root/gost_software
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

live reloading for base config

Browse Source
This commit is contained in:
ginuerzh 2018-11-27 10:08:18 +08:00
parent 194b651dd8
commit 5e0e08d5b0
6 changed files with 516 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bypass.go
View File

@ -122,8 +122,8 @@ func (m *domainMatcher) String() string {
// It contains a list of matchers. // It contains a list of matchers.
type Bypass struct { type Bypass struct {
matchers []Matcher matchers []Matcher
reversed bool
period time.Duration // the period for live reloading period time.Duration // the period for live reloading
reversed bool
mux sync.RWMutex mux sync.RWMutex
} }

67
cmd/gost/cfg.go
View File

@ -7,6 +7,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io"
"io/ioutil" "io/ioutil"
"net/url" "net/url"
"os" "os"
@ -51,35 +52,60 @@ func loadCA(caFile string) (cp *x509.CertPool, err error) {
return return
} }
func loadConfigureFile(configureFile string) error { type baseConfig struct {
if configureFile == "" { route
return nil Routes []route
} ReloadPeriod string
content, err := ioutil.ReadFile(configureFile) Debug bool
}
func parseBaseConfig(s string) (*baseConfig, error) {
file, err := os.Open(s)
if err != nil { if err != nil {
return err return nil, err
} }
var cfg struct { defer file.Close()
route
Routes []route if err := json.NewDecoder(file).Decode(baseCfg); err != nil {
return nil, err
} }
if err := json.Unmarshal(content, &cfg); err != nil {
return baseCfg, nil
}
func (cfg *baseConfig) IsValid() bool {
return len(cfg.route.ServeNodes) > 0
}
func (cfg *baseConfig) Reload(r io.Reader) error {
c := baseConfig{}
if err := json.NewDecoder(r).Decode(&c); err != nil {
return err return err
} }
if len(cfg.route.ServeNodes) > 0 { cfg.route.Close()
routes = append(routes, cfg.route) for _, r := range cfg.Routes {
} r.Close()
for _, route := range cfg.Routes {
if len(route.ServeNodes) > 0 {
routes = append(routes, route)
}
} }
*cfg = c
gost.Debug = cfg.Debug gost.Debug = cfg.Debug
if err := cfg.route.serve(); err != nil {
return err
}
for _, route := range cfg.Routes {
if err := route.serve(); err != nil {
return err
}
}
return nil return nil
} }
func (cfg *baseConfig) Period() time.Duration {
d, _ := time.ParseDuration(cfg.ReloadPeriod)
return d
}
type stringList []string type stringList []string
func (l *stringList) String() string { func (l *stringList) String() string {
@ -240,3 +266,10 @@ func parseResolver(cfg string) gost.Resolver {
return resolver return resolver
} }
func parseHosts(s string) *gost.Hosts {
hosts := gost.NewHosts()
go gost.PeriodReload(hosts, s)
return hosts
}

444
cmd/gost/main.go
View File

@ -1,69 +1,63 @@
package main package main
import ( import (
"crypto/sha256"
"crypto/tls" "crypto/tls"
"flag" "flag"
"fmt" "fmt"
"net"
// _ "net/http/pprof"
"os" "os"
"runtime" "runtime"
"time"
// _ "net/http/pprof"
"github.com/ginuerzh/gost" "github.com/ginuerzh/gost"
"github.com/go-log/log" "github.com/go-log/log"
) )
var ( var (
options route configureFile string
routes []route baseCfg = &baseConfig{}
) )
func init() { func init() {
gost.SetLogger(&gost.LogLogger{}) gost.SetLogger(&gost.LogLogger{})
var ( var (
configureFile string printVersion bool
printVersion bool
) )
flag.Var(&options.ChainNodes, "F", "forward address, can make a forward chain") flag.Var(&baseCfg.route.ChainNodes, "F", "forward address, can make a forward chain")
flag.Var(&options.ServeNodes, "L", "listen address, can listen on multiple ports") flag.Var(&baseCfg.route.ServeNodes, "L", "listen address, can listen on multiple ports")
flag.StringVar(&configureFile, "C", "", "configure file") flag.StringVar(&configureFile, "C", "", "configure file")
flag.BoolVar(&options.Debug, "D", false, "enable debug log") flag.BoolVar(&baseCfg.Debug, "D", false, "enable debug log")
flag.BoolVar(&printVersion, "V", false, "print version") flag.BoolVar(&printVersion, "V", false, "print version")
flag.Parse() flag.Parse()
if printVersion { if printVersion {
fmt.Fprintf(os.Stderr, "gost %s (%s)\n", gost.Version, runtime.Version()) fmt.Fprintf(os.Stderr, "gost %s (%s %s/%s)\n",
gost.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
os.Exit(0) os.Exit(0)
} }
if len(options.ServeNodes) > 0 { if configureFile != "" {
routes = append(routes, options) _, err := parseBaseConfig(configureFile)
if err != nil {
log.Log(err)
os.Exit(1)
}
} }
gost.Debug = options.Debug if flag.NFlag() == 0 || !baseCfg.IsValid() {
if err := loadConfigureFile(configureFile); err != nil {
log.Log(err)
os.Exit(1)
}
if flag.NFlag() == 0 || len(routes) == 0 {
flag.PrintDefaults() flag.PrintDefaults()
os.Exit(0) os.Exit(0)
} }
} }
func main() { func main() {
// go func() { // go func() {
// log.Log(http.ListenAndServe("localhost:6060", nil)) // log.Log(http.ListenAndServe("localhost:6060", nil))
// }() // }()
// NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate. // NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate.
