Compare commits

..

69 Commits

Author SHA1 Message Date
ginuerzh 7643e16cca chore: bump go-gost/x to v0.13.12 2026-07-11 22:11:08 +08:00
ginuerzh 64b71bd8a6
test(e2e): add utls dialer regression suite (#888)
Adds an e2e suite (tests/e2e/utls_test.go + testdata/utls/*)
that exercises the utls dialer in a forward-proxy chain:

  curl -> client gost (http proxy :8080)
       -> chain node (http connector + utls dialer)
         -> server gost (http over TLS listener :8443)
           -> tcp-echo

Two cases:

- TestUTLSInsecure: regression for go-gost/gost#887. A utls
  dialer with `secure: false` must still complete the handshake
  (InsecureSkipVerify must be honoured). The old unsafe cast read
  garbage for InsecureSkipVerify and the handshake failed.
- TestUTLSSecureWithCA: exercises the converter's RootCAs /
  ServerName path with a CA-signed server cert.

Uses the deterministic `Chrome` fingerprint (not `randomized`, which
randomises the ClientHello and is flaky against a standard Go TLS
server).

Bumps github.com/go-gost/x to v0.13.11, which fixes the
second half of #887: the curve-preference enum divergence between
crypto/tls and utls (Go 1.24+ appends PQC hybrid curves that
utls does not define).

Related: go-gost/gost#887, go-gost/x#111, go-gost/x#112
2026-07-11 15:46:39 +08:00
ginuerzh ccf2989bc0 gost: bump x to v0.13.9, relay to v0.6.2; add PHT e2e tests
- go.mod: x v0.13.8 → v0.13.9, relay v0.6.1 → v0.6.2
- tests/e2e/pht_test.go: 3 test cases (basic tunnel, PHTs, heartbeat)
- tests/e2e/testdata/pht/: client/server and client_phts/server_phts YAML configs
2026-07-06 22:10:15 +08:00
ginuerzh d54a896a81 update go.mod 2026-07-05 21:22:15 +08:00
ginuerzh 6b7dbf08fa chore: bump go-gost/x to v0.13.8, plugin to v0.5.0 2026-07-05 21:19:32 +08:00
ginuerzh dd56308b2e test(mtls): add e2e tests for mTLS client cert identity forwarding
Tests verify: mTLS proxy works with valid client cert, mTLS rejects
connections without client cert, HTTP auth plugin receives client_cn,
client_san, client_cert_fingerprint via PeerCert context propagation.
2026-07-04 19:00:44 +08:00
ginuerzh eb9dbb1807 chore: bump core to v0.5.3 and x to v0.13.7 2026-07-03 20:20:26 +08:00
ginuerzh 02dc900686 chore: bump go-gost/x to v0.13.5 2026-07-02 21:09:46 +08:00
ginuerzh bb912edecc chore: bump go-gost/x to v0.13.3 2026-06-30 20:59:00 +08:00
ginuerzh ffb61cc19f chore: bump go-gost/core to v0.5.2, go-gost/x to v0.13.2 2026-06-30 11:05:02 +08:00
ginuerzh a864cbcfe5 chore: bump go-gost/x to v0.13.1 2026-06-28 20:06:03 +08:00
ginuerzh b139ed5968 chore: bump go-gost/core to v0.5.1, go-gost/x to v0.13.0, go-gost/plugin to v0.4.0 2026-06-27 23:05:22 +08:00
ginuerzh 43724a5c40 test: add http2 handler e2e suite and tighten host-mapper + idle-timeout tests
Add tests/e2e/http2_test.go covering the http2 handler/listener/connector/dialer
end-to-end through the canonical gost-as-client pattern (8 subtests: forward,
auth, bypass, probeResist/metadata, h2 stream multiplexing). Include
testdata/http2/{server,server_auth,server_bypass,server_proberesist,client,
client_auth}.yaml. Note that h2/h2c listeners pair with the tunnel handler
and only http2 listener pairs with handler http2 (reads r/w from metadata).

Tighten TestDNSHostMapper by pointing the handler at an unreachable upstream
so unmapped names fail at the exchanger, confirming the host-mapper path was
the sole reason mapped names resolved. Fix http_idle_timeout.py to speak HTTP
through the CONNECT tunnel rather than a raw ping, matching the echo backend.

Co-Authored-By: Claude <noreply@anthropic.com>
2026-06-27 20:15:31 +08:00
ginuerzh 0bb9109c71 feat: add comprehensive forward handler e2e tests
Add TCP/UDP forward handler e2e tests covering basic forwarding, alias
(forward/tcp), sniffing, raw pipe, idleTimeout, multi-node protocol
filtering, sniffing bypass (403), stateful UDP, and stateless UDP.

New files:
- forward_test.go: ForwardSuite with 9 test methods
- testdata/forward/: server configs (tcp, udp, stateless, sniffing,
  bypass, multi-node, idleTimeout)
- scripts/tcp_idle_timeout.py, udp_forward_test.py: Python harnesses
  for in-container idle timeout and UDP echo verification
2026-06-27 13:59:22 +08:00
ginuerzh a0427be086 feat: add comprehensive DNS handler e2e tests
Adds 22 DNS e2e subtests across 8 test methods covering: upstream
resolution (A, AAAA, multi-A), TCP mode, bypass rules, host mapper,
exchange failure (graceful error recovery), rate limiter wiring,
invalid query handling, and DNS over TLS (mode: tls).

Includes two authoritative DNS responders (UDP/TCP), a standalone
DNS query client, and a TLS DNS query script.
2026-06-27 00:21:37 +08:00
ginuerzh 590c6f48bd feat: add file handler e2e tests covering GET, PUT, index, auth, and 404
Adds 5 test methods (7 test cases) for the file handler:
GET existing file, GET nonexistent file, GET index.html, PUT upload,
PUT without permission, and auth (no-auth-401, with-auth-success).

Includes test data files and server YAML configs under
tests/e2e/testdata/file/.
2026-06-26 22:19:13 +08:00
ginuerzh 69b561f944 feat: add comprehensive HTTP e2e tests covering connector, TLS, probeResist, idleTimeout, and UDP relay
Adds 12 new HTTP handler test scenarios: HTTP connector (no-auth, auth, TLS
upstream), CONNECT tunnel (no-sniffing, bypass-403), probeResist (host, web,
file, knock), idleTimeout, and UDP relay over HTTP. Introduces
RunGostContainerWithFiles helper for mounting extra files into test containers.
2026-06-26 22:00:35 +08:00
ginuerzh 3c87a8b96e chore(deps): bump go-gost/x to v0.12.5 2026-06-26 20:21:42 +08:00
ginuerzh c9cfc440ad build(deps): bump go-gost/x from v0.12.3 to v0.12.4 2026-06-25 20:50:53 +08:00
ginuerzh c305f93703 chore(deps): bump go-gost/x to v0.12.3 2026-06-23 21:47:44 +08:00
ginuerzh f638d8081f build(deps): bump go-gost/x from v0.12.1 to v0.12.2
x v0.12.2 adds SO_REUSEPORT support for TCP listeners (#654).
2026-06-22 21:46:46 +08:00
ginuerzh 286c1615fd build(deps): bump go-gost/x from v0.12.0 to v0.12.1 2026-06-21 22:55:44 +08:00
ginuerzh b985e5138c fix: use atomic int for multi-worker exit code and clean up cancellation
- Replace bare int with atomic.Int32 to fix data race on ret
- Replace wg.Add/go/defer wg.Done pattern with wg.Go (Go 1.22+)
- Pass context by value instead of pointer
- Add ctx.Err() guard to suppress fatal on cancellation errors
- Add ProcessState nil check before accessing ExitCode
- Move cancel() after wg.Wait() to avoid race where a successful
  worker's deferred cancel kills siblings and triggers log.Fatal
2026-06-21 21:07:37 +08:00
ginuerzh b628475871 fix: enable metrics before loading services
Move xmetrics.Enable(true) from run() to Start(), before loader.Load(),
so that listener wrappers can observe the enabled state at Init time
rather than after wrapper decisions have already been made.
2026-06-21 20:35:19 +08:00
ginuerzh 43dd0a6958 feat: register stdio listener for SSH ProxyCommand support
Adds blank import of x/listener/stdio to register the stdio listener.

Refs go-gost/gost#433
2026-06-21 15:40:41 +08:00
ginuerzh 9d00ad8c8f build(deps): bump go-gost/x from v0.11.1 to v0.12.0 2026-06-20 22:15:57 +08:00
ginuerzh 1bebce0ed7 feat: register utls dialer for TLS ClientHello fingerprint simulation
Blank-import x/dialer/utls to enable the "utls" dialer type via
init() self-registration.

Refs go-gost/gost#31
2026-06-20 20:17:08 +08:00
ginuerzh 1178c4757f feat(cmd): add -R auto-reload flag for periodic config refresh
Introduce -R <duration> flag (e.g., -R 30s, -R 1m) that triggers
periodic config reload. Combined with -C URL support, this enables
centralized fleet management where nodes poll a remote config server.

The reload goroutine reuses the existing SIGHUP reloadConfig path:
parser.Parse() → loader.Load() → p.run(cfg). When -R is zero
(default) behavior is unchanged; SIGHUP still works independently.
2026-06-20 20:12:11 +08:00
ginuerzh 73069f50e3 feat: support multiple -C config files
Change -C flag from string to stringList, allowing:
  gost -C base.yml -C services.yml -C auth.yml

Closes go-gost/gost#150
2026-06-20 18:56:25 +08:00
ginuerzh 06ec0097f9 ci: harden docker/release/nightly GitHub Actions workflows
- buildx: adopt docker/metadata-action for image tags (replaces hand-rolled shell), add gha build cache, concurrency control, explicit checkout, and least-privilege permissions

- release: add explicit permissions and concurrency (no cancel-in-flight); drop dead UPX install step (disabled in .goreleaser.yaml, see #863)

- trigger-nightly: add concurrency, replace archived dev-drprasad/delete-older-releases with native gh, and harden the 24h commit check
2026-06-19 19:11:25 +08:00
ginuerzh 396b0977bd chore: bump x to v0.11.1 2026-06-19 09:29:14 +08:00
Yuan Tong 604dccc7b0
feat: register runix listener (#871) 2026-06-19 09:27:06 +08:00
ginuerzh 6d80e06ab3 chore: bump x to v0.11.0 2026-06-17 22:32:51 +08:00
ginuerzh e2447ce578 fix(e2e): use host network for Docker image builds in DinD environments
Docker-in-Docker containers cannot reach the internet via the default
bridge network, causing 'apk add' in the Dockerfile to hang indefinitely
and e2e tests to timeout after 10 minutes.

Add BuildOptionsModifier with NetworkMode=host to all FromDockerfile
definitions so the build step uses the host's network stack. This has
no negative impact on non-DinD environments where bridge networking
already works.

Also move GostBinPath flag and init() from main_test.go to utils.go
(non-test file) so the symbol is accessible across the package.
2026-06-06 20:34:24 +08:00
ginuerzh 811420e923 chore: bump x to include stateless UDP forwarding (#853) 2026-06-05 23:27:22 +08:00
ginuerzh 374b46dfe1 bump x to v0.10.10 2026-06-03 23:30:01 +08:00
ginuerzh 22edb92084 bump x to v0.10.10 2026-06-03 23:25:54 +08:00
ginuerzh 78a0a8c734 fix: disable UPX compression in Dockerfile to resolve #863 startup regression 2026-06-03 00:13:58 +08:00
ZHAO Jin-Xiang 41e1878ebc
feat: add nftables package to Dockerfile (#865)
nftables is a more modern iptables which supports both ipv4 and ipv6.
2026-06-02 23:56:53 +08:00
ginuerzh 5639c90e98 bump x to v0.10.9 2026-06-02 23:54:13 +08:00
ginuerzh 36abf9bcd9 bump x to v0.10.8 2026-06-02 20:07:48 +08:00
ginuerzh d584b7ac61 bump x to v0.10.7 2026-05-31 22:49:10 +08:00
ginuerzh 56e2a1c496 fix: disable UPX compression to resolve #863 startup regression
UPX --best/--lzma/--brute adds ~3s startup time on low-spec systems
(linux/arm) due to in-memory decompression on every invocation of gost -V.
Disabled by default; opt in via GORELEASER_UPX=true for release builds
that need it.
2026-05-31 22:25:57 +08:00
ginuerzh b0bea19275 bump x to v0.10.6 2026-05-31 22:13:42 +08:00
ginuerzh cd64f2edd3 bump x to v0.10.5 2026-05-31 19:50:49 +08:00
ginuerzh 5f04c84e32 bump core to v0.4.1 2026-05-31 19:40:28 +08:00
ginuerzh 600a64e611 bump x to v0.10.4 2026-05-31 17:47:52 +08:00
ginuerzh 3d6b16686b bump x to v0.10.3 2026-05-29 00:29:26 +08:00
ginuerzh 44684d40c3 add CLAUDE.md with build, CLI, and lifecycle documentation 2026-05-23 00:00:56 +08:00
ginuerzh 2be36abe75 bump x to v0.10.1, go-shadowsocks2 to v0.1.3; add gost binary to .gitignore 2026-05-22 23:21:30 +08:00
ginuerzh 8db62785fa Merge pull request #862: Add e2e test cases for shadowsocks
Add comprehensive e2e tests covering TCP and UDP shadowsocks
connections with various cipher modes (aes-128-gcm, aes-256-gcm,
chacha20, 2022-blake3-aes-128, 2022-blake3-aes-256, including
multi-PSK variants).
2026-05-22 23:09:42 +08:00
RMT 8740e6f258
Add e2e test cases for shadowsocks 2026-05-22 14:28:17 +08:00
ginuerzh d4c9ef5056 add masque connector, dialer, and handler registrations; update x to v0.10.0 2026-05-21 23:03:49 +08:00
RMT c06eb0d331 WIP 2026-04-26 22:18:07 +08:00
RMT c8b48dc248 WIP 2026-04-26 22:18:07 +08:00
azoway 45d94cf391 Update install.sh
在alpine服务器上运行安装脚本报错:
curl: (3) URL rejected: Malformed input to a URL function

排查后发现,当前版本部分会匹配出来2个版本的下载链接:
gost_3.2.6_linux_amd64.tar.gz
gost_3.2.6_linux_amd64v3.tar.gz

修改后默认取第一个兼容性更好的版本
2026-04-26 22:16:06 +08:00
nivesh bc96fe3918 streamline download/install process
(get binary only, eliminate unnecessary intermediate files)
2026-04-22 00:25:59 +08:00
nivesh 646d3f906c enhance portability (detect user-preferred bash, replace all greps with awk) 2026-04-22 00:25:59 +08:00
nivesh 4c69940f1e Fix #835 2026-04-22 00:25:59 +08:00
David Manouchehri 3d1f6fcbbb add masque connector, dialer, and handler 2026-04-22 00:23:53 +08:00
ginuerzh e388426ec6 go1.26 2026-04-21 23:59:31 +08:00
ginuerzh 340ba32ef0 v3.2.6 2025-11-22 22:47:02 +08:00
ginuerzh 96551d5fa5 metrics: fix server conn wrapper (#797) 2025-10-11 22:07:41 +08:00
ginuerzh 8d05a6ed93 add multiple entrypoints for tunnel 2025-10-09 22:33:31 +08:00
ginuerzh 0348a16aa9 fix panic for channel close (#779) 2025-09-20 10:06:15 +08:00
ginuerzh 50934e0978 fix sniffing for websocket 2025-09-04 21:32:34 +08:00
ginuerzh c2ed9c6f07 add service option for plugin 2025-08-29 23:38:29 +08:00
ginuerzh 3b9da4e260 go1.25 2025-08-21 22:53:28 +08:00
ginuerzh f0a67a1108 fix bugs 2025-08-21 22:24:42 +08:00
111 changed files with 5738 additions and 327 deletions

View File

@ -3,57 +3,49 @@
name: docker
on:
on:
push:
branches:
- master
tags:
- 'v*'
permissions:
contents: read
# New pushes cancel an in-progress build for the same ref. Tags are isolated
# by ref, so re-pushing a release tag only de-dupes itself, never another tag.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Prepare
id: prepare
run: |
DOCKER_IMAGE=${{ secrets.DOCKER_IMAGE }}
VERSION=latest
- name: Checkout
uses: actions/checkout@v4
# If this is git tag, use the tag name as a docker tag
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
fi
TAGS="${DOCKER_IMAGE}:${VERSION}"
# If the VERSION looks like a version number, assume that
# this is the most recent version of the image and also
# tag it 'latest'.
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
MAJOR_VERSION=`echo $VERSION | awk '{split($0,a,"."); print a[1]}'`
MINOR_VERSION=`echo $VERSION | awk '{split($0,a,"."); print a[2]}'`
TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR_VERSION},${DOCKER_IMAGE}:${MAJOR_VERSION}.${MINOR_VERSION},${DOCKER_IMAGE}:latest"
fi
# Set output parameters.
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
echo "docker_platforms=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/s390x,linux/riscv64" >> $GITHUB_OUTPUT
# Auto-generates image tags, replacing the former hand-rolled shell:
# - master push -> :latest
# - clean release tag vX.Y.Z -> :X.Y.Z :X :X.Y :latest
# - nightly tag vX.Y.Z-nightly.<date> -> :X.Y.Z-nightly.<date> (no major/minor/latest)
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKER_IMAGE }}
flavor: latest=false
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || (startsWith(github.ref, 'refs/tags/v') && !contains(github.ref_name, '-')) }}
type=semver,pattern={{version}}
type=semver,pattern={{major}},enable=${{ !contains(github.ref_name, '-') }}
type=semver,pattern={{major}}.{{minor}},enable=${{ !contains(github.ref_name, '-') }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Environment
run: |
echo home=$HOME
echo git_ref=$GITHUB_REF
echo git_sha=$GITHUB_SHA
echo image=${{ steps.prepare.outputs.docker_image }}
echo tags=${{ steps.prepare.outputs.tags }}
echo platforms=${{ steps.prepare.outputs.docker_platforms }}
echo avail_platforms=${{ steps.buildx.outputs.platforms }}
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
@ -64,6 +56,9 @@ jobs:
- name: Buildx and push
uses: docker/build-push-action@v6
with:
platforms: ${{ steps.prepare.outputs.docker_platforms }}
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/s390x,linux/riscv64
push: true
tags: ${{ steps.prepare.outputs.tags }}
tags: ${{ steps.meta.outputs.tags }}
# Reuse build layers across runs via the GitHub Actions cache.
cache-from: type=gha
cache-to: type=gha,mode=max

View File

@ -8,8 +8,11 @@ on:
permissions:
contents: write
# packages: write
# issues: write
# Never cancel an in-flight release; only de-dupe a re-pushed tag.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
goreleaser:
@ -21,14 +24,9 @@ jobs:
- run: git fetch --force --tags
- uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version: '1.26'
cache: true
- name: Install UPX
uses: crazy-max/ghaction-upx@v3
with:
install-only: true
# More assembly might be required: Docker logins, GPG, etc. It all depends
# on your needs.
# UPX is disabled in .goreleaser.yaml (see #863); the install step was removed.
- uses: goreleaser/goreleaser-action@v6
with:
# either 'goreleaser' (default) or 'goreleaser-pro':

View File

@ -6,6 +6,11 @@ on:
- cron: '00 15 * * *'
workflow_dispatch:
# Only one nightly run at a time; a new run cancels a stale one.
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
jobs:
check_date:
runs-on: ubuntu-latest
@ -17,10 +22,12 @@ jobs:
- name: print latest_commit
run: echo ${{ github.sha }}
- id: should_run
continue-on-error: true
name: check latest commit is less than a day
name: Skip if no commit in the last 24 hours
if: ${{ github.event_name == 'schedule' }}
run: test -z $(git rev-list --after="24 hours" ${{ github.sha }}) && echo "should_run=false" >> $GITHUB_OUTPUT
run: |
if [ "$(git rev-list --count --after='24 hours' ${{ github.sha }})" -eq 0 ]; then
echo "should_run=false" >> $GITHUB_OUTPUT
fi
trigger-nightly:
needs: check_date
@ -52,10 +59,13 @@ jobs:
git tag -a $TAG -m "$TAG: nightly build"
git push origin $TAG
- name: 'Clean up nightly releases'
uses: dev-drprasad/delete-older-releases@v0.3.3
with:
keep_latest: 2
delete_tags: true
delete_tag_pattern: nightly
env:
GITHUB_TOKEN: ${{ secrets.NIGHTLY_BUILD_GH_TOKEN }}
GH_TOKEN: ${{ secrets.NIGHTLY_BUILD_GH_TOKEN }}
run: |
# Keep the 2 most recent nightly releases; delete the rest and their tags.
# Replaces the archived dev-drprasad/delete-older-releases action.
gh release list --json tagName,createdAt --limit 100 \
--jq '[.[] | select(.tagName | test("nightly"))] | sort_by(.createdAt) | reverse | .[2:] | .[].tagName' \
| while read -r tag; do
gh release delete "$tag" --yes --cleanup-tag || true
done

3
.gitignore vendored
View File

@ -32,9 +32,10 @@ _testmain.go
*.bak
cmd/gost/gost
gost
snap
*.pem
*.yaml
/*.yaml
*.txt
dist/

View File

@ -35,69 +35,15 @@ builds:
- windows_amd64
- windows_amd64_v3
- windows_arm64
- android_arm64
ldflags:
- "-s -w -X 'main.version={{ .Tag }}'"
upx:
- # Whether to enable it or not.
#
# Templates: allowed.
enabled: true
# Filter by build ID.
# ids: [build1, build2]
# Filter by GOOS.
goos: [linux]
# Filter by GOARCH.
goarch: [arm, arm64, amd64]
# Filter by GOARM.
# goarm: [8]
# Filter by GOAMD64.
# goamd64: [v1]
# Compress argument.
# Valid options are from '1' (faster) to '9' (better), and 'best'.
compress: best
# Whether to try LZMA (slower).
lzma: true
# Whether to try all methods and filters (slow).
brute: true
- # Whether to enable it or not.
#
# Templates: allowed.
enabled: true
# Filter by build ID.
# ids: [build1, build2]
# Filter by GOOS.
goos: [windows]
# Filter by GOARCH.
goarch: [amd64]
# Filter by GOARM.
# goarm: [8]
# Filter by GOAMD64.
# goamd64: [v1]
# Compress argument.
# Valid options are from '1' (faster) to '9' (better), and 'best'.
compress: best
# Whether to try LZMA (slower).
lzma: true
# Whether to try all methods and filters (slow).
brute: true
- # UPX compression. Disabled by default (see #863): upx --best/--lzma/--brute
# adds ~3s startup time on low-spec systems (linux/arm). Release builds can
# opt in via GORELEASER_UPX=true environment variable.
enabled: false
archives:
- format: tar.gz

66
CLAUDE.md 100644
View File

@ -0,0 +1,66 @@
# CLAUDE.md — gost/
CLI binary entry point for GOST (GO Simple Tunnel). This module compiles the `gost` command.
## Build & Run
```bash
cd gost && go build ./cmd/gost/...
# Cross-compile
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" ./cmd/gost/...
# Build all platforms
make all
# Run
./gost -L "http://:8080" -F "socks5://:1080"
./gost -C gost.yml
```
## Structure
| File | Purpose |
|------|---------|
| `cmd/gost/main.go` | CLI entry point: flag parsing, multi-worker mode (`--` separator), program launch via `svc.Run` |
| `cmd/gost/program.go` | Service lifecycle (`Init`/`Start`/`Stop`), config loading, API/metrics/profiling servers, SIGHUP reload |
| `cmd/gost/register.go` | Blank imports for all built-in handlers, listeners, dialers, connectors — triggers `init()` registration |
| `cmd/gost/version.go` | Version string (`3.3.0`) |
## CLI Flags
| Flag | Usage |
|------|-------|
| `-L` | Inline service definition (repeatable) |
| `-F` | Inline chain node definition (repeatable) |
| `-C` | Path to config file (YAML/JSON) |
| `-D` / `-DD` | Debug / trace logging |
| `-api` | API service address (e.g. `:8080`) |
| `-metrics` | Prometheus metrics address |
| `-O` | Output merged config as yaml or json, then exit |
| `-V` | Print version and exit |
## Multi-Worker Mode
Arguments separated by ` -- ` spawn multiple worker processes via `exec.CommandContext`. Each worker runs as a child process with `_GOST_ID` set. Any worker's exit cancels all others. This is triggered in `init()` before flag parsing.
## Service Lifecycle
- `Init` → calls `parser.Init()` with all CLI/config inputs
- `Start``parser.Parse()``loader.Load()``p.run()` (starts services, API, metrics, profiling)
- `Stop` → cancels reload context, closes all services
- SIGHUP → `reloadConfig()` re-parses and re-runs without restarting the process
## Key Dependencies
- `github.com/go-gost/core` — interface definitions
- `github.com/go-gost/x` — all implementations, config, registry
- `github.com/judwhite/go-svc` — OS service framework (handles daemon/SIGHUP/SIGTERM)
## Registration Pattern
All components register via `init()` side-effects in their packages. `cmd/gost/register.go` triggers them with blank imports. When adding a new built-in handler/listener/dialer/connector, add a blank import here.
## Tests
Tests are in `tests/e2e/` — integration tests using the built binary. No unit tests. Run with `go test ./tests/e2e/...`.

View File

@ -1,9 +1,11 @@
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1 AS xx
FROM --platform=$BUILDPLATFORM golang:1.24-alpine3.22 AS builder
FROM --platform=$BUILDPLATFORM golang:1.26-alpine3.23 AS builder
# add upx for binary compression
RUN apk add --no-cache upx || echo "upx not found"
# UPX compression disabled by default (see #863): upx --best adds ~3s startup
# time on low-spec systems (linux/arm). Builds can opt in by uncommenting the
# upx install line and adding upx --best to the build command below.
# RUN apk add --no-cache upx || echo "upx not found"
COPY --from=xx / /
@ -21,13 +23,12 @@ COPY . .
RUN cd cmd/gost && \
xx-go build -ldflags "-s -w" && \
xx-verify gost && \
{ upx --best gost || true; }
xx-verify gost
FROM alpine:3.22
FROM alpine:3.23
# add iptables for tun/tap
RUN apk add --no-cache iptables
# add iptables/nftables for tun/tap
RUN apk add --no-cache iptables nftables
WORKDIR /bin/

View File

@ -11,6 +11,8 @@ import (
"runtime"
"strings"
"sync"
"sync/atomic"
"time"
"github.com/go-gost/core/logger"
xlogger "github.com/go-gost/x/logger"
@ -28,7 +30,7 @@ func (l *stringList) Set(value string) error {
}
var (
cfgFile string
cfgFiles stringList
outputFormat string
services stringList
nodes stringList
@ -36,6 +38,7 @@ var (
trace bool
apiAddr string
metricsAddr string
reload time.Duration
)
func init() {
@ -46,39 +49,43 @@ func init() {
if strings.Contains(args, " -- ") {
var (
wg sync.WaitGroup
ret int
ret atomic.Int32
)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
wargsList := strings.Split(" "+args+" ", " -- ")
for wid, wargs := range strings.Split(" "+args+" ", " -- ") {
wg.Add(1)
go func(wid int, wargs string) {
defer wg.Done()
defer cancel()
worker(wid, strings.Split(wargs, " "), &ctx, &ret)
}(wid, strings.TrimSpace(wargs))
ctx, cancel := context.WithCancel(context.Background())
for wid, wargs := range wargsList {
wg.Go(func() {
worker(wid, strings.Split(strings.TrimSpace(wargs), " "), ctx, &ret)
})
}
wg.Wait()
cancel()
os.Exit(ret)
os.Exit(int(ret.Load()))
}
}
func worker(id int, args []string, ctx *context.Context, ret *int) {
cmd := exec.CommandContext(*ctx, os.Args[0], args...)
func worker(id int, args []string, ctx context.Context, ret *atomic.Int32) {
cmd := exec.CommandContext(ctx, os.Args[0], args...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Env = append(os.Environ(), fmt.Sprintf("_GOST_ID=%d", id))
if err := cmd.Run(); err != nil {
log.Fatal(err)
// Context cancellation is expected when one worker exits early.
// Only log fatal on other errors.
if ctx.Err() == nil {
log.Fatal(err)
}
return
}
if cmd.ProcessState.Exited() {
*ret = cmd.ProcessState.ExitCode()
if cmd.ProcessState != nil && cmd.ProcessState.Exited() {
ret.Store(int32(cmd.ProcessState.ExitCode()))
}
}
@ -87,13 +94,14 @@ func init() {
flag.Var(&services, "L", "service list")
flag.Var(&nodes, "F", "chain node list")
flag.StringVar(&cfgFile, "C", "", "configuration file")
flag.Var(&cfgFiles, "C", "config file(s), URL(s), or inline JSON")
flag.BoolVar(&printVersion, "V", false, "print version")
flag.StringVar(&outputFormat, "O", "", "output format, one of yaml|json format")
flag.BoolVar(&debug, "D", false, "debug mode")
flag.BoolVar(&trace, "DD", false, "trace mode")
flag.StringVar(&apiAddr, "api", "", "api service address")
flag.StringVar(&metricsAddr, "metrics", "", "metrics service address")
flag.DurationVar(&reload, "R", 0, "auto reload period (e.g. 30s, 1m)")
flag.Parse()
if printVersion {

View File

@ -8,6 +8,7 @@ import (
"os/signal"
"strings"
"syscall"
"time"
"github.com/go-gost/core/auth"
"github.com/go-gost/core/logger"
@ -34,7 +35,7 @@ type program struct {
func (p *program) Init(env svc.Environment) error {
parser.Init(parser.Args{
CfgFile: cfgFile,
CfgFiles: cfgFiles,
Services: services,
Nodes: nodes,
Debug: debug,
@ -61,6 +62,12 @@ func (p *program) Start() error {
config.Set(cfg)
// Enable metrics before loading services so that listener wrappers
// can observe the enabled state at Init time.
if cfg.Metrics != nil && cfg.Metrics.Addr != "" {
xmetrics.Enable(true)
}
if err := loader.Load(cfg); err != nil {
return err
}
@ -120,8 +127,6 @@ func (p *program) run(cfg *config.Config) error {
p.srvMetrics = s
xmetrics.Enable(true)
go func() {
defer s.Close()
@ -193,6 +198,13 @@ func (p *program) reload(ctx context.Context) {
c := make(chan os.Signal, 1)
signal.Notify(c, syscall.SIGHUP)
var ticker <-chan time.Time
if reload > 0 {
t := time.NewTicker(reload)
defer t.Stop()
ticker = t.C
}
for {
select {
case <-c:
@ -202,6 +214,13 @@ func (p *program) reload(ctx context.Context) {
logger.Default().Info("config reloaded")
}
case <-ticker:
if err := p.reloadConfig(); err != nil {
logger.Default().Errorf("auto reload: %v", err)
} else {
logger.Default().Debug("config auto reloaded")
}
case <-ctx.Done():
return
}

View File

@ -6,6 +6,7 @@ import (
_ "github.com/go-gost/x/connector/forward"
_ "github.com/go-gost/x/connector/http"
_ "github.com/go-gost/x/connector/http2"
_ "github.com/go-gost/x/connector/masque"
_ "github.com/go-gost/x/connector/relay"
_ "github.com/go-gost/x/connector/router"
_ "github.com/go-gost/x/connector/serial"
@ -27,6 +28,7 @@ import (
_ "github.com/go-gost/x/dialer/http2"
_ "github.com/go-gost/x/dialer/http2/h2"
_ "github.com/go-gost/x/dialer/http3"
_ "github.com/go-gost/x/dialer/http3/masque"
_ "github.com/go-gost/x/dialer/http3/wt"
_ "github.com/go-gost/x/dialer/icmp"
_ "github.com/go-gost/x/dialer/kcp"
@ -44,6 +46,7 @@ import (
_ "github.com/go-gost/x/dialer/tls"
_ "github.com/go-gost/x/dialer/udp"
_ "github.com/go-gost/x/dialer/unix"
_ "github.com/go-gost/x/dialer/utls"
_ "github.com/go-gost/x/dialer/ws"
// Register handlers
@ -56,6 +59,7 @@ import (
_ "github.com/go-gost/x/handler/http"
_ "github.com/go-gost/x/handler/http2"
_ "github.com/go-gost/x/handler/http3"
_ "github.com/go-gost/x/handler/masque"
_ "github.com/go-gost/x/handler/metrics"
_ "github.com/go-gost/x/handler/redirect/tcp"
_ "github.com/go-gost/x/handler/redirect/udp"
@ -97,7 +101,9 @@ import (
_ "github.com/go-gost/x/listener/redirect/udp"
_ "github.com/go-gost/x/listener/rtcp"
_ "github.com/go-gost/x/listener/rudp"
_ "github.com/go-gost/x/listener/runix"
_ "github.com/go-gost/x/listener/serial"
_ "github.com/go-gost/x/listener/stdio"
_ "github.com/go-gost/x/listener/ssh"
_ "github.com/go-gost/x/listener/sshd"
_ "github.com/go-gost/x/listener/tap"

View File

@ -1,5 +1,5 @@
package main
var (
version = "3.2.4"
version = "3.3.0"
)

139
go.mod
View File

@ -1,44 +1,67 @@
module github.com/go-gost/gost
go 1.24
toolchain go1.24.5
go 1.26.3
require (
github.com/go-gost/core v0.3.2
github.com/go-gost/x v0.7.5
github.com/go-gost/core v0.5.3
github.com/go-gost/x v0.13.12
github.com/judwhite/go-svc v1.2.1
github.com/moby/moby/client v0.4.0
github.com/stretchr/testify v1.11.1
github.com/testcontainers/testcontainers-go v0.42.0
)
require (
dario.cat/mergo v1.0.2 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
github.com/alessio/shellescape v1.4.1 // indirect
github.com/andybalholm/brotli v1.0.6 // indirect
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bytedance/sonic v1.11.6 // indirect
github.com/bytedance/sonic/loader v0.1.1 // indirect
github.com/bytedance/gopkg v0.1.3 // indirect
github.com/bytedance/sonic v1.15.0 // indirect
github.com/bytedance/sonic/loader v0.5.0 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cloudwego/base64x v0.1.4 // indirect
github.com/cloudwego/iasm v0.2.0 // indirect
github.com/cloudwego/base64x v0.1.6 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/coreos/go-iptables v0.5.0 // indirect
github.com/cpuguy83/dockercfg v0.3.2 // indirect
github.com/danieljoos/wincred v1.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-connections v0.7.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dunglas/httpsfv v1.1.0 // indirect
github.com/ebitengine/purego v0.10.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/gabriel-vasile/mimetype v1.4.12 // indirect
github.com/gin-contrib/cors v1.7.2 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/gin-gonic/gin v1.10.1 // indirect
github.com/go-gost/gosocks4 v0.0.1 // indirect
github.com/go-gost/gosocks5 v0.4.2 // indirect
github.com/go-gost/plugin v0.2.0 // indirect
github.com/go-gost/relay v0.5.0 // indirect
github.com/go-gost/tls-dissector v0.1.1 // indirect
github.com/gin-contrib/sse v1.1.0 // indirect
github.com/gin-gonic/gin v1.12.0 // indirect
github.com/go-gost/go-shadowsocks2 v0.1.3 // indirect
github.com/go-gost/gosocks4 v0.1.0 // indirect
github.com/go-gost/gosocks5 v0.5.0 // indirect
github.com/go-gost/plugin v0.5.0 // indirect
github.com/go-gost/relay v0.6.2 // indirect
github.com/go-gost/tls-dissector v0.2.0 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.20.0 // indirect
github.com/go-playground/validator/v10 v10.30.1 // indirect
github.com/go-redis/redis/v8 v8.11.5 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/goccy/go-json v0.10.5 // indirect
github.com/goccy/go-yaml v1.19.2 // indirect
github.com/godbus/dbus/v5 v5.1.0 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.3 // indirect
@ -50,37 +73,54 @@ require (
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
github.com/klauspost/compress v1.19.0 // indirect
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
github.com/klauspost/reedsolomon v1.11.8 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
github.com/magiconair/properties v1.8.10 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/miekg/dns v1.1.61 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/go-archive v0.2.0 // indirect
github.com/moby/moby/api v1.54.1 // indirect
github.com/moby/patternmatcher v0.6.1 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/user v0.4.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.1 // indirect
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pion/dtls/v2 v2.2.6 // indirect
github.com/pion/logging v0.2.2 // indirect
github.com/pion/transport/v2 v2.0.2 // indirect
github.com/pion/udp/v2 v2.0.1 // indirect
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
github.com/pion/dtls/v3 v3.1.1 // indirect
github.com/pion/logging v0.2.4 // indirect
github.com/pion/transport/v4 v4.0.1 // indirect
github.com/pires/go-proxyproto v0.8.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_model v0.6.0 // indirect
github.com/prometheus/common v0.48.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/quic-go/qpack v0.5.1 // indirect
github.com/quic-go/quic-go v0.53.0 // indirect
github.com/quic-go/webtransport-go v0.9.0 // indirect
github.com/quic-go/qpack v0.6.0 // indirect
github.com/quic-go/quic-go v0.59.1 // indirect
github.com/quic-go/webtransport-go v0.10.0 // indirect
github.com/refraction-networking/utls v1.8.2 // indirect
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
github.com/rs/xid v1.3.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/shirou/gopsutil/v3 v3.24.5 // indirect
github.com/shirou/gopsutil/v4 v4.26.3 // indirect
github.com/shoenig/go-m1cpu v0.1.6 // indirect
github.com/sirupsen/logrus v1.9.4 // indirect
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
@ -91,8 +131,10 @@ require (
github.com/templexxx/cpu v0.1.1 // indirect
github.com/templexxx/xorsimd v0.4.3 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
github.com/tklauser/go-sysconf v0.3.16 // indirect
github.com/tklauser/numcpus v0.11.0 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect
github.com/ugorji/go/codec v1.3.1 // indirect
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 // indirect
github.com/vishvananda/netns v0.0.4 // indirect
github.com/vulcand/predicate v1.2.0 // indirect
@ -101,25 +143,32 @@ require (
github.com/xtaci/smux v1.5.31 // indirect
github.com/xtaci/tcpraw v1.2.25 // indirect
github.com/yl2chen/cidranger v1.0.2 // indirect
github.com/yusufpapurcu/wmi v1.2.4 // indirect
github.com/zalando/go-keyring v0.2.4 // indirect
go.uber.org/mock v0.5.0 // indirect
github.com/zeebo/blake3 v0.2.4 // indirect
go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
go.opentelemetry.io/otel v1.41.0 // indirect
go.opentelemetry.io/otel/metric v1.41.0 // indirect
go.opentelemetry.io/otel/trace v1.41.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/arch v0.8.0 // indirect
golang.org/x/crypto v0.40.0 // indirect
golang.org/x/arch v0.22.0 // indirect
golang.org/x/crypto v0.53.0 // indirect
golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
golang.org/x/mod v0.25.0 // indirect
golang.org/x/net v0.42.0 // indirect
golang.org/x/sync v0.16.0 // indirect
golang.org/x/sys v0.34.0 // indirect
golang.org/x/term v0.33.0 // indirect
golang.org/x/text v0.27.0 // indirect
golang.org/x/time v0.11.0 // indirect
golang.org/x/tools v0.34.0 // indirect
golang.org/x/mod v0.36.0 // indirect
golang.org/x/net v0.56.0 // indirect
golang.org/x/sync v0.21.0 // indirect
golang.org/x/sys v0.46.0 // indirect
golang.org/x/term v0.44.0 // indirect
golang.org/x/text v0.38.0 // indirect
golang.org/x/time v0.12.0 // indirect
golang.org/x/tools v0.45.0 // indirect
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.1 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
google.golang.org/grpc v1.79.3 // indirect
google.golang.org/protobuf v1.36.11 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect

349
go.sum
View File

@ -1,28 +1,52 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/coreos/go-iptables v0.5.0 h1:mw6SAibtHKZcNzAsOxjoHIG0gy5YFHhypWSSNc6EjbQ=
github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -31,52 +55,79 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c=
github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/dunglas/httpsfv v1.1.0 h1:Jw76nAyKWKZKFrpMMcL76y35tOpYHqQPzHQiwDvpe54=
github.com/dunglas/httpsfv v1.1.0/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU=
github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
github.com/go-gost/core v0.3.2 h1:AjmIYWVa5fc172zIupT3e1pdnKx76LxppGiw00uRsSA=
github.com/go-gost/core v0.3.2/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A=
github.com/go-gost/gosocks4 v0.0.1 h1:+k1sec8HlELuQV7rWftIkmy8UijzUt2I6t+iMPlGB2s=
github.com/go-gost/gosocks4 v0.0.1/go.mod h1:3B6L47HbU/qugDg4JnoFPHgJXE43Inz8Bah1QaN9qCc=
github.com/go-gost/gosocks5 v0.4.2 h1:IianxHTkACPqCwiOAT3MHoMdSUl+SEPSRu1ikawC1Pc=
github.com/go-gost/gosocks5 v0.4.2/go.mod h1:1G6I7HP7VFVxveGkoK8mnprnJqSqJjdcASKsdUn4Pp4=
github.com/go-gost/plugin v0.2.0 h1:Xxqq3oJi6d2dZ/PqqEpefrUckT6aVz8JUxQ/sb7tmTM=
github.com/go-gost/plugin v0.2.0/go.mod h1:oN23l+yGDCIP9G3KnDl/I/0zVGOobZUDCB2Z5yYYXts=
github.com/go-gost/relay v0.5.0 h1:JG1tgy/KWiVXS0ukuVXvbM0kbYuJTWxYpJ5JwzsCf/c=
github.com/go-gost/relay v0.5.0/go.mod h1:lcX+23LCQ3khIeASBo+tJ/WbwXFO32/N5YN6ucuYTG8=
github.com/go-gost/tls-dissector v0.1.1 h1:2zUOTPzCQAUQ54Rpy0UEi3JPMQSYsIFSeFeKrzmkCoU=
github.com/go-gost/tls-dissector v0.1.1/go.mod h1:/9QfdewqmHdaE362Hv5nDaSWLx3pCmtD870d6GaquXs=
github.com/go-gost/x v0.7.5 h1:1ckEygk6FgeXw0Ryb1q/r5/QSpEgnqaWrD2SOTQi+3Q=
github.com/go-gost/x v0.7.5/go.mod h1:IayR3586oC6B9oEi0j1Q21lymu39qcXiMoQuLVwYeQ4=
github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
github.com/go-gost/core v0.5.3 h1:RZ/x9S2o3lDe9r9zriEpMJgxYt+1CYjrBMRs4X3bLk8=
github.com/go-gost/core v0.5.3/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A=
github.com/go-gost/go-shadowsocks2 v0.1.3 h1:6CUZLp+mTWXnKP2aK8/Z9ZP+ERMX9gSbywmPu4kGX/A=
github.com/go-gost/go-shadowsocks2 v0.1.3/go.mod h1:866zFNNI3He6Wef1M/IvAjTal74WhcfKfBgRpTlkKys=
github.com/go-gost/gosocks4 v0.1.0 h1:eAzev6qw4fzkFQKC9uCHLVNnnPdHyqCggbnfNN80Pmk=
github.com/go-gost/gosocks4 v0.1.0/go.mod h1:hzVjwijJuZR1pp3GqpTj+AKcSGrx68RlWTrQMFMYBP0=
github.com/go-gost/gosocks5 v0.5.0 h1:YE37l1MJwde8diIQdynStqogMotG5enoTdborhA5yic=
github.com/go-gost/gosocks5 v0.5.0/go.mod h1:1G6I7HP7VFVxveGkoK8mnprnJqSqJjdcASKsdUn4Pp4=
github.com/go-gost/plugin v0.5.0 h1:zK3Ezcv+z6bz6aUhaFZcZiJc42w44ohybzrj5tnWzcM=
github.com/go-gost/plugin v0.5.0/go.mod h1:oN23l+yGDCIP9G3KnDl/I/0zVGOobZUDCB2Z5yYYXts=
github.com/go-gost/relay v0.6.2 h1:0Rgm1TOZvrilAKj6zn+UMvAGWtS0H08e2wBX03Y6g+I=
github.com/go-gost/relay v0.6.2/go.mod h1:Dku0f5sfjOClrZFiDmQUrYYJ4uof7rnkCUBfsl0PSAI=
github.com/go-gost/tls-dissector v0.2.0 h1:9tE6WOzzpurATTBWn60DU4R8gibpGNY8/qVcc1SicVg=
github.com/go-gost/tls-dissector v0.2.0/go.mod h1:/9QfdewqmHdaE362Hv5nDaSWLx3pCmtD870d6GaquXs=
github.com/go-gost/x v0.13.9 h1:/pK8rOiueV239i0ntesDnU15UeYrq8vL6iVeGPJTzJo=
github.com/go-gost/x v0.13.9/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
github.com/go-gost/x v0.13.10 h1:RCd65A5KuB7ZLDw317tt9O//sjrlxijXXTO0jbpkfkY=
github.com/go-gost/x v0.13.10/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
github.com/go-gost/x v0.13.11 h1:508vT37VjgeGqQPBj+DG3yw0Z1TMLwKLl90wLeVknWI=
github.com/go-gost/x v0.13.11/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
github.com/go-gost/x v0.13.12 h1:VhL2BMyhtsMV1DEgQLOIuW26THU71PAT8nRJUmm1gmQ=
github.com/go-gost/x v0.13.12/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@ -90,6 +141,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
@ -98,8 +151,9 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
@ -119,20 +173,22 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/judwhite/go-svc v1.2.1 h1:a7fsJzYUa33sfDJRF2N/WXhA+LonCEEY8BJb1tuS5tA=
github.com/judwhite/go-svc v1.2.1/go.mod h1:mo/P2JNX8C07ywpP9YtO2gnBgnUiFTHqtsZekJrUuTk=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/klauspost/compress v1.19.0 h1:sXLILfc9jV2QYWkzFOPWStmcUVH2RHEB1JCdY2oVvCQ=
github.com/klauspost/compress v1.19.0/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
github.com/klauspost/reedsolomon v1.11.8 h1:s8RpUW5TK4hjr+djiOpbZJB4ksx+TdYbRH7vHQpwPOY=
github.com/klauspost/reedsolomon v1.11.8/go.mod h1:4bXRN+cVzMdml6ti7qLouuYi32KHJ5MGv0Qd8a47h6A=
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
@ -141,6 +197,24 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4=
github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs=
github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw=
github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g=
github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U=
github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -152,18 +226,20 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/pion/dtls/v2 v2.2.6 h1:yXMxKr0Skd+Ub6A8UqXTRLSywskx93ooMRHsQUtd+Z4=
github.com/pion/dtls/v2 v2.2.6/go.mod h1:t8fWJCIquY5rlQZwA2yWxUS1+OCrAdXrhVKXB5oD/wY=
github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
github.com/pion/transport/v2 v2.0.2 h1:St+8o+1PEzPT51O9bv+tH/KYYLMNR5Vwm5Z3Qkjsywg=
github.com/pion/transport/v2 v2.0.2/go.mod h1:vrz6bUbFr/cjdwbnxq8OdDDzHf7JJfGsIRkxfpZoTA0=
github.com/pion/udp/v2 v2.0.1 h1:xP0z6WNux1zWEjhC7onRA3EwwSliXqu1ElUZAQhUP54=
github.com/pion/udp/v2 v2.0.1/go.mod h1:B7uvTMP00lzWdyMr/1PVZXtV3wpPIxBRd4Wl6AksXn8=
github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
github.com/pion/dtls/v3 v3.1.1 h1:wSLMam9Kf7DL1A74hnqRvEb9OT+aXPAsQ5VS+BdXOJ0=
github.com/pion/dtls/v3 v3.1.1/go.mod h1:7FGvVYpHsUV6+aywaFpG7aE4Vz8nBOx74odPRFue6cI=
github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -171,6 +247,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@ -180,16 +258,18 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
github.com/quic-go/quic-go v0.53.0 h1:QHX46sISpG2S03dPeZBgVIZp8dGagIaiu2FiVYvpCZI=
github.com/quic-go/quic-go v0.53.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
github.com/quic-go/webtransport-go v0.9.0 h1:jgys+7/wm6JarGDrW+lD/r9BGqBAmqY/ssklE09bA70=
github.com/quic-go/webtransport-go v0.9.0/go.mod h1:4FUYIiUc75XSsF6HShcLeXXYZJ9AGwo/xh3L8M/P1ao=
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
github.com/quic-go/quic-go v0.59.1 h1:0Gmua0HW1Tv7ANR7hUYwRyD0MG5OJfgvYSZasGZzBic=
github.com/quic-go/quic-go v0.59.1/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
github.com/quic-go/webtransport-go v0.10.0 h1:LqXXPOXuETY5Xe8ITdGisBzTYmUOy5eSj+9n4hLTjHI=
github.com/quic-go/webtransport-go v0.10.0/go.mod h1:LeGIXr5BQKE3UsynwVBeQrU1TPrbh73MGoC6jd+V7ow=
github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
@ -198,9 +278,17 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740 h1:XdDrN8rtxdgW3TLn7pAuobI9PhPMbf6Geu9nvFzXn2E=
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740/go.mod h1:Oqfn/ykzqjeX00+7IuPyR7wGYgOzld0Tni6djgElacI=
github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
github.com/shirou/gopsutil/v4 v4.26.3 h1:2ESdQt90yU3oXF/CdOlRCJxrP+Am1aBYubTMTfxJ1qc=
github.com/shirou/gopsutil/v4 v4.26.3/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ=
github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8=
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
@ -216,8 +304,9 @@ github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -225,22 +314,28 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY=
github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30=
github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 h1:8mhqcHPqTMhSPoslhGYihEgSfc77+7La1P6kiB6+9So=
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
@ -260,25 +355,45 @@ github.com/xtaci/tcpraw v1.2.25 h1:VDlqo0op17JeXBM6e2G9ocCNLOJcw9mZbobMbJjo0vk=
github.com/xtaci/tcpraw v1.2.25/go.mod h1:dKyZ2V75s0cZ7cbgJYdxPvms7af0joIeOyx1GgJQbLk=
github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
github.com/zalando/go-keyring v0.2.4 h1:wi2xxTqdiwMKbM6TWwi+uJCG/Tum2UV0jqaQhCa9/68=
github.com/zalando/go-keyring v0.2.4/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk=
go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c=
go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE=
go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ=
go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps=
go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0=
go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis=
go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
@ -287,9 +402,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -298,90 +412,73 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -395,9 +492,11 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
gvisor.dev/gvisor v0.0.0-20250523182742-eede7a881b20 h1:0DxLu8hxI1OGp1qVRPqNd+2k1a7hMNUNqbZG0IrtKlM=
gvisor.dev/gvisor v0.0.0-20250523182742-eede7a881b20/go.mod h1:3r5CMtNQMKIvBlrmM9xWUNamjKBYPOWyXOjmg5Kts3g=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=

View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Check Root User
@ -42,7 +42,7 @@ install_gost() {
armv7*)
cpu_arch="armv7"
;;
aarch64)
aarch64|arm64)
cpu_arch="arm64"
;;
i686)
@ -66,23 +66,22 @@ install_gost() {
;;
esac
get_download_url="$base_url/tags/$version"
download_url=$(curl -s "$get_download_url" | grep -Eo "\"browser_download_url\": \".*${os}.*${cpu_arch}.*\"" | awk -F'["]' '{print $4}')
download_url=$(curl -s "$get_download_url" | awk -F'"' -v re=".*${os}.*${cpu_arch}.*" '/"browser_download_url":/ && $4 ~ re { print $4 }' | head -n 1)
# Download the binary
echo "Downloading gost version $version..."
curl -fsSL -o gost.tar.gz $download_url
# Download and install the binary
install_path="/usr/local/bin"
echo "Downloading and installing gost version $version..."
curl -fsSL "$download_url" | tar -xzC "$install_path" gost
chmod +x "$install_path/gost"
# Extract and install the binary
echo "Installing gost..."
tar -xzf gost.tar.gz
chmod +x gost
mv gost /usr/local/bin/gost
# Remove binary from macOS quarantine when installing for first time
[[ "$os" == "darwin" ]] && { xattr -d com.apple.quarantine "$install_path/gost" 2>&-; }
echo "gost installation completed!"
}
# Retrieve available versions from GitHub API
versions=$(curl -s "$base_url" | grep -oP 'tag_name": "\K[^"]+')
versions=$(curl -s "$base_url" | awk -F'"' '/"tag_name":/ {print $4}')
# Check if --install option provided
if [[ "$1" == "--install" ]]; then

View File

@ -0,0 +1,4 @@
FROM alpine:3.22
# add tools needed by e2e containers and health checks
RUN apk add --no-cache iptables curl netcat-openbsd python3

View File

@ -0,0 +1,276 @@
# 执行计划HTTP Handler E2E 测试 + utils.go 重构
## 背景
从 PLAN.md 的 Step 0 和 Step 1A 开始实施。HTTP proxy 是 gost 最基础的协议,目前 e2e 测试仅覆盖 shadowsocks 和 parallel selector。本计划先重构 utils.go 提取公共 helper然后用 helper 写 HTTP handler 测试套件,最后同步重构 shadowsocks_test.go。
## 变更文件清单
| 文件 | 操作 | 说明 |
|------|------|------|
| `tests/e2e/utils.go` | 修改 | 新增 `RunTCPCase` / `RunUDPCase` |
| `tests/e2e/http_test.go` | 新建 | HTTP proxy 测试套件 |
| `tests/e2e/testdata/http/server.yaml` | 新建 | 无 auth 的 HTTP proxy 服务器 |
| `tests/e2e/testdata/http/server_auth.yaml` | 新建 | 带 auth 的 HTTP proxy 服务器 |
| `tests/e2e/shadowsocks_test.go` | 修改 | 重构为使用 `RunTCPCase` / `RunUDPCase` |
---
## Step 1: 修改 `utils.go` — 提取 RunTCPCase / RunUDPCase
`shadowsocks_test.go``runTCPCase``runUDPCase` 提取为包级函数。关键差异:参数需要传入 echo container IP 和 echo container 本身(用于 dump logs
### RunTCPCase 签名与逻辑
```go
// RunTCPCase runs a full TCP proxy test case:
// start server → render client config → start client → curl assertion → cleanup.
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP string,
name, serverConfig, clientConfig string)
```
逻辑(从 shadowsocks_test.go:132-160 提取,一字不差):
1. 生成 serverAlias = `name + "-server"`
2. `RunGostContainerWithOptions(ctx, networkName, serverConfig, [serverAlias], ["8388/tcp"])`
3. `defer serverC.Terminate(ctx)`
4. `RenderConfig(clientConfig, {ServerAddr: serverAlias + ":8388"})`
5. `defer os.Remove(rendered)`
6. `RunGostContainerWithPorts(ctx, networkName, rendered, "8080/tcp")`
7. `defer clientC.Terminate(ctx)`
8. `clientC.Exec(ctx, ["curl", "-v", "-s", "-x", "http://127.0.0.1:8080", "http://<echoIP>:5678"])`
9. 断言 exitCode==0 且 body 包含 `"hello-gost"`,失败时 DumpLogs
**问题:端口硬编码**。shadowsocks 用 8388 作为服务端口,但其他协议可能用不同端口。需要参数化。
### 修正设计 — 参数化端口
```go
type TCPOptions struct {
ServerPort string // 容器内服务端口,默认 "8388/tcp"
ClientPort string // 客户端代理端口,默认 "8080/tcp"
}
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP string,
name, serverConfig, clientConfig string, opts ...TCPOptions)
```
`opts` 为空时使用默认值 `{ServerPort: "8388/tcp", ClientPort: "8080/tcp"}`。这样 shadowsocks 测试无需任何改动,而 HTTP 测试可传 `TCPOptions{ServerPort: "8080/tcp", ClientPort: "8080/tcp"}`
等一下 — 仔细看 shadowsocks 的 server 容器暴露的是 `8388/tcp`HTTP proxy 场景下只有一个 gost 容器(不做 server→client 链路),直接暴露 proxy 端口。
**重新思考HTTP proxy 不需要 server+client 两容器模式。**
HTTP proxy 测试是最简单的模式 — 只需一个 gost 容器运行 HTTP proxy然后容器内 curl 通过它访问 echo server。这和 parallel_selector_test.go 的模式一致。但为了统一框架和后续协议SOCKS5、relay 等都需要 server+client 模式),我们应该:
- HTTP 的"无 auth"用例:**单容器模式**(同 parallel_selector
- HTTP 的"带 auth"用例:**也可以单容器**,只需在 curl 加 `--proxy-user`
所以 HTTP proxy 不需要 server/client 分离,但 RunTCPCase helper 仍然服务于 SOCKS5/relay 等需要链路的协议。
### 最终 RunTCPCase 设计
```go
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP, name string,
serverConfig, clientConfig string, serverPort, clientPort string)
```
- `serverPort`: 服务端容器暴露端口,如 `"8388/tcp"`
- `clientPort`: 客户端容器暴露端口,如 `"8080/tcp"`
- 渲染模板时用 `ServerAddr: serverAlias + ":" + strings.TrimSuffix(serverPort, "/tcp")`
### RunUDPCase 设计
```go
func RunUDPCase(t *testing.T, ctx context.Context, networkName, name string,
serverConfig, clientConfig string, serverPort, clientPort string)
```
逻辑从 shadowsocks_test.go:76-126 提取。
---
## Step 2: 新建 `testdata/http/` 配置文件
### `testdata/http/server.yaml` — 无 auth 的 HTTP proxy
```yaml
services:
- name: http-proxy
addr: :8080
handler:
type: http
listener:
type: tcp
```
单容器即可测试gost 启动后在 :8080 提供 HTTP proxy 服务。
### `testdata/http/server_auth.yaml` — 带 auth 的 HTTP proxy
```yaml
services:
- name: http-proxy-auth
addr: :8080
handler:
type: http
auther: auther-0
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass
```
---
## Step 3: 新建 `http_test.go`
### 套件结构
```go
type HTTPSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
}
func (s *HTTPSuite) SetupSuite() // 启动 TCP echo
func (s *HTTPSuite) TearDownSuite() // 关闭 echo
func (s *HTTPSuite) TestHTTPProxy() // 无 auth
func (s *HTTPSuite) TestHTTPProxyAuth() // 带 auth
func TestHTTPSuite(t *testing.T) {
suite.Run(t, new(HTTPSuite))
}
```
### TestHTTPProxy — 单容器模式(同 parallel_selector
```go
func (s *HTTPSuite) TestHTTPProxy() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-proxy logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
```
### TestHTTPProxyAuth — 带 auth 验证
```go
func (s *HTTPSuite) TestHTTPProxyAuth() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_auth.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// 测试1无 auth 应失败407
s.T().Run("no-auth-should-fail", func(t *testing.T) {
cmd := []string{"curl", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
// curl exit code 非 0 或 HTTP status 是 407
// 注意gost HTTP proxy 在无 auth 时返回 407curl 不会自动重试
// 所以这里验证返回码是 407 或 curl 返回非零
httpStatus := strings.TrimSpace(string(body))
s.Assert().True(code != 0 || httpStatus == "407",
"expected auth failure, got status: %s, exit code: %d", httpStatus, code)
})
// 测试2正确 auth 应成功
s.T().Run("with-auth-should-succeed", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-x",
"http://user:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-proxy-auth logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
}
```
### 注意事项
- HTTP proxy 是**单容器模式**,不需要 server/client 分离(不像 shadowsocks 需要解密/加密链路)
- auth 测试分两步:先验证无 auth 被拒407再验证正确 auth 成功
- curl 使用 `http://user:pass@host:port` 格式传递 proxy auth
---
## Step 4: 重构 `shadowsocks_test.go`
`runTCPCase``runUDPCase` 方法替换为调用 `utils.go` 中的 `RunTCPCase` / `RunUDPCase`
**Before**:
```go
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
s.runTCPCase("aes256gcm", "testdata/shadowsocks/tcp_server_aes256gcm.yaml", "testdata/shadowsocks/tcp_client_aes256gcm.yaml")
s.runTCPCase("chacha20", "testdata/shadowsocks/tcp_server_chacha20.yaml", "testdata/shadowsocks/tcp_client_chacha20.yaml")
}
```
**After**:
```go
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "aes256gcm",
"testdata/shadowsocks/tcp_server_aes256gcm.yaml",
"testdata/shadowsocks/tcp_client_aes256gcm.yaml",
"8388/tcp", "8080/tcp")
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "chacha20",
"testdata/shadowsocks/tcp_server_chacha20.yaml",
"testdata/shadowsocks/tcp_client_chacha20.yaml",
"8388/tcp", "8080/tcp")
}
```
删除 `runTCPCase``runUDPCase` 方法。UDP 测试同理。
---
## 实施顺序
1. **`utils.go`** — 添加 `RunTCPCase` + `RunUDPCase`(不删除任何现有函数)
2. **`testdata/http/`** — 创建 `server.yaml` + `server_auth.yaml`
3. **`http_test.go`** — 创建 HTTP 套件
4. **编译验证** — `cd gost && go build ./... && go vet ./tests/e2e/...`
5. **`shadowsocks_test.go`** — 重构为使用新 helper
6. **最终编译验证** — `go build ./... && go vet ./tests/e2e/...`
7. **运行测试** — `go test ./tests/e2e/ -v -run TestHTTPSuite -timeout 5m`
8. **回归测试** — `go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m`
---
## 验证
```bash
cd /config/workspace/go-gost/gost
go build ./...
go vet ./tests/e2e/...
go test ./tests/e2e/ -v -run TestHTTPSuite -timeout 5m
go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m
```

183
tests/e2e/PLAN.md 100644
View File

@ -0,0 +1,183 @@
# Plan: Expand E2E Test Suite
## Context
The e2e test framework (`tests/e2e/`) currently covers only **2 protocols** (Shadowsocks, parallel selector) out of **~30+ registered protocols** in gost. This plan systematically adds test coverage for all major protocols, following the existing Docker-based testcontainers pattern exactly.
**Key insight**: gost auto-generates self-signed TLS certs when none are provided (`x/config/parsing/tls.go` — `BuildDefaultTLSConfig`), and clients with default config skip cert verification. This means TLS-based protocols (ws→wss, h2c→h2, quic, etc.) can be tested **without mounting cert files**.
---
## Step 0: Refactor `utils.go` — Add Reusable Test Helpers
**File**: `tests/e2e/utils.go`
Extract the repeated patterns from `shadowsocks_test.go` into reusable helpers:
1. **`RunTCPCase(t, ctx, networkName, echoIP, name, serverConfig, clientConfig string)`** — Full lifecycle: start server → render client config → start client → curl assertion → cleanup. Extracts the logic from `ShadowsocksSuite.runTCPCase`.
2. **`RunUDPCase(t, ctx, networkName, name, serverConfig, clientConfig string)`** — Same for UDP: start server → render client → start client → dial UDP → retry loop → assertion → cleanup. Extracts from `runUDPCase`.
These eliminate ~40 lines of boilerplate per suite. Each suite's test methods become one-liners:
```go
func (s *SOCKS5Suite) TestSOCKS5TCP() {
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "socks5-tcp",
"testdata/socks5/tcp_server.yaml", "testdata/socks5/tcp_client.yaml")
}
```
---
## Step 1: Tier 1 — Core Protocols (Plain TCP, No Special Infrastructure)
Each suite follows the exact pattern: suite struct → `SetupSuite` (echo containers) → `TearDownSuite` → test methods calling `RunTCPCase`/`RunUDPCase` → `suite.Run()` entry point.
### 1A. HTTP Proxy Suite
- **Files**: `http_test.go`, `testdata/http/` (2 configs)
- **Configs**: `server.yaml` (handler `http`, listener `tcp`), `server_auth.yaml` (+ basic auth)
- **Tests**: `TestHTTPProxy`, `TestHTTPProxyAuth` (curl with `--proxy-user`)
- **Note**: Simplest test — single gost container acts as HTTP proxy
### 1B. SOCKS5 Suite
- **Files**: `socks5_test.go`, `testdata/socks5/` (4 configs)
- **Configs**: `tcp_server.yaml` (handler `socks5`), `tcp_client.yaml` (connector `socks5`, dialer `tcp`), + auth variants
- **Tests**: `TestSOCKS5TCP`, `TestSOCKS5TCPAuth`
### 1C. SOCKS4 Suite
- **Files**: `socks4_test.go`, `testdata/socks4/` (4 configs)
- **Configs**: `tcp_server.yaml` (handler `socks4`), `tcp_client.yaml` (connector `socks4`), + socks4a variants
- **Tests**: `TestSOCKS4TCP`, `TestSOCKS4aTCP`
### 1D. HTTP2 Cleartext Suite
- **Files**: `http2_test.go`, `testdata/http2/` (2 configs)
- **Configs**: `tcp_server.yaml` (handler `http2`, listener `http2`), `tcp_client.yaml` (connector `http2`, dialer `http2`)
- **Tests**: `TestHTTP2TCP`
### 1E. Relay Suite
- **Files**: `relay_test.go`, `testdata/relay/` (4 configs)
- **Configs**: `tcp_server.yaml` (handler `relay`, listener `tcp`), `tcp_client.yaml` (connector `relay`, dialer `tcp`), + auth variants
- **Tests**: `TestRelayTCP`, `TestRelayTCPAuth`
---
## Step 2: Tier 2 — TLS/Transport Protocols
Same pattern but using TLS listeners/dialers. No explicit cert files needed — gost auto-generates them.
### 2A. TLS Suite
- **Files**: `tls_test.go`, `testdata/tls/` (4 configs)
- **Tests**: `TestTLSHTTPProxy` (handler `http` + listener `tls`), `TestTLSSOCKS5` (handler `socks5` + listener `tls`)
### 2B. WebSocket Suite
- **Files**: `ws_test.go`, `testdata/ws/` (4 configs)
- **Tests**: `TestWSSOCKS5` (dialer `ws`), `TestWSSSOCKS5` (dialer `wss`)
### 2C. gRPC Suite
- **Files**: `grpc_test.go`, `testdata/grpc/` (2 configs)
- **Tests**: `TestGRPCSOCKS5` (listener `grpc`, metadata `insecure: true`)
### 2D. HTTP/2 TLS (h2) Suite
- **Files**: `h2_test.go`, `testdata/h2/` (2 configs)
- **Tests**: `TestH2HTTP2Proxy` (listener `h2`, dialer `h2`)
### 2E. QUIC Suite
- **Files**: `quic_test.go`, `testdata/quic/` (2 configs)
- **Tests**: `TestQUICHTTP` (listener `quic`, handler `http` — uses UDP ports)
### 2F. KCP Suite
- **Files**: `kcp_test.go`, `testdata/kcp/` (2 configs)
- **Tests**: `TestKCPSOCKS5` (listener `kcp`, handler `socks5` — uses UDP)
### 2G. Multiplex Variants (mws/mwss/mtls/mtcp)
- **Files**: `mux_test.go`, `testdata/mux/` (6 configs)
- **Tests**: `TestMWSSOCKS5`, `TestMWSSSOCKS5`, `TestMtlSSOCKS5`, `TestMtcpSOCKS5`
### 2H. Obfuscation (ohttp/otls)
- **Files**: `obfs_test.go`, `testdata/obfs/` (4 configs)
- **Tests**: `TestOHTTP`, `TestOTLS`
### 2I. PHT (HTTP Pipe)
- **Files**: `pht_test.go`, `testdata/pht/` (4 configs)
- **Tests**: `TestPHT`, `TestPHTS`
---
## Step 3: Tier 3 — Special Infrastructure (Deferred)
These require Docker capabilities (`NET_ADMIN`, `NET_RAW`), SSH key generation, or iptables setup. Implemented after Tiers 1-2 are stable.
| Protocol | Challenge | Approach |
|----------|-----------|----------|
| SSH/sshd | Host key generation | Generate SSH key at test time, mount into container |
| HTTP/3/WebTransport | QUIC+UDP, TLS | Uses UDP like QUIC suite; auto certs work |
| TUN/TAP | `CAP_NET_ADMIN`, `/dev/net/tun` | Privileged container + routing setup |
| Tungo/MASQUE | Same as TUN | Same approach |
| ICMP | `CAP_NET_RAW`, raw sockets | Privileged container |
| Redirect (red/redu) | iptables rules | Privileged + iptables setup in container |
| DTLS | UDP + TLS | Auto certs; UDP port mapping |
---
## Files to Create/Modify
### New files (per suite):
- `tests/e2e/<protocol>_test.go` — Suite struct + test methods
- `tests/e2e/testdata/<protocol>/` — Server + client YAML configs
### Modified files:
- `tests/e2e/utils.go` — Add `RunTCPCase`, `RunUDPCase` helpers
- `tests/e2e/shadowsocks_test.go` — Refactor to use new helpers (optional, reduces duplication)
- `tests/e2e/README.md` — Document new suites
### Reference files (read-only):
- `tests/e2e/shadowsocks_test.go` — Pattern template for all suites
- `tests/e2e/testdata/shadowsocks/tcp_server_aes256gcm.yaml` — Server config template
- `tests/e2e/testdata/shadowsocks/tcp_client_aes256gcm.yaml` — Client config template
---
## Config Pattern Reference
**Server** (all protocols):
```yaml
services:
- name: <proto>-server
addr: :<port>
handler:
type: <handler-type>
listener:
type: <listener-type>
```
**Client** (all protocols):
```yaml
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: <proto>-chain
listener:
type: tcp
chains:
- name: <proto>-chain
hops:
- name: <proto>-hop
nodes:
- name: <proto>-node
addr: {{.ServerAddr}}
connector:
type: <connector-type>
dialer:
type: <dialer-type>
```
---
## Verification
After each suite is implemented:
1. `cd gost && go build ./...` — Ensure compilation
2. `go vet ./tests/e2e/` — Static analysis
3. `go test ./tests/e2e/ -v -run TestXxxSuite -timeout 5m` — Run individual suite
4. `go test ./tests/e2e/ -v -timeout 10m` — Run all suites together

View File

@ -0,0 +1,53 @@
# End-to-End Tests
Integration tests that spin up real gost instances inside Docker containers and verify protocol behavior over the network.
## Prerequisites
- [Docker](https://docs.docker.com/get-docker/) (running daemon)
- Go toolchain (for compiling the gost binary under test)
## Running
From the repository root:
```bash
# Run all e2e tests
go test ./tests/e2e/ -v -timeout 10m
# Run a specific test suite
go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m
go test ./tests/e2e/ -v -run TestParallelSelectorSuite -timeout 5m
# Use a pre-built gost binary (skips compilation)
go test ./tests/e2e/ -v -gost-bin /path/to/gost
```
## Architecture
```
tests/e2e/
├── Dockerfile # Shared base image (Alpine + curl, python3, etc.)
├── main_test.go # TestMain: compiles gost, creates Docker network
├── utils.go # Helpers: container lifecycle, config rendering
├── scripts/
│ ├── tcp_echo.py # HTTP echo server (responds with "hello-gost")
│ └── udp_echo.py # UDP echo server (reflects payloads)
├── testdata/ # config files or data files for running cases
├── shadowsocks_test.go # Shadowsocks protocol tests
└── parallel_selector_test.go # Parallel node selector tests
```
### How it works
1. **TestMain** (`main_test.go`) compiles the gost binary from `../../cmd/gost` (unless `-gost-bin` is provided) and creates a shared Docker network for all containers.
2. Each test suite starts echo server containers (TCP/UDP), then launches separate gost containers for server and client roles.
3. Client configs use Go template syntax (`{{.ServerAddr}}`) so the server address is injected at runtime.
4. Tests verify end-to-end connectivity by sending traffic through the gost proxy chain and checking that the echo server responds correctly.
## Tips
- Increase `-timeout` for CI or slow networks. Container image builds on first run take extra time.
- Use `-gost-bin` to avoid recompiling when iterating on tests locally.
- Add `-v` to see container log output on failure.
- RunGostContainer will wait for exposedPorts automatically, but it's not reliable for udp ports. So, you should check the readiness of udp ports inside cases.

View File

@ -0,0 +1,360 @@
package e2e
import (
"context"
"encoding/base64"
"fmt"
"io"
"strings"
"testing"
"time"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type DNSSuite struct {
suite.Suite
ctx context.Context
}
func (s *DNSSuite) SetupSuite() {
s.ctx = context.Background()
}
// dnsQuery sends a DNS query via the Python client and retries on failure.
// expected can be an IP string, "empty" (expect zero answer records), or "" (no check).
func (s *DNSSuite) dnsQuery(gostC testcontainers.Container, mode, host, port, qname, qtype, expected string) {
args := []string{"python3", "/scripts/dns_query.py", mode, host, port, qname, qtype}
if expected != "" {
args = append(args, expected)
}
for i := range 5 {
code, out, err := gostC.Exec(s.ctx, args)
if err != nil {
s.T().Logf("query attempt %d exec error: %v", i+1, err)
time.Sleep(time.Second)
continue
}
body, err := io.ReadAll(out)
if err != nil {
s.T().Logf("query attempt %d read error: %v", i+1, err)
time.Sleep(time.Second)
continue
}
output := string(body)
s.T().Logf("query attempt %d: %s", i+1, strings.TrimSpace(output))
if code == 0 {
return
}
time.Sleep(time.Second)
}
s.T().Fatalf("DNS query %s %s %s %s failed after 5 retries", mode, qname, qtype, host)
}
// dnsQueryOnce sends a single DNS query with no retries. Returns exit code and output.
func (s *DNSSuite) dnsQueryOnce(gostC testcontainers.Container, mode, host, port, qname, qtype string) (int, string) {
args := []string{"python3", "/scripts/dns_query.py", mode, host, port, qname, qtype}
code, out, err := gostC.Exec(s.ctx, args)
if err != nil {
return 1, fmt.Sprintf("exec error: %v", err)
}
body, _ := io.ReadAll(out)
return code, string(body)
}
// dnsQueryWithDelay calls dnsQuery with a small wait before the first attempt.
func (s *DNSSuite) dnsQueryWithDelay(gostC testcontainers.Container, mode, host, port, qname, qtype, expected string) {
time.Sleep(500 * time.Millisecond)
s.dnsQuery(gostC, mode, host, port, qname, qtype, expected)
}
// sendRaw sends raw data via base64+nc and returns the response.
func (s *DNSSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
encoded := base64.StdEncoding.EncodeToString([]byte(data))
cmd := []string{"sh", "-c",
fmt.Sprintf("echo %s | base64 -d | nc -w 3 -u %s %s", encoded, host, port)}
_, out, _ := gostC.Exec(s.ctx, cmd)
b, _ := io.ReadAll(out)
return string(b)
}
// startDNSResponder starts the UDP DNS responder and returns the container.
func (s *DNSSuite) startDNSResponder() testcontainers.Container {
dnsC, err := RunDNSResponderContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
return dnsC
}
// startGostWithQueryScript starts a gost container with dns_query.py mounted.
func (s *DNSSuite) startGostWithQueryScript(yamlPath, exposedPort string) testcontainers.Container {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
yamlPath,
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
},
exposedPort)
s.Require().NoError(err)
return gostC
}
// ---------------------------------------------------------------------------
// Upstream resolution
// ---------------------------------------------------------------------------
func (s *DNSSuite) TestDNSUpstream() {
dnsC := s.startDNSResponder()
defer dnsC.Terminate(s.ctx)
gostC := s.startGostWithQueryScript("testdata/dns/server_upstream.yaml", "1053/udp")
defer gostC.Terminate(s.ctx)
s.T().Run("a-record", func(t *testing.T) {
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1")
})
s.T().Run("aaaa-record", func(t *testing.T) {
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053", "example.com", "AAAA", "::1")
})
s.T().Run("second-a-record", func(t *testing.T) {
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053", "test2.example.com", "A", "10.0.0.2")
})
}
// ---------------------------------------------------------------------------
// TCP mode
// ---------------------------------------------------------------------------
func (s *DNSSuite) TestDNSTCP() {
s.T().Log("start TCP DNS responder container...")
dnsC, err := RunTCPDNSResponderContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
defer dnsC.Terminate(s.ctx)
gostC := s.startGostWithQueryScript("testdata/dns/server_tcp.yaml", "1053/tcp")
defer gostC.Terminate(s.ctx)
s.dnsQueryWithDelay(gostC, "tcp", "127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1")
s.dnsQuery(gostC, "tcp", "127.0.0.1", "1053", "test2.example.com", "A", "10.0.0.2")
}
// ---------------------------------------------------------------------------
// Bypass rules
// ---------------------------------------------------------------------------
func (s *DNSSuite) TestDNSBypass() {
dnsC := s.startDNSResponder()
defer dnsC.Terminate(s.ctx)
gostC := s.startGostWithQueryScript("testdata/dns/server_bypass.yaml", "1053/udp")
defer gostC.Terminate(s.ctx)
s.T().Run("blocked-domain-empty-answer", func(t *testing.T) {
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
"test.example.com", "A", "empty")
})
s.T().Run("non-blocked-domain", func(t *testing.T) {
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053",
"test2.example.com", "A", "10.0.0.2")
})
}
// ---------------------------------------------------------------------------
// Host mapper
// ---------------------------------------------------------------------------
// TestDNSHostMapper verifies DNS resolution via the host mapper before
// reaching the upstream exchanger.
//
// Config: server_hosts.yaml maps mapped.example.com → 10.0.0.100 and
// points the handler at an unreachable upstream (udp://127.0.0.1:1).
// The handler checks the host mapper before the exchange path, so
// mapped names resolve without needing any upstream DNS. Unmapped
// names must fall through to the exchanger, which fails — confirming
// the host-mapper path was the only reason mapped names worked.
func (s *DNSSuite) TestDNSHostMapper() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/dns/server_hosts.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
},
"1053/udp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("mapped-a-record", func(t *testing.T) {
// mapped.example.com → host mapper returns 10.0.0.100
// without contacting any upstream.
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
"mapped.example.com", "A", "10.0.0.100")
})
s.T().Run("unmapped-domain", func(t *testing.T) {
// test.example.com is not in the hosts mapping. The handler
// will fall through to the exchanger path, which fails because
// no upstream is configured. Query should return empty/NXDOMAIN.
code, output := s.dnsQueryOnce(gostC, "udp", "127.0.0.1", "1053",
"test.example.com", "A")
s.T().Logf("unmapped query: code=%d, %s", code, strings.TrimSpace(output))
// Non-zero exit indicates no valid response — expected since
// there's no working upstream.
s.Assert().NotEqual(0, code,
"unmapped domain should fail with no upstream")
})
}
// ---------------------------------------------------------------------------
// Exchange failure (unreachable upstream)
// ---------------------------------------------------------------------------
// TestDNSExchangeFailure verifies graceful handling when the upstream DNS
// exchanger is unreachable.
//
// Config: server_exchange_failure.yaml points to udp://127.0.0.1:1 which
// is unreachable. The handler must not crash or leak goroutines when the
// upstream exchange fails.
func (s *DNSSuite) TestDNSExchangeFailure() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/dns/server_exchange_failure.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
},
"1053/udp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("unreachable-upstream", func(t *testing.T) {
// Send query once — the exchange will fail (timeout / ICMP
// unreachable). No response is expected.
code, output := s.dnsQueryOnce(gostC, "udp", "127.0.0.1", "1053",
"test.example.com", "A")
s.T().Logf("exchange failure result: code=%d, %s",
code, strings.TrimSpace(output))
// Non-zero exit is expected since the exchange fails.
s.Assert().NotEqual(0, code,
"exchange failure should return non-zero exit")
})
s.T().Run("container-alive-after-failure", func(t *testing.T) {
// Verify the gost container is still running after the
// failed exchange — proves no crash or hang.
aliveCode, _, aliveErr := gostC.Exec(s.ctx, []string{"true"})
s.Require().NoError(aliveErr,
"container exec should succeed after exchange failure")
s.Require().Equal(0, aliveCode,
"gost container should be alive after exchange failure")
})
}
// ---------------------------------------------------------------------------
// Rate limiter
// ---------------------------------------------------------------------------
// TestDNSRateLimiter verifies that rate limiting configuration is accepted
// and the handler processes queries through the rate limiter path without
// crashing. Uses a generous global limit (1000/s) so queries pass.
func (s *DNSSuite) TestDNSRateLimiter() {
dnsC := s.startDNSResponder()
defer dnsC.Terminate(s.ctx)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/dns/server_rlimiter.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
},
"1053/udp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("query-with-limiter", func(t *testing.T) {
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
"test.example.com", "A", "10.0.0.1")
})
s.T().Run("second-query-with-limiter", func(t *testing.T) {
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053",
"test2.example.com", "A", "10.0.0.2")
})
}
// ---------------------------------------------------------------------------
// Invalid query
// ---------------------------------------------------------------------------
// TestDNSInvalidQuery verifies the DNS listener gracefully handles malformed
// DNS messages. Sends garbage bytes and checks the gost container is
// unaffected (no crash, no hang).
func (s *DNSSuite) TestDNSInvalidQuery() {
gostC := s.startGostWithQueryScript("testdata/dns/server_upstream.yaml", "1053/udp")
defer gostC.Terminate(s.ctx)
s.T().Run("send-garbage-bytes", func(t *testing.T) {
// Send 5 bytes of garbage via UDP. The miekg/dns server
// will fail to parse them and discard the packet.
s.sendRaw(gostC, "127.0.0.1", "1053", "garbage!")
})
s.T().Run("container-alive-after-garbage", func(t *testing.T) {
// Verify the gost container is still alive after receiving
// invalid data.
aliveCode, _, aliveErr := gostC.Exec(s.ctx, []string{"true"})
s.Require().NoError(aliveErr,
"container exec should succeed after invalid query")
s.Require().Equal(0, aliveCode,
"gost container should be alive after invalid query")
})
}
// ---------------------------------------------------------------------------
// DNS over TLS
// ---------------------------------------------------------------------------
// TestDNSTLS verifies the DNS listener in TLS mode (DNS over TLS).
// Starts the UDP DNS responder (unencrypted), a gost DNS server with
// listener mode: tls, and queries through the TLS endpoint.
func (s *DNSSuite) TestDNSTLS() {
dnsC := s.startDNSResponder()
defer dnsC.Terminate(s.ctx)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/dns/server_tls.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/dns_tls_query.py", ContainerFilePath: "/scripts/dns_tls_query.py", FileMode: 0644},
},
"1053/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Query via TLS
args := []string{"python3", "/scripts/dns_tls_query.py",
"127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1"}
for i := range 5 {
code, out, err := gostC.Exec(s.ctx, args)
if err != nil {
s.T().Logf("tls query attempt %d exec error: %v", i+1, err)
time.Sleep(time.Second)
continue
}
body, err := io.ReadAll(out)
if err != nil {
s.T().Logf("tls query attempt %d read error: %v", i+1, err)
time.Sleep(time.Second)
continue
}
output := string(body)
s.T().Logf("tls query attempt %d: %s", i+1, strings.TrimSpace(output))
if code == 0 {
return
}
time.Sleep(time.Second)
}
s.T().Fatal("TLS query failed after 5 retries")
}
func TestDNSSuite(t *testing.T) {
suite.Run(t, new(DNSSuite))
}

View File

@ -0,0 +1,194 @@
package e2e
import (
"context"
"io"
"strings"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type FileSuite struct {
suite.Suite
ctx context.Context
}
func (s *FileSuite) SetupSuite() {
s.ctx = context.Background()
}
func (s *FileSuite) TearDownSuite() {}
// TestFileGetExisting verifies that GET on an existing file returns
// the file content with HTTP 200. Covers the basic file serving path:
// file handler → http.FileServer → file read.
func (s *FileSuite) TestFileGetExisting() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8080/hello.txt"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost-file") {
DumpLogs(s.T(), s.ctx, "file-server logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost-file")
}
// TestFileGetNotFound verifies that GET on a nonexistent file returns
// 404 Not Found.
func (s *FileSuite) TestFileGetNotFound() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"http://127.0.0.1:8080/nonexistent.txt"}
_, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, _ := io.ReadAll(out)
s.Assert().Contains(string(body), "404")
}
// TestFileGetIndexHtml verifies that GET / serves index.html when
// present in the served directory. Covers the default index document
// behavior of http.FileServer.
func (s *FileSuite) TestFileGetIndexHtml() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/index.html", ContainerFilePath: "/srv/files/index.html", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8080/"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "gost file index") {
DumpLogs(s.T(), s.ctx, "file-server index logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "gost file index")
}
// TestFilePutUpload verifies that PUT uploads a file when file.put is
// enabled. Uploads a file and then reads it back via GET to confirm
// the content was persisted.
func (s *FileSuite) TestFilePutUpload() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server_put.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/.empty", ContainerFilePath: "/srv/files/.empty", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Create source content inside the container.
_, _, err = gostC.Exec(s.ctx, []string{
"sh", "-c", "printf 'uploaded-content' > /tmp/upload_src.txt",
})
s.Require().NoError(err)
// Upload via PUT.
_, out, err := gostC.Exec(s.ctx, []string{
"curl", "-v", "-s", "-T", "/tmp/upload_src.txt",
"http://127.0.0.1:8080/uploaded.txt",
})
s.Require().NoError(err)
putBody, _ := io.ReadAll(out)
s.T().Logf("PUT response:\n%s", string(putBody))
// Read back the uploaded file via GET.
_, out2, err := gostC.Exec(s.ctx, []string{
"curl", "-v", "-s",
"http://127.0.0.1:8080/uploaded.txt",
})
s.Require().NoError(err)
body, _ := io.ReadAll(out2)
s.Assert().Contains(string(body), "uploaded-content")
}
// TestFilePutNoPermission verifies that PUT returns 405 Method Not
// Allowed when file.put is not enabled (default: false).
func (s *FileSuite) TestFilePutNoPermission() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/.empty", ContainerFilePath: "/srv/files/.empty", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"-T", "/dev/null", "http://127.0.0.1:8080/test.txt"}
_, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, _ := io.ReadAll(out)
s.Assert().Contains(string(body), "405")
}
// TestFileAuth verifies authentication on the file handler.
// Without credentials the handler returns 401 Unauthorized,
// with valid credentials it serves the file.
func (s *FileSuite) TestFileAuth() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/file/server_auth.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("no-auth-401", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"http://127.0.0.1:8080/hello.txt"}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
s.Assert().Contains(string(body), "401")
})
s.T().Run("with-auth-success", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-u", "user:pass",
"http://127.0.0.1:8080/hello.txt"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost-file") {
DumpLogs(s.T(), s.ctx, "file-server auth logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost-file")
})
}
func TestFileSuite(t *testing.T) {
suite.Run(t, new(FileSuite))
}

View File

@ -0,0 +1,291 @@
package e2e
import (
"context"
"encoding/base64"
"fmt"
"io"
"strings"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type ForwardSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
udpC testcontainers.Container
}
func (s *ForwardSuite) SetupSuite() {
s.ctx = context.Background()
s.T().Logf("start tcp echo container...")
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
s.T().Logf("start udp echo container...")
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.udpC = udpC
}
// sendRaw sends a raw HTTP request via netcat and returns the response.
// Uses base64 to avoid shell quoting issues with CRLF bytes.
func (s *ForwardSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
encoded := base64.StdEncoding.EncodeToString([]byte(data))
cmd := []string{"sh", "-c",
fmt.Sprintf("echo %s | base64 -d | nc -w 5 %s %s", encoded, host, port)}
_, out, _ := gostC.Exec(s.ctx, cmd)
b, _ := io.ReadAll(out)
return string(b)
}
func (s *ForwardSuite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
if s.udpC != nil {
s.udpC.Terminate(s.ctx)
}
}
// TestTCPForward verifies basic TCP forward handler (handler type: tcp).
// The forward handler pipes raw TCP connections to the configured forwarder
// node (tcp-echo:5678). curl connects directly to the handler port and sends
// an HTTP request, expecting the echo server's "hello-gost" response.
func (s *ForwardSuite) TestTCPForward() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl directly to the handler port (not via -x proxy flag).
// The TCP forward handler pipes our connection to tcp-echo:5678.
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "tcp-forward logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestForwardAlias verifies that the "forward" handler type (alias for "tcp")
// works identically to the "tcp" handler type.
func (s *ForwardSuite) TestForwardAlias() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "forward-alias logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestTCPForwardSniffing verifies TCP forward handler with sniffing enabled.
// When sniffing is enabled and the connection starts with HTTP data, the handler
// detects the protocol via sniffing.Sniff and delegates to the HTTP sniffer
// for protocol-aware forwarding. The result is the same as raw forwarding:
// "hello-gost" from the echo server.
func (s *ForwardSuite) TestTCPForwardSniffing() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server_sniffing.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl directly — sniffing detects HTTP and handles via sniffer.
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "tcp-forward-sniffing logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestTCPForwardRaw verifies raw TCP forwarding by sending an HTTP request
// via netcat through the forward handler. This tests the handleRawForwarding
// code path (no sniffing), proving that raw bytes are piped through correctly.
func (s *ForwardSuite) TestTCPForwardRaw() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Send raw HTTP request via nc (not curl) to exercise the raw pipe path.
resp := s.sendRaw(gostC, "127.0.0.1", "8000",
"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n")
s.Assert().Contains(resp, "hello-gost",
"raw request through TCP forward should reach echo server")
}
// TestTCPForwardIdleTimeout verifies that idleTimeout closes the pipe after
// a period of inactivity. The forward handler's xnet.Pipe uses idleTimeout
// as a read deadline on the upstream connection — if no data flows for
// that duration, the pipe closes both directions.
func (s *ForwardSuite) TestTCPForwardIdleTimeout() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/forward/server_idle_timeout.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/tcp_idle_timeout.py", ContainerFilePath: "/scripts/tcp_idle_timeout.py", FileMode: 0644},
},
"8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// The Python script:
// 1. Connects to gost TCP forward port
// 2. Sends HTTP GET → expects "hello-gost" confirm pipe is alive
// 3. Waits > idleTimeout (3s + 2s buffer)
// 4. Sends more data — expects connection to be closed
code, out, err := gostC.Exec(s.ctx, []string{
"python3", "/scripts/tcp_idle_timeout.py",
"127.0.0.1", "8000", "3",
})
output, _ := io.ReadAll(out)
s.T().Logf("idle timeout output:\n%s", string(output))
if code != 0 {
DumpLogs(s.T(), s.ctx, "tcp-idle-timeout logs", gostC)
}
s.Require().Equal(0, code, "idle timeout test script should exit 0")
}
// TestUDPForward verifies basic UDP forwarding (handler: udp, listener: udp).
// The handler uses handleRawDatagram via the stateful UDP listener's
// per-client session conns (which implement net.PacketConn).
// A Python script inside the gost container sends a UDP datagram through
// the forward handler and verifies the echo response from udp-echo:5679.
func (s *ForwardSuite) TestUDPForward() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/forward/server_udp.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/udp_forward_test.py", ContainerFilePath: "/scripts/udp_forward_test.py", FileMode: 0644},
},
"9000/udp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
code, out, err := gostC.Exec(s.ctx, []string{
"python3", "/scripts/udp_forward_test.py",
"127.0.0.1", "9000",
})
output, _ := io.ReadAll(out)
s.T().Logf("udp forward output:\n%s", string(output))
if code != 0 {
DumpLogs(s.T(), s.ctx, "udp-forward logs", gostC)
}
s.Require().Equal(0, code, "udp forward test script should exit 0")
}
// TestUDPForwardStateless verifies UDP forwarding with stateless mode.
// Both listener and handler use stateless: true, so each datagram is a
// single request-response cycle with no per-client session tracking.
func (s *ForwardSuite) TestUDPForwardStateless() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/forward/server_udp_stateless.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/udp_forward_test.py", ContainerFilePath: "/scripts/udp_forward_test.py", FileMode: 0644},
},
"9000/udp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
code, out, err := gostC.Exec(s.ctx, []string{
"python3", "/scripts/udp_forward_test.py",
"127.0.0.1", "9000",
})
output, _ := io.ReadAll(out)
s.T().Logf("udp forward stateless output:\n%s", string(output))
if code != 0 {
DumpLogs(s.T(), s.ctx, "udp-forward-stateless logs", gostC)
}
s.Require().Equal(0, code, "udp forward stateless test script should exit 0")
}
// TestTCPForwardSniffingBypass verifies that when sniffing is enabled and a
// bypass rule blocks the target, the HTTP sniffer returns 403 Forbidden.
// The forward handler delegates to the HTTP sniffer (via handleSniffedProtocol),
// and the sniffer's resolveHTTPNode checks h.options.Bypass and returns 403
// when the destination is matched.
func (s *ForwardSuite) TestTCPForwardSniffingBypass() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server_bypass_sniffing.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl connects directly; sniffing detects HTTP. The sniffer bypass
// check matches 0.0.0.0/0 and returns 403 Forbidden.
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
"http://127.0.0.1:8000/"}
_, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, _ := io.ReadAll(out)
output := string(body)
s.Assert().Contains(output, "403",
"bypass should return 403 Forbidden from sniffer")
}
// TestTCPForwardMultiNodeProtocol verifies that sniffing + protocol-filtered
// forwarder nodes correctly routes an HTTP request to the node with matching
// protocol (http), rather than the one with protocol: tls.
//
// Config has two nodes:
// - echo-http (protocol: http) → tcp-echo:5678 (works, returns "hello-gost")
// - echo-tls (protocol: tls) → tcp-echo:1 (closed port, would fail)
//
// With sniffing enabled, an HTTP request is detected as protocol "http",
// Select("http") filters to only the echo-http node. If protocol filtering
// fails and the tls node is selected instead, the connection to port 1
// fails and the test fails.
func (s *ForwardSuite) TestTCPForwardMultiNodeProtocol() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/forward/server_multi_node.yaml", "8000/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl sends an HTTP request → sniffed as "http" → Select("http")
// filters to echo-http (protocol: http) → pipes to tcp-echo:5678
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "tcp-forward-multi-node logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost",
"HTTP request should route to the http-protocol node via protocol filtering")
}
func TestForwardSuite(t *testing.T) {
suite.Run(t, new(ForwardSuite))
}

View File

@ -0,0 +1,216 @@
package e2e
import (
"context"
"fmt"
"io"
"os"
"strings"
"sync"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
// HTTP2Suite covers the HTTP/2 proxy handler (handler type: http2) together
// with the HTTP/2 listener (listener type: http2). The http2 listener wraps
// the underlying TCP listener with TLS and configures an h2 server, so the
// handler is always reached over HTTP/2 frames.
//
// Because Alpine's curl cannot be relied on to speak HTTP/2 proxy to the
// server directly, the suite uses the canonical GOST chaining pattern: a
// client container exposes a plain HTTP proxy which forwards through an
// http2 connector + http2 dialer to the http2 server. This exercises the
// h2 listener, the h2 handler, and the h2 connector/dialer together.
type HTTP2Suite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
}
func (s *HTTP2Suite) SetupSuite() {
s.ctx = context.Background()
s.T().Logf("start tcp echo container...")
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
}
func (s *HTTP2Suite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
}
// startChain brings up an http2 server (alias "h2-server") and an http client
// container that chains to it through connector/dialer type http2. The client
// exposes port 8080 for curl. The rendered client config is cleaned up by the
// caller-supplied template path resolving {{.ServerAddr}} to h2-server:8443.
func (s *HTTP2Suite) startChain(serverYAML, clientTmpl string) (testcontainers.Container, testcontainers.Container) {
s.T().Helper()
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
serverYAML, []string{"h2-server"}, []string{"8443/tcp"})
s.Require().NoError(err)
rendered, err := RenderConfig(clientTmpl, ConfigData{ServerAddr: "h2-server:8443"})
s.Require().NoError(err)
s.T().Cleanup(func() { os.Remove(rendered) })
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
return serverC, clientC
}
// curlEcho runs curl through the client's local http proxy and returns the
// process exit code plus the captured body.
func (s *HTTP2Suite) curlEcho(clientC testcontainers.Container) (int, string) {
s.T().Helper()
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, _ := clientC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
return code, string(body)
}
func (s *HTTP2Suite) dump(label string, cs ...testcontainers.Container) {
for _, c := range cs {
DumpLogs(s.T(), s.ctx, label, c)
}
}
// TestHTTP2ForwardProxy verifies the core HTTP/2 proxy path: a plain HTTP
// request through the client proxy is tunneled to the http2 server via an h2
// CONNECT stream and reaches the echo backend.
//
// Covers:
// - listener type: http2 (TLS + h2 server)
// - handler type: http2 (CONNECT tunnel + bidirectional pipe)
// - connector type: http2, dialer type: http2 (h2 client)
func (s *HTTP2Suite) TestHTTP2ForwardProxy() {
serverC, clientC := s.startChain("testdata/http2/server.yaml", "testdata/http2/client.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
code, body := s.curlEcho(clientC)
if code != 0 || !strings.Contains(body, "hello-gost") {
s.dump("http2-forward logs", clientC, serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(body, "hello-gost")
}
// TestHTTP2Auth verifies proxy authentication over the h2 tunnel, plus
// authBasicRealm and hash metadata parsing on the http2 handler.
//
// - with auth: CONNECT succeeds → echo body returned
// - without auth: server rejects CONNECT (407) → client cannot reach echo
func (s *HTTP2Suite) TestHTTP2Auth() {
s.T().Run("with-auth-success", func(t *testing.T) {
serverC, clientC := s.startChain("testdata/http2/server_auth.yaml", "testdata/http2/client_auth.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
code, body := s.curlEcho(clientC)
if code != 0 || !strings.Contains(body, "hello-gost") {
s.dump("http2-auth-success logs", clientC, serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(body, "hello-gost")
})
s.T().Run("no-auth-fails", func(t *testing.T) {
// Server requires auth; client sends none → the http2 CONNECT is
// rejected with 407, so curl cannot obtain the echo body.
serverC, clientC := s.startChain("testdata/http2/server_auth.yaml", "testdata/http2/client.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
code, body := s.curlEcho(clientC)
if strings.Contains(body, "hello-gost") {
s.dump("http2-auth-noauth logs", clientC, serverC)
}
s.Require().Zero(code,
"curl should still receive an HTTP response from the local proxy")
s.Require().NotContains(body, "hello-gost",
"without auth the echo backend must be unreachable")
})
}
// TestHTTP2Bypass verifies that a bypass matcher on the http2 handler blocks
// the CONNECT target after authentication succeeds. The server returns 403, so
// the client cannot reach the echo backend.
func (s *HTTP2Suite) TestHTTP2Bypass() {
serverC, clientC := s.startChain("testdata/http2/server_bypass.yaml", "testdata/http2/client_auth.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
code, body := s.curlEcho(clientC)
if strings.Contains(body, "hello-gost") {
s.dump("http2-bypass logs", clientC, serverC)
}
s.Require().Zero(code,
"curl should still receive an HTTP response from the local proxy")
s.Require().NotContains(body, "hello-gost",
"bypass should prevent reaching the echo backend")
}
// TestHTTP2ProbeResist verifies that probeResist, header and authBasicRealm
// metadata parse cleanly on the http2 handler and do not break the success
// path. With correct credentials the request still reaches the echo backend.
func (s *HTTP2Suite) TestHTTP2ProbeResist() {
serverC, clientC := s.startChain("testdata/http2/server_proberesist.yaml", "testdata/http2/client_auth.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
code, body := s.curlEcho(clientC)
if code != 0 || !strings.Contains(body, "hello-gost") {
s.dump("http2-proberesist logs", clientC, serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(body, "hello-gost")
}
// TestHTTP2Multiplex verifies HTTP/2 stream multiplexing: many concurrent
// requests through the client proxy are tunneled as parallel h2 streams over a
// single underlying connection to the http2 server. All requests must reach
// the echo backend.
func (s *HTTP2Suite) TestHTTP2Multiplex() {
serverC, clientC := s.startChain("testdata/http2/server.yaml", "testdata/http2/client.yaml")
defer serverC.Terminate(s.ctx)
defer clientC.Terminate(s.ctx)
const n = 6
var wg sync.WaitGroup
wg.Add(n)
failed := make(chan string, n)
for i := 0; i < n; i++ {
go func() {
defer wg.Done()
_, body := s.curlEcho(clientC)
if !strings.Contains(body, "hello-gost") {
failed <- "missing echo body"
}
}()
}
wg.Wait()
close(failed)
if len(failed) > 0 {
s.dump("http2-multiplex logs", clientC, serverC)
}
s.Require().Empty(failed, "all concurrent h2 requests should reach the echo backend")
}
func TestHTTP2Suite(t *testing.T) {
suite.Run(t, new(HTTP2Suite))
}

View File

@ -0,0 +1,605 @@
package e2e
import (
"context"
"encoding/base64"
"fmt"
"io"
"os"
"strings"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type HTTPSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
}
func (s *HTTPSuite) SetupSuite() {
s.ctx = context.Background()
s.T().Logf("start tcp echo container...")
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
}
// sendRaw sends a raw HTTP request via netcat and returns the response.
// Uses base64 to avoid shell quoting issues with CRLF bytes.
func (s *HTTPSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
encoded := base64.StdEncoding.EncodeToString([]byte(data))
cmd := []string{"sh", "-c",
fmt.Sprintf("echo %s | base64 -d | nc -w 5 %s %s", encoded, host, port)}
_, out, _ := gostC.Exec(s.ctx, cmd)
b, _ := io.ReadAll(out)
return string(b)
}
func (s *HTTPSuite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
}
// TestHTTPProxy verifies basic HTTP forward proxy (no auth, no metadata).
// Covers: handler type http, listener type tcp, basic GET via proxy.
func (s *HTTPSuite) TestHTTPProxy() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl -x uses HTTP forward proxy (GET with absolute URL)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-proxy logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestHTTPProxyAuth verifies proxy authentication and the authBasicRealm
// metadata parameter.
//
// Covers:
// - auther: basic auth on HTTP proxy
// - authBasicRealm: custom realm string in 407 Proxy-Authenticate header
func (s *HTTPSuite) TestHTTPProxyAuth() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_auth.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("no-auth-407", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
"-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
output := string(body)
s.Assert().Contains(output, "407",
"no auth should return 407")
s.Assert().Contains(output, "gost-e2e-realm",
"authBasicRealm should appear in 407 Proxy-Authenticate")
})
s.T().Run("wrong-auth-407", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"-x", "http://wrong:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
s.Assert().Contains(string(body), "407",
"wrong password should return 407")
})
s.T().Run("with-auth-success", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-x", "http://user:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-proxy-auth logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
}
// TestHTTPProxyMetadata verifies:
// - probeResist: code:404 — unauthorised clients see 404 instead of 407
// - keepalive: config parsing (applied at Init time)
// - compression: config parsing (applied at Init time)
func (s *HTTPSuite) TestHTTPProxyMetadata() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_metadata.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("probe-resist-404", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
output := string(body)
s.Assert().NotContains(output, "407",
"probeResist should hide 407 status")
s.Assert().Contains(output, "404",
"probeResist should return configured decoy code")
})
s.T().Run("with-auth-success", func(t *testing.T) {
cmd := []string{"curl", "-v", "-s", "-x", "http://user:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-metadata logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
}
// TestHTTPProxyHeaders verifies:
// - header: custom response headers (X-Proxy-Info, X-Custom) on
// proxy-originated error responses. The header metadata is set on
// the skeleton response used for error paths after authentication.
// - proxyAgent: custom Proxy-Agent header in proxy responses.
//
// Uses a bypass matcher (0.0.0.0/0) that blocks all traffic after auth
// succeeds → requests hit 403 Forbidden path which carries custom headers.
func (s *HTTPSuite) TestHTTPProxyHeaders() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_headers.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Auth succeeds, but target is bypassed → 403 Forbidden
// The 403 response is built from the skeleton resp which
// carries h.md.header (custom headers) and h.md.proxyAgent.
s.T().Log("bypass: expect 403 with custom headers")
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
"-x", "http://user:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
headers, _ := io.ReadAll(out)
output := string(headers)
// Bypass → 403 Forbidden
s.Assert().Contains(output, "403",
"bypass should return 403")
// header: custom X-Proxy-Info header on error response
s.Assert().Contains(output, "X-Proxy-Info: gost-e2e",
"custom header should appear in 403 response")
// header: custom X-Custom header on error response
s.Assert().Contains(output, "X-Custom: test-value",
"custom header should appear in 403 response")
// proxyAgent: custom Proxy-Agent header on error response
s.Assert().Contains(output, "Proxy-Agent: gost-e2e/1.0",
"proxyAgent should appear in 403 response")
}
// TestHTTPConnect verifies HTTP CONNECT tunnel:
// - sniffing-enabled: sniffing:true + sniffing.timeout:2s
// - no-sniffing: plain CONNECT (default, no metadata)
// - bypass-403: CONNECT blocked by (0.0.0.0/0) bypass
//
// Uses curl --proxytunnel (-p) to force CONNECT method instead of GET.
func (s *HTTPSuite) TestHTTPConnect() {
s.T().Run("sniffing-enabled", func(t *testing.T) {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_connect.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-p", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-connect sniffing logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
s.T().Run("no-sniffing", func(t *testing.T) {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-p", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-connect no-sniffing logs", gostC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
s.T().Run("bypass-403", func(t *testing.T) {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_connect_bypass.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
"-p", "-x", "http://user:pass@127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
output := string(body)
s.Assert().Contains(output, "403",
"CONNECT bypass should return 403")
})
}
// TestHTTPProxyDirectRequest verifies that a non-proxy-form HTTP request
// (raw GET / sent to the proxy port) is rejected with 400 Bad Request.
// A raw request with empty Host header has no valid scheme to infer,
// so the handler returns 400.
func (s *HTTPSuite) TestHTTPProxyDirectRequest() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET / HTTP/1.0\r\nHost: bad!\r\n\r\n")
s.Assert().Contains(resp, "400",
"non-proxy GET should return 400")
}
// TestHTTPProxyPOST verifies that POST method forwarding works through
// the HTTP forward proxy. The echo server only handles GET, so the proxy
// should forward the POST request and return whatever the upstream sends
// back (501 Not Implemented from the echo server — not a proxy error).
// 501 is the real upstream response, proving the proxy forwarded it.
func (s *HTTPSuite) TestHTTPProxyPOST() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
"-X", "POST", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678/", s.echoIP)}
_, out, _ := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
output := string(body)
// The echo server's BaseHTTPRequestHandler defaults to 501 for POST.
// If we get 501 through the proxy, it means the method was forwarded.
s.Assert().Contains(output, "501",
"POST through proxy should be forwarded, echo server returns 501")
}
// TestHTTPConnectUnreachable verifies that CONNECT to an unreachable target
// returns 503 Service Unavailable.
func (s *HTTPSuite) TestHTTPConnectUnreachable() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_connect.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Send a raw CONNECT request to a port where nothing is listening.
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
fmt.Sprintf("CONNECT %s:1 HTTP/1.0\r\nHost: %s:1\r\n\r\n", s.echoIP, s.echoIP))
s.Assert().Contains(resp, "503",
"CONNECT to unreachable target should return 503")
}
// TestHTTPConnector verifies HTTP connector type: a gost client uses an HTTP
// connector to forward through an upstream HTTP proxy (no auth), reaching the
// target via the proxy chain. This covers the server+client two-container
// pattern where the client connects to the server via connector type: http.
func (s *HTTPSuite) TestHTTPConnector() {
// Start upstream HTTP proxy server (no auth).
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/http/server.yaml", []string{"http-server"}, []string{"8080/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
// Render client config that chains through the upstream server.
rendered, err := RenderConfig("testdata/http/client_connector.yaml",
ConfigData{ServerAddr: "http-server:8080"})
s.Require().NoError(err)
defer os.Remove(rendered)
// Start client with the rendered config.
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
// Request through client proxy → HTTP connector → upstream HTTP server → target.
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-connector client logs", clientC)
DumpLogs(s.T(), s.ctx, "http-connector server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestHTTPConnectorAuth verifies HTTP connector with authentication:
// no-auth → 407, correct auth → success.
func (s *HTTPSuite) TestHTTPConnectorAuth() {
// Start upstream HTTP proxy with auth and network alias.
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/http/server_auth.yaml", []string{"http-server"}, []string{"8080/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
s.T().Run("no-auth-407", func(t *testing.T) {
// Send raw request directly to server container (no auth) → 407.
resp := s.sendRaw(serverC, "127.0.0.1", "8080",
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
s.Assert().Contains(resp, "407",
"no auth via upstream should return 407")
})
s.T().Run("correct-auth-success", func(t *testing.T) {
rendered, err := RenderConfig("testdata/http/client_connector_auth.yaml",
ConfigData{ServerAddr: "http-server:8080"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-connector-auth client logs", clientC)
DumpLogs(s.T(), s.ctx, "http-connector-auth server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
}
// TestHTTPProbeResistHost verifies probeResist host type.
// When auth fails, the handler pipes the raw request to
// the decoy host (tcp-echo:5678). The TCP echo server echoes
// back the request bytes rather than returning a 407.
func (s *HTTPSuite) TestHTTPProbeResistHost() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_proberesist_host.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Without auth, probeResist host pipes the raw request to tcp-echo:5678.
// The HTTP echo server returns 200 OK with "hello-gost", proving the
// request reached the decoy host rather than getting a 407 response.
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
s.Assert().NotContains(resp, "407",
"probeResist host should hide 407 response")
s.Assert().Contains(resp, "hello-gost",
"probeResist host should pipe request to decoy host")
}
// TestHTTPProbeResistKnock verifies probeResist knock mechanism.
// Clients that connect with a recognized knock Host header
// get a normal 407 auth challenge instead of the decoy response.
//
// Uses server_proberesist_knock.yaml:
// - probeResist: code:404 (decoy 404 for unknown hosts)
// - knock: secret.example.com (known hosts get normal 407)
func (s *HTTPSuite) TestHTTPProbeResistKnock() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_proberesist_knock.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
s.T().Run("unknown-host-decoy", func(t *testing.T) {
// URL hostname doesn't match knock list → probeResist fires → 404
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
s.Assert().Contains(resp, "404",
"unknown host should get decoy 404")
s.Assert().NotContains(resp, "407",
"unknown host should NOT get 407")
})
s.T().Run("knock-host-407", func(t *testing.T) {
// URL hostname matches knock list → normal 407 auth challenge.
// Note: knock checks req.URL.Hostname(), not the Host header.
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET http://secret.example.com:5678/ HTTP/1.0\r\nHost: secret.example.com\r\n\r\n")
s.Assert().Contains(resp, "407",
"knock host should get normal 407")
})
}
// TestHTTPConnectorTLS verifies HTTP connector using TLS dialer
// to upstream HTTPS proxy (listener type: tls).
// The TLS listener auto-generates a self-signed cert;
// the TLS dialer defaults to InsecureSkipVerify=true, so
// handshake succeeds without explicit cert configuration.
func (s *HTTPSuite) TestHTTPConnectorTLS() {
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/http/server_tls.yaml", []string{"tls-server"}, []string{"8443/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig("testdata/http/client_connector_tls.yaml",
ConfigData{ServerAddr: "tls-server:8443"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "http-connector-tls client logs", clientC)
DumpLogs(s.T(), s.ctx, "http-connector-tls server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestHTTPProbeResistWeb verifies probeResist web type.
// On auth failure, the handler fetches the decoy URL
// (tcp-echo:5678) and returns its response body.
func (s *HTTPSuite) TestHTTPProbeResistWeb() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
"testdata/http/server_proberesist_web.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Without auth, probeResist web fetches http://tcp-echo:5678
// and returns the echo server's response ("hello-gost").
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
s.Assert().NotContains(resp, "407",
"probeResist web should hide 407 response")
s.Assert().Contains(resp, "hello-gost",
"probeResist web should return decoy response body")
}
// TestHTTPProbeResistFile verifies probeResist file type.
// On auth failure, the handler reads a local file and
// returns its contents as the HTTP response body.
func (s *HTTPSuite) TestHTTPProbeResistFile() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/http/server_proberesist_file.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "testdata/http/decoy.html", ContainerFilePath: "/tmp/decoy.html", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Without auth, probeResist file reads /tmp/decoy.html and
// returns "decoy-response" rather than a 407.
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
s.Assert().NotContains(resp, "407",
"probeResist file should hide 407 response")
s.Assert().Contains(resp, "decoy-response",
"probeResist file should return decoy file content")
}
// TestHTTPIdleTimeout verifies idleTimeout on CONNECT tunnels.
// After the configured idle timeout, the pipe between client
// and target should close.
func (s *HTTPSuite) TestHTTPIdleTimeout() {
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/http/server_idle_timeout.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/http_idle_timeout.py", ContainerFilePath: "/scripts/http_idle_timeout.py", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// The Python script:
// 1. Opens a CONNECT tunnel to tcp-echo:5678
// 2. Sends and receives data (confirm tunnel is alive)
// 3. Waits > idleTimeout (3s + 2s buffer)
// 4. Sends more data — expects connection to be closed
code, out, err := gostC.Exec(s.ctx, []string{
"python3", "/scripts/http_idle_timeout.py",
"127.0.0.1", "8080", "3",
})
output, _ := io.ReadAll(out)
s.T().Logf("idle timeout output:\n%s", string(output))
if code != 0 {
DumpLogs(s.T(), s.ctx, "http-idle-timeout logs", gostC)
}
s.Require().Equal(0, code, "idle timeout test script should exit 0")
}
// TestHTTPUDPRelay verifies UDP relay over HTTP. Uses
// X-Gost-Protocol: udp in the CONNECT request to establish
// a SOCKS5 UDP tunnel through the HTTP handler.
func (s *HTTPSuite) TestHTTPUDPRelay() {
// Start UDP echo container on the shared network.
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
defer udpC.Terminate(s.ctx)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
"testdata/http/server_udp.yaml",
[]testcontainers.ContainerFile{
{HostFilePath: "scripts/http_udp_relay.py", ContainerFilePath: "/scripts/http_udp_relay.py", FileMode: 0644},
},
"8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// The Python script:
// 1. Connects to gost HTTP proxy
// 2. Sends CONNECT with X-Gost-Protocol: udp
// 3. After 200 OK, sends a SOCKS5 UDP frame targeting udp-echo:5679
// 4. Reads back the echoed frame
code, out, err := gostC.Exec(s.ctx, []string{
"python3", "/scripts/http_udp_relay.py",
"127.0.0.1", "8080",
})
output, _ := io.ReadAll(out)
s.T().Logf("udp relay output:\n%s", string(output))
if code != 0 {
DumpLogs(s.T(), s.ctx, "http-udp logs", gostC)
}
s.Require().Equal(0, code, "udp relay test script should exit 0")
}
func TestHTTPSuite(t *testing.T) {
suite.Run(t, new(HTTPSuite))
}

View File

@ -0,0 +1,50 @@
package e2e
import (
"context"
"flag"
"fmt"
"os"
"os/exec"
"testing"
"github.com/testcontainers/testcontainers-go/network"
)
var SharedNetworkName string
func TestMain(m *testing.M) {
flag.Parse()
ctx := context.Background()
shouldCleanup := false
if GostBinPath == "" {
GostBinPath = "/tmp/gost-test-bin"
cmd := exec.Command("go", "build", "-o", GostBinPath, "../../cmd/gost")
cmd.Env = append(os.Environ(), "CGO_ENABLED=0")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {
fmt.Printf("Failed to compile gost: %v\n", err)
os.Exit(1)
}
shouldCleanup = true
}
net, err := network.New(ctx)
if err != nil {
fmt.Printf("Failed to create network: %v\n", err)
os.Exit(1)
}
SharedNetworkName = net.Name
code := m.Run()
net.Remove(ctx)
if shouldCleanup {
os.Remove(GostBinPath)
}
os.Exit(code)
}

View File

@ -0,0 +1,289 @@
package e2e
import (
"context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"io"
"math/big"
"net"
"os"
"strings"
"testing"
"time"
"github.com/moby/moby/client"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait"
)
type MTLSSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
pluginC testcontainers.Container
certDir string
}
func (s *MTLSSuite) SetupSuite() {
s.ctx = context.Background()
certDir, err := os.MkdirTemp("", "gost-mtls-certs-*")
s.Require().NoError(err)
s.certDir = certDir
s.generateCerts()
pluginC, err := runAuthPluginContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.pluginC = pluginC
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
}
func (s *MTLSSuite) TearDownSuite() {
if s.pluginC != nil {
s.pluginC.Terminate(s.ctx)
}
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
os.RemoveAll(s.certDir)
}
// generateCerts creates a self-signed CA, a server cert signed by the CA,
// and a client cert signed by the CA, writing PEM files to s.certDir.
func (s *MTLSSuite) generateCerts() {
// CA
caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
s.Require().NoError(err)
caTmpl := &x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{CommonName: "Test CA"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(24 * time.Hour),
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
BasicConstraintsValid: true,
IsCA: true,
}
caDER, err := x509.CreateCertificate(rand.Reader, caTmpl, caTmpl, &caKey.PublicKey, caKey)
s.Require().NoError(err)
s.writeCertPEM(s.certDir+"/ca.pem", "CERTIFICATE", caDER)
s.writeKeyPEM(s.certDir+"/ca-key.pem", "EC PRIVATE KEY", caKey)
// Server
serverKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
s.Require().NoError(err)
serverTmpl := &x509.Certificate{
SerialNumber: big.NewInt(2),
Subject: pkix.Name{CommonName: "localhost"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(24 * time.Hour),
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
DNSNames: []string{"localhost"},
IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
}
serverDER, err := x509.CreateCertificate(rand.Reader, serverTmpl, caTmpl, &serverKey.PublicKey, caKey)
s.Require().NoError(err)
s.writeCertPEM(s.certDir+"/server.pem", "CERTIFICATE", serverDER)
s.writeKeyPEM(s.certDir+"/server-key.pem", "EC PRIVATE KEY", serverKey)
// Client
clientKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
s.Require().NoError(err)
clientTmpl := &x509.Certificate{
SerialNumber: big.NewInt(3),
Subject: pkix.Name{CommonName: "test-client"},
NotBefore: time.Now(),
NotAfter: time.Now().Add(24 * time.Hour),
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
EmailAddresses: []string{"test@example.com"},
}
clientDER, err := x509.CreateCertificate(rand.Reader, clientTmpl, caTmpl, &clientKey.PublicKey, caKey)
s.Require().NoError(err)
s.writeCertPEM(s.certDir+"/client.pem", "CERTIFICATE", clientDER)
s.writeKeyPEM(s.certDir+"/client-key.pem", "EC PRIVATE KEY", clientKey)
}
// TestMTLSProxy verifies HTTP forward proxy works over an mTLS listener
// with a valid client certificate.
func (s *MTLSSuite) TestMTLSProxy() {
rendered, err := RenderConfig("testdata/mtls/server.yaml",
ConfigData{ServerAddr: "auth-plugin"})
s.Require().NoError(err)
defer os.Remove(rendered)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
[]testcontainers.ContainerFile{
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
},
"8443/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Verify proxy works with valid client cert
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
"--cacert", "/certs/ca.pem",
"--cert", "/certs/client.pem",
"--key", "/certs/client-key.pem",
"-x", "https://127.0.0.1:8443",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
body, err2 := io.ReadAll(out)
if err != nil || err2 != nil || code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "mtls gost logs", gostC)
DumpLogs(s.T(), s.ctx, "mtls auth-plugin logs", s.pluginC)
}
s.Require().NoError(err)
s.Require().NoError(err2)
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestMTLSWithoutClientCert verifies that an mTLS listener rejects
// connections from clients that do not present a certificate.
func (s *MTLSSuite) TestMTLSWithoutClientCert() {
rendered, err := RenderConfig("testdata/mtls/server.yaml",
ConfigData{ServerAddr: "auth-plugin"})
s.Require().NoError(err)
defer os.Remove(rendered)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
[]testcontainers.ContainerFile{
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
},
"8443/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// curl without client cert should fail TLS handshake
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
"--cacert", "/certs/ca.pem",
"-x", "https://127.0.0.1:8443",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, _, err := gostC.Exec(s.ctx, cmd)
if err == nil && code == 0 {
DumpLogs(s.T(), s.ctx, "mtls gost logs", gostC)
}
// Expect failure (non-zero exit code from curl)
s.Require().NotEqual(0, code, "curl without client cert should fail with non-zero exit code")
}
// TestMTLSAuthPluginLogs verifies that the HTTP auth plugin receives
// the mTLS client certificate identity (client_cn, client_san,
// client_cert_fingerprint) when a request passes through the mTLS listener.
func (s *MTLSSuite) TestMTLSAuthPluginLogs() {
rendered, err := RenderConfig("testdata/mtls/server.yaml",
ConfigData{ServerAddr: "auth-plugin"})
s.Require().NoError(err)
defer os.Remove(rendered)
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
[]testcontainers.ContainerFile{
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
},
"8443/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Send a request with valid client cert through the mTLS proxy.
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
"--cacert", "/certs/ca.pem",
"--cert", "/certs/client.pem",
"--key", "/certs/client-key.pem",
"-x", "https://127.0.0.1:8443",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
body, _ := io.ReadAll(out)
s.Require().NoError(err)
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
// Read auth plugin logs and verify PeerCert fields are present.
logs, err := s.pluginC.Logs(s.ctx)
s.Require().NoError(err)
logData, _ := io.ReadAll(logs)
logStr := string(logData)
s.T().Logf("auth plugin logs:\n%s", logStr)
s.Require().Contains(logStr, "clientCn", "auth plugin should receive client_cn")
s.Require().Contains(logStr, "test-client", "client_cn should be 'test-client'")
s.Require().Contains(logStr, "clientSan", "auth plugin should receive client_san")
s.Require().Contains(logStr, "clientCertFingerprint", "auth plugin should receive client_cert_fingerprint")
}
func TestMTLSSuite(t *testing.T) {
suite.Run(t, new(MTLSSuite))
}
// --- helpers ---
func runAuthPluginContainer(ctx context.Context, networkName string) (testcontainers.Container, error) {
req := testcontainers.ContainerRequest{
FromDockerfile: testcontainers.FromDockerfile{
Context: ".",
Dockerfile: "Dockerfile",
Repo: "gost-e2e",
Tag: "latest",
KeepImage: true,
BuildOptionsModifier: func(opts *client.ImageBuildOptions) {
opts.NetworkMode = "host"
},
},
Networks: []string{networkName},
NetworkAliases: map[string][]string{
networkName: {"auth-plugin"},
},
Files: []testcontainers.ContainerFile{
{HostFilePath: "scripts/auth_plugin.py", ContainerFilePath: "/scripts/auth_plugin.py", FileMode: 0644},
},
ExposedPorts: []string{"9000/tcp"},
Cmd: []string{"python3", "/scripts/auth_plugin.py", "9000"},
WaitingFor: wait.ForExposedPort(),
}
return testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})
}
// writeCertPEM writes a DER-encoded certificate to a PEM file.
func (s *MTLSSuite) writeCertPEM(path, blockType string, der []byte) {
err := os.WriteFile(path, pem.EncodeToMemory(&pem.Block{Type: blockType, Bytes: der}), 0644)
s.Require().NoError(err)
}
// writeKeyPEM marshals an ECDSA private key and writes it to a PEM file.
func (s *MTLSSuite) writeKeyPEM(path, blockType string, key *ecdsa.PrivateKey) {
b, err := x509.MarshalECPrivateKey(key)
s.Require().NoError(err)
err = os.WriteFile(path, pem.EncodeToMemory(&pem.Block{Type: blockType, Bytes: b}), 0600)
s.Require().NoError(err)
}

View File

@ -0,0 +1,57 @@
package e2e
import (
"context"
"fmt"
"io"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type ParallelSelectorSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
}
func (s *ParallelSelectorSuite) SetupSuite() {
s.ctx = context.Background()
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
}
func (s *ParallelSelectorSuite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
}
func (s *ParallelSelectorSuite) TestParallelSelector() {
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName, "testdata/parallel_selector/server.yaml", "8080/tcp")
s.Require().NoError(err)
defer gostC.Terminate(s.ctx)
// Test the proxy by running curl inside the gost container
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := gostC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
func TestParallelSelectorSuite(t *testing.T) {
suite.Run(t, new(ParallelSelectorSuite))
}

View File

@ -0,0 +1,157 @@
package e2e
import (
"context"
"fmt"
"io"
"os"
"strings"
"testing"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type PHTSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
}
func (s *PHTSuite) SetupSuite() {
s.ctx = context.Background()
s.T().Logf("start tcp echo container...")
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
}
func (s *PHTSuite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
}
// TestPHTTunnel verifies a basic PHT tunnel: a client HTTP proxy chains
// through a PHT dialer to reach a PHT server, which forwards the request
// to the echo server.
func (s *PHTSuite) TestPHTTunnel() {
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/pht/server.yaml",
[]string{"pht-server"}, []string{"8443/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig("testdata/pht/client_connector.yaml",
ConfigData{ServerAddr: "pht-server:8443"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "pht client logs", clientC)
DumpLogs(s.T(), s.ctx, "pht server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestPHTSTunnel verifies PHT over TLS. The PHTs listener auto-generates a
// self-signed cert; the PHTs dialer defaults to InsecureSkipVerify so the
// handshake succeeds without explicit cert configuration.
func (s *PHTSuite) TestPHTSTunnel() {
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/pht/server_phts.yaml",
[]string{"phts-server"}, []string{"8443/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig("testdata/pht/client_connector_phts.yaml",
ConfigData{ServerAddr: "phts-server:8443"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "phts client logs", clientC)
DumpLogs(s.T(), s.ctx, "phts server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
// TestPHTHeartbeat verifies that the PHT tunnel stays alive across idle
// periods. Sends a request, waits >readTimeout (default 10s), and sends
// another request to confirm the heartbeat kept the connection open.
func (s *PHTSuite) TestPHTHeartbeat() {
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
"testdata/pht/server.yaml",
[]string{"pht-server"}, []string{"8443/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig("testdata/pht/client_connector.yaml",
ConfigData{ServerAddr: "pht-server:8443"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
// First request: establish the tunnel.
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, _ := io.ReadAll(out)
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
// Wait longer than readTimeout to trigger heartbeat.
// The PHT server's default read timeout is 10s. We wait 12s.
cmd = []string{"sh", "-c",
fmt.Sprintf("sleep 12 && curl -s -x http://127.0.0.1:8080 http://%s:5678", s.echoIP)}
code, out, err = clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, _ = io.ReadAll(out)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, "pht heartbeat client logs", clientC)
DumpLogs(s.T(), s.ctx, "pht heartbeat server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
}
func TestPHTSuite(t *testing.T) {
suite.Run(t, new(PHTSuite))
}

View File

@ -0,0 +1,27 @@
import http.server
import json
import sys
class AuthHandler(http.server.BaseHTTPRequestHandler):
def do_POST(self):
length = int(self.headers.get('Content-Length', 0))
body = self.rfile.read(length)
data = json.loads(body)
print(f"AUTH_REQUEST: {json.dumps(data)}", flush=True)
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.end_headers()
self.wfile.write(
json.dumps(
{"ok": True, "id": data.get("username", "anonymous")}
).encode()
)
def log_message(self, format, *args):
pass # silence default logging, we use our own AUTH_REQUEST line
if __name__ == "__main__":
port = int(sys.argv[1]) if len(sys.argv) > 1 else 9000
http.server.HTTPServer(("0.0.0.0", port), AuthHandler).serve_forever()

View File

@ -0,0 +1,162 @@
"""DNS query client for e2e tests.
Usage:
python3 dns_query.py udp host port qname qtype [expected_ip|empty]
python3 dns_query.py tcp host port qname qtype [expected_ip|empty]
Sends a DNS query and optionally checks the response:
- expected_ip: verify response contains this IP address
- "empty": verify response has zero answer records (NXDOMAIN or blocked)
- omitted: exit 0 on any valid DNS response
Exits 0 on success, 1 on failure.
"""
import struct
import socket
import sys
def encode_name(name):
parts = name.rstrip(".").split(".")
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
def skip_name(data, pos):
"""Skip one DNS name at pos, return position after it."""
while True:
length = data[pos]
if length == 0:
return pos + 1
if length & 0xC0:
return pos + 2
pos += length + 1
def build_query(qname, qtype):
tid = 0x1234
flags = 0x0100 # RD=1
qdcount = 1
header = struct.pack(">HHHHHH", tid, flags, qdcount, 0, 0, 0)
qname_enc = encode_name(qname)
question = qname_enc + struct.pack(">HH", qtype, 1) # QTYPE, QCLASS=IN
return header + question
def parse_response(data):
if len(data) < 12:
return [], -1
flags = struct.unpack(">H", data[2:4])[0]
rcode = flags & 0x0F
qdcount = struct.unpack(">H", data[4:6])[0]
ancount = struct.unpack(">H", data[6:8])[0]
# Skip question section
pos = 12
for _ in range(qdcount):
pos = skip_name(data, pos) + 4 # QTYPE + QCLASS
answers = []
for _ in range(ancount):
pos = skip_name(data, pos)
rtype, rclass, ttl, rdlength = struct.unpack(">HHIH", data[pos:pos + 10])
pos += 10
rdata = data[pos:pos + rdlength]
pos += rdlength
answers.append((rtype, rclass, ttl, rdata))
return answers, rcode
def query_udp(host, port, query):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(5)
sock.sendto(query, (host, port))
data, _ = sock.recvfrom(4096)
sock.close()
return data
def query_tcp(host, port, query):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect((host, port))
sock.sendall(struct.pack(">H", len(query)) + query)
raw = sock.recv(2)
if len(raw) < 2:
sock.close()
return b""
msglen = struct.unpack(">H", raw)[0]
data = b""
while len(data) < msglen:
chunk = sock.recv(msglen - len(data))
if not chunk:
break
data += chunk
sock.close()
return data
def format_ip(rtype, rdata):
if rtype == 1 and len(rdata) == 4:
return socket.inet_ntoa(rdata)
if rtype == 28 and len(rdata) == 16:
return socket.inet_ntop(socket.AF_INET6, rdata)
return repr(rdata)
def main():
if len(sys.argv) < 5:
print("Usage: dns_query.py <udp|tcp> <host> <port> <qname> <qtype> [expected_ip|empty]")
sys.exit(1)
mode = sys.argv[1]
host = sys.argv[2]
port = int(sys.argv[3])
qname = sys.argv[4]
qtype_str = sys.argv[5]
expected = sys.argv[6] if len(sys.argv) > 6 else None
qtype_map = {"A": 1, "AAAA": 28}
qtype = qtype_map.get(qtype_str, 1)
query = build_query(qname, qtype)
try:
if mode == "tcp":
data = query_tcp(host, port, query)
else:
data = query_udp(host, port, query)
except Exception as e:
print(f"ERROR: {e}")
sys.exit(1)
if not data:
print("ERROR: empty response")
sys.exit(1)
answers, rcode = parse_response(data)
print(f"Got {len(answers)} answer(s), rcode={rcode}")
for rtype, _, _, rdata in answers:
print(f" {format_ip(rtype, rdata)}")
if expected == "empty":
if len(answers) == 0:
print("MATCH: empty answer (expected)")
sys.exit(0)
print(f"NO MATCH: expected empty, got {len(answers)} answers")
sys.exit(1)
elif expected:
for rtype, _, _, rdata in answers:
ip = format_ip(rtype, rdata)
if ip == expected:
print(f"MATCH: expected {expected}")
sys.exit(0)
print(f"NO MATCH: expected {expected}")
sys.exit(1)
else:
sys.exit(0)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,88 @@
"""Simple authoritative DNS responder for e2e tests.
Listens on UDP port 5353 and responds with static records:
test.example.com. IN A 10.0.0.1
test2.example.com. IN A 10.0.0.2
example.com. IN AAAA ::1
All other queries receive NXDOMAIN.
"""
import socketserver
import struct
import socket
def decode_name(data, offset):
labels = []
while True:
length = data[offset]
if length == 0:
offset += 1
break
if length & 0xC0:
offset += 2
break
offset += 1
labels.append(data[offset:offset + length].decode())
offset += length
return '.'.join(labels), offset
def encode_name(name):
parts = name.rstrip(".").split(".")
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
RECORDS = {
("test.example.com", 1): (1, 300, socket.inet_aton("10.0.0.1")),
("test2.example.com", 1): (1, 300, socket.inet_aton("10.0.0.2")),
("example.com", 28): (28, 300, socket.inet_pton(socket.AF_INET6, "::1")),
}
class DNSResponder(socketserver.DatagramRequestHandler):
def handle(self):
data = self.rfile.read(512)
if len(data) < 12:
return
tid = struct.unpack(">H", data[:2])[0]
qdcount = struct.unpack(">H", data[4:6])[0]
if qdcount == 0:
return
qname, pos = decode_name(data, 12)
qtype = struct.unpack(">H", data[pos:pos + 2])[0]
qclass = struct.unpack(">H", data[pos + 2:pos + 4])[0]
key = (qname, qtype)
if key in RECORDS:
rcode = 0
ancount = 1
rtype, ttl, rdata = RECORDS[key]
else:
rcode = 3 # NXDOMAIN
ancount = 0
rtype, ttl, rdata = 0, 0, b""
flags = 0x8000 | 0x0400 | rcode # QR=1, AA=1, rcode
header = struct.pack(">HHHHHH", tid, flags, qdcount, ancount, 0, 0)
question = data[12:pos + 4]
answer = b""
if ancount:
answer = (
struct.pack(">HH", 0xC00C, rtype) # NAME pointer + TYPE
+ struct.pack(">HI", qclass, ttl) # CLASS + TTL
+ struct.pack(">H", len(rdata)) + rdata # RDLENGTH + RDATA
)
self.wfile.write(header + question + answer)
if __name__ == "__main__":
with socketserver.UDPServer(("0.0.0.0", 5353), DNSResponder) as srv:
srv.serve_forever()

View File

@ -0,0 +1,83 @@
"""Simple authoritative DNS responder for TCP mode e2e tests.
Listens on TCP port 5353 and responds with the same static records
as dns_responder.py, but over TCP (RFC 5966).
"""
import socketserver
import struct
import socket
def decode_name(data, offset):
labels = []
while True:
length = data[offset]
if length == 0:
offset += 1
break
if length & 0xC0:
offset += 2
break
offset += 1
labels.append(data[offset:offset + length].decode())
offset += length
return '.'.join(labels), offset
RECORDS = {
("test.example.com", 1): (1, 300, socket.inet_aton("10.0.0.1")),
("test2.example.com", 1): (1, 300, socket.inet_aton("10.0.0.2")),
("example.com", 28): (28, 300, socket.inet_pton(socket.AF_INET6, "::1")),
}
class DNSResponder(socketserver.StreamRequestHandler):
def handle(self):
# TCP DNS: 2-byte length prefix
raw = self.rfile.read(2)
if len(raw) < 2:
return
msglen = struct.unpack(">H", raw)[0]
data = self.rfile.read(msglen)
if len(data) < 12:
return
tid = struct.unpack(">H", data[:2])[0]
qdcount = struct.unpack(">H", data[4:6])[0]
if qdcount == 0:
return
qname, pos = decode_name(data, 12)
qtype = struct.unpack(">H", data[pos:pos + 2])[0]
qclass = struct.unpack(">H", data[pos + 2:pos + 4])[0]
key = (qname, qtype)
if key in RECORDS:
rcode = 0
ancount = 1
rtype, ttl, rdata = RECORDS[key]
else:
rcode = 3 # NXDOMAIN
ancount = 0
rtype, ttl, rdata = 0, 0, b""
flags = 0x8000 | 0x0400 | rcode
header = struct.pack(">HHHHHH", tid, flags, qdcount, ancount, 0, 0)
question = data[12:pos + 4]
answer = b""
if ancount:
answer = (
struct.pack(">HH", 0xC00C, rtype)
+ struct.pack(">HI", qclass, ttl)
+ struct.pack(">H", len(rdata)) + rdata
)
dnsmsg = header + question + answer
self.wfile.write(struct.pack(">H", len(dnsmsg)) + dnsmsg)
if __name__ == "__main__":
with socketserver.TCPServer(("0.0.0.0", 5353), DNSResponder) as srv:
srv.serve_forever()

View File

@ -0,0 +1,140 @@
"""DNS query client over TLS for e2e tests.
Connects to the DNS-over-TLS endpoint and performs a DNS query.
Usage:
python3 dns_tls_query.py host port qname qtype [expected_ip]
"""
import struct
import socket
import ssl
import sys
def encode_name(name):
parts = name.rstrip(".").split(".")
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
def build_query(tid, qname, qtype):
flags = 0x0100
qdcount = 1
header = struct.pack(">HHHHHH", tid, flags, qdcount, 0, 0, 0)
qname_enc = encode_name(qname)
question = qname_enc + struct.pack(">HH", qtype, 1)
return header + question
def parse_response(data):
if len(data) < 12:
return [], -1
flags = struct.unpack(">H", data[2:4])[0]
rcode = flags & 0x0F
qdcount = struct.unpack(">H", data[4:6])[0]
ancount = struct.unpack(">H", data[6:8])[0]
pos = 12
for _ in range(qdcount):
while data[pos] != 0:
if data[pos] & 0xC0:
pos += 2
break
pos += data[pos] + 1
else:
pos += 1
pos += 4
answers = []
for _ in range(ancount):
if data[pos] & 0xC0:
pos += 2
else:
while data[pos] != 0:
pos += data[pos] + 1
pos += 1
rtype, rclass, ttl, rdlength = struct.unpack(">HHIH", data[pos:pos + 10])
pos += 10
rdata = data[pos:pos + rdlength]
pos += rdlength
answers.append((rtype, rdata))
return answers, rcode
def main():
if len(sys.argv) < 5:
print(f"Usage: {sys.argv[0]} host port qname qtype [expected_ip]")
sys.exit(1)
host = sys.argv[1]
port = int(sys.argv[2])
qname = sys.argv[3]
qtype_str = sys.argv[4]
expected = sys.argv[5] if len(sys.argv) > 5 else None
qtype_map = {"A": 1, "AAAA": 28}
qtype = qtype_map.get(qtype_str, 1)
query = build_query(0x1234, qname, qtype)
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
try:
with socket.create_connection((host, port), timeout=5) as sock:
with ctx.wrap_socket(sock, server_hostname=host) as tls_sock:
# TCP DNS: 2-byte length prefix
tls_sock.sendall(struct.pack(">H", len(query)) + query)
raw = tls_sock.recv(2)
if len(raw) < 2:
print("ERROR: short response header")
sys.exit(1)
msglen = struct.unpack(">H", raw)[0]
data = b""
while len(data) < msglen:
chunk = tls_sock.recv(msglen - len(data))
if not chunk:
break
data += chunk
except Exception as e:
print(f"ERROR: {e}")
sys.exit(1)
if not data:
print("ERROR: empty response")
sys.exit(1)
answers, rcode = parse_response(data)
print(f"Got {len(answers)} answer(s), rcode={rcode}")
for rtype, rdata in answers:
if rtype == 1 and len(rdata) == 4:
ip = socket.inet_ntoa(rdata)
print(f" A {ip}")
elif rtype == 28 and len(rdata) == 16:
ip6 = socket.inet_ntop(socket.AF_INET6, rdata)
print(f" AAAA {ip6}")
else:
print(f" TYPE={rtype} RDATA={rdata.hex()}")
if expected:
for rtype, rdata in answers:
if rtype == 1 and len(rdata) == 4:
ip = socket.inet_ntoa(rdata)
if ip == expected:
print(f"MATCH: expected {expected}")
sys.exit(0)
elif rtype == 28 and len(rdata) == 16:
ip6 = socket.inet_ntop(socket.AF_INET6, rdata)
if ip6 == expected:
print(f"MATCH: expected {expected}")
sys.exit(0)
print(f"NO MATCH: expected {expected}")
sys.exit(1)
sys.exit(0)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,68 @@
import socket
import sys
import time
def main():
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080
idle_timeout = int(sys.argv[3]) if len(sys.argv) > 3 else 3
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10)
s.connect((host, port))
# CONNECT to echo server
req = b"CONNECT tcp-echo:5678 HTTP/1.1\r\nHost: tcp-echo:5678\r\n\r\n"
s.sendall(req)
# Read 200 OK response
resp = b""
while b"\r\n\r\n" not in resp:
chunk = s.recv(4096)
if not chunk:
break
resp += chunk
if b"200" not in resp:
print(f"FAIL: expected 200, got {resp.decode(errors='replace')}")
sys.exit(1)
# Send an HTTP GET through the CONNECT tunnel. The tunnel target
# is an HTTP echo server (BaseHTTPRequestHandler), so we must speak
# HTTP or the connection closes.
req = b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n"
s.sendall(req)
data = b""
while b"hello-gost" not in data:
chunk = s.recv(4096)
if not chunk:
break
data += chunk
if b"hello-gost" not in data:
print(f"FAIL: expected hello-gost echo, got {data!r}")
sys.exit(1)
print(f"PASS: first request through tunnel succeeded")
# Wait longer than idleTimeout
wait = idle_timeout + 2
print(f"Waiting {wait}s for idle timeout...")
time.sleep(wait)
# Try to send more data — idle timeout should have closed the pipe
try:
s.sendall(b"ping-2\n")
data = s.recv(4096)
if not data:
print("PASS: connection closed after idle timeout (empty recv)")
sys.exit(0)
# Got data means the pipe is still alive
print(f"FAIL: connection still alive after idle timeout, got {data!r}")
sys.exit(1)
except (socket.timeout, ConnectionResetError, BrokenPipeError, OSError) as e:
print(f"PASS: connection closed after idle timeout: {e}")
sys.exit(0)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,135 @@
import socket
import struct
import sys
UDP_ECHO_HOST = "udp-echo"
UDP_ECHO_PORT = 5679
def encode_socks5_addr(host, port):
"""Encode (host, port) as SOCKS5 ADDRESS + PORT.
Uses ATYP=3 (domain name) so Docker DNS resolves the host.
Returns (atyp, address_bytes, port_bytes).
"""
host_bytes = host.encode()
addr_bytes = struct.pack("!B", len(host_bytes)) + host_bytes
port_bytes = struct.pack("!H", port)
return 0x03, addr_bytes, port_bytes
def build_udp_frame(payload, host, port):
"""Build a SOCKS5 UDP relay frame over TCP.
gost HTTP UDP relay uses RSV=data-length and FRAG=0xff.
Frame: [RSV:2][FRAG:1][ATYP:1][DST.ADDR][DST.PORT:2][DATA]
"""
atyp, addr_bytes, port_bytes = encode_socks5_addr(host, port)
rsv = struct.pack("!H", len(payload))
frag = b"\xff"
atyp_byte = struct.pack("!B", atyp)
return rsv + frag + atyp_byte + addr_bytes + port_bytes + payload
def recvn(sock, n):
"""Receive exactly n bytes from socket."""
buf = b""
while len(buf) < n:
chunk = sock.recv(n - len(buf))
if not chunk:
raise ConnectionError("connection closed while reading")
buf += chunk
return buf
def read_socks5_frame(sock):
"""Read one SOCKS5 UDP relay frame from the TCP connection.
Returns (addr, port, data).
"""
# Read header: RSV(2) + FRAG(1) + ATYP(1)
header = recvn(sock, 4)
rsv = struct.unpack("!H", header[:2])[0]
frag = header[2]
atyp = header[3]
# Read address based on ATYP
if atyp == 1: # IPv4
addr_bytes = recvn(sock, 4)
addr = socket.inet_ntoa(addr_bytes)
elif atyp == 3: # Domain name
domain_len = recvn(sock, 1)
addr = recvn(sock, domain_len[0]).decode()
elif atyp == 4: # IPv6
addr_bytes = recvn(sock, 16)
addr = socket.inet_ntop(socket.AF_INET6, addr_bytes)
else:
raise ValueError(f"unknown ATYP: {atyp}")
port_bytes = recvn(sock, 2)
port = struct.unpack("!H", port_bytes)[0]
# Read data
if rsv > 0:
data = recvn(sock, rsv)
else:
# Standard SOCKS5 UDP: read remaining
data = b""
while True:
chunk = sock.recv(4096)
if not chunk:
break
data += chunk
return addr, port, data
def main():
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10)
s.connect((host, port))
# Send CONNECT with X-Gost-Protocol: udp
req = (
b"CONNECT 0.0.0.0:0 HTTP/1.1\r\n"
b"Host: 0.0.0.0:0\r\n"
b"X-Gost-Protocol: udp\r\n"
b"Proxy-Connection: keep-alive\r\n"
b"\r\n"
)
s.sendall(req)
# Read 200 OK
resp = b""
while b"\r\n\r\n" not in resp:
chunk = s.recv(4096)
if not chunk:
break
resp += chunk
if b"200" not in resp:
print(f"FAIL: expected 200, got {resp.decode(errors='replace')}")
sys.exit(1)
# Build and send UDP relay frame
payload = b"hello-gost"
frame = build_udp_frame(payload, UDP_ECHO_HOST, UDP_ECHO_PORT)
s.sendall(frame)
# Read response frame
addr, rport, data = read_socks5_frame(s)
if b"hello-gost" in data:
print(f"PASS: received expected data from {addr}:{rport}")
sys.exit(0)
else:
print(f"FAIL: expected hello-gost in response, got {data!r}")
sys.exit(1)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,16 @@
from http.server import BaseHTTPRequestHandler, HTTPServer
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
body = b"hello-gost"
self.send_response(200)
self.send_header("Content-Length", str(len(body)))
self.end_headers()
self.wfile.write(body)
def log_message(self, format, *args):
return
HTTPServer(("0.0.0.0", 5678), Handler).serve_forever()

View File

@ -0,0 +1,53 @@
import socket
import sys
import time
def main():
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8000
idle_timeout = int(sys.argv[3]) if len(sys.argv) > 3 else 3
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10)
s.connect((host, port))
# Send an HTTP GET request — the forward handler pipes us to tcp-echo:5678
req = b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n"
s.sendall(req)
# Read response — should contain "hello-gost" (echo server reply)
resp = b""
while b"hello-gost" not in resp:
chunk = s.recv(4096)
if not chunk:
break
resp += chunk
if b"hello-gost" not in resp:
print(f"FAIL: expected hello-gost in response, got {resp.decode(errors='replace')}")
sys.exit(1)
print(f"PASS: first request through forward pipe succeeded")
# Wait longer than idleTimeout
wait = idle_timeout + 2
print(f"Waiting {wait}s for idle timeout...")
time.sleep(wait)
# Try to send more data — idle timeout should have closed the pipe
try:
s.sendall(b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n")
data = s.recv(4096)
if not data:
print("PASS: connection closed after idle timeout (empty recv)")
sys.exit(0)
# Got data means the pipe is still alive
print(f"FAIL: connection still alive after idle timeout, got {data!r}")
sys.exit(1)
except (socket.timeout, ConnectionResetError, BrokenPipeError, OSError) as e:
print(f"PASS: connection closed after idle timeout: {e}")
sys.exit(0)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,9 @@
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(("0.0.0.0", 5679))
while True:
data, addr = sock.recvfrom(2048)
sock.sendto(data, addr)

View File

@ -0,0 +1,25 @@
import socket
import sys
def main():
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
port = int(sys.argv[2]) if len(sys.argv) > 2 else 9000
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(5)
payload = b"hello-gost-udp"
sock.sendto(payload, (host, port))
data, addr = sock.recvfrom(2048)
if data == payload:
print("PASS: received echo")
sys.exit(0)
else:
print(f"FAIL: expected {payload!r}, got {data!r}")
sys.exit(1)
if __name__ == "__main__":
main()

View File

@ -0,0 +1,160 @@
package e2e
import (
"context"
"fmt"
"io"
"net"
"os"
"strings"
"testing"
"time"
"github.com/stretchr/testify/suite"
"github.com/testcontainers/testcontainers-go"
)
type ShadowsocksSuite struct {
suite.Suite
ctx context.Context
echoC testcontainers.Container
echoIP string
udpC testcontainers.Container
}
func (s *ShadowsocksSuite) SetupSuite() {
s.ctx = context.Background()
s.T().Logf("start tcp echo container...")
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.echoC = echoC
echoIP, err := echoC.ContainerIP(s.ctx)
s.Require().NoError(err)
s.echoIP = echoIP
s.T().Logf("start udp echo container...")
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
s.Require().NoError(err)
s.udpC = udpC
}
func (s *ShadowsocksSuite) TearDownSuite() {
if s.echoC != nil {
s.echoC.Terminate(s.ctx)
}
if s.udpC != nil {
s.udpC.Terminate(s.ctx)
}
}
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
s.runTCPCase("aes256gcm", "testdata/shadowsocks/tcp_server_aes256gcm.yaml", "testdata/shadowsocks/tcp_client_aes256gcm.yaml")
s.runTCPCase("chacha20", "testdata/shadowsocks/tcp_server_chacha20.yaml", "testdata/shadowsocks/tcp_client_chacha20.yaml")
}
func (s *ShadowsocksSuite) TestShadowsocks2022TCP() {
s.runTCPCase("2022-aes128", "testdata/shadowsocks/tcp_server_2022_aes128.yaml", "testdata/shadowsocks/tcp_client_2022_aes128.yaml")
s.runTCPCase("2022-aes256", "testdata/shadowsocks/tcp_server_2022_aes256.yaml", "testdata/shadowsocks/tcp_client_2022_aes256.yaml")
}
func (s *ShadowsocksSuite) TestShadowsocks2022TCPMultiPSK() {
s.runTCPCase("2022-aes128-multipsk", "testdata/shadowsocks/tcp_server_2022_aes128_multipsk.yaml", "testdata/shadowsocks/tcp_client_2022_aes128_multipsk.yaml")
s.runTCPCase("2022-aes256-multipsk", "testdata/shadowsocks/tcp_server_2022_aes256_multipsk.yaml", "testdata/shadowsocks/tcp_client_2022_aes256_multipsk.yaml")
}
func (s *ShadowsocksSuite) TestShadowsocksUDP() {
s.runUDPCase("aes256gcm", "testdata/shadowsocks/udp_server_aes256gcm.yaml", "testdata/shadowsocks/udp_client_aes256gcm.yaml")
}
func (s *ShadowsocksSuite) TestShadowsocks2022UDP() {
s.runUDPCase("2022-aes128", "testdata/shadowsocks/udp_server_2022_aes128.yaml", "testdata/shadowsocks/udp_client_2022_aes128.yaml")
s.runUDPCase("2022-aes256", "testdata/shadowsocks/udp_server_2022_aes256.yaml", "testdata/shadowsocks/udp_client_2022_aes256.yaml")
}
func (s *ShadowsocksSuite) runUDPCase(name, serverConfig, clientConfig string) {
s.T().Run(name, func(t *testing.T) {
serverAlias := name + "-ssu-server"
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName, serverConfig, []string{serverAlias}, []string{"8389/udp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig(clientConfig, ConfigData{ServerAddr: serverAlias + ":8389"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(
s.ctx,
SharedNetworkName,
rendered,
"9000/udp",
)
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
host, err := clientC.Host(s.ctx)
s.Require().NoError(err)
port, err := clientC.MappedPort(s.ctx, "9000/udp")
s.Require().NoError(err)
conn, err := net.DialTimeout("udp", net.JoinHostPort(host, port.Port()), 5*time.Second)
s.Require().NoError(err)
defer conn.Close()
payload := []byte("hello-gost-udp")
buf := make([]byte, 2048)
var n int
for i := range 5 {
_, err = conn.Write(payload)
s.Require().NoError(err)
_ = conn.SetReadDeadline(time.Now().Add(2 * time.Second))
n, err = conn.Read(buf)
if err == nil {
break
}
s.T().Logf("udp read attempt %d failed: %v, retrying...", i+1, err)
time.Sleep(2 * time.Second)
}
if err != nil {
DumpLogs(s.T(), s.ctx, name+" udp client logs", clientC)
DumpLogs(s.T(), s.ctx, name+" udp server logs", serverC)
}
s.Require().NoError(err)
s.Require().Contains(string(buf[:n]), "hello-gost")
})
}
func TestShadowsocksSuite(t *testing.T) {
suite.Run(t, new(ShadowsocksSuite))
}
func (s *ShadowsocksSuite) runTCPCase(name, serverConfig, clientConfig string) {
s.T().Run(name, func(t *testing.T) {
serverAlias := name + "-ss-server"
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName, serverConfig, []string{serverAlias}, []string{"8388/tcp"})
s.Require().NoError(err)
defer serverC.Terminate(s.ctx)
rendered, err := RenderConfig(clientConfig, ConfigData{ServerAddr: serverAlias + ":8388"})
s.Require().NoError(err)
defer os.Remove(rendered)
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName, rendered, "8080/tcp")
s.Require().NoError(err)
defer clientC.Terminate(s.ctx)
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
code, out, err := clientC.Exec(s.ctx, cmd)
s.Require().NoError(err)
body, err := io.ReadAll(out)
s.Require().NoError(err)
if code != 0 || !strings.Contains(string(body), "hello-gost") {
DumpLogs(s.T(), s.ctx, name+" client logs", clientC)
DumpLogs(s.T(), s.ctx, name+" server logs", serverC)
}
s.Require().Equal(0, code)
s.Require().Contains(string(body), "hello-gost")
})
}

View File

@ -0,0 +1,16 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: udp://dns-server:5353
timeout: 5s
listener:
type: dns
bypass: block-example
bypasses:
- name: block-example
matchers:
- test.example.com

View File

@ -0,0 +1,10 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: udp://127.0.0.1:1
timeout: 2s
listener:
type: dns

View File

@ -0,0 +1,22 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
# Unreachable upstream so the system-DNS fallback is bypassed.
# The host mapper resolves mapped names before the exchanger is
# reached; unmapped names must hit the exchanger and fail.
dns: udp://127.0.0.1:1
timeout: 2s
listener:
type: dns
hosts: my-hosts
hosts:
- name: my-hosts
mappings:
- ip: 10.0.0.100
hostname: mapped.example.com
- ip: 192.168.1.200
hostname: aaaa.mapped.example.com

View File

@ -0,0 +1,16 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: udp://dns-server:5353
timeout: 5s
listener:
type: dns
rlimiter: limiter-0
rlimiters:
- name: limiter-0
limits:
- "$ 1000"

View File

@ -0,0 +1,12 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: tcp://dns-server:5353
timeout: 5s
listener:
type: dns
metadata:
mode: tcp

View File

@ -0,0 +1,12 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: udp://dns-server:5353
timeout: 5s
listener:
type: dns
metadata:
mode: tls

View File

@ -0,0 +1,10 @@
services:
- name: dns
addr: :1053
handler:
type: dns
metadata:
dns: udp://dns-server:5353
timeout: 5s
listener:
type: dns

0
tests/e2e/testdata/file/.empty vendored 100644
View File

View File

@ -0,0 +1 @@
<html><body>gost file index</body></html>

View File

@ -0,0 +1,9 @@
services:
- name: file-server
addr: :8080
handler:
type: file
metadata:
file.dir: /srv/files
listener:
type: tcp

View File

@ -0,0 +1,15 @@
services:
- name: file-server-auth
addr: :8080
handler:
type: file
auther: auther-0
metadata:
file.dir: /srv/files
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,10 @@
services:
- name: file-server-put
addr: :8080
handler:
type: file
metadata:
file.dir: /srv/files
file.put: true
listener:
type: tcp

View File

@ -0,0 +1,11 @@
services:
- name: forward-tcp
addr: :8000
handler:
type: tcp
listener:
type: tcp
forwarder:
nodes:
- name: echo
addr: tcp-echo:5678

View File

@ -0,0 +1,20 @@
services:
- name: forward-tcp
addr: :8000
handler:
type: tcp
metadata:
sniffing: true
sniffing.timeout: 2s
listener:
type: tcp
bypass: block-all
forwarder:
nodes:
- name: echo
addr: tcp-echo:5678
bypasses:
- name: block-all
matchers:
- 0.0.0.0/0

View File

@ -0,0 +1,13 @@
services:
- name: forward-tcp
addr: :8000
handler:
type: tcp
metadata:
idleTimeout: 3s
listener:
type: tcp
forwarder:
nodes:
- name: echo
addr: tcp-echo:5678

View File

@ -0,0 +1,18 @@
services:
- name: forward-tcp
addr: :8000
handler:
type: tcp
metadata:
sniffing: true
sniffing.timeout: 2s
listener:
type: tcp
forwarder:
nodes:
- name: echo-http
addr: tcp-echo:5678
protocol: http
- name: echo-tls
addr: tcp-echo:1
protocol: tls

View File

@ -0,0 +1,14 @@
services:
- name: forward-tcp
addr: :8000
handler:
type: tcp
metadata:
sniffing: true
sniffing.timeout: 2s
listener:
type: tcp
forwarder:
nodes:
- name: echo
addr: tcp-echo:5678

View File

@ -0,0 +1,11 @@
services:
- name: udp-forward
addr: :9000
handler:
type: udp
listener:
type: udp
forwarder:
nodes:
- name: echo
addr: udp-echo:5679

View File

@ -0,0 +1,15 @@
services:
- name: udp-forward
addr: :9000
handler:
type: udp
metadata:
stateless: true
listener:
type: udp
metadata:
stateless: true
forwarder:
nodes:
- name: echo
addr: udp-echo:5679

View File

@ -0,0 +1,20 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: http-chain
listener:
type: tcp
chains:
- name: http-chain
hops:
- name: hop-0
nodes:
- name: node-0
addr: {{.ServerAddr}}
connector:
type: http
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: http-chain
listener:
type: tcp
chains:
- name: http-chain
hops:
- name: hop-0
nodes:
- name: node-0
addr: {{.ServerAddr}}
connector:
type: http
auth:
username: user
password: pass
dialer:
type: tcp

View File

@ -0,0 +1,20 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: https-chain
listener:
type: tcp
chains:
- name: https-chain
hops:
- name: hop-0
nodes:
- name: node-0
addr: {{.ServerAddr}}
connector:
type: http
dialer:
type: tls

View File

@ -0,0 +1 @@
<html><body>decoy-response</body></html>

View File

@ -0,0 +1,7 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
listener:
type: tcp

View File

@ -0,0 +1,16 @@
services:
- name: http-proxy-auth
addr: :8080
handler:
type: http
auther: auther-0
metadata:
# authBasicRealm: custom realm in 407 Proxy-Authenticate header
authBasicRealm: gost-e2e-realm
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,12 @@
services:
- name: http-connect
addr: :8080
handler:
type: http
metadata:
# sniffing: enable protocol sniffing on CONNECT tunnels
sniffing: true
# sniffing.timeout: timeout for initial sniff read (2s)
sniffing.timeout: 2s
listener:
type: tcp

View File

@ -0,0 +1,20 @@
bypasses:
- name: bypass-0
matchers:
- 0.0.0.0/0
services:
- name: http-connect-bypass
addr: :8080
handler:
type: http
auther: auther-0
listener:
type: tcp
bypass: bypass-0
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,25 @@
bypasses:
- name: bypass-0
matchers:
- 0.0.0.0/0
services:
- name: http-headers
addr: :8080
handler:
type: http
auther: auther-0
metadata:
header:
X-Proxy-Info: gost-e2e
X-Custom: test-value
proxyAgent: gost-e2e/1.0
listener:
type: tcp
bypass: bypass-0
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,9 @@
services:
- name: http-idle
addr: :8080
handler:
type: http
metadata:
idleTimeout: 3s
listener:
type: tcp

View File

@ -0,0 +1,20 @@
services:
- name: http-proxy-meta
addr: :8080
handler:
type: http
auther: auther-0
metadata:
# probeResist: decoy response on auth failure (code:404 hides the proxy)
probeResist: code:404
# keepalive: enable HTTP keep-alive on upstream transport (parse test)
keepalive: true
# compression: enable HTTP compression on upstream transport (parse test)
compression: true
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,16 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
auther: auther-0
metadata:
probeResist: file:/tmp/decoy.html
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,16 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
auther: auther-0
metadata:
probeResist: host:tcp-echo:5678
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,17 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
auther: auther-0
metadata:
probeResist: code:404
knock: secret.example.com
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,16 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
auther: auther-0
metadata:
probeResist: web:tcp-echo:5678
listener:
type: tcp
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,7 @@
services:
- name: https-server
addr: :8443
handler:
type: http
listener:
type: tls

View File

@ -0,0 +1,9 @@
services:
- name: http-udp
addr: :8080
handler:
type: http
metadata:
udp: true
listener:
type: tcp

View File

@ -0,0 +1,20 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: h2-chain
listener:
type: tcp
chains:
- name: h2-chain
hops:
- name: hop-0
nodes:
- name: node-0
addr: {{.ServerAddr}}
connector:
type: http2
dialer:
type: http2

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: h2-chain
listener:
type: tcp
chains:
- name: h2-chain
hops:
- name: hop-0
nodes:
- name: node-0
addr: {{.ServerAddr}}
connector:
type: http2
auth:
username: user
password: pass
dialer:
type: http2

View File

@ -0,0 +1,7 @@
services:
- name: h2-proxy
addr: :8443
handler:
type: http2
listener:
type: http2

View File

@ -0,0 +1,18 @@
services:
- name: h2-proxy-auth
addr: :8443
handler:
type: http2
auther: auther-0
metadata:
# authBasicRealm: custom realm in 407 Proxy-Authenticate header
authBasicRealm: gost-e2e-realm
# hash: pin upstream selection by request host (metadata parse coverage)
hash: host
listener:
type: http2
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,20 @@
bypasses:
- name: bypass-0
matchers:
- 0.0.0.0/0
services:
- name: h2-proxy-bypass
addr: :8443
handler:
type: http2
auther: auther-0
listener:
type: http2
bypass: bypass-0
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,20 @@
services:
- name: h2-proxy-pr
addr: :8443
handler:
type: http2
auther: auther-0
metadata:
# probeResist: hide the proxy behind a 404 decoy on auth failure
probeResist: code:404
# header: custom response headers set on proxy responses
header:
X-Proxy-Info: gost-e2e
authBasicRealm: gost-e2e-realm
listener:
type: http2
authers:
- name: auther-0
auths:
- username: user
password: pass

View File

@ -0,0 +1,17 @@
services:
- name: https-mtls
addr: :8443
handler:
type: http
auther: auther-0
listener:
type: tls
tls:
certFile: /certs/server.pem
keyFile: /certs/server-key.pem
caFile: /certs/ca.pem
authers:
- name: auther-0
plugin:
type: http
addr: http://{{.ServerAddr}}:9000/auth

View File

@ -0,0 +1,30 @@
services:
- name: proxy
addr: :8080
handler:
type: http
chain: my-chain
listener:
type: tcp
- name: dummy-1
addr: :18081
handler:
type: http
chains:
- name: my-chain
hops:
- name: hop-1
selector:
strategy: parallel
nodes:
- name: node-1
addr: 127.0.0.1:18081
connector:
type: http
# non existed node
- name: node-2
addr: 127.0.0.1:18082
connector:
type: http

View File

@ -0,0 +1,20 @@
services:
- name: pht-proxy
addr: :8080
handler:
type: http
chain: pht-chain
listener:
type: tcp
chains:
- name: pht-chain
hops:
- name: pht-hop
nodes:
- name: pht-node
addr: {{.ServerAddr}}
connector:
type: http
dialer:
type: pht

View File

@ -0,0 +1,20 @@
services:
- name: phts-proxy
addr: :8080
handler:
type: http
chain: phts-chain
listener:
type: tcp
chains:
- name: phts-chain
hops:
- name: phts-hop
nodes:
- name: phts-node
addr: {{.ServerAddr}}
connector:
type: http
dialer:
type: phts

View File

@ -0,0 +1,7 @@
services:
- name: pht-server
addr: :8443
handler:
type: http
listener:
type: pht

View File

@ -0,0 +1,7 @@
services:
- name: phts-server
addr: :8443
handler:
type: http
listener:
type: phts

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: 2022-blake3-aes-128-gcm
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: 2022-blake3-aes-128-gcm
password: MTIzNDU2Nzg5MDEyMzQ1Ng==:Vbwi6yqCwvPMPR1bCi32Dg==
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: 2022-blake3-aes-256-gcm
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: 2022-blake3-aes-256-gcm
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=:YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: aes-256-gcm
password: secret
dialer:
type: tcp

View File

@ -0,0 +1,23 @@
services:
- name: http-proxy
addr: :8080
handler:
type: http
chain: ss-tcp-chain
listener:
type: tcp
chains:
- name: ss-tcp-chain
hops:
- name: ss-hop
nodes:
- name: ss-node
addr: {{.ServerAddr}}
connector:
type: ss
auth:
username: chacha20-ietf-poly1305
password: secret
dialer:
type: tcp

View File

@ -0,0 +1,10 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: 2022-blake3-aes-128-gcm
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
listener:
type: tcp

View File

@ -0,0 +1,13 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: 2022-blake3-aes-128-gcm
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
metadata:
users:
test: Vbwi6yqCwvPMPR1bCi32Dg==
listener:
type: tcp

View File

@ -0,0 +1,10 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: 2022-blake3-aes-256-gcm
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
listener:
type: tcp

View File

@ -0,0 +1,13 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: 2022-blake3-aes-256-gcm
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
metadata:
users:
test: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
listener:
type: tcp

View File

@ -0,0 +1,10 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: aes-256-gcm
password: secret
listener:
type: tcp

View File

@ -0,0 +1,10 @@
services:
- name: ss-server
addr: :8388
handler:
type: ss
auth:
username: chacha20-ietf-poly1305
password: secret
listener:
type: tcp

View File

@ -0,0 +1,27 @@
services:
- name: udp-proxy
addr: :9000
handler:
type: udp
chain: ssu-chain
forwarder:
nodes:
- name: udp-echo
addr: udp-echo:5679
listener:
type: udp
chains:
- name: ssu-chain
hops:
- name: ssu-hop
nodes:
- name: ssu-node
addr: {{.ServerAddr}}
connector:
type: ssu
auth:
username: 2022-blake3-aes-128-gcm
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
dialer:
type: udp

Some files were not shown because too many files have changed in this diff Show More