diff --git a/README_zh.md b/README_zh.md
index 95ede3ee..a07e840c 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -11,11 +11,6 @@ frp 是一个专注于内网穿透的高性能的反向代理应用,支持 TCP
Gold Sponsors
-
-
- 
-
-
diff --git a/Release.md b/Release.md
index 6e142def..d0414efe 100644
--- a/Release.md
+++ b/Release.md
@@ -1,8 +1,8 @@
### Features
-* Added a new plugin "http2http" which allows forwarding HTTP requests to another HTTP server, supporting options like local address binding, host header rewrite, and custom request headers.
-* Added `enableHTTP2` option to control whether to enable HTTP/2 in plugin https2http and https2https, default is true.
+* Added a new plugin `tls2raw`: Enables TLS termination and forwarding of decrypted raw traffic to local service.
+* Added a default timeout of 30 seconds for the frpc subcommands to prevent commands from being stuck for a long time due to network issues.
-### Changes
+### Fixes
-* Plugin https2http & https2https: return 421 `Misdirected Request` if host not match sni.
+* Fixed the issue that when `loginFailExit = false`, the frpc stop command cannot be stopped correctly if the server is not successfully connected after startup.
diff --git a/client/proxy/proxy.go b/client/proxy/proxy.go
index cc02f809..5cb5ccf2 100644
--- a/client/proxy/proxy.go
+++ b/client/proxy/proxy.go
@@ -192,7 +192,7 @@ func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWor
if pxy.proxyPlugin != nil {
// if plugin is set, let plugin handle connection first
xl.Debugf("handle by plugin: %s", pxy.proxyPlugin.Name())
- pxy.proxyPlugin.Handle(remote, workConn, &extraInfo)
+ pxy.proxyPlugin.Handle(pxy.ctx, remote, workConn, &extraInfo)
xl.Debugf("handle by plugin finished")
return
}
diff --git a/client/service.go b/client/service.go
index 0cbd8757..b06706a6 100644
--- a/client/service.go
+++ b/client/service.go
@@ -169,6 +169,15 @@ func (svr *Service) Run(ctx context.Context) error {
netpkg.SetDefaultDNSAddress(svr.common.DNSServer)
}
+ if svr.webServer != nil {
+ go func() {
+ log.Infof("admin server listen on %s", svr.webServer.Address())
+ if err := svr.webServer.Run(); err != nil {
+ log.Warnf("admin server exit with error: %v", err)
+ }
+ }()
+ }
+
// first login to frps
svr.loopLoginUntilSuccess(10*time.Second, lo.FromPtr(svr.common.LoginFailExit))
if svr.ctl == nil {
@@ -179,14 +188,6 @@ func (svr *Service) Run(ctx context.Context) error {
go svr.keepControllerWorking()
- if svr.webServer != nil {
- go func() {
- log.Infof("admin server listen on %s", svr.webServer.Address())
- if err := svr.webServer.Run(); err != nil {
- log.Warnf("admin server exit with error: %v", err)
- }
- }()
- }
<-svr.ctx.Done()
svr.stop()
return nil
diff --git a/cmd/frpc/sub/admin.go b/cmd/frpc/sub/admin.go
index 5d478d44..abe80635 100644
--- a/cmd/frpc/sub/admin.go
+++ b/cmd/frpc/sub/admin.go
@@ -15,9 +15,11 @@
package sub
import (
+ "context"
"fmt"
"os"
"strings"
+ "time"
"github.com/rodaine/table"
"github.com/spf13/cobra"
@@ -27,24 +29,24 @@ import (
clientsdk "github.com/fatedier/frp/pkg/sdk/client"
)
+var adminAPITimeout = 30 * time.Second
+
func init() {
- rootCmd.AddCommand(NewAdminCommand(
- "reload",
- "Hot-Reload frpc configuration",
- ReloadHandler,
- ))
+ commands := []struct {
+ name string
+ description string
+ handler func(*v1.ClientCommonConfig) error
+ }{
+ {"reload", "Hot-Reload frpc configuration", ReloadHandler},
+ {"status", "Overview of all proxies status", StatusHandler},
+ {"stop", "Stop the running frpc", StopHandler},
+ }
- rootCmd.AddCommand(NewAdminCommand(
- "status",
