diff --git a/examples/bench/cli.go b/examples/bench/cli.go
deleted file mode 100644
index 57c189c..0000000
--- a/examples/bench/cli.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package main
-
-import (
-	"bufio"
-	"flag"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"sync"
-	"time"
-
-	"github.com/ginuerzh/gost"
-	"golang.org/x/net/http2"
-)
-
-var (
-	requests, concurrency int
-	quiet                 bool
-	swg, ewg              sync.WaitGroup
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.IntVar(&requests, "n", 1, "Number of requests to perform")
-	flag.IntVar(&concurrency, "c", 1, "Number of multiple requests to make at a time")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&http2.VerboseLogs, "v", false, "HTTP2 verbose logs")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	chain := gost.NewChain(
-
-		/*
-			// http+tcp
-			gost.Node{
-				Addr: "127.0.0.1:18080",
-				Client: gost.NewClient(
-					gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					gost.TCPTransporter(),
-				),
-			},
-		*/
-
-		/*
-			// socks5+tcp
-			gost.Node{
-				Addr: "127.0.0.1:11080",
-				Client: gost.NewClient(
-					gost.SOCKS5Connector(url.UserPassword("admin", "123456")),
-					gost.TCPTransporter(),
-				),
-			},
-		*/
-
-		/*
-			// ss+tcp
-			gost.Node{
-				Addr: "127.0.0.1:18338",
-				Client: gost.NewClient(
-					gost.ShadowConnector(url.UserPassword("chacha20", "123456")),
-					gost.TCPTransporter(),
-				),
-			},
-		*/
-
-		/*
-			// http+ws
-			gost.Node{
-				Addr: "127.0.0.1:18000",
-				Client: gost.NewClient(
-					gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					gost.WSTransporter(nil),
-				),
-			},
-		*/
-
-		/*
-			// http+wss
-			gost.Node{
-				Addr: "127.0.0.1:18443",
-				Client: gost.NewClient(
-					gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					gost.WSSTransporter(nil),
-				),
-			},
-		*/
-
-		/*
-			// http+tls
-			gost.Node{
-				Addr: "127.0.0.1:11443",
-				Client: gost.NewClient(
-					gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					gost.TLSTransporter(),
-				),
-			},
-		*/
-
-		/*
-			// http2
-			gost.Node{
-				Addr: "127.0.0.1:1443",
-				Client: &gost.Client{
-					Connector:   gost.HTTP2Connector(url.UserPassword("admin", "123456")),
-					Transporter: gost.HTTP2Transporter(nil),
-				},
-			},
-		*/
-
-		/*
-			// http+kcp
-			gost.Node{
-				Addr: "127.0.0.1:18388",
-				Client: gost.NewClient(
-					gost.HTTPConnector(nil),
-					gost.KCPTransporter(nil),
-				),
-			},
-		*/
-
-		/*
-			// http+ssh
-			gost.Node{
-				Addr: "127.0.0.1:12222",
-				Client: gost.NewClient(
-					gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					gost.SSHTunnelTransporter(),
-				),
-			},
-		*/
-
-		/*
-			// http+quic
-			gost.Node{
-				Addr: "localhost:6121",
-				Client: &gost.Client{
-					Connector:   gost.HTTPConnector(url.UserPassword("admin", "123456")),
-					Transporter: gost.QUICTransporter(nil),
-				},
-			},
-		*/
-		// socks5+h2
-		gost.Node{
-			Addr: "localhost:8443",
-			Client: &gost.Client{
-				// Connector: gost.HTTPConnector(url.UserPassword("admin", "123456")),
-				Connector: gost.SOCKS5Connector(url.UserPassword("admin", "123456")),
-				// Transporter: gost.H2CTransporter(), // HTTP2 h2c mode
-				Transporter: gost.H2Transporter(nil), // HTTP2 h2
-			},
-		},
-	)
-
-	total := 0
-	for total < requests {
-		if total+concurrency > requests {
-			concurrency = requests - total
-		}
-		startChan := make(chan struct{})
-		for i := 0; i < concurrency; i++ {
-			swg.Add(1)
-			ewg.Add(1)
-			go request(chain, startChan)
-		}
-
-		start := time.Now()
-		swg.Wait()       // wait for workers ready
-		close(startChan) // start signal
-		ewg.Wait()       // wait for workers done
-
-		duration := time.Since(start)
-		total += concurrency
-		log.Printf("%d/%d/%d requests done (%v/%v)", total, requests, concurrency, duration, duration/time.Duration(concurrency))
-	}
-}
-
-func request(chain *gost.Chain, start <-chan struct{}) {
-	defer ewg.Done()
-
-	swg.Done()
-	<-start
-
-	conn, err := chain.Dial("localhost:18888")
-	if err != nil {
-		log.Println(err)
-		return
-	}
-	defer conn.Close()
-	//conn = tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
-	req, err := http.NewRequest(http.MethodGet, "http://localhost:18888", nil)
-	if err != nil {
-		log.Println(err)
-		return
-	}
-	if err := req.Write(conn); err != nil {
-		log.Println(err)
-		return
-	}
-	resp, err := http.ReadResponse(bufio.NewReader(conn), req)
-	if err != nil {
-		log.Println(err)
-		return
-	}
-	defer resp.Body.Close()
-
-	if gost.Debug {
-		rb, _ := httputil.DumpRequest(req, true)
-		log.Println(string(rb))
-		rb, _ = httputil.DumpResponse(resp, true)
-		log.Println(string(rb))
-	}
-}
diff --git a/examples/bench/srv.go b/examples/bench/srv.go
deleted file mode 100644
index 36da8e4..0000000
--- a/examples/bench/srv.go
+++ /dev/null
@@ -1,359 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"fmt"
-	"log"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/ginuerzh/gost"
-	"golang.org/x/net/http2"
-)
-
-var (
-	quiet bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.BoolVar(&http2.VerboseLogs, "v", false, "HTTP2 verbose logs")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	go httpServer()
-	go socks5Server()
-	go tlsServer()
-	go shadowServer()
-	go wsServer()
-	go wssServer()
-	go kcpServer()
-	go tcpForwardServer()
-	go tcpRemoteForwardServer()
-	// go rudpForwardServer()
-	// go tcpRedirectServer()
-	go sshTunnelServer()
-	go http2Server()
-	go http2TunnelServer()
-	go quicServer()
-	go shadowUDPServer()
-	go testServer()
-	select {}
-}
-
-func httpServer() {
-	ln, err := gost.TCPListener(":18080")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func socks5Server() {
-	ln, err := gost.TCPListener(":11080")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SOCKS5Handler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func shadowServer() {
-	ln, err := gost.TCPListener(":18338")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.ShadowHandler(
-		gost.UsersHandlerOption(url.UserPassword("chacha20", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func tlsServer() {
-	ln, err := gost.TLSListener(":11443", tlsConfig())
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func wsServer() {
-	ln, err := gost.WSListener(":18000", nil)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func wssServer() {
-	ln, err := gost.WSSListener(":18443", tlsConfig(), nil)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func kcpServer() {
-	ln, err := gost.KCPListener(":18388", nil)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler()
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func tcpForwardServer() {
-	ln, err := gost.TCPListener(":2222")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.TCPDirectForwardHandler("localhost:22")
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func tcpRemoteForwardServer() {
-	ln, err := gost.TCPRemoteForwardListener(
-		":1222",
-		/*
-			gost.NewChain(
-				gost.Node{
-					Protocol:  "socks5",
-					Transport: "tcp",
-					Addr:      "localhost:12345",
-					User:      url.UserPassword("admin", "123456"),
-					Client: &gost.Client{
-						Connector:   gost.SOCKS5Connector(url.UserPassword("admin", "123456")),
-						Transporter: gost.TCPTransporter(),
-					},
-				},
-			),
-		*/
-		nil,
-	)
-	if err != nil {
-		log.Fatal()
-	}
-	h := gost.TCPRemoteForwardHandler(
-		":22",
-		//gost.AddrHandlerOption("127.0.0.1:22"),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func rudpForwardServer() {
-	ln, err := gost.UDPRemoteForwardListener(
-		":10053",
-		gost.NewChain(
-			gost.Node{
-				Protocol:  "socks5",
-				Transport: "tcp",
-				Addr:      "localhost:12345",
-				User:      url.UserPassword("admin", "123456"),
-				Client: &gost.Client{
-					Connector:   gost.SOCKS5Connector(url.UserPassword("admin", "123456")),
-					Transporter: gost.TCPTransporter(),
-				},
-			},
-		),
-		30*time.Second,
-	)
-	if err != nil {
-		log.Fatal()
-	}
-	h := gost.UDPRemoteForwardHandler("localhost:53")
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func tcpRedirectServer() {
-	ln, err := gost.TCPListener(":8008")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.TCPRedirectHandler()
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func sshTunnelServer() {
-	ln, err := gost.SSHTunnelListener(":12222", &gost.SSHConfig{TLSConfig: tlsConfig()})
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func http2Server() {
-	// http2.VerboseLogs = true
-
-	ln, err := gost.HTTP2Listener(":1443", tlsConfig())
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTP2Handler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func http2TunnelServer() {
-	ln, err := gost.H2Listener(":8443", tlsConfig()) // HTTP2 h2 mode
-	// ln, err := gost.H2CListener(":8443") // HTTP2 h2c mode
-	if err != nil {
-		log.Fatal(err)
-	}
-	// h := gost.HTTPHandler(
-	// 	gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	// )
-	h := gost.SOCKS5Handler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func quicServer() {
-	ln, err := gost.QUICListener("localhost:6121", &gost.QUICConfig{TLSConfig: tlsConfig()})
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.HTTPHandler(
-		gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-func shadowUDPServer() {
-	ln, err := gost.ShadowUDPListener(":18338", url.UserPassword("chacha20", "123456"), 30*time.Second)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.ShadowUDPdHandler(
-	/*
-		gost.ChainHandlerOption(gost.NewChain(
-			gost.Node{
-				Protocol:  "socks5",
-				Transport: "tcp",
-				Addr:      "localhost:11080",
-				User:      url.UserPassword("admin", "123456"),
-				Client: &gost.Client{
-					Connector:   gost.SOCKS5Connector(url.UserPassword("admin", "123456")),
-					Transporter: gost.TCPTransporter(),
-				},
-			},
-		)),
-	*/
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{
-		Certificates:             []tls.Certificate{cert},
-		PreferServerCipherSuites: true,
-	}
-}
-
-func testServer() {
-	s := &http.Server{
-		Addr: ":18888",
-		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			fmt.Fprintln(w, "abcdefghijklmnopqrstuvwxyz")
-		}),
-	}
-	log.Fatal(s.ListenAndServe())
-}
diff --git a/examples/forward/direct/client.go b/examples/forward/direct/client.go
deleted file mode 100644
index c824b54..0000000
--- a/examples/forward/direct/client.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package main
-
-import (
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-func main() {
-	tcpForward()
-}
-
-func tcpForward() {
-	chain := gost.NewChain(
-		gost.Node{
-			Addr: "localhost:11222",
-			Client: &gost.Client{
-				Connector:   gost.SSHDirectForwardConnector(),
-				Transporter: gost.SSHForwardTransporter(),
-			},
-		},
-	)
-
-	ln, err := gost.TCPListener(":11800")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.TCPDirectForwardHandler(
-		"localhost:22",
-		gost.ChainHandlerOption(chain),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
diff --git a/examples/forward/direct/server.go b/examples/forward/direct/server.go
deleted file mode 100644
index 20aca6d..0000000
--- a/examples/forward/direct/server.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-func main() {
-	sshForwardServer()
-}
-
-func sshForwardServer() {
-	ln, err := gost.TCPListener(":11222")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SSHForwardHandler(
-		gost.AddrHandlerOption(":11222"),
-		// gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/forward/remote/client.go b/examples/forward/remote/client.go
deleted file mode 100644
index 68f1737..0000000
--- a/examples/forward/remote/client.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package main
-
-import (
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-func main() {
-	sshRemoteForward()
-}
-
-func sshRemoteForward() {
-	chain := gost.NewChain(
-		gost.Node{
-			Protocol:  "forward",
-			Transport: "ssh",
-			Addr:      "localhost:11222",
-			Client: &gost.Client{
-				Connector:   gost.SSHRemoteForwardConnector(),
-				Transporter: gost.SSHForwardTransporter(),
-			},
-		},
-	)
-
-	ln, err := gost.TCPRemoteForwardListener(":11800", chain)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.TCPRemoteForwardHandler(
-		"localhost:10000",
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
diff --git a/examples/forward/remote/server.go b/examples/forward/remote/server.go
deleted file mode 100644
index cc83aa8..0000000
--- a/examples/forward/remote/server.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-func main() {
-	sshRemoteForwardServer()
-}
-
-func sshRemoteForwardServer() {
-	ln, err := gost.TCPListener(":11222")
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SSHForwardHandler(
-		gost.AddrHandlerOption(":11222"),
-		// gost.UsersHandlerOption(url.UserPassword("admin", "123456")),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/forward/udp/cli.go b/examples/forward/udp/cli.go
deleted file mode 100644
index ff9c823..0000000
--- a/examples/forward/udp/cli.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"net"
-	"time"
-)
-
-var (
-	concurrency int
-	saddr       string
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&saddr, "S", ":18080", "server address")
-	flag.IntVar(&concurrency, "c", 1, "Number of multiple echo to make at a time")
-	flag.Parse()
-}
-
-func main() {
-	for i := 0; i < concurrency; i++ {
-		go udpEchoLoop()
-	}
-	select {}
-}
-
-func udpEchoLoop() {
-	addr, err := net.ResolveUDPAddr("udp", saddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-	conn, err := net.DialUDP("udp", nil, addr)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	msg := []byte(`abcdefghijklmnopqrstuvwxyz`)
-	for {
-		if _, err := conn.Write(msg); err != nil {
-			log.Fatal(err)
-		}
-		b := make([]byte, 1024)
-		_, err := conn.Read(b)
-		if err != nil {
-			log.Fatal(err)
-		}
-		// log.Println(string(b[:n]))
-		time.Sleep(100 * time.Millisecond)
-	}
-}
diff --git a/examples/forward/udp/direct.go b/examples/forward/udp/direct.go
deleted file mode 100644
index 79f9a35..0000000
--- a/examples/forward/udp/direct.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"time"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr, faddr string
-	quiet        bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":18080", "listen address")
-	flag.StringVar(&faddr, "F", ":8080", "forward address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-func main() {
-	udpDirectForwardServer()
-}
-
-func udpDirectForwardServer() {
-	ln, err := gost.UDPDirectForwardListener(laddr, time.Second*30)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.UDPDirectForwardHandler(
-		faddr,
-	/*
-		gost.ChainHandlerOption(gost.NewChain(gost.Node{
-			Protocol:  "socks5",
-			Transport: "tcp",
-			Addr:      ":11080",
-			User:      url.UserPassword("admin", "123456"),
-			Client: &gost.Client{
-				Connector: gost.SOCKS5Connector(
-					url.UserPassword("admin", "123456"),
-				),
-				Transporter: gost.TCPTransporter(),
-			},
-		})),
-	*/
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
diff --git a/examples/forward/udp/remote.go b/examples/forward/udp/remote.go
deleted file mode 100644
index b0c4d50..0000000
--- a/examples/forward/udp/remote.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"time"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr, faddr string
-	quiet        bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":18080", "listen address")
-	flag.StringVar(&faddr, "F", ":8080", "forward address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-func main() {
-	udpRemoteForwardServer()
-}
-
-func udpRemoteForwardServer() {
-	ln, err := gost.UDPRemoteForwardListener(
-		laddr,
-		/*
-			gost.NewChain(gost.Node{
-				Protocol:  "socks5",
-				Transport: "tcp",
-				Addr:      ":11080",
-				User:      url.UserPassword("admin", "123456"),
-				Client: &gost.Client{
-					Connector: gost.SOCKS5Connector(
-						url.UserPassword("admin", "123456"),
-					),
-					Transporter: gost.TCPTransporter(),
-				},
-			}),
-		*/
-		nil,
-		time.Second*30)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.UDPRemoteForwardHandler(
-		faddr,
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
diff --git a/examples/forward/udp/srv.go b/examples/forward/udp/srv.go
deleted file mode 100644
index 3aadf2d..0000000
--- a/examples/forward/udp/srv.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"net"
-)
-
-var (
-	laddr string
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":8080", "listen address")
-	flag.Parse()
-}
-func main() {
-	udpEchoServer()
-}
-
-func udpEchoServer() {
-	addr, err := net.ResolveUDPAddr("udp", laddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-	conn, err := net.ListenUDP("udp", addr)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for {
-		b := make([]byte, 1024)
-		n, raddr, err := conn.ReadFromUDP(b)
-		if err != nil {
-			log.Fatal(err)
-		}
-		if _, err = conn.WriteToUDP(b[:n], raddr); err != nil {
-			log.Fatal(err)
-		}
-
-	}
-}
diff --git a/examples/http2/http2.go b/examples/http2/http2.go
deleted file mode 100644
index 369fdfe..0000000
--- a/examples/http2/http2.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"log"
-	"net/url"
-
-	"golang.org/x/net/http2"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	quiet             bool
-	keyFile, certFile string
-	laddr             string
-	user, passwd      string
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":1443", "listen address")
-	flag.StringVar(&user, "u", "", "username")
-	flag.StringVar(&passwd, "p", "", "password")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.BoolVar(&http2.VerboseLogs, "v", false, "HTTP2 verbose log")
-	flag.StringVar(&keyFile, "key", "key.pem", "TLS key file")
-	flag.StringVar(&certFile, "cert", "cert.pem", "TLS cert file")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	http2Server()
-}
-
-func http2Server() {
-	cert, er := tls.LoadX509KeyPair(certFile, keyFile)
-	if er != nil {
-		log.Println(er)
-		cert, er = tls.X509KeyPair(rawCert, rawKey)
-		if er != nil {
-			panic(er)
-		}
-	}
-
-	ln, err := gost.HTTP2Listener(laddr, &tls.Config{Certificates: []tls.Certificate{cert}})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	var users []*url.Userinfo
-	if user != "" || passwd != "" {
-		users = append(users, url.UserPassword(user, passwd))
-	}
-
-	h := gost.HTTP2Handler(
-		gost.UsersHandlerOption(users...),
-		gost.AddrHandlerOption(laddr),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/quic/quicc.go b/examples/quic/quicc.go
deleted file mode 100644
index 119e9e6..0000000
--- a/examples/quic/quicc.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"log"
-	"time"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr, faddr string
-	quiet        bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":18080", "listen address")
-	flag.StringVar(&faddr, "F", "localhost:6121", "forward address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	chain := gost.NewChain(
-		gost.Node{
-			Protocol:  "socks5",
-			Transport: "quic",
-			Addr:      faddr,
-			Client: &gost.Client{
-				Connector:   gost.SOCKS5Connector(nil),
-				Transporter: gost.QUICTransporter(&gost.QUICConfig{Timeout: 30 * time.Second, KeepAlive: true}),
-			},
-		},
-	)
-
-	ln, err := gost.TCPListener(laddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SOCKS5Handler(
-		gost.ChainHandlerOption(chain),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/quic/quics.go b/examples/quic/quics.go
deleted file mode 100644
index 246995a..0000000
--- a/examples/quic/quics.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr string
-	quiet bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":6121", "listen address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	quicServer()
-}
-
-func quicServer() {
-	ln, err := gost.QUICListener(laddr, &gost.QUICConfig{TLSConfig: tlsConfig()})
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SOCKS5Handler(gost.TLSConfigHandlerOption(tlsConfig()))
-	log.Println("server listen on", laddr)
-
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/ssh/sshc.go b/examples/ssh/sshc.go
deleted file mode 100644
index a90a026..0000000
--- a/examples/ssh/sshc.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"log"
-	"time"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr, faddr string
-	quiet        bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":18080", "listen address")
-	flag.StringVar(&faddr, "F", ":12222", "forward address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	chain := gost.NewChain(
-		gost.Node{
-			Protocol:  "socks5",
-			Transport: "ssh",
-			Addr:      faddr,
-			HandshakeOptions: []gost.HandshakeOption{
-				gost.IntervalHandshakeOption(30 * time.Second),
-			},
-			Client: &gost.Client{
-				Connector:   gost.SOCKS5Connector(nil),
-				Transporter: gost.SSHTunnelTransporter(),
-			},
-		},
-	)
-
-	ln, err := gost.TCPListener(laddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SOCKS5Handler(
-		gost.ChainHandlerOption(chain),
-		gost.TLSConfigHandlerOption(tlsConfig()),
-	)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/ssh/sshd.go b/examples/ssh/sshd.go
deleted file mode 100644
index 72aa2f7..0000000
--- a/examples/ssh/sshd.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package main
-
-import (
-	"crypto/tls"
-	"flag"
-	"log"
-
-	"github.com/ginuerzh/gost"
-)
-
-var (
-	laddr string
-	quiet bool
-)
-
-func init() {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
-	flag.StringVar(&laddr, "L", ":12222", "listen address")
-	flag.BoolVar(&quiet, "q", false, "quiet mode")
-	flag.BoolVar(&gost.Debug, "d", false, "debug mode")
-
-	flag.Parse()
-
-	if quiet {
-		gost.SetLogger(&gost.NopLogger{})
-	}
-}
-
-func main() {
-	sshTunnelServer()
-}
-
-func sshTunnelServer() {
-	ln, err := gost.SSHTunnelListener(laddr, &gost.SSHConfig{TLSConfig: tlsConfig()})
-	if err != nil {
-		log.Fatal(err)
-	}
-	h := gost.SOCKS5Handler(gost.TLSConfigHandlerOption(tlsConfig()))
-	log.Println("server listen on", laddr)
-	s := &gost.Server{ln}
-	log.Fatal(s.Serve(h))
-}
-
-var (
-	rawCert = []byte(`-----BEGIN CERTIFICATE-----
-MIIC+jCCAeKgAwIBAgIRAMlREhz8Miu1FQozsxbeqyMwDQYJKoZIhvcNAQELBQAw
-EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNzA1MTkwNTM5MDJaFw0xODA1MTkwNTM5
-MDJaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCyfqvv0kDriciEAVIW6JaWYFCL9a19jj1wmAGmVGxV3kNsr01kpa6N
-0EBqnrcy7WknhCt1d43CqhKtTcXgJ/J9phZVxlizb8sUB85hm+MvP0N3HCg3f0Jw
-hLuMrPijS6xjyw0fKCK/p6OUYMIfo5cdqeZid2WV4Ozts5uRd6Dmy2kyBe8Zg1F4
-8YJGuTWZmL2L7uZUiPY4T3q9+1iucq3vUpxymVRi1BTXnTpx+C0GS8NNgeEmevHv
-482vHM5DNflAQ+mvGZvBVduq/AfirCDnt2DIZm1DcZXLrY9F3EPrlRZexmAhCDGR
-LIKnMmoGicBM11Aw1fDIfJAHynk43tjPAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIF
-oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC
-CWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAAx8Lna8DcQv0bRB3L9i2+KRN
-l/UhPCoFagxk1cZore4p0w+1m7OgigOoTpg5jh78DzVDhScZlgJ0bBVYp5rojeJS
-cBDC9lCDcaXQfFmT5LykCAwIgw/gs+rw5Aq0y3D0m8CcqKosyZa9wnZ2cVy/+45w
-emcSdboc65ueZScv38/W7aTUoVRcjyRUv0jv0zW0EPnnDlluVkeZo9spBhiTTwoj
-b3zGODs6alTNIJwZIHNxxyOmfJPpVVp8BzGbMk7YBixSlZ/vbrrYV34TcSiy7J57
-lNNoVWM+OwiVk1+AEZfQDwaQfef5tsIkAZBUyITkkDKRhygtwM2110dejbEsgg==
------END CERTIFICATE-----`)
-	rawKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAsn6r79JA64nIhAFSFuiWlmBQi/WtfY49cJgBplRsVd5DbK9N
-ZKWujdBAap63Mu1pJ4QrdXeNwqoSrU3F4CfyfaYWVcZYs2/LFAfOYZvjLz9Ddxwo
-N39CcIS7jKz4o0usY8sNHygiv6ejlGDCH6OXHanmYndlleDs7bObkXeg5stpMgXv
-GYNRePGCRrk1mZi9i+7mVIj2OE96vftYrnKt71KccplUYtQU1506cfgtBkvDTYHh
-Jnrx7+PNrxzOQzX5QEPprxmbwVXbqvwH4qwg57dgyGZtQ3GVy62PRdxD65UWXsZg
-IQgxkSyCpzJqBonATNdQMNXwyHyQB8p5ON7YzwIDAQABAoIBAQCG4doj3Apa8z+n
-IShbT1+cOyQi34A+xOIA151Hh7xmFxN0afRd/iWt3JUQ/OcLgQRZbDM7DSD+3W5H
-r+G7xfQkpwFxx/T3g58+f7ehYx+GcJQWyhxJ88zNIkBnyb4KCAE5WBOOW9IGajPe
-yE9pgUGMlPsXpYoKfHIOHg+NGY1pWUGBfBNR2kGrbkpZMmyy5bGa8dyrwAFBFRru
-kcmmKvate8UlbRspFtd4nR/GQLTBrcDJ1k1i1Su/4BpDuDeK6LPI8ZRePGqbdcxk
-TS30lsdYozuGfjZ5Zu8lSIJ//+7RjfDg8r684dpWjpalq8Quen60ZrIs01CSbfyU
-k8gOzTHhAoGBAOKhp41wXveegq+WylSXFyngm4bzF4dVdTRsSbJVk7NaOx1vCU6o
-/xIHoGEQyLI6wF+EaHmY89/Qu6tSV97XyBbiKeskopv5iXS/BsWTHJ1VbCA1ZLmK
-HgGllEkS0xfc9AdB7b6/K7LxAAQVKP3DtN6+6pSDZh9Sv2M1j0DbhkNbAoGBAMmg
-HcMfExaaeskjHqyLudtKX+znwaIoumleOGuavohR4R+Fpk8Yv8Xhb5U7Yr4gk0vY
-CFmhp1WAi6QMZ/8jePlKKXl3Ney827luoKiMczp2DoYE0t0u2Kw3LfkNKfjADZ7d
-JI6xPJV9/X1erwjq+4UdKqrpOf05SY4nkBMcvr6dAoGAXzisvbDJNiFTp5Mj0Abr
-pJzKvBjHegVeCXi2PkfWlzUCQYu1zWcURO8PY7k5mik1SuzHONAbJ578Oy+N3AOt
-/m9oTXRHHmHqbzMUFU+KZlDN7XqBp7NwiCCZ/Vn7d7tOjP4Wdl68baL07sI1RupD
-xJNS3LOY5PBPmc+XMRkLgKECgYEAgBNDlJSCrZMHeAjlDTncn53I/VXiPD2e3BvL
-vx6W9UT9ueZN1GSmPO6M0MDeYmOS7VSXSUhUYQ28pkJzNTC1QbWITu4YxP7anBnX
-1/kPoQ0pAJzDzVharlqGy3M/PBHTFRzogfO3xkY35ZFlokaR6uayGcr42Q+w16nt
-7RYPXEkCgYEA3GQYirHnGZuQ952jMvduqnpgkJiSnr0fa+94Rwa1pAhxHLFMo5s4
-fqZOtqKPj2s5X1JR0VCey1ilCcaAhWeb3tXCpbYLZSbMtjtqwA6LUeGY+Xdupsjw
-cfWIcOfHsIm2kP+RCxEnZf1XwiN9wyJeiUKlE0dqmx9j7F0Bm+7YDhI=
------END RSA PRIVATE KEY-----`)
-)
-
-func tlsConfig() *tls.Config {
-	cert, err := tls.X509KeyPair(rawCert, rawKey)
-	if err != nil {
-		panic(err)
-	}
-	return &tls.Config{Certificates: []tls.Certificate{cert}}
-}
diff --git a/examples/ssu/ssu.go b/examples/ssu/ssu.go
deleted file mode 100644
index 6aeee1c..0000000
--- a/examples/ssu/ssu.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"log"
-	"net"
-	"strconv"
-
-	"github.com/go-gost/gosocks5"
-	ss "github.com/shadowsocks/shadowsocks-go/shadowsocks"
-)
-
-func main() {
-	ssuClient()
-}
-
-func ssuClient() {
-	addr, err := net.ResolveUDPAddr("udp", ":18338")
-	if err != nil {
-		log.Fatal(err)
-	}
-	laddr, _ := net.ResolveUDPAddr("udp", ":10800")
-	conn, err := net.ListenUDP("udp", laddr)
-	if err != nil {
-		log.Fatal(err)
-	}
-	cp, err := ss.NewCipher("chacha20", "123456")
-	if err != nil {
-		log.Fatal(err)
-	}
-	cc := ss.NewSecurePacketConn(conn, cp, false)
-
-	raddr, _ := net.ResolveUDPAddr("udp", ":8080")
-	msg := []byte(`abcdefghijklmnopqrstuvwxyz`)
-	dgram := gosocks5.NewUDPDatagram(gosocks5.NewUDPHeader(0, 0, toSocksAddr(raddr)), msg)
-	buf := bytes.Buffer{}
-	dgram.Write(&buf)
-	for {
-		log.Printf("%# x", buf.Bytes()[3:])
-		if _, err := cc.WriteTo(buf.Bytes()[3:], addr); err != nil {
-			log.Fatal(err)
-		}
-		b := make([]byte, 1024)
-		n, adr, err := cc.ReadFrom(b)
-		if err != nil {
-			log.Fatal(err)
-		}
-		log.Printf("%s: %# x", adr, b[:n])
-	}
-}
-
-func toSocksAddr(addr net.Addr) *gosocks5.Addr {
-	host := "0.0.0.0"
-	port := 0
-	if addr != nil {
-		h, p, _ := net.SplitHostPort(addr.String())
-		host = h
-		port, _ = strconv.Atoi(p)
-	}
-	return &gosocks5.Addr{
-		Type: gosocks5.AddrIPv4,
-		Host: host,
-		Port: uint16(port),
-	}
-}
diff --git a/ws2.go b/ws2.go
new file mode 100644
index 0000000..262e57b
--- /dev/null
+++ b/ws2.go
@@ -0,0 +1,241 @@
+package gost
+
+import (
+	"crypto/tls"
+
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"time"
+
+	"net/url"
+
+	"github.com/go-log/log"
+	"github.com/gorilla/websocket"
+)
+
+const (
+	defaultWSPath2 = "/ws"
+)
+
+// // WSOptions describes the options for websocket.
+type WSOptions2 struct {
+	ReadBufferSize    int
+	WriteBufferSize   int
+	HandshakeTimeout  time.Duration
+	EnableCompression bool
+	UserAgent         string
+	Path              string
+}
+
+type wsTransporter2 struct {
+	tcpTransporter
+	options *WSOptions
+}
+
+// WSTransporter creates a Transporter that is used by websocket proxy client.
+func WSTransporter2(opts *WSOptions) Transporter {
+	return &wsTransporter{
+		options: opts,
+	}
+}
+
+func (tr *wsTransporter2) Handshake(conn net.Conn, options ...HandshakeOption) (net.Conn, error) {
+	opts := &HandshakeOptions{}
+	for _, option := range options {
+		option(opts)
+	}
+	wsOptions := tr.options
+	if opts.WSOptions != nil {
+		wsOptions = opts.WSOptions
+	}
+	if wsOptions == nil {
+		wsOptions = &WSOptions{}
+	}
+
+	path := wsOptions.Path
+	if path == "" {
+		path = defaultWSPath
+	}
+	url := url.URL{Scheme: "ws", Host: opts.Host, Path: path}
+	return websocketClientConn2(url.String(), conn, nil, wsOptions)
+}
+
+type wsListener2 struct {
+	addr     net.Addr
+	upgrader *websocket.Upgrader
+	srv      *http.Server
+	connChan chan net.Conn
+	errChan  chan error
+}
+
+// WSListener creates a Listener for websocket proxy server.
+func WSListener2(ln net.Listener, options *WSOptions) (Listener, error) {
+
+	if options == nil {
+		options = &WSOptions{}
+	}
+	l := &wsListener2{
+		upgrader: &websocket.Upgrader{
+			ReadBufferSize:    options.ReadBufferSize,
+			WriteBufferSize:   options.WriteBufferSize,
+			CheckOrigin:       func(r *http.Request) bool { return true },
+			EnableCompression: options.EnableCompression,
+		},
+		connChan: make(chan net.Conn, 1024),
+		errChan:  make(chan error, 1),
+	}
+
+	path := options.Path
+	if path == "" {
+		path = defaultWSPath2
+	}
+	mux := http.NewServeMux()
+	mux.Handle(path, http.HandlerFunc(l.upgrade))
+	l.srv = &http.Server{
+		Addr:              ":18000",
+		Handler:           mux,
+		ReadHeaderTimeout: 30 * time.Second,
+	}
+
+	l.addr = ln.Addr()
+
+	go func() {
+		err := l.srv.Serve(ln)
+		if err != nil {
+			l.errChan <- err
+		}
+		close(l.errChan)
+	}()
+	select {
+	case err := <-l.errChan:
+		return nil, err
+	default:
+	}
+
+	return l, nil
+}
+
+func (l *wsListener2) upgrade(w http.ResponseWriter, r *http.Request) {
+	log.Logf("[ws] %s -> %s", r.RemoteAddr, l.addr)
+	if Debug {
+		dump, _ := httputil.DumpRequest(r, false)
+		log.Log(string(dump))
+	}
+	conn, err := l.upgrader.Upgrade(w, r, nil)
+	if err != nil {
+		log.Logf("[ws] %s - %s : %s", r.RemoteAddr, l.addr, err)
+		return
+	}
+	select {
+	case l.connChan <- websocketServerConn2(conn):
+	default:
+		conn.Close()
+		log.Logf("[ws] %s - %s: connection queue is full", r.RemoteAddr, l.addr)
+	}
+}
+
+func (l *wsListener2) Accept() (conn net.Conn, err error) {
+	select {
+	case conn = <-l.connChan:
+	case err = <-l.errChan:
+	}
+	return
+}
+
+func (l *wsListener2) Close() error {
+	return l.srv.Close()
+}
+
+func (l *wsListener2) Addr() net.Addr {
+	return l.addr
+}
+
+// TODO: due to the concurrency control in the websocket.Conn,
+// a data race may be met when using with multiplexing.
+// See: https://godoc.org/gopkg.in/gorilla/websocket.v1#hdr-Concurrency
+type websocketConn2 struct {
+	conn *websocket.Conn
+	rb   []byte
+}
+
+func websocketClientConn2(url string, conn net.Conn, tlsConfig *tls.Config, options *WSOptions) (net.Conn, error) {
+	if options == nil {
+		options = &WSOptions{}
+	}
+
+	timeout := options.HandshakeTimeout
+	if timeout <= 0 {
+		timeout = HandshakeTimeout
+	}
+
+	dialer := websocket.Dialer{
+		ReadBufferSize:    options.ReadBufferSize,
+		WriteBufferSize:   options.WriteBufferSize,
+		TLSClientConfig:   tlsConfig,
+		HandshakeTimeout:  timeout,
+		EnableCompression: options.EnableCompression,
+		NetDial: func(net, addr string) (net.Conn, error) {
+			return conn, nil
+		},
+	}
+	header := http.Header{}
+	header.Set("User-Agent", DefaultUserAgent)
+	if options.UserAgent != "" {
+		header.Set("User-Agent", options.UserAgent)
+	}
+	c, resp, err := dialer.Dial(url, header)
+	if err != nil {
+		return nil, err
+	}
+	resp.Body.Close()
+	return &websocketConn{conn: c}, nil
+}
+
+func websocketServerConn2(conn *websocket.Conn) net.Conn {
+	// conn.EnableWriteCompression(true)
+	return &websocketConn{
+		conn: conn,
+	}
+}
+
+func (c *websocketConn2) Read(b []byte) (n int, err error) {
+	if len(c.rb) == 0 {
+		_, c.rb, err = c.conn.ReadMessage()
+	}
+	n = copy(b, c.rb)
+	c.rb = c.rb[n:]
+	return
+}
+
+func (c *websocketConn2) Write(b []byte) (n int, err error) {
+	err = c.conn.WriteMessage(websocket.BinaryMessage, b)
+	n = len(b)
+	return
+}
+
+func (c *websocketConn2) Close() error {
+	return c.conn.Close()
+}
+
+func (c *websocketConn2) LocalAddr() net.Addr {
+	return c.conn.LocalAddr()
+}
+
+func (c *websocketConn2) RemoteAddr() net.Addr {
+	return c.conn.RemoteAddr()
+}
+
+func (c *websocketConn2) SetDeadline(t time.Time) error {
+	if err := c.SetReadDeadline(t); err != nil {
+		return err
+	}
+	return c.SetWriteDeadline(t)
+}
+func (c *websocketConn2) SetReadDeadline(t time.Time) error {
+	return c.conn.SetReadDeadline(t)
+}
+
+func (c *websocketConn2) SetWriteDeadline(t time.Time) error {
+	return c.conn.SetWriteDeadline(t)
+}