From f43ff831d51f0796111748d5b7013b581096ac2a Mon Sep 17 00:00:00 2001 From: enfein <83481737+enfein@users.noreply.github.com> Date: Fri, 10 Jan 2025 21:50:40 +0000 Subject: [PATCH] v3.11.0 release 1. Reduce network latency on Android platform. 2. Add DNS policy for proxy server in dual-stack networks (issue #190). 3. Add "mieru describe build" and "mita describe build" commands. 4. Update dependency versions. --- Makefile | 2 +- .../package/mieru/amd64/debian/DEBIAN/control | 2 +- build/package/mieru/amd64/rpm/mieru.spec | 2 +- .../package/mieru/arm64/debian/DEBIAN/control | 2 +- build/package/mieru/arm64/rpm/mieru.spec | 2 +- .../package/mita/amd64/debian/DEBIAN/control | 2 +- build/package/mita/amd64/rpm/mita.spec | 2 +- .../package/mita/arm64/debian/DEBIAN/control | 2 +- build/package/mita/arm64/rpm/mita.spec | 2 +- docs/client-install.md | 14 ++-- docs/client-install.zh_CN.md | 14 ++-- docs/server-install.md | 64 ++++++++--------- docs/server-install.zh_CN.md | 70 +++++++++---------- pkg/appctl/appctlpb/base.pb.go | 52 +++++++------- pkg/appctl/appctlpb/servercfg.pb.go | 2 +- pkg/appctl/proto/base.proto | 2 +- pkg/cli/client.go | 6 +- pkg/cli/server.go | 6 +- pkg/cli/shared.go | 2 +- pkg/common/ipdualstack.go | 10 +-- pkg/common/ipdualstack_test.go | 4 +- pkg/version/current.go | 2 +- .../deploy/httptest/test_mix_udp_associate.sh | 4 +- 23 files changed, 137 insertions(+), 133 deletions(-) diff --git a/Makefile b/Makefile index 63821f08..cef0a7c4 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,7 @@ PROJECT_NAME=$(shell basename "${ROOT}") # - pkg/version/current.go # # Use `tools/bump_version.sh` script to change all those files at one shot. -VERSION="3.10.0" +VERSION="3.11.0" # Build binaries and installation packages. .PHONY: build diff --git a/build/package/mieru/amd64/debian/DEBIAN/control b/build/package/mieru/amd64/debian/DEBIAN/control index cdaa8aed..5bc6db58 100755 --- a/build/package/mieru/amd64/debian/DEBIAN/control +++ b/build/package/mieru/amd64/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: mieru -Version: 3.10.0 +Version: 3.11.0 Section: net Priority: optional Architecture: amd64 diff --git a/build/package/mieru/amd64/rpm/mieru.spec b/build/package/mieru/amd64/rpm/mieru.spec index 525313c8..e7bcd2dd 100644 --- a/build/package/mieru/amd64/rpm/mieru.spec +++ b/build/package/mieru/amd64/rpm/mieru.spec @@ -1,5 +1,5 @@ Name: mieru -Version: 3.10.0 +Version: 3.11.0 Release: 1%{?dist} Summary: Mieru proxy client License: GPLv3+ diff --git a/build/package/mieru/arm64/debian/DEBIAN/control b/build/package/mieru/arm64/debian/DEBIAN/control index 29792b9f..14203c33 100755 --- a/build/package/mieru/arm64/debian/DEBIAN/control +++ b/build/package/mieru/arm64/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: mieru -Version: 3.10.0 +Version: 3.11.0 Section: net Priority: optional Architecture: arm64 diff --git a/build/package/mieru/arm64/rpm/mieru.spec b/build/package/mieru/arm64/rpm/mieru.spec index 525313c8..e7bcd2dd 100644 --- a/build/package/mieru/arm64/rpm/mieru.spec +++ b/build/package/mieru/arm64/rpm/mieru.spec @@ -1,5 +1,5 @@ Name: mieru -Version: 3.10.0 +Version: 3.11.0 Release: 1%{?dist} Summary: Mieru proxy client License: GPLv3+ diff --git a/build/package/mita/amd64/debian/DEBIAN/control b/build/package/mita/amd64/debian/DEBIAN/control index 948a1f60..aefe5efb 100755 --- a/build/package/mita/amd64/debian/DEBIAN/control +++ b/build/package/mita/amd64/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: mita -Version: 3.10.0 +Version: 3.11.0 Section: net Priority: optional Architecture: amd64 diff --git a/build/package/mita/amd64/rpm/mita.spec