- "Overview of all proxies status",
- StatusHandler,
- ))
-
- rootCmd.AddCommand(NewAdminCommand(
- "stop",
- "Stop the running frpc",
- StopHandler,
- ))
+ for _, cmdConfig := range commands {
+ cmd := NewAdminCommand(cmdConfig.name, cmdConfig.description, cmdConfig.handler)
+ cmd.Flags().DurationVar(&adminAPITimeout, "api-timeout", adminAPITimeout, "Timeout for admin API calls")
+ rootCmd.AddCommand(cmd)
+ }
}
func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) error) *cobra.Command {
@@ -73,7 +75,9 @@ func NewAdminCommand(name, short string, handler func(*v1.ClientCommonConfig) er
func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
- if err := client.Reload(strictConfigMode); err != nil {
+ ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+ defer cancel()
+ if err := client.Reload(ctx, strictConfigMode); err != nil {
return err
}
fmt.Println("reload success")
@@ -83,7 +87,9 @@ func ReloadHandler(clientCfg *v1.ClientCommonConfig) error {
func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
- res, err := client.GetAllProxyStatus()
+ ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+ defer cancel()
+ res, err := client.GetAllProxyStatus(ctx)
if err != nil {
return err
}
@@ -109,7 +115,9 @@ func StatusHandler(clientCfg *v1.ClientCommonConfig) error {
func StopHandler(clientCfg *v1.ClientCommonConfig) error {
client := clientsdk.New(clientCfg.WebServer.Addr, clientCfg.WebServer.Port)
client.SetAuth(clientCfg.WebServer.User, clientCfg.WebServer.Password)
- if err := client.Stop(); err != nil {
+ ctx, cancel := context.WithTimeout(context.Background(), adminAPITimeout)
+ defer cancel()
+ if err := client.Stop(ctx); err != nil {
return err
}
fmt.Println("stop success")
diff --git a/conf/frpc_full_example.toml b/conf/frpc_full_example.toml
index 51b89c2a..3bf86866 100644
--- a/conf/frpc_full_example.toml
+++ b/conf/frpc_full_example.toml
@@ -325,6 +325,16 @@ localAddr = "127.0.0.1:80"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
+[[proxies]]
+name = "plugin_tls2raw"
+type = "https"
+remotePort = 6008
+[proxies.plugin]
+type = "tls2raw"
+localAddr = "127.0.0.1:80"
+crtPath = "./server.crt"
+keyPath = "./server.key"
+
[[proxies]]
name = "secret_tcp"
# If the type is secret tcp, remotePort is useless
diff --git a/go.mod b/go.mod
index 72bbc0ac..cb1768bb 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.9.0
github.com/tidwall/gjson v1.17.1
- github.com/xtaci/kcp-go/v5 v5.6.8
+ github.com/xtaci/kcp-go/v5 v5.6.13
golang.org/x/crypto v0.22.0
golang.org/x/net v0.24.0
golang.org/x/oauth2 v0.16.0
@@ -59,9 +59,8 @@ require (
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.48.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
- github.com/rogpeppe/go-internal v1.11.0 // indirect
- github.com/templexxx/cpu v0.1.0 // indirect
- github.com/templexxx/xorsimd v0.4.2 // indirect
+ github.com/templexxx/cpu v0.1.1 // indirect
+ github.com/templexxx/xorsimd v0.4.3 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.0 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
diff --git a/go.sum b/go.sum
index efcb18ee..fee1bacd 100644
--- a/go.sum
+++ b/go.sum
@@ -116,8 +116,8 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rodaine/table v1.2.0 h1:38HEnwK4mKSHQJIkavVj+bst1TEY7j9zhLMWu4QJrMA=
github.com/rodaine/table v1.2.0/go.mod h1:wejb/q/Yd4T/SVmBSRMr7GCq3KlcZp3gyNYdLSBhkaE=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
@@ -136,10 +136,10 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
-github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
