Merge pull request #3574 from fatedier/dev

release v0.51.3
support go1.21 (#3573 )
2025-07-29 09:18:11 +00:00 · 2023-08-14 11:59:09 +08:00 · 2023-08-14 11:10:38 +08:00 · 2023-07-25 21:35:08 +08:00 · 2023-07-25 21:31:26 +08:00 · 2023-07-25 15:12:40 +08:00
60 changed files with 671 additions and 1055 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -2,7 +2,7 @@ version: 2
 jobs:
  go-version-latest:
    docker:
-      - image: cimg/go:1.20-node
+      - image: cimg/go:1.21-node
    resource_class: large
    steps:
      - checkout
@@ -10,7 +10,7 @@ jobs:
      - run: make alltest
  go-version-last:
    docker:
-      - image: cimg/go:1.19-node
+      - image: cimg/go:1.20-node
    resource_class: large
    steps:
      - checkout
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +1,4 @@
 # These are supported funding model platforms

 github: [fatedier]
+custom: ["https://afdian.net/a/fatedier"]
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -4,7 +4,3 @@ copilot:summary

 ### WHY
 <!-- author to complete -->
-
-### Walkthrough
-
-copilot:walkthrough
--- a/.github/workflows/build-and-push-image.yml
+++ b/.github/workflows/build-and-push-image.yml
@@ -61,7 +61,7 @@ jobs:
          echo "TAG_FRPS_GPR=ghcr.io/fatedier/frps:${{ env.TAG_NAME }}" >> $GITHUB_ENV

      - name: Build and push frpc
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./dockerfiles/Dockerfile-for-frpc
@@ -72,7 +72,7 @@ jobs:
            ${{ env.TAG_FRPC_GPR }}

      - name: Build and push frps
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./dockerfiles/Dockerfile-for-frps
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -14,15 +14,15 @@ jobs:
    name: lint
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
        with:
-          go-version: '1.20'
+          go-version: '1.21'
      - uses: actions/checkout@v3
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: v1.51
+          version: v1.53

          # Optional: golangci-lint command line arguments.
          # args: --issues-exit-code=0
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -13,18 +13,18 @@ jobs:
          fetch-depth: 0

      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
        with:
-          go-version: '1.20'
+          go-version: '1.21'
          
      - name: Make All
        run: |
          ./package.sh

      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v4
        with:
          version: latest
-          args: release --rm-dist --release-notes=./Release.md
+          args: release --clean --release-notes=./Release.md
        env:
          GITHUB_TOKEN: ${{ secrets.GPR_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -18,7 +18,7 @@ jobs:
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/stale@v6
+    - uses: actions/stale@v8
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        stale-issue-message: 'Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.'
--- a/README.md
+++ b/README.md
@@ -25,9 +25,11 @@ frp also offers a P2P connect mode.
 <!-- vim-markdown-toc GFM -->

 * [Development Status](#development-status)
+    * [About V2](#about-v2)
 * [Architecture](#architecture)
 * [Example Usage](#example-usage)
    * [Access your computer in a LAN network via SSH](#access-your-computer-in-a-lan-network-via-ssh)
+    * [Multiple SSH services sharing the same port](#multiple-ssh-services-sharing-the-same-port)
    * [Accessing Internal Web Services with Custom Domains in LAN](#accessing-internal-web-services-with-custom-domains-in-lan)
    * [Forward DNS query requests](#forward-dns-query-requests)
    * [Forward Unix Domain Socket](#forward-unix-domain-socket)
@@ -89,6 +91,20 @@ We are currently working on version 2 and attempting to perform some code refact

 We will transition from version 0 to version 1 at the appropriate time and will only accept bug fixes and improvements, rather than big feature requests.

+### About V2
+
+The overall situation is currently unfavorable, and there is significant pressure in both personal and professional aspects.
+
+The complexity and difficulty of the v2 version are much higher than anticipated. I can only work on its development during fragmented time periods, and the constant interruptions disrupt productivity significantly. Given this situation, we will continue to optimize and iterate on the current version until we have more free time to proceed with the major version overhaul.
+
+The concept behind v2 is based on my years of experience and reflection in the cloud-native domain, particularly in K8s and ServiceMesh. Its core is a modernized four-layer and seven-layer proxy, similar to envoy. This proxy itself is highly scalable, not only capable of implementing the functionality of intranet penetration but also applicable to various other domains. Building upon this highly scalable core, we aim to implement all the capabilities of frp v1 while also addressing the functionalities that were previously unachievable or difficult to implement in an elegant manner. Furthermore, we will maintain efficient development and iteration capabilities.
+
+In addition, I envision frp itself becoming a highly extensible system and platform, similar to how we can provide a range of extension capabilities based on K8s. In K8s, we can customize development according to enterprise needs, utilizing features such as CRD, controller mode, webhook, CSI, and CNI. In frp v1, we introduced the concept of server plugins, which implemented some basic extensibility. However, it relies on a simple HTTP protocol and requires users to start independent processes and manage them on their own. This approach is far from flexible and convenient, and real-world demands vary greatly. It is unrealistic to expect a non-profit open-source project maintained by a few individuals to meet everyone's needs.
+
+Finally, we acknowledge that the current design of modules such as configuration management, permission verification, certificate management, and API management is not modern enough. While we may carry out some optimizations in the v1 version, ensuring compatibility remains a challenging issue that requires a considerable amount of effort to address.
+
+We sincerely appreciate your support for frp.
+
 ## Architecture

 ![architecture](/doc/pic/architecture.png)
@@ -140,6 +156,56 @@ Note that the `local_port` (listened on the client) and `remote_port` (exposed o

  `ssh -oPort=6000 test@x.x.x.x`

+### Multiple SSH services sharing the same port
+
+This example implements multiple SSH services exposed through the same port using a proxy of type tcpmux. Similarly, as long as the client supports the HTTP Connect proxy connection method, port reuse can be achieved in this way.
+
+1. Deploy frps on a machine with a public IP and modify the frps.ini file. Here is a simplified configuration:
+
+  ```ini
+  [common]
+  bind_port = 7000
+  tcpmux_httpconnect_port = 5002
+  ```
+
+2. Deploy frpc on the internal machine A with the following configuration:
+
+  ```ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [ssh1]
+  type = tcpmux
+  multiplexer = httpconnect
+  custom_domains = machine-a.example.com
+  local_ip = 127.0.0.1
+  local_port = 22
+  ```
+
+3. Deploy another frpc on the internal machine B with the following configuration:
+
+  ```ini
+  [common]
+  server_addr = x.x.x.x
+  server_port = 7000
+
+  [ssh2]
+  type = tcpmux
+  multiplexer = httpconnect
+  custom_domains = machine-b.example.com
+  local_ip = 127.0.0.1
+  local_port = 22
+  ```
+
+4. To access internal machine A using SSH ProxyCommand, assuming the username is "test":
+
+  `ssh -o 'proxycommand socat - PROXY:x.x.x.x:machine-a.example.com:22,proxyport=5002' test@machine-a`
+
+5. To access internal machine B, the only difference is the domain name, assuming the username is "test":
+
+  `ssh -o 'proxycommand socat - PROXY:x.x.x.x:machine-b.example.com:22,proxyport=5002' test@machine-b`
+
 ### Accessing Internal Web Services with Custom Domains in LAN

