diff --git a/cmd/gost/vendor/github.com/ginuerzh/gosocks5/socks5.go b/cmd/gost/vendor/github.com/ginuerzh/gosocks5/socks5.go index 51aefa7..c712f66 100644 --- a/cmd/gost/vendor/github.com/ginuerzh/gosocks5/socks5.go +++ b/cmd/gost/vendor/github.com/ginuerzh/gosocks5/socks5.go @@ -4,12 +4,10 @@ package gosocks5 import ( - //"bytes" "encoding/binary" "errors" "fmt" "io" - //"log" "net" "strconv" "sync" @@ -597,7 +595,10 @@ func ReadUDPDatagram(r io.Reader) (*UDPDatagram, error) { b := lPool.Get().([]byte) defer lPool.Put(b) - n, err := io.ReadAtLeast(r, b, 5) + // when r is a streaming (such as TCP connection), we may read more than the required data, + // but we don't know how to handle it. So we use io.ReadFull to instead of io.ReadAtLeast + // to make sure that no redundant data will be discarded. + n, err := io.ReadFull(r, b[:5]) if err != nil { return nil, err } diff --git a/cmd/gost/vendor/github.com/ginuerzh/gost/README.md b/cmd/gost/vendor/github.com/ginuerzh/gost/README.md index 098bcce..be5ee72 100644 --- a/cmd/gost/vendor/github.com/ginuerzh/gost/README.md +++ b/cmd/gost/vendor/github.com/ginuerzh/gost/README.md @@ -191,6 +191,17 @@ gost的HTTP2支持两种模式并自适应: * 作为标准的HTTP2代理,并向下兼容HTTPS代理。 * 作为transport(类似于wss),传输其他协议。 +服务端: +```bash +gost -L=http2://:443 +``` +客户端: +```bash +gost -L=:8080 -F=http2://server_ip:443?ping=30 +``` + +客户端支持`ping`参数开启心跳检测(默认不开启),参数值代表心跳间隔秒数。 + **注:** gost的代理链仅支持一个HTTP2代理节点,采用就近原则,会将第一个遇到的HTTP2代理节点视为HTTP2代理,其他HTTP2代理节点则被视为HTTPS代理。 #### QUIC @@ -265,14 +276,6 @@ gost -L=:8080 -F=http+tls://server_ip:443 #### HTTP2 gost仅支持使用TLS加密的HTTP2协议,不支持明文HTTP2传输。 -服务端: -```bash -gost -L=http2://:443 -``` -客户端: -```bash -gost -L=:8080 -F=http2://server_ip:443 -``` #### SOCKS5 gost支持标准SOCKS5协议的no-auth(0x00)和user/pass(0x02)方法,并在此基础上扩展了两个:tls(0x80)和tls-auth(0x82),用于数据加密。 @@ -293,13 +296,13 @@ gost -L=:8080 -F=socks://server_ip:1080 #### Shadowsocks gost对shadowsocks的支持是基于[shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go)库。 -服务端(可以通过ota参数开启OTA模式): +服务端(可以通过ota参数开启OTA强制模式,开启后客户端必须使用OTA模式): ```bash gost -L=ss://aes-128-cfb:123456@:8338?ota=1 ``` -客户端: +客户端(可以通过ota参数开启OTA模式): ```bash -gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338 +gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338?ota=1 ``` #### TLS diff --git a/cmd/gost/vendor/github.com/ginuerzh/gost/README_en.md b/cmd/gost/vendor/github.com/ginuerzh/gost/README_en.md index 42c00ac..bfb5474 100644 --- a/cmd/gost/vendor/github.com/ginuerzh/gost/README_en.md +++ b/cmd/gost/vendor/github.com/ginuerzh/gost/README_en.md @@ -192,6 +192,18 @@ Gost HTTP2 supports two modes and self-adapting: * As a standard HTTP2 proxy, and backwards-compatible with the HTTPS proxy. * As transport (similar to wss), tunnel other protocol. +Server: +```bash +gost -L=http2://:443 +``` +Client: +```bash +gost -L=:8080 -F=http2://server_ip:443?ping=30 +``` + +The client supports the `ping` parameter to enable heartbeat detection (which is disabled by default). +Parameter value represents heartbeat interval seconds. + **NOTE:** The proxy chain of gost supports only one HTTP2 proxy node and the nearest rule applies, the first HTTP2 proxy node is treated as an HTTP2 proxy, and the other HTTP2 proxy nodes are treated as HTTPS proxies. @@ -266,14 +278,6 @@ gost -L=:8080 -F=http+tls://server_ip:443 #### HTTP2 Gost supports only the HTTP2 protocol that uses TLS encryption (h2) and does not support plaintext HTTP2 (h2c) transport. -Server: -```bash -gost -L=http2://:443 -``` -Client: -```bash -gost -L=:8080 -F=http2://server_ip:443 -``` #### SOCKS5 Gost supports the standard SOCKS5 protocol methods: no-auth (0x00) and user/pass (0x02), @@ -296,13 +300,13 @@ Otherwise, use standard SOCKS5 for communication (no-auth or user/pass). #### Shadowsocks Support for shadowsocks is based on library [shadowsocks-go](https://github.com/shadowsocks/shadowsocks-go). -Server (The OTA mode can be enabled by the ota parameter): +Server (The OTA mode can be enabled by the ota parameter. When enabled, the client must use OTA mode): ```bash gost -L=ss://aes-128-cfb:123456@:8338?ota=1 ``` -Client: +Client (The OTA mode can be enabled by the ota parameter): ```bash -gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338 +gost -L=:8080 -F=ss://aes-128-cfb:123456@server_ip:8338?ota=1 ``` #### TLS diff --git a/cmd/gost/vendor/github.com/ginuerzh/gost/forward.go b/cmd/gost/vendor/github.com/ginuerzh/gost/forward.go index b8601ac..750cb50 100644 --- a/cmd/gost/vendor/github.com/ginuerzh/gost/forward.go +++ b/cmd/gost/vendor/github.com/ginuerzh/gost/forward.go @@ -185,7 +185,6 @@ func (node *cnode) run() { go func() { for pkt := range node.wChan { - glog.V(LDEBUG).Infof("[udp] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) timer.Reset(node.ttl) switch c := node.conn.(type) { @@ -196,6 +195,7 @@ func (node *cnode) run() { errChan <- err return } + glog.V(LDEBUG).Infof("[udp] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) default: dgram := gosocks5.NewUDPDatagram(gosocks5.NewUDPHeader(uint16(len(pkt.data)), 0, ToSocksAddr(pkt.dstAddr)), pkt.data) @@ -205,6 +205,7 @@ func (node *cnode) run() { errChan <- err return } + glog.V(LDEBUG).Infof("[udp-tun] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) } } }() diff --git a/cmd/gost/vendor/github.com/ginuerzh/gost/http.go b/cmd/gost/vendor/github.com/ginuerzh/gost/http.go index 23c804c..b9f7e4e 100644 --- a/cmd/gost/vendor/github.com/ginuerzh/gost/http.go +++ b/cmd/gost/vendor/github.com/ginuerzh/gost/http.go @@ -295,8 +295,6 @@ func (s *Http2Server) HandleRequest(w http.ResponseWriter, req *http.Request) { // Upgrade upgrade an HTTP2 request to a bidirectional connection that preparing for tunneling other protocol, just like a websocket connection. func (s *Http2Server) Upgrade(w http.ResponseWriter, r *http.Request) (net.Conn, error) { - w.Header().Set("Proxy-Agent", "gost/"+Version) - if r.Method != http.MethodConnect { w.WriteHeader(http.StatusMethodNotAllowed) return nil, errors.New("Method not allowed") diff --git a/cmd/gost/vendor/vendor.json b/cmd/gost/vendor/vendor.json index bc92c39..f724b2e 100644 --- a/cmd/gost/vendor/vendor.json +++ b/cmd/gost/vendor/vendor.json @@ -9,16 +9,16 @@ "revisionTime": "2015-11-07T02:50:05Z" }, { - "checksumSHA1": "rcgVHpPL/iNmph28KP67c1UVmuM=", + "checksumSHA1": "8MJEwmyaAHcaQs6QdWRaNxPMeVU=", "path": "github.com/ginuerzh/gosocks5", - "revision": "bc931b305d59cdf3d068eacff3c8d81536d3a39f", - "revisionTime": "2016-09-03T01:06:34Z" + "revision": "3d7715d71db0b8717afd7f07c326d6c88f2c3922", + "revisionTime": "2017-01-14T09:14:19Z" }, { - "checksumSHA1": "wtL+WhNEsHwdX16Gqu8hyGpV/vY=", + "checksumSHA1": "v717b3fIhWDBx/Q4TQjkQ/qk+dg=", "path": "github.com/ginuerzh/gost", - "revision": "14561f9ee2ac16c9bdded50281e0c86997183da9", - "revisionTime": "2017-01-14T05:51:16Z" + "revision": "cc241c845085694e0b75afaab9763c65a077e6df", + "revisionTime": "2017-01-14T06:13:31Z" }, { "checksumSHA1": "URsJa4y/sUUw/STmbeYx9EKqaYE=", diff --git a/forward.go b/forward.go index b8601ac..750cb50 100644 --- a/forward.go +++ b/forward.go @@ -185,7 +185,6 @@ func (node *cnode) run() { go func() { for pkt := range node.wChan { - glog.V(LDEBUG).Infof("[udp] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) timer.Reset(node.ttl) switch c := node.conn.(type) { @@ -196,6 +195,7 @@ func (node *cnode) run() { errChan <- err return } + glog.V(LDEBUG).Infof("[udp] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) default: dgram := gosocks5.NewUDPDatagram(gosocks5.NewUDPHeader(uint16(len(pkt.data)), 0, ToSocksAddr(pkt.dstAddr)), pkt.data) @@ -205,6 +205,7 @@ func (node *cnode) run() { errChan <- err return } + glog.V(LDEBUG).Infof("[udp-tun] %s >>> %s : length %d", pkt.srcAddr, pkt.dstAddr, len(pkt.data)) } } }() diff --git a/http.go b/http.go index 23c804c..b9f7e4e 100644 --- a/http.go +++ b/http.go @@ -295,8 +295,6 @@ func (s *Http2Server) HandleRequest(w http.ResponseWriter, req *http.Request) { // Upgrade upgrade an HTTP2 request to a bidirectional connection that preparing for tunneling other protocol, just like a websocket connection. func (s *Http2Server) Upgrade(w http.ResponseWriter, r *http.Request) (net.Conn, error) { - w.Header().Set("Proxy-Agent", "gost/"+Version) - if r.Method != http.MethodConnect { w.WriteHeader(http.StatusMethodNotAllowed) return nil, errors.New("Method not allowed")