config, err := tlsConfig(defaultCertFile, defaultKeyFile) tlsConfig, err := tlsConfig(defaultCertFile, defaultKeyFile)
if err != nil { if err != nil {
// generate random self-signed certificate. // generate random self-signed certificate.
cert, err := gost.GenCertificate() cert, err := gost.GenCertificate()
@ -71,410 +65,30 @@ func main() {
log.Log(err) log.Log(err)
os.Exit(1) os.Exit(1)
} }
config = &tls.Config{ tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
} }
} }
gost.DefaultTLSConfig = config gost.DefaultTLSConfig = tlsConfig
for _, route := range routes { start()
if err := route.serve(); err != nil {
log.Log(err)
os.Exit(1)
}
}
select {} select {}
} }
type route struct { func start() error {
ChainNodes, ServeNodes stringList gost.Debug = baseCfg.Debug
Retries int
Debug bool
}
func (r *route) initChain() (*gost.Chain, error) { if err := baseCfg.route.serve(); err != nil {
chain := gost.NewChain()
chain.Retries = r.Retries
gid := 1 // group ID
for _, ns := range r.ChainNodes {
ngroup := gost.NewNodeGroup()
ngroup.ID = gid
gid++
// parse the base nodes
nodes, err := parseChainNode(ns)
if err != nil {
return nil, err
}
nid := 1 // node ID
for i := range nodes {
nodes[i].ID = nid
nid++
}
ngroup.AddNode(nodes...)
go gost.PeriodReload(&peerConfig{
group: ngroup,
baseNodes: nodes,
}, nodes[0].Get("peer"))
chain.AddNodeGroup(ngroup)
}
return chain, nil
}
func parseChainNode(ns string) (nodes []gost.Node, err error) {
node, err := gost.ParseNode(ns)
if err != nil {
return
}
users, err := parseUsers(node.Get("secrets"))
if err != nil {
return
}
if node.User == nil && len(users) > 0 {
node.User = users[0]
}
serverName, sport, _ := net.SplitHostPort(node.Addr)
if serverName == "" {
serverName = "localhost" // default server name
}
rootCAs, err := loadCA(node.Get("ca"))
if err != nil {
return
}
tlsCfg := &tls.Config{
ServerName: serverName,
InsecureSkipVerify: !node.GetBool("secure"),
RootCAs: rootCAs,
}
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = node.GetBool("compression")
wsOpts.ReadBufferSize = node.GetInt("rbuf")
wsOpts.WriteBufferSize = node.GetInt("wbuf")
wsOpts.UserAgent = node.Get("agent")
var tr gost.Transporter
switch node.Transport {
case "tls":
tr = gost.TLSTransporter()
case "mtls":
tr = gost.MTLSTransporter()
case "ws":
tr = gost.WSTransporter(wsOpts)
case "mws":
tr = gost.MWSTransporter(wsOpts)
case "wss":
tr = gost.WSSTransporter(wsOpts)
case "mwss":
tr = gost.MWSSTransporter(wsOpts)
case "kcp":
config, err := parseKCPConfig(node.Get("c"))
if err != nil {
return nil, err
}
tr = gost.KCPTransporter(config)
case "ssh":
if node.Protocol == "direct" || node.Protocol == "remote" {
tr = gost.SSHForwardTransporter()
} else {
tr = gost.SSHTunnelTransporter()
}
case "quic":
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: node.GetBool("keepalive"),
Timeout: time.Duration(node.GetInt("timeout")) * time.Second,
IdleTimeout: time.Duration(node.GetInt("idle")) * time.Second,
}
if cipher := node.Get("cipher"); cipher != "" {
sum := sha256.Sum256([]byte(cipher))
config.Key = sum[:]
}
tr = gost.QUICTransporter(config)
case "http2":
tr = gost.HTTP2Transporter(tlsCfg)
case "h2":