b/build/package/mita/amd64/rpm/mita.spec index babe5d71..2739ebca 100644 --- a/build/package/mita/amd64/rpm/mita.spec +++ b/build/package/mita/amd64/rpm/mita.spec @@ -1,5 +1,5 @@ Name: mita -Version: 3.10.0 +Version: 3.11.0 Release: 1%{?dist} Summary: Mieru proxy server License: GPLv3+ diff --git a/build/package/mita/arm64/debian/DEBIAN/control b/build/package/mita/arm64/debian/DEBIAN/control index 1fdf7717..8103a63b 100755 --- a/build/package/mita/arm64/debian/DEBIAN/control +++ b/build/package/mita/arm64/debian/DEBIAN/control @@ -1,5 +1,5 @@ Package: mita -Version: 3.10.0 +Version: 3.11.0 Section: net Priority: optional Architecture: arm64 diff --git a/build/package/mita/arm64/rpm/mita.spec b/build/package/mita/arm64/rpm/mita.spec index 3c749a05..8a551b94 100644 --- a/build/package/mita/arm64/rpm/mita.spec +++ b/build/package/mita/arm64/rpm/mita.spec @@ -1,5 +1,5 @@ Name: mita -Version: 3.10.0 +Version: 3.11.0 Release: 1%{?dist} Summary: Mieru proxy server License: GPLv3+ diff --git a/docs/client-install.md b/docs/client-install.md index c6cb9c0f..e44226c2 100644 --- a/docs/client-install.md +++ b/docs/client-install.md @@ -14,7 +14,9 @@ Use can invoke command mieru apply config ``` -to modify the proxy client settings. `` is a JSON formatted configuration file. An example of client configuration is as follows. +to modify the proxy client settings. `` is a JSON formatted configuration file. This configuration file does not need to specify the full proxy client settings. When you run command `mieru apply config `, the contents of the file will be merged into any existing proxy client settings. + +An example of client configuration is as follows. ```js { @@ -62,14 +64,14 @@ Please use a text editor to modify the following fields. 1. In the `profiles` -> `user` -> `name` property, fill in the username. This must be the same as the setting in the proxy server. 2. In the `profiles` -> `user` -> `password` property, fill in the password. This must be the same as the setting in the proxy server. 3. In the `profiles` -> `servers` -> `ipAddress` property, fill in the public address of the proxy server. Both IPv4 and IPv6 addresses are supported. -4. If you have registered a domain name for the proxy server, please fill in the domain name in `profiles` -> `servers` -> `domainName`. Otherwise, do not modify this property. +4. [Optional] If you have registered a domain name for the proxy server, please fill in the domain name in `profiles` -> `servers` -> `domainName`. Otherwise, do not modify this property. 5. Fill in `profiles` -> `servers` -> `portBindings` -> `port` with the TCP or UDP port number that mita is listening to. The port number must be the same as the one set in the proxy server. If you want to listen to a range of consecutive port numbers, you can also use the `portRange` property instead. -6. Specify a value between 1280 and 1400 for the `profiles` -> `mtu` property. The default value is 1400. This value can be different from the setting in the proxy server. -7. If you want to adjust the frequency of multiplexing, you can set a value for the `profiles` -> `multiplexing` -> `level` property. The values you can use here include `MULTIPLEXING_OFF`, `MULTIPLEXING_LOW`, `MULTIPLEXING_MIDDLE`, and `MULTIPLEXING_HIGH`. `MULTIPLEXING_OFF` will disable multiplexing, and the default value is `MULTIPLEXING_LOW`. +6. [Optional] Specify a value between 1280 and 1400 for the `profiles` -> `mtu` property. The default value is 1400. This value can be different from the setting in the proxy server. +7. [Optional] If you want to adjust the frequency of multiplexing, you can set a value for the `profiles` -> `multiplexing` -> `level` property. The values you can use here include `MULTIPLEXING_OFF`, `MULTIPLEXING_LOW`, `MULTIPLEXING_MIDDLE`, and `MULTIPLEXING_HIGH`. `MULTIPLEXING_OFF` will disable multiplexing, and the default value is `MULTIPLEXING_LOW`. 