Merge pull request #3499 from fatedier/dev

release v0.50.0

.circleci/config.yml

@@ -0,0 +1,25 @@
+version: 2
+jobs:
+  go-version-latest:
+    docker:
+      - image: cimg/go:1.20-node
+    resource_class: large
+    steps:
+      - checkout
+      - run: make
+      - run: make alltest
+  go-version-last:
+    docker:
+      - image: cimg/go:1.19-node
+    resource_class: large
+    steps:
+      - checkout
+      - run: make
+      - run: make alltest
+
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - go-version-latest
+      - go-version-last

.dockerignore

@@ -1,5 +0,0 @@
-Dockerfile
-.git
-*~
-*#
-.#*

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [fatedier]

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,77 @@
+name: Bug report
+description: Report a bug to help us improve frp
+
+body:
+- type: markdown
+  attributes:
+    value: |
+      Thanks for taking the time to fill out this bug report!
+- type: textarea
+  id: bug-description
+  attributes:
+    label: Bug Description
+    description: Tell us what issues you ran into
+    placeholder: Include information about what you tried, what you expected to happen, and what actually happened. The more details, the better!
+  validations:
+    required: true
+- type: input
+  id: frpc-version
+  attributes:
+    label: frpc Version
+    description: Include the output of `frpc -v`
+  validations:
+    required: true
+- type: input
+  id: frps-version
+  attributes:
+    label: frps Version
+    description: Include the output of `frps -v`
+  validations:
+    required: true
+- type: input
+  id: system-architecture
+  attributes:
+    label: System Architecture
+    description: Include which architecture you used, such as `linux/amd64`, `windows/amd64`
+  validations:
+    required: true
+- type: textarea
+  id: config
+  attributes:
+    label: Configurations
+    description: Include what configurrations you used and ran into this problem
+    placeholder: Pay attention to hiding the token and password in your output
+  validations:
+    required: true
+- type: textarea
+  id: log
+  attributes:
+    label: Logs
+    description: Prefer you providing releated error logs here
+    placeholder: Pay attention to hiding your personal informations
+- type: textarea
+  id: steps-to-reproduce
+  attributes:
+    label: Steps to reproduce
+    description: How to reproduce it? It's important for us to find the bug
+    value: |
+      1. 
+      2. 
+      3. 
+      ...
+- type: checkboxes
+  id: area
+  attributes:
+    label: Affected area
+    options:
+    - label: "Docs"
+    - label: "Installation"
+    - label: "Performance and Scalability"
+    - label: "Security"
+    - label: "User Experience"
+    - label: "Test and Release"
+    - label: "Developer Infrastructure"
+    - label: "Client Plugin"
+    - label: "Server Plugin"
+    - label: "Extensions"
+    - label: "Others"

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,36 @@
+name: Feature Request
+description: Suggest an idea to improve frp
+title: "[Feature Request] "
+
+body:
+- type: markdown
+  attributes:
+    value: |
+      This is only used to request new product features.
+- type: textarea
+  id: feature-request
+  attributes:
+    label: Describe the feature request
+    description: Tell us what's you want and why it should be added in frp.
+  validations:
+    required: true
+- type: textarea
+  id: alternatives
+  attributes:
+    label: Describe alternatives you've considered
+- type: checkboxes
+  id: area
+  attributes:
+    label: Affected area
+    options:
+    - label: "Docs"
+    - label: "Installation"
+    - label: "Performance and Scalability"
+    - label: "Security"
+    - label: "User Experience"
+    - label: "Test and Release"
+    - label: "Developer Infrastructure"
+    - label: "Client Plugin"
+    - label: "Server Plugin"
+    - label: "Extensions"
+    - label: "Others"

.github/pull_request_template.md

@@ -0,0 +1,10 @@
+### Summary
+
+copilot:summary
+
+### WHY
+<!-- author to complete -->
+
+### Walkthrough
+
+copilot:walkthrough

.github/workflows/build-and-push-image.yml

@@ -0,0 +1,83 @@
+name: Build Image and Publish to Dockerhub & GPR
+
+on:
+  release:
+    types: [ created ]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Image tag'
+        required: true
+        default: 'test'
+permissions:
+  contents: read
+
+jobs:
+  image:
+    name: Build Image from Dockerfile and binaries
+    runs-on: ubuntu-latest
+    steps:
+      # environment
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      # get image tag name
+      - name: Get Image Tag Name
+        run: |
+          if [ x${{ github.event.inputs.tag }} == x"" ]; then
+            echo "TAG_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+          else
+            echo "TAG_NAME=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
+          fi
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Login to the GPR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GPR_TOKEN }}
+
+      # prepare image tags
+      - name: Prepare Image Tags
+        run: |
+          echo "DOCKERFILE_FRPC_PATH=dockerfiles/Dockerfile-for-frpc" >> $GITHUB_ENV
+          echo "DOCKERFILE_FRPS_PATH=dockerfiles/Dockerfile-for-frps" >> $GITHUB_ENV
+          echo "TAG_FRPC=fatedier/frpc:${{ env.TAG_NAME }}" >> $GITHUB_ENV
+          echo "TAG_FRPS=fatedier/frps:${{ env.TAG_NAME }}" >> $GITHUB_ENV
+          echo "TAG_FRPC_GPR=ghcr.io/fatedier/frpc:${{ env.TAG_NAME }}" >> $GITHUB_ENV
+          echo "TAG_FRPS_GPR=ghcr.io/fatedier/frps:${{ env.TAG_NAME }}" >> $GITHUB_ENV
+
+      - name: Build and push frpc
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./dockerfiles/Dockerfile-for-frpc
+          platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          push: true
+          tags: |
+            ${{ env.TAG_FRPC }}
+            ${{ env.TAG_FRPC_GPR }}
+
+      - name: Build and push frps
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./dockerfiles/Dockerfile-for-frps
+          platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+          push: true
+          tags: |
+            ${{ env.TAG_FRPS }}
+            ${{ env.TAG_FRPS_GPR }}

.github/workflows/golangci-lint.yml

@@ -0,0 +1,41 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+    - master
+    - dev
+  pull_request:
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  pull-requests: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.20'
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: v1.51
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          # only-new-issues: true
+
+          # Optional: if set to true then the all caching functionality will be complete disabled,
+          #           takes precedence over all other caching options.
+          # skip-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true

.github/workflows/goreleaser.yml

@@ -0,0 +1,30 @@
+name: goreleaser
+
+on:
+  workflow_dispatch:
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.20'
+          
+      - name: Make All
+        run: |
+          ./package.sh
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          version: latest
+          args: release --rm-dist --release-notes=./Release.md
+        env:
+          GITHUB_TOKEN: ${{ secrets.GPR_TOKEN }}

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+name: "Close stale issues"
+on:
+  schedule:
+  - cron: "20 0 * * *"
+  workflow_dispatch:
+    inputs:
+      debug-only:
+        description: 'In debug mod'
+        required: false
+        default: 'false'
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/stale@v6
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.'
+        stale-pr-message: "PRs go stale after 30d of inactivity. Stale PRs rot after an additional 7d of inactivity and eventually close."
+        stale-issue-label: 'lifecycle/stale'
+        exempt-issue-labels: 'bug,doc,enhancement,future,proposal,question,testing,todo,easy,help wanted,assigned'
+        stale-pr-label: 'lifecycle/stale'
+        exempt-pr-labels: 'bug,doc,enhancement,future,proposal,question,testing,todo,easy,help wanted,assigned'
+        days-before-stale: 30
+        days-before-close: 7
+        debug-only: ${{ github.event.inputs.debug-only }}
+        exempt-all-pr-milestones: true
+        exempt-all-pr-assignees: true

.gitignore

@@ -26,7 +26,13 @@ _testmain.go
 # Self
 bin/
 packages/
+release/
 test/bin/
+vendor/
+lastversion/
+dist/
+.idea/
+.vscode/
 
 # Cache
 *.swp

.golangci.yml

@@ -0,0 +1,144 @@
+service:
+  golangci-lint-version: 1.51.x # use the fixed version to not introduce new linters unexpectedly
+  
+run:
+  concurrency: 4
+  # timeout for analysis, e.g. 30s, 5m, default is 1m
+  deadline: 20m
+  build-tags:
+  - integ
+  - integfuzz
+  # which dirs to skip: they won't be analyzed;
+  # can use regexp here: generated.*, regexp is applied on full path;
+  # default value is empty list, but next dirs are always skipped independently
+  # from this option's value:
+  #       vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
+  skip-dirs:
+    - genfiles$
+    - vendor$
+    - bin$
+
+  # which files to skip: they will be analyzed, but issues from them
+  # won't be reported. Default value is empty list, but there is
+  # no need to include all autogenerated files, we confidently recognize
+  # autogenerated files. If it's not please let us know.
+  skip-files:
+    - ".*\\.pb\\.go"
+    - ".*\\.gen\\.go"
+
+linters:
+  disable-all: true
+  enable:
+  - unused
+  - errcheck
+  - exportloopref
+  - gocritic
+  - gofumpt
+  - goimports
+  - revive
+  - gosimple
+  - govet
+  - ineffassign
+  - lll
+  - misspell
+  - staticcheck
+  - stylecheck
+  - typecheck
+  - unconvert
+  - unparam
+  - gci
+  - gosec
+  - asciicheck
+  - prealloc
+  - predeclared
+  - makezero
+  fast: false
+
+linters-settings:
+  errcheck:
+    # report about not checking of errors in type assetions: `a := b.(MyStruct)`;
+    # default is false: such cases aren't reported by default.
+    check-type-assertions: false
+
+    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
+    # default is false: such cases aren't reported by default.
+    check-blank: false
+  govet:
+    # report about shadowed variables
+    check-shadowing: false
+  maligned:
+    # print struct with more effective memory layout or not, false by default
+    suggest-new: true
+  misspell:
+    # Correct spellings using locale preferences for US or UK.
+    # Default is to use a neutral variety of English.
+    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
+    locale: US
+    ignore-words:
+    - cancelled
+    - marshalled
+  lll:
+    # max line length, lines longer will be reported. Default is 120.
+    # '\t' is counted as 1 character by default, and can be changed with the tab-width option
+    line-length: 160
+    # tab width in spaces. Default to 1.
+    tab-width: 1
+  gocritic:
+    disabled-checks:
+    - exitAfterDefer
+  unused:
+    check-exported: false
+  unparam:
+    # Inspect exported functions, default is false. Set to true if no external program/library imports your code.
+    # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
+    # if it's called for subdir of a project it can't find external interfaces. All text editor integrations
+    # with golangci-lint call it on a directory with the changed file.
+    check-exported: false
+  gci:
+    sections:
+    - standard
+    - default
+    - prefix(github.com/fatedier/frp/)
+  gosec:
+    severity: "low"
+    confidence: "low"
+    excludes:
+    - G102
+    - G112
+    - G306
+    - G401
+    - G402
+    - G404
+    - G501
+
+issues:
+  # List of regexps of issue texts to exclude, empty list by default.
+  # But independently from this option we use default exclude patterns,
+  # it can be disabled by `exclude-use-default: false`. To list all
+  # excluded by default patterns execute `golangci-lint run --help`
+  # exclude:
+  #  - composite literal uses unkeyed fields
+
+  exclude-rules:
+    # Exclude some linters from running on test files.
+    - path: _test\.go$|^tests/|^samples/
+      linters:
+        - errcheck
+        - maligned
+
+    # keep it until we only support go1.20
+    - linters:
+        - staticcheck
+      text: "SA1019: rand.Seed has been deprecated"
+
+  # Independently from option `exclude` we use default exclude patterns,
+  # it can be disabled by this option. To list all
+  # excluded by default patterns execute `golangci-lint run --help`.
+  # Default value for this option is true.
+  exclude-use-default: true
+
+  # Maximum issues count per one linter. Set to 0 to disable. Default is 50.
+  max-per-linter: 0
+
+  # Maximum count of issues with the same text. Set to 0 to disable. Default is 3.
+  max-same-issues: 0

.goreleaser.yml

@@ -0,0 +1,22 @@
+builds:
+  - skip: true
+checksum:
+  name_template: '{{ .ProjectName }}_sha256_checksums.txt'
+  algorithm: sha256
+  extra_files:
+  - glob: ./release/packages/*
+release:
+  # Same as for github
+  # Note: it can only be one: either github, gitlab or gitea
+  github:
+    owner: fatedier
+    name: frp
+
+  draft: false
+
+  # You can add extra pre-existing files to the release.
+  # The filename on the release will be the last part of the path (base). If
+  # another file with the same name exists, the latest one found will be used.
+  # Defaults to empty.
+  extra_files:
+    - glob: ./release/packages/*

.travis.yml

@@ -1,13 +0,0 @@
-sudo: false
-language: go
-
-go:
-    - 1.5.4
-    - 1.6.4
-    - 1.7.4
-
-install:
-    - make
-
-script:
-    - make alltest

Dockerfile

@@ -1,17 +0,0 @@
-FROM golang:1.6
-
-COPY . /go/src/github.com/fatedier/frp
-
-RUN cd /go/src/github.com/fatedier/frp \
- && make \
- && mv bin/frpc /frpc \
- && mv bin/frps /frps \
- && mv conf/frpc_min.ini /frpc.ini \
- && mv conf/frps_min.ini /frps.ini \
- && make clean
-
-WORKDIR /
-
-EXPOSE 80 443 6000 7000 7500
-
-ENTRYPOINT ["/frps"]

Dockerfile_alpine

@@ -1,12 +0,0 @@
-FROM alpine:3.4
-
-COPY bin/frpc /frpc
-COPY bin/frps /frps
-COPY conf/frpc_min.ini /frpc.ini
-COPY conf/frps_min.ini /frps.ini
-
-WORKDIR /
-
-EXPOSE 80 443 6000 7000 7500
-
-ENTRYPOINT ["/frps"]

Godeps/Godeps.json

@@ -1,44 +0,0 @@
-{
-	"ImportPath": "github.com/fatedier/frp",
-	"GoVersion": "go1.7",
-	"GodepVersion": "v75",
-	"Packages": [
-		"./..."
-	],
-	"Deps": [
-		{
-			"ImportPath": "github.com/astaxie/beego/logs",
-			"Comment": "v1.7.0-7-gefbde1e",
-			"Rev": "efbde1ee77517486eac03e814e01d724ddad18e6"
-		},
-		{
-			"ImportPath": "github.com/davecgh/go-spew/spew",
-			"Comment": "v1.1.0",
-			"Rev": "346938d642f2ec3594ed81d874461961cd0faa76"
-		},
-		{
-			"ImportPath": "github.com/docopt/docopt-go",
-			"Comment": "0.6.2",
-			"Rev": "784ddc588536785e7299f7272f39101f7faccc3f"
-		},
-		{
-			"ImportPath": "github.com/pmezard/go-difflib/difflib",
-			"Comment": "v1.0.0",
-			"Rev": "792786c7400a136282c1664665ae0a8db921c6c2"
-		},
-		{
-			"ImportPath": "github.com/rakyll/statik/fs",
-			"Comment": "v0.1.0",
-			"Rev": "274df120e9065bdd08eb1120e0375e3dc1ae8465"
-		},
-		{
-			"ImportPath": "github.com/stretchr/testify/assert",
-			"Comment": "v1.1.4-25-g2402e8e",
-			"Rev": "2402e8e7a02fc811447d11f881aa9746cdc57983"
-		},
-		{
-			"ImportPath": "github.com/vaughan0/go-ini",
-			"Rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"
-		}
-	]
-}

Godeps/Readme

@@ -1,5 +0,0 @@
-This directory tree is generated automatically by godep.
-
-Please do not edit.
-
-See https://github.com/tools/godep for more information.

Makefile

@@ -1,55 +1,68 @@
 export PATH := $(GOPATH)/bin:$(PATH)
-export GO15VENDOREXPERIMENT := 1
+export GO111MODULE=on
+LDFLAGS := -s -w
 
 all: fmt build
 
-build: frps frpc build_test
-
-build_test: echo_server http_server
+build: frps frpc
 
 # compile assets into binary file
-assets:
-	go get -d github.com/rakyll/statik
-	@go install github.com/rakyll/statik
-	@rm -rf ./src/assets/statik
-	go generate ./src/...
+file:
+	rm -rf ./assets/frps/static/*
+	rm -rf ./assets/frpc/static/*
+	cp -rf ./web/frps/dist/* ./assets/frps/static
+	cp -rf ./web/frpc/dist/* ./assets/frpc/static
 
 fmt:
-	go fmt ./src/...
-	@go fmt ./test/echo_server.go
-	@go fmt ./test/http_server.go
-	@go fmt ./test/func_test.go
+	go fmt ./...
+
+fmt-more:
+	gofumpt -l -w .
+
+gci:
+	gci write -s standard -s default -s "prefix(github.com/fatedier/frp/)" ./
+
+vet:
+	go vet ./...
 
 frps:
-	go build -o bin/frps ./src/cmd/frps
-	@cp -rf ./src/assets/static ./bin
+	env CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/frps ./cmd/frps
 
 frpc:
-	go build -o bin/frpc ./src/cmd/frpc
-
-echo_server:
-	go build -o test/bin/echo_server ./test/echo_server.go
-
-http_server:
-	go build -o test/bin/http_server ./test/http_server.go
+	env CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/frpc ./cmd/frpc
 
 test: gotest
 
 gotest:
-	go test -v ./src/...
+	go test -v --cover ./assets/...
+	go test -v --cover ./cmd/...
+	go test -v --cover ./client/...
+	go test -v --cover ./server/...
+	go test -v --cover ./pkg/...
 