tr = gost.H2Transporter(tlsCfg)
case "h2c":
tr = gost.H2CTransporter()
case "obfs4":
tr = gost.Obfs4Transporter()
case "ohttp":
tr = gost.ObfsHTTPTransporter()
default:
tr = gost.TCPTransporter()
}
var connector gost.Connector
switch node.Protocol {
case "http2":
connector = gost.HTTP2Connector(node.User)
case "socks", "socks5":
connector = gost.SOCKS5Connector(node.User)
case "socks4":
connector = gost.SOCKS4Connector()
case "socks4a":
connector = gost.SOCKS4AConnector()
case "ss":
connector = gost.ShadowConnector(node.User)
case "direct":
connector = gost.SSHDirectForwardConnector()
case "remote":
connector = gost.SSHRemoteForwardConnector()
case "forward":
connector = gost.ForwardConnector()
case "sni":
connector = gost.SNIConnector(node.Get("host"))
case "http":
fallthrough
default:
node.Protocol = "http" // default protocol is HTTP
connector = gost.HTTPConnector(node.User)
}
timeout := node.GetInt("timeout")
node.DialOptions = append(node.DialOptions,
gost.TimeoutDialOption(time.Duration(timeout)*time.Second),
)
handshakeOptions := []gost.HandshakeOption{
gost.AddrHandshakeOption(node.Addr),
gost.HostHandshakeOption(node.Host),
gost.UserHandshakeOption(node.User),
gost.TLSConfigHandshakeOption(tlsCfg),
gost.IntervalHandshakeOption(time.Duration(node.GetInt("ping")) * time.Second),
gost.TimeoutHandshakeOption(time.Duration(timeout) * time.Second),
gost.RetryHandshakeOption(node.GetInt("retry")),
}
node.Client = &gost.Client{
Connector: connector,
Transporter: tr,
}
node.Bypass = parseBypass(node.Get("bypass"))
ips := parseIP(node.Get("ip"), sport)
for _, ip := range ips {
node.Addr = ip
// override the default node address
node.HandshakeOptions = append(handshakeOptions, gost.AddrHandshakeOption(ip))
// One node per IP
nodes = append(nodes, node)
}
if len(ips) == 0 {
node.HandshakeOptions = handshakeOptions
nodes = []gost.Node{node}
}
if node.Transport == "obfs4" {
for i := range nodes {
if err := gost.Obfs4Init(nodes[i], false); err != nil {
return nil, err
}
}
}
return
}
func (r *route) serve() error {
chain, err := r.initChain()
if err != nil {
return err return err
} }
for _, route := range baseCfg.Routes {
for _, ns := range r.ServeNodes { if err := route.serve(); err != nil {
node, err := gost.ParseNode(ns)
if err != nil {
return err return err
} }
users, err := parseUsers(node.Get("secrets"))
if err != nil {
return err
}
if node.User != nil {
users = append(users, node.User)
}
certFile, keyFile := node.Get("cert"), node.Get("key")
tlsCfg, err := tlsConfig(certFile, keyFile)
if err != nil && certFile != "" && keyFile != "" {
return err
}
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = node.GetBool("compression")
wsOpts.ReadBufferSize = node.GetInt("rbuf")
wsOpts.WriteBufferSize = node.GetInt("wbuf")
var ln gost.Listener
switch node.Transport {
case "tls":
ln, err = gost.TLSListener(node.Addr, tlsCfg)
case "mtls":
ln, err = gost.MTLSListener(node.Addr, tlsCfg)
case "ws":
wsOpts.WriteBufferSize = node.GetInt("wbuf")
ln, err = gost.WSListener(node.Addr, wsOpts)
case "mws":
ln, err = gost.MWSListener(node.Addr, wsOpts)
case "wss":
ln, err = gost.WSSListener(node.Addr, tlsCfg, wsOpts)
