tag/v0.1.12/README.md

# l4p

> Hey, now we are on level 4!

![CI](https://drone-ci.kiers.eu/api/badges/jjkiers/layer4-proxy/status.svg)

`l4p` is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP data to remote addresses (only TCP) according to the configuration.

## Features

- Listen on specific port and proxy to local or remote port
- SNI-based rule without terminating TLS connection
- DNS-based backend with periodic resolution

## Installation

To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).

```bash
$ cd l4p
$ cargo build --release
```

Binary file will be generated at `target/release/l4p`, or you can use `cargo install --path .` to install.

Or you can use Cargo to install `l4p`:

```bash
$ cargo install l4p
```

Or you can download binary file form the Release page.

## Features

- Listen on specific port and proxy to local or remote port
- SNI-based rule without terminating TLS connection
- Wildcard SNI matching with DNS-style longest-suffix-match
- DNS-based backend with periodic resolution

## Configuration

`l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:

```yaml
version: 1
log: info

servers:
  proxy_server:
    listen:
      - "127.0.0.1:8081"
    default: remote

upstream:
  remote: "tcp://www.remote.example.com:8082" # proxy to remote address
```

There are two upstreams built in:
* Ban, which terminates the connection immediately
* Echo, which reflects back with the input

For detailed configuration, check [this example](./config.yaml.example).

### SNI Matching

The proxy supports both exact and wildcard SNI patterns in the `sni` config. Wildcards use DNS-style longest-suffix-match: more specific patterns take precedence. For example, with `*.example.com` and `*.api.example.com`, request `api.example.com` matches the first, while `v2.api.example.com` matches the second.

Wildcards are validated against the Public Suffix List (PSL). Known suffixes (`.com`, `.org`) require at least one label below the suffix (`*.example.com` OK, `*.com` rejected). Unknown suffixes (`.local`, `.lan`) are allowed without restriction.

Invalid wildcard patterns are rejected at config load time with clear error messages.

## Thanks

- [`fourth`](https://crates.io/crates/fourth), of which this is a heavily modified fork.

## License

`l4p` is available under terms of Apache-2.0.
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`# l4p`
First commit 2021-10-21 16:43:59 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`> Hey, now we are on level 4!`
First commit 2021-10-21 16:43:59 +08:00
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`![CI](https://drone-ci.kiers.eu/api/badges/jjkiers/layer4-proxy/status.svg)`
Add Crates.io and CI badges 2021-10-25 22:29:02 +08:00
Remove kcp support Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-23 22:49:43 +01:00			`l4p` is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP data to remote addresses (only TCP) according to the configuration.
Publish 0.1.3 and update README 2021-10-26 23:58:00 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`## Features`
First commit 2021-10-21 16:43:59 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`- Listen on specific port and proxy to local or remote port`
			`- SNI-based rule without terminating TLS connection`
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`- DNS-based backend with periodic resolution`
First commit 2021-10-21 16:43:59 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`## Installation`
First commit 2021-10-21 16:43:59 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).`
First commit 2021-10-21 16:43:59 +08:00
			```bash
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`$ cd l4p`
First commit 2021-10-21 16:43:59 +08:00			`$ cargo build --release`
			```

Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			Binary file will be generated at `target/release/l4p`, or you can use `cargo install --path .` to install.
First commit 2021-10-21 16:43:59 +08:00
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			Or you can use Cargo to install `l4p`:
Add Cargo installation method 2021-10-26 21:40:40 +08:00
			```bash
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`$ cargo install l4p`
Add Cargo installation method 2021-10-26 21:40:40 +08:00			```

Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`Or you can download binary file form the Release page.`
Add publish CI and run fmt 2021-11-01 15:56:57 +08:00
Add wildcard SNI matching 2026-04-03 00:31:05 +02:00			`## Features`

			`- Listen on specific port and proxy to local or remote port`
			`- SNI-based rule without terminating TLS connection`
			`- Wildcard SNI matching with DNS-style longest-suffix-match`
			`- DNS-based backend with periodic resolution`

Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`## Configuration`
First commit 2021-10-21 16:43:59 +08:00
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:
First commit 2021-10-21 16:43:59 +08:00
			```yaml
			`version: 1`
			`log: info`

			`servers:`
Add KCP support 2021-10-26 21:36:12 +08:00			`proxy_server:`
First commit 2021-10-21 16:43:59 +08:00			`listen:`
			`- "127.0.0.1:8081"`
			`default: remote`

			`upstream:`
Add upstream scheme support Need to implement TCP and UDP upstream support. 2021-10-31 19:21:32 +08:00			`remote: "tcp://www.remote.example.com:8082" # proxy to remote address`
First commit 2021-10-21 16:43:59 +08:00			```

Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`There are two upstreams built in:`
			`* Ban, which terminates the connection immediately`
			`* Echo, which reflects back with the input`
First commit 2021-10-21 16:43:59 +08:00
Rename to l4p, update references and README.md Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-02-22 22:31:17 +01:00			`For detailed configuration, check [this example](./config.yaml.example).`
First commit 2021-10-21 16:43:59 +08:00
Add wildcard SNI matching 2026-04-03 00:31:05 +02:00			`### SNI Matching`

			The proxy supports both exact and wildcard SNI patterns in the `sni` config. Wildcards use DNS-style longest-suffix-match: more specific patterns take precedence. For example, with `.example.com` and `.api.example.com`, request `api.example.com` matches the first, while `v2.api.example.com` matches the second.

			Wildcards are validated against the Public Suffix List (PSL). Known suffixes (`.com`, `.org`) require at least one label below the suffix (`.example.com` OK, `.com` rejected). Unknown suffixes (`.local`, `.lan`) are allowed without restriction.

			`Invalid wildcard patterns are rejected at config load time with clear error messages.`

Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`## Thanks`
Move tokio_kcp to local files 2021-10-26 23:02:05 +08:00
Correct attribution to fourth Search and replace accidentally also renamed the original crate, called fourth. But attributions should be correct. Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-06-19 21:59:19 +02:00			- [`fourth`](https://crates.io/crates/fourth), of which this is a heavily modified fork.
Move tokio_kcp to local files 2021-10-26 23:02:05 +08:00
Make English readme the default Since I'm unable to read Chinese Signed-off-by: Jacob Kiers <code@kiers.eu> 2023-08-23 20:45:42 +02:00			`## License`
First commit 2021-10-21 16:43:59 +08:00
Correct attribution to fourth Search and replace accidentally also renamed the original crate, called fourth. But attributions should be correct. Signed-off-by: Jacob Kiers <code@kiers.eu> 2024-06-19 21:59:19 +02:00			`l4p` is available under terms of Apache-2.0.