Compare commits
2 Commits
aa74585a1a
...
9d9f89881d
Author | SHA1 | Date | |
---|---|---|---|
9d9f89881d | |||
ee67f7883e |
@ -1,4 +1,4 @@
|
|||||||
local executableName = 'fourth';
|
local executableName = 'l4p';
|
||||||
local build_image = 'img.kie.rs/jjkiers/rust-cross:rust1.71.1-zig';
|
local build_image = 'img.kie.rs/jjkiers/rust-cross:rust1.71.1-zig';
|
||||||
|
|
||||||
local archs = [
|
local archs = [
|
||||||
|
36
Cargo.lock
generated
36
Cargo.lock
generated
@ -134,24 +134,6 @@ dependencies = [
|
|||||||
"percent-encoding",
|
"percent-encoding",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "fourth"
|
|
||||||
version = "0.1.7"
|
|
||||||
dependencies = [
|
|
||||||
"async-trait",
|
|
||||||
"byte_string",
|
|
||||||
"bytes",
|
|
||||||
"futures",
|
|
||||||
"log",
|
|
||||||
"pretty_env_logger",
|
|
||||||
"serde",
|
|
||||||
"serde_yaml",
|
|
||||||
"time",
|
|
||||||
"tls-parser",
|
|
||||||
"tokio",
|
|
||||||
"url",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "futures"
|
name = "futures"
|
||||||
version = "0.3.30"
|
version = "0.3.30"
|
||||||
@ -313,6 +295,24 @@ version = "1.0.10"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
|
checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "layer4-proxy"
|
||||||
|
version = "0.1.7"
|
||||||
|
dependencies = [
|
||||||
|
"async-trait",
|
||||||
|
"byte_string",
|
||||||
|
"bytes",
|
||||||
|
"futures",
|
||||||
|
"log",
|
||||||
|
"pretty_env_logger",
|
||||||
|
"serde",
|
||||||
|
"serde_yaml",
|
||||||
|
"time",
|
||||||
|
"tls-parser",
|
||||||
|
"tokio",
|
||||||
|
"url",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "libc"
|
name = "libc"
|
||||||
version = "0.2.153"
|
version = "0.2.153"
|
||||||
|
12
Cargo.toml
12
Cargo.toml
@ -1,13 +1,13 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "fourth"
|
name = "layer4-proxy"
|
||||||
version = "0.1.7"
|
version = "0.1.7"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
authors = ["LI Rui <lr_cn@outlook.com>"]
|
authors = ["Jacob Kiers <code@kiers.eu>"]
|
||||||
license = "Apache-2.0"
|
license = "Apache-2.0"
|
||||||
description = "Simple and fast layer 4 proxy in Rust"
|
description = "Simple and fast layer 4 proxy in Rust"
|
||||||
readme = "README.md"
|
readme = "README.md"
|
||||||
homepage = "https://github.com/KernelErr/fourth"
|
homepage = "https://code.kiers.eu/jjkiers/layer4-proxy"
|
||||||
repository = "https://github.com/KernelErr/fourth"
|
repository = "https://code.kiers.eu/jjkiers/layer4-proxy"
|
||||||
keywords = ["proxy", "network"]
|
keywords = ["proxy", "network"]
|
||||||
categories = ["web-programming"]
|
categories = ["web-programming"]
|
||||||
|
|
||||||
@ -15,6 +15,10 @@ categories = ["web-programming"]
|
|||||||
|
|
||||||
exclude = [".*"]
|
exclude = [".*"]
|
||||||
|
|
||||||
|
[[bin]]
|
||||||
|
name = "l4p"
|
||||||
|
path = "src/main.rs"
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
async-trait = "0.1.73"
|
async-trait = "0.1.73"
|
||||||
byte_string = "1"
|
byte_string = "1"
|
||||||
|
80
README-ZH.md
80
README-ZH.md
@ -1,80 +0,0 @@
|
|||||||
# Fourth
|
|
||||||
|
|
||||||
> 这一波在第四层。
|
|
||||||
|
|
||||||
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml)
|
|
||||||
|
|
||||||
[English](/README-EN.md)
|
|
||||||
|
|
||||||
**积极开发中,0.1版本迭代可能较快**
|
|
||||||
|
|
||||||
Fourth是一个Rust实现的Layer 4代理,用于监听指定端口TCP/KCP流量,并根据规则转发到指定目标(目前只支持TCP)。
|
|
||||||
|
|
||||||
## 功能
|
|
||||||
|
|
||||||
- 监听指定端口代理到本地或远端指定端口
|
|
||||||
- 监听指定端口,通过TLS ClientHello消息中的SNI进行分流
|
|
||||||
- 支持KCP入站(警告:未测试)
|
|
||||||
|
|
||||||
## 安装方法
|
|
||||||
|
|
||||||
为了确保获得您架构下的最佳性能,请考虑自行编译,首选需要确保您拥有[Rust工具链](https://rustup.rs/)。
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ cd fourth
|
|
||||||
$ cargo build --release
|
|
||||||
```
|
|
||||||
|
|
||||||
将在`target/release/fourth`生成二进制文件,您也可以使用`cargo install --path . `来安装二进制文件。
|
|
||||||
|
|
||||||
或者您也可以使用Cargo直接安装:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ cargo install fourth
|
|
||||||
```
|
|
||||||
|
|
||||||
或者您也可以直接从Release中下载二进制文件。
|
|
||||||
|
|
||||||
## 配置
|
|
||||||
|
|
||||||
Fourth使用yaml格式的配置文件,默认情况下会读取`/etc/fourth/config.yaml`,您也可以设置自定义路径到环境变量`FOURTH_CONFIG`,如下是一个最小有效配置:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
version: 1
|
|
||||||
log: info
|
|
||||||
|
|
||||||
servers:
|
|
||||||
proxy_server:
|
|
||||||
listen:
|
|
||||||
- "127.0.0.1:8081"
|
|
||||||
default: remote
|
|
||||||
|
|
||||||
upstream:
|
|
||||||
remote: "tcp://www.remote.example.com:8082" # proxy to remote address
|
|
||||||
```
|
|
||||||
|
|
||||||
内置两个的upstream:ban(立即中断连接)、echo(返回读到的数据)。更详细的配置可以参考[示例配置](./example-config.yaml)。
|
|
||||||
|
|
||||||
注意:[::]会默认同时绑定IPv4和IPv6。
|
|
||||||
|
|
||||||
## 性能测试
|
|
||||||
|
|
||||||
在4C2G的服务器上测试:
|
|
||||||
|
|
||||||
使用Fourth代理到Nginx(直连QPS 120000): ~70000req/s (测试命令:`wrk -t200 -c1000 -d120s --latency http://proxy-server:8081 `)
|
|
||||||
|
|
||||||
使用Fourth代理到本地iperf3:8Gbps
|
|
||||||
|
|
||||||
## io_uring?
|
|
||||||
|
|
||||||
尽管经过了很多尝试,我们发现目前一些Rust下面的io_uring实现存在问题,我们使用的io_uring库实现尽管在吞吐量上可以做到单线程20Gbps(相比之下Tokio仅有8Gbps),但在QPS上存在性能损失较大的问题。因此在有成熟的io_uring实现之前,我们仍然选择epoll。之后我们会持续关注相关进展。
|
|
||||||
|
|
||||||
可能以后会为Linux高内核版本的用户提供可选的io_uring加速。
|
|
||||||
|
|
||||||
## 感谢
|
|
||||||
|
|
||||||
- [tokio_kcp](https://github.com/Matrix-Zhang/tokio_kcp)
|
|
||||||
|
|
||||||
## 协议
|
|
||||||
|
|
||||||
Fourth以Apache-2.0协议开源。
|
|
36
README.md
36
README.md
@ -1,41 +1,39 @@
|
|||||||
# Fourth
|
# l4p
|
||||||
|
|
||||||
> Hey, now we are on level 4!
|
> Hey, now we are on level 4!
|
||||||
|
|
||||||
[![](https://img.shields.io/crates/v/fourth)](https://crates.io/crates/fourth) [![CI](https://img.shields.io/github/workflow/status/kernelerr/fourth/Rust)](https://github.com/KernelErr/fourth/actions/workflows/rust.yml)
|
![CI](https://drone-ci.kiers.eu/api/badges/jjkiers/layer4-proxy/status.svg)
|
||||||
|
|
||||||
**Under heavy development, version 0.1 may update frequently**
|
`l4p` is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP/KCP data to remote addresses(only TCP) according to configuration.
|
||||||
|
|
||||||
Fourth is a layer 4 proxy implemented by Rust to listen on specific ports and transfer TCP/KCP data to remote addresses(only TCP) according to configuration.
|
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Listen on specific port and proxy to local or remote port
|
- Listen on specific port and proxy to local or remote port
|
||||||
- SNI-based rule without terminating TLS connection
|
- SNI-based rule without terminating TLS connection
|
||||||
- Allow KCP inbound(warning: untested)
|
- DNS-based backend with periodic resolution
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).
|
To gain best performance on your computer's architecture, please consider build the source code. First, you may need [Rust tool chain](https://rustup.rs/).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ cd fourth
|
$ cd l4p
|
||||||
$ cargo build --release
|
$ cargo build --release
|
||||||
```
|
```
|
||||||
|
|
||||||
Binary file will be generated at `target/release/fourth`, or you can use `cargo install --path .` to install.
|
Binary file will be generated at `target/release/l4p`, or you can use `cargo install --path .` to install.
|
||||||
|
|
||||||
Or you can use Cargo to install Fourth:
|
Or you can use Cargo to install `l4p`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ cargo install fourth
|
$ cargo install l4p
|
||||||
```
|
```
|
||||||
|
|
||||||
Or you can download binary file form the Release page.
|
Or you can download binary file form the Release page.
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
Fourth will read yaml format configuration file from `/etc/fourth/config.yaml`, and you can set custom path to environment variable `FOURTH_CONFIG`, here is an minimal viable example:
|
`l4p` will read yaml format configuration file from `/etc/l4p/l4p.yaml`, and you can set custom path to environment variable `L4P_CONFIG`, here is an minimal viable example:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: 1
|
version: 1
|
||||||
@ -51,20 +49,16 @@ upstream:
|
|||||||
remote: "tcp://www.remote.example.com:8082" # proxy to remote address
|
remote: "tcp://www.remote.example.com:8082" # proxy to remote address
|
||||||
```
|
```
|
||||||
|
|
||||||
Built-in two upstreams: ban(terminate connection immediately), echo. For detailed configuration, check [this example](./example-config.yaml).
|
There are two upstreams built in:
|
||||||
|
* Ban, which terminates the connection immediately
|
||||||
|
* Echo, which reflects back with the input
|
||||||
|
|
||||||
## Performance Benchmark
|
For detailed configuration, check [this example](./config.yaml.example).
|
||||||
|
|
||||||
Tested on 4C2G server:
|
|
||||||
|
|
||||||
Use fourth to proxy to Nginx(QPS of direct connection: ~120000): ~70000 req/s (Command: `wrk -t200 -c1000 -d120s --latency http://proxy-server:8081`)
|
|
||||||
|
|
||||||
Use fourth to proxy to local iperf3: 8Gbps
|
|
||||||
|
|
||||||
## Thanks
|
## Thanks
|
||||||
|
|
||||||
- [tokio_kcp](https://github.com/Matrix-Zhang/tokio_kcp)
|
- [`l4p`](https://crates.io/crates/`l4p`), of which this is a heavily modified fork.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
Fourth is available under terms of Apache-2.0.
|
`l4p` is available under terms of Apache-2.0.
|
@ -2,15 +2,20 @@ version: 1
|
|||||||
log: debug
|
log: debug
|
||||||
|
|
||||||
servers:
|
servers:
|
||||||
example_server:
|
first_server:
|
||||||
listen:
|
listen:
|
||||||
- "0.0.0.0:8443"
|
- "0.0.0.0:8443"
|
||||||
|
- "[::]:8443"
|
||||||
tls: true # Enable TLS features like SNI filtering
|
tls: true # Enable TLS features like SNI filtering
|
||||||
sni:
|
sni:
|
||||||
api.example.org: example-api
|
api.example.org: example-api
|
||||||
www.example.org: gh-proxy
|
www.example.org: proxy
|
||||||
default: ban
|
default: ban
|
||||||
|
|
||||||
|
second-server:
|
||||||
|
listen: [ "127.0.0.1:8080" ]
|
||||||
|
default: echo
|
||||||
|
|
||||||
upstream:
|
upstream:
|
||||||
proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
|
proxy: "tcp://new-www.example.org:443" # Connect over IPv4 or IPv6 to new-www.example.org:443
|
||||||
example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443
|
example-api: "tcp6://api-v1.example.com:443" # Connect over IPv6 to api-v1.example.com:443
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Fourth - Layer 4 proxy
|
Description=l4p - Layer 4 proxy
|
||||||
|
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
Wants=network-online.target
|
Wants=network-online.target
|
||||||
@ -11,9 +11,9 @@ WantedBy=default.target
|
|||||||
Type=simple
|
Type=simple
|
||||||
|
|
||||||
# Allow read-only access to the config directory
|
# Allow read-only access to the config directory
|
||||||
ReadOnlyPaths=/etc/fourth
|
ReadOnlyPaths=/etc/l4p
|
||||||
# Path to the binary
|
# Path to the binary
|
||||||
ExecStart=/usr/local/bin/fourth
|
ExecStart=/usr/local/bin/l4p
|
||||||
|
|
||||||
# Needs CAP_NET_BIND_SERVICE in order to bind to lower ports
|
# Needs CAP_NET_BIND_SERVICE in order to bind to lower ports
|
||||||
# When using ports above 1024, these should be made empty
|
# When using ports above 1024, these should be made empty
|
41
src/main.rs
41
src/main.rs
@ -7,11 +7,19 @@ use crate::config::ConfigV1;
|
|||||||
use crate::servers::Server;
|
use crate::servers::Server;
|
||||||
|
|
||||||
use log::{debug, error};
|
use log::{debug, error};
|
||||||
use std::env;
|
use std::path::PathBuf;
|
||||||
use std::path::Path;
|
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
let config_path = find_config();
|
let config_path = match find_config() {
|
||||||
|
Ok(p) => p,
|
||||||
|
Err(paths) => {
|
||||||
|
println!("Could not find config file. Tried paths:");
|
||||||
|
for p in paths {
|
||||||
|
println!("- {}", p);
|
||||||
|
}
|
||||||
|
std::process::exit(1);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
let config = match ConfigV1::new(&config_path) {
|
let config = match ConfigV1::new(&config_path) {
|
||||||
Ok(config) => config,
|
Ok(config) => config,
|
||||||
@ -29,17 +37,28 @@ fn main() {
|
|||||||
error!("Server ended with errors");
|
error!("Server ended with errors");
|
||||||
}
|
}
|
||||||
|
|
||||||
fn find_config() -> String {
|
fn find_config() -> Result<String, Vec<String>> {
|
||||||
let config_path =
|
let possible_paths = ["/etc/l4p", ""];
|
||||||
env::var("FOURTH_CONFIG").unwrap_or_else(|_| "/etc/fourth/config.yaml".to_string());
|
let possible_names = ["l4p.yaml", "config.yaml"];
|
||||||
|
|
||||||
if Path::new(&config_path).exists() {
|
let mut tried_paths = Vec::<String>::new();
|
||||||
return config_path;
|
|
||||||
|
for path in possible_paths
|
||||||
|
.iter()
|
||||||
|
.flat_map(|&path| {
|
||||||
|
possible_names
|
||||||
|
.iter()
|
||||||
|
.map(move |&file| PathBuf::new().join(path).join(file))
|
||||||
|
})
|
||||||
|
.collect::<Vec<PathBuf>>()
|
||||||
|
{
|
||||||
|
let path_str = path.to_string_lossy().to_string();
|
||||||
|
if path.exists() {
|
||||||
|
return Ok(path_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
if Path::new("config.yaml").exists() {
|
tried_paths.push(path_str);
|
||||||
return String::from("config.yaml");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
String::from("")
|
Err(tried_paths)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user