-alltest:
-	cd ./test && ./run_test.sh && cd -
-	go test -v ./src/...
-	go test -v ./test/func_test.go
-	cd ./test && ./clean_test.sh && cd -
+e2e:
+	./hack/run-e2e.sh
 
+e2e-trace:
+	DEBUG=true LOG_LEVEL=trace ./hack/run-e2e.sh
+
+e2e-compatibility-last-frpc:
+	if [ ! -d "./lastversion" ]; then \
+		TARGET_DIRNAME=lastversion ./hack/download.sh; \
+	fi
+	FRPC_PATH="`pwd`/lastversion/frpc" ./hack/run-e2e.sh
+	rm -r ./lastversion
+
+e2e-compatibility-last-frps:
+	if [ ! -d "./lastversion" ]; then \
+		TARGET_DIRNAME=lastversion ./hack/download.sh; \
+	fi
+	FRPS_PATH="`pwd`/lastversion/frps" ./hack/run-e2e.sh
+	rm -r ./lastversion
+
+alltest: vet gotest e2e
+	
 clean:
 	rm -f ./bin/frpc
 	rm -f ./bin/frps
-	rm -f ./test/bin/echo_server
-	rm -f ./test/bin/http_server
-	cd ./test && ./clean_test.sh && cd -
-
-save:
-	godep save ./src/...
+	rm -rf ./lastversion

Makefile.cross-compiles

@@ -1,26 +1,27 @@
 export PATH := $(GOPATH)/bin:$(PATH)
-export GO15VENDOREXPERIMENT := 1
+export GO111MODULE=on
+LDFLAGS := -s -w
+
+os-archs=darwin:amd64 darwin:arm64 freebsd:386 freebsd:amd64 linux:386 linux:amd64 linux:arm linux:arm64 windows:386 windows:amd64 windows:arm64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat linux:riscv64
 
 all: build
 
 build: app
 
 app:
-	env GOOS=darwin GOARCH=386 go build -o ./frpc_darwin_386 ./src/cmd/frpc
-	env GOOS=darwin GOARCH=386 go build -o ./frps_darwin_386 ./src/cmd/frps
-	env GOOS=darwin GOARCH=amd64 go build -o ./frpc_darwin_amd64 ./src/cmd/frpc
-	env GOOS=darwin GOARCH=amd64 go build -o ./frps_darwin_amd64 ./src/cmd/frps
-	env GOOS=linux GOARCH=386 go build -o ./frpc_linux_386 ./src/cmd/frpc
-	env GOOS=linux GOARCH=386 go build -o ./frps_linux_386 ./src/cmd/frps
-	env GOOS=linux GOARCH=amd64 go build -o ./frpc_linux_amd64 ./src/cmd/frpc
-	env GOOS=linux GOARCH=amd64 go build -o ./frps_linux_amd64 ./src/cmd/frps
-	env GOOS=linux GOARCH=arm go build -o ./frpc_linux_arm ./src/cmd/frpc
-	env GOOS=linux GOARCH=arm go build -o ./frps_linux_arm ./src/cmd/frps
-	env GOOS=windows GOARCH=386 go build -o ./frpc_windows_386.exe ./src/cmd/frpc
-	env GOOS=windows GOARCH=386 go build -o ./frps_windows_386.exe ./src/cmd/frps
-	env GOOS=windows GOARCH=amd64 go build -o ./frpc_windows_amd64.exe ./src/cmd/frpc
-	env GOOS=windows GOARCH=amd64 go build -o ./frps_windows_amd64.exe ./src/cmd/frps
-	env GOOS=linux GOARCH=mips64 go build -o ./frpc_linux_mips64 ./src/cmd/frpc
-	env GOOS=linux GOARCH=mips64 go build -o ./frps_linux_mips64 ./src/cmd/frps
-	env GOOS=linux GOARCH=mips64le go build -o ./frpc_linux_mips64le ./src/cmd/frpc
-	env GOOS=linux GOARCH=mips64le go build -o ./frps_linux_mips64le ./src/cmd/frps
+	@$(foreach n, $(os-archs),\
+		os=$(shell echo "$(n)" | cut -d : -f 1);\
+		arch=$(shell echo "$(n)" | cut -d : -f 2);\
+		gomips=$(shell echo "$(n)" | cut -d : -f 3);\
+		target_suffix=$${os}_$${arch};\
+		echo "Build $${os}-$${arch}...";\
+		env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} GOMIPS=$${gomips} go build -trimpath -ldflags "$(LDFLAGS)" -o ./release/frpc_$${target_suffix} ./cmd/frpc;\
+		env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} GOMIPS=$${gomips} go build -trimpath -ldflags "$(LDFLAGS)" -o ./release/frps_$${target_suffix} ./cmd/frps;\
+		echo "Build $${os}-$${arch} done";\
+	)
+	@mv ./release/frpc_windows_386 ./release/frpc_windows_386.exe
+	@mv ./release/frps_windows_386 ./release/frps_windows_386.exe
+	@mv ./release/frpc_windows_amd64 ./release/frpc_windows_amd64.exe
+	@mv ./release/frps_windows_amd64 ./release/frps_windows_amd64.exe
+	@mv ./release/frpc_windows_arm64 ./release/frpc_windows_arm64.exe
+	@mv ./release/frps_windows_arm64 ./release/frps_windows_arm64.exe

README_zh.md

@@ -1,482 +1,46 @@
 # frp
 
-[![Build Status](https://travis-ci.org/fatedier/frp.svg)](https://travis-ci.org/fatedier/frp)
+[![Build Status](https://circleci.com/gh/fatedier/frp.svg?style=shield)](https://circleci.com/gh/fatedier/frp)
+[![GitHub release](https://img.shields.io/github/tag/fatedier/frp.svg?label=release)](https://github.com/fatedier/frp/releases)
 
 [README](README.md) | [中文文档](README_zh.md)
 
-frp 是一个高性能的反向代理应用，可以帮助您轻松地进行内网穿透，对外网提供服务，支持 tcp, udp, http, https 等协议类型，并且 web 服务支持根据域名进行路由转发。
+frp 是一个专注于内网穿透的高性能的反向代理应用，支持 TCP、UDP、HTTP、HTTPS 等多种协议。可以将内网服务以安全、便捷的方式通过具有公网 IP 节点的中转暴露到公网。
 
-## 目录
+<h3 align="center">Gold Sponsors</h3>
+<!--gold sponsors start-->
+<p align="center">
+  <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=frp&utm_source=github" target="_blank">
+    <img width="350px" src="https://raw.githubusercontent.com/fatedier/frp/dev/doc/pic/sponsor_workos.png">
+  </a>
+</p>
+<!--gold sponsors end-->
 
-<!-- vim-markdown-toc GFM -->
-* [frp 的作用](#frp-的作用)
-* [开发状态](#开发状态)
-* [架构](#架构)
-* [使用示例](#使用示例)
-    * [通过 ssh 访问公司内网机器](#通过-ssh-访问公司内网机器)
-    * [通过自定义域名访问部署于内网的 web 服务](#通过自定义域名访问部署于内网的-web-服务)
-    * [转发 DNS 查询请求](#转发-dns-查询请求)
-* [功能说明](#功能说明)
-    * [Dashboard](#dashboard)
-    * [身份验证](#身份验证)
-    * [加密与压缩](#加密与压缩)
-    * [服务器端热加载配置文件](#服务器端热加载配置文件)
-    * [特权模式](#特权模式)
-        * [端口白名单](#端口白名单)
-    * [连接池](#连接池)
-    * [修改 Host Header](#修改-host-header)
-    * [通过密码保护你的 web 服务](#通过密码保护你的-web-服务)
-    * [自定义二级域名](#自定义二级域名)
-    * [URL 路由](#url-路由)
-    * [通过 HTTP PROXY 连接 frps](#通过-http-proxy-连接-frps)
-* [开发计划](#开发计划)
-* [为 frp 做贡献](#为-frp-做贡献)
-* [捐助](#捐助)
-    * [支付宝扫码捐赠](#支付宝扫码捐赠)
-    * [Paypal 捐赠](#paypal-捐赠)
-* [贡献者](#贡献者)
+## 为什么使用 frp ？
 
-<!-- vim-markdown-toc -->
+通过在具有公网 IP 的节点上部署 frp 服务端，可以轻松地将内网服务穿透到公网，同时提供诸多专业的功能特性，这包括：
 
-## frp 的作用
-
-* 利用处于内网或防火墙后的机器，对外网环境提供 http 或 https 服务。
-* 对于 http 服务支持基于域名的虚拟主机，支持自定义域名绑定，使多个域名可以共用一个80端口。
-* 利用处于内网或防火墙后的机器，对外网环境提供 tcp 服务，例如在家里通过 ssh 访问处于公司内网环境内的主机。
-* 可查看通过代理的所有 http 请求和响应的详细信息。（待开发）
+* 客户端服务端通信支持 TCP、KCP 以及 Websocket 等多种协议。
+* 采用 TCP 连接流式复用，在单个连接间承载更多请求，节省连接建立时间。
+* 代理组间的负载均衡。
+* 端口复用，多个服务通过同一个服务端端口暴露。
+* 多个原生支持的客户端插件（静态文件查看，HTTP、SOCK5 代理等），便于独立使用 frp 客户端完成某些工作。
+* 高度扩展性的服务端插件系统，方便结合自身需求进行功能扩展。
+* 服务端和客户端 UI 页面。
 
 ## 开发状态
 
-frp 目前正在前期开发阶段，master 分支用于发布稳定版本，dev 分支用于开发，您可以尝试下载最新的 release 版本进行测试。
+frp 目前已被很多公司广泛用于测试、生产环境。
 
-**目前的交互协议可能随时改变，不能保证向后兼容，升级新版本时需要注意公告说明。**
+master 分支用于发布稳定版本，dev 分支用于开发，您可以尝试下载最新的 release 版本进行测试。
 
-## 架构
+我们正在进行 v2 大版本的开发，将会尝试在各个方面进行重构和升级，且不会与 v1 版本进行兼容，预计会持续一段时间。
 
-![architecture](/doc/pic/architecture.png)
+现在的 v0 版本将会在合适的时间切换为 v1 版本并且保证兼容性，后续只做 bug 修复和优化，不再进行大的功能性更新。
 