8. Please specify a value between 1025 and 65535 for the `rpcPort` property. 9. Please specify a value between 1025 and 65535 for the `socks5Port` property. This port cannot be the same as `rpcPort`. -10. If the client needs to provide proxy services to other devices on the LAN, set the `socks5ListenLAN` property to `true`. -11. If you want to enable HTTP / HTTPS proxy, Please specify a value between 1025 and 65535 for the `httpProxyPort` property. This port cannot be the same as `rpcPort` or `socks5Port`. If the client needs to provide HTTP / HTTPS proxy services to other devices on the LAN, set the `httpProxyListenLAN` property to `true`. If you want to disable HTTP / HTTPS proxy, please delete `httpProxyPort` and `httpProxyListenLAN` property. +10. [Optional] If the client needs to provide proxy services to other devices on the LAN, set the `socks5ListenLAN` property to `true`. +11. [Optional] If you want to enable HTTP / HTTPS proxy, Please specify a value between 1025 and 65535 for the `httpProxyPort` property. This port cannot be the same as `rpcPort` or `socks5Port`. If the client needs to provide HTTP / HTTPS proxy services to other devices on the LAN, set the `httpProxyListenLAN` property to `true`. If you want to disable HTTP / HTTPS proxy, please delete `httpProxyPort` and `httpProxyListenLAN` property. If you have multiple proxy servers installed, or one server listening on multiple ports, you can add them all to the client settings. Each time a new connection is created, mieru will randomly select one of the servers and one of the ports. **If you are using multiple servers, make sure that each server has the mita proxy service started.** diff --git a/docs/client-install.zh_CN.md b/docs/client-install.zh_CN.md index db862b0a..1ab7441d 100644 --- a/docs/client-install.zh_CN.md +++ b/docs/client-install.zh_CN.md @@ -14,7 +14,9 @@ mieru 客户端软件支持 Windows,Mac OS 和 Linux 系统。用户可以在 mieru apply config ``` -指令来修改客户端的设置,这里的 `` 是一个 JSON 格式的配置文件。客户端配置的一个示例如下。 +指令来修改客户端的设置,这里的 `` 是一个 JSON 格式的配置文件。该配置文件不需要指定完整的客户端设置。运行指令 `mieru apply config ` 时,文件内容会合并到任何已有的客户端设置。 + +客户端配置的一个示例如下。 ```js { @@ -62,14 +64,14 @@ mieru apply config 1. 在 `profiles` -> `user` -> `name` 属性中,填写用户名。此处必须与代理服务器中的设置相同。 2. 在 `profiles` -> `user` -> `password` 属性中,填写密码。此处必须与代理服务器中的设置相同。 3. 在 `profiles` -> `servers` -> `ipAddress` 属性中,填写代理服务器的公网地址。支持 IPv4 和 IPv6 地址。 -4. 如果你为代理服务器注册了域名,请在 `profiles` -> `servers` -> `domainName` 中填写域名。否则,请勿修改这个属性。 +4. 【可选】如果你为代理服务器注册了域名,请在 `profiles` -> `servers` -> `domainName` 中填写域名。否则,请勿修改这个属性。 5. 在 `profiles` -> `servers` -> `portBindings` -> `port` 中填写 mita 监听的 TCP 或 UDP 端口号。这个端口号必须与代理服务器中的设置相同。如果想要监听连续的端口号,也可以改为使用 `portRange` 属性。 -6. 请为 `profiles` -> `mtu` 属性中指定一个从 1280 到 1400 之间的值。默认值为 1400。这个值可以与代理服务器中的设置不同。 -7. 如果想要调整多路复用的频率,是更多地创建新连接,还是更多地重用旧连接,可以为 `profiles` -> `multiplexing` -> `level` 属性设定一个值。这里可以使用的值包括 `MULTIPLEXING_OFF`, `MULTIPLEXING_LOW`, `MULTIPLEXING_MIDDLE`, `MULTIPLEXING_HIGH`。其中 `MULTIPLEXING_OFF` 会关闭多路复用功能。默认值为 `MULTIPLEXING_LOW`。 +6. 【可选】请为 `profiles` -> `mtu` 属性中指定一个从 1280 到 1400 之间的值。默认值为 1400。这个值可以与代理服务器中的设置不同。 +7. 【可选】如果想要调整多路复用的频率,是更多地创建新连接,还是更多地重用旧连接,可以为 `profiles` -> `multiplexing` -> `level` 属性设定一个值。这里可以使用的值包括 `MULTIPLEXING_OFF`, `MULTIPLEXING_LOW`, `MULTIPLEXING_MIDDLE`, `MULTIPLEXING_HIGH`。其中 `MULTIPLEXING_OFF` 会关闭多路复用功能。默认值为 `MULTIPLEXING_LOW`。 8. 请为 `rpcPort` 属性指定一个从 1025 到 65535 之间的数值。 