nadoo / glider Goto Github PK

glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).

License: GNU General Public License v3.0

Go 99.53% Dockerfile 0.32% Shell 0.15%

dhcp dns dnsmasq go golang http-proxy ipset proxy socks5 ssh-tunnel transparent-proxy tunnel udp-proxy websocket

glider's People

Contributors

Stargazers

Watchers

Forkers

fqtools anoshop ppproxy fbion lngi frailleon jsjjdzg duyamin kh0d0r sebinjohn johnjohnsp1 itrump unforeseenocean a186r hymanjmaa cnjabber hallelujah-shih cutemanworking whitegerry pureoo niaojingongcang newcastlecy gracenice luckypoem nodarret ygcoffice fuck2ky fucksky1 wizos alexitosrv fabriziou doio swordspringsnow letssudormrf qq29701 junjie0510 flowdream gc888 bfdcq totti0135 cybort myprivateclonelibrary morphyhu lorock wailovet guoyu07 chenxinxing asiacny stat1cv01d ghmajx gitprotogit ansiz elog08 10oo01sir httpsgithu pmphxs imooxx 5high githubxbox kuaizi speninewnto ghmzmq txtfqy ss-live yanggis jiffies-duke panduola5566yy qwertyuiop5566 wpecker rudinyu webfsz product-think2049 let-us-read-source-code rn538e pittss kiitehq 0x1234567890abcdef hexiyou 583 dapang123123 cloudxtreme shuo502 hzvshy dbheise binihao5bei rankjie living1069 alkorsan e2u 70akaline changx qiuzhifei ericyin521 whoizit neroanelli geekhuyang q158073378252010 tunnel-collections fishline q1352013520

glider's Issues

ws support for mux

Wonder if mux is supported with ws and any keyword to enable if so.

In my tls+ws+vmess forwarder seems multiple connections are established while accessing a single page.

glider 0.4.2 dns queries error

There is a proxy server run with glider in private network. With glider 4.1 everything goes well, I can connect from outside, glider can forward dns queries to dnsmasq.

with glider 4.1:

glider logs:

Dec 19 10:15:10 go glider[5155]: 2017/12/19 10:15:10 proxy-ss 122.96.*.*:44042 <-> docker.local.ht:443
Dec 19 10:15:17 go glider[5155]: 2017/12/19 10:15:17 proxy-redir 10.20.30.1:46190 <-> *.17.222.*:443
Dec 19 10:15:21 go glider[5155]: 2017/12/19 10:15:21 proxy-ss 122.96.*.*:44043 <-> nas.local.ht:5001

dnsmasq logs

Dec 19 09:41:21 dnsmasq[3691]: query[AAAA] docker.local.ht from 127.0.0.1
Dec 19 09:41:21 dnsmasq[3691]: config docker.local.ht is NODATA-IPv6
Dec 19 09:41:21 dnsmasq[3691]: query[A] docker.local.ht from 127.0.0.1
Dec 19 09:41:21 dnsmasq[3691]: config docker.local.ht is 10.20.30.33

Dec 19 09:43:49 dnsmasq[3691]: config plex.local.ht is NODATA-IPv6
Dec 19 09:43:49 dnsmasq[3691]: query[A] plex.local.ht from 127.0.0.1
Dec 19 09:43:49 dnsmasq[3691]: config plex.local.ht is 10.20.30.33
Dec 19 09:43:49 dnsmasq[3691]: query[A] plex.local.ht from 127.0.0.1
Dec 19 09:43:49 dnsmasq[3691]: config plex.local.ht is 10.20.30.33
Dec 19 09:43:49 dnsmasq[3691]: query[AAAA] plex.local.ht from 127.0.0.1
Dec 19 09:43:49 dnsmasq[3691]: config plex.local.ht is NODATA-IPv6

with glider 4.2:

no relevant logs in dnsmasq
glider logs

Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 proxy-ss 122.96.*.*:43578 <-> py.local.ht:443
Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 relay error: EOF
Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 proxy-ss 122.96.*.*:43579 <-> py.local.ht:443
Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 relay error: EOF
Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 proxy-ss 122.96.*.*:43580 <-> py.local.ht:443
Dec 19 09:48:05 go glider[4482]: 2017/12/19 09:48:05 relay error: EOF

Question: will DNS error trigger forwarder disable too?

now we have the ability to detect an error(maxFailure), but I'm wondering if the DNS forward/Query error will increase the failure counter, and ultimately disable a forwarder?

my test shows it will not, but DNS failure will also block the user from using the Internet correctly...

Request: DNS over TCP

Instead of using an upstream DNS via UDP protocol it will use DNS over TCP, something like

-dnsserver=8.8.8.8:53:tcp
-dnsserver=8.8.8.8:53:udp

Socks5 sent with wrong source IP

I have glider running on a machine with two IPs bound to the same interface. 10.0.22.170 is the VIP and 10.0.22.173 is its actual IP. When I start glider with the VIP, I expect the proxied server to show the source IP as the VIP, not the actual IP.

$ ip addr show ens192
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:91:02:a9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.22.173/23 brd 10.0.23.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet 10.0.22.170/32 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe91:2a9/64 scope link
       valid_lft forever preferred_lft forever
$
$ ./glider -listen socks5://10.0.22.170:1081 -verbose
2018/08/09 16:57:12 [socks5-udp] listening UDP on 10.0.22.170:1081
2018/08/09 16:57:12 [socks5] listening TCP on 10.0.22.170:1081
2018/08/09 16:57:22 [socks5] 10.0.22.171:35036 <-> 10.0.22.107:443

I run curl from another machine:

$ curl --proxy socks5://10.0.22.170:1081 https://10.0.22.107

And the logs on the proxied server 10.0.22.107:

10.0.22.173 - - [09/Aug/2018:11:57:22 -0500] "GET / HTTP/2.0" 200 1727 "-" "curl/7.58.0"

error: dial: unknown network

i tried to forward to a proxy in same machine with below config:
forward=socks5://127.0.0.1:1090

got below error msg, what i did wrong?
2017/09/04 10:51:55 dial to 127.0.0.1:1090 error: dial: unknown network
2017/09/04 10:51:55 failed to dial: dial: unknown network

How to forward with http proxy server?

Hi, I'm not shure if I its possible to do with glider:

Host_A -> http proxy server runing on 8080 with digest auth
Host_B -> host with access to proxy

I'm trying use glider in Host_B to enable a connection from some softwares without support to user/passwd digest auth, using this configuration:

verbose= True
listen=http://:9090
forward=http://MY_USER:MYPASS@proxy_server:8080

When I run, the local port is open, but no message are printed in output, and this command (just for test) has no response:

curl -x http://localhost:9090 -L http://www.some.web.site

runtime panic / version 0.5.0

2018/03/18 19:28:09 proxy-socks5 failed to connect to target: dial tcp 185.225.13.106:16212: getsockopt: connection refused
2018/03/18 20:28:14 proxy-mixed peek error: EOF
panic: runtime error: index out of range

goroutine 4 [running]:
main.Addr.String(0x0, 0x0, 0x0, 0x0, 0x0)
E:/work/codes/go/src/github.com/nadoo/glider/socks5.go:470 +0x29e
main.(*SOCKS5).ListenAndServeUDP(0xc420086400)
E:/work/codes/go/src/github.com/nadoo/glider/socks5.go:184 +0x686
created by main.(*MixedProxy).ListenAndServe
E:/work/codes/go/src/github.com/nadoo/glider/mixed.go:45 +0x58

[Question] What is the command to simply start a SOCKS5 server with username:password so that, say, a browser can connect to it?

What is the command to simply start a SOCKS5 server with username:password so that, say, a browser can connect to it?
I tried glider -listen socks5://:1080 -verbose, but this didn't work. (I skipped the username and password part because I couldn't get the basic version running in the first place. :D)

Shadowsocks proxy doesn't work with Android SS client v4.5.7

When I try to connect to gilder via Android Shadowsocks client with these settings:

#changes from glider.conf.example
listen=socks5://:1080
listen=ss://AEAD_CHACHA20_POLY1305:pass@:8448
listen=dnstun://:5353=8.8.8.8:53
forward=socks5://user:pass@<ip>:1080

With DNS forwarding on glider then gives me:

2018/04/28 14:58:58 proxy-ss-udp remote dial error: EOF
2018/04/28 14:59:03 proxy-ss-udp remote dial error: EOF

How can I fix it?

Compilation on MIPS

I am trying to compile glider to a MIPS platform running OpenWRT but having an error with the redir option:

# glider ./redir_linux.go:26:8: undefined: redir

Removing all the references to the 'redir' option makes the compilation work.

$ file glider glider: ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, stripped

Enhancement: Add configuration possibilities

I saw that you're using flag native package. Can you please consider using https://github.com/namsral/flag instead? Simple drop-in replacement, that would definitely enhance the binary running capabilities.

For eg. I can configure the binary via Environment variabiles and/or configuration files.

As an example of usage, you can see the fork I did time ago, of an existing project where i exactly added this functionality: https://github.com/julianxhokaxhiu/go-any-proxy/commit/b836c569773751d0b6d2182c20a87188fd19ddec

Question: how do I use the proxy after starting it?

I started the proxy with glider -l :8443 -v. How do I make requests via the proxy? It would be nice if the readme demonstrated how to use this and get an anonymous IP.

Rotating Proxies

Hello,

it is possible, that i provide glider a few http proxies and it switches e.g. every minute or every request the proxy?

Best regards

Max

panic: runtime error: invalid memory address or nil pointer dereference (mipsle)

I'm using glider in ubnt er-x mipsle
run glider -listen http://:1085
output

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x4 pc=0x1398cc]

goroutine 1 [running]:
net/url.(*Userinfo).Username(...)
 /home/xxx/.gvm/gos/go1.9.7/src/net/url/url.go:370
github.com/nadoo/glider/proxy/http.NewHTTP(0x7fc84a8a, 0xc, 0x342de0, 0x8c88050, 0x4, 0x7fc84a8a, 0x8c00a80)
/home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/http/http.go:46 +0x150
github.com/nadoo/glider/proxy/http.NewHTTPServer(0x7fc84a8a, 0xc, 0x342de0, 0x8c88050, 0x8c00acc, 0x8c72501, 0x0, 0x4)     /home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/http/http.go:66 +0x54
github.com/nadoo/glider/proxy.ServerFromURL(0x7fc84a8a, 0xc, 0x342de0, 0x8c88050, 0x0, 0x8c4a0c0, 0x0, 0x0)
/home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/server.go:47 +0x2f0
main.main()
/home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/main.go:84 +0x494

and run glider -listen socks5://:1085

output

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x4 pc=0x13ea90]

goroutine 1 [running]:
net/url.(*Userinfo).Username(...)
/home/xxx/.gvm/gos/go1.9.7/src/net/url/url.go:370
github.com/nadoo/glider/proxy/socks5.NewSOCKS5(0x7f821a88, 0xe, 0x342de0, 0x8d88050, 0x6, 0x7f821a88, 0x8d00a80)
 /home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/socks5/socks5.go:55 +0x150
github.com/nadoo/glider/proxy/socks5.NewSocks5Server(0x7f821a88, 0xe, 0x342de0, 0x8d88050, 0x8d00ad0, 0x8d72401, 0x0, 0x3)
/home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/socks5/socks5.go:75 +0x54
github.com/nadoo/glider/proxy.ServerFromURL(0x7f821a88, 0xe, 0x342de0, 0x8d88050, 0x0, 0x8d4a0c0, 0x0, 0x0)
/home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/proxy/server.go:47 +0x2f0
main.main()
 /home/xxx/.gvm/pkgsets/go1.9.7/global/src/github.com/nadoo/glider/main.go:84 +0x494
ubnt@ubnt:~$ panic: runtime error: invalid memory address or nil pointer dereference

Taskbar

https://github.com/phuslu/taskbar

OR
Resource Hacker
onplus/shadowsocks-heroku#39 (comment)

onplus/shadowsocks-heroku#47

"Too many open files" error for socks5 proxy

Occasionally I receive the errors like this:
proxy-socks5 failed to accept: accept tcp [::]:1080: accept4: too many open files
I've read that this might be a result of poor timeout management for TCP connections.

You might wanna see the issues like these - traefik/traefik#1322 , OpenBazaar/openbazaar-go#717 - to help get the idea of what to fix in code and/or Readme. I wish I could implement this myself but I'm afraid I don't have enough grasp of Go and the project.

go get reported 'proxyconnect tcp: EOF' with glider proxy

I'm using glider to proxy HTTP forwards SOCKS5, it works well with most scenarios, I can get correct response with curl golang.org and wget golang.org, but I can't use go get to download golang vendor package from golang.org with the proxy.

go get golang.org/x/net/html
package golang.org/x/net/html: unrecognized import path "golang.org/x/net/html" (https fetch: Get https://golang.org/x/net/html?go-get=1: proxyconnect tcp: EOF)

I'm using shadowsocks-qt as the SOCKS5 proxy, it works well, here is my glider configuration:

listen=:1087
forward=socks5://127.0.0.1:1080

can you give me a little clue?Thanks

panic: runtime error: slice bounds out of range

软件版本是 0.6.7，用 x86 debian 做软路由。
请问会是什么原因？

错误信息

2018/08/31 20:45:20 [dns] listening UDP on :5353
2027 2018/08/31 20:45:20 [dns]-tcp listening TCP on :5353
2028 2018/08/31 20:45:20 listening TCP on :8080
2029 2018/08/31 20:45:20 [socks5] listening TCP on :1080
2030 2018/08/31 20:45:20 [mixed] listening TCP on :8443
2031 2018/08/31 20:45:20 [socks5-udp] listening UDP on :1080
2032 2018/08/31 20:45:20 [redir] listening TCP on :12345
2033 2018/08/31 20:45:20 [socks5-udp] listening UDP on :8443
2034 2018/08/31 20:45:21 [dns] failed to read response length: EOF
2035 2018/08/31 20:45:21 [dns] failed to exchange with server 208.67.220.220:5353: EOF
2036 2018/08/31 20:45:21 [dns] failed to read response length: EOF
2037 2018/08/31 20:45:21 [dns] failed to exchange with server 8.8.8.8:53: EOF
2038 2018/08/31 20:45:21 [dns] error in exchange: EOF
2039 2018/08/31 20:45:25 [redir] 192.168.8.4:49919 <-> 172.217.14.78:443
2040 panic: runtime error: slice bounds out of range
2041
2042 goroutine 43 [running]:
2043 github.com/nadoo/glider/dns.(*Message).UnmarshalRR(0xc420120880, 0x25, 0xc420126370, 0x1f4, 0xc420118180, 0x19)
2044 E:/work/codes/go/src/github.com/nadoo/glider/dns/message.go:384 +0x449
2045 github.com/nadoo/glider/dns.UnmarshalMessage(0xc4201de242, 0x200, 0x200, 0x13, 0xc42012a460, 0x13)
2046 E:/work/codes/go/src/github.com/nadoo/glider/dns/message.go:143 +0x232
2047 github.com/nadoo/glider/dns.(*Client).Exchange(0xc42005a240, 0xc4201de240, 0x202, 0x202, 0xc42012a460, 0x13, 0x0, 0x0, 0x0, 0x0, ...)
2048 E:/work/codes/go/src/github.com/nadoo/glider/dns/client.go:60 +0x80
2049 github.com/nadoo/glider/dns.(*Server).ListenAndServeUDP.func1(0xc42000a7c0, 0xc4201de240, 0x202, 0x202, 0x200, 0x6a3560, 0xc42011a450, 0x6a5500, 0xc42000c088)
2050 E:/work/codes/go/src/github.com/nadoo/glider/dns/server.go:72 +0xb2
2051 created by github.com/nadoo/glider/dns.(*Server).ListenAndServeUDP
2052 E:/work/codes/go/src/github.com/nadoo/glider/dns/server.go:71 +0x38e

配置文件这要设定如下(透明网关)

listen=redir://:12345

forward=ssr://aes-256-cfb:[email protected]:11111?protocol=auth_aes128_md5&obfs=tls1.2_ticket_auth

dns=:5353

dnsserver=8.8.8.8:53
dnsserver=208.67.220.220:5353

hope to add chacha20 encryption

I can only use this at the moment. . .

Forwarder set to disable, permanently or temporary?

I noticed when one forwarder is not able to connect, glider will not try to verify it again. Is it Disabled permanently? Most of the time, the remote ss or socks proxy is only temporarily disabled.

systemd failed to start when rulefile with relative path specified in config

When I have rulefile in my main config:

rulefile=bypass.rule

systemd would fail to start.

I have to specify the absolute path:

rulefile=/etc/glider/bypass.rule

Could it be fixed? If not, I can submit a pull request to add a note to the systemd page.

error "too many open files"

Facing issue with occasionally transaction lagging, from glider log it shows "too many open files".

My system has ulimit being set to 500000. I search around and found a similar issue from other app also develop with Go, not sure if it's the same case.

traefik/traefik#1322

Sep 08 16:56:27 glider[2580]: 2018/09/08 16:56:27 [redir] failed to get target address: file tcp 192.168.8.10:8443->192.168.8.118:7865: fcntl: too many open files
Sep 08 16:56:27 glider[2580]: 2018/09/08 16:56:27 [redir] failed to accept: accept tcp [::]:8443: accept4: too many open files
Sep 08 16:56:27 glider[2580]: 2018/09/08 16:56:27 [redir] failed to accept: accept tcp [::]:8443: accept4: too many open files
Sep 08 16:56:27 glider[2580]: 2018/09/08 16:56:27 [redir] failed to accept: accept tcp [::]:8443: accept4: too many open files
Sep 08 16:56:27 glider[2580]: 2018/09/08 16:56:27 [redir] failed to accept: accept tcp [::]:8443: accept4: too many open files

domain rule about .cn sites

Is it possible to bypass all .cn domain?
I've tried

domain=cn

in bypass.rule with dnsserver=119.29.29.29

but it doesn't work.

if it works, how about the dnscache work? and domain->ip rule work?

update health status when errors occurred

Is it better to update forwarder's health status when errors occurred like connection timed out or connection reset to avoid keeping trying connection?

2018/08/07 14:06:05 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [redir] failed to connect to target: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:05 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] error in exchange: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [tls] dial to xxxxxx.com:11443 error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [http] dial to  error: dial tcp x.x.x.x:11443: connect: connection timed out
2018/08/07 14:06:06 [dns] failed to connect to server 1.1.1.1:53: dial tcp x.x.x.x:11443: connect: connection timed out

Multiple dnsserver settings support?

It looks like glider use first dnsserver only while it has multiple settings?

Feature request: HA with preemption

According to my test, current HA mode will only switch forwarder while a failure of active forwarder being detected.

It would be great if priority can be implemented for forwarder. Such that in HA mode, if multiple forwarder set to enabled, the one with highest priority will be set as active forwarder. In other way, while a higher priority forwarder resumes from disabled state, it will take preemption over the rest enabled ones.

Use case:

HA setup with general forwarder (unlimited traffic) and a premium forwarder (bill by usage).

General forwarder shall be active whenever it's available.

More encryption methods for ss

There is a fork from go-ss2, and the commit add more encryption methods such as rc4-md5, so can you please use this lib for more encryption methods?

Any ideas to support TCP fast open

Thank you for your awesome job!
Since GO 1.11 is released several days ago and it supports ListenConfig for socket, would you like to add TFO support for glider in the near future?

Thank you!

glider crashes when latest version of ss-android connects

Jul 06 18:15:48 nonexist.felixc.at glider[943]: panic: chacha20poly1305: invalid buffer overlap
Jul 06 18:15:48 nonexist.felixc.at glider[943]: goroutine 9 [running]:
Jul 06 18:15:48 nonexist.felixc.at glider[943]: golang.org/x/crypto/chacha20poly1305.(*chacha20poly1305).openGeneric(0xc420018260, 0xc42010e000, 0x0, 0x10000, 0x55cdf98c1e20, 0xc, 0x80, 0xc42010e020, 0x39, 0xffe0, ...)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go:70 +0x72a
Jul 06 18:15:48 nonexist.felixc.at glider[943]: golang.org/x/crypto/chacha20poly1305.(*chacha20poly1305).open(0xc420018260, 0xc42010e000, 0x0, 0x10000, 0x55cdf98c1e20, 0xc, 0x80, 0xc42010e020, 0x39, 0xffe0, ...)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go:68 +0x462
Jul 06 18:15:48 nonexist.felixc.at glider[943]: golang.org/x/crypto/chacha20poly1305.(*chacha20poly1305).Open(0xc420018260, 0xc42010e000, 0x0, 0x10000, 0x55cdf98c1e20, 0xc, 0x80, 0xc42010e020, 0x39, 0xffe0, ...)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go:75 +0x105
Jul 06 18:15:48 nonexist.felixc.at glider[943]: github.com/shadowsocks/go-shadowsocks2/shadowaead.Unpack(0xc42010e000, 0x10000, 0x10000, 0xc42010e000, 0x59, 0x10000, 0x55cdf9798fa0, 0xc420054440, 0x0, 0xc420040db8, ...)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go:56 +0x227
Jul 06 18:15:48 nonexist.felixc.at glider[943]: github.com/shadowsocks/go-shadowsocks2/shadowaead.(*packetConn).ReadFrom(0xc420054440, 0xc42010e000, 0x10000, 0x10000, 0x10000, 0x10000, 0xc420031400, 0x1, 0x7fdebde2b000)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/github.com/shadowsocks/go-shadowsocks2/shadowaead/packet.go:91 +0xee
Jul 06 18:15:48 nonexist.felixc.at glider[943]: github.com/nadoo/glider/proxy/ss.(*PktConn).ReadFrom(0xc420054480, 0xc4200fe000, 0x10000, 0x10000, 0x10000, 0x10000, 0x0, 0x0, 0x0)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/github.com/nadoo/glider/proxy/ss/packet.go:36 +0xad
Jul 06 18:15:48 nonexist.felixc.at glider[943]: github.com/nadoo/glider/proxy/ss.(*SS).ListenAndServeUDP(0xc4200108d0)
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/github.com/nadoo/glider/proxy/ss/ss.go:190 +0x2e3
Jul 06 18:15:48 nonexist.felixc.at glider[943]: created by github.com/nadoo/glider/proxy/ss.(*SS).ListenAndServe
Jul 06 18:15:48 nonexist.felixc.at glider[943]:         /build/glider/src/.gopath/src/github.com/nadoo/glider/proxy/ss/ss.go:73 +0x41

Need some help with Linux TPROXY support?

I wrote a library at:

https://github.com/elico/go-linux-tproxy

Which implements TPROXY support with couple basic examples\sketches.
Maybe it can help to integrate TRPOXY support in glider.?

How do I start with log file?

dnsserver not work

i use this library build a dns server

github.com/miekg/dns

glider.conf

verbose=True
listen=:8443
dnsserver=localhost:5354

when start and use proxy access, no log in dns server.

listen DNS and redirect all traffic to a proxy

I would like to access a proxy server through a listen DNS

Example:

client with dns 10.0.0.1 in resolv.conf:
wget http://site.com/image.png >> send resquisition to dns resolve "site.com" >> resquisition sent to dns server 10.0.0.1 >> resquisition sent to proxy 10.0.0.1

response:
"site.com" is 123.123.123.123 >> response and file sent to the proxy 10.0.0.1 >> response and file sent to dns 10.0.0.1 >> response and file sent to the client to download "http://site.com/image.png"

Command-line only usage doesn't work since 0.2.1

It seems to be trying to open a nonexist config file and failed:

$ glider -listen :8443 -verbose
ERROR: open : no such file or directory

concurrent map writes problem

Have some problems with multiple rr strategies, below stack trace. Using latest 0.4.1 version.

fatal error: concurrent map writes

goroutine 6 [running]:
runtime.throw(0x5a3ca8, 0x15)
	D:/go/src/runtime/panic.go:605 +0x95 fp=0xc420055df0 sp=0xc420055dd0 pc=0x429085
runtime.mapassign_fast64(0x570c00, 0xc42000e960, 0x0, 0xc4200c6000)
	D:/go/src/runtime/hashmap_fast.go:592 +0x3b7 fp=0xc420055e50 sp=0xc420055df0 pc=0x40c0e7
main.(*rrDialer).checkDialer(0xc420064b00, 0x0)
	E:/work/codes/go/src/github.com/nadoo/glider/strategy.go:125 +0x7b9 fp=0xc420055fd0 sp=0xc420055e50 pc=0x545579
runtime.goexit()
	D:/go/src/runtime/asm_amd64.s:2337 +0x1 fp=0xc420055fd8 sp=0xc420055fd0 pc=0x4569e1
created by main.newRRDialer
	E:/work/codes/go/src/github.com/nadoo/glider/strategy.go:57 +0x138

Full stack: glider_stacktrace.log

dnsserver compatibility with overture

glider.conf

dnsserver=127.0.0.1:1053

and get the following error messages:

2018/07/22 21:46:46 [dns] failed to connect to server 127.0.0.1:1053: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:46 [dns] error in exchange: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:47 [dns] failed to connect to server 127.0.0.1:1053: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:47 [dns] error in exchange: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:48 [dns] failed to connect to server 127.0.0.1:1053: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:48 [dns] error in exchange: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:48 [dns] failed to connect to server 127.0.0.1:1053: [http] can not connect remote address: 127.0.0.1:1053. error code: 503
2018/07/22 21:46:48 [dns] error in exchange: [http] can not connect remote address: 127.0.0.1:1053. error code: 503

cidr rule not work

glider config file

verbose=True
listen=:8443
forward=socks5://127.0.0.1:2080
rulefile=/home/root/etc/glider/chn.rule

/home/root/etc/glider/chn.rule

cidr=220.181.112.0/24

 ping www.baidu.com
PING www.baidu.com (220.181.112.244): 56 data bytes
64 bytes from 220.181.112.244: seq=0 ttl=54 time=29.453 ms

curl -x http://127.0.0.1:8443 www.baidu.com

the request will forward to socks5 server but not direct

X-Forwarded-For header is not added

in mixed mode X-Forwarded-For header is not added which causes IP address to be the same for all requests in mix mode. What is the best way to add X-Forwarded-For header?

xp not supported?

not a valid win32 problem

RESOURCES UPLOAD

hope to add dashboard

https://github.com/sipt/shuttle

https://github.com/Dreamacro/clash
https://github.com/Dreamacro/clash-dashboard

Errors in log when using WeChat

2018/04/24 23:41:05 failed to dial: dial tcp: address [::ffff:42.236.126.28]: missing port in address
2018/04/24 23:41:06 failed to dial: dial tcp: address [::ffff:42.236.126.15]: missing port in address
2018/04/24 23:41:06 proxy-http 192.168.0.127:56591 <-> :80
2018/04/24 23:41:06 failed to dial: dial tcp: address [::ffff:42.236.126.30]: missing port in address
2018/04/24 23:41:06 proxy-http 192.168.0.127:56592 <-> :80
2018/04/24 23:41:06 failed to dial: dial tcp: address [::ffff:42.236.126.16]: missing port in address
2018/04/24 23:41:06 proxy-http 192.168.0.127:56593 <-> :80
2018/04/24 23:41:06 failed to dial: dial tcp: address [::ffff:42.236.126.11]: missing port in address
2018/04/24 23:41:06 failed to dial: dial tcp: address [::ffff:42.236.126.37]: missing port in address

Request: bypass forwarders for specific client

I have a lot of devices in my network. For some reason (eg. BitTorrent download), I want my NAS to connect to the internet directly, without transferring any data through fwders.
I guess it can be done by dnsmasq+glider combination, but I think it would be nice to have such function within glider, so we can manage the whole network in one place.
Thanks for your work.

EDIT: I guess a source/client based forwarding rule would be a better solution, so we could use different forwarding configuration for specific client.

Flood requests in redir mode

2018/07/27 14:16:07 [redir] 10.0.0.1:55507 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55508 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55509 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55510 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55511 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55512 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55513 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55514 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55515 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55516 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55517 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55518 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55519 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55520 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55521 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55522 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55523 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55524 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55525 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55526 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55527 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55528 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55529 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55530 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55531 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55532 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55533 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55534 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55535 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55536 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55537 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55538 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55539 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55540 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55541 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55542 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55543 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55544 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55545 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55546 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55547 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55548 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55549 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55550 <-> 54.213.36.23:443
2018/07/27 14:16:07 [redir] 10.0.0.1:55551 <-> 54.213.36.23:443

When glider visits some HTTPS sites, it flood thousands of requests and then timed out or not.

Can't open url in rule files

Glider works fine with main glider.conf, but I can't open url in rule files.

logs:

2017/07/31 14:19:26 read request line error:EOF
2017/07/31 14:19:26 read request line error:EOF
2017/07/31 14:19:26 read request line error:EOF
2017/07/31 14:19:26 read request line error:EOF
2017/07/31 14:19:30 proxy-https 10.0.0.36:47604 <-> api-global.netflix.com:443
2017/07/31 14:19:30 relay error: EOF
2017/07/31 14:19:30 proxy-https 10.0.0.36:47605 <-> api-global.netflix.com:443
2017/07/31 14:19:30 proxy-https 10.0.0.36:47606 <-> api-global.netflix.com:443
2017/07/31 14:19:31 relay error: EOF
2017/07/31 14:19:31 proxy-https 10.0.0.36:47607 <-> api-global.netflix.com:443
2017/07/31 14:19:31 relay error: EOF
2017/07/31 14:19:31 read request line error:EOF
2017/07/31 14:19:34 read request line error:EOF
2017/07/31 14:19:34 read request line error:EOF
2017/07/31 14:19:41 proxy-https 10.0.0.36:47614 <-> api-global.netflix.com:443
2017/07/31 14:19:42 proxy-https 10.0.0.36:47615 <-> api-global.netflix.com:443
2017/07/31 14:19:42 relay error: EOF
2017/07/31 14:19:42 proxy-https 10.0.0.36:47616 <-> api-global.netflix.com:443
2017/07/31 14:19:42 relay error: EOF

glider.conf

verbose=True

listen=redir://:1081
listen=:8443

forward=ss://AEAD_AES_128_GCM:[email protected]:2443
forward=ss://AEAD_AES_128_GCM:[email protected]:2443

strategy=ha
checkwebsite=www.apple.com:443
checkduration=30

rulefile=netflix.rule

netflix.rule

forward=ss://XCHACHA20:[email protected]:1443
forward=ss://XCHACHA20:[email protected]:1443

strategy=ha
checkwebsite=netflix.com:80
checkduration=60

domain=netflix.com
domain=netflix.net
domain=nflxext.com
domain=nflximg.com
domain=nflximg.net
domain=nflxvideo.net
domain=nflxso.net

Question: redir + http without man-in-the-middle, is it possible?

Hi,

I saw your project and I was astonished and I was trying to replicate the same for myself. Basically what I am trying to archive is something very simple: a full-traffic redirector for HTTP/HTTPS to another proxy in the network.

For the HTTP protocol, actually I found no issue. But for HTTPS I found some headaches. To make it short you can take a look at this article, how he found a partial solution to this topic: http://blog.rchapman.org/posts/Transparently_proxying_any_tcp_connection/

So basically what I would like to know is: as your binary fits perfectly on what I was trying to archive, is it possible to be done through something like:

# HTTP
glider -l redir://:80 -f http://1.2.3.4:80
# HTTPS
glider -l redir://:443 -f http://1.2.3.4:80

Would be definitely awesome, and would also kill the needs to define all the PROXY Environment variables forever!

Thank you in advance,
Julian

About DNS resolving problem

I tried to using it to bypass dns poisoning to access some sites(wikipedia,etc.) without changing my ip.I set up a dnscrypt-proxy on my android device.and I set global remote dns server as 127.0.0.1:5353(where dnscrypt-proxy bind).But when I tried to access wikipedia using configured browser(switchyomega through socks on Firefox),it doesn't resolve the correct ip address(in logs it is resolved 31.13..,but these ip are not accessible in China).

Is it a general issue or some errors in my configuration ?
(compiled using go 1.10.3 arm64 in Termux)

this is my config:

verbose=True
listen=http://127.0.0.1:4573
listen=socks5://127.0.0.1:1085
dnsserver=127.0.0.1:5353

How to get the origin ip of the remote server on the client side?

In mixed mode or socks v5 proxy mode we see ip adddress of the proxy for all requests instead of the remote server. See screenshot below.

This is with glider proxy on my local network. See remote address for digg.com is 192.168.0.200:8443

Without glider proxy remote address of digg.com is: 184.72.55.130:80.

How do I get remote Address on client side?

Thanks.

nadoo / glider Goto Github PK

glider's People

Contributors

Stargazers

Watchers

Forkers

glider's Issues

错误信息

配置文件这要设定如下(透明网关)

Recommend Projects

Recommend Topics

Recommend Org