case "mwss":
ln, err = gost.MWSSListener(node.Addr, tlsCfg, wsOpts)
case "kcp":
config, er := parseKCPConfig(node.Get("c"))
if er != nil {
return er
}
ln, err = gost.KCPListener(node.Addr, config)
case "ssh":
config := &gost.SSHConfig{
Users: users,
TLSConfig: tlsCfg,
}
if node.Protocol == "forward" {
ln, err = gost.TCPListener(node.Addr)
} else {
ln, err = gost.SSHTunnelListener(node.Addr, config)
}
case "quic":
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: node.GetBool("keepalive"),
Timeout: time.Duration(node.GetInt("timeout")) * time.Second,
IdleTimeout: time.Duration(node.GetInt("idle")) * time.Second,
}
if cipher := node.Get("cipher"); cipher != "" {
sum := sha256.Sum256([]byte(cipher))
config.Key = sum[:]
}
ln, err = gost.QUICListener(node.Addr, config)
case "http2":
ln, err = gost.HTTP2Listener(node.Addr, tlsCfg)
case "h2":
ln, err = gost.H2Listener(node.Addr, tlsCfg)
case "h2c":
ln, err = gost.H2CListener(node.Addr)
case "tcp":
// Directly use SSH port forwarding if the last chain node is forward+ssh
if chain.LastNode().Protocol == "forward" && chain.LastNode().Transport == "ssh" {
chain.Nodes()[len(chain.Nodes())-1].Client.Connector = gost.SSHDirectForwardConnector()
chain.Nodes()[len(chain.Nodes())-1].Client.Transporter = gost.SSHForwardTransporter()
}
ln, err = gost.TCPListener(node.Addr)
case "rtcp":
// Directly use SSH port forwarding if the last chain node is forward+ssh
if chain.LastNode().Protocol == "forward" && chain.LastNode().Transport == "ssh" {
chain.Nodes()[len(chain.Nodes())-1].Client.Connector = gost.SSHRemoteForwardConnector()
chain.Nodes()[len(chain.Nodes())-1].Client.Transporter = gost.SSHForwardTransporter()
}
ln, err = gost.TCPRemoteForwardListener(node.Addr, chain)
case "udp":
ln, err = gost.UDPDirectForwardListener(node.Addr, time.Duration(node.GetInt("ttl"))*time.Second)
case "rudp":
ln, err = gost.UDPRemoteForwardListener(node.Addr, chain, time.Duration(node.GetInt("ttl"))*time.Second)
case "ssu":
ln, err = gost.ShadowUDPListener(node.Addr, node.User, time.Duration(node.GetInt("ttl"))*time.Second)
case "obfs4":
if err = gost.Obfs4Init(node, true); err != nil {
return err
}
ln, err = gost.Obfs4Listener(node.Addr)
case "ohttp":
ln, err = gost.ObfsHTTPListener(node.Addr)
default:
ln, err = gost.TCPListener(node.Addr)
}
if err != nil {
return err
}
var handler gost.Handler
switch node.Protocol {
case "http2":
handler = gost.HTTP2Handler()
case "socks", "socks5":
handler = gost.SOCKS5Handler()
case "socks4", "socks4a":
handler = gost.SOCKS4Handler()
case "ss":
handler = gost.ShadowHandler()
case "http":
handler = gost.HTTPHandler()
case "tcp":
handler = gost.TCPDirectForwardHandler(node.Remote)
case "rtcp":
handler = gost.TCPRemoteForwardHandler(node.Remote)
case "udp":
handler = gost.UDPDirectForwardHandler(node.Remote)
case "rudp":
handler = gost.UDPRemoteForwardHandler(node.Remote)
case "forward":
handler = gost.SSHForwardHandler()
case "redirect":
handler = gost.TCPRedirectHandler()
case "ssu":
handler = gost.ShadowUDPdHandler()
case "sni":
handler = gost.SNIHandler()
default:
// start from 2.5, if remote is not empty, then we assume that it is a forward tunnel.
if node.Remote != "" {
handler = gost.TCPDirectForwardHandler(node.Remote)
} else {
handler = gost.AutoHandler()
}
}
var whitelist, blacklist *gost.Permissions
if node.Values.Get("whitelist") != "" {
if whitelist, err = gost.ParsePermissions(node.Get("whitelist")); err != nil {
return err
}
}
if node.Values.Get("blacklist") != "" {
if blacklist, err = gost.ParsePermissions(node.Get("blacklist")); err != nil {
return err
}
}
var hosts *gost.Hosts
if f, _ := os.Open(node.Get("hosts")); f != nil {
f.Close()
hosts = gost.NewHosts()
go gost.PeriodReload(hosts, node.Get("hosts"))
}
handler.Init(
gost.AddrHandlerOption(node.Addr),
gost.ChainHandlerOption(chain),
gost.UsersHandlerOption(users...),
gost.TLSConfigHandlerOption(tlsCfg),
gost.WhitelistHandlerOption(whitelist),
gost.BlacklistHandlerOption(blacklist),
gost.BypassHandlerOption(parseBypass(node.Get("bypass"))),
gost.StrategyHandlerOption(parseStrategy(node.Get("strategy"))),
gost.ResolverHandlerOption(parseResolver(node.Get("dns"))),
gost.HostsHandlerOption(hosts),
gost.RetryHandlerOption(node.GetInt("retry")),
gost.TimeoutHandlerOption(time.Duration(node.GetInt("timeout"))*time.Second),
gost.ProbeResistHandlerOption(node.Get("probe_resist")),
)
srv := &gost.Server{Listener: ln}
go srv.Serve(handler)
} }
go gost.PeriodReload(baseCfg, configureFile)
return nil return nil
} }

27
cmd/gost/peer.go
View File

@ -13,6 +13,11 @@ import (
"github.com/ginuerzh/gost" "github.com/ginuerzh/gost"
) )
const (
defaultMaxFails = 1
defaultFailTimeout = 30 * time.Second
)
type peerConfig struct { type peerConfig struct {
Strategy string `json:"strategy"` Strategy string `json:"strategy"`
MaxFails int `json:"max_fails"` MaxFails int `json:"max_fails"`
@ -39,10 +44,10 @@ func parsePeerConfig(cfg string, group *gost.NodeGroup, baseNodes []gost.Node) *
func (cfg *peerConfig) Validate() { func (cfg *peerConfig) Validate() {
if cfg.MaxFails <= 0 { if cfg.MaxFails <= 0 {
cfg.MaxFails = 1 cfg.MaxFails = defaultMaxFails
} }
if cfg.FailTimeout <= 0 { if cfg.FailTimeout <= 0 {
cfg.FailTimeout = 30 // seconds cfg.FailTimeout = defaultFailTimeout // seconds
} }
} }
@ -53,20 +58,22 @@ func (cfg *peerConfig) Reload(r io.Reader) error {
cfg.Validate() cfg.Validate()
group := cfg.group group := cfg.group
strategy := cfg.Strategy /*
if len(cfg.baseNodes) > 0 { strategy := cfg.Strategy
// overwrite the strategry in the peer config if `strategy` param exists. if len(cfg.baseNodes) > 0 {
if s := cfg.baseNodes[0].Get("strategy"); s != "" { // overwrite the strategry in the peer config if `strategy` param exists.
strategy = s if s := cfg.baseNodes[0].Get("strategy"); s != "" {
strategy = s
}
} }
} */
group.SetSelector( group.SetSelector(
nil, nil,
gost.WithFilter(&gost.FailFilter{ gost.WithFilter(&gost.FailFilter{
MaxFails: cfg.MaxFails, MaxFails: cfg.MaxFails,
FailTimeout: time.Duration(cfg.FailTimeout) * time.Second, FailTimeout: cfg.FailTimeout,
}), }),
gost.WithStrategy(parseStrategy(strategy)), gost.WithStrategy(parseStrategy(cfg.Strategy)),
) )
gNodes := cfg.baseNodes gNodes := cfg.baseNodes

412
cmd/gost/route.go Normal file
View File

@ -0,0 +1,412 @@
package main
import (
"crypto/sha256"
"crypto/tls"
"net"
"time"
"github.com/ginuerzh/gost"
)
type route struct {
ServeNodes stringList
ChainNodes stringList
Retries int
server *gost.Server
}
func (r *route) initChain() (*gost.Chain, error) {
chain := gost.NewChain()
chain.Retries = r.Retries
gid := 1 // group ID
for _, ns := range r.ChainNodes {
ngroup := gost.NewNodeGroup()
ngroup.ID = gid
gid++
// parse the base nodes
nodes, err := parseChainNode(ns)
if err != nil {
return nil, err
}
nid := 1 // node ID
for i := range nodes {
nodes[i].ID = nid
nid++
}
ngroup.AddNode(nodes...)
ngroup.SetSelector(nil,
gost.WithFilter(&gost.FailFilter{
MaxFails: defaultMaxFails,
FailTimeout: defaultFailTimeout,
}),
gost.WithStrategy(parseStrategy(nodes[0].Get("strategy"))),
)
go gost.PeriodReload(&peerConfig{
group: ngroup,
baseNodes: nodes,
}, nodes[0].Get("peer"))
chain.AddNodeGroup(ngroup)
}
return chain, nil
}
func parseChainNode(ns string) (nodes []gost.Node, err error) {
node, err := gost.ParseNode(ns)
if err != nil {
return
}
users, err := parseUsers(node.Get("secrets"))
if err != nil {
return
}
if node.User == nil && len(users) > 0 {
node.User = users[0]
}
serverName, sport, _ := net.SplitHostPort(node.Addr)
if serverName == "" {
serverName = "localhost" // default server name
}
rootCAs, err := loadCA(node.Get("ca"))
if err != nil {
return
}
tlsCfg := &tls.Config{
ServerName: serverName,
InsecureSkipVerify: !node.GetBool("secure"),
RootCAs: rootCAs,
}
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = node.GetBool("compression")
wsOpts.ReadBufferSize = node.GetInt("rbuf")
wsOpts.WriteBufferSize = node.GetInt("wbuf")
wsOpts.UserAgent = node.Get("agent")
var tr gost.Transporter
switch node.Transport {
case "tls":
tr = gost.TLSTransporter()
case "mtls":
tr = gost.MTLSTransporter()
case "ws":
tr = gost.WSTransporter(wsOpts)
case "mws":
tr = gost.MWSTransporter(wsOpts)
case "wss":
tr = gost.WSSTransporter(wsOpts)
case "mwss":
tr = gost.MWSSTransporter(wsOpts)
case "kcp":
config, err := parseKCPConfig(node.Get("c"))
if err != nil {
return nil, err
}
tr = gost.KCPTransporter(config)
case "ssh":
if node.Protocol == "direct" || node.Protocol == "remote" {
tr = gost.SSHForwardTransporter()
} else {
tr = gost.SSHTunnelTransporter()
}
case "quic":
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: node.GetBool("keepalive"),
Timeout: time.Duration(node.GetInt("timeout")) * time.Second,
IdleTimeout: time.Duration(node.GetInt("idle")) * time.Second,
}
if cipher := node.Get("cipher"); cipher != "" {
sum := sha256.Sum256([]byte(cipher))
config.Key = sum[:]
}
tr = gost.QUICTransporter(config)
case "http2":
tr = gost.HTTP2Transporter(tlsCfg)
case "h2":
tr = gost.H2Transporter(tlsCfg)
case "h2c":
tr = gost.H2CTransporter()
case "obfs4":
tr = gost.Obfs4Transporter()
case "ohttp":
tr = gost.ObfsHTTPTransporter()
default:
tr = gost.TCPTransporter()
}
var connector gost.Connector
switch node.Protocol {
case "http2":
connector = gost.HTTP2Connector(node.User)
case "socks", "socks5":
connector = gost.SOCKS5Connector(node.User)
case "socks4":
connector = gost.SOCKS4Connector()
case "socks4a":
connector = gost.SOCKS4AConnector()
case "ss":
connector = gost.ShadowConnector(node.User)
case "direct":
connector = gost.SSHDirectForwardConnector()
case "remote":
connector = gost.SSHRemoteForwardConnector()
case "forward":
connector = gost.ForwardConnector()
case "sni":
connector = gost.SNIConnector(node.Get("host"))
case "http":
fallthrough
default:
node.Protocol = "http" // default protocol is HTTP
connector = gost.HTTPConnector(node.User)
}
timeout := node.GetInt("timeout")
node.DialOptions = append(node.DialOptions,
gost.TimeoutDialOption(time.Duration(timeout)*time.Second),
)
handshakeOptions := []gost.HandshakeOption{
gost.AddrHandshakeOption(node.Addr),
gost.HostHandshakeOption(node.Host),
gost.UserHandshakeOption(node.User),
gost.TLSConfigHandshakeOption(tlsCfg),
gost.IntervalHandshakeOption(time.Duration(node.GetInt("ping")) * time.Second),
gost.TimeoutHandshakeOption(time.Duration(timeout) * time.Second),
gost.RetryHandshakeOption(node.GetInt("retry")),
