mirror of https://github.com/go-gost/gost.git
Compare commits
72 Commits
| Author | SHA1 | Date |
|---|---|---|
|
|
7643e16cca | |
|
|
64b71bd8a6 | |
|
|
ccf2989bc0 | |
|
|
d54a896a81 | |
|
|
6b7dbf08fa | |
|
|
dd56308b2e | |
|
|
eb9dbb1807 | |
|
|
02dc900686 | |
|
|
bb912edecc | |
|
|
ffb61cc19f | |
|
|
a864cbcfe5 | |
|
|
b139ed5968 | |
|
|
43724a5c40 | |
|
|
0bb9109c71 | |
|
|
a0427be086 | |
|
|
590c6f48bd | |
|
|
69b561f944 | |
|
|
3c87a8b96e | |
|
|
c9cfc440ad | |
|
|
c305f93703 | |
|
|
f638d8081f | |
|
|
286c1615fd | |
|
|
b985e5138c | |
|
|
b628475871 | |
|
|
43dd0a6958 | |
|
|
9d00ad8c8f | |
|
|
1bebce0ed7 | |
|
|
1178c4757f | |
|
|
73069f50e3 | |
|
|
06ec0097f9 | |
|
|
396b0977bd | |
|
|
604dccc7b0 | |
|
|
6d80e06ab3 | |
|
|
e2447ce578 | |
|
|
811420e923 | |
|
|
374b46dfe1 | |
|
|
22edb92084 | |
|
|
78a0a8c734 | |
|
|
41e1878ebc | |
|
|
5639c90e98 | |
|
|
36abf9bcd9 | |
|
|
d584b7ac61 | |
|
|
56e2a1c496 | |
|
|
b0bea19275 | |
|
|
cd64f2edd3 | |
|
|
5f04c84e32 | |
|
|
600a64e611 | |
|
|
3d6b16686b | |
|
|
44684d40c3 | |
|
|
2be36abe75 | |
|
|
8db62785fa | |
|
|
8740e6f258 | |
|
|
d4c9ef5056 | |
|
|
c06eb0d331 | |
|
|
c8b48dc248 | |
|
|
45d94cf391 | |
|
|
bc96fe3918 | |
|
|
646d3f906c | |
|
|
4c69940f1e | |
|
|
3d1f6fcbbb | |
|
|
e388426ec6 | |
|
|
340ba32ef0 | |
|
|
96551d5fa5 | |
|
|
8d05a6ed93 | |
|
|
0348a16aa9 | |
|
|
50934e0978 | |
|
|
c2ed9c6f07 | |
|
|
3b9da4e260 | |
|
|
f0a67a1108 | |
|
|
59c9638ce6 | |
|
|
49fa28882f | |
|
|
08c617b54e |
|
|
@ -10,50 +10,42 @@ on:
|
|||
tags:
|
||||
- 'v*'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
# New pushes cancel an in-progress build for the same ref. Tags are isolated
|
||||
# by ref, so re-pushing a release tag only de-dupes itself, never another tag.
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Prepare
|
||||
id: prepare
|
||||
run: |
|
||||
DOCKER_IMAGE=${{ secrets.DOCKER_IMAGE }}
|
||||
VERSION=latest
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# If this is git tag, use the tag name as a docker tag
|
||||
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
||||
VERSION=${GITHUB_REF#refs/tags/v}
|
||||
fi
|
||||
TAGS="${DOCKER_IMAGE}:${VERSION}"
|
||||
|
||||
# If the VERSION looks like a version number, assume that
|
||||
# this is the most recent version of the image and also
|
||||
# tag it 'latest'.
|
||||
if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
||||
MAJOR_VERSION=`echo $VERSION | awk '{split($0,a,"."); print a[1]}'`
|
||||
MINOR_VERSION=`echo $VERSION | awk '{split($0,a,"."); print a[2]}'`
|
||||
TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR_VERSION},${DOCKER_IMAGE}:${MAJOR_VERSION}.${MINOR_VERSION},${DOCKER_IMAGE}:latest"
|
||||
fi
|
||||
|
||||
# Set output parameters.
|
||||
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
|
||||
echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT
|
||||
echo "docker_platforms=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/s390x,linux/riscv64" >> $GITHUB_OUTPUT
|
||||
# Auto-generates image tags, replacing the former hand-rolled shell:
|
||||
# - master push -> :latest
|
||||
# - clean release tag vX.Y.Z -> :X.Y.Z :X :X.Y :latest
|
||||
# - nightly tag vX.Y.Z-nightly.<date> -> :X.Y.Z-nightly.<date> (no major/minor/latest)
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ secrets.DOCKER_IMAGE }}
|
||||
flavor: latest=false
|
||||
tags: |
|
||||
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || (startsWith(github.ref, 'refs/tags/v') && !contains(github.ref_name, '-')) }}
|
||||
type=semver,pattern={{version}}
|
||||
type=semver,pattern={{major}},enable=${{ !contains(github.ref_name, '-') }}
|
||||
type=semver,pattern={{major}}.{{minor}},enable=${{ !contains(github.ref_name, '-') }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Environment
|
||||
run: |
|
||||
echo home=$HOME
|
||||
echo git_ref=$GITHUB_REF
|
||||
echo git_sha=$GITHUB_SHA
|
||||
echo image=${{ steps.prepare.outputs.docker_image }}
|
||||
echo tags=${{ steps.prepare.outputs.tags }}
|
||||
echo platforms=${{ steps.prepare.outputs.docker_platforms }}
|
||||
echo avail_platforms=${{ steps.buildx.outputs.platforms }}
|
||||
|
||||
- name: Login to DockerHub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v3
|
||||
|
|
@ -64,6 +56,9 @@ jobs:
|
|||
- name: Buildx and push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
platforms: ${{ steps.prepare.outputs.docker_platforms }}
|
||||
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/s390x,linux/riscv64
|
||||
push: true
|
||||
tags: ${{ steps.prepare.outputs.tags }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
# Reuse build layers across runs via the GitHub Actions cache.
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
|
|
|||
|
|
@ -8,8 +8,11 @@ on:
|
|||
|
||||
permissions:
|
||||
contents: write
|
||||
# packages: write
|
||||
# issues: write
|
||||
|
||||
# Never cancel an in-flight release; only de-dupe a re-pushed tag.
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
goreleaser:
|
||||
|
|
@ -21,14 +24,9 @@ jobs:
|
|||
- run: git fetch --force --tags
|
||||
- uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '1.24'
|
||||
go-version: '1.26'
|
||||
cache: true
|
||||
- name: Install UPX
|
||||
uses: crazy-max/ghaction-upx@v3
|
||||
with:
|
||||
install-only: true
|
||||
# More assembly might be required: Docker logins, GPG, etc. It all depends
|
||||
# on your needs.
|
||||
# UPX is disabled in .goreleaser.yaml (see #863); the install step was removed.
|
||||
- uses: goreleaser/goreleaser-action@v6
|
||||
with:
|
||||
# either 'goreleaser' (default) or 'goreleaser-pro':
|
||||
|
|
|
|||
|
|
@ -6,6 +6,11 @@ on:
|
|||
- cron: '00 15 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
# Only one nightly run at a time; a new run cancels a stale one.
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
check_date:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -17,10 +22,12 @@ jobs:
|
|||
- name: print latest_commit
|
||||
run: echo ${{ github.sha }}
|
||||
- id: should_run
|
||||
continue-on-error: true
|
||||
name: check latest commit is less than a day
|
||||
name: Skip if no commit in the last 24 hours
|
||||
if: ${{ github.event_name == 'schedule' }}
|
||||
run: test -z $(git rev-list --after="24 hours" ${{ github.sha }}) && echo "should_run=false" >> $GITHUB_OUTPUT
|
||||
run: |
|
||||
if [ "$(git rev-list --count --after='24 hours' ${{ github.sha }})" -eq 0 ]; then
|
||||
echo "should_run=false" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
trigger-nightly:
|
||||
needs: check_date
|
||||
|
|
@ -52,10 +59,13 @@ jobs:
|
|||
git tag -a $TAG -m "$TAG: nightly build"
|
||||
git push origin $TAG
|
||||
- name: 'Clean up nightly releases'
|
||||
uses: dev-drprasad/delete-older-releases@v0.3.3
|
||||
with:
|
||||
keep_latest: 2
|
||||
delete_tags: true
|
||||
delete_tag_pattern: nightly
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.NIGHTLY_BUILD_GH_TOKEN }}
|
||||
GH_TOKEN: ${{ secrets.NIGHTLY_BUILD_GH_TOKEN }}
|
||||
run: |
|
||||
# Keep the 2 most recent nightly releases; delete the rest and their tags.
|
||||
# Replaces the archived dev-drprasad/delete-older-releases action.
|
||||
gh release list --json tagName,createdAt --limit 100 \
|
||||
--jq '[.[] | select(.tagName | test("nightly"))] | sort_by(.createdAt) | reverse | .[2:] | .[].tagName' \
|
||||
| while read -r tag; do
|
||||
gh release delete "$tag" --yes --cleanup-tag || true
|
||||
done
|
||||
|
|
@ -32,9 +32,10 @@ _testmain.go
|
|||
*.bak
|
||||
|
||||
cmd/gost/gost
|
||||
gost
|
||||
snap
|
||||
|
||||
*.pem
|
||||
*.yaml
|
||||
/*.yaml
|
||||
*.txt
|
||||
dist/
|
||||
|
|
|
|||
|
|
@ -35,69 +35,15 @@ builds:
|
|||
- windows_amd64
|
||||
- windows_amd64_v3
|
||||
- windows_arm64
|
||||
- android_arm64
|
||||
ldflags:
|
||||
- "-s -w -X 'main.version={{ .Tag }}'"
|
||||
|
||||
upx:
|
||||
- # Whether to enable it or not.
|
||||
#
|
||||
# Templates: allowed.
|
||||
enabled: true
|
||||
|
||||
# Filter by build ID.
|
||||
# ids: [build1, build2]
|
||||
|
||||
# Filter by GOOS.
|
||||
goos: [linux]
|
||||
|
||||
# Filter by GOARCH.
|
||||
goarch: [arm, arm64, amd64]
|
||||
|
||||
# Filter by GOARM.
|
||||
# goarm: [8]
|
||||
|
||||
# Filter by GOAMD64.
|
||||
# goamd64: [v1]
|
||||
|
||||
# Compress argument.
|
||||
# Valid options are from '1' (faster) to '9' (better), and 'best'.
|
||||
compress: best
|
||||
|
||||
# Whether to try LZMA (slower).
|
||||
lzma: true
|
||||
|
||||
# Whether to try all methods and filters (slow).
|
||||
brute: true
|
||||
|
||||
- # Whether to enable it or not.
|
||||
#
|
||||
# Templates: allowed.
|
||||
enabled: true
|
||||
|
||||
# Filter by build ID.
|
||||
# ids: [build1, build2]
|
||||
|
||||
# Filter by GOOS.
|
||||
goos: [windows]
|
||||
|
||||
# Filter by GOARCH.
|
||||
goarch: [amd64]
|
||||
|
||||
# Filter by GOARM.
|
||||
# goarm: [8]
|
||||
|
||||
# Filter by GOAMD64.
|
||||
# goamd64: [v1]
|
||||
|
||||
# Compress argument.
|
||||
# Valid options are from '1' (faster) to '9' (better), and 'best'.
|
||||
compress: best
|
||||
|
||||
# Whether to try LZMA (slower).
|
||||
lzma: true
|
||||
|
||||
# Whether to try all methods and filters (slow).
|
||||
brute: true
|
||||
- # UPX compression. Disabled by default (see #863): upx --best/--lzma/--brute
|
||||
# adds ~3s startup time on low-spec systems (linux/arm). Release builds can
|
||||
# opt in via GORELEASER_UPX=true environment variable.
|
||||
enabled: false
|
||||
|
||||
archives:
|
||||
- format: tar.gz
|
||||
|
|
|
|||
|
|
@ -0,0 +1,66 @@
|
|||
# CLAUDE.md — gost/
|
||||
|
||||
CLI binary entry point for GOST (GO Simple Tunnel). This module compiles the `gost` command.
|
||||
|
||||
## Build & Run
|
||||
|
||||
```bash
|
||||
cd gost && go build ./cmd/gost/...
|
||||
|
||||
# Cross-compile
|
||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" ./cmd/gost/...
|
||||
|
||||
# Build all platforms
|
||||
make all
|
||||
|
||||
# Run
|
||||
./gost -L "http://:8080" -F "socks5://:1080"
|
||||
./gost -C gost.yml
|
||||
```
|
||||
|
||||
## Structure
|
||||
|
||||
| File | Purpose |
|
||||
|------|---------|
|
||||
| `cmd/gost/main.go` | CLI entry point: flag parsing, multi-worker mode (`--` separator), program launch via `svc.Run` |
|
||||
| `cmd/gost/program.go` | Service lifecycle (`Init`/`Start`/`Stop`), config loading, API/metrics/profiling servers, SIGHUP reload |
|
||||
| `cmd/gost/register.go` | Blank imports for all built-in handlers, listeners, dialers, connectors — triggers `init()` registration |
|
||||
| `cmd/gost/version.go` | Version string (`3.3.0`) |
|
||||
|
||||
## CLI Flags
|
||||
|
||||
| Flag | Usage |
|
||||
|------|-------|
|
||||
| `-L` | Inline service definition (repeatable) |
|
||||
| `-F` | Inline chain node definition (repeatable) |
|
||||
| `-C` | Path to config file (YAML/JSON) |
|
||||
| `-D` / `-DD` | Debug / trace logging |
|
||||
| `-api` | API service address (e.g. `:8080`) |
|
||||
| `-metrics` | Prometheus metrics address |
|
||||
| `-O` | Output merged config as yaml or json, then exit |
|
||||
| `-V` | Print version and exit |
|
||||
|
||||
## Multi-Worker Mode
|
||||
|
||||
Arguments separated by ` -- ` spawn multiple worker processes via `exec.CommandContext`. Each worker runs as a child process with `_GOST_ID` set. Any worker's exit cancels all others. This is triggered in `init()` before flag parsing.
|
||||
|
||||
## Service Lifecycle
|
||||
|
||||
- `Init` → calls `parser.Init()` with all CLI/config inputs
|
||||
- `Start` → `parser.Parse()` → `loader.Load()` → `p.run()` (starts services, API, metrics, profiling)
|
||||
- `Stop` → cancels reload context, closes all services
|
||||
- SIGHUP → `reloadConfig()` re-parses and re-runs without restarting the process
|
||||
|
||||
## Key Dependencies
|
||||
|
||||
- `github.com/go-gost/core` — interface definitions
|
||||
- `github.com/go-gost/x` — all implementations, config, registry
|
||||
- `github.com/judwhite/go-svc` — OS service framework (handles daemon/SIGHUP/SIGTERM)
|
||||
|
||||
## Registration Pattern
|
||||
|
||||
All components register via `init()` side-effects in their packages. `cmd/gost/register.go` triggers them with blank imports. When adding a new built-in handler/listener/dialer/connector, add a blank import here.
|
||||
|
||||
## Tests
|
||||
|
||||
Tests are in `tests/e2e/` — integration tests using the built binary. No unit tests. Run with `go test ./tests/e2e/...`.
|
||||
17
Dockerfile
17
Dockerfile
|
|
@ -1,9 +1,11 @@
|
|||
FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.6.1 AS xx
|
||||
|
||||
FROM --platform=$BUILDPLATFORM golang:1.24-alpine3.22 AS builder
|
||||
FROM --platform=$BUILDPLATFORM golang:1.26-alpine3.23 AS builder
|
||||
|
||||
# add upx for binary compression
|
||||
RUN apk add --no-cache upx || echo "upx not found"
|
||||
# UPX compression disabled by default (see #863): upx --best adds ~3s startup
|
||||
# time on low-spec systems (linux/arm). Builds can opt in by uncommenting the
|
||||
# upx install line and adding upx --best to the build command below.
|
||||
# RUN apk add --no-cache upx || echo "upx not found"
|
||||
|
||||
COPY --from=xx / /
|
||||
|
||||
|
|
@ -21,13 +23,12 @@ COPY . .
|
|||
|
||||
RUN cd cmd/gost && \
|
||||
xx-go build -ldflags "-s -w" && \
|
||||
xx-verify gost && \
|
||||
{ upx --best gost || true; }
|
||||
xx-verify gost
|
||||
|
||||
FROM alpine:3.22
|
||||
FROM alpine:3.23
|
||||
|
||||
# add iptables for tun/tap
|
||||
RUN apk add --no-cache iptables
|
||||
# add iptables/nftables for tun/tap
|
||||
RUN apk add --no-cache iptables nftables
|
||||
|
||||
WORKDIR /bin/
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ import (
|
|||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/logger"
|
||||
xlogger "github.com/go-gost/x/logger"
|
||||
|
|
@ -28,7 +30,7 @@ func (l *stringList) Set(value string) error {
|
|||
}
|
||||
|
||||
var (
|
||||
cfgFile string
|
||||
cfgFiles stringList
|
||||
outputFormat string
|
||||
services stringList
|
||||
nodes stringList
|
||||
|
|
@ -36,6 +38,7 @@ var (
|
|||
trace bool
|
||||
apiAddr string
|
||||
metricsAddr string
|
||||
reload time.Duration
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -46,39 +49,43 @@ func init() {
|
|||
if strings.Contains(args, " -- ") {
|
||||
var (
|
||||
wg sync.WaitGroup
|
||||
ret int
|
||||
ret atomic.Int32
|
||||
)
|
||||
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
wargsList := strings.Split(" "+args+" ", " -- ")
|
||||
|
||||
for wid, wargs := range strings.Split(" "+args+" ", " -- ") {
|
||||
wg.Add(1)
|
||||
go func(wid int, wargs string) {
|
||||
defer wg.Done()
|
||||
defer cancel()
|
||||
worker(wid, strings.Split(wargs, " "), &ctx, &ret)
|
||||
}(wid, strings.TrimSpace(wargs))
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
|
||||
for wid, wargs := range wargsList {
|
||||
wg.Go(func() {
|
||||
worker(wid, strings.Split(strings.TrimSpace(wargs), " "), ctx, &ret)
|
||||
})
|
||||
}
|
||||
|
||||
wg.Wait()
|
||||
cancel()
|
||||
|
||||
os.Exit(ret)
|
||||
os.Exit(int(ret.Load()))
|
||||
}
|
||||
}
|
||||
|
||||
func worker(id int, args []string, ctx *context.Context, ret *int) {
|
||||
cmd := exec.CommandContext(*ctx, os.Args[0], args...)
|
||||
func worker(id int, args []string, ctx context.Context, ret *atomic.Int32) {
|
||||
cmd := exec.CommandContext(ctx, os.Args[0], args...)
|
||||
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
cmd.Env = append(os.Environ(), fmt.Sprintf("_GOST_ID=%d", id))
|
||||
|
||||
if err := cmd.Run(); err != nil {
|
||||
// Context cancellation is expected when one worker exits early.
|
||||
// Only log fatal on other errors.
|
||||
if ctx.Err() == nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
if cmd.ProcessState.Exited() {
|
||||
*ret = cmd.ProcessState.ExitCode()
|
||||
return
|
||||
}
|
||||
if cmd.ProcessState != nil && cmd.ProcessState.Exited() {
|
||||
ret.Store(int32(cmd.ProcessState.ExitCode()))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -87,13 +94,14 @@ func init() {
|
|||
|
||||
flag.Var(&services, "L", "service list")
|
||||
flag.Var(&nodes, "F", "chain node list")
|
||||
flag.StringVar(&cfgFile, "C", "", "configuration file")
|
||||
flag.Var(&cfgFiles, "C", "config file(s), URL(s), or inline JSON")
|
||||
flag.BoolVar(&printVersion, "V", false, "print version")
|
||||
flag.StringVar(&outputFormat, "O", "", "output format, one of yaml|json format")
|
||||
flag.BoolVar(&debug, "D", false, "debug mode")
|
||||
flag.BoolVar(&trace, "DD", false, "trace mode")
|
||||
flag.StringVar(&apiAddr, "api", "", "api service address")
|
||||
flag.StringVar(&metricsAddr, "metrics", "", "metrics service address")
|
||||
flag.DurationVar(&reload, "R", 0, "auto reload period (e.g. 30s, 1m)")
|
||||
flag.Parse()
|
||||
|
||||
if printVersion {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"os/signal"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/logger"
|
||||
|
|
@ -34,7 +35,7 @@ type program struct {
|
|||
|
||||
func (p *program) Init(env svc.Environment) error {
|
||||
parser.Init(parser.Args{
|
||||
CfgFile: cfgFile,
|
||||
CfgFiles: cfgFiles,
|
||||
Services: services,
|
||||
Nodes: nodes,
|
||||
Debug: debug,
|
||||
|
|
@ -61,6 +62,12 @@ func (p *program) Start() error {
|
|||
|
||||
config.Set(cfg)
|
||||
|
||||
// Enable metrics before loading services so that listener wrappers
|
||||
// can observe the enabled state at Init time.
