gost

package module
v0.4.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2021 License: MIT Imports: 67 Imported by: 1

README

tunnel - GO Simple Tunnel based on https://github.com/ginuerzh/gost

GO语言实现的安全隧道

GoDoc GitHub release Go

English README

特性

Wiki站点: https://docs.ginuerzh.xyz/gost/

Telegram讨论群: https://t.me/gogost

Google讨论组: https://groups.google.com/d/forum/go-gost

安装

二进制文件

https://github.com/ginuerzh/gost/releases

源码编译
git clone https://github.com/ginuerzh/gost.git
cd gost/cmd/gost
go build
Docker
docker pull ginuerzh/gost
Homebrew
brew install gost
Ubuntu商店
sudo snap install core
sudo snap install gost

快速上手

不设置转发代理
  • 作为标准HTTP/SOCKS5代理
gost -L=:8080
  • 设置代理认证信息
gost -L=admin:123456@localhost:8080
  • 多端口监听
gost -L=http2://:443 -L=socks5://:1080 -L=ss://aes-128-cfb:123456@:8338
设置转发代理
gost -L=:8080 -F=192.168.1.1:8081
  • 转发代理认证
gost -L=:8080 -F=http://admin:123456@192.168.1.1:8081
设置多级转发代理(代理链)
gost -L=:8080 -F=quic://192.168.1.1:6121 -F=socks5+wss://192.168.1.2:1080 -F=http2://192.168.1.3:443 ... -F=a.b.c.d:NNNN

gost按照-F设置的顺序通过代理链将请求最终转发给a.b.c.d:NNNN处理,每一个转发代理可以是任意HTTP/HTTPS/HTTP2/SOCKS4/SOCKS5/Shadowsocks类型代理。

本地端口转发(TCP)
gost -L=tcp://:2222/192.168.1.1:22 [-F=...]

将本地TCP端口2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发通道类型时,gost会直接使用SSH的本地端口转发功能:

gost -L=tcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
本地端口转发(UDP)
gost -L=udp://:5353/192.168.1.1:53?ttl=60 [-F=...]

将本地UDP端口5353上的数据(通过代理链)转发到192.168.1.1:53上。 每条转发通道都有超时时间,当超过此时间,且在此时间段内无任何数据交互,则此通道将关闭。可以通过ttl参数来设置超时时间,默认值为60秒。

注: 转发UDP数据时,如果有代理链,则代理链的末端(最后一个-F参数)必须是gost SOCKS5类型代理,gost会使用UDP over TCP方式进行转发。

远程端口转发(TCP)
gost -L=rtcp://:2222/192.168.1.1:22 [-F=... -F=socks5://172.24.10.1:1080]

将172.24.10.1:2222上的数据(通过代理链)转发到192.168.1.1:22上。当代理链末端(最后一个-F参数)为SSH转发通道类型时,gost会直接使用SSH的远程端口转发功能:

gost -L=rtcp://:2222/192.168.1.1:22 -F forward+ssh://:2222
远程端口转发(UDP)
gost -L=rudp://:5353/192.168.1.1:53?ttl=60 [-F=... -F=socks5://172.24.10.1:1080]

将172.24.10.1:5353上的数据(通过代理链)转发到192.168.1.1:53上。 每条转发通道都有超时时间,当超过此时间,且在此时间段内无任何数据交互,则此通道将关闭。可以通过ttl参数来设置超时时间,默认值为60秒。

注: 转发UDP数据时,如果有代理链,则代理链的末端(最后一个-F参数)必须是GOST SOCKS5类型代理,gost会使用UDP-over-TCP方式进行转发。

HTTP2

gost的HTTP2支持两种模式:

  • 作为标准的HTTP2代理,并向下兼容HTTPS代理。
  • 作为通道传输其他协议。
代理模式

服务端:

gost -L=http2://:443

客户端:

gost -L=:8080 -F=http2://server_ip:443
通道模式

服务端:

gost -L=h2://:443

客户端:

gost -L=:8080 -F=h2://server_ip:443
QUIC

gost对QUIC的支持是基于quic-go库。

服务端:

gost -L=quic://:6121

客户端:

gost -L=:8080 -F=quic://server_ip:6121

注: QUIC模式只能作为代理链的第一个节点。

KCP

gost对KCP的支持是基于kcp-gokcptun库。

服务端:

gost -L=kcp://:8388

客户端:

gost -L=:8080 -F=kcp://server_ip:8388

gost会自动加载当前工作目录中的kcp.json(如果存在)配置文件,或者可以手动通过参数指定配置文件路径:

gost -L=kcp://:8388?c=/path/to/conf/file

注: KCP模式只能作为代理链的第一个节点。

SSH

gost的SSH支持两种模式:

  • 作为转发通道,配合本地/远程TCP端口转发使用。
  • 作为通道传输其他协议。
转发模式

服务端:

gost -L=forward+ssh://:2222

客户端:

gost -L=rtcp://:1222/:22 -F=forward+ssh://server_ip:2222
通道模式

服务端:

gost -L=ssh://:2222

客户端:

gost -L=:8080 -F=ssh://server_ip:2222?ping=60

可以通过ping参数设置心跳包发送周期,单位为秒。默认不发送心跳包。

透明代理

基于iptables的透明代理。

gost -L=redirect://:12345 -F=http2://server_ip:443
obfs4

此功能由@isofew贡献。

服务端:

gost -L=obfs4://:443

当服务端运行后会在控制台打印出连接地址供客户端使用:

obfs4://:443/?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0

客户端:

gost -L=:8888 -F='obfs4://server_ip:443?cert=4UbQjIfjJEQHPOs8vs5sagrSXx1gfrDCGdVh2hpIPSKH0nklv1e4f29r7jb91VIrq4q5Jw&iat-mode=0'

加密机制

HTTP

对于HTTP可以使用TLS加密整个通讯过程,即HTTPS代理:

服务端:

gost -L=https://:443

客户端:

gost -L=:8080 -F=http+tls://server_ip:443
HTTP2

gost的HTTP2代理模式仅支持使用TLS加密的HTTP2协议,不支持明文HTTP2传输。

gost的HTTP2通道模式支持加密(h2)和明文(h2c)两种模式。

SOCKS5

gost支持标准SOCKS5协议的no-auth(0x00)和user/pass(0x02)方法,并在此基础上扩展了两个:tls(0x80)和tls-auth(0x82),用于数据加密。

服务端:

gost -L=socks5://:1080

客户端:

gost -L=:8080 -F=socks5://server_ip:1080

如果两端都是gost(如上)则数据传输会被加密(协商使用tls或tls-auth方法),否则使用标准SOCKS5进行通讯(no-auth或user/pass方法)。

Shadowsocks

gost对shadowsocks的支持是基于shadowsocks-go库。

服务端:

gost -L=ss://chacha20:123456@:8338

客户端:

gost -L=:8080 -F=ss://chacha20:123456@server_ip:8338
Shadowsocks UDP relay

目前仅服务端支持UDP Relay。

服务端:

gost -L=ssu://chacha20:123456@:8338
TLS

gost内置了TLS证书,如果需要使用其他TLS证书,有两种方法:

  • 在gost运行目录放置cert.pem(公钥)和key.pem(私钥)两个文件即可,gost会自动加载运行目录下的cert.pem和key.pem文件。
  • 使用参数指定证书文件路径:
gost -L="http2://:443?cert=/path/to/my/cert/file&key=/path/to/my/key/file"

对于客户端可以通过secure参数开启服务器证书和域名校验:

gost -L=:8080 -F="http2://server_domain_name:443?secure=true"

对于客户端可以指定CA证书进行证书锁定(Certificate Pinning):

gost -L=:8080 -F="http2://:443?ca=ca.pem"

证书锁定功能由@sheerun贡献

Documentation

Index

Constants

View Source
const (
	DefaultMaxFails    = 1
	DefaultFailTimeout = 30 * time.Second
)

default options for FailFilter

View Source
const (
	// MethodTLS is an extended SOCKS5 method with tls encryption support.
	MethodTLS uint8 = 0x80
	// MethodTLSAuth is an extended SOCKS5 method with tls encryption and authentication support.
	MethodTLSAuth uint8 = 0x82
	// MethodMux is an extended SOCKS5 method for stream multiplexing.
	MethodMux = 0x88
)
View Source
const (
	// CmdMuxBind is an extended SOCKS5 request CMD for
	// multiplexing transport with the binding server.
	CmdMuxBind uint8 = 0xF2
	// CmdUDPTun is an extended SOCKS5 request CMD for UDP over TCP.
	CmdUDPTun uint8 = 0xF3
)
View Source
const (
	DirectForwardRequest       = "direct-tcpip"         // RFC 4254 7.2
	RemoteForwardRequest       = "tcpip-forward"        // RFC 4254 7.1
	ForwardedTCPReturnRequest  = "forwarded-tcpip"      // RFC 4254 7.2
	CancelRemoteForwardRequest = "cancel-tcpip-forward" // RFC 4254 7.1

	GostSSHTunnelRequest = "gost-tunnel" // extended request type for ssh tunnel
)

Applicable SSH Request types for Port Forwarding - RFC 4254 7.X

View Source
const Version = "0.4.11"

Version is the gost version.