}
node.Client = &gost.Client{
Connector: connector,
Transporter: tr,
}
node.Bypass = parseBypass(node.Get("bypass"))
ips := parseIP(node.Get("ip"), sport)
for _, ip := range ips {
nd := node.Clone()
nd.Addr = ip
// override the default node address
nd.HandshakeOptions = append(handshakeOptions, gost.AddrHandshakeOption(ip))
// One node per IP
nodes = append(nodes, nd)
}
if len(ips) == 0 {
node.HandshakeOptions = handshakeOptions
nodes = []gost.Node{node}
}
if node.Transport == "obfs4" {
for i := range nodes {
if err := gost.Obfs4Init(nodes[i], false); err != nil {
return nil, err
}
}
}
return
}
func (r *route) serve() error {
chain, err := r.initChain()
if err != nil {
return err
}
for _, ns := range r.ServeNodes {
node, err := gost.ParseNode(ns)
if err != nil {
return err
}
users, err := parseUsers(node.Get("secrets"))
if err != nil {
return err
}
if node.User != nil {
users = append(users, node.User)
}
certFile, keyFile := node.Get("cert"), node.Get("key")
tlsCfg, err := tlsConfig(certFile, keyFile)
if err != nil && certFile != "" && keyFile != "" {
return err
}
wsOpts := &gost.WSOptions{}
wsOpts.EnableCompression = node.GetBool("compression")
wsOpts.ReadBufferSize = node.GetInt("rbuf")
wsOpts.WriteBufferSize = node.GetInt("wbuf")
var ln gost.Listener
switch node.Transport {
case "tls":
ln, err = gost.TLSListener(node.Addr, tlsCfg)
case "mtls":
ln, err = gost.MTLSListener(node.Addr, tlsCfg)
case "ws":
wsOpts.WriteBufferSize = node.GetInt("wbuf")
ln, err = gost.WSListener(node.Addr, wsOpts)
case "mws":
ln, err = gost.MWSListener(node.Addr, wsOpts)
case "wss":
ln, err = gost.WSSListener(node.Addr, tlsCfg, wsOpts)
case "mwss":
ln, err = gost.MWSSListener(node.Addr, tlsCfg, wsOpts)
case "kcp":
config, er := parseKCPConfig(node.Get("c"))
if er != nil {
return er
}
ln, err = gost.KCPListener(node.Addr, config)
case "ssh":
config := &gost.SSHConfig{
Users: users,
TLSConfig: tlsCfg,
}
if node.Protocol == "forward" {
ln, err = gost.TCPListener(node.Addr)
} else {
ln, err = gost.SSHTunnelListener(node.Addr, config)
}
case "quic":
config := &gost.QUICConfig{
TLSConfig: tlsCfg,
KeepAlive: node.GetBool("keepalive"),
Timeout: time.Duration(node.GetInt("timeout")) * time.Second,
IdleTimeout: time.Duration(node.GetInt("idle")) * time.Second,
}
if cipher := node.Get("cipher"); cipher != "" {
sum := sha256.Sum256([]byte(cipher))
config.Key = sum[:]
}
ln, err = gost.QUICListener(node.Addr, config)
case "http2":
ln, err = gost.HTTP2Listener(node.Addr, tlsCfg)
case "h2":
ln, err = gost.H2Listener(node.Addr, tlsCfg)
case "h2c":
ln, err = gost.H2CListener(node.Addr)
case "tcp":
// Directly use SSH port forwarding if the last chain node is forward+ssh
if chain.LastNode().Protocol == "forward" && chain.LastNode().Transport == "ssh" {
chain.Nodes()[len(chain.Nodes())-1].Client.Connector = gost.SSHDirectForwardConnector()
chain.Nodes()[len(chain.Nodes())-1].Client.Transporter = gost.SSHForwardTransporter()
}
ln, err = gost.TCPListener(node.Addr)
case "rtcp":
// Directly use SSH port forwarding if the last chain node is forward+ssh
if chain.LastNode().Protocol == "forward" && chain.LastNode().Transport == "ssh" {
chain.Nodes()[len(chain.Nodes())-1].Client.Connector = gost.SSHRemoteForwardConnector()
chain.Nodes()[len(chain.Nodes())-1].Client.Transporter = gost.SSHForwardTransporter()
}
ln, err = gost.TCPRemoteForwardListener(node.Addr, chain)
case "udp":
ln, err = gost.UDPDirectForwardListener(node.Addr, time.Duration(node.GetInt("ttl"))*time.Second)
