Merge a7f9bbef63 into 91e12c4428

README_en.md

@@ -28,6 +28,7 @@ Features
 * [Routing control](https://v2.gost.run/en/bypass/)
 * DNS [resolver](https://v2.gost.run/resolver/) and [proxy](https://v2.gost.run/dns/)
 * [TUN/TAP device](https://v2.gost.run/en/tuntap/)
+* [Multi-Instance](#Multi-Instance)
 
 Wiki: [v2.gost.run](https://v2.gost.run/en/)
 
@@ -418,3 +419,47 @@ gost -L=:8080 -F="http2://:443?ca=ca.pem"
 ```
 
 Certificate Pinning is contributed by [@sheerun](https://github.com/sheerun).
+
+Multi-Instance
+------
+
+Run multiple gost instances with different rules and configuration files by separating each with `--`
+
+#### Reverse SOCKS5 over SSH tunnel
+```bash
+# Server
+gost -L forward+ssh://:2222
+
+# Client
+gost -L socks5://127.0.0.1:1111 -- -L rtcp://127.0.0.1:3333/127.0.0.1:1111 -F forward+ssh://<server-ip>:2222
+
+# Test from Server
+curl -s -L -x socks5://127.0.0.1:3333 https://example.com
+```
+
+#### Multiple port-forwarding through different proxies
+```bash
+gost -- -L tcp://:2222/192.168.1.9:22 -F forward+ssh://172.25.10.3:22 -F forward+ssh://70.9.17.2:22 \
+     -- -L tcp://:8080/10.10.10.10:80 -F forward+tls://90.33.2.11:443                               \
+     -- -L udp://:5353/192.10.16.8:53 -F socks5://189.155.221.25:1080
+```
+
+#### Multiple configuration files
+```bash
+gost -C tls.json -- -C hyper-proxy.json -- -C reverse-nc.json -- -C happy-vpn.json
+```
+
+#### A mix of everything
+```bash
+gost -L rudp://:5353/192.168.1.1:53?ttl=60s -F socks5://172.24.10.1:1080    -- \
+     -C my-proxy.json                                                       -- \
+     -L redirect://:1234 -F 1.2.3.4:1080                                    -- \
+     -L udp://:5353 -C forward-servers.json                                 -- \
+     -L :8080 -F http://localhost:8080?ip=192.168.1.2:8081,192.168.1.3:8082    \
+              -F socks5://localhost:1080?ip=172.20.1.1:1080,172.20.1.2:1081 -- \
+     -L socks5://localhost:1080                                             -- \
+     -L :2020 -F kcp://10.16.1.10:8388?peer=peer1.txt                          \
+              -F http2://12.20.1.3:443?peer=peer2.txt
+```
+
+Multi-Instance was contributed by [@caribpa](https://github.com/caribpa).

cmd/gost/cfg.go

@@ -24,18 +24,18 @@ type baseConfig struct {
 	Debug  bool
 }
 
-func parseBaseConfig(s string) (*baseConfig, error) {
+func parseBaseConfig(s string, baseCfg *baseConfig) error {
 	file, err := os.Open(s)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	defer file.Close()
 
 	if err := json.NewDecoder(file).Decode(baseCfg); err != nil {
-		return nil, err
+		return err
 	}
 
-	return baseCfg, nil
+	return nil
 }
 
 var (

cmd/gost/main.go

@@ -7,6 +7,8 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"sync"
+	"strings"
 	"runtime"
 
 	_ "net/http/pprof"
@@ -16,86 +18,92 @@ import (
 )
 
 var (
-	configureFile string
-	baseCfg       = &baseConfig{}
-	pprofAddr     string
 	pprofEnabled  = os.Getenv("PROFILING") != ""
 )
 
 func init() {
 	gost.SetLogger(&gost.LogLogger{})
 
-	var (
+	// TODO - Generate different certificates for each worker
-		printVersion bool
+	generateTLSCertificate()
-	)
-
-	flag.Var(&baseCfg.route.ChainNodes, "F", "forward address, can make a forward chain")
-	flag.Var(&baseCfg.route.ServeNodes, "L", "listen address, can listen on multiple ports (required)")
-	flag.IntVar(&baseCfg.route.Mark, "M", 0, "Specify out connection mark")
-	flag.StringVar(&configureFile, "C", "", "configure file")
-	flag.StringVar(&baseCfg.route.Interface, "I", "", "Interface to bind")
-	flag.BoolVar(&baseCfg.Debug, "D", false, "enable debug log")
-	flag.BoolVar(&printVersion, "V", false, "print version")
-	if pprofEnabled {
-		flag.StringVar(&pprofAddr, "P", ":6060", "profiling HTTP server address")
-	}
-	flag.Parse()
-
-	if printVersion {
-		fmt.Fprintf(os.Stdout, "gost %s (%s %s/%s)\n",
-			gost.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
-		os.Exit(0)
-	}
-
-	if configureFile != "" {
-		_, err := parseBaseConfig(configureFile)
-		if err != nil {
-			log.Log(err)
-			os.Exit(1)
-		}
-	}
-	if flag.NFlag() == 0 {
-		flag.PrintDefaults()
-		os.Exit(0)
-	}
 }
 
 func main() {
+	var wg sync.WaitGroup
+	wg.Add(1)  // Gost must exit if any of the workers exit
+
+	// Split os.Args using -- and create a worker with each slice
+	args := strings.Split(" " + strings.Join(os.Args[1:], "  ") + " ", " -- ")
+	if strings.Join(args, "") == "" {
+		// Fix to show gost help if the resulting array is empty
+		args[0] = " "
+	}
+	for wid, wargs := range args {
+		if wargs != "" {
+			go worker(wid, wargs, &wg)
+		}
+	}
+	wg.Wait()
+}
+
+func worker(id int, args string, wg *sync.WaitGroup) {
+	defer wg.Done()
+
+	var (
+		configureFile string
+		baseCfg       = &baseConfig{}
+		pprofAddr     string
+	)
+
+	init := func () error {
+		var printVersion bool
+
+		wf := flag.NewFlagSet(os.Args[0], flag.ExitOnError)
+
+		wf.Var(&baseCfg.route.ChainNodes, "F", "forward address, can make a forward chain")
+		wf.Var(&baseCfg.route.ServeNodes, "L", "listen address, can listen on multiple ports (required)")
+		wf.StringVar(&configureFile, "C", "", "configure file")
+		wf.BoolVar(&baseCfg.Debug, "D", false, "enable debug log")
+		wf.BoolVar(&printVersion, "V", false, "print version")
+
 		if pprofEnabled {
-		go func() {
+			// Every worker uses a different profiling server by default
-			log.Log("profiling server on", pprofAddr)
+			wf.StringVar(&pprofAddr, "P", fmt.Sprintf(":606%d", id), "profiling HTTP server address")
-			log.Log(http.ListenAndServe(pprofAddr, nil))
-		}()
 		}
 
-	// NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate.
+		wf.Parse(strings.Fields(args))
-	tlsConfig, err := tlsConfig(defaultCertFile, defaultKeyFile, "")
+
+		if printVersion {
+			fmt.Fprintf(os.Stdout, "gost %s (%s %s/%s)\n", gost.Version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
+			os.Exit(0)
+		} else if wf.NFlag() == 0 {
+			wf.Usage()
+			os.Exit(0)
+		} else if configureFile != "" {
+			err := parseBaseConfig(configureFile, baseCfg)
 			if err != nil {
-		// generate random self-signed certificate.
+				return err
-		cert, err := gost.GenCertificate()
-		if err != nil {
-			log.Log(err)
-			os.Exit(1)
 			}
-		tlsConfig = &tls.Config{
-			Certificates: []tls.Certificate{cert},
-		}
-	} else {
-		log.Log("load TLS certificate files OK")
 		}
 
-	gost.DefaultTLSConfig = tlsConfig
+		if baseCfg.route.ServeNodes.String() == "[]" {
-
+			configErrMsg := ""
-	if err := start(); err != nil {
+			if configureFile != "" {
-		log.Log(err)
+				configErrMsg = " or ServeNodes inside config file (-C)"
+			}
+			fmt.Fprintf(os.Stderr, "\n[!] Error: Missing -L flag%s\n\n", configErrMsg)
+			wf.Usage()
 			os.Exit(1)
 		}
 
-	select {}
+		return nil
 	}
 
-func start() error {
+	start := func () error {
+		// TODO - Make debug worker independent
+		if ! gost.Debug {
 			gost.Debug = baseCfg.Debug
+		}
 
 		var routers []router
 		rts, err := baseCfg.route.GenRouters()
@@ -121,3 +129,51 @@ func start() error {
 
 		return nil
 	}
+
+	main := func () error {
+		if pprofEnabled {
+			go func() {
+				log.Log("profiling server on", pprofAddr)
+				log.Log(http.ListenAndServe(pprofAddr, nil))
+			}()
+		}
+
+		err := start()
+		return err
+	}
+
+	if err := init(); err != nil {
+		log.Log(err)
+		return
+	}
+	if err := main(); err != nil {
+		log.Log(err)
+		return
+	}
+
+	// Allow local functions to be garbage-collected
+	init = nil
+	main = nil
+	start = nil
+
+	select {}
+}
+
+func generateTLSCertificate() {
+	// NOTE: as of 2.6, you can use custom cert/key files to initialize the default certificate.
+	tlsConfig, err := tlsConfig(defaultCertFile, defaultKeyFile, "")
+	if err != nil {
+		// generate random self-signed certificate.
+		cert, err := gost.GenCertificate()
+		if err != nil {
+			log.Log(err)
+			os.Exit(1)
+		}
+		tlsConfig = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}
+	} else {
+		log.Log("load TLS certificate files OK")
+	}
+	gost.DefaultTLSConfig = tlsConfig
+}