Variables

View Source
var (
	// KeepAliveTime is the keep alive time period for TCP connection.
	KeepAliveTime = 180 * time.Second
	// DialTimeout is the timeout of dial.
	DialTimeout = 5 * time.Second
	// HandshakeTimeout is the timeout of handshake.
	HandshakeTimeout = 5 * time.Second
	// ConnectTimeout is the timeout for connect.
	ConnectTimeout = 5 * time.Second
	// ReadTimeout is the timeout for reading.
	ReadTimeout = 10 * time.Second
	// WriteTimeout is the timeout for writing.
	WriteTimeout = 10 * time.Second
	// PingTimeout is the timeout for pinging.
	PingTimeout = 30 * time.Second
	// PingRetries is the reties of ping.
	PingRetries = 1
)
View Source
var (
	// DefaultTLSConfig is a default TLS config for internal use.
	DefaultTLSConfig *tls.Config

	// DefaultUserAgent is the default HTTP User-Agent header used by HTTP and websocket.
	DefaultUserAgent = "Chrome/78.0.3904.106"

	// DefaultMTU is the default mtu for tun/tap device
	DefaultMTU = 1350
)
View Source
var (
	ErrBadType         = errors.New("bad type")
	ErrBadMajorVersion = errors.New("bad major version")
	ErrBadMinorVersion = errors.New("bad minor version")
	ErrMaxDataLen      = errors.New("bad tls data len")
)
View Source
var Debug bool

Debug is a flag that enables the debug log.

View Source
var DefaultClient = &Client{Connector: HTTPConnector(nil), Transporter: TCPTransporter()}

DefaultClient is a standard HTTP proxy client.

View Source
var (
	// DefaultKCPConfig is the default KCP config.
	DefaultKCPConfig = KCPConfig{
		Key:          "it's a secrect",
		Crypt:        "aes",
		Mode:         "fast",
		MTU:          1350,
		SndWnd:       1024,
		RcvWnd:       1024,
		DataShard:    10,
		ParityShard:  3,
		DSCP:         0,
		NoComp:       false,
		AckNodelay:   false,
		NoDelay:      0,
		Interval:     50,
		Resend:       0,
		NoCongestion: 0,
		SockBuf:      4194304,
		KeepAlive:    10,
		SnmpLog:      "",
		SnmpPeriod:   60,
		Signal:       false,
		TCP:          false,
	}
)
View Source
var (
	// DefaultResolverTimeout is the default timeout for name resolution.
	DefaultResolverTimeout = 5 * time.Second
)
View Source
var (
	// ErrEmptyChain is an error that implies the chain is empty.
	ErrEmptyChain = errors.New("empty chain")
)
View Source
var (
	// ErrInvalidNode is an error that implies the node is invalid.
	ErrInvalidNode = errors.New("invalid node")
)
View Source
var (
	// ErrNoneAvailable indicates there is no node available.
	ErrNoneAvailable = errors.New("none available")
)
View Source
var (
	// KCPSalt is the default salt for KCP cipher.
	KCPSalt = "kcp-go"
)

Functions

func Can

func Can(action string, addr string, whitelist, blacklist *Permissions) bool

Can tests whether the given action and address is allowed by the whitelist and blacklist.

func ClientObfsTLSConn

func ClientObfsTLSConn(conn net.Conn, host string) net.Conn

ClientObfsTLSConn creates a connection for obfs-tls client.

func Connect

func Connect(conn net.Conn, addr string) (net.Conn, error)

Connect connects to the address addr via the DefaultClient.

func Dial

func Dial(addr string, options ...DialOption) (net.Conn, error)

Dial connects to the address addr via the DefaultClient.

func DialWithFDProtector

func DialWithFDProtector(ctx context.Context, network, address string, timeout time.Duration, options *DialOptions) (net.Conn, error)

DialWithFDProtector connects to the address on the named network using the provided context and fd protector or local bind IP

func GenCertificate

func GenCertificate() (cert tls.Certificate, err error)

GenCertificate generates a random TLS certificate.

func Handshake

func Handshake(conn net.Conn, options ...HandshakeOption) (net.Conn, error)

Handshake performs a handshake via the DefaultClient.

func IsIPv6Multicast

func IsIPv6Multicast(addr net.HardwareAddr) bool

IsIPv6Multicast reports whether the address addr is an IPv6 multicast address.

func ListenWithFDProtector

func ListenWithFDProtector(network string, laddr *net.UDPAddr, fdp FDProtector) (*net.UDPConn, error)

ListenWithFDProtector announces on the local network address with fd protector

func Obfs4Init

func Obfs4Init(node Node, isServeNode bool) error

Obfs4Init initializes the obfs client or server based on isServeNode

func ParseSSHAuthorizedKeysFile

func ParseSSHAuthorizedKeysFile(fp string) (map[string]bool, error)

ParseSSHAuthorizedKeysFile parses ssh Authorized Keys file.

func ParseSSHKeyFile

func ParseSSHKeyFile(fp string) (ssh.Signer, error)

ParseSSHKeyFile parses ssh key file.

func PeriodReload

func PeriodReload(r Reloader, configFile string) error

PeriodReload reloads the config configFile periodically according to the period of the Reloader r.

func ReleaseAllNetConn added in v0.3.2

func ReleaseAllNetConn()

ReleaseAllNetConn closes all direct network connections.

func ReleaseNetConn added in v0.3.4

func ReleaseNetConn(conn net.Conn)

ReleaseNetConn closes underlying network connection

func ReleaseNetConnTimeSpan added in v0.4.8

func ReleaseNetConnTimeSpan(conn net.Conn, start time.Time, nodes []Node)

ReleaseNetConnTimeSpan closes underlying network connection between start and now

func ServerObfsTLSConn

func ServerObfsTLSConn(conn net.Conn, host string) net.Conn

ServerObfsTLSConn creates a connection for obfs-tls server.

func SetLogger

func SetLogger(logger log.Logger)

SetLogger sets a new logger for internal log system.

Types

type Accepter

type Accepter interface {
	Accept() (net.Conn, error)
}

Accepter represents a network endpoint that can accept connection from peer.

type Authenticator

type Authenticator interface {
	Authenticate(user, password string) bool
}

Authenticator is an interface for user authentication.

type BindIP added in v0.4.7

type BindIP interface {
	Bind(network, address string) net.Addr
}

BindIP returns local ip of specify network address(windows)

type Bypass

type Bypass struct {
	// contains filtered or unexported fields
}

Bypass is a filter for address (IP or domain). It contains a list of matchers.

func NewBypass

func NewBypass(reversed bool, matchers ...Matcher) *Bypass

NewBypass creates and initializes a new Bypass using matchers as its match rules. The rules will be reversed if the reversed is true.

func NewBypassPatterns

func NewBypassPatterns(reversed bool, patterns ...string) *Bypass

NewBypassPatterns creates and initializes a new Bypass using matcher patterns as its match rules. The rules will be reversed if the reverse is true.

func (*Bypass) AddMatchers

func (bp *Bypass) AddMatchers(matchers ...Matcher)

AddMatchers appends matchers to the bypass matcher list.

func (*Bypass) Contains

func (bp *Bypass) Contains(addr string) bool

Contains reports whether the bypass includes addr.

func (*Bypass) Matchers

func (bp *Bypass) Matchers() []Matcher

Matchers return the bypass matcher list.