9. 请为 `socks5Port` 属性指定一个从 1025 到 65535 之间的数值。该端口不能与 `rpcPort` 相同。 -10. 如果客户端需要为局域网中的其他设备提供代理服务,请将 `socks5ListenLAN` 属性设置为 `true`。 -11. 如果要启动 HTTP / HTTPS 代理,请为 `httpProxyPort` 属性指定一个从 1025 到 65535 之间的数值。该端口不能与 `rpcPort` 和 `socks5Port` 相同。如果需要为局域网中的其他设备提供 HTTP / HTTPS 代理,请将 `httpProxyListenLAN` 属性设置为 `true`。如果不需要 HTTP / HTTPS 代理,请删除 `httpProxyPort` 和 `httpProxyListenLAN` 属性。 +10. 【可选】如果客户端需要为局域网中的其他设备提供代理服务,请将 `socks5ListenLAN` 属性设置为 `true`。 +11. 【可选】如果要启动 HTTP / HTTPS 代理,请为 `httpProxyPort` 属性指定一个从 1025 到 65535 之间的数值。该端口不能与 `rpcPort` 和 `socks5Port` 相同。如果需要为局域网中的其他设备提供 HTTP / HTTPS 代理,请将 `httpProxyListenLAN` 属性设置为 `true`。如果不需要 HTTP / HTTPS 代理,请删除 `httpProxyPort` 和 `httpProxyListenLAN` 属性。 如果你安装了多台代理服务器,或者一台服务器监听多个端口,可以把它们都添加到客户端设置中。每次发起新的连接时,mieru 会随机选取其中的一台服务器和一个端口。**如果使用了多台服务器,请确保每一台服务器都启动了 mita 代理服务。** diff --git a/docs/server-install.md b/docs/server-install.md index 0dc3e462..6fad2903 100644 --- a/docs/server-install.md +++ b/docs/server-install.md @@ -8,32 +8,32 @@ Before installation and configuration, connect to the server via SSH and then ex ```sh # Debian / Ubuntu - X86_64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita_3.10.0_amd64.deb +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita_3.11.0_amd64.deb # Debian / Ubuntu - ARM 64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita_3.10.0_arm64.deb +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita_3.11.0_arm64.deb # RedHat / CentOS / Rocky Linux - X86_64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita-3.10.0-1.x86_64.rpm +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita-3.11.0-1.x86_64.rpm # RedHat / CentOS / Rocky Linux - ARM 64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita-3.10.0-1.aarch64.rpm +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita-3.11.0-1.aarch64.rpm ``` ## Install mita package ```sh # Debian / Ubuntu - X86_64 -sudo dpkg -i mita_3.10.0_amd64.deb +sudo dpkg -i mita_3.11.0_amd64.deb # Debian / Ubuntu - ARM 64 -sudo dpkg -i mita_3.10.0_arm64.deb +sudo dpkg -i mita_3.11.0_arm64.deb # RedHat / CentOS / Rocky Linux - X86_64 -sudo rpm -Uvh --force mita-3.10.0-1.x86_64.rpm +sudo rpm -Uvh --force mita-3.11.0-1.x86_64.rpm # RedHat / CentOS / Rocky Linux - ARM 64 -sudo rpm -Uvh --force mita-3.10.0-1.aarch64.rpm +sudo rpm -Uvh --force mita-3.11.0-1.aarch64.rpm ``` Those instructions can also be used to upgrade the version of mita software package. @@ -73,7 +73,9 @@ Users should call mita apply config ``` -to modify the proxy server settings. `` is a JSON formatted configuration file. Below is an example of the server configuration file. +to modify the proxy server settings. `` is a JSON formatted configuration file. This configuration file does not need to specify the full proxy server settings. When you run command `mita apply config `, the contents of the file will be merged into any existing proxy server settings. + +Below is an example of the server configuration file. ```js { @@ -106,7 +108,7 @@ to modify the proxy server settings. `` is a JSON formatted configuration 2. The `portBindings` -> `protocol` property can be set to `TCP` or `UDP`. 