Commit Graph

28 Commits

Author SHA1 Message Date
ginuerzh 39580f04ca fix(handler/socks5): RFC 1928 compliance — method negotiation, BND.ADDR, UDP ordering, and safe type assertions
- selector.go: Select() now only returns methods the client actually offered,
  defaulting to MethodNoAcceptable (0xFF) when no mutually-supported method
  exists. Prevents protocol desync when authenticator is set but client
  doesn't offer UserPass. (#1, #2)

- connect.go: CONNECT success reply now carries the outbound connection's
  actual local address as BND.ADDR per RFC 1928 §6, instead of 0.0.0.0:0. (#4)

- udp.go: UDP ASSOCIATE now verifies the upstream chain is reachable before
  sending Success to the client; on failure sends a proper Failure reply.
  Also adds safe type assertions for net.TCPAddr and net.UDPAddr to prevent
  panics on wrapped connections, and returns errors on DNS resolution failure
  instead of silently dropping datagrams. (#5, #1, #2, #3)
2026-06-25 15:41:15 +08:00
ginuerzh a32ffd5608 fix(sniffing): pass bypass option to sniffer HandleHTTP/HandleTLS calls
When sniffing is enabled, the sniffer extracts the real domain from HTTP
Host header or TLS SNI and checks bypass rules against it. However, most
handlers were not passing WithBypass(...) to the sniffer, so the sniffer
internal bypass check was always skipped.

Additionally, the TLS-to-HTTP fallback paths in internal util sniffer
and forwarder also omitted bypass when constructing options for the
recursive HandleHTTP call after decrypting TLS.

Add WithBypass to all sniffer call sites that were missing it across
handlers (http, relay, socks4, socks5, ss, sshd, unix) and internal
TLS fallback paths.

Also fix import ordering in handler/http/connect.go.

Fixes go-gost/gost#874
2026-06-23 20:54:26 +08:00
ginuerzh c7d16962ec add service option for plugin 2025-08-29 23:36:31 +08:00
ginuerzh 52289bea6c add network param for sniffing 2025-08-13 21:25:35 +08:00
ginuerzh b597467858 add context for conn 2025-08-04 19:29:38 +08:00
ginuerzh 208d18125c replace xnet.Transport by xnet.Pipe 2025-07-28 20:52:15 +08:00
ginuerzh d9a2f44a78 add src field for logger and recorder 2025-07-02 21:35:02 +08:00
ginuerzh 2495b13053 fix traffic logging for socks5 udp 2025-02-18 17:30:36 +08:00
ginuerzh 6b932e35bf sniffing websocket frame 2024-10-19 19:36:06 +08:00
ginuerzh a0cbee8817 use http.transport for non-connect http tunnel 2024-10-17 21:57:20 +08:00
ginuerzh 7e51404ae5 fix handler sniffing 2024-10-16 23:01:12 +08:00
ginuerzh 8f994ab632 add handle options for sniffer 2024-10-10 22:49:56 +08:00
ginuerzh c42a44abb6 add sniffer utility 2024-10-02 22:51:23 +08:00
ginuerzh 3c8add4b82 add traffic sniffing for handler 2024-09-27 15:55:28 +08:00
ginuerzh e22aa91571 add route for recorder 2024-09-24 20:20:15 +08:00
ginuerzh 31c482c649 add scope param for traffic limiter 2024-08-31 09:30:04 +08:00
ginuerzh c1d0887a9b add port range support for service 2024-07-08 22:38:21 +08:00
ginuerzh 22537ff0d2 mv observer/stats to core 2024-07-04 23:05:35 +08:00
ginuerzh 3d2a7b7d3b move x/internal/ctx to x/ctx 2024-01-30 18:19:39 +08:00
ginuerzh c959fc2f73 add observer 2024-01-03 20:55:06 +08:00
ginuerzh 88cc6ff4d5 add traffic limiter for proxy handler 2023-11-18 18:28:09 +08:00
ginuerzh 836cf6eade add network for bypass 2023-09-30 17:51:55 +08:00
ginuerzh 46db8480fa add timeout for sniffing 2023-05-21 15:47:51 +08:00
ginuerzh 32c8188351 add plugin system 2023-04-18 20:52:56 +08:00
ginuerzh a1255e52d8 fix proxy protocol 2022-09-28 11:47:56 +08:00
ginuerzh f3f3acd4e1 more fine-grained log level 2022-08-18 11:34:57 +08:00
ginuerzh 1444ebc1ee add metrics 2022-04-05 17:56:36 +08:00
ginuerzh a3346ad246 add pkgs from core 2022-04-04 12:44:35 +08:00