case "rudp":
ln, err = gost.UDPRemoteForwardListener(node.Addr, chain, time.Duration(node.GetInt("ttl"))*time.Second)
case "ssu":
ln, err = gost.ShadowUDPListener(node.Addr, node.User, time.Duration(node.GetInt("ttl"))*time.Second)
case "obfs4":
if err = gost.Obfs4Init(node, true); err != nil {
return err
}
ln, err = gost.Obfs4Listener(node.Addr)
case "ohttp":
ln, err = gost.ObfsHTTPListener(node.Addr)
default:
ln, err = gost.TCPListener(node.Addr)
}
if err != nil {
return err
}
var handler gost.Handler
switch node.Protocol {
case "http2":
handler = gost.HTTP2Handler()
case "socks", "socks5":
handler = gost.SOCKS5Handler()
case "socks4", "socks4a":
handler = gost.SOCKS4Handler()
case "ss":
handler = gost.ShadowHandler()
case "http":
handler = gost.HTTPHandler()
case "tcp":
handler = gost.TCPDirectForwardHandler(node.Remote)
case "rtcp":
handler = gost.TCPRemoteForwardHandler(node.Remote)
case "udp":
handler = gost.UDPDirectForwardHandler(node.Remote)
case "rudp":
handler = gost.UDPRemoteForwardHandler(node.Remote)
case "forward":
handler = gost.SSHForwardHandler()
case "redirect":
handler = gost.TCPRedirectHandler()
case "ssu":
handler = gost.ShadowUDPdHandler()
case "sni":
handler = gost.SNIHandler()
default:
// start from 2.5, if remote is not empty, then we assume that it is a forward tunnel.
if node.Remote != "" {
handler = gost.TCPDirectForwardHandler(node.Remote)
} else {
handler = gost.AutoHandler()
}
}
var whitelist, blacklist *gost.Permissions
if node.Values.Get("whitelist") != "" {
if whitelist, err = gost.ParsePermissions(node.Get("whitelist")); err != nil {
return err
}
}
if node.Values.Get("blacklist") != "" {
if blacklist, err = gost.ParsePermissions(node.Get("blacklist")); err != nil {
return err
}
}
handler.Init(
gost.AddrHandlerOption(node.Addr),
gost.ChainHandlerOption(chain),
gost.UsersHandlerOption(users...),
gost.TLSConfigHandlerOption(tlsCfg),
gost.WhitelistHandlerOption(whitelist),
gost.BlacklistHandlerOption(blacklist),
gost.StrategyHandlerOption(parseStrategy(node.Get("strategy"))),
gost.BypassHandlerOption(parseBypass(node.Get("bypass"))),
gost.ResolverHandlerOption(parseResolver(node.Get("dns"))),
gost.HostsHandlerOption(parseHosts(node.Get("hosts"))),
gost.RetryHandlerOption(node.GetInt("retry")),
gost.TimeoutHandlerOption(time.Duration(node.GetInt("timeout"))*time.Second),
gost.ProbeResistHandlerOption(node.Get("probe_resist")),
)
r.server = &gost.Server{Listener: ln}
go r.server.Serve(handler)
}
return nil
}
func (r *route) Close() error {
if r == nil || r.server == nil {
return nil
}
return r.server.Close()
}

9
reload.go
View File

@ -16,8 +16,11 @@ type Reloader interface {
// PeriodReload reloads the config periodically according to the period of the reloader. // PeriodReload reloads the config periodically according to the period of the reloader.
func PeriodReload(r Reloader, configFile string) error { func PeriodReload(r Reloader, configFile string) error {
var lastMod time.Time if configFile == "" {
return nil
}
var lastMod time.Time
for { for {
f, err := os.Open(configFile) f, err := os.Open(configFile)
if err != nil { if err != nil {
@ -32,7 +35,9 @@ func PeriodReload(r Reloader, configFile string) error {
mt := finfo.ModTime() mt := finfo.ModTime()
if !mt.Equal(lastMod) { if !mt.Equal(lastMod) {
log.Log("[reload]", configFile) log.Log("[reload]", configFile)
r.Reload(f) if err := r.Reload(f); err != nil {
log.Logf("[reload] %s: %s", configFile, err)
}
lastMod = mt lastMod = mt
} }
f.Close() f.Close()