 Sometimes we need to expose a local web service behind a NAT network to others for testing purposes with our own domain name.
@@ -155,6 +221,8 @@ Unfortunately, we cannot resolve a domain name to a local IP. However, we can us
  vhost_http_port = 8080
  ```

+  If you want to configure an https proxy, you need to set up the `vhost_https_port`.
+
 2. Start `frps`:

  `./frps -c ./frps.ini`
@@ -280,6 +348,7 @@ You may substitute `https2https` for the plugin, and point the `plugin_local_add
  [common]
  server_addr = x.x.x.x
  server_port = 7000
+  vhost_https_port = 443

  [test_https2http]
  type = https
--- a/README_zh.md
+++ b/README_zh.md
@@ -5,7 +5,7 @@

 [README](README.md) | [中文文档](README_zh.md)

-frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。
+frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议，且支持 P2P 通信。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。

 <h3 align="center">Gold Sponsors</h3>
 <!--gold sponsors start-->
@@ -20,12 +20,13 @@ frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP

 通过在具有公网 IP 的节点上部署 frp 服务端，可以轻松地将内网服务穿透到公网，同时提供诸多专业的功能特性，这包括：

-* 客户端服务端通信支持 TCP、KCP 以及 Websocket 等多种协议。
-* 采用 TCP 连接流式复用，在单个连接间承载更多请求，节省连接建立时间。
+* 客户端服务端通信支持 TCP、QUIC、KCP 以及 Websocket 等多种协议。
+* 采用 TCP 连接流式复用，在单个连接间承载更多请求，节省连接建立时间，降低请求延迟。
 * 代理组间的负载均衡。
 * 端口复用，多个服务通过同一个服务端端口暴露。
-* 多个原生支持的客户端插件（静态文件查看，HTTP、SOCK5 代理等），便于独立使用 frp 客户端完成某些工作。
-* 高度扩展性的服务端插件系统，方便结合自身需求进行功能扩展。
+* 支持 P2P 通信，流量不经过服务器中转，充分利用带宽资源。
+* 多个原生支持的客户端插件（静态文件查看，HTTPS/HTTP 协议转换，HTTP、SOCK5 代理等），便于独立使用 frp 客户端完成某些工作。
+* 高度扩展性的服务端插件系统，易于结合自身需求进行功能扩展。
 * 服务端和客户端 UI 页面。

 ## 开发状态
@@ -34,10 +35,24 @@ frp 目前已被很多公司广泛用于测试、生产环境。

 master 分支用于发布稳定版本，dev 分支用于开发，您可以尝试下载最新的 release 版本进行测试。

-我们正在进行 v2 大版本的开发，将会尝试在各个方面进行重构和升级，且不会与 v1 版本进行兼容，预计会持续一段时间。
+我们正在进行 v2 大版本的开发，将会尝试在各个方面进行重构和升级，且不会与 v1 版本进行兼容，预计会持续较长的一段时间。

 现在的 v0 版本将会在合适的时间切换为 v1 版本并且保证兼容性，后续只做 bug 修复和优化，不再进行大的功能性更新。

+### 关于 v2 的一些说明
+
+当前整体形势不佳，面临的生活工作压力很大。
+
+v2 版本的复杂度和难度比我们预期的要高得多。我只能利用零散的时间进行开发，而且由于上下文经常被打断，效率极低。由于这种情况可能会持续一段时间，我们仍然会在当前版本上进行一些优化和迭代，直到我们有更多空闲时间来推进大版本的重构。
+
+v2 的构想是基于我多年在云原生领域，特别是在 K8s 和 ServiceMesh 方面的工作经验和思考。它的核心是一个现代化的四层和七层代理，类似于 envoy。这个代理本身高度可扩展，不仅可以用于实现内网穿透的功能，还可以应用于更多领域。在这个高度可扩展的内核基础上，我们将实现 frp v1 中的所有功能，并且能够以一种更加优雅的方式实现原先架构中无法实现或不易实现的功能。同时，我们将保持高效的开发和迭代能力。
+
+除此之外，我希望 frp 本身也成为一个高度可扩展的系统和平台，就像我们可以基于 K8s 提供一系列扩展能力一样。在 K8s 上，我们可以根据企业需求进行定制化开发，例如使用 CRD、controller 模式、webhook、CSI 和 CNI 等。在 frp v1 中，我们引入了服务端插件的概念，实现了一些简单的扩展性。但是，它实际上依赖于简单的 HTTP 协议，并且需要用户自己启动独立的进程和管理。这种方式远远不够灵活和方便，而且现实世界的需求千差万别，我们不能期望一个由少数人维护的非营利性开源项目能够满足所有人的需求。
+
+最后，我们意识到像配置管理、权限验证、证书管理和管理 API 等模块的当前设计并不够现代化。尽管我们可能在 v1 版本中进行一些优化，但确保兼容性是一个令人头疼的问题，需要投入大量精力来解决。
+
+非常感谢您对 frp 的支持。
+
 ## 文档

 完整文档已经迁移至 [https://gofrp.org](https://gofrp.org/docs)。
@@ -55,19 +70,23 @@ frp 是一个免费且开源的项目，我们欢迎任何人为其开发和进

 **提醒：和项目相关的问题最好在 [issues](https://github.com/fatedier/frp/issues) 中反馈，这样方便其他有类似问题的人可以快速查找解决方法，并且也避免了我们重复回答一些问题。**

-## 捐助
+## 赞助

 如果您觉得 frp 对你有帮助，欢迎给予我们一定的捐助来维持项目的长期发展。

-### GitHub Sponsors
+### Sponsors
+
+长期赞助可以帮助我们保持项目的持续发展。

 您可以通过 [GitHub Sponsors](https://github.com/sponsors/fatedier) 赞助我们。

+国内用户可以通过 [爱发电](https://afdian.net/a/fatedier) 赞助我们。
+
 企业赞助者可以将贵公司的 Logo 以及链接放置在项目 README 文件中。

 ### 知识星球

-如果您想学习 frp 相关的知识和技术，或者寻求任何帮助及咨询，都可以通过微信扫描下方的二维码付费加入知识星球的官方社群：
+如果您想了解更多 frp 相关技术以及更新详解，或者寻求任何帮助及咨询，都可以通过微信扫描下方的二维码付费加入知识星球的官方社群：

 ![zsxq](/doc/pic/zsxq.jpg)

--- a/Release.md
+++ b/Release.md
@@ -1,18 +1,3 @@
-## Notes
-
-**For enhanced security, the default values for `tls_enable` and `disable_custom_tls_first_byte` have been set to true.**
-
-If you wish to revert to the previous default values, you need to manually set the values of these two parameters to false.
-
 ### Features

-* Added support for `allow_users` in stcp, sudp, xtcp. By default, only the same user is allowed to access. Use `*` to allow access from any user. The visitor configuration now supports `server_user` to connect to proxies of other users.
-* Added fallback support to a specified alternative visitor when xtcp connection fails.
-
-### Improvements
-
-* Increased the default value of `MaxStreamWindowSize` for yamux to 6MB, improving traffic forwarding rate in high-latency scenarios.
-
-### Fixes
-
-* Fixed an issue where having proxies with the same name would cause previously working proxies to become ineffective in `xtcp`.
+* Support Go 1.21.
--- a/client/admin.go
+++ b/client/admin.go
@@ -52,6 +52,7 @@ func (svr *Service) RunAdminServer(address string) (err error) {

 	// api, see admin_api.go
 	subRouter.HandleFunc("/api/reload", svr.apiReload).Methods("GET")
+	subRouter.HandleFunc("/api/stop", svr.apiStop).Methods("POST")
 	subRouter.HandleFunc("/api/status", svr.apiStatus).Methods("GET")
 	subRouter.HandleFunc("/api/config", svr.apiGetConfig).Methods("GET")
 	subRouter.HandleFunc("/api/config", svr.apiPutConfig).Methods("PUT")
--- a/client/admin_api.go
+++ b/client/admin_api.go
@@ -24,6 +24,7 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/samber/lo"

@@ -38,12 +39,12 @@ type GeneralResponse struct {
 }

 // /healthz
-func (svr *Service) healthz(w http.ResponseWriter, r *http.Request) {
+func (svr *Service) healthz(w http.ResponseWriter, _ *http.Request) {
 	w.WriteHeader(200)
 }

-// GET api/reload
-func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
+// GET /api/reload
+func (svr *Service) apiReload(w http.ResponseWriter, _ *http.Request) {
 	res := GeneralResponse{Code: 200}

 	log.Info("api request [/api/reload]")
@@ -72,6 +73,22 @@ func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
 	log.Info("success reload conf")
 }

+// POST /api/stop
+func (svr *Service) apiStop(w http.ResponseWriter, _ *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("api request [/api/stop]")
+	defer func() {
+		log.Info("api response [/api/stop], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			_, _ = w.Write([]byte(res.Msg))
+		}
+	}()
+
+	go svr.GracefulClose(100 * time.Millisecond)
+}
+
 type StatusResp map[string][]ProxyStatusResp

 type ProxyStatusResp struct {
@@ -106,8 +123,8 @@ func NewProxyStatusResp(status *proxy.WorkingStatus, serverAddr string) ProxySta
 	return psr
 }

-// GET api/status
-func (svr *Service) apiStatus(w http.ResponseWriter, r *http.Request) {
+// GET /api/status
+func (svr *Service) apiStatus(w http.ResponseWriter, _ *http.Request) {
 	var (
 		buf []byte
 		res StatusResp = make(map[string][]ProxyStatusResp)
@@ -135,8 +152,8 @@ func (svr *Service) apiStatus(w http.ResponseWriter, r *http.Request) {
 	}
 }

-// GET api/config
-func (svr *Service) apiGetConfig(w http.ResponseWriter, r *http.Request) {
+// GET /api/config
+func (svr *Service) apiGetConfig(w http.ResponseWriter, _ *http.Request) {
 	res := GeneralResponse{Code: 200}

 	log.Info("Http get request [/api/config]")
@@ -175,7 +192,7 @@ func (svr *Service) apiGetConfig(w http.ResponseWriter, r *http.Request) {
 	res.Msg = strings.Join(newRows, "\n")
 }

-// PUT api/config
+// PUT /api/config
 func (svr *Service) apiPutConfig(w http.ResponseWriter, r *http.Request) {
 	res := GeneralResponse{Code: 200}

--- a/client/control.go
+++ b/client/control.go
@@ -124,7 +124,7 @@ func (ctl *Control) Run() {
 	go ctl.vm.Run()
 }

-func (ctl *Control) HandleReqWorkConn(inMsg *msg.ReqWorkConn) {
+func (ctl *Control) HandleReqWorkConn(_ *msg.ReqWorkConn) {
 	xl := ctl.xl
 	workConn, err := ctl.connectServer()
 	if err != nil {
--- a/client/proxy/general_tcp.go
+++ b/client/proxy/general_tcp.go
@@ -40,7 +40,7 @@ type GeneralTCPProxy struct {
 	*BaseProxy
 }

-func NewGeneralTCPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+func NewGeneralTCPProxy(baseProxy *BaseProxy, _ config.ProxyConf) Proxy {
 	return &GeneralTCPProxy{
 		BaseProxy: baseProxy,
 	}
--- a/client/proxy/proxy.go