-github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
-github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
+github.com/templexxx/cpu v0.1.1 h1:isxHaxBXpYFWnk2DReuKkigaZyrjs2+9ypIdGP4h+HI=
+github.com/templexxx/cpu v0.1.1/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
+github.com/templexxx/xorsimd v0.4.3 h1:9AQTFHd7Bhk3dIT7Al2XeBX5DWOvsUPZCuhyAtNbHjU=
+github.com/templexxx/xorsimd v0.4.3/go.mod h1:oZQcD6RFDisW2Am58dSAGwwL6rHjbzrlu25VDqfWkQg=
github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -148,8 +148,8 @@ github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
-github.com/xtaci/kcp-go/v5 v5.6.8 h1:jlI/0jAyjoOjT/SaGB58s4bQMJiNS41A2RKzR6TMWeI=
-github.com/xtaci/kcp-go/v5 v5.6.8/go.mod h1:oE9j2NVqAkuKO5o8ByKGch3vgVX3BNf8zqP8JiGq0bM=
+github.com/xtaci/kcp-go/v5 v5.6.13 h1:FEjtz9+D4p8t2x4WjciGt/jsIuhlWjjgPCCWjrVR4Hk=
+github.com/xtaci/kcp-go/v5 v5.6.13/go.mod h1:75S1AKYYzNUSXIv30h+jPKJYZUwqpfvLshu63nCNSOM=
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37/go.mod h1:HpMP7DB2CyokmAh4lp0EQnnWhmycP/TvwBGzvuie+H0=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
diff --git a/package.sh b/package.sh
index df36108e..4699f599 100755
--- a/package.sh
+++ b/package.sh
@@ -18,7 +18,7 @@ rm -rf ./release/packages
mkdir -p ./release/packages
os_all='linux windows darwin freebsd android'
-arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64'
+arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64 loong64'
extra_all='_ hf'
cd ./release
diff --git a/pkg/config/v1/plugin.go b/pkg/config/v1/plugin.go
index 7ae4a4d4..cdf3cf26 100644
--- a/pkg/config/v1/plugin.go
+++ b/pkg/config/v1/plugin.go
@@ -83,6 +83,7 @@ const (
PluginSocks5 = "socks5"
PluginStaticFile = "static_file"
PluginUnixDomainSocket = "unix_domain_socket"
+ PluginTLS2Raw = "tls2raw"
)
var clientPluginOptionsTypeMap = map[string]reflect.Type{
@@ -94,6 +95,7 @@ var clientPluginOptionsTypeMap = map[string]reflect.Type{
PluginSocks5: reflect.TypeOf(Socks5PluginOptions{}),
PluginStaticFile: reflect.TypeOf(StaticFilePluginOptions{}),
PluginUnixDomainSocket: reflect.TypeOf(UnixDomainSocketPluginOptions{}),
+ PluginTLS2Raw: reflect.TypeOf(TLS2RawPluginOptions{}),
}
type HTTP2HTTPSPluginOptions struct {
@@ -174,3 +176,12 @@ type UnixDomainSocketPluginOptions struct {
}
func (o *UnixDomainSocketPluginOptions) Complete() {}
+
+type TLS2RawPluginOptions struct {
+ Type string `json:"type,omitempty"`
+ LocalAddr string `json:"localAddr,omitempty"`
+ CrtPath string `json:"crtPath,omitempty"`
+ KeyPath string `json:"keyPath,omitempty"`
+}
+
+func (o *TLS2RawPluginOptions) Complete() {}
diff --git a/pkg/config/v1/validation/plugin.go b/pkg/config/v1/validation/plugin.go
index 9c88d142..30a66d83 100644
--- a/pkg/config/v1/validation/plugin.go
+++ b/pkg/config/v1/validation/plugin.go
@@ -32,6 +32,8 @@ func ValidateClientPluginOptions(c v1.ClientPluginOptions) error {
return validateStaticFilePluginOptions(v)
case *v1.UnixDomainSocketPluginOptions:
return validateUnixDomainSocketPluginOptions(v)
+ case *v1.TLS2RawPluginOptions:
+ return validateTLS2RawPluginOptions(v)
}
return nil
}
@@ -70,3 +72,10 @@ func validateUnixDomainSocketPluginOptions(c *v1.UnixDomainSocketPluginOptions)
}
return nil
}
+
+func validateTLS2RawPluginOptions(c *v1.TLS2RawPluginOptions) error {
+ if c.LocalAddr == "" {
+ return errors.New("localAddr is required")
+ }
+ return nil
+}
diff --git a/pkg/plugin/client/http2http.go b/pkg/plugin/client/http2http.go
index 689b90b6..d7c4c7e4 100644
--- a/pkg/plugin/client/http2http.go
+++ b/pkg/plugin/client/http2http.go