func (*Bypass) Period

func (bp *Bypass) Period() time.Duration

Period returns the reload period.

func (*Bypass) Reload

func (bp *Bypass) Reload(r io.Reader) error

Reload parses config from r, then live reloads the bypass.

func (*Bypass) Reversed

func (bp *Bypass) Reversed() bool

Reversed reports whether the rules of the bypass are reversed.

func (*Bypass) Stop

func (bp *Bypass) Stop()

Stop stops reloading.

func (*Bypass) Stopped

func (bp *Bypass) Stopped() bool

Stopped checks whether the reloader is stopped.

func (*Bypass) String

func (bp *Bypass) String() string

type Chain

type Chain struct {
	Retries int
	// contains filtered or unexported fields
}

Chain is a proxy chain that holds a list of proxy node groups.

func NewChain

func NewChain(nodes ...Node) *Chain

NewChain creates a proxy chain with a list of proxy nodes. It creates the node groups automatically, one group per node.

func (*Chain) AddNode

func (c *Chain) AddNode(nodes ...Node)

AddNode appends the node(s) to the chain.

func (*Chain) AddNodeGroup

func (c *Chain) AddNodeGroup(groups ...*NodeGroup)

AddNodeGroup appends the group(s) to the chain.

func (*Chain) Conn

func (c *Chain) Conn(opts ...ChainOption) (conn net.Conn, err error)

Conn obtains a handshaked connection to the last node of the chain.

func (*Chain) Dial

func (c *Chain) Dial(address string, opts ...ChainOption) (conn net.Conn, err error)

Dial connects to the target TCP address addr through the chain. Deprecated: use DialContext instead.

func (*Chain) DialContext

func (c *Chain) DialContext(ctx context.Context, network, address string, opts ...ChainOption) (conn net.Conn, err error)

DialContext connects to the address on the named network using the provided context.

func (*Chain) IsEmpty

func (c *Chain) IsEmpty() bool

IsEmpty checks if the chain is empty. An empty chain means that there is no proxy node or node group in the chain.

func (*Chain) LastNode

func (c *Chain) LastNode() Node

LastNode returns the last node of the node list. If the chain is empty, an empty node will be returned. If the last node is a node group, the first node in the group will be returned.

func (*Chain) LastNodeGroup

func (c *Chain) LastNodeGroup() *NodeGroup

LastNodeGroup returns the last group of the group list.

func (*Chain) NodeGroups

func (c *Chain) NodeGroups() []*NodeGroup

NodeGroups returns the list of node group.

func (*Chain) Nodes

func (c *Chain) Nodes() (nodes []Node)

Nodes returns the proxy nodes that the chain holds. The first node in each group will be returned.

type ChainOption

type ChainOption func(opts *ChainOptions)

ChainOption allows a common way to set chain options.

func BindIPChainOption added in v0.4.0

func BindIPChainOption(bindIP BindIP) ChainOption

BindIPChainOption specifies the bind IP used by Chain.Dial.

func FDProtectorChainOption

func FDProtectorChainOption(fdp FDProtector) ChainOption

FDProtectorChainOption specifies the FDProtector used by Chain.Dial.

func HostsChainOption

func HostsChainOption(hosts *Hosts) ChainOption

HostsChainOption specifies the hosts used by Chain.Dial.

func ResolverChainOption

func ResolverChainOption(resolver Resolver) ChainOption

ResolverChainOption specifies the Resolver used by Chain.Dial.

func RetryChainOption

func RetryChainOption(retries int) ChainOption

RetryChainOption specifies the times of retry used by Chain.Dial.

func TimeoutChainOption

func TimeoutChainOption(timeout time.Duration) ChainOption

TimeoutChainOption specifies the timeout used by Chain.Dial.

type ChainOptions

type ChainOptions struct {
	Retries     int
	Timeout     time.Duration
	Hosts       *Hosts
	Resolver    Resolver
	FDProtector FDProtector
	BindIP      BindIP
}

ChainOptions holds options for Chain.

type Client

type Client struct {
	Connector
	Transporter
}

Client is a proxy client. A client is divided into two layers: connector and transporter. Connector is responsible for connecting to the destination address through this proxy. Transporter performs a handshake with this proxy.

type ConnectOption

type ConnectOption func(opts *ConnectOptions)

ConnectOption allows a common way to set ConnectOptions.

func AddrConnectOption

func AddrConnectOption(addr string) ConnectOption

AddrConnectOption specifies the corresponding address of the target.

func NoDelayConnectOption

func NoDelayConnectOption(b bool) ConnectOption

NoDelayConnectOption specifies the NoDelay option for ss.Connect.

func NoTLSConnectOption

func NoTLSConnectOption(b bool) ConnectOption

NoTLSConnectOption specifies the SOCKS5 method without TLS.

func SelectorConnectOption

func SelectorConnectOption(s gosocks5.Selector) ConnectOption

SelectorConnectOption specifies the SOCKS5 client selector.

func TimeoutConnectOption

func TimeoutConnectOption(timeout time.Duration) ConnectOption

TimeoutConnectOption specifies the timeout for connecting to target.

func UserAgentConnectOption

func UserAgentConnectOption(ua string) ConnectOption

UserAgentConnectOption specifies the HTTP user-agent header.

func UserConnectOption

func UserConnectOption(user *url.Userinfo) ConnectOption

UserConnectOption specifies the user info for authentication.

type ConnectOptions

type ConnectOptions struct {
	Addr      string
	Timeout   time.Duration
	User      *url.Userinfo
	Selector  gosocks5.Selector
	UserAgent string
	NoTLS     bool
	NoDelay   bool
}

ConnectOptions describes the options for Connector.Connect.

type Connector

type Connector interface {
	// Deprecated: use ConnectContext instead.
	Connect(conn net.Conn, address string, options ...ConnectOption) (net.Conn, error)
	ConnectContext(ctx context.Context, conn net.Conn, network, address string, options ...ConnectOption) (net.Conn, error)
}

Connector is responsible for connecting to the destination address.

func AutoConnector

func AutoConnector(user *url.Userinfo) Connector

AutoConnector is a Connector.

func ForwardConnector

func ForwardConnector() Connector

ForwardConnector creates a Connector for data forward client.

func HTTP2Connector

func HTTP2Connector(user *url.Userinfo) Connector

HTTP2Connector creates a Connector for HTTP2 proxy client. It accepts an optional auth info for HTTP Basic Authentication.

func HTTPConnector

func HTTPConnector(user *url.Userinfo) Connector

HTTPConnector creates a Connector for HTTP proxy client. It accepts an optional auth info for HTTP Basic Authentication.

func RelayConnector

func RelayConnector(user *url.Userinfo) Connector

RelayConnector creates a Connector for TCP/UDP data relay.

func SNIConnector

func SNIConnector(host string) Connector

SNIConnector creates a Connector for SNI proxy client.

func SOCKS4AConnector

func SOCKS4AConnector() Connector

SOCKS4AConnector creates a Connector for SOCKS4A proxy client.

func SOCKS4Connector

func SOCKS4Connector() Connector

SOCKS4Connector creates a Connector for SOCKS4 proxy client.

func SOCKS5BindConnector

func SOCKS5BindConnector(user *url.Userinfo) Connector

SOCKS5BindConnector creates a connector for SOCKS5 bind. It accepts an optional auth info for SOCKS5 Username/Password Authentication.

func SOCKS5Connector

func SOCKS5Connector(user *url.Userinfo) Connector

SOCKS5Connector creates a connector for SOCKS5 proxy client. It accepts an optional auth info for SOCKS5 Username/Password Authentication.

func SOCKS5UDPConnector

func SOCKS5UDPConnector(user *url.Userinfo) Connector

SOCKS5UDPConnector creates a connector for SOCKS5 UDP relay. It accepts an optional auth info for SOCKS5 Username/Password Authentication.

func SOCKS5UDPTunConnector

func SOCKS5UDPTunConnector(user *url.Userinfo) Connector

SOCKS5UDPTunConnector creates a connector for SOCKS5 UDP-over-TCP relay. It accepts an optional auth info for SOCKS5 Username/Password Authentication.

func SSHDirectForwardConnector

func SSHDirectForwardConnector() Connector

SSHDirectForwardConnector creates a Connector for SSH TCP direct port forwarding.