+++ b/client/proxy/proxy.go
@@ -142,8 +142,9 @@ func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWor
 			return
 		}
 	}
+	var compressionResourceRecycleFn func()
 	if baseConfig.UseCompression {
-		remote = libio.WithCompression(remote)
+		remote, compressionResourceRecycleFn = libio.WithCompressionFromPool(remote)
 	}

 	// check if we need to send proxy protocol info
@@ -213,4 +214,7 @@ func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWor
 	if len(errs) > 0 {
 		xl.Trace("join connections errors: %v", errs)
 	}
+	if compressionResourceRecycleFn != nil {
+		compressionResourceRecycleFn()
+	}
 }
--- a/client/proxy/sudp.go
+++ b/client/proxy/sudp.go
@@ -77,7 +77,7 @@ func (pxy *SUDPProxy) Close() {
 	}
 }

-func (pxy *SUDPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+func (pxy *SUDPProxy) InWorkConn(conn net.Conn, _ *msg.StartWorkConn) {
 	xl := pxy.xl
 	xl.Info("incoming a new work connection for sudp proxy, %s", conn.RemoteAddr().String())

--- a/client/proxy/udp.go
+++ b/client/proxy/udp.go
@@ -86,7 +86,7 @@ func (pxy *UDPProxy) Close() {
 	}
 }

-func (pxy *UDPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+func (pxy *UDPProxy) InWorkConn(conn net.Conn, _ *msg.StartWorkConn) {
 	xl := pxy.xl
 	xl.Info("incoming a new work connection for udp proxy, %s", conn.RemoteAddr().String())
 	// close resources releated with old workConn
--- a/client/service.go
+++ b/client/service.go
@@ -86,16 +86,14 @@ func NewService(
 	visitorCfgs map[string]config.VisitorConf,
 	cfgFile string,
 ) (svr *Service, err error) {
-	ctx, cancel := context.WithCancel(context.Background())
 	svr = &Service{
 		authSetter:  auth.NewAuthSetter(cfg.ClientConfig),
 		cfg:         cfg,
 		cfgFile:     cfgFile,
 		pxyCfgs:     pxyCfgs,
 		visitorCfgs: visitorCfgs,
+		ctx:         context.Background(),
 		exit:        0,
-		ctx:         xlog.NewContext(ctx, xlog.New()),
-		cancel:      cancel,
 	}
 	return
 }
@@ -106,7 +104,11 @@ func (svr *Service) GetController() *Control {
 	return svr.ctl
 }

-func (svr *Service) Run() error {
+func (svr *Service) Run(ctx context.Context) error {
+	ctx, cancel := context.WithCancel(ctx)
+	svr.ctx = xlog.NewContext(ctx, xlog.New())
+	svr.cancel = cancel
+
 	xl := xlog.FromContextSafe(svr.ctx)

 	// set custom DNSServer
@@ -135,7 +137,7 @@ func (svr *Service) Run() error {
 			if svr.cfg.LoginFailExit {
 				return err
 			}
-			util.RandomSleep(10*time.Second, 0.9, 1.1)
+			util.RandomSleep(5*time.Second, 0.9, 1.1)
 		} else {
 			// login success
 			ctl := NewControl(svr.ctx, svr.runID, conn, cm, svr.cfg, svr.pxyCfgs, svr.visitorCfgs, svr.authSetter)
@@ -161,6 +163,10 @@ func (svr *Service) Run() error {
 		log.Info("admin server listen on %s:%d", svr.cfg.AdminAddr, svr.cfg.AdminPort)
 	}
 	<-svr.ctx.Done()
+	// service context may not be canceled by svr.Close(), we should call it here to release resources
+	if atomic.LoadUint32(&svr.exit) == 0 {
+		svr.Close()
+	}
 	return nil
 }

@@ -182,7 +188,7 @@ func (svr *Service) keepControllerWorking() {
 			return
 		}

-		// the first three retry with no delay
+		// the first three attempts with a low delay
 		if reconnectCounts > 3 {
 			util.RandomSleep(reconnectDelay, 0.9, 1.1)
 			xl.Info("wait %v to reconnect", reconnectDelay)
@@ -322,10 +328,13 @@ func (svr *Service) GracefulClose(d time.Duration) {
 	svr.ctlMu.RLock()
 	if svr.ctl != nil {
 		svr.ctl.GracefulClose(d)
+		svr.ctl = nil
 	}
 	svr.ctlMu.RUnlock()

-	svr.cancel()
+	if svr.cancel != nil {
+		svr.cancel()
+	}
 }

 type ConnectionManager struct {
@@ -369,7 +378,7 @@ func (cm *ConnectionManager) OpenConnection() error {
 		}
 		tlsConfig.NextProtos = []string{"frp"}

-		conn, err := quic.DialAddrContext(
+		conn, err := quic.DialAddr(
 			cm.ctx,
 			net.JoinHostPort(cm.cfg.ServerAddr, strconv.Itoa(cm.cfg.ServerPort)),
 			tlsConfig, &quic.Config{
@@ -427,7 +436,11 @@ func (cm *ConnectionManager) realConnect() (net.Conn, error) {
 	xl := xlog.FromContextSafe(cm.ctx)
 	var tlsConfig *tls.Config
 	var err error
-	if cm.cfg.TLSEnable {
+	tlsEnable := cm.cfg.TLSEnable
+	if cm.cfg.Protocol == "wss" {
+		tlsEnable = true
+	}
+	if tlsEnable {
 		sn := cm.cfg.TLSServerName
 		if sn == "" {
 			sn = cm.cfg.ServerAddr
@@ -451,10 +464,23 @@ func (cm *ConnectionManager) realConnect() (net.Conn, error) {
 	}
 	dialOptions := []libdial.DialOption{}
 	protocol := cm.cfg.Protocol
-	if protocol == "websocket" {
+	switch protocol {
+	case "websocket":
 		protocol = "tcp"
-		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{Hook: utilnet.DialHookWebsocket()}))
+		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{Hook: utilnet.DialHookWebsocket(protocol, "")}))
+		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{
+			Hook: utilnet.DialHookCustomTLSHeadByte(tlsConfig != nil, cm.cfg.DisableCustomTLSFirstByte),
+		}))
+		dialOptions = append(dialOptions, libdial.WithTLSConfig(tlsConfig))
+	case "wss":
+		protocol = "tcp"
+		dialOptions = append(dialOptions, libdial.WithTLSConfigAndPriority(100, tlsConfig))
+		// Make sure that if it is wss, the websocket hook is executed after the tls hook.
+		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{Hook: utilnet.DialHookWebsocket(protocol, tlsConfig.ServerName), Priority: 110}))
+	default:
+		dialOptions = append(dialOptions, libdial.WithTLSConfig(tlsConfig))
 	}
+
 	if cm.cfg.ConnectServerLocalIP != "" {
 		dialOptions = append(dialOptions, libdial.WithLocalAddr(cm.cfg.ConnectServerLocalIP))
 	}
@@ -464,10 +490,6 @@ func (cm *ConnectionManager) realConnect() (net.Conn, error) {
 		libdial.WithKeepAlive(time.Duration(cm.cfg.DialServerKeepAlive)*time.Second),
 		libdial.WithProxy(proxyType, addr),
 		libdial.WithProxyAuth(auth),
-		libdial.WithTLSConfig(tlsConfig),
-		libdial.WithAfterHook(libdial.AfterHook{
-			Hook: utilnet.DialHookCustomTLSHeadByte(tlsConfig != nil, cm.cfg.DisableCustomTLSFirstByte),
-		}),
 	)
 	conn, err := libdial.DialContext(
 		cm.ctx,
--- a/client/visitor/stcp.go
+++ b/client/visitor/stcp.go
@@ -126,7 +126,9 @@ func (sv *STCPVisitor) handleConn(userConn net.Conn) {
 	}

 	if sv.cfg.UseCompression {
-		remote = libio.WithCompression(remote)
+		var recycleFn func()
+		remote, recycleFn = libio.WithCompressionFromPool(remote)
+		defer recycleFn()
 	}

 	libio.Join(userConn, remote)
--- a/client/visitor/xtcp.go
+++ b/client/visitor/xtcp.go
@@ -200,7 +200,9 @@ func (sv *XTCPVisitor) handleConn(userConn net.Conn) {
 		}
 	}
 	if sv.cfg.UseCompression {
-		muxConnRWCloser = libio.WithCompression(muxConnRWCloser)
+		var recycleFn func()
+		muxConnRWCloser, recycleFn = libio.WithCompressionFromPool(muxConnRWCloser)
+		defer recycleFn()
 	}

 	_, _, errs := libio.Join(userConn, muxConnRWCloser)
@@ -368,7 +370,7 @@ func (ks *KCPTunnelSession) Init(listenConn *net.UDPConn, raddr *net.UDPAddr) er
 	return nil
 }

-func (ks *KCPTunnelSession) OpenConn(ctx context.Context) (net.Conn, error) {
+func (ks *KCPTunnelSession) OpenConn(_ context.Context) (net.Conn, error) {
 	ks.mu.RLock()
 	defer ks.mu.RUnlock()
 	session := ks.session
@@ -411,7 +413,7 @@ func (qs *QUICTunnelSession) Init(listenConn *net.UDPConn, raddr *net.UDPAddr) e
 		return fmt.Errorf("create tls config error: %v", err)
 	}
 	tlsConfig.NextProtos = []string{"frp"}
-	quicConn, err := quic.Dial(listenConn, raddr, raddr.String(), tlsConfig,
+	quicConn, err := quic.Dial(context.Background(), listenConn, raddr, tlsConfig,
 		&quic.Config{
 			MaxIdleTimeout:     time.Duration(qs.clientCfg.QUICMaxIdleTimeout) * time.Second,
 			MaxIncomingStreams: int64(qs.clientCfg.QUICMaxIncomingStreams),
--- a/cmd/frpc/sub/root.go
+++ b/cmd/frpc/sub/root.go
@@ -15,6 +15,7 @@
 package sub

 import (
+	"context"
 	"fmt"
 	"io/fs"
 	"net"
@@ -76,7 +77,8 @@ var (
 	bindAddr           string
 	bindPort           int

-	tlsEnable bool
+	tlsEnable     bool
+	tlsServerName string
 )

 func init() {
@@ -88,13 +90,14 @@ func init() {
 func RegisterCommonFlags(cmd *cobra.Command) {
 	cmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
 	cmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
-	cmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	cmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp, kcp, quic, websocket, wss")
 	cmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
 	cmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
 	cmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
 	cmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
 	cmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
 	cmd.PersistentFlags().BoolVarP(&tlsEnable, "tls_enable", "", true, "enable frpc tls")
+	cmd.PersistentFlags().StringVarP(&tlsServerName, "tls_server_name", "", "", "specify the custom server name of tls certificate")
 	cmd.PersistentFlags().StringVarP(&dnsServer, "dns_server", "", "", "specify dns server instead of using system default one")
 }

@@ -150,12 +153,11 @@ func Execute() {
 	}
 }

-func handleSignal(svr *client.Service, doneCh chan struct{}) {
+func handleTermSignal(svr *client.Service) {
 	ch := make(chan os.Signal, 1)
 	signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
 	<-ch
 	svr.GracefulClose(500 * time.Millisecond)
-	close(doneCh)
 }

 func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
@@ -186,6 +188,7 @@ func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
 	cfg.ClientConfig = auth.GetDefaultClientConf()
 	cfg.Token = token
 	cfg.TLSEnable = tlsEnable
+	cfg.TLSServerName = tlsServerName

 	cfg.Complete()
 	if err = cfg.Validate(); err != nil {
@@ -223,16 +226,12 @@ func startService(
 		return
 	}

-	closedDoneCh := make(chan struct{})
 	shouldGracefulClose := cfg.Protocol == "kcp" || cfg.Protocol == "quic"
 	// Capture the exit signal if we use kcp or quic.
 	if shouldGracefulClose {
-		go handleSignal(svr, closedDoneCh)
+		go handleTermSignal(svr)
 	}

-	err = svr.Run()
-	if err == nil && shouldGracefulClose {
-		<-closedDoneCh
-	}
+	_ = svr.Run(context.Background())
 	return
 }
--- a/cmd/frpc/sub/stop.go
+++ b/cmd/frpc/sub/stop.go
@@ -0,0 +1,84 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	rootCmd.AddCommand(stopCmd)
+}
+
+var stopCmd = &cobra.Command{
+	Use:   "stop",
+	Short: "Stop the running frpc",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		err = stopClient(cfg)
+		if err != nil {
+			fmt.Printf("frpc stop error: %v\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("stop success\n")
+		return nil
+	},
+}
+
+func stopClient(clientCfg config.ClientCommonConf) error {
+	if clientCfg.AdminPort == 0 {
+		return fmt.Errorf("admin_port shoud be set if you want to use stop feature")
+	}
+
+	req, err := http.NewRequest("POST", "http://"+
+		clientCfg.AdminAddr+":"+fmt.Sprintf("%d", clientCfg.AdminPort)+"/api/stop", nil)
+	if err != nil {
+		return err
+	}
+
+	authStr := "Basic " + base64.StdEncoding.EncodeToString([]byte(clientCfg.AdminUser+":"+
+		clientCfg.AdminPwd))
+
+	req.Header.Add("Authorization", authStr)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == 200 {
+		return nil
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	return fmt.Errorf("code [%d], %s", resp.StatusCode, strings.TrimSpace(string(body)))
+}
--- a/cmd/frps/root.go
+++ b/cmd/frps/root.go
@@ -15,6 +15,7 @@
 package main

 import (
+	"context"
 	"fmt"
 	"os"

@@ -210,6 +211,6 @@ func runServer(cfg config.ServerCommonConf) (err error) {
 		return err
 	}
 	log.Info("frps started successfully")
-	svr.Run()
+	svr.Run(context.Background())
 	return
 }
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@@ -95,7 +95,7 @@ user = your_name
 login_fail_exit = true

 # communication protocol used to connect to server
-# supports tcp, kcp, quic and websocket now, default is tcp
+# supports tcp, kcp, quic, websocket and wss now, default is tcp
 protocol = tcp

 # set client binding ip when connect server, default is empty.
--- a/dockerfiles/Dockerfile-for-frpc
+++ b/dockerfiles/Dockerfile-for-frpc
@@ -1,4 +1,4 @@
-FROM golang:1.20 AS building
+FROM golang:1.21 AS building

 COPY . /building
 WORKDIR /building
--- a/dockerfiles/Dockerfile-for-frps
+++ b/dockerfiles/Dockerfile-for-frps
@@ -1,4 +1,4 @@
-FROM golang:1.20 AS building
+FROM golang:1.21 AS building

 COPY . /building
 WORKDIR /building
--- a/go.mod
+++ b/go.mod
@@ -4,74 +4,81 @@ go 1.20

 require (
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
-	github.com/coreos/go-oidc/v3 v3.4.0
+	github.com/coreos/go-oidc/v3 v3.6.0
 	github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb
-	github.com/fatedier/golib v0.1.1-0.20230320133937-a7edcc8c793d
+	github.com/fatedier/golib v0.1.1-0.20230725122706-dcbaee8eef40
 	github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible
-	github.com/go-playground/validator/v10 v10.11.0
+	github.com/go-playground/validator/v10 v10.14.1
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/hashicorp/yamux v0.1.1
-	github.com/onsi/ginkgo/v2 v2.8.3
-	github.com/onsi/gomega v1.27.0
-	github.com/pion/stun v0.4.0
-	github.com/pires/go-proxyproto v0.6.2
-	github.com/prometheus/client_golang v1.13.0
-	github.com/quic-go/quic-go v0.34.0
-	github.com/rodaine/table v1.0.1
+	github.com/onsi/ginkgo/v2 v2.11.0
+	github.com/onsi/gomega v1.27.8
+	github.com/pion/stun v0.6.1
+	github.com/pires/go-proxyproto v0.7.0
+	github.com/prometheus/client_golang v1.16.0
+	github.com/quic-go/quic-go v0.37.4
+	github.com/rodaine/table v1.1.0
 	github.com/samber/lo v1.38.1
-	github.com/spf13/cobra v1.1.3
-	github.com/stretchr/testify v1.8.1
-	golang.org/x/net v0.7.0
-	golang.org/x/oauth2 v0.3.0
-	golang.org/x/sync v0.1.0
-	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
+	github.com/spf13/cobra v1.7.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/net v0.12.0
+	golang.org/x/oauth2 v0.10.0
+	golang.org/x/sync v0.3.0
+	golang.org/x/time v0.3.0
 	gopkg.in/ini.v1 v1.67.0
-	k8s.io/apimachinery v0.26.1
-	k8s.io/client-go v0.26.1
+	k8s.io/apimachinery v0.27.4
+	k8s.io/client-go v0.27.4
 )

 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/mock v1.6.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golang/snappy v0.0.3 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.6 // indirect
 	github.com/klauspost/reedsolomon v1.9.15 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/pion/transport/v2 v2.0.0 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/pion/dtls/v2 v2.2.7 // indirect
+	github.com/pion/logging v0.2.2 // indirect
+	github.com/pion/transport/v2 v2.2.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
-	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/quic-go/qtls-go1-20 v0.3.1 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect
 	github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	golang.org/x/crypto v0.4.0 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
-	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/tools v0.9.3 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
+	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
 )
+
+// TODO(fatedier): Temporary use the modified version, update to the official version after merging into the official repository.
+replace github.com/hashicorp/yamux => github.com/fatedier/yamux v0.0.0-20230628132301-7aca4898904d
--- a/go.sum
+++ b/go.sum
--- a/pkg/config/client.go
+++ b/pkg/config/client.go
@@ -20,6 +20,7 @@ import (
 	"path/filepath"
 	"strings"

+	"github.com/samber/lo"
 	"gopkg.in/ini.v1"

 	"github.com/fatedier/frp/pkg/auth"
@@ -117,7 +118,7 @@ type ClientCommonConf struct {
 	Start []string `ini:"start" json:"start"`
 	// Start map[string]struct{} `json:"start"`
 	// Protocol specifies the protocol to use when interacting with the server.
-	// Valid values are "tcp", "kcp", "quic" and "websocket". By default, this value
+	// Valid values are "tcp", "kcp", "quic", "websocket" and "wss". By default, this value
 	// is "tcp".
 	Protocol string `ini:"protocol" json:"protocol"`
 	// QUIC protocol options
@@ -230,7 +231,7 @@ func (cfg *ClientCommonConf) Validate() error {
 		}
 	}

-	if cfg.Protocol != "tcp" && cfg.Protocol != "kcp" && cfg.Protocol != "websocket" && cfg.Protocol != "quic" {
+	if !lo.Contains([]string{"tcp", "kcp", "quic", "websocket", "wss"}, cfg.Protocol) {
 		return fmt.Errorf("invalid protocol")
 	}

--- a/pkg/config/proxy.go
+++ b/pkg/config/proxy.go
@@ -527,11 +527,8 @@ func (cfg *TCPProxyConf) ValidateForClient() (err error) {
 	return
 }

-func (cfg *TCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
-	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
-		return err
-	}
-	return nil
+func (cfg *TCPProxyConf) ValidateForServer(_ ServerCommonConf) error {
+	return cfg.BaseProxyConf.validateForServer()
 }

 // TCPMux
@@ -644,11 +641,8 @@ func (cfg *UDPProxyConf) ValidateForClient() (err error) {
 	return
 }

-func (cfg *UDPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
-	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
-		return err
-	}
-	return nil
+func (cfg *UDPProxyConf) ValidateForServer(_ ServerCommonConf) error {
+	return cfg.BaseProxyConf.validateForServer()
 }

 // HTTP
@@ -821,11 +815,8 @@ func (cfg *SUDPProxyConf) ValidateForClient() (err error) {
 	return nil
 }

-func (cfg *SUDPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
-	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
-		return err
-	}
-	return nil
+func (cfg *SUDPProxyConf) ValidateForServer(_ ServerCommonConf) error {
+	return cfg.BaseProxyConf.validateForServer()
 }

 // STCP
@@ -875,11 +866,8 @@ func (cfg *STCPProxyConf) ValidateForClient() (err error) {
 	return
 }

-func (cfg *STCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
-	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
-		return err
-	}
-	return nil
+func (cfg *STCPProxyConf) ValidateForServer(_ ServerCommonConf) error {
+	return cfg.BaseProxyConf.validateForServer()
 }

 // XTCP
@@ -928,9 +916,6 @@ func (cfg *XTCPProxyConf) ValidateForClient() (err error) {
 	return
 }

-func (cfg *XTCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
-	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
-		return err
-	}
-	return nil
+func (cfg *XTCPProxyConf) ValidateForServer(_ ServerCommonConf) error {
+	return cfg.BaseProxyConf.validateForServer()
 }
--- a/pkg/config/proxy_test.go
+++ b/pkg/config/proxy_test.go
@@ -35,7 +35,7 @@ var (
 	testProxyPrefix = "test."
 )

-func Test_Proxy_Interface(t *testing.T) {
+func Test_Proxy_Interface(_ *testing.T) {
 	for name := range proxyConfTypeMap {
 		NewConfByType(name)
 	}
--- a/pkg/config/visitor_test.go
+++ b/pkg/config/visitor_test.go
@@ -25,7 +25,7 @@ import (

 const testVisitorPrefix = "test."

-func Test_Visitor_Interface(t *testing.T) {
+func Test_Visitor_Interface(_ *testing.T) {
 	for name := range visitorConfTypeMap {
 		DefaultVisitorConf(name)
 	}
--- a/pkg/metrics/mem/server.go
+++ b/pkg/metrics/mem/server.go
@@ -129,7 +129,7 @@ func (m *serverMetrics) CloseProxy(name string, proxyType string) {
 	}
 }

-func (m *serverMetrics) OpenConnection(name string, proxyType string) {
+func (m *serverMetrics) OpenConnection(name string, _ string) {
 	m.info.CurConns.Inc(1)

 	m.mu.Lock()
@@ -141,7 +141,7 @@ func (m *serverMetrics) OpenConnection(name string, proxyType string) {
 	}
 }

-func (m *serverMetrics) CloseConnection(name string, proxyType string) {
+func (m *serverMetrics) CloseConnection(name string, _ string) {
 	m.info.CurConns.Dec(1)

 	m.mu.Lock()
@@ -153,7 +153,7 @@ func (m *serverMetrics) CloseConnection(name string, proxyType string) {
 	}
 }

-func (m *serverMetrics) AddTrafficIn(name string, proxyType string, trafficBytes int64) {
+func (m *serverMetrics) AddTrafficIn(name string, _ string, trafficBytes int64) {
 	m.info.TotalTrafficIn.Inc(trafficBytes)

 	m.mu.Lock()
@@ -166,7 +166,7 @@ func (m *serverMetrics) AddTrafficIn(name string, proxyType string, trafficBytes
 	}
 }

-func (m *serverMetrics) AddTrafficOut(name string, proxyType string, trafficBytes int64) {
+func (m *serverMetrics) AddTrafficOut(name string, _ string, trafficBytes int64) {
 	m.info.TotalTrafficOut.Inc(trafficBytes)

 	m.mu.Lock()
--- a/pkg/metrics/prometheus/server.go
+++ b/pkg/metrics/prometheus/server.go
@@ -29,11 +29,11 @@ func (m *serverMetrics) CloseClient() {
 	m.clientCount.Dec()
 }

-func (m *serverMetrics) NewProxy(name string, proxyType string) {
+func (m *serverMetrics) NewProxy(_ string, proxyType string) {
 	m.proxyCount.WithLabelValues(proxyType).Inc()
 }

-func (m *serverMetrics) CloseProxy(name string, proxyType string) {
+func (m *serverMetrics) CloseProxy(_ string, proxyType string) {
 	m.proxyCount.WithLabelValues(proxyType).Dec()
 }

--- a/pkg/nathole/utils.go
+++ b/pkg/nathole/utils.go
@@ -45,10 +45,7 @@ func DecodeMessageInto(data, key []byte, m msg.Message) error {
 		return err
 	}

-	if err := msg.ReadMsgInto(bytes.NewReader(buf), m); err != nil {
-		return err
-	}
-	return nil
+	return msg.ReadMsgInto(bytes.NewReader(buf), m)
 }

 type ChangedAddress struct {
--- a/pkg/plugin/client/http2https.go
+++ b/pkg/plugin/client/http2https.go
@@ -97,7 +97,7 @@ func NewHTTP2HTTPSPlugin(params map[string]string) (Plugin, error) {
 	return p, nil
 }

-func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (p *HTTP2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
@@ -107,8 +107,5 @@ func (p *HTTP2HTTPSPlugin) Name() string {
 }

 func (p *HTTP2HTTPSPlugin) Close() error {
-	if err := p.s.Close(); err != nil {
-		return err
-	}
-	return nil
+	return p.s.Close()
 }
--- a/pkg/plugin/client/http_proxy.go
+++ b/pkg/plugin/client/http_proxy.go
@@ -68,7 +68,7 @@ func (hp *HTTPProxy) Name() string {
 	return PluginHTTPProxy
 }

-func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (hp *HTTPProxy) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)

 	sc, rd := libnet.NewSharedConn(wrapConn)
--- a/pkg/plugin/client/https2http.go
+++ b/pkg/plugin/client/https2http.go
@@ -122,7 +122,7 @@ func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
 	return config, nil
 }

-func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (p *HTTPS2HTTPPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
@@ -132,8 +132,5 @@ func (p *HTTPS2HTTPPlugin) Name() string {
 }

 func (p *HTTPS2HTTPPlugin) Close() error {
-	if err := p.s.Close(); err != nil {
-		return err
-	}
-	return nil
+	return p.s.Close()
 }
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -127,7 +127,7 @@ func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
 	return config, nil
 }

-func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (p *HTTPS2HTTPSPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)
 	_ = p.l.PutConn(wrapConn)
 }
@@ -137,8 +137,5 @@ func (p *HTTPS2HTTPSPlugin) Name() string {
 }

 func (p *HTTPS2HTTPSPlugin) Close() error {
-	if err := p.s.Close(); err != nil {
-		return err
-	}
-	return nil
+	return p.s.Close()
 }
--- a/pkg/plugin/client/socks5.go
+++ b/pkg/plugin/client/socks5.go
@@ -50,7 +50,7 @@ func NewSocks5Plugin(params map[string]string) (p Plugin, err error) {
 	return
 }

-func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (sp *Socks5Plugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	defer conn.Close()
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.Server.ServeConn(wrapConn)
--- a/pkg/plugin/client/static_file.go
+++ b/pkg/plugin/client/static_file.go
@@ -76,7 +76,7 @@ func NewStaticFilePlugin(params map[string]string) (Plugin, error) {
 	return sp, nil
 }

-func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (sp *StaticFilePlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, _ []byte) {
 	wrapConn := utilnet.WrapReadWriteCloserToConn(conn, realConn)
 	_ = sp.l.PutConn(wrapConn)
 }
--- a/pkg/plugin/client/unix_domain_socket.go
+++ b/pkg/plugin/client/unix_domain_socket.go
@@ -51,7 +51,7 @@ func NewUnixDomainSocketPlugin(params map[string]string) (p Plugin, err error) {
 	return
 }

-func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, realConn net.Conn, extraBufToLocal []byte) {
+func (uds *UnixDomainSocketPlugin) Handle(conn io.ReadWriteCloser, _ net.Conn, extraBufToLocal []byte) {
 	localConn, err := net.DialUnix("unix", nil, uds.UnixAddr)
 	if err != nil {
 		return
--- a/pkg/plugin/server/http.go
+++ b/pkg/plugin/server/http.go
@@ -120,8 +120,5 @@ func (p *httpPlugin) do(ctx context.Context, r *Request, res *Response) error {
 	if err != nil {
 		return err
 	}
-	if err = json.Unmarshal(buf, res); err != nil {
-		return err
-	}
-	return nil
+	return json.Unmarshal(buf, res)
 }
--- a/pkg/transport/tls.go
+++ b/pkg/transport/tls.go
@@ -103,9 +103,7 @@ func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
 func NewClientTLSConfig(certPath, keyPath, caPath, serverName string) (*tls.Config, error) {
 	base := &tls.Config{}

-	if certPath == "" || keyPath == "" {
-		// client will not generate tls conf by itself
-	} else {
+	if certPath != "" && keyPath != "" {
 		cert, err := newCustomTLSKeyPair(certPath, keyPath)
 		if err != nil {
 			return nil, err
--- a/pkg/util/net/dial.go
+++ b/pkg/util/net/dial.go
@@ -21,9 +21,15 @@ func DialHookCustomTLSHeadByte(enableTLS bool, disableCustomTLSHeadByte bool) li
 	}
 }

-func DialHookWebsocket() libdial.AfterHookFunc {
+func DialHookWebsocket(protocol string, host string) libdial.AfterHookFunc {
 	return func(ctx context.Context, c net.Conn, addr string) (context.Context, net.Conn, error) {
-		addr = "ws://" + addr + FrpWebsocketPath
+		if protocol != "wss" {
+			protocol = "ws"
+		}
+		if host == "" {
+			host = addr
+		}
+		addr = protocol + "://" + host + FrpWebsocketPath
 		uri, err := url.Parse(addr)
 		if err != nil {
 			return nil, nil, err
--- a/pkg/util/net/udp.go
+++ b/pkg/util/net/udp.go
@@ -140,15 +140,15 @@ func (c *FakeUDPConn) RemoteAddr() net.Addr {
 	return c.remoteAddr
 }

-func (c *FakeUDPConn) SetDeadline(t time.Time) error {
+func (c *FakeUDPConn) SetDeadline(_ time.Time) error {
 	return nil
 }

-func (c *FakeUDPConn) SetReadDeadline(t time.Time) error {
+func (c *FakeUDPConn) SetReadDeadline(_ time.Time) error {
 	return nil
 }

-func (c *FakeUDPConn) SetWriteDeadline(t time.Time) error {
+func (c *FakeUDPConn) SetWriteDeadline(_ time.Time) error {
 	return nil
 }

@@ -263,4 +263,4 @@ func (l *UDPListener) Addr() net.Addr {
 type ConnectedUDPConn struct{ *net.UDPConn }

 // WriteTo redirects all writes to the Write syscall, which is 4 times faster.
-func (c *ConnectedUDPConn) WriteTo(b []byte, addr net.Addr) (int, error) { return c.Write(b) }
+func (c *ConnectedUDPConn) WriteTo(b []byte, _ net.Addr) (int, error) { return c.Write(b) }
--- a/pkg/util/tcpmux/httpconnect.go
+++ b/pkg/util/tcpmux/httpconnect.go
@@ -66,7 +66,7 @@ func (muxer *HTTPConnectTCPMuxer) readHTTPConnectRequest(rd io.Reader) (host, ht
 	return
 }

-func (muxer *HTTPConnectTCPMuxer) sendConnectResponse(c net.Conn, reqInfo map[string]string) error {
+func (muxer *HTTPConnectTCPMuxer) sendConnectResponse(c net.Conn, _ map[string]string) error {
 	if muxer.passthrough {
 		return nil
 	}
--- a/pkg/util/version/version.go
+++ b/pkg/util/version/version.go
@@ -19,7 +19,7 @@ import (
 	"strings"
 )

-var version = "0.50.0"
+var version = "0.51.3"

 func Full() string {
 	return version
--- a/pkg/util/vhost/https.go
+++ b/pkg/util/vhost/https.go
@@ -74,10 +74,10 @@ type readOnlyConn struct {
 }

 func (conn readOnlyConn) Read(p []byte) (int, error)         { return conn.reader.Read(p) }
-func (conn readOnlyConn) Write(p []byte) (int, error)        { return 0, io.ErrClosedPipe }
+func (conn readOnlyConn) Write(_ []byte) (int, error)        { return 0, io.ErrClosedPipe }
 func (conn readOnlyConn) Close() error                       { return nil }
 func (conn readOnlyConn) LocalAddr() net.Addr                { return nil }
 func (conn readOnlyConn) RemoteAddr() net.Addr               { return nil }
-func (conn readOnlyConn) SetDeadline(t time.Time) error      { return nil }
-func (conn readOnlyConn) SetReadDeadline(t time.Time) error  { return nil }
-func (conn readOnlyConn) SetWriteDeadline(t time.Time) error { return nil }
+func (conn readOnlyConn) SetDeadline(_ time.Time) error      { return nil }
+func (conn readOnlyConn) SetReadDeadline(_ time.Time) error  { return nil }
+func (conn readOnlyConn) SetWriteDeadline(_ time.Time) error { return nil }
--- a/server/control.go
+++ b/server/control.go
@@ -29,7 +29,6 @@ import (

 	"github.com/fatedier/frp/pkg/auth"
 	"github.com/fatedier/frp/pkg/config"
-	"github.com/fatedier/frp/pkg/consts"
 	pkgerr "github.com/fatedier/frp/pkg/errors"
 	"github.com/fatedier/frp/pkg/msg"
 	plugin "github.com/fatedier/frp/pkg/plugin/server"
@@ -55,13 +54,14 @@ func NewControlManager() *ControlManager {
 	}
 }

-func (cm *ControlManager) Add(runID string, ctl *Control) (oldCtl *Control) {
+func (cm *ControlManager) Add(runID string, ctl *Control) (old *Control) {
 	cm.mu.Lock()
 	defer cm.mu.Unlock()

-	oldCtl, ok := cm.ctlsByRunID[runID]
+	var ok bool
+	old, ok = cm.ctlsByRunID[runID]
 	if ok {
-		oldCtl.Replaced(ctl)
+		old.Replaced(ctl)
 	}
 	cm.ctlsByRunID[runID] = ctl
 	return
@@ -141,14 +141,13 @@ type Control struct {
 	// replace old controller instantly.
 	runID string

-	// control status
-	status string
-
 	readerShutdown  *shutdown.Shutdown
 	writerShutdown  *shutdown.Shutdown
 	managerShutdown *shutdown.Shutdown
 	allShutdown     *shutdown.Shutdown

+	started bool
+
 	mu sync.RWMutex

 	// Server configuration information
@@ -187,7 +186,6 @@ func NewControl(
 		portsUsedNum:    0,
 		lastPing:        time.Now(),
 		runID:           loginMsg.RunID,
-		status:          consts.Working,
 		readerShutdown:  shutdown.New(),
 		writerShutdown:  shutdown.New(),
 		managerShutdown: shutdown.New(),
@@ -208,11 +206,19 @@ func (ctl *Control) Start() {
 		Error:   "",
 	}
 	_ = msg.WriteMsg(ctl.conn, loginRespMsg)
+	ctl.mu.Lock()
+	ctl.started = true
+	ctl.mu.Unlock()

 	go ctl.writer()
-	for i := 0; i < ctl.poolCount; i++ {
-		ctl.sendCh <- &msg.ReqWorkConn{}
-	}
+	go func() {
+		for i := 0; i < ctl.poolCount; i++ {
+			// ignore error here, that means that this control is closed
+			_ = errors.PanicToError(func() {
+				ctl.sendCh <- &msg.ReqWorkConn{}
+			})
+		}
+	}()

 	go ctl.manager()
 	go ctl.reader()
@@ -418,6 +424,14 @@ func (ctl *Control) stoper() {

 // block until Control closed
 func (ctl *Control) WaitClosed() {
+	ctl.mu.RLock()
+	started := ctl.started
+	ctl.mu.RUnlock()
+
+	if !started {
+		ctl.allShutdown.Done()
+		return
+	}
 	ctl.allShutdown.WaitDone()
 }

@@ -434,10 +448,9 @@ func (ctl *Control) manager() {
 	defer ctl.managerShutdown.Done()

 	var heartbeatCh <-chan time.Time
-	if ctl.serverCfg.TCPMux || ctl.serverCfg.HeartbeatTimeout <= 0 {
-		// Don't need application heartbeat here.
-		// yamux will do same thing.
-	} else {
+	// Don't need application heartbeat if TCPMux is enabled,
+	// yamux will do same thing.
+	if !ctl.serverCfg.TCPMux && ctl.serverCfg.HeartbeatTimeout > 0 {
 		heartbeat := time.NewTicker(time.Second)
 		defer heartbeat.Stop()
 		heartbeatCh = heartbeat.C
--- a/server/dashboard_api.go
+++ b/server/dashboard_api.go
@@ -55,11 +55,11 @@ type serverInfoResp struct {
 }

 // /healthz
-func (svr *Service) Healthz(w http.ResponseWriter, r *http.Request) {
+func (svr *Service) Healthz(w http.ResponseWriter, _ *http.Request) {
 	w.WriteHeader(200)
 }

-// api/serverinfo
+// /api/serverinfo
 func (svr *Service) APIServerInfo(w http.ResponseWriter, r *http.Request) {
 	res := GeneralResponse{Code: 200}
 	defer func() {
@@ -176,7 +176,7 @@ type GetProxyInfoResp struct {
 	Proxies []*ProxyStatsInfo `json:"proxies"`
 }

-// api/proxy/:type
+// /api/proxy/:type
 func (svr *Service) APIProxyByType(w http.ResponseWriter, r *http.Request) {
 	res := GeneralResponse{Code: 200}
 	params := mux.Vars(r)
@@ -244,7 +244,7 @@ type GetProxyStatsResp struct {
 	Status          string      `json:"status"`
 }

-// api/proxy/:type/:name
+// /api/proxy/:type/:name
 func (svr *Service) APIProxyByTypeAndName(w http.ResponseWriter, r *http.Request) {
 	res := GeneralResponse{Code: 200}
 	params := mux.Vars(r)
@@ -307,7 +307,7 @@ func (svr *Service) getProxyStatsByTypeAndName(proxyType string, proxyName strin
 	return
 }

-// api/traffic/:name
+// /api/traffic/:name
 type GetProxyTrafficResp struct {
 	Name       string  `json:"name"`
 	TrafficIn  []int64 `json:"traffic_in"`
--- a/server/group/http.go
+++ b/server/group/http.go
@@ -43,7 +43,7 @@ func (ctl *HTTPGroupController) Register(
 	return g.Register(proxyName, group, groupKey, routeConfig)
 }

-func (ctl *HTTPGroupController) UnRegister(proxyName, group string, routeConfig vhost.RouteConfig) {
+func (ctl *HTTPGroupController) UnRegister(proxyName, group string, _ vhost.RouteConfig) {
 	indexKey := group
 	ctl.mu.Lock()
 	defer ctl.mu.Unlock()
--- a/server/metrics/metrics.go
+++ b/server/metrics/metrics.go
@@ -27,11 +27,11 @@ func Register(m ServerMetrics) {

 type noopServerMetrics struct{}

-func (noopServerMetrics) NewClient()                                                      {}
-func (noopServerMetrics) CloseClient()                                                    {}
-func (noopServerMetrics) NewProxy(name string, proxyType string)                          {}
-func (noopServerMetrics) CloseProxy(name string, proxyType string)                        {}
-func (noopServerMetrics) OpenConnection(name string, proxyType string)                    {}
-func (noopServerMetrics) CloseConnection(name string, proxyType string)                   {}
-func (noopServerMetrics) AddTrafficIn(name string, proxyType string, trafficBytes int64)  {}
-func (noopServerMetrics) AddTrafficOut(name string, proxyType string, trafficBytes int64) {}
+func (noopServerMetrics) NewClient()                          {}
+func (noopServerMetrics) CloseClient()                        {}
+func (noopServerMetrics) NewProxy(string, string)             {}
+func (noopServerMetrics) CloseProxy(string, string)           {}
+func (noopServerMetrics) OpenConnection(string, string)       {}
+func (noopServerMetrics) CloseConnection(string, string)      {}
+func (noopServerMetrics) AddTrafficIn(string, string, int64)  {}
+func (noopServerMetrics) AddTrafficOut(string, string, int64) {}
--- a/server/proxy/proxy.go
+++ b/server/proxy/proxy.go
@@ -241,7 +241,9 @@ func (pxy *BaseProxy) handleUserTCPConnection(userConn net.Conn) {
 		}
 	}
 	if cfg.UseCompression {
-		local = libio.WithCompression(local)
+		var recycleFn func()
+		local, recycleFn = libio.WithCompressionFromPool(local)
+		defer recycleFn()
 	}

 	if pxy.GetLimiter() != nil {
--- a/server/service.go
+++ b/server/service.go
@@ -70,7 +70,7 @@ type Service struct {
 	kcpListener net.Listener

 	// Accept connections using quic
-	quicListener quic.Listener
+	quicListener *quic.Listener

 	// Accept connections using websocket
 	websocketListener net.Listener
@@ -115,7 +115,6 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 		return
 	}

-	ctx, cancel := context.WithCancel(context.Background())
 	svr = &Service{
 		ctlManager:    NewControlManager(),
 		pxyManager:    proxy.NewManager(),
@@ -129,8 +128,7 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 		authVerifier:    auth.NewAuthVerifier(cfg.ServerConfig),
 		tlsConfig:       tlsConfig,
 		cfg:             cfg,
-		ctx:             ctx,
-		cancel:          cancel,
+		ctx:             context.Background(),
 	}

 	// Create tcpmux httpconnect multiplexer.
@@ -329,7 +327,11 @@ func NewService(cfg config.ServerCommonConf) (svr *Service, err error) {
 	return
 }

-func (svr *Service) Run() {
+func (svr *Service) Run(ctx context.Context) {
+	ctx, cancel := context.WithCancel(ctx)
+	svr.ctx = ctx
+	svr.cancel = cancel
+
 	if svr.kcpListener != nil {
 		go svr.HandleListener(svr.kcpListener)
 	}
@@ -343,27 +345,39 @@ func (svr *Service) Run() {
 		go svr.rc.NatHoleController.CleanWorker(svr.ctx)
 	}
 	svr.HandleListener(svr.listener)
+
+	<-svr.ctx.Done()
+	// service context may not be canceled by svr.Close(), we should call it here to release resources
+	if svr.listener != nil {
+		svr.Close()
+	}
 }

 func (svr *Service) Close() error {
 	if svr.kcpListener != nil {
 		svr.kcpListener.Close()
+		svr.kcpListener = nil
 	}
 	if svr.quicListener != nil {
 		svr.quicListener.Close()
+		svr.quicListener = nil
 	}
 	if svr.websocketListener != nil {
 		svr.websocketListener.Close()
+		svr.websocketListener = nil
 	}
 	if svr.tlsListener != nil {
 		svr.tlsListener.Close()
+		svr.tlsConfig = nil
 	}
 	if svr.listener != nil {
 		svr.listener.Close()
+		svr.listener = nil
 	}
-	svr.cancel()
-
 	svr.ctlManager.Close()
+	if svr.cancel != nil {
+		svr.cancel()
+	}
 	return nil
 }

@@ -485,7 +499,7 @@ func (svr *Service) HandleListener(l net.Listener) {
 	}
 }

-func (svr *Service) HandleQUICListener(l quic.Listener) {
+func (svr *Service) HandleQUICListener(l *quic.Listener) {
 	// Listen for incoming connections from client.
 	for {
 		c, err := l.Accept(context.Background())
@@ -538,7 +552,7 @@ func (svr *Service) RegisterControl(ctlConn net.Conn, loginMsg *msg.Login) (err

 	ctl := NewControl(ctx, svr.rc, svr.pxyManager, svr.pluginManager, svr.authVerifier, ctlConn, loginMsg, svr.cfg)
 	if oldCtl := svr.ctlManager.Add(loginMsg.RunID, ctl); oldCtl != nil {
-		oldCtl.allShutdown.WaitDone()
+		oldCtl.WaitClosed()
 	}

 	ctl.Start()
--- a/test/e2e/basic/basic.go
+++ b/test/e2e/basic/basic.go
@@ -298,6 +298,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 				case "xtcp":
 					localPortName = framework.TCPEchoServerPort
 					protocol = "tcp"
+					ginkgo.Skip("stun server is not stable")
 				}

 				correctSK := "abc"
@@ -331,24 +332,29 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 					proxyExtraConfig   string
 					visitorExtraConfig string
 					expectError        bool
-					user2              bool
+					deployUser2Client  bool
+					// skipXTCP is used to skip xtcp test case
+					skipXTCP bool
 				}{
 					{
 						proxyName:    "normal",
 						bindPortName: port.GenName("Normal"),
 						visitorSK:    correctSK,
+						skipXTCP:     true,
 					},
 					{
 						proxyName:         "with-encryption",
 						bindPortName:      port.GenName("WithEncryption"),
 						visitorSK:         correctSK,
 						commonExtraConfig: "use_encryption = true",
+						skipXTCP:          true,
 					},
 					{
 						proxyName:         "with-compression",
 						bindPortName:      port.GenName("WithCompression"),
 						visitorSK:         correctSK,
 						commonExtraConfig: "use_compression = true",
+						skipXTCP:          true,
 					},
 					{
 						proxyName:    "with-encryption-and-compression",