3. Fill in the `users` -> `name` property with the user name. 4. Fill in the `users` -> `password` property with the user's password. -5. The `mtu` property is the maximum transport layer payload size when using the UDP proxy protocol. The default value is 1400. The minimum value is 1280. +5. [Optional] The `mtu` property is the maximum transport layer payload size when using the UDP proxy protocol. The default value is 1400. The minimum value is 1280. In addition to this, mita can listen to several different ports. We recommend using multiple ports in both server and client configurations. @@ -182,28 +184,6 @@ Below is an example to configure a proxy chain. ```js { - "portBindings": [ - { - "portRange": "2012-2022", - "protocol": "TCP" - }, - { - "port": 2027, - "protocol": "TCP" - } - ], - "users": [ - { - "name": "ducaiguozei", - "password": "xijinping" - }, - { - "name": "meiyougongchandang", - "password": "caiyouxinzhongguo" - } - ], - "loggingLevel": "INFO", - "mtu": 1400, "egress": { "proxies": [ { @@ -242,6 +222,26 @@ Tor browser -> mieru client -> GFW -> mita server -> Tor network -> target websi For information on how to configure nested proxy on a Tor browser, please refer to the [Security Guide](./security.md). +### DNS Policy in IPv4 / IPv6 Dual-Stack Network + +When a proxy client requests a target website using a domain name instead of an IP address, the proxy server needs to initiate a DNS request. If the proxy server is in an IPv4 / IPv6 dual-stack network, you can adjust the DNS policy using the following configuration: + +```js +{ + "dns": { + "dualStack": "USE_FIRST_IP" + } +} +``` + +The `dns` -> `dualStack` attribute supports the following values: + +1. `USE_FIRST_IP`: Always use the first IP address returned by the DNS server. This is the default policy. +2. `PREFER_IPv4`: Prefer to use the first IPv4 address returned by the DNS server. If there is no IPv4 address, use the first IPv6 address. +3. `PREFER_IPv6`: Prefer to use the first IPv6 address returned by the DNS server. If there is no IPv6 address, use the first IPv4 address. +4. `ONLY_IPv4`: Force to use the first IPv4 address returned by the DNS server. If there is no IPv4 address, the connection fails. +5. `ONLY_IPv6`: Force to use the first IPv6 address returned by the DNS server. If there is no IPv6 address, the connection fails. + ### Limiting User Traffic We can use the `users` -> `quotas` property to limit the amount of traffic a user is allowed to use. For example, if you want user "ducaiguozei" to use no more than 1 GB of traffic within 1 day, and no more than 10 GB within 30 days, you can apply the following settings. diff --git a/docs/server-install.zh_CN.md b/docs/server-install.zh_CN.md index 10b1e25e..b35bc995 100644 --- a/docs/server-install.zh_CN.md +++ b/docs/server-install.zh_CN.md @@ -8,32 +8,32 @@ ```sh # Debian / Ubuntu - X86_64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita_3.10.0_amd64.deb +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita_3.11.0_amd64.deb # Debian / Ubuntu - ARM 64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita_3.10.0_arm64.deb +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita_3.11.0_arm64.deb # RedHat / CentOS / Rocky Linux - X86_64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita-3.10.0-1.x86_64.rpm +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita-3.11.0-1.x86_64.rpm # RedHat / CentOS / Rocky Linux - ARM 64 -curl -LSO https://github.com/enfein/mieru/releases/download/v3.10.0/mita-3.10.0-1.aarch64.rpm +curl -LSO https://github.com/enfein/mieru/releases/download/v3.11.0/mita-3.11.0-1.aarch64.rpm ``` ## 安装 mita 软件包 ```sh # Debian / Ubuntu - X86_64 -sudo dpkg -i mita_3.10.0_amd64.deb +sudo dpkg -i mita_3.11.0_amd64.deb # Debian / Ubuntu - ARM 64 -sudo dpkg -i mita_3.10.0_arm64.deb +sudo dpkg -i mita_3.11.0_arm64.deb # RedHat / CentOS / Rocky Linux - X86_64 -sudo rpm -Uvh --force mita-3.10.0-1.x86_64.rpm +sudo rpm -Uvh --force mita-3.11.0-1.x86_64.rpm # RedHat / CentOS / Rocky Linux - ARM 64 -sudo rpm -Uvh --force mita-3.10.0-1.aarch64.rpm +sudo rpm -Uvh --force mita-3.11.0-1.aarch64.rpm ``` 上述指令也可以用来升级 mita 软件包的版本。 @@ -73,7 +73,9 @@ mieru 代理支持 TCP 和 UDP 两种不同的传输协议。要了解协议之 mita apply config ``` -指令来修改代理服务器的设置,这里的 `` 是一个 JSON 格式的配置文件。下面是服务器配置文件的一个例子。 +指令来修改代理服务器的设置,这里的 `` 是一个 JSON 格式的配置文件。该配置文件不需要指定完整的代理服务器设置。运行指令 `mita apply config ` 时,文件内容会合并到任何已有的代理服务器设置。 + +下面是服务器配置文件的一个例子。 ```js { @@ -106,7 +108,7 @@ mita apply config 2. `portBindings` -> `protocol` 属性可以使用 `TCP` 或者 `UDP`。 3. 在 `users` -> `name` 属性中填写用户名。 4. 在 `users` -> `password` 属性中填写该用户的密码。 -5. `mtu` 属性是使用 UDP 代理协议时,传输层最大的载荷大小。默认值是 1400,最小值是 1280。 +5. 【可选】`mtu` 属性是使用 UDP 代理协议时,传输层最大的载荷大小。默认值是 1400,最小值是 1280。 除此之外,mita 可以监听多个不同的端口。我们建议在服务器和客户端配置中使用多个端口。 @@ -173,37 +175,15 @@ sudo ./tools/enable_tcp_bbr.py 出站代理功能允许 mieru 与其他代理工具结合构成链式代理。链式代理的网络拓扑结构的一个例子如下图所示: ``` -mieru 客户端 -> GFW -> mita 服务器 -> cloudflare 代理客户端 -> cloudflare CDN -> 目标网址 +mieru 客户端 -> GFW -> mita 服务器 -> cloudflare 代理客户端 -> cloudflare CDN -> 目标网站 ``` -通过链式代理,目标网址看到的 IP 地址是 cloudflare CDN 的地址,而不是 mita 服务器的地址。 +通过链式代理,目标网站看到的 IP 地址是 cloudflare CDN 的地址,而不是 mita 服务器的地址。 下面是配置链式代理的一个例子。 ```js { - "portBindings": [ - { - "portRange": "2012-2022", - "protocol": "TCP" - }, - { - "port": 2027, - "protocol": "TCP" - } - ], - "users": [ - { - "name": "ducaiguozei", - "password": "xijinping" - }, - { - "name": "meiyougongchandang", - "password": "caiyouxinzhongguo" - } - ], - "loggingLevel": "INFO", - "mtu": 1400, "egress": { "proxies": [ { @@ -237,11 +217,31 @@ mieru 客户端 -> GFW -> mita 服务器 -> cloudflare 代理客户端 -> cloudf 注意,链式代理和嵌套代理不同。嵌套代理的网络拓扑结构的一个例子如下图所示: ``` -Tor 浏览器 -> mieru 客户端 -> GFW -> mita 服务器 -> Tor 网络 -> 目标网址 +Tor 浏览器 -> mieru 客户端 -> GFW -> mita 服务器 -> Tor 网络 -> 目标网站 ``` 关于如何在 Tor 浏览器上配置嵌套代理,请参见[翻墙安全指南](./security.zh_CN.md)。 +### IPv4 / IPv6 双栈网络中的 DNS 策略 + +当代理客户端请求的目标网站是域名,而不是 IP 地址时,代理服务器需要发起 DNS 请求。如果代理服务器处于 IPv4 / IPv6 双栈网络中,可以使用下面的配置调整 DNS 策略: + +```js +{ + "dns": { + "dualStack": "USE_FIRST_IP" + } +} +``` + +`dns` -> `dualStack` 属性支持的值包括: + +1. `USE_FIRST_IP`:永远使用 DNS 服务器返回的第一个 IP 地址。这是默认策略。 +2. `PREFER_IPv4`:优先使用 DNS 服务器返回的第一个 IPv4 地址。如果没有 IPv4 地址,则使用第一个 IPv6 地址。 +3. `PREFER_IPv6`:优先使用 DNS 服务器返回的第一个 IPv6 地址。如果没有 IPv6 地址,则使用第一个 IPv4 地址。 +4. `ONLY_IPv4`:强制使用 DNS 服务器返回的第一个 IPv4 地址。如果没有 IPv4 地址则连接失败。 +5. `ONLY_IPv6`:强制使用 DNS 服务器返回的第一个 IPv6 地址。如果没有 IPv6 地址则连接失败。 + ### 限制用户流量 我们可以使用 `users` -> `quotas` 属性限制用户可以使用的流量大小。例如,如果想让用户 "ducaiguozei" 在 1 天时间内最多使用 1 GB 流量,并且在 30 天时间内最多使用 10 GB 流量,可以应用下面的设置。 diff --git a/pkg/appctl/appctlpb/base.pb.go b/pkg/appctl/appctlpb/base.pb.go index 3b0830b1..b8964dbf 100644 --- a/pkg/appctl/appctlpb/base.pb.go +++ b/pkg/appctl/appctlpb/base.pb.go @@ -158,28 +158,28 @@ func (LoggingLevel) EnumDescriptor() ([]byte, []int) { type DualStack int32 const ( - DualStack_ANY_IP_VERSION DualStack = 0 - DualStack_PREFER_IPv4 DualStack = 1 - DualStack_PREFER_IPv6 DualStack = 2 - DualStack_ONLY_IPv4 DualStack = 3 - DualStack_ONLY_IPv6 DualStack = 4 + DualStack_USE_FIRST_IP DualStack = 0 + DualStack_PREFER_IPv4 DualStack = 1 + DualStack_PREFER_IPv6 DualStack = 2 + DualStack_ONLY_IPv4 DualStack = 3 + DualStack_ONLY_IPv6 DualStack = 4 ) // Enum value maps for DualStack. var ( DualStack_name = map[int32]string{ - 0: "ANY_IP_VERSION", + 0: "USE_FIRST_IP", 1: "PREFER_IPv4", 2: "PREFER_IPv6", 3: "ONLY_IPv4", 4: "ONLY_IPv6", } DualStack_value = map[string]int32{ - "ANY_IP_VERSION": 0, - "PREFER_IPv4": 1, - "PREFER_IPv6": 2, - "ONLY_IPv4": 3, - "ONLY_IPv6": 4, + "USE_FIRST_IP": 0, + "PREFER_IPv4": 1, + "PREFER_IPv6": 2, + "ONLY_IPv4": 3, + "ONLY_IPv6": 4, } ) @@ -739,21 +739,21 @@ var file_base_proto_rawDesc = []byte{ 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x05, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, - 0x45, 0x10, 0x06, 0x2a, 0x5f, 0x0a, 0x09, 0x44, 0x75, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x63, 0x6b, - 0x12, 0x12, 0x0a, 0x0e, 0x41, 0x4e, 0x59, 0x5f, 0x49, 0x50, 0x5f, 0x56, 0x45, 0x52, 0x53, 0x49, - 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52, 0x45, 0x46, 0x45, 0x52, 0x5f, 0x49, - 0x50, 0x76, 0x34, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52, 0x45, 0x46, 0x45, 0x52, 0x5f, - 0x49, 0x50, 0x76, 0x36, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x4e, 0x4c, 0x59, 0x5f, 0x49, - 0x50, 0x76, 0x34, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x4e, 0x4c, 0x59, 0x5f, 0x49, 0x50, - 0x76, 0x36, 0x10, 0x04, 0x2a, 0x45, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, - 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1e, 0x0a, 0x1a, 0x55, 0x4e, 0x4b, - 0x4e, 0x4f, 0x57, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x50, - 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, - 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x02, 0x42, 0x30, 0x5a, 0x2e, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x66, 0x65, 0x69, 0x6e, - 0x2f, 0x6d, 0x69, 0x65, 0x72, 0x75, 0x2f, 0x76, 0x33, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, - 0x70, 0x63, 0x74, 0x6c, 0x2f, 0x61, 0x70, 0x70, 0x63, 0x74, 0x6c, 0x70, 0x62, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x45, 0x10, 0x06, 0x2a, 0x5d, 0x0a, 0x09, 0x44, 0x75, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x63, 0x6b, + 0x12, 0x10, 0x0a, 0x0c, 0x55, 0x53, 0x45, 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x5f, 0x49, 0x50, + 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52, 0x45, 0x46, 0x45, 0x52, 0x5f, 0x49, 0x50, 0x76, + 0x34, 0x10, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52, 0x45, 0x46, 0x45, 0x52, 0x5f, 0x49, 0x50, + 0x76, 0x36, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x4e, 0x4c, 0x59, 0x5f, 0x49, 0x50, 0x76, + 0x34, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x4e, 0x4c, 0x59, 0x5f, 0x49, 0x50, 0x76, 0x36, + 0x10, 0x04, 0x2a, 0x45, 0x0a, 0x11, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x1e, 0x0a, 0x1a, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, + 0x57, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x50, 0x4f, 0x52, 0x54, 0x5f, 0x50, 0x52, 0x4f, + 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x01, + 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x02, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x66, 0x65, 0x69, 0x6e, 0x2f, 0x6d, + 0x69, 0x65, 0x72, 0x75, 0x2f, 0x76, 0x33, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x70, 0x63, + 0x74, 0x6c, 0x2f, 0x61, 0x70, 0x70, 0x63, 0x74, 0x6c, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/appctl/appctlpb/servercfg.pb.go b/pkg/appctl/appctlpb/servercfg.pb.go index 2d442ba5..d5b070b2 100644 --- a/pkg/appctl/appctlpb/servercfg.pb.go +++ b/pkg/appctl/appctlpb/servercfg.pb.go @@ -550,7 +550,7 @@ func (x *DNS) GetDualStack() DualStack { if x != nil && x.DualStack != nil { return *x.DualStack } - return DualStack_ANY_IP_VERSION + return DualStack_USE_FIRST_IP } var File_servercfg_proto protoreflect.FileDescriptor diff --git a/pkg/appctl/proto/base.proto b/pkg/appctl/proto/base.proto index 11564cc7..5bc4eecc 100644 --- a/pkg/appctl/proto/base.proto +++ b/pkg/appctl/proto/base.proto @@ -52,7 +52,7 @@ enum LoggingLevel { } enum DualStack { - ANY_IP_VERSION = 0; + USE_FIRST_IP = 0; PREFER_IPv4 = 1; PREFER_IPv6 = 2; ONLY_IPv4 = 3; diff --git a/pkg/cli/client.go b/pkg/cli/client.go index 8016b46d..48f1747b 100644 --- a/pkg/cli/client.go +++ b/pkg/cli/client.go @@ -182,11 +182,11 @@ func RegisterClientCommands() { versionFunc, ) RegisterCallback( - []string{"", "describe", "build-info"}, + []string{"", "describe", "build"}, func(s []string) error { return unexpectedArgsError(s, 3) }, - buildInfoFunc, + describeBuildFunc, ) RegisterCallback( []string{"", "check", "update"}, @@ -351,7 +351,7 @@ var clientHelpFunc = func(s []string) error { }, }, { - cmd: "describe build-info", + cmd: "describe build", help: []string{"Show mieru build info."}, }, { diff --git a/pkg/cli/server.go b/pkg/cli/server.go index f2d18604..5ba3be6a 100644 --- a/pkg/cli/server.go +++ b/pkg/cli/server.go @@ -127,11 +127,11 @@ func RegisterServerCommands() { versionFunc, ) RegisterCallback( - []string{"", "describe", "build-info"}, + []string{"", "describe", "build"}, func(s []string) error { return unexpectedArgsError(s, 3) }, - buildInfoFunc, + describeBuildFunc, ) RegisterCallback( []string{"", "check", "update"}, @@ -266,7 +266,7 @@ var serverHelpFunc = func(s []string) error { }, }, { - cmd: "describe build-info", + cmd: "describe build", help: []string{"Show mita build info."}, }, { diff --git a/pkg/cli/shared.go b/pkg/cli/shared.go index 5ab6cc0d..3cdb32ca 100644 --- a/pkg/cli/shared.go +++ b/pkg/cli/shared.go @@ -28,7 +28,7 @@ var versionFunc = func(_ []string) error { return nil } -var buildInfoFunc = func(_ []string) error { +var describeBuildFunc = func(_ []string) error { info, ok := debug.ReadBuildInfo() if !ok { return fmt.Errorf("build info is unavailable") diff --git a/pkg/common/ipdualstack.go b/pkg/common/ipdualstack.go index e4b507f0..cd5b15b3 100644 --- a/pkg/common/ipdualstack.go +++ b/pkg/common/ipdualstack.go @@ -29,11 +29,11 @@ type DualStackPreference int32 // The values below must match with file pkg/appctl/proto/base.proto. const ( - ANY_IP_VERSION DualStackPreference = 0 - PREFER_IPv4 DualStackPreference = 1 - PREFER_IPv6 DualStackPreference = 2 - ONLY_IPv4 DualStackPreference = 3 - ONLY_IPv6 DualStackPreference = 4 + USE_FIRST_IP DualStackPreference = 0 + PREFER_IPv4 DualStackPreference = 1 + PREFER_IPv6 DualStackPreference = 2 + ONLY_IPv4 DualStackPreference = 3 + ONLY_IPv6 DualStackPreference = 4 ) // IsIPDualStack returns true if an IPv6 socket is able to send and receive diff --git a/pkg/common/ipdualstack_test.go b/pkg/common/ipdualstack_test.go index 5b7f434a..8d7d03e5 100644 --- a/pkg/common/ipdualstack_test.go +++ b/pkg/common/ipdualstack_test.go @@ -106,7 +106,7 @@ func TestSelectIPFromList(t *testing.T) { { name: "ipv4 and ipv6, any IP version", ips: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("127.0.0.2"), net.ParseIP("::1")}, - strategy: ANY_IP_VERSION, + strategy: USE_FIRST_IP, want: net.ParseIP("127.0.0.1"), }, { @@ -136,7 +136,7 @@ func TestSelectIPFromList(t *testing.T) { { name: "ipv6 and ipv4, any IP version", ips: []net.IP{net.ParseIP("::1"), net.ParseIP("::2"), net.ParseIP("127.0.0.1")}, - strategy: ANY_IP_VERSION, + strategy: USE_FIRST_IP, want: net.ParseIP("::1"), }, { diff --git a/pkg/version/current.go b/pkg/version/current.go index e48cb115..7de5f5d9 100644 --- a/pkg/version/current.go +++ b/pkg/version/current.go @@ -16,5 +16,5 @@ package version const ( - AppVersion = "3.10.0" + AppVersion = "3.11.0" ) diff --git a/test/deploy/httptest/test_mix_udp_associate.sh b/test/deploy/httptest/test_mix_udp_associate.sh index b44cfdfa..29249cc1 100755 --- a/test/deploy/httptest/test_mix_udp_associate.sh +++ b/test/deploy/httptest/test_mix_udp_associate.sh @@ -22,10 +22,10 @@ source ./libtest.sh echo "mita build info:" -./mita describe build-info +./mita describe build sleep 1 echo "mieru build info:" -./mieru describe build-info +./mieru describe build sleep 1 # Update mieru server with mixed config.