@@ -12,9 +12,12 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+//go:build !frps
+
package plugin
import (
+ "context"
"io"
stdlog "log"
"net"
@@ -77,7 +80,7 @@ func NewHTTP2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
return p, nil
}
-func (p *HTTP2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (p *HTTP2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
_ = p.l.PutConn(wrapConn)
}
diff --git a/pkg/plugin/client/http2https.go b/pkg/plugin/client/http2https.go
index b9a799bb..66f90989 100644
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@@ -17,6 +17,7 @@
package plugin
import (
+ "context"
"crypto/tls"
"io"
stdlog "log"
@@ -88,7 +89,7 @@ func NewHTTP2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
return p, nil
}
-func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (p *HTTP2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
_ = p.l.PutConn(wrapConn)
}
diff --git a/pkg/plugin/client/http_proxy.go b/pkg/plugin/client/http_proxy.go
index ed8d97ec..b7491bd1 100644
--- a/pkg/plugin/client/http_proxy.go
+++ b/pkg/plugin/client/http_proxy.go
@@ -18,6 +18,7 @@ package plugin
import (
"bufio"
+ "context"
"encoding/base64"
"io"
"net"
@@ -68,7 +69,7 @@ func (hp *HTTPProxy) Name() string {
return v1.PluginHTTPProxy
}
-func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (hp *HTTPProxy) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
sc, rd := libnet.NewSharedConn(wrapConn)
diff --git a/pkg/plugin/client/https2http.go b/pkg/plugin/client/https2http.go
index 3bb12c22..9632a6fb 100644
--- a/pkg/plugin/client/https2http.go
+++ b/pkg/plugin/client/https2http.go
@@ -17,6 +17,7 @@
package plugin
import (
+ "context"
"crypto/tls"
"fmt"
"io"
@@ -85,16 +86,7 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
rp.ServeHTTP(w, r)
})
- var (
- tlsConfig *tls.Config
- err error
- )
- if opts.CrtPath != "" || opts.KeyPath != "" {
- tlsConfig, err = p.genTLSConfig()
- } else {
- tlsConfig, err = transport.NewServerTLSConfig("", "", "")
- tlsConfig.InsecureSkipVerify = true
- }
+ tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
if err != nil {
return nil, fmt.Errorf("gen TLS config error: %v", err)
}
@@ -114,17 +106,7 @@ func NewHTTPS2HTTPPlugin(options v1.ClientPluginOptions) (Plugin, error) {
return p, nil
}
-func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
- cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
- if err != nil {
- return nil, err
- }
-
- config := &tls.Config{Certificates: []tls.Certificate{cert}}
- return config, nil
-}
-
-func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
if extra.SrcAddr != nil {
wrapConn.SetRemoteAddr(extra.SrcAddr)
diff --git a/pkg/plugin/client/https2https.go b/pkg/plugin/client/https2https.go
index c315c8e3..8121e094 100644
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -17,6 +17,7 @@
package plugin
import (
+ "context"
"crypto/tls"
"fmt"
"io"
@@ -91,16 +92,7 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
rp.ServeHTTP(w, r)
})
- var (
- tlsConfig *tls.Config
- err error
- )
- if opts.CrtPath != "" || opts.KeyPath != "" {
- tlsConfig, err = p.genTLSConfig()
- } else {
- tlsConfig, err = transport.NewServerTLSConfig("", "", "")
- tlsConfig.InsecureSkipVerify = true
- }
+ tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
if err != nil {
return nil, fmt.Errorf("gen TLS config error: %v", err)
}
@@ -120,17 +112,7 @@ func NewHTTPS2HTTPSPlugin(options v1.ClientPluginOptions) (Plugin, error) {
return p, nil
}
-func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
- cert, err := tls.LoadX509KeyPair(p.opts.CrtPath, p.opts.KeyPath)
- if err != nil {
- return nil, err
- }
-
- config := &tls.Config{Certificates: []tls.Certificate{cert}}
- return config, nil
-}
-
-func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
+func (p *HTTPS2HTTPSPlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
if extra.SrcAddr != nil {
wrapConn.SetRemoteAddr(extra.SrcAddr)
diff --git a/pkg/plugin/client/plugin.go b/pkg/plugin/client/plugin.go
index 0e5548e9..3dce8592 100644
--- a/pkg/plugin/client/plugin.go
+++ b/pkg/plugin/client/plugin.go
@@ -15,6 +15,7 @@
package plugin
import (
+ "context"
"fmt"
"io"
"net"
@@ -57,7 +58,7 @@ type ExtraInfo struct {
type Plugin interface {
Name() string
- Handle(conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
+ Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, extra *ExtraInfo)
Close() error
}
diff --git a/pkg/plugin/client/socks5.go b/pkg/plugin/client/socks5.go
index a230bf55..7478ebe1 100644
--- a/pkg/plugin/client/socks5.go
+++ b/pkg/plugin/client/socks5.go
@@ -17,6 +17,7 @@
package plugin
import (
+ "context"
"io"
"log"
"net"
@@ -50,7 +51,7 @@ func NewSocks5Plugin(options v1.ClientPluginOptions) (p Plugin, err error) {
return
}
-func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *Socks5Plugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
defer conn.Close()
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
_ = sp.Server.ServeConn(wrapConn)
diff --git a/pkg/plugin/client/static_file.go b/pkg/plugin/client/static_file.go
index 49371020..02cb9930 100644
--- a/pkg/plugin/client/static_file.go
+++ b/pkg/plugin/client/static_file.go
@@ -17,6 +17,7 @@
package plugin
import (
+ "context"
"io"
"net"
"net/http"
@@ -69,7 +70,7 @@ func NewStaticFilePlugin(options v1.ClientPluginOptions) (Plugin, error) {
return sp, nil
}
-func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+func (sp *StaticFilePlugin) Handle(_ context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
_ = sp.l.PutConn(wrapConn)
}
diff --git a/pkg/plugin/client/tls2raw.go b/pkg/plugin/client/tls2raw.go
new file mode 100644
index 00000000..adcc7741
--- /dev/null
+++ b/pkg/plugin/client/tls2raw.go
@@ -0,0 +1,83 @@
+// Copyright 2024 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !frps
+
+package plugin
+
+import (
+ "context"
+ "crypto/tls"
+ "io"
+ "net"
+
+ libio "github.com/fatedier/golib/io"
+
+ v1 "github.com/fatedier/frp/pkg/config/v1"
+ "github.com/fatedier/frp/pkg/transport"
+ netpkg "github.com/fatedier/frp/pkg/util/net"
+ "github.com/fatedier/frp/pkg/util/xlog"
+)
+
+func init() {
+ Register(v1.PluginTLS2Raw, NewTLS2RawPlugin)
+}
+
+type TLS2RawPlugin struct {
+ opts *v1.TLS2RawPluginOptions
+
+ tlsConfig *tls.Config
+}
+
+func NewTLS2RawPlugin(options v1.ClientPluginOptions) (Plugin, error) {
+ opts := options.(*v1.TLS2RawPluginOptions)
+
+ p := &TLS2RawPlugin{
+ opts: opts,
+ }
+
+ tlsConfig, err := transport.NewServerTLSConfig(p.opts.CrtPath, p.opts.KeyPath, "")
+ if err != nil {
+ return nil, err
+ }
+ p.tlsConfig = tlsConfig
+ return p, nil
+}
+
+func (p *TLS2RawPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, realConn net.Conn, _ *ExtraInfo) {
+ xl := xlog.FromContextSafe(ctx)
+
+ wrapConn := netpkg.WrapReadWriteCloserToConn(conn, realConn)
+ tlsConn := tls.Server(wrapConn, p.tlsConfig)
+
+ if err := tlsConn.Handshake(); err != nil {
+ xl.Warnf("tls handshake error: %v", err)
+ return
+ }
+ rawConn, err := net.Dial("tcp", p.opts.LocalAddr)
+ if err != nil {
+ xl.Warnf("dial to local addr error: %v", err)
+ return
+ }
+
+ libio.Join(tlsConn, rawConn)
+}
+