@@ -358,6 +364,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 						use_encryption = true
 						use_compression = true
 						`,
+						skipXTCP: true,
 					},
 					{
 						proxyName:    "with-error-sk",
@@ -371,7 +378,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 						visitorSK:          correctSK,
 						proxyExtraConfig:   "allow_users = another, user2",
 						visitorExtraConfig: "server_user = user1",
-						user2:              true,
+						deployUser2Client:  true,
 					},
 					{
 						proxyName:          "not-allowed-user",
@@ -387,7 +394,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 						visitorSK:          correctSK,
 						proxyExtraConfig:   "allow_users = *",
 						visitorExtraConfig: "server_user = user1",
-						user2:              true,
+						deployUser2Client:  true,
 					},
 				}

@@ -399,7 +406,7 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 					config := getProxyVisitorConf(
 						test.proxyName, test.bindPortName, test.visitorSK, test.commonExtraConfig+"\n"+test.visitorExtraConfig,
 					) + "\n"
-					if test.user2 {
+					if test.deployUser2Client {
 						clientUser2VisitorConf += config
 					} else {
 						clientVisitorConf += config
@@ -411,7 +418,10 @@ var _ = ginkgo.Describe("[Feature: Basic]", func() {
 				for _, test := range tests {
 					timeout := time.Second
 					if t == "xtcp" {
-						timeout = 4 * time.Second
+						if test.skipXTCP {
+							continue
+						}
+						timeout = 10 * time.Second
 					}
 					framework.NewRequestExpect(f).
 						RequestModify(func(r *request.Request) {
--- a/test/e2e/basic/client.go
+++ b/test/e2e/basic/client.go
@@ -101,4 +101,32 @@ var _ = ginkgo.Describe("[Feature: ClientManage]", func() {
 		}).Port(dashboardPort).
 			Ensure(framework.ExpectResponseCode(401))
 	})
+
+	ginkgo.It("stop", func() {
+		serverConf := consts.DefaultServerConfig
+
+		adminPort := f.AllocPort()
+		testPort := f.AllocPort()
+		clientConf := consts.DefaultClientConfig + fmt.Sprintf(`
+		admin_port = %d
+
+		[test]
+		type = tcp
+		local_port = {{ .%s }}
+		remote_port = %d
+		`, adminPort, framework.TCPEchoServerPort, testPort)
+
+		f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+		framework.NewRequestExpect(f).Port(testPort).Ensure()
+
+		client := clientsdk.New("127.0.0.1", adminPort)
+		err := client.Stop()
+		framework.ExpectNoError(err)
+
+		time.Sleep(3 * time.Second)
+
+		// frpc stopped so the port is not listened, expect error
+		framework.NewRequestExpect(f).Port(testPort).ExpectError(true).Ensure()
+	})
 })
--- a/test/e2e/basic/client_server.go
+++ b/test/e2e/basic/client_server.go
@@ -3,6 +3,7 @@ package basic
 import (
 	"fmt"
 	"strings"
+	"time"

 	"github.com/onsi/ginkgo/v2"

@@ -13,9 +14,13 @@ import (
 )

 type generalTestConfigures struct {
-	server      string
-	client      string
-	expectError bool
+	server        string
+	client        string
+	clientPrefix  string
+	client2       string
+	client2Prefix string
+	testDelay     time.Duration
+	expectError   bool
 }

 func renderBindPortConfig(protocol string) string {
@@ -30,6 +35,9 @@ func renderBindPortConfig(protocol string) string {
 func runClientServerTest(f *framework.Framework, configures *generalTestConfigures) {
 	serverConf := consts.DefaultServerConfig
 	clientConf := consts.DefaultClientConfig
+	if configures.clientPrefix != "" {
+		clientConf = configures.clientPrefix
+	}

 	serverConf += fmt.Sprintf(`
 				%s
@@ -54,7 +62,23 @@ func runClientServerTest(f *framework.Framework, configures *generalTestConfigur
 		framework.UDPEchoServerPort, udpPortName,
 	)

-	f.RunProcesses([]string{serverConf}, []string{clientConf})
+	clientConfs := []string{clientConf}
+	if configures.client2 != "" {
+		client2Conf := consts.DefaultClientConfig
+		if configures.client2Prefix != "" {
+			client2Conf = configures.client2Prefix
+		}
+		client2Conf += fmt.Sprintf(`
+			%s
+		`, configures.client2)
+		clientConfs = append(clientConfs, client2Conf)
+	}
+
+	f.RunProcesses([]string{serverConf}, clientConfs)
+
+	if configures.testDelay > 0 {
+		time.Sleep(configures.testDelay)
+	}

 	framework.NewRequestExpect(f).PortName(tcpPortName).ExpectError(configures.expectError).Explain("tcp proxy").Ensure()
 	framework.NewRequestExpect(f).Protocol("udp").
@@ -84,6 +108,33 @@ var _ = ginkgo.Describe("[Feature: Client-Server]", func() {
 		}
 	})

+	// wss is special, it needs to be tested separately.
+	// frps only supports ws, so there should be a proxy to terminate TLS before frps.
+	ginkgo.Describe("Protocol wss", func() {
+		wssPort := f.AllocPort()
+		configures := &generalTestConfigures{
+			clientPrefix: fmt.Sprintf(`
+				[common]
+				server_addr = 127.0.0.1
+				server_port = %d
+				protocol = wss
+				log_level = trace
+				login_fail_exit = false
+			`, wssPort),
+			// Due to the fact that frps cannot directly accept wss connections, we use the https2http plugin of another frpc to terminate TLS.
+			client2: fmt.Sprintf(`
+				[wss2ws]
+				type = tcp
+				remote_port = %d
+				plugin = https2http
+				plugin_local_addr = 127.0.0.1:{{ .%s }}
+			`, wssPort, consts.PortServerName),
+			testDelay: 10 * time.Second,
+		}
+
+		defineClientServerTest("wss", f, configures)
+	})
+
 	ginkgo.Describe("Authentication", func() {
 		defineClientServerTest("Token Correct", f, &generalTestConfigures{
 			server: "token = 123456",
--- a/test/e2e/framework/mockservers.go
+++ b/test/e2e/framework/mockservers.go
@@ -56,10 +56,7 @@ func (m *MockServers) Run() error {
 	if err := m.udsEchoServer.Run(); err != nil {
 		return err
 	}
-	if err := m.httpSimpleServer.Run(); err != nil {
-		return err
-	}
-	return nil
+	return m.httpSimpleServer.Run()
 }

 func (m *MockServers) Close() {
--- a/test/e2e/pkg/sdk/client/client.go
+++ b/test/e2e/pkg/sdk/client/client.go
@@ -62,6 +62,15 @@ func (c *Client) Reload() error {
 	return err
 }

+func (c *Client) Stop() error {
+	req, err := http.NewRequest("POST", "http://"+c.address+"/api/stop", nil)
+	if err != nil {
+		return err
+	}
+	_, err = c.do(req)
+	return err
+}
+
 func (c *Client) GetConfig() (string, error) {
 	req, err := http.NewRequest("GET", "http://"+c.address+"/api/config", nil)
 	if err != nil {
Author	SHA1	Message	Date
fatedier	466d69eae0	Merge pull request #3574 from fatedier/dev release v0.51.3	2023-08-14 11:59:09 +08:00
fatedier	f1454e91f5	support go1.21 (#3573 )	2023-08-14 11:10:38 +08:00
fatedier	7c8cbeb250	Merge pull request #3550 from fatedier/dev release v0.51.2	2023-07-25 21:35:08 +08:00
fatedier	e9e12cf888	fix incorrect use of snappy pool (#3549 )	2023-07-25 21:31:26 +08:00
fatedier	6430afcfa5	fix a goroutine leak issue caused by Login plugin timeout (#3547 )	2023-07-25 15:12:40 +08:00
fatedier	3235addaaa	update dependencies (#3539 )	2023-07-21 14:34:44 +08:00
fatedier	46ff40543a	update github actions (#3538 )	2023-07-21 10:30:46 +08:00
fatedier	4fd6301577	Merge pull request #3537 from fatedier/dev release v0.51.1	2023-07-20 22:38:48 +08:00
fatedier	efcc028a3d	fix a race condition issue (#3536 )	2023-07-20 22:32:32 +08:00
fatedier	90861b6821	update golib (#3532 )	2023-07-17 17:27:43 +08:00
fatedier	8f105adbca	update FUNDING.yml (#3520 )	2023-07-06 19:58:50 +08:00
fatedier	53626b370c	Merge pull request #3517 from fatedier/dev bump version to v0.51.0	2023-07-05 20:39:25 +08:00
fatedier	b1789afbab	update version (#3516 )	2023-07-05 20:35:08 +08:00
fatedier	88c7e8bf7c	update doc (#3512 )	2023-07-02 00:35:33 +08:00
fatedier	fc4e787fe2	frpc: support stop command (#3511 )	2023-06-30 17:35:37 +08:00
fatedier	4c4d5f0d0d	service.Run supports passing in context (#3504 )	2023-06-29 18:04:20 +08:00
fatedier	801e8c6742	support wss between frpc and frps (#3503 )	2023-06-29 11:20:45 +08:00