From 0aacc244c44ab7a881b9aec3ce0dce20a8a01a6b Mon Sep 17 00:00:00 2001 From: bjdgyc Date: Sat, 26 Nov 2022 21:06:50 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20proxyproto?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- server/go.mod | 1 + server/go.sum | 2 ++ server/handler/link_tunnel.go | 8 +++++--- server/handler/server.go | 7 +++++-- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 5dc72a2..bd9e3b2 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ sudo ./anylink - [x] 基于 tun 设备的 nat 访问模式 - [x] 基于 tap 设备的桥接访问模式 - [x] 基于 macvtap 设备的桥接访问模式 -- [x] 支持 [proxy protocol v1](http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt) 协议 +- [x] 支持 [proxy protocol v1&v2](http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt) 协议 - [x] 用户组支持 - [x] 多用户支持 - [x] 用户策略支持 diff --git a/server/go.mod b/server/go.mod index 3e9b15e..a99f6a5 100644 --- a/server/go.mod +++ b/server/go.mod @@ -19,6 +19,7 @@ require ( github.com/orcaman/concurrent-map v1.0.0 github.com/pion/dtls/v2 v2.1.5 github.com/pion/logging v0.2.2 + github.com/pires/go-proxyproto v0.6.2 github.com/shirou/gopsutil v3.21.7+incompatible github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 diff --git a/server/go.sum b/server/go.sum index 9341352..406727b 100644 --- a/server/go.sum +++ b/server/go.sum @@ -448,6 +448,8 @@ github.com/pion/transport v0.13.0 h1:KWTA5ZrQogizzYwPEciGtHPLwpAjE91FgXnyu+Hv2uY github.com/pion/transport v0.13.0/go.mod h1:yxm9uXpK9bpBBWkITk13cLo1y5/ur5VQpG22ny6EP7g= github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o= github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M= +github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8= +github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= diff --git a/server/handler/link_tunnel.go b/server/handler/link_tunnel.go index f7a4403..bcefe18 100644 --- a/server/handler/link_tunnel.go +++ b/server/handler/link_tunnel.go @@ -126,7 +126,8 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { for _, v := range cSess.Group.RouteExclude { HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask) } - HttpSetHeader(w, "X-CSTP-Lease-Duration", fmt.Sprintf("%d", base.Cfg.IpLease)) // ip地址租期 + + HttpSetHeader(w, "X-CSTP-Lease-Duration", "1209600") // ip地址租期 HttpSetHeader(w, "X-CSTP-Session-Timeout", "none") HttpSetHeader(w, "X-CSTP-Session-Timeout-Alert-Interval", "60") HttpSetHeader(w, "X-CSTP-Session-Timeout-Remaining", "none") @@ -135,8 +136,10 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { HttpSetHeader(w, "X-CSTP-Keep", "true") HttpSetHeader(w, "X-CSTP-Tunnel-All-DNS", "false") - HttpSetHeader(w, "X-CSTP-Rekey-Time", "21600") // 172800 + HttpSetHeader(w, "X-CSTP-Rekey-Time", "43200") // 172800 HttpSetHeader(w, "X-CSTP-Rekey-Method", "new-tunnel") + HttpSetHeader(w, "X-DTLS-Rekey-Time", "43200") + HttpSetHeader(w, "X-DTLS-Rekey-Method", "new-tunnel") HttpSetHeader(w, "X-CSTP-DPD", fmt.Sprintf("%d", cstpDpd)) HttpSetHeader(w, "X-CSTP-Keepalive", fmt.Sprintf("%d", cstpKeepalive)) @@ -151,7 +154,6 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { HttpSetHeader(w, "X-DTLS-Port", dtlsPort) HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd)) HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive)) - HttpSetHeader(w, "X-DTLS-Rekey-Time", "21600") HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256") HttpSetHeader(w, "X-CSTP-License", "accept") diff --git a/server/handler/server.go b/server/handler/server.go index 70f8fb6..356d7a7 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -11,8 +11,8 @@ import ( "time" "github.com/bjdgyc/anylink/base" - "github.com/bjdgyc/anylink/pkg/proxyproto" "github.com/gorilla/mux" + "github.com/pires/go-proxyproto" ) func startTls() { @@ -64,7 +64,10 @@ func startTls() { defer ln.Close() if base.Cfg.ProxyProtocol { - ln = &proxyproto.Listener{Listener: ln, ProxyHeaderTimeout: time.Second * 5} + ln = &proxyproto.Listener{ + Listener: ln, + ReadHeaderTimeout: 20 * time.Second, + } } base.Info("listen server", addr)