func SSHRemoteForwardConnector

func SSHRemoteForwardConnector() Connector

SSHRemoteForwardConnector creates a Connector for SSH TCP remote port forwarding.

func ShadowConnector

func ShadowConnector(info *url.Userinfo) Connector

ShadowConnector creates a Connector for shadowsocks proxy client. It accepts an optional cipher info for shadowsocks data encryption/decryption.

func ShadowUDPConnector

func ShadowUDPConnector(info *url.Userinfo) Connector

ShadowUDPConnector creates a Connector for shadowsocks UDP client. It accepts an optional cipher info for shadowsocks data encryption/decryption.

func Socks5MuxBindConnector

func Socks5MuxBindConnector() Connector

Socks5MuxBindConnector creates a Connector for SOCKS5 multiplex bind client.

type DNSOptions

type DNSOptions struct {
	Mode         string
	UDPSize      int
	ReadTimeout  time.Duration
	WriteTimeout time.Duration
	TLSConfig    *tls.Config
}

DNSOptions is options for DNS Listener.

type DialOption

type DialOption func(opts *DialOptions)

DialOption allows a common way to set DialOptions.

func BindIPDialOption added in v0.4.0

func BindIPDialOption(bindIP BindIP) DialOption

BindIPDialOption specifies the bind IP used by Transporter.Dial

func ChainDialOption

func ChainDialOption(chain *Chain) DialOption

ChainDialOption specifies a chain used by Transporter.Dial

func FDProtectorDialOption

func FDProtectorDialOption(fdp FDProtector) DialOption

FDProtectorDialOption specifies the FDProtector used by Transporter.Dial

func HostDialOption

func HostDialOption(host string) DialOption

HostDialOption specifies the host used by Transporter.Dial

func ResolverDialOption added in v0.4.3

func ResolverDialOption(resolver Resolver) DialOption

ResolverDialOption specifies the resolver used by Transporter.Dial

func TimeoutDialOption

func TimeoutDialOption(timeout time.Duration) DialOption

TimeoutDialOption specifies the timeout used by Transporter.Dial

type DialOptions

type DialOptions struct {
	Timeout     time.Duration
	Chain       *Chain
	Host        string
	FDProtector FDProtector
	BindIP      BindIP
	Resolver    Resolver
}

DialOptions describes the options for Transporter.Dial.

type Exchanger

type Exchanger interface {
	Exchange(ctx context.Context, query []byte) ([]byte, error)
}

Exchanger is an interface for DNS synchronous query.

func NewDNSExchanger

func NewDNSExchanger(addr string, opts ...ExchangerOption) Exchanger

NewDNSExchanger creates a DNS over UDP Exchanger

func NewDNSTCPExchanger

func NewDNSTCPExchanger(addr string, opts ...ExchangerOption) Exchanger

NewDNSTCPExchanger creates a DNS over TCP Exchanger

func NewDoHExchanger

func NewDoHExchanger(urlStr string, tlsConfig *tls.Config, opts ...ExchangerOption) Exchanger

NewDoHExchanger creates a DNS over HTTPS Exchanger

func NewDoTExchanger

func NewDoTExchanger(addr string, tlsConfig *tls.Config, opts ...ExchangerOption) Exchanger

NewDoTExchanger creates a DNS over TLS Exchanger

type ExchangerOption

type ExchangerOption func(opts *exchangerOptions)

ExchangerOption allows a common way to set Exchanger options.

func BindIPExchangerOption added in v0.4.0

func BindIPExchangerOption(bindIP BindIP) ExchangerOption

BindIPExchangerOption sets the bind IP for Exchanger.

func ChainExchangerOption

func ChainExchangerOption(chain *Chain) ExchangerOption

ChainExchangerOption sets the chain for Exchanger.

func FDProtectorExchangerOption added in v0.4.0

func FDProtectorExchangerOption(fdp FDProtector) ExchangerOption

FDProtectorExchangerOption sets the FDProtector for Exchanger.

func TimeoutExchangerOption

func TimeoutExchangerOption(timeout time.Duration) ExchangerOption

TimeoutExchangerOption sets the timeout for Exchanger.

type FDProtector

type FDProtector interface {
	Protect(fd int32) bool
}

FDProtector protects fd(android)

type FIFOStrategy

type FIFOStrategy struct{}

FIFOStrategy is a strategy for node selector. The node will be selected from first to last, and will stick to the selected node until it is failed.

func (*FIFOStrategy) Apply

func (s *FIFOStrategy) Apply(nodes []Node) Node

Apply applies the fifo strategy for the nodes.

func (*FIFOStrategy) String

func (s *FIFOStrategy) String() string

type FailFilter

type FailFilter struct {
	MaxFails    int
	FailTimeout time.Duration
}

FailFilter filters the dead node. A node is marked as dead if its failed count is greater than MaxFails.

func (*FailFilter) Filter

func (f *FailFilter) Filter(nodes []Node) []Node

Filter filters dead nodes.

func (*FailFilter) String

func (f *FailFilter) String() string

type FakeTCPListenConfig

type FakeTCPListenConfig struct {
	TTL       time.Duration
	Backlog   int
	QueueSize int
}

FakeTCPListenConfig is config for fake TCP Listener.

type Filter

type Filter interface {
	Filter([]Node) []Node
	String() string
}

Filter is used to filter a node during the selection process

type Handler

type Handler interface {
	Init(options ...HandlerOption)
	Handle(net.Conn)
}

Handler is a proxy server handler

func AutoHandler

func AutoHandler(opts ...HandlerOption) Handler

AutoHandler creates a server Handler for auto proxy server.

func DNSHandler

func DNSHandler(raddr string, opts ...HandlerOption) Handler

DNSHandler creates a Handler for DNS server.

func HTTP2Handler

func HTTP2Handler(opts ...HandlerOption) Handler

HTTP2Handler creates a server Handler for HTTP2 proxy server.

func HTTPHandler

func HTTPHandler(opts ...HandlerOption) Handler

HTTPHandler creates a server Handler for HTTP proxy server.

func RelayHandler

func RelayHandler(raddr string, opts ...HandlerOption) Handler

RelayHandler creates a server Handler for TCP/UDP relay server.

func SNIHandler

func SNIHandler(opts ...HandlerOption) Handler

SNIHandler creates a server Handler for SNI proxy server.

func SOCKS4Handler

func SOCKS4Handler(opts ...HandlerOption) Handler

SOCKS4Handler creates a server Handler for SOCKS4(A) proxy server.

func SOCKS5Handler

func SOCKS5Handler(opts ...HandlerOption) Handler

SOCKS5Handler creates a server Handler for SOCKS5 proxy server.

func SSHForwardHandler

func SSHForwardHandler(opts ...HandlerOption) Handler

SSHForwardHandler creates a server Handler for SSH port forwarding server.

func ShadowHandler

func ShadowHandler(opts ...HandlerOption) Handler

ShadowHandler creates a server Handler for shadowsocks proxy server.

func ShadowUDPHandler

func ShadowUDPHandler(opts ...HandlerOption) Handler

ShadowUDPHandler creates a server Handler for shadowsocks UDP relay server.

func TCPDirectForwardHandler

func TCPDirectForwardHandler(raddr string, opts ...HandlerOption) Handler

TCPDirectForwardHandler creates a server Handler for TCP port forwarding server. The raddr is the remote address that the server will forward to. NOTE: as of 2.6, remote address can be a comma-separated address list.

func TCPRedirectHandler

func TCPRedirectHandler(opts ...HandlerOption) Handler

TCPRedirectHandler creates a server Handler for TCP transparent server.

func TCPRemoteForwardHandler

func TCPRemoteForwardHandler(raddr string, opts ...HandlerOption) Handler

TCPRemoteForwardHandler creates a server Handler for TCP remote port forwarding server. The raddr is the remote address that the server will forward to. NOTE: as of 2.6, remote address can be a comma-separated address list.

func TapHandler

func TapHandler(opts ...HandlerOption) Handler

TapHandler creates a handler for tap tunnel.

func TunHandler

func TunHandler(opts ...HandlerOption) Handler

TunHandler creates a handler for tun tunnel.

func UDPDirectForwardHandler

func UDPDirectForwardHandler(raddr string, opts ...HandlerOption) Handler

UDPDirectForwardHandler creates a server Handler for UDP port forwarding server. The raddr is the remote address that the server will forward to. NOTE: as of 2.6, remote address can be a comma-separated address list.

func UDPRedirectHandler

func UDPRedirectHandler(opts ...HandlerOption) Handler

UDPRedirectHandler creates a server Handler for UDP transparent server.

func UDPRemoteForwardHandler

func UDPRemoteForwardHandler(raddr string, opts ...HandlerOption) Handler

UDPRemoteForwardHandler creates a server Handler for UDP remote port forwarding server. The raddr is the remote address that the server will forward to. NOTE: as of 2.6, remote address can be a comma-separated address list.

type HandlerOption

type HandlerOption func(opts *HandlerOptions)

HandlerOption allows a common way to set handler options.

func AddrHandlerOption

func AddrHandlerOption(addr string) HandlerOption

AddrHandlerOption sets the Addr option of HandlerOptions.

func AuthenticatorHandlerOption

func AuthenticatorHandlerOption(au Authenticator) HandlerOption

AuthenticatorHandlerOption sets the Authenticator option of HandlerOptions.

func BlacklistHandlerOption

func BlacklistHandlerOption(blacklist *Permissions) HandlerOption

BlacklistHandlerOption sets the Blacklist option of HandlerOptions.

func BypassHandlerOption

func BypassHandlerOption(bypass *Bypass) HandlerOption

BypassHandlerOption sets the bypass option of HandlerOptions.

func ChainHandlerOption

func ChainHandlerOption(chain *Chain) HandlerOption

ChainHandlerOption sets the Chain option of HandlerOptions.

func FailTimeoutHandlerOption

func FailTimeoutHandlerOption(d time.Duration) HandlerOption

FailTimeoutHandlerOption sets the fail_timeout option of HandlerOptions.

func HostHandlerOption

func HostHandlerOption(host string) HandlerOption

HostHandlerOption sets the target host for SNI proxy.

func HostsHandlerOption

func HostsHandlerOption(hosts *Hosts) HandlerOption

HostsHandlerOption sets the Hosts option of HandlerOptions.

func IPRoutesHandlerOption

func IPRoutesHandlerOption(routes ...IPRoute) HandlerOption

IPRoutesHandlerOption sets the IP routes for tun tunnel.

func IPsHandlerOption

func IPsHandlerOption(ips []string) HandlerOption

IPsHandlerOption sets the ip list for port forward.

func KnockingHandlerOption

func KnockingHandlerOption(host string) HandlerOption

KnockingHandlerOption adds the knocking host for probe resistance.

func MaxFailsHandlerOption

func MaxFailsHandlerOption(n int) HandlerOption

MaxFailsHandlerOption sets the max_fails option of HandlerOptions.

func NodeHandlerOption

func NodeHandlerOption(node Node) HandlerOption

NodeHandlerOption set the server node for server handler.

func ProbeResistHandlerOption

func ProbeResistHandlerOption(pr string) HandlerOption

ProbeResistHandlerOption adds the probe resistance for HTTP proxy.

func ResolverHandlerOption

func ResolverHandlerOption(resolver Resolver) HandlerOption

ResolverHandlerOption sets the resolver option of HandlerOptions.

func RetryHandlerOption

func RetryHandlerOption(retries int) HandlerOption

RetryHandlerOption sets the retry option of HandlerOptions.

func StrategyHandlerOption

func StrategyHandlerOption(strategy Strategy) HandlerOption

StrategyHandlerOption sets the strategy option of HandlerOptions.

func TCPModeHandlerOption

func TCPModeHandlerOption(b bool) HandlerOption

TCPModeHandlerOption sets the tcp mode for tun/tap device.

func TLSConfigHandlerOption

func TLSConfigHandlerOption(config *tls.Config) HandlerOption

TLSConfigHandlerOption sets the TLSConfig option of HandlerOptions.

func TimeoutHandlerOption

func TimeoutHandlerOption(timeout time.Duration) HandlerOption

TimeoutHandlerOption sets the timeout option of HandlerOptions.

func UsersHandlerOption

func UsersHandlerOption(users ...*url.Userinfo) HandlerOption

UsersHandlerOption sets the Users option of HandlerOptions.

func WhitelistHandlerOption

func WhitelistHandlerOption(whitelist *Permissions) HandlerOption

WhitelistHandlerOption sets the Whitelist option of HandlerOptions.

type HandlerOptions

type HandlerOptions struct {
	Addr          string
	Chain         *Chain
	Users         []*url.Userinfo
	Authenticator Authenticator
	TLSConfig     *tls.Config
	Whitelist     *Permissions
	Blacklist     *Permissions
	Strategy      Strategy
	MaxFails      int
	FailTimeout   time.Duration
	Bypass        *Bypass
	Retries       int
	Timeout       time.Duration
	Resolver      Resolver
	Hosts         *Hosts
	ProbeResist   string
	KnockingHost  string
	Node          Node
	Host          string
	IPs           []string
	TCPMode       bool
	IPRoutes      []IPRoute
}

HandlerOptions describes the options for Handler.

type HandshakeOption

type HandshakeOption func(opts *HandshakeOptions)

HandshakeOption allows a common way to set HandshakeOptions.

func AddrHandshakeOption

func AddrHandshakeOption(addr string) HandshakeOption

AddrHandshakeOption specifies the server address

func HostHandshakeOption

func HostHandshakeOption(host string) HandshakeOption

HostHandshakeOption specifies the hostname

func IntervalHandshakeOption

func IntervalHandshakeOption(interval time.Duration) HandshakeOption

IntervalHandshakeOption specifies the interval time used by Transporter.Handshake

func KCPConfigHandshakeOption

func KCPConfigHandshakeOption(config *KCPConfig) HandshakeOption

KCPConfigHandshakeOption specifies the KCP config used by KCP handshake

func QUICConfigHandshakeOption

func QUICConfigHandshakeOption(config *QUICConfig) HandshakeOption

QUICConfigHandshakeOption specifies the QUIC config used by QUIC handshake

func RetryHandshakeOption

func RetryHandshakeOption(retry int) HandshakeOption

RetryHandshakeOption specifies the times of retry used by Transporter.Handshake

func SSHConfigHandshakeOption

func SSHConfigHandshakeOption(config *SSHConfig) HandshakeOption

SSHConfigHandshakeOption specifies the ssh config used by SSH client handshake.

func TLSConfigHandshakeOption

func TLSConfigHandshakeOption(config *tls.Config) HandshakeOption

TLSConfigHandshakeOption specifies the TLS config used by Transporter.Handshake

func TimeoutHandshakeOption

func TimeoutHandshakeOption(timeout time.Duration) HandshakeOption

TimeoutHandshakeOption specifies the timeout used by Transporter.Handshake

func UserHandshakeOption

func UserHandshakeOption(user *url.Userinfo) HandshakeOption

UserHandshakeOption specifies the user used by Transporter.Handshake

func WSOptionsHandshakeOption

func WSOptionsHandshakeOption(options *WSOptions) HandshakeOption

WSOptionsHandshakeOption specifies the websocket options used by websocket handshake

type HandshakeOptions

type HandshakeOptions struct {
	Addr       string
	Host       string
	User       *url.Userinfo
	Timeout    time.Duration
	Interval   time.Duration
	Retry      int
	TLSConfig  *tls.Config
	WSOptions  *WSOptions
	KCPConfig  *KCPConfig
	QUICConfig *QUICConfig
	SSHConfig  *SSHConfig
}

HandshakeOptions describes the options for handshake.

type Host

type Host struct {
	IP       net.IP
	Hostname string
	Aliases  []string
}

Host is a static mapping from hostname to IP.

func NewHost

func NewHost(ip net.IP, hostname string, aliases ...string) Host

NewHost creates a Host.

type Hosts

type Hosts struct {
	// contains filtered or unexported fields
}

Hosts is a static table lookup for hostnames. For each host a single line should be present with the following information: IP_address canonical_hostname [aliases...] Fields of the entry are separated by any number of blanks and/or tab characters. Text from a "#" character until the end of the line is a comment, and is ignored.

func NewHosts

func NewHosts(hosts ...Host) *Hosts

NewHosts creates a Hosts with optional list of hosts.

func (*Hosts) AddHost

func (h *Hosts) AddHost(host ...Host)

AddHost adds host(s) to the host table.