+func (p *TLS2RawPlugin) Name() string {
+ return v1.PluginTLS2Raw
+}
+
+func (p *TLS2RawPlugin) Close() error {
+ return nil
+}
diff --git a/pkg/plugin/client/unix_domain_socket.go b/pkg/plugin/client/unix_domain_socket.go
index df68ffb4..b6aa6075 100644
--- a/pkg/plugin/client/unix_domain_socket.go
+++ b/pkg/plugin/client/unix_domain_socket.go
@@ -17,12 +17,14 @@
package plugin
import (
+ "context"
"io"
"net"
libio "github.com/fatedier/golib/io"
v1 "github.com/fatedier/frp/pkg/config/v1"
+ "github.com/fatedier/frp/pkg/util/xlog"
)
func init() {
@@ -48,9 +50,11 @@ func NewUnixDomainSocketPlugin(options v1.ClientPluginOptions) (p Plugin, err er
return
}
-func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
+func (uds *UnixDomainSocketPlugin) Handle(ctx context.Context, conn io.ReadWriteCloser, _ net.Conn, extra *ExtraInfo) {
+ xl := xlog.FromContextSafe(ctx)
localConn, err := net.DialUnix("unix", nil, uds.UnixAddr)
if err != nil {
+ xl.Warnf("dial to uds %s error: %v", uds.UnixAddr, err)
return
}
if extra.ProxyProtocolHeader != nil {
diff --git a/pkg/sdk/client/client.go b/pkg/sdk/client/client.go
index 57bf7746..13713e27 100644
--- a/pkg/sdk/client/client.go
+++ b/pkg/sdk/client/client.go
@@ -1,6 +1,7 @@
package client
import (
+ "context"
"encoding/json"
"fmt"
"io"
@@ -31,8 +32,8 @@ func (c *Client) SetAuth(user, pwd string) {
c.authPwd = pwd
}
-func (c *Client) GetProxyStatus(name string) (*client.ProxyStatusResp, error) {
- req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
+func (c *Client) GetProxyStatus(ctx context.Context, name string) (*client.ProxyStatusResp, error) {
+ req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
if err != nil {
return nil, err
}
@@ -54,8 +55,8 @@ func (c *Client) GetProxyStatus(name string) (*client.ProxyStatusResp, error) {
return nil, fmt.Errorf("no proxy status found")
}
-func (c *Client) GetAllProxyStatus() (client.StatusResp, error) {
- req, err := http.NewRequest("GET", "http://"+c.address+"/api/status", nil)
+func (c *Client) GetAllProxyStatus(ctx context.Context) (client.StatusResp, error) {
+ req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/status", nil)
if err != nil {
return nil, err
}
@@ -70,7 +71,7 @@ func (c *Client) GetAllProxyStatus() (client.StatusResp, error) {
return allStatus, nil
}
-func (c *Client) Reload(strictMode bool) error {
+func (c *Client) Reload(ctx context.Context, strictMode bool) error {
v := url.Values{}
if strictMode {
v.Set("strictConfig", "true")
@@ -79,7 +80,7 @@ func (c *Client) Reload(strictMode bool) error {
if len(v) > 0 {
queryStr = "?" + v.Encode()
}
- req, err := http.NewRequest("GET", "http://"+c.address+"/api/reload"+queryStr, nil)
+ req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/reload"+queryStr, nil)
if err != nil {
return err
}
@@ -87,8 +88,8 @@ func (c *Client) Reload(strictMode bool) error {
return err
}
-func (c *Client) Stop() error {
- req, err := http.NewRequest("POST", "http://"+c.address+"/api/stop", nil)
+func (c *Client) Stop(ctx context.Context) error {
+ req, err := http.NewRequestWithContext(ctx, "POST", "http://"+c.address+"/api/stop", nil)
if err != nil {
return err
}
@@ -96,16 +97,16 @@ func (c *Client) Stop() error {
return err
}
-func (c *Client) GetConfig() (string, error) {
- req, err := http.NewRequest("GET", "http://"+c.address+"/api/config", nil)
+func (c *Client) GetConfig(ctx context.Context) (string, error) {
+ req, err := http.NewRequestWithContext(ctx, "GET", "http://"+c.address+"/api/config", nil)
if err != nil {
return "", err
}
return c.do(req)
}
-func (c *Client) UpdateConfig(content string) error {
- req, err := http.NewRequest("PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
+func (c *Client) UpdateConfig(ctx context.Context, content string) error {
+ req, err := http.NewRequestWithContext(ctx, "PUT", "http://"+c.address+"/api/config", strings.NewReader(content))
if err != nil {
return err
}
diff --git a/pkg/util/version/version.go b/pkg/util/version/version.go
index 561a52e7..a60d71d2 100644
--- a/pkg/util/version/version.go
+++ b/pkg/util/version/version.go
@@ -14,7 +14,7 @@
package version
-var version = "0.59.0"
+var version = "0.60.0"
func Full() string {
return version
diff --git a/test/e2e/legacy/basic/client.go b/test/e2e/legacy/basic/client.go
index 98f675b8..daed8b22 100644
--- a/test/e2e/legacy/basic/client.go
+++ b/test/e2e/legacy/basic/client.go
@@ -1,6 +1,7 @@
package basic
import (
+ "context"
"fmt"
"strconv"
"strings"
@@ -54,7 +55,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
framework.NewRequestExpect(f).Port(p3Port).Ensure()
client := f.APIClientForFrpc(adminPort)
- conf, err := client.GetConfig()
+ conf, err := client.GetConfig(context.Background())
framework.ExpectNoError(err)
newP2Port := f.AllocPort()
@@ -65,10 +66,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
newClientConf = newClientConf[:p3Index]
}
- err = client.UpdateConfig(newClientConf)
+ err = client.UpdateConfig(context.Background(), newClientConf)
framework.ExpectNoError(err)
- err = client.Reload(true)
+ err = client.Reload(context.Background(), true)
framework.ExpectNoError(err)
time.Sleep(time.Second)
@@ -120,7 +121,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
framework.NewRequestExpect(f).Port(testPort).Ensure()
client := f.APIClientForFrpc(adminPort)
- err := client.Stop()
+ err := client.Stop(context.Background())
framework.ExpectNoError(err)
time.Sleep(3 * time.Second)
diff --git a/test/e2e/legacy/basic/server.go b/test/e2e/legacy/basic/server.go
index 62bfd62a..4399439d 100644
--- a/test/e2e/legacy/basic/server.go
+++ b/test/e2e/legacy/basic/server.go
@@ -1,6 +1,7 @@
package basic
import (
+ "context"
"fmt"
"net"
"strconv"
@@ -101,7 +102,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
client := f.APIClientForFrpc(adminPort)
// tcp random port
- status, err := client.GetProxyStatus("tcp")
+ status, err := client.GetProxyStatus(context.Background(), "tcp")
framework.ExpectNoError(err)
_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -112,7 +113,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
framework.NewRequestExpect(f).Port(port).Ensure()
// udp random port
- status, err = client.GetProxyStatus("udp")
+ status, err = client.GetProxyStatus(context.Background(), "udp")
framework.ExpectNoError(err)
_, portStr, err = net.SplitHostPort(status.RemoteAddr)
diff --git a/test/e2e/v1/basic/client.go b/test/e2e/v1/basic/client.go
index ef5e262f..fd269d75 100644
--- a/test/e2e/v1/basic/client.go
+++ b/test/e2e/v1/basic/client.go
@@ -1,6 +1,7 @@
package basic
import (
+ "context"
"fmt"
"strconv"
"strings"
@@ -57,7 +58,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
framework.NewRequestExpect(f).Port(p3Port).Ensure()
client := f.APIClientForFrpc(adminPort)
- conf, err := client.GetConfig()
+ conf, err := client.GetConfig(context.Background())
framework.ExpectNoError(err)
newP2Port := f.AllocPort()
@@ -68,10 +69,10 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
newClientConf = newClientConf[:p3Index]
}
- err = client.UpdateConfig(newClientConf)
+ err = client.UpdateConfig(context.Background(), newClientConf)
framework.ExpectNoError(err)
- err = client.Reload(true)
+ err = client.Reload(context.Background(), true)
framework.ExpectNoError(err)
time.Sleep(time.Second)
@@ -124,7 +125,7 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
framework.NewRequestExpect(f).Port(testPort).Ensure()
client := f.APIClientForFrpc(adminPort)
- err := client.Stop()
+ err := client.Stop(context.Background())
framework.ExpectNoError(err)
time.Sleep(3 * time.Second)
diff --git a/test/e2e/v1/basic/config.go b/test/e2e/v1/basic/config.go
index 7dc3cedb..314e7fc4 100644
--- a/test/e2e/v1/basic/config.go
+++ b/test/e2e/v1/basic/config.go
@@ -1,6 +1,7 @@
package basic
import (
+ "context"
"fmt"
"github.com/onsi/ginkgo/v2"
@@ -72,7 +73,7 @@ var _ = ginkgo.Describe("[Feature: Config]", func() {
client := f.APIClientForFrpc(adminPort)
checkProxyFn := func(name string, localPort, remotePort int) {
- status, err := client.GetProxyStatus(name)
+ status, err := client.GetProxyStatus(context.Background(), name)
framework.ExpectNoError(err)
framework.ExpectContainSubstring(status.LocalAddr, fmt.Sprintf(":%d", localPort))
diff --git a/test/e2e/v1/basic/server.go b/test/e2e/v1/basic/server.go
index fe8af4d1..a3fe5992 100644
--- a/test/e2e/v1/basic/server.go
+++ b/test/e2e/v1/basic/server.go
@@ -1,6 +1,7 @@
package basic
import (
+ "context"
"fmt"
"net"
"strconv"
@@ -112,7 +113,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
client := f.APIClientForFrpc(adminPort)
// tcp random port
- status, err := client.GetProxyStatus("tcp")
+ status, err := client.GetProxyStatus(context.Background(), "tcp")
framework.ExpectNoError(err)
_, portStr, err := net.SplitHostPort(status.RemoteAddr)
@@ -123,7 +124,7 @@ var _ = ginkgo.Describe("[Feature: Server Manager]", func() {
framework.NewRequestExpect(f).Port(port).Ensure()
// udp random port
- status, err = client.GetProxyStatus("udp")
+ status, err = client.GetProxyStatus(context.Background(), "udp")
framework.ExpectNoError(err)
_, portStr, err = net.SplitHostPort(status.RemoteAddr)
diff --git a/test/e2e/v1/plugin/client.go b/test/e2e/v1/plugin/client.go
index 3499e882..73e2d863 100644
--- a/test/e2e/v1/plugin/client.go
+++ b/test/e2e/v1/plugin/client.go
@@ -402,4 +402,50 @@ var _ = ginkgo.Describe("[Feature: Client-Plugins]", func() {
Ensure()
})
})
+
+ ginkgo.It("tls2raw", func() {
+ generator := &cert.SelfSignedCertGenerator{}
+ artifacts, err := generator.Generate("example.com")
+ framework.ExpectNoError(err)
+ crtPath := f.WriteTempFile("tls2raw_server.crt", string(artifacts.Cert))
+ keyPath := f.WriteTempFile("tls2raw_server.key", string(artifacts.Key))
+
+ serverConf := consts.DefaultServerConfig
+ vhostHTTPSPort := f.AllocPort()
+ serverConf += fmt.Sprintf(`
+ vhostHTTPSPort = %d
+ `, vhostHTTPSPort)
+
+ localPort := f.AllocPort()
+ clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
+ [[proxies]]
+ name = "tls2raw-test"
+ type = "https"
+ customDomains = ["example.com"]
+ [proxies.plugin]
+ type = "tls2raw"
+ localAddr = "127.0.0.1:%d"
+ crtPath = "%s"
+ keyPath = "%s"
+ `, localPort, crtPath, keyPath)
+
+ f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+ localServer := httpserver.New(
+ httpserver.WithBindPort(localPort),
+ httpserver.WithResponse([]byte("test")),
+ )
+ f.RunServer("", localServer)
+
+ framework.NewRequestExpect(f).
+ Port(vhostHTTPSPort).
+ RequestModify(func(r *request.Request) {
+ r.HTTPS().HTTPHost("example.com").TLSConfig(&tls.Config{
+ ServerName: "example.com",
+ InsecureSkipVerify: true,
+ })
+ }).
+ ExpectResp([]byte("test")).
+ Ensure()
+ })
})