #windows 32bit
-CC=i686-w64-mingw32-gcc-win32 GOARCH=386 CGO_ENABLED=1 GOOS=windows go build -buildmode=c-shared -ldflags "-s -w" -o proxy-sdk.dll sdk.go
+CC=i686-w64-mingw32-gcc-win32 GOARCH=386 CGO_ENABLED=1 GOOS=windows go build $OPTS -buildmode=c-shared -ldflags "-s -w $X" -o proxy-sdk.dll sdk.go
 cp ../README.md .
-tar zcf sdk-windows-32bit-${VER}.tar.gz README.md proxy-sdk.dll proxy-sdk.h ieshims.dll
+tar zcf sdk-windows-32bit-${VERSION}.tar.gz README.md proxy-sdk.dll proxy-sdk.h ieshims.dll
 rm -rf README.md proxy-sdk.h proxy-sdk.dll
 
-sudo rm /usr/local/go
-sudo ln -s /usr/local/go1.8.5 /usr/local/go
+#sudo rm /usr/local/go
+#sudo ln -s /usr/local/go1.8.5 /usr/local/go
 
 echo "done."

sdk/windows-linux/sdk.go

@@ -21,5 +21,15 @@ func Version() (ver *C.char) {
 	return C.CString(sdk.Version())
 }
 
+//export StartProfiling
+func StartProfiling(storePath *C.char) {
+	sdk.StartProfiling(C.GoString(storePath))
+}
+
+//export StopProfiling
+func StopProfiling() {
+	sdk.StopProfiling()
+}
+
 func main() {
 }

services/args.go

@@ -1,260 +0,0 @@
-package services
-
-import (
-	"github.com/snail007/goproxy/services/kcpcfg"
-
-	"golang.org/x/crypto/ssh"
-)
-
-// tcp := app.Command("tcp", "proxy on tcp mode")
-// t := tcp.Flag("tcp-timeout", "tcp timeout milliseconds when connect to real server or parent proxy").Default("2000").Int()
-
-const (
-	TYPE_TCP             = "tcp"
-	TYPE_UDP             = "udp"
-	TYPE_HTTP            = "http"
-	TYPE_TLS             = "tls"
-	TYPE_KCP             = "kcp"
-	CONN_CLIENT_CONTROL  = uint8(1)
-	CONN_CLIENT_HEARBEAT = uint8(2)
-	CONN_SERVER_HEARBEAT = uint8(3)
-	CONN_SERVER          = uint8(4)
-	CONN_CLIENT          = uint8(5)
-	CONN_SERVER_MUX      = uint8(6)
-	CONN_CLIENT_MUX      = uint8(7)
-)
-
-type MuxServerArgs struct {
-	Parent       *string
-	ParentType   *string
-	CertFile     *string
-	KeyFile      *string
-	CertBytes    []byte
-	KeyBytes     []byte
-	Local        *string
-	IsUDP        *bool
-	Key          *string
-	Remote       *string
-	Timeout      *int
-	Route        *[]string
-	Mgr          *MuxServerManager
-	IsCompress   *bool
-	SessionCount *int
-	KCP          kcpcfg.KCPConfigArgs
-}
-type MuxClientArgs struct {
-	Parent       *string
-	ParentType   *string
-	CertFile     *string
-	KeyFile      *string
-	CertBytes    []byte
-	KeyBytes     []byte
-	Key          *string
-	Timeout      *int
-	IsCompress   *bool
-	SessionCount *int
-	KCP          kcpcfg.KCPConfigArgs
-}
-type MuxBridgeArgs struct {
-	CertFile   *string
-	KeyFile    *string
-	CertBytes  []byte
-	KeyBytes   []byte
-	Local      *string
-	LocalType  *string
-	Timeout    *int
-	IsCompress *bool
-	KCP        kcpcfg.KCPConfigArgs
-}
-type TunnelServerArgs struct {
-	Parent    *string
-	CertFile  *string
-	KeyFile   *string
-	CertBytes []byte
-	KeyBytes  []byte
-	Local     *string
-	IsUDP     *bool
-	Key       *string
-	Remote    *string
-	Timeout   *int
-	Route     *[]string
-	Mgr       *TunnelServerManager
-	Mux       *bool
-}
-type TunnelClientArgs struct {
-	Parent    *string
-	CertFile  *string
-	KeyFile   *string
-	CertBytes []byte
-	KeyBytes  []byte
-	Key       *string
-	Timeout   *int
-	Mux       *bool
-}
-type TunnelBridgeArgs struct {
-	Parent    *string
-	CertFile  *string
-	KeyFile   *string
-	CertBytes []byte
-	KeyBytes  []byte
-	Local     *string
-	Timeout   *int
-	Mux       *bool
-}
-type TCPArgs struct {
-	Parent              *string
-	CertFile            *string
-	KeyFile             *string
-	CertBytes           []byte
-	KeyBytes            []byte
-	Local               *string
-	ParentType          *string
-	LocalType           *string
-	Timeout             *int
-	CheckParentInterval *int
-	KCP                 kcpcfg.KCPConfigArgs
-}
-
-type HTTPArgs struct {
-	Parent              *string
-	CertFile            *string
-	KeyFile             *string
-	CaCertFile          *string
-	CaCertBytes         []byte
-	CertBytes           []byte
-	KeyBytes            []byte
-	Local               *string
-	Always              *bool
-	HTTPTimeout         *int
-	Interval            *int
-	Blocked             *string
-	Direct              *string
-	AuthFile            *string
-	Auth                *[]string
-	AuthURL             *string
-	AuthURLOkCode       *int
-	AuthURLTimeout      *int
-	AuthURLRetry        *int
-	ParentType          *string
-	LocalType           *string
-	Timeout             *int
-	CheckParentInterval *int
-	SSHKeyFile          *string
-	SSHKeyFileSalt      *string
-	SSHPassword         *string
-	SSHUser             *string
-	SSHKeyBytes         []byte
-	SSHAuthMethod       ssh.AuthMethod
-	KCP                 kcpcfg.KCPConfigArgs
-	LocalIPS            *[]string
-	DNSAddress          *string
-	DNSTTL              *int
-	LocalKey            *string
-	ParentKey           *string
-	LocalCompress       *bool
-	ParentCompress      *bool
-}
-type UDPArgs struct {
-	Parent              *string
-	CertFile            *string
-	KeyFile             *string
-	CertBytes           []byte
-	KeyBytes            []byte
-	Local               *string
-	ParentType          *string
-	Timeout             *int
-	CheckParentInterval *int
-}
-type SocksArgs struct {
-	Parent         *string
-	ParentType     *string
-	Local          *string
-	LocalType      *string
-	CertFile       *string
-	KeyFile        *string
-	CaCertFile     *string
-	CaCertBytes    []byte
-	CertBytes      []byte
-	KeyBytes       []byte
-	SSHKeyFile     *string
-	SSHKeyFileSalt *string
-	SSHPassword    *string
-	SSHUser        *string
-	SSHKeyBytes    []byte
-	SSHAuthMethod  ssh.AuthMethod
-	Timeout        *int
-	Always         *bool
-	Interval       *int
-	Blocked        *string
-	Direct         *string
-	AuthFile       *string
-	Auth           *[]string
-	AuthURL        *string
-	AuthURLOkCode  *int
-	AuthURLTimeout *int
-	AuthURLRetry   *int
-	KCP            kcpcfg.KCPConfigArgs
-	UDPParent      *string
-	UDPLocal       *string
-	LocalIPS       *[]string
-	DNSAddress     *string
-	DNSTTL         *int
-	LocalKey       *string
-	ParentKey      *string
-	LocalCompress  *bool
-	ParentCompress *bool
-}
-type SPSArgs struct {
-	Parent            *string
-	CertFile          *string
-	KeyFile           *string
-	CaCertFile        *string
-	CaCertBytes       []byte
-	CertBytes         []byte
-	KeyBytes          []byte
-	Local             *string
-	ParentType        *string
-	LocalType         *string
-	Timeout           *int
-	KCP               kcpcfg.KCPConfigArgs
-	ParentServiceType *string
-	DNSAddress        *string
-	DNSTTL            *int
-	AuthFile          *string
-	Auth              *[]string
-	AuthURL           *string
-	AuthURLOkCode     *int
-	AuthURLTimeout    *int
-	AuthURLRetry      *int
-	LocalIPS          *[]string
-	ParentAuth        *string
-	LocalKey          *string
-	ParentKey         *string
-	LocalCompress     *bool
-	ParentCompress    *bool
-	DisableHTTP       *bool
-	DisableSocks5     *bool
-}
-
-func (a *SPSArgs) Protocol() string {
-	switch *a.LocalType {
-	case TYPE_TLS:
-		return TYPE_TLS
-	case TYPE_TCP:
-		return TYPE_TCP
-	case TYPE_KCP:
-		return TYPE_KCP
-	}
-	return "unknown"
-}
-func (a *TCPArgs) Protocol() string {
-	switch *a.LocalType {
-	case TYPE_TLS:
-		return TYPE_TLS
-	case TYPE_TCP:
-		return TYPE_TCP
-	case TYPE_KCP:
-		return TYPE_KCP
-	}
-	return "unknown"
-}

services/http/http.go

@@ -1,6 +1,7 @@
-package services
+package http
 
 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -11,40 +12,105 @@ import (
 	"strings"
 	"time"
 
+	server "github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils/datasize"
+	"github.com/snail007/goproxy/utils/dnsx"
+	"github.com/snail007/goproxy/utils/iolimiter"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/lb"
+	"github.com/snail007/goproxy/utils/mapx"
+
 	"github.com/snail007/goproxy/utils"
 	"github.com/snail007/goproxy/utils/conncrypt"
 
 	"golang.org/x/crypto/ssh"
 )
 
+type HTTPArgs struct {
+	Parent                *[]string
+	CertFile              *string
+	KeyFile               *string
+	CaCertFile            *string
+	CaCertBytes           []byte
+	CertBytes             []byte
+	KeyBytes              []byte
+	Local                 *string
+	Always                *bool
+	HTTPTimeout           *int
+	Interval              *int
+	Blocked               *string
+	Direct                *string
+	AuthFile              *string
+	Auth                  *[]string
+	AuthURL               *string
+	AuthURLOkCode         *int
+	AuthURLTimeout        *int
+	AuthURLRetry          *int
+	ParentType            *string
+	LocalType             *string
+	Timeout               *int
+	CheckParentInterval   *int
+	SSHKeyFile            *string
+	SSHKeyFileSalt        *string
+	SSHPassword           *string
+	SSHUser               *string
+	SSHKeyBytes           []byte
+	SSHAuthMethod         ssh.AuthMethod
+	KCP                   kcpcfg.KCPConfigArgs
+	LocalIPS              *[]string
+	DNSAddress            *string
+	DNSTTL                *int
+	LocalKey              *string
+	ParentKey             *string
+	LocalCompress         *bool
+	ParentCompress        *bool
+	Intelligent           *string
+	LoadBalanceMethod     *string
+	LoadBalanceTimeout    *int
+	LoadBalanceRetryTime  *int
+	LoadBalanceHashTarget *bool
+	LoadBalanceOnlyHA     *bool
+
+	RateLimit      *string
+	RateLimitBytes float64
+	BindListen     *bool
+	Debug          *bool
+	Jumper         *string
+}
 type HTTP struct {
-	outPool        utils.OutConn
 	cfg            HTTPArgs
 	checker        utils.Checker
 	basicAuth      utils.BasicAuth
 	sshClient      *ssh.Client
 	lockChn        chan bool
-	domainResolver utils.DomainResolver
+	domainResolver dnsx.DomainResolver
 	isStop         bool
-	serverChannels []*utils.ServerChannel
-	userConns      utils.ConcurrentMap
+	serverChannels []*server.ServerChannel
+	userConns      mapx.ConcurrentMap
 	log            *logger.Logger
+	lb             *lb.Group
+	jumper         *jumper.Jumper
 }
 
-func NewHTTP() Service {
+func NewHTTP() services.Service {
 	return &HTTP{
-		outPool:        utils.OutConn{},
 		cfg:            HTTPArgs{},
 		checker:        utils.Checker{},
 		basicAuth:      utils.BasicAuth{},
 		lockChn:        make(chan bool, 1),
 		isStop:         false,
-		serverChannels: []*utils.ServerChannel{},
-		userConns:      utils.NewConcurrentMap(),
+		serverChannels: []*server.ServerChannel{},
+		userConns:      mapx.NewConcurrentMap(),
 	}
 }
 func (s *HTTP) CheckArgs() (err error) {
-	if *s.cfg.Parent != "" && *s.cfg.ParentType == "" {
+
+	if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+		(*s.cfg.Parent) = []string{}
+	}
+	if len(*s.cfg.Parent) > 0 && *s.cfg.ParentType == "" {
 		err = fmt.Errorf("parent type unkown,use -T <tls|tcp|ssh|kcp>")
 		return
 	}
@@ -92,15 +158,39 @@ func (s *HTTP) CheckArgs() (err error) {
 			s.cfg.SSHAuthMethod = ssh.PublicKeys(SSHSigner)
 		}
 	}
+	if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+		var size uint64
+		size, err = datasize.Parse(*s.cfg.RateLimit)
+		if err != nil {
+			err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+			return
+		}
+		s.cfg.RateLimitBytes = float64(size)
+	}
+	if *s.cfg.Jumper != "" {
+		if *s.cfg.ParentType != "tls" && *s.cfg.ParentType != "tcp" {
+			err = fmt.Errorf("jumper only worked of -T is tls or tcp")
+			return
+		}
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
 	return
 }
 func (s *HTTP) InitService() (err error) {
 	s.InitBasicAuth()
-	if *s.cfg.Parent != "" {
-		s.checker = utils.NewChecker(*s.cfg.HTTPTimeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log)
+	//init lb
+	if len(*s.cfg.Parent) > 0 {
+		s.checker = utils.NewChecker(*s.cfg.HTTPTimeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log, *s.cfg.Intelligent)
+		s.InitLB()
 	}
 	if *s.cfg.DNSAddress != "" {
-		(*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+		s.domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
 	}
 	if *s.cfg.ParentType == "ssh" {
 		err = s.ConnectSSH()
@@ -109,13 +199,18 @@ func (s *HTTP) InitService() (err error) {
 			return
 		}
 		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
 			//循环检查ssh网络连通性
 			for {
 				if s.isStop {
 					return
 				}
-				conn, err := utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout*2)
-				if err == nil {
+				conn, err := utils.ConnectHost(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), *s.cfg.Timeout*2)
+				if err == nil && conn != nil {
 					conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
 					_, err = conn.Write([]byte{0})
 					conn.SetDeadline(time.Time{})
@@ -144,11 +239,25 @@ func (s *HTTP) StopService() {
 		if e != nil {
 			s.log.Printf("stop http(s) service crashed,%s", e)
 		} else {
-			s.log.Printf("service http(s) stoped")
+			s.log.Printf("service http(s) stopped")
 		}
+		s.basicAuth = utils.BasicAuth{}
+		s.cfg = HTTPArgs{}
+		s.checker = utils.Checker{}
+		s.domainResolver = dnsx.DomainResolver{}
+		s.lb = nil
+		s.lockChn = nil
+		s.log = nil
+		s.jumper = nil
+		s.serverChannels = nil
+		s.sshClient = nil
+		s.userConns = nil
+		s = nil
 	}()
 	s.isStop = true
-	s.checker.Stop()
+	if len(*s.cfg.Parent) > 0 {
+		s.checker.Stop()
+	}
 	if s.sshClient != nil {
 		s.sshClient.Close()
 	}
@@ -160,6 +269,9 @@ func (s *HTTP) StopService() {
 			(*sc.UDPListener).Close()
 		}
 	}
+	if s.lb != nil {
+		s.lb.Stop()
+	}
 }
 func (s *HTTP) Start(args interface{}, log *logger.Logger) (err error) {
 	s.log = log
@@ -172,21 +284,20 @@ func (s *HTTP) Start(args interface{}, log *logger.Logger) (err error) {
 		return
 	}
 
-	if *s.cfg.Parent != "" {
-		s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
-		s.InitOutConnPool()
+	if len(*s.cfg.Parent) > 0 {
+		s.log.Printf("use %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
 	}
 
 	for _, addr := range strings.Split(*s.cfg.Local, ",") {
 		if addr != "" {
 			host, port, _ := net.SplitHostPort(addr)
 			p, _ := strconv.Atoi(port)
-			sc := utils.NewServerChannel(host, p, s.log)
-			if *s.cfg.LocalType == TYPE_TCP {
+			sc := server.NewServerChannel(host, p, s.log)
+			if *s.cfg.LocalType == "tcp" {
 				err = sc.ListenTCP(s.callback)
-			} else if *s.cfg.LocalType == TYPE_TLS {
-				err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.callback)
-			} else if *s.cfg.LocalType == TYPE_KCP {
+			} else if *s.cfg.LocalType == "tls" {
+				err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.callback)
+			} else if *s.cfg.LocalType == "kcp" {
 				err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
 			}
 			if err != nil {
@@ -229,34 +340,35 @@ func (s *HTTP) callback(inConn net.Conn) {
 	address := req.Host
 	host, _, _ := net.SplitHostPort(address)
 	useProxy := false
-	if !utils.IsIternalIP(host) {
+	if !utils.IsInternalIP(host, *s.cfg.Always) {
 		useProxy = true
-		if *s.cfg.Parent == "" {
+		if len(*s.cfg.Parent) == 0 {
 			useProxy = false
 		} else if *s.cfg.Always {
 			useProxy = true
 		} else {
-			k := s.Resolve(address)
-			s.checker.Add(k)
-			//var n, m uint
-			useProxy, _, _ = s.checker.IsBlocked(k)
+			var isInMap bool
+			useProxy, isInMap, _, _ = s.checker.IsBlocked(address)
+			if !isInMap {
+				s.checker.Add(address, s.Resolve(address))
+			}
 			//s.log.Printf("blocked ? : %v, %s , fail:%d ,success:%d", useProxy, address, n, m)
 		}
 	}
 
 	s.log.Printf("use proxy : %v, %s", useProxy, address)
 
-	err = s.OutToTCP(useProxy, address, &inConn, &req)
+	lbAddr, err := s.OutToTCP(useProxy, address, &inConn, &req)
 	if err != nil {
-		if *s.cfg.Parent == "" {
+		if len(*s.cfg.Parent) == 0 {
 			s.log.Printf("connect to %s fail, ERR:%s", address, err)
 		} else {
-			s.log.Printf("connect to %s parent %s fail", *s.cfg.ParentType, *s.cfg.Parent)
+			s.log.Printf("connect to %s parent %v fail", *s.cfg.ParentType, lbAddr)
 		}
 		utils.CloseConn(&inConn)
 	}
 }
-func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *utils.HTTPRequest) (err interface{}) {
+func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *utils.HTTPRequest) (lbAddr string, err interface{}) {
 	inAddr := (*inConn).RemoteAddr().String()
 	inLocalAddr := (*inConn).LocalAddr().String()
 	//防止死循环
@@ -273,32 +385,38 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
 			return
 		}
 		if useProxy {
+			// s.log.Printf("%v", s.outPool)
 			if *s.cfg.ParentType == "ssh" {
 				outConn, err = s.getSSHConn(address)
 			} else {
-				// s.log.Printf("%v", s.outPool)
-				outConn, err = s.outPool.Get()
+				selectAddr := (*inConn).RemoteAddr().String()
+				if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+					selectAddr = address
+				}
+				lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+				outConn, err = s.GetParentConn(lbAddr)
 			}
+
 		} else {
-			outConn, err = utils.ConnectHost(s.Resolve(address), *s.cfg.Timeout)
+			outConn, err = s.GetDirectConn(s.Resolve(address), inLocalAddr)
 		}
 		tryCount++
 		if err == nil || tryCount > maxTryCount {
 			break
 		} else {
-			s.log.Printf("connect to %s , err:%s,retrying...", *s.cfg.Parent, err)
+			s.log.Printf("connect to %s , err:%s,retrying...", lbAddr, err)
 			time.Sleep(time.Second * 2)
 		}
 	}
 	if err != nil {
-		s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
+		s.log.Printf("connect to %s , err:%s", lbAddr, err)
 		utils.CloseConn(inConn)
 		return
 	}
 	if *s.cfg.ParentCompress {
 		outConn = utils.NewCompConn(outConn)
 	}
-	if *s.cfg.ParentKey != "" {
+	if useProxy && *s.cfg.ParentKey != "" {
 		outConn = conncrypt.New(outConn, &conncrypt.Config{
 			Password: *s.cfg.ParentKey,
 		})
@@ -312,29 +430,39 @@ func (s *HTTP) OutToTCP(useProxy bool, address string, inConn *net.Conn, req *ut
 	} else {
 		//https或者http,上级是代理,proxy需要转发
 		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		//直连目标或上级非代理,清理HTTP头部的代理头信息
-		if !useProxy || *s.cfg.ParentType == "ssh" {
+		//直连目标或上级非代理或非SNI,,清理HTTP头部的代理头信息
+		if (!useProxy || *s.cfg.ParentType == "ssh") && !req.IsSNI {
 			_, err = outConn.Write(utils.RemoveProxyHeaders(req.HeadBuf))
 		} else {
 			_, err = outConn.Write(req.HeadBuf)
 		}
 		outConn.SetDeadline(time.Time{})
 		if err != nil {
-			s.log.Printf("write to %s , err:%s", *s.cfg.Parent, err)
+			s.log.Printf("write to %s , err:%s", lbAddr, err)
 			utils.CloseConn(inConn)
 			return
 		}
 	}
 
+	if s.cfg.RateLimitBytes > 0 {
+		outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+	}
+
 	utils.IoBind((*inConn), outConn, func(err interface{}) {
 		s.log.Printf("conn %s - %s released [%s]", inAddr, outAddr, req.Host)
 		s.userConns.Remove(inAddr)
+		if len(*s.cfg.Parent) > 0 {
+			s.lb.DecreaseConns(lbAddr)
+		}
 	}, s.log)
 	s.log.Printf("conn %s - %s connected [%s]", inAddr, outAddr, req.Host)
 	if c, ok := s.userConns.Get(inAddr); ok {
 		(*c.(*net.Conn)).Close()
 	}
 	s.userConns.Set(inAddr, inConn)
+	if len(*s.cfg.Parent) > 0 {
+		s.lb.IncreasConns(lbAddr)
+	}
 	return
 }
 
@@ -391,24 +519,14 @@ func (s *HTTP) ConnectSSH() (err error) {
 	if s.sshClient != nil {
 		s.sshClient.Close()
 	}
-	s.sshClient, err = ssh.Dial("tcp", s.Resolve(*s.cfg.Parent), &config)
+	s.sshClient, err = ssh.Dial("tcp", s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), &config)
+	if err != nil {
+		s.log.Printf("connect to ssh %s fail", s.cfg.Parent)
+	}
 	<-s.lockChn
 	return
 }
-func (s *HTTP) InitOutConnPool() {
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.ParentType == TYPE_TCP || *s.cfg.ParentType == TYPE_KCP {
-		//dur int, isTLS bool, certBytes, keyBytes []byte,
-		//parent string, timeout int, InitialCap int, MaxCap int
-		s.outPool = utils.NewOutConn(
-			*s.cfg.CheckParentInterval,
-			*s.cfg.ParentType,
-			s.cfg.KCP,
-			s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes,
-			s.Resolve(*s.cfg.Parent),
-			*s.cfg.Timeout,
-		)
-	}
-}
+
 func (s *HTTP) InitBasicAuth() (err error) {
 	if *s.cfg.DNSAddress != "" {
 		s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
@@ -434,6 +552,27 @@ func (s *HTTP) InitBasicAuth() (err error) {
 	}
 	return
 }
+func (s *HTTP) InitLB() {
+	configs := lb.BackendsConfig{}
+	for _, addr := range *s.cfg.Parent {
+		_addrInfo := strings.Split(addr, "@")
+		_addr := _addrInfo[0]
+		weight := 1
+		if len(_addrInfo) == 2 {
+			weight, _ = strconv.Atoi(_addrInfo[1])
+		}
+		configs = append(configs, &lb.BackendConfig{
+			Address:       _addr,
+			Weight:        weight,
+			ActiveAfter:   1,
+			InactiveAfter: 2,
+			Timeout:       time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+			RetryTime:     time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+		})
+	}
+	LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+	s.lb = &LB
+}
 func (s *HTTP) IsBasicAuth() bool {
 	return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
 }
@@ -451,7 +590,7 @@ func (s *HTTP) IsDeadLoop(inLocalAddr string, host string) bool {
 		if *s.cfg.DNSAddress != "" {
 			outIPs = []net.IP{net.ParseIP(s.Resolve(outDomain))}
 		} else {
-			outIPs, err = net.LookupIP(outDomain)
+			outIPs, err = utils.LookupIP(outDomain)
 		}
 		if err == nil {
 			for _, ip := range outIPs {
@@ -483,6 +622,60 @@ func (s *HTTP) Resolve(address string) string {
 	ip, err := s.domainResolver.Resolve(address)
 	if err != nil {
 		s.log.Printf("dns error %s , ERR:%s", address, err)
+		return address
 	}
 	return ip
 }
+func (s *HTTP) GetParentConn(address string) (conn net.Conn, err error) {
+	if *s.cfg.ParentType == "tls" {
+		if s.jumper == nil {
+			var _conn tls.Conn
+			_conn, err = utils.TlsConnectHost(address, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+			if err == nil {
+				conn = net.Conn(&_conn)
+			}
+		} else {
+			conf, err := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+			if err != nil {
+				return nil, err
+			}
+			var _c net.Conn
+			_c, err = s.jumper.Dial(address, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn = net.Conn(tls.Client(_c, conf))
+			}
+		}
+
+	} else if *s.cfg.ParentType == "kcp" {
+		conn, err = utils.ConnectKCPHost(address, s.cfg.KCP)
+	} else if *s.cfg.ParentType == "ssh" {
+		var e interface{}
+		conn, e = s.getSSHConn(address)
+		if e != nil {
+			err = fmt.Errorf("%s", e)
+		}
+	} else {
+		if s.jumper == nil {
+			conn, err = utils.ConnectHost(address, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(address, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		}
+	}
+	return
+}
+func (s *HTTP) GetDirectConn(address string, localAddr string) (conn net.Conn, err error) {
+	if !*s.cfg.BindListen {
+		return utils.ConnectHost(address, *s.cfg.Timeout)
+	}
+	ip, _, _ := net.SplitHostPort(localAddr)
+	if utils.IsInternalIP(ip, false) {
+		return utils.ConnectHost(address, *s.cfg.Timeout)
+	}
+	local, _ := net.ResolveTCPAddr("tcp", ip+":0")
+	d := net.Dialer{
+		Timeout:   time.Millisecond * time.Duration(*s.cfg.Timeout),
+		LocalAddr: local,
+	}
+	conn, err = d.Dial("tcp", address)
+	return
+}

services/keygen/keygen.go

@@ -0,0 +1,71 @@
+package keygen
+
+import (
+	"fmt"
+	logger "log"
+	"os"
+	"strings"
+
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/cert"
+)
+
+type KeygenArgs struct {
+	CaName     *string
+	CertName   *string
+	Sign       *bool
+	SignDays   *int
+	CommonName *string
+}
+
+type Keygen struct {
+	cfg KeygenArgs
+	log *logger.Logger
+}
+
+func NewKeygen() services.Service {
+	return &Keygen{}
+}
+func (s *Keygen) CheckArgs() (err error) {
+	if *s.cfg.Sign && (*s.cfg.CertName == "" || *s.cfg.CaName == "") {
+		err = fmt.Errorf("ca name and cert name required for signin")
+		return
+	}
+	if !*s.cfg.Sign && *s.cfg.CaName == "" {
+		err = fmt.Errorf("ca name required")
+		return
+	}
+	if *s.cfg.CommonName == "" {
+		domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"}
+		CN := strings.ToLower(utils.RandString(int(utils.RandInt(4)%10)) + domainSubfixList[int(utils.RandInt(4))%len(domainSubfixList)])
+		*s.cfg.CommonName = CN
+	}
+	return
+}
+func (s *Keygen) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(KeygenArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if *s.cfg.Sign {
+		caCert, caKey, err := cert.ParseCertAndKey(*s.cfg.CaName+".crt", *s.cfg.CaName+".key")
+		if err != nil {
+			return err
+		}
+		err = cert.CreateSignCertToFile(caCert, caKey, *s.cfg.CommonName, *s.cfg.SignDays, *s.cfg.CertName)
+	} else {
+		err = cert.CreateCaToFile(*s.cfg.CaName, *s.cfg.CommonName, *s.cfg.SignDays)
+	}
+	if err != nil {
+		return
+	}
+	s.log.Println("success")
+	os.Exit(0)
+	return
+}
+
+func (s *Keygen) Clean() {
+
+}

services/mux/mux_bridge.go

@@ -1,4 +1,4 @@
-package services
+package mux
 
 import (
 	"bufio"
@@ -7,32 +7,51 @@ import (
 	logger "log"
 	"math/rand"
 	"net"
-	"strconv"
+	"runtime/debug"
 	"strings"
 	"sync"
 	"time"
 
+	srvtransport "github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/services"
 	"github.com/snail007/goproxy/utils"
-
-	"github.com/xtaci/smux"
+	"github.com/snail007/goproxy/utils/mapx"
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
 )
 
+type MuxBridgeArgs struct {
+	CertFile     *string
+	KeyFile      *string
+	CertBytes    []byte
+	KeyBytes     []byte
+	Local        *string
+	LocalType    *string
+	Timeout      *int
+	IsCompress   *bool
+	KCP          kcpcfg.KCPConfigArgs
+	TCPSMethod   *string
+	TCPSPassword *string
+	TOUMethod    *string
+	TOUPassword  *string
+}
 type MuxBridge struct {
 	cfg                MuxBridgeArgs
-	clientControlConns utils.ConcurrentMap
-	serverConns        utils.ConcurrentMap
+	clientControlConns mapx.ConcurrentMap
+	serverConns        mapx.ConcurrentMap
 	router             utils.ClientKeyRouter
 	l                  *sync.Mutex
 	isStop             bool
-	sc                 *utils.ServerChannel
+	sc                 *srvtransport.ServerChannel
 	log                *logger.Logger
 }
 
-func NewMuxBridge() Service {
+func NewMuxBridge() services.Service {
 	b := &MuxBridge{
 		cfg:                MuxBridgeArgs{},
-		clientControlConns: utils.NewConcurrentMap(),
-		serverConns:        utils.NewConcurrentMap(),
+		clientControlConns: mapx.NewConcurrentMap(),
+		serverConns:        mapx.NewConcurrentMap(),
 		l:                  &sync.Mutex{},
 		isStop:             false,
 	}
@@ -48,7 +67,7 @@ func (s *MuxBridge) CheckArgs() (err error) {
 		err = fmt.Errorf("cert and key file required")
 		return
 	}
-	if *s.cfg.LocalType == TYPE_TLS {
+	if *s.cfg.LocalType == "tls" {
 		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
 		if err != nil {
 			return
@@ -62,15 +81,23 @@ func (s *MuxBridge) StopService() {
 		if e != nil {
 			s.log.Printf("stop bridge service crashed,%s", e)
 		} else {
-			s.log.Printf("service bridge stoped")
+			s.log.Printf("service bridge stopped")
 		}
+		s.cfg = MuxBridgeArgs{}
+		s.clientControlConns = nil
+		s.l = nil
+		s.log = nil
+		s.router = utils.ClientKeyRouter{}
+		s.sc = nil
+		s.serverConns = nil
+		s = nil
 	}()
 	s.isStop = true
 	if s.sc != nil && (*s.sc).Listener != nil {
 		(*(*s.sc).Listener).Close()
 	}
 	for _, g := range s.clientControlConns.Items() {
-		for _, session := range g.(utils.ConcurrentMap).Items() {
+		for _, session := range g.(*mapx.ConcurrentMap).Items() {
 			(session.(*smux.Session)).Close()
 		}
 	}
@@ -88,21 +115,27 @@ func (s *MuxBridge) Start(args interface{}, log *logger.Logger) (err error) {
 		return
 	}
 
-	host, port, _ := net.SplitHostPort(*s.cfg.Local)
-	p, _ := strconv.Atoi(port)
-	sc := utils.NewServerChannel(host, p, s.log)
-	if *s.cfg.LocalType == TYPE_TCP {
+	sc := srvtransport.NewServerChannelHost(*s.cfg.Local, s.log)
+	if *s.cfg.LocalType == "tcp" {
 		err = sc.ListenTCP(s.handler)
-	} else if *s.cfg.LocalType == TYPE_TLS {
-		err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.handler)
-	} else if *s.cfg.LocalType == TYPE_KCP {
+	} else if *s.cfg.LocalType == "tls" {
+		err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.handler)
+	} else if *s.cfg.LocalType == "kcp" {
 		err = sc.ListenKCP(s.cfg.KCP, s.handler, s.log)
+	} else if *s.cfg.LocalType == "tcps" {
+		err = sc.ListenTCPS(*s.cfg.TCPSMethod, *s.cfg.TCPSPassword, false, s.handler)
+	} else if *s.cfg.LocalType == "tou" {
+		err = sc.ListenTOU(*s.cfg.TOUMethod, *s.cfg.TOUPassword, false, s.handler)
 	}
 	if err != nil {
 		return
 	}
 	s.sc = &sc
-	s.log.Printf("%s bridge on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
+	if *s.cfg.LocalType == "tou" {
+		s.log.Printf("%s bridge on %s", *s.cfg.LocalType, sc.UDPListener.LocalAddr())
+	} else {
+		s.log.Printf("%s bridge on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
+	}
 	return
 }
 func (s *MuxBridge) Clean() {
@@ -182,18 +215,27 @@ func (s *MuxBridge) handler(inConn net.Conn) {
 		index := keyInfo[1]
 		s.l.Lock()
 		defer s.l.Unlock()
+		var group *mapx.ConcurrentMap
 		if !s.clientControlConns.Has(groupKey) {
-			item := utils.NewConcurrentMap()
-			s.clientControlConns.Set(groupKey, &item)
+			_g := mapx.NewConcurrentMap()
+			group = &_g
+			s.clientControlConns.Set(groupKey, group)
+			//s.log.Printf("init client session group %s", groupKey)
+		} else {
+			_group, _ := s.clientControlConns.Get(groupKey)
+			group = _group.(*mapx.ConcurrentMap)
 		}
-		_group, _ := s.clientControlConns.Get(groupKey)
-		group := _group.(*utils.ConcurrentMap)
 		if v, ok := group.Get(index); ok {
 			v.(*smux.Session).Close()
 		}
 		group.Set(index, session)
-		// s.clientControlConns.Set(key, session)
+		//s.log.Printf("set client session %s to group %s,grouplen:%d", index, groupKey, group.Count())
 		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
 			for {
 				if s.isStop {
 					return
@@ -203,10 +245,12 @@ func (s *MuxBridge) handler(inConn net.Conn) {
 					defer s.l.Unlock()
 					if sess, ok := group.Get(index); ok && sess.(*smux.Session).IsClosed() {
 						group.Remove(index)
+						//s.log.Printf("client session %s removed from group %s, grouplen:%d", key, groupKey, group.Count())
 						s.log.Printf("client connection %s released", key)
 					}
 					if group.IsEmpty() {
 						s.clientControlConns.Remove(groupKey)
+						//s.log.Printf("client session group %s removed", groupKey)
 					}
 					break
 				}
@@ -230,15 +274,20 @@ func (s *MuxBridge) callback(inConn net.Conn, serverID, key string) {
 		if key == "*" {
 			key = s.router.GetKey()
 		}
+		//s.log.Printf("server get client session %s", key)
 		_group, ok := s.clientControlConns.Get(key)
 		if !ok {
 			s.log.Printf("client %s session not exists for server stream %s, retrying...", key, serverID)
 			time.Sleep(time.Second * 3)
 			continue
 		}
-		group := _group.(*utils.ConcurrentMap)
-		keys := group.Keys()
+		group := _group.(*mapx.ConcurrentMap)
+		keys := []string{}
+		group.IterCb(func(key string, v interface{}) {
+			keys = append(keys, key)
+		})
 		keysLen := len(keys)
+		//s.log.Printf("client session %s , len:%d , keysLen: %d", key, group.Count(), keysLen)
 		i := 0
 		if keysLen > 0 {
 			i = rand.Intn(keysLen)
@@ -250,9 +299,9 @@ func (s *MuxBridge) callback(inConn net.Conn, serverID, key string) {
 		index := keys[i]
 		s.log.Printf("select client : %s-%s", key, index)
 		session, _ := group.Get(index)
-		session.(*smux.Session).SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		//session.(*smux.Session).SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
 		stream, err := session.(*smux.Session).OpenStream()
-		session.(*smux.Session).SetDeadline(time.Time{})
+		//session.(*smux.Session).SetDeadline(time.Time{})
 		if err != nil {
 			s.log.Printf("%s client session open stream %s fail, err: %s, retrying...", key, serverID, err)
 			time.Sleep(time.Second * 3)
@@ -262,10 +311,20 @@ func (s *MuxBridge) callback(inConn net.Conn, serverID, key string) {
 			die1 := make(chan bool, 1)
 			die2 := make(chan bool, 1)
 			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
 				io.Copy(stream, inConn)
 				die1 <- true
 			}()
 			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
 				io.Copy(inConn, stream)
 				die2 <- true
 			}()

services/mux/mux_client.go

@@ -0,0 +1,474 @@
+package mux
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/golang/snappy"
+	clienttransport "github.com/snail007/goproxy/core/cs/client"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/mapx"
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
+)
+
+type MuxClientArgs struct {
+	Parent       *string
+	ParentType   *string
+	CertFile     *string
+	KeyFile      *string
+	CertBytes    []byte
+	KeyBytes     []byte
+	Key          *string
+	Timeout      *int
+	IsCompress   *bool
+	SessionCount *int
+	KCP          kcpcfg.KCPConfigArgs
+	Jumper       *string
+	TCPSMethod   *string
+	TCPSPassword *string
+	TOUMethod    *string
+	TOUPassword  *string
+}
+type ClientUDPConnItem struct {
+	conn      *smux.Stream
+	isActive  bool
+	touchtime int64
+	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	udpConn   *net.UDPConn
+	connid    string
+}
+type MuxClient struct {
+	cfg      MuxClientArgs
+	isStop   bool
+	sessions mapx.ConcurrentMap
+	log      *logger.Logger
+	jumper   *jumper.Jumper
+	udpConns mapx.ConcurrentMap
+}
+
+func NewMuxClient() services.Service {
+	return &MuxClient{
+		cfg:      MuxClientArgs{},
+		isStop:   false,
+		sessions: mapx.NewConcurrentMap(),
+		udpConns: mapx.NewConcurrentMap(),
+	}
+}
+
+func (s *MuxClient) InitService() (err error) {
+	s.UDPGCDeamon()
+	return
+}
+
+func (s *MuxClient) CheckArgs() (err error) {
+	if *s.cfg.Parent != "" {
+		s.log.Printf("use tls parent %s", *s.cfg.Parent)
+	} else {
+		err = fmt.Errorf("parent required")
+		return
+	}
+	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
+		err = fmt.Errorf("cert and key file required")
+		return
+	}
+	if *s.cfg.ParentType == "tls" {
+		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+		if err != nil {
+			return
+		}
+	}
+	if *s.cfg.Jumper != "" {
+		if *s.cfg.ParentType != "tls" && *s.cfg.ParentType != "tcp" {
+			err = fmt.Errorf("jumper only worked of -T is tls or tcp")
+			return
+		}
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
+	return
+}
+func (s *MuxClient) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop client service crashed,%s", e)
+		} else {
+			s.log.Printf("service client stopped")
+		}
+		s.cfg = MuxClientArgs{}
+		s.jumper = nil
+		s.log = nil
+		s.sessions = nil
+		s.udpConns = nil
+		s = nil
+	}()
+	s.isStop = true
+	for _, sess := range s.sessions.Items() {
+		sess.(*smux.Session).Close()
+	}
+}
+func (s *MuxClient) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(MuxClientArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		return
+	}
+	s.log.Printf("client started")
+	count := 1
+	if *s.cfg.SessionCount > 0 {
+		count = *s.cfg.SessionCount
+	}
+	for i := 1; i <= count; i++ {
+		key := fmt.Sprintf("worker[%d]", i)
+		s.log.Printf("session %s started", key)
+		go func(i int) {
+			defer func() {
+				e := recover()
+				if e != nil {
+					s.log.Printf("session worker crashed: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
+			for {
+				if s.isStop {
+					return
+				}
+				conn, err := s.getParentConn()
+				if err != nil {
+					s.log.Printf("connection err: %s, retrying...", err)
+					time.Sleep(time.Second * 3)
+					continue
+				}
+				conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+				g := sync.WaitGroup{}
+				g.Add(1)
+				go func() {
+					defer func() {
+						_ = recover()
+						g.Done()
+					}()
+					_, err = conn.Write(utils.BuildPacket(CONN_CLIENT, fmt.Sprintf("%s-%d", *s.cfg.Key, i)))
+				}()
+				g.Wait()
+				conn.SetDeadline(time.Time{})
+				if err != nil {
+					conn.Close()
+					s.log.Printf("connection err: %s, retrying...", err)
+					time.Sleep(time.Second * 3)
+					continue
+				}
+				session, err := smux.Server(conn, nil)
+				if err != nil {
+					s.log.Printf("session err: %s, retrying...", err)
+					conn.Close()
+					time.Sleep(time.Second * 3)
+					continue
+				}
+				if _sess, ok := s.sessions.Get(key); ok {
+					_sess.(*smux.Session).Close()
+				}
+				s.sessions.Set(key, session)
+				for {
+					if s.isStop {
+						return
+					}
+					stream, err := session.AcceptStream()
+					if err != nil {
+						s.log.Printf("accept stream err: %s, retrying...", err)
+						session.Close()
+						time.Sleep(time.Second * 3)
+						break
+					}
+					go func() {
+						defer func() {
+							e := recover()
+							if e != nil {
+								s.log.Printf("stream handler crashed: %s", e)
+							}
+						}()
+						var ID, clientLocalAddr, serverID string
+						stream.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+						err = utils.ReadPacketData(stream, &ID, &clientLocalAddr, &serverID)
+						stream.SetDeadline(time.Time{})
+						if err != nil {
+							s.log.Printf("read stream signal err: %s", err)
+							stream.Close()
+							return
+						}
+						//s.log.Printf("worker[%d] signal revecived,server %s stream %s %s", i, serverID, ID, clientLocalAddr)
+						protocol := clientLocalAddr[:3]
+						localAddr := clientLocalAddr[4:]
+						if protocol == "udp" {
+							s.ServeUDP(stream, localAddr, ID)
+						} else {
+							s.ServeConn(stream, localAddr, ID)
+						}
+					}()
+				}
+			}
+		}(i)
+	}
+	return
+}
+func (s *MuxClient) Clean() {
+	s.StopService()
+}
+func (s *MuxClient) getParentConn() (conn net.Conn, err error) {
+	if *s.cfg.ParentType == "tls" {
+		if s.jumper == nil {
+			var _conn tls.Conn
+			_conn, err = clienttransport.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if err == nil {
+				conn = net.Conn(&_conn)
+			}
+		} else {
+			conf, e := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if e != nil {
+				return nil, e
+			}
+			var _c net.Conn
+			_c, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn = net.Conn(tls.Client(_c, conf))
+			}
+		}
+
+	} else if *s.cfg.ParentType == "kcp" {
+		conn, err = clienttransport.KCPConnectHost(*s.cfg.Parent, s.cfg.KCP)
+	} else if *s.cfg.ParentType == "tcps" {
+		if s.jumper == nil {
+			conn, err = clienttransport.TCPSConnectHost(*s.cfg.Parent, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword, false, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn, err = encryptconn.NewConn(conn, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword)
+			}
+		}
+
+	} else if *s.cfg.ParentType == "tou" {
+		conn, err = clienttransport.TOUConnectHost(*s.cfg.Parent, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword, false, *s.cfg.Timeout)
+	} else {
+		if s.jumper == nil {
+			conn, err = clienttransport.TCPConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		}
+	}
+	return
+}
+func (s *MuxClient) ServeUDP(inConn *smux.Stream, localAddr, ID string) {
+	var item *ClientUDPConnItem
+	var body []byte
+	var err error
+	srcAddr := ""
+	defer func() {
+		if item != nil {
+			(*item).conn.Close()
+			(*item).udpConn.Close()
+			s.udpConns.Remove(srcAddr)
+			inConn.Close()
+		}
+	}()
+	for {
+		if s.isStop {
+			return
+		}
+		srcAddr, body, err = utils.ReadUDPPacket(inConn)
+		if err != nil {
+			if strings.Contains(err.Error(), "n != int(") {
+				continue
+			}
+			if !utils.IsNetDeadlineErr(err) && err != io.EOF {
+				s.log.Printf("udp packet revecived from bridge fail, err: %s", err)
+			}
+			return
+		}
+		if v, ok := s.udpConns.Get(srcAddr); !ok {
+			_srcAddr, _ := net.ResolveUDPAddr("udp", srcAddr)
+			zeroAddr, _ := net.ResolveUDPAddr("udp", ":")
+			_localAddr, _ := net.ResolveUDPAddr("udp", localAddr)
+			c, err := net.DialUDP("udp", zeroAddr, _localAddr)
+			if err != nil {
+				s.log.Printf("create local udp conn fail, err : %s", err)
+				inConn.Close()
+				return
+			}
+			item = &ClientUDPConnItem{
+				conn:      inConn,
+				srcAddr:   _srcAddr,
+				localAddr: _localAddr,
+				udpConn:   c,
+				connid:    ID,
+			}
+			s.udpConns.Set(srcAddr, item)
+			s.UDPRevecive(srcAddr, ID)
+		} else {
+			item = v.(*ClientUDPConnItem)
+		}
+		(*item).touchtime = time.Now().Unix()
+		go func() {
+			defer func() { _ = recover() }()
+			(*item).udpConn.Write(body)
+		}()
+	}
+}
+func (s *MuxClient) UDPRevecive(key, ID string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", ID)
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s, connid : %s", key, ID)
+			return
+		}
+		cui := v.(*ClientUDPConnItem)
+		buf := utils.LeakyBuffer.Get()
+		defer func() {
+			utils.LeakyBuffer.Put(buf)
+			cui.conn.Close()
+			cui.udpConn.Close()
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", ID)
+		}()
+		for {
+			n, err := cui.udpConn.Read(buf)
+			if err != nil {
+				if !utils.IsNetClosedErr(err) {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			cui.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
+				cui.conn.SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+				_, err = cui.conn.Write(utils.UDPPacket(cui.srcAddr.String(), buf[:n]))
+				cui.conn.SetWriteDeadline(time.Time{})
+				if err != nil {
+					cui.udpConn.Close()
+					return
+				}
+			}()
+		}
+	}()
+}
+func (s *MuxClient) UDPGCDeamon() {
+	gctime := int64(30)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
+		for {
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*ClientUDPConnItem).touchtime > gctime {
+					(*(v.(*ClientUDPConnItem).conn)).Close()
+					(v.(*ClientUDPConnItem).udpConn).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", v.(*ClientUDPConnItem).connid)
+				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
+			}
+			gcKeys = nil
+		}
+	}()
+}
+func (s *MuxClient) ServeConn(inConn *smux.Stream, localAddr, ID string) {
+	var err error
+	var outConn net.Conn
+	i := 0
+	for {
+		if s.isStop {
+			return
+		}
+		i++
+		outConn, err = utils.ConnectHost(localAddr, *s.cfg.Timeout)
+		if err == nil || i == 3 {
+			break
+		} else {
+			if i == 3 {
+				s.log.Printf("connect to %s err: %s, retrying...", localAddr, err)
+				time.Sleep(2 * time.Second)
+				continue
+			}
+		}
+	}
+	if err != nil {
+		inConn.Close()
+		utils.CloseConn(&outConn)
+		s.log.Printf("build connection error, err: %s", err)
+		return
+	}
+
+	s.log.Printf("stream %s created", ID)
+	if *s.cfg.IsCompress {
+		die1 := make(chan bool, 1)
+		die2 := make(chan bool, 1)
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
+			io.Copy(outConn, snappy.NewReader(inConn))
+			die1 <- true
+		}()
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
+			io.Copy(snappy.NewWriter(inConn), outConn)
+			die2 <- true
+		}()
+		select {
+		case <-die1:
+		case <-die2:
+		}
+		outConn.Close()
+		inConn.Close()
+		s.log.Printf("%s stream %s released", *s.cfg.Key, ID)
+	} else {
+		utils.IoBind(inConn, outConn, func(err interface{}) {
+			s.log.Printf("stream %s released", ID)
+		}, s.log)
+	}
+}

services/mux/mux_server.go

@@ -1,4 +1,4 @@
-package services
+package mux
 
 import (
 	"crypto/tls"
@@ -12,37 +12,72 @@ import (
 	"strings"
 	"time"
 
+	clienttransport "github.com/snail007/goproxy/core/cs/client"
+	server "github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	encryptconn "github.com/snail007/goproxy/core/lib/transport/encrypt"
+	"github.com/snail007/goproxy/services"
 	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/mapx"
 
 	"github.com/golang/snappy"
-	"github.com/xtaci/smux"
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
 )
 
+const (
+	CONN_CLIENT_CONTROL = uint8(1)
+	CONN_SERVER         = uint8(4)
+	CONN_CLIENT         = uint8(5)
+)
+
+type MuxServerArgs struct {
+	Parent       *string
+	ParentType   *string
+	CertFile     *string
+	KeyFile      *string
+	CertBytes    []byte
+	KeyBytes     []byte
+	Local        *string
+	IsUDP        *bool
+	Key          *string
+	Remote       *string
+	Timeout      *int
+	Route        *[]string
+	Mgr          *MuxServerManager
+	IsCompress   *bool
+	SessionCount *int
+	KCP          kcpcfg.KCPConfigArgs
+	Jumper       *string
+	TCPSMethod   *string
+	TCPSPassword *string
+	TOUMethod    *string
+	TOUPassword  *string
+}
 type MuxServer struct {
 	cfg      MuxServerArgs
-	udpChn   chan MuxUDPItem
-	sc       utils.ServerChannel
-	sessions utils.ConcurrentMap
+	sc       server.ServerChannel
+	sessions mapx.ConcurrentMap
 	lockChn  chan bool
 	isStop   bool
-	udpConn  *net.Conn
 	log      *logger.Logger
+	jumper   *jumper.Jumper
+	udpConns mapx.ConcurrentMap
 }
 
 type MuxServerManager struct {
 	cfg      MuxServerArgs
-	udpChn   chan MuxUDPItem
 	serverID string
-	servers  []*Service
+	servers  []*services.Service
 	log      *logger.Logger
 }
 
-func NewMuxServerManager() Service {
+func NewMuxServerManager() services.Service {
 	return &MuxServerManager{
 		cfg:      MuxServerArgs{},
-		udpChn:   make(chan MuxUDPItem, 50000),
 		serverID: utils.Uniqueid(),
-		servers:  []*Service{},
+		servers:  []*services.Service{},
 	}
 }
 
@@ -104,6 +139,11 @@ func (s *MuxServerManager) Start(args interface{}, log *logger.Logger) (err erro
 			SessionCount: s.cfg.SessionCount,
 			KCP:          s.cfg.KCP,
 			ParentType:   s.cfg.ParentType,
+			Jumper:       s.cfg.Jumper,
+			TCPSMethod:   s.cfg.TCPSMethod,
+			TCPSPassword: s.cfg.TCPSPassword,
+			TOUMethod:    s.cfg.TOUMethod,
+			TOUPassword:  s.cfg.TOUPassword,
 		}, log)
 
 		if err != nil {
@@ -120,6 +160,11 @@ func (s *MuxServerManager) StopService() {
 	for _, server := range s.servers {
 		(*server).Clean()
 	}
+	s.cfg = MuxServerArgs{}
+	s.log = nil
+	s.serverID = ""
+	s.servers = nil
+	s = nil
 }
 func (s *MuxServerManager) CheckArgs() (err error) {
 	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
@@ -138,20 +183,22 @@ func (s *MuxServerManager) InitService() (err error) {
 	return
 }
 
-func NewMuxServer() Service {
+func NewMuxServer() services.Service {
 	return &MuxServer{
 		cfg:      MuxServerArgs{},
-		udpChn:   make(chan MuxUDPItem, 50000),
 		lockChn:  make(chan bool, 1),
-		sessions: utils.NewConcurrentMap(),
+		sessions: mapx.NewConcurrentMap(),
 		isStop:   false,
+		udpConns: mapx.NewConcurrentMap(),
 	}
 }
 
-type MuxUDPItem struct {
-	packet    *[]byte
-	localAddr *net.UDPAddr
+type MuxUDPConnItem struct {
+	conn      *net.Conn
+	touchtime int64
 	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	connid    string
 }
 
 func (s *MuxServer) StopService() {
@@ -160,8 +207,16 @@ func (s *MuxServer) StopService() {
 		if e != nil {
 			s.log.Printf("stop server service crashed,%s", e)
 		} else {
-			s.log.Printf("service server stoped")
+			s.log.Printf("service server stopped")
 		}
+		s.cfg = MuxServerArgs{}
+		s.jumper = nil
+		s.lockChn = nil
+		s.log = nil
+		s.sc = server.ServerChannel{}
+		s.sessions = nil
+		s.udpConns = nil
+		s = nil
 	}()
 	s.isStop = true
 	for _, sess := range s.sessions.Items() {
@@ -173,12 +228,9 @@ func (s *MuxServer) StopService() {
 	if s.sc.UDPListener != nil {
 		(*s.sc.UDPListener).Close()
 	}
-	if s.udpConn != nil {
-		(*s.udpConn).Close()
-	}
 }
 func (s *MuxServer) InitService() (err error) {
-	s.UDPConnDeamon()
+	s.UDPGCDeamon()
 	return
 }
 func (s *MuxServer) CheckArgs() (err error) {
@@ -186,6 +238,19 @@ func (s *MuxServer) CheckArgs() (err error) {
 		err = fmt.Errorf("remote required")
 		return
 	}
+	if *s.cfg.Jumper != "" {
+		if *s.cfg.ParentType != "tls" && *s.cfg.ParentType != "tcp" {
+			err = fmt.Errorf("jumper only worked of -T is tls or tcp")
+			return
+		}
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
 	return
 }
 
@@ -200,14 +265,10 @@ func (s *MuxServer) Start(args interface{}, log *logger.Logger) (err error) {
 	}
 	host, port, _ := net.SplitHostPort(*s.cfg.Local)
 	p, _ := strconv.Atoi(port)
-	s.sc = utils.NewServerChannel(host, p, s.log)
+	s.sc = server.NewServerChannel(host, p, s.log)
 	if *s.cfg.IsUDP {
-		err = s.sc.ListenUDP(func(packet []byte, localAddr, srcAddr *net.UDPAddr) {
-			s.udpChn <- MuxUDPItem{
-				packet:    &packet,
-				localAddr: localAddr,
-				srcAddr:   srcAddr,
-			}
+		err = s.sc.ListenUDP(func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
+			s.UDPSend(packet, localAddr, srcAddr)
 		})
 		if err != nil {
 			return
@@ -241,10 +302,20 @@ func (s *MuxServer) Start(args interface{}, log *logger.Logger) (err error) {
 				die1 := make(chan bool, 1)
 				die2 := make(chan bool, 1)
 				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+						}
+					}()
 					io.Copy(inConn, snappy.NewReader(outConn))
 					die1 <- true
 				}()
 				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+						}
+					}()
 					io.Copy(snappy.NewWriter(outConn), inConn)
 					die2 <- true
 				}()
@@ -278,7 +349,9 @@ func (s *MuxServer) GetOutConn() (outConn net.Conn, ID string, err error) {
 	}
 	outConn, err = s.GetConn(fmt.Sprintf("%d", i))
 	if err != nil {
-		s.log.Printf("connection err: %s", err)
+		if !strings.Contains(err.Error(), "can not connect at same time") {
+			s.log.Printf("connection err: %s", err)
+		}
 		return
 	}
 	remoteAddr := "tcp:" + *s.cfg.Remote
@@ -333,6 +406,11 @@ func (s *MuxServer) GetConn(index string) (conn net.Conn, err error) {
 		s.sessions.Set(index, session)
 		s.log.Printf("session[%s] created", index)
 		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
 			for {
 				if s.isStop {
 					return
@@ -356,99 +434,169 @@ func (s *MuxServer) GetConn(index string) (conn net.Conn, err error) {
 }
 func (s *MuxServer) getParentConn() (conn net.Conn, err error) {
 	if *s.cfg.ParentType == "tls" {
-		var _conn tls.Conn
-		_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
-		if err == nil {
-			conn = net.Conn(&_conn)
+		if s.jumper == nil {
+			var _conn tls.Conn
+			_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if err == nil {
+				conn = net.Conn(&_conn)
+			}
+		} else {
+			conf, err := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if err != nil {
+				return nil, err
+			}
+			var _c net.Conn
+			_c, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn = net.Conn(tls.Client(_c, conf))
+			}
 		}
+
 	} else if *s.cfg.ParentType == "kcp" {
 		conn, err = utils.ConnectKCPHost(*s.cfg.Parent, s.cfg.KCP)
+	} else if *s.cfg.ParentType == "tcps" {
+		if s.jumper == nil {
+			conn, err = clienttransport.TCPSConnectHost(*s.cfg.Parent, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword, false, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn, err = encryptconn.NewConn(conn, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword)
+			}
+		}
+
+	} else if *s.cfg.ParentType == "tou" {
+		conn, err = clienttransport.TOUConnectHost(*s.cfg.Parent, *s.cfg.TCPSMethod, *s.cfg.TCPSPassword, false, *s.cfg.Timeout)
 	} else {
-		conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
+		if s.jumper == nil {
+			conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		}
 	}
 	return
 }
-func (s *MuxServer) UDPConnDeamon() {
+func (s *MuxServer) UDPGCDeamon() {
+	gctime := int64(30)
 	go func() {
 		defer func() {
-			if err := recover(); err != nil {
-				s.log.Printf("udp conn deamon crashed with err : %s \nstack: %s", err, string(debug.Stack()))
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
 			}
 		}()
-		var outConn net.Conn
-		var ID string
-		var err error
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
 		for {
-			if s.isStop {
-				return
-			}
-			item := <-s.udpChn
-		RETRY:
-			if s.isStop {
-				return
-			}
-			if outConn == nil {
-				for {
-					if s.isStop {
-						return
-					}
-					outConn, ID, err = s.GetOutConn()
-					if err != nil {
-						outConn = nil
-						utils.CloseConn(&outConn)
-						s.log.Printf("connect to %s fail, err: %s, retrying...", *s.cfg.Parent, err)
-						time.Sleep(time.Second * 3)
-						continue
-					} else {
-						go func(outConn net.Conn, ID string) {
-							if s.udpConn != nil {
-								(*s.udpConn).Close()
-							}
-							s.udpConn = &outConn
-							for {
-								if s.isStop {
-									return
-								}
-								outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-								srcAddrFromConn, body, err := utils.ReadUDPPacket(outConn)
-								outConn.SetDeadline(time.Time{})
-								if err != nil {
-									s.log.Printf("parse revecived udp packet fail, err: %s ,%v", err, body)
-									s.log.Printf("UDP deamon connection %s exited", ID)
-									break
-								}
-								//s.log.Printf("udp packet revecived over parent , local:%s", srcAddrFromConn)
-								_srcAddr := strings.Split(srcAddrFromConn, ":")
-								if len(_srcAddr) != 2 {
-									s.log.Printf("parse revecived udp packet fail, addr error : %s", srcAddrFromConn)
-									continue
-								}
-								port, _ := strconv.Atoi(_srcAddr[1])
-								dstAddr := &net.UDPAddr{IP: net.ParseIP(_srcAddr[0]), Port: port}
-								s.sc.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-								_, err = s.sc.UDPListener.WriteToUDP(body, dstAddr)
-								s.sc.UDPListener.SetDeadline(time.Time{})
-								if err != nil {
-									s.log.Printf("udp response to local %s fail,ERR:%s", srcAddrFromConn, err)
-									continue
-								}
-								//s.log.Printf("udp response to local %s success , %v", srcAddrFromConn, body)
-							}
-						}(outConn, ID)
-						break
-					}
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*MuxUDPConnItem).touchtime > gctime {
+					(*(v.(*MuxUDPConnItem).conn)).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", v.(*MuxUDPConnItem).connid)
 				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
 			}
-			outConn.SetWriteDeadline(time.Now().Add(time.Second))
-			_, err = outConn.Write(utils.UDPPacket(item.srcAddr.String(), *item.packet))
-			outConn.SetWriteDeadline(time.Time{})
-			if err != nil {
-				utils.CloseConn(&outConn)
-				outConn = nil
-				s.log.Printf("write udp packet to %s fail ,flush err:%s ,retrying...", *s.cfg.Parent, err)
-				goto RETRY
-			}
-			//s.log.Printf("write packet %v", *item.packet)
+			gcKeys = nil
+		}
+	}()
+}
+func (s *MuxServer) UDPSend(data []byte, localAddr, srcAddr *net.UDPAddr) {
+	var (
+		uc      *MuxUDPConnItem
+		key     = srcAddr.String()
+		ID      string
+		err     error
+		outconn net.Conn
+	)
+	v, ok := s.udpConns.Get(key)
+	if !ok {
+		for {
+			outconn, ID, err = s.GetOutConn()
+			if err != nil && strings.Contains(err.Error(), "can not connect at same time") {
+				time.Sleep(time.Millisecond * 500)
+				continue
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			s.log.Printf("connect to %s fail, err: %s", *s.cfg.Parent, err)
+			return
+		}
+		uc = &MuxUDPConnItem{
+			conn:      &outconn,
+			srcAddr:   srcAddr,
+			localAddr: localAddr,
+			connid:    ID,
+		}
+		s.udpConns.Set(key, uc)
+		s.UDPRevecive(key, ID)
+	} else {
+		uc = v.(*MuxUDPConnItem)
+	}
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				(*uc.conn).Close()
+				s.udpConns.Remove(key)
+				s.log.Printf("udp sender crashed with error : %s", e)
+			}
+		}()
+		uc.touchtime = time.Now().Unix()
+		(*uc.conn).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		_, err = (*uc.conn).Write(utils.UDPPacket(srcAddr.String(), data))
+		(*uc.conn).SetWriteDeadline(time.Time{})
+		if err != nil {
+			s.log.Printf("write udp packet to %s fail ,flush err:%s ", *s.cfg.Parent, err)
+		}
+	}()
+}
+func (s *MuxServer) UDPRevecive(key, ID string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", ID)
+		var uc *MuxUDPConnItem
+		defer func() {
+			if uc != nil {
+				(*uc.conn).Close()
+			}
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", ID)
+		}()
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s, connid : %s", key, ID)
+			return
+		}
+		uc = v.(*MuxUDPConnItem)
+		for {
+			_, body, err := utils.ReadUDPPacket(*uc.conn)
+			if err != nil {
+				if strings.Contains(err.Error(), "n != int(") {
+					continue
+				}
+				if err != io.EOF {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			uc.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
+				s.sc.UDPListener.WriteToUDP(body, uc.srcAddr)
+			}()
 		}
 	}()
 }

services/mux_client.go

@@ -1,305 +0,0 @@
-package services
-
-import (
-	"crypto/tls"
-	"fmt"
-	"io"
-	logger "log"
-	"net"
-	"time"
-
-	"github.com/snail007/goproxy/utils"
-
-	"github.com/golang/snappy"
-	"github.com/xtaci/smux"
-)
-
-type MuxClient struct {
-	cfg      MuxClientArgs
-	isStop   bool
-	sessions utils.ConcurrentMap
-	log      *logger.Logger
-}
-
-func NewMuxClient() Service {
-	return &MuxClient{
-		cfg:      MuxClientArgs{},
-		isStop:   false,
-		sessions: utils.NewConcurrentMap(),
-	}
-}
-
-func (s *MuxClient) InitService() (err error) {
-	return
-}
-
-func (s *MuxClient) CheckArgs() (err error) {
-	if *s.cfg.Parent != "" {
-		s.log.Printf("use tls parent %s", *s.cfg.Parent)
-	} else {
-		err = fmt.Errorf("parent required")
-		return
-	}
-	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
-		err = fmt.Errorf("cert and key file required")
-		return
-	}
-	if *s.cfg.ParentType == "tls" {
-		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-func (s *MuxClient) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop client service crashed,%s", e)
-		} else {
-			s.log.Printf("service client stoped")
-		}
-	}()
-	s.isStop = true
-	for _, sess := range s.sessions.Items() {
-		sess.(*smux.Session).Close()
-	}
-}
-func (s *MuxClient) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	s.cfg = args.(MuxClientArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	if err = s.InitService(); err != nil {
-		return
-	}
-	s.log.Printf("client started")
-	count := 1
-	if *s.cfg.SessionCount > 0 {
-		count = *s.cfg.SessionCount
-	}
-	for i := 1; i <= count; i++ {
-		key := fmt.Sprintf("worker[%d]", i)
-		s.log.Printf("session %s started", key)
-		go func(i int) {
-			defer func() {
-				e := recover()
-				if e != nil {
-					s.log.Printf("session worker crashed: %s", e)
-				}
-			}()
-			for {
-				if s.isStop {
-					return
-				}
-				conn, err := s.getParentConn()
-				if err != nil {
-					s.log.Printf("connection err: %s, retrying...", err)
-					time.Sleep(time.Second * 3)
-					continue
-				}
-				conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-				_, err = conn.Write(utils.BuildPacket(CONN_CLIENT, fmt.Sprintf("%s-%d", *s.cfg.Key, i)))
-				conn.SetDeadline(time.Time{})
-				if err != nil {
-					conn.Close()
-					s.log.Printf("connection err: %s, retrying...", err)
-					time.Sleep(time.Second * 3)
-					continue
-				}
-				session, err := smux.Server(conn, nil)
-				if err != nil {
-					s.log.Printf("session err: %s, retrying...", err)
-					conn.Close()
-					time.Sleep(time.Second * 3)
-					continue
-				}
-				if _sess, ok := s.sessions.Get(key); ok {
-					_sess.(*smux.Session).Close()
-				}
-				s.sessions.Set(key, session)
-				for {
-					if s.isStop {
-						return
-					}
-					stream, err := session.AcceptStream()
-					if err != nil {
-						s.log.Printf("accept stream err: %s, retrying...", err)
-						session.Close()
-						time.Sleep(time.Second * 3)
-						break
-					}
-					go func() {
-						defer func() {
-							e := recover()
-							if e != nil {
-								s.log.Printf("stream handler crashed: %s", e)
-							}
-						}()
-						var ID, clientLocalAddr, serverID string
-						stream.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-						err = utils.ReadPacketData(stream, &ID, &clientLocalAddr, &serverID)
-						stream.SetDeadline(time.Time{})
-						if err != nil {
-							s.log.Printf("read stream signal err: %s", err)
-							stream.Close()
-							return
-						}
-						s.log.Printf("worker[%d] signal revecived,server %s stream %s %s", i, serverID, ID, clientLocalAddr)
-						protocol := clientLocalAddr[:3]
-						localAddr := clientLocalAddr[4:]
-						if protocol == "udp" {
-							s.ServeUDP(stream, localAddr, ID)
-						} else {
-							s.ServeConn(stream, localAddr, ID)
-						}
-					}()
-				}
-			}
-		}(i)
-	}
-	return
-}
-func (s *MuxClient) Clean() {
-	s.StopService()
-}
-func (s *MuxClient) getParentConn() (conn net.Conn, err error) {
-	if *s.cfg.ParentType == "tls" {
-		var _conn tls.Conn
-		_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
-		if err == nil {
-			conn = net.Conn(&_conn)
-		}
-	} else if *s.cfg.ParentType == "kcp" {
-		conn, err = utils.ConnectKCPHost(*s.cfg.Parent, s.cfg.KCP)
-	} else {
-		conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
-	}
-	return
-}
-func (s *MuxClient) ServeUDP(inConn *smux.Stream, localAddr, ID string) {
-
-	for {
-		if s.isStop {
-			return
-		}
-		inConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		srcAddr, body, err := utils.ReadUDPPacket(inConn)
-		inConn.SetDeadline(time.Time{})
-		if err != nil {
-			s.log.Printf("udp packet revecived fail, err: %s", err)
-			s.log.Printf("connection %s released", ID)
-			inConn.Close()
-			break
-		} else {
-			//s.log.Printf("udp packet revecived:%s,%v", srcAddr, body)
-			go func() {
-				defer func() {
-					if e := recover(); e != nil {
-						s.log.Printf("client processUDPPacket crashed,err: %s", e)
-					}
-				}()
-				s.processUDPPacket(inConn, srcAddr, localAddr, body)
-			}()
-
-		}
-
-	}
-	// }
-}
-func (s *MuxClient) processUDPPacket(inConn *smux.Stream, srcAddr, localAddr string, body []byte) {
-	dstAddr, err := net.ResolveUDPAddr("udp", localAddr)
-	if err != nil {
-		s.log.Printf("can't resolve address: %s", err)
-		inConn.Close()
-		return
-	}
-	clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-	conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-	if err != nil {
-		s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-	_, err = conn.Write(body)
-	conn.SetDeadline(time.Time{})
-	if err != nil {
-		s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	//s.log.Printf("send udp packet to %s success", dstAddr.String())
-	buf := make([]byte, 1024)
-	conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-	length, _, err := conn.ReadFromUDP(buf)
-	conn.SetDeadline(time.Time{})
-	if err != nil {
-		s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	respBody := buf[0:length]
-	//s.log.Printf("revecived udp packet from %s , %v", dstAddr.String(), respBody)
-	bs := utils.UDPPacket(srcAddr, respBody)
-	(*inConn).SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-	_, err = (*inConn).Write(bs)
-	(*inConn).SetDeadline(time.Time{})
-	if err != nil {
-		s.log.Printf("send udp response fail ,ERR:%s", err)
-		inConn.Close()
-		return
-	}
-	//s.log.Printf("send udp response success ,from:%s ,%d ,%v", dstAddr.String(), len(bs), bs)
-}
-func (s *MuxClient) ServeConn(inConn *smux.Stream, localAddr, ID string) {
-	var err error
-	var outConn net.Conn
-	i := 0
-	for {
-		if s.isStop {
-			return
-		}
-		i++
-		outConn, err = utils.ConnectHost(localAddr, *s.cfg.Timeout)
-		if err == nil || i == 3 {
-			break
-		} else {
-			if i == 3 {
-				s.log.Printf("connect to %s err: %s, retrying...", localAddr, err)
-				time.Sleep(2 * time.Second)
-				continue
-			}
-		}
-	}
-	if err != nil {
-		inConn.Close()
-		utils.CloseConn(&outConn)
-		s.log.Printf("build connection error, err: %s", err)
-		return
-	}
-
-	s.log.Printf("stream %s created", ID)
-	if *s.cfg.IsCompress {
-		die1 := make(chan bool, 1)
-		die2 := make(chan bool, 1)
-		go func() {
-			io.Copy(outConn, snappy.NewReader(inConn))
-			die1 <- true
-		}()
-		go func() {
-			io.Copy(snappy.NewWriter(inConn), outConn)
-			die2 <- true
-		}()
-		select {
-		case <-die1:
-		case <-die2:
-		}
-		outConn.Close()
-		inConn.Close()
-		s.log.Printf("%s stream %s released", *s.cfg.Key, ID)
-	} else {
-		utils.IoBind(inConn, outConn, func(err interface{}) {
-			s.log.Printf("stream %s released", ID)
-		}, s.log)
-	}
-}

services/service.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	logger "log"
 	"runtime/debug"
+	"sync"
 )
 
 type Service interface {
@@ -17,31 +18,35 @@ type ServiceItem struct {
 	Log  *logger.Logger
 }
 
-var servicesMap = map[string]*ServiceItem{}
+var servicesMap = sync.Map{}
 
 func Regist(name string, s Service, args interface{}, log *logger.Logger) {
 	Stop(name)
-	servicesMap[name] = &ServiceItem{
+	servicesMap.Store(name, &ServiceItem{
 		S:    s,
 		Args: args,
 		Name: name,
 		Log:  log,
-	}
+	})
 }
 func GetService(name string) *ServiceItem {
-	if s, ok := servicesMap[name]; ok && s.S != nil {
-		return s
+	if s, ok := servicesMap.Load(name); ok && s.(*ServiceItem).S != nil {
+		return s.(*ServiceItem)
 	}
 	return nil
 
 }
 func Stop(name string) {
-	if s, ok := servicesMap[name]; ok && s.S != nil {
-		s.S.Clean()
+	if s, ok := servicesMap.Load(name); ok && s.(*ServiceItem).S != nil {
+		s.(*ServiceItem).S.Clean()
+		*s.(*ServiceItem) = ServiceItem{}
+		s = nil
+		servicesMap.Store(name, nil)
+		servicesMap.Delete(name)
 	}
 }
 func Run(name string, args interface{}) (service *ServiceItem, err error) {
-	service, ok := servicesMap[name]
+	_service, ok := servicesMap.Load(name)
 	if ok {
 		defer func() {
 			e := recover()
@@ -49,6 +54,7 @@ func Run(name string, args interface{}) (service *ServiceItem, err error) {
 				err = fmt.Errorf("%s servcie crashed, ERR: %s\ntrace:%s", name, e, string(debug.Stack()))
 			}
 		}()
+		service = _service.(*ServiceItem)
 		if args != nil {
 			err = service.S.Start(args, service.Log)
 		} else {

services/socks.go

@@ -1,768 +0,0 @@
-package services
-
-import (
-	"crypto/tls"
-	"fmt"
-	"io/ioutil"
-	logger "log"
-	"net"
-	"runtime/debug"
-	"strings"
-	"time"
-
-	"github.com/snail007/goproxy/utils"
-	"github.com/snail007/goproxy/utils/aes"
-	"github.com/snail007/goproxy/utils/conncrypt"
-	"github.com/snail007/goproxy/utils/socks"
-
-	"golang.org/x/crypto/ssh"
-)
-
-type Socks struct {
-	cfg            SocksArgs
-	checker        utils.Checker
-	basicAuth      utils.BasicAuth
-	sshClient      *ssh.Client
-	lockChn        chan bool
-	udpSC          utils.ServerChannel
-	sc             *utils.ServerChannel
-	domainResolver utils.DomainResolver
-	isStop         bool
-	userConns      utils.ConcurrentMap
-	log            *logger.Logger
-}
-
-func NewSocks() Service {
-	return &Socks{
-		cfg:       SocksArgs{},
-		checker:   utils.Checker{},
-		basicAuth: utils.BasicAuth{},
-		lockChn:   make(chan bool, 1),
-		isStop:    false,
-		userConns: utils.NewConcurrentMap(),
-	}
-}
-
-func (s *Socks) CheckArgs() (err error) {
-
-	if *s.cfg.LocalType == "tls" || (*s.cfg.Parent != "" && *s.cfg.ParentType == "tls") {
-		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-		if err != nil {
-			return
-		}
-		if *s.cfg.CaCertFile != "" {
-			s.cfg.CaCertBytes, err = ioutil.ReadFile(*s.cfg.CaCertFile)
-			if err != nil {
-				err = fmt.Errorf("read ca file error,ERR:%s", err)
-				return
-			}
-		}
-	}
-	if *s.cfg.Parent != "" {
-		if *s.cfg.ParentType == "" {
-			err = fmt.Errorf("parent type unkown,use -T <tls|tcp|ssh|kcp>")
-			return
-		}
-		host, _, e := net.SplitHostPort(*s.cfg.Parent)
-		if e != nil {
-			err = fmt.Errorf("parent format error : %s", e)
-			return
-		}
-		if *s.cfg.UDPParent == "" {
-			*s.cfg.UDPParent = net.JoinHostPort(host, "33090")
-		}
-		if strings.HasPrefix(*s.cfg.UDPParent, ":") {
-			*s.cfg.UDPParent = net.JoinHostPort(host, strings.TrimLeft(*s.cfg.UDPParent, ":"))
-		}
-		if *s.cfg.ParentType == "ssh" {
-			if *s.cfg.SSHUser == "" {
-				err = fmt.Errorf("ssh user required")
-				return
-			}
-			if *s.cfg.SSHKeyFile == "" && *s.cfg.SSHPassword == "" {
-				err = fmt.Errorf("ssh password or key required")
-				return
-			}
-			if *s.cfg.SSHPassword != "" {
-				s.cfg.SSHAuthMethod = ssh.Password(*s.cfg.SSHPassword)
-			} else {
-				var SSHSigner ssh.Signer
-				s.cfg.SSHKeyBytes, err = ioutil.ReadFile(*s.cfg.SSHKeyFile)
-				if err != nil {
-					err = fmt.Errorf("read key file ERR: %s", err)
-					return
-				}
-				if *s.cfg.SSHKeyFileSalt != "" {
-					SSHSigner, err = ssh.ParsePrivateKeyWithPassphrase(s.cfg.SSHKeyBytes, []byte(*s.cfg.SSHKeyFileSalt))
-				} else {
-					SSHSigner, err = ssh.ParsePrivateKey(s.cfg.SSHKeyBytes)
-				}
-				if err != nil {
-					err = fmt.Errorf("parse ssh private key fail,ERR: %s", err)
-					return
-				}
-				s.cfg.SSHAuthMethod = ssh.PublicKeys(SSHSigner)
-			}
-		}
-	}
-	return
-}
-func (s *Socks) InitService() (err error) {
-	s.InitBasicAuth()
-	if *s.cfg.DNSAddress != "" {
-		(*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
-	}
-	s.checker = utils.NewChecker(*s.cfg.Timeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log)
-	if *s.cfg.ParentType == "ssh" {
-		e := s.ConnectSSH()
-		if e != nil {
-			err = fmt.Errorf("init service fail, ERR: %s", e)
-			return
-		}
-		go func() {
-			//循环检查ssh网络连通性
-			for {
-				if s.isStop {
-					return
-				}
-				conn, err := utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout*2)
-				if err == nil {
-					conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-					_, err = conn.Write([]byte{0})
-					conn.SetDeadline(time.Time{})
-				}
-				if err != nil {
-					if s.sshClient != nil {
-						s.sshClient.Close()
-					}
-					s.log.Printf("ssh offline, retrying...")
-					s.ConnectSSH()
-				} else {
-					conn.Close()
-				}
-				time.Sleep(time.Second * 3)
-			}
-		}()
-	}
-	if *s.cfg.ParentType == "ssh" {
-		s.log.Printf("warn: socks udp not suppored for ssh")
-	} else {
-		s.udpSC = utils.NewServerChannelHost(*s.cfg.UDPLocal, s.log)
-		e := s.udpSC.ListenUDP(s.udpCallback)
-		if e != nil {
-			err = fmt.Errorf("init udp service fail, ERR: %s", e)
-			return
-		}
-		s.log.Printf("udp socks proxy on %s", s.udpSC.UDPListener.LocalAddr())
-	}
-	return
-}
-func (s *Socks) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop socks service crashed,%s", e)
-		} else {
-			s.log.Printf("service socks stoped")
-		}
-	}()
-	s.isStop = true
-	s.checker.Stop()
-	if s.sshClient != nil {
-		s.sshClient.Close()
-	}
-	if s.udpSC.UDPListener != nil {
-		s.udpSC.UDPListener.Close()
-	}
-	if s.sc != nil && (*s.sc).Listener != nil {
-		(*(*s.sc).Listener).Close()
-	}
-	for _, c := range s.userConns.Items() {
-		(*c.(*net.Conn)).Close()
-	}
-}
-func (s *Socks) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	//start()
-	s.cfg = args.(SocksArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	if err = s.InitService(); err != nil {
-		s.InitService()
-	}
-	if *s.cfg.Parent != "" {
-		s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
-	}
-	if *s.cfg.UDPParent != "" {
-		s.log.Printf("use socks udp parent %s", *s.cfg.UDPParent)
-	}
-	sc := utils.NewServerChannelHost(*s.cfg.Local, s.log)
-	if *s.cfg.LocalType == TYPE_TCP {
-		err = sc.ListenTCP(s.socksConnCallback)
-	} else if *s.cfg.LocalType == TYPE_TLS {
-		err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.socksConnCallback)
-	} else if *s.cfg.LocalType == TYPE_KCP {
-		err = sc.ListenKCP(s.cfg.KCP, s.socksConnCallback, s.log)
-	}
-	if err != nil {
-		return
-	}
-	s.sc = &sc
-	s.log.Printf("%s socks proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
-	return
-}
-func (s *Socks) Clean() {
-	s.StopService()
-}
-func (s *Socks) UDPKey() []byte {
-	return s.cfg.KeyBytes[:32]
-}
-func (s *Socks) udpCallback(b []byte, localAddr, srcAddr *net.UDPAddr) {
-	rawB := b
-	var err error
-	if *s.cfg.LocalType == "tls" {
-		//decode b
-		rawB, err = goaes.Decrypt(s.UDPKey(), b)
-		if err != nil {
-			s.log.Printf("decrypt udp packet fail from %s", srcAddr.String())
-			return
-		}
-	}
-	p, err := socks.ParseUDPPacket(rawB)
-	s.log.Printf("udp revecived:%v", len(p.Data()))
-	if err != nil {
-		s.log.Printf("parse udp packet fail, ERR:%s", err)
-		return
-	}
-	//防止死循环
-	if s.IsDeadLoop((*localAddr).String(), p.Host()) {
-		s.log.Printf("dead loop detected , %s", p.Host())
-		return
-	}
-	//s.log.Printf("##########udp to -> %s:%s###########", p.Host(), p.Port())
-	if *s.cfg.Parent != "" {
-		//有上级代理,转发给上级
-		if *s.cfg.ParentType == "tls" {
-			//encode b
-			rawB, err = goaes.Encrypt(s.UDPKey(), rawB)
-			if err != nil {
-				s.log.Printf("encrypt udp data fail to %s", *s.cfg.Parent)
-				return
-			}
-		}
-		parent := *s.cfg.UDPParent
-		if parent == "" {
-			parent = *s.cfg.Parent
-		}
-		dstAddr, err := net.ResolveUDPAddr("udp", s.Resolve(parent))
-		if err != nil {
-			s.log.Printf("can't resolve address: %s", err)
-			return
-		}
-		clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-		conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-		if err != nil {
-			s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-			return
-		}
-		conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout*5)))
-		_, err = conn.Write(rawB)
-		conn.SetDeadline(time.Time{})
-		s.log.Printf("udp request:%v", len(rawB))
-		if err != nil {
-			s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-			conn.Close()
-			return
-		}
-
-		//s.log.Printf("send udp packet to %s success", dstAddr.String())
-		buf := make([]byte, 10*1024)
-		conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		length, _, err := conn.ReadFromUDP(buf)
-		conn.SetDeadline(time.Time{})
-		if err != nil {
-			s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-			conn.Close()
-			return
-		}
-		respBody := buf[0:length]
-		s.log.Printf("udp response:%v", len(respBody))
-		//s.log.Printf("revecived udp packet from %s", dstAddr.String())
-		if *s.cfg.ParentType == "tls" {
-			//decode b
-			respBody, err = goaes.Decrypt(s.UDPKey(), respBody)
-			if err != nil {
-				s.log.Printf("encrypt udp data fail to %s", *s.cfg.Parent)
-				conn.Close()
-				return
-			}
-		}
-		if *s.cfg.LocalType == "tls" {
-			d, err := goaes.Encrypt(s.UDPKey(), respBody)
-			if err != nil {
-				s.log.Printf("encrypt udp data fail from %s", dstAddr.String())
-				conn.Close()
-				return
-			}
-			s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			s.udpSC.UDPListener.WriteToUDP(d, srcAddr)
-			s.udpSC.UDPListener.SetDeadline(time.Time{})
-			s.log.Printf("udp reply:%v", len(d))
-			d = nil
-		} else {
-			s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			s.udpSC.UDPListener.WriteToUDP(respBody, srcAddr)
-			s.udpSC.UDPListener.SetDeadline(time.Time{})
-			s.log.Printf("udp reply:%v", len(respBody))
-		}
-
-	} else {
-		//本地代理
-		dstAddr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(s.Resolve(p.Host()), p.Port()))
-		if err != nil {
-			s.log.Printf("can't resolve address: %s", err)
-			return
-		}
-		clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-		conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-		if err != nil {
-			s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-			return
-		}
-		conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout*3)))
-		_, err = conn.Write(p.Data())
-		conn.SetDeadline(time.Time{})
-		s.log.Printf("udp send:%v", len(p.Data()))
-		if err != nil {
-			s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-			conn.Close()
-			return
-		}
-		//s.log.Printf("send udp packet to %s success", dstAddr.String())
-		buf := make([]byte, 10*1024)
-		conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		length, _, err := conn.ReadFromUDP(buf)
-		conn.SetDeadline(time.Time{})
-
-		if err != nil {
-			s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-			conn.Close()
-			return
-		}
-		respBody := buf[0:length]
-		//封装来自真实服务器的数据,返回给访问者
-		respPacket := p.NewReply(respBody)
-		//s.log.Printf("revecived udp packet from %s", dstAddr.String())
-		if *s.cfg.LocalType == "tls" {
-			d, err := goaes.Encrypt(s.UDPKey(), respPacket)
-			if err != nil {
-				s.log.Printf("encrypt udp data fail from %s", dstAddr.String())
-				conn.Close()
-				return
-			}
-			s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			s.udpSC.UDPListener.WriteToUDP(d, srcAddr)
-			s.udpSC.UDPListener.SetDeadline(time.Time{})
-			d = nil
-		} else {
-			s.udpSC.UDPListener.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			s.udpSC.UDPListener.WriteToUDP(respPacket, srcAddr)
-			s.udpSC.UDPListener.SetDeadline(time.Time{})
-		}
-		s.log.Printf("udp reply:%v", len(respPacket))
-	}
-
-}
-func (s *Socks) socksConnCallback(inConn net.Conn) {
-	defer func() {
-		if err := recover(); err != nil {
-			s.log.Printf("socks conn handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
-			inConn.Close()
-		}
-	}()
-	if *s.cfg.LocalCompress {
-		inConn = utils.NewCompConn(inConn)
-	}
-	if *s.cfg.LocalKey != "" {
-		inConn = conncrypt.New(inConn, &conncrypt.Config{
-			Password: *s.cfg.LocalKey,
-		})
-	}
-	//协商开始
-
-	//method select request
-	inConn.SetReadDeadline(time.Now().Add(time.Second * 3))
-	methodReq, err := socks.NewMethodsRequest(inConn)
-	inConn.SetReadDeadline(time.Time{})
-	if err != nil {
-		methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
-		utils.CloseConn(&inConn)
-		s.log.Printf("new methods request fail,ERR: %s", err)
-		return
-	}
-
-	if !s.IsBasicAuth() {
-		if !methodReq.Select(socks.Method_NO_AUTH) {
-			methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
-			utils.CloseConn(&inConn)
-			s.log.Printf("none method found : Method_NO_AUTH")
-			return
-		}
-		//method select reply
-		err = methodReq.Reply(socks.Method_NO_AUTH)
-		if err != nil {
-			s.log.Printf("reply answer data fail,ERR: %s", err)
-			utils.CloseConn(&inConn)
-			return
-		}
-		// s.log.Printf("% x", methodReq.Bytes())
-	} else {
-		//auth
-		if !methodReq.Select(socks.Method_USER_PASS) {
-			methodReq.Reply(socks.Method_NONE_ACCEPTABLE)
-			utils.CloseConn(&inConn)
-			s.log.Printf("none method found : Method_USER_PASS")
-			return
-		}
-		//method reply need auth
-		err = methodReq.Reply(socks.Method_USER_PASS)
-		if err != nil {
-			s.log.Printf("reply answer data fail,ERR: %s", err)
-			utils.CloseConn(&inConn)
-			return
-		}
-		//read auth
-		buf := make([]byte, 500)
-		inConn.SetReadDeadline(time.Now().Add(time.Second * 3))
-		n, err := inConn.Read(buf)
-		inConn.SetReadDeadline(time.Time{})
-		if err != nil {
-			utils.CloseConn(&inConn)
-			return
-		}
-		r := buf[:n]
-		user := string(r[2 : r[1]+2])
-		pass := string(r[2+r[1]+1:])
-		//s.log.Printf("user:%s,pass:%s", user, pass)
-		//auth
-		_addr := strings.Split(inConn.RemoteAddr().String(), ":")
-		if s.basicAuth.CheckUserPass(user, pass, _addr[0], "") {
-			inConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			inConn.Write([]byte{0x01, 0x00})
-			inConn.SetDeadline(time.Time{})
-
-		} else {
-			inConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			inConn.Write([]byte{0x01, 0x01})
-			inConn.SetDeadline(time.Time{})
-
-			utils.CloseConn(&inConn)
-			return
-		}
-	}
-
-	//request detail
-	request, err := socks.NewRequest(inConn)
-	if err != nil {
-		s.log.Printf("read request data fail,ERR: %s", err)
-		utils.CloseConn(&inConn)
-		return
-	}
-	//协商结束
-
-	switch request.CMD() {
-	case socks.CMD_BIND:
-		//bind 不支持
-		request.TCPReply(socks.REP_UNKNOWN)
-		utils.CloseConn(&inConn)
-		return
-	case socks.CMD_CONNECT:
-		//tcp
-		s.proxyTCP(&inConn, methodReq, request)
-	case socks.CMD_ASSOCIATE:
-		//udp
-		s.proxyUDP(&inConn, methodReq, request)
-	}
-
-}
-func (s *Socks) proxyUDP(inConn *net.Conn, methodReq socks.MethodsRequest, request socks.Request) {
-	if *s.cfg.ParentType == "ssh" {
-		utils.CloseConn(inConn)
-		return
-	}
-	host, _, _ := net.SplitHostPort((*inConn).LocalAddr().String())
-	_, port, _ := net.SplitHostPort(s.udpSC.UDPListener.LocalAddr().String())
-	s.log.Printf("proxy udp on %s", net.JoinHostPort(host, port))
-	request.UDPReply(socks.REP_SUCCESS, net.JoinHostPort(host, port))
-}
-func (s *Socks) proxyTCP(inConn *net.Conn, methodReq socks.MethodsRequest, request socks.Request) {
-	var outConn net.Conn
-	var err interface{}
-	useProxy := true
-	tryCount := 0
-	maxTryCount := 5
-	//防止死循环
-	if s.IsDeadLoop((*inConn).LocalAddr().String(), request.Host()) {
-		utils.CloseConn(inConn)
-		s.log.Printf("dead loop detected , %s", request.Host())
-		utils.CloseConn(inConn)
-		return
-	}
-	for {
-		if s.isStop {
-			return
-		}
-		if *s.cfg.Always {
-			outConn, err = s.getOutConn(methodReq.Bytes(), request.Bytes(), request.Addr())
-		} else {
-			if *s.cfg.Parent != "" {
-				host, _, _ := net.SplitHostPort(request.Addr())
-				useProxy := false
-				if utils.IsIternalIP(host) {
-					useProxy = false
-				} else {
-					k := s.Resolve(request.Addr())
-					s.checker.Add(k)
-					useProxy, _, _ = s.checker.IsBlocked(k)
-				}
-				if useProxy {
-					outConn, err = s.getOutConn(methodReq.Bytes(), request.Bytes(), request.Addr())
-				} else {
-					outConn, err = utils.ConnectHost(s.Resolve(request.Addr()), *s.cfg.Timeout)
-				}
-			} else {
-				outConn, err = utils.ConnectHost(s.Resolve(request.Addr()), *s.cfg.Timeout)
-				useProxy = false
-			}
-		}
-		tryCount++
-		if err == nil || tryCount > maxTryCount || *s.cfg.Parent == "" {
-			break
-		} else {
-			s.log.Printf("get out conn fail,%s,retrying...", err)
-			time.Sleep(time.Second * 2)
-		}
-	}
-	if err != nil {
-		s.log.Printf("get out conn fail,%s", err)
-		request.TCPReply(socks.REP_NETWOR_UNREACHABLE)
-		return
-	}
-
-	s.log.Printf("use proxy %v : %s", useProxy, request.Addr())
-
-	request.TCPReply(socks.REP_SUCCESS)
-	inAddr := (*inConn).RemoteAddr().String()
-	//inLocalAddr := (*inConn).LocalAddr().String()
-
-	s.log.Printf("conn %s - %s connected", inAddr, request.Addr())
-	utils.IoBind(*inConn, outConn, func(err interface{}) {
-		s.log.Printf("conn %s - %s released", inAddr, request.Addr())
-	}, s.log)
-	if c, ok := s.userConns.Get(inAddr); ok {
-		(*c.(*net.Conn)).Close()
-		s.userConns.Remove(inAddr)
-	}
-	s.userConns.Set(inAddr, inConn)
-}
-func (s *Socks) getOutConn(methodBytes, reqBytes []byte, host string) (outConn net.Conn, err interface{}) {
-	switch *s.cfg.ParentType {
-	case "kcp":
-		fallthrough
-	case "tls":
-		fallthrough
-	case "tcp":
-		if *s.cfg.ParentType == "tls" {
-			var _outConn tls.Conn
-			_outConn, err = utils.TlsConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
-			outConn = net.Conn(&_outConn)
-		} else if *s.cfg.ParentType == "kcp" {
-			outConn, err = utils.ConnectKCPHost(s.Resolve(*s.cfg.Parent), s.cfg.KCP)
-		} else {
-			outConn, err = utils.ConnectHost(s.Resolve(*s.cfg.Parent), *s.cfg.Timeout)
-		}
-		if err != nil {
-			err = fmt.Errorf("connect fail,%s", err)
-			return
-		}
-		if *s.cfg.ParentCompress {
-			outConn = utils.NewCompConn(outConn)
-		}
-		if *s.cfg.ParentKey != "" {
-			outConn = conncrypt.New(outConn, &conncrypt.Config{
-				Password: *s.cfg.ParentKey,
-			})
-		}
-		var buf = make([]byte, 1024)
-		//var n int
-		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = outConn.Write(methodBytes)
-		outConn.SetDeadline(time.Time{})
-		if err != nil {
-			err = fmt.Errorf("write method fail,%s", err)
-			return
-		}
-		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = outConn.Read(buf)
-		outConn.SetDeadline(time.Time{})
-		if err != nil {
-			err = fmt.Errorf("read method reply fail,%s", err)
-			return
-		}
-		//resp := buf[:n]
-		//s.log.Printf("resp:%v", resp)
-		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = outConn.Write(reqBytes)
-		outConn.SetDeadline(time.Time{})
-		if err != nil {
-			err = fmt.Errorf("write req detail fail,%s", err)
-			return
-		}
-		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = outConn.Read(buf)
-		outConn.SetDeadline(time.Time{})
-		if err != nil {
-			err = fmt.Errorf("read req reply fail,%s", err)
-			return
-		}
-		//result := buf[:n]
-		//s.log.Printf("result:%v", result)
-
-	case "ssh":
-		maxTryCount := 1
-		tryCount := 0
-	RETRY:
-		if tryCount >= maxTryCount || s.isStop {
-			return
-		}
-		wait := make(chan bool, 1)
-		go func() {
-			defer func() {
-				if err == nil {
-					err = recover()
-				}
-				wait <- true
-			}()
-			outConn, err = s.sshClient.Dial("tcp", host)
-		}()
-		select {
-		case <-wait:
-		case <-time.After(time.Millisecond * time.Duration(*s.cfg.Timeout) * 2):
-			err = fmt.Errorf("ssh dial %s timeout", host)
-			s.sshClient.Close()
-		}
-		if err != nil {
-			s.log.Printf("connect ssh fail, ERR: %s, retrying...", err)
-			e := s.ConnectSSH()
-			if e == nil {
-				tryCount++
-				time.Sleep(time.Second * 3)
-				goto RETRY
-			} else {
-				err = e
-			}
-		}
-	}
-
-	return
-}
-func (s *Socks) ConnectSSH() (err error) {
-	select {
-	case s.lockChn <- true:
-	default:
-		err = fmt.Errorf("can not connect at same time")
-		return
-	}
-	config := ssh.ClientConfig{
-		Timeout: time.Duration(*s.cfg.Timeout) * time.Millisecond,
-		User:    *s.cfg.SSHUser,
-		Auth:    []ssh.AuthMethod{s.cfg.SSHAuthMethod},
-		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
-			return nil
-		},
-	}
-	if s.sshClient != nil {
-		s.sshClient.Close()
-	}
-	s.sshClient, err = ssh.Dial("tcp", s.Resolve(*s.cfg.Parent), &config)
-	<-s.lockChn
-	return
-}
-func (s *Socks) InitBasicAuth() (err error) {
-	if *s.cfg.DNSAddress != "" {
-		s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
-	} else {
-		s.basicAuth = utils.NewBasicAuth(nil, s.log)
-	}
-	if *s.cfg.AuthURL != "" {
-		s.basicAuth.SetAuthURL(*s.cfg.AuthURL, *s.cfg.AuthURLOkCode, *s.cfg.AuthURLTimeout, *s.cfg.AuthURLRetry)
-		s.log.Printf("auth from %s", *s.cfg.AuthURL)
-	}
-	if *s.cfg.AuthFile != "" {
-		var n = 0
-		n, err = s.basicAuth.AddFromFile(*s.cfg.AuthFile)
-		if err != nil {
-			err = fmt.Errorf("auth-file ERR:%s", err)
-			return
-		}
-		s.log.Printf("auth data added from file %d , total:%d", n, s.basicAuth.Total())
-	}
-	if len(*s.cfg.Auth) > 0 {
-		n := s.basicAuth.Add(*s.cfg.Auth)
-		s.log.Printf("auth data added %d, total:%d", n, s.basicAuth.Total())
-	}
-	return
-}
-func (s *Socks) IsBasicAuth() bool {
-	return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
-}
-func (s *Socks) IsDeadLoop(inLocalAddr string, host string) bool {
-	inIP, inPort, err := net.SplitHostPort(inLocalAddr)
-	if err != nil {
-		return false
-	}
-	outDomain, outPort, err := net.SplitHostPort(host)
-	if err != nil {
-		return false
-	}
-	if inPort == outPort {
-		var outIPs []net.IP
-		if *s.cfg.DNSAddress != "" {
-			outIPs = []net.IP{net.ParseIP(s.Resolve(outDomain))}
-		} else {
-			outIPs, err = net.LookupIP(outDomain)
-		}
-		if err == nil {
-			for _, ip := range outIPs {
-				if ip.String() == inIP {
-					return true
-				}
-			}
-		}
-		interfaceIPs, err := utils.GetAllInterfaceAddr()
-		for _, ip := range *s.cfg.LocalIPS {
-			interfaceIPs = append(interfaceIPs, net.ParseIP(ip).To4())
-		}
-		if err == nil {
-			for _, localIP := range interfaceIPs {
-				for _, outIP := range outIPs {
-					if localIP.Equal(outIP) {
-						return true
-					}
-				}
-			}
-		}
-	}
-	return false
-}
-func (s *Socks) Resolve(address string) string {
-	if *s.cfg.DNSAddress == "" {
-		return address
-	}
-	ip, err := s.domainResolver.Resolve(address)
-	if err != nil {
-		s.log.Printf("dns error %s , ERR:%s", address, err)
-	}
-	return ip
-}

services/socks/socks.go

@@ -0,0 +1,683 @@
+package socks
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io"
+	"io/ioutil"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"time"
+
+	server "github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/conncrypt"
+	"github.com/snail007/goproxy/utils/datasize"
+	"github.com/snail007/goproxy/utils/dnsx"
+	"github.com/snail007/goproxy/utils/iolimiter"
+	"github.com/snail007/goproxy/utils/lb"
+	"github.com/snail007/goproxy/utils/mapx"
+	"github.com/snail007/goproxy/utils/socks"
+
+	"golang.org/x/crypto/ssh"
+)
+
+type SocksArgs struct {
+	Parent                *[]string
+	ParentType            *string
+	Local                 *string
+	LocalType             *string
+	CertFile              *string
+	KeyFile               *string
+	CaCertFile            *string
+	CaCertBytes           []byte
+	CertBytes             []byte
+	KeyBytes              []byte
+	SSHKeyFile            *string
+	SSHKeyFileSalt        *string
+	SSHPassword           *string
+	SSHUser               *string
+	SSHKeyBytes           []byte
+	SSHAuthMethod         ssh.AuthMethod
+	Timeout               *int
+	Always                *bool
+	Interval              *int
+	Blocked               *string
+	Direct                *string
+	ParentAuth            *string
+	AuthFile              *string
+	Auth                  *[]string
+	AuthURL               *string
+	AuthURLOkCode         *int
+	AuthURLTimeout        *int
+	AuthURLRetry          *int
+	KCP                   kcpcfg.KCPConfigArgs
+	LocalIPS              *[]string
+	DNSAddress            *string
+	DNSTTL                *int
+	LocalKey              *string
+	ParentKey             *string
+	LocalCompress         *bool
+	ParentCompress        *bool
+	Intelligent           *string
+	LoadBalanceMethod     *string
+	LoadBalanceTimeout    *int
+	LoadBalanceRetryTime  *int
+	LoadBalanceHashTarget *bool
+	LoadBalanceOnlyHA     *bool
+
+	RateLimit      *string
+	RateLimitBytes float64
+	BindListen     *bool
+	Debug          *bool
+}
+type Socks struct {
+	cfg                   SocksArgs
+	checker               utils.Checker
+	basicAuth             utils.BasicAuth
+	sshClient             *ssh.Client
+	lockChn               chan bool
+	udpSC                 server.ServerChannel
+	sc                    *server.ServerChannel
+	domainResolver        dnsx.DomainResolver
+	isStop                bool
+	userConns             mapx.ConcurrentMap
+	log                   *logger.Logger
+	lb                    *lb.Group
+	udpRelatedPacketConns mapx.ConcurrentMap
+	udpLocalKey           []byte
+	udpParentKey          []byte
+}
+
+func NewSocks() services.Service {
+	return &Socks{
+		cfg:                   SocksArgs{},
+		checker:               utils.Checker{},
+		basicAuth:             utils.BasicAuth{},
+		lockChn:               make(chan bool, 1),
+		isStop:                false,
+		userConns:             mapx.NewConcurrentMap(),
+		udpRelatedPacketConns: mapx.NewConcurrentMap(),
+	}
+}
+
+func (s *Socks) CheckArgs() (err error) {
+
+	if *s.cfg.LocalType == "tls" || (len(*s.cfg.Parent) > 0 && *s.cfg.ParentType == "tls") {
+		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+		if err != nil {
+			return
+		}
+		if *s.cfg.CaCertFile != "" {
+			s.cfg.CaCertBytes, err = ioutil.ReadFile(*s.cfg.CaCertFile)
+			if err != nil {
+				err = fmt.Errorf("read ca file error,ERR:%s", err)
+				return
+			}
+		}
+	}
+
+	if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+		(*s.cfg.Parent) = []string{}
+	}
+
+	if len(*s.cfg.Parent) > 0 {
+		if *s.cfg.ParentType == "" {
+			err = fmt.Errorf("parent type unkown,use -T <tls|tcp|ssh|kcp>")
+			return
+		}
+		if *s.cfg.ParentType == "ssh" {
+			if *s.cfg.SSHUser == "" {
+				err = fmt.Errorf("ssh user required")
+				return
+			}
+			if *s.cfg.SSHKeyFile == "" && *s.cfg.SSHPassword == "" {
+				err = fmt.Errorf("ssh password or key required")
+				return
+			}
+			if *s.cfg.SSHPassword != "" {
+				s.cfg.SSHAuthMethod = ssh.Password(*s.cfg.SSHPassword)
+			} else {
+				var SSHSigner ssh.Signer
+				s.cfg.SSHKeyBytes, err = ioutil.ReadFile(*s.cfg.SSHKeyFile)
+				if err != nil {
+					err = fmt.Errorf("read key file ERR: %s", err)
+					return
+				}
+				if *s.cfg.SSHKeyFileSalt != "" {
+					SSHSigner, err = ssh.ParsePrivateKeyWithPassphrase(s.cfg.SSHKeyBytes, []byte(*s.cfg.SSHKeyFileSalt))
+				} else {
+					SSHSigner, err = ssh.ParsePrivateKey(s.cfg.SSHKeyBytes)
+				}
+				if err != nil {
+					err = fmt.Errorf("parse ssh private key fail,ERR: %s", err)
+					return
+				}
+				s.cfg.SSHAuthMethod = ssh.PublicKeys(SSHSigner)
+			}
+		}
+	}
+	if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+		var size uint64
+		size, err = datasize.Parse(*s.cfg.RateLimit)
+		if err != nil {
+			err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+			return
+		}
+		s.cfg.RateLimitBytes = float64(size)
+	}
+	s.udpLocalKey = s.LocalUDPKey()
+	s.udpParentKey = s.ParentUDPKey()
+	return
+}
+func (s *Socks) InitService() (err error) {
+	s.InitBasicAuth()
+	if *s.cfg.DNSAddress != "" {
+		(*s).domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+	}
+	if len(*s.cfg.Parent) > 0 {
+		s.checker = utils.NewChecker(*s.cfg.Timeout, int64(*s.cfg.Interval), *s.cfg.Blocked, *s.cfg.Direct, s.log, *s.cfg.Intelligent)
+		s.InitLB()
+	}
+	if *s.cfg.ParentType == "ssh" {
+		e := s.ConnectSSH(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)))
+		if e != nil {
+			err = fmt.Errorf("init service fail, ERR: %s", e)
+			return
+		}
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+				}
+			}()
+			//循环检查ssh网络连通性
+			for {
+				if s.isStop {
+					return
+				}
+				conn, err := utils.ConnectHost(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)), *s.cfg.Timeout*2)
+				if err == nil {
+					conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+					_, err = conn.Write([]byte{0})
+					conn.SetDeadline(time.Time{})
+				}
+				if err != nil {
+					if s.sshClient != nil {
+						s.sshClient.Close()
+					}
+					s.log.Printf("ssh offline, retrying...")
+					s.ConnectSSH(s.Resolve(s.lb.Select("", *s.cfg.LoadBalanceOnlyHA)))
+				} else {
+					conn.Close()
+				}
+				time.Sleep(time.Second * 3)
+			}
+		}()
+	}
+	if *s.cfg.ParentType == "ssh" {
+		s.log.Printf("warn: socks udp not suppored for ssh")
+	}
+	return
+}
+func (s *Socks) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop socks service crashed,%s", e)
+		} else {
+			s.log.Printf("service socks stopped")
+		}
+		s.basicAuth = utils.BasicAuth{}
+		s.cfg = SocksArgs{}
+		s.checker = utils.Checker{}
+		s.domainResolver = dnsx.DomainResolver{}
+		s.lb = nil
+		s.lockChn = nil
+		s.log = nil
+		s.sc = nil
+		s.sshClient = nil
+		s.udpLocalKey = nil
+		s.udpParentKey = nil
+		s.udpRelatedPacketConns = nil
+		s.udpSC = server.ServerChannel{}
+		s.userConns = nil
+		s = nil
+	}()
+	s.isStop = true
+	if len(*s.cfg.Parent) > 0 {
+		s.checker.Stop()
+	}
+	if s.sshClient != nil {
+		s.sshClient.Close()
+	}
+	if s.udpSC.UDPListener != nil {
+		s.udpSC.UDPListener.Close()
+	}
+	if s.sc != nil && (*s.sc).Listener != nil {
+		(*(*s.sc).Listener).Close()
+	}
+	for _, c := range s.userConns.Items() {
+		(*c.(*net.Conn)).Close()
+	}
+	if s.lb != nil {
+		s.lb.Stop()
+	}
+	for _, c := range s.udpRelatedPacketConns.Items() {
+		(*c.(*net.UDPConn)).Close()
+	}
+}
+func (s *Socks) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	//start()
+	s.cfg = args.(SocksArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		s.InitService()
+	}
+	if len(*s.cfg.Parent) > 0 {
+		s.log.Printf("use %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
+	}
+	sc := server.NewServerChannelHost(*s.cfg.Local, s.log)
+	if *s.cfg.LocalType == "tcp" {
+		err = sc.ListenTCP(s.socksConnCallback)
+	} else if *s.cfg.LocalType == "tls" {
+		err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.socksConnCallback)
+	} else if *s.cfg.LocalType == "kcp" {
+		err = sc.ListenKCP(s.cfg.KCP, s.socksConnCallback, s.log)
+	}
+	if err != nil {
+		return
+	}
+	s.sc = &sc
+	s.log.Printf("%s socks proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
+	return
+}
+func (s *Socks) Clean() {
+	s.StopService()
+}
+
+func (s *Socks) socksConnCallback(inConn net.Conn) {
+	defer func() {
+		if err := recover(); err != nil {
+			s.log.Printf("socks conn handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
+			inConn.Close()
+		}
+	}()
+	if *s.cfg.LocalCompress {
+		inConn = utils.NewCompConn(inConn)
+	}
+	if *s.cfg.LocalKey != "" {
+		inConn = conncrypt.New(inConn, &conncrypt.Config{
+			Password: *s.cfg.LocalKey,
+		})
+	}
+
+	//socks5 server
+	var serverConn *socks.ServerConn
+	udpIP, _, _ := net.SplitHostPort(inConn.LocalAddr().String())
+	if s.IsBasicAuth() {
+		serverConn = socks.NewServerConn(&inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), &s.basicAuth, true, udpIP, nil)
+	} else {
+		serverConn = socks.NewServerConn(&inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, true, udpIP, nil)
+	}
+	if err := serverConn.Handshake(); err != nil {
+		if !strings.HasSuffix(err.Error(), "EOF") {
+			s.log.Printf("handshake fail, ERR: %s", err)
+		}
+		inConn.Close()
+		return
+	}
+	if serverConn.IsUDP() {
+		s.proxyUDP(&inConn, serverConn)
+	} else if serverConn.IsTCP() {
+		s.proxyTCP(&inConn, serverConn)
+	}
+}
+
+func (s *Socks) proxyTCP(inConn *net.Conn, serverConn *socks.ServerConn) {
+	var outConn net.Conn
+	var err interface{}
+	lbAddr := ""
+	useProxy := true
+	tryCount := 0
+	maxTryCount := 5
+	//防止死循环
+	if s.IsDeadLoop((*inConn).LocalAddr().String(), serverConn.Host()) {
+		utils.CloseConn(inConn)
+		s.log.Printf("dead loop detected , %s", serverConn.Host())
+		utils.CloseConn(inConn)
+		return
+	}
+	for {
+		if s.isStop {
+			return
+		}
+
+		if *s.cfg.Always {
+			selectAddr := (*inConn).RemoteAddr().String()
+			if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+				selectAddr = serverConn.Target()
+			}
+			lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+			//lbAddr = s.lb.Select((*inConn).RemoteAddr().String())
+			outConn, err = s.GetParentConn(lbAddr, serverConn)
+			if err != nil {
+				s.log.Printf("connect to parent fail, %s", err)
+				return
+			}
+			//handshake
+			//socks client
+			_, err = s.HandshakeSocksParent(&outConn, "tcp", serverConn.Target(), serverConn.AuthData(), false)
+			if err != nil {
+				if err != io.EOF {
+					s.log.Printf("handshake fail, %s", err)
+				}
+				return
+			}
+		} else {
+			if len(*s.cfg.Parent) > 0 {
+				host, _, _ := net.SplitHostPort(serverConn.Target())
+				useProxy := false
+				if utils.IsInternalIP(host, *s.cfg.Always) {
+					useProxy = false
+				} else {
+					var isInMap bool
+					useProxy, isInMap, _, _ = s.checker.IsBlocked(serverConn.Target())
+					if !isInMap {
+						s.checker.Add(serverConn.Target(), s.Resolve(serverConn.Target()))
+					}
+				}
+				if useProxy {
+					selectAddr := (*inConn).RemoteAddr().String()
+					if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+						selectAddr = serverConn.Target()
+					}
+					lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+					//lbAddr = s.lb.Select((*inConn).RemoteAddr().String())
+					outConn, err = s.GetParentConn(lbAddr, serverConn)
+					if err != nil {
+						s.log.Printf("connect to parent fail, %s", err)
+						return
+					}
+					//handshake
+					//socks client
+					_, err = s.HandshakeSocksParent(&outConn, "tcp", serverConn.Target(), serverConn.AuthData(), false)
+					if err != nil {
+						s.log.Printf("handshake fail, %s", err)
+						return
+					}
+				} else {
+					outConn, err = s.GetDirectConn(s.Resolve(serverConn.Target()), (*inConn).LocalAddr().String())
+				}
+			} else {
+				outConn, err = s.GetDirectConn(s.Resolve(serverConn.Target()), (*inConn).LocalAddr().String())
+				useProxy = false
+			}
+		}
+		tryCount++
+		if err == nil || tryCount > maxTryCount || len(*s.cfg.Parent) == 0 {
+			break
+		} else {
+			s.log.Printf("get out conn fail,%s,retrying...", err)
+			time.Sleep(time.Second * 2)
+		}
+	}
+	if err != nil {
+		s.log.Printf("get out conn fail,%s", err)
+		return
+	}
+
+	s.log.Printf("use proxy %v : %s", useProxy, serverConn.Target())
+
+	inAddr := (*inConn).RemoteAddr().String()
+	//outRemoteAddr := outConn.RemoteAddr().String()
+	//inLocalAddr := (*inConn).LocalAddr().String()
+
+	if s.cfg.RateLimitBytes > 0 {
+		outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+	}
+
+	utils.IoBind(*inConn, outConn, func(err interface{}) {
+		s.log.Printf("conn %s - %s released", inAddr, serverConn.Target())
+		s.userConns.Remove(inAddr)
+		if len(*s.cfg.Parent) > 0 {
+			s.lb.DecreaseConns(lbAddr)
+		}
+	}, s.log)
+	if c, ok := s.userConns.Get(inAddr); ok {
+		(*c.(*net.Conn)).Close()
+		s.userConns.Remove(inAddr)
+	}
+	s.userConns.Set(inAddr, inConn)
+	if len(*s.cfg.Parent) > 0 {
+		s.lb.IncreasConns(lbAddr)
+	}
+	s.log.Printf("conn %s - %s connected", inAddr, serverConn.Target())
+}
+func (s *Socks) GetParentConn(parentAddress string, serverConn *socks.ServerConn) (outConn net.Conn, err interface{}) {
+	switch *s.cfg.ParentType {
+	case "kcp", "tls", "tcp":
+		if *s.cfg.ParentType == "tls" {
+			var _conn tls.Conn
+			_conn, err = utils.TlsConnectHost(parentAddress, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+			if err == nil {
+				outConn = net.Conn(&_conn)
+			}
+		} else if *s.cfg.ParentType == "kcp" {
+			outConn, err = utils.ConnectKCPHost(parentAddress, s.cfg.KCP)
+		} else {
+			outConn, err = utils.ConnectHost(parentAddress, *s.cfg.Timeout)
+		}
+		if err != nil {
+			err = fmt.Errorf("connect fail,%s", err)
+			return
+		}
+		if *s.cfg.ParentCompress {
+			outConn = utils.NewCompConn(outConn)
+		}
+		if *s.cfg.ParentKey != "" {
+			outConn = conncrypt.New(outConn, &conncrypt.Config{
+				Password: *s.cfg.ParentKey,
+			})
+		}
+	case "ssh":
+		maxTryCount := 1
+		tryCount := 0
+	RETRY:
+		if tryCount >= maxTryCount || s.isStop {
+			return
+		}
+		wait := make(chan bool, 1)
+		go func() {
+			defer func() {
+				if err == nil {
+					err = recover()
+				}
+				wait <- true
+			}()
+			outConn, err = s.sshClient.Dial("tcp", serverConn.Target())
+		}()
+		select {
+		case <-wait:
+		case <-time.After(time.Millisecond * time.Duration(*s.cfg.Timeout) * 2):
+			err = fmt.Errorf("ssh dial %s timeout", serverConn.Target())
+			s.sshClient.Close()
+		}
+		if err != nil {
+			s.log.Printf("connect ssh fail, ERR: %s, retrying...", err)
+			e := s.ConnectSSH(parentAddress)
+			if e == nil {
+				tryCount++
+				time.Sleep(time.Second * 3)
+				goto RETRY
+			} else {
+				err = e
+			}
+		}
+	}
+
+	return
+}
+func (s *Socks) ConnectSSH(lbAddr string) (err error) {
+	select {
+	case s.lockChn <- true:
+	default:
+		err = fmt.Errorf("can not connect at same time")
+		return
+	}
+	config := ssh.ClientConfig{
+		Timeout: time.Duration(*s.cfg.Timeout) * time.Millisecond,
+		User:    *s.cfg.SSHUser,
+		Auth:    []ssh.AuthMethod{s.cfg.SSHAuthMethod},
+		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+			return nil
+		},
+	}
+	if s.sshClient != nil {
+		s.sshClient.Close()
+	}
+	s.sshClient, err = ssh.Dial("tcp", s.Resolve(lbAddr), &config)
+	<-s.lockChn
+	return
+}
+func (s *Socks) InitBasicAuth() (err error) {
+	if *s.cfg.DNSAddress != "" {
+		s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
+	} else {
+		s.basicAuth = utils.NewBasicAuth(nil, s.log)
+	}
+	if *s.cfg.AuthURL != "" {
+		s.basicAuth.SetAuthURL(*s.cfg.AuthURL, *s.cfg.AuthURLOkCode, *s.cfg.AuthURLTimeout, *s.cfg.AuthURLRetry)
+		s.log.Printf("auth from %s", *s.cfg.AuthURL)
+	}
+	if *s.cfg.AuthFile != "" {
+		var n = 0
+		n, err = s.basicAuth.AddFromFile(*s.cfg.AuthFile)
+		if err != nil {
+			err = fmt.Errorf("auth-file ERR:%s", err)
+			return
+		}
+		s.log.Printf("auth data added from file %d , total:%d", n, s.basicAuth.Total())
+	}
+	if len(*s.cfg.Auth) > 0 {
+		n := s.basicAuth.Add(*s.cfg.Auth)
+		s.log.Printf("auth data added %d, total:%d", n, s.basicAuth.Total())
+	}
+	return
+}
+func (s *Socks) InitLB() {
+	configs := lb.BackendsConfig{}
+	for _, addr := range *s.cfg.Parent {
+		_addrInfo := strings.Split(addr, "@")
+		_addr := _addrInfo[0]
+		weight := 1
+		if len(_addrInfo) == 2 {
+			weight, _ = strconv.Atoi(_addrInfo[1])
+		}
+		configs = append(configs, &lb.BackendConfig{
+			Address:       _addr,
+			Weight:        weight,
+			ActiveAfter:   1,
+			InactiveAfter: 2,
+			Timeout:       time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+			RetryTime:     time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+		})
+	}
+	LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+	s.lb = &LB
+}
+func (s *Socks) IsBasicAuth() bool {
+	return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
+}
+func (s *Socks) IsDeadLoop(inLocalAddr string, host string) bool {
+	inIP, inPort, err := net.SplitHostPort(inLocalAddr)
+	if err != nil {
+		return false
+	}
+	outDomain, outPort, err := net.SplitHostPort(host)
+	if err != nil {
+		return false
+	}
+	if inPort == outPort {
+		var outIPs []net.IP
+		if *s.cfg.DNSAddress != "" {
+			outIPs = []net.IP{net.ParseIP(s.Resolve(outDomain))}
+		} else {
+			outIPs, err = utils.LookupIP(outDomain)
+		}
+		if err == nil {
+			for _, ip := range outIPs {
+				if ip.String() == inIP {
+					return true
+				}
+			}
+		}
+		interfaceIPs, err := utils.GetAllInterfaceAddr()
+		for _, ip := range *s.cfg.LocalIPS {
+			interfaceIPs = append(interfaceIPs, net.ParseIP(ip).To4())
+		}
+		if err == nil {
+			for _, localIP := range interfaceIPs {
+				for _, outIP := range outIPs {
+					if localIP.Equal(outIP) {
+						return true
+					}
+				}
+			}
+		}
+	}
+	return false
+}
+func (s *Socks) Resolve(address string) string {
+	if *s.cfg.DNSAddress == "" {
+		return address
+	}
+	ip, err := s.domainResolver.Resolve(address)
+	if err != nil {
+		s.log.Printf("dns error %s , ERR:%s", address, err)
+		return address
+	}
+	return ip
+}
+func (s *Socks) GetDirectConn(address string, localAddr string) (conn net.Conn, err error) {
+	if !*s.cfg.BindListen {
+		return utils.ConnectHost(address, *s.cfg.Timeout)
+	}
+	ip, _, _ := net.SplitHostPort(localAddr)
+	if utils.IsInternalIP(ip, false) {
+		return utils.ConnectHost(address, *s.cfg.Timeout)
+	}
+	local, _ := net.ResolveTCPAddr("tcp", ip+":0")
+	d := net.Dialer{
+		Timeout:   time.Millisecond * time.Duration(*s.cfg.Timeout),
+		LocalAddr: local,
+	}
+	conn, err = d.Dial("tcp", address)
+	return
+}
+func (s *Socks) HandshakeSocksParent(outconn *net.Conn, network, dstAddr string, auth socks.Auth, fromSS bool) (client *socks.ClientConn, err error) {
+	if *s.cfg.ParentAuth != "" {
+		a := strings.Split(*s.cfg.ParentAuth, ":")
+		if len(a) != 2 {
+			err = fmt.Errorf("parent auth data format error")
+			return
+		}
+		client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
+	} else {
+		if !fromSS && !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
+			client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
+		} else {
+			client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
+		}
+	}
+	err = client.Handshake()
+	return
+}

services/socks/udp.go

@@ -0,0 +1,315 @@
+package socks
+
+import (
+	"crypto/md5"
+	"fmt"
+	"net"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/utils"
+	goaes "github.com/snail007/goproxy/utils/aes"
+	"github.com/snail007/goproxy/utils/socks"
+)
+
+func (s *Socks) ParentUDPKey() (key []byte) {
+	switch *s.cfg.ParentType {
+	case "tcp":
+		if *s.cfg.ParentKey != "" {
+			v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.ParentKey)))
+			return []byte(v)[:24]
+		}
+	case "tls":
+		return s.cfg.KeyBytes[:24]
+	case "kcp":
+		v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+		return []byte(v)[:24]
+	}
+	return
+}
+func (s *Socks) LocalUDPKey() (key []byte) {
+	switch *s.cfg.LocalType {
+	case "tcp":
+		if *s.cfg.LocalKey != "" {
+			v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.LocalKey)))
+			return []byte(v)[:24]
+		}
+	case "tls":
+		return s.cfg.KeyBytes[:24]
+	case "kcp":
+		v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+		return []byte(v)[:24]
+	}
+	return
+}
+func (s *Socks) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
+	defer func() {
+		if e := recover(); e != nil {
+			s.log.Printf("udp local->out io copy crashed:\n%s\n%s", e, string(debug.Stack()))
+		}
+	}()
+	if *s.cfg.ParentType == "ssh" {
+		utils.CloseConn(inConn)
+		return
+	}
+	inconnRemoteAddr := (*inConn).RemoteAddr().String()
+	localAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+	udpListener := serverConn.UDPConnListener
+	srcIP, _, _ := net.SplitHostPort((*inConn).RemoteAddr().String())
+	s.log.Printf("proxy udp on %s , for %s", udpListener.LocalAddr(), inconnRemoteAddr)
+
+	s.userConns.Set(inconnRemoteAddr, inConn)
+	var (
+		outUDPConn       *net.UDPConn
+		outconn          net.Conn
+		outconnLocalAddr string
+		isClosedErr      = func(err error) bool {
+			return err != nil && strings.Contains(err.Error(), "use of closed network connection")
+		}
+		destAddr *net.UDPAddr
+	)
+	var clean = func(msg, err string) {
+		raddr := ""
+		if outUDPConn != nil {
+			raddr = outUDPConn.RemoteAddr().String()
+			outUDPConn.Close()
+		}
+		if msg != "" {
+			if raddr != "" {
+				s.log.Printf("%s , %s , %s -> %s", msg, err, inconnRemoteAddr, raddr)
+			} else {
+				s.log.Printf("%s , %s , from : %s", msg, err, inconnRemoteAddr)
+			}
+		}
+		(*inConn).Close()
+		udpListener.Close()
+		s.userConns.Remove(inconnRemoteAddr)
+		if outconn != nil {
+			outconn.Close()
+		}
+		if outconnLocalAddr != "" {
+			s.userConns.Remove(outconnLocalAddr)
+		}
+	}
+	defer clean("", "")
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp related client tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		buf := make([]byte, 1)
+		(*inConn).SetReadDeadline(time.Time{})
+		if _, err := (*inConn).Read(buf); err != nil {
+			clean("udp related tcp conn disconnected with read", err.Error())
+		}
+	}()
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp related client tcp conn write crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		for {
+			(*inConn).SetWriteDeadline(time.Now().Add(time.Second * 5))
+			if _, err := (*inConn).Write([]byte{0x00}); err != nil {
+				clean("udp related tcp conn disconnected with write", err.Error())
+				return
+			}
+			(*inConn).SetWriteDeadline(time.Time{})
+			time.Sleep(time.Second * 5)
+		}
+	}()
+	useProxy := true
+	if len(*s.cfg.Parent) > 0 {
+		dstHost, _, _ := net.SplitHostPort(serverConn.Target())
+		if utils.IsInternalIP(dstHost, *s.cfg.Always) {
+			useProxy = false
+		} else {
+			var isInMap bool
+			useProxy, isInMap, _, _ = s.checker.IsBlocked(serverConn.Target())
+			if !isInMap {
+				s.checker.Add(serverConn.Target(), s.Resolve(serverConn.Target()))
+			}
+		}
+	} else {
+		useProxy = false
+	}
+	if useProxy {
+		//parent proxy
+		lbAddr := s.lb.Select((*inConn).RemoteAddr().String(), *s.cfg.LoadBalanceOnlyHA)
+		outconn, err := s.GetParentConn(lbAddr, serverConn)
+		//outconn, err := s.GetParentConn(nil, nil, "", false)
+		if err != nil {
+			clean("connnect fail", fmt.Sprintf("%s", err))
+			return
+		}
+
+		client, err := s.HandshakeSocksParent(&outconn, "udp", serverConn.Target(), serverConn.AuthData(), false)
+
+		if err != nil {
+			clean("handshake fail", fmt.Sprintf("%s", err))
+			return
+		}
+		//outconnRemoteAddr := outconn.RemoteAddr().String()
+		outconnLocalAddr = outconn.LocalAddr().String()
+		s.userConns.Set(outconnLocalAddr, &outconn)
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					s.log.Printf("udp related parent tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+				}
+			}()
+			buf := make([]byte, 1)
+			outconn.SetReadDeadline(time.Time{})
+			if _, err := outconn.Read(buf); err != nil {
+				clean("udp parent tcp conn disconnected", fmt.Sprintf("%s", err))
+			}
+		}()
+		//forward to parent udp
+		//s.log.Printf("parent udp address %s", client.UDPAddr)
+		destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
+	}
+	s.log.Printf("use proxy %v : udp %s", useProxy, serverConn.Target())
+	//relay
+	buf := utils.LeakyBuffer.Get()
+	defer utils.LeakyBuffer.Put(buf)
+	for {
+		n, srcAddr, err := udpListener.ReadFromUDP(buf)
+		if err != nil {
+			s.log.Printf("udp listener read fail, %s", err.Error())
+			if isClosedErr(err) {
+				return
+			}
+			continue
+		}
+		srcIP0, _, _ := net.SplitHostPort(srcAddr.String())
+		//IP not match drop it
+		if srcIP != srcIP0 {
+			continue
+		}
+		p := socks.NewPacketUDP()
+		//convert data to raw
+		if len(s.udpLocalKey) > 0 {
+			var v []byte
+			v, err = goaes.Decrypt(s.udpLocalKey, buf[:n])
+			if err == nil {
+				err = p.Parse(v)
+			}
+		} else {
+			err = p.Parse(buf[:n])
+		}
+		//err = p.Parse(buf[:n])
+		if err != nil {
+			s.log.Printf("udp listener parse packet fail, %s", err.Error())
+			continue
+		}
+
+		port, _ := strconv.Atoi(p.Port())
+
+		if v, ok := s.udpRelatedPacketConns.Get(srcAddr.String()); !ok {
+			if destAddr == nil {
+				destAddr = &net.UDPAddr{IP: net.ParseIP(p.Host()), Port: port}
+			}
+			outUDPConn, err = net.DialUDP("udp", localAddr, destAddr)
+			if err != nil {
+				s.log.Printf("create out udp conn fail , %s , from : %s", err, srcAddr)
+				continue
+			}
+			s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn)
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						s.log.Printf("udp out->local io copy crashed:\n%s\n%s", e, string(debug.Stack()))
+					}
+				}()
+				defer s.udpRelatedPacketConns.Remove(srcAddr.String())
+				//out->local io copy
+				buf := utils.LeakyBuffer.Get()
+				defer utils.LeakyBuffer.Put(buf)
+				for {
+					n, err := outUDPConn.Read(buf)
+					if err != nil {
+						s.log.Printf("read out udp data fail , %s , from : %s", err, srcAddr)
+						if isClosedErr(err) {
+							return
+						}
+						continue
+					}
+
+					//var dlen = n
+					if useProxy {
+						//forward to local
+						var v []byte
+						//convert parent data to raw
+						if len(s.udpParentKey) > 0 {
+							v, err = goaes.Decrypt(s.udpParentKey, buf[:n])
+							if err != nil {
+								s.log.Printf("udp outconn parse packet fail, %s", err.Error())
+								continue
+							}
+						} else {
+							v = buf[:n]
+						}
+						//now v is raw, try convert v to local
+						if len(s.udpLocalKey) > 0 {
+							v, _ = goaes.Encrypt(s.udpLocalKey, v)
+						}
+						_, err = udpListener.WriteTo(v, srcAddr)
+						// _, err = udpListener.WriteTo(buf[:n], srcAddr)
+					} else {
+						rp := socks.NewPacketUDP()
+						rp.Build(destAddr.String(), buf[:n])
+						v := rp.Bytes()
+						//dlen = len(v)
+						//rp.Bytes() v is raw, try convert to local
+						if len(s.udpLocalKey) > 0 {
+							v, _ = goaes.Encrypt(s.udpLocalKey, v)
+						}
+						_, err = udpListener.WriteTo(v, srcAddr)
+					}
+
+					if err != nil {
+						s.udpRelatedPacketConns.Remove(srcAddr.String())
+						s.log.Printf("write out data to local fail , %s , from : %s", err, srcAddr)
+						if isClosedErr(err) {
+							return
+						}
+						continue
+					} else {
+						//s.log.Printf("send udp data to local success , len %d, for : %s", dlen, srcAddr)
+					}
+				}
+			}()
+		} else {
+			outUDPConn = v.(*net.UDPConn)
+		}
+		//local->out io copy
+		if useProxy {
+			//forward to parent
+			//p is raw, now convert it to parent
+			var v []byte
+			if len(s.udpParentKey) > 0 {
+				v, _ = goaes.Encrypt(s.udpParentKey, p.Bytes())
+			} else {
+				v = p.Bytes()
+			}
+			_, err = outUDPConn.Write(v)
+			// _, err = outUDPConn.Write(p.Bytes())
+		} else {
+			_, err = outUDPConn.Write(p.Data())
+		}
+		if err != nil {
+			if isClosedErr(err) {
+				return
+			}
+			s.log.Printf("send out udp data fail , %s , from : %s", err, srcAddr)
+			continue
+		} else {
+			//s.log.Printf("send udp data to remote success , len %d, for : %s", len(p.Data()), srcAddr)
+		}
+	}
+
+}

services/sps.go

@@ -1,467 +0,0 @@
-package services
-
-import (
-	"bytes"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	logger "log"
-	"net"
-	"runtime/debug"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/snail007/goproxy/utils"
-	"github.com/snail007/goproxy/utils/conncrypt"
-	"github.com/snail007/goproxy/utils/socks"
-)
-
-type SPS struct {
-	outPool        utils.OutConn
-	cfg            SPSArgs
-	domainResolver utils.DomainResolver
-	basicAuth      utils.BasicAuth
-	serverChannels []*utils.ServerChannel
-	userConns      utils.ConcurrentMap
-	log            *logger.Logger
-}
-
-func NewSPS() Service {
-	return &SPS{
-		outPool:        utils.OutConn{},
-		cfg:            SPSArgs{},
-		basicAuth:      utils.BasicAuth{},
-		serverChannels: []*utils.ServerChannel{},
-		userConns:      utils.NewConcurrentMap(),
-	}
-}
-func (s *SPS) CheckArgs() (err error) {
-	if *s.cfg.Parent == "" {
-		err = fmt.Errorf("parent required for %s %s", s.cfg.Protocol(), *s.cfg.Local)
-		return
-	}
-	if *s.cfg.ParentType == "" {
-		err = fmt.Errorf("parent type unkown,use -T <tls|tcp|kcp>")
-		return
-	}
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.LocalType == TYPE_TLS {
-		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-		if err != nil {
-			return
-		}
-		if *s.cfg.CaCertFile != "" {
-			s.cfg.CaCertBytes, err = ioutil.ReadFile(*s.cfg.CaCertFile)
-			if err != nil {
-				err = fmt.Errorf("read ca file error,ERR:%s", err)
-				return
-			}
-		}
-	}
-	return
-}
-func (s *SPS) InitService() (err error) {
-	if *s.cfg.DNSAddress != "" {
-		(*s).domainResolver = utils.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
-	}
-	s.InitOutConnPool()
-	err = s.InitBasicAuth()
-	return
-}
-func (s *SPS) InitOutConnPool() {
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.ParentType == TYPE_TCP || *s.cfg.ParentType == TYPE_KCP {
-		//dur int, isTLS bool, certBytes, keyBytes []byte,
-		//parent string, timeout int, InitialCap int, MaxCap int
-		s.outPool = utils.NewOutConn(
-			0,
-			*s.cfg.ParentType,
-			s.cfg.KCP,
-			s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes,
-			*s.cfg.Parent,
-			*s.cfg.Timeout,
-		)
-	}
-}
-
-func (s *SPS) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop sps service crashed,%s", e)
-		} else {
-			s.log.Printf("service sps stoped")
-		}
-	}()
-	for _, sc := range s.serverChannels {
-		if sc.Listener != nil && *sc.Listener != nil {
-			(*sc.Listener).Close()
-		}
-		if sc.UDPListener != nil {
-			(*sc.UDPListener).Close()
-		}
-	}
-	for _, c := range s.userConns.Items() {
-		if _, ok := c.(*net.Conn); ok {
-			(*c.(*net.Conn)).Close()
-		}
-		if _, ok := c.(**net.Conn); ok {
-			(*(*c.(**net.Conn))).Close()
-		}
-	}
-}
-func (s *SPS) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	s.cfg = args.(SPSArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	if err = s.InitService(); err != nil {
-		return
-	}
-	s.log.Printf("use %s %s parent %s", *s.cfg.ParentType, *s.cfg.ParentServiceType, *s.cfg.Parent)
-	for _, addr := range strings.Split(*s.cfg.Local, ",") {
-		if addr != "" {
-			host, port, _ := net.SplitHostPort(*s.cfg.Local)
-			p, _ := strconv.Atoi(port)
-			sc := utils.NewServerChannel(host, p, s.log)
-			if *s.cfg.LocalType == TYPE_TCP {
-				err = sc.ListenTCP(s.callback)
-			} else if *s.cfg.LocalType == TYPE_TLS {
-				err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.callback)
-			} else if *s.cfg.LocalType == TYPE_KCP {
-				err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
-			}
-			if err != nil {
-				return
-			}
-			s.log.Printf("%s http(s)+socks proxy on %s", s.cfg.Protocol(), (*sc.Listener).Addr())
-			s.serverChannels = append(s.serverChannels, &sc)
-		}
-	}
-	return
-}
-
-func (s *SPS) Clean() {
-	s.StopService()
-}
-func (s *SPS) callback(inConn net.Conn) {
-	defer func() {
-		if err := recover(); err != nil {
-			s.log.Printf("%s conn handler crashed with err : %s \nstack: %s", s.cfg.Protocol(), err, string(debug.Stack()))
-		}
-	}()
-	if *s.cfg.LocalCompress {
-		inConn = utils.NewCompConn(inConn)
-	}
-	if *s.cfg.LocalKey != "" {
-		inConn = conncrypt.New(inConn, &conncrypt.Config{
-			Password: *s.cfg.LocalKey,
-		})
-	}
-	var err error
-	switch *s.cfg.ParentType {
-	case TYPE_KCP:
-		fallthrough
-	case TYPE_TCP:
-		fallthrough
-	case TYPE_TLS:
-		err = s.OutToTCP(&inConn)
-	default:
-		err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
-	}
-	if err != nil {
-		s.log.Printf("connect to %s parent %s fail, ERR:%s from %s", *s.cfg.ParentType, *s.cfg.Parent, err, inConn.RemoteAddr())
-		utils.CloseConn(&inConn)
-	}
-}
-func (s *SPS) OutToTCP(inConn *net.Conn) (err error) {
-	bInConn := utils.NewBufferedConn(*inConn)
-	//important
-	//action read will regist read event to system,
-	//when data arrived , system call process
-	//so that we can get buffered bytes count
-	//otherwise Buffered() always return 0
-	bInConn.ReadByte()
-	bInConn.UnreadByte()
-
-	n := 8
-	if n > bInConn.Buffered() {
-		n = bInConn.Buffered()
-	}
-	h, err := bInConn.Peek(n)
-	if err != nil {
-		s.log.Printf("peek error %s ", err)
-		(*inConn).Close()
-		return
-	}
-
-	*inConn = bInConn
-	address := ""
-	var auth socks.Auth
-	var forwardBytes []byte
-	//fmt.Printf("%v", header)
-	if utils.IsSocks5(h) {
-		if *s.cfg.DisableSocks5 {
-			(*inConn).Close()
-			return
-		}
-		//socks5 server
-		var serverConn *socks.ServerConn
-		if s.IsBasicAuth() {
-			serverConn = socks.NewServerConn(inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), &s.basicAuth, "", nil)
-		} else {
-			serverConn = socks.NewServerConn(inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, "", nil)
-		}
-		if err = serverConn.Handshake(); err != nil {
-			return
-		}
-		address = serverConn.Target()
-		auth = serverConn.AuthData()
-	} else if utils.IsHTTP(h) {
-		if *s.cfg.DisableHTTP {
-			(*inConn).Close()
-			return
-		}
-		//http
-		var request utils.HTTPRequest
-		(*inConn).SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		if s.IsBasicAuth() {
-			request, err = utils.NewHTTPRequest(inConn, 1024, true, &s.basicAuth, s.log)
-		} else {
-			request, err = utils.NewHTTPRequest(inConn, 1024, false, nil, s.log)
-		}
-		(*inConn).SetDeadline(time.Time{})
-		if err != nil {
-			s.log.Printf("new http request fail,ERR: %s", err)
-			utils.CloseConn(inConn)
-			return
-		}
-		if len(h) >= 7 && strings.ToLower(string(h[:7])) == "connect" {
-			//https
-			request.HTTPSReply()
-			//s.log.Printf("https reply: %s", request.Host)
-		} else {
-			//forwardBytes = bytes.TrimRight(request.HeadBuf,"\r\n")
-			forwardBytes = request.HeadBuf
-		}
-		address = request.Host
-		var userpass string
-		if s.IsBasicAuth() {
-			userpass, err = request.GetAuthDataStr()
-			if err != nil {
-				return
-			}
-			userpassA := strings.Split(userpass, ":")
-			if len(userpassA) == 2 {
-				auth = socks.Auth{User: userpassA[0], Password: userpassA[1]}
-			}
-		}
-	}
-	if err != nil || address == "" {
-		s.log.Printf("unknown request from: %s,%s", (*inConn).RemoteAddr(), string(h))
-		(*inConn).Close()
-		utils.CloseConn(inConn)
-		err = errors.New("unknown request")
-		return
-	}
-	//connect to parent
-	var outConn net.Conn
-	outConn, err = s.outPool.Get()
-	if err != nil {
-		s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
-		utils.CloseConn(inConn)
-		return
-	}
-	if *s.cfg.ParentCompress {
-		outConn = utils.NewCompConn(outConn)
-	}
-	if *s.cfg.ParentKey != "" {
-		outConn = conncrypt.New(outConn, &conncrypt.Config{
-			Password: *s.cfg.ParentKey,
-		})
-	}
-
-	if *s.cfg.ParentAuth != "" || s.IsBasicAuth() {
-		forwardBytes = utils.RemoveProxyHeaders(forwardBytes)
-	}
-
-	//ask parent for connect to target address
-	if *s.cfg.ParentServiceType == "http" {
-		//http parent
-		isHTTPS := false
-
-		pb := new(bytes.Buffer)
-		if len(forwardBytes) == 0 {
-			isHTTPS = true
-			pb.Write([]byte(fmt.Sprintf("CONNECT %s HTTP/1.1\r\n", address)))
-		}
-		pb.WriteString("Proxy-Connection: Keep-Alive\r\n")
-
-		u := ""
-		if *s.cfg.ParentAuth != "" {
-			a := strings.Split(*s.cfg.ParentAuth, ":")
-			if len(a) != 2 {
-				err = fmt.Errorf("parent auth data format error")
-				return
-			}
-			u = fmt.Sprintf("%s:%s", a[0], a[1])
-		} else {
-			if !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
-				u = fmt.Sprintf("%s:%s", auth.User, auth.Password)
-			}
-		}
-		if u != "" {
-			pb.Write([]byte(fmt.Sprintf("Proxy-Authorization: Basic %s\r\n", base64.StdEncoding.EncodeToString([]byte(u)))))
-		}
-
-		if isHTTPS {
-			pb.Write([]byte("\r\n"))
-		} else {
-			forwardBytes = utils.InsertProxyHeaders(forwardBytes, string(pb.Bytes()))
-			pb.Reset()
-			pb.Write(forwardBytes)
-			forwardBytes = nil
-		}
-
-		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = outConn.Write(pb.Bytes())
-		outConn.SetDeadline(time.Time{})
-		if err != nil {
-			s.log.Printf("write CONNECT to %s , err:%s", *s.cfg.Parent, err)
-			utils.CloseConn(inConn)
-			utils.CloseConn(&outConn)
-			return
-		}
-
-		if isHTTPS {
-			reply := make([]byte, 1024)
-			outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-			_, err = outConn.Read(reply)
-			outConn.SetDeadline(time.Time{})
-			if err != nil {
-				s.log.Printf("read reply from %s , err:%s", *s.cfg.Parent, err)
-				utils.CloseConn(inConn)
-				utils.CloseConn(&outConn)
-				return
-			}
-			//s.log.Printf("reply: %s", string(reply[:n]))
-		}
-	} else if *s.cfg.ParentServiceType == "socks" {
-		s.log.Printf("connect %s", address)
-		//socks client
-		var clientConn *socks.ClientConn
-		if *s.cfg.ParentAuth != "" {
-			a := strings.Split(*s.cfg.ParentAuth, ":")
-			if len(a) != 2 {
-				err = fmt.Errorf("parent auth data format error")
-				return
-			}
-			clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
-		} else {
-			if !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
-				clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
-			} else {
-				clientConn = socks.NewClientConn(&outConn, "tcp", address, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
-			}
-		}
-		if err = clientConn.Handshake(); err != nil {
-			return
-		}
-	}
-
-	//forward client data to target,if necessary.
-	if len(forwardBytes) > 0 {
-		outConn.Write(forwardBytes)
-	}
-
-	//bind
-	inAddr := (*inConn).RemoteAddr().String()
-	outAddr := outConn.RemoteAddr().String()
-	utils.IoBind((*inConn), outConn, func(err interface{}) {
-		s.log.Printf("conn %s - %s released [%s]", inAddr, outAddr, address)
-		s.userConns.Remove(inAddr)
-	}, s.log)
-	s.log.Printf("conn %s - %s connected [%s]", inAddr, outAddr, address)
-	if c, ok := s.userConns.Get(inAddr); ok {
-		(*c.(*net.Conn)).Close()
-	}
-	s.userConns.Set(inAddr, inConn)
-	return
-}
-func (s *SPS) InitBasicAuth() (err error) {
-	if *s.cfg.DNSAddress != "" {
-		s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
-	} else {
-		s.basicAuth = utils.NewBasicAuth(nil, s.log)
-	}
-	if *s.cfg.AuthURL != "" {
-		s.basicAuth.SetAuthURL(*s.cfg.AuthURL, *s.cfg.AuthURLOkCode, *s.cfg.AuthURLTimeout, *s.cfg.AuthURLRetry)
-		s.log.Printf("auth from %s", *s.cfg.AuthURL)
-	}
-	if *s.cfg.AuthFile != "" {
-		var n = 0
-		n, err = s.basicAuth.AddFromFile(*s.cfg.AuthFile)
-		if err != nil {
-			err = fmt.Errorf("auth-file ERR:%s", err)
-			return
-		}
-		s.log.Printf("auth data added from file %d , total:%d", n, s.basicAuth.Total())
-	}
-	if len(*s.cfg.Auth) > 0 {
-		n := s.basicAuth.Add(*s.cfg.Auth)
-		s.log.Printf("auth data added %d, total:%d", n, s.basicAuth.Total())
-	}
-	return
-}
-func (s *SPS) IsBasicAuth() bool {
-	return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
-}
-func (s *SPS) buildRequest(address string) (buf []byte, err error) {
-	host, portStr, err := net.SplitHostPort(address)
-	if err != nil {
-		return nil, err
-	}
-
-	port, err := strconv.Atoi(portStr)
-	if err != nil {
-		err = errors.New("proxy: failed to parse port number: " + portStr)
-		return
-	}
-	if port < 1 || port > 0xffff {
-		err = errors.New("proxy: port number out of range: " + portStr)
-		return
-	}
-	buf = buf[:0]
-	buf = append(buf, 0x05, 0x01, 0 /* reserved */)
-
-	if ip := net.ParseIP(host); ip != nil {
-		if ip4 := ip.To4(); ip4 != nil {
-			buf = append(buf, 0x01)
-			ip = ip4
-		} else {
-			buf = append(buf, 0x04)
-		}
-		buf = append(buf, ip...)
-	} else {
-		if len(host) > 255 {
-			err = errors.New("proxy: destination host name too long: " + host)
-			return
-		}
-		buf = append(buf, 0x03)
-		buf = append(buf, byte(len(host)))
-		buf = append(buf, host...)
-	}
-	buf = append(buf, byte(port>>8), byte(port))
-	return
-}
-func (s *SPS) Resolve(address string) string {
-	if *s.cfg.DNSAddress == "" {
-		return address
-	}
-	ip, err := s.domainResolver.Resolve(address)
-	if err != nil {
-		s.log.Printf("dns error %s , ERR:%s", address, err)
-	}
-	return ip
-}

services/sps/socksudp.go

@@ -0,0 +1,217 @@
+package sps
+
+import (
+	"fmt"
+	"net"
+	"runtime/debug"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/utils"
+	goaes "github.com/snail007/goproxy/utils/aes"
+	"github.com/snail007/goproxy/utils/socks"
+)
+
+func (s *SPS) proxyUDP(inConn *net.Conn, serverConn *socks.ServerConn) {
+	defer func() {
+		if e := recover(); e != nil {
+			s.log.Printf("udp local->out io copy crashed:\n%s\n%s", e, string(debug.Stack()))
+		}
+	}()
+	if *s.cfg.ParentType == "ssh" {
+		utils.CloseConn(inConn)
+		return
+	}
+	srcIP, _, _ := net.SplitHostPort((*inConn).RemoteAddr().String())
+	inconnRemoteAddr := (*inConn).RemoteAddr().String()
+	localAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+	udpListener := serverConn.UDPConnListener
+	s.log.Printf("proxy udp on %s , for %s", udpListener.LocalAddr(), inconnRemoteAddr)
+	s.userConns.Set(inconnRemoteAddr, inConn)
+	var (
+		outUDPConn       *net.UDPConn
+		outconn          net.Conn
+		outconnLocalAddr string
+		isClosedErr      = func(err error) bool {
+			return err != nil && strings.Contains(err.Error(), "use of closed network connection")
+		}
+		destAddr *net.UDPAddr
+	)
+	var clean = func(msg, err string) {
+		raddr := ""
+		if outUDPConn != nil {
+			raddr = outUDPConn.RemoteAddr().String()
+			outUDPConn.Close()
+		}
+		if msg != "" {
+			if raddr != "" {
+				s.log.Printf("%s , %s , %s -> %s", msg, err, inconnRemoteAddr, raddr)
+			} else {
+				s.log.Printf("%s , %s , from : %s", msg, err, inconnRemoteAddr)
+			}
+		}
+		(*inConn).Close()
+		udpListener.Close()
+		s.userConns.Remove(inconnRemoteAddr)
+		if outconn != nil {
+			outconn.Close()
+		}
+		if outconnLocalAddr != "" {
+			s.userConns.Remove(outconnLocalAddr)
+		}
+	}
+	defer clean("", "")
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp related client tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		buf := make([]byte, 1)
+		(*inConn).SetReadDeadline(time.Time{})
+		if _, err := (*inConn).Read(buf); err != nil {
+			clean("udp related tcp conn disconnected with read", err.Error())
+		}
+	}()
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp related client tcp conn write crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		for {
+			(*inConn).SetWriteDeadline(time.Now().Add(time.Second * 5))
+			if _, err := (*inConn).Write([]byte{0x00}); err != nil {
+				clean("udp related tcp conn disconnected with write", err.Error())
+				return
+			}
+			(*inConn).SetWriteDeadline(time.Time{})
+			time.Sleep(time.Second * 5)
+		}
+	}()
+	//parent proxy
+	lbAddr := s.lb.Select((*inConn).RemoteAddr().String(), *s.cfg.LoadBalanceOnlyHA)
+
+	outconn, err := s.GetParentConn(lbAddr)
+	//outconn, err := s.GetParentConn(nil, nil, "", false)
+	if err != nil {
+		clean("connnect fail", fmt.Sprintf("%s", err))
+		return
+	}
+	s.log.Printf("connect %s for udp", serverConn.Target())
+	//socks client
+
+	client, err := s.HandshakeSocksParent(s.getParentAuth(lbAddr), &outconn, "udp", serverConn.Target(), serverConn.AuthData(), false)
+	if err != nil {
+		clean("handshake fail", fmt.Sprintf("%s", err))
+		return
+	}
+
+	//outconnRemoteAddr := outconn.RemoteAddr().String()
+	outconnLocalAddr = outconn.LocalAddr().String()
+	s.userConns.Set(outconnLocalAddr, &outconn)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp related parent tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		buf := make([]byte, 1)
+		outconn.SetReadDeadline(time.Time{})
+		if _, err := outconn.Read(buf); err != nil {
+			clean("udp parent tcp conn disconnected", fmt.Sprintf("%s", err))
+		}
+	}()
+	//forward to parent udp
+	//s.log.Printf("parent udp address %s", client.UDPAddr)
+	destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
+	//relay
+	buf := utils.LeakyBuffer.Get()
+	defer utils.LeakyBuffer.Put(buf)
+	for {
+		n, srcAddr, err := udpListener.ReadFromUDP(buf)
+		if err != nil {
+			s.log.Printf("udp listener read fail, %s", err.Error())
+			if isClosedErr(err) {
+				return
+			}
+			continue
+		}
+		srcIP0, _, _ := net.SplitHostPort(srcAddr.String())
+		//IP not match drop it
+		if srcIP != srcIP0 {
+			continue
+		}
+		p := socks.NewPacketUDP()
+		//convert data to raw
+		if len(s.udpLocalKey) > 0 {
+			var v []byte
+			v, err = goaes.Decrypt(s.udpLocalKey, buf[:n])
+			if err == nil {
+				err = p.Parse(v)
+			}
+		} else {
+			err = p.Parse(buf[:n])
+		}
+		//err = p.Parse(buf[:n])
+		if err != nil {
+			s.log.Printf("udp listener parse packet fail, %s", err.Error())
+			continue
+		}
+		if v, ok := s.udpRelatedPacketConns.Get(srcAddr.String()); !ok {
+			outUDPConn, err = net.DialUDP("udp", localAddr, destAddr)
+			if err != nil {
+				s.log.Printf("create out udp conn fail , %s , from : %s", err, srcAddr)
+				continue
+			}
+			s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn)
+			utils.UDPCopy(udpListener, outUDPConn, srcAddr, 0, func(data []byte) []byte {
+				//forward to local
+				var v []byte
+				//convert parent data to raw
+				if len(s.udpParentKey) > 0 {
+					v, err = goaes.Decrypt(s.udpParentKey, data)
+					if err != nil {
+						s.log.Printf("udp outconn parse packet fail, %s", err.Error())
+						return []byte{}
+					}
+				} else {
+					v = data
+				}
+				//now v is raw, try convert v to local
+				if len(s.udpLocalKey) > 0 {
+					v, _ = goaes.Encrypt(s.udpLocalKey, v)
+				}
+				return v
+			}, func(err interface{}) {
+				s.udpRelatedPacketConns.Remove(srcAddr.String())
+				if err != nil {
+					s.log.Printf("udp out->local io copy crashed:\n%s\n%s", err, string(debug.Stack()))
+				}
+			})
+		} else {
+			outUDPConn = v.(*net.UDPConn)
+		}
+		//local->out io copy
+		//forward to parent
+		//p is raw, now convert it to parent
+		var v []byte
+		if len(s.udpParentKey) > 0 {
+			v, _ = goaes.Encrypt(s.udpParentKey, p.Bytes())
+		} else {
+			v = p.Bytes()
+		}
+		_, err = outUDPConn.Write(v)
+		// _, err = outUDPConn.Write(p.Bytes())
+		if err != nil {
+			if isClosedErr(err) {
+				return
+			}
+			s.log.Printf("send out udp data fail , %s , from : %s", err, srcAddr)
+			continue
+		} else {
+			//s.log.Printf("send udp data to remote success , len %d, for : %s", len(p.Data()), srcAddr)
+		}
+	}
+
+}

services/sps/sps.go

@@ -0,0 +1,813 @@
+package sps
+
+import (
+	"bytes"
+	"crypto/md5"
+	"crypto/tls"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/conncrypt"
+	cryptool "github.com/snail007/goproxy/utils/crypt"
+	"github.com/snail007/goproxy/utils/datasize"
+	"github.com/snail007/goproxy/utils/dnsx"
+	"github.com/snail007/goproxy/utils/iolimiter"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/lb"
+	"github.com/snail007/goproxy/utils/mapx"
+	"github.com/snail007/goproxy/utils/sni"
+	"github.com/snail007/goproxy/utils/socks"
+	"github.com/snail007/goproxy/utils/ss"
+)
+
+type SPSArgs struct {
+	Parent                *[]string
+	CertFile              *string
+	KeyFile               *string
+	CaCertFile            *string
+	CaCertBytes           []byte
+	CertBytes             []byte
+	KeyBytes              []byte
+	Local                 *string
+	ParentType            *string
+	LocalType             *string
+	Timeout               *int
+	KCP                   kcpcfg.KCPConfigArgs
+	ParentServiceType     *string
+	DNSAddress            *string
+	DNSTTL                *int
+	AuthFile              *string
+	Auth                  *[]string
+	AuthURL               *string
+	AuthURLOkCode         *int
+	AuthURLTimeout        *int
+	AuthURLRetry          *int
+	LocalIPS              *[]string
+	ParentAuth            *string
+	LocalKey              *string
+	ParentKey             *string
+	LocalCompress         *bool
+	ParentCompress        *bool
+	SSMethod              *string
+	SSKey                 *string
+	ParentSSMethod        *string
+	ParentSSKey           *string
+	DisableHTTP           *bool
+	DisableSocks5         *bool
+	DisableSS             *bool
+	LoadBalanceMethod     *string
+	LoadBalanceTimeout    *int
+	LoadBalanceRetryTime  *int
+	LoadBalanceHashTarget *bool
+	LoadBalanceOnlyHA     *bool
+	ParentTLSSingle       *bool
+
+	RateLimit      *string
+	RateLimitBytes float64
+	Debug          *bool
+	Jumper         *string
+}
+type SPS struct {
+	cfg                   SPSArgs
+	domainResolver        dnsx.DomainResolver
+	basicAuth             utils.BasicAuth
+	serverChannels        []*server.ServerChannel
+	userConns             mapx.ConcurrentMap
+	log                   *logger.Logger
+	localCipher           *ss.Cipher
+	parentCipher          *ss.Cipher
+	udpRelatedPacketConns mapx.ConcurrentMap
+	lb                    *lb.Group
+	udpLocalKey           []byte
+	udpParentKey          []byte
+	jumper                *jumper.Jumper
+	parentAuthData        *sync.Map
+	parentCipherData      *sync.Map
+}
+
+func NewSPS() services.Service {
+	return &SPS{
+		cfg:                   SPSArgs{},
+		basicAuth:             utils.BasicAuth{},
+		serverChannels:        []*server.ServerChannel{},
+		userConns:             mapx.NewConcurrentMap(),
+		udpRelatedPacketConns: mapx.NewConcurrentMap(),
+		parentAuthData:        &sync.Map{},
+		parentCipherData:      &sync.Map{},
+	}
+}
+func (s *SPS) CheckArgs() (err error) {
+
+	if len(*s.cfg.Parent) == 1 && (*s.cfg.Parent)[0] == "" {
+		(*s.cfg.Parent) = []string{}
+	}
+
+	if len(*s.cfg.Parent) == 0 {
+		err = fmt.Errorf("parent required for %s %s", *s.cfg.LocalType, *s.cfg.Local)
+		return
+	}
+	if *s.cfg.ParentType == "" {
+		err = fmt.Errorf("parent type unkown,use -T <tls|tcp|kcp>")
+		return
+	}
+	if *s.cfg.ParentType == "ss" && (*s.cfg.ParentSSKey == "" || *s.cfg.ParentSSMethod == "") {
+		err = fmt.Errorf("ss parent need a ss key, set it by : -J <sskey>")
+		return
+	}
+	if *s.cfg.ParentType == "tls" || *s.cfg.LocalType == "tls" {
+		if !*s.cfg.ParentTLSSingle {
+			s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+			if err != nil {
+				return
+			}
+		}
+		if *s.cfg.CaCertFile != "" {
+			s.cfg.CaCertBytes, err = ioutil.ReadFile(*s.cfg.CaCertFile)
+			if err != nil {
+				err = fmt.Errorf("read ca file error,ERR:%s", err)
+				return
+			}
+		}
+	}
+	if *s.cfg.RateLimit != "0" && *s.cfg.RateLimit != "" {
+		var size uint64
+		size, err = datasize.Parse(*s.cfg.RateLimit)
+		if err != nil {
+			err = fmt.Errorf("parse rate limit size error,ERR:%s", err)
+			return
+		}
+		s.cfg.RateLimitBytes = float64(size)
+	}
+	s.udpLocalKey = s.LocalUDPKey()
+	s.udpParentKey = s.ParentUDPKey()
+	if *s.cfg.Jumper != "" {
+		if *s.cfg.ParentType != "tls" && *s.cfg.ParentType != "tcp" {
+			err = fmt.Errorf("jumper only worked of -T is tls or tcp")
+			return
+		}
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
+	return
+}
+func (s *SPS) InitService() (err error) {
+
+	if *s.cfg.DNSAddress != "" {
+		s.domainResolver = dnsx.NewDomainResolver(*s.cfg.DNSAddress, *s.cfg.DNSTTL, s.log)
+	}
+
+	if len(*s.cfg.Parent) > 0 {
+		err = s.InitLB()
+		if err != nil {
+			return
+		}
+	}
+
+	err = s.InitBasicAuth()
+	if *s.cfg.SSMethod != "" && *s.cfg.SSKey != "" {
+		s.localCipher, err = ss.NewCipher(*s.cfg.SSMethod, *s.cfg.SSKey)
+		if err != nil {
+			s.log.Printf("error generating cipher : %s", err)
+			return
+		}
+	}
+	if *s.cfg.ParentServiceType == "ss" {
+		s.parentCipher, err = ss.NewCipher(*s.cfg.ParentSSMethod, *s.cfg.ParentSSKey)
+		if err != nil {
+			s.log.Printf("error generating cipher : %s", err)
+			return
+		}
+	}
+	return
+}
+
+func (s *SPS) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop sps service crashed,%s", e)
+		} else {
+			s.log.Printf("service sps stopped")
+		}
+		s.basicAuth = utils.BasicAuth{}
+		s.cfg = SPSArgs{}
+		s.domainResolver = dnsx.DomainResolver{}
+		s.lb = nil
+		s.localCipher = nil
+		s.jumper = nil
+		s.log = nil
+		s.parentCipher = nil
+		s.serverChannels = nil
+		s.udpLocalKey = nil
+		s.udpParentKey = nil
+		s.udpRelatedPacketConns = nil
+		s.userConns = nil
+		s.parentAuthData = nil
+		s.parentCipherData = nil
+		s = nil
+	}()
+	for _, sc := range s.serverChannels {
+		if sc.Listener != nil && *sc.Listener != nil {
+			(*sc.Listener).Close()
+		}
+		if sc.UDPListener != nil {
+			(*sc.UDPListener).Close()
+		}
+	}
+	for _, c := range s.userConns.Items() {
+		if _, ok := c.(*net.Conn); ok {
+			(*c.(*net.Conn)).Close()
+		}
+		if _, ok := c.(**net.Conn); ok {
+			(*(*c.(**net.Conn))).Close()
+		}
+	}
+	if s.lb != nil {
+		s.lb.Stop()
+	}
+	for _, c := range s.udpRelatedPacketConns.Items() {
+		(*c.(*net.UDPConn)).Close()
+	}
+}
+func (s *SPS) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(SPSArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		return
+	}
+
+	s.log.Printf("use %s %s parent %v [ %s ]", *s.cfg.ParentType, *s.cfg.ParentServiceType, *s.cfg.Parent, strings.ToUpper(*s.cfg.LoadBalanceMethod))
+	for _, addr := range strings.Split(*s.cfg.Local, ",") {
+		if addr != "" {
+			host, port, _ := net.SplitHostPort(addr)
+			p, _ := strconv.Atoi(port)
+			sc := server.NewServerChannel(host, p, s.log)
+			s.serverChannels = append(s.serverChannels, &sc)
+			if *s.cfg.LocalType == "tcp" {
+				err = sc.ListenTCP(s.callback)
+			} else if *s.cfg.LocalType == "tls" {
+				err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes, s.callback)
+			} else if *s.cfg.LocalType == "kcp" {
+				err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
+			}
+			if err != nil {
+				return
+			}
+			if *s.cfg.ParentServiceType == "socks" {
+				err = s.RunSSUDP(addr)
+			} else {
+				s.log.Println("warn : udp only for socks parent ")
+			}
+			if err != nil {
+				return
+			}
+			s.log.Printf("%s http(s)+socks+ss proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
+		}
+	}
+	return
+}
+
+func (s *SPS) Clean() {
+	s.StopService()
+}
+func (s *SPS) callback(inConn net.Conn) {
+	defer func() {
+		if err := recover(); err != nil {
+			s.log.Printf("%s conn handler crashed with err : %s \nstack: %s", *s.cfg.LocalType, err, string(debug.Stack()))
+		}
+	}()
+	if *s.cfg.LocalCompress {
+		inConn = utils.NewCompConn(inConn)
+	}
+	if *s.cfg.LocalKey != "" {
+		inConn = conncrypt.New(inConn, &conncrypt.Config{
+			Password: *s.cfg.LocalKey,
+		})
+	}
+	var err error
+	lbAddr := ""
+	switch *s.cfg.ParentType {
+	case "kcp", "tcp", "tls":
+		lbAddr, err = s.OutToTCP(&inConn)
+	default:
+		err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
+	}
+	if err != nil {
+		s.log.Printf("connect to %s parent %s fail, ERR:%s from %s", *s.cfg.ParentType, lbAddr, err, inConn.RemoteAddr())
+		utils.CloseConn(&inConn)
+	}
+}
+func (s *SPS) OutToTCP(inConn *net.Conn) (lbAddr string, err error) {
+	enableUDP := *s.cfg.ParentServiceType == "socks"
+	udpIP, _, _ := net.SplitHostPort((*inConn).LocalAddr().String())
+	if len(*s.cfg.LocalIPS) > 0 {
+		udpIP = (*s.cfg.LocalIPS)[0]
+	}
+	bInConn := utils.NewBufferedConn(*inConn)
+	//important
+	//action read will regist read event to system,
+	//when data arrived , system call process
+	//so that we can get buffered bytes count
+	//otherwise Buffered() always return 0
+	bInConn.ReadByte()
+	bInConn.UnreadByte()
+
+	n := 2048
+	if n > bInConn.Buffered() {
+		n = bInConn.Buffered()
+	}
+	h, err := bInConn.Peek(n)
+	if err != nil {
+		s.log.Printf("peek error %s ", err)
+		(*inConn).Close()
+		return
+	}
+	isSNI, _ := sni.ServerNameFromBytes(h)
+	*inConn = bInConn
+	address := ""
+	var auth = socks.Auth{}
+	var forwardBytes []byte
+	//fmt.Printf("%v", header)
+	if utils.IsSocks5(h) {
+		if *s.cfg.DisableSocks5 {
+			(*inConn).Close()
+			return
+		}
+		//socks5 server
+		var serverConn *socks.ServerConn
+		if s.IsBasicAuth() {
+			serverConn = socks.NewServerConn(inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), &s.basicAuth, enableUDP, udpIP, nil)
+		} else {
+			serverConn = socks.NewServerConn(inConn, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, enableUDP, udpIP, nil)
+		}
+		if err = serverConn.Handshake(); err != nil {
+			return
+		}
+		address = serverConn.Target()
+		auth = serverConn.AuthData()
+		if serverConn.IsUDP() {
+			s.proxyUDP(inConn, serverConn)
+			return
+		}
+	} else if utils.IsHTTP(h) || isSNI != "" {
+		if *s.cfg.DisableHTTP {
+			(*inConn).Close()
+			return
+		}
+		//http
+		var request utils.HTTPRequest
+		(*inConn).SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		if s.IsBasicAuth() {
+			request, err = utils.NewHTTPRequest(inConn, 1024, true, &s.basicAuth, s.log)
+		} else {
+			request, err = utils.NewHTTPRequest(inConn, 1024, false, nil, s.log)
+		}
+		(*inConn).SetDeadline(time.Time{})
+		if err != nil {
+			s.log.Printf("new http request fail,ERR: %s", err)
+			utils.CloseConn(inConn)
+			return
+		}
+		if len(h) >= 7 && strings.ToLower(string(h[:7])) == "connect" {
+			//https
+			request.HTTPSReply()
+			//s.log.Printf("https reply: %s", request.Host)
+		} else {
+			forwardBytes = request.HeadBuf
+		}
+		address = request.Host
+		var userpass string
+		if s.IsBasicAuth() {
+			userpass, err = request.GetAuthDataStr()
+			if err != nil {
+				return
+			}
+			userpassA := strings.Split(userpass, ":")
+			if len(userpassA) == 2 {
+				auth = socks.Auth{User: userpassA[0], Password: userpassA[1]}
+			}
+		}
+	} else {
+		//ss
+		if *s.cfg.DisableSS {
+			(*inConn).Close()
+			return
+		}
+		(*inConn).SetDeadline(time.Now().Add(time.Second * 5))
+		ssConn := ss.NewConn(*inConn, s.localCipher.Copy())
+		address, err = ss.GetRequest(ssConn)
+		(*inConn).SetDeadline(time.Time{})
+		if err != nil {
+			return
+		}
+		// ensure the host does not contain some illegal characters, NUL may panic on Win32
+		if strings.ContainsRune(address, 0x00) {
+			err = errors.New("invalid domain name")
+			return
+		}
+		*inConn = ssConn
+	}
+	if err != nil || address == "" {
+		s.log.Printf("unknown request from: %s,%s", (*inConn).RemoteAddr(), string(h))
+		(*inConn).Close()
+		utils.CloseConn(inConn)
+		err = errors.New("unknown request")
+		return
+	}
+	//connect to parent
+	var outConn net.Conn
+	selectAddr := (*inConn).RemoteAddr().String()
+	if utils.LBMethod(*s.cfg.LoadBalanceMethod) == lb.SELECT_HASH && *s.cfg.LoadBalanceHashTarget {
+		selectAddr = address
+	}
+	lbAddr = s.lb.Select(selectAddr, *s.cfg.LoadBalanceOnlyHA)
+	outConn, err = s.GetParentConn(lbAddr)
+	if err != nil {
+		s.log.Printf("connect to %s , err:%s", lbAddr, err)
+		utils.CloseConn(inConn)
+		return
+	}
+	ParentAuth := s.getParentAuth(lbAddr)
+	if ParentAuth != "" || *s.cfg.ParentSSKey != "" || s.IsBasicAuth() {
+		forwardBytes = utils.RemoveProxyHeaders(forwardBytes)
+	}
+
+	//ask parent for connect to target address
+	if *s.cfg.ParentServiceType == "http" {
+		//http parent
+		isHTTPS := false
+
+		pb := new(bytes.Buffer)
+		if len(forwardBytes) == 0 {
+			isHTTPS = true
+			pb.Write([]byte(fmt.Sprintf("CONNECT %s HTTP/1.1\r\n", address)))
+		}
+		pb.WriteString(fmt.Sprintf("Host: %s\r\n", address))
+		pb.WriteString(fmt.Sprintf("Proxy-Host: %s\r\n", address))
+		pb.WriteString("Proxy-Connection: Keep-Alive\r\n")
+		pb.WriteString("Connection: Keep-Alive\r\n")
+
+		u := ""
+		if ParentAuth != "" {
+			a := strings.Split(ParentAuth, ":")
+			if len(a) != 2 {
+				err = fmt.Errorf("parent auth data format error")
+				return
+			}
+			u = fmt.Sprintf("%s:%s", a[0], a[1])
+		} else {
+			if !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
+				u = fmt.Sprintf("%s:%s", auth.User, auth.Password)
+			}
+		}
+		if u != "" {
+			pb.Write([]byte(fmt.Sprintf("Proxy-Authorization: Basic %s\r\n", base64.StdEncoding.EncodeToString([]byte(u)))))
+		}
+
+		if isHTTPS {
+			pb.Write([]byte("\r\n"))
+		} else {
+			forwardBytes = utils.InsertProxyHeaders(forwardBytes, string(pb.Bytes()))
+			pb.Reset()
+			pb.Write(forwardBytes)
+			forwardBytes = nil
+		}
+
+		outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		_, err = outConn.Write(pb.Bytes())
+		outConn.SetDeadline(time.Time{})
+		if err != nil {
+			s.log.Printf("write CONNECT to %s , err:%s", lbAddr, err)
+			utils.CloseConn(inConn)
+			utils.CloseConn(&outConn)
+			return
+		}
+
+		if isHTTPS {
+			reply := make([]byte, 1024)
+			outConn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+			_, err = outConn.Read(reply)
+			outConn.SetDeadline(time.Time{})
+			if err != nil {
+				s.log.Printf("read reply from %s , err:%s", lbAddr, err)
+				utils.CloseConn(inConn)
+				utils.CloseConn(&outConn)
+				return
+			}
+			//s.log.Printf("reply: %s", string(reply[:n]))
+		}
+	} else if *s.cfg.ParentServiceType == "socks" {
+		s.log.Printf("connect %s", address)
+
+		//socks client
+		_, err = s.HandshakeSocksParent(ParentAuth, &outConn, "tcp", address, auth, false)
+		if err != nil {
+			s.log.Printf("handshake fail, %s", err)
+			return
+		}
+
+	} else if *s.cfg.ParentServiceType == "ss" {
+		ra, e := ss.RawAddr(address)
+		if e != nil {
+			err = fmt.Errorf("build ss raw addr fail, err: %s", e)
+			return
+		}
+
+		outConn, err = ss.DialWithRawAddr(&outConn, ra, "", s.getParentCipher(lbAddr))
+		if err != nil {
+			err = fmt.Errorf("dial ss parent fail, err : %s", err)
+			return
+		}
+	}
+
+	//forward client data to target,if necessary.
+	if len(forwardBytes) > 0 {
+		outConn.Write(forwardBytes)
+	}
+
+	if s.cfg.RateLimitBytes > 0 {
+		outConn = iolimiter.NewReaderConn(outConn, s.cfg.RateLimitBytes)
+	}
+
+	//bind
+	inAddr := (*inConn).RemoteAddr().String()
+	outAddr := outConn.RemoteAddr().String()
+	utils.IoBind((*inConn), outConn, func(err interface{}) {
+		s.log.Printf("conn %s - %s released [%s]", inAddr, outAddr, address)
+		s.userConns.Remove(inAddr)
+		s.lb.DecreaseConns(lbAddr)
+	}, s.log)
+	s.log.Printf("conn %s - %s connected [%s]", inAddr, outAddr, address)
+
+	s.lb.IncreasConns(lbAddr)
+
+	if c, ok := s.userConns.Get(inAddr); ok {
+		(*c.(*net.Conn)).Close()
+	}
+	s.userConns.Set(inAddr, inConn)
+
+	return
+}
+func (s *SPS) InitBasicAuth() (err error) {
+	if *s.cfg.DNSAddress != "" {
+		s.basicAuth = utils.NewBasicAuth(&(*s).domainResolver, s.log)
+	} else {
+		s.basicAuth = utils.NewBasicAuth(nil, s.log)
+	}
+	if *s.cfg.AuthURL != "" {
+		s.basicAuth.SetAuthURL(*s.cfg.AuthURL, *s.cfg.AuthURLOkCode, *s.cfg.AuthURLTimeout, *s.cfg.AuthURLRetry)
+		s.log.Printf("auth from %s", *s.cfg.AuthURL)
+	}
+	if *s.cfg.AuthFile != "" {
+		var n = 0
+		n, err = s.basicAuth.AddFromFile(*s.cfg.AuthFile)
+		if err != nil {
+			err = fmt.Errorf("auth-file ERR:%s", err)
+			return
+		}
+		s.log.Printf("auth data added from file %d , total:%d", n, s.basicAuth.Total())
+	}
+	if len(*s.cfg.Auth) > 0 {
+		n := s.basicAuth.Add(*s.cfg.Auth)
+		s.log.Printf("auth data added %d, total:%d", n, s.basicAuth.Total())
+	}
+	return
+}
+func (s *SPS) InitLB() (err error) {
+	configs := lb.BackendsConfig{}
+	for _, addr := range *s.cfg.Parent {
+		var _addrInfo []string
+		if strings.Contains(addr, "#") {
+			_s := addr[:strings.Index(addr, "#")]
+			_auth, err := cryptool.CryptTools.Base64Decode(_s)
+			if err != nil {
+				s.log.Printf("decoding parent auth data [ %s ] fail , error : %s", _s, err)
+				return err
+			}
+			_addrInfo = strings.Split(addr[strings.Index(addr, "#")+1:], "@")
+			if *s.cfg.ParentServiceType == "ss" {
+				_s := strings.Split(_auth, ":")
+				m := _s[0]
+				k := _s[1]
+				if m == "" {
+					m = *s.cfg.ParentSSMethod
+				}
+				if k == "" {
+					k = *s.cfg.ParentSSKey
+				}
+				cipher, err := ss.NewCipher(m, k)
+				if err != nil {
+					s.log.Printf("error generating cipher, ssMethod: %s, ssKey: %s, error : %s", m, k, err)
+					return err
+				}
+				s.parentCipherData.Store(_addrInfo[0], cipher)
+			} else {
+				s.parentAuthData.Store(_addrInfo[0], _auth)
+			}
+
+		} else {
+			_addrInfo = strings.Split(addr, "@")
+		}
+		_addr := _addrInfo[0]
+		weight := 1
+		if len(_addrInfo) == 2 {
+			weight, _ = strconv.Atoi(_addrInfo[1])
+		}
+		configs = append(configs, &lb.BackendConfig{
+			Address:       _addr,
+			Weight:        weight,
+			ActiveAfter:   1,
+			InactiveAfter: 2,
+			Timeout:       time.Duration(*s.cfg.LoadBalanceTimeout) * time.Millisecond,
+			RetryTime:     time.Duration(*s.cfg.LoadBalanceRetryTime) * time.Millisecond,
+		})
+	}
+	LB := lb.NewGroup(utils.LBMethod(*s.cfg.LoadBalanceMethod), configs, &s.domainResolver, s.log, *s.cfg.Debug)
+	s.lb = &LB
+	return
+}
+func (s *SPS) getParentAuth(lbAddr string) string {
+	if v, ok := s.parentAuthData.Load(lbAddr); ok {
+		return v.(string)
+	}
+	return *s.cfg.ParentAuth
+}
+func (s *SPS) getParentCipher(lbAddr string) *ss.Cipher {
+	if v, ok := s.parentCipherData.Load(lbAddr); ok {
+		return v.(*ss.Cipher).Copy()
+	}
+	return s.parentCipher.Copy()
+}
+func (s *SPS) IsBasicAuth() bool {
+	return *s.cfg.AuthFile != "" || len(*s.cfg.Auth) > 0 || *s.cfg.AuthURL != ""
+}
+func (s *SPS) buildRequest(address string) (buf []byte, err error) {
+	host, portStr, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	port, err := strconv.Atoi(portStr)
+	if err != nil {
+		err = errors.New("proxy: failed to parse port number: " + portStr)
+		return
+	}
+	if port < 1 || port > 0xffff {
+		err = errors.New("proxy: port number out of range: " + portStr)
+		return
+	}
+	buf = buf[:0]
+	buf = append(buf, 0x05, 0x01, 0 /* reserved */)
+
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			buf = append(buf, 0x01)
+			ip = ip4
+		} else {
+			buf = append(buf, 0x04)
+		}
+		buf = append(buf, ip...)
+	} else {
+		if len(host) > 255 {
+			err = errors.New("proxy: destination host name too long: " + host)
+			return
+		}
+		buf = append(buf, 0x03)
+		buf = append(buf, byte(len(host)))
+		buf = append(buf, host...)
+	}
+	buf = append(buf, byte(port>>8), byte(port))
+	return
+}
+func (s *SPS) Resolve(address string) string {
+	if *s.cfg.DNSAddress == "" {
+		return address
+	}
+	ip, err := s.domainResolver.Resolve(address)
+	if err != nil {
+		s.log.Printf("dns error %s , ERR:%s", address, err)
+		return address
+	}
+	return ip
+}
+func (s *SPS) GetParentConn(address string) (conn net.Conn, err error) {
+	if *s.cfg.ParentType == "tls" {
+		if s.jumper == nil {
+			var _conn tls.Conn
+			if *s.cfg.ParentTLSSingle {
+				_conn, err = utils.SingleTlsConnectHost(address, *s.cfg.Timeout, s.cfg.CaCertBytes)
+			} else {
+				_conn, err = utils.TlsConnectHost(address, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+			}
+			if err == nil {
+				conn = net.Conn(&_conn)
+			}
+		} else {
+			var conf *tls.Config
+			if *s.cfg.ParentTLSSingle {
+				conf, err = utils.SingleTlsConfig(s.cfg.CaCertBytes)
+			} else {
+				conf, err = utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, s.cfg.CaCertBytes)
+			}
+			if err != nil {
+				return nil, err
+			}
+			var _c net.Conn
+			_c, err = s.jumper.Dial(address, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn = net.Conn(tls.Client(_c, conf))
+			}
+		}
+
+	} else if *s.cfg.ParentType == "kcp" {
+		conn, err = utils.ConnectKCPHost(address, s.cfg.KCP)
+	} else {
+		if s.jumper == nil {
+			conn, err = utils.ConnectHost(address, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(address, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		}
+	}
+	if err == nil {
+		if *s.cfg.ParentCompress {
+			conn = utils.NewCompConn(conn)
+		}
+		if *s.cfg.ParentKey != "" {
+			conn = conncrypt.New(conn, &conncrypt.Config{
+				Password: *s.cfg.ParentKey,
+			})
+		}
+	}
+	return
+}
+func (s *SPS) HandshakeSocksParent(parentAuth string, outconn *net.Conn, network, dstAddr string, auth socks.Auth, fromSS bool) (client *socks.ClientConn, err error) {
+	if parentAuth != "" {
+		a := strings.Split(parentAuth, ":")
+		if len(a) != 2 {
+			err = fmt.Errorf("parent auth data format error")
+			return
+		}
+		client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &socks.Auth{User: a[0], Password: a[1]}, nil)
+	} else {
+		if !fromSS && !s.IsBasicAuth() && auth.Password != "" && auth.User != "" {
+			client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), &auth, nil)
+		} else {
+			client = socks.NewClientConn(outconn, network, dstAddr, time.Millisecond*time.Duration(*s.cfg.Timeout), nil, nil)
+		}
+	}
+	err = client.Handshake()
+	return
+}
+func (s *SPS) ParentUDPKey() (key []byte) {
+	switch *s.cfg.ParentType {
+	case "tcp":
+		if *s.cfg.ParentKey != "" {
+			v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.ParentKey)))
+			return []byte(v)[:24]
+		}
+	case "tls":
+		if s.cfg.KeyBytes != nil {
+			return s.cfg.KeyBytes[:24]
+		}
+	case "kcp":
+		v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+		return []byte(v)[:24]
+	}
+	return
+}
+func (s *SPS) LocalUDPKey() (key []byte) {
+	switch *s.cfg.LocalType {
+	case "tcp":
+		if *s.cfg.LocalKey != "" {
+			v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.LocalKey)))
+			return []byte(v)[:24]
+		}
+	case "tls":
+		return s.cfg.KeyBytes[:24]
+	case "kcp":
+		v := fmt.Sprintf("%x", md5.Sum([]byte(*s.cfg.KCP.Key)))
+		return []byte(v)[:24]
+	}
+	return
+}

services/sps/ssudp.go

@@ -0,0 +1,161 @@
+package sps
+
+import (
+	"bytes"
+	"fmt"
+	"net"
+	"runtime/debug"
+	"time"
+
+	"github.com/snail007/goproxy/utils"
+	goaes "github.com/snail007/goproxy/utils/aes"
+	"github.com/snail007/goproxy/utils/socks"
+)
+
+func (s *SPS) RunSSUDP(addr string) (err error) {
+	a, _ := net.ResolveUDPAddr("udp", addr)
+	listener, err := net.ListenUDP("udp", a)
+	if err != nil {
+		s.log.Printf("ss udp bind error %s", err)
+		return
+	}
+	s.log.Printf("ss udp on %s", listener.LocalAddr())
+	s.udpRelatedPacketConns.Set(addr, listener)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				s.log.Printf("udp local->out io copy crashed:\n%s\n%s", e, string(debug.Stack()))
+			}
+		}()
+		buf := utils.LeakyBuffer.Get()
+		defer utils.LeakyBuffer.Put(buf)
+		for {
+			n, srcAddr, err := listener.ReadFrom(buf)
+			if err != nil {
+				s.log.Printf("read from client error %s", err)
+				if utils.IsNetClosedErr(err) {
+					return
+				}
+				continue
+			}
+			var (
+				inconnRemoteAddr = srcAddr.String()
+				outUDPConn       *net.UDPConn
+				outconn          net.Conn
+				outconnLocalAddr string
+				destAddr         *net.UDPAddr
+				clean            = func(msg, err string) {
+					raddr := ""
+					if outUDPConn != nil {
+						raddr = outUDPConn.RemoteAddr().String()
+						outUDPConn.Close()
+					}
+					if msg != "" {
+						if raddr != "" {
+							s.log.Printf("%s , %s , %s -> %s", msg, err, inconnRemoteAddr, raddr)
+						} else {
+							s.log.Printf("%s , %s , from : %s", msg, err, inconnRemoteAddr)
+						}
+					}
+					s.userConns.Remove(inconnRemoteAddr)
+					if outconn != nil {
+						outconn.Close()
+					}
+					if outconnLocalAddr != "" {
+						s.userConns.Remove(outconnLocalAddr)
+					}
+				}
+			)
+			defer clean("", "")
+
+			raw := new(bytes.Buffer)
+			raw.Write([]byte{0x00, 0x00, 0x00})
+			raw.Write(s.localCipher.Decrypt(buf[:n]))
+			socksPacket := socks.NewPacketUDP()
+			err = socksPacket.Parse(raw.Bytes())
+			raw = nil
+			if err != nil {
+				s.log.Printf("udp parse error %s", err)
+				return
+			}
+
+			if v, ok := s.udpRelatedPacketConns.Get(inconnRemoteAddr); !ok {
+				//socks client
+				lbAddr := s.lb.Select(inconnRemoteAddr, *s.cfg.LoadBalanceOnlyHA)
+				outconn, err := s.GetParentConn(lbAddr)
+				if err != nil {
+					clean("connnect fail", fmt.Sprintf("%s", err))
+					return
+				}
+
+				client, err := s.HandshakeSocksParent(s.getParentAuth(lbAddr), &outconn, "udp", socksPacket.Addr(), socks.Auth{}, true)
+				if err != nil {
+					clean("handshake fail", fmt.Sprintf("%s", err))
+					return
+				}
+
+				outconnLocalAddr = outconn.LocalAddr().String()
+				s.userConns.Set(outconnLocalAddr, &outconn)
+				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							s.log.Printf("udp related parent tcp conn read crashed:\n%s\n%s", e, string(debug.Stack()))
+						}
+					}()
+					buf := make([]byte, 1)
+					outconn.SetReadDeadline(time.Time{})
+					if _, err := outconn.Read(buf); err != nil {
+						clean("udp parent tcp conn disconnected", fmt.Sprintf("%s", err))
+					}
+				}()
+				destAddr, _ = net.ResolveUDPAddr("udp", client.UDPAddr)
+				localZeroAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+				outUDPConn, err = net.DialUDP("udp", localZeroAddr, destAddr)
+				if err != nil {
+					s.log.Printf("create out udp conn fail , %s , from : %s", err, srcAddr)
+					return
+				}
+				s.udpRelatedPacketConns.Set(srcAddr.String(), outUDPConn)
+				utils.UDPCopy(listener, outUDPConn, srcAddr, time.Second*5, func(data []byte) []byte {
+					//forward to local
+					var v []byte
+					//convert parent data to raw
+					if len(s.udpParentKey) > 0 {
+						v, err = goaes.Decrypt(s.udpParentKey, data)
+						if err != nil {
+							s.log.Printf("udp outconn parse packet fail, %s", err.Error())
+							return []byte{}
+						}
+					} else {
+						v = data
+					}
+					return s.localCipher.Encrypt(v[3:])
+				}, func(err interface{}) {
+					s.udpRelatedPacketConns.Remove(srcAddr.String())
+					if err != nil {
+						s.log.Printf("udp out->local io copy crashed:\n%s\n%s", err, string(debug.Stack()))
+					}
+				})
+			} else {
+				outUDPConn = v.(*net.UDPConn)
+			}
+			//forward to parent
+			//p is raw, now convert it to parent
+			var v []byte
+			if len(s.udpParentKey) > 0 {
+				v, _ = goaes.Encrypt(s.udpParentKey, socksPacket.Bytes())
+			} else {
+				v = socksPacket.Bytes()
+			}
+			_, err = outUDPConn.Write(v)
+			socksPacket = socks.PacketUDP{}
+			if err != nil {
+				if utils.IsNetClosedErr(err) {
+					return
+				}
+				s.log.Printf("send out udp data fail , %s , from : %s", err, srcAddr)
+			}
+		}
+	}()
+	return
+}

services/tcp.go

@@ -1,219 +0,0 @@
-package services
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	logger "log"
-	"net"
-	"runtime/debug"
-	"time"
-
-	"github.com/snail007/goproxy/utils"
-
-	"strconv"
-)
-
-type TCP struct {
-	outPool   utils.OutConn
-	cfg       TCPArgs
-	sc        *utils.ServerChannel
-	isStop    bool
-	userConns utils.ConcurrentMap
-	log       *logger.Logger
-}
-
-func NewTCP() Service {
-	return &TCP{
-		outPool:   utils.OutConn{},
-		cfg:       TCPArgs{},
-		isStop:    false,
-		userConns: utils.NewConcurrentMap(),
-	}
-}
-func (s *TCP) CheckArgs() (err error) {
-	if *s.cfg.Parent == "" {
-		err = fmt.Errorf("parent required for %s %s", s.cfg.Protocol(), *s.cfg.Local)
-		return
-	}
-	if *s.cfg.ParentType == "" {
-		err = fmt.Errorf("parent type unkown,use -T <tls|tcp|kcp|udp>")
-		return
-	}
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.LocalType == TYPE_TLS {
-		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-func (s *TCP) InitService() (err error) {
-	s.InitOutConnPool()
-	return
-}
-func (s *TCP) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop tcp service crashed,%s", e)
-		} else {
-			s.log.Printf("service tcp stoped")
-		}
-	}()
-	s.isStop = true
-	if s.sc.Listener != nil && *s.sc.Listener != nil {
-		(*s.sc.Listener).Close()
-	}
-	if s.sc.UDPListener != nil {
-		(*s.sc.UDPListener).Close()
-	}
-	for _, c := range s.userConns.Items() {
-		(*c.(*net.Conn)).Close()
-	}
-}
-func (s *TCP) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	s.cfg = args.(TCPArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	if err = s.InitService(); err != nil {
-		return
-	}
-	s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
-	host, port, _ := net.SplitHostPort(*s.cfg.Local)
-	p, _ := strconv.Atoi(port)
-	sc := utils.NewServerChannel(host, p, s.log)
-
-	if *s.cfg.LocalType == TYPE_TCP {
-		err = sc.ListenTCP(s.callback)
-	} else if *s.cfg.LocalType == TYPE_TLS {
-		err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.callback)
-	} else if *s.cfg.LocalType == TYPE_KCP {
-		err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
-	}
-	if err != nil {
-		return
-	}
-	s.log.Printf("%s proxy on %s", s.cfg.Protocol(), (*sc.Listener).Addr())
-	s.sc = &sc
-	return
-}
-
-func (s *TCP) Clean() {
-	s.StopService()
-}
-func (s *TCP) callback(inConn net.Conn) {
-	defer func() {
-		if err := recover(); err != nil {
-			s.log.Printf("%s conn handler crashed with err : %s \nstack: %s", s.cfg.Protocol(), err, string(debug.Stack()))
-		}
-	}()
-	var err error
-	switch *s.cfg.ParentType {
-	case TYPE_KCP:
-		fallthrough
-	case TYPE_TCP:
-		fallthrough
-	case TYPE_TLS:
-		err = s.OutToTCP(&inConn)
-	case TYPE_UDP:
-		err = s.OutToUDP(&inConn)
-	default:
-		err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
-	}
-	if err != nil {
-		s.log.Printf("connect to %s parent %s fail, ERR:%s", *s.cfg.ParentType, *s.cfg.Parent, err)
-		utils.CloseConn(&inConn)
-	}
-}
-func (s *TCP) OutToTCP(inConn *net.Conn) (err error) {
-	var outConn net.Conn
-	outConn, err = s.outPool.Get()
-	if err != nil {
-		s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
-		utils.CloseConn(inConn)
-		return
-	}
-	inAddr := (*inConn).RemoteAddr().String()
-	//inLocalAddr := (*inConn).LocalAddr().String()
-	outAddr := outConn.RemoteAddr().String()
-	//outLocalAddr := outConn.LocalAddr().String()
-	utils.IoBind((*inConn), outConn, func(err interface{}) {
-		s.log.Printf("conn %s - %s released", inAddr, outAddr)
-		s.userConns.Remove(inAddr)
-	}, s.log)
-	s.log.Printf("conn %s - %s connected", inAddr, outAddr)
-	if c, ok := s.userConns.Get(inAddr); ok {
-		(*c.(*net.Conn)).Close()
-	}
-	s.userConns.Set(inAddr, inConn)
-	return
-}
-func (s *TCP) OutToUDP(inConn *net.Conn) (err error) {
-	s.log.Printf("conn created , remote : %s ", (*inConn).RemoteAddr())
-	for {
-		if s.isStop {
-			(*inConn).Close()
-			return
-		}
-		srcAddr, body, err := utils.ReadUDPPacket(bufio.NewReader(*inConn))
-		if err == io.EOF || err == io.ErrUnexpectedEOF {
-			//s.log.Printf("connection %s released", srcAddr)
-			utils.CloseConn(inConn)
-			break
-		}
-		//log.Debugf("udp packet revecived:%s,%v", srcAddr, body)
-		dstAddr, err := net.ResolveUDPAddr("udp", *s.cfg.Parent)
-		if err != nil {
-			s.log.Printf("can't resolve address: %s", err)
-			utils.CloseConn(inConn)
-			break
-		}
-		clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-		conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-		if err != nil {
-			s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-			continue
-		}
-		conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-		_, err = conn.Write(body)
-		if err != nil {
-			s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-			continue
-		}
-		//log.Debugf("send udp packet to %s success", dstAddr.String())
-		buf := make([]byte, 512)
-		len, _, err := conn.ReadFromUDP(buf)
-		if err != nil {
-			s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-			continue
-		}
-		respBody := buf[0:len]
-		//log.Debugf("revecived udp packet from %s , %v", dstAddr.String(), respBody)
-		_, err = (*inConn).Write(utils.UDPPacket(srcAddr, respBody))
-		if err != nil {
-			s.log.Printf("send udp response fail ,ERR:%s", err)
-			utils.CloseConn(inConn)
-			break
-		}
-		//s.log.Printf("send udp response success ,from:%s", dstAddr.String())
-	}
-	return
-
-}
-func (s *TCP) InitOutConnPool() {
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.ParentType == TYPE_TCP || *s.cfg.ParentType == TYPE_KCP {
-		//dur int, isTLS bool, certBytes, keyBytes []byte,
-		//parent string, timeout int, InitialCap int, MaxCap int
-		s.outPool = utils.NewOutConn(
-			*s.cfg.CheckParentInterval,
-			*s.cfg.ParentType,
-			s.cfg.KCP,
-			s.cfg.CertBytes, s.cfg.KeyBytes, nil,
-			*s.cfg.Parent,
-			*s.cfg.Timeout,
-		)
-	}
-}

services/tcp/tcp.go

@@ -0,0 +1,364 @@
+package tcp
+
+import (
+	"crypto/tls"
+	"fmt"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/mapx"
+
+	"strconv"
+)
+
+type TCPArgs struct {
+	Parent              *string
+	CertFile            *string
+	KeyFile             *string
+	CertBytes           []byte
+	KeyBytes            []byte
+	Local               *string
+	ParentType          *string
+	LocalType           *string
+	Timeout             *int
+	CheckParentInterval *int
+	KCP                 kcpcfg.KCPConfigArgs
+	Jumper              *string
+}
+type UDPConnItem struct {
+	conn      *net.Conn
+	isActive  bool
+	touchtime int64
+	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	udpConn   *net.UDPConn
+	connid    string
+}
+type TCP struct {
+	cfg       TCPArgs
+	sc        *server.ServerChannel
+	isStop    bool
+	userConns mapx.ConcurrentMap
+	log       *logger.Logger
+	jumper    *jumper.Jumper
+	udpConns  mapx.ConcurrentMap
+}
+
+func NewTCP() services.Service {
+	return &TCP{
+		cfg:       TCPArgs{},
+		isStop:    false,
+		userConns: mapx.NewConcurrentMap(),
+		udpConns:  mapx.NewConcurrentMap(),
+	}
+}
+func (s *TCP) CheckArgs() (err error) {
+	if len(*s.cfg.Parent) == 0 {
+		err = fmt.Errorf("parent required for %s %s", *s.cfg.LocalType, *s.cfg.Local)
+		return
+	}
+	if *s.cfg.ParentType == "" {
+		err = fmt.Errorf("parent type unkown,use -T <tls|tcp|kcp|udp>")
+		return
+	}
+	if *s.cfg.ParentType == "tls" || *s.cfg.LocalType == "tls" {
+		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+		if err != nil {
+			return
+		}
+	}
+	if *s.cfg.Jumper != "" {
+		if *s.cfg.ParentType != "tls" && *s.cfg.ParentType != "tcp" {
+			err = fmt.Errorf("jumper only worked of -T is tls or tcp")
+			return
+		}
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
+	return
+}
+func (s *TCP) InitService() (err error) {
+	s.UDPGCDeamon()
+	return
+}
+func (s *TCP) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop tcp service crashed,%s", e)
+		} else {
+			s.log.Printf("service tcp stopped")
+		}
+		s.cfg = TCPArgs{}
+		s.jumper = nil
+		s.log = nil
+		s.sc = nil
+		s.userConns = nil
+		s = nil
+	}()
+	s.isStop = true
+	if s.sc.Listener != nil && *s.sc.Listener != nil {
+		(*s.sc.Listener).Close()
+	}
+	if s.sc.UDPListener != nil {
+		(*s.sc.UDPListener).Close()
+	}
+	for _, c := range s.userConns.Items() {
+		(*c.(*net.Conn)).Close()
+	}
+}
+func (s *TCP) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(TCPArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		return
+	}
+	s.log.Printf("use %s parent %v", *s.cfg.ParentType, *s.cfg.Parent)
+	host, port, _ := net.SplitHostPort(*s.cfg.Local)
+	p, _ := strconv.Atoi(port)
+	sc := server.NewServerChannel(host, p, s.log)
+
+	if *s.cfg.LocalType == "tcp" {
+		err = sc.ListenTCP(s.callback)
+	} else if *s.cfg.LocalType == "tls" {
+		err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.callback)
+	} else if *s.cfg.LocalType == "kcp" {
+		err = sc.ListenKCP(s.cfg.KCP, s.callback, s.log)
+	}
+	if err != nil {
+		return
+	}
+	s.log.Printf("%s proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr())
+	s.sc = &sc
+	return
+}
+
+func (s *TCP) Clean() {
+	s.StopService()
+}
+func (s *TCP) callback(inConn net.Conn) {
+	defer func() {
+		if err := recover(); err != nil {
+			s.log.Printf("%s conn handler crashed with err : %s \nstack: %s", *s.cfg.LocalType, err, string(debug.Stack()))
+		}
+	}()
+	var err error
+	lbAddr := ""
+	switch *s.cfg.ParentType {
+	case "kcp", "tcp", "tls":
+		err = s.OutToTCP(&inConn)
+	case "udp":
+		s.OutToUDP(&inConn)
+	default:
+		err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
+	}
+	if err != nil {
+		if !utils.IsNetClosedErr(err) {
+			s.log.Printf("connect to %s parent %s fail, ERR:%s", *s.cfg.ParentType, lbAddr, err)
+		}
+		utils.CloseConn(&inConn)
+	}
+}
+func (s *TCP) OutToTCP(inConn *net.Conn) (err error) {
+
+	var outConn net.Conn
+	outConn, err = s.GetParentConn()
+	if err != nil {
+		s.log.Printf("connect to %s , err:%s", *s.cfg.Parent, err)
+		utils.CloseConn(inConn)
+		return
+	}
+	inAddr := (*inConn).RemoteAddr().String()
+	//inLocalAddr := (*inConn).LocalAddr().String()
+	outAddr := outConn.RemoteAddr().String()
+	//outLocalAddr := outConn.LocalAddr().String()
+	utils.IoBind((*inConn), outConn, func(err interface{}) {
+		s.log.Printf("conn %s - %s released", inAddr, outAddr)
+		s.userConns.Remove(inAddr)
+	}, s.log)
+	s.log.Printf("conn %s - %s connected", inAddr, outAddr)
+	if c, ok := s.userConns.Get(inAddr); ok {
+		(*c.(*net.Conn)).Close()
+	}
+	s.userConns.Set(inAddr, inConn)
+	return
+}
+func (s *TCP) OutToUDP(inConn *net.Conn) (err error) {
+	var item *UDPConnItem
+	var body []byte
+	srcAddr := ""
+	defer func() {
+		if item != nil {
+			(*item.conn).Close()
+			item.udpConn.Close()
+			s.udpConns.Remove(srcAddr)
+			(*inConn).Close()
+		}
+	}()
+	for {
+		if s.isStop {
+			return
+		}
+		var srcAddr string
+		srcAddr, body, err = utils.ReadUDPPacket(*inConn)
+		if err != nil {
+			if strings.Contains(err.Error(), "n != int(") {
+				continue
+			}
+			// if !utils.IsNetDeadlineErr(err) && err != io.EOF && !utils.IsNetClosedErr(err) {
+			// 	s.log.Printf("udp packet revecived from client fail, err: %s", err)
+			// }
+			return
+		}
+		localAddr := *s.cfg.Parent
+		if v, ok := s.udpConns.Get(srcAddr); !ok {
+			_srcAddr, _ := net.ResolveUDPAddr("udp", srcAddr)
+			zeroAddr, _ := net.ResolveUDPAddr("udp", ":")
+			_localAddr, _ := net.ResolveUDPAddr("udp", localAddr)
+			var c *net.UDPConn
+			c, err = net.DialUDP("udp", zeroAddr, _localAddr)
+			if err != nil {
+				s.log.Printf("create local udp conn fail, err : %s", err)
+				(*inConn).Close()
+				return
+			}
+			item = &UDPConnItem{
+				conn:      inConn,
+				srcAddr:   _srcAddr,
+				localAddr: _localAddr,
+				udpConn:   c,
+			}
+			s.udpConns.Set(srcAddr, item)
+			s.UDPRevecive(srcAddr)
+		} else {
+			item = v.(*UDPConnItem)
+		}
+		item.touchtime = time.Now().Unix()
+		go item.udpConn.Write(body)
+	}
+}
+func (s *TCP) UDPRevecive(key string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", key)
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s", key)
+			return
+		}
+		cui := v.(*UDPConnItem)
+		buf := utils.LeakyBuffer.Get()
+		defer func() {
+			utils.LeakyBuffer.Put(buf)
+			(*cui.conn).Close()
+			cui.udpConn.Close()
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", key)
+		}()
+		for {
+			n, err := cui.udpConn.Read(buf)
+			if err != nil {
+				if !utils.IsNetClosedErr(err) {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			cui.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
+				(*cui.conn).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+				_, err = (*cui.conn).Write(utils.UDPPacket(cui.srcAddr.String(), buf[:n]))
+				(*cui.conn).SetWriteDeadline(time.Time{})
+				if err != nil {
+					cui.udpConn.Close()
+					return
+				}
+			}()
+		}
+	}()
+}
+func (s *TCP) UDPGCDeamon() {
+	gctime := int64(30)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
+		for {
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*UDPConnItem).touchtime > gctime {
+					(*(v.(*UDPConnItem).conn)).Close()
+					(v.(*UDPConnItem).udpConn).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", key)
+				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
+			}
+			gcKeys = nil
+		}
+	}()
+}
+func (s *TCP) GetParentConn() (conn net.Conn, err error) {
+	if *s.cfg.ParentType == "tls" {
+		if s.jumper == nil {
+			var _conn tls.Conn
+			_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if err == nil {
+				conn = net.Conn(&_conn)
+			}
+		} else {
+			conf, err := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+			if err != nil {
+				return nil, err
+			}
+			var _c net.Conn
+			_c, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+			if err == nil {
+				conn = net.Conn(tls.Client(_c, conf))
+			}
+		}
+
+	} else if *s.cfg.ParentType == "kcp" {
+		conn, err = utils.ConnectKCPHost(*s.cfg.Parent, s.cfg.KCP)
+	} else {
+		if s.jumper == nil {
+			conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
+		} else {
+			conn, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		}
+	}
+	return
+}

services/tunnel/tunnel_bridge.go

@@ -1,35 +1,56 @@
-package services
+package tunnel
 
 import (
 	"bytes"
 	"fmt"
 	logger "log"
 	"net"
+	"os"
 	"strconv"
+	"strings"
 	"time"
 
+	"github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/services"
 	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/mapx"
 
-	"github.com/xtaci/smux"
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
 )
 
+const (
+	CONN_CLIENT_CONTROL = uint8(1)
+	CONN_SERVER         = uint8(4)
+	CONN_CLIENT         = uint8(5)
+)
+
+type TunnelBridgeArgs struct {
+	Parent    *string
+	CertFile  *string
+	KeyFile   *string
+	CertBytes []byte
+	KeyBytes  []byte
+	Local     *string
+	Timeout   *int
+}
 type ServerConn struct {
 	//ClientLocalAddr string //tcp:2.2.22:333@ID
 	Conn *net.Conn
 }
 type TunnelBridge struct {
 	cfg                TunnelBridgeArgs
-	serverConns        utils.ConcurrentMap
-	clientControlConns utils.ConcurrentMap
+	serverConns        mapx.ConcurrentMap
+	clientControlConns mapx.ConcurrentMap
 	isStop             bool
 	log                *logger.Logger
 }
 
-func NewTunnelBridge() Service {
+func NewTunnelBridge() services.Service {
 	return &TunnelBridge{
 		cfg:                TunnelBridgeArgs{},
-		serverConns:        utils.NewConcurrentMap(),
-		clientControlConns: utils.NewConcurrentMap(),
+		serverConns:        mapx.NewConcurrentMap(),
+		clientControlConns: mapx.NewConcurrentMap(),
 		isStop:             false,
 	}
 }
@@ -51,8 +72,13 @@ func (s *TunnelBridge) StopService() {
 		if e != nil {
 			s.log.Printf("stop tbridge service crashed,%s", e)
 		} else {
-			s.log.Printf("service tbridge stoped")
+			s.log.Printf("service tbridge stopped")
 		}
+		s.cfg = TunnelBridgeArgs{}
+		s.clientControlConns = nil
+		s.log = nil
+		s.serverConns = nil
+		s = nil
 	}()
 	s.isStop = true
 	for _, sess := range s.clientControlConns.Items() {
@@ -73,9 +99,9 @@ func (s *TunnelBridge) Start(args interface{}, log *logger.Logger) (err error) {
 	}
 	host, port, _ := net.SplitHostPort(*s.cfg.Local)
 	p, _ := strconv.Atoi(port)
-	sc := utils.NewServerChannel(host, p, s.log)
+	sc := server.NewServerChannel(host, p, s.log)
 
-	err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.callback)
+	err = sc.ListenTLS(s.cfg.CertBytes, s.cfg.KeyBytes, nil, s.callback)
 	if err != nil {
 		return
 	}
@@ -89,10 +115,12 @@ func (s *TunnelBridge) callback(inConn net.Conn) {
 	var err error
 	//s.log.Printf("connection from %s ", inConn.RemoteAddr())
 	sess, err := smux.Server(inConn, &smux.Config{
-		KeepAliveInterval: 10 * time.Second,
-		KeepAliveTimeout:  time.Duration(*s.cfg.Timeout) * time.Second,
-		MaxFrameSize:      4096,
-		MaxReceiveBuffer:  4194304,
+		AcceptBacklog:          256,
+		EnableKeepAlive:        true,
+		KeepAliveInterval:      9 * time.Second,
+		ConnectionWriteTimeout: 3 * time.Second,
+		MaxStreamWindowSize:    512 * 1024,
+		LogOutput:              os.Stderr,
 	})
 	if err != nil {
 		s.log.Printf("new mux server conn error,ERR:%s", err)
@@ -103,10 +131,24 @@ func (s *TunnelBridge) callback(inConn net.Conn) {
 		s.log.Printf("mux server conn accept error,ERR:%s", err)
 		return
 	}
-
+	go func() {
+		defer func() {
+			_ = recover()
+		}()
+		timer := time.NewTicker(time.Second * 3)
+		for {
+			<-timer.C
+			if sess.NumStreams() == 0 {
+				sess.Close()
+				timer.Stop()
+				return
+			}
+		}
+	}()
 	var buf = make([]byte, 1024)
 	n, _ := inConn.Read(buf)
 	reader := bytes.NewReader(buf[:n])
+
 	//reader := bufio.NewReader(inConn)
 
 	var connType uint8
@@ -143,7 +185,7 @@ func (s *TunnelBridge) callback(inConn net.Conn) {
 			(*item.(*net.Conn)).SetWriteDeadline(time.Now().Add(time.Second * 3))
 			_, err := (*item.(*net.Conn)).Write(packet)
 			(*item.(*net.Conn)).SetWriteDeadline(time.Time{})
-			if err != nil {
+			if err != nil && strings.Contains(err.Error(), "stream closed") {
 				s.log.Printf("%s client control conn write signal fail, err: %s, retrying...", key, err)
 				time.Sleep(time.Second * 3)
 				continue

services/tunnel/tunnel_client.go

@@ -0,0 +1,463 @@
+package tunnel
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io"
+	logger "log"
+	"net"
+	"os"
+	"runtime/debug"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/mapx"
+
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
+)
+
+type TunnelClientArgs struct {
+	Parent    *string
+	CertFile  *string
+	KeyFile   *string
+	CertBytes []byte
+	KeyBytes  []byte
+	Key       *string
+	Timeout   *int
+	Jumper    *string
+}
+type ClientUDPConnItem struct {
+	conn      *net.Conn
+	isActive  bool
+	touchtime int64
+	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	udpConn   *net.UDPConn
+	connid    string
+}
+type TunnelClient struct {
+	cfg       TunnelClientArgs
+	ctrlConn  *net.Conn
+	isStop    bool
+	userConns mapx.ConcurrentMap
+	log       *logger.Logger
+	jumper    *jumper.Jumper
+	udpConns  mapx.ConcurrentMap
+}
+
+func NewTunnelClient() services.Service {
+	return &TunnelClient{
+		cfg:       TunnelClientArgs{},
+		userConns: mapx.NewConcurrentMap(),
+		isStop:    false,
+		udpConns:  mapx.NewConcurrentMap(),
+	}
+}
+
+func (s *TunnelClient) InitService() (err error) {
+	s.UDPGCDeamon()
+	return
+}
+
+func (s *TunnelClient) CheckArgs() (err error) {
+	if *s.cfg.Parent != "" {
+		s.log.Printf("use tls parent %s", *s.cfg.Parent)
+	} else {
+		err = fmt.Errorf("parent required")
+		return
+	}
+	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
+		err = fmt.Errorf("cert and key file required")
+		return
+	}
+	s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+	if err != nil {
+		return
+	}
+	if *s.cfg.Jumper != "" {
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
+	return
+}
+func (s *TunnelClient) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop tclient service crashed,%s", e)
+		} else {
+			s.log.Printf("service tclient stopped")
+		}
+		s.cfg = TunnelClientArgs{}
+		s.ctrlConn = nil
+		s.jumper = nil
+		s.log = nil
+		s.udpConns = nil
+		s.userConns = nil
+		s = nil
+	}()
+	s.isStop = true
+	if s.ctrlConn != nil {
+		(*s.ctrlConn).Close()
+	}
+	for _, c := range s.userConns.Items() {
+		(*c.(*net.Conn)).Close()
+	}
+}
+func (s *TunnelClient) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(TunnelClientArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	if err = s.InitService(); err != nil {
+		return
+	}
+	s.log.Printf("proxy on tunnel client mode")
+
+	for {
+		if s.isStop {
+			return
+		}
+		if s.ctrlConn != nil {
+			(*s.ctrlConn).Close()
+		}
+		var c net.Conn
+		c, err = s.GetInConn(CONN_CLIENT_CONTROL, *s.cfg.Key)
+		if err != nil {
+			s.log.Printf("control connection err: %s, retrying...", err)
+			time.Sleep(time.Second * 3)
+			continue
+		}
+		s.ctrlConn = &c
+		for {
+			if s.isStop {
+				return
+			}
+			var ID, clientLocalAddr, serverID string
+			err = utils.ReadPacketData(*s.ctrlConn, &ID, &clientLocalAddr, &serverID)
+			if err != nil {
+				if s.ctrlConn != nil {
+					(*s.ctrlConn).Close()
+				}
+				s.log.Printf("read connection signal err: %s, retrying...", err)
+				break
+			}
+			//s.log.Printf("signal revecived:%s %s %s", serverID, ID, clientLocalAddr)
+			protocol := clientLocalAddr[:3]
+			localAddr := clientLocalAddr[4:]
+			if protocol == "udp" {
+				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+						}
+					}()
+					s.ServeUDP(localAddr, ID, serverID)
+				}()
+			} else {
+				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+						}
+					}()
+					s.ServeConn(localAddr, ID, serverID)
+				}()
+			}
+		}
+	}
+}
+func (s *TunnelClient) Clean() {
+	s.StopService()
+}
+func (s *TunnelClient) GetInConn(typ uint8, data ...string) (outConn net.Conn, err error) {
+	outConn, err = s.GetConn()
+	if err != nil {
+		err = fmt.Errorf("connection err: %s", err)
+		return
+	}
+	_, err = outConn.Write(utils.BuildPacket(typ, data...))
+	if err != nil {
+		err = fmt.Errorf("write connection data err: %s ,retrying...", err)
+		utils.CloseConn(&outConn)
+		return
+	}
+	return
+}
+func (s *TunnelClient) GetConn() (conn net.Conn, err error) {
+	if s.jumper == nil {
+		var _conn tls.Conn
+		_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+		if err == nil {
+			conn = net.Conn(&_conn)
+		}
+	} else {
+		conf, err := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+		if err != nil {
+			return nil, err
+		}
+		var _c net.Conn
+		_c, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err == nil {
+			conn = net.Conn(tls.Client(_c, conf))
+		}
+	}
+	if err == nil {
+		sess, e := smux.Client(conn, &smux.Config{
+			AcceptBacklog:          256,
+			EnableKeepAlive:        true,
+			KeepAliveInterval:      9 * time.Second,
+			ConnectionWriteTimeout: 3 * time.Second,
+			MaxStreamWindowSize:    512 * 1024,
+			LogOutput:              os.Stderr,
+		})
+		if e != nil {
+			s.log.Printf("new mux client conn error,ERR:%s", e)
+			err = e
+			return
+		}
+		conn, e = sess.OpenStream()
+		if e != nil {
+			s.log.Printf("mux client conn open stream error,ERR:%s", e)
+			err = e
+			return
+		}
+		go func() {
+			defer func() {
+				_ = recover()
+			}()
+			timer := time.NewTicker(time.Second * 3)
+			for {
+				<-timer.C
+				if sess.NumStreams() == 0 {
+					sess.Close()
+					timer.Stop()
+					return
+				}
+			}
+		}()
+	}
+	return
+}
+func (s *TunnelClient) ServeUDP(localAddr, ID, serverID string) {
+	var inConn net.Conn
+	var err error
+	// for {
+	for {
+		if s.isStop {
+			if inConn != nil {
+				inConn.Close()
+			}
+			return
+		}
+		// s.cm.RemoveOne(*s.cfg.Key, ID)
+		inConn, err = s.GetInConn(CONN_CLIENT, *s.cfg.Key, ID, serverID)
+		if err != nil {
+			utils.CloseConn(&inConn)
+			s.log.Printf("connection err: %s, retrying...", err)
+			time.Sleep(time.Second * 3)
+			continue
+		} else {
+			break
+		}
+	}
+	// s.cm.Add(*s.cfg.Key, ID, &inConn)
+	s.log.Printf("conn %s created", ID)
+	var item *ClientUDPConnItem
+	var body []byte
+	srcAddr := ""
+	defer func() {
+		if item != nil {
+			(*(*item).conn).Close()
+			(*item).udpConn.Close()
+			s.udpConns.Remove(srcAddr)
+			inConn.Close()
+		}
+	}()
+	for {
+		if s.isStop {
+			return
+		}
+		srcAddr, body, err = utils.ReadUDPPacket(inConn)
+		if err != nil {
+			if strings.Contains(err.Error(), "n != int(") {
+				continue
+			}
+			if !utils.IsNetDeadlineErr(err) && err != io.EOF {
+				s.log.Printf("udp packet revecived from bridge fail, err: %s", err)
+			}
+			return
+		}
+		if v, ok := s.udpConns.Get(srcAddr); !ok {
+			_srcAddr, _ := net.ResolveUDPAddr("udp", srcAddr)
+			zeroAddr, _ := net.ResolveUDPAddr("udp", ":")
+			_localAddr, _ := net.ResolveUDPAddr("udp", localAddr)
+			c, err := net.DialUDP("udp", zeroAddr, _localAddr)
+			if err != nil {
+				s.log.Printf("create local udp conn fail, err : %s", err)
+				inConn.Close()
+				return
+			}
+			item = &ClientUDPConnItem{
+				conn:      &inConn,
+				srcAddr:   _srcAddr,
+				localAddr: _localAddr,
+				udpConn:   c,
+				connid:    ID,
+			}
+			s.udpConns.Set(srcAddr, item)
+			s.UDPRevecive(srcAddr, ID)
+		} else {
+			item = v.(*ClientUDPConnItem)
+		}
+		(*item).touchtime = time.Now().Unix()
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+				}
+			}()
+			(*item).udpConn.Write(body)
+		}()
+	}
+}
+func (s *TunnelClient) UDPRevecive(key, ID string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", ID)
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s, connid : %s", key, ID)
+			return
+		}
+		cui := v.(*ClientUDPConnItem)
+		buf := utils.LeakyBuffer.Get()
+		defer func() {
+			utils.LeakyBuffer.Put(buf)
+			(*cui.conn).Close()
+			cui.udpConn.Close()
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", ID)
+		}()
+		for {
+			n, err := cui.udpConn.Read(buf)
+			if err != nil {
+				if !utils.IsNetClosedErr(err) {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			cui.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+					}
+				}()
+				(*cui.conn).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+				_, err = (*cui.conn).Write(utils.UDPPacket(cui.srcAddr.String(), buf[:n]))
+				(*cui.conn).SetWriteDeadline(time.Time{})
+				if err != nil {
+					cui.udpConn.Close()
+					return
+				}
+			}()
+		}
+	}()
+}
+func (s *TunnelClient) UDPGCDeamon() {
+	gctime := int64(30)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
+		for {
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*ClientUDPConnItem).touchtime > gctime {
+					(*(v.(*ClientUDPConnItem).conn)).Close()
+					(v.(*ClientUDPConnItem).udpConn).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", v.(*ClientUDPConnItem).connid)
+				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
+			}
+			gcKeys = nil
+		}
+	}()
+}
+func (s *TunnelClient) ServeConn(localAddr, ID, serverID string) {
+	var inConn, outConn net.Conn
+	var err error
+	for {
+		if s.isStop {
+			return
+		}
+		inConn, err = s.GetInConn(CONN_CLIENT, *s.cfg.Key, ID, serverID)
+		if err != nil {
+			utils.CloseConn(&inConn)
+			s.log.Printf("connection err: %s, retrying...", err)
+			time.Sleep(time.Second * 3)
+			continue
+		} else {
+			break
+		}
+	}
+
+	i := 0
+	for {
+		if s.isStop {
+			return
+		}
+		i++
+		outConn, err = utils.ConnectHost(localAddr, *s.cfg.Timeout)
+		if err == nil || i == 3 {
+			break
+		} else {
+			if i == 3 {
+				s.log.Printf("connect to %s err: %s, retrying...", localAddr, err)
+				time.Sleep(2 * time.Second)
+				continue
+			}
+		}
+	}
+	if err != nil {
+		utils.CloseConn(&inConn)
+		utils.CloseConn(&outConn)
+		s.log.Printf("build connection error, err: %s", err)
+		return
+	}
+	inAddr := inConn.RemoteAddr().String()
+	utils.IoBind(inConn, outConn, func(err interface{}) {
+		s.log.Printf("conn %s released", ID)
+		s.userConns.Remove(inAddr)
+	}, s.log)
+	if c, ok := s.userConns.Get(inAddr); ok {
+		(*c.(*net.Conn)).Close()
+	}
+	s.userConns.Set(inAddr, &inConn)
+	s.log.Printf("conn %s created", ID)
+}

services/tunnel/tunnel_server.go

@@ -1,4 +1,4 @@
-package services
+package tunnel
 
 import (
 	"crypto/tls"
@@ -6,40 +6,60 @@ import (
 	"io"
 	logger "log"
 	"net"
+	"os"
 	"runtime/debug"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/services"
 	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/jumper"
+	"github.com/snail007/goproxy/utils/mapx"
 
-	"github.com/xtaci/smux"
+	//"github.com/xtaci/smux"
+	smux "github.com/hashicorp/yamux"
 )
 
+type TunnelServerArgs struct {
+	Parent    *string
+	CertFile  *string
+	KeyFile   *string
+	CertBytes []byte
+	KeyBytes  []byte
+	Local     *string
+	IsUDP     *bool
+	Key       *string
+	Remote    *string
+	Timeout   *int
+	Route     *[]string
+	Mgr       *TunnelServerManager
+	Jumper    *string
+}
 type TunnelServer struct {
 	cfg       TunnelServerArgs
-	udpChn    chan UDPItem
-	sc        utils.ServerChannel
+	sc        server.ServerChannel
 	isStop    bool
 	udpConn   *net.Conn
-	userConns utils.ConcurrentMap
+	userConns mapx.ConcurrentMap
 	log       *logger.Logger
+	jumper    *jumper.Jumper
+	udpConns  mapx.ConcurrentMap
 }
 
 type TunnelServerManager struct {
 	cfg      TunnelServerArgs
-	udpChn   chan UDPItem
 	serverID string
-	servers  []*Service
+	servers  []*services.Service
 	log      *logger.Logger
 }
 
-func NewTunnelServerManager() Service {
+func NewTunnelServerManager() services.Service {
 	return &TunnelServerManager{
 		cfg:      TunnelServerArgs{},
-		udpChn:   make(chan UDPItem, 50000),
 		serverID: utils.Uniqueid(),
-		servers:  []*Service{},
+		servers:  []*services.Service{},
 	}
 }
 func (s *TunnelServerManager) Start(args interface{}, log *logger.Logger) (err error) {
@@ -92,6 +112,7 @@ func (s *TunnelServerManager) Start(args interface{}, log *logger.Logger) (err e
 			Key:       &KEY,
 			Timeout:   s.cfg.Timeout,
 			Mgr:       s,
+			Jumper:    s.cfg.Jumper,
 		}, log)
 
 		if err != nil {
@@ -108,6 +129,11 @@ func (s *TunnelServerManager) StopService() {
 	for _, server := range s.servers {
 		(*server).Clean()
 	}
+	s.cfg = TunnelServerArgs{}
+	s.log = nil
+	s.serverID = ""
+	s.servers = nil
+	s = nil
 }
 func (s *TunnelServerManager) CheckArgs() (err error) {
 	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
@@ -121,43 +147,28 @@ func (s *TunnelServerManager) InitService() (err error) {
 	return
 }
 
-func (s *TunnelServerManager) GetOutConn(typ uint8) (outConn net.Conn, ID string, err error) {
-	outConn, err = s.GetConn()
-	if err != nil {
-		s.log.Printf("connection err: %s", err)
-		return
-	}
-	ID = s.serverID
-	_, err = outConn.Write(utils.BuildPacket(typ, s.serverID))
-	if err != nil {
-		s.log.Printf("write connection data err: %s ,retrying...", err)
-		utils.CloseConn(&outConn)
-		return
-	}
-	return
-}
-func (s *TunnelServerManager) GetConn() (conn net.Conn, err error) {
-	var _conn tls.Conn
-	_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
-	if err == nil {
-		conn = net.Conn(&_conn)
-	}
-	return
-}
-func NewTunnelServer() Service {
+func NewTunnelServer() services.Service {
 	return &TunnelServer{
 		cfg:       TunnelServerArgs{},
-		udpChn:    make(chan UDPItem, 50000),
 		isStop:    false,
-		userConns: utils.NewConcurrentMap(),
+		userConns: mapx.NewConcurrentMap(),
+		udpConns:  mapx.NewConcurrentMap(),
 	}
 }
 
-type UDPItem struct {
+type TunnelUDPPacketItem struct {
 	packet    *[]byte
 	localAddr *net.UDPAddr
 	srcAddr   *net.UDPAddr
 }
+type TunnelUDPConnItem struct {
+	conn      *net.Conn
+	isActive  bool
+	touchtime int64
+	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	connid    string
+}
 
 func (s *TunnelServer) StopService() {
 	defer func() {
@@ -165,8 +176,16 @@ func (s *TunnelServer) StopService() {
 		if e != nil {
 			s.log.Printf("stop server service crashed,%s", e)
 		} else {
-			s.log.Printf("service server stoped")
+			s.log.Printf("service server stopped")
 		}
+		s.cfg = TunnelServerArgs{}
+		s.jumper = nil
+		s.log = nil
+		s.sc = server.ServerChannel{}
+		s.udpConn = nil
+		s.udpConns = nil
+		s.userConns = nil
+		s = nil
 	}()
 	s.isStop = true
 
@@ -184,7 +203,7 @@ func (s *TunnelServer) StopService() {
 	}
 }
 func (s *TunnelServer) InitService() (err error) {
-	s.UDPConnDeamon()
+	s.UDPGCDeamon()
 	return
 }
 func (s *TunnelServer) CheckArgs() (err error) {
@@ -192,6 +211,15 @@ func (s *TunnelServer) CheckArgs() (err error) {
 		err = fmt.Errorf("remote required")
 		return
 	}
+	if *s.cfg.Jumper != "" {
+		var j jumper.Jumper
+		j, err = jumper.New(*s.cfg.Jumper, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err != nil {
+			err = fmt.Errorf("parse jumper fail, err %s", err)
+			return
+		}
+		s.jumper = &j
+	}
 	return
 }
 
@@ -206,14 +234,10 @@ func (s *TunnelServer) Start(args interface{}, log *logger.Logger) (err error) {
 	}
 	host, port, _ := net.SplitHostPort(*s.cfg.Local)
 	p, _ := strconv.Atoi(port)
-	s.sc = utils.NewServerChannel(host, p, s.log)
+	s.sc = server.NewServerChannel(host, p, s.log)
 	if *s.cfg.IsUDP {
-		err = s.sc.ListenUDP(func(packet []byte, localAddr, srcAddr *net.UDPAddr) {
-			s.udpChn <- UDPItem{
-				packet:    &packet,
-				localAddr: localAddr,
-				srcAddr:   srcAddr,
-			}
+		err = s.sc.ListenUDP(func(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
+			s.UDPSend(packet, localAddr, srcAddr)
 		})
 		if err != nil {
 			return
@@ -283,113 +307,177 @@ func (s *TunnelServer) GetOutConn(typ uint8) (outConn net.Conn, ID string, err e
 	return
 }
 func (s *TunnelServer) GetConn() (conn net.Conn, err error) {
-	var _conn tls.Conn
-	_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+	var dconn net.Conn
+	if s.jumper == nil {
+		var _conn tls.Conn
+		_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+		if err == nil {
+			dconn = net.Conn(&_conn)
+		}
+	} else {
+		conf, err := utils.TlsConfig(s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+		if err != nil {
+			return nil, err
+		}
+		var _c net.Conn
+		_c, err = s.jumper.Dial(*s.cfg.Parent, time.Millisecond*time.Duration(*s.cfg.Timeout))
+		if err == nil {
+			dconn = net.Conn(tls.Client(_c, conf))
+		}
+	}
 	if err == nil {
-		conn = net.Conn(&_conn)
-		c, e := smux.Client(conn, &smux.Config{
-			KeepAliveInterval: 10 * time.Second,
-			KeepAliveTimeout:  time.Duration(*s.cfg.Timeout) * time.Second,
-			MaxFrameSize:      4096,
-			MaxReceiveBuffer:  4194304,
+		sess, e := smux.Client(dconn, &smux.Config{
+			AcceptBacklog:          256,
+			EnableKeepAlive:        true,
+			KeepAliveInterval:      9 * time.Second,
+			ConnectionWriteTimeout: 3 * time.Second,
+			MaxStreamWindowSize:    512 * 1024,
+			LogOutput:              os.Stderr,
 		})
 		if e != nil {
 			s.log.Printf("new mux client conn error,ERR:%s", e)
 			err = e
+			dconn.Close()
 			return
 		}
-		conn, e = c.OpenStream()
+		conn, e = sess.OpenStream()
 		if e != nil {
 			s.log.Printf("mux client conn open stream error,ERR:%s", e)
 			err = e
+			dconn.Close()
 			return
 		}
+		go func() {
+			defer func() {
+				_ = recover()
+			}()
+			timer := time.NewTicker(time.Second * 3)
+			for {
+				<-timer.C
+				if sess.NumStreams() == 0 {
+					sess.Close()
+					timer.Stop()
+					return
+				}
+			}
+		}()
 	}
 	return
 }
-func (s *TunnelServer) UDPConnDeamon() {
+func (s *TunnelServer) UDPGCDeamon() {
+	gctime := int64(30)
 	go func() {
 		defer func() {
-			if err := recover(); err != nil {
-				s.log.Printf("udp conn deamon crashed with err : %s \nstack: %s", err, string(debug.Stack()))
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
 			}
 		}()
-		var outConn net.Conn
-		// var hb utils.HeartbeatReadWriter
-		var ID string
-		// var cmdChn = make(chan bool, 1000)
-		var err error
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
 		for {
-			if s.isStop {
-				return
-			}
-			item := <-s.udpChn
-		RETRY:
-			if s.isStop {
-				return
-			}
-			if outConn == nil {
-				for {
-					if s.isStop {
-						return
-					}
-					outConn, ID, err = s.GetOutConn(CONN_SERVER)
-					if err != nil {
-						// cmdChn <- true
-						outConn = nil
-						utils.CloseConn(&outConn)
-						s.log.Printf("connect to %s fail, err: %s, retrying...", *s.cfg.Parent, err)
-						time.Sleep(time.Second * 3)
-						continue
-					} else {
-						go func(outConn net.Conn, ID string) {
-							if s.udpConn != nil {
-								(*s.udpConn).Close()
-							}
-							s.udpConn = &outConn
-							for {
-								if s.isStop {
-									return
-								}
-								srcAddrFromConn, body, err := utils.ReadUDPPacket(outConn)
-								if err == io.EOF || err == io.ErrUnexpectedEOF {
-									s.log.Printf("UDP deamon connection %s exited", ID)
-									break
-								}
-								if err != nil {
-									s.log.Printf("parse revecived udp packet fail, err: %s ,%v", err, body)
-									continue
-								}
-								//s.log.Printf("udp packet revecived over parent , local:%s", srcAddrFromConn)
-								_srcAddr := strings.Split(srcAddrFromConn, ":")
-								if len(_srcAddr) != 2 {
-									s.log.Printf("parse revecived udp packet fail, addr error : %s", srcAddrFromConn)
-									continue
-								}
-								port, _ := strconv.Atoi(_srcAddr[1])
-								dstAddr := &net.UDPAddr{IP: net.ParseIP(_srcAddr[0]), Port: port}
-								_, err = s.sc.UDPListener.WriteToUDP(body, dstAddr)
-								if err != nil {
-									s.log.Printf("udp response to local %s fail,ERR:%s", srcAddrFromConn, err)
-									continue
-								}
-								//s.log.Printf("udp response to local %s success , %v", srcAddrFromConn, body)
-							}
-						}(outConn, ID)
-						break
-					}
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*TunnelUDPConnItem).touchtime > gctime {
+					(*(v.(*TunnelUDPConnItem).conn)).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", v.(*TunnelUDPConnItem).connid)
 				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
 			}
-			outConn.SetWriteDeadline(time.Now().Add(time.Second))
-			_, err = outConn.Write(utils.UDPPacket(item.srcAddr.String(), *item.packet))
-			outConn.SetWriteDeadline(time.Time{})
-			if err != nil {
-				utils.CloseConn(&outConn)
-				outConn = nil
-				s.log.Printf("write udp packet to %s fail ,flush err:%s ,retrying...", *s.cfg.Parent, err)
-				goto RETRY
-			}
-			//s.log.Printf("write packet %v", *item.packet)
+			gcKeys = nil
+		}
+	}()
+}
+func (s *TunnelServer) UDPSend(data []byte, localAddr, srcAddr *net.UDPAddr) {
+	var (
+		uc      *TunnelUDPConnItem
+		key     = srcAddr.String()
+		ID      string
+		err     error
+		outconn net.Conn
+	)
+	v, ok := s.udpConns.Get(key)
+	if !ok {
+		outconn, ID, err = s.GetOutConn(CONN_SERVER)
+		if err != nil {
+			s.log.Printf("connect to %s fail, err: %s", *s.cfg.Parent, err)
+			return
+		}
+		uc = &TunnelUDPConnItem{
+			conn:      &outconn,
+			srcAddr:   srcAddr,
+			localAddr: localAddr,
+			connid:    ID,
+		}
+		s.udpConns.Set(key, uc)
+		s.UDPRevecive(key, ID)
+	} else {
+		uc = v.(*TunnelUDPConnItem)
+	}
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				(*uc.conn).Close()
+				s.udpConns.Remove(key)
+				s.log.Printf("udp sender crashed with error : %s", e)
+			}
+		}()
+		uc.touchtime = time.Now().Unix()
+		(*uc.conn).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		_, err = (*uc.conn).Write(utils.UDPPacket(srcAddr.String(), data))
+		(*uc.conn).SetWriteDeadline(time.Time{})
+		if err != nil {
+			s.log.Printf("write udp packet to %s fail ,flush err:%s ", *s.cfg.Parent, err)
+		}
+	}()
+}
+func (s *TunnelServer) UDPRevecive(key, ID string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", ID)
+		var uc *TunnelUDPConnItem
+		defer func() {
+			if uc != nil {
+				(*uc.conn).Close()
+			}
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", ID)
+		}()
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s, connid : %s", key, ID)
+			return
+		}
+		uc = v.(*TunnelUDPConnItem)
+		for {
+			_, body, err := utils.ReadUDPPacket(*uc.conn)
+			if err != nil {
+				if strings.Contains(err.Error(), "n != int(") {
+					continue
+				}
+				if err != io.EOF {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			uc.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+					}
+				}()
+				s.sc.UDPListener.WriteToUDP(body, uc.srcAddr)
+			}()
 		}
 	}()
 }

services/tunnel_client.go

@@ -1,293 +0,0 @@
-package services
-
-import (
-	"crypto/tls"
-	"fmt"
-	"io"
-	logger "log"
-	"net"
-	"time"
-
-	"github.com/snail007/goproxy/utils"
-
-	"github.com/xtaci/smux"
-)
-
-type TunnelClient struct {
-	cfg       TunnelClientArgs
-	ctrlConn  net.Conn
-	isStop    bool
-	userConns utils.ConcurrentMap
-	log       *logger.Logger
-}
-
-func NewTunnelClient() Service {
-	return &TunnelClient{
-		cfg:       TunnelClientArgs{},
-		userConns: utils.NewConcurrentMap(),
-		isStop:    false,
-	}
-}
-
-func (s *TunnelClient) InitService() (err error) {
-	return
-}
-
-func (s *TunnelClient) CheckArgs() (err error) {
-	if *s.cfg.Parent != "" {
-		s.log.Printf("use tls parent %s", *s.cfg.Parent)
-	} else {
-		err = fmt.Errorf("parent required")
-		return
-	}
-	if *s.cfg.CertFile == "" || *s.cfg.KeyFile == "" {
-		err = fmt.Errorf("cert and key file required")
-		return
-	}
-	s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-	return
-}
-func (s *TunnelClient) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop tclient service crashed,%s", e)
-		} else {
-			s.log.Printf("service tclient stoped")
-		}
-	}()
-	s.isStop = true
-	if s.ctrlConn != nil {
-		s.ctrlConn.Close()
-	}
-	for _, c := range s.userConns.Items() {
-		(*c.(*net.Conn)).Close()
-	}
-}
-func (s *TunnelClient) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	s.cfg = args.(TunnelClientArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	if err = s.InitService(); err != nil {
-		return
-	}
-	s.log.Printf("proxy on tunnel client mode")
-
-	for {
-		if s.isStop {
-			return
-		}
-		if s.ctrlConn != nil {
-			s.ctrlConn.Close()
-		}
-
-		s.ctrlConn, err = s.GetInConn(CONN_CLIENT_CONTROL, *s.cfg.Key)
-		if err != nil {
-			s.log.Printf("control connection err: %s, retrying...", err)
-			time.Sleep(time.Second * 3)
-			if s.ctrlConn != nil {
-				s.ctrlConn.Close()
-			}
-			continue
-		}
-		for {
-			if s.isStop {
-				return
-			}
-			var ID, clientLocalAddr, serverID string
-			err = utils.ReadPacketData(s.ctrlConn, &ID, &clientLocalAddr, &serverID)
-			if err != nil {
-				if s.ctrlConn != nil {
-					s.ctrlConn.Close()
-				}
-				s.log.Printf("read connection signal err: %s, retrying...", err)
-				break
-			}
-			s.log.Printf("signal revecived:%s %s %s", serverID, ID, clientLocalAddr)
-			protocol := clientLocalAddr[:3]
-			localAddr := clientLocalAddr[4:]
-			if protocol == "udp" {
-				go s.ServeUDP(localAddr, ID, serverID)
-			} else {
-				go s.ServeConn(localAddr, ID, serverID)
-			}
-		}
-	}
-}
-func (s *TunnelClient) Clean() {
-	s.StopService()
-}
-func (s *TunnelClient) GetInConn(typ uint8, data ...string) (outConn net.Conn, err error) {
-	outConn, err = s.GetConn()
-	if err != nil {
-		err = fmt.Errorf("connection err: %s", err)
-		return
-	}
-	_, err = outConn.Write(utils.BuildPacket(typ, data...))
-	if err != nil {
-		err = fmt.Errorf("write connection data err: %s ,retrying...", err)
-		utils.CloseConn(&outConn)
-		return
-	}
-	return
-}
-func (s *TunnelClient) GetConn() (conn net.Conn, err error) {
-	var _conn tls.Conn
-	_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
-	if err == nil {
-		conn = net.Conn(&_conn)
-		c, e := smux.Client(conn, &smux.Config{
-			KeepAliveInterval: 10 * time.Second,
-			KeepAliveTimeout:  time.Duration(*s.cfg.Timeout) * time.Second,
-			MaxFrameSize:      4096,
-			MaxReceiveBuffer:  4194304,
-		})
-		if e != nil {
-			s.log.Printf("new mux client conn error,ERR:%s", e)
-			err = e
-			return
-		}
-		conn, e = c.OpenStream()
-		if e != nil {
-			s.log.Printf("mux client conn open stream error,ERR:%s", e)
-			err = e
-			return
-		}
-	}
-	return
-}
-func (s *TunnelClient) ServeUDP(localAddr, ID, serverID string) {
-	var inConn net.Conn
-	var err error
-	// for {
-	for {
-		if s.isStop {
-			if inConn != nil {
-				inConn.Close()
-			}
-			return
-		}
-		// s.cm.RemoveOne(*s.cfg.Key, ID)
-		inConn, err = s.GetInConn(CONN_CLIENT, *s.cfg.Key, ID, serverID)
-		if err != nil {
-			utils.CloseConn(&inConn)
-			s.log.Printf("connection err: %s, retrying...", err)
-			time.Sleep(time.Second * 3)
-			continue
-		} else {
-			break
-		}
-	}
-	// s.cm.Add(*s.cfg.Key, ID, &inConn)
-	s.log.Printf("conn %s created", ID)
-
-	for {
-		if s.isStop {
-			return
-		}
-		srcAddr, body, err := utils.ReadUDPPacket(inConn)
-		if err == io.EOF || err == io.ErrUnexpectedEOF {
-			s.log.Printf("connection %s released", ID)
-			utils.CloseConn(&inConn)
-			break
-		} else if err != nil {
-			s.log.Printf("udp packet revecived fail, err: %s", err)
-		} else {
-			//s.log.Printf("udp packet revecived:%s,%v", srcAddr, body)
-			go s.processUDPPacket(&inConn, srcAddr, localAddr, body)
-		}
-
-	}
-	// }
-}
-func (s *TunnelClient) processUDPPacket(inConn *net.Conn, srcAddr, localAddr string, body []byte) {
-	dstAddr, err := net.ResolveUDPAddr("udp", localAddr)
-	if err != nil {
-		s.log.Printf("can't resolve address: %s", err)
-		utils.CloseConn(inConn)
-		return
-	}
-	clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-	conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-	if err != nil {
-		s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-	_, err = conn.Write(body)
-	if err != nil {
-		s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	//s.log.Printf("send udp packet to %s success", dstAddr.String())
-	buf := make([]byte, 1024)
-	length, _, err := conn.ReadFromUDP(buf)
-	if err != nil {
-		s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	respBody := buf[0:length]
-	//s.log.Printf("revecived udp packet from %s , %v", dstAddr.String(), respBody)
-	bs := utils.UDPPacket(srcAddr, respBody)
-	_, err = (*inConn).Write(bs)
-	if err != nil {
-		s.log.Printf("send udp response fail ,ERR:%s", err)
-		utils.CloseConn(inConn)
-		return
-	}
-	//s.log.Printf("send udp response success ,from:%s ,%d ,%v", dstAddr.String(), len(bs), bs)
-}
-func (s *TunnelClient) ServeConn(localAddr, ID, serverID string) {
-	var inConn, outConn net.Conn
-	var err error
-	for {
-		if s.isStop {
-			return
-		}
-		inConn, err = s.GetInConn(CONN_CLIENT, *s.cfg.Key, ID, serverID)
-		if err != nil {
-			utils.CloseConn(&inConn)
-			s.log.Printf("connection err: %s, retrying...", err)
-			time.Sleep(time.Second * 3)
-			continue
-		} else {
-			break
-		}
-	}
-
-	i := 0
-	for {
-		if s.isStop {
-			return
-		}
-		i++
-		outConn, err = utils.ConnectHost(localAddr, *s.cfg.Timeout)
-		if err == nil || i == 3 {
-			break
-		} else {
-			if i == 3 {
-				s.log.Printf("connect to %s err: %s, retrying...", localAddr, err)
-				time.Sleep(2 * time.Second)
-				continue
-			}
-		}
-	}
-	if err != nil {
-		utils.CloseConn(&inConn)
-		utils.CloseConn(&outConn)
-		s.log.Printf("build connection error, err: %s", err)
-		return
-	}
-	inAddr := inConn.RemoteAddr().String()
-	utils.IoBind(inConn, outConn, func(err interface{}) {
-		s.log.Printf("conn %s released", ID)
-		s.userConns.Remove(inAddr)
-	}, s.log)
-	if c, ok := s.userConns.Get(inAddr); ok {
-		(*c.(*net.Conn)).Close()
-	}
-	s.userConns.Set(inAddr, &inConn)
-	s.log.Printf("conn %s created", ID)
-}

services/udp.go

@@ -1,249 +0,0 @@
-package services
-
-import (
-	"bufio"
-	"fmt"
-	"hash/crc32"
-	"io"
-	logger "log"
-	"net"
-	"runtime/debug"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/snail007/goproxy/services/kcpcfg"
-	"github.com/snail007/goproxy/utils"
-)
-
-type UDP struct {
-	p       utils.ConcurrentMap
-	outPool utils.OutConn
-	cfg     UDPArgs
-	sc      *utils.ServerChannel
-	isStop  bool
-	log     *logger.Logger
-}
-
-func NewUDP() Service {
-	return &UDP{
-		outPool: utils.OutConn{},
-		p:       utils.NewConcurrentMap(),
-		isStop:  false,
-	}
-}
-func (s *UDP) CheckArgs() (err error) {
-	if *s.cfg.Parent == "" {
-		err = fmt.Errorf("parent required for udp %s", *s.cfg.Local)
-		return
-	}
-	if *s.cfg.ParentType == "" {
-		err = fmt.Errorf("parent type unkown,use -T <tls|tcp>")
-		return
-	}
-	if *s.cfg.ParentType == "tls" {
-		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
-		if err != nil {
-			return
-		}
-	}
-	return
-}
-func (s *UDP) InitService() (err error) {
-	if *s.cfg.ParentType != TYPE_UDP {
-		s.InitOutConnPool()
-	}
-	return
-}
-func (s *UDP) StopService() {
-	defer func() {
-		e := recover()
-		if e != nil {
-			s.log.Printf("stop udp service crashed,%s", e)
-		} else {
-			s.log.Printf("service udp stoped")
-		}
-	}()
-	s.isStop = true
-	if s.sc.Listener != nil && *s.sc.Listener != nil {
-		(*s.sc.Listener).Close()
-	}
-	if s.sc.UDPListener != nil {
-		(*s.sc.UDPListener).Close()
-	}
-}
-func (s *UDP) Start(args interface{}, log *logger.Logger) (err error) {
-	s.log = log
-	s.cfg = args.(UDPArgs)
-	if err = s.CheckArgs(); err != nil {
-		return
-	}
-	s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
-	if err = s.InitService(); err != nil {
-		return
-	}
-	host, port, _ := net.SplitHostPort(*s.cfg.Local)
-	p, _ := strconv.Atoi(port)
-	sc := utils.NewServerChannel(host, p, s.log)
-	s.sc = &sc
-	err = sc.ListenUDP(s.callback)
-	if err != nil {
-		return
-	}
-	s.log.Printf("udp proxy on %s", (*sc.UDPListener).LocalAddr())
-	return
-}
-
-func (s *UDP) Clean() {
-	s.StopService()
-}
-func (s *UDP) callback(packet []byte, localAddr, srcAddr *net.UDPAddr) {
-	defer func() {
-		if err := recover(); err != nil {
-			s.log.Printf("udp conn handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
-		}
-	}()
-	var err error
-	switch *s.cfg.ParentType {
-	case TYPE_TCP:
-		fallthrough
-	case TYPE_TLS:
-		err = s.OutToTCP(packet, localAddr, srcAddr)
-	case TYPE_UDP:
-		err = s.OutToUDP(packet, localAddr, srcAddr)
-	default:
-		err = fmt.Errorf("unkown parent type %s", *s.cfg.ParentType)
-	}
-	if err != nil {
-		s.log.Printf("connect to %s parent %s fail, ERR:%s", *s.cfg.ParentType, *s.cfg.Parent, err)
-	}
-}
-func (s *UDP) GetConn(connKey string) (conn net.Conn, isNew bool, err error) {
-	isNew = !s.p.Has(connKey)
-	var _conn interface{}
-	if isNew {
-		_conn, err = s.outPool.Get()
-		if err != nil {
-			return nil, false, err
-		}
-		s.p.Set(connKey, _conn)
-	} else {
-		_conn, _ = s.p.Get(connKey)
-	}
-	conn = _conn.(net.Conn)
-	return
-}
-func (s *UDP) OutToTCP(packet []byte, localAddr, srcAddr *net.UDPAddr) (err error) {
-	numLocal := crc32.ChecksumIEEE([]byte(localAddr.String()))
-	numSrc := crc32.ChecksumIEEE([]byte(srcAddr.String()))
-	mod := uint32(10)
-	if mod == 0 {
-		mod = 10
-	}
-	connKey := uint64((numLocal/10)*10 + numSrc%mod)
-	conn, isNew, err := s.GetConn(fmt.Sprintf("%d", connKey))
-	if err != nil {
-		s.log.Printf("upd get conn to %s parent %s fail, ERR:%s", *s.cfg.ParentType, *s.cfg.Parent, err)
-		return
-	}
-	if isNew {
-		go func() {
-			defer func() {
-				if err := recover(); err != nil {
-					s.log.Printf("udp conn handler out to tcp crashed with err : %s \nstack: %s", err, string(debug.Stack()))
-				}
-			}()
-			s.log.Printf("conn %d created , local: %s", connKey, srcAddr.String())
-			for {
-				if s.isStop {
-					conn.Close()
-					return
-				}
-				srcAddrFromConn, body, err := utils.ReadUDPPacket(bufio.NewReader(conn))
-				if err == io.EOF || err == io.ErrUnexpectedEOF {
-					//s.log.Printf("connection %d released", connKey)
-					s.p.Remove(fmt.Sprintf("%d", connKey))
-					break
-				}
-				if err != nil {
-					s.log.Printf("parse revecived udp packet fail, err: %s", err)
-					continue
-				}
-				//s.log.Printf("udp packet revecived over parent , local:%s", srcAddrFromConn)
-				_srcAddr := strings.Split(srcAddrFromConn, ":")
-				if len(_srcAddr) != 2 {
-					s.log.Printf("parse revecived udp packet fail, addr error : %s", srcAddrFromConn)
-					continue
-				}
-				port, _ := strconv.Atoi(_srcAddr[1])
-				dstAddr := &net.UDPAddr{IP: net.ParseIP(_srcAddr[0]), Port: port}
-				_, err = s.sc.UDPListener.WriteToUDP(body, dstAddr)
-				if err != nil {
-					s.log.Printf("udp response to local %s fail,ERR:%s", srcAddr, err)
-					continue
-				}
-				//s.log.Printf("udp response to local %s success", srcAddr)
-			}
-		}()
-	}
-	//s.log.Printf("select conn %d , local: %s", connKey, srcAddr.String())
-	writer := bufio.NewWriter(conn)
-	//fmt.Println(conn, writer)
-	writer.Write(utils.UDPPacket(srcAddr.String(), packet))
-	err = writer.Flush()
-	if err != nil {
-		s.log.Printf("write udp packet to %s fail ,flush err:%s", *s.cfg.Parent, err)
-		return
-	}
-	//s.log.Printf("write packet %v", packet)
-	return
-}
-func (s *UDP) OutToUDP(packet []byte, localAddr, srcAddr *net.UDPAddr) (err error) {
-	//s.log.Printf("udp packet revecived:%s,%v", srcAddr, packet)
-	dstAddr, err := net.ResolveUDPAddr("udp", *s.cfg.Parent)
-	if err != nil {
-		s.log.Printf("resolve udp addr %s fail  fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
-	conn, err := net.DialUDP("udp", clientSrcAddr, dstAddr)
-	if err != nil {
-		s.log.Printf("connect to udp %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	conn.SetDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
-	_, err = conn.Write(packet)
-	if err != nil {
-		s.log.Printf("send udp packet to %s fail,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	//s.log.Printf("send udp packet to %s success", dstAddr.String())
-	buf := make([]byte, 512)
-	len, _, err := conn.ReadFromUDP(buf)
-	if err != nil {
-		s.log.Printf("read udp response from %s fail ,ERR:%s", dstAddr.String(), err)
-		return
-	}
-	//s.log.Printf("revecived udp packet from %s , %v", dstAddr.String(), respBody)
-	_, err = s.sc.UDPListener.WriteToUDP(buf[0:len], srcAddr)
-	if err != nil {
-		s.log.Printf("send udp response to cluster fail ,ERR:%s", err)
-		return
-	}
-	//s.log.Printf("send udp response to cluster success ,from:%s", dstAddr.String())
-	return
-}
-func (s *UDP) InitOutConnPool() {
-	if *s.cfg.ParentType == TYPE_TLS || *s.cfg.ParentType == TYPE_TCP {
-		//dur int, isTLS bool, certBytes, keyBytes []byte,
-		//parent string, timeout int, InitialCap int, MaxCap int
-		s.outPool = utils.NewOutConn(
-			*s.cfg.CheckParentInterval,
-			*s.cfg.ParentType,
-			kcpcfg.KCPConfigArgs{},
-			s.cfg.CertBytes, s.cfg.KeyBytes, nil,
-			*s.cfg.Parent,
-			*s.cfg.Timeout,
-		)
-	}
-}

services/udp/udp.go

@@ -0,0 +1,395 @@
+package udp
+
+import (
+	"crypto/tls"
+	"fmt"
+	"io"
+	logger "log"
+	"net"
+	"runtime/debug"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/core/cs/server"
+	"github.com/snail007/goproxy/services"
+	"github.com/snail007/goproxy/utils"
+	"github.com/snail007/goproxy/utils/mapx"
+)
+
+type UDPArgs struct {
+	Parent              *string
+	CertFile            *string
+	KeyFile             *string
+	CertBytes           []byte
+	KeyBytes            []byte
+	Local               *string
+	ParentType          *string
+	Timeout             *int
+	CheckParentInterval *int
+}
+type UDP struct {
+	p                mapx.ConcurrentMap
+	cfg              UDPArgs
+	sc               *server.ServerChannel
+	isStop           bool
+	log              *logger.Logger
+	outUDPConnCtxMap mapx.ConcurrentMap
+	udpConns         mapx.ConcurrentMap
+	dstAddr          *net.UDPAddr
+}
+type UDPConnItem struct {
+	conn      *net.Conn
+	touchtime int64
+	srcAddr   *net.UDPAddr
+	localAddr *net.UDPAddr
+	connid    string
+}
+type outUDPConnCtx struct {
+	localAddr *net.UDPAddr
+	srcAddr   *net.UDPAddr
+	udpconn   *net.UDPConn
+	touchtime int64
+}
+
+func NewUDP() services.Service {
+	return &UDP{
+		p:                mapx.NewConcurrentMap(),
+		isStop:           false,
+		outUDPConnCtxMap: mapx.NewConcurrentMap(),
+		udpConns:         mapx.NewConcurrentMap(),
+	}
+}
+func (s *UDP) CheckArgs() (err error) {
+	if len(*s.cfg.Parent) == 0 {
+		err = fmt.Errorf("parent required for udp %s", *s.cfg.Local)
+		return
+	}
+	if *s.cfg.ParentType == "" {
+		err = fmt.Errorf("parent type unkown,use -T <udp|tls|tcp>")
+		return
+	}
+	if *s.cfg.ParentType == "tls" {
+		s.cfg.CertBytes, s.cfg.KeyBytes, err = utils.TlsBytes(*s.cfg.CertFile, *s.cfg.KeyFile)
+		if err != nil {
+			return
+		}
+	}
+
+	s.dstAddr, err = net.ResolveUDPAddr("udp", *s.cfg.Parent)
+	if err != nil {
+		s.log.Printf("resolve udp addr %s fail  fail,ERR:%s", *s.cfg.Parent, err)
+		return
+	}
+	return
+}
+func (s *UDP) InitService() (err error) {
+	s.OutToUDPGCDeamon()
+	s.UDPGCDeamon()
+	return
+}
+func (s *UDP) StopService() {
+	defer func() {
+		e := recover()
+		if e != nil {
+			s.log.Printf("stop udp service crashed,%s", e)
+		} else {
+			s.log.Printf("service udp stopped")
+		}
+		s.cfg = UDPArgs{}
+		s.log = nil
+		s.p = nil
+		s.sc = nil
+		s = nil
+	}()
+	s.isStop = true
+	if s.sc.Listener != nil && *s.sc.Listener != nil {
+		(*s.sc.Listener).Close()
+	}
+	if s.sc.UDPListener != nil {
+		(*s.sc.UDPListener).Close()
+	}
+}
+func (s *UDP) Start(args interface{}, log *logger.Logger) (err error) {
+	s.log = log
+	s.cfg = args.(UDPArgs)
+	if err = s.CheckArgs(); err != nil {
+		return
+	}
+	s.log.Printf("use %s parent %s", *s.cfg.ParentType, *s.cfg.Parent)
+	if err = s.InitService(); err != nil {
+		return
+	}
+	host, port, _ := net.SplitHostPort(*s.cfg.Local)
+	p, _ := strconv.Atoi(port)
+	sc := server.NewServerChannel(host, p, s.log)
+	s.sc = &sc
+	err = sc.ListenUDP(s.callback)
+	if err != nil {
+		return
+	}
+	s.log.Printf("udp proxy on %s", (*sc.UDPListener).LocalAddr())
+	return
+}
+
+func (s *UDP) Clean() {
+	s.StopService()
+}
+func (s *UDP) callback(listener *net.UDPConn, packet []byte, localAddr, srcAddr *net.UDPAddr) {
+	defer func() {
+		if err := recover(); err != nil {
+			s.log.Printf("udp conn handler crashed with err : %s \nstack: %s", err, string(debug.Stack()))
+		}
+	}()
+	switch *s.cfg.ParentType {
+	case "tcp", "tls":
+		s.OutToTCP(packet, localAddr, srcAddr)
+	case "udp":
+		s.OutToUDP(packet, localAddr, srcAddr)
+	default:
+		s.log.Printf("unkown parent type %s", *s.cfg.ParentType)
+	}
+}
+func (s *UDP) GetConn(connKey string) (conn net.Conn, isNew bool, err error) {
+	isNew = !s.p.Has(connKey)
+	var _conn interface{}
+	if isNew {
+		_conn, err = s.GetParentConn()
+		if err != nil {
+			return nil, false, err
+		}
+		s.p.Set(connKey, _conn)
+	} else {
+		_conn, _ = s.p.Get(connKey)
+	}
+	conn = _conn.(net.Conn)
+	return
+}
+func (s *UDP) OutToTCP(data []byte, localAddr, srcAddr *net.UDPAddr) (err error) {
+	s.UDPSend(data, localAddr, srcAddr)
+	return
+}
+func (s *UDP) OutToUDPGCDeamon() {
+	gctime := int64(30)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
+		for {
+			<-timer.C
+			gcKeys := []string{}
+			s.outUDPConnCtxMap.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*outUDPConnCtx).touchtime > gctime {
+					(*(v.(*outUDPConnCtx).udpconn)).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s <--> %s", (*v.(*outUDPConnCtx)).srcAddr, (*v.(*outUDPConnCtx)).localAddr)
+				}
+			})
+			for _, k := range gcKeys {
+				s.outUDPConnCtxMap.Remove(k)
+			}
+			gcKeys = nil
+		}
+	}()
+}
+func (s *UDP) OutToUDP(packet []byte, localAddr, srcAddr *net.UDPAddr) {
+	var ouc *outUDPConnCtx
+	if v, ok := s.outUDPConnCtxMap.Get(srcAddr.String()); !ok {
+		clientSrcAddr := &net.UDPAddr{IP: net.IPv4zero, Port: 0}
+		conn, err := net.DialUDP("udp", clientSrcAddr, s.dstAddr)
+		if err != nil {
+			s.log.Printf("connect to udp %s fail,ERR:%s", s.dstAddr.String(), err)
+
+		}
+		ouc = &outUDPConnCtx{
+			localAddr: localAddr,
+			srcAddr:   srcAddr,
+			udpconn:   conn,
+		}
+		s.outUDPConnCtxMap.Set(srcAddr.String(), ouc)
+		go func() {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+				}
+			}()
+			s.log.Printf("udp conn %s <--> %s connected", srcAddr.String(), localAddr.String())
+			buf := utils.LeakyBuffer.Get()
+			defer func() {
+				utils.LeakyBuffer.Put(buf)
+				s.outUDPConnCtxMap.Remove(srcAddr.String())
+				s.log.Printf("udp conn %s <--> %s released", srcAddr.String(), localAddr.String())
+			}()
+			for {
+				n, err := ouc.udpconn.Read(buf)
+				if err != nil {
+					if !utils.IsNetClosedErr(err) {
+						s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+					}
+					return
+				}
+				ouc.touchtime = time.Now().Unix()
+				go func() {
+					defer func() {
+						if e := recover(); e != nil {
+							fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+						}
+					}()
+					(*(s.sc).UDPListener).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+					_, err = (*(s.sc).UDPListener).WriteTo(buf[:n], srcAddr)
+					(*(s.sc).UDPListener).SetWriteDeadline(time.Time{})
+				}()
+			}
+		}()
+	} else {
+		ouc = v.(*outUDPConnCtx)
+	}
+	go func() {
+		ouc.touchtime = time.Now().Unix()
+		ouc.udpconn.SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		ouc.udpconn.Write(packet)
+		ouc.udpconn.SetWriteDeadline(time.Time{})
+	}()
+	return
+}
+func (s *UDP) GetParentConn() (conn net.Conn, err error) {
+	if *s.cfg.ParentType == "tls" {
+		var _conn tls.Conn
+		_conn, err = utils.TlsConnectHost(*s.cfg.Parent, *s.cfg.Timeout, s.cfg.CertBytes, s.cfg.KeyBytes, nil)
+		if err == nil {
+			conn = net.Conn(&_conn)
+		}
+	} else {
+		conn, err = utils.ConnectHost(*s.cfg.Parent, *s.cfg.Timeout)
+	}
+	return
+}
+func (s *UDP) UDPGCDeamon() {
+	gctime := int64(30)
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		if s.isStop {
+			return
+		}
+		timer := time.NewTicker(time.Second)
+		for {
+			<-timer.C
+			gcKeys := []string{}
+			s.udpConns.IterCb(func(key string, v interface{}) {
+				if time.Now().Unix()-v.(*UDPConnItem).touchtime > gctime {
+					(*(v.(*UDPConnItem).conn)).Close()
+					gcKeys = append(gcKeys, key)
+					s.log.Printf("gc udp conn %s", v.(*UDPConnItem).connid)
+				}
+			})
+			for _, k := range gcKeys {
+				s.udpConns.Remove(k)
+			}
+			gcKeys = nil
+		}
+	}()
+}
+func (s *UDP) UDPSend(data []byte, localAddr, srcAddr *net.UDPAddr) {
+	var (
+		uc      *UDPConnItem
+		key     = srcAddr.String()
+		err     error
+		outconn net.Conn
+	)
+	v, ok := s.udpConns.Get(key)
+	if !ok {
+		for {
+			outconn, err = s.GetParentConn()
+			if err != nil && strings.Contains(err.Error(), "can not connect at same time") {
+				time.Sleep(time.Millisecond * 500)
+				continue
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			s.log.Printf("connect to %s fail, err: %s", *s.cfg.Parent, err)
+			return
+		}
+		uc = &UDPConnItem{
+			conn:      &outconn,
+			srcAddr:   srcAddr,
+			localAddr: localAddr,
+		}
+		s.udpConns.Set(key, uc)
+		s.UDPRevecive(key)
+	} else {
+		uc = v.(*UDPConnItem)
+	}
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				(*uc.conn).Close()
+				s.udpConns.Remove(key)
+				s.log.Printf("udp sender crashed with error : %s", e)
+			}
+		}()
+		uc.touchtime = time.Now().Unix()
+		(*uc.conn).SetWriteDeadline(time.Now().Add(time.Millisecond * time.Duration(*s.cfg.Timeout)))
+		_, err = (*uc.conn).Write(utils.UDPPacket(fmt.Sprintf("%s", srcAddr.String()), data))
+		(*uc.conn).SetWriteDeadline(time.Time{})
+		if err != nil {
+			s.log.Printf("write udp packet to %s fail ,flush err:%s ", *s.cfg.Parent, err)
+		}
+	}()
+}
+func (s *UDP) UDPRevecive(key string) {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+			}
+		}()
+		s.log.Printf("udp conn %s connected", key)
+		var uc *UDPConnItem
+		defer func() {
+			if uc != nil {
+				(*uc.conn).Close()
+			}
+			s.udpConns.Remove(key)
+			s.log.Printf("udp conn %s released", key)
+		}()
+		v, ok := s.udpConns.Get(key)
+		if !ok {
+			s.log.Printf("[warn] udp conn not exists for %s", key)
+			return
+		}
+		uc = v.(*UDPConnItem)
+		for {
+			_, body, err := utils.ReadUDPPacket(*uc.conn)
+			if err != nil {
+				if strings.Contains(err.Error(), "n != int(") {
+					continue
+				}
+				if err != io.EOF && !utils.IsNetClosedErr(err) {
+					s.log.Printf("udp conn read udp packet fail , err: %s ", err)
+				}
+				return
+			}
+			uc.touchtime = time.Now().Unix()
+			go func() {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:\n%s", e, string(debug.Stack()))
+					}
+				}()
+				s.sc.UDPListener.WriteToUDP(body, uc.srcAddr)
+			}()
+		}
+	}()
+}

utils/cert/cert.go

@@ -0,0 +1,199 @@
+package cert
+
+import (
+	"bytes"
+	cryptorand "crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"io/ioutil"
+	"math/big"
+	"math/rand"
+	"net"
+	"strconv"
+	"time"
+)
+
+func CreateSignCertToFile(rootCa *x509.Certificate, rootKey *rsa.PrivateKey, domainOrIP string, expireDays int, name string) (err error) {
+	cert, key, err := CreateSignCert(rootCa, rootKey, domainOrIP, expireDays)
+	if err != nil {
+		return
+	}
+	err = ioutil.WriteFile(name+".crt", cert, 0755)
+	if err != nil {
+		return
+	}
+	err = ioutil.WriteFile(name+".key", key, 0755)
+	return
+}
+func CreateSignCert(rootCa *x509.Certificate, rootKey *rsa.PrivateKey, domainOrIP string, expireDays int) (certBytes []byte, keyBytes []byte, err error) {
+	cer := &x509.Certificate{
+		SerialNumber: big.NewInt(rand.Int63()), //证书序列号
+		Subject: pkix.Name{
+			Country:            []string{getCountry()},
+			Organization:       []string{domainOrIP},
+			OrganizationalUnit: []string{domainOrIP},
+			CommonName:         domainOrIP,
+		},
+		NotBefore:             time.Now().Add(-time.Hour),
+		NotAfter:              time.Now().Add(time.Hour * 24 * time.Duration(expireDays)),
+		BasicConstraintsValid: true,
+		IsCA:        false,
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		//KeyUsage:       x509.KeyUsageDigitalSignature | x509.KeyUsageDataEncipherment,
+		EmailAddresses: []string{},
+		IPAddresses:    []net.IP{},
+	}
+	if ip := net.ParseIP(domainOrIP); ip != nil {
+		cer.IPAddresses = append(cer.IPAddresses, ip)
+	} else {
+		cer.DNSNames = append(cer.DNSNames, domainOrIP)
+	}
+
+	// cer.IPAddresses = append(cer.IPAddresses, alternateIPs...)
+	// cer.DNSNames = append(cer.DNSNames, alternateDNS...)
+
+	//生成公钥私钥对
+	priKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
+	if err != nil {
+		return
+	}
+	certBytes, err = x509.CreateCertificate(cryptorand.Reader, cer, rootCa, &priKey.PublicKey, rootKey)
+	if err != nil {
+		return
+	}
+
+	//编码证书文件和私钥文件
+	caPem := &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	}
+	certBytes = pem.EncodeToMemory(caPem)
+
+	buf := x509.MarshalPKCS1PrivateKey(priKey)
+	keyPem := &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: buf,
+	}
+	keyBytes = pem.EncodeToMemory(keyPem)
+	return
+}
+func CreateCaToFile(name, domainOrIP string, expireDays int) (err error) {
+	ca, key, err := CreateCa(domainOrIP, expireDays)
+	if err != nil {
+		return
+	}
+	err = ioutil.WriteFile(name+".crt", ca, 0755)
+	if err != nil {
+		return
+	}
+	err = ioutil.WriteFile(name+".key", key, 0755)
+	return
+}
+func CreateCa(organization string, expireDays int) (certBytes []byte, keyBytes []byte, err error) {
+	priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	template := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName:         organization,
+			Organization:       []string{organization},
+			OrganizationalUnit: []string{organization},
+			Country:            []string{getCountry()},
+		},
+		NotBefore: time.Now().Add(-time.Hour),
+		NotAfter:  time.Now().Add(time.Hour * 24 * time.Duration(expireDays)),
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
+		BasicConstraintsValid: true,
+		IsCA: true,
+	}
+
+	derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Generate cert
+	certBuffer := bytes.Buffer{}
+	if err := pem.Encode(&certBuffer, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
+		return nil, nil, err
+	}
+
+	// Generate key
+	keyBuffer := bytes.Buffer{}
+	if err := pem.Encode(&keyBuffer, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
+		return nil, nil, err
+	}
+
+	return certBuffer.Bytes(), keyBuffer.Bytes(), nil
+}
+func ParseCertAndKeyBytes(certPemFileByes, keyFileBytes []byte) (cert *x509.Certificate, privateKey *rsa.PrivateKey, err error) {
+	//解析根证书
+	cert, err = ParseCertBytes(certPemFileByes)
+	if err != nil {
+		return
+	}
+	//解析私钥
+	privateKey, err = ParseKeyBytes(keyFileBytes)
+	return
+}
+func ParseCertAndKey(certPemFile, keyFile string) (cert *x509.Certificate, privateKey *rsa.PrivateKey, err error) {
+	//解析根证书
+	cert, err = ParseCert(certPemFile)
+	if err != nil {
+		return
+	}
+	//解析私钥
+	privateKey, err = ParseKey(keyFile)
+	return
+}
+func ParseCert(certPemFile string) (cert *x509.Certificate, err error) {
+	//解析证书
+	certFile_, err := ioutil.ReadFile(certPemFile)
+	if err != nil {
+		return
+	}
+	cert, err = ParseCertBytes(certFile_)
+	return
+}
+func ParseKey(keyFile string) (key *rsa.PrivateKey, err error) {
+	//解析证书
+	keyFile_, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return
+	}
+	key, err = ParseKeyBytes(keyFile_)
+	return
+}
+func ParseCertBytes(certPemFileBytes []byte) (cert *x509.Certificate, err error) {
+	caBlock, _ := pem.Decode(certPemFileBytes)
+	cert, err = x509.ParseCertificate(caBlock.Bytes)
+	return
+}
+func ParseKeyBytes(keyFileBytes []byte) (praKey *rsa.PrivateKey, err error) {
+	keyBlock, _ := pem.Decode(keyFileBytes)
+	praKey, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
+	return
+}
+func getCountry() string {
+	CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"}
+	return CList[int(randInt(4))%len(CList)]
+}
+func randInt(strLen int) int64 {
+	codes := "123456789"
+	codeLen := len(codes)
+	data := make([]byte, strLen)
+	rand.Seed(time.Now().UnixNano() + rand.Int63() + rand.Int63() + rand.Int63() + rand.Int63())
+	for i := 0; i < strLen; i++ {
+		idx := rand.Intn(codeLen)
+		data[i] = byte(codes[idx])
+	}
+	i, _ := strconv.ParseInt(string(data), 10, 64)
+	return i
+}

utils/cert/cert_test.go

@@ -0,0 +1,71 @@
+package cert
+
+import (
+	"os"
+	"testing"
+)
+
+func TestCaGen(t *testing.T) {
+	err := CreateCaToFile("ca", "test", 365)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	ca, key, err := ParseCertAndKey("ca.crt", "ca.key")
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	if ca.Subject.Organization[0] != "test" {
+		t.Fatalf("Organization %s not match test", ca.Subject.Organization[0])
+		return
+	}
+	err = key.Validate()
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	os.Remove("ca.crt")
+	os.Remove("ca.key")
+
+}
+func TestSign(t *testing.T) {
+	err := CreateCaToFile("ca", "test", 365)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	ca, key, err := ParseCertAndKey("ca.crt", "ca.key")
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	err = CreateCaToFile("ca", "test", 365)
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	err = CreateSignCertToFile(ca, key, "server.com", 365, "server")
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	servercrt, serverkey, err := ParseCertAndKey("server.crt", "server.key")
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	if servercrt.Subject.CommonName != "server.com" {
+		t.Fatalf("CommonName %s not match server.com", ca.Subject.CommonName)
+		return
+	}
+	err = serverkey.Validate()
+	if err != nil {
+		t.Fatal(err)
+		return
+	}
+	os.Remove("ca.crt")
+	os.Remove("ca.key")
+	os.Remove("server.crt")
+	os.Remove("server.key")
+}

utils/crypt/misc.go

@@ -0,0 +1,38 @@
+package utils
+
+import (
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+)
+
+type CryptTool struct{}
+
+var CryptTools = NewCryptTool()
+
+func NewCryptTool() *CryptTool {
+	return &CryptTool{}
+}
+
+func (encrypt *CryptTool) Base64Encode(str string) string {
+	return string([]byte(base64.StdEncoding.EncodeToString([]byte(str))))
+}
+
+func (encrypt *CryptTool) Base64EncodeBytes(bytes []byte) []byte {
+	return []byte(base64.StdEncoding.EncodeToString(bytes))
+}
+
+func (encrypt *CryptTool) Base64Decode(str string) (string, error) {
+	by, err := base64.StdEncoding.DecodeString(str)
+	return string(by), err
+}
+
+func (encrypt *CryptTool) Base64DecodeBytes(str string) ([]byte, error) {
+	return base64.StdEncoding.DecodeString(str)
+}
+
+func (encrypt *CryptTool) MD5(str string) string {
+	hash := md5.New()
+	hash.Write([]byte(str))
+	return hex.EncodeToString(hash.Sum(nil))
+}

utils/datasize/datasize.go

@@ -0,0 +1,235 @@
+package datasize
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+type ByteSize uint64
+
+const (
+	B  ByteSize = 1
+	KB          = B << 10
+	MB          = KB << 10
+	GB          = MB << 10
+	TB          = GB << 10
+	PB          = TB << 10
+	EB          = PB << 10
+
+	fnUnmarshalText string = "UnmarshalText"
+	maxUint64       uint64 = (1 << 64) - 1
+	cutoff          uint64 = maxUint64 / 10
+)
+
+var ErrBits = errors.New("unit with capital unit prefix and lower case unit (b) - bits, not bytes ")
+
+var defaultDatasize ByteSize
+
+func Parse(s string) (bytes uint64, err error) {
+	err = defaultDatasize.UnmarshalText([]byte(s))
+	if err != nil {
+		return
+	}
+	bytes = defaultDatasize.Bytes()
+	return
+}
+func HumanSize(bytes uint64) (s string, err error) {
+	err = defaultDatasize.UnmarshalText([]byte(fmt.Sprintf("%d", bytes)))
+	if err != nil {
+		return
+	}
+	s = defaultDatasize.HumanReadable()
+	return
+}
+func (b ByteSize) Bytes() uint64 {
+	return uint64(b)
+}
+
+func (b ByteSize) KBytes() float64 {
+	v := b / KB
+	r := b % KB
+	return float64(v) + float64(r)/float64(KB)
+}
+
+func (b ByteSize) MBytes() float64 {
+	v := b / MB
+	r := b % MB
+	return float64(v) + float64(r)/float64(MB)
+}
+
+func (b ByteSize) GBytes() float64 {
+	v := b / GB
+	r := b % GB
+	return float64(v) + float64(r)/float64(GB)
+}
+
+func (b ByteSize) TBytes() float64 {
+	v := b / TB
+	r := b % TB
+	return float64(v) + float64(r)/float64(TB)
+}
+
+func (b ByteSize) PBytes() float64 {
+	v := b / PB
+	r := b % PB
+	return float64(v) + float64(r)/float64(PB)
+}
+
+func (b ByteSize) EBytes() float64 {
+	v := b / EB
+	r := b % EB
+	return float64(v) + float64(r)/float64(EB)
+}
+
+func (b ByteSize) String() string {
+	switch {
+	case b == 0:
+		return fmt.Sprint("0B")
+	case b%EB == 0:
+		return fmt.Sprintf("%dEB", b/EB)
+	case b%PB == 0:
+		return fmt.Sprintf("%dPB", b/PB)
+	case b%TB == 0:
+		return fmt.Sprintf("%dTB", b/TB)
+	case b%GB == 0:
+		return fmt.Sprintf("%dGB", b/GB)
+	case b%MB == 0:
+		return fmt.Sprintf("%dMB", b/MB)
+	case b%KB == 0:
+		return fmt.Sprintf("%dKB", b/KB)
+	default:
+		return fmt.Sprintf("%dB", b)
+	}
+}
+
+func (b ByteSize) HR() string {
+	return b.HumanReadable()
+}
+
+func (b ByteSize) HumanReadable() string {
+	switch {
+	case b > EB:
+		return fmt.Sprintf("%.1f EB", b.EBytes())
+	case b > PB:
+		return fmt.Sprintf("%.1f PB", b.PBytes())
+	case b > TB:
+		return fmt.Sprintf("%.1f TB", b.TBytes())
+	case b > GB:
+		return fmt.Sprintf("%.1f GB", b.GBytes())
+	case b > MB:
+		return fmt.Sprintf("%.1f MB", b.MBytes())
+	case b > KB:
+		return fmt.Sprintf("%.1f KB", b.KBytes())
+	default:
+		return fmt.Sprintf("%d B", b)
+	}
+}
+
+func (b ByteSize) MarshalText() ([]byte, error) {
+	return []byte(b.String()), nil
+}
+
+func (b *ByteSize) UnmarshalText(t []byte) error {
+	var val uint64
+	var unit string
+
+	// copy for error message
+	t0 := t
+
+	var c byte
+	var i int
+
+ParseLoop:
+	for i < len(t) {
+		c = t[i]
+		switch {
+		case '0' <= c && c <= '9':
+			if val > cutoff {
+				goto Overflow
+			}
+
+			c = c - '0'
+			val *= 10
+
+			if val > val+uint64(c) {
+				// val+v overflows
+				goto Overflow
+			}
+			val += uint64(c)
+			i++
+
+		default:
+			if i == 0 {
+				goto SyntaxError
+			}
+			break ParseLoop
+		}
+	}
+
+	unit = strings.TrimSpace(string(t[i:]))
+	switch unit {
+	case "Kb", "Mb", "Gb", "Tb", "Pb", "Eb":
+		goto BitsError
+	}
+	unit = strings.ToLower(unit)
+	switch unit {
+	case "", "b", "byte":
+		// do nothing - already in bytes
+
+	case "k", "kb", "kilo", "kilobyte", "kilobytes":
+		if val > maxUint64/uint64(KB) {
+			goto Overflow
+		}
+		val *= uint64(KB)
+
+	case "m", "mb", "mega", "megabyte", "megabytes":
+		if val > maxUint64/uint64(MB) {
+			goto Overflow
+		}
+		val *= uint64(MB)
+
+	case "g", "gb", "giga", "gigabyte", "gigabytes":
+		if val > maxUint64/uint64(GB) {
+			goto Overflow
+		}
+		val *= uint64(GB)
+
+	case "t", "tb", "tera", "terabyte", "terabytes":
+		if val > maxUint64/uint64(TB) {
+			goto Overflow
+		}
+		val *= uint64(TB)
+
+	case "p", "pb", "peta", "petabyte", "petabytes":
+		if val > maxUint64/uint64(PB) {
+			goto Overflow
+		}
+		val *= uint64(PB)
+
+	case "E", "EB", "e", "eb", "eB":
+		if val > maxUint64/uint64(EB) {
+			goto Overflow
+		}
+		val *= uint64(EB)
+
+	default:
+		goto SyntaxError
+	}
+
+	*b = ByteSize(val)
+	return nil
+
+Overflow:
+	*b = ByteSize(maxUint64)
+	return &strconv.NumError{fnUnmarshalText, string(t0), strconv.ErrRange}
+
+SyntaxError:
+	*b = 0
+	return &strconv.NumError{fnUnmarshalText, string(t0), strconv.ErrSyntax}
+
+BitsError:
+	*b = 0
+	return &strconv.NumError{fnUnmarshalText, string(t0), ErrBits}
+}

utils/dnsx/resolver.go

@@ -0,0 +1,114 @@
+package dnsx
+
+import (
+	"fmt"
+	logger "log"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/snail007/goproxy/utils/mapx"
+	dns "github.com/miekg/dns"
+)
+
+type DomainResolver struct {
+	ttl         int
+	dnsAddrress string
+	data        mapx.ConcurrentMap
+	log         *logger.Logger
+}
+type DomainResolverItem struct {
+	ip        string
+	domain    string
+	expiredAt int64
+}
+
+func NewDomainResolver(dnsAddrress string, ttl int, log *logger.Logger) DomainResolver {
+	return DomainResolver{
+		ttl:         ttl,
+		dnsAddrress: dnsAddrress,
+		data:        mapx.NewConcurrentMap(),
+		log:         log,
+	}
+}
+func (a *DomainResolver) DnsAddress() (address string) {
+	address = a.dnsAddrress
+	return
+}
+func (a *DomainResolver) MustResolve(address string) (ip string) {
+	ip, _ = a.Resolve(address)
+	return
+}
+func (a *DomainResolver) Resolve(address string) (ip string, err error) {
+	domain := address
+	port := ""
+	fromCache := "false"
+	defer func() {
+		if port != "" {
+			ip = net.JoinHostPort(ip, port)
+		}
+		a.log.Printf("dns:%s->%s,cache:%s", address, ip, fromCache)
+		//a.PrintData()
+	}()
+	if strings.Contains(domain, ":") {
+		domain, port, err = net.SplitHostPort(domain)
+		if err != nil {
+			return
+		}
+	}
+	if net.ParseIP(domain) != nil {
+		ip = domain
+		fromCache = "ip ignore"
+		return
+	}
+	item, ok := a.data.Get(domain)
+	if ok {
+		//log.Println("find ", domain)
+		if (*item.(*DomainResolverItem)).expiredAt > time.Now().Unix() {
+			ip = (*item.(*DomainResolverItem)).ip
+			fromCache = "true"
+			//log.Println("from cache ", domain)
+			return
+		}
+	} else {
+		item = &DomainResolverItem{
+			domain: domain,
+		}
+
+	}
+	c := new(dns.Client)
+	c.DialTimeout = time.Millisecond * 5000
+	c.ReadTimeout = time.Millisecond * 5000
+	c.WriteTimeout = time.Millisecond * 5000
+	m := new(dns.Msg)
+	m.SetQuestion(dns.Fqdn(domain), dns.TypeA)
+	m.RecursionDesired = true
+	r, _, err := c.Exchange(m, a.dnsAddrress)
+	if r == nil {
+		return
+	}
+	if r.Rcode != dns.RcodeSuccess {
+		err = fmt.Errorf(" *** invalid answer name %s after A query for %s", domain, a.dnsAddrress)
+		return
+	}
+	for _, answer := range r.Answer {
+		if answer.Header().Rrtype == dns.TypeA {
+			info := strings.Fields(answer.String())
+			if len(info) >= 5 {
+				ip = info[4]
+				_item := item.(*DomainResolverItem)
+				(*_item).expiredAt = time.Now().Unix() + int64(a.ttl)
+				(*_item).ip = ip
+				a.data.Set(domain, item)
+				return
+			}
+		}
+	}
+	return
+}
+func (a *DomainResolver) PrintData() {
+	for k, item := range a.data.Items() {
+		d := item.(*DomainResolverItem)
+		a.log.Printf("%s:ip[%s],domain[%s],expired at[%d]\n", k, (*d).ip, (*d).domain, (*d).expiredAt)
+	}
+}

utils/functions.go

@@ -3,10 +3,13 @@ package utils
 import (
 	"bufio"
 	"bytes"
+	"context"
 	"crypto/sha1"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/base64"
 	"encoding/binary"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -17,14 +20,15 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"os/exec"
+	"strings"
 
-	"github.com/snail007/goproxy/services/kcpcfg"
+	"github.com/snail007/goproxy/core/lib/kcpcfg"
+	"github.com/snail007/goproxy/utils/lb"
 
 	"golang.org/x/crypto/pbkdf2"
 
 	"strconv"
-	"strings"
+
 	"time"
 
 	"github.com/snail007/goproxy/utils/id"
@@ -33,6 +37,12 @@ import (
 )
 
 func IoBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger) {
+	ioBind(dst, src, fn, log, true)
+}
+func IoBindNoClose(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger) {
+	ioBind(dst, src, fn, log, false)
+}
+func ioBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interface{}), log *logger.Logger, close bool) {
 	go func() {
 		defer func() {
 			if err := recover(); err != nil {
@@ -68,20 +78,41 @@ func IoBind(dst io.ReadWriteCloser, src io.ReadWriteCloser, fn func(err interfac
 		case err = <-e2:
 			//log.Printf("e2")
 		}
-		src.Close()
-		dst.Close()
+		func() {
+			defer func() {
+				_ = recover()
+			}()
+			if close {
+				src.Close()
+			}
+		}()
+		func() {
+			defer func() {
+				_ = recover()
+			}()
+			if close {
+				dst.Close()
+			}
+		}()
 		if fn != nil {
 			fn(err)
 		}
 	}()
 }
 func ioCopy(dst io.ReadWriter, src io.ReadWriter) (err error) {
+	defer func() {
+		if e := recover(); e != nil {
+		}
+	}()
 	buf := LeakyBuffer.Get()
 	defer LeakyBuffer.Put(buf)
 	n := 0
 	for {
 		n, err = src.Read(buf)
 		if n > 0 {
+			if n > len(buf) {
+				n = len(buf)
+			}
 			if _, e := dst.Write(buf[0:n]); e != nil {
 				return e
 			}
@@ -91,12 +122,55 @@ func ioCopy(dst io.ReadWriter, src io.ReadWriter) (err error) {
 		}
 	}
 }
+func SingleTlsConnectHost(host string, timeout int, caCertBytes []byte) (conn tls.Conn, err error) {
+	h := strings.Split(host, ":")
+	port, _ := strconv.Atoi(h[1])
+	return SingleTlsConnect(h[0], port, timeout, caCertBytes)
+}
+func SingleTlsConnect(host string, port, timeout int, caCertBytes []byte) (conn tls.Conn, err error) {
+	conf, err := getRequestSingleTlsConfig(caCertBytes)
+	if err != nil {
+		return
+	}
+	_conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", host, port), time.Duration(timeout)*time.Millisecond)
+	if err != nil {
+		return
+	}
+	return *tls.Client(_conn, conf), err
+}
+func SingleTlsConfig(caCertBytes []byte) (conf *tls.Config, err error) {
+	return getRequestSingleTlsConfig(caCertBytes)
+}
+func getRequestSingleTlsConfig(caCertBytes []byte) (conf *tls.Config, err error) {
+	conf = &tls.Config{InsecureSkipVerify: true}
+	serverCertPool := x509.NewCertPool()
+	if caCertBytes != nil {
+		ok := serverCertPool.AppendCertsFromPEM(caCertBytes)
+		if !ok {
+			err = errors.New("failed to parse root certificate")
+		}
+		conf.RootCAs = serverCertPool
+		conf.VerifyPeerCertificate = func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
+			opts := x509.VerifyOptions{
+				Roots: serverCertPool,
+			}
+			for _, rawCert := range rawCerts {
+				cert, _ := x509.ParseCertificate(rawCert)
+				_, err := cert.Verify(opts)
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		}
+	}
+	return
+}
 func TlsConnectHost(host string, timeout int, certBytes, keyBytes, caCertBytes []byte) (conn tls.Conn, err error) {
 	h := strings.Split(host, ":")
 	port, _ := strconv.Atoi(h[1])
 	return TlsConnect(h[0], port, timeout, certBytes, keyBytes, caCertBytes)
 }
-
 func TlsConnect(host string, port, timeout int, certBytes, keyBytes, caCertBytes []byte) (conn tls.Conn, err error) {
 	conf, err := getRequestTlsConfig(certBytes, keyBytes, caCertBytes)
 	if err != nil {
@@ -108,6 +182,9 @@ func TlsConnect(host string, port, timeout int, certBytes, keyBytes, caCertBytes
 	}
 	return *tls.Client(_conn, conf), err
 }
+func TlsConfig(certBytes, keyBytes, caCertBytes []byte) (conf *tls.Config, err error) {
+	return getRequestTlsConfig(certBytes, keyBytes, caCertBytes)
+}
 func getRequestTlsConfig(certBytes, keyBytes, caCertBytes []byte) (conf *tls.Config, err error) {
 
 	var cert tls.Certificate
@@ -210,100 +287,13 @@ func CloseConn(conn *net.Conn) {
 		(*conn).Close()
 	}
 }
-func Keygen() (err error) {
-	CList := []string{"AD", "AE", "AF", "AG", "AI", "AL", "AM", "AO", "AR", "AT", "AU", "AZ", "BB", "BD", "BE", "BF", "BG", "BH", "BI", "BJ", "BL", "BM", "BN", "BO", "BR", "BS", "BW", "BY", "BZ", "CA", "CF", "CG", "CH", "CK", "CL", "CM", "CN", "CO", "CR", "CS", "CU", "CY", "CZ", "DE", "DJ", "DK", "DO", "DZ", "EC", "EE", "EG", "ES", "ET", "FI", "FJ", "FR", "GA", "GB", "GD", "GE", "GF", "GH", "GI", "GM", "GN", "GR", "GT", "GU", "GY", "HK", "HN", "HT", "HU", "ID", "IE", "IL", "IN", "IQ", "IR", "IS", "IT", "JM", "JO", "JP", "KE", "KG", "KH", "KP", "KR", "KT", "KW", "KZ", "LA", "LB", "LC", "LI", "LK", "LR", "LS", "LT", "LU", "LV", "LY", "MA", "MC", "MD", "MG", "ML", "MM", "MN", "MO", "MS", "MT", "MU", "MV", "MW", "MX", "MY", "MZ", "NA", "NE", "NG", "NI", "NL", "NO", "NP", "NR", "NZ", "OM", "PA", "PE", "PF", "PG", "PH", "PK", "PL", "PR", "PT", "PY", "QA", "RO", "RU", "SA", "SB", "SC", "SD", "SE", "SG", "SI", "SK", "SL", "SM", "SN", "SO", "SR", "ST", "SV", "SY", "SZ", "TD", "TG", "TH", "TJ", "TM", "TN", "TO", "TR", "TT", "TW", "TZ", "UA", "UG", "US", "UY", "UZ", "VC", "VE", "VN", "YE", "YU", "ZA", "ZM", "ZR", "ZW"}
-	domainSubfixList := []string{".com", ".edu", ".gov", ".int", ".mil", ".net", ".org", ".biz", ".info", ".pro", ".name", ".museum", ".coop", ".aero", ".xxx", ".idv", ".ac", ".ad", ".ae", ".af", ".ag", ".ai", ".al", ".am", ".an", ".ao", ".aq", ".ar", ".as", ".at", ".au", ".aw", ".az", ".ba", ".bb", ".bd", ".be", ".bf", ".bg", ".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br", ".bs", ".bt", ".bv", ".bw", ".by", ".bz", ".ca", ".cc", ".cd", ".cf", ".cg", ".ch", ".ci", ".ck", ".cl", ".cm", ".cn", ".co", ".cr", ".cu", ".cv", ".cx", ".cy", ".cz", ".de", ".dj", ".dk", ".dm", ".do", ".dz", ".ec", ".ee", ".eg", ".eh", ".er", ".es", ".et", ".eu", ".fi", ".fj", ".fk", ".fm", ".fo", ".fr", ".ga", ".gd", ".ge", ".gf", ".gg", ".gh", ".gi", ".gl", ".gm", ".gn", ".gp", ".gq", ".gr", ".gs", ".gt", ".gu", ".gw", ".gy", ".hk", ".hm", ".hn", ".hr", ".ht", ".hu", ".id", ".ie", ".il", ".im", ".in", ".io", ".iq", ".ir", ".is", ".it", ".je", ".jm", ".jo", ".jp", ".ke", ".kg", ".kh", ".ki", ".km", ".kn", ".kp", ".kr", ".kw", ".ky", ".kz", ".la", ".lb", ".lc", ".li", ".lk", ".lr", ".ls", ".lt", ".lu", ".lv", ".ly", ".ma", ".mc", ".md", ".mg", ".mh", ".mk", ".ml", ".mm", ".mn", ".mo", ".mp", ".mq", ".mr", ".ms", ".mt", ".mu", ".mv", ".mw", ".mx", ".my", ".mz", ".na", ".nc", ".ne", ".nf", ".ng", ".ni", ".nl", ".no", ".np", ".nr", ".nu", ".nz", ".om", ".pa", ".pe", ".pf", ".pg", ".ph", ".pk", ".pl", ".pm", ".pn", ".pr", ".ps", ".pt", ".pw", ".py", ".qa", ".re", ".ro", ".ru", ".rw", ".sa", ".sb", ".sc", ".sd", ".se", ".sg", ".sh", ".si", ".sj", ".sk", ".sl", ".sm", ".sn", ".so", ".sr", ".st", ".sv", ".sy", ".sz", ".tc", ".td", ".tf", ".tg", ".th", ".tj", ".tk", ".tl", ".tm", ".tn", ".to", ".tp", ".tr", ".tt", ".tv", ".tw", ".tz", ".ua", ".ug", ".uk", ".um", ".us", ".uy", ".uz", ".va", ".vc", ".ve", ".vg", ".vi", ".vn", ".vu", ".wf", ".ws", ".ye", ".yt", ".yu", ".yr", ".za", ".zm", ".zw"}
-	C := CList[int(RandInt(4))%len(CList)]
-	ST := RandString(int(RandInt(4) % 10))
-	O := RandString(int(RandInt(4) % 10))
-	CN := strings.ToLower(RandString(int(RandInt(4)%10)) + domainSubfixList[int(RandInt(4))%len(domainSubfixList)])
-	//log.Printf("C: %s, ST: %s, O: %s, CN: %s", C, ST, O, CN)
-	var out []byte
-	if len(os.Args) == 3 && os.Args[2] == "ca" {
-		cmd := exec.Command("sh", "-c", "openssl genrsa -out ca.key 2048")
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
 
-		cmdStr := fmt.Sprintf("openssl req -new -key ca.key -x509 -days 36500 -out ca.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, "*."+CN)
-		cmd = exec.Command("sh", "-c", cmdStr)
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
-	} else if len(os.Args) == 5 && os.Args[2] == "ca" && os.Args[3] != "" && os.Args[4] != "" {
-		certBytes, _ := ioutil.ReadFile("ca.crt")
-		block, _ := pem.Decode(certBytes)
-		if block == nil || certBytes == nil {
-			panic("failed to parse ca certificate PEM")
-		}
-		x509Cert, _ := x509.ParseCertificate(block.Bytes)
-		if x509Cert == nil {
-			panic("failed to parse block")
-		}
-		name := os.Args[3]
-		days := os.Args[4]
-		cmd := exec.Command("sh", "-c", "openssl genrsa -out "+name+".key 2048")
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
+var allInterfaceAddrCache []net.IP
 
-		cmdStr := fmt.Sprintf("openssl req -new -key %s.key -out %s.csr -subj /C=%s/ST=%s/O=%s/CN=%s", name, name, C, ST, O, CN)
-		fmt.Printf("%s", cmdStr)
-		cmd = exec.Command("sh", "-c", cmdStr)
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
-
-		cmdStr = fmt.Sprintf("openssl x509 -req -days %s -in %s.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out %s.crt", days, name, name)
-		fmt.Printf("%s", cmdStr)
-		cmd = exec.Command("sh", "-c", cmdStr)
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-
-		fmt.Println(string(out))
-	} else if len(os.Args) == 3 && os.Args[2] == "usage" {
-		fmt.Println(`proxy keygen //generate proxy.crt and proxy.key
-proxy keygen ca //generate ca.crt and ca.key
-proxy keygen ca client0 30 //generate client0.crt client0.key and use ca.crt sign it with 30 days
-	`)
-	} else if len(os.Args) == 2 {
-		cmd := exec.Command("sh", "-c", "openssl genrsa -out proxy.key 2048")
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
-
-		cmdStr := fmt.Sprintf("openssl req -new -key proxy.key -x509 -days 36500 -out proxy.crt -subj /C=%s/ST=%s/O=%s/CN=%s", C, ST, O, CN)
-		cmd = exec.Command("sh", "-c", cmdStr)
-		out, err = cmd.CombinedOutput()
-		if err != nil {
-			logger.Printf("err:%s", err)
-			return
-		}
-		fmt.Println(string(out))
-	}
-
-	return
-}
 func GetAllInterfaceAddr() ([]net.IP, error) {
-
+	if allInterfaceAddrCache != nil {
+		return allInterfaceAddrCache, nil
+	}
 	ifaces, err := net.Interfaces()
 	if err != nil {
 		return nil, err
@@ -344,6 +334,7 @@ func GetAllInterfaceAddr() ([]net.IP, error) {
 		return nil, fmt.Errorf("no address Found, net.InterfaceAddrs: %v", addresses)
 	}
 	//only need first
+	allInterfaceAddrCache = addresses
 	return addresses, nil
 }
 func UDPPacket(srcAddr string, packet []byte) []byte {
@@ -394,10 +385,10 @@ func ReadUDPPacket(_reader io.Reader) (srcAddr string, packet []byte, err error)
 	return
 }
 func Uniqueid() string {
-	return xid.New().String()
-	// var src = rand.NewSource(time.Now().UnixNano())
-	// s := fmt.Sprintf("%d", src.Int63())
-	// return s[len(s)-5:len(s)-1] + fmt.Sprintf("%d", uint64(time.Now().UnixNano()))[8:]
+	str := fmt.Sprintf("%d%s", time.Now().UnixNano(), xid.New().String())
+	hash := sha1.New()
+	hash.Write([]byte(str))
+	return hex.EncodeToString(hash.Sum(nil))
 }
 func RandString(strlen int) string {
 	codes := "QWERTYUIOPLKJHGFDSAZXCVBNMabcdefghijklmnopqrstuvwxyz0123456789"
@@ -422,15 +413,24 @@ func RandInt(strLen int) int64 {
 	i, _ := strconv.ParseInt(string(data), 10, 64)
 	return i
 }
-func ReadData(r io.Reader) (data string, err error) {
-	var len uint16
+func ReadBytes(r io.Reader) (data []byte, err error) {
+	defer func() {
+		if e := recover(); e != nil {
+			err = fmt.Errorf("read bytes fail ,err : %s", e)
+		}
+	}()
+	var len uint64
 	err = binary.Read(r, binary.LittleEndian, &len)
 	if err != nil {
 		return
 	}
+	if len == 0 || len > ^uint64(0) {
+		err = fmt.Errorf("data len out of range, %d", len)
+		return
+	}
 	var n int
-	_data := make([]byte, len)
-	n, err = r.Read(_data)
+	data = make([]byte, len)
+	n, err = r.Read(data)
 	if err != nil {
 		return
 	}
@@ -438,9 +438,37 @@ func ReadData(r io.Reader) (data string, err error) {
 		err = fmt.Errorf("error data len")
 		return
 	}
+	return
+}
+func ReadData(r io.Reader) (data string, err error) {
+	_data, err := ReadBytes(r)
+	if err != nil {
+		return
+	}
 	data = string(_data)
 	return
 }
+
+//non typed packet with Bytes
+func ReadPacketBytes(r io.Reader, data ...*[]byte) (err error) {
+	for _, d := range data {
+		*d, err = ReadBytes(r)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+func BuildPacketBytes(data ...[]byte) []byte {
+	pkg := new(bytes.Buffer)
+	for _, d := range data {
+		binary.Write(pkg, binary.LittleEndian, uint64(len(d)))
+		binary.Write(pkg, binary.LittleEndian, d)
+	}
+	return pkg.Bytes()
+}
+
+//non typed packet with string
 func ReadPacketData(r io.Reader, data ...*string) (err error) {
 	for _, d := range data {
 		*d, err = ReadData(r)
@@ -450,13 +478,50 @@ func ReadPacketData(r io.Reader, data ...*string) (err error) {
 	}
 	return
 }
-func ReadPacket(r io.Reader, typ *uint8, data ...*string) (err error) {
+func BuildPacketData(data ...string) []byte {
+	pkg := new(bytes.Buffer)
+	for _, d := range data {
+		bytes := []byte(d)
+		binary.Write(pkg, binary.LittleEndian, uint64(len(bytes)))
+		binary.Write(pkg, binary.LittleEndian, bytes)
+	}
+	return pkg.Bytes()
+}
+
+//typed packet with bytes
+func ReadBytesPacket(r io.Reader, packetType *uint8, data ...*[]byte) (err error) {
 	var connType uint8
 	err = binary.Read(r, binary.LittleEndian, &connType)
 	if err != nil {
 		return
 	}
-	*typ = connType
+	*packetType = connType
+	for _, d := range data {
+		*d, err = ReadBytes(r)
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+func BuildBytesPacket(packetType uint8, data ...[]byte) []byte {
+	pkg := new(bytes.Buffer)
+	binary.Write(pkg, binary.LittleEndian, packetType)
+	for _, d := range data {
+		binary.Write(pkg, binary.LittleEndian, uint64(len(d)))
+		binary.Write(pkg, binary.LittleEndian, d)
+	}
+	return pkg.Bytes()
+}
+
+//typed packet with string
+func ReadPacket(r io.Reader, packetType *uint8, data ...*string) (err error) {
+	var connType uint8
+	err = binary.Read(r, binary.LittleEndian, &connType)
+	if err != nil {
+		return
+	}
+	*packetType = connType
 	for _, d := range data {
 		*d, err = ReadData(r)
 		if err != nil {
@@ -465,25 +530,18 @@ func ReadPacket(r io.Reader, typ *uint8, data ...*string) (err error) {
 	}
 	return
 }
-func BuildPacket(typ uint8, data ...string) []byte {
+
+func BuildPacket(packetType uint8, data ...string) []byte {
 	pkg := new(bytes.Buffer)
-	binary.Write(pkg, binary.LittleEndian, typ)
+	binary.Write(pkg, binary.LittleEndian, packetType)
 	for _, d := range data {
 		bytes := []byte(d)
-		binary.Write(pkg, binary.LittleEndian, uint16(len(bytes)))
-		binary.Write(pkg, binary.LittleEndian, bytes)
-	}
-	return pkg.Bytes()
-}
-func BuildPacketData(data ...string) []byte {
-	pkg := new(bytes.Buffer)
-	for _, d := range data {
-		bytes := []byte(d)
-		binary.Write(pkg, binary.LittleEndian, uint16(len(bytes)))
+		binary.Write(pkg, binary.LittleEndian, uint64(len(bytes)))
 		binary.Write(pkg, binary.LittleEndian, bytes)
 	}
 	return pkg.Bytes()
 }
+
 func SubStr(str string, start, end int) string {
 	if len(str) == 0 {
 		return ""
@@ -503,12 +561,21 @@ func SubBytes(bytes []byte, start, end int) []byte {
 	return bytes[start:end]
 }
 func TlsBytes(cert, key string) (certBytes, keyBytes []byte, err error) {
-	certBytes, err = ioutil.ReadFile(cert)
+	base64Prefix := "base64://"
+	if strings.HasPrefix(cert, base64Prefix) {
+		certBytes, err = base64.StdEncoding.DecodeString(cert[len(base64Prefix):])
+	} else {
+		certBytes, err = ioutil.ReadFile(cert)
+	}
 	if err != nil {
 		err = fmt.Errorf("err : %s", err)
 		return
 	}
-	keyBytes, err = ioutil.ReadFile(key)
+	if strings.HasPrefix(key, base64Prefix) {
+		keyBytes, err = base64.StdEncoding.DecodeString(key[len(base64Prefix):])
+	} else {
+		keyBytes, err = ioutil.ReadFile(key)
+	}
 	if err != nil {
 		err = fmt.Errorf("err : %s", err)
 		return
@@ -579,12 +646,27 @@ func HttpGet(URL string, timeout int, host ...string) (body []byte, code int, er
 	body, err = ioutil.ReadAll(resp.Body)
 	return
 }
-func IsIternalIP(domainOrIP string) bool {
+func IsInternalIP(domainOrIP string, always bool) bool {
 	var outIPs []net.IP
-	outIPs, err := net.LookupIP(domainOrIP)
+	var err error
+	var isDomain bool
+	if net.ParseIP(domainOrIP) == nil {
+		isDomain = true
+	}
+	if always && isDomain {
+		return false
+	}
+
+	if isDomain {
+		outIPs, err = LookupIP(domainOrIP)
+	} else {
+		outIPs = []net.IP{net.ParseIP(domainOrIP)}
+	}
+
 	if err != nil {
 		return false
 	}
+
 	for _, ip := range outIPs {
 		if ip.IsLoopback() {
 			return true
@@ -592,7 +674,7 @@ func IsIternalIP(domainOrIP string) bool {
 		if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "10.0.0.0" {
 			return true
 		}
-		if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "192.168.0.0" {
+		if ip.To4().Mask(net.IPv4Mask(255, 255, 0, 0)).String() == "192.168.0.0" {
 			return true
 		}
 		if ip.To4().Mask(net.IPv4Mask(255, 0, 0, 0)).String() == "172.0.0.0" {
@@ -627,12 +709,18 @@ func RemoveProxyHeaders(head []byte) []byte {
 	var keys = map[string]bool{}
 	lines := bytes.Split(head, []byte("\r\n"))
 	IsBody := false
+	i := -1
 	for _, line := range lines {
+		i++
 		if len(line) == 0 || IsBody {
 			newLines = append(newLines, line)
 			IsBody = true
 		} else {
 			hline := bytes.SplitN(line, []byte(":"), 2)
+			if i == 0 && IsHTTP(head) {
+				newLines = append(newLines, line)
+				continue
+			}
 			if len(hline) != 2 {
 				continue
 			}
@@ -649,6 +737,63 @@ func RemoveProxyHeaders(head []byte) []byte {
 func InsertProxyHeaders(head []byte, headers string) []byte {
 	return bytes.Replace(head, []byte("\r\n"), []byte("\r\n"+headers), 1)
 }
+func LBMethod(key string) int {
+	typs := map[string]int{"weight": lb.SELECT_WEITHT, "leasttime": lb.SELECT_LEASTTIME, "leastconn": lb.SELECT_LEASTCONN, "hash": lb.SELECT_HASH, "roundrobin": lb.SELECT_ROUNDROBIN}
+	return typs[key]
+}
+func UDPCopy(dst, src *net.UDPConn, dstAddr net.Addr, readTimeout time.Duration, beforeWriteFn func(data []byte) []byte, deferFn func(e interface{})) {
+	go func() {
+		defer func() {
+			deferFn(recover())
+		}()
+		buf := LeakyBuffer.Get()
+		defer LeakyBuffer.Put(buf)
+		for {
+			if readTimeout > 0 {
+				src.SetReadDeadline(time.Now().Add(readTimeout))
+			}
+			n, err := src.Read(buf)
+			if readTimeout > 0 {
+				src.SetReadDeadline(time.Time{})
+			}
+			if err != nil {
+				if IsNetClosedErr(err) || IsNetTimeoutErr(err) || IsNetRefusedErr(err) {
+					return
+				}
+				continue
+			}
+			_, err = dst.WriteTo(beforeWriteFn(buf[:n]), dstAddr)
+			if err != nil {
+				if IsNetClosedErr(err) {
+					return
+				}
+				continue
+			}
+		}
+	}()
+}
+func IsNetClosedErr(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "use of closed network connection")
+}
+func IsNetTimeoutErr(err error) bool {
+	if err == nil {
+		return false
+	}
+	e, ok := err.(net.Error)
+	return ok && e.Timeout()
+}
+func IsNetRefusedErr(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "connection refused")
+}
+func IsNetDeadlineErr(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "i/o deadline reached")
+}
+func IsNetSocketNotConnectedErr(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "socket is not connected")
+}
+func NewDefaultLogger() *logger.Logger {
+	return logger.New(os.Stderr, "", logger.LstdFlags)
+}
 
 // type sockaddr struct {
 // 	family uint16
@@ -706,3 +851,26 @@ func InsertProxyHeaders(head []byte, headers string) []byte {
 // 	}
 // 	return
 // }
+
+/*
+net.LookupIP may cause  deadlock in windows
+https://github.com/golang/go/issues/24178
+*/
+
+func LookupIP(host string) ([]net.IP, error) {
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(3))
+	defer func() {
+		cancel()
+		//ctx.Done()
+	}()
+	addrs, err := net.DefaultResolver.LookupIPAddr(ctx, host)
+	if err != nil {
+		return nil, err
+	}
+	ips := make([]net.IP, len(addrs))
+	for i, ia := range addrs {
+		ips[i] = ia.IP
+	}
+	return ips, nil
+}

utils/io-limiter.go

@@ -1,97 +0,0 @@
-package utils
-
-import (
-	"context"
-	"io"
-	"time"
-
-	"golang.org/x/time/rate"
-)
-
-const burstLimit = 1000 * 1000 * 1000
-
-type Reader struct {
-	r       io.Reader
-	limiter *rate.Limiter
-	ctx     context.Context
-}
-
-type Writer struct {
-	w       io.Writer
-	limiter *rate.Limiter
-	ctx     context.Context
-}
-
-// NewReader returns a reader that implements io.Reader with rate limiting.
-func NewReader(r io.Reader) *Reader {
-	return &Reader{
-		r:   r,
-		ctx: context.Background(),
-	}
-}
-
-// NewReaderWithContext returns a reader that implements io.Reader with rate limiting.
-func NewReaderWithContext(r io.Reader, ctx context.Context) *Reader {
-	return &Reader{
-		r:   r,
-		ctx: ctx,
-	}
-}
-
-// NewWriter returns a writer that implements io.Writer with rate limiting.
-func NewWriter(w io.Writer) *Writer {
-	return &Writer{
-		w:   w,
-		ctx: context.Background(),
-	}
-}
-
-// NewWriterWithContext returns a writer that implements io.Writer with rate limiting.
-func NewWriterWithContext(w io.Writer, ctx context.Context) *Writer {
-	return &Writer{
-		w:   w,
-		ctx: ctx,
-	}
-}
-
-// SetRateLimit sets rate limit (bytes/sec) to the reader.
-func (s *Reader) SetRateLimit(bytesPerSec float64) {
-	s.limiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
-	s.limiter.AllowN(time.Now(), burstLimit) // spend initial burst
-}
-
-// Read reads bytes into p.
-func (s *Reader) Read(p []byte) (int, error) {
-	if s.limiter == nil {
-		return s.r.Read(p)
-	}
-	n, err := s.r.Read(p)
-	if err != nil {
-		return n, err
-	}
-	if err := s.limiter.WaitN(s.ctx, n); err != nil {
-		return n, err
-	}
-	return n, nil
-}
-
-// SetRateLimit sets rate limit (bytes/sec) to the writer.
-func (s *Writer) SetRateLimit(bytesPerSec float64) {
-	s.limiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
-	s.limiter.AllowN(time.Now(), burstLimit) // spend initial burst
-}
-
-// Write writes bytes from p.
-func (s *Writer) Write(p []byte) (int, error) {
-	if s.limiter == nil {
-		return s.w.Write(p)
-	}
-	n, err := s.w.Write(p)
-	if err != nil {
-		return n, err
-	}
-	if err := s.limiter.WaitN(s.ctx, n); err != nil {
-		return n, err
-	}
-	return n, err
-}

utils/iolimiter/iolimiter.go

@@ -0,0 +1,191 @@
+package iolimiter
+
+import (
+	"context"
+	"io"
+	"net"
+	"time"
+
+	"golang.org/x/time/rate"
+)
+
+const burstLimit = 1000 * 1000 * 1000
+
+type Reader struct {
+	r       io.Reader
+	limiter *rate.Limiter
+	ctx     context.Context
+}
+
+type Writer struct {
+	w       io.Writer
+	limiter *rate.Limiter
+	ctx     context.Context
+}
+
+type conn struct {
+	net.Conn
+	r            io.Reader
+	w            io.Writer
+	readLimiter  *rate.Limiter
+	writeLimiter *rate.Limiter
+	ctx          context.Context
+}
+
+//NewtRateLimitConn sets rate limit (bytes/sec) to the Conn read and write.
+func NewtConn(c net.Conn, bytesPerSec float64) net.Conn {
+	s := &conn{
+		Conn: c,
+		r:    c,
+		w:    c,
+		ctx:  context.Background(),
+	}
+	s.readLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.readLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+	s.writeLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.writeLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+	return s
+}
+
+//NewtRateLimitReaderConn sets rate limit (bytes/sec) to the Conn read.
+func NewReaderConn(c net.Conn, bytesPerSec float64) net.Conn {
+	s := &conn{
+		Conn: c,
+		r:    c,
+		w:    c,
+		ctx:  context.Background(),
+	}
+	s.readLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.readLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+	return s
+}
+
+//NewtRateLimitWriterConn sets rate limit (bytes/sec) to the Conn write.
+func NewWriterConn(c net.Conn, bytesPerSec float64) net.Conn {
+	s := &conn{
+		Conn: c,
+		r:    c,
+		w:    c,
+		ctx:  context.Background(),
+	}
+	s.writeLimiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.writeLimiter.AllowN(time.Now(), burstLimit) // spend initial burst
+	return s
+}
+
+// Read reads bytes into p.
+func (s *conn) Read(p []byte) (int, error) {
+	if s.readLimiter == nil {
+		return s.r.Read(p)
+	}
+	n, err := s.r.Read(p)
+	if err != nil {
+		return n, err
+	}
+	if err := s.readLimiter.WaitN(s.ctx, n); err != nil {
+		return n, err
+	}
+	return n, nil
+}
+
+// Write writes bytes from p.
+func (s *conn) Write(p []byte) (int, error) {
+	if s.writeLimiter == nil {
+		return s.w.Write(p)
+	}
+	n, err := s.w.Write(p)
+	if err != nil {
+		return n, err
+	}
+	if err := s.writeLimiter.WaitN(s.ctx, n); err != nil {
+		return n, err
+	}
+	return n, err
+}
+func (s *conn) Close() error {
+	if s.Conn != nil {
+		e := s.Conn.Close()
+		s.Conn = nil
+		s.r = nil
+		s.w = nil
+		s.readLimiter = nil
+		s.writeLimiter = nil
+		s.ctx = nil
+		return e
+	}
+	return nil
+}
+
+// NewReader returns a reader that implements io.Reader with rate limiting.
+func NewReader(r io.Reader) *Reader {
+	return &Reader{
+		r:   r,
+		ctx: context.Background(),
+	}
+}
+
+// NewReaderWithContext returns a reader that implements io.Reader with rate limiting.
+func NewReaderWithContext(r io.Reader, ctx context.Context) *Reader {
+	return &Reader{
+		r:   r,
+		ctx: ctx,
+	}
+}
+
+// NewWriter returns a writer that implements io.Writer with rate limiting.
+func NewWriter(w io.Writer) *Writer {
+	return &Writer{
+		w:   w,
+		ctx: context.Background(),
+	}
+}
+
+// NewWriterWithContext returns a writer that implements io.Writer with rate limiting.
+func NewWriterWithContext(w io.Writer, ctx context.Context) *Writer {
+	return &Writer{
+		w:   w,
+		ctx: ctx,
+	}
+}
+
+// SetRateLimit sets rate limit (bytes/sec) to the reader.
+func (s *Reader) SetRateLimit(bytesPerSec float64) {
+	s.limiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.limiter.AllowN(time.Now(), burstLimit) // spend initial burst
+}
+
+// Read reads bytes into p.
+func (s *Reader) Read(p []byte) (int, error) {
+	if s.limiter == nil {
+		return s.r.Read(p)
+	}
+	n, err := s.r.Read(p)
+	if err != nil {
+		return n, err
+	}
+	if err := s.limiter.WaitN(s.ctx, n); err != nil {
+		return n, err
+	}
+	return n, nil
+}
+
+// SetRateLimit sets rate limit (bytes/sec) to the writer.
+func (s *Writer) SetRateLimit(bytesPerSec float64) {
+	s.limiter = rate.NewLimiter(rate.Limit(bytesPerSec), burstLimit)
+	s.limiter.AllowN(time.Now(), burstLimit) // spend initial burst
+}
+
+// Write writes bytes from p.
+func (s *Writer) Write(p []byte) (int, error) {
+	if s.limiter == nil {
+		return s.w.Write(p)
+	}
+	n, err := s.w.Write(p)
+	if err != nil {
+		return n, err
+	}
+	if err := s.limiter.WaitN(s.ctx, n); err != nil {
+		return n, err
+	}
+	return n, err
+}

utils/jumper/jumper.go

@@ -0,0 +1,104 @@
+package jumper
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"net"
+	"net/url"
+	"time"
+
+	"golang.org/x/net/proxy"
+)
+
+type Jumper struct {
+	proxyURL *url.URL
+	timeout  time.Duration
+}
+type socks5Dialer struct {
+	timeout time.Duration
+}
+
+func (s socks5Dialer) Dial(network, addr string) (net.Conn, error) {
+	return net.DialTimeout(network, addr, s.timeout)
+}
+
+func New(proxyURL string, timeout time.Duration) (j Jumper, err error) {
+	u, e := url.Parse(proxyURL)
+	if e != nil {
+		err = e
+		return
+	}
+	j = Jumper{
+		proxyURL: u,
+		timeout:  timeout,
+	}
+	return
+}
+func (j *Jumper) Dial(address string, timeout time.Duration) (net.Conn, error) {
+	switch j.proxyURL.Scheme {
+	case "https":
+		return j.dialHTTPS(address, timeout)
+	case "socks5":
+		return j.dialSOCKS5(address, timeout)
+	default:
+		return nil, fmt.Errorf("unkown scheme of %s", j.proxyURL.String())
+	}
+}
+func (j *Jumper) dialHTTPS(address string, timeout time.Duration) (conn net.Conn, err error) {
+	conn, err = net.DialTimeout("tcp", j.proxyURL.Host, timeout)
+	if err != nil {
+		return
+	}
+	pb := new(bytes.Buffer)
+	pb.Write([]byte(fmt.Sprintf("CONNECT %s HTTP/1.1\r\n", address)))
+	pb.WriteString(fmt.Sprintf("Host: %s\r\n", address))
+	pb.WriteString(fmt.Sprintf("Proxy-Host: %s\r\n", address))
+	pb.WriteString("Proxy-Connection: Keep-Alive\r\n")
+	pb.WriteString("Connection: Keep-Alive\r\n")
+	if j.proxyURL.User != nil {
+		p, _ := j.proxyURL.User.Password()
+		u := fmt.Sprintf("%s:%s", j.proxyURL.User.Username(), p)
+		pb.Write([]byte(fmt.Sprintf("Proxy-Authorization: Basic %s\r\n", base64.StdEncoding.EncodeToString([]byte(u)))))
+	}
+	pb.Write([]byte("\r\n"))
+	_, err = conn.Write(pb.Bytes())
+	if err != nil {
+		conn.Close()
+		conn = nil
+		err = fmt.Errorf("error connecting to proxy: %s", err)
+		return
+	}
+	reply := make([]byte, 1024)
+	conn.SetDeadline(time.Now().Add(timeout))
+	n, e := conn.Read(reply)
+	conn.SetDeadline(time.Time{})
+	if e != nil {
+		err = fmt.Errorf("error read reply from proxy: %s", e)
+		conn.Close()
+		conn = nil
+		return
+	}
+	if bytes.Index(reply[:n], []byte("200")) == -1 {
+		err = fmt.Errorf("error greeting to proxy, response: %s", string(reply[:n]))
+		conn.Close()
+		conn = nil
+		return
+	}
+	return
+}
+func (j *Jumper) dialSOCKS5(address string, timeout time.Duration) (conn net.Conn, err error) {
+	auth := &proxy.Auth{}
+	if j.proxyURL.User != nil {
+		auth.User = j.proxyURL.User.Username()
+		auth.Password, _ = j.proxyURL.User.Password()
+	} else {
+		auth = nil
+	}
+	dialSocksProxy, e := proxy.SOCKS5("tcp", j.proxyURL.Host, auth, socks5Dialer{timeout: timeout})
+	if e != nil {
+		err = fmt.Errorf("error connecting to proxy: %s", e)
+		return
+	}
+	return dialSocksProxy.Dial("tcp", address)
+}

utils/lb/backend.go

@@ -0,0 +1,215 @@
+package lb
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net"
+	"runtime/debug"
+	"sync"
+	"time"
+
+	"github.com/snail007/goproxy/utils/dnsx"
+)
+
+// BackendConfig it's the configuration loaded
+type BackendConfig struct {
+	Address string
+
+	ActiveAfter   int
+	InactiveAfter int
+	Weight        int
+
+	Timeout   time.Duration
+	RetryTime time.Duration
+
+	IsMuxCheck  bool
+	ConnFactory func(address string, timeout time.Duration) (net.Conn, error)
+}
+type BackendsConfig []*BackendConfig
+
+// BackendControl keep the control data
+type BackendControl struct {
+	Failed bool // The last request failed
+	Active bool
+
+	InactiveTries int
+	ActiveTries   int
+
+	Connections int
+
+	ConnectUsedMillisecond int
+
+	isStop bool
+}
+
+// Backend structure
+type Backend struct {
+	BackendConfig
+	BackendControl
+	sync.RWMutex
+	log *log.Logger
+	dr  *dnsx.DomainResolver
+}
+
+type Backends []*Backend
+
+func NewBackend(backendConfig BackendConfig, dr *dnsx.DomainResolver, log *log.Logger) (*Backend, error) {
+
+	if backendConfig.Address == "" {
+		return nil, errors.New("Address rquired")
+	}
+	if backendConfig.ActiveAfter == 0 {
+		backendConfig.ActiveAfter = 2
+	}
+	if backendConfig.InactiveAfter == 0 {
+		backendConfig.InactiveAfter = 3
+	}
+	if backendConfig.Weight == 0 {
+		backendConfig.Weight = 1
+	}
+	if backendConfig.Timeout == 0 {
+		backendConfig.Timeout = time.Millisecond * 1500
+	}
+	if backendConfig.RetryTime == 0 {
+		backendConfig.RetryTime = time.Millisecond * 2000
+	}
+	return &Backend{
+		dr:            dr,
+		log:           log,
+		BackendConfig: backendConfig,
+		BackendControl: BackendControl{
+			Failed:                 true,
+			Active:                 false,
+			InactiveTries:          0,
+			ActiveTries:            0,
+			Connections:            0,
+			ConnectUsedMillisecond: 0,
+			isStop:                 false,
+		},
+	}, nil
+}
+func (b *Backend) StopHeartCheck() {
+	b.isStop = true
+}
+
+func (b *Backend) IncreasConns() {
+	b.RWMutex.Lock()
+	b.Connections++
+	b.RWMutex.Unlock()
+}
+
+func (b *Backend) DecreaseConns() {
+	b.RWMutex.Lock()
+	b.Connections--
+	b.RWMutex.Unlock()
+}
+
+func (b *Backend) StartHeartCheck() {
+	if b.IsMuxCheck {
+		b.startMuxHeartCheck()
+	} else {
+		b.startTCPHeartCheck()
+	}
+}
+func (b *Backend) startMuxHeartCheck() {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		for {
+			if b.isStop {
+				return
+			}
+			var c net.Conn
+			var err error
+			start := time.Now().UnixNano() / int64(time.Microsecond)
+			c, err = b.getConn()
+			b.ConnectUsedMillisecond = int(time.Now().UnixNano()/int64(time.Microsecond) - start)
+			if err != nil {
+				b.Active = false
+				time.Sleep(time.Second * 2)
+				continue
+			} else {
+				b.Active = true
+			}
+			for {
+				buf := make([]byte, 1)
+				c.Read(buf)
+				buf = nil
+				break
+			}
+			b.Active = false
+		}
+	}()
+}
+
+// Monitoring the backend
+func (b *Backend) startTCPHeartCheck() {
+	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:\n%s",e, string(debug.Stack()))
+			}
+		}()
+		for {
+			if b.isStop {
+				return
+			}
+			var c net.Conn
+			var err error
+			start := time.Now().UnixNano() / int64(time.Microsecond)
+			c, err = b.getConn()
+			b.ConnectUsedMillisecond = int(time.Now().UnixNano()/int64(time.Microsecond) - start)
+			if err == nil {
+				c.Close()
+			}
+			if err != nil {
+				b.RWMutex.Lock()
+				// Max tries before consider inactive
+				if b.InactiveTries >= b.InactiveAfter {
+					//b.log.Printf("Backend inactive [%s]", b.Address)
+					b.Active = false
+					b.ActiveTries = 0
+				} else {
+					// Ok that guy it's out of the game
+					b.Failed = true
+					b.InactiveTries++
+					//b.log.Printf("Error to check address [%s] tries [%d]", b.Address, b.InactiveTries)
+				}
+				b.RWMutex.Unlock()
+			} else {
+
+				// Ok, let's keep working boys
+				b.RWMutex.Lock()
+				if b.ActiveTries >= b.ActiveAfter {
+					if b.Failed {
+						//log.Printf("Backend active [%s]", b.Address)
+					}
+					b.Failed = false
+					b.Active = true
+					b.InactiveTries = 0
+				} else {
+					b.ActiveTries++
+				}
+				b.RWMutex.Unlock()
+			}
+			time.Sleep(b.RetryTime)
+		}
+	}()
+}
+func (b *Backend) getConn() (conn net.Conn, err error) {
+	address := b.Address
+	if b.dr != nil && b.dr.DnsAddress() != "" {
+		address, err = b.dr.Resolve(b.Address)
+		if err != nil {
+			b.log.Printf("dns error %s , ERR:%s", b.Address, err)
+		}
+	}
+	if b.ConnFactory != nil {
+		return b.ConnFactory(address, b.Timeout)
+	}
+	return net.DialTimeout("tcp", address, b.Timeout)
+}

utils/lb/lb.go

@@ -0,0 +1,703 @@
+package lb
+
+import (
+	"crypto/md5"
+	"log"
+	"net"
+	"sync"
+
+	"github.com/snail007/goproxy/utils/dnsx"
+)
+
+const (
+	SELECT_ROUNDROBIN = iota
+	SELECT_LEASTCONN
+	SELECT_HASH
+	SELECT_WEITHT
+	SELECT_LEASTTIME
+)
+
+type Selector interface {
+	Select(srcAddr string) (addr string)
+	SelectBackend(srcAddr string) (b *Backend)
+	IncreasConns(addr string)
+	DecreaseConns(addr string)
+	Stop()
+	Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger)
+	IsActive() bool
+	ActiveCount() (count int)
+	Backends() (bs []*Backend)
+}
+
+type Group struct {
+	selector *Selector
+	log      *log.Logger
+	dr       *dnsx.DomainResolver
+	lock     *sync.Mutex
+	last     *Backend
+	debug    bool
+	bks      []*Backend
+}
+
+func NewGroup(selectType int, configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger, debug bool) Group {
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	var s Selector
+	switch selectType {
+	case SELECT_ROUNDROBIN:
+		s = NewRoundRobin(bks, log, debug)
+	case SELECT_LEASTCONN:
+		s = NewLeastConn(bks, log, debug)
+	case SELECT_HASH:
+		s = NewHash(bks, log, debug)
+	case SELECT_WEITHT:
+		s = NewWeight(bks, log, debug)
+	case SELECT_LEASTTIME:
+		s = NewLeastTime(bks, log, debug)
+	}
+	return Group{
+		selector: &s,
+		log:      log,
+		dr:       dr,
+		lock:     &sync.Mutex{},
+		debug:    debug,
+		bks:      bks,
+	}
+}
+
+func (g *Group) Select(srcAddr string, onlyHa bool) (addr string) {
+	_, addr = g.Select2(srcAddr, onlyHa)
+	return
+}
+func (g *Group) Select2(srcAddr string, onlyHa bool) (isEmpty bool, addr string) {
+	addr = ""
+	if len(g.bks) == 1 {
+		return false, g.bks[0].Address
+	}
+	if onlyHa {
+		g.lock.Lock()
+		defer g.lock.Unlock()
+		if g.last != nil && (g.last.Active || g.last.ConnectUsedMillisecond == 0) {
+			if g.debug {
+				g.log.Printf("############ choosed %s from lastest ############", g.last.Address)
+				printDebug(true, g.log, nil, srcAddr, (*g.selector).Backends())
+			}
+			return false, g.last.Address
+		}
+		g.last = (*g.selector).SelectBackend(srcAddr)
+		if !g.last.Active && g.last.ConnectUsedMillisecond > 0 {
+			g.log.Printf("###warn### lb selected empty , return default , for : %s", srcAddr)
+		}
+		return true, g.last.Address
+	}
+	b := (*g.selector).SelectBackend(srcAddr)
+	if !b.Active && b.ConnectUsedMillisecond > 0 {
+		g.log.Printf("###warn### lb selected empty , return default , for : %s", srcAddr)
+		return true, b.Address
+	}
+	return false, b.Address
+
+}
+func (g *Group) IncreasConns(addr string) {
+	(*g.selector).IncreasConns(addr)
+}
+func (g *Group) DecreaseConns(addr string) {
+	(*g.selector).DecreaseConns(addr)
+}
+func (g *Group) Stop() {
+	if g.selector != nil {
+		(*g.selector).Stop()
+	}
+}
+func (g *Group) IsActive() bool {
+	return (*g.selector).IsActive()
+}
+func (g *Group) ActiveCount() (count int) {
+	return (*g.selector).ActiveCount()
+}
+func (g *Group) Reset(addrs []string) {
+	bks := (*g.selector).Backends()
+	if len(bks) == 0 {
+		return
+	}
+	cfg := bks[0].BackendConfig
+	configs := BackendsConfig{}
+	for _, addr := range addrs {
+		c := cfg
+		c.Address = addr
+		configs = append(configs, &c)
+	}
+	(*g.selector).Reset(configs, g.dr, g.log)
+	g.bks = (*g.selector).Backends()
+}
+func (g *Group) Backends() []*Backend {
+	return (*g.selector).Backends()
+}
+
+//########################RoundRobin##########################
+type RoundRobin struct {
+	sync.Mutex
+	backendIndex int
+	backends     Backends
+	log          *log.Logger
+	debug        bool
+}
+
+func NewRoundRobin(backends Backends, log *log.Logger, debug bool) Selector {
+	return &RoundRobin{
+		backends: backends,
+		log:      log,
+		debug:    debug,
+	}
+
+}
+func (r *RoundRobin) Select(srcAddr string) (addr string) {
+	return r.SelectBackend(srcAddr).Address
+}
+func (r *RoundRobin) SelectBackend(srcAddr string) (b *Backend) {
+	r.Lock()
+	defer r.Unlock()
+	defer func() {
+		printDebug(r.debug, r.log, b, srcAddr, r.backends)
+	}()
+	if len(r.backends) == 0 {
+		return
+	}
+	if len(r.backends) == 1 {
+		return r.backends[0]
+	}
+RETRY:
+	found := false
+	for _, b := range r.backends {
+		if b.Active {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return r.backends[0]
+	}
+	r.backendIndex++
+	if r.backendIndex > len(r.backends)-1 {
+		r.backendIndex = 0
+	}
+	if !r.backends[r.backendIndex].Active {
+		goto RETRY
+	}
+	return r.backends[r.backendIndex]
+}
+func (r *RoundRobin) IncreasConns(addr string) {
+
+}
+func (r *RoundRobin) DecreaseConns(addr string) {
+
+}
+func (r *RoundRobin) Stop() {
+	for _, b := range r.backends {
+		b.StopHeartCheck()
+	}
+}
+func (r *RoundRobin) Backends() []*Backend {
+	return r.backends
+}
+func (r *RoundRobin) IsActive() bool {
+	for _, b := range r.backends {
+		if b.Active {
+			return true
+		}
+	}
+	return false
+}
+func (r *RoundRobin) ActiveCount() (count int) {
+	for _, b := range r.backends {
+		if b.Active {
+			count++
+		}
+	}
+	return
+}
+func (r *RoundRobin) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+	r.Lock()
+	defer r.Unlock()
+	r.Stop()
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	r.backends = bks
+}
+
+//########################LeastConn##########################
+
+type LeastConn struct {
+	sync.Mutex
+	backends Backends
+	log      *log.Logger
+	debug    bool
+}
+
+func NewLeastConn(backends []*Backend, log *log.Logger, debug bool) Selector {
+	lc := LeastConn{
+		backends: backends,
+		log:      log,
+		debug:    debug,
+	}
+	return &lc
+}
+
+func (lc *LeastConn) Select(srcAddr string) (addr string) {
+	return lc.SelectBackend(srcAddr).Address
+}
+func (lc *LeastConn) SelectBackend(srcAddr string) (b *Backend) {
+	lc.Lock()
+	defer lc.Unlock()
+	defer func() {
+		printDebug(lc.debug, lc.log, b, srcAddr, lc.backends)
+	}()
+	if len(lc.backends) == 0 {
+		return
+	}
+	if len(lc.backends) == 1 {
+		return lc.backends[0]
+	}
+	found := false
+	for _, b := range lc.backends {
+		if b.Active {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return lc.backends[0]
+	}
+	min := lc.backends[0].Connections
+	index := 0
+	for i, b := range lc.backends {
+		if b.Active {
+			min = b.Connections
+			index = i
+			break
+		}
+	}
+	for i, b := range lc.backends {
+		if b.Active && b.Connections <= min {
+			min = b.Connections
+			index = i
+		}
+	}
+	return lc.backends[index]
+}
+func (lc *LeastConn) IncreasConns(addr string) {
+	for _, a := range lc.backends {
+		if a.Address == addr {
+			a.IncreasConns()
+			return
+		}
+	}
+}
+func (lc *LeastConn) DecreaseConns(addr string) {
+	for _, a := range lc.backends {
+		if a.Address == addr {
+			a.DecreaseConns()
+			return
+		}
+	}
+}
+func (lc *LeastConn) Stop() {
+	for _, b := range lc.backends {
+		b.StopHeartCheck()
+	}
+}
+func (lc *LeastConn) IsActive() bool {
+	for _, b := range lc.backends {
+		if b.Active {
+			return true
+		}
+	}
+	return false
+}
+func (lc *LeastConn) ActiveCount() (count int) {
+	for _, b := range lc.backends {
+		if b.Active {
+			count++
+		}
+	}
+	return
+}
+func (lc *LeastConn) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+	lc.Lock()
+	defer lc.Unlock()
+	lc.Stop()
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	lc.backends = bks
+}
+func (lc *LeastConn) Backends() []*Backend {
+	return lc.backends
+}
+
+//########################Hash##########################
+type Hash struct {
+	sync.Mutex
+	backends Backends
+	log      *log.Logger
+	debug    bool
+}
+
+func NewHash(backends Backends, log *log.Logger, debug bool) Selector {
+	return &Hash{
+		backends: backends,
+		log:      log,
+		debug:    debug,
+	}
+}
+func (h *Hash) Select(srcAddr string) (addr string) {
+	return h.SelectBackend(srcAddr).Address
+}
+func (h *Hash) SelectBackend(srcAddr string) (b *Backend) {
+	h.Lock()
+	defer h.Unlock()
+	defer func() {
+		printDebug(h.debug, h.log, b, srcAddr, h.backends)
+	}()
+	if len(h.backends) == 0 {
+		return
+	}
+	if len(h.backends) == 1 {
+		return h.backends[0]
+	}
+	i := 0
+	host, _, err := net.SplitHostPort(srcAddr)
+	if err != nil {
+		return
+	}
+	//porti, _ := strconv.Atoi(port)
+	//i += porti
+	for _, b := range md5.Sum([]byte(host)) {
+		i += int(b)
+	}
+RETRY:
+	found := false
+	for _, b := range h.backends {
+		if b.Active {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return h.backends[0]
+	}
+	k := i % len(h.backends)
+	if !h.backends[k].Active {
+		i++
+		goto RETRY
+	}
+	return h.backends[k]
+}
+func (h *Hash) IncreasConns(addr string) {
+
+}
+func (h *Hash) DecreaseConns(addr string) {
+
+}
+func (h *Hash) Stop() {
+	for _, b := range h.backends {
+		b.StopHeartCheck()
+	}
+}
+func (h *Hash) IsActive() bool {
+	for _, b := range h.backends {
+		if b.Active {
+			return true
+		}
+	}
+	return false
+}
+func (h *Hash) ActiveCount() (count int) {
+	for _, b := range h.backends {
+		if b.Active {
+			count++
+		}
+	}
+	return
+}
+func (h *Hash) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+	h.Lock()
+	defer h.Unlock()
+	h.Stop()
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	h.backends = bks
+}
+func (h *Hash) Backends() []*Backend {
+	return h.backends
+}
+
+//########################Weight##########################
+type Weight struct {
+	sync.Mutex
+	backends Backends
+	log      *log.Logger
+	debug    bool
+}
+
+func NewWeight(backends Backends, log *log.Logger, debug bool) Selector {
+	return &Weight{
+		backends: backends,
+		log:      log,
+		debug:    debug,
+	}
+}
+func (w *Weight) Select(srcAddr string) (addr string) {
+	return w.SelectBackend(srcAddr).Address
+}
+func (w *Weight) SelectBackend(srcAddr string) (b *Backend) {
+	w.Lock()
+	defer w.Unlock()
+	defer func() {
+		printDebug(w.debug, w.log, b, srcAddr, w.backends)
+	}()
+	if len(w.backends) == 0 {
+		return
+	}
+	if len(w.backends) == 1 {
+		return w.backends[0]
+	}
+
+	found := false
+	for _, b := range w.backends {
+		if b.Active {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return w.backends[0]
+	}
+
+	min := w.backends[0].Connections / w.backends[0].Weight
+	index := 0
+	for i, b := range w.backends {
+		if b.Active {
+			min = b.Connections / b.Weight
+			index = i
+			break
+		}
+	}
+	for i, b := range w.backends {
+		if b.Active && b.Connections/b.Weight <= min {
+			min = b.Connections
+			index = i
+		}
+	}
+	return w.backends[index]
+}
+func (w *Weight) IncreasConns(addr string) {
+	w.Lock()
+	defer w.Unlock()
+	for _, a := range w.backends {
+		if a.Address == addr {
+			a.IncreasConns()
+			return
+		}
+	}
+}
+func (w *Weight) DecreaseConns(addr string) {
+	w.Lock()
+	defer w.Unlock()
+	for _, a := range w.backends {
+		if a.Address == addr {
+			a.DecreaseConns()
+			return
+		}
+	}
+}
+func (w *Weight) Stop() {
+	for _, b := range w.backends {
+		b.StopHeartCheck()
+	}
+}
+func (w *Weight) IsActive() bool {
+	for _, b := range w.backends {
+		if b.Active {
+			return true
+		}
+	}
+	return false
+}
+func (w *Weight) ActiveCount() (count int) {
+	for _, b := range w.backends {
+		if b.Active {
+			count++
+		}
+	}
+	return
+}
+func (w *Weight) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+	w.Lock()
+	defer w.Unlock()
+	w.Stop()
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	w.backends = bks
+}
+func (w *Weight) Backends() []*Backend {
+	return w.backends
+}
+
+//########################LeastTime##########################
+
+type LeastTime struct {
+	sync.Mutex
+	backends Backends
+	log      *log.Logger
+	debug    bool
+}
+
+func NewLeastTime(backends []*Backend, log *log.Logger, debug bool) Selector {
+	lt := LeastTime{
+		backends: backends,
+		log:      log,
+		debug:    debug,
+	}
+	return &lt
+}
+
+func (lt *LeastTime) Select(srcAddr string) (addr string) {
+	return lt.SelectBackend(srcAddr).Address
+}
+func (lt *LeastTime) SelectBackend(srcAddr string) (b *Backend) {
+	lt.Lock()
+	defer lt.Unlock()
+	defer func() {
+		printDebug(lt.debug, lt.log, b, srcAddr, lt.backends)
+	}()
+	if len(lt.backends) == 0 {
+		return
+	}
+	if len(lt.backends) == 1 {
+		return lt.backends[0]
+	}
+	found := false
+	for _, b := range lt.backends {
+		if b.Active {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return lt.backends[0]
+	}
+	min := lt.backends[0].ConnectUsedMillisecond
+	index := 0
+	for i, b := range lt.backends {
+		if b.Active {
+			min = b.ConnectUsedMillisecond
+			index = i
+			break
+		}
+	}
+	for i, b := range lt.backends {
+		if b.Active && b.ConnectUsedMillisecond > 0 && b.ConnectUsedMillisecond <= min {
+			min = b.ConnectUsedMillisecond
+			index = i
+		}
+	}
+	return lt.backends[index]
+}
+func (lt *LeastTime) IncreasConns(addr string) {
+
+}
+func (lt *LeastTime) DecreaseConns(addr string) {
+
+}
+func (lt *LeastTime) Stop() {
+	for _, b := range lt.backends {
+		b.StopHeartCheck()
+	}
+}
+func (lt *LeastTime) IsActive() bool {
+	for _, b := range lt.backends {
+		if b.Active {
+			return true
+		}
+	}
+	return false
+}
+func (lt *LeastTime) ActiveCount() (count int) {
+	for _, b := range lt.backends {
+		if b.Active {
+			count++
+		}
+	}
+	return
+}
+func (lt *LeastTime) Reset(configs BackendsConfig, dr *dnsx.DomainResolver, log *log.Logger) {
+	lt.Lock()
+	defer lt.Unlock()
+	lt.Stop()
+	bks := []*Backend{}
+	for _, c := range configs {
+		b, _ := NewBackend(*c, dr, log)
+		bks = append(bks, b)
+	}
+	if len(bks) > 1 {
+		for _, b := range bks {
+			b.StartHeartCheck()
+		}
+	}
+	lt.backends = bks
+}
+func (lt *LeastTime) Backends() []*Backend {
+	return lt.backends
+}
+func printDebug(isDebug bool, log *log.Logger, selected *Backend, srcAddr string, backends []*Backend) {
+	if isDebug {
+		log.Printf("############ LB start ############\n")
+		if selected != nil {
+			log.Printf("choosed %s for %s\n", selected.Address, srcAddr)
+		}
+		for _, v := range backends {
+			log.Printf("addr:%s,conns:%d,time:%d,weight:%d,active:%v\n", v.Address, v.Connections, v.ConnectUsedMillisecond, v.Weight, v.Active)
+		}
+		log.Printf("############ LB end ############\n")
+	}
+}

utils/mapx/map.go

@@ -1,7 +1,9 @@
-package utils
+package mapx
 
 import (
 	"encoding/json"
+	"fmt"
+	"runtime/debug"
 	"sync"
 )
 
@@ -194,10 +196,20 @@ func snapshot(m ConcurrentMap) (chans []chan Tuple) {
 
 // fanIn reads elements from channels `chans` into channel `out`
 func fanIn(chans []chan Tuple, out chan Tuple) {
+	defer func() {
+		if e := recover(); e != nil {
+			fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+		}
+	}()
 	wg := sync.WaitGroup{}
 	wg.Add(len(chans))
 	for _, ch := range chans {
 		go func(ch chan Tuple) {
+			defer func() {
+				if e := recover(); e != nil {
+					fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+				}
+			}()
 			for t := range ch {
 				out <- t
 			}
@@ -244,11 +256,21 @@ func (m ConcurrentMap) Keys() []string {
 	count := m.Count()
 	ch := make(chan string, count)
 	go func() {
+		defer func() {
+			if e := recover(); e != nil {
+				fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+			}
+		}()
 		// Foreach shard.
 		wg := sync.WaitGroup{}
 		wg.Add(SHARD_COUNT)
 		for _, shard := range m {
 			go func(shard *ConcurrentMapShared) {
+				defer func() {
+					if e := recover(); e != nil {
+						fmt.Printf("crashed, err: %s\nstack:%s", e, string(debug.Stack()))
+					}
+				}()
 				// Foreach key, value pair.
 				shard.RLock()
 				for key := range shard.items {

utils/serve-channel.go

@@ -1,229 +0,0 @@
-package utils
-
-import (
-	"crypto/tls"
-	"crypto/x509"
-	"errors"
-	"fmt"
-	logger "log"
-	"net"
-	"runtime/debug"
-	"strconv"
-
-	"github.com/snail007/goproxy/services/kcpcfg"
-
-	kcp "github.com/xtaci/kcp-go"
-)
-
-type ServerChannel struct {
-	ip               string
-	port             int
-	Listener         *net.Listener
-	UDPListener      *net.UDPConn
-	errAcceptHandler func(err error)
-	log              *logger.Logger
-}
-
-func NewServerChannel(ip string, port int, log *logger.Logger) ServerChannel {
-	return ServerChannel{
-		ip:   ip,
-		port: port,
-		log:  log,
-		errAcceptHandler: func(err error) {
-			log.Printf("accept error , ERR:%s", err)
-		},
-	}
-}
-func NewServerChannelHost(host string, log *logger.Logger) ServerChannel {
-	h, port, _ := net.SplitHostPort(host)
-	p, _ := strconv.Atoi(port)
-	return ServerChannel{
-		ip:   h,
-		port: p,
-		log:  log,
-		errAcceptHandler: func(err error) {
-			log.Printf("accept error , ERR:%s", err)
-		},
-	}
-}
-func (sc *ServerChannel) SetErrAcceptHandler(fn func(err error)) {
-	sc.errAcceptHandler = fn
-}
-func (sc *ServerChannel) ListenTls(certBytes, keyBytes, caCertBytes []byte, fn func(conn net.Conn)) (err error) {
-	sc.Listener, err = sc.listenTls(sc.ip, sc.port, certBytes, keyBytes, caCertBytes)
-	if err == nil {
-		go func() {
-			defer func() {
-				if e := recover(); e != nil {
-					sc.log.Printf("ListenTls crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-				}
-			}()
-			for {
-				var conn net.Conn
-				conn, err = (*sc.Listener).Accept()
-				if err == nil {
-					go func() {
-						defer func() {
-							if e := recover(); e != nil {
-								sc.log.Printf("tls connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-							}
-						}()
-						fn(conn)
-					}()
-				} else {
-					sc.errAcceptHandler(err)
-					(*sc.Listener).Close()
-					break
-				}
-			}
-		}()
-	}
-	return
-}
-func (sc *ServerChannel) listenTls(ip string, port int, certBytes, keyBytes, caCertBytes []byte) (ln *net.Listener, err error) {
-
-	var cert tls.Certificate
-	cert, err = tls.X509KeyPair(certBytes, keyBytes)
-	if err != nil {
-		return
-	}
-	clientCertPool := x509.NewCertPool()
-	caBytes := certBytes
-	if caCertBytes != nil {
-		caBytes = caCertBytes
-	}
-	ok := clientCertPool.AppendCertsFromPEM(caBytes)
-	if !ok {
-		err = errors.New("failed to parse root certificate")
-	}
-	config := &tls.Config{
-		ClientCAs:    clientCertPool,
-		Certificates: []tls.Certificate{cert},
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-	}
-	_ln, err := tls.Listen("tcp", fmt.Sprintf("%s:%d", ip, port), config)
-	if err == nil {
-		ln = &_ln
-	}
-	return
-}
-func (sc *ServerChannel) ListenTCP(fn func(conn net.Conn)) (err error) {
-	var l net.Listener
-	l, err = net.Listen("tcp", fmt.Sprintf("%s:%d", sc.ip, sc.port))
-	if err == nil {
-		sc.Listener = &l
-		go func() {
-			defer func() {
-				if e := recover(); e != nil {
-					sc.log.Printf("ListenTCP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-				}
-			}()
-			for {
-				var conn net.Conn
-				conn, err = (*sc.Listener).Accept()
-				if err == nil {
-					go func() {
-						defer func() {
-							if e := recover(); e != nil {
-								sc.log.Printf("tcp connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-							}
-						}()
-						fn(conn)
-					}()
-				} else {
-					sc.errAcceptHandler(err)
-					break
-				}
-			}
-		}()
-	}
-	return
-}
-func (sc *ServerChannel) ListenUDP(fn func(packet []byte, localAddr, srcAddr *net.UDPAddr)) (err error) {
-	addr := &net.UDPAddr{IP: net.ParseIP(sc.ip), Port: sc.port}
-	l, err := net.ListenUDP("udp", addr)
-	if err == nil {
-		sc.UDPListener = l
-		go func() {
-			defer func() {
-				if e := recover(); e != nil {
-					sc.log.Printf("ListenUDP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-				}
-			}()
-			for {
-				var buf = make([]byte, 2048)
-				n, srcAddr, err := (*sc.UDPListener).ReadFromUDP(buf)
-				if err == nil {
-					packet := buf[0:n]
-					go func() {
-						defer func() {
-							if e := recover(); e != nil {
-								sc.log.Printf("udp data handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-							}
-						}()
-						fn(packet, addr, srcAddr)
-					}()
-				} else {
-					sc.errAcceptHandler(err)
-					break
-				}
-			}
-		}()
-	}
-	return
-}
-func (sc *ServerChannel) ListenKCP(config kcpcfg.KCPConfigArgs, fn func(conn net.Conn), log *logger.Logger) (err error) {
-	lis, err := kcp.ListenWithOptions(fmt.Sprintf("%s:%d", sc.ip, sc.port), config.Block, *config.DataShard, *config.ParityShard)
-	if err == nil {
-		if err = lis.SetDSCP(*config.DSCP); err != nil {
-			log.Println("SetDSCP:", err)
-			return
-		}
-		if err = lis.SetReadBuffer(*config.SockBuf); err != nil {
-			log.Println("SetReadBuffer:", err)
-			return
-		}
-		if err = lis.SetWriteBuffer(*config.SockBuf); err != nil {
-			log.Println("SetWriteBuffer:", err)
-			return
-		}
-		sc.Listener = new(net.Listener)
-		*sc.Listener = lis
-		go func() {
-			defer func() {
-				if e := recover(); e != nil {
-					sc.log.Printf("ListenKCP crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-				}
-			}()
-			for {
-				//var conn net.Conn
-				conn, err := lis.AcceptKCP()
-				if err == nil {
-					go func() {
-						defer func() {
-							if e := recover(); e != nil {
-								sc.log.Printf("kcp connection handler crashed , err : %s , \ntrace:%s", e, string(debug.Stack()))
-							}
-						}()
-						conn.SetStreamMode(true)
-						conn.SetWriteDelay(true)
-						conn.SetNoDelay(*config.NoDelay, *config.Interval, *config.Resend, *config.NoCongestion)
-						conn.SetMtu(*config.MTU)
-						conn.SetWindowSize(*config.SndWnd, *config.RcvWnd)
-						conn.SetACKNoDelay(*config.AckNodelay)
-						if *config.NoComp {
-							fn(conn)
-						} else {
-							cconn := NewCompStream(conn)
-							fn(cconn)
-						}
-					}()
-				} else {
-					sc.errAcceptHandler(err)
-					break
-				}
-			}
-		}()
-	}
-	return
-}

utils/socks/client.go

@@ -33,7 +33,7 @@ type ClientConn struct {
 	timeout  time.Duration
 	addr     string
 	network  string
-	udpAddr  string
+	UDPAddr  string
 }
 
 // SOCKS5 returns a Dialer that makes SOCKSv5 connections to the given address
@@ -54,7 +54,7 @@ func NewClientConn(conn *net.Conn, network, target string, timeout time.Duration
 		s.header = header
 	}
 	if network == "udp" && target == "" {
-		target = "0.0.0.0:1"
+		target = "0.0.0.0:0"
 	}
 	s.addr = target
 	return s
@@ -72,7 +72,7 @@ func (s *ClientConn) Handshake() error {
 	if err != nil {
 		return errors.New("proxy: failed to parse port number: " + portStr)
 	}
-	if port < 1 || port > 0xffff {
+	if s.network == "tcp" && (port < 1 || port > 0xffff) {
 		return errors.New("proxy: port number out of range: " + portStr)
 	}
 
@@ -168,14 +168,14 @@ func (s *ClientConn) Handshake() error {
 	}
 	p := binary.BigEndian.Uint16([]byte{buf[0], buf[1]})
 	//log.Printf("%v", p)
-	s.udpAddr = net.JoinHostPort(ipStr, fmt.Sprintf("%d", p))
+	s.UDPAddr = net.JoinHostPort(ipStr, fmt.Sprintf("%d", p))
 	//log.Printf("%v", s.udpAddr)
 	(*s.conn).SetDeadline(time.Time{})
 	return nil
 }
 func (s *ClientConn) SendUDP(data []byte, addr string) (respData []byte, err error) {
 
-	c, err := net.DialTimeout("udp", s.udpAddr, s.timeout)
+	c, err := net.DialTimeout("udp", s.UDPAddr, s.timeout)
 	if err != nil {
 		return
 	}