func (*Hosts) Lookup

func (h *Hosts) Lookup(host string) (ip net.IP)

Lookup searches the IP address corresponds to the given host from the host table.

func (*Hosts) Period

func (h *Hosts) Period() time.Duration

Period returns the reload period

func (*Hosts) Reload

func (h *Hosts) Reload(r io.Reader) error

Reload parses config from r, then live reloads the hosts.

func (*Hosts) Stop

func (h *Hosts) Stop()

Stop stops reloading.

func (*Hosts) Stopped

func (h *Hosts) Stopped() bool

Stopped checks whether the reloader is stopped.

type IPRoute

type IPRoute struct {
	Dest    *net.IPNet
	Gateway net.IP
}

IPRoute is an IP routing entry.

type InvalidFilter

type InvalidFilter struct{}

InvalidFilter filters the invalid node. A node is invalid if its port is invalid (negative or zero value).

func (*InvalidFilter) Filter

func (f *InvalidFilter) Filter(nodes []Node) []Node

Filter filters invalid nodes.

func (*InvalidFilter) String

func (f *InvalidFilter) String() string

type KCPConfig

type KCPConfig struct {
	Key          string `json:"key"`
	Crypt        string `json:"crypt"`
	Mode         string `json:"mode"`
	MTU          int    `json:"mtu"`
	SndWnd       int    `json:"sndwnd"`
	RcvWnd       int    `json:"rcvwnd"`
	DataShard    int    `json:"datashard"`
	ParityShard  int    `json:"parityshard"`
	DSCP         int    `json:"dscp"`
	NoComp       bool   `json:"nocomp"`
	AckNodelay   bool   `json:"acknodelay"`
	NoDelay      int    `json:"nodelay"`
	Interval     int    `json:"interval"`
	Resend       int    `json:"resend"`
	NoCongestion int    `json:"nc"`
	SockBuf      int    `json:"sockbuf"`
	KeepAlive    int    `json:"keepalive"`
	SnmpLog      string `json:"snmplog"`
	SnmpPeriod   int    `json:"snmpperiod"`
	Signal       bool   `json:"signal"` // Signal enables the signal SIGUSR1 feature.
	TCP          bool   `json:"tcp"`
}

KCPConfig describes the config for KCP.

func (*KCPConfig) Init

func (c *KCPConfig) Init()

Init initializes the KCP config.

type Listener

type Listener interface {
	net.Listener
}

Listener is a proxy server listener, just like a net.Listener.

func DNSListener

func DNSListener(addr string, options *DNSOptions) (Listener, error)

DNSListener creates a Listener for DNS proxy server.

func FakeTCPListener

func FakeTCPListener(addr string, cfg *FakeTCPListenConfig) (Listener, error)

FakeTCPListener creates a Listener for fake TCP server.

func H2CListener

func H2CListener(addr string, path string) (Listener, error)

H2CListener creates a Listener for HTTP2 h2c tunnel server.

func H2Listener

func H2Listener(addr string, config *tls.Config, path string) (Listener, error)

H2Listener creates a Listener for HTTP2 h2 tunnel server.

func HTTP2Listener

func HTTP2Listener(addr string, config *tls.Config) (Listener, error)

HTTP2Listener creates a Listener for HTTP2 proxy server.

func KCPListener

func KCPListener(addr string, config *KCPConfig) (Listener, error)

KCPListener creates a Listener for KCP proxy server.

func MTLSListener

func MTLSListener(addr string, config *tls.Config) (Listener, error)

MTLSListener creates a Listener for multiplex-TLS proxy server.

func MWSListener

func MWSListener(addr string, options *WSOptions) (Listener, error)

MWSListener creates a Listener for multiplex-websocket proxy server.

func MWSSListener

func MWSSListener(addr string, tlsConfig *tls.Config, options *WSOptions) (Listener, error)

MWSSListener creates a Listener for multiplex-websocket secure proxy server.

func Obfs4Listener

func Obfs4Listener(addr string) (Listener, error)

Obfs4Listener creates a Listener for obfs4 server.

func ObfsHTTPListener

func ObfsHTTPListener(addr string) (Listener, error)

ObfsHTTPListener creates a Listener for HTTP obfuscating tunnel server.

func ObfsTLSListener

func ObfsTLSListener(addr string) (Listener, error)

ObfsTLSListener creates a Listener for TLS obfuscating server.

func QUICListener

func QUICListener(addr string, config *QUICConfig) (Listener, error)

QUICListener creates a Listener for QUIC proxy server.

func SSHTunnelListener

func SSHTunnelListener(addr string, config *SSHConfig) (Listener, error)

SSHTunnelListener creates a Listener for SSH tunnel server.

func TCPListener

func TCPListener(addr string) (Listener, error)

TCPListener creates a Listener for TCP proxy server.

func TCPRemoteForwardListener

func TCPRemoteForwardListener(addr string, chain *Chain, bypass *Bypass) (Listener, error)

TCPRemoteForwardListener creates a Listener for TCP remote port forwarding server.

func TLSListener

func TLSListener(addr string, config *tls.Config) (Listener, error)

TLSListener creates a Listener for TLS proxy server.

func TapListener

func TapListener(cfg TapConfig) (Listener, error)

TapListener creates a listener for tap tunnel.

func TunListener

func TunListener(cfg TunConfig) (Listener, error)

TunListener creates a listener for tun tunnel.

func UDPListener

func UDPListener(addr string, cfg *UDPListenConfig) (Listener, error)

UDPListener creates a Listener for UDP server.

func UDPRedirectListener

func UDPRedirectListener(addr string, cfg *UDPListenConfig) (Listener, error)

UDPRedirectListener creates a Listener for UDP transparent proxy server.

func UDPRemoteForwardListener

func UDPRemoteForwardListener(addr string, chain *Chain, cfg *UDPListenConfig) (Listener, error)

UDPRemoteForwardListener creates a Listener for UDP remote port forwarding server.

func WSListener

func WSListener(addr string, options *WSOptions) (Listener, error)

WSListener creates a Listener for websocket proxy server.

func WSSListener

func WSSListener(addr string, tlsConfig *tls.Config, options *WSOptions) (Listener, error)

WSSListener creates a Listener for websocket secure proxy server.

type LocalAuthenticator

type LocalAuthenticator struct {
	// contains filtered or unexported fields
}

LocalAuthenticator is an Authenticator that authenticates client by local key-value pairs.

func NewLocalAuthenticator

func NewLocalAuthenticator(kvs map[string]string) *LocalAuthenticator

NewLocalAuthenticator creates an Authenticator that authenticates client by local infos.

func (*LocalAuthenticator) Add

func (au *LocalAuthenticator) Add(k, v string)

Add adds a key-value pair to the Authenticator.

func (*LocalAuthenticator) Authenticate

func (au *LocalAuthenticator) Authenticate(user, password string) bool

Authenticate checks the validity of the provided user-password pair.

func (*LocalAuthenticator) Period

func (au *LocalAuthenticator) Period() time.Duration

Period returns the reload period.

func (*LocalAuthenticator) Reload

func (au *LocalAuthenticator) Reload(r io.Reader) error

Reload parses config from r, then live reloads the Authenticator.

func (*LocalAuthenticator) Stop

func (au *LocalAuthenticator) Stop()

Stop stops reloading.

func (*LocalAuthenticator) Stopped

func (au *LocalAuthenticator) Stopped() bool

Stopped checks whether the reloader is stopped.

type LogLogger

type LogLogger struct {
}

LogLogger uses the standard log package as the logger

func (*LogLogger) Log

func (l *LogLogger) Log(v ...interface{})

Log uses the standard log library log.Output

func (*LogLogger) Logf

func (l *LogLogger) Logf(format string, v ...interface{})

Logf uses the standard log library log.Output

type Matcher

type Matcher interface {
	Match(v string) bool
	String() string
}

Matcher is a generic pattern matcher, it gives the match result of the given pattern for specific v.

func CIDRMatcher

func CIDRMatcher(inet *net.IPNet) Matcher

CIDRMatcher creates a Matcher for a specific CIDR notation IP address.

func DNSMatcher added in v0.3.2

func DNSMatcher(pattern string) Matcher

DNSMatcher creates a Matcher for a specific domain address.

func DomainMatcher

func DomainMatcher(pattern string) Matcher

DomainMatcher creates a Matcher for a specific domain pattern, the pattern can be a plain domain such as 'example.com', a wildcard such as '*.exmaple.com' or a special wildcard '.example.com'.

func IPMatcher

func IPMatcher(ip net.IP) Matcher

IPMatcher creates a Matcher for a specific IP address.

func NewMatcher

func NewMatcher(pattern string) Matcher

NewMatcher creates a Matcher for the given pattern. The acutal Matcher depends on the pattern: IP Matcher if pattern is a valid IP address. CIDR Matcher if pattern is a valid CIDR address. Domain Matcher if both of the above are not.

type NameServer

type NameServer struct {
	Addr     string
	Protocol string
	Hostname string // for TLS handshake verification
	// contains filtered or unexported fields
}

NameServer is a name server. Currently supported protocol: TCP, UDP and TLS.

func (*NameServer) Init

func (ns *NameServer) Init(opts ...NameServerOption) error

Init initializes the name server.

func (*NameServer) String

func (ns *NameServer) String() string

type NameServerOption

type NameServerOption func(*nameServerOptions)

NameServerOption allows a common way to set name server options.

func BindIPNameServerOption added in v0.4.0

func BindIPNameServerOption(bindIP BindIP) NameServerOption

ChainNameServerOption sets the bind IP for name server.

func ChainNameServerOption

func ChainNameServerOption(chain *Chain) NameServerOption

ChainNameServerOption sets the chain for name server.

func FDProtectorNameServerOption added in v0.4.0

func FDProtectorNameServerOption(fdp FDProtector) NameServerOption

FDProtectorNameServerOption sets the fdp for name server.

func TimeoutNameServerOption

func TimeoutNameServerOption(timeout time.Duration) NameServerOption

TimeoutNameServerOption sets the timeout for name server.

type Node

type Node struct {
	ID        int
	Addr      string
	Host      string
	Protocol  string
	Transport string
	Remote    string // remote address, used by tcp/udp port forwarding

	User             *url.Userinfo
	Values           url.Values
	DialOptions      []DialOption
	HandshakeOptions []HandshakeOption
	ConnectOptions   []ConnectOption
	Client           *Client

	Bypass *Bypass
	// contains filtered or unexported fields
}

Node is a proxy node, mainly used to construct a proxy chain.

func ParseNode

func ParseNode(s string) (node Node, err error)

ParseNode parses the node info. The proxy node string pattern is [scheme://][user:pass@host]:port. Scheme can be divided into two parts by character '+', such as: http+tls.

func (*Node) Clone

func (node *Node) Clone() Node

Clone clones the node, it will prevent data race.

func (*Node) Get

func (node *Node) Get(key string) string

Get returns node parameter specified by key.

func (*Node) GetBool

func (node *Node) GetBool(key string) bool

GetBool converts node parameter value to bool.

func (*Node) GetDuration

func (node *Node) GetDuration(key string) time.Duration

GetDuration converts node parameter value to time.Duration.

func (*Node) GetInt

func (node *Node) GetInt(key string) int

GetInt converts node parameter value to int.

func (*Node) MarkDead

func (node *Node) MarkDead()

MarkDead marks the node fail status.

func (*Node) ResetDead

func (node *Node) ResetDead()

ResetDead resets the node fail status.

func (Node) String

func (node Node) String() string

type NodeGroup

type NodeGroup struct {
	ID int
	// contains filtered or unexported fields
}

NodeGroup is a group of nodes.

func NewNodeGroup

func NewNodeGroup(nodes ...Node) *NodeGroup

NewNodeGroup creates a node group

func (*NodeGroup) AddNode

func (group *NodeGroup) AddNode(node ...Node)

AddNode appends node or node list into group node.

func (*NodeGroup) GetNode

func (group *NodeGroup) GetNode(i int) Node

GetNode returns the node specified by index in the group.

func (*NodeGroup) Next

func (group *NodeGroup) Next() (node Node, err error)

Next selects a node from group. It also selects IP if the IP list exists.

func (*NodeGroup) Nodes

func (group *NodeGroup) Nodes() []Node

Nodes returns the node list in the group

func (*NodeGroup) SetNodes

func (group *NodeGroup) SetNodes(nodes ...Node) []Node

SetNodes replaces the group nodes to the specified nodes, and returns the previous nodes.

func (*NodeGroup) SetSelector

func (group *NodeGroup) SetSelector(selector NodeSelector, opts ...SelectOption)

SetSelector sets node selector with options for the group.

type NodeSelector

type NodeSelector interface {
	Select(nodes []Node, opts ...SelectOption) (Node, error)
}

NodeSelector as a mechanism to pick nodes and mark their status.

type NopLogger

type NopLogger struct {
}

NopLogger is a dummy logger that discards the log outputs

func (*NopLogger) Log

func (l *NopLogger) Log(v ...interface{})

Log does nothing

func (*NopLogger) Logf

func (l *NopLogger) Logf(format string, v ...interface{})

Logf does nothing

type PasswordCallbackFunc

type PasswordCallbackFunc func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)

PasswordCallbackFunc is a callback function used by SSH server. It authenticates user using a password.

type Permission

type Permission struct {
	Actions StringSet
	Hosts   StringSet
	Ports   PortSet
}

Permission is a rule for blacklist and whitelist.

type Permissions

type Permissions []Permission

Permissions is a set of Permission.

func ParsePermissions

func ParsePermissions(s string) (*Permissions, error)

ParsePermissions parses the s to a Permissions.

func (*Permissions) Can

func (ps *Permissions) Can(action string, host string, port int) bool

Can tests whether the given action and host:port is allowed by this Permissions.

type PortRange

type PortRange struct {
	Min, Max int
}

PortRange specifies the range of port, such as 1000-2000.

func ParsePortRange

func ParsePortRange(s string) (*PortRange, error)

ParsePortRange parses the s to a PortRange. The s may be a '*' means 0-65535.

func (*PortRange) Contains

func (ir *PortRange) Contains(value int) bool

Contains checks whether the value is within this range.

type PortSet

type PortSet []PortRange

PortSet is a set of PortRange

func ParsePortSet

func ParsePortSet(s string) (*PortSet, error)

ParsePortSet parses the s to a PortSet. The s shoud be a comma separated string.

func (*PortSet) Contains

func (ps *PortSet) Contains(value int) bool

Contains checks whether the value is within this port set.

type PublicKeyCallbackFunc

type PublicKeyCallbackFunc func(c ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error)

PublicKeyCallbackFunc is a callback function used by SSH server. It offers a public key for authentication.

type QUICConfig

type QUICConfig struct {
	TLSConfig   *tls.Config
	Timeout     time.Duration
	KeepAlive   bool
	IdleTimeout time.Duration
	Key         []byte
}

QUICConfig is the config for QUIC client and server

type RandomStrategy

type RandomStrategy struct {
	Seed int64
	// contains filtered or unexported fields
}

RandomStrategy is a strategy for node selector. The node will be selected randomly.

func (*RandomStrategy) Apply

func (s *RandomStrategy) Apply(nodes []Node) Node

Apply applies the random strategy for the nodes.

func (*RandomStrategy) String

func (s *RandomStrategy) String() string

type ReloadResolver

type ReloadResolver interface {
	Resolver
	Reloader
	Stoppable
}

ReloadResolver is resolover that support live reloading.

func NewResolver

func NewResolver(ttl time.Duration, servers ...NameServer) ReloadResolver

NewResolver create a new Resolver with the given name servers and resolution timeout.

type Reloader

type Reloader interface {
	Reload(r io.Reader) error
	Period() time.Duration
}

Reloader is the interface for objects that support live reloading.

type Resolver

type Resolver interface {
	// Init initializes the Resolver instance.
	Init(opts ...ResolverOption) error
	// Resolve returns a slice of that host's IPv4 and IPv6 addresses.
	Resolve(host string) ([]net.IP, error)
	// Exchange performs a synchronous query,
	// It sends the message query and waits for a reply.
	Exchange(ctx context.Context, query []byte) (reply []byte, err error)
}

Resolver is a name resolver for domain name. It contains a list of name servers.

type ResolverOption

type ResolverOption func(*resolverOptions)

ResolverOption allows a common way to set Resolver options.

func BindIPResolverOption added in v0.4.0

func BindIPResolverOption(bindIP BindIP) ResolverOption

BindIPResolverOption sets the bind IP for Resolver.

func ChainResolverOption

func ChainResolverOption(chain *Chain) ResolverOption

ChainResolverOption sets the chain for Resolver.

func FDProtectorResolverOption added in v0.4.0

func FDProtectorResolverOption(fdp FDProtector) ResolverOption

FDProtectorResolverOption sets the FDProtector for Resolver.

func PreferResolverOption

func PreferResolverOption(prefer string) ResolverOption

PreferResolverOption sets the prefer for Resolver.

func SrcIPResolverOption

func SrcIPResolverOption(ip net.IP) ResolverOption

SrcIPResolverOption sets the source IP for Resolver.

func TTLResolverOption

func TTLResolverOption(ttl time.Duration) ResolverOption

TTLResolverOption sets the timeout for Resolver.

func TimeoutResolverOption

func TimeoutResolverOption(timeout time.Duration) ResolverOption

TimeoutResolverOption sets the timeout for Resolver.

type RoundStrategy

type RoundStrategy struct {
	// contains filtered or unexported fields
}

RoundStrategy is a strategy for node selector. The node will be selected by round-robin algorithm.

func (*RoundStrategy) Apply

func (s *RoundStrategy) Apply(nodes []Node) Node

Apply applies the round-robin strategy for the nodes.

func (*RoundStrategy) String

func (s *RoundStrategy) String() string

type SSHConfig

type SSHConfig struct {
	Authenticator  Authenticator
	TLSConfig      *tls.Config
	Key            ssh.Signer
	AuthorizedKeys map[string]bool
}

SSHConfig holds the SSH tunnel server config

type SelectOption

type SelectOption func(*SelectOptions)

SelectOption is the option used when making a select call.

func WithFilter

func WithFilter(f ...Filter) SelectOption

WithFilter adds a filter function to the list of filters used during the Select call.

func WithStrategy

func WithStrategy(s Strategy) SelectOption

WithStrategy sets the selector strategy

type SelectOptions

type SelectOptions struct {
	Filters  []Filter
	Strategy Strategy
}

SelectOptions is the options for node selection.

type Server

type Server struct {
	Listener Listener
	Handler  Handler
	// contains filtered or unexported fields
}

Server is a proxy server.

func (*Server) Addr

func (s *Server) Addr() net.Addr

Addr returns the address of the server

func (*Server) Close

func (s *Server) Close() error

Close closes the server

func (*Server) Init

func (s *Server) Init(opts ...ServerOption)

Init intializes server with given options.

func (*Server) Run

func (s *Server) Run() error

Run starts to serve.

func (*Server) Serve

func (s *Server) Serve(h Handler, opts ...ServerOption) error

Serve serves as a proxy server.

type ServerOption

type ServerOption func(opts *ServerOptions)

ServerOption allows a common way to set server options.

func BypassAcceptServerOption added in v0.3.2

func BypassAcceptServerOption(bypassAccept *Bypass) ServerOption

BypassAcceptServerOption sets the bypass accept client option of ServerOptions.

type ServerOptions

type ServerOptions struct {
	BypassAccept *Bypass
}

ServerOptions holds the options for Server.

type Stoppable

type Stoppable interface {
	Stop()
	Stopped() bool
}

Stoppable is the interface that indicates a Reloader can be stopped.

type Strategy

type Strategy interface {
	Apply([]Node) Node
	String() string
}

Strategy is a selection strategy e.g random, round-robin.

func NewStrategy

func NewStrategy(s string) Strategy

NewStrategy creates a Strategy by the name s.

type StringSet

type StringSet []string

StringSet is a set of string.

func ParseStringSet

func ParseStringSet(s string) (*StringSet, error)

ParseStringSet parses the s to a StringSet. The s shoud be a comma separated string.

func (*StringSet) Contains

func (ss *StringSet) Contains(subj string) bool

Contains checks whether the string subj within this StringSet.

type TapConfig

type TapConfig struct {
	Name    string
	Addr    string
	MTU     int
	Routes  []string
	Gateway string
}

TapConfig is the config for TAP device.

type Transporter

type Transporter interface {
	Dial(addr string, options ...DialOption) (net.Conn, error)
	Handshake(conn net.Conn, options ...HandshakeOption) (net.Conn, error)
	// Indicate that the Transporter supports multiplex
	Multiplex() bool
}

Transporter is responsible for handshaking with the proxy server.

func FakeTCPTransporter

func FakeTCPTransporter() Transporter

FakeTCPTransporter creates a Transporter that is used by fake tcp client.

func H2CTransporter

func H2CTransporter(path string) Transporter

H2CTransporter creates a Transporter that is used by HTTP2 h2c tunnel client.

func H2Transporter

func H2Transporter(config *tls.Config, path string) Transporter

H2Transporter creates a Transporter that is used by HTTP2 h2 tunnel client.

func HTTP2Transporter

func HTTP2Transporter(config *tls.Config) Transporter

HTTP2Transporter creates a Transporter that is used by HTTP2 h2 proxy client.

func KCPTransporter

func KCPTransporter(config *KCPConfig) Transporter

KCPTransporter creates a Transporter that is used by KCP proxy client.

func MTLSTransporter

func MTLSTransporter() Transporter

MTLSTransporter creates a Transporter that is used by multiplex-TLS proxy client.

func MWSSTransporter

func MWSSTransporter(opts *WSOptions) Transporter

MWSSTransporter creates a Transporter that is used by multiplex-websocket secure proxy client.

func MWSTransporter

func MWSTransporter(opts *WSOptions) Transporter

MWSTransporter creates a Transporter that is used by multiplex-websocket proxy client.

func Obfs4Transporter

func Obfs4Transporter() Transporter

Obfs4Transporter creates a Transporter that is used by obfs4 client.

func ObfsHTTPTransporter

func ObfsHTTPTransporter() Transporter

ObfsHTTPTransporter creates a Transporter that is used by HTTP obfuscating tunnel client.

func ObfsTLSTransporter

func ObfsTLSTransporter() Transporter

ObfsTLSTransporter creates a Transporter that is used by TLS obfuscating.

func QUICTransporter

func QUICTransporter(config *QUICConfig) Transporter

QUICTransporter creates a Transporter that is used by QUIC proxy client.

func SOCKS5MuxBindTransporter

func SOCKS5MuxBindTransporter(bindAddr string) Transporter

SOCKS5MuxBindTransporter creates a Transporter for SOCKS5 multiplex bind client.

func SSHForwardTransporter

func SSHForwardTransporter() Transporter

SSHForwardTransporter creates a Transporter that is used by SSH port forwarding server.

func SSHTunnelTransporter

func SSHTunnelTransporter() Transporter

SSHTunnelTransporter creates a Transporter that is used by SSH tunnel client.

func TCPTransporter

func TCPTransporter() Transporter

TCPTransporter creates a raw TCP client.

func TLSTransporter

func TLSTransporter() Transporter

TLSTransporter creates a Transporter that is used by TLS proxy client.

func UDPTransporter

func UDPTransporter() Transporter

UDPTransporter creates a Transporter for UDP client.

func WSSTransporter

func WSSTransporter(opts *WSOptions) Transporter

WSSTransporter creates a Transporter that is used by websocket secure proxy client.

func WSTransporter

func WSTransporter(opts *WSOptions) Transporter

WSTransporter creates a Transporter that is used by websocket proxy client.

type TunConfig

type TunConfig struct {
	Name    string
	Addr    string
	Peer    string // peer addr of point-to-point on MacOS
	MTU     int
	Routes  []IPRoute
	Gateway string
}

TunConfig is the config for TUN device.

type UDPListenConfig

type UDPListenConfig struct {
	TTL       time.Duration // timeout per connection
	Backlog   int           // connection backlog
	QueueSize int           // recv queue size per connection
}

UDPListenConfig is the config for UDP Listener.

type WSOptions

type WSOptions struct {
	ReadBufferSize      int
	WriteBufferSize     int
	HandshakeTimeout    time.Duration
	EnableCompression   bool
	UserAgent           string
	Path                string
	ReverseProxy        string
	MuxVersion          int //1 or 2
	MuxMaxReceiveBuffer int //mb
	MuxMaxStreamBuffer  int //kb
}

WSOptions describes the options for websocket.

Directories

Path Synopsis
cmd
examples
ssh
ssu

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL