add service option for plugin
This commit is contained in:
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/chain"
|
||||
"github.com/go-gost/core/common/bufpool"
|
||||
"github.com/go-gost/core/handler"
|
||||
@@ -260,7 +261,7 @@ func (h *dnsHandler) request(ctx context.Context, msg []byte, ro *xrecorder.Hand
|
||||
}()
|
||||
|
||||
if h.options.Bypass != nil && mq.Question[0].Qclass == dns.ClassINET {
|
||||
if h.options.Bypass.Contains(context.Background(), "udp", strings.Trim(mq.Question[0].Name, ".")) {
|
||||
if h.options.Bypass.Contains(context.Background(), "udp", strings.Trim(mq.Question[0].Name, "."), bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", mq.Question[0].Name)
|
||||
mr = (&dns.Msg{}).SetReply(&mq)
|
||||
b := bufpool.Get(h.md.bufferSize)
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/logger"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
@@ -141,7 +142,7 @@ func (h *fileHandler) handleFunc(w http.ResponseWriter, r *http.Request) {
|
||||
if auther := h.options.Auther; auther != nil {
|
||||
u, p, _ := r.BasicAuth()
|
||||
ro.ClientID = u
|
||||
if _, ok := auther.Authenticate(r.Context(), u, p); !ok {
|
||||
if _, ok := auther.Authenticate(r.Context(), u, p, auth.WithService(ro.Service)); !ok {
|
||||
w.Header().Set("WWW-Authenticate", "Basic")
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
|
||||
@@ -179,6 +179,7 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, conn,
|
||||
forwarder.WithService(h.options.Service),
|
||||
forwarder.WithDial(dial),
|
||||
forwarder.WithHop(h.hop),
|
||||
forwarder.WithBypass(h.options.Bypass),
|
||||
@@ -188,6 +189,7 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, conn,
|
||||
forwarder.WithService(h.options.Service),
|
||||
forwarder.WithDial(dial),
|
||||
forwarder.WithHop(h.hop),
|
||||
forwarder.WithBypass(h.options.Bypass),
|
||||
|
||||
@@ -179,6 +179,7 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, conn,
|
||||
forwarder.WithService(h.options.Service),
|
||||
forwarder.WithDial(dial),
|
||||
forwarder.WithHop(h.hop),
|
||||
forwarder.WithBypass(h.options.Bypass),
|
||||
@@ -188,6 +189,7 @@ func (h *forwardHandler) Handle(ctx context.Context, conn net.Conn, opts ...hand
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, conn,
|
||||
forwarder.WithService(h.options.Service),
|
||||
forwarder.WithDial(dial),
|
||||
forwarder.WithHop(h.hop),
|
||||
forwarder.WithBypass(h.options.Bypass),
|
||||
|
||||
@@ -21,6 +21,8 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/limiter/traffic"
|
||||
@@ -296,7 +298,7 @@ func (h *httpHandler) handleRequest(ctx context.Context, conn net.Conn, req *htt
|
||||
ctx = xctx.ContextWithClientID(ctx, xctx.ClientID(clientID))
|
||||
|
||||
if h.options.Bypass != nil &&
|
||||
h.options.Bypass.Contains(ctx, network, addr) {
|
||||
h.options.Bypass.Contains(ctx, network, addr, bypass.WithService(h.options.Service)) {
|
||||
resp.StatusCode = http.StatusForbidden
|
||||
|
||||
if log.IsLevelEnabled(logger.TraceLevel) {
|
||||
@@ -406,6 +408,7 @@ func (h *httpHandler) handleRequest(ctx context.Context, conn net.Conn, req *htt
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -413,6 +416,7 @@ func (h *httpHandler) handleRequest(ctx context.Context, conn net.Conn, req *htt
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -538,7 +542,7 @@ func (h *httpHandler) proxyRoundTrip(ctx context.Context, rw io.ReadWriteCloser,
|
||||
ro.HTTP.StatusCode = res.StatusCode
|
||||
|
||||
if h.options.Bypass != nil &&
|
||||
h.options.Bypass.Contains(ctx, "tcp", host) {
|
||||
h.options.Bypass.Contains(ctx, "tcp", host, bypass.WithService(h.options.Service)) {
|
||||
res.StatusCode = http.StatusForbidden
|
||||
|
||||
if log.IsLevelEnabled(logger.TraceLevel) {
|
||||
@@ -855,7 +859,7 @@ func (h *httpHandler) authenticate(ctx context.Context, conn net.Conn, req *http
|
||||
if h.options.Auther == nil {
|
||||
return "", true
|
||||
}
|
||||
if id, ok = h.options.Auther.Authenticate(ctx, u, p); ok {
|
||||
if id, ok = h.options.Auther.Authenticate(ctx, u, p, auth.WithService(h.options.Service)); ok {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -74,6 +74,7 @@ func (h *httpHandler) handleUDP(ctx context.Context, conn net.Conn, ro *xrecorde
|
||||
}
|
||||
|
||||
relay := udp.NewRelay(socks.UDPTunServerConn(conn), pc).
|
||||
WithService(h.options.Service).
|
||||
WithBypass(h.options.Bypass).
|
||||
WithBufferSize(h.md.udpBufferSize).
|
||||
WithLogger(log)
|
||||
|
||||
@@ -18,6 +18,8 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/limiter/traffic"
|
||||
@@ -241,7 +243,7 @@ func (h *http2Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
|
||||
|
||||
ctx = xctx.ContextWithClientID(ctx, xctx.ClientID(clientID))
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", host) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", host, bypass.WithService(h.options.Service)) {
|
||||
resp.StatusCode = http.StatusForbidden
|
||||
w.WriteHeader(resp.StatusCode)
|
||||
log.Debug("bypass: ", host)
|
||||
@@ -383,7 +385,7 @@ func (h *http2Handler) authenticate(ctx context.Context, w http.ResponseWriter,
|
||||
if h.options.Auther == nil {
|
||||
return "", true
|
||||
}
|
||||
if id, ok = h.options.Auther.Authenticate(ctx, u, p); ok {
|
||||
if id, ok = h.options.Auther.Authenticate(ctx, u, p, auth.WithService(h.options.Service)); ok {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/chain"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/hop"
|
||||
@@ -106,7 +107,7 @@ func (h *http3Handler) roundTrip(ctx context.Context, w http.ResponseWriter, req
|
||||
w.Header().Set(k, h.md.header.Get(k))
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "udp", addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "udp", addr, bypass.WithService(h.options.Service)) {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
log.Debug("bypass: ", addr)
|
||||
return nil
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/handler"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
xmetrics "github.com/go-gost/x/metrics"
|
||||
@@ -72,7 +73,7 @@ func (h *metricsHandler) Close() error {
|
||||
func (h *metricsHandler) handleFunc(w http.ResponseWriter, r *http.Request) {
|
||||
if auther := h.options.Auther; auther != nil {
|
||||
u, p, _ := r.BasicAuth()
|
||||
if _, ok := auther.Authenticate(r.Context(), u, p); !ok {
|
||||
if _, ok := auther.Authenticate(r.Context(), u, p, auth.WithService(h.options.Service)); !ok {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -175,7 +176,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
}
|
||||
|
||||
if cc == nil {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", dstAddr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", dstAddr.String(), bypass.WithService(h.options.Service)) {
|
||||
return nil, xbypass.ErrBypass
|
||||
}
|
||||
var buf bytes.Buffer
|
||||
@@ -207,6 +208,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.options.Bypass),
|
||||
@@ -214,9 +216,8 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
sniffing.WithLog(log),
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx,
|
||||
ro.Network,
|
||||
conn,
|
||||
return sniffer.HandleTLS(ctx, ro.Network, conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.options.Bypass),
|
||||
@@ -229,7 +230,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), dstAddr)
|
||||
|
||||
if h.options.Bypass != nil &&
|
||||
h.options.Bypass.Contains(ctx, dstAddr.Network(), dstAddr.String()) {
|
||||
h.options.Bypass.Contains(ctx, dstAddr.Network(), dstAddr.String(), bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -122,7 +123,7 @@ func (h *redirectHandler) Handle(ctx context.Context, conn net.Conn, opts ...han
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), dstAddr)
|
||||
|
||||
if h.options.Bypass != nil &&
|
||||
h.options.Bypass.Contains(ctx, dstAddr.Network(), dstAddr.String()) {
|
||||
h.options.Bypass.Contains(ctx, dstAddr.Network(), dstAddr.String(), bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
|
||||
@@ -204,6 +204,7 @@ func (h *relayHandler) bindUDP(ctx context.Context, conn net.Conn, network, addr
|
||||
log.Infof("bind on %s OK", pc.LocalAddr())
|
||||
|
||||
r := udp.NewRelay(relay_util.UDPTunServerConn(conn), pc).
|
||||
WithService(h.options.Service).
|
||||
WithBypass(h.options.Bypass).
|
||||
WithBufferSize(h.md.udpBufferSize).
|
||||
WithLogger(log)
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/logger"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -77,7 +78,7 @@ func (h *relayHandler) handleConnect(ctx context.Context, conn net.Conn, network
|
||||
return
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, address) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, address, bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", address)
|
||||
resp.Status = relay.StatusForbidden
|
||||
resp.WriteTo(conn)
|
||||
@@ -186,6 +187,7 @@ func (h *relayHandler) handleConnect(ctx context.Context, conn net.Conn, network
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -193,6 +195,7 @@ func (h *relayHandler) handleConnect(ctx context.Context, conn net.Conn, network
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -37,7 +37,7 @@ func (l *tcpListener) Init(md md.Metadata) (err error) {
|
||||
ln := l.ln
|
||||
ln = proxyproto.WrapListener(l.options.ProxyProtocol, ln, 10*time.Second)
|
||||
ln = metrics.WrapListener(l.options.Service, ln)
|
||||
ln = admission.WrapListener(l.options.Admission, ln)
|
||||
ln = admission.WrapListener(l.options.Service, l.options.Admission, ln)
|
||||
l.ln = ln
|
||||
|
||||
return
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/hop"
|
||||
"github.com/go-gost/core/limiter"
|
||||
@@ -200,7 +201,7 @@ func (h *relayHandler) Handle(ctx context.Context, conn net.Conn, opts ...handle
|
||||
}
|
||||
|
||||
if h.options.Auther != nil {
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass)
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass, auth.WithService(h.options.Service))
|
||||
if !ok {
|
||||
resp.Status = relay.StatusUnauthorized
|
||||
resp.WriteTo(conn)
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/common/bufpool"
|
||||
"github.com/go-gost/core/ingress"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/logger"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -43,9 +44,9 @@ func (h *routerHandler) handleAssociate(ctx context.Context, conn net.Conn, netw
|
||||
Status: relay.StatusOK,
|
||||
}
|
||||
|
||||
if ingress := h.md.ingress; ingress != nil && host != "" {
|
||||
if ing := h.md.ingress; ing != nil && host != "" {
|
||||
var rid relay.TunnelID
|
||||
if rule := ingress.GetRule(ctx, host); rule != nil {
|
||||
if rule := ing.GetRule(ctx, host, ingress.WithService(h.options.Service)); rule != nil {
|
||||
rid = parseRouterID(rule.Endpoint)
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/limiter/traffic"
|
||||
@@ -211,7 +212,7 @@ func (h *routerHandler) Handle(ctx context.Context, conn net.Conn, opts ...handl
|
||||
}
|
||||
|
||||
if h.options.Auther != nil {
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass)
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass, auth.WithService(h.options.Service))
|
||||
if !ok {
|
||||
resp.Status = relay.StatusUnauthorized
|
||||
resp.WriteTo(conn)
|
||||
|
||||
@@ -160,6 +160,7 @@ func (h *sniHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.options.Bypass),
|
||||
@@ -168,6 +169,7 @@ func (h *sniHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.options.Bypass),
|
||||
|
||||
@@ -9,6 +9,8 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/limiter/traffic"
|
||||
@@ -172,7 +174,7 @@ func (h *socks4Handler) Handle(ctx context.Context, conn net.Conn, opts ...handl
|
||||
conn.SetReadDeadline(time.Time{})
|
||||
|
||||
if h.options.Auther != nil {
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, string(req.Userid), "")
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, string(req.Userid), "", auth.WithService(h.options.Service))
|
||||
if !ok {
|
||||
resp := gosocks4.NewReply(gosocks4.RejectedUserid, nil)
|
||||
log.Trace(resp)
|
||||
@@ -235,7 +237,7 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
|
||||
conn = xnet.NewReadWriteConn(rw, rw, conn)
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", addr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", addr, bypass.WithService(h.options.Service)) {
|
||||
resp := gosocks4.NewReply(gosocks4.Rejected, nil)
|
||||
log.Trace(resp)
|
||||
log.Debug("bypass: ", addr)
|
||||
@@ -305,6 +307,7 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -312,6 +315,7 @@ func (h *socks4Handler) handleConnect(ctx context.Context, conn net.Conn, req *g
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/logger"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -54,7 +55,7 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, networ
|
||||
conn = xnet.NewReadWriteConn(rw, rw, conn)
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, address) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, address, bypass.WithService(h.options.Service)) {
|
||||
resp := gosocks5.NewReply(gosocks5.NotAllowed, nil)
|
||||
log.Trace(resp)
|
||||
log.Debug("bypass: ", address)
|
||||
@@ -124,6 +125,7 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, networ
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -131,6 +133,7 @@ func (h *socks5Handler) handleConnect(ctx context.Context, conn net.Conn, networ
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -63,6 +63,7 @@ func (h *socks5Handler) Init(md md.Metadata) (err error) {
|
||||
}
|
||||
|
||||
h.selector = &serverSelector{
|
||||
service: h.options.Service,
|
||||
Authenticator: h.options.Auther,
|
||||
TLSConfig: h.options.TLSConfig,
|
||||
logger: h.options.Logger,
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
)
|
||||
|
||||
type serverSelector struct {
|
||||
service string
|
||||
methods []uint8
|
||||
Authenticator auth.Authenticator
|
||||
TLSConfig *tls.Config
|
||||
@@ -71,7 +72,7 @@ func (s *serverSelector) OnSelected(method uint8, conn net.Conn) (string, net.Co
|
||||
if s.Authenticator != nil {
|
||||
var ok bool
|
||||
ctx := xctx.ContextWithSrcAddr(context.Background(), conn.RemoteAddr())
|
||||
id, ok = s.Authenticator.Authenticate(ctx, req.Username, req.Password)
|
||||
id, ok = s.Authenticator.Authenticate(ctx, req.Username, req.Password, auth.WithService(s.service))
|
||||
if !ok {
|
||||
resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure)
|
||||
if err := resp.Write(conn); err != nil {
|
||||
|
||||
@@ -127,6 +127,7 @@ func (h *socks5Handler) handleUDP(ctx context.Context, conn net.Conn, network st
|
||||
filterIP: conn.RemoteAddr().(*net.TCPAddr).IP,
|
||||
},
|
||||
h.md.udpBufferSize), pc).
|
||||
WithService(h.options.Service).
|
||||
WithBypass(h.options.Bypass).
|
||||
WithBufferSize(h.md.udpBufferSize).
|
||||
WithLogger(log)
|
||||
|
||||
@@ -134,6 +134,7 @@ func (h *socks5Handler) handleUDPTun(ctx context.Context, conn net.Conn, network
|
||||
}
|
||||
|
||||
r := udp.NewRelay(socks.UDPTunServerConn(conn), pc).
|
||||
WithService(h.options.Service).
|
||||
WithBypass(h.options.Bypass).
|
||||
WithBufferSize(h.md.udpBufferSize).
|
||||
WithLogger(log)
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -153,7 +154,7 @@ func (h *ssHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.H
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), addr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", addr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", addr.String(), bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", addr.String())
|
||||
return nil
|
||||
}
|
||||
@@ -211,6 +212,7 @@ func (h *ssHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.H
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -218,6 +220,7 @@ func (h *ssHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler.H
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/common/bufpool"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/logger"
|
||||
@@ -175,7 +176,7 @@ func (h *ssuHandler) relayPacket(ctx context.Context, pc1, pc2 net.PacketConn, r
|
||||
ro.Host = addr.String()
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr.Network(), addr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, addr.Network(), addr.String(), bypass.WithService(h.options.Service)) {
|
||||
log.Warn("bypass: ", addr)
|
||||
return nil
|
||||
}
|
||||
@@ -207,7 +208,7 @@ func (h *ssuHandler) relayPacket(ctx context.Context, pc1, pc2 net.PacketConn, r
|
||||
return err
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, raddr.Network(), raddr.String()) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, raddr.Network(), raddr.String(), bypass.WithService(h.options.Service)) {
|
||||
log.Warn("bypass: ", raddr)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/logger"
|
||||
md "github.com/go-gost/core/metadata"
|
||||
@@ -154,7 +155,7 @@ func (h *forwardHandler) handleDirectForward(ctx context.Context, conn *sshd_uti
|
||||
|
||||
log.Debugf("%s >> %s", conn.RemoteAddr(), targetAddr)
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", targetAddr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, "tcp", targetAddr, bypass.WithService(h.options.Service)) {
|
||||
log.Debugf("bypass %s", targetAddr)
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
@@ -206,6 +207,7 @@ func (h *forwardHandler) handleDirectForward(ctx context.Context, conn *sshd_uti
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", xnet.NewReadWriteConn(br, conn, conn),
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -213,6 +215,7 @@ func (h *forwardHandler) handleDirectForward(ctx context.Context, conn *sshd_uti
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", xnet.NewReadWriteConn(br, conn, conn),
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"net/netip"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/logger"
|
||||
"github.com/go-gost/core/router"
|
||||
xip "github.com/go-gost/x/internal/net/ip"
|
||||
@@ -142,7 +143,7 @@ func (h *tunHandler) transportServer(ctx context.Context, tun io.ReadWriter, con
|
||||
ok := true
|
||||
key := bytes.TrimRight(b[4:20], "\x00")
|
||||
for _, ip := range peerIPs {
|
||||
if _, ok = auther.Authenticate(ctx, ip.String(), string(key)); !ok {
|
||||
if _, ok = auther.Authenticate(ctx, ip.String(), string(key), auth.WithService(h.options.Service)); !ok {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
@@ -111,6 +111,8 @@ func (h *tungoHandler) Handle(ctx context.Context, conn net.Conn, opts ...handle
|
||||
}()
|
||||
|
||||
th := &transportHandler{
|
||||
service: h.options.Service,
|
||||
|
||||
tcpQueue: make(chan adapter.TCPConn),
|
||||
udpQueue: make(chan adapter.UDPConn),
|
||||
udpTimeout: h.md.udpTimeout,
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/common/bufpool"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/observer/stats"
|
||||
@@ -37,6 +38,8 @@ const (
|
||||
var _ adapter.TransportHandler = (*transportHandler)(nil)
|
||||
|
||||
type transportHandler struct {
|
||||
service string
|
||||
|
||||
// Unbuffered TCP/UDP queues.
|
||||
tcpQueue chan adapter.TCPConn
|
||||
udpQueue chan adapter.UDPConn
|
||||
@@ -229,6 +232,7 @@ func (h *transportHandler) handleTCPConn(originConn adapter.TCPConn) {
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
sniffer.HandleHTTP(ctx, network, conn,
|
||||
sniffing.WithService(h.service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.opts.Bypass),
|
||||
@@ -238,6 +242,7 @@ func (h *transportHandler) handleTCPConn(originConn adapter.TCPConn) {
|
||||
return
|
||||
case sniffing.ProtoTLS:
|
||||
sniffer.HandleTLS(ctx, network, conn,
|
||||
sniffing.WithService(h.service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithBypass(h.opts.Bypass),
|
||||
@@ -249,7 +254,7 @@ func (h *transportHandler) handleTCPConn(originConn adapter.TCPConn) {
|
||||
}
|
||||
|
||||
if h.opts.Bypass != nil &&
|
||||
h.opts.Bypass.Contains(ctx, network, dstAddr.String()) {
|
||||
h.opts.Bypass.Contains(ctx, network, dstAddr.String(), bypass.WithService(h.opts.Service)) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ func (h *tunnelHandler) handleBind(ctx context.Context, conn net.Conn, network,
|
||||
if host == "" || h.md.ingress == nil {
|
||||
host = endpoint
|
||||
} else if host != endpoint {
|
||||
if rule := h.md.ingress.GetRule(ctx, host); rule != nil && rule.Endpoint != tunnelID.String() {
|
||||
if rule := h.md.ingress.GetRule(ctx, host, ingress.WithService(h.options.Service)); rule != nil && rule.Endpoint != tunnelID.String() {
|
||||
host = endpoint
|
||||
}
|
||||
}
|
||||
@@ -82,12 +82,12 @@ func (h *tunnelHandler) handleBind(ctx context.Context, conn net.Conn, network,
|
||||
h.md.ingress.SetRule(ctx, &ingress.Rule{
|
||||
Hostname: endpoint,
|
||||
Endpoint: tunnelID.String(),
|
||||
})
|
||||
}, ingress.WithService(h.options.Service))
|
||||
if host != "" {
|
||||
h.md.ingress.SetRule(ctx, &ingress.Rule{
|
||||
Hostname: host,
|
||||
Endpoint: tunnelID.String(),
|
||||
})
|
||||
}, ingress.WithService(h.options.Service))
|
||||
}
|
||||
}
|
||||
if h.md.sd != nil {
|
||||
|
||||
@@ -6,6 +6,8 @@ import (
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/ingress"
|
||||
"github.com/go-gost/core/logger"
|
||||
"github.com/go-gost/relay"
|
||||
xnet "github.com/go-gost/x/internal/net"
|
||||
@@ -24,7 +26,7 @@ func (h *tunnelHandler) handleConnect(ctx context.Context, req *relay.Request, c
|
||||
Status: relay.StatusOK,
|
||||
}
|
||||
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, dstAddr) {
|
||||
if h.options.Bypass != nil && h.options.Bypass.Contains(ctx, network, dstAddr, bypass.WithService(h.options.Service)) {
|
||||
log.Debug("bypass: ", dstAddr)
|
||||
resp.Status = relay.StatusForbidden
|
||||
_, err := resp.WriteTo(conn)
|
||||
@@ -34,8 +36,8 @@ func (h *tunnelHandler) handleConnect(ctx context.Context, req *relay.Request, c
|
||||
host, _, _ := net.SplitHostPort(dstAddr)
|
||||
|
||||
var tid relay.TunnelID
|
||||
if ingress := h.md.ingress; ingress != nil && host != "" {
|
||||
if rule := ingress.GetRule(ctx, host); rule != nil {
|
||||
if ing := h.md.ingress; ing != nil && host != "" {
|
||||
if rule := ing.GetRule(ctx, host, ingress.WithService(h.options.Service)); rule != nil {
|
||||
tid = parseTunnelID(rule.Endpoint)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -132,7 +132,7 @@ func (ep *entrypoint) Handle(ctx context.Context, conn net.Conn) (err error) {
|
||||
func (ep *entrypoint) dial(ctx context.Context, network, addr string) (conn net.Conn, err error) {
|
||||
var tunnelID relay.TunnelID
|
||||
if ep.ingress != nil {
|
||||
if rule := ep.ingress.GetRule(ctx, addr); rule != nil {
|
||||
if rule := ep.ingress.GetRule(ctx, addr, ingress.WithService(ep.service)); rule != nil {
|
||||
tunnelID = parseTunnelID(rule.Endpoint)
|
||||
}
|
||||
}
|
||||
@@ -731,7 +731,7 @@ func (l *tcpListener) Init(md md.Metadata) (err error) {
|
||||
ln := l.ln
|
||||
ln = proxyproto.WrapListener(l.options.ProxyProtocol, ln, 10*time.Second)
|
||||
ln = metrics.WrapListener(l.options.Service, ln)
|
||||
ln = admission.WrapListener(l.options.Admission, ln)
|
||||
ln = admission.WrapListener(l.options.Service, l.options.Admission, ln)
|
||||
ln = climiter.WrapListener(l.options.ConnLimiter, ln)
|
||||
l.ln = ln
|
||||
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/handler"
|
||||
"github.com/go-gost/core/limiter"
|
||||
"github.com/go-gost/core/limiter/traffic"
|
||||
@@ -277,7 +278,7 @@ func (h *tunnelHandler) Handle(ctx context.Context, conn net.Conn, opts ...handl
|
||||
}
|
||||
|
||||
if h.options.Auther != nil {
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass)
|
||||
clientID, ok := h.options.Auther.Authenticate(ctx, user, pass, auth.WithService(h.options.Service))
|
||||
if !ok {
|
||||
resp.Status = relay.StatusUnauthorized
|
||||
resp.WriteTo(conn)
|
||||
|
||||
@@ -177,6 +177,7 @@ func (h *unixHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler
|
||||
switch proto {
|
||||
case sniffing.ProtoHTTP:
|
||||
return sniffer.HandleHTTP(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
@@ -184,6 +185,7 @@ func (h *unixHandler) Handle(ctx context.Context, conn net.Conn, opts ...handler
|
||||
)
|
||||
case sniffing.ProtoTLS:
|
||||
return sniffer.HandleTLS(ctx, "tcp", conn,
|
||||
sniffing.WithService(h.options.Service),
|
||||
sniffing.WithDial(dial),
|
||||
sniffing.WithDialTLS(dialTLS),
|
||||
sniffing.WithRecorderObject(ro),
|
||||
|
||||
@@ -51,7 +51,9 @@ func (h *unixHandler) handleHTTP(ctx context.Context, rw, cc io.ReadWriteCloser,
|
||||
})
|
||||
|
||||
if h.options.Bypass != nil &&
|
||||
h.options.Bypass.Contains(ctx, "tcp", host, bypass.WithPathOption(req.RequestURI)) {
|
||||
h.options.Bypass.Contains(ctx, "tcp", host,
|
||||
bypass.WithService(h.options.Service),
|
||||
bypass.WithPathOption(req.RequestURI)) {
|
||||
log.Debugf("bypass: %s %s", host, req.RequestURI)
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user