|
||||
if cfg.Metrics != nil && cfg.Metrics.Addr != "" {
|
||||
xmetrics.Enable(true)
|
||||
}
|
||||
|
||||
if err := loader.Load(cfg); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -120,8 +127,6 @@ func (p *program) run(cfg *config.Config) error {
|
|||
|
||||
p.srvMetrics = s
|
||||
|
||||
xmetrics.Enable(true)
|
||||
|
||||
go func() {
|
||||
defer s.Close()
|
||||
|
||||
|
|
@ -193,6 +198,13 @@ func (p *program) reload(ctx context.Context) {
|
|||
c := make(chan os.Signal, 1)
|
||||
signal.Notify(c, syscall.SIGHUP)
|
||||
|
||||
var ticker <-chan time.Time
|
||||
if reload > 0 {
|
||||
t := time.NewTicker(reload)
|
||||
defer t.Stop()
|
||||
ticker = t.C
|
||||
}
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-c:
|
||||
|
|
@ -202,6 +214,13 @@ func (p *program) reload(ctx context.Context) {
|
|||
logger.Default().Info("config reloaded")
|
||||
}
|
||||
|
||||
case <-ticker:
|
||||
if err := p.reloadConfig(); err != nil {
|
||||
logger.Default().Errorf("auto reload: %v", err)
|
||||
} else {
|
||||
logger.Default().Debug("config auto reloaded")
|
||||
}
|
||||
|
||||
case <-ctx.Done():
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
_ "github.com/go-gost/x/connector/forward"
|
||||
_ "github.com/go-gost/x/connector/http"
|
||||
_ "github.com/go-gost/x/connector/http2"
|
||||
_ "github.com/go-gost/x/connector/masque"
|
||||
_ "github.com/go-gost/x/connector/relay"
|
||||
_ "github.com/go-gost/x/connector/router"
|
||||
_ "github.com/go-gost/x/connector/serial"
|
||||
|
|
@ -27,6 +28,7 @@ import (
|
|||
_ "github.com/go-gost/x/dialer/http2"
|
||||
_ "github.com/go-gost/x/dialer/http2/h2"
|
||||
_ "github.com/go-gost/x/dialer/http3"
|
||||
_ "github.com/go-gost/x/dialer/http3/masque"
|
||||
_ "github.com/go-gost/x/dialer/http3/wt"
|
||||
_ "github.com/go-gost/x/dialer/icmp"
|
||||
_ "github.com/go-gost/x/dialer/kcp"
|
||||
|
|
@ -44,6 +46,7 @@ import (
|
|||
_ "github.com/go-gost/x/dialer/tls"
|
||||
_ "github.com/go-gost/x/dialer/udp"
|
||||
_ "github.com/go-gost/x/dialer/unix"
|
||||
_ "github.com/go-gost/x/dialer/utls"
|
||||
_ "github.com/go-gost/x/dialer/ws"
|
||||
|
||||
// Register handlers
|
||||
|
|
@ -56,6 +59,7 @@ import (
|
|||
_ "github.com/go-gost/x/handler/http"
|
||||
_ "github.com/go-gost/x/handler/http2"
|
||||
_ "github.com/go-gost/x/handler/http3"
|
||||
_ "github.com/go-gost/x/handler/masque"
|
||||
_ "github.com/go-gost/x/handler/metrics"
|
||||
_ "github.com/go-gost/x/handler/redirect/tcp"
|
||||
_ "github.com/go-gost/x/handler/redirect/udp"
|
||||
|
|
@ -97,7 +101,9 @@ import (
|
|||
_ "github.com/go-gost/x/listener/redirect/udp"
|
||||
_ "github.com/go-gost/x/listener/rtcp"
|
||||
_ "github.com/go-gost/x/listener/rudp"
|
||||
_ "github.com/go-gost/x/listener/runix"
|
||||
_ "github.com/go-gost/x/listener/serial"
|
||||
_ "github.com/go-gost/x/listener/stdio"
|
||||
_ "github.com/go-gost/x/listener/ssh"
|
||||
_ "github.com/go-gost/x/listener/sshd"
|
||||
_ "github.com/go-gost/x/listener/tap"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
package main
|
||||
|
||||
var (
|
||||
version = "3.2.2"
|
||||
version = "3.3.0"
|
||||
)
|
||||
|
|
|
|||
139
go.mod
139
go.mod
|
|
@ -1,44 +1,67 @@
|
|||
module github.com/go-gost/gost
|
||||
|
||||
go 1.24
|
||||
|
||||
toolchain go1.24.5
|
||||
go 1.26.3
|
||||
|
||||
require (
|
||||
github.com/go-gost/core v0.3.2
|
||||
github.com/go-gost/x v0.7.2
|
||||
github.com/go-gost/core v0.5.3
|
||||
github.com/go-gost/x v0.13.12
|
||||
github.com/judwhite/go-svc v1.2.1
|
||||
github.com/moby/moby/client v0.4.0
|
||||
github.com/stretchr/testify v1.11.1
|
||||
github.com/testcontainers/testcontainers-go v0.42.0
|
||||
)
|
||||
|
||||
require (
|
||||
dario.cat/mergo v1.0.2 // indirect
|
||||
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
|
||||
github.com/Microsoft/go-winio v0.6.2 // indirect
|
||||
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
|
||||
github.com/alessio/shellescape v1.4.1 // indirect
|
||||
github.com/andybalholm/brotli v1.0.6 // indirect
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/bytedance/sonic v1.11.6 // indirect
|
||||
github.com/bytedance/sonic/loader v0.1.1 // indirect
|
||||
github.com/bytedance/gopkg v0.1.3 // indirect
|
||||
github.com/bytedance/sonic v1.15.0 // indirect
|
||||
github.com/bytedance/sonic/loader v0.5.0 // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||
github.com/cloudwego/base64x v0.1.4 // indirect
|
||||
github.com/cloudwego/iasm v0.2.0 // indirect
|
||||
github.com/cloudwego/base64x v0.1.6 // indirect
|
||||
github.com/containerd/errdefs v1.0.0 // indirect
|
||||
github.com/containerd/errdefs/pkg v0.3.0 // indirect
|
||||
github.com/containerd/log v0.1.0 // indirect
|
||||
github.com/containerd/platforms v0.2.1 // indirect
|
||||
github.com/coreos/go-iptables v0.5.0 // indirect
|
||||
github.com/cpuguy83/dockercfg v0.3.2 // indirect
|
||||
github.com/danieljoos/wincred v1.2.0 // indirect
|
||||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
github.com/distribution/reference v0.6.0 // indirect
|
||||
github.com/docker/go-connections v0.7.0 // indirect
|
||||
github.com/docker/go-units v0.5.0 // indirect
|
||||
github.com/dunglas/httpsfv v1.1.0 // indirect
|
||||
github.com/ebitengine/purego v0.10.0 // indirect
|
||||
github.com/felixge/httpsnoop v1.0.4 // indirect
|
||||
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.12 // indirect
|
||||
github.com/gin-contrib/cors v1.7.2 // indirect
|
||||
github.com/gin-contrib/sse v0.1.0 // indirect
|
||||
github.com/gin-gonic/gin v1.10.1 // indirect
|
||||
github.com/go-gost/gosocks4 v0.0.1 // indirect
|
||||
github.com/go-gost/gosocks5 v0.4.2 // indirect
|
||||
github.com/go-gost/plugin v0.2.0 // indirect
|
||||
github.com/go-gost/relay v0.5.0 // indirect
|
||||
github.com/go-gost/tls-dissector v0.1.1 // indirect
|
||||
github.com/gin-contrib/sse v1.1.0 // indirect
|
||||
github.com/gin-gonic/gin v1.12.0 // indirect
|
||||
github.com/go-gost/go-shadowsocks2 v0.1.3 // indirect
|
||||
github.com/go-gost/gosocks4 v0.1.0 // indirect
|
||||
github.com/go-gost/gosocks5 v0.5.0 // indirect
|
||||
github.com/go-gost/plugin v0.5.0 // indirect
|
||||
github.com/go-gost/relay v0.6.2 // indirect
|
||||
github.com/go-gost/tls-dissector v0.2.0 // indirect
|
||||
github.com/go-logr/logr v1.4.3 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
github.com/go-ole/go-ole v1.2.6 // indirect
|
||||
github.com/go-playground/locales v0.14.1 // indirect
|
||||
github.com/go-playground/universal-translator v0.18.1 // indirect
|
||||
github.com/go-playground/validator/v10 v10.20.0 // indirect
|
||||
github.com/go-playground/validator/v10 v10.30.1 // indirect
|
||||
github.com/go-redis/redis/v8 v8.11.5 // indirect
|
||||
github.com/gobwas/glob v0.2.3 // indirect
|
||||
github.com/goccy/go-json v0.10.2 // indirect
|
||||
github.com/goccy/go-json v0.10.5 // indirect
|
||||
github.com/goccy/go-yaml v1.19.2 // indirect
|
||||
github.com/godbus/dbus/v5 v5.1.0 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
github.com/google/btree v1.1.3 // indirect
|
||||
|
|
@ -50,37 +73,54 @@ require (
|
|||
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||
github.com/jonboulle/clockwork v0.2.2 // indirect
|
||||
github.com/json-iterator/go v1.1.12 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
|
||||
github.com/klauspost/compress v1.19.0 // indirect
|
||||
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
|
||||
github.com/klauspost/reedsolomon v1.11.8 // indirect
|
||||
github.com/leodido/go-urn v1.4.0 // indirect
|
||||
github.com/magiconair/properties v1.8.7 // indirect
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
|
||||
github.com/magiconair/properties v1.8.10 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/miekg/dns v1.1.61 // indirect
|
||||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/moby/docker-image-spec v1.3.1 // indirect
|
||||
github.com/moby/go-archive v0.2.0 // indirect
|
||||
github.com/moby/moby/api v1.54.1 // indirect
|
||||
github.com/moby/patternmatcher v0.6.1 // indirect
|
||||
github.com/moby/sys/sequential v0.6.0 // indirect
|
||||
github.com/moby/sys/user v0.4.0 // indirect
|
||||
github.com/moby/sys/userns v0.1.0 // indirect
|
||||
github.com/moby/term v0.5.2 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||
github.com/opencontainers/go-digest v1.0.0 // indirect
|
||||
github.com/opencontainers/image-spec v1.1.1 // indirect
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
|
||||
github.com/pion/dtls/v2 v2.2.6 // indirect
|
||||
github.com/pion/logging v0.2.2 // indirect
|
||||
github.com/pion/transport/v2 v2.0.2 // indirect
|
||||
github.com/pion/udp/v2 v2.0.1 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
|
||||
github.com/pion/dtls/v3 v3.1.1 // indirect
|
||||
github.com/pion/logging v0.2.4 // indirect
|
||||
github.com/pion/transport/v4 v4.0.1 // indirect
|
||||
github.com/pires/go-proxyproto v0.8.1 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
||||
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
|
||||
github.com/prometheus/client_golang v1.19.1 // indirect
|
||||
github.com/prometheus/client_model v0.6.0 // indirect
|
||||
github.com/prometheus/common v0.48.0 // indirect
|
||||
github.com/prometheus/procfs v0.12.0 // indirect
|
||||
github.com/quic-go/qpack v0.5.1 // indirect
|
||||
github.com/quic-go/quic-go v0.53.0 // indirect
|
||||
github.com/quic-go/webtransport-go v0.9.0 // indirect
|
||||
github.com/quic-go/qpack v0.6.0 // indirect
|
||||
github.com/quic-go/quic-go v0.59.1 // indirect
|
||||
github.com/quic-go/webtransport-go v0.10.0 // indirect
|
||||
github.com/refraction-networking/utls v1.8.2 // indirect
|
||||
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 // indirect
|
||||
github.com/rs/xid v1.3.0 // indirect
|
||||
github.com/sagikazarmark/locafero v0.4.0 // indirect
|
||||
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
|
||||
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740 // indirect
|
||||
github.com/sirupsen/logrus v1.9.3 // indirect
|
||||
github.com/shirou/gopsutil/v3 v3.24.5 // indirect
|
||||
github.com/shirou/gopsutil/v4 v4.26.3 // indirect
|
||||
github.com/shoenig/go-m1cpu v0.1.6 // indirect
|
||||
github.com/sirupsen/logrus v1.9.4 // indirect
|
||||
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 // indirect
|
||||
github.com/sourcegraph/conc v0.3.0 // indirect
|
||||
github.com/spf13/afero v1.11.0 // indirect
|
||||
|
|
@ -91,8 +131,10 @@ require (
|
|||
github.com/templexxx/cpu v0.1.1 // indirect
|
||||
github.com/templexxx/xorsimd v0.4.3 // indirect
|
||||
github.com/tjfoc/gmsm v1.4.1 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.16 // indirect
|
||||
github.com/tklauser/numcpus v0.11.0 // indirect
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
|
||||
github.com/ugorji/go/codec v1.2.12 // indirect
|
||||
github.com/ugorji/go/codec v1.3.1 // indirect
|
||||
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 // indirect
|
||||
github.com/vishvananda/netns v0.0.4 // indirect
|
||||
github.com/vulcand/predicate v1.2.0 // indirect
|
||||
|
|
@ -101,25 +143,32 @@ require (
|
|||
github.com/xtaci/smux v1.5.31 // indirect
|
||||
github.com/xtaci/tcpraw v1.2.25 // indirect
|
||||
github.com/yl2chen/cidranger v1.0.2 // indirect
|
||||
github.com/yusufpapurcu/wmi v1.2.4 // indirect
|
||||
github.com/zalando/go-keyring v0.2.4 // indirect
|
||||
go.uber.org/mock v0.5.0 // indirect
|
||||
github.com/zeebo/blake3 v0.2.4 // indirect
|
||||
go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
|
||||
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
|
||||
go.opentelemetry.io/otel v1.41.0 // indirect
|
||||
go.opentelemetry.io/otel/metric v1.41.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.41.0 // indirect
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
golang.org/x/arch v0.8.0 // indirect
|
||||
golang.org/x/crypto v0.40.0 // indirect
|
||||
golang.org/x/arch v0.22.0 // indirect
|
||||
golang.org/x/crypto v0.53.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
|
||||
golang.org/x/mod v0.25.0 // indirect
|
||||
golang.org/x/net v0.42.0 // indirect
|
||||
golang.org/x/sync v0.16.0 // indirect
|
||||
golang.org/x/sys v0.34.0 // indirect
|
||||
golang.org/x/term v0.33.0 // indirect
|
||||
golang.org/x/text v0.27.0 // indirect
|
||||
golang.org/x/time v0.11.0 // indirect
|
||||
golang.org/x/tools v0.34.0 // indirect
|
||||
golang.org/x/mod v0.36.0 // indirect
|
||||
golang.org/x/net v0.56.0 // indirect
|
||||
golang.org/x/sync v0.21.0 // indirect
|
||||
golang.org/x/sys v0.46.0 // indirect
|
||||
golang.org/x/term v0.44.0 // indirect
|
||||
golang.org/x/text v0.38.0 // indirect
|
||||
golang.org/x/time v0.12.0 // indirect
|
||||
golang.org/x/tools v0.45.0 // indirect
|
||||
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
|
||||
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
|
||||
google.golang.org/grpc v1.67.1 // indirect
|
||||
google.golang.org/protobuf v1.35.1 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
|
||||
google.golang.org/grpc v1.79.3 // indirect
|
||||
google.golang.org/protobuf v1.36.11 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
|
|
|
|||
349
go.sum
349
go.sum
|
|
@ -1,28 +1,52 @@
|
|||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
|
||||
dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
|
||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
|
||||
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
|
||||
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
|
||||
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
|
||||
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
|
||||
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
|
||||
github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
|
||||
github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
|
||||
github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
|
||||
github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
|
||||
github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
|
||||
github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
|
||||
github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
|
||||
github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
|
||||
github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
|
||||
github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
|
||||
github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
|
||||
github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
|
||||
github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
|
||||
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
|
||||
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
|
||||
github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
|
||||
github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
|
||||
github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
|
||||
github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
|
||||
github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
|
||||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
|
||||
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
|
||||
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
|
||||
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
|
||||
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
|
||||
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
|
||||
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
|
||||
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
|
||||
github.com/coreos/go-iptables v0.5.0 h1:mw6SAibtHKZcNzAsOxjoHIG0gy5YFHhypWSSNc6EjbQ=
|
||||
github.com/coreos/go-iptables v0.5.0/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
|
||||
github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
|
||||
github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
|
||||
github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
|
||||
github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
|
||||
github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
|
||||
github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
|
|
@ -31,52 +55,79 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
|
|||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
|
||||
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
|
||||
github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c=
|
||||
github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q=
|
||||
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
|
||||
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
|
||||
github.com/dunglas/httpsfv v1.1.0 h1:Jw76nAyKWKZKFrpMMcL76y35tOpYHqQPzHQiwDvpe54=
|
||||
github.com/dunglas/httpsfv v1.1.0/go.mod h1:zID2mqw9mFsnt7YC3vYQ9/cjq30q41W+1AnDwH8TiMg=
|
||||
github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU=
|
||||
github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
|
||||
github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
|
||||
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
|
||||
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
|
||||
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
|
||||
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
|
||||
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
|
||||
github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
|
||||
github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
|
||||
github.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=
|
||||
github.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
|
||||
github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
|
||||
github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
|
||||
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
|
||||
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
|
||||
github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
|
||||
github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
|
||||
github.com/go-gost/core v0.3.2 h1:AjmIYWVa5fc172zIupT3e1pdnKx76LxppGiw00uRsSA=
|
||||
github.com/go-gost/core v0.3.2/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A=
|
||||
github.com/go-gost/gosocks4 v0.0.1 h1:+k1sec8HlELuQV7rWftIkmy8UijzUt2I6t+iMPlGB2s=
|
||||
github.com/go-gost/gosocks4 v0.0.1/go.mod h1:3B6L47HbU/qugDg4JnoFPHgJXE43Inz8Bah1QaN9qCc=
|
||||
github.com/go-gost/gosocks5 v0.4.2 h1:IianxHTkACPqCwiOAT3MHoMdSUl+SEPSRu1ikawC1Pc=
|
||||
github.com/go-gost/gosocks5 v0.4.2/go.mod h1:1G6I7HP7VFVxveGkoK8mnprnJqSqJjdcASKsdUn4Pp4=
|
||||
github.com/go-gost/plugin v0.2.0 h1:Xxqq3oJi6d2dZ/PqqEpefrUckT6aVz8JUxQ/sb7tmTM=
|
||||
github.com/go-gost/plugin v0.2.0/go.mod h1:oN23l+yGDCIP9G3KnDl/I/0zVGOobZUDCB2Z5yYYXts=
|
||||
github.com/go-gost/relay v0.5.0 h1:JG1tgy/KWiVXS0ukuVXvbM0kbYuJTWxYpJ5JwzsCf/c=
|
||||
github.com/go-gost/relay v0.5.0/go.mod h1:lcX+23LCQ3khIeASBo+tJ/WbwXFO32/N5YN6ucuYTG8=
|
||||
github.com/go-gost/tls-dissector v0.1.1 h1:2zUOTPzCQAUQ54Rpy0UEi3JPMQSYsIFSeFeKrzmkCoU=
|
||||
github.com/go-gost/tls-dissector v0.1.1/go.mod h1:/9QfdewqmHdaE362Hv5nDaSWLx3pCmtD870d6GaquXs=
|
||||
github.com/go-gost/x v0.7.2 h1:kXUfqMMqzUALV+fTcubLJ0DnJuymENS767FoVD27yec=
|
||||
github.com/go-gost/x v0.7.2/go.mod h1:IayR3586oC6B9oEi0j1Q21lymu39qcXiMoQuLVwYeQ4=
|
||||
github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
|
||||
github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
|
||||
github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
|
||||
github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
|
||||
github.com/go-gost/core v0.5.3 h1:RZ/x9S2o3lDe9r9zriEpMJgxYt+1CYjrBMRs4X3bLk8=
|
||||
github.com/go-gost/core v0.5.3/go.mod h1:WGI43jOka7FAsSAwi/fSMaqxdR+E339ycb4NBGlFr6A=
|
||||
github.com/go-gost/go-shadowsocks2 v0.1.3 h1:6CUZLp+mTWXnKP2aK8/Z9ZP+ERMX9gSbywmPu4kGX/A=
|
||||
github.com/go-gost/go-shadowsocks2 v0.1.3/go.mod h1:866zFNNI3He6Wef1M/IvAjTal74WhcfKfBgRpTlkKys=
|
||||
github.com/go-gost/gosocks4 v0.1.0 h1:eAzev6qw4fzkFQKC9uCHLVNnnPdHyqCggbnfNN80Pmk=
|
||||
github.com/go-gost/gosocks4 v0.1.0/go.mod h1:hzVjwijJuZR1pp3GqpTj+AKcSGrx68RlWTrQMFMYBP0=
|
||||
github.com/go-gost/gosocks5 v0.5.0 h1:YE37l1MJwde8diIQdynStqogMotG5enoTdborhA5yic=
|
||||
github.com/go-gost/gosocks5 v0.5.0/go.mod h1:1G6I7HP7VFVxveGkoK8mnprnJqSqJjdcASKsdUn4Pp4=
|
||||
github.com/go-gost/plugin v0.5.0 h1:zK3Ezcv+z6bz6aUhaFZcZiJc42w44ohybzrj5tnWzcM=
|
||||
github.com/go-gost/plugin v0.5.0/go.mod h1:oN23l+yGDCIP9G3KnDl/I/0zVGOobZUDCB2Z5yYYXts=
|
||||
github.com/go-gost/relay v0.6.2 h1:0Rgm1TOZvrilAKj6zn+UMvAGWtS0H08e2wBX03Y6g+I=
|
||||
github.com/go-gost/relay v0.6.2/go.mod h1:Dku0f5sfjOClrZFiDmQUrYYJ4uof7rnkCUBfsl0PSAI=
|
||||
github.com/go-gost/tls-dissector v0.2.0 h1:9tE6WOzzpurATTBWn60DU4R8gibpGNY8/qVcc1SicVg=
|
||||
github.com/go-gost/tls-dissector v0.2.0/go.mod h1:/9QfdewqmHdaE362Hv5nDaSWLx3pCmtD870d6GaquXs=
|
||||
github.com/go-gost/x v0.13.9 h1:/pK8rOiueV239i0ntesDnU15UeYrq8vL6iVeGPJTzJo=
|
||||
github.com/go-gost/x v0.13.9/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
|
||||
github.com/go-gost/x v0.13.10 h1:RCd65A5KuB7ZLDw317tt9O//sjrlxijXXTO0jbpkfkY=
|
||||
github.com/go-gost/x v0.13.10/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
|
||||
github.com/go-gost/x v0.13.11 h1:508vT37VjgeGqQPBj+DG3yw0Z1TMLwKLl90wLeVknWI=
|
||||
github.com/go-gost/x v0.13.11/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
|
||||
github.com/go-gost/x v0.13.12 h1:VhL2BMyhtsMV1DEgQLOIuW26THU71PAT8nRJUmm1gmQ=
|
||||
github.com/go-gost/x v0.13.12/go.mod h1:etkIOM5JjH9pnb3UOvLKexodznKcK3oRNGniPk0AGxk=
|
||||
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
|
||||
github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
|
||||
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
|
||||
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
|
||||
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
|
||||
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
|
||||
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
||||
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
|
||||
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
|
||||
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
|
||||
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
|
||||
github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
|
||||
github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
|
||||
github.com/go-playground/validator/v10 v10.30.1 h1:f3zDSN/zOma+w6+1Wswgd9fLkdwy06ntQJp0BBvFG0w=
|
||||
github.com/go-playground/validator/v10 v10.30.1/go.mod h1:oSuBIQzuJxL//3MelwSLD5hc2Tu889bF0Idm9Dg26cM=
|
||||
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
|
||||
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
|
||||
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
|
||||
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
|
||||
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
|
||||
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
|
||||
github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
|
||||
github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
|
||||
github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
|
||||
github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
|
||||
github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
|
|
@ -90,6 +141,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
|
|||
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
|
||||
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
|
||||
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
|
||||
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
|
||||
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
|
||||
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
|
||||
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
|
||||
|
|
@ -98,8 +151,9 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
|
|||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
|
||||
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
|
||||
github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
|
||||
|
|
@ -119,20 +173,22 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
|
|||
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
|
||||
github.com/judwhite/go-svc v1.2.1 h1:a7fsJzYUa33sfDJRF2N/WXhA+LonCEEY8BJb1tuS5tA=
|
||||
github.com/judwhite/go-svc v1.2.1/go.mod h1:mo/P2JNX8C07ywpP9YtO2gnBgnUiFTHqtsZekJrUuTk=
|
||||
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
|
||||
github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
|
||||
github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
|
||||
github.com/klauspost/compress v1.19.0 h1:sXLILfc9jV2QYWkzFOPWStmcUVH2RHEB1JCdY2oVvCQ=
|
||||
github.com/klauspost/compress v1.19.0/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
|
||||
github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
|
||||
github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
|
||||
github.com/klauspost/reedsolomon v1.11.8 h1:s8RpUW5TK4hjr+djiOpbZJB4ksx+TdYbRH7vHQpwPOY=
|
||||
github.com/klauspost/reedsolomon v1.11.8/go.mod h1:4bXRN+cVzMdml6ti7qLouuYi32KHJ5MGv0Qd8a47h6A=
|
||||
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
|
||||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
|
||||
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
|
||||
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
|
||||
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
|
||||
github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
|
||||
github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
|
||||
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
|
||||
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
||||
github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
|
||||
|
|
@ -141,6 +197,24 @@ github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG
|
|||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
|
||||
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
|
||||
github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
|
||||
github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
|
||||
github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4=
|
||||
github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs=
|
||||
github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw=
|
||||
github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g=
|
||||
github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U=
|
||||
github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
|
||||
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
|
||||
github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
|
||||
github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
|
||||
github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
|
||||
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
|
||||
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
|
||||
github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
|
||||
github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
|
|
@ -152,18 +226,20 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
|||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
||||
github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
|
||||
github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
|
||||
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
|
||||
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
|
||||
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
|
||||
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
|
||||
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
|
||||
github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
|
||||
github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
|
||||
github.com/pion/dtls/v2 v2.2.6 h1:yXMxKr0Skd+Ub6A8UqXTRLSywskx93ooMRHsQUtd+Z4=
|
||||
github.com/pion/dtls/v2 v2.2.6/go.mod h1:t8fWJCIquY5rlQZwA2yWxUS1+OCrAdXrhVKXB5oD/wY=
|
||||
github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
|
||||
github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
|
||||
github.com/pion/transport/v2 v2.0.2 h1:St+8o+1PEzPT51O9bv+tH/KYYLMNR5Vwm5Z3Qkjsywg=
|
||||
github.com/pion/transport/v2 v2.0.2/go.mod h1:vrz6bUbFr/cjdwbnxq8OdDDzHf7JJfGsIRkxfpZoTA0=
|
||||
github.com/pion/udp/v2 v2.0.1 h1:xP0z6WNux1zWEjhC7onRA3EwwSliXqu1ElUZAQhUP54=
|
||||
github.com/pion/udp/v2 v2.0.1/go.mod h1:B7uvTMP00lzWdyMr/1PVZXtV3wpPIxBRd4Wl6AksXn8=
|
||||
github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
|
||||
github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
|
||||
github.com/pion/dtls/v3 v3.1.1 h1:wSLMam9Kf7DL1A74hnqRvEb9OT+aXPAsQ5VS+BdXOJ0=
|
||||
github.com/pion/dtls/v3 v3.1.1/go.mod h1:7FGvVYpHsUV6+aywaFpG7aE4Vz8nBOx74odPRFue6cI=
|
||||
github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8=
|
||||
github.com/pion/logging v0.2.4/go.mod h1:DffhXTKYdNZU+KtJ5pyQDjvOAh/GsNSyv1lbkFbe3so=
|
||||
github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k8o=
|
||||
github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM=
|
||||
github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
|
||||
github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
|
|
@ -171,6 +247,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
|
|||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
|
||||
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
|
||||
github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
|
||||
github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
|
|
@ -180,16 +258,18 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
|
|||
github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
|
||||
github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
|
||||
github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
|
||||
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
|
||||
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
|
||||
github.com/quic-go/quic-go v0.53.0 h1:QHX46sISpG2S03dPeZBgVIZp8dGagIaiu2FiVYvpCZI=
|
||||
github.com/quic-go/quic-go v0.53.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
|
||||
github.com/quic-go/webtransport-go v0.9.0 h1:jgys+7/wm6JarGDrW+lD/r9BGqBAmqY/ssklE09bA70=
|
||||
github.com/quic-go/webtransport-go v0.9.0/go.mod h1:4FUYIiUc75XSsF6HShcLeXXYZJ9AGwo/xh3L8M/P1ao=
|
||||
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
|
||||
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
|
||||
github.com/quic-go/quic-go v0.59.1 h1:0Gmua0HW1Tv7ANR7hUYwRyD0MG5OJfgvYSZasGZzBic=
|
||||
github.com/quic-go/quic-go v0.59.1/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
|
||||
github.com/quic-go/webtransport-go v0.10.0 h1:LqXXPOXuETY5Xe8ITdGisBzTYmUOy5eSj+9n4hLTjHI=
|
||||
github.com/quic-go/webtransport-go v0.10.0/go.mod h1:LeGIXr5BQKE3UsynwVBeQrU1TPrbh73MGoC6jd+V7ow=
|
||||
github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
|
||||
github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
|
||||
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
|
||||
github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
|
||||
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
|
||||
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
|
||||
github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
|
||||
github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
|
||||
github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
|
||||
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
|
||||
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
|
||||
|
|
@ -198,9 +278,17 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g
|
|||
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
|
||||
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740 h1:XdDrN8rtxdgW3TLn7pAuobI9PhPMbf6Geu9nvFzXn2E=
|
||||
github.com/shadowsocks/go-shadowsocks2 v0.1.6-0.20241020092332-e1fe9ea73740/go.mod h1:Oqfn/ykzqjeX00+7IuPyR7wGYgOzld0Tni6djgElacI=
|
||||
github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
|
||||
github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
|
||||
github.com/shirou/gopsutil/v4 v4.26.3 h1:2ESdQt90yU3oXF/CdOlRCJxrP+Am1aBYubTMTfxJ1qc=
|
||||
github.com/shirou/gopsutil/v4 v4.26.3/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ=
|
||||
github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
|
||||
github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
|
||||
github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
|
||||
github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
|
||||
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||
github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
|
||||
github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
|
||||
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 h1:TG/diQgUe0pntT/2D9tmUCz4VNwm9MfrtPr0SU2qSX8=
|
||||
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
|
||||
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
|
||||
|
|
@ -216,8 +304,9 @@ github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+
|
|||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
||||
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
|
||||
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
|
||||
github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
|
||||
github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
|
|
@ -225,22 +314,28 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
|||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
|
||||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
|
||||
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
|
||||
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
|
||||
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
|
||||
github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
|
||||
github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
|
||||
github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
|
||||
github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
|
||||
github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY=
|
||||
github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30=
|
||||
github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
|
||||
github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
|
||||
github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
|
||||
github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
|
||||
github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
|
||||
github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
||||
github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
|
||||
github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
|
||||
github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
|
||||
github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
|
||||
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 h1:8mhqcHPqTMhSPoslhGYihEgSfc77+7La1P6kiB6+9So=
|
||||
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
|
||||
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
|
||||
|
|
@ -260,25 +355,45 @@ github.com/xtaci/tcpraw v1.2.25 h1:VDlqo0op17JeXBM6e2G9ocCNLOJcw9mZbobMbJjo0vk=
|
|||
github.com/xtaci/tcpraw v1.2.25/go.mod h1:dKyZ2V75s0cZ7cbgJYdxPvms7af0joIeOyx1GgJQbLk=
|
||||
github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
|
||||
github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
|
||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
|
||||
github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
|
||||
github.com/zalando/go-keyring v0.2.4 h1:wi2xxTqdiwMKbM6TWwi+uJCG/Tum2UV0jqaQhCa9/68=
|
||||
github.com/zalando/go-keyring v0.2.4/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk=
|
||||
go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
|
||||
go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
|
||||
github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
|
||||
github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
|
||||
github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
|
||||
github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
|
||||
github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
|
||||
github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
|
||||
go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
|
||||
go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
|
||||
go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
|
||||
go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
|
||||
go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c=
|
||||
go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE=
|
||||
go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ=
|
||||
go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps=
|
||||
go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
|
||||
go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
|
||||
go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0=
|
||||
go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis=
|
||||
go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
|
||||
go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
|
||||
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
|
||||
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
|
||||
golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
|
||||
golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
|
||||
golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
|
||||
golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
|
||||
golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
|
||||
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
|
||||
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
|
||||
golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
|
||||
golang.org/x/crypto v0.53.0/go.mod h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
|
||||
golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
|
||||
|
|
@ -287,9 +402,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
|
|||
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
|
||||
golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
|
||||
golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4=
|
||||
golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
|
@ -298,90 +412,73 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
|
|||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
|
||||
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
|
||||
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
|
||||
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
|
||||
golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
|
||||
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
|
||||
golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
|
||||
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
|
||||
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
|
||||
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
|
||||
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
|
||||
golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
|
||||
golang.org/x/term v0.44.0/go.mod h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
|
||||
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
|
||||
golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
|
||||
golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
|
||||
golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
|
||||
golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
|
||||
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
|
||||
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
|
||||
golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8=
|
||||
golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
|
||||
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb h1:whnFRlWMcXI9d+ZbWg+4sHnLp52d5yiIPUxMBSt4X9A=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20250521234502-f333402bd9cb/go.mod h1:rpwXGsirqLqN2L0JDJQlwOboGHmptD5ZD6T2VmcqhTw=
|
||||
gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
|
||||
gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
|
||||
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
|
||||
google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
|
||||
google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
|
||||
google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
|
||||
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
|
||||
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
|
||||
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
|
||||
google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
|
||||
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
|
||||
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
|
||||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
|
|
@ -395,9 +492,11 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
|
||||
gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
|
||||
gvisor.dev/gvisor v0.0.0-20250523182742-eede7a881b20 h1:0DxLu8hxI1OGp1qVRPqNd+2k1a7hMNUNqbZG0IrtKlM=
|
||||
gvisor.dev/gvisor v0.0.0-20250523182742-eede7a881b20/go.mod h1:3r5CMtNQMKIvBlrmM9xWUNamjKBYPOWyXOjmg5Kts3g=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
|
||||
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
|
||||
pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk=
|
||||
pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
|
||||
|
|
|
|||
23
install.sh
23
install.sh
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Check Root User
|
||||
|
||||
|
|
@ -42,7 +42,7 @@ install_gost() {
|
|||
armv7*)
|
||||
cpu_arch="armv7"
|
||||
;;
|
||||
aarch64)
|
||||
aarch64|arm64)
|
||||
cpu_arch="arm64"
|
||||
;;
|
||||
i686)
|
||||
|
|
@ -66,23 +66,22 @@ install_gost() {
|
|||
;;
|
||||
esac
|
||||
get_download_url="$base_url/tags/$version"
|
||||
download_url=$(curl -s "$get_download_url" | grep -Eo "\"browser_download_url\": \".*${os}.*${cpu_arch}.*\"" | awk -F'["]' '{print $4}')
|
||||
download_url=$(curl -s "$get_download_url" | awk -F'"' -v re=".*${os}.*${cpu_arch}.*" '/"browser_download_url":/ && $4 ~ re { print $4 }' | head -n 1)
|
||||
|
||||
# Download the binary
|
||||
echo "Downloading gost version $version..."
|
||||
curl -fsSL -o gost.tar.gz $download_url
|
||||
# Download and install the binary
|
||||
install_path="/usr/local/bin"
|
||||
echo "Downloading and installing gost version $version..."
|
||||
curl -fsSL "$download_url" | tar -xzC "$install_path" gost
|
||||
chmod +x "$install_path/gost"
|
||||
|
||||
# Extract and install the binary
|
||||
echo "Installing gost..."
|
||||
tar -xzf gost.tar.gz
|
||||
chmod +x gost
|
||||
mv gost /usr/local/bin/gost
|
||||
# Remove binary from macOS quarantine when installing for first time
|
||||
[[ "$os" == "darwin" ]] && { xattr -d com.apple.quarantine "$install_path/gost" 2>&-; }
|
||||
|
||||
echo "gost installation completed!"
|
||||
}
|
||||
|
||||
# Retrieve available versions from GitHub API
|
||||
versions=$(curl -s "$base_url" | grep -oP 'tag_name": "\K[^"]+')
|
||||
versions=$(curl -s "$base_url" | awk -F'"' '/"tag_name":/ {print $4}')
|
||||
|
||||
# Check if --install option provided
|
||||
if [[ "$1" == "--install" ]]; then
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
FROM alpine:3.22
|
||||
|
||||
# add tools needed by e2e containers and health checks
|
||||
RUN apk add --no-cache iptables curl netcat-openbsd python3
|
||||
|
|
@ -0,0 +1,276 @@
|
|||
# 执行计划:HTTP Handler E2E 测试 + utils.go 重构
|
||||
|
||||
## 背景
|
||||
|
||||
从 PLAN.md 的 Step 0 和 Step 1A 开始实施。HTTP proxy 是 gost 最基础的协议,目前 e2e 测试仅覆盖 shadowsocks 和 parallel selector。本计划先重构 utils.go 提取公共 helper,然后用 helper 写 HTTP handler 测试套件,最后同步重构 shadowsocks_test.go。
|
||||
|
||||
## 变更文件清单
|
||||
|
||||
| 文件 | 操作 | 说明 |
|
||||
|------|------|------|
|
||||
| `tests/e2e/utils.go` | 修改 | 新增 `RunTCPCase` / `RunUDPCase` |
|
||||
| `tests/e2e/http_test.go` | 新建 | HTTP proxy 测试套件 |
|
||||
| `tests/e2e/testdata/http/server.yaml` | 新建 | 无 auth 的 HTTP proxy 服务器 |
|
||||
| `tests/e2e/testdata/http/server_auth.yaml` | 新建 | 带 auth 的 HTTP proxy 服务器 |
|
||||
| `tests/e2e/shadowsocks_test.go` | 修改 | 重构为使用 `RunTCPCase` / `RunUDPCase` |
|
||||
|
||||
---
|
||||
|
||||
## Step 1: 修改 `utils.go` — 提取 RunTCPCase / RunUDPCase
|
||||
|
||||
从 `shadowsocks_test.go` 的 `runTCPCase` 和 `runUDPCase` 提取为包级函数。关键差异:参数需要传入 echo container IP 和 echo container 本身(用于 dump logs)。
|
||||
|
||||
### RunTCPCase 签名与逻辑
|
||||
|
||||
```go
|
||||
// RunTCPCase runs a full TCP proxy test case:
|
||||
// start server → render client config → start client → curl assertion → cleanup.
|
||||
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP string,
|
||||
name, serverConfig, clientConfig string)
|
||||
```
|
||||
|
||||
逻辑(从 shadowsocks_test.go:132-160 提取,一字不差):
|
||||
1. 生成 serverAlias = `name + "-server"`
|
||||
2. `RunGostContainerWithOptions(ctx, networkName, serverConfig, [serverAlias], ["8388/tcp"])`
|
||||
3. `defer serverC.Terminate(ctx)`
|
||||
4. `RenderConfig(clientConfig, {ServerAddr: serverAlias + ":8388"})`
|
||||
5. `defer os.Remove(rendered)`
|
||||
6. `RunGostContainerWithPorts(ctx, networkName, rendered, "8080/tcp")`
|
||||
7. `defer clientC.Terminate(ctx)`
|
||||
8. `clientC.Exec(ctx, ["curl", "-v", "-s", "-x", "http://127.0.0.1:8080", "http://<echoIP>:5678"])`
|
||||
9. 断言 exitCode==0 且 body 包含 `"hello-gost"`,失败时 DumpLogs
|
||||
|
||||
**问题:端口硬编码**。shadowsocks 用 8388 作为服务端口,但其他协议可能用不同端口。需要参数化。
|
||||
|
||||
### 修正设计 — 参数化端口
|
||||
|
||||
```go
|
||||
type TCPOptions struct {
|
||||
ServerPort string // 容器内服务端口,默认 "8388/tcp"
|
||||
ClientPort string // 客户端代理端口,默认 "8080/tcp"
|
||||
}
|
||||
|
||||
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP string,
|
||||
name, serverConfig, clientConfig string, opts ...TCPOptions)
|
||||
```
|
||||
|
||||
当 `opts` 为空时使用默认值 `{ServerPort: "8388/tcp", ClientPort: "8080/tcp"}`。这样 shadowsocks 测试无需任何改动,而 HTTP 测试可传 `TCPOptions{ServerPort: "8080/tcp", ClientPort: "8080/tcp"}`。
|
||||
|
||||
等一下 — 仔细看 shadowsocks 的 server 容器暴露的是 `8388/tcp`,HTTP proxy 场景下只有一个 gost 容器(不做 server→client 链路),直接暴露 proxy 端口。
|
||||
|
||||
**重新思考:HTTP proxy 不需要 server+client 两容器模式。**
|
||||
|
||||
HTTP proxy 测试是最简单的模式 — 只需一个 gost 容器运行 HTTP proxy,然后容器内 curl 通过它访问 echo server。这和 parallel_selector_test.go 的模式一致。但为了统一框架和后续协议(SOCKS5、relay 等都需要 server+client 模式),我们应该:
|
||||
|
||||
- HTTP 的"无 auth"用例:**单容器模式**(同 parallel_selector)
|
||||
- HTTP 的"带 auth"用例:**也可以单容器**,只需在 curl 加 `--proxy-user`
|
||||
|
||||
所以 HTTP proxy 不需要 server/client 分离,但 RunTCPCase helper 仍然服务于 SOCKS5/relay 等需要链路的协议。
|
||||
|
||||
### 最终 RunTCPCase 设计
|
||||
|
||||
```go
|
||||
func RunTCPCase(t *testing.T, ctx context.Context, networkName, echoIP, name string,
|
||||
serverConfig, clientConfig string, serverPort, clientPort string)
|
||||
```
|
||||
|
||||
- `serverPort`: 服务端容器暴露端口,如 `"8388/tcp"`
|
||||
- `clientPort`: 客户端容器暴露端口,如 `"8080/tcp"`
|
||||
- 渲染模板时用 `ServerAddr: serverAlias + ":" + strings.TrimSuffix(serverPort, "/tcp")`
|
||||
|
||||
### RunUDPCase 设计
|
||||
|
||||
```go
|
||||
func RunUDPCase(t *testing.T, ctx context.Context, networkName, name string,
|
||||
serverConfig, clientConfig string, serverPort, clientPort string)
|
||||
```
|
||||
|
||||
逻辑从 shadowsocks_test.go:76-126 提取。
|
||||
|
||||
---
|
||||
|
||||
## Step 2: 新建 `testdata/http/` 配置文件
|
||||
|
||||
### `testdata/http/server.yaml` — 无 auth 的 HTTP proxy
|
||||
|
||||
```yaml
|
||||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
listener:
|
||||
type: tcp
|
||||
```
|
||||
|
||||
单容器即可测试:gost 启动后在 :8080 提供 HTTP proxy 服务。
|
||||
|
||||
### `testdata/http/server_auth.yaml` — 带 auth 的 HTTP proxy
|
||||
|
||||
```yaml
|
||||
services:
|
||||
- name: http-proxy-auth
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Step 3: 新建 `http_test.go`
|
||||
|
||||
### 套件结构
|
||||
|
||||
```go
|
||||
type HTTPSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
}
|
||||
|
||||
func (s *HTTPSuite) SetupSuite() // 启动 TCP echo
|
||||
func (s *HTTPSuite) TearDownSuite() // 关闭 echo
|
||||
|
||||
func (s *HTTPSuite) TestHTTPProxy() // 无 auth
|
||||
func (s *HTTPSuite) TestHTTPProxyAuth() // 带 auth
|
||||
|
||||
func TestHTTPSuite(t *testing.T) {
|
||||
suite.Run(t, new(HTTPSuite))
|
||||
}
|
||||
```
|
||||
|
||||
### TestHTTPProxy — 单容器模式(同 parallel_selector)
|
||||
|
||||
```go
|
||||
func (s *HTTPSuite) TestHTTPProxy() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-proxy logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
```
|
||||
|
||||
### TestHTTPProxyAuth — 带 auth 验证
|
||||
|
||||
```go
|
||||
func (s *HTTPSuite) TestHTTPProxyAuth() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_auth.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// 测试1:无 auth 应失败(407)
|
||||
s.T().Run("no-auth-should-fail", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
// curl exit code 非 0 或 HTTP status 是 407
|
||||
// 注意:gost HTTP proxy 在无 auth 时返回 407,curl 不会自动重试
|
||||
// 所以这里验证返回码是 407 或 curl 返回非零
|
||||
httpStatus := strings.TrimSpace(string(body))
|
||||
s.Assert().True(code != 0 || httpStatus == "407",
|
||||
"expected auth failure, got status: %s, exit code: %d", httpStatus, code)
|
||||
})
|
||||
|
||||
// 测试2:正确 auth 应成功
|
||||
s.T().Run("with-auth-should-succeed", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-x",
|
||||
"http://user:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-proxy-auth logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
}
|
||||
```
|
||||
|
||||
### 注意事项
|
||||
- HTTP proxy 是**单容器模式**,不需要 server/client 分离(不像 shadowsocks 需要解密/加密链路)
|
||||
- auth 测试分两步:先验证无 auth 被拒(407),再验证正确 auth 成功
|
||||
- curl 使用 `http://user:pass@host:port` 格式传递 proxy auth
|
||||
|
||||
---
|
||||
|
||||
## Step 4: 重构 `shadowsocks_test.go`
|
||||
|
||||
将 `runTCPCase` 和 `runUDPCase` 方法替换为调用 `utils.go` 中的 `RunTCPCase` / `RunUDPCase`:
|
||||
|
||||
**Before**:
|
||||
```go
|
||||
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
|
||||
s.runTCPCase("aes256gcm", "testdata/shadowsocks/tcp_server_aes256gcm.yaml", "testdata/shadowsocks/tcp_client_aes256gcm.yaml")
|
||||
s.runTCPCase("chacha20", "testdata/shadowsocks/tcp_server_chacha20.yaml", "testdata/shadowsocks/tcp_client_chacha20.yaml")
|
||||
}
|
||||
```
|
||||
|
||||
**After**:
|
||||
```go
|
||||
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
|
||||
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "aes256gcm",
|
||||
"testdata/shadowsocks/tcp_server_aes256gcm.yaml",
|
||||
"testdata/shadowsocks/tcp_client_aes256gcm.yaml",
|
||||
"8388/tcp", "8080/tcp")
|
||||
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "chacha20",
|
||||
"testdata/shadowsocks/tcp_server_chacha20.yaml",
|
||||
"testdata/shadowsocks/tcp_client_chacha20.yaml",
|
||||
"8388/tcp", "8080/tcp")
|
||||
}
|
||||
```
|
||||
|
||||
删除 `runTCPCase` 和 `runUDPCase` 方法。UDP 测试同理。
|
||||
|
||||
---
|
||||
|
||||
## 实施顺序
|
||||
|
||||
1. **`utils.go`** — 添加 `RunTCPCase` + `RunUDPCase`(不删除任何现有函数)
|
||||
2. **`testdata/http/`** — 创建 `server.yaml` + `server_auth.yaml`
|
||||
3. **`http_test.go`** — 创建 HTTP 套件
|
||||
4. **编译验证** — `cd gost && go build ./... && go vet ./tests/e2e/...`
|
||||
5. **`shadowsocks_test.go`** — 重构为使用新 helper
|
||||
6. **最终编译验证** — `go build ./... && go vet ./tests/e2e/...`
|
||||
7. **运行测试** — `go test ./tests/e2e/ -v -run TestHTTPSuite -timeout 5m`
|
||||
8. **回归测试** — `go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m`
|
||||
|
||||
---
|
||||
|
||||
## 验证
|
||||
|
||||
```bash
|
||||
cd /config/workspace/go-gost/gost
|
||||
go build ./...
|
||||
go vet ./tests/e2e/...
|
||||
go test ./tests/e2e/ -v -run TestHTTPSuite -timeout 5m
|
||||
go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m
|
||||
```
|
||||
|
|
@ -0,0 +1,183 @@
|
|||
# Plan: Expand E2E Test Suite
|
||||
|
||||
## Context
|
||||
|
||||
The e2e test framework (`tests/e2e/`) currently covers only **2 protocols** (Shadowsocks, parallel selector) out of **~30+ registered protocols** in gost. This plan systematically adds test coverage for all major protocols, following the existing Docker-based testcontainers pattern exactly.
|
||||
|
||||
**Key insight**: gost auto-generates self-signed TLS certs when none are provided (`x/config/parsing/tls.go` — `BuildDefaultTLSConfig`), and clients with default config skip cert verification. This means TLS-based protocols (ws→wss, h2c→h2, quic, etc.) can be tested **without mounting cert files**.
|
||||
|
||||
---
|
||||
|
||||
## Step 0: Refactor `utils.go` — Add Reusable Test Helpers
|
||||
|
||||
**File**: `tests/e2e/utils.go`
|
||||
|
||||
Extract the repeated patterns from `shadowsocks_test.go` into reusable helpers:
|
||||
|
||||
1. **`RunTCPCase(t, ctx, networkName, echoIP, name, serverConfig, clientConfig string)`** — Full lifecycle: start server → render client config → start client → curl assertion → cleanup. Extracts the logic from `ShadowsocksSuite.runTCPCase`.
|
||||
|
||||
2. **`RunUDPCase(t, ctx, networkName, name, serverConfig, clientConfig string)`** — Same for UDP: start server → render client → start client → dial UDP → retry loop → assertion → cleanup. Extracts from `runUDPCase`.
|
||||
|
||||
These eliminate ~40 lines of boilerplate per suite. Each suite's test methods become one-liners:
|
||||
```go
|
||||
func (s *SOCKS5Suite) TestSOCKS5TCP() {
|
||||
RunTCPCase(s.T(), s.ctx, SharedNetworkName, s.echoIP, "socks5-tcp",
|
||||
"testdata/socks5/tcp_server.yaml", "testdata/socks5/tcp_client.yaml")
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Step 1: Tier 1 — Core Protocols (Plain TCP, No Special Infrastructure)
|
||||
|
||||
Each suite follows the exact pattern: suite struct → `SetupSuite` (echo containers) → `TearDownSuite` → test methods calling `RunTCPCase`/`RunUDPCase` → `suite.Run()` entry point.
|
||||
|
||||
### 1A. HTTP Proxy Suite
|
||||
- **Files**: `http_test.go`, `testdata/http/` (2 configs)
|
||||
- **Configs**: `server.yaml` (handler `http`, listener `tcp`), `server_auth.yaml` (+ basic auth)
|
||||
- **Tests**: `TestHTTPProxy`, `TestHTTPProxyAuth` (curl with `--proxy-user`)
|
||||
- **Note**: Simplest test — single gost container acts as HTTP proxy
|
||||
|
||||
### 1B. SOCKS5 Suite
|
||||
- **Files**: `socks5_test.go`, `testdata/socks5/` (4 configs)
|
||||
- **Configs**: `tcp_server.yaml` (handler `socks5`), `tcp_client.yaml` (connector `socks5`, dialer `tcp`), + auth variants
|
||||
- **Tests**: `TestSOCKS5TCP`, `TestSOCKS5TCPAuth`
|
||||
|
||||
### 1C. SOCKS4 Suite
|
||||
- **Files**: `socks4_test.go`, `testdata/socks4/` (4 configs)
|
||||
- **Configs**: `tcp_server.yaml` (handler `socks4`), `tcp_client.yaml` (connector `socks4`), + socks4a variants
|
||||
- **Tests**: `TestSOCKS4TCP`, `TestSOCKS4aTCP`
|
||||
|
||||
### 1D. HTTP2 Cleartext Suite
|
||||
- **Files**: `http2_test.go`, `testdata/http2/` (2 configs)
|
||||
- **Configs**: `tcp_server.yaml` (handler `http2`, listener `http2`), `tcp_client.yaml` (connector `http2`, dialer `http2`)
|
||||
- **Tests**: `TestHTTP2TCP`
|
||||
|
||||
### 1E. Relay Suite
|
||||
- **Files**: `relay_test.go`, `testdata/relay/` (4 configs)
|
||||
- **Configs**: `tcp_server.yaml` (handler `relay`, listener `tcp`), `tcp_client.yaml` (connector `relay`, dialer `tcp`), + auth variants
|
||||
- **Tests**: `TestRelayTCP`, `TestRelayTCPAuth`
|
||||
|
||||
---
|
||||
|
||||
## Step 2: Tier 2 — TLS/Transport Protocols
|
||||
|
||||
Same pattern but using TLS listeners/dialers. No explicit cert files needed — gost auto-generates them.
|
||||
|
||||
### 2A. TLS Suite
|
||||
- **Files**: `tls_test.go`, `testdata/tls/` (4 configs)
|
||||
- **Tests**: `TestTLSHTTPProxy` (handler `http` + listener `tls`), `TestTLSSOCKS5` (handler `socks5` + listener `tls`)
|
||||
|
||||
### 2B. WebSocket Suite
|
||||
- **Files**: `ws_test.go`, `testdata/ws/` (4 configs)
|
||||
- **Tests**: `TestWSSOCKS5` (dialer `ws`), `TestWSSSOCKS5` (dialer `wss`)
|
||||
|
||||
### 2C. gRPC Suite
|
||||
- **Files**: `grpc_test.go`, `testdata/grpc/` (2 configs)
|
||||
- **Tests**: `TestGRPCSOCKS5` (listener `grpc`, metadata `insecure: true`)
|
||||
|
||||
### 2D. HTTP/2 TLS (h2) Suite
|
||||
- **Files**: `h2_test.go`, `testdata/h2/` (2 configs)
|
||||
- **Tests**: `TestH2HTTP2Proxy` (listener `h2`, dialer `h2`)
|
||||
|
||||
### 2E. QUIC Suite
|
||||
- **Files**: `quic_test.go`, `testdata/quic/` (2 configs)
|
||||
- **Tests**: `TestQUICHTTP` (listener `quic`, handler `http` — uses UDP ports)
|
||||
|
||||
### 2F. KCP Suite
|
||||
- **Files**: `kcp_test.go`, `testdata/kcp/` (2 configs)
|
||||
- **Tests**: `TestKCPSOCKS5` (listener `kcp`, handler `socks5` — uses UDP)
|
||||
|
||||
### 2G. Multiplex Variants (mws/mwss/mtls/mtcp)
|
||||
- **Files**: `mux_test.go`, `testdata/mux/` (6 configs)
|
||||
- **Tests**: `TestMWSSOCKS5`, `TestMWSSSOCKS5`, `TestMtlSSOCKS5`, `TestMtcpSOCKS5`
|
||||
|
||||
### 2H. Obfuscation (ohttp/otls)
|
||||
- **Files**: `obfs_test.go`, `testdata/obfs/` (4 configs)
|
||||
- **Tests**: `TestOHTTP`, `TestOTLS`
|
||||
|
||||
### 2I. PHT (HTTP Pipe)
|
||||
- **Files**: `pht_test.go`, `testdata/pht/` (4 configs)
|
||||
- **Tests**: `TestPHT`, `TestPHTS`
|
||||
|
||||
---
|
||||
|
||||
## Step 3: Tier 3 — Special Infrastructure (Deferred)
|
||||
|
||||
These require Docker capabilities (`NET_ADMIN`, `NET_RAW`), SSH key generation, or iptables setup. Implemented after Tiers 1-2 are stable.
|
||||
|
||||
| Protocol | Challenge | Approach |
|
||||
|----------|-----------|----------|
|
||||
| SSH/sshd | Host key generation | Generate SSH key at test time, mount into container |
|
||||
| HTTP/3/WebTransport | QUIC+UDP, TLS | Uses UDP like QUIC suite; auto certs work |
|
||||
| TUN/TAP | `CAP_NET_ADMIN`, `/dev/net/tun` | Privileged container + routing setup |
|
||||
| Tungo/MASQUE | Same as TUN | Same approach |
|
||||
| ICMP | `CAP_NET_RAW`, raw sockets | Privileged container |
|
||||
| Redirect (red/redu) | iptables rules | Privileged + iptables setup in container |
|
||||
| DTLS | UDP + TLS | Auto certs; UDP port mapping |
|
||||
|
||||
---
|
||||
|
||||
## Files to Create/Modify
|
||||
|
||||
### New files (per suite):
|
||||
- `tests/e2e/<protocol>_test.go` — Suite struct + test methods
|
||||
- `tests/e2e/testdata/<protocol>/` — Server + client YAML configs
|
||||
|
||||
### Modified files:
|
||||
- `tests/e2e/utils.go` — Add `RunTCPCase`, `RunUDPCase` helpers
|
||||
- `tests/e2e/shadowsocks_test.go` — Refactor to use new helpers (optional, reduces duplication)
|
||||
- `tests/e2e/README.md` — Document new suites
|
||||
|
||||
### Reference files (read-only):
|
||||
- `tests/e2e/shadowsocks_test.go` — Pattern template for all suites
|
||||
- `tests/e2e/testdata/shadowsocks/tcp_server_aes256gcm.yaml` — Server config template
|
||||
- `tests/e2e/testdata/shadowsocks/tcp_client_aes256gcm.yaml` — Client config template
|
||||
|
||||
---
|
||||
|
||||
## Config Pattern Reference
|
||||
|
||||
**Server** (all protocols):
|
||||
```yaml
|
||||
services:
|
||||
- name: <proto>-server
|
||||
addr: :<port>
|
||||
handler:
|
||||
type: <handler-type>
|
||||
listener:
|
||||
type: <listener-type>
|
||||
```
|
||||
|
||||
**Client** (all protocols):
|
||||
```yaml
|
||||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: <proto>-chain
|
||||
listener:
|
||||
type: tcp
|
||||
chains:
|
||||
- name: <proto>-chain
|
||||
hops:
|
||||
- name: <proto>-hop
|
||||
nodes:
|
||||
- name: <proto>-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: <connector-type>
|
||||
dialer:
|
||||
type: <dialer-type>
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
After each suite is implemented:
|
||||
1. `cd gost && go build ./...` — Ensure compilation
|
||||
2. `go vet ./tests/e2e/` — Static analysis
|
||||
3. `go test ./tests/e2e/ -v -run TestXxxSuite -timeout 5m` — Run individual suite
|
||||
4. `go test ./tests/e2e/ -v -timeout 10m` — Run all suites together
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
# End-to-End Tests
|
||||
|
||||
Integration tests that spin up real gost instances inside Docker containers and verify protocol behavior over the network.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- [Docker](https://docs.docker.com/get-docker/) (running daemon)
|
||||
- Go toolchain (for compiling the gost binary under test)
|
||||
|
||||
## Running
|
||||
|
||||
From the repository root:
|
||||
|
||||
```bash
|
||||
# Run all e2e tests
|
||||
go test ./tests/e2e/ -v -timeout 10m
|
||||
|
||||
# Run a specific test suite
|
||||
go test ./tests/e2e/ -v -run TestShadowsocksSuite -timeout 5m
|
||||
go test ./tests/e2e/ -v -run TestParallelSelectorSuite -timeout 5m
|
||||
|
||||
# Use a pre-built gost binary (skips compilation)
|
||||
go test ./tests/e2e/ -v -gost-bin /path/to/gost
|
||||
```
|
||||
|
||||
## Architecture
|
||||
|
||||
```
|
||||
tests/e2e/
|
||||
├── Dockerfile # Shared base image (Alpine + curl, python3, etc.)
|
||||
├── main_test.go # TestMain: compiles gost, creates Docker network
|
||||
├── utils.go # Helpers: container lifecycle, config rendering
|
||||
├── scripts/
|
||||
│ ├── tcp_echo.py # HTTP echo server (responds with "hello-gost")
|
||||
│ └── udp_echo.py # UDP echo server (reflects payloads)
|
||||
├── testdata/ # config files or data files for running cases
|
||||
├── shadowsocks_test.go # Shadowsocks protocol tests
|
||||
└── parallel_selector_test.go # Parallel node selector tests
|
||||
```
|
||||
|
||||
### How it works
|
||||
|
||||
1. **TestMain** (`main_test.go`) compiles the gost binary from `../../cmd/gost` (unless `-gost-bin` is provided) and creates a shared Docker network for all containers.
|
||||
2. Each test suite starts echo server containers (TCP/UDP), then launches separate gost containers for server and client roles.
|
||||
3. Client configs use Go template syntax (`{{.ServerAddr}}`) so the server address is injected at runtime.
|
||||
4. Tests verify end-to-end connectivity by sending traffic through the gost proxy chain and checking that the echo server responds correctly.
|
||||
|
||||
## Tips
|
||||
|
||||
- Increase `-timeout` for CI or slow networks. Container image builds on first run take extra time.
|
||||
- Use `-gost-bin` to avoid recompiling when iterating on tests locally.
|
||||
- Add `-v` to see container log output on failure.
|
||||
- RunGostContainer will wait for exposedPorts automatically, but it's not reliable for udp ports. So, you should check the readiness of udp ports inside cases.
|
||||
|
|
@ -0,0 +1,360 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type DNSSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
}
|
||||
|
||||
func (s *DNSSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
}
|
||||
|
||||
// dnsQuery sends a DNS query via the Python client and retries on failure.
|
||||
// expected can be an IP string, "empty" (expect zero answer records), or "" (no check).
|
||||
func (s *DNSSuite) dnsQuery(gostC testcontainers.Container, mode, host, port, qname, qtype, expected string) {
|
||||
args := []string{"python3", "/scripts/dns_query.py", mode, host, port, qname, qtype}
|
||||
if expected != "" {
|
||||
args = append(args, expected)
|
||||
}
|
||||
|
||||
for i := range 5 {
|
||||
code, out, err := gostC.Exec(s.ctx, args)
|
||||
if err != nil {
|
||||
s.T().Logf("query attempt %d exec error: %v", i+1, err)
|
||||
time.Sleep(time.Second)
|
||||
continue
|
||||
}
|
||||
body, err := io.ReadAll(out)
|
||||
if err != nil {
|
||||
s.T().Logf("query attempt %d read error: %v", i+1, err)
|
||||
time.Sleep(time.Second)
|
||||
continue
|
||||
}
|
||||
output := string(body)
|
||||
s.T().Logf("query attempt %d: %s", i+1, strings.TrimSpace(output))
|
||||
|
||||
if code == 0 {
|
||||
return
|
||||
}
|
||||
time.Sleep(time.Second)
|
||||
}
|
||||
|
||||
s.T().Fatalf("DNS query %s %s %s %s failed after 5 retries", mode, qname, qtype, host)
|
||||
}
|
||||
|
||||
// dnsQueryOnce sends a single DNS query with no retries. Returns exit code and output.
|
||||
func (s *DNSSuite) dnsQueryOnce(gostC testcontainers.Container, mode, host, port, qname, qtype string) (int, string) {
|
||||
args := []string{"python3", "/scripts/dns_query.py", mode, host, port, qname, qtype}
|
||||
code, out, err := gostC.Exec(s.ctx, args)
|
||||
if err != nil {
|
||||
return 1, fmt.Sprintf("exec error: %v", err)
|
||||
}
|
||||
body, _ := io.ReadAll(out)
|
||||
return code, string(body)
|
||||
}
|
||||
|
||||
// dnsQueryWithDelay calls dnsQuery with a small wait before the first attempt.
|
||||
func (s *DNSSuite) dnsQueryWithDelay(gostC testcontainers.Container, mode, host, port, qname, qtype, expected string) {
|
||||
time.Sleep(500 * time.Millisecond)
|
||||
s.dnsQuery(gostC, mode, host, port, qname, qtype, expected)
|
||||
}
|
||||
|
||||
// sendRaw sends raw data via base64+nc and returns the response.
|
||||
func (s *DNSSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
|
||||
encoded := base64.StdEncoding.EncodeToString([]byte(data))
|
||||
cmd := []string{"sh", "-c",
|
||||
fmt.Sprintf("echo %s | base64 -d | nc -w 3 -u %s %s", encoded, host, port)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
b, _ := io.ReadAll(out)
|
||||
return string(b)
|
||||
}
|
||||
|
||||
// startDNSResponder starts the UDP DNS responder and returns the container.
|
||||
func (s *DNSSuite) startDNSResponder() testcontainers.Container {
|
||||
dnsC, err := RunDNSResponderContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
return dnsC
|
||||
}
|
||||
|
||||
// startGostWithQueryScript starts a gost container with dns_query.py mounted.
|
||||
func (s *DNSSuite) startGostWithQueryScript(yamlPath, exposedPort string) testcontainers.Container {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
yamlPath,
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
|
||||
},
|
||||
exposedPort)
|
||||
s.Require().NoError(err)
|
||||
return gostC
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Upstream resolution
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *DNSSuite) TestDNSUpstream() {
|
||||
dnsC := s.startDNSResponder()
|
||||
defer dnsC.Terminate(s.ctx)
|
||||
|
||||
gostC := s.startGostWithQueryScript("testdata/dns/server_upstream.yaml", "1053/udp")
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("a-record", func(t *testing.T) {
|
||||
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1")
|
||||
})
|
||||
s.T().Run("aaaa-record", func(t *testing.T) {
|
||||
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053", "example.com", "AAAA", "::1")
|
||||
})
|
||||
s.T().Run("second-a-record", func(t *testing.T) {
|
||||
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053", "test2.example.com", "A", "10.0.0.2")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// TCP mode
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *DNSSuite) TestDNSTCP() {
|
||||
s.T().Log("start TCP DNS responder container...")
|
||||
dnsC, err := RunTCPDNSResponderContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
defer dnsC.Terminate(s.ctx)
|
||||
|
||||
gostC := s.startGostWithQueryScript("testdata/dns/server_tcp.yaml", "1053/tcp")
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.dnsQueryWithDelay(gostC, "tcp", "127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1")
|
||||
s.dnsQuery(gostC, "tcp", "127.0.0.1", "1053", "test2.example.com", "A", "10.0.0.2")
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Bypass rules
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
func (s *DNSSuite) TestDNSBypass() {
|
||||
dnsC := s.startDNSResponder()
|
||||
defer dnsC.Terminate(s.ctx)
|
||||
|
||||
gostC := s.startGostWithQueryScript("testdata/dns/server_bypass.yaml", "1053/udp")
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("blocked-domain-empty-answer", func(t *testing.T) {
|
||||
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test.example.com", "A", "empty")
|
||||
})
|
||||
s.T().Run("non-blocked-domain", func(t *testing.T) {
|
||||
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test2.example.com", "A", "10.0.0.2")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Host mapper
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// TestDNSHostMapper verifies DNS resolution via the host mapper before
|
||||
// reaching the upstream exchanger.
|
||||
//
|
||||
// Config: server_hosts.yaml maps mapped.example.com → 10.0.0.100 and
|
||||
// points the handler at an unreachable upstream (udp://127.0.0.1:1).
|
||||
// The handler checks the host mapper before the exchange path, so
|
||||
// mapped names resolve without needing any upstream DNS. Unmapped
|
||||
// names must fall through to the exchanger, which fails — confirming
|
||||
// the host-mapper path was the only reason mapped names worked.
|
||||
func (s *DNSSuite) TestDNSHostMapper() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/dns/server_hosts.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
|
||||
},
|
||||
"1053/udp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("mapped-a-record", func(t *testing.T) {
|
||||
// mapped.example.com → host mapper returns 10.0.0.100
|
||||
// without contacting any upstream.
|
||||
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
|
||||
"mapped.example.com", "A", "10.0.0.100")
|
||||
})
|
||||
|
||||
s.T().Run("unmapped-domain", func(t *testing.T) {
|
||||
// test.example.com is not in the hosts mapping. The handler
|
||||
// will fall through to the exchanger path, which fails because
|
||||
// no upstream is configured. Query should return empty/NXDOMAIN.
|
||||
code, output := s.dnsQueryOnce(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test.example.com", "A")
|
||||
s.T().Logf("unmapped query: code=%d, %s", code, strings.TrimSpace(output))
|
||||
// Non-zero exit indicates no valid response — expected since
|
||||
// there's no working upstream.
|
||||
s.Assert().NotEqual(0, code,
|
||||
"unmapped domain should fail with no upstream")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Exchange failure (unreachable upstream)
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// TestDNSExchangeFailure verifies graceful handling when the upstream DNS
|
||||
// exchanger is unreachable.
|
||||
//
|
||||
// Config: server_exchange_failure.yaml points to udp://127.0.0.1:1 which
|
||||
// is unreachable. The handler must not crash or leak goroutines when the
|
||||
// upstream exchange fails.
|
||||
func (s *DNSSuite) TestDNSExchangeFailure() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/dns/server_exchange_failure.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
|
||||
},
|
||||
"1053/udp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("unreachable-upstream", func(t *testing.T) {
|
||||
// Send query once — the exchange will fail (timeout / ICMP
|
||||
// unreachable). No response is expected.
|
||||
code, output := s.dnsQueryOnce(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test.example.com", "A")
|
||||
s.T().Logf("exchange failure result: code=%d, %s",
|
||||
code, strings.TrimSpace(output))
|
||||
// Non-zero exit is expected since the exchange fails.
|
||||
s.Assert().NotEqual(0, code,
|
||||
"exchange failure should return non-zero exit")
|
||||
})
|
||||
|
||||
s.T().Run("container-alive-after-failure", func(t *testing.T) {
|
||||
// Verify the gost container is still running after the
|
||||
// failed exchange — proves no crash or hang.
|
||||
aliveCode, _, aliveErr := gostC.Exec(s.ctx, []string{"true"})
|
||||
s.Require().NoError(aliveErr,
|
||||
"container exec should succeed after exchange failure")
|
||||
s.Require().Equal(0, aliveCode,
|
||||
"gost container should be alive after exchange failure")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Rate limiter
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// TestDNSRateLimiter verifies that rate limiting configuration is accepted
|
||||
// and the handler processes queries through the rate limiter path without
|
||||
// crashing. Uses a generous global limit (1000/s) so queries pass.
|
||||
func (s *DNSSuite) TestDNSRateLimiter() {
|
||||
dnsC := s.startDNSResponder()
|
||||
defer dnsC.Terminate(s.ctx)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/dns/server_rlimiter.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/dns_query.py", ContainerFilePath: "/scripts/dns_query.py", FileMode: 0644},
|
||||
},
|
||||
"1053/udp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("query-with-limiter", func(t *testing.T) {
|
||||
s.dnsQueryWithDelay(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test.example.com", "A", "10.0.0.1")
|
||||
})
|
||||
s.T().Run("second-query-with-limiter", func(t *testing.T) {
|
||||
s.dnsQuery(gostC, "udp", "127.0.0.1", "1053",
|
||||
"test2.example.com", "A", "10.0.0.2")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Invalid query
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// TestDNSInvalidQuery verifies the DNS listener gracefully handles malformed
|
||||
// DNS messages. Sends garbage bytes and checks the gost container is
|
||||
// unaffected (no crash, no hang).
|
||||
func (s *DNSSuite) TestDNSInvalidQuery() {
|
||||
gostC := s.startGostWithQueryScript("testdata/dns/server_upstream.yaml", "1053/udp")
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("send-garbage-bytes", func(t *testing.T) {
|
||||
// Send 5 bytes of garbage via UDP. The miekg/dns server
|
||||
// will fail to parse them and discard the packet.
|
||||
s.sendRaw(gostC, "127.0.0.1", "1053", "garbage!")
|
||||
})
|
||||
|
||||
s.T().Run("container-alive-after-garbage", func(t *testing.T) {
|
||||
// Verify the gost container is still alive after receiving
|
||||
// invalid data.
|
||||
aliveCode, _, aliveErr := gostC.Exec(s.ctx, []string{"true"})
|
||||
s.Require().NoError(aliveErr,
|
||||
"container exec should succeed after invalid query")
|
||||
s.Require().Equal(0, aliveCode,
|
||||
"gost container should be alive after invalid query")
|
||||
})
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// DNS over TLS
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// TestDNSTLS verifies the DNS listener in TLS mode (DNS over TLS).
|
||||
// Starts the UDP DNS responder (unencrypted), a gost DNS server with
|
||||
// listener mode: tls, and queries through the TLS endpoint.
|
||||
func (s *DNSSuite) TestDNSTLS() {
|
||||
dnsC := s.startDNSResponder()
|
||||
defer dnsC.Terminate(s.ctx)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/dns/server_tls.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/dns_tls_query.py", ContainerFilePath: "/scripts/dns_tls_query.py", FileMode: 0644},
|
||||
},
|
||||
"1053/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Query via TLS
|
||||
args := []string{"python3", "/scripts/dns_tls_query.py",
|
||||
"127.0.0.1", "1053", "test.example.com", "A", "10.0.0.1"}
|
||||
|
||||
for i := range 5 {
|
||||
code, out, err := gostC.Exec(s.ctx, args)
|
||||
if err != nil {
|
||||
s.T().Logf("tls query attempt %d exec error: %v", i+1, err)
|
||||
time.Sleep(time.Second)
|
||||
continue
|
||||
}
|
||||
body, err := io.ReadAll(out)
|
||||
if err != nil {
|
||||
s.T().Logf("tls query attempt %d read error: %v", i+1, err)
|
||||
time.Sleep(time.Second)
|
||||
continue
|
||||
}
|
||||
output := string(body)
|
||||
s.T().Logf("tls query attempt %d: %s", i+1, strings.TrimSpace(output))
|
||||
|
||||
if code == 0 {
|
||||
return
|
||||
}
|
||||
time.Sleep(time.Second)
|
||||
}
|
||||
|
||||
s.T().Fatal("TLS query failed after 5 retries")
|
||||
}
|
||||
|
||||
func TestDNSSuite(t *testing.T) {
|
||||
suite.Run(t, new(DNSSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,194 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"io"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type FileSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
}
|
||||
|
||||
func (s *FileSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
}
|
||||
|
||||
func (s *FileSuite) TearDownSuite() {}
|
||||
|
||||
// TestFileGetExisting verifies that GET on an existing file returns
|
||||
// the file content with HTTP 200. Covers the basic file serving path:
|
||||
// file handler → http.FileServer → file read.
|
||||
func (s *FileSuite) TestFileGetExisting() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8080/hello.txt"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost-file") {
|
||||
DumpLogs(s.T(), s.ctx, "file-server logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost-file")
|
||||
}
|
||||
|
||||
// TestFileGetNotFound verifies that GET on a nonexistent file returns
|
||||
// 404 Not Found.
|
||||
func (s *FileSuite) TestFileGetNotFound() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"http://127.0.0.1:8080/nonexistent.txt"}
|
||||
_, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Assert().Contains(string(body), "404")
|
||||
}
|
||||
|
||||
// TestFileGetIndexHtml verifies that GET / serves index.html when
|
||||
// present in the served directory. Covers the default index document
|
||||
// behavior of http.FileServer.
|
||||
func (s *FileSuite) TestFileGetIndexHtml() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/index.html", ContainerFilePath: "/srv/files/index.html", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8080/"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "gost file index") {
|
||||
DumpLogs(s.T(), s.ctx, "file-server index logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "gost file index")
|
||||
}
|
||||
|
||||
// TestFilePutUpload verifies that PUT uploads a file when file.put is
|
||||
// enabled. Uploads a file and then reads it back via GET to confirm
|
||||
// the content was persisted.
|
||||
func (s *FileSuite) TestFilePutUpload() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server_put.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/.empty", ContainerFilePath: "/srv/files/.empty", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Create source content inside the container.
|
||||
_, _, err = gostC.Exec(s.ctx, []string{
|
||||
"sh", "-c", "printf 'uploaded-content' > /tmp/upload_src.txt",
|
||||
})
|
||||
s.Require().NoError(err)
|
||||
|
||||
// Upload via PUT.
|
||||
_, out, err := gostC.Exec(s.ctx, []string{
|
||||
"curl", "-v", "-s", "-T", "/tmp/upload_src.txt",
|
||||
"http://127.0.0.1:8080/uploaded.txt",
|
||||
})
|
||||
s.Require().NoError(err)
|
||||
putBody, _ := io.ReadAll(out)
|
||||
s.T().Logf("PUT response:\n%s", string(putBody))
|
||||
|
||||
// Read back the uploaded file via GET.
|
||||
_, out2, err := gostC.Exec(s.ctx, []string{
|
||||
"curl", "-v", "-s",
|
||||
"http://127.0.0.1:8080/uploaded.txt",
|
||||
})
|
||||
s.Require().NoError(err)
|
||||
body, _ := io.ReadAll(out2)
|
||||
s.Assert().Contains(string(body), "uploaded-content")
|
||||
}
|
||||
|
||||
// TestFilePutNoPermission verifies that PUT returns 405 Method Not
|
||||
// Allowed when file.put is not enabled (default: false).
|
||||
func (s *FileSuite) TestFilePutNoPermission() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/.empty", ContainerFilePath: "/srv/files/.empty", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"-T", "/dev/null", "http://127.0.0.1:8080/test.txt"}
|
||||
_, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Assert().Contains(string(body), "405")
|
||||
}
|
||||
|
||||
// TestFileAuth verifies authentication on the file handler.
|
||||
// Without credentials the handler returns 401 Unauthorized,
|
||||
// with valid credentials it serves the file.
|
||||
func (s *FileSuite) TestFileAuth() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/file/server_auth.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/file/hello.txt", ContainerFilePath: "/srv/files/hello.txt", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("no-auth-401", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"http://127.0.0.1:8080/hello.txt"}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Assert().Contains(string(body), "401")
|
||||
})
|
||||
|
||||
s.T().Run("with-auth-success", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-u", "user:pass",
|
||||
"http://127.0.0.1:8080/hello.txt"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost-file") {
|
||||
DumpLogs(s.T(), s.ctx, "file-server auth logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost-file")
|
||||
})
|
||||
}
|
||||
|
||||
func TestFileSuite(t *testing.T) {
|
||||
suite.Run(t, new(FileSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,291 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type ForwardSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
udpC testcontainers.Container
|
||||
}
|
||||
|
||||
func (s *ForwardSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
s.T().Logf("start tcp echo container...")
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
|
||||
s.T().Logf("start udp echo container...")
|
||||
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.udpC = udpC
|
||||
}
|
||||
|
||||
// sendRaw sends a raw HTTP request via netcat and returns the response.
|
||||
// Uses base64 to avoid shell quoting issues with CRLF bytes.
|
||||
func (s *ForwardSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
|
||||
encoded := base64.StdEncoding.EncodeToString([]byte(data))
|
||||
cmd := []string{"sh", "-c",
|
||||
fmt.Sprintf("echo %s | base64 -d | nc -w 5 %s %s", encoded, host, port)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
b, _ := io.ReadAll(out)
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func (s *ForwardSuite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
if s.udpC != nil {
|
||||
s.udpC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
// TestTCPForward verifies basic TCP forward handler (handler type: tcp).
|
||||
// The forward handler pipes raw TCP connections to the configured forwarder
|
||||
// node (tcp-echo:5678). curl connects directly to the handler port and sends
|
||||
// an HTTP request, expecting the echo server's "hello-gost" response.
|
||||
func (s *ForwardSuite) TestTCPForward() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl directly to the handler port (not via -x proxy flag).
|
||||
// The TCP forward handler pipes our connection to tcp-echo:5678.
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "tcp-forward logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestForwardAlias verifies that the "forward" handler type (alias for "tcp")
|
||||
// works identically to the "tcp" handler type.
|
||||
func (s *ForwardSuite) TestForwardAlias() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "forward-alias logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestTCPForwardSniffing verifies TCP forward handler with sniffing enabled.
|
||||
// When sniffing is enabled and the connection starts with HTTP data, the handler
|
||||
// detects the protocol via sniffing.Sniff and delegates to the HTTP sniffer
|
||||
// for protocol-aware forwarding. The result is the same as raw forwarding:
|
||||
// "hello-gost" from the echo server.
|
||||
func (s *ForwardSuite) TestTCPForwardSniffing() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_sniffing.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl directly — sniffing detects HTTP and handles via sniffer.
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "tcp-forward-sniffing logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestTCPForwardRaw verifies raw TCP forwarding by sending an HTTP request
|
||||
// via netcat through the forward handler. This tests the handleRawForwarding
|
||||
// code path (no sniffing), proving that raw bytes are piped through correctly.
|
||||
func (s *ForwardSuite) TestTCPForwardRaw() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Send raw HTTP request via nc (not curl) to exercise the raw pipe path.
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8000",
|
||||
"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n")
|
||||
s.Assert().Contains(resp, "hello-gost",
|
||||
"raw request through TCP forward should reach echo server")
|
||||
}
|
||||
|
||||
// TestTCPForwardIdleTimeout verifies that idleTimeout closes the pipe after
|
||||
// a period of inactivity. The forward handler's xnet.Pipe uses idleTimeout
|
||||
// as a read deadline on the upstream connection — if no data flows for
|
||||
// that duration, the pipe closes both directions.
|
||||
func (s *ForwardSuite) TestTCPForwardIdleTimeout() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_idle_timeout.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/tcp_idle_timeout.py", ContainerFilePath: "/scripts/tcp_idle_timeout.py", FileMode: 0644},
|
||||
},
|
||||
"8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// The Python script:
|
||||
// 1. Connects to gost TCP forward port
|
||||
// 2. Sends HTTP GET → expects "hello-gost" confirm pipe is alive
|
||||
// 3. Waits > idleTimeout (3s + 2s buffer)
|
||||
// 4. Sends more data — expects connection to be closed
|
||||
code, out, err := gostC.Exec(s.ctx, []string{
|
||||
"python3", "/scripts/tcp_idle_timeout.py",
|
||||
"127.0.0.1", "8000", "3",
|
||||
})
|
||||
output, _ := io.ReadAll(out)
|
||||
s.T().Logf("idle timeout output:\n%s", string(output))
|
||||
if code != 0 {
|
||||
DumpLogs(s.T(), s.ctx, "tcp-idle-timeout logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code, "idle timeout test script should exit 0")
|
||||
}
|
||||
|
||||
// TestUDPForward verifies basic UDP forwarding (handler: udp, listener: udp).
|
||||
// The handler uses handleRawDatagram via the stateful UDP listener's
|
||||
// per-client session conns (which implement net.PacketConn).
|
||||
// A Python script inside the gost container sends a UDP datagram through
|
||||
// the forward handler and verifies the echo response from udp-echo:5679.
|
||||
func (s *ForwardSuite) TestUDPForward() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_udp.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/udp_forward_test.py", ContainerFilePath: "/scripts/udp_forward_test.py", FileMode: 0644},
|
||||
},
|
||||
"9000/udp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
code, out, err := gostC.Exec(s.ctx, []string{
|
||||
"python3", "/scripts/udp_forward_test.py",
|
||||
"127.0.0.1", "9000",
|
||||
})
|
||||
output, _ := io.ReadAll(out)
|
||||
s.T().Logf("udp forward output:\n%s", string(output))
|
||||
if code != 0 {
|
||||
DumpLogs(s.T(), s.ctx, "udp-forward logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code, "udp forward test script should exit 0")
|
||||
}
|
||||
|
||||
// TestUDPForwardStateless verifies UDP forwarding with stateless mode.
|
||||
// Both listener and handler use stateless: true, so each datagram is a
|
||||
// single request-response cycle with no per-client session tracking.
|
||||
func (s *ForwardSuite) TestUDPForwardStateless() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_udp_stateless.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/udp_forward_test.py", ContainerFilePath: "/scripts/udp_forward_test.py", FileMode: 0644},
|
||||
},
|
||||
"9000/udp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
code, out, err := gostC.Exec(s.ctx, []string{
|
||||
"python3", "/scripts/udp_forward_test.py",
|
||||
"127.0.0.1", "9000",
|
||||
})
|
||||
output, _ := io.ReadAll(out)
|
||||
s.T().Logf("udp forward stateless output:\n%s", string(output))
|
||||
if code != 0 {
|
||||
DumpLogs(s.T(), s.ctx, "udp-forward-stateless logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code, "udp forward stateless test script should exit 0")
|
||||
}
|
||||
|
||||
// TestTCPForwardSniffingBypass verifies that when sniffing is enabled and a
|
||||
// bypass rule blocks the target, the HTTP sniffer returns 403 Forbidden.
|
||||
// The forward handler delegates to the HTTP sniffer (via handleSniffedProtocol),
|
||||
// and the sniffer's resolveHTTPNode checks h.options.Bypass and returns 403
|
||||
// when the destination is matched.
|
||||
func (s *ForwardSuite) TestTCPForwardSniffingBypass() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_bypass_sniffing.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl connects directly; sniffing detects HTTP. The sniffer bypass
|
||||
// check matches 0.0.0.0/0 and returns 403 Forbidden.
|
||||
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
|
||||
"http://127.0.0.1:8000/"}
|
||||
_, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
body, _ := io.ReadAll(out)
|
||||
output := string(body)
|
||||
|
||||
s.Assert().Contains(output, "403",
|
||||
"bypass should return 403 Forbidden from sniffer")
|
||||
}
|
||||
|
||||
// TestTCPForwardMultiNodeProtocol verifies that sniffing + protocol-filtered
|
||||
// forwarder nodes correctly routes an HTTP request to the node with matching
|
||||
// protocol (http), rather than the one with protocol: tls.
|
||||
//
|
||||
// Config has two nodes:
|
||||
// - echo-http (protocol: http) → tcp-echo:5678 (works, returns "hello-gost")
|
||||
// - echo-tls (protocol: tls) → tcp-echo:1 (closed port, would fail)
|
||||
//
|
||||
// With sniffing enabled, an HTTP request is detected as protocol "http",
|
||||
// Select("http") filters to only the echo-http node. If protocol filtering
|
||||
// fails and the tls node is selected instead, the connection to port 1
|
||||
// fails and the test fails.
|
||||
func (s *ForwardSuite) TestTCPForwardMultiNodeProtocol() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/forward/server_multi_node.yaml", "8000/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl sends an HTTP request → sniffed as "http" → Select("http")
|
||||
// filters to echo-http (protocol: http) → pipes to tcp-echo:5678
|
||||
cmd := []string{"curl", "-v", "-s", "http://127.0.0.1:8000/"}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "tcp-forward-multi-node logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost",
|
||||
"HTTP request should route to the http-protocol node via protocol filtering")
|
||||
}
|
||||
|
||||
func TestForwardSuite(t *testing.T) {
|
||||
suite.Run(t, new(ForwardSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,216 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
// HTTP2Suite covers the HTTP/2 proxy handler (handler type: http2) together
|
||||
// with the HTTP/2 listener (listener type: http2). The http2 listener wraps
|
||||
// the underlying TCP listener with TLS and configures an h2 server, so the
|
||||
// handler is always reached over HTTP/2 frames.
|
||||
//
|
||||
// Because Alpine's curl cannot be relied on to speak HTTP/2 proxy to the
|
||||
// server directly, the suite uses the canonical GOST chaining pattern: a
|
||||
// client container exposes a plain HTTP proxy which forwards through an
|
||||
// http2 connector + http2 dialer to the http2 server. This exercises the
|
||||
// h2 listener, the h2 handler, and the h2 connector/dialer together.
|
||||
type HTTP2Suite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
}
|
||||
|
||||
func (s *HTTP2Suite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
s.T().Logf("start tcp echo container...")
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
}
|
||||
|
||||
func (s *HTTP2Suite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
// startChain brings up an http2 server (alias "h2-server") and an http client
|
||||
// container that chains to it through connector/dialer type http2. The client
|
||||
// exposes port 8080 for curl. The rendered client config is cleaned up by the
|
||||
// caller-supplied template path resolving {{.ServerAddr}} to h2-server:8443.
|
||||
func (s *HTTP2Suite) startChain(serverYAML, clientTmpl string) (testcontainers.Container, testcontainers.Container) {
|
||||
s.T().Helper()
|
||||
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
serverYAML, []string{"h2-server"}, []string{"8443/tcp"})
|
||||
s.Require().NoError(err)
|
||||
|
||||
rendered, err := RenderConfig(clientTmpl, ConfigData{ServerAddr: "h2-server:8443"})
|
||||
s.Require().NoError(err)
|
||||
s.T().Cleanup(func() { os.Remove(rendered) })
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
|
||||
return serverC, clientC
|
||||
}
|
||||
|
||||
// curlEcho runs curl through the client's local http proxy and returns the
|
||||
// process exit code plus the captured body.
|
||||
func (s *HTTP2Suite) curlEcho(clientC testcontainers.Container) (int, string) {
|
||||
s.T().Helper()
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, _ := clientC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
return code, string(body)
|
||||
}
|
||||
|
||||
func (s *HTTP2Suite) dump(label string, cs ...testcontainers.Container) {
|
||||
for _, c := range cs {
|
||||
DumpLogs(s.T(), s.ctx, label, c)
|
||||
}
|
||||
}
|
||||
|
||||
// TestHTTP2ForwardProxy verifies the core HTTP/2 proxy path: a plain HTTP
|
||||
// request through the client proxy is tunneled to the http2 server via an h2
|
||||
// CONNECT stream and reaches the echo backend.
|
||||
//
|
||||
// Covers:
|
||||
// - listener type: http2 (TLS + h2 server)
|
||||
// - handler type: http2 (CONNECT tunnel + bidirectional pipe)
|
||||
// - connector type: http2, dialer type: http2 (h2 client)
|
||||
func (s *HTTP2Suite) TestHTTP2ForwardProxy() {
|
||||
serverC, clientC := s.startChain("testdata/http2/server.yaml", "testdata/http2/client.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
code, body := s.curlEcho(clientC)
|
||||
if code != 0 || !strings.Contains(body, "hello-gost") {
|
||||
s.dump("http2-forward logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(body, "hello-gost")
|
||||
}
|
||||
|
||||
// TestHTTP2Auth verifies proxy authentication over the h2 tunnel, plus
|
||||
// authBasicRealm and hash metadata parsing on the http2 handler.
|
||||
//
|
||||
// - with auth: CONNECT succeeds → echo body returned
|
||||
// - without auth: server rejects CONNECT (407) → client cannot reach echo
|
||||
func (s *HTTP2Suite) TestHTTP2Auth() {
|
||||
s.T().Run("with-auth-success", func(t *testing.T) {
|
||||
serverC, clientC := s.startChain("testdata/http2/server_auth.yaml", "testdata/http2/client_auth.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
code, body := s.curlEcho(clientC)
|
||||
if code != 0 || !strings.Contains(body, "hello-gost") {
|
||||
s.dump("http2-auth-success logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(body, "hello-gost")
|
||||
})
|
||||
|
||||
s.T().Run("no-auth-fails", func(t *testing.T) {
|
||||
// Server requires auth; client sends none → the http2 CONNECT is
|
||||
// rejected with 407, so curl cannot obtain the echo body.
|
||||
serverC, clientC := s.startChain("testdata/http2/server_auth.yaml", "testdata/http2/client.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
code, body := s.curlEcho(clientC)
|
||||
if strings.Contains(body, "hello-gost") {
|
||||
s.dump("http2-auth-noauth logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Zero(code,
|
||||
"curl should still receive an HTTP response from the local proxy")
|
||||
s.Require().NotContains(body, "hello-gost",
|
||||
"without auth the echo backend must be unreachable")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTP2Bypass verifies that a bypass matcher on the http2 handler blocks
|
||||
// the CONNECT target after authentication succeeds. The server returns 403, so
|
||||
// the client cannot reach the echo backend.
|
||||
func (s *HTTP2Suite) TestHTTP2Bypass() {
|
||||
serverC, clientC := s.startChain("testdata/http2/server_bypass.yaml", "testdata/http2/client_auth.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
code, body := s.curlEcho(clientC)
|
||||
if strings.Contains(body, "hello-gost") {
|
||||
s.dump("http2-bypass logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Zero(code,
|
||||
"curl should still receive an HTTP response from the local proxy")
|
||||
s.Require().NotContains(body, "hello-gost",
|
||||
"bypass should prevent reaching the echo backend")
|
||||
}
|
||||
|
||||
// TestHTTP2ProbeResist verifies that probeResist, header and authBasicRealm
|
||||
// metadata parse cleanly on the http2 handler and do not break the success
|
||||
// path. With correct credentials the request still reaches the echo backend.
|
||||
func (s *HTTP2Suite) TestHTTP2ProbeResist() {
|
||||
serverC, clientC := s.startChain("testdata/http2/server_proberesist.yaml", "testdata/http2/client_auth.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
code, body := s.curlEcho(clientC)
|
||||
if code != 0 || !strings.Contains(body, "hello-gost") {
|
||||
s.dump("http2-proberesist logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(body, "hello-gost")
|
||||
}
|
||||
|
||||
// TestHTTP2Multiplex verifies HTTP/2 stream multiplexing: many concurrent
|
||||
// requests through the client proxy are tunneled as parallel h2 streams over a
|
||||
// single underlying connection to the http2 server. All requests must reach
|
||||
// the echo backend.
|
||||
func (s *HTTP2Suite) TestHTTP2Multiplex() {
|
||||
serverC, clientC := s.startChain("testdata/http2/server.yaml", "testdata/http2/client.yaml")
|
||||
defer serverC.Terminate(s.ctx)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
const n = 6
|
||||
var wg sync.WaitGroup
|
||||
wg.Add(n)
|
||||
failed := make(chan string, n)
|
||||
for i := 0; i < n; i++ {
|
||||
go func() {
|
||||
defer wg.Done()
|
||||
_, body := s.curlEcho(clientC)
|
||||
if !strings.Contains(body, "hello-gost") {
|
||||
failed <- "missing echo body"
|
||||
}
|
||||
}()
|
||||
}
|
||||
wg.Wait()
|
||||
close(failed)
|
||||
|
||||
if len(failed) > 0 {
|
||||
s.dump("http2-multiplex logs", clientC, serverC)
|
||||
}
|
||||
s.Require().Empty(failed, "all concurrent h2 requests should reach the echo backend")
|
||||
}
|
||||
|
||||
func TestHTTP2Suite(t *testing.T) {
|
||||
suite.Run(t, new(HTTP2Suite))
|
||||
}
|
||||
|
|
@ -0,0 +1,605 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type HTTPSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
}
|
||||
|
||||
func (s *HTTPSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
s.T().Logf("start tcp echo container...")
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
}
|
||||
|
||||
// sendRaw sends a raw HTTP request via netcat and returns the response.
|
||||
// Uses base64 to avoid shell quoting issues with CRLF bytes.
|
||||
func (s *HTTPSuite) sendRaw(gostC testcontainers.Container, host, port, data string) string {
|
||||
encoded := base64.StdEncoding.EncodeToString([]byte(data))
|
||||
cmd := []string{"sh", "-c",
|
||||
fmt.Sprintf("echo %s | base64 -d | nc -w 5 %s %s", encoded, host, port)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
b, _ := io.ReadAll(out)
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func (s *HTTPSuite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
// TestHTTPProxy verifies basic HTTP forward proxy (no auth, no metadata).
|
||||
// Covers: handler type http, listener type tcp, basic GET via proxy.
|
||||
func (s *HTTPSuite) TestHTTPProxy() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl -x uses HTTP forward proxy (GET with absolute URL)
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-proxy logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestHTTPProxyAuth verifies proxy authentication and the authBasicRealm
|
||||
// metadata parameter.
|
||||
//
|
||||
// Covers:
|
||||
// - auther: basic auth on HTTP proxy
|
||||
// - authBasicRealm: custom realm string in 407 Proxy-Authenticate header
|
||||
func (s *HTTPSuite) TestHTTPProxyAuth() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_auth.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("no-auth-407", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
|
||||
"-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
output := string(body)
|
||||
s.Assert().Contains(output, "407",
|
||||
"no auth should return 407")
|
||||
s.Assert().Contains(output, "gost-e2e-realm",
|
||||
"authBasicRealm should appear in 407 Proxy-Authenticate")
|
||||
})
|
||||
|
||||
s.T().Run("wrong-auth-407", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"-x", "http://wrong:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Assert().Contains(string(body), "407",
|
||||
"wrong password should return 407")
|
||||
})
|
||||
|
||||
s.T().Run("with-auth-success", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://user:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-proxy-auth logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTPProxyMetadata verifies:
|
||||
// - probeResist: code:404 — unauthorised clients see 404 instead of 407
|
||||
// - keepalive: config parsing (applied at Init time)
|
||||
// - compression: config parsing (applied at Init time)
|
||||
func (s *HTTPSuite) TestHTTPProxyMetadata() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_metadata.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("probe-resist-404", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
output := string(body)
|
||||
s.Assert().NotContains(output, "407",
|
||||
"probeResist should hide 407 status")
|
||||
s.Assert().Contains(output, "404",
|
||||
"probeResist should return configured decoy code")
|
||||
})
|
||||
|
||||
s.T().Run("with-auth-success", func(t *testing.T) {
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://user:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-metadata logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTPProxyHeaders verifies:
|
||||
// - header: custom response headers (X-Proxy-Info, X-Custom) on
|
||||
// proxy-originated error responses. The header metadata is set on
|
||||
// the skeleton response used for error paths after authentication.
|
||||
// - proxyAgent: custom Proxy-Agent header in proxy responses.
|
||||
//
|
||||
// Uses a bypass matcher (0.0.0.0/0) that blocks all traffic after auth
|
||||
// succeeds → requests hit 403 Forbidden path which carries custom headers.
|
||||
func (s *HTTPSuite) TestHTTPProxyHeaders() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_headers.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Auth succeeds, but target is bypassed → 403 Forbidden
|
||||
// The 403 response is built from the skeleton resp which
|
||||
// carries h.md.header (custom headers) and h.md.proxyAgent.
|
||||
s.T().Log("bypass: expect 403 with custom headers")
|
||||
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
|
||||
"-x", "http://user:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
headers, _ := io.ReadAll(out)
|
||||
output := string(headers)
|
||||
|
||||
// Bypass → 403 Forbidden
|
||||
s.Assert().Contains(output, "403",
|
||||
"bypass should return 403")
|
||||
// header: custom X-Proxy-Info header on error response
|
||||
s.Assert().Contains(output, "X-Proxy-Info: gost-e2e",
|
||||
"custom header should appear in 403 response")
|
||||
// header: custom X-Custom header on error response
|
||||
s.Assert().Contains(output, "X-Custom: test-value",
|
||||
"custom header should appear in 403 response")
|
||||
// proxyAgent: custom Proxy-Agent header on error response
|
||||
s.Assert().Contains(output, "Proxy-Agent: gost-e2e/1.0",
|
||||
"proxyAgent should appear in 403 response")
|
||||
}
|
||||
|
||||
// TestHTTPConnect verifies HTTP CONNECT tunnel:
|
||||
// - sniffing-enabled: sniffing:true + sniffing.timeout:2s
|
||||
// - no-sniffing: plain CONNECT (default, no metadata)
|
||||
// - bypass-403: CONNECT blocked by (0.0.0.0/0) bypass
|
||||
//
|
||||
// Uses curl --proxytunnel (-p) to force CONNECT method instead of GET.
|
||||
func (s *HTTPSuite) TestHTTPConnect() {
|
||||
s.T().Run("sniffing-enabled", func(t *testing.T) {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_connect.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-p", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-connect sniffing logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
|
||||
s.T().Run("no-sniffing", func(t *testing.T) {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-p", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-connect no-sniffing logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
|
||||
s.T().Run("bypass-403", func(t *testing.T) {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_connect_bypass.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-D", "-", "-o", "/dev/null",
|
||||
"-p", "-x", "http://user:pass@127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
output := string(body)
|
||||
s.Assert().Contains(output, "403",
|
||||
"CONNECT bypass should return 403")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTPProxyDirectRequest verifies that a non-proxy-form HTTP request
|
||||
// (raw GET / sent to the proxy port) is rejected with 400 Bad Request.
|
||||
// A raw request with empty Host header has no valid scheme to infer,
|
||||
// so the handler returns 400.
|
||||
func (s *HTTPSuite) TestHTTPProxyDirectRequest() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET / HTTP/1.0\r\nHost: bad!\r\n\r\n")
|
||||
s.Assert().Contains(resp, "400",
|
||||
"non-proxy GET should return 400")
|
||||
}
|
||||
|
||||
// TestHTTPProxyPOST verifies that POST method forwarding works through
|
||||
// the HTTP forward proxy. The echo server only handles GET, so the proxy
|
||||
// should forward the POST request and return whatever the upstream sends
|
||||
// back (501 Not Implemented from the echo server — not a proxy error).
|
||||
// 501 is the real upstream response, proving the proxy forwarded it.
|
||||
func (s *HTTPSuite) TestHTTPProxyPOST() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-o", "/dev/null", "-w", "%{http_code}",
|
||||
"-X", "POST", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678/", s.echoIP)}
|
||||
_, out, _ := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
output := string(body)
|
||||
// The echo server's BaseHTTPRequestHandler defaults to 501 for POST.
|
||||
// If we get 501 through the proxy, it means the method was forwarded.
|
||||
s.Assert().Contains(output, "501",
|
||||
"POST through proxy should be forwarded, echo server returns 501")
|
||||
}
|
||||
|
||||
// TestHTTPConnectUnreachable verifies that CONNECT to an unreachable target
|
||||
// returns 503 Service Unavailable.
|
||||
func (s *HTTPSuite) TestHTTPConnectUnreachable() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_connect.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Send a raw CONNECT request to a port where nothing is listening.
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
fmt.Sprintf("CONNECT %s:1 HTTP/1.0\r\nHost: %s:1\r\n\r\n", s.echoIP, s.echoIP))
|
||||
s.Assert().Contains(resp, "503",
|
||||
"CONNECT to unreachable target should return 503")
|
||||
}
|
||||
|
||||
// TestHTTPConnector verifies HTTP connector type: a gost client uses an HTTP
|
||||
// connector to forward through an upstream HTTP proxy (no auth), reaching the
|
||||
// target via the proxy chain. This covers the server+client two-container
|
||||
// pattern where the client connects to the server via connector type: http.
|
||||
func (s *HTTPSuite) TestHTTPConnector() {
|
||||
// Start upstream HTTP proxy server (no auth).
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server.yaml", []string{"http-server"}, []string{"8080/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
// Render client config that chains through the upstream server.
|
||||
rendered, err := RenderConfig("testdata/http/client_connector.yaml",
|
||||
ConfigData{ServerAddr: "http-server:8080"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
// Start client with the rendered config.
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
// Request through client proxy → HTTP connector → upstream HTTP server → target.
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-connector client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "http-connector server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestHTTPConnectorAuth verifies HTTP connector with authentication:
|
||||
// no-auth → 407, correct auth → success.
|
||||
func (s *HTTPSuite) TestHTTPConnectorAuth() {
|
||||
// Start upstream HTTP proxy with auth and network alias.
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_auth.yaml", []string{"http-server"}, []string{"8080/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("no-auth-407", func(t *testing.T) {
|
||||
// Send raw request directly to server container (no auth) → 407.
|
||||
resp := s.sendRaw(serverC, "127.0.0.1", "8080",
|
||||
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
|
||||
s.Assert().Contains(resp, "407",
|
||||
"no auth via upstream should return 407")
|
||||
})
|
||||
|
||||
s.T().Run("correct-auth-success", func(t *testing.T) {
|
||||
rendered, err := RenderConfig("testdata/http/client_connector_auth.yaml",
|
||||
ConfigData{ServerAddr: "http-server:8080"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-connector-auth client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "http-connector-auth server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTPProbeResistHost verifies probeResist host type.
|
||||
// When auth fails, the handler pipes the raw request to
|
||||
// the decoy host (tcp-echo:5678). The TCP echo server echoes
|
||||
// back the request bytes rather than returning a 407.
|
||||
func (s *HTTPSuite) TestHTTPProbeResistHost() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_proberesist_host.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Without auth, probeResist host pipes the raw request to tcp-echo:5678.
|
||||
// The HTTP echo server returns 200 OK with "hello-gost", proving the
|
||||
// request reached the decoy host rather than getting a 407 response.
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
|
||||
s.Assert().NotContains(resp, "407",
|
||||
"probeResist host should hide 407 response")
|
||||
s.Assert().Contains(resp, "hello-gost",
|
||||
"probeResist host should pipe request to decoy host")
|
||||
}
|
||||
|
||||
// TestHTTPProbeResistKnock verifies probeResist knock mechanism.
|
||||
// Clients that connect with a recognized knock Host header
|
||||
// get a normal 407 auth challenge instead of the decoy response.
|
||||
//
|
||||
// Uses server_proberesist_knock.yaml:
|
||||
// - probeResist: code:404 (decoy 404 for unknown hosts)
|
||||
// - knock: secret.example.com (known hosts get normal 407)
|
||||
func (s *HTTPSuite) TestHTTPProbeResistKnock() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_proberesist_knock.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
s.T().Run("unknown-host-decoy", func(t *testing.T) {
|
||||
// URL hostname doesn't match knock list → probeResist fires → 404
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
|
||||
s.Assert().Contains(resp, "404",
|
||||
"unknown host should get decoy 404")
|
||||
s.Assert().NotContains(resp, "407",
|
||||
"unknown host should NOT get 407")
|
||||
})
|
||||
|
||||
s.T().Run("knock-host-407", func(t *testing.T) {
|
||||
// URL hostname matches knock list → normal 407 auth challenge.
|
||||
// Note: knock checks req.URL.Hostname(), not the Host header.
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET http://secret.example.com:5678/ HTTP/1.0\r\nHost: secret.example.com\r\n\r\n")
|
||||
s.Assert().Contains(resp, "407",
|
||||
"knock host should get normal 407")
|
||||
})
|
||||
}
|
||||
|
||||
// TestHTTPConnectorTLS verifies HTTP connector using TLS dialer
|
||||
// to upstream HTTPS proxy (listener type: tls).
|
||||
// The TLS listener auto-generates a self-signed cert;
|
||||
// the TLS dialer defaults to InsecureSkipVerify=true, so
|
||||
// handshake succeeds without explicit cert configuration.
|
||||
func (s *HTTPSuite) TestHTTPConnectorTLS() {
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_tls.yaml", []string{"tls-server"}, []string{"8443/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig("testdata/http/client_connector_tls.yaml",
|
||||
ConfigData{ServerAddr: "tls-server:8443"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "http-connector-tls client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "http-connector-tls server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestHTTPProbeResistWeb verifies probeResist web type.
|
||||
// On auth failure, the handler fetches the decoy URL
|
||||
// (tcp-echo:5678) and returns its response body.
|
||||
func (s *HTTPSuite) TestHTTPProbeResistWeb() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_proberesist_web.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Without auth, probeResist web fetches http://tcp-echo:5678
|
||||
// and returns the echo server's response ("hello-gost").
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
|
||||
s.Assert().NotContains(resp, "407",
|
||||
"probeResist web should hide 407 response")
|
||||
s.Assert().Contains(resp, "hello-gost",
|
||||
"probeResist web should return decoy response body")
|
||||
}
|
||||
|
||||
// TestHTTPProbeResistFile verifies probeResist file type.
|
||||
// On auth failure, the handler reads a local file and
|
||||
// returns its contents as the HTTP response body.
|
||||
func (s *HTTPSuite) TestHTTPProbeResistFile() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_proberesist_file.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "testdata/http/decoy.html", ContainerFilePath: "/tmp/decoy.html", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Without auth, probeResist file reads /tmp/decoy.html and
|
||||
// returns "decoy-response" rather than a 407.
|
||||
resp := s.sendRaw(gostC, "127.0.0.1", "8080",
|
||||
"GET http://127.0.0.1:5678/ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n")
|
||||
s.Assert().NotContains(resp, "407",
|
||||
"probeResist file should hide 407 response")
|
||||
s.Assert().Contains(resp, "decoy-response",
|
||||
"probeResist file should return decoy file content")
|
||||
}
|
||||
|
||||
// TestHTTPIdleTimeout verifies idleTimeout on CONNECT tunnels.
|
||||
// After the configured idle timeout, the pipe between client
|
||||
// and target should close.
|
||||
func (s *HTTPSuite) TestHTTPIdleTimeout() {
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_idle_timeout.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/http_idle_timeout.py", ContainerFilePath: "/scripts/http_idle_timeout.py", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// The Python script:
|
||||
// 1. Opens a CONNECT tunnel to tcp-echo:5678
|
||||
// 2. Sends and receives data (confirm tunnel is alive)
|
||||
// 3. Waits > idleTimeout (3s + 2s buffer)
|
||||
// 4. Sends more data — expects connection to be closed
|
||||
code, out, err := gostC.Exec(s.ctx, []string{
|
||||
"python3", "/scripts/http_idle_timeout.py",
|
||||
"127.0.0.1", "8080", "3",
|
||||
})
|
||||
output, _ := io.ReadAll(out)
|
||||
s.T().Logf("idle timeout output:\n%s", string(output))
|
||||
if code != 0 {
|
||||
DumpLogs(s.T(), s.ctx, "http-idle-timeout logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code, "idle timeout test script should exit 0")
|
||||
}
|
||||
|
||||
// TestHTTPUDPRelay verifies UDP relay over HTTP. Uses
|
||||
// X-Gost-Protocol: udp in the CONNECT request to establish
|
||||
// a SOCKS5 UDP tunnel through the HTTP handler.
|
||||
func (s *HTTPSuite) TestHTTPUDPRelay() {
|
||||
// Start UDP echo container on the shared network.
|
||||
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
defer udpC.Terminate(s.ctx)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName,
|
||||
"testdata/http/server_udp.yaml",
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/http_udp_relay.py", ContainerFilePath: "/scripts/http_udp_relay.py", FileMode: 0644},
|
||||
},
|
||||
"8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// The Python script:
|
||||
// 1. Connects to gost HTTP proxy
|
||||
// 2. Sends CONNECT with X-Gost-Protocol: udp
|
||||
// 3. After 200 OK, sends a SOCKS5 UDP frame targeting udp-echo:5679
|
||||
// 4. Reads back the echoed frame
|
||||
code, out, err := gostC.Exec(s.ctx, []string{
|
||||
"python3", "/scripts/http_udp_relay.py",
|
||||
"127.0.0.1", "8080",
|
||||
})
|
||||
output, _ := io.ReadAll(out)
|
||||
s.T().Logf("udp relay output:\n%s", string(output))
|
||||
if code != 0 {
|
||||
DumpLogs(s.T(), s.ctx, "http-udp logs", gostC)
|
||||
}
|
||||
s.Require().Equal(0, code, "udp relay test script should exit 0")
|
||||
}
|
||||
|
||||
func TestHTTPSuite(t *testing.T) {
|
||||
suite.Run(t, new(HTTPSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"testing"
|
||||
|
||||
"github.com/testcontainers/testcontainers-go/network"
|
||||
)
|
||||
|
||||
var SharedNetworkName string
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
flag.Parse()
|
||||
ctx := context.Background()
|
||||
|
||||
shouldCleanup := false
|
||||
|
||||
if GostBinPath == "" {
|
||||
GostBinPath = "/tmp/gost-test-bin"
|
||||
cmd := exec.Command("go", "build", "-o", GostBinPath, "../../cmd/gost")
|
||||
cmd.Env = append(os.Environ(), "CGO_ENABLED=0")
|
||||
cmd.Stdout = os.Stdout
|
||||
cmd.Stderr = os.Stderr
|
||||
if err := cmd.Run(); err != nil {
|
||||
fmt.Printf("Failed to compile gost: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
shouldCleanup = true
|
||||
}
|
||||
|
||||
net, err := network.New(ctx)
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to create network: %v\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
SharedNetworkName = net.Name
|
||||
|
||||
code := m.Run()
|
||||
|
||||
net.Remove(ctx)
|
||||
if shouldCleanup {
|
||||
os.Remove(GostBinPath)
|
||||
}
|
||||
|
||||
os.Exit(code)
|
||||
}
|
||||
|
|
@ -0,0 +1,289 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"io"
|
||||
"math/big"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/moby/moby/client"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
"github.com/testcontainers/testcontainers-go/wait"
|
||||
)
|
||||
|
||||
type MTLSSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
pluginC testcontainers.Container
|
||||
certDir string
|
||||
}
|
||||
|
||||
func (s *MTLSSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
certDir, err := os.MkdirTemp("", "gost-mtls-certs-*")
|
||||
s.Require().NoError(err)
|
||||
s.certDir = certDir
|
||||
|
||||
s.generateCerts()
|
||||
|
||||
pluginC, err := runAuthPluginContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.pluginC = pluginC
|
||||
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
}
|
||||
|
||||
func (s *MTLSSuite) TearDownSuite() {
|
||||
if s.pluginC != nil {
|
||||
s.pluginC.Terminate(s.ctx)
|
||||
}
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
os.RemoveAll(s.certDir)
|
||||
}
|
||||
|
||||
// generateCerts creates a self-signed CA, a server cert signed by the CA,
|
||||
// and a client cert signed by the CA, writing PEM files to s.certDir.
|
||||
func (s *MTLSSuite) generateCerts() {
|
||||
// CA
|
||||
caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
s.Require().NoError(err)
|
||||
caTmpl := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(1),
|
||||
Subject: pkix.Name{CommonName: "Test CA"},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().Add(24 * time.Hour),
|
||||
KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageDigitalSignature,
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
caDER, err := x509.CreateCertificate(rand.Reader, caTmpl, caTmpl, &caKey.PublicKey, caKey)
|
||||
s.Require().NoError(err)
|
||||
s.writeCertPEM(s.certDir+"/ca.pem", "CERTIFICATE", caDER)
|
||||
s.writeKeyPEM(s.certDir+"/ca-key.pem", "EC PRIVATE KEY", caKey)
|
||||
|
||||
// Server
|
||||
serverKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
s.Require().NoError(err)
|
||||
serverTmpl := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(2),
|
||||
Subject: pkix.Name{CommonName: "localhost"},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().Add(24 * time.Hour),
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
DNSNames: []string{"localhost"},
|
||||
IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
|
||||
}
|
||||
serverDER, err := x509.CreateCertificate(rand.Reader, serverTmpl, caTmpl, &serverKey.PublicKey, caKey)
|
||||
s.Require().NoError(err)
|
||||
s.writeCertPEM(s.certDir+"/server.pem", "CERTIFICATE", serverDER)
|
||||
s.writeKeyPEM(s.certDir+"/server-key.pem", "EC PRIVATE KEY", serverKey)
|
||||
|
||||
// Client
|
||||
clientKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
s.Require().NoError(err)
|
||||
clientTmpl := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(3),
|
||||
Subject: pkix.Name{CommonName: "test-client"},
|
||||
NotBefore: time.Now(),
|
||||
NotAfter: time.Now().Add(24 * time.Hour),
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
EmailAddresses: []string{"test@example.com"},
|
||||
}
|
||||
clientDER, err := x509.CreateCertificate(rand.Reader, clientTmpl, caTmpl, &clientKey.PublicKey, caKey)
|
||||
s.Require().NoError(err)
|
||||
s.writeCertPEM(s.certDir+"/client.pem", "CERTIFICATE", clientDER)
|
||||
s.writeKeyPEM(s.certDir+"/client-key.pem", "EC PRIVATE KEY", clientKey)
|
||||
}
|
||||
|
||||
// TestMTLSProxy verifies HTTP forward proxy works over an mTLS listener
|
||||
// with a valid client certificate.
|
||||
func (s *MTLSSuite) TestMTLSProxy() {
|
||||
rendered, err := RenderConfig("testdata/mtls/server.yaml",
|
||||
ConfigData{ServerAddr: "auth-plugin"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
|
||||
},
|
||||
"8443/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Verify proxy works with valid client cert
|
||||
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
|
||||
"--cacert", "/certs/ca.pem",
|
||||
"--cert", "/certs/client.pem",
|
||||
"--key", "/certs/client-key.pem",
|
||||
"-x", "https://127.0.0.1:8443",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
body, err2 := io.ReadAll(out)
|
||||
if err != nil || err2 != nil || code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "mtls gost logs", gostC)
|
||||
DumpLogs(s.T(), s.ctx, "mtls auth-plugin logs", s.pluginC)
|
||||
}
|
||||
s.Require().NoError(err)
|
||||
s.Require().NoError(err2)
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestMTLSWithoutClientCert verifies that an mTLS listener rejects
|
||||
// connections from clients that do not present a certificate.
|
||||
func (s *MTLSSuite) TestMTLSWithoutClientCert() {
|
||||
rendered, err := RenderConfig("testdata/mtls/server.yaml",
|
||||
ConfigData{ServerAddr: "auth-plugin"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
|
||||
},
|
||||
"8443/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// curl without client cert should fail TLS handshake
|
||||
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
|
||||
"--cacert", "/certs/ca.pem",
|
||||
"-x", "https://127.0.0.1:8443",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, _, err := gostC.Exec(s.ctx, cmd)
|
||||
if err == nil && code == 0 {
|
||||
DumpLogs(s.T(), s.ctx, "mtls gost logs", gostC)
|
||||
}
|
||||
// Expect failure (non-zero exit code from curl)
|
||||
s.Require().NotEqual(0, code, "curl without client cert should fail with non-zero exit code")
|
||||
}
|
||||
|
||||
// TestMTLSAuthPluginLogs verifies that the HTTP auth plugin receives
|
||||
// the mTLS client certificate identity (client_cn, client_san,
|
||||
// client_cert_fingerprint) when a request passes through the mTLS listener.
|
||||
func (s *MTLSSuite) TestMTLSAuthPluginLogs() {
|
||||
rendered, err := RenderConfig("testdata/mtls/server.yaml",
|
||||
ConfigData{ServerAddr: "auth-plugin"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
gostC, err := RunGostContainerWithFiles(s.ctx, SharedNetworkName, rendered,
|
||||
[]testcontainers.ContainerFile{
|
||||
{HostFilePath: s.certDir + "/ca.pem", ContainerFilePath: "/certs/ca.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server.pem", ContainerFilePath: "/certs/server.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/server-key.pem", ContainerFilePath: "/certs/server-key.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client.pem", ContainerFilePath: "/certs/client.pem", FileMode: 0644},
|
||||
{HostFilePath: s.certDir + "/client-key.pem", ContainerFilePath: "/certs/client-key.pem", FileMode: 0644},
|
||||
},
|
||||
"8443/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Send a request with valid client cert through the mTLS proxy.
|
||||
cmd := []string{"curl", "-v", "-s", "--connect-timeout", "5",
|
||||
"--cacert", "/certs/ca.pem",
|
||||
"--cert", "/certs/client.pem",
|
||||
"--key", "/certs/client-key.pem",
|
||||
"-x", "https://127.0.0.1:8443",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
|
||||
// Read auth plugin logs and verify PeerCert fields are present.
|
||||
logs, err := s.pluginC.Logs(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
logData, _ := io.ReadAll(logs)
|
||||
logStr := string(logData)
|
||||
s.T().Logf("auth plugin logs:\n%s", logStr)
|
||||
|
||||
s.Require().Contains(logStr, "clientCn", "auth plugin should receive client_cn")
|
||||
s.Require().Contains(logStr, "test-client", "client_cn should be 'test-client'")
|
||||
s.Require().Contains(logStr, "clientSan", "auth plugin should receive client_san")
|
||||
s.Require().Contains(logStr, "clientCertFingerprint", "auth plugin should receive client_cert_fingerprint")
|
||||
}
|
||||
|
||||
func TestMTLSSuite(t *testing.T) {
|
||||
suite.Run(t, new(MTLSSuite))
|
||||
}
|
||||
|
||||
// --- helpers ---
|
||||
|
||||
func runAuthPluginContainer(ctx context.Context, networkName string) (testcontainers.Container, error) {
|
||||
req := testcontainers.ContainerRequest{
|
||||
FromDockerfile: testcontainers.FromDockerfile{
|
||||
Context: ".",
|
||||
Dockerfile: "Dockerfile",
|
||||
Repo: "gost-e2e",
|
||||
Tag: "latest",
|
||||
KeepImage: true,
|
||||
BuildOptionsModifier: func(opts *client.ImageBuildOptions) {
|
||||
opts.NetworkMode = "host"
|
||||
},
|
||||
},
|
||||
Networks: []string{networkName},
|
||||
NetworkAliases: map[string][]string{
|
||||
networkName: {"auth-plugin"},
|
||||
},
|
||||
Files: []testcontainers.ContainerFile{
|
||||
{HostFilePath: "scripts/auth_plugin.py", ContainerFilePath: "/scripts/auth_plugin.py", FileMode: 0644},
|
||||
},
|
||||
ExposedPorts: []string{"9000/tcp"},
|
||||
Cmd: []string{"python3", "/scripts/auth_plugin.py", "9000"},
|
||||
WaitingFor: wait.ForExposedPort(),
|
||||
}
|
||||
return testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
|
||||
ContainerRequest: req,
|
||||
Started: true,
|
||||
})
|
||||
}
|
||||
|
||||
// writeCertPEM writes a DER-encoded certificate to a PEM file.
|
||||
func (s *MTLSSuite) writeCertPEM(path, blockType string, der []byte) {
|
||||
err := os.WriteFile(path, pem.EncodeToMemory(&pem.Block{Type: blockType, Bytes: der}), 0644)
|
||||
s.Require().NoError(err)
|
||||
}
|
||||
|
||||
// writeKeyPEM marshals an ECDSA private key and writes it to a PEM file.
|
||||
func (s *MTLSSuite) writeKeyPEM(path, blockType string, key *ecdsa.PrivateKey) {
|
||||
b, err := x509.MarshalECPrivateKey(key)
|
||||
s.Require().NoError(err)
|
||||
err = os.WriteFile(path, pem.EncodeToMemory(&pem.Block{Type: blockType, Bytes: b}), 0600)
|
||||
s.Require().NoError(err)
|
||||
}
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type ParallelSelectorSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
}
|
||||
|
||||
func (s *ParallelSelectorSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
}
|
||||
|
||||
func (s *ParallelSelectorSuite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ParallelSelectorSuite) TestParallelSelector() {
|
||||
gostC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName, "testdata/parallel_selector/server.yaml", "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer gostC.Terminate(s.ctx)
|
||||
|
||||
// Test the proxy by running curl inside the gost container
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := gostC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
s.Require().Equal(0, code)
|
||||
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
func TestParallelSelectorSuite(t *testing.T) {
|
||||
suite.Run(t, new(ParallelSelectorSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,157 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type PHTSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
}
|
||||
|
||||
func (s *PHTSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
s.T().Logf("start tcp echo container...")
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
}
|
||||
|
||||
func (s *PHTSuite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
// TestPHTTunnel verifies a basic PHT tunnel: a client HTTP proxy chains
|
||||
// through a PHT dialer to reach a PHT server, which forwards the request
|
||||
// to the echo server.
|
||||
func (s *PHTSuite) TestPHTTunnel() {
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/pht/server.yaml",
|
||||
[]string{"pht-server"}, []string{"8443/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig("testdata/pht/client_connector.yaml",
|
||||
ConfigData{ServerAddr: "pht-server:8443"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "pht client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "pht server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestPHTSTunnel verifies PHT over TLS. The PHTs listener auto-generates a
|
||||
// self-signed cert; the PHTs dialer defaults to InsecureSkipVerify so the
|
||||
// handshake succeeds without explicit cert configuration.
|
||||
func (s *PHTSuite) TestPHTSTunnel() {
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/pht/server_phts.yaml",
|
||||
[]string{"phts-server"}, []string{"8443/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig("testdata/pht/client_connector_phts.yaml",
|
||||
ConfigData{ServerAddr: "phts-server:8443"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "phts client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "phts server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
// TestPHTHeartbeat verifies that the PHT tunnel stays alive across idle
|
||||
// periods. Sends a request, waits >readTimeout (default 10s), and sends
|
||||
// another request to confirm the heartbeat kept the connection open.
|
||||
func (s *PHTSuite) TestPHTHeartbeat() {
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName,
|
||||
"testdata/pht/server.yaml",
|
||||
[]string{"pht-server"}, []string{"8443/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig("testdata/pht/client_connector.yaml",
|
||||
ConfigData{ServerAddr: "pht-server:8443"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName,
|
||||
rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
// First request: establish the tunnel.
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080",
|
||||
fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
body, _ := io.ReadAll(out)
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
|
||||
// Wait longer than readTimeout to trigger heartbeat.
|
||||
// The PHT server's default read timeout is 10s. We wait 12s.
|
||||
cmd = []string{"sh", "-c",
|
||||
fmt.Sprintf("sleep 12 && curl -s -x http://127.0.0.1:8080 http://%s:5678", s.echoIP)}
|
||||
code, out, err = clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
body, _ = io.ReadAll(out)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, "pht heartbeat client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, "pht heartbeat server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
}
|
||||
|
||||
func TestPHTSuite(t *testing.T) {
|
||||
suite.Run(t, new(PHTSuite))
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
import http.server
|
||||
import json
|
||||
import sys
|
||||
|
||||
|
||||
class AuthHandler(http.server.BaseHTTPRequestHandler):
|
||||
def do_POST(self):
|
||||
length = int(self.headers.get('Content-Length', 0))
|
||||
body = self.rfile.read(length)
|
||||
data = json.loads(body)
|
||||
print(f"AUTH_REQUEST: {json.dumps(data)}", flush=True)
|
||||
self.send_response(200)
|
||||
self.send_header("Content-Type", "application/json")
|
||||
self.end_headers()
|
||||
self.wfile.write(
|
||||
json.dumps(
|
||||
{"ok": True, "id": data.get("username", "anonymous")}
|
||||
).encode()
|
||||
)
|
||||
|
||||
def log_message(self, format, *args):
|
||||
pass # silence default logging, we use our own AUTH_REQUEST line
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
port = int(sys.argv[1]) if len(sys.argv) > 1 else 9000
|
||||
http.server.HTTPServer(("0.0.0.0", port), AuthHandler).serve_forever()
|
||||
|
|
@ -0,0 +1,162 @@
|
|||
"""DNS query client for e2e tests.
|
||||
|
||||
Usage:
|
||||
python3 dns_query.py udp host port qname qtype [expected_ip|empty]
|
||||
python3 dns_query.py tcp host port qname qtype [expected_ip|empty]
|
||||
|
||||
Sends a DNS query and optionally checks the response:
|
||||
- expected_ip: verify response contains this IP address
|
||||
- "empty": verify response has zero answer records (NXDOMAIN or blocked)
|
||||
- omitted: exit 0 on any valid DNS response
|
||||
|
||||
Exits 0 on success, 1 on failure.
|
||||
"""
|
||||
import struct
|
||||
import socket
|
||||
import sys
|
||||
|
||||
|
||||
def encode_name(name):
|
||||
parts = name.rstrip(".").split(".")
|
||||
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
|
||||
|
||||
|
||||
def skip_name(data, pos):
|
||||
"""Skip one DNS name at pos, return position after it."""
|
||||
while True:
|
||||
length = data[pos]
|
||||
if length == 0:
|
||||
return pos + 1
|
||||
if length & 0xC0:
|
||||
return pos + 2
|
||||
pos += length + 1
|
||||
|
||||
|
||||
def build_query(qname, qtype):
|
||||
tid = 0x1234
|
||||
flags = 0x0100 # RD=1
|
||||
qdcount = 1
|
||||
header = struct.pack(">HHHHHH", tid, flags, qdcount, 0, 0, 0)
|
||||
qname_enc = encode_name(qname)
|
||||
question = qname_enc + struct.pack(">HH", qtype, 1) # QTYPE, QCLASS=IN
|
||||
return header + question
|
||||
|
||||
|
||||
def parse_response(data):
|
||||
if len(data) < 12:
|
||||
return [], -1
|
||||
flags = struct.unpack(">H", data[2:4])[0]
|
||||
rcode = flags & 0x0F
|
||||
qdcount = struct.unpack(">H", data[4:6])[0]
|
||||
ancount = struct.unpack(">H", data[6:8])[0]
|
||||
|
||||
# Skip question section
|
||||
pos = 12
|
||||
for _ in range(qdcount):
|
||||
pos = skip_name(data, pos) + 4 # QTYPE + QCLASS
|
||||
|
||||
answers = []
|
||||
for _ in range(ancount):
|
||||
pos = skip_name(data, pos)
|
||||
rtype, rclass, ttl, rdlength = struct.unpack(">HHIH", data[pos:pos + 10])
|
||||
pos += 10
|
||||
rdata = data[pos:pos + rdlength]
|
||||
pos += rdlength
|
||||
answers.append((rtype, rclass, ttl, rdata))
|
||||
|
||||
return answers, rcode
|
||||
|
||||
|
||||
def query_udp(host, port, query):
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
sock.settimeout(5)
|
||||
sock.sendto(query, (host, port))
|
||||
data, _ = sock.recvfrom(4096)
|
||||
sock.close()
|
||||
return data
|
||||
|
||||
|
||||
def query_tcp(host, port, query):
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.settimeout(5)
|
||||
sock.connect((host, port))
|
||||
sock.sendall(struct.pack(">H", len(query)) + query)
|
||||
raw = sock.recv(2)
|
||||
if len(raw) < 2:
|
||||
sock.close()
|
||||
return b""
|
||||
msglen = struct.unpack(">H", raw)[0]
|
||||
data = b""
|
||||
while len(data) < msglen:
|
||||
chunk = sock.recv(msglen - len(data))
|
||||
if not chunk:
|
||||
break
|
||||
data += chunk
|
||||
sock.close()
|
||||
return data
|
||||
|
||||
|
||||
def format_ip(rtype, rdata):
|
||||
if rtype == 1 and len(rdata) == 4:
|
||||
return socket.inet_ntoa(rdata)
|
||||
if rtype == 28 and len(rdata) == 16:
|
||||
return socket.inet_ntop(socket.AF_INET6, rdata)
|
||||
return repr(rdata)
|
||||
|
||||
|
||||
def main():
|
||||
if len(sys.argv) < 5:
|
||||
print("Usage: dns_query.py <udp|tcp> <host> <port> <qname> <qtype> [expected_ip|empty]")
|
||||
sys.exit(1)
|
||||
|
||||
mode = sys.argv[1]
|
||||
host = sys.argv[2]
|
||||
port = int(sys.argv[3])
|
||||
qname = sys.argv[4]
|
||||
qtype_str = sys.argv[5]
|
||||
expected = sys.argv[6] if len(sys.argv) > 6 else None
|
||||
|
||||
qtype_map = {"A": 1, "AAAA": 28}
|
||||
qtype = qtype_map.get(qtype_str, 1)
|
||||
|
||||
query = build_query(qname, qtype)
|
||||
|
||||
try:
|
||||
if mode == "tcp":
|
||||
data = query_tcp(host, port, query)
|
||||
else:
|
||||
data = query_udp(host, port, query)
|
||||
except Exception as e:
|
||||
print(f"ERROR: {e}")
|
||||
sys.exit(1)
|
||||
|
||||
if not data:
|
||||
print("ERROR: empty response")
|
||||
sys.exit(1)
|
||||
|
||||
answers, rcode = parse_response(data)
|
||||
print(f"Got {len(answers)} answer(s), rcode={rcode}")
|
||||
|
||||
for rtype, _, _, rdata in answers:
|
||||
print(f" {format_ip(rtype, rdata)}")
|
||||
|
||||
if expected == "empty":
|
||||
if len(answers) == 0:
|
||||
print("MATCH: empty answer (expected)")
|
||||
sys.exit(0)
|
||||
print(f"NO MATCH: expected empty, got {len(answers)} answers")
|
||||
sys.exit(1)
|
||||
elif expected:
|
||||
for rtype, _, _, rdata in answers:
|
||||
ip = format_ip(rtype, rdata)
|
||||
if ip == expected:
|
||||
print(f"MATCH: expected {expected}")
|
||||
sys.exit(0)
|
||||
print(f"NO MATCH: expected {expected}")
|
||||
sys.exit(1)
|
||||
else:
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,88 @@
|
|||
"""Simple authoritative DNS responder for e2e tests.
|
||||
|
||||
Listens on UDP port 5353 and responds with static records:
|
||||
|
||||
test.example.com. IN A 10.0.0.1
|
||||
test2.example.com. IN A 10.0.0.2
|
||||
example.com. IN AAAA ::1
|
||||
|
||||
All other queries receive NXDOMAIN.
|
||||
"""
|
||||
import socketserver
|
||||
import struct
|
||||
import socket
|
||||
|
||||
|
||||
def decode_name(data, offset):
|
||||
labels = []
|
||||
while True:
|
||||
length = data[offset]
|
||||
if length == 0:
|
||||
offset += 1
|
||||
break
|
||||
if length & 0xC0:
|
||||
offset += 2
|
||||
break
|
||||
offset += 1
|
||||
labels.append(data[offset:offset + length].decode())
|
||||
offset += length
|
||||
return '.'.join(labels), offset
|
||||
|
||||
|
||||
def encode_name(name):
|
||||
parts = name.rstrip(".").split(".")
|
||||
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
|
||||
|
||||
|
||||
RECORDS = {
|
||||
("test.example.com", 1): (1, 300, socket.inet_aton("10.0.0.1")),
|
||||
("test2.example.com", 1): (1, 300, socket.inet_aton("10.0.0.2")),
|
||||
("example.com", 28): (28, 300, socket.inet_pton(socket.AF_INET6, "::1")),
|
||||
}
|
||||
|
||||
|
||||
class DNSResponder(socketserver.DatagramRequestHandler):
|
||||
def handle(self):
|
||||
data = self.rfile.read(512)
|
||||
if len(data) < 12:
|
||||
return
|
||||
|
||||
tid = struct.unpack(">H", data[:2])[0]
|
||||
qdcount = struct.unpack(">H", data[4:6])[0]
|
||||
|
||||
if qdcount == 0:
|
||||
return
|
||||
|
||||
qname, pos = decode_name(data, 12)
|
||||
qtype = struct.unpack(">H", data[pos:pos + 2])[0]
|
||||
qclass = struct.unpack(">H", data[pos + 2:pos + 4])[0]
|
||||
|
||||
key = (qname, qtype)
|
||||
if key in RECORDS:
|
||||
rcode = 0
|
||||
ancount = 1
|
||||
rtype, ttl, rdata = RECORDS[key]
|
||||
else:
|
||||
rcode = 3 # NXDOMAIN
|
||||
ancount = 0
|
||||
rtype, ttl, rdata = 0, 0, b""
|
||||
|
||||
flags = 0x8000 | 0x0400 | rcode # QR=1, AA=1, rcode
|
||||
header = struct.pack(">HHHHHH", tid, flags, qdcount, ancount, 0, 0)
|
||||
|
||||
question = data[12:pos + 4]
|
||||
|
||||
answer = b""
|
||||
if ancount:
|
||||
answer = (
|
||||
struct.pack(">HH", 0xC00C, rtype) # NAME pointer + TYPE
|
||||
+ struct.pack(">HI", qclass, ttl) # CLASS + TTL
|
||||
+ struct.pack(">H", len(rdata)) + rdata # RDLENGTH + RDATA
|
||||
)
|
||||
|
||||
self.wfile.write(header + question + answer)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
with socketserver.UDPServer(("0.0.0.0", 5353), DNSResponder) as srv:
|
||||
srv.serve_forever()
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
"""Simple authoritative DNS responder for TCP mode e2e tests.
|
||||
|
||||
Listens on TCP port 5353 and responds with the same static records
|
||||
as dns_responder.py, but over TCP (RFC 5966).
|
||||
"""
|
||||
import socketserver
|
||||
import struct
|
||||
import socket
|
||||
|
||||
|
||||
def decode_name(data, offset):
|
||||
labels = []
|
||||
while True:
|
||||
length = data[offset]
|
||||
if length == 0:
|
||||
offset += 1
|
||||
break
|
||||
if length & 0xC0:
|
||||
offset += 2
|
||||
break
|
||||
offset += 1
|
||||
labels.append(data[offset:offset + length].decode())
|
||||
offset += length
|
||||
return '.'.join(labels), offset
|
||||
|
||||
|
||||
RECORDS = {
|
||||
("test.example.com", 1): (1, 300, socket.inet_aton("10.0.0.1")),
|
||||
("test2.example.com", 1): (1, 300, socket.inet_aton("10.0.0.2")),
|
||||
("example.com", 28): (28, 300, socket.inet_pton(socket.AF_INET6, "::1")),
|
||||
}
|
||||
|
||||
|
||||
class DNSResponder(socketserver.StreamRequestHandler):
|
||||
def handle(self):
|
||||
# TCP DNS: 2-byte length prefix
|
||||
raw = self.rfile.read(2)
|
||||
if len(raw) < 2:
|
||||
return
|
||||
msglen = struct.unpack(">H", raw)[0]
|
||||
data = self.rfile.read(msglen)
|
||||
if len(data) < 12:
|
||||
return
|
||||
|
||||
tid = struct.unpack(">H", data[:2])[0]
|
||||
qdcount = struct.unpack(">H", data[4:6])[0]
|
||||
|
||||
if qdcount == 0:
|
||||
return
|
||||
|
||||
qname, pos = decode_name(data, 12)
|
||||
qtype = struct.unpack(">H", data[pos:pos + 2])[0]
|
||||
qclass = struct.unpack(">H", data[pos + 2:pos + 4])[0]
|
||||
|
||||
key = (qname, qtype)
|
||||
if key in RECORDS:
|
||||
rcode = 0
|
||||
ancount = 1
|
||||
rtype, ttl, rdata = RECORDS[key]
|
||||
else:
|
||||
rcode = 3 # NXDOMAIN
|
||||
ancount = 0
|
||||
rtype, ttl, rdata = 0, 0, b""
|
||||
|
||||
flags = 0x8000 | 0x0400 | rcode
|
||||
header = struct.pack(">HHHHHH", tid, flags, qdcount, ancount, 0, 0)
|
||||
question = data[12:pos + 4]
|
||||
|
||||
answer = b""
|
||||
if ancount:
|
||||
answer = (
|
||||
struct.pack(">HH", 0xC00C, rtype)
|
||||
+ struct.pack(">HI", qclass, ttl)
|
||||
+ struct.pack(">H", len(rdata)) + rdata
|
||||
)
|
||||
|
||||
dnsmsg = header + question + answer
|
||||
self.wfile.write(struct.pack(">H", len(dnsmsg)) + dnsmsg)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
with socketserver.TCPServer(("0.0.0.0", 5353), DNSResponder) as srv:
|
||||
srv.serve_forever()
|
||||
|
|
@ -0,0 +1,140 @@
|
|||
"""DNS query client over TLS for e2e tests.
|
||||
|
||||
Connects to the DNS-over-TLS endpoint and performs a DNS query.
|
||||
|
||||
Usage:
|
||||
python3 dns_tls_query.py host port qname qtype [expected_ip]
|
||||
"""
|
||||
import struct
|
||||
import socket
|
||||
import ssl
|
||||
import sys
|
||||
|
||||
|
||||
def encode_name(name):
|
||||
parts = name.rstrip(".").split(".")
|
||||
return b"".join(bytes([len(p)]) + p.encode() for p in parts) + b"\x00"
|
||||
|
||||
|
||||
def build_query(tid, qname, qtype):
|
||||
flags = 0x0100
|
||||
qdcount = 1
|
||||
header = struct.pack(">HHHHHH", tid, flags, qdcount, 0, 0, 0)
|
||||
qname_enc = encode_name(qname)
|
||||
question = qname_enc + struct.pack(">HH", qtype, 1)
|
||||
return header + question
|
||||
|
||||
|
||||
def parse_response(data):
|
||||
if len(data) < 12:
|
||||
return [], -1
|
||||
flags = struct.unpack(">H", data[2:4])[0]
|
||||
rcode = flags & 0x0F
|
||||
qdcount = struct.unpack(">H", data[4:6])[0]
|
||||
ancount = struct.unpack(">H", data[6:8])[0]
|
||||
|
||||
pos = 12
|
||||
for _ in range(qdcount):
|
||||
while data[pos] != 0:
|
||||
if data[pos] & 0xC0:
|
||||
pos += 2
|
||||
break
|
||||
pos += data[pos] + 1
|
||||
else:
|
||||
pos += 1
|
||||
pos += 4
|
||||
|
||||
answers = []
|
||||
for _ in range(ancount):
|
||||
if data[pos] & 0xC0:
|
||||
pos += 2
|
||||
else:
|
||||
while data[pos] != 0:
|
||||
pos += data[pos] + 1
|
||||
pos += 1
|
||||
rtype, rclass, ttl, rdlength = struct.unpack(">HHIH", data[pos:pos + 10])
|
||||
pos += 10
|
||||
rdata = data[pos:pos + rdlength]
|
||||
pos += rdlength
|
||||
answers.append((rtype, rdata))
|
||||
|
||||
return answers, rcode
|
||||
|
||||
|
||||
def main():
|
||||
if len(sys.argv) < 5:
|
||||
print(f"Usage: {sys.argv[0]} host port qname qtype [expected_ip]")
|
||||
sys.exit(1)
|
||||
|
||||
host = sys.argv[1]
|
||||
port = int(sys.argv[2])
|
||||
qname = sys.argv[3]
|
||||
qtype_str = sys.argv[4]
|
||||
expected = sys.argv[5] if len(sys.argv) > 5 else None
|
||||
|
||||
qtype_map = {"A": 1, "AAAA": 28}
|
||||
qtype = qtype_map.get(qtype_str, 1)
|
||||
|
||||
query = build_query(0x1234, qname, qtype)
|
||||
|
||||
ctx = ssl.create_default_context()
|
||||
ctx.check_hostname = False
|
||||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
try:
|
||||
with socket.create_connection((host, port), timeout=5) as sock:
|
||||
with ctx.wrap_socket(sock, server_hostname=host) as tls_sock:
|
||||
# TCP DNS: 2-byte length prefix
|
||||
tls_sock.sendall(struct.pack(">H", len(query)) + query)
|
||||
raw = tls_sock.recv(2)
|
||||
if len(raw) < 2:
|
||||
print("ERROR: short response header")
|
||||
sys.exit(1)
|
||||
msglen = struct.unpack(">H", raw)[0]
|
||||
data = b""
|
||||
while len(data) < msglen:
|
||||
chunk = tls_sock.recv(msglen - len(data))
|
||||
if not chunk:
|
||||
break
|
||||
data += chunk
|
||||
except Exception as e:
|
||||
print(f"ERROR: {e}")
|
||||
sys.exit(1)
|
||||
|
||||
if not data:
|
||||
print("ERROR: empty response")
|
||||
sys.exit(1)
|
||||
|
||||
answers, rcode = parse_response(data)
|
||||
print(f"Got {len(answers)} answer(s), rcode={rcode}")
|
||||
|
||||
for rtype, rdata in answers:
|
||||
if rtype == 1 and len(rdata) == 4:
|
||||
ip = socket.inet_ntoa(rdata)
|
||||
print(f" A {ip}")
|
||||
elif rtype == 28 and len(rdata) == 16:
|
||||
ip6 = socket.inet_ntop(socket.AF_INET6, rdata)
|
||||
print(f" AAAA {ip6}")
|
||||
else:
|
||||
print(f" TYPE={rtype} RDATA={rdata.hex()}")
|
||||
|
||||
if expected:
|
||||
for rtype, rdata in answers:
|
||||
if rtype == 1 and len(rdata) == 4:
|
||||
ip = socket.inet_ntoa(rdata)
|
||||
if ip == expected:
|
||||
print(f"MATCH: expected {expected}")
|
||||
sys.exit(0)
|
||||
elif rtype == 28 and len(rdata) == 16:
|
||||
ip6 = socket.inet_ntop(socket.AF_INET6, rdata)
|
||||
if ip6 == expected:
|
||||
print(f"MATCH: expected {expected}")
|
||||
sys.exit(0)
|
||||
print(f"NO MATCH: expected {expected}")
|
||||
sys.exit(1)
|
||||
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
import socket
|
||||
import sys
|
||||
import time
|
||||
|
||||
|
||||
def main():
|
||||
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
|
||||
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080
|
||||
idle_timeout = int(sys.argv[3]) if len(sys.argv) > 3 else 3
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.settimeout(10)
|
||||
s.connect((host, port))
|
||||
|
||||
# CONNECT to echo server
|
||||
req = b"CONNECT tcp-echo:5678 HTTP/1.1\r\nHost: tcp-echo:5678\r\n\r\n"
|
||||
s.sendall(req)
|
||||
|
||||
# Read 200 OK response
|
||||
resp = b""
|
||||
while b"\r\n\r\n" not in resp:
|
||||
chunk = s.recv(4096)
|
||||
if not chunk:
|
||||
break
|
||||
resp += chunk
|
||||
|
||||
if b"200" not in resp:
|
||||
print(f"FAIL: expected 200, got {resp.decode(errors='replace')}")
|
||||
sys.exit(1)
|
||||
|
||||
# Send an HTTP GET through the CONNECT tunnel. The tunnel target
|
||||
# is an HTTP echo server (BaseHTTPRequestHandler), so we must speak
|
||||
# HTTP or the connection closes.
|
||||
req = b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n"
|
||||
s.sendall(req)
|
||||
data = b""
|
||||
while b"hello-gost" not in data:
|
||||
chunk = s.recv(4096)
|
||||
if not chunk:
|
||||
break
|
||||
data += chunk
|
||||
if b"hello-gost" not in data:
|
||||
print(f"FAIL: expected hello-gost echo, got {data!r}")
|
||||
sys.exit(1)
|
||||
print(f"PASS: first request through tunnel succeeded")
|
||||
|
||||
# Wait longer than idleTimeout
|
||||
wait = idle_timeout + 2
|
||||
print(f"Waiting {wait}s for idle timeout...")
|
||||
time.sleep(wait)
|
||||
|
||||
# Try to send more data — idle timeout should have closed the pipe
|
||||
try:
|
||||
s.sendall(b"ping-2\n")
|
||||
data = s.recv(4096)
|
||||
if not data:
|
||||
print("PASS: connection closed after idle timeout (empty recv)")
|
||||
sys.exit(0)
|
||||
# Got data means the pipe is still alive
|
||||
print(f"FAIL: connection still alive after idle timeout, got {data!r}")
|
||||
sys.exit(1)
|
||||
except (socket.timeout, ConnectionResetError, BrokenPipeError, OSError) as e:
|
||||
print(f"PASS: connection closed after idle timeout: {e}")
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
import socket
|
||||
import struct
|
||||
import sys
|
||||
|
||||
|
||||
UDP_ECHO_HOST = "udp-echo"
|
||||
UDP_ECHO_PORT = 5679
|
||||
|
||||
|
||||
def encode_socks5_addr(host, port):
|
||||
"""Encode (host, port) as SOCKS5 ADDRESS + PORT.
|
||||
|
||||
Uses ATYP=3 (domain name) so Docker DNS resolves the host.
|
||||
Returns (atyp, address_bytes, port_bytes).
|
||||
"""
|
||||
host_bytes = host.encode()
|
||||
addr_bytes = struct.pack("!B", len(host_bytes)) + host_bytes
|
||||
port_bytes = struct.pack("!H", port)
|
||||
return 0x03, addr_bytes, port_bytes
|
||||
|
||||
|
||||
def build_udp_frame(payload, host, port):
|
||||
"""Build a SOCKS5 UDP relay frame over TCP.
|
||||
|
||||
gost HTTP UDP relay uses RSV=data-length and FRAG=0xff.
|
||||
Frame: [RSV:2][FRAG:1][ATYP:1][DST.ADDR][DST.PORT:2][DATA]
|
||||
"""
|
||||
atyp, addr_bytes, port_bytes = encode_socks5_addr(host, port)
|
||||
rsv = struct.pack("!H", len(payload))
|
||||
frag = b"\xff"
|
||||
atyp_byte = struct.pack("!B", atyp)
|
||||
return rsv + frag + atyp_byte + addr_bytes + port_bytes + payload
|
||||
|
||||
|
||||
def recvn(sock, n):
|
||||
"""Receive exactly n bytes from socket."""
|
||||
buf = b""
|
||||
while len(buf) < n:
|
||||
chunk = sock.recv(n - len(buf))
|
||||
if not chunk:
|
||||
raise ConnectionError("connection closed while reading")
|
||||
buf += chunk
|
||||
return buf
|
||||
|
||||
|
||||
def read_socks5_frame(sock):
|
||||
"""Read one SOCKS5 UDP relay frame from the TCP connection.
|
||||
|
||||
Returns (addr, port, data).
|
||||
"""
|
||||
# Read header: RSV(2) + FRAG(1) + ATYP(1)
|
||||
header = recvn(sock, 4)
|
||||
rsv = struct.unpack("!H", header[:2])[0]
|
||||
frag = header[2]
|
||||
atyp = header[3]
|
||||
|
||||
# Read address based on ATYP
|
||||
if atyp == 1: # IPv4
|
||||
addr_bytes = recvn(sock, 4)
|
||||
addr = socket.inet_ntoa(addr_bytes)
|
||||
elif atyp == 3: # Domain name
|
||||
domain_len = recvn(sock, 1)
|
||||
addr = recvn(sock, domain_len[0]).decode()
|
||||
elif atyp == 4: # IPv6
|
||||
addr_bytes = recvn(sock, 16)
|
||||
addr = socket.inet_ntop(socket.AF_INET6, addr_bytes)
|
||||
else:
|
||||
raise ValueError(f"unknown ATYP: {atyp}")
|
||||
|
||||
port_bytes = recvn(sock, 2)
|
||||
port = struct.unpack("!H", port_bytes)[0]
|
||||
|
||||
# Read data
|
||||
if rsv > 0:
|
||||
data = recvn(sock, rsv)
|
||||
else:
|
||||
# Standard SOCKS5 UDP: read remaining
|
||||
data = b""
|
||||
while True:
|
||||
chunk = sock.recv(4096)
|
||||
if not chunk:
|
||||
break
|
||||
data += chunk
|
||||
|
||||
return addr, port, data
|
||||
|
||||
|
||||
def main():
|
||||
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
|
||||
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.settimeout(10)
|
||||
s.connect((host, port))
|
||||
|
||||
# Send CONNECT with X-Gost-Protocol: udp
|
||||
req = (
|
||||
b"CONNECT 0.0.0.0:0 HTTP/1.1\r\n"
|
||||
b"Host: 0.0.0.0:0\r\n"
|
||||
b"X-Gost-Protocol: udp\r\n"
|
||||
b"Proxy-Connection: keep-alive\r\n"
|
||||
b"\r\n"
|
||||
)
|
||||
s.sendall(req)
|
||||
|
||||
# Read 200 OK
|
||||
resp = b""
|
||||
while b"\r\n\r\n" not in resp:
|
||||
chunk = s.recv(4096)
|
||||
if not chunk:
|
||||
break
|
||||
resp += chunk
|
||||
|
||||
if b"200" not in resp:
|
||||
print(f"FAIL: expected 200, got {resp.decode(errors='replace')}")
|
||||
sys.exit(1)
|
||||
|
||||
# Build and send UDP relay frame
|
||||
payload = b"hello-gost"
|
||||
frame = build_udp_frame(payload, UDP_ECHO_HOST, UDP_ECHO_PORT)
|
||||
s.sendall(frame)
|
||||
|
||||
# Read response frame
|
||||
addr, rport, data = read_socks5_frame(s)
|
||||
|
||||
if b"hello-gost" in data:
|
||||
print(f"PASS: received expected data from {addr}:{rport}")
|
||||
sys.exit(0)
|
||||
else:
|
||||
print(f"FAIL: expected hello-gost in response, got {data!r}")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||
|
||||
|
||||
class Handler(BaseHTTPRequestHandler):
|
||||
def do_GET(self):
|
||||
body = b"hello-gost"
|
||||
self.send_response(200)
|
||||
self.send_header("Content-Length", str(len(body)))
|
||||
self.end_headers()
|
||||
self.wfile.write(body)
|
||||
|
||||
def log_message(self, format, *args):
|
||||
return
|
||||
|
||||
|
||||
HTTPServer(("0.0.0.0", 5678), Handler).serve_forever()
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
import socket
|
||||
import sys
|
||||
import time
|
||||
|
||||
|
||||
def main():
|
||||
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
|
||||
port = int(sys.argv[2]) if len(sys.argv) > 2 else 8000
|
||||
idle_timeout = int(sys.argv[3]) if len(sys.argv) > 3 else 3
|
||||
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.settimeout(10)
|
||||
s.connect((host, port))
|
||||
|
||||
# Send an HTTP GET request — the forward handler pipes us to tcp-echo:5678
|
||||
req = b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n"
|
||||
s.sendall(req)
|
||||
|
||||
# Read response — should contain "hello-gost" (echo server reply)
|
||||
resp = b""
|
||||
while b"hello-gost" not in resp:
|
||||
chunk = s.recv(4096)
|
||||
if not chunk:
|
||||
break
|
||||
resp += chunk
|
||||
|
||||
if b"hello-gost" not in resp:
|
||||
print(f"FAIL: expected hello-gost in response, got {resp.decode(errors='replace')}")
|
||||
sys.exit(1)
|
||||
print(f"PASS: first request through forward pipe succeeded")
|
||||
|
||||
# Wait longer than idleTimeout
|
||||
wait = idle_timeout + 2
|
||||
print(f"Waiting {wait}s for idle timeout...")
|
||||
time.sleep(wait)
|
||||
|
||||
# Try to send more data — idle timeout should have closed the pipe
|
||||
try:
|
||||
s.sendall(b"GET / HTTP/1.0\r\nHost: tcp-echo\r\n\r\n")
|
||||
data = s.recv(4096)
|
||||
if not data:
|
||||
print("PASS: connection closed after idle timeout (empty recv)")
|
||||
sys.exit(0)
|
||||
# Got data means the pipe is still alive
|
||||
print(f"FAIL: connection still alive after idle timeout, got {data!r}")
|
||||
sys.exit(1)
|
||||
except (socket.timeout, ConnectionResetError, BrokenPipeError, OSError) as e:
|
||||
print(f"PASS: connection closed after idle timeout: {e}")
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
import socket
|
||||
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
sock.bind(("0.0.0.0", 5679))
|
||||
|
||||
while True:
|
||||
data, addr = sock.recvfrom(2048)
|
||||
sock.sendto(data, addr)
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
import socket
|
||||
import sys
|
||||
|
||||
|
||||
def main():
|
||||
host = sys.argv[1] if len(sys.argv) > 1 else "127.0.0.1"
|
||||
port = int(sys.argv[2]) if len(sys.argv) > 2 else 9000
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
sock.settimeout(5)
|
||||
|
||||
payload = b"hello-gost-udp"
|
||||
sock.sendto(payload, (host, port))
|
||||
|
||||
data, addr = sock.recvfrom(2048)
|
||||
if data == payload:
|
||||
print("PASS: received echo")
|
||||
sys.exit(0)
|
||||
else:
|
||||
print(f"FAIL: expected {payload!r}, got {data!r}")
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
@ -0,0 +1,160 @@
|
|||
package e2e
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
)
|
||||
|
||||
type ShadowsocksSuite struct {
|
||||
suite.Suite
|
||||
ctx context.Context
|
||||
echoC testcontainers.Container
|
||||
echoIP string
|
||||
udpC testcontainers.Container
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) SetupSuite() {
|
||||
s.ctx = context.Background()
|
||||
|
||||
s.T().Logf("start tcp echo container...")
|
||||
echoC, err := RunEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.echoC = echoC
|
||||
|
||||
echoIP, err := echoC.ContainerIP(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
s.echoIP = echoIP
|
||||
|
||||
s.T().Logf("start udp echo container...")
|
||||
udpC, err := RunUDPEchoContainer(s.ctx, SharedNetworkName)
|
||||
s.Require().NoError(err)
|
||||
s.udpC = udpC
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TearDownSuite() {
|
||||
if s.echoC != nil {
|
||||
s.echoC.Terminate(s.ctx)
|
||||
}
|
||||
if s.udpC != nil {
|
||||
s.udpC.Terminate(s.ctx)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TestShadowsocksTCP() {
|
||||
s.runTCPCase("aes256gcm", "testdata/shadowsocks/tcp_server_aes256gcm.yaml", "testdata/shadowsocks/tcp_client_aes256gcm.yaml")
|
||||
s.runTCPCase("chacha20", "testdata/shadowsocks/tcp_server_chacha20.yaml", "testdata/shadowsocks/tcp_client_chacha20.yaml")
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TestShadowsocks2022TCP() {
|
||||
s.runTCPCase("2022-aes128", "testdata/shadowsocks/tcp_server_2022_aes128.yaml", "testdata/shadowsocks/tcp_client_2022_aes128.yaml")
|
||||
s.runTCPCase("2022-aes256", "testdata/shadowsocks/tcp_server_2022_aes256.yaml", "testdata/shadowsocks/tcp_client_2022_aes256.yaml")
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TestShadowsocks2022TCPMultiPSK() {
|
||||
s.runTCPCase("2022-aes128-multipsk", "testdata/shadowsocks/tcp_server_2022_aes128_multipsk.yaml", "testdata/shadowsocks/tcp_client_2022_aes128_multipsk.yaml")
|
||||
s.runTCPCase("2022-aes256-multipsk", "testdata/shadowsocks/tcp_server_2022_aes256_multipsk.yaml", "testdata/shadowsocks/tcp_client_2022_aes256_multipsk.yaml")
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TestShadowsocksUDP() {
|
||||
s.runUDPCase("aes256gcm", "testdata/shadowsocks/udp_server_aes256gcm.yaml", "testdata/shadowsocks/udp_client_aes256gcm.yaml")
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) TestShadowsocks2022UDP() {
|
||||
s.runUDPCase("2022-aes128", "testdata/shadowsocks/udp_server_2022_aes128.yaml", "testdata/shadowsocks/udp_client_2022_aes128.yaml")
|
||||
s.runUDPCase("2022-aes256", "testdata/shadowsocks/udp_server_2022_aes256.yaml", "testdata/shadowsocks/udp_client_2022_aes256.yaml")
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) runUDPCase(name, serverConfig, clientConfig string) {
|
||||
s.T().Run(name, func(t *testing.T) {
|
||||
serverAlias := name + "-ssu-server"
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName, serverConfig, []string{serverAlias}, []string{"8389/udp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig(clientConfig, ConfigData{ServerAddr: serverAlias + ":8389"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(
|
||||
s.ctx,
|
||||
SharedNetworkName,
|
||||
rendered,
|
||||
"9000/udp",
|
||||
)
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
host, err := clientC.Host(s.ctx)
|
||||
s.Require().NoError(err)
|
||||
port, err := clientC.MappedPort(s.ctx, "9000/udp")
|
||||
s.Require().NoError(err)
|
||||
|
||||
conn, err := net.DialTimeout("udp", net.JoinHostPort(host, port.Port()), 5*time.Second)
|
||||
s.Require().NoError(err)
|
||||
defer conn.Close()
|
||||
|
||||
payload := []byte("hello-gost-udp")
|
||||
buf := make([]byte, 2048)
|
||||
var n int
|
||||
for i := range 5 {
|
||||
_, err = conn.Write(payload)
|
||||
s.Require().NoError(err)
|
||||
_ = conn.SetReadDeadline(time.Now().Add(2 * time.Second))
|
||||
n, err = conn.Read(buf)
|
||||
if err == nil {
|
||||
break
|
||||
}
|
||||
s.T().Logf("udp read attempt %d failed: %v, retrying...", i+1, err)
|
||||
time.Sleep(2 * time.Second)
|
||||
}
|
||||
if err != nil {
|
||||
DumpLogs(s.T(), s.ctx, name+" udp client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, name+" udp server logs", serverC)
|
||||
}
|
||||
s.Require().NoError(err)
|
||||
s.Require().Contains(string(buf[:n]), "hello-gost")
|
||||
})
|
||||
}
|
||||
|
||||
func TestShadowsocksSuite(t *testing.T) {
|
||||
suite.Run(t, new(ShadowsocksSuite))
|
||||
}
|
||||
|
||||
func (s *ShadowsocksSuite) runTCPCase(name, serverConfig, clientConfig string) {
|
||||
s.T().Run(name, func(t *testing.T) {
|
||||
serverAlias := name + "-ss-server"
|
||||
serverC, err := RunGostContainerWithOptions(s.ctx, SharedNetworkName, serverConfig, []string{serverAlias}, []string{"8388/tcp"})
|
||||
s.Require().NoError(err)
|
||||
defer serverC.Terminate(s.ctx)
|
||||
|
||||
rendered, err := RenderConfig(clientConfig, ConfigData{ServerAddr: serverAlias + ":8388"})
|
||||
s.Require().NoError(err)
|
||||
defer os.Remove(rendered)
|
||||
|
||||
clientC, err := RunGostContainerWithPorts(s.ctx, SharedNetworkName, rendered, "8080/tcp")
|
||||
s.Require().NoError(err)
|
||||
defer clientC.Terminate(s.ctx)
|
||||
|
||||
cmd := []string{"curl", "-v", "-s", "-x", "http://127.0.0.1:8080", fmt.Sprintf("http://%s:5678", s.echoIP)}
|
||||
code, out, err := clientC.Exec(s.ctx, cmd)
|
||||
s.Require().NoError(err)
|
||||
|
||||
body, err := io.ReadAll(out)
|
||||
s.Require().NoError(err)
|
||||
if code != 0 || !strings.Contains(string(body), "hello-gost") {
|
||||
DumpLogs(s.T(), s.ctx, name+" client logs", clientC)
|
||||
DumpLogs(s.T(), s.ctx, name+" server logs", serverC)
|
||||
}
|
||||
s.Require().Equal(0, code)
|
||||
s.Require().Contains(string(body), "hello-gost")
|
||||
})
|
||||
}
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: udp://dns-server:5353
|
||||
timeout: 5s
|
||||
listener:
|
||||
type: dns
|
||||
bypass: block-example
|
||||
|
||||
bypasses:
|
||||
- name: block-example
|
||||
matchers:
|
||||
- test.example.com
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: udp://127.0.0.1:1
|
||||
timeout: 2s
|
||||
listener:
|
||||
type: dns
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
# Unreachable upstream so the system-DNS fallback is bypassed.
|
||||
# The host mapper resolves mapped names before the exchanger is
|
||||
# reached; unmapped names must hit the exchanger and fail.
|
||||
dns: udp://127.0.0.1:1
|
||||
timeout: 2s
|
||||
listener:
|
||||
type: dns
|
||||
hosts: my-hosts
|
||||
|
||||
hosts:
|
||||
- name: my-hosts
|
||||
mappings:
|
||||
- ip: 10.0.0.100
|
||||
hostname: mapped.example.com
|
||||
- ip: 192.168.1.200
|
||||
hostname: aaaa.mapped.example.com
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: udp://dns-server:5353
|
||||
timeout: 5s
|
||||
listener:
|
||||
type: dns
|
||||
rlimiter: limiter-0
|
||||
|
||||
rlimiters:
|
||||
- name: limiter-0
|
||||
limits:
|
||||
- "$ 1000"
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: tcp://dns-server:5353
|
||||
timeout: 5s
|
||||
listener:
|
||||
type: dns
|
||||
metadata:
|
||||
mode: tcp
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: udp://dns-server:5353
|
||||
timeout: 5s
|
||||
listener:
|
||||
type: dns
|
||||
metadata:
|
||||
mode: tls
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: dns
|
||||
addr: :1053
|
||||
handler:
|
||||
type: dns
|
||||
metadata:
|
||||
dns: udp://dns-server:5353
|
||||
timeout: 5s
|
||||
listener:
|
||||
type: dns
|
||||
|
|
@ -0,0 +1 @@
|
|||
<html><body>gost file index</body></html>
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
services:
|
||||
- name: file-server
|
||||
addr: :8080
|
||||
handler:
|
||||
type: file
|
||||
metadata:
|
||||
file.dir: /srv/files
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
services:
|
||||
- name: file-server-auth
|
||||
addr: :8080
|
||||
handler:
|
||||
type: file
|
||||
auther: auther-0
|
||||
metadata:
|
||||
file.dir: /srv/files
|
||||
listener:
|
||||
type: tcp
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: file-server-put
|
||||
addr: :8080
|
||||
handler:
|
||||
type: file
|
||||
metadata:
|
||||
file.dir: /srv/files
|
||||
file.put: true
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
services:
|
||||
- name: forward-tcp
|
||||
addr: :8000
|
||||
handler:
|
||||
type: tcp
|
||||
listener:
|
||||
type: tcp
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: tcp-echo:5678
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: forward-tcp
|
||||
addr: :8000
|
||||
handler:
|
||||
type: tcp
|
||||
metadata:
|
||||
sniffing: true
|
||||
sniffing.timeout: 2s
|
||||
listener:
|
||||
type: tcp
|
||||
bypass: block-all
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: tcp-echo:5678
|
||||
|
||||
bypasses:
|
||||
- name: block-all
|
||||
matchers:
|
||||
- 0.0.0.0/0
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
services:
|
||||
- name: forward-tcp
|
||||
addr: :8000
|
||||
handler:
|
||||
type: tcp
|
||||
metadata:
|
||||
idleTimeout: 3s
|
||||
listener:
|
||||
type: tcp
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: tcp-echo:5678
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
services:
|
||||
- name: forward-tcp
|
||||
addr: :8000
|
||||
handler:
|
||||
type: tcp
|
||||
metadata:
|
||||
sniffing: true
|
||||
sniffing.timeout: 2s
|
||||
listener:
|
||||
type: tcp
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo-http
|
||||
addr: tcp-echo:5678
|
||||
protocol: http
|
||||
- name: echo-tls
|
||||
addr: tcp-echo:1
|
||||
protocol: tls
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
services:
|
||||
- name: forward-tcp
|
||||
addr: :8000
|
||||
handler:
|
||||
type: tcp
|
||||
metadata:
|
||||
sniffing: true
|
||||
sniffing.timeout: 2s
|
||||
listener:
|
||||
type: tcp
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: tcp-echo:5678
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
services:
|
||||
- name: udp-forward
|
||||
addr: :9000
|
||||
handler:
|
||||
type: udp
|
||||
listener:
|
||||
type: udp
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: udp-echo:5679
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
services:
|
||||
- name: udp-forward
|
||||
addr: :9000
|
||||
handler:
|
||||
type: udp
|
||||
metadata:
|
||||
stateless: true
|
||||
listener:
|
||||
type: udp
|
||||
metadata:
|
||||
stateless: true
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: echo
|
||||
addr: udp-echo:5679
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: http-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: http-chain
|
||||
hops:
|
||||
- name: hop-0
|
||||
nodes:
|
||||
- name: node-0
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: http-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: http-chain
|
||||
hops:
|
||||
- name: hop-0
|
||||
nodes:
|
||||
- name: node-0
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http
|
||||
auth:
|
||||
username: user
|
||||
password: pass
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: https-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: https-chain
|
||||
hops:
|
||||
- name: hop-0
|
||||
nodes:
|
||||
- name: node-0
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http
|
||||
dialer:
|
||||
type: tls
|
||||
|
|
@ -0,0 +1 @@
|
|||
<html><body>decoy-response</body></html>
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: http-proxy-auth
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
# authBasicRealm: custom realm in 407 Proxy-Authenticate header
|
||||
authBasicRealm: gost-e2e-realm
|
||||
listener:
|
||||
type: tcp
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
services:
|
||||
- name: http-connect
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
metadata:
|
||||
# sniffing: enable protocol sniffing on CONNECT tunnels
|
||||
sniffing: true
|
||||
# sniffing.timeout: timeout for initial sniff read (2s)
|
||||
sniffing.timeout: 2s
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
bypasses:
|
||||
- name: bypass-0
|
||||
matchers:
|
||||
- 0.0.0.0/0
|
||||
|
||||
services:
|
||||
- name: http-connect-bypass
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
listener:
|
||||
type: tcp
|
||||
bypass: bypass-0
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
bypasses:
|
||||
- name: bypass-0
|
||||
matchers:
|
||||
- 0.0.0.0/0
|
||||
|
||||
services:
|
||||
- name: http-headers
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
header:
|
||||
X-Proxy-Info: gost-e2e
|
||||
X-Custom: test-value
|
||||
proxyAgent: gost-e2e/1.0
|
||||
listener:
|
||||
type: tcp
|
||||
bypass: bypass-0
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
services:
|
||||
- name: http-idle
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
metadata:
|
||||
idleTimeout: 3s
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: http-proxy-meta
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
# probeResist: decoy response on auth failure (code:404 hides the proxy)
|
||||
probeResist: code:404
|
||||
# keepalive: enable HTTP keep-alive on upstream transport (parse test)
|
||||
keepalive: true
|
||||
# compression: enable HTTP compression on upstream transport (parse test)
|
||||
compression: true
|
||||
listener:
|
||||
type: tcp
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
probeResist: file:/tmp/decoy.html
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
probeResist: host:tcp-echo:5678
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
probeResist: code:404
|
||||
knock: secret.example.com
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
metadata:
|
||||
probeResist: web:tcp-echo:5678
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
services:
|
||||
- name: https-server
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http
|
||||
listener:
|
||||
type: tls
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
services:
|
||||
- name: http-udp
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
metadata:
|
||||
udp: true
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: h2-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: h2-chain
|
||||
hops:
|
||||
- name: hop-0
|
||||
nodes:
|
||||
- name: node-0
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http2
|
||||
dialer:
|
||||
type: http2
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: h2-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: h2-chain
|
||||
hops:
|
||||
- name: hop-0
|
||||
nodes:
|
||||
- name: node-0
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http2
|
||||
auth:
|
||||
username: user
|
||||
password: pass
|
||||
dialer:
|
||||
type: http2
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
services:
|
||||
- name: h2-proxy
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http2
|
||||
listener:
|
||||
type: http2
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
services:
|
||||
- name: h2-proxy-auth
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http2
|
||||
auther: auther-0
|
||||
metadata:
|
||||
# authBasicRealm: custom realm in 407 Proxy-Authenticate header
|
||||
authBasicRealm: gost-e2e-realm
|
||||
# hash: pin upstream selection by request host (metadata parse coverage)
|
||||
hash: host
|
||||
listener:
|
||||
type: http2
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
bypasses:
|
||||
- name: bypass-0
|
||||
matchers:
|
||||
- 0.0.0.0/0
|
||||
|
||||
services:
|
||||
- name: h2-proxy-bypass
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http2
|
||||
auther: auther-0
|
||||
listener:
|
||||
type: http2
|
||||
bypass: bypass-0
|
||||
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: h2-proxy-pr
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http2
|
||||
auther: auther-0
|
||||
metadata:
|
||||
# probeResist: hide the proxy behind a 404 decoy on auth failure
|
||||
probeResist: code:404
|
||||
# header: custom response headers set on proxy responses
|
||||
header:
|
||||
X-Proxy-Info: gost-e2e
|
||||
authBasicRealm: gost-e2e-realm
|
||||
listener:
|
||||
type: http2
|
||||
authers:
|
||||
- name: auther-0
|
||||
auths:
|
||||
- username: user
|
||||
password: pass
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
services:
|
||||
- name: https-mtls
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http
|
||||
auther: auther-0
|
||||
listener:
|
||||
type: tls
|
||||
tls:
|
||||
certFile: /certs/server.pem
|
||||
keyFile: /certs/server-key.pem
|
||||
caFile: /certs/ca.pem
|
||||
authers:
|
||||
- name: auther-0
|
||||
plugin:
|
||||
type: http
|
||||
addr: http://{{.ServerAddr}}:9000/auth
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
services:
|
||||
- name: proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: my-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
- name: dummy-1
|
||||
addr: :18081
|
||||
handler:
|
||||
type: http
|
||||
|
||||
chains:
|
||||
- name: my-chain
|
||||
hops:
|
||||
- name: hop-1
|
||||
selector:
|
||||
strategy: parallel
|
||||
nodes:
|
||||
- name: node-1
|
||||
addr: 127.0.0.1:18081
|
||||
connector:
|
||||
type: http
|
||||
# non existed node
|
||||
- name: node-2
|
||||
addr: 127.0.0.1:18082
|
||||
connector:
|
||||
type: http
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: pht-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: pht-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: pht-chain
|
||||
hops:
|
||||
- name: pht-hop
|
||||
nodes:
|
||||
- name: pht-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http
|
||||
dialer:
|
||||
type: pht
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
services:
|
||||
- name: phts-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: phts-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: phts-chain
|
||||
hops:
|
||||
- name: phts-hop
|
||||
nodes:
|
||||
- name: phts-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: http
|
||||
dialer:
|
||||
type: phts
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
services:
|
||||
- name: pht-server
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http
|
||||
listener:
|
||||
type: pht
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
services:
|
||||
- name: phts-server
|
||||
addr: :8443
|
||||
handler:
|
||||
type: http
|
||||
listener:
|
||||
type: phts
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-128-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-128-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1Ng==:Vbwi6yqCwvPMPR1bCi32Dg==
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-256-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-256-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=:YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: aes-256-gcm
|
||||
password: secret
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
services:
|
||||
- name: http-proxy
|
||||
addr: :8080
|
||||
handler:
|
||||
type: http
|
||||
chain: ss-tcp-chain
|
||||
listener:
|
||||
type: tcp
|
||||
|
||||
chains:
|
||||
- name: ss-tcp-chain
|
||||
hops:
|
||||
- name: ss-hop
|
||||
nodes:
|
||||
- name: ss-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ss
|
||||
auth:
|
||||
username: chacha20-ietf-poly1305
|
||||
password: secret
|
||||
dialer:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-128-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-128-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
|
||||
metadata:
|
||||
users:
|
||||
test: Vbwi6yqCwvPMPR1bCi32Dg==
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-256-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: 2022-blake3-aes-256-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4OTAxMjM0NTY=
|
||||
metadata:
|
||||
users:
|
||||
test: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: aes-256-gcm
|
||||
password: secret
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
services:
|
||||
- name: ss-server
|
||||
addr: :8388
|
||||
handler:
|
||||
type: ss
|
||||
auth:
|
||||
username: chacha20-ietf-poly1305
|
||||
password: secret
|
||||
listener:
|
||||
type: tcp
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
services:
|
||||
- name: udp-proxy
|
||||
addr: :9000
|
||||
handler:
|
||||
type: udp
|
||||
chain: ssu-chain
|
||||
forwarder:
|
||||
nodes:
|
||||
- name: udp-echo
|
||||
addr: udp-echo:5679
|
||||
listener:
|
||||
type: udp
|
||||
|
||||
chains:
|
||||
- name: ssu-chain
|
||||
hops:
|
||||
- name: ssu-hop
|
||||
nodes:
|
||||
- name: ssu-node
|
||||
addr: {{.ServerAddr}}
|
||||
connector:
|
||||
type: ssu
|
||||
auth:
|
||||
username: 2022-blake3-aes-128-gcm
|
||||
password: MTIzNDU2Nzg5MDEyMzQ1Ng==
|
||||
dialer:
|
||||
type: udp
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue