Compare commits

...

2 Commits

Author SHA1 Message Date
9d9f89881d Improve config file handling
All checks were successful
continuous-integration/drone/push Build is passing
Signed-off-by: Jacob Kiers <code@kiers.eu>
2024-02-23 22:03:25 +01:00
ee67f7883e Rename to l4p, update references and README.md
Signed-off-by: Jacob Kiers <code@kiers.eu>
2024-02-23 22:03:25 +01:00
8 changed files with 84 additions and 142 deletions

View File

@ -1,4 +1,4 @@
local executableName = 'fourth'; local executableName = 'l4p';
local build_image = 'img.kie.rs/jjkiers/rust-cross:rust1.71.1-zig'; local build_image = 'img.kie.rs/jjkiers/rust-cross:rust1.71.1-zig';
local archs = [ local archs = [

36
Cargo.lock generated
View File

@ -134,24 +134,6 @@ dependencies = [
"percent-encoding", "percent-encoding",
] ]
[[package]]
name = "fourth"
version = "0.1.7"
dependencies = [
"async-trait",
"byte_string",
"bytes",
"futures",
"log",
"pretty_env_logger",
"serde",
"serde_yaml",
"time",
"tls-parser",
"tokio",
"url",
]
[[package]] [[package]]
name = "futures" name = "futures"
version = "0.3.30" version = "0.3.30"
@ -313,6 +295,24 @@ version = "1.0.10"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
[[package]]
name = "layer4-proxy"
version = "0.1.7"
dependencies = [
"async-trait",
"byte_string",
"bytes",
"futures",
"log",
"pretty_env_logger",
"serde",
"serde_yaml",
"time",
"tls-parser",
"tokio",
"url",
]
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.153" version = "0.2.153"

View File

@ -1,13 +1,13 @@
[package] [package]
name = "fourth" name = "layer4-proxy"
version = "0.1.7" version = "0.1.7"
edition = "2021" edition = "2021"
authors = ["LI Rui <lr_cn@outlook.com>"] authors = ["Jacob Kiers <code@kiers.eu>"]
license = "Apache-2.0" license = "Apache-2.0"
description = "Simple and fast layer 4 proxy in Rust" description = "Simple and fast layer 4 proxy in Rust"
readme = "README.md" readme = "README.md"
homepage = "https://github.com/KernelErr/fourth" homepage = "https://code.kiers.eu/jjkiers/layer4-proxy"
repository = "https://github.com/KernelErr/fourth" repository = "https://code.kiers.eu/jjkiers/layer4-proxy"
keywords = ["proxy", "network"] keywords = ["proxy", "network"]
categories = ["web-programming"] categories = ["web-programming"]
@ -15,6 +15,10 @@ categories = ["web-programming"]
exclude = [".*"] exclude = [".*"]
[[bin]]
name = "l4p"
path = "src/main.rs"
[dependencies] [dependencies]
async-trait = "0.1.73" async-trait = "0.1.73"
byte_string = "1" byte_string = "1"

View File

@ -1,80 +0,0 @@
# Fourth
> 这一波在第四层。
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml)
[English](/README-EN.md)
**积极开发中0.1版本迭代可能较快**
Fourth是一个Rust实现的Layer 4代理用于监听指定端口TCP/KCP流量并根据规则转发到指定目标目前只支持TCP
## 功能
- 监听指定端口代理到本地或远端指定端口
- 监听指定端口通过TLS ClientHello消息中的SNI进行分流
- 支持KCP入站警告未测试
## 安装方法
为了确保获得您架构下的最佳性能,请考虑自行编译,首选需要确保您拥有[Rust工具链](https://rustup.rs/)。
```bash
$ cd fourth
$ cargo build --release
```
将在`target/release/fourth`生成二进制文件,您也可以使用`cargo install --path . `来安装二进制文件。
或者您也可以使用Cargo直接安装
```bash
$ cargo install fourth
```
或者您也可以直接从Release中下载二进制文件。
## 配置
Fourth使用yaml格式的配置文件默认情况下会读取`/etc/fourth/config.yaml`,您也可以设置自定义路径到环境变量`FOURTH_CONFIG`,如下是一个最小有效配置:
```yaml
version: 1
log: info
servers:
proxy_server:
listen:
- "127.0.0.1:8081"
default: remote
upstream:
remote: "tcp://www.remote.example.com:8082" # proxy to remote address
```
内置两个的upstreamban立即中断连接、echo返回读到的数据。更详细的配置可以参考[示例配置](./example-config.yaml)。
注意:[::]会默认同时绑定IPv4和IPv6。
## 性能测试
在4C2G的服务器上测试
使用Fourth代理到Nginx直连QPS 120000: ~70000req/s (测试命令:`wrk -t200 -c1000 -d120s --latency http://proxy-server:8081 `
使用Fourth代理到本地iperf38Gbps
## io_uring?
尽管经过了很多尝试我们发现目前一些Rust下面的io_uring实现存在问题我们使用的io_uring库实现尽管在吞吐量上可以做到单线程20Gbps相比之下Tokio仅有8Gbps但在QPS上存在性能损失较大的问题。因此在有成熟的io_uring实现之前我们仍然选择epoll。之后我们会持续关注相关进展。
可能以后会为Linux高内核版本的用户提供可选的io_uring加速。
## 感谢
- [tokio_kcp](https://github.com/Matrix-Zhang/tokio_kcp)
## 协议
Fourth以Apache-2.0协议开源。

View File

@ -1,41 +1,39 @@
# Fourth # l4p
> Hey, now we are on level 4! > Hey, now we are on level 4!
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml) ![CI](https://drone-ci.kiers.eu/api/badges/jjkiers/layer4-proxy/status.svg)
**Under heavy development, version 0.1 may update frequently** `l4p` is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP/KCP data to remote addresses(only TCP) according to configuration.
Fourth is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP/KCP data to remote addresses(only TCP) according to configuration.
## Features ## Features
- Listen on specific port and proxy to local or remote port - Listen on specific port and proxy to local or remote port
- SNI-based rule without terminating TLS connection - SNI-based rule without terminating TLS connection
- Allow KCP inbound(warning: untested) - DNS-based backend with periodic resolution
## Installation ## Installation
To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/). To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).
```bash ```bash
$ cd fourth $ cd l4p
$ cargo build --release $ cargo build --release
``` ```
Binary file will be generated at `target/release/fourth`, or you can use `cargo install --path .` to install. Binary file will be generated at `target/release/l4p`, or you can use `cargo install --path .` to install.
Or you can use Cargo to install Fourth: Or you can use Cargo to install `l4p`:
```bash ```bash
$ cargo install fourth $ cargo install l4p
``` ```
Or you can download binary file form the Release page. Or you can download binary file form the Release page.
## Configuration ## Configuration
Fourth will read yaml format configuration file from `/etc/fourth/config.yaml`, and you can set custom path to environment variable `FOURTH_CONFIG`, here is an minimal viable example: `l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:
```yaml ```yaml
version: 1 version: 1
@ -51,20 +49,16 @@ upstream:
remote: "tcp://www.remote.example.com:8082" # proxy to remote address remote: "tcp://www.remote.example.com:8082" # proxy to remote address
``` ```
Built-in two upstreams: ban(terminate connection immediately), echo. For detailed configuration, check [this example](./example-config.yaml). There are two upstreams built in:
* Ban, which terminates the connection immediately
* Echo, which reflects back with the input
## Performance Benchmark For detailed configuration, check [this example](./config.yaml.example).
Tested on 4C2G server:
Use fourth to proxy to Nginx(QPS of direct connection: ~120000): ~70000 req/s (Command: `wrk -t200 -c1000 -d120s --latency http://proxy-server:8081`)
Use fourth to proxy to local iperf3: 8Gbps
## Thanks ## Thanks
- [tokio_kcp](https://github.com/Matrix-Zhang/tokio_kcp) - [`l4p`](https://crates.io/crates/`l4p`), of which this is a heavily modified fork.
## License ## License
Fourth is available under terms of Apache-2.0. `l4p` is available under terms of Apache-2.0.

View File

@ -2,15 +2,20 @@ version: 1
log: debug log: debug
servers: servers:
example_server: first_server:
listen: listen:
- "0.0.0.0:8443" - "0.0.0.0:8443"
- "[::]:8443"
tls: true # Enable TLS features like SNI filtering tls: true # Enable TLS features like SNI filtering
sni: sni:
api.example.org: example-api api.example.org: example-api
www.example.org: gh-proxy www.example.org: proxy
default: ban default: ban
second-server:
listen: [ "127.0.0.1:8080" ]
default: echo
upstream: upstream:
proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443 proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443 example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443

View File

@ -1,5 +1,5 @@
[Unit] [Unit]
Description=Fourth - Layer 4 proxy Description=l4p - Layer 4 proxy
After=network-online.target After=network-online.target
Wants=network-online.target Wants=network-online.target
@ -11,9 +11,9 @@ WantedBy=default.target
Type=simple Type=simple
# Allow read-only access to the config directory # Allow read-only access to the config directory
ReadOnlyPaths=/etc/fourth ReadOnlyPaths=/etc/l4p
# Path to the binary # Path to the binary
ExecStart=/usr/local/bin/fourth ExecStart=/usr/local/bin/l4p
# Needs CAP_NET_BIND_SERVICE in order to bind to lower ports # Needs CAP_NET_BIND_SERVICE in order to bind to lower ports
# When using ports above 1024, these should be made empty # When using ports above 1024, these should be made empty

View File

@ -7,11 +7,19 @@ use crate::config::ConfigV1;
use crate::servers::Server; use crate::servers::Server;
use log::{debug, error}; use log::{debug, error};
use std::env; use std::path::PathBuf;
use std::path::Path;
fn main() { fn main() {
let config_path = find_config(); let config_path = match find_config() {
Ok(p) => p,
Err(paths) => {
println!("Could not find config file. Tried paths:");
for p in paths {
println!("- {}", p);
}
std::process::exit(1);
}
};
let config = match ConfigV1::new(&config_path) { let config = match ConfigV1::new(&config_path) {
Ok(config) => config, Ok(config) => config,
@ -29,17 +37,28 @@ fn main() {
error!("Server ended with errors"); error!("Server ended with errors");
} }
fn find_config() -> String { fn find_config() -> Result<String, Vec<String>> {
let config_path = let possible_paths = ["/etc/l4p", ""];
env::var("FOURTH_CONFIG").unwrap_or_else(|_| "/etc/fourth/config.yaml".to_string()); let possible_names = ["l4p.yaml", "config.yaml"];
if Path::new(&config_path).exists() { let mut tried_paths = Vec::<String>::new();
return config_path;
for path in possible_paths
.iter()
.flat_map(|&path| {
possible_names
.iter()
.map(move |&file| PathBuf::new().join(path).join(file))
})
.collect::<Vec<PathBuf>>()
{
let path_str = path.to_string_lossy().to_string();
if path.exists() {
return Ok(path_str);
} }
if Path::new("config.yaml").exists() { tried_paths.push(path_str);
return String::from("config.yaml");
} }
String::from("") Err(tried_paths)
} }