-## 使用示例
+## 文档
 
-根据对应的操作系统及架构，从 [Release](https://github.com/fatedier/frp/releases) 页面下载最新版本的程序。
-
-将 **frps** 及 **frps.ini** 放到有公网 IP 的机器上。
-
-将 **frpc** 及 **frpc.ini** 放到处于内网环境的机器上。
-
-### 通过 ssh 访问公司内网机器
-
-1. 修改 frps.ini 文件，配置一个名为 ssh 的反向代理：
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  
-  [ssh]
-  listen_port = 6000
-  auth_token = 123
-  ```
-
-2. 启动 frps：
-
-  `./frps -c ./frps.ini`
-
-3. 修改 frpc.ini 文件，设置 frps 所在服务器的 IP 为 x.x.x.x；
-
-  ```ini
-  # frpc.ini
-  [common]
-  server_addr = x.x.x.x
-  server_port = 7000
-  auth_token = 123
-  
-  [ssh]
-  local_ip = 127.0.0.1
-  local_port = 22
-  ```
-
-4. 启动 frpc：
-
-  `./frpc -c ./frpc.ini`
-
-5. 通过 ssh 访问内网机器，假设用户名为 test：
-
-  `ssh -oPort=6000 test@x.x.x.x`
-
-### 通过自定义域名访问部署于内网的 web 服务
-
-有时想要让其他人通过域名访问或者测试我们在本地搭建的 web 服务，但是由于本地机器没有公网 IP，无法将域名解析到本地的机器，通过 frp 就可以实现这一功能，以下示例为 http 服务，https 服务配置方法相同， vhost_http_port 替换为 vhost_https_port， type 设置为 https 即可。
-
-1. 修改 frps.ini 文件，配置一个名为 web 的 http 反向代理，设置 http 访问端口为 8080，绑定自定义域名 `www.yourdomain.com`：
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  vhost_http_port = 8080
-
-  [web]
-  type = http
-  custom_domains = www.yourdomain.com
-  auth_token = 123
-  ```
-
-2. 启动 frps；
-
-  `./frps -c ./frps.ini`
-
-3. 修改 frpc.ini 文件，设置 frps 所在的服务器的 IP 为 x.x.x.x，local_port 为本地机器上 web 服务对应的端口：
-
-  ```ini
-  # frpc.ini
-  [common]
-  server_addr = x.x.x.x
-  server_port = 7000
-  auth_token = 123
-
-  [web]
-  type = http
-  local_port = 80
-  ```
-
-4. 启动 frpc：
-
-  `./frpc -c ./frpc.ini`
-
-5. 将 `www.yourdomain.com` 的域名 A 记录解析到 IP `x.x.x.x`，如果服务器已经有对应的域名，也可以将 CNAME 记录解析到服务器原先的域名。
-
-6. 通过浏览器访问 `http://www.yourdomain.com:8080` 即可访问到处于内网机器上的 web 服务。
-
-### 转发 DNS 查询请求
-
-DNS 查询请求通常使用 UDP 协议，frp 支持对内网 UDP 服务的穿透，配置方式和 TCP 基本一致。
-
-1. 修改 frps.ini 文件，配置一个名为 dns 的反向代理：
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  
-  [dns]
-  type = udp
-  listen_port = 6000
-  auth_token = 123
-  ```
-
-2. 启动 frps：
-
-  `./frps -c ./frps.ini`
-
-3. 修改 frpc.ini 文件，设置 frps 所在服务器的 IP 为 x.x.x.x，转发到 Google 的 DNS 查询服务器 `8.8.8.8` 的 udp 53 端口：
-
-  ```ini
-  # frpc.ini
-  [common]
-  server_addr = x.x.x.x
-  server_port = 7000
-  auth_token = 123
-  
-  [dns]
-  type = udp
-  local_ip = 8.8.8.8
-  local_port = 53
-  ```
-
-4. 启动 frpc：
-
-  `./frpc -c ./frpc.ini`
-
-5. 通过 dig 测试 UDP 包转发是否成功，预期会返回 `www.google.com` 域名的解析结果：
-
-  `dig @x.x.x.x -p 6000 www.goolge.com`
-
-## 功能说明
-
-### Dashboard
-
-通过浏览器查看 frp 的状态以及代理统计信息展示。
-
-需要在 frps.ini 中指定 dashboard 服务使用的端口，即可开启此功能：
-
-```ini
-[common]
-dashboard_port = 7500
-# dashboard 用户名密码可选，默认都为 admin
-dashboard_user = admin
-dashboard_pwd = admin
-```
-
-打开浏览器通过 `http://[server_addr]:7500` 访问 dashboard 界面，用户名密码默认为 `admin`。
-
-![dashboard](/doc/pic/dashboard.png)
-
-### 身份验证
-
-出于安全性的考虑，服务器端可以在 frps.ini 中为每一个代理设置一个 auth_token 用于对客户端连接进行身份验证，例如上文中的 [ssh] 和 [web] 两个代理的 auth_token 都为 123。
-
-客户端需要在 frpc.ini 中配置自己的 auth_token，与服务器中的配置一致才能正常运行。
-
-需要注意的是 frpc 所在机器和 frps 所在机器的时间相差不能超过 15 分钟，因为时间戳会被用于加密验证中，防止报文被劫持后被其他人利用。
-
-这个超时时间可以在配置文件中通过 `authentication_timeout` 这个参数来修改，单位为秒，默认值为 900，即 15 分钟。如果修改为 0，则 frps 将不对身份验证报文的时间戳进行超时校验。
-
-### 加密与压缩
-
-这两个功能默认是不开启的，需要在 frpc.ini 中通过配置来为指定的代理启用加密与压缩的功能，无论类型是 tcp, http 还是 https：
-
-```ini
-# frpc.ini
-[ssh]
-type = tcp
-listen_port = 6000
-auth_token = 123
-use_encryption = true
-use_gzip = true
-```
-
-如果公司内网防火墙对外网访问进行了流量识别与屏蔽，例如禁止了 ssh 协议等，通过设置 `use_encryption = true`，将 frpc 与 frps 之间的通信内容加密传输，将会有效防止流量被拦截。
-
-如果传输的报文长度较长，通过设置 `use_gzip = true` 对传输内容进行压缩，可以有效减小 frpc 与 frps 之间的网络流量，加快流量转发速度，但是会额外消耗一些 cpu 资源。
-
-### 服务器端热加载配置文件
-
-当需要新增一个 frpc 客户端时，为了避免将 frps 重启，可以使用 reload 命令重新加载配置文件。
-
-reload 命令仅能用于修改代理的配置内容，[common] 内的公共配置信息无法修改。
-
-1. 首先需要在 frps.ini 中指定 dashboard_port：
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  dashboard_port = 7500
-  ```
-
-2. 启动 frps：
-
-  `./frps -c ./frps.ini`
-
-3. 修改 frps.ini 增加一个新的代理 [new_ssh]:
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  dashboard_port = 7500
-
-  [new_ssh]
-  listen_port = 6001
-  auth_token = 123
-  ```
-
-4. 执行 reload 命令，使 frps 重新加载配置文件，实际上是通过 7500 端口发送了一个 http 请求
-
-  `./frps -c ./frps.ini --reload`
-
-5. 之后启动 frpc，[new_ssh] 代理已经可以使用。
-
-### 特权模式
-
-如果想要避免每次增加代理都需要操作服务器端，可以启用特权模式。
-
-特权模式被启用后，代理的所有配置信息都可以在 frpc.ini 中配置，无需在服务器端做任何操作。
-
-1. 在 frps.ini 中设置启用特权模式并设置 privilege_token，客户端需要配置同样的 privilege_token 才能使用特权模式创建代理：
-
-  ```ini
-  # frps.ini
-  [common]
-  bind_port = 7000
-  privilege_mode = true
-  privilege_token = 1234
-  ```
-
-2. 启动 frps：
-
-  `./frps -c ./frps.ini`
-
-3. 在 frpc.ini 配置代理 [ssh]，使用特权模式创建，无需事先在服务器端配置：
-
-  ```ini
-  # frpc.ini
-  [common]
-  server_addr = x.x.x.x
-  server_port = 7000
-  privilege_token = 1234
-
-  [ssh]
-  privilege_mode = true
-  local_port = 22
-  remote_port = 6000
-  ```
-
-  remote_port 即为原先在 frps.ini 的代理中配置的 listen_port 参数，使用特权模式后需要在 frpc 的配置文件中指定。
-
-4. 启动 frpc：
-
-  `./frpc -c ./frpc.ini`
-
-5. 通过 ssh 访问内网机器，假设用户名为 test：
-
-  `ssh -oPort=6000 test@x.x.x.x`
-
-#### 端口白名单
-
-启用特权模式后为了防止端口被滥用，可以手动指定允许哪些端口被使用，在 frps.ini 中通过 privilege_allow_ports 来指定：
-
-```ini
-# frps.ini
-[common]
-privilege_mode = true
-privilege_token = 1234
-privilege_allow_ports = 2000-3000,3001,3003,4000-50000
-```
-
-privilege_allow_ports 可以配置允许使用的某个指定端口或者是一个范围内的所有端口，以 `,` 分隔，指定的范围以 `-` 分隔。
-
-### 连接池
-
-默认情况下，当用户请求建立连接后，frps 才会请求 frpc 主动与后端服务建立一个连接。当为指定的代理启用连接池后，frp 会预先和后端服务建立起指定数量的连接，每次接收到用户请求后，会从连接池中取出一个连接和用户连接关联起来，避免了等待与后端服务建立连接以及 frpc 和 frps 之间传递控制信息的时间。
-
-这一功能比较适合有大量短连接请求时开启。
-
-1. 首先可以在 frps.ini 中设置每个代理可以创建的连接池上限，避免大量资源占用，默认为 100，客户端设置超过此配置后会被调整到当前值：
-
-  ```ini
-  # frps.ini
-  [common]
-  max_pool_count = 50
-  ```
-
-2. 在 frpc.ini 中为指定代理启用连接池，指定预创建连接的数量：
-
-  ```ini
-  # frpc.ini
-  [ssh]
-  type = tcp
-  local_port = 22
-  pool_count = 10
-  ```
-
-### 修改 Host Header
-
-通常情况下 frp 不会修改转发的任何数据。但有一些后端服务会根据 http 请求 header 中的 host 字段来展现不同的网站，例如 nginx 的虚拟主机服务，启用 host-header 的修改功能可以动态修改 http 请求中的 host 字段。该功能仅限于 http 类型的代理。
-
-```ini
-# frpc.ini
-[web]
-privilege_mode = true
-type = http
-local_port = 80
-custom_domains = test.yourdomain.com
-host_header_rewrite = dev.yourdomain.com
-```
-
-原来 http 请求中的 host 字段 `test.yourdomain.com` 转发到后端服务时会被替换为 `dev.yourdomain.com`。
-
-### 通过密码保护你的 web 服务
-
-由于所有客户端共用一个 frps 的 http 服务端口，任何知道你的域名和 url 的人都能访问到你部署在内网的 web 服务，但是在某些场景下需要确保只有限定的用户才能访问。
-
-frp 支持通过 HTTP Basic Auth 来保护你的 web 服务，使用户需要通过用户名和密码才能访问到你的服务。
-
-该功能目前仅限于 http 类型的代理，需要在 frpc 的代理配置中添加用户名和密码的设置。
-
-```ini
-# frpc.ini
-[web]
-privilege_mode = true
-type = http
-local_port = 80
-custom_domains = test.yourdomain.com
-http_user = abc
-http_pwd = abc
-```
-
-通过浏览器访问 `test.yourdomain.com`，需要输入配置的用户名和密码才能访问。
-
-### 自定义二级域名
-
-在多人同时使用一个 frps 时，通过自定义二级域名的方式来使用会更加方便。
-
-通过在 frps 的配置文件中配置 `subdomain_host`，就可以启用该特性。之后在 frpc 的 http、https 类型的代理中可以不配置 `custom_domains`，而是配置一个 `subdomain` 参数。
-
-只需要将 `*.subdomain_host` 解析到 frps 所在服务器。之后用户可以通过 `subdomain` 自行指定自己的 web 服务所需要使用的二级域名，通过 `{subdomain}.{subdomain_host}` 来访问自己的 web 服务。
-
-```ini
-# frps.ini
-subdomain_host = frps.com
-```
-
-将泛域名 `*.frps.com` 解析到 frps 所在服务器的 IP 地址。
-
-```ini
-# frpc.ini
-[web]
-privilege_mode = true
-type = http
-local_port = 80
-subdomain = test
-```
-
-frps 和 fprc 都启动成功后，通过 `test.frps.com` 就可以访问到内网的 web 服务。
-
-需要注意的是如果 frps 配置了 `subdomain_host`，则 `custom_domains` 中不能是属于 `subdomain_host` 的子域名或者泛域名。
-
-同一个 http 或 https 类型的代理中 `custom_domains`  和 `subdomain` 可以同时配置。
-
-### URL 路由
-
-frp 支持根据请求的 URL 路径路由转发到不同的后端服务。
-
-通过配置文件中的 `locations` 字段指定一个或多个 proxy 能够匹配的 URL 前缀(目前仅支持最大前缀匹配，之后会考虑正则匹配)。例如指定 `locations = /news`，则所有 URL 以 `/news` 开头的请求都会被转发到这个服务。
-
-```ini
-# frpc.ini
-[web01]
-privilege_mode = true
-type = http
-local_port = 80
-custom_domains = web.yourdomain.com
-locations = /
-
-[web02]
-privilege_mode = true
-type = http
-local_port = 81
-custom_domains = web.yourdomain.com
-locations = /news,/about
-```
-
-按照上述的示例配置后，`web.yourdomain.com` 这个域名下所有以 `/news` 以及 `/about` 作为前缀的 URL 请求都会被转发到 web02，其余的请求会被转发到 web01。
-
-### 通过 HTTP PROXY 连接 frps
-
-在只能通过代理访问外网的环境内，frpc 支持通过 HTTP PROXY 和 frps 进行通信。
-
-可以通过设置 `HTTP_PROXY` 系统环境变量或者通过在 frpc 的配置文件中设置 `http_proxy` 参数来使用此功能。
-
-```ini
-# frpc.ini
-server_addr = x.x.x.x
-server_port = 7000
-http_proxy = http://user:pwd@192.168.1.128:8080
-```
-
-## 开发计划
-
-计划在后续版本中加入的功能与优化，排名不分先后，如果有其他功能建议欢迎在 [issues](https://github.com/fatedier/frp/issues) 中反馈。
-
-* frps 记录 http 请求日志。
-* frps 支持直接反向代理，类似 haproxy。
-* frpc 支持负载均衡到后端不同服务。
-* frpc debug 模式，控制台显示代理状态，类似 ngrok 启动后的界面。
-* frpc http 请求及响应信息展示。
-* frpc 支持直接作为 webserver 访问指定静态页面。
-* frpc 完全控制模式，通过 dashboard 对 frpc 进行在线操作。
-* 支持 udp 打洞的方式，提供两边内网机器直接通信，流量不经过服务器转发。
+完整文档已经迁移至 [https://gofrp.org](https://gofrp.org/docs)。
 
 ## 为 frp 做贡献
 
@@ -487,7 +51,7 @@ frp 是一个免费且开源的项目，我们欢迎任何人为其开发和进
 * 如果是增加新的功能特性，请先创建一个 issue 并做简单描述以及大致的实现方法，提议被采纳后，就可以创建一个实现新特性的 Pull Request。
 * 欢迎对说明文档做出改善，帮助更多的人使用 frp，特别是英文文档。
 * 贡献代码请提交 PR 至 dev 分支，master 分支仅用于发布稳定可用版本。
-* 如果你有任何其他方面的问题，欢迎反馈至 fatedier@gmail.com 共同交流。
+* 如果你有任何其他方面的问题或合作，欢迎发送邮件至 fatedier@gmail.com 。
 
 **提醒：和项目相关的问题最好在 [issues](https://github.com/fatedier/frp/issues) 中反馈，这样方便其他有类似问题的人可以快速查找解决方法，并且也避免了我们重复回答一些问题。**
 
@@ -495,25 +59,22 @@ frp 是一个免费且开源的项目，我们欢迎任何人为其开发和进
 
 如果您觉得 frp 对你有帮助，欢迎给予我们一定的捐助来维持项目的长期发展。
 
-frp 交流群：606194980 (QQ 群号)
+### GitHub Sponsors
+
+您可以通过 [GitHub Sponsors](https://github.com/sponsors/fatedier) 赞助我们。
+
+企业赞助者可以将贵公司的 Logo 以及链接放置在项目 README 文件中。
+
+### 知识星球
+
+如果您想学习 frp 相关的知识和技术，或者寻求任何帮助及咨询，都可以通过微信扫描下方的二维码付费加入知识星球的官方社群：
+
+![zsxq](/doc/pic/zsxq.jpg)
 
 ### 支付宝扫码捐赠
 
 ![donate-alipay](/doc/pic/donate-alipay.png)
 
-### Paypal 捐赠
+### 微信支付捐赠
 
-海外用户推荐通过 [Paypal](https://www.paypal.me/fatedier) 向我的账户 **fatedier@gmail.com** 进行捐赠。
-
-## 贡献者
-
-* [fatedier](https://github.com/fatedier)
-* [Hurricanezwf](https://github.com/Hurricanezwf)
-* [Pan Hao](https://github.com/vashstorm)
-* [Danping Mao](https://github.com/maodanp)
-* [Eric Larssen](https://github.com/ericlarssen)
-* [Damon Zhao](https://github.com/se77en)
-* [Manfred Touron](https://github.com/moul)
-* [xuebing1110](https://github.com/xuebing1110)
-* [Anbitioner](https://github.com/bingtianbaihua)
-* [LitleCarl](https://github.com/LitleCarl)
+![donate-wechatpay](/doc/pic/donate-wechatpay.png)

Release.md

@@ -0,0 +1,18 @@
+## Notes
+
+**For enhanced security, the default values for `tls_enable` and `disable_custom_tls_first_byte` have been set to true.**
+
+If you wish to revert to the previous default values, you need to manually set the values of these two parameters to false.
+
+### Features
+
+* Added support for `allow_users` in stcp, sudp, xtcp. By default, only the same user is allowed to access. Use `*` to allow access from any user. The visitor configuration now supports `server_user` to connect to proxies of other users.
+* Added fallback support to a specified alternative visitor when xtcp connection fails.
+
+### Improvements
+
+* Increased the default value of `MaxStreamWindowSize` for yamux to 6MB, improving traffic forwarding rate in high-latency scenarios.
+
+### Fixes
+
+* Fixed an issue where having proxies with the same name would cause previously working proxies to become ineffective in `xtcp`.

assets/assets.go

@@ -14,22 +14,15 @@
 
 package assets
 
-//go:generate statik -src=./static
-//go:generate go fmt statik/statik.go
-
 import (
-	"io/ioutil"
+	"io/fs"
 	"net/http"
-	"os"
-	"path"
-
-	"github.com/rakyll/statik/fs"
-
-	_ "github.com/fatedier/frp/src/assets/statik"
 )
 
 var (
-	// store static files in memory by statik
+	// read-only filesystem created by "embed" for embedded files
+	content fs.FS
+
 	FileSystem http.FileSystem
 
 	// if prefix is not empty, we get file content from disk
@@ -38,38 +31,18 @@ var (
 
 // if path is empty, load assets in memory
 // or set FileSystem using disk files
-func Load(path string) (err error) {
+func Load(path string) {
 	prefixPath = path
 	if prefixPath != "" {
 		FileSystem = http.Dir(prefixPath)
-		return nil
 	} else {
-		FileSystem, err = fs.New()
+		FileSystem = http.FS(content)
 	}
-	return err
 }
 
-func ReadFile(file string) (content string, err error) {
-	if prefixPath == "" {
-		file, err := FileSystem.Open(path.Join("/", file))
-		if err != nil {
-			return content, err
-		}
-		buf, err := ioutil.ReadAll(file)
-		if err != nil {
-			return content, err
-		}
-		content = string(buf)
-	} else {
-		file, err := os.Open(path.Join(prefixPath, file))
-		if err != nil {
-			return content, err
-		}
-		buf, err := ioutil.ReadAll(file)
-		if err != nil {
-			return content, err
-		}
-		content = string(buf)
+func Register(fileSystem fs.FS) {
+	subFs, err := fs.Sub(fileSystem, "static")
+	if err == nil {
+		content = subFs
 	}
-	return content, err
 }

assets/frpc/embed.go

@@ -0,0 +1,14 @@
+package frpc
+
+import (
+	"embed"
+
+	"github.com/fatedier/frp/assets"
+)
+
+//go:embed static/*
+var content embed.FS
+
+func init() {
+	assets.Register(content)
+}

assets/frpc/static/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <title>frp client admin UI</title>
+  <script type="module" crossorigin src="./index-1c7ed8b0.js"></script>
+  <link rel="stylesheet" href="./index-1e2a7ce0.css">
+</head>
+
+<body>
+    <div id="app"></div>
+    
+</body>
+
+</html>

assets/frps/embed.go

@@ -0,0 +1,14 @@
+package frpc
+
+import (
+	"embed"
+
+	"github.com/fatedier/frp/assets"
+)
+
+//go:embed static/*
+var content embed.FS
+
+func init() {
+	assets.Register(content)
+}

assets/frps/static/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en" class="dark">
+
+<head>
+    <meta charset="utf-8">
+    <title>frps dashboard</title>
+  <script type="module" crossorigin src="./index-ea3edf22.js"></script>
+  <link rel="stylesheet" href="./index-1e0c7400.css">
+</head>
+
+<body>
+    <div id="app"></div>
+    
+</body>
+
+</html>

client/admin.go

@@ -0,0 +1,84 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"net"
+	"net/http"
+	"net/http/pprof"
+	"time"
+
+	"github.com/gorilla/mux"
+
+	"github.com/fatedier/frp/assets"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+)
+
+var (
+	httpServerReadTimeout  = 60 * time.Second
+	httpServerWriteTimeout = 60 * time.Second
+)
+
+func (svr *Service) RunAdminServer(address string) (err error) {
+	// url router
+	router := mux.NewRouter()
+
+	router.HandleFunc("/healthz", svr.healthz)
+
+	// debug
+	if svr.cfg.PprofEnable {
+		router.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
+		router.HandleFunc("/debug/pprof/profile", pprof.Profile)
+		router.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
+		router.HandleFunc("/debug/pprof/trace", pprof.Trace)
+		router.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index)
+	}
+
+	subRouter := router.NewRoute().Subrouter()
+	user, passwd := svr.cfg.AdminUser, svr.cfg.AdminPwd
+	subRouter.Use(utilnet.NewHTTPAuthMiddleware(user, passwd).SetAuthFailDelay(200 * time.Millisecond).Middleware)
+
+	// api, see admin_api.go
+	subRouter.HandleFunc("/api/reload", svr.apiReload).Methods("GET")
+	subRouter.HandleFunc("/api/status", svr.apiStatus).Methods("GET")
+	subRouter.HandleFunc("/api/config", svr.apiGetConfig).Methods("GET")
+	subRouter.HandleFunc("/api/config", svr.apiPutConfig).Methods("PUT")
+
+	// view
+	subRouter.Handle("/favicon.ico", http.FileServer(assets.FileSystem)).Methods("GET")
+	subRouter.PathPrefix("/static/").Handler(utilnet.MakeHTTPGzipHandler(http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))).Methods("GET")
+	subRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		http.Redirect(w, r, "/static/", http.StatusMovedPermanently)
+	})
+
+	server := &http.Server{
+		Addr:         address,
+		Handler:      router,
+		ReadTimeout:  httpServerReadTimeout,
+		WriteTimeout: httpServerWriteTimeout,
+	}
+	if address == "" {
+		address = ":http"
+	}
+	ln, err := net.Listen("tcp", address)
+	if err != nil {
+		return err
+	}
+
+	go func() {
+		_ = server.Serve(ln)
+	}()
+	return
+}

client/admin_api.go

@@ -0,0 +1,255 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/samber/lo"
+
+	"github.com/fatedier/frp/client/proxy"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/util/log"
+)
+
+type GeneralResponse struct {
+	Code int
+	Msg  string
+}
+
+// /healthz
+func (svr *Service) healthz(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(200)
+}
+
+// GET api/reload
+func (svr *Service) apiReload(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("api request [/api/reload]")
+	defer func() {
+		log.Info("api response [/api/reload], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			_, _ = w.Write([]byte(res.Msg))
+		}
+	}()
+
+	_, pxyCfgs, visitorCfgs, err := config.ParseClientConfig(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("reload frpc proxy config error: %s", res.Msg)
+		return
+	}
+
+	if err = svr.ReloadConf(pxyCfgs, visitorCfgs); err != nil {
+		res.Code = 500
+		res.Msg = err.Error()
+		log.Warn("reload frpc proxy config error: %s", res.Msg)
+		return
+	}
+	log.Info("success reload conf")
+}
+
+type StatusResp map[string][]ProxyStatusResp
+
+type ProxyStatusResp struct {
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Status     string `json:"status"`
+	Err        string `json:"err"`
+	LocalAddr  string `json:"local_addr"`
+	Plugin     string `json:"plugin"`
+	RemoteAddr string `json:"remote_addr"`
+}
+
+func NewProxyStatusResp(status *proxy.WorkingStatus, serverAddr string) ProxyStatusResp {
+	psr := ProxyStatusResp{
+		Name:   status.Name,
+		Type:   status.Type,
+		Status: status.Phase,
+		Err:    status.Err,
+	}
+	baseCfg := status.Cfg.GetBaseConfig()
+	if baseCfg.LocalPort != 0 {
+		psr.LocalAddr = net.JoinHostPort(baseCfg.LocalIP, strconv.Itoa(baseCfg.LocalPort))
+	}
+	psr.Plugin = baseCfg.Plugin
+
+	if status.Err == "" {
+		psr.RemoteAddr = status.RemoteAddr
+		if lo.Contains([]string{"tcp", "udp"}, status.Type) {
+			psr.RemoteAddr = serverAddr + psr.RemoteAddr
+		}
+	}
+	return psr
+}
+
+// GET api/status
+func (svr *Service) apiStatus(w http.ResponseWriter, r *http.Request) {
+	var (
+		buf []byte
+		res StatusResp = make(map[string][]ProxyStatusResp)
+	)
+
+	log.Info("Http request [/api/status]")
+	defer func() {
+		log.Info("Http response [/api/status]")
+		buf, _ = json.Marshal(&res)
+		_, _ = w.Write(buf)
+	}()
+
+	ps := svr.ctl.pm.GetAllProxyStatus()
+	for _, status := range ps {
+		res[status.Type] = append(res[status.Type], NewProxyStatusResp(status, svr.cfg.ServerAddr))
+	}
+
+	for _, arrs := range res {
+		if len(arrs) <= 1 {
+			continue
+		}
+		sort.Slice(arrs, func(i, j int) bool {
+			return strings.Compare(arrs[i].Name, arrs[j].Name) < 0
+		})
+	}
+}
+
+// GET api/config
+func (svr *Service) apiGetConfig(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("Http get request [/api/config]")
+	defer func() {
+		log.Info("Http get response [/api/config], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			_, _ = w.Write([]byte(res.Msg))
+		}
+	}()
+
+	if svr.cfgFile == "" {
+		res.Code = 400
+		res.Msg = "frpc has no config file path"
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	content, err := config.GetRenderedConfFromFile(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("load frpc config file error: %s", res.Msg)
+		return
+	}
+
+	rows := strings.Split(string(content), "\n")
+	newRows := make([]string, 0, len(rows))
+	for _, row := range rows {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			continue
+		}
+		newRows = append(newRows, row)
+	}
+	res.Msg = strings.Join(newRows, "\n")
+}
+
+// PUT api/config
+func (svr *Service) apiPutConfig(w http.ResponseWriter, r *http.Request) {
+	res := GeneralResponse{Code: 200}
+
+	log.Info("Http put request [/api/config]")
+	defer func() {
+		log.Info("Http put response [/api/config], code [%d]", res.Code)
+		w.WriteHeader(res.Code)
+		if len(res.Msg) > 0 {
+			_, _ = w.Write([]byte(res.Msg))
+		}
+	}()
+
+	// get new config content
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		res.Code = 400
+		res.Msg = fmt.Sprintf("read request body error: %v", err)
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	if len(body) == 0 {
+		res.Code = 400
+		res.Msg = "body can't be empty"
+		log.Warn("%s", res.Msg)
+		return
+	}
+
+	// get token from origin content
+	token := ""
+	b, err := os.ReadFile(svr.cfgFile)
+	if err != nil {
+		res.Code = 400
+		res.Msg = err.Error()
+		log.Warn("load frpc config file error: %s", res.Msg)
+		return
+	}
+	content := string(b)
+
+	for _, row := range strings.Split(content, "\n") {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			token = row
+			break
+		}
+	}
+
+	tmpRows := make([]string, 0)
+	for _, row := range strings.Split(string(body), "\n") {
+		row = strings.TrimSpace(row)
+		if strings.HasPrefix(row, "token") {
+			continue
+		}
+		tmpRows = append(tmpRows, row)
+	}
+
+	newRows := make([]string, 0)
+	if token != "" {
+		for _, row := range tmpRows {
+			newRows = append(newRows, row)
+			if strings.HasPrefix(row, "[common]") {
+				newRows = append(newRows, token)
+			}
+		}
+	} else {
+		newRows = tmpRows
+	}
+	content = strings.Join(newRows, "\n")
+
+	err = os.WriteFile(svr.cfgFile, []byte(content), 0o644)
+	if err != nil {
+		res.Code = 500
+		res.Msg = fmt.Sprintf("write content to frpc config file error: %v", err)
+		log.Warn("%s", res.Msg)
+		return
+	}
+}

client/control.go

@@ -0,0 +1,361 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+	"io"
+	"net"
+	"runtime/debug"
+	"time"
+
+	"github.com/fatedier/golib/control/shutdown"
+	"github.com/fatedier/golib/crypto"
+
+	"github.com/fatedier/frp/client/proxy"
+	"github.com/fatedier/frp/client/visitor"
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+type Control struct {
+	// service context
+	ctx context.Context
+	xl  *xlog.Logger
+
+	// Unique ID obtained from frps.
+	// It should be attached to the login message when reconnecting.
+	runID string
+
+	// manage all proxies
+	pxyCfgs map[string]config.ProxyConf
+	pm      *proxy.Manager
+
+	// manage all visitors
+	vm *visitor.Manager
+
+	// control connection
+	conn net.Conn
+
+	cm *ConnectionManager
+
+	// put a message in this channel to send it over control connection to server
+	sendCh chan (msg.Message)
+
+	// read from this channel to get the next message sent by server
+	readCh chan (msg.Message)
+
+	// goroutines can block by reading from this channel, it will be closed only in reader() when control connection is closed
+	closedCh chan struct{}
+
+	closedDoneCh chan struct{}
+
+	// last time got the Pong message
+	lastPong time.Time
+
+	// The client configuration
+	clientCfg config.ClientCommonConf
+
+	readerShutdown     *shutdown.Shutdown
+	writerShutdown     *shutdown.Shutdown
+	msgHandlerShutdown *shutdown.Shutdown
+
+	// sets authentication based on selected method
+	authSetter auth.Setter
+
+	msgTransporter transport.MessageTransporter
+}
+
+func NewControl(
+	ctx context.Context, runID string, conn net.Conn, cm *ConnectionManager,
+	clientCfg config.ClientCommonConf,
+	pxyCfgs map[string]config.ProxyConf,
+	visitorCfgs map[string]config.VisitorConf,
+	authSetter auth.Setter,
+) *Control {
+	// new xlog instance
+	ctl := &Control{
+		ctx:                ctx,
+		xl:                 xlog.FromContextSafe(ctx),
+		runID:              runID,
+		conn:               conn,
+		cm:                 cm,
+		pxyCfgs:            pxyCfgs,
+		sendCh:             make(chan msg.Message, 100),
+		readCh:             make(chan msg.Message, 100),
+		closedCh:           make(chan struct{}),
+		closedDoneCh:       make(chan struct{}),
+		clientCfg:          clientCfg,
+		readerShutdown:     shutdown.New(),
+		writerShutdown:     shutdown.New(),
+		msgHandlerShutdown: shutdown.New(),
+		authSetter:         authSetter,
+	}
+	ctl.msgTransporter = transport.NewMessageTransporter(ctl.sendCh)
+	ctl.pm = proxy.NewManager(ctl.ctx, clientCfg, ctl.msgTransporter)
+
+	ctl.vm = visitor.NewManager(ctl.ctx, ctl.runID, ctl.clientCfg, ctl.connectServer, ctl.msgTransporter)
+	ctl.vm.Reload(visitorCfgs)
+	return ctl
+}
+
+func (ctl *Control) Run() {
+	go ctl.worker()
+
+	// start all proxies
+	ctl.pm.Reload(ctl.pxyCfgs)
+
+	// start all visitors
+	go ctl.vm.Run()
+}
+
+func (ctl *Control) HandleReqWorkConn(inMsg *msg.ReqWorkConn) {
+	xl := ctl.xl
+	workConn, err := ctl.connectServer()
+	if err != nil {
+		xl.Warn("start new connection to server error: %v", err)
+		return
+	}
+
+	m := &msg.NewWorkConn{
+		RunID: ctl.runID,
+	}
+	if err = ctl.authSetter.SetNewWorkConn(m); err != nil {
+		xl.Warn("error during NewWorkConn authentication: %v", err)
+		return
+	}
+	if err = msg.WriteMsg(workConn, m); err != nil {
+		xl.Warn("work connection write to server error: %v", err)
+		workConn.Close()
+		return
+	}
+
+	var startMsg msg.StartWorkConn
+	if err = msg.ReadMsgInto(workConn, &startMsg); err != nil {
+		xl.Trace("work connection closed before response StartWorkConn message: %v", err)
+		workConn.Close()
+		return
+	}
+	if startMsg.Error != "" {
+		xl.Error("StartWorkConn contains error: %s", startMsg.Error)
+		workConn.Close()
+		return
+	}
+
+	// dispatch this work connection to related proxy
+	ctl.pm.HandleWorkConn(startMsg.ProxyName, workConn, &startMsg)
+}
+
+func (ctl *Control) HandleNewProxyResp(inMsg *msg.NewProxyResp) {
+	xl := ctl.xl
+	// Server will return NewProxyResp message to each NewProxy message.
+	// Start a new proxy handler if no error got
+	err := ctl.pm.StartProxy(inMsg.ProxyName, inMsg.RemoteAddr, inMsg.Error)
+	if err != nil {
+		xl.Warn("[%s] start error: %v", inMsg.ProxyName, err)
+	} else {
+		xl.Info("[%s] start proxy success", inMsg.ProxyName)
+	}
+}
+
+func (ctl *Control) HandleNatHoleResp(inMsg *msg.NatHoleResp) {
+	xl := ctl.xl
+
+	// Dispatch the NatHoleResp message to the related proxy.
+	ok := ctl.msgTransporter.DispatchWithType(inMsg, msg.TypeNameNatHoleResp, inMsg.TransactionID)
+	if !ok {
+		xl.Trace("dispatch NatHoleResp message to related proxy error")
+	}
+}
+
+func (ctl *Control) Close() error {
+	return ctl.GracefulClose(0)
+}
+
+func (ctl *Control) GracefulClose(d time.Duration) error {
+	ctl.pm.Close()
+	ctl.vm.Close()
+
+	time.Sleep(d)
+
+	ctl.conn.Close()
+	ctl.cm.Close()
+	return nil
+}
+
+// ClosedDoneCh returns a channel that will be closed after all resources are released
+func (ctl *Control) ClosedDoneCh() <-chan struct{} {
+	return ctl.closedDoneCh
+}
+
+// connectServer return a new connection to frps
+func (ctl *Control) connectServer() (conn net.Conn, err error) {
+	return ctl.cm.Connect()
+}
+
+// reader read all messages from frps and send to readCh
+func (ctl *Control) reader() {
+	xl := ctl.xl
+	defer func() {
+		if err := recover(); err != nil {
+			xl.Error("panic error: %v", err)
+			xl.Error(string(debug.Stack()))
+		}
+	}()
+	defer ctl.readerShutdown.Done()
+	defer close(ctl.closedCh)
+
+	encReader := crypto.NewReader(ctl.conn, []byte(ctl.clientCfg.Token))
+	for {
+		m, err := msg.ReadMsg(encReader)
+		if err != nil {
+			if err == io.EOF {
+				xl.Debug("read from control connection EOF")
+				return
+			}
+			xl.Warn("read error: %v", err)
+			ctl.conn.Close()
+			return
+		}
+		ctl.readCh <- m
+	}
+}
+
+// writer writes messages got from sendCh to frps
+func (ctl *Control) writer() {
+	xl := ctl.xl
+	defer ctl.writerShutdown.Done()
+	encWriter, err := crypto.NewWriter(ctl.conn, []byte(ctl.clientCfg.Token))
+	if err != nil {
+		xl.Error("crypto new writer error: %v", err)
+		ctl.conn.Close()
+		return
+	}
+	for {
+		m, ok := <-ctl.sendCh
+		if !ok {
+			xl.Info("control writer is closing")
+			return
+		}
+
+		if err := msg.WriteMsg(encWriter, m); err != nil {
+			xl.Warn("write message to control connection error: %v", err)
+			return
+		}
+	}
+}
+
+// msgHandler handles all channel events and performs corresponding operations.
+func (ctl *Control) msgHandler() {
+	xl := ctl.xl
+	defer func() {
+		if err := recover(); err != nil {
+			xl.Error("panic error: %v", err)
+			xl.Error(string(debug.Stack()))
+		}
+	}()
+	defer ctl.msgHandlerShutdown.Done()
+
+	var hbSendCh <-chan time.Time
+	// TODO(fatedier): disable heartbeat if TCPMux is enabled.
+	// Just keep it here to keep compatible with old version frps.
+	if ctl.clientCfg.HeartbeatInterval > 0 {
+		hbSend := time.NewTicker(time.Duration(ctl.clientCfg.HeartbeatInterval) * time.Second)
+		defer hbSend.Stop()
+		hbSendCh = hbSend.C
+	}
+
+	var hbCheckCh <-chan time.Time
+	// Check heartbeat timeout only if TCPMux is not enabled and users don't disable heartbeat feature.
+	if ctl.clientCfg.HeartbeatInterval > 0 && ctl.clientCfg.HeartbeatTimeout > 0 && !ctl.clientCfg.TCPMux {
+		hbCheck := time.NewTicker(time.Second)
+		defer hbCheck.Stop()
+		hbCheckCh = hbCheck.C
+	}
+
+	ctl.lastPong = time.Now()
+	for {
+		select {
+		case <-hbSendCh:
+			// send heartbeat to server
+			xl.Debug("send heartbeat to server")
+			pingMsg := &msg.Ping{}
+			if err := ctl.authSetter.SetPing(pingMsg); err != nil {
+				xl.Warn("error during ping authentication: %v", err)
+				return
+			}
+			ctl.sendCh <- pingMsg
+		case <-hbCheckCh:
+			if time.Since(ctl.lastPong) > time.Duration(ctl.clientCfg.HeartbeatTimeout)*time.Second {
+				xl.Warn("heartbeat timeout")
+				// let reader() stop
+				ctl.conn.Close()
+				return
+			}
+		case rawMsg, ok := <-ctl.readCh:
+			if !ok {
+				return
+			}
+
+			switch m := rawMsg.(type) {
+			case *msg.ReqWorkConn:
+				go ctl.HandleReqWorkConn(m)
+			case *msg.NewProxyResp:
+				ctl.HandleNewProxyResp(m)
+			case *msg.NatHoleResp:
+				ctl.HandleNatHoleResp(m)
+			case *msg.Pong:
+				if m.Error != "" {
+					xl.Error("Pong contains error: %s", m.Error)
+					ctl.conn.Close()
+					return
+				}
+				ctl.lastPong = time.Now()
+				xl.Debug("receive heartbeat from server")
+			}
+		}
+	}
+}
+
+// If controler is notified by closedCh, reader and writer and handler will exit
+func (ctl *Control) worker() {
+	go ctl.msgHandler()
+	go ctl.reader()
+	go ctl.writer()
+
+	<-ctl.closedCh
+	// close related channels and wait until other goroutines done
+	close(ctl.readCh)
+	ctl.readerShutdown.WaitDone()
+	ctl.msgHandlerShutdown.WaitDone()
+
+	close(ctl.sendCh)
+	ctl.writerShutdown.WaitDone()
+
+	ctl.pm.Close()
+	ctl.vm.Close()
+
+	close(ctl.closedDoneCh)
+	ctl.cm.Close()
+}
+
+func (ctl *Control) ReloadConf(pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf) error {
+	ctl.vm.Reload(visitorCfgs)
+	ctl.pm.Reload(pxyCfgs)
+	return nil
+}

client/event/event.go

@@ -0,0 +1,19 @@
+package event
+
+import (
+	"errors"
+
+	"github.com/fatedier/frp/pkg/msg"
+)
+
+var ErrPayloadType = errors.New("error payload type")
+
+type Handler func(payload interface{}) error
+
+type StartProxyPayload struct {
+	NewProxyMsg *msg.NewProxy
+}
+
+type CloseProxyPayload struct {
+	CloseProxyMsg *msg.CloseProxy
+}

client/health/health.go

@@ -0,0 +1,168 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package health
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+var ErrHealthCheckType = errors.New("error health check type")
+
+type Monitor struct {
+	checkType      string
+	interval       time.Duration
+	timeout        time.Duration
+	maxFailedTimes int
+
+	// For tcp
+	addr string
+
+	// For http
+	url string
+
+	failedTimes    uint64
+	statusOK       bool
+	statusNormalFn func()
+	statusFailedFn func()
+
+	ctx    context.Context
+	cancel context.CancelFunc
+}
+
+func NewMonitor(ctx context.Context, checkType string,
+	intervalS int, timeoutS int, maxFailedTimes int,
+	addr string, url string,
+	statusNormalFn func(), statusFailedFn func(),
+) *Monitor {
+	if intervalS <= 0 {
+		intervalS = 10
+	}
+	if timeoutS <= 0 {
+		timeoutS = 3
+	}
+	if maxFailedTimes <= 0 {
+		maxFailedTimes = 1
+	}
+	newctx, cancel := context.WithCancel(ctx)
+	return &Monitor{
+		checkType:      checkType,
+		interval:       time.Duration(intervalS) * time.Second,
+		timeout:        time.Duration(timeoutS) * time.Second,
+		maxFailedTimes: maxFailedTimes,
+		addr:           addr,
+		url:            url,
+		statusOK:       false,
+		statusNormalFn: statusNormalFn,
+		statusFailedFn: statusFailedFn,
+		ctx:            newctx,
+		cancel:         cancel,
+	}
+}
+
+func (monitor *Monitor) Start() {
+	go monitor.checkWorker()
+}
+
+func (monitor *Monitor) Stop() {
+	monitor.cancel()
+}
+
+func (monitor *Monitor) checkWorker() {
+	xl := xlog.FromContextSafe(monitor.ctx)
+	for {
+		doCtx, cancel := context.WithDeadline(monitor.ctx, time.Now().Add(monitor.timeout))
+		err := monitor.doCheck(doCtx)
+
+		// check if this monitor has been closed
+		select {
+		case <-monitor.ctx.Done():
+			cancel()
+			return
+		default:
+			cancel()
+		}
+
+		if err == nil {
+			xl.Trace("do one health check success")
+			if !monitor.statusOK && monitor.statusNormalFn != nil {
+				xl.Info("health check status change to success")
+				monitor.statusOK = true
+				monitor.statusNormalFn()
+			}
+		} else {
+			xl.Warn("do one health check failed: %v", err)
+			monitor.failedTimes++
+			if monitor.statusOK && int(monitor.failedTimes) >= monitor.maxFailedTimes && monitor.statusFailedFn != nil {
+				xl.Warn("health check status change to failed")
+				monitor.statusOK = false
+				monitor.statusFailedFn()
+			}
+		}
+
+		time.Sleep(monitor.interval)
+	}
+}
+
+func (monitor *Monitor) doCheck(ctx context.Context) error {
+	switch monitor.checkType {
+	case "tcp":
+		return monitor.doTCPCheck(ctx)
+	case "http":
+		return monitor.doHTTPCheck(ctx)
+	default:
+		return ErrHealthCheckType
+	}
+}
+
+func (monitor *Monitor) doTCPCheck(ctx context.Context) error {
+	// if tcp address is not specified, always return nil
+	if monitor.addr == "" {
+		return nil
+	}
+
+	var d net.Dialer
+	conn, err := d.DialContext(ctx, "tcp", monitor.addr)
+	if err != nil {
+		return err
+	}
+	conn.Close()
+	return nil
+}
+
+func (monitor *Monitor) doHTTPCheck(ctx context.Context) error {
+	req, err := http.NewRequestWithContext(ctx, "GET", monitor.url, nil)
+	if err != nil {
+		return err
+	}
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	_, _ = io.Copy(io.Discard, resp.Body)
+
+	if resp.StatusCode/100 != 2 {
+		return fmt.Errorf("do http health check, StatusCode is [%d] not 2xx", resp.StatusCode)
+	}
+	return nil
+}

client/proxy/general_tcp.go

@@ -0,0 +1,47 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"reflect"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	pxyConfs := []config.ProxyConf{
+		&config.TCPProxyConf{},
+		&config.HTTPProxyConf{},
+		&config.HTTPSProxyConf{},
+		&config.STCPProxyConf{},
+		&config.TCPMuxProxyConf{},
+	}
+	for _, cfg := range pxyConfs {
+		RegisterProxyFactory(reflect.TypeOf(cfg), NewGeneralTCPProxy)
+	}
+}
+
+// GeneralTCPProxy is a general implementation of Proxy interface for TCP protocol.
+// If the default GeneralTCPProxy cannot meet the requirements, you can customize
+// the implementation of the Proxy interface.
+type GeneralTCPProxy struct {
+	*BaseProxy
+}
+
+func NewGeneralTCPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+	return &GeneralTCPProxy{
+		BaseProxy: baseProxy,
+	}
+}

client/proxy/proxy.go

@@ -0,0 +1,216 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net"
+	"reflect"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	libio "github.com/fatedier/golib/io"
+	libdial "github.com/fatedier/golib/net/dial"
+	pp "github.com/pires/go-proxyproto"
+	"golang.org/x/time/rate"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	plugin "github.com/fatedier/frp/pkg/plugin/client"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/limit"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+var proxyFactoryRegistry = map[reflect.Type]func(*BaseProxy, config.ProxyConf) Proxy{}
+
+func RegisterProxyFactory(proxyConfType reflect.Type, factory func(*BaseProxy, config.ProxyConf) Proxy) {
+	proxyFactoryRegistry[proxyConfType] = factory
+}
+
+// Proxy defines how to handle work connections for different proxy type.
+type Proxy interface {
+	Run() error
+
+	// InWorkConn accept work connections registered to server.
+	InWorkConn(net.Conn, *msg.StartWorkConn)
+
+	Close()
+}
+
+func NewProxy(
+	ctx context.Context,
+	pxyConf config.ProxyConf,
+	clientCfg config.ClientCommonConf,
+	msgTransporter transport.MessageTransporter,
+) (pxy Proxy) {
+	var limiter *rate.Limiter
+	limitBytes := pxyConf.GetBaseConfig().BandwidthLimit.Bytes()
+	if limitBytes > 0 && pxyConf.GetBaseConfig().BandwidthLimitMode == config.BandwidthLimitModeClient {
+		limiter = rate.NewLimiter(rate.Limit(float64(limitBytes)), int(limitBytes))
+	}
+
+	baseProxy := BaseProxy{
+		baseProxyConfig: pxyConf.GetBaseConfig(),
+		clientCfg:       clientCfg,
+		limiter:         limiter,
+		msgTransporter:  msgTransporter,
+		xl:              xlog.FromContextSafe(ctx),
+		ctx:             ctx,
+	}
+
+	factory := proxyFactoryRegistry[reflect.TypeOf(pxyConf)]
+	if factory == nil {
+		return nil
+	}
+	return factory(&baseProxy, pxyConf)
+}
+
+type BaseProxy struct {
+	baseProxyConfig *config.BaseProxyConf
+	clientCfg       config.ClientCommonConf
+	msgTransporter  transport.MessageTransporter
+	limiter         *rate.Limiter
+	// proxyPlugin is used to handle connections instead of dialing to local service.
+	// It's only validate for TCP protocol now.
+	proxyPlugin plugin.Plugin
+
+	mu  sync.RWMutex
+	xl  *xlog.Logger
+	ctx context.Context
+}
+
+func (pxy *BaseProxy) Run() error {
+	if pxy.baseProxyConfig.Plugin != "" {
+		p, err := plugin.Create(pxy.baseProxyConfig.Plugin, pxy.baseProxyConfig.PluginParams)
+		if err != nil {
+			return err
+		}
+		pxy.proxyPlugin = p
+	}
+	return nil
+}
+
+func (pxy *BaseProxy) Close() {
+	if pxy.proxyPlugin != nil {
+		pxy.proxyPlugin.Close()
+	}
+}
+
+func (pxy *BaseProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	pxy.HandleTCPWorkConnection(conn, m, []byte(pxy.clientCfg.Token))
+}
+
+// Common handler for tcp work connections.
+func (pxy *BaseProxy) HandleTCPWorkConnection(workConn net.Conn, m *msg.StartWorkConn, encKey []byte) {
+	xl := pxy.xl
+	baseConfig := pxy.baseProxyConfig
+	var (
+		remote io.ReadWriteCloser
+		err    error
+	)
+	remote = workConn
+	if pxy.limiter != nil {
+		remote = libio.WrapReadWriteCloser(limit.NewReader(workConn, pxy.limiter), limit.NewWriter(workConn, pxy.limiter), func() error {
+			return workConn.Close()
+		})
+	}
+
+	xl.Trace("handle tcp work connection, use_encryption: %t, use_compression: %t",
+		baseConfig.UseEncryption, baseConfig.UseCompression)
+	if baseConfig.UseEncryption {
+		remote, err = libio.WithEncryption(remote, encKey)
+		if err != nil {
+			workConn.Close()
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if baseConfig.UseCompression {
+		remote = libio.WithCompression(remote)
+	}
+
+	// check if we need to send proxy protocol info
+	var extraInfo []byte
+	if baseConfig.ProxyProtocolVersion != "" {
+		if m.SrcAddr != "" && m.SrcPort != 0 {
+			if m.DstAddr == "" {
+				m.DstAddr = "127.0.0.1"
+			}
+			srcAddr, _ := net.ResolveTCPAddr("tcp", net.JoinHostPort(m.SrcAddr, strconv.Itoa(int(m.SrcPort))))
+			dstAddr, _ := net.ResolveTCPAddr("tcp", net.JoinHostPort(m.DstAddr, strconv.Itoa(int(m.DstPort))))
+			h := &pp.Header{
+				Command:         pp.PROXY,
+				SourceAddr:      srcAddr,
+				DestinationAddr: dstAddr,
+			}
+
+			if strings.Contains(m.SrcAddr, ".") {
+				h.TransportProtocol = pp.TCPv4
+			} else {
+				h.TransportProtocol = pp.TCPv6
+			}
+
+			if baseConfig.ProxyProtocolVersion == "v1" {
+				h.Version = 1
+			} else if baseConfig.ProxyProtocolVersion == "v2" {
+				h.Version = 2
+			}
+
+			buf := bytes.NewBuffer(nil)
+			_, _ = h.WriteTo(buf)
+			extraInfo = buf.Bytes()
+		}
+	}
+
+	if pxy.proxyPlugin != nil {
+		// if plugin is set, let plugin handle connection first
+		xl.Debug("handle by plugin: %s", pxy.proxyPlugin.Name())
+		pxy.proxyPlugin.Handle(remote, workConn, extraInfo)
+		xl.Debug("handle by plugin finished")
+		return
+	}
+
+	localConn, err := libdial.Dial(
+		net.JoinHostPort(baseConfig.LocalIP, strconv.Itoa(baseConfig.LocalPort)),
+		libdial.WithTimeout(10*time.Second),
+	)
+	if err != nil {
+		workConn.Close()
+		xl.Error("connect to local service [%s:%d] error: %v", baseConfig.LocalIP, baseConfig.LocalPort, err)
+		return
+	}
+
+	xl.Debug("join connections, localConn(l[%s] r[%s]) workConn(l[%s] r[%s])", localConn.LocalAddr().String(),
+		localConn.RemoteAddr().String(), workConn.LocalAddr().String(), workConn.RemoteAddr().String())
+
+	if len(extraInfo) > 0 {
+		if _, err := localConn.Write(extraInfo); err != nil {
+			workConn.Close()
+			xl.Error("write extraInfo to local conn error: %v", err)
+			return
+		}
+	}
+
+	_, _, errs := libio.Join(localConn, remote)
+	xl.Debug("join connections closed")
+	if len(errs) > 0 {
+		xl.Trace("join connections errors: %v", errs)
+	}
+}

client/proxy/proxy_manager.go

@@ -0,0 +1,152 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"reflect"
+	"sync"
+
+	"github.com/fatedier/frp/client/event"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+type Manager struct {
+	proxies        map[string]*Wrapper
+	msgTransporter transport.MessageTransporter
+
+	closed bool
+	mu     sync.RWMutex
+
+	clientCfg config.ClientCommonConf
+
+	ctx context.Context
+}
+
+func NewManager(
+	ctx context.Context,
+	clientCfg config.ClientCommonConf,
+	msgTransporter transport.MessageTransporter,
+) *Manager {
+	return &Manager{
+		proxies:        make(map[string]*Wrapper),
+		msgTransporter: msgTransporter,
+		closed:         false,
+		clientCfg:      clientCfg,
+		ctx:            ctx,
+	}
+}
+
+func (pm *Manager) StartProxy(name string, remoteAddr string, serverRespErr string) error {
+	pm.mu.RLock()
+	pxy, ok := pm.proxies[name]
+	pm.mu.RUnlock()
+	if !ok {
+		return fmt.Errorf("proxy [%s] not found", name)
+	}
+
+	err := pxy.SetRunningStatus(remoteAddr, serverRespErr)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (pm *Manager) Close() {
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+	for _, pxy := range pm.proxies {
+		pxy.Stop()
+	}
+	pm.proxies = make(map[string]*Wrapper)
+}
+
+func (pm *Manager) HandleWorkConn(name string, workConn net.Conn, m *msg.StartWorkConn) {
+	pm.mu.RLock()
+	pw, ok := pm.proxies[name]
+	pm.mu.RUnlock()
+	if ok {
+		pw.InWorkConn(workConn, m)
+	} else {
+		workConn.Close()
+	}
+}
+
+func (pm *Manager) HandleEvent(payload interface{}) error {
+	var m msg.Message
+	switch e := payload.(type) {
+	case *event.StartProxyPayload:
+		m = e.NewProxyMsg
+	case *event.CloseProxyPayload:
+		m = e.CloseProxyMsg
+	default:
+		return event.ErrPayloadType
+	}
+
+	return pm.msgTransporter.Send(m)
+}
+
+func (pm *Manager) GetAllProxyStatus() []*WorkingStatus {
+	ps := make([]*WorkingStatus, 0)
+	pm.mu.RLock()
+	defer pm.mu.RUnlock()
+	for _, pxy := range pm.proxies {
+		ps = append(ps, pxy.GetStatus())
+	}
+	return ps
+}
+
+func (pm *Manager) Reload(pxyCfgs map[string]config.ProxyConf) {
+	xl := xlog.FromContextSafe(pm.ctx)
+	pm.mu.Lock()
+	defer pm.mu.Unlock()
+
+	delPxyNames := make([]string, 0)
+	for name, pxy := range pm.proxies {
+		del := false
+		cfg, ok := pxyCfgs[name]
+		if !ok || !reflect.DeepEqual(pxy.Cfg, cfg) {
+			del = true
+		}
+
+		if del {
+			delPxyNames = append(delPxyNames, name)
+			delete(pm.proxies, name)
+			pxy.Stop()
+		}
+	}
+	if len(delPxyNames) > 0 {
+		xl.Info("proxy removed: %s", delPxyNames)
+	}
+
+	addPxyNames := make([]string, 0)
+	for name, cfg := range pxyCfgs {
+		if _, ok := pm.proxies[name]; !ok {
+			pxy := NewWrapper(pm.ctx, cfg, pm.clientCfg, pm.HandleEvent, pm.msgTransporter)
+			pm.proxies[name] = pxy
+			addPxyNames = append(addPxyNames, name)
+
+			pxy.Start()
+		}
+	}
+	if len(addPxyNames) > 0 {
+		xl.Info("proxy added: %s", addPxyNames)
+	}
+}

client/proxy/proxy_wrapper.go

@@ -0,0 +1,274 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/fatedier/golib/errors"
+
+	"github.com/fatedier/frp/client/event"
+	"github.com/fatedier/frp/client/health"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+const (
+	ProxyPhaseNew         = "new"
+	ProxyPhaseWaitStart   = "wait start"
+	ProxyPhaseStartErr    = "start error"
+	ProxyPhaseRunning     = "running"
+	ProxyPhaseCheckFailed = "check failed"
+	ProxyPhaseClosed      = "closed"
+)
+
+var (
+	statusCheckInterval = 3 * time.Second
+	waitResponseTimeout = 20 * time.Second
+	startErrTimeout     = 30 * time.Second
+)
+
+type WorkingStatus struct {
+	Name  string           `json:"name"`
+	Type  string           `json:"type"`
+	Phase string           `json:"status"`
+	Err   string           `json:"err"`
+	Cfg   config.ProxyConf `json:"cfg"`
+
+	// Got from server.
+	RemoteAddr string `json:"remote_addr"`
+}
+
+type Wrapper struct {
+	WorkingStatus
+
+	// underlying proxy
+	pxy Proxy
+
+	// if ProxyConf has healcheck config
+	// monitor will watch if it is alive
+	monitor *health.Monitor
+
+	// event handler
+	handler event.Handler
+
+	msgTransporter transport.MessageTransporter
+
+	health           uint32
+	lastSendStartMsg time.Time
+	lastStartErr     time.Time
+	closeCh          chan struct{}
+	healthNotifyCh   chan struct{}
+	mu               sync.RWMutex
+
+	xl  *xlog.Logger
+	ctx context.Context
+}
+
+func NewWrapper(
+	ctx context.Context,
+	cfg config.ProxyConf,
+	clientCfg config.ClientCommonConf,
+	eventHandler event.Handler,
+	msgTransporter transport.MessageTransporter,
+) *Wrapper {
+	baseInfo := cfg.GetBaseConfig()
+	xl := xlog.FromContextSafe(ctx).Spawn().AppendPrefix(baseInfo.ProxyName)
+	pw := &Wrapper{
+		WorkingStatus: WorkingStatus{
+			Name:  baseInfo.ProxyName,
+			Type:  baseInfo.ProxyType,
+			Phase: ProxyPhaseNew,
+			Cfg:   cfg,
+		},
+		closeCh:        make(chan struct{}),
+		healthNotifyCh: make(chan struct{}),
+		handler:        eventHandler,
+		msgTransporter: msgTransporter,
+		xl:             xl,
+		ctx:            xlog.NewContext(ctx, xl),
+	}
+
+	if baseInfo.HealthCheckType != "" {
+		pw.health = 1 // means failed
+		pw.monitor = health.NewMonitor(pw.ctx, baseInfo.HealthCheckType, baseInfo.HealthCheckIntervalS,
+			baseInfo.HealthCheckTimeoutS, baseInfo.HealthCheckMaxFailed, baseInfo.HealthCheckAddr,
+			baseInfo.HealthCheckURL, pw.statusNormalCallback, pw.statusFailedCallback)
+		xl.Trace("enable health check monitor")
+	}
+
+	pw.pxy = NewProxy(pw.ctx, pw.Cfg, clientCfg, pw.msgTransporter)
+	return pw
+}
+
+func (pw *Wrapper) SetRunningStatus(remoteAddr string, respErr string) error {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	if pw.Phase != ProxyPhaseWaitStart {
+		return fmt.Errorf("status not wait start, ignore start message")
+	}
+
+	pw.RemoteAddr = remoteAddr
+	if respErr != "" {
+		pw.Phase = ProxyPhaseStartErr
+		pw.Err = respErr
+		pw.lastStartErr = time.Now()
+		return fmt.Errorf(pw.Err)
+	}
+
+	if err := pw.pxy.Run(); err != nil {
+		pw.close()
+		pw.Phase = ProxyPhaseStartErr
+		pw.Err = err.Error()
+		pw.lastStartErr = time.Now()
+		return err
+	}
+
+	pw.Phase = ProxyPhaseRunning
+	pw.Err = ""
+	return nil
+}
+
+func (pw *Wrapper) Start() {
+	go pw.checkWorker()
+	if pw.monitor != nil {
+		go pw.monitor.Start()
+	}
+}
+
+func (pw *Wrapper) Stop() {
+	pw.mu.Lock()
+	defer pw.mu.Unlock()
+	close(pw.closeCh)
+	close(pw.healthNotifyCh)
+	pw.pxy.Close()
+	if pw.monitor != nil {
+		pw.monitor.Stop()
+	}
+	pw.Phase = ProxyPhaseClosed
+	pw.close()
+}
+
+func (pw *Wrapper) close() {
+	_ = pw.handler(&event.CloseProxyPayload{
+		CloseProxyMsg: &msg.CloseProxy{
+			ProxyName: pw.Name,
+		},
+	})
+}
+
+func (pw *Wrapper) checkWorker() {
+	xl := pw.xl
+	if pw.monitor != nil {
+		// let monitor do check request first
+		time.Sleep(500 * time.Millisecond)
+	}
+	for {
+		// check proxy status
+		now := time.Now()
+		if atomic.LoadUint32(&pw.health) == 0 {
+			pw.mu.Lock()
+			if pw.Phase == ProxyPhaseNew ||
+				pw.Phase == ProxyPhaseCheckFailed ||
+				(pw.Phase == ProxyPhaseWaitStart && now.After(pw.lastSendStartMsg.Add(waitResponseTimeout))) ||
+				(pw.Phase == ProxyPhaseStartErr && now.After(pw.lastStartErr.Add(startErrTimeout))) {
+
+				xl.Trace("change status from [%s] to [%s]", pw.Phase, ProxyPhaseWaitStart)
+				pw.Phase = ProxyPhaseWaitStart
+
+				var newProxyMsg msg.NewProxy
+				pw.Cfg.MarshalToMsg(&newProxyMsg)
+				pw.lastSendStartMsg = now
+				_ = pw.handler(&event.StartProxyPayload{
+					NewProxyMsg: &newProxyMsg,
+				})
+			}
+			pw.mu.Unlock()
+		} else {
+			pw.mu.Lock()
+			if pw.Phase == ProxyPhaseRunning || pw.Phase == ProxyPhaseWaitStart {
+				pw.close()
+				xl.Trace("change status from [%s] to [%s]", pw.Phase, ProxyPhaseCheckFailed)
+				pw.Phase = ProxyPhaseCheckFailed
+			}
+			pw.mu.Unlock()
+		}
+
+		select {
+		case <-pw.closeCh:
+			return
+		case <-time.After(statusCheckInterval):
+		case <-pw.healthNotifyCh:
+		}
+	}
+}
+
+func (pw *Wrapper) statusNormalCallback() {
+	xl := pw.xl
+	atomic.StoreUint32(&pw.health, 0)
+	_ = errors.PanicToError(func() {
+		select {
+		case pw.healthNotifyCh <- struct{}{}:
+		default:
+		}
+	})
+	xl.Info("health check success")
+}
+
+func (pw *Wrapper) statusFailedCallback() {
+	xl := pw.xl
+	atomic.StoreUint32(&pw.health, 1)
+	_ = errors.PanicToError(func() {
+		select {
+		case pw.healthNotifyCh <- struct{}{}:
+		default:
+		}
+	})
+	xl.Info("health check failed")
+}
+
+func (pw *Wrapper) InWorkConn(workConn net.Conn, m *msg.StartWorkConn) {
+	xl := pw.xl
+	pw.mu.RLock()
+	pxy := pw.pxy
+	pw.mu.RUnlock()
+	if pxy != nil && pw.Phase == ProxyPhaseRunning {
+		xl.Debug("start a new work connection, localAddr: %s remoteAddr: %s", workConn.LocalAddr().String(), workConn.RemoteAddr().String())
+		go pxy.InWorkConn(workConn, m)
+	} else {
+		workConn.Close()
+	}
+}
+
+func (pw *Wrapper) GetStatus() *WorkingStatus {
+	pw.mu.RLock()
+	defer pw.mu.RUnlock()
+	ps := &WorkingStatus{
+		Name:       pw.Name,
+		Type:       pw.Type,
+		Phase:      pw.Phase,
+		Err:        pw.Err,
+		Cfg:        pw.Cfg,
+		RemoteAddr: pw.RemoteAddr,
+	}
+	return ps
+}

client/proxy/sudp.go

@@ -0,0 +1,207 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"io"
+	"net"
+	"reflect"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/fatedier/golib/errors"
+	libio "github.com/fatedier/golib/io"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/proto/udp"
+	"github.com/fatedier/frp/pkg/util/limit"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+)
+
+func init() {
+	RegisterProxyFactory(reflect.TypeOf(&config.SUDPProxyConf{}), NewSUDPProxy)
+}
+
+type SUDPProxy struct {
+	*BaseProxy
+
+	cfg *config.SUDPProxyConf
+
+	localAddr *net.UDPAddr
+
+	closeCh chan struct{}
+}
+
+func NewSUDPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+	unwrapped, ok := cfg.(*config.SUDPProxyConf)
+	if !ok {
+		return nil
+	}
+	return &SUDPProxy{
+		BaseProxy: baseProxy,
+		cfg:       unwrapped,
+		closeCh:   make(chan struct{}),
+	}
+}
+
+func (pxy *SUDPProxy) Run() (err error) {
+	pxy.localAddr, err = net.ResolveUDPAddr("udp", net.JoinHostPort(pxy.cfg.LocalIP, strconv.Itoa(pxy.cfg.LocalPort)))
+	if err != nil {
+		return
+	}
+	return
+}
+
+func (pxy *SUDPProxy) Close() {
+	pxy.mu.Lock()
+	defer pxy.mu.Unlock()
+	select {
+	case <-pxy.closeCh:
+		return
+	default:
+		close(pxy.closeCh)
+	}
+}
+
+func (pxy *SUDPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	xl := pxy.xl
+	xl.Info("incoming a new work connection for sudp proxy, %s", conn.RemoteAddr().String())
+
+	var rwc io.ReadWriteCloser = conn
+	var err error
+	if pxy.limiter != nil {
+		rwc = libio.WrapReadWriteCloser(limit.NewReader(conn, pxy.limiter), limit.NewWriter(conn, pxy.limiter), func() error {
+			return conn.Close()
+		})
+	}
+	if pxy.cfg.UseEncryption {
+		rwc, err = libio.WithEncryption(rwc, []byte(pxy.clientCfg.Token))
+		if err != nil {
+			conn.Close()
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if pxy.cfg.UseCompression {
+		rwc = libio.WithCompression(rwc)
+	}
+	conn = utilnet.WrapReadWriteCloserToConn(rwc, conn)
+
+	workConn := conn
+	readCh := make(chan *msg.UDPPacket, 1024)
+	sendCh := make(chan msg.Message, 1024)
+	isClose := false
+
+	mu := &sync.Mutex{}
+
+	closeFn := func() {
+		mu.Lock()
+		defer mu.Unlock()
+		if isClose {
+			return
+		}
+
+		isClose = true
+		if workConn != nil {
+			workConn.Close()
+		}
+		close(readCh)
+		close(sendCh)
+	}
+
+	// udp service <- frpc <- frps <- frpc visitor <- user
+	workConnReaderFn := func(conn net.Conn, readCh chan *msg.UDPPacket) {
+		defer closeFn()
+
+		for {
+			// first to check sudp proxy is closed or not
+			select {
+			case <-pxy.closeCh:
+				xl.Trace("frpc sudp proxy is closed")
+				return
+			default:
+			}
+
+			var udpMsg msg.UDPPacket
+			if errRet := msg.ReadMsgInto(conn, &udpMsg); errRet != nil {
+				xl.Warn("read from workConn for sudp error: %v", errRet)
+				return
+			}
+
+			if errRet := errors.PanicToError(func() {
+				readCh <- &udpMsg
+			}); errRet != nil {
+				xl.Warn("reader goroutine for sudp work connection closed: %v", errRet)
+				return
+			}
+		}
+	}
+
+	// udp service -> frpc -> frps -> frpc visitor -> user
+	workConnSenderFn := func(conn net.Conn, sendCh chan msg.Message) {
+		defer func() {
+			closeFn()
+			xl.Info("writer goroutine for sudp work connection closed")
+		}()
+
+		var errRet error
+		for rawMsg := range sendCh {
+			switch m := rawMsg.(type) {
+			case *msg.UDPPacket:
+				xl.Trace("frpc send udp package to frpc visitor, [udp local: %v, remote: %v], [tcp work conn local: %v, remote: %v]",
+					m.LocalAddr.String(), m.RemoteAddr.String(), conn.LocalAddr().String(), conn.RemoteAddr().String())
+			case *msg.Ping:
+				xl.Trace("frpc send ping message to frpc visitor")
+			}
+
+			if errRet = msg.WriteMsg(conn, rawMsg); errRet != nil {
+				xl.Error("sudp work write error: %v", errRet)
+				return
+			}
+		}
+	}
+
+	heartbeatFn := func(sendCh chan msg.Message) {
+		ticker := time.NewTicker(30 * time.Second)
+		defer func() {
+			ticker.Stop()
+			closeFn()
+		}()
+
+		var errRet error
+		for {
+			select {
+			case <-ticker.C:
+				if errRet = errors.PanicToError(func() {
+					sendCh <- &msg.Ping{}
+				}); errRet != nil {
+					xl.Warn("heartbeat goroutine for sudp work connection closed")
+					return
+				}
+			case <-pxy.closeCh:
+				xl.Trace("frpc sudp proxy is closed")
+				return
+			}
+		}
+	}
+
+	go workConnSenderFn(workConn, sendCh)
+	go workConnReaderFn(workConn, readCh)
+	go heartbeatFn(sendCh)
+
+	udp.Forwarder(pxy.localAddr, readCh, sendCh, int(pxy.clientCfg.UDPPacketSize))
+}

client/proxy/udp.go

@@ -0,0 +1,173 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"io"
+	"net"
+	"reflect"
+	"strconv"
+	"time"
+
+	"github.com/fatedier/golib/errors"
+	libio "github.com/fatedier/golib/io"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/proto/udp"
+	"github.com/fatedier/frp/pkg/util/limit"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+)
+
+func init() {
+	RegisterProxyFactory(reflect.TypeOf(&config.UDPProxyConf{}), NewUDPProxy)
+}
+
+type UDPProxy struct {
+	*BaseProxy
+
+	cfg *config.UDPProxyConf
+
+	localAddr *net.UDPAddr
+	readCh    chan *msg.UDPPacket
+
+	// include msg.UDPPacket and msg.Ping
+	sendCh   chan msg.Message
+	workConn net.Conn
+	closed   bool
+}
+
+func NewUDPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+	unwrapped, ok := cfg.(*config.UDPProxyConf)
+	if !ok {
+		return nil
+	}
+	return &UDPProxy{
+		BaseProxy: baseProxy,
+		cfg:       unwrapped,
+	}
+}
+
+func (pxy *UDPProxy) Run() (err error) {
+	pxy.localAddr, err = net.ResolveUDPAddr("udp", net.JoinHostPort(pxy.cfg.LocalIP, strconv.Itoa(pxy.cfg.LocalPort)))
+	if err != nil {
+		return
+	}
+	return
+}
+
+func (pxy *UDPProxy) Close() {
+	pxy.mu.Lock()
+	defer pxy.mu.Unlock()
+
+	if !pxy.closed {
+		pxy.closed = true
+		if pxy.workConn != nil {
+			pxy.workConn.Close()
+		}
+		if pxy.readCh != nil {
+			close(pxy.readCh)
+		}
+		if pxy.sendCh != nil {
+			close(pxy.sendCh)
+		}
+	}
+}
+
+func (pxy *UDPProxy) InWorkConn(conn net.Conn, m *msg.StartWorkConn) {
+	xl := pxy.xl
+	xl.Info("incoming a new work connection for udp proxy, %s", conn.RemoteAddr().String())
+	// close resources releated with old workConn
+	pxy.Close()
+
+	var rwc io.ReadWriteCloser = conn
+	var err error
+	if pxy.limiter != nil {
+		rwc = libio.WrapReadWriteCloser(limit.NewReader(conn, pxy.limiter), limit.NewWriter(conn, pxy.limiter), func() error {
+			return conn.Close()
+		})
+	}
+	if pxy.cfg.UseEncryption {
+		rwc, err = libio.WithEncryption(rwc, []byte(pxy.clientCfg.Token))
+		if err != nil {
+			conn.Close()
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if pxy.cfg.UseCompression {
+		rwc = libio.WithCompression(rwc)
+	}
+	conn = utilnet.WrapReadWriteCloserToConn(rwc, conn)
+
+	pxy.mu.Lock()
+	pxy.workConn = conn
+	pxy.readCh = make(chan *msg.UDPPacket, 1024)
+	pxy.sendCh = make(chan msg.Message, 1024)
+	pxy.closed = false
+	pxy.mu.Unlock()
+
+	workConnReaderFn := func(conn net.Conn, readCh chan *msg.UDPPacket) {
+		for {
+			var udpMsg msg.UDPPacket
+			if errRet := msg.ReadMsgInto(conn, &udpMsg); errRet != nil {
+				xl.Warn("read from workConn for udp error: %v", errRet)
+				return
+			}
+			if errRet := errors.PanicToError(func() {
+				xl.Trace("get udp package from workConn: %s", udpMsg.Content)
+				readCh <- &udpMsg
+			}); errRet != nil {
+				xl.Info("reader goroutine for udp work connection closed: %v", errRet)
+				return
+			}
+		}
+	}
+	workConnSenderFn := func(conn net.Conn, sendCh chan msg.Message) {
+		defer func() {
+			xl.Info("writer goroutine for udp work connection closed")
+		}()
+		var errRet error
+		for rawMsg := range sendCh {
+			switch m := rawMsg.(type) {
+			case *msg.UDPPacket:
+				xl.Trace("send udp package to workConn: %s", m.Content)
+			case *msg.Ping:
+				xl.Trace("send ping message to udp workConn")
+			}
+			if errRet = msg.WriteMsg(conn, rawMsg); errRet != nil {
+				xl.Error("udp work write error: %v", errRet)
+				return
+			}
+		}
+	}
+	heartbeatFn := func(sendCh chan msg.Message) {
+		var errRet error
+		for {
+			time.Sleep(time.Duration(30) * time.Second)
+			if errRet = errors.PanicToError(func() {
+				sendCh <- &msg.Ping{}
+			}); errRet != nil {
+				xl.Trace("heartbeat goroutine for udp work connection closed")
+				break
+			}
+		}
+	}
+
+	go workConnSenderFn(pxy.workConn, pxy.sendCh)
+	go workConnReaderFn(pxy.workConn, pxy.readCh)
+	go heartbeatFn(pxy.sendCh)
+	udp.Forwarder(pxy.localAddr, pxy.readCh, pxy.sendCh, int(pxy.clientCfg.UDPPacketSize))
+}

client/proxy/xtcp.go

@@ -0,0 +1,197 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"io"
+	"net"
+	"reflect"
+	"time"
+
+	fmux "github.com/hashicorp/yamux"
+	"github.com/quic-go/quic-go"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/nathole"
+	"github.com/fatedier/frp/pkg/transport"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+)
+
+func init() {
+	RegisterProxyFactory(reflect.TypeOf(&config.XTCPProxyConf{}), NewXTCPProxy)
+}
+
+type XTCPProxy struct {
+	*BaseProxy
+
+	cfg *config.XTCPProxyConf
+}
+
+func NewXTCPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+	unwrapped, ok := cfg.(*config.XTCPProxyConf)
+	if !ok {
+		return nil
+	}
+	return &XTCPProxy{
+		BaseProxy: baseProxy,
+		cfg:       unwrapped,
+	}
+}
+
+func (pxy *XTCPProxy) InWorkConn(conn net.Conn, startWorkConnMsg *msg.StartWorkConn) {
+	xl := pxy.xl
+	defer conn.Close()
+	var natHoleSidMsg msg.NatHoleSid
+	err := msg.ReadMsgInto(conn, &natHoleSidMsg)
+	if err != nil {
+		xl.Error("xtcp read from workConn error: %v", err)
+		return
+	}
+
+	xl.Trace("nathole prepare start")
+	prepareResult, err := nathole.Prepare([]string{pxy.clientCfg.NatHoleSTUNServer})
+	if err != nil {
+		xl.Warn("nathole prepare error: %v", err)
+		return
+	}
+	xl.Info("nathole prepare success, nat type: %s, behavior: %s, addresses: %v, assistedAddresses: %v",
+		prepareResult.NatType, prepareResult.Behavior, prepareResult.Addrs, prepareResult.AssistedAddrs)
+	defer prepareResult.ListenConn.Close()
+
+	// send NatHoleClient msg to server
+	transactionID := nathole.NewTransactionID()
+	natHoleClientMsg := &msg.NatHoleClient{
+		TransactionID: transactionID,
+		ProxyName:     pxy.cfg.ProxyName,
+		Sid:           natHoleSidMsg.Sid,
+		MappedAddrs:   prepareResult.Addrs,
+		AssistedAddrs: prepareResult.AssistedAddrs,
+	}
+
+	xl.Trace("nathole exchange info start")
+	natHoleRespMsg, err := nathole.ExchangeInfo(pxy.ctx, pxy.msgTransporter, transactionID, natHoleClientMsg, 5*time.Second)
+	if err != nil {
+		xl.Warn("nathole exchange info error: %v", err)
+		return
+	}
+
+	xl.Info("get natHoleRespMsg, sid [%s], protocol [%s], candidate address %v, assisted address %v, detectBehavior: %+v",
+		natHoleRespMsg.Sid, natHoleRespMsg.Protocol, natHoleRespMsg.CandidateAddrs,
+		natHoleRespMsg.AssistedAddrs, natHoleRespMsg.DetectBehavior)
+
+	listenConn := prepareResult.ListenConn
+	newListenConn, raddr, err := nathole.MakeHole(pxy.ctx, listenConn, natHoleRespMsg, []byte(pxy.cfg.Sk))
+	if err != nil {
+		listenConn.Close()
+		xl.Warn("make hole error: %v", err)
+		_ = pxy.msgTransporter.Send(&msg.NatHoleReport{
+			Sid:     natHoleRespMsg.Sid,
+			Success: false,
+		})
+		return
+	}
+	listenConn = newListenConn
+	xl.Info("establishing nat hole connection successful, sid [%s], remoteAddr [%s]", natHoleRespMsg.Sid, raddr)
+
+	_ = pxy.msgTransporter.Send(&msg.NatHoleReport{
+		Sid:     natHoleRespMsg.Sid,
+		Success: true,
+	})
+
+	if natHoleRespMsg.Protocol == "kcp" {
+		pxy.listenByKCP(listenConn, raddr, startWorkConnMsg)
+		return
+	}
+
+	// default is quic
+	pxy.listenByQUIC(listenConn, raddr, startWorkConnMsg)
+}
+
+func (pxy *XTCPProxy) listenByKCP(listenConn *net.UDPConn, raddr *net.UDPAddr, startWorkConnMsg *msg.StartWorkConn) {
+	xl := pxy.xl
+	listenConn.Close()
+	laddr, _ := net.ResolveUDPAddr("udp", listenConn.LocalAddr().String())
+	lConn, err := net.DialUDP("udp", laddr, raddr)
+	if err != nil {
+		xl.Warn("dial udp error: %v", err)
+		return
+	}
+	defer lConn.Close()
+
+	remote, err := utilnet.NewKCPConnFromUDP(lConn, true, raddr.String())
+	if err != nil {
+		xl.Warn("create kcp connection from udp connection error: %v", err)
+		return
+	}
+
+	fmuxCfg := fmux.DefaultConfig()
+	fmuxCfg.KeepAliveInterval = 10 * time.Second
+	fmuxCfg.MaxStreamWindowSize = 6 * 1024 * 1024
+	fmuxCfg.LogOutput = io.Discard
+	session, err := fmux.Server(remote, fmuxCfg)
+	if err != nil {
+		xl.Error("create mux session error: %v", err)
+		return
+	}
+	defer session.Close()
+
+	for {
+		muxConn, err := session.Accept()
+		if err != nil {
+			xl.Error("accept connection error: %v", err)
+			return
+		}
+		go pxy.HandleTCPWorkConnection(muxConn, startWorkConnMsg, []byte(pxy.cfg.Sk))
+	}
+}
+
+func (pxy *XTCPProxy) listenByQUIC(listenConn *net.UDPConn, _ *net.UDPAddr, startWorkConnMsg *msg.StartWorkConn) {
+	xl := pxy.xl
+	defer listenConn.Close()
+
+	tlsConfig, err := transport.NewServerTLSConfig("", "", "")
+	if err != nil {
+		xl.Warn("create tls config error: %v", err)
+		return
+	}
+	tlsConfig.NextProtos = []string{"frp"}
+	quicListener, err := quic.Listen(listenConn, tlsConfig,
+		&quic.Config{
+			MaxIdleTimeout:     time.Duration(pxy.clientCfg.QUICMaxIdleTimeout) * time.Second,
+			MaxIncomingStreams: int64(pxy.clientCfg.QUICMaxIncomingStreams),
+			KeepAlivePeriod:    time.Duration(pxy.clientCfg.QUICKeepalivePeriod) * time.Second,
+		},
+	)
+	if err != nil {
+		xl.Warn("dial quic error: %v", err)
+		return
+	}
+	// only accept one connection from raddr
+	c, err := quicListener.Accept(pxy.ctx)
+	if err != nil {
+		xl.Error("quic accept connection error: %v", err)
+		return
+	}
+	for {
+		stream, err := c.AcceptStream(pxy.ctx)
+		if err != nil {
+			xl.Debug("quic accept stream error: %v", err)
+			_ = c.CloseWithError(0, "")
+			return
+		}
+		go pxy.HandleTCPWorkConnection(utilnet.QuicStreamToNetConn(stream, c), startWorkConnMsg, []byte(pxy.cfg.Sk))
+	}
+}

client/service.go

@@ -0,0 +1,488 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"fmt"
+	"io"
+	"math/rand"
+	"net"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/fatedier/golib/crypto"
+	libdial "github.com/fatedier/golib/net/dial"
+	fmux "github.com/hashicorp/yamux"
+	quic "github.com/quic-go/quic-go"
+
+	"github.com/fatedier/frp/assets"
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/log"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+	"github.com/fatedier/frp/pkg/util/util"
+	"github.com/fatedier/frp/pkg/util/version"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+func init() {
+	crypto.DefaultSalt = "frp"
+	// TODO: remove this when we drop support for go1.19
+	rand.Seed(time.Now().UnixNano())
+}
+
+// Service is a client service.
+type Service struct {
+	// uniq id got from frps, attach it in loginMsg
+	runID string
+
+	// manager control connection with server
+	ctl   *Control
+	ctlMu sync.RWMutex
+
+	// Sets authentication based on selected method
+	authSetter auth.Setter
+
+	cfg         config.ClientCommonConf
+	pxyCfgs     map[string]config.ProxyConf
+	visitorCfgs map[string]config.VisitorConf
+	cfgMu       sync.RWMutex
+
+	// The configuration file used to initialize this client, or an empty
+	// string if no configuration file was used.
+	cfgFile string
+
+	exit uint32 // 0 means not exit
+
+	// service context
+	ctx context.Context
+	// call cancel to stop service
+	cancel context.CancelFunc
+}
+
+func NewService(
+	cfg config.ClientCommonConf,
+	pxyCfgs map[string]config.ProxyConf,
+	visitorCfgs map[string]config.VisitorConf,
+	cfgFile string,
+) (svr *Service, err error) {
+	ctx, cancel := context.WithCancel(context.Background())
+	svr = &Service{
+		authSetter:  auth.NewAuthSetter(cfg.ClientConfig),
+		cfg:         cfg,
+		cfgFile:     cfgFile,
+		pxyCfgs:     pxyCfgs,
+		visitorCfgs: visitorCfgs,
+		exit:        0,
+		ctx:         xlog.NewContext(ctx, xlog.New()),
+		cancel:      cancel,
+	}
+	return
+}
+
+func (svr *Service) GetController() *Control {
+	svr.ctlMu.RLock()
+	defer svr.ctlMu.RUnlock()
+	return svr.ctl
+}
+
+func (svr *Service) Run() error {
+	xl := xlog.FromContextSafe(svr.ctx)
+
+	// set custom DNSServer
+	if svr.cfg.DNSServer != "" {
+		dnsAddr := svr.cfg.DNSServer
+		if _, _, err := net.SplitHostPort(dnsAddr); err != nil {
+			dnsAddr = net.JoinHostPort(dnsAddr, "53")
+		}
+		// Change default dns server for frpc
+		net.DefaultResolver = &net.Resolver{
+			PreferGo: true,
+			Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
+				return net.Dial("udp", dnsAddr)
+			},
+		}
+	}
+
+	// login to frps
+	for {
+		conn, cm, err := svr.login()
+		if err != nil {
+			xl.Warn("login to server failed: %v", err)
+
+			// if login_fail_exit is true, just exit this program
+			// otherwise sleep a while and try again to connect to server
+			if svr.cfg.LoginFailExit {
+				return err
+			}
+			util.RandomSleep(10*time.Second, 0.9, 1.1)
+		} else {
+			// login success
+			ctl := NewControl(svr.ctx, svr.runID, conn, cm, svr.cfg, svr.pxyCfgs, svr.visitorCfgs, svr.authSetter)
+			ctl.Run()
+			svr.ctlMu.Lock()
+			svr.ctl = ctl
+			svr.ctlMu.Unlock()
+			break
+		}
+	}
+
+	go svr.keepControllerWorking()
+
+	if svr.cfg.AdminPort != 0 {
+		// Init admin server assets
+		assets.Load(svr.cfg.AssetsDir)
+
+		address := net.JoinHostPort(svr.cfg.AdminAddr, strconv.Itoa(svr.cfg.AdminPort))
+		err := svr.RunAdminServer(address)
+		if err != nil {
+			log.Warn("run admin server error: %v", err)
+		}
+		log.Info("admin server listen on %s:%d", svr.cfg.AdminAddr, svr.cfg.AdminPort)
+	}
+	<-svr.ctx.Done()
+	return nil
+}
+
+func (svr *Service) keepControllerWorking() {
+	xl := xlog.FromContextSafe(svr.ctx)
+	maxDelayTime := 20 * time.Second
+	delayTime := time.Second
+
+	// if frpc reconnect frps, we need to limit retry times in 1min
+	// current retry logic is sleep 0s, 0s, 0s, 1s, 2s, 4s, 8s, ...
+	// when exceed 1min, we will reset delay and counts
+	cutoffTime := time.Now().Add(time.Minute)
+	reconnectDelay := time.Second
+	reconnectCounts := 1
+
+	for {
+		<-svr.ctl.ClosedDoneCh()
+		if atomic.LoadUint32(&svr.exit) != 0 {
+			return
+		}
+
+		// the first three retry with no delay
+		if reconnectCounts > 3 {
+			util.RandomSleep(reconnectDelay, 0.9, 1.1)
+			xl.Info("wait %v to reconnect", reconnectDelay)
+			reconnectDelay *= 2
+		} else {
+			util.RandomSleep(time.Second, 0, 0.5)
+		}
+		reconnectCounts++
+
+		now := time.Now()
+		if now.After(cutoffTime) {
+			// reset
+			cutoffTime = now.Add(time.Minute)
+			reconnectDelay = time.Second
+			reconnectCounts = 1
+		}
+
+		for {
+			if atomic.LoadUint32(&svr.exit) != 0 {
+				return
+			}
+
+			xl.Info("try to reconnect to server...")
+			conn, cm, err := svr.login()
+			if err != nil {
+				xl.Warn("reconnect to server error: %v, wait %v for another retry", err, delayTime)
+				util.RandomSleep(delayTime, 0.9, 1.1)
+
+				delayTime *= 2
+				if delayTime > maxDelayTime {
+					delayTime = maxDelayTime
+				}
+				continue
+			}
+			// reconnect success, init delayTime
+			delayTime = time.Second
+
+			ctl := NewControl(svr.ctx, svr.runID, conn, cm, svr.cfg, svr.pxyCfgs, svr.visitorCfgs, svr.authSetter)
+			ctl.Run()
+			svr.ctlMu.Lock()
+			if svr.ctl != nil {
+				svr.ctl.Close()
+			}
+			svr.ctl = ctl
+			svr.ctlMu.Unlock()
+			break
+		}
+	}
+}
+
+// login creates a connection to frps and registers it self as a client
+// conn: control connection
+// session: if it's not nil, using tcp mux
+func (svr *Service) login() (conn net.Conn, cm *ConnectionManager, err error) {
+	xl := xlog.FromContextSafe(svr.ctx)
+	cm = NewConnectionManager(svr.ctx, &svr.cfg)
+
+	if err = cm.OpenConnection(); err != nil {
+		return nil, nil, err
+	}
+
+	defer func() {
+		if err != nil {
+			cm.Close()
+		}
+	}()
+
+	conn, err = cm.Connect()
+	if err != nil {
+		return
+	}
+
+	loginMsg := &msg.Login{
+		Arch:      runtime.GOARCH,
+		Os:        runtime.GOOS,
+		PoolCount: svr.cfg.PoolCount,
+		User:      svr.cfg.User,
+		Version:   version.Full(),
+		Timestamp: time.Now().Unix(),
+		RunID:     svr.runID,
+		Metas:     svr.cfg.Metas,
+	}
+
+	// Add auth
+	if err = svr.authSetter.SetLogin(loginMsg); err != nil {
+		return
+	}
+
+	if err = msg.WriteMsg(conn, loginMsg); err != nil {
+		return
+	}
+
+	var loginRespMsg msg.LoginResp
+	_ = conn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	if err = msg.ReadMsgInto(conn, &loginRespMsg); err != nil {
+		return
+	}
+	_ = conn.SetReadDeadline(time.Time{})
+
+	if loginRespMsg.Error != "" {
+		err = fmt.Errorf("%s", loginRespMsg.Error)
+		xl.Error("%s", loginRespMsg.Error)
+		return
+	}
+
+	svr.runID = loginRespMsg.RunID
+	xl.ResetPrefixes()
+	xl.AppendPrefix(svr.runID)
+
+	xl.Info("login to server success, get run id [%s]", loginRespMsg.RunID)
+	return
+}
+
+func (svr *Service) ReloadConf(pxyCfgs map[string]config.ProxyConf, visitorCfgs map[string]config.VisitorConf) error {
+	svr.cfgMu.Lock()
+	svr.pxyCfgs = pxyCfgs
+	svr.visitorCfgs = visitorCfgs
+	svr.cfgMu.Unlock()
+
+	svr.ctlMu.RLock()
+	ctl := svr.ctl
+	svr.ctlMu.RUnlock()
+
+	if ctl != nil {
+		return svr.ctl.ReloadConf(pxyCfgs, visitorCfgs)
+	}
+	return nil
+}
+
+func (svr *Service) Close() {
+	svr.GracefulClose(time.Duration(0))
+}
+
+func (svr *Service) GracefulClose(d time.Duration) {
+	atomic.StoreUint32(&svr.exit, 1)
+
+	svr.ctlMu.RLock()
+	if svr.ctl != nil {
+		svr.ctl.GracefulClose(d)
+	}
+	svr.ctlMu.RUnlock()
+
+	svr.cancel()
+}
+
+type ConnectionManager struct {
+	ctx context.Context
+	cfg *config.ClientCommonConf
+
+	muxSession *fmux.Session
+	quicConn   quic.Connection
+}
+
+func NewConnectionManager(ctx context.Context, cfg *config.ClientCommonConf) *ConnectionManager {
+	return &ConnectionManager{
+		ctx: ctx,
+		cfg: cfg,
+	}
+}
+
+func (cm *ConnectionManager) OpenConnection() error {
+	xl := xlog.FromContextSafe(cm.ctx)
+
+	// special for quic
+	if strings.EqualFold(cm.cfg.Protocol, "quic") {
+		var tlsConfig *tls.Config
+		var err error
+		sn := cm.cfg.TLSServerName
+		if sn == "" {
+			sn = cm.cfg.ServerAddr
+		}
+		if cm.cfg.TLSEnable {
+			tlsConfig, err = transport.NewClientTLSConfig(
+				cm.cfg.TLSCertFile,
+				cm.cfg.TLSKeyFile,
+				cm.cfg.TLSTrustedCaFile,
+				sn)
+		} else {
+			tlsConfig, err = transport.NewClientTLSConfig("", "", "", sn)
+		}
+		if err != nil {
+			xl.Warn("fail to build tls configuration, err: %v", err)
+			return err
+		}
+		tlsConfig.NextProtos = []string{"frp"}
+
+		conn, err := quic.DialAddrContext(
+			cm.ctx,
+			net.JoinHostPort(cm.cfg.ServerAddr, strconv.Itoa(cm.cfg.ServerPort)),
+			tlsConfig, &quic.Config{
+				MaxIdleTimeout:     time.Duration(cm.cfg.QUICMaxIdleTimeout) * time.Second,
+				MaxIncomingStreams: int64(cm.cfg.QUICMaxIncomingStreams),
+				KeepAlivePeriod:    time.Duration(cm.cfg.QUICKeepalivePeriod) * time.Second,
+			})
+		if err != nil {
+			return err
+		}
+		cm.quicConn = conn
+		return nil
+	}
+
+	if !cm.cfg.TCPMux {
+		return nil
+	}
+
+	conn, err := cm.realConnect()
+	if err != nil {
+		return err
+	}
+
+	fmuxCfg := fmux.DefaultConfig()
+	fmuxCfg.KeepAliveInterval = time.Duration(cm.cfg.TCPMuxKeepaliveInterval) * time.Second
+	fmuxCfg.LogOutput = io.Discard
+	fmuxCfg.MaxStreamWindowSize = 6 * 1024 * 1024
+	session, err := fmux.Client(conn, fmuxCfg)
+	if err != nil {
+		return err
+	}
+	cm.muxSession = session
+	return nil
+}
+
+func (cm *ConnectionManager) Connect() (net.Conn, error) {
+	if cm.quicConn != nil {
+		stream, err := cm.quicConn.OpenStreamSync(context.Background())
+		if err != nil {
+			return nil, err
+		}
+		return utilnet.QuicStreamToNetConn(stream, cm.quicConn), nil
+	} else if cm.muxSession != nil {
+		stream, err := cm.muxSession.OpenStream()
+		if err != nil {
+			return nil, err
+		}
+		return stream, nil
+	}
+
+	return cm.realConnect()
+}
+
+func (cm *ConnectionManager) realConnect() (net.Conn, error) {
+	xl := xlog.FromContextSafe(cm.ctx)
+	var tlsConfig *tls.Config
+	var err error
+	if cm.cfg.TLSEnable {
+		sn := cm.cfg.TLSServerName
+		if sn == "" {
+			sn = cm.cfg.ServerAddr
+		}
+
+		tlsConfig, err = transport.NewClientTLSConfig(
+			cm.cfg.TLSCertFile,
+			cm.cfg.TLSKeyFile,
+			cm.cfg.TLSTrustedCaFile,
+			sn)
+		if err != nil {
+			xl.Warn("fail to build tls configuration, err: %v", err)
+			return nil, err
+		}
+	}
+
+	proxyType, addr, auth, err := libdial.ParseProxyURL(cm.cfg.HTTPProxy)
+	if err != nil {
+		xl.Error("fail to parse proxy url")
+		return nil, err
+	}
+	dialOptions := []libdial.DialOption{}
+	protocol := cm.cfg.Protocol
+	if protocol == "websocket" {
+		protocol = "tcp"
+		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{Hook: utilnet.DialHookWebsocket()}))
+	}
+	if cm.cfg.ConnectServerLocalIP != "" {
+		dialOptions = append(dialOptions, libdial.WithLocalAddr(cm.cfg.ConnectServerLocalIP))
+	}
+	dialOptions = append(dialOptions,
+		libdial.WithProtocol(protocol),
+		libdial.WithTimeout(time.Duration(cm.cfg.DialServerTimeout)*time.Second),
+		libdial.WithKeepAlive(time.Duration(cm.cfg.DialServerKeepAlive)*time.Second),
+		libdial.WithProxy(proxyType, addr),
+		libdial.WithProxyAuth(auth),
+		libdial.WithTLSConfig(tlsConfig),
+		libdial.WithAfterHook(libdial.AfterHook{
+			Hook: utilnet.DialHookCustomTLSHeadByte(tlsConfig != nil, cm.cfg.DisableCustomTLSFirstByte),
+		}),
+	)
+	conn, err := libdial.DialContext(
+		cm.ctx,
+		net.JoinHostPort(cm.cfg.ServerAddr, strconv.Itoa(cm.cfg.ServerPort)),
+		dialOptions...,
+	)
+	return conn, err
+}
+
+func (cm *ConnectionManager) Close() error {
+	if cm.quicConn != nil {
+		_ = cm.quicConn.CloseWithError(0, "")
+	}
+	if cm.muxSession != nil {
+		_ = cm.muxSession.Close()
+	}
+	return nil
+}

client/visitor/stcp.go

@@ -0,0 +1,133 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package visitor
+
+import (
+	"io"
+	"net"
+	"strconv"
+	"time"
+
+	libio "github.com/fatedier/golib/io"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/util/util"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+type STCPVisitor struct {
+	*BaseVisitor
+
+	cfg *config.STCPVisitorConf
+}
+
+func (sv *STCPVisitor) Run() (err error) {
+	if sv.cfg.BindPort > 0 {
+		sv.l, err = net.Listen("tcp", net.JoinHostPort(sv.cfg.BindAddr, strconv.Itoa(sv.cfg.BindPort)))
+		if err != nil {
+			return
+		}
+		go sv.worker()
+	}
+
+	go sv.internalConnWorker()
+	return
+}
+
+func (sv *STCPVisitor) Close() {
+	sv.BaseVisitor.Close()
+}
+
+func (sv *STCPVisitor) worker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.l.Accept()
+		if err != nil {
+			xl.Warn("stcp local listener closed")
+			return
+		}
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *STCPVisitor) internalConnWorker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.internalLn.Accept()
+		if err != nil {
+			xl.Warn("stcp internal listener closed")
+			return
+		}
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *STCPVisitor) handleConn(userConn net.Conn) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	defer userConn.Close()
+
+	xl.Debug("get a new stcp user connection")
+	visitorConn, err := sv.helper.ConnectServer()
+	if err != nil {
+		return
+	}
+	defer visitorConn.Close()
+
+	now := time.Now().Unix()
+	newVisitorConnMsg := &msg.NewVisitorConn{
+		RunID:          sv.helper.RunID(),
+		ProxyName:      sv.cfg.ServerName,
+		SignKey:        util.GetAuthKey(sv.cfg.Sk, now),
+		Timestamp:      now,
+		UseEncryption:  sv.cfg.UseEncryption,
+		UseCompression: sv.cfg.UseCompression,
+	}
+	err = msg.WriteMsg(visitorConn, newVisitorConnMsg)
+	if err != nil {
+		xl.Warn("send newVisitorConnMsg to server error: %v", err)
+		return
+	}
+
+	var newVisitorConnRespMsg msg.NewVisitorConnResp
+	_ = visitorConn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	err = msg.ReadMsgInto(visitorConn, &newVisitorConnRespMsg)
+	if err != nil {
+		xl.Warn("get newVisitorConnRespMsg error: %v", err)
+		return
+	}
+	_ = visitorConn.SetReadDeadline(time.Time{})
+
+	if newVisitorConnRespMsg.Error != "" {
+		xl.Warn("start new visitor connection error: %s", newVisitorConnRespMsg.Error)
+		return
+	}
+
+	var remote io.ReadWriteCloser
+	remote = visitorConn
+	if sv.cfg.UseEncryption {
+		remote, err = libio.WithEncryption(remote, []byte(sv.cfg.Sk))
+		if err != nil {
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+
+	if sv.cfg.UseCompression {
+		remote = libio.WithCompression(remote)
+	}
+
+	libio.Join(userConn, remote)
+}

client/visitor/sudp.go

@@ -0,0 +1,264 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package visitor
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/fatedier/golib/errors"
+	libio "github.com/fatedier/golib/io"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/proto/udp"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+	"github.com/fatedier/frp/pkg/util/util"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+type SUDPVisitor struct {
+	*BaseVisitor
+
+	checkCloseCh chan struct{}
+	// udpConn is the listener of udp packet
+	udpConn *net.UDPConn
+	readCh  chan *msg.UDPPacket
+	sendCh  chan *msg.UDPPacket
+
+	cfg *config.SUDPVisitorConf
+}
+
+// SUDP Run start listen a udp port
+func (sv *SUDPVisitor) Run() (err error) {
+	xl := xlog.FromContextSafe(sv.ctx)
+
+	addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(sv.cfg.BindAddr, strconv.Itoa(sv.cfg.BindPort)))
+	if err != nil {
+		return fmt.Errorf("sudp ResolveUDPAddr error: %v", err)
+	}
+
+	sv.udpConn, err = net.ListenUDP("udp", addr)
+	if err != nil {
+		return fmt.Errorf("listen udp port %s error: %v", addr.String(), err)
+	}
+
+	sv.sendCh = make(chan *msg.UDPPacket, 1024)
+	sv.readCh = make(chan *msg.UDPPacket, 1024)
+
+	xl.Info("sudp start to work, listen on %s", addr)
+
+	go sv.dispatcher()
+	go udp.ForwardUserConn(sv.udpConn, sv.readCh, sv.sendCh, int(sv.clientCfg.UDPPacketSize))
+
+	return
+}
+
+func (sv *SUDPVisitor) dispatcher() {
+	xl := xlog.FromContextSafe(sv.ctx)
+
+	var (
+		visitorConn net.Conn
+		err         error
+
+		firstPacket *msg.UDPPacket
+	)
+
+	for {
+		select {
+		case firstPacket = <-sv.sendCh:
+			if firstPacket == nil {
+				xl.Info("frpc sudp visitor proxy is closed")
+				return
+			}
+		case <-sv.checkCloseCh:
+			xl.Info("frpc sudp visitor proxy is closed")
+			return
+		}
+
+		visitorConn, err = sv.getNewVisitorConn()
+		if err != nil {
+			xl.Warn("newVisitorConn to frps error: %v, try to reconnect", err)
+			continue
+		}
+
+		// visitorConn always be closed when worker done.
+		sv.worker(visitorConn, firstPacket)
+
+		select {
+		case <-sv.checkCloseCh:
+			return
+		default:
+		}
+	}
+}
+
+func (sv *SUDPVisitor) worker(workConn net.Conn, firstPacket *msg.UDPPacket) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	xl.Debug("starting sudp proxy worker")
+
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+	closeCh := make(chan struct{})
+
+	// udp service -> frpc -> frps -> frpc visitor -> user
+	workConnReaderFn := func(conn net.Conn) {
+		defer func() {
+			conn.Close()
+			close(closeCh)
+			wg.Done()
+		}()
+
+		for {
+			var (
+				rawMsg msg.Message
+				errRet error
+			)
+
+			// frpc will send heartbeat in workConn to frpc visitor for keeping alive
+			_ = conn.SetReadDeadline(time.Now().Add(60 * time.Second))
+			if rawMsg, errRet = msg.ReadMsg(conn); errRet != nil {
+				xl.Warn("read from workconn for user udp conn error: %v", errRet)
+				return
+			}
+
+			_ = conn.SetReadDeadline(time.Time{})
+			switch m := rawMsg.(type) {
+			case *msg.Ping:
+				xl.Debug("frpc visitor get ping message from frpc")
+				continue
+			case *msg.UDPPacket:
+				if errRet := errors.PanicToError(func() {
+					sv.readCh <- m
+					xl.Trace("frpc visitor get udp packet from workConn: %s", m.Content)
+				}); errRet != nil {
+					xl.Info("reader goroutine for udp work connection closed")
+					return
+				}
+			}
+		}
+	}
+
+	// udp service <- frpc <- frps <- frpc visitor <- user
+	workConnSenderFn := func(conn net.Conn) {
+		defer func() {
+			conn.Close()
+			wg.Done()
+		}()
+
+		var errRet error
+		if firstPacket != nil {
+			if errRet = msg.WriteMsg(conn, firstPacket); errRet != nil {
+				xl.Warn("sender goroutine for udp work connection closed: %v", errRet)
+				return
+			}
+			xl.Trace("send udp package to workConn: %s", firstPacket.Content)
+		}
+
+		for {
+			select {
+			case udpMsg, ok := <-sv.sendCh:
+				if !ok {
+					xl.Info("sender goroutine for udp work connection closed")
+					return
+				}
+
+				if errRet = msg.WriteMsg(conn, udpMsg); errRet != nil {
+					xl.Warn("sender goroutine for udp work connection closed: %v", errRet)
+					return
+				}
+				xl.Trace("send udp package to workConn: %s", udpMsg.Content)
+			case <-closeCh:
+				return
+			}
+		}
+	}
+
+	go workConnReaderFn(workConn)
+	go workConnSenderFn(workConn)
+
+	wg.Wait()
+	xl.Info("sudp worker is closed")
+}
+
+func (sv *SUDPVisitor) getNewVisitorConn() (net.Conn, error) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	visitorConn, err := sv.helper.ConnectServer()
+	if err != nil {
+		return nil, fmt.Errorf("frpc connect frps error: %v", err)
+	}
+
+	now := time.Now().Unix()
+	newVisitorConnMsg := &msg.NewVisitorConn{
+		RunID:          sv.helper.RunID(),
+		ProxyName:      sv.cfg.ServerName,
+		SignKey:        util.GetAuthKey(sv.cfg.Sk, now),
+		Timestamp:      now,
+		UseEncryption:  sv.cfg.UseEncryption,
+		UseCompression: sv.cfg.UseCompression,
+	}
+	err = msg.WriteMsg(visitorConn, newVisitorConnMsg)
+	if err != nil {
+		return nil, fmt.Errorf("frpc send newVisitorConnMsg to frps error: %v", err)
+	}
+
+	var newVisitorConnRespMsg msg.NewVisitorConnResp
+	_ = visitorConn.SetReadDeadline(time.Now().Add(10 * time.Second))
+	err = msg.ReadMsgInto(visitorConn, &newVisitorConnRespMsg)
+	if err != nil {
+		return nil, fmt.Errorf("frpc read newVisitorConnRespMsg error: %v", err)
+	}
+	_ = visitorConn.SetReadDeadline(time.Time{})
+
+	if newVisitorConnRespMsg.Error != "" {
+		return nil, fmt.Errorf("start new visitor connection error: %s", newVisitorConnRespMsg.Error)
+	}
+
+	var remote io.ReadWriteCloser
+	remote = visitorConn
+	if sv.cfg.UseEncryption {
+		remote, err = libio.WithEncryption(remote, []byte(sv.cfg.Sk))
+		if err != nil {
+			xl.Error("create encryption stream error: %v", err)
+			return nil, err
+		}
+	}
+	if sv.cfg.UseCompression {
+		remote = libio.WithCompression(remote)
+	}
+	return utilnet.WrapReadWriteCloserToConn(remote, visitorConn), nil
+}
+
+func (sv *SUDPVisitor) Close() {
+	sv.mu.Lock()
+	defer sv.mu.Unlock()
+
+	select {
+	case <-sv.checkCloseCh:
+		return
+	default:
+		close(sv.checkCloseCh)
+	}
+	sv.BaseVisitor.Close()
+	if sv.udpConn != nil {
+		sv.udpConn.Close()
+	}
+	close(sv.readCh)
+	close(sv.sendCh)
+}

client/visitor/visitor.go

@@ -0,0 +1,104 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package visitor
+
+import (
+	"context"
+	"net"
+	"sync"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/transport"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+// Helper wrapps some functions for visitor to use.
+type Helper interface {
+	// ConnectServer directly connects to the frp server.
+	ConnectServer() (net.Conn, error)
+	// TransferConn transfers the connection to another visitor.
+	TransferConn(string, net.Conn) error
+	// MsgTransporter returns the message transporter that is used to send and receive messages
+	// to the frp server through the controller.
+	MsgTransporter() transport.MessageTransporter
+	// RunID returns the run id of current controller.
+	RunID() string
+}
+
+// Visitor is used for forward traffics from local port tot remote service.
+type Visitor interface {
+	Run() error
+	AcceptConn(conn net.Conn) error
+	Close()
+}
+
+func NewVisitor(
+	ctx context.Context,
+	cfg config.VisitorConf,
+	clientCfg config.ClientCommonConf,
+	helper Helper,
+) (visitor Visitor) {
+	xl := xlog.FromContextSafe(ctx).Spawn().AppendPrefix(cfg.GetBaseConfig().ProxyName)
+	baseVisitor := BaseVisitor{
+		clientCfg:  clientCfg,
+		helper:     helper,
+		ctx:        xlog.NewContext(ctx, xl),
+		internalLn: utilnet.NewInternalListener(),
+	}
+	switch cfg := cfg.(type) {
+	case *config.STCPVisitorConf:
+		visitor = &STCPVisitor{
+			BaseVisitor: &baseVisitor,
+			cfg:         cfg,
+		}
+	case *config.XTCPVisitorConf:
+		visitor = &XTCPVisitor{
+			BaseVisitor:   &baseVisitor,
+			cfg:           cfg,
+			startTunnelCh: make(chan struct{}),
+		}
+	case *config.SUDPVisitorConf:
+		visitor = &SUDPVisitor{
+			BaseVisitor:  &baseVisitor,
+			cfg:          cfg,
+			checkCloseCh: make(chan struct{}),
+		}
+	}
+	return
+}
+
+type BaseVisitor struct {
+	clientCfg  config.ClientCommonConf
+	helper     Helper
+	l          net.Listener
+	internalLn *utilnet.InternalListener
+
+	mu  sync.RWMutex
+	ctx context.Context
+}
+
+func (v *BaseVisitor) AcceptConn(conn net.Conn) error {
+	return v.internalLn.PutConn(conn)
+}
+
+func (v *BaseVisitor) Close() {
+	if v.l != nil {
+		v.l.Close()
+	}
+	if v.internalLn != nil {
+		v.internalLn.Close()
+	}
+}

client/visitor/visitor_manager.go

@@ -0,0 +1,192 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package visitor
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"reflect"
+	"sync"
+	"time"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/transport"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+type Manager struct {
+	clientCfg config.ClientCommonConf
+	cfgs      map[string]config.VisitorConf
+	visitors  map[string]Visitor
+	helper    Helper
+
+	checkInterval time.Duration
+
+	mu  sync.RWMutex
+	ctx context.Context
+
+	stopCh chan struct{}
+}
+
+func NewManager(
+	ctx context.Context,
+	runID string,
+	clientCfg config.ClientCommonConf,
+	connectServer func() (net.Conn, error),
+	msgTransporter transport.MessageTransporter,
+) *Manager {
+	m := &Manager{
+		clientCfg:     clientCfg,
+		cfgs:          make(map[string]config.VisitorConf),
+		visitors:      make(map[string]Visitor),
+		checkInterval: 10 * time.Second,
+		ctx:           ctx,
+		stopCh:        make(chan struct{}),
+	}
+	m.helper = &visitorHelperImpl{
+		connectServerFn: connectServer,
+		msgTransporter:  msgTransporter,
+		transferConnFn:  m.TransferConn,
+		runID:           runID,
+	}
+	return m
+}
+
+func (vm *Manager) Run() {
+	xl := xlog.FromContextSafe(vm.ctx)
+
+	ticker := time.NewTicker(vm.checkInterval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-vm.stopCh:
+			xl.Info("gracefully shutdown visitor manager")
+			return
+		case <-ticker.C:
+			vm.mu.Lock()
+			for _, cfg := range vm.cfgs {
+				name := cfg.GetBaseConfig().ProxyName
+				if _, exist := vm.visitors[name]; !exist {
+					xl.Info("try to start visitor [%s]", name)
+					_ = vm.startVisitor(cfg)
+				}
+			}
+			vm.mu.Unlock()
+		}
+	}
+}
+
+func (vm *Manager) Close() {
+	vm.mu.Lock()
+	defer vm.mu.Unlock()
+	for _, v := range vm.visitors {
+		v.Close()
+	}
+	select {
+	case <-vm.stopCh:
+	default:
+		close(vm.stopCh)
+	}
+}
+
+// Hold lock before calling this function.
+func (vm *Manager) startVisitor(cfg config.VisitorConf) (err error) {
+	xl := xlog.FromContextSafe(vm.ctx)
+	name := cfg.GetBaseConfig().ProxyName
+	visitor := NewVisitor(vm.ctx, cfg, vm.clientCfg, vm.helper)
+	err = visitor.Run()
+	if err != nil {
+		xl.Warn("start error: %v", err)
+	} else {
+		vm.visitors[name] = visitor
+		xl.Info("start visitor success")
+	}
+	return
+}
+
+func (vm *Manager) Reload(cfgs map[string]config.VisitorConf) {
+	xl := xlog.FromContextSafe(vm.ctx)
+	vm.mu.Lock()
+	defer vm.mu.Unlock()
+
+	delNames := make([]string, 0)
+	for name, oldCfg := range vm.cfgs {
+		del := false
+		cfg, ok := cfgs[name]
+		if !ok || !reflect.DeepEqual(oldCfg, cfg) {
+			del = true
+		}
+
+		if del {
+			delNames = append(delNames, name)
+			delete(vm.cfgs, name)
+			if visitor, ok := vm.visitors[name]; ok {
+				visitor.Close()
+			}
+			delete(vm.visitors, name)
+		}
+	}
+	if len(delNames) > 0 {
+		xl.Info("visitor removed: %v", delNames)
+	}
+
+	addNames := make([]string, 0)
+	for name, cfg := range cfgs {
+		if _, ok := vm.cfgs[name]; !ok {
+			vm.cfgs[name] = cfg
+			addNames = append(addNames, name)
+			_ = vm.startVisitor(cfg)
+		}
+	}
+	if len(addNames) > 0 {
+		xl.Info("visitor added: %v", addNames)
+	}
+}
+
+// TransferConn transfers a connection to a visitor.
+func (vm *Manager) TransferConn(name string, conn net.Conn) error {
+	vm.mu.RLock()
+	defer vm.mu.RUnlock()
+	v, ok := vm.visitors[name]
+	if !ok {
+		return fmt.Errorf("visitor [%s] not found", name)
+	}
+	return v.AcceptConn(conn)
+}
+
+type visitorHelperImpl struct {
+	connectServerFn func() (net.Conn, error)
+	msgTransporter  transport.MessageTransporter
+	transferConnFn  func(name string, conn net.Conn) error
+	runID           string
+}
+
+func (v *visitorHelperImpl) ConnectServer() (net.Conn, error) {
+	return v.connectServerFn()
+}
+
+func (v *visitorHelperImpl) TransferConn(name string, conn net.Conn) error {
+	return v.transferConnFn(name, conn)
+}
+
+func (v *visitorHelperImpl) MsgTransporter() transport.MessageTransporter {
+	return v.msgTransporter
+}
+
+func (v *visitorHelperImpl) RunID() string {
+	return v.runID
+}

client/visitor/xtcp.go

@@ -0,0 +1,455 @@
+// Copyright 2017 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package visitor
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"sync"
+	"time"
+
+	libio "github.com/fatedier/golib/io"
+	fmux "github.com/hashicorp/yamux"
+	quic "github.com/quic-go/quic-go"
+	"golang.org/x/time/rate"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/nathole"
+	"github.com/fatedier/frp/pkg/transport"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
+	"github.com/fatedier/frp/pkg/util/util"
+	"github.com/fatedier/frp/pkg/util/xlog"
+)
+
+var ErrNoTunnelSession = errors.New("no tunnel session")
+
+type XTCPVisitor struct {
+	*BaseVisitor
+	session       TunnelSession
+	startTunnelCh chan struct{}
+	retryLimiter  *rate.Limiter
+	cancel        context.CancelFunc
+
+	cfg *config.XTCPVisitorConf
+}
+
+func (sv *XTCPVisitor) Run() (err error) {
+	sv.ctx, sv.cancel = context.WithCancel(sv.ctx)
+
+	if sv.cfg.Protocol == "kcp" {
+		sv.session = NewKCPTunnelSession()
+	} else {
+		sv.session = NewQUICTunnelSession(&sv.clientCfg)
+	}
+
+	if sv.cfg.BindPort > 0 {
+		sv.l, err = net.Listen("tcp", net.JoinHostPort(sv.cfg.BindAddr, strconv.Itoa(sv.cfg.BindPort)))
+		if err != nil {
+			return
+		}
+		go sv.worker()
+	}
+
+	go sv.internalConnWorker()
+	go sv.processTunnelStartEvents()
+	if sv.cfg.KeepTunnelOpen {
+		sv.retryLimiter = rate.NewLimiter(rate.Every(time.Hour/time.Duration(sv.cfg.MaxRetriesAnHour)), sv.cfg.MaxRetriesAnHour)
+		go sv.keepTunnelOpenWorker()
+	}
+	return
+}
+
+func (sv *XTCPVisitor) Close() {
+	sv.mu.Lock()
+	defer sv.mu.Unlock()
+	sv.BaseVisitor.Close()
+	if sv.cancel != nil {
+		sv.cancel()
+	}
+	if sv.session != nil {
+		sv.session.Close()
+	}
+}
+
+func (sv *XTCPVisitor) worker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.l.Accept()
+		if err != nil {
+			xl.Warn("xtcp local listener closed")
+			return
+		}
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *XTCPVisitor) internalConnWorker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	for {
+		conn, err := sv.internalLn.Accept()
+		if err != nil {
+			xl.Warn("xtcp internal listener closed")
+			return
+		}
+		go sv.handleConn(conn)
+	}
+}
+
+func (sv *XTCPVisitor) processTunnelStartEvents() {
+	for {
+		select {
+		case <-sv.ctx.Done():
+			return
+		case <-sv.startTunnelCh:
+			start := time.Now()
+			sv.makeNatHole()
+			duration := time.Since(start)
+			// avoid too frequently
+			if duration < 10*time.Second {
+				time.Sleep(10*time.Second - duration)
+			}
+		}
+	}
+}
+
+func (sv *XTCPVisitor) keepTunnelOpenWorker() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	ticker := time.NewTicker(time.Duration(sv.cfg.MinRetryInterval) * time.Second)
+	defer ticker.Stop()
+
+	sv.startTunnelCh <- struct{}{}
+	for {
+		select {
+		case <-sv.ctx.Done():
+			return
+		case <-ticker.C:
+			xl.Debug("keepTunnelOpenWorker try to check tunnel...")
+			conn, err := sv.getTunnelConn()
+			if err != nil {
+				xl.Warn("keepTunnelOpenWorker get tunnel connection error: %v", err)
+				_ = sv.retryLimiter.Wait(sv.ctx)
+				continue
+			}
+			xl.Debug("keepTunnelOpenWorker check success")
+			if conn != nil {
+				conn.Close()
+			}
+		}
+	}
+}
+
+func (sv *XTCPVisitor) handleConn(userConn net.Conn) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	isConnTrasfered := false
+	defer func() {
+		if !isConnTrasfered {
+			userConn.Close()
+		}
+	}()
+
+	xl.Debug("get a new xtcp user connection")
+
+	// Open a tunnel connection to the server. If there is already a successful hole-punching connection,
+	// it will be reused. Otherwise, it will block and wait for a successful hole-punching connection until timeout.
+	ctx := context.Background()
+	if sv.cfg.FallbackTo != "" {
+		timeoutCtx, cancel := context.WithTimeout(ctx, time.Duration(sv.cfg.FallbackTimeoutMs)*time.Millisecond)
+		defer cancel()
+		ctx = timeoutCtx
+	}
+	tunnelConn, err := sv.openTunnel(ctx)
+	if err != nil {
+		xl.Error("open tunnel error: %v", err)
+		// no fallback, just return
+		if sv.cfg.FallbackTo == "" {
+			return
+		}
+
+		xl.Debug("try to transfer connection to visitor: %s", sv.cfg.FallbackTo)
+		if err := sv.helper.TransferConn(sv.cfg.FallbackTo, userConn); err != nil {
+			xl.Error("transfer connection to visitor %s error: %v", sv.cfg.FallbackTo, err)
+			return
+		}
+		isConnTrasfered = true
+		return
+	}
+
+	var muxConnRWCloser io.ReadWriteCloser = tunnelConn
+	if sv.cfg.UseEncryption {
+		muxConnRWCloser, err = libio.WithEncryption(muxConnRWCloser, []byte(sv.cfg.Sk))
+		if err != nil {
+			xl.Error("create encryption stream error: %v", err)
+			return
+		}
+	}
+	if sv.cfg.UseCompression {
+		muxConnRWCloser = libio.WithCompression(muxConnRWCloser)
+	}
+
+	_, _, errs := libio.Join(userConn, muxConnRWCloser)
+	xl.Debug("join connections closed")
+	if len(errs) > 0 {
+		xl.Trace("join connections errors: %v", errs)
+	}
+}
+
+// openTunnel will open a tunnel connection to the target server.
+func (sv *XTCPVisitor) openTunnel(ctx context.Context) (conn net.Conn, err error) {
+	xl := xlog.FromContextSafe(sv.ctx)
+	ticker := time.NewTicker(500 * time.Millisecond)
+	defer ticker.Stop()
+
+	timeoutC := time.After(20 * time.Second)
+	immediateTrigger := make(chan struct{}, 1)
+	defer close(immediateTrigger)
+	immediateTrigger <- struct{}{}
+
+	for {
+		select {
+		case <-sv.ctx.Done():
+			return nil, sv.ctx.Err()
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-immediateTrigger:
+			conn, err = sv.getTunnelConn()
+		case <-ticker.C:
+			conn, err = sv.getTunnelConn()
+		case <-timeoutC:
+			return nil, fmt.Errorf("open tunnel timeout")
+		}
+
+		if err != nil {
+			if err != ErrNoTunnelSession {
+				xl.Warn("get tunnel connection error: %v", err)
+			}
+			continue
+		}
+		return conn, nil
+	}
+}
+
+func (sv *XTCPVisitor) getTunnelConn() (net.Conn, error) {
+	conn, err := sv.session.OpenConn(sv.ctx)
+	if err == nil {
+		return conn, nil
+	}
+	sv.session.Close()
+
+	select {
+	case sv.startTunnelCh <- struct{}{}:
+	default:
+	}
+	return nil, err
+}
+
+// 0. PreCheck
+// 1. Prepare
+// 2. ExchangeInfo
+// 3. MakeNATHole
+// 4. Create a tunnel session using an underlying UDP connection.
+func (sv *XTCPVisitor) makeNatHole() {
+	xl := xlog.FromContextSafe(sv.ctx)
+	xl.Trace("makeNatHole start")
+	if err := nathole.PreCheck(sv.ctx, sv.helper.MsgTransporter(), sv.cfg.ServerName, 5*time.Second); err != nil {
+		xl.Warn("nathole precheck error: %v", err)
+		return
+	}
+
+	xl.Trace("nathole prepare start")
+	prepareResult, err := nathole.Prepare([]string{sv.clientCfg.NatHoleSTUNServer})
+	if err != nil {
+		xl.Warn("nathole prepare error: %v", err)
+		return
+	}
+	xl.Info("nathole prepare success, nat type: %s, behavior: %s, addresses: %v, assistedAddresses: %v",
+		prepareResult.NatType, prepareResult.Behavior, prepareResult.Addrs, prepareResult.AssistedAddrs)
+
+	listenConn := prepareResult.ListenConn
+
+	// send NatHoleVisitor to server
+	now := time.Now().Unix()
+	transactionID := nathole.NewTransactionID()
+	natHoleVisitorMsg := &msg.NatHoleVisitor{
+		TransactionID: transactionID,
+		ProxyName:     sv.cfg.ServerName,
+		Protocol:      sv.cfg.Protocol,
+		SignKey:       util.GetAuthKey(sv.cfg.Sk, now),
+		Timestamp:     now,
+		MappedAddrs:   prepareResult.Addrs,
+		AssistedAddrs: prepareResult.AssistedAddrs,
+	}
+
+	xl.Trace("nathole exchange info start")
+	natHoleRespMsg, err := nathole.ExchangeInfo(sv.ctx, sv.helper.MsgTransporter(), transactionID, natHoleVisitorMsg, 5*time.Second)
+	if err != nil {
+		listenConn.Close()
+		xl.Warn("nathole exchange info error: %v", err)
+		return
+	}
+
+	xl.Info("get natHoleRespMsg, sid [%s], protocol [%s], candidate address %v, assisted address %v, detectBehavior: %+v",
+		natHoleRespMsg.Sid, natHoleRespMsg.Protocol, natHoleRespMsg.CandidateAddrs,
+		natHoleRespMsg.AssistedAddrs, natHoleRespMsg.DetectBehavior)
+
+	newListenConn, raddr, err := nathole.MakeHole(sv.ctx, listenConn, natHoleRespMsg, []byte(sv.cfg.Sk))
+	if err != nil {
+		listenConn.Close()
+		xl.Warn("make hole error: %v", err)
+		return
+	}
+	listenConn = newListenConn
+	xl.Info("establishing nat hole connection successful, sid [%s], remoteAddr [%s]", natHoleRespMsg.Sid, raddr)
+
+	if err := sv.session.Init(listenConn, raddr); err != nil {
+		listenConn.Close()
+		xl.Warn("init tunnel session error: %v", err)
+		return
+	}
+}
+
+type TunnelSession interface {
+	Init(listenConn *net.UDPConn, raddr *net.UDPAddr) error
+	OpenConn(context.Context) (net.Conn, error)
+	Close()
+}
+
+type KCPTunnelSession struct {
+	session *fmux.Session
+	lConn   *net.UDPConn
+	mu      sync.RWMutex
+}
+
+func NewKCPTunnelSession() TunnelSession {
+	return &KCPTunnelSession{}
+}
+
+func (ks *KCPTunnelSession) Init(listenConn *net.UDPConn, raddr *net.UDPAddr) error {
+	listenConn.Close()
+	laddr, _ := net.ResolveUDPAddr("udp", listenConn.LocalAddr().String())
+	lConn, err := net.DialUDP("udp", laddr, raddr)
+	if err != nil {
+		return fmt.Errorf("dial udp error: %v", err)
+	}
+	remote, err := utilnet.NewKCPConnFromUDP(lConn, true, raddr.String())
+	if err != nil {
+		return fmt.Errorf("create kcp connection from udp connection error: %v", err)
+	}
+
+	fmuxCfg := fmux.DefaultConfig()
+	fmuxCfg.KeepAliveInterval = 10 * time.Second
+	fmuxCfg.MaxStreamWindowSize = 6 * 1024 * 1024
+	fmuxCfg.LogOutput = io.Discard
+	session, err := fmux.Client(remote, fmuxCfg)
+	if err != nil {
+		remote.Close()
+		return fmt.Errorf("initial client session error: %v", err)
+	}
+	ks.mu.Lock()
+	ks.session = session
+	ks.lConn = lConn
+	ks.mu.Unlock()
+	return nil
+}
+
+func (ks *KCPTunnelSession) OpenConn(ctx context.Context) (net.Conn, error) {
+	ks.mu.RLock()
+	defer ks.mu.RUnlock()
+	session := ks.session
+	if session == nil {
+		return nil, ErrNoTunnelSession
+	}
+	return session.Open()
+}
+
+func (ks *KCPTunnelSession) Close() {
+	ks.mu.Lock()
+	defer ks.mu.Unlock()
+	if ks.session != nil {
+		_ = ks.session.Close()
+		ks.session = nil
+	}
+	if ks.lConn != nil {
+		_ = ks.lConn.Close()
+		ks.lConn = nil
+	}
+}
+
+type QUICTunnelSession struct {
+	session    quic.Connection
+	listenConn *net.UDPConn
+	mu         sync.RWMutex
+
+	clientCfg *config.ClientCommonConf
+}
+
+func NewQUICTunnelSession(clientCfg *config.ClientCommonConf) TunnelSession {
+	return &QUICTunnelSession{
+		clientCfg: clientCfg,
+	}
+}
+
+func (qs *QUICTunnelSession) Init(listenConn *net.UDPConn, raddr *net.UDPAddr) error {
+	tlsConfig, err := transport.NewClientTLSConfig("", "", "", raddr.String())
+	if err != nil {
+		return fmt.Errorf("create tls config error: %v", err)
+	}
+	tlsConfig.NextProtos = []string{"frp"}
+	quicConn, err := quic.Dial(listenConn, raddr, raddr.String(), tlsConfig,
+		&quic.Config{
+			MaxIdleTimeout:     time.Duration(qs.clientCfg.QUICMaxIdleTimeout) * time.Second,
+			MaxIncomingStreams: int64(qs.clientCfg.QUICMaxIncomingStreams),
+			KeepAlivePeriod:    time.Duration(qs.clientCfg.QUICKeepalivePeriod) * time.Second,
+		})
+	if err != nil {
+		return fmt.Errorf("dial quic error: %v", err)
+	}
+	qs.mu.Lock()
+	qs.session = quicConn
+	qs.listenConn = listenConn
+	qs.mu.Unlock()
+	return nil
+}
+
+func (qs *QUICTunnelSession) OpenConn(ctx context.Context) (net.Conn, error) {
+	qs.mu.RLock()
+	defer qs.mu.RUnlock()
+	session := qs.session
+	if session == nil {
+		return nil, ErrNoTunnelSession
+	}
+	stream, err := session.OpenStreamSync(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return utilnet.QuicStreamToNetConn(stream, session), nil
+}
+
+func (qs *QUICTunnelSession) Close() {
+	qs.mu.Lock()
+	defer qs.mu.Unlock()
+	if qs.session != nil {
+		_ = qs.session.CloseWithError(0, "")
+		qs.session = nil
+	}
+	if qs.listenConn != nil {
+		_ = qs.listenConn.Close()
+		qs.listenConn = nil
+	}
+}

cmd/frpc/main.go

@@ -12,18 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package conn
+package main
 
 import (
-	"fmt"
-	"net"
+	_ "github.com/fatedier/frp/assets/frpc"
+	"github.com/fatedier/frp/cmd/frpc/sub"
 )
 
-func ListenUDP(bindAddr string, bindPort int64) (conn *net.UDPConn, err error) {
-	udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", bindAddr, bindPort))
-	if err != nil {
-		return conn, err
-	}
-	conn, err = net.ListenUDP("udp", udpAddr)
-	return
+func main() {
+	sub.Execute()
 }

cmd/frpc/sub/http.go

@@ -0,0 +1,98 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(httpCmd)
+
+	httpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	httpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	httpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	httpCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	httpCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	httpCmd.PersistentFlags().StringVarP(&locations, "locations", "", "", "locations")
+	httpCmd.PersistentFlags().StringVarP(&httpUser, "http_user", "", "", "http auth user")
+	httpCmd.PersistentFlags().StringVarP(&httpPwd, "http_pwd", "", "", "http auth password")
+	httpCmd.PersistentFlags().StringVarP(&hostHeaderRewrite, "host_header_rewrite", "", "", "host header rewrite")
+	httpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	httpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	httpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	httpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(httpCmd)
+}
+
+var httpCmd = &cobra.Command{
+	Use:   "http",
+	Short: "Run frpc with a single http proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.HTTPProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.HTTPProxy
+		cfg.LocalIP = localIP
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.Locations = strings.Split(locations, ",")
+		cfg.HTTPUser = httpUser
+		cfg.HTTPPwd = httpPwd
+		cfg.HostHeaderRewrite = hostHeaderRewrite
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+		cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		cfg.BandwidthLimitMode = bandwidthLimitMode
+
+		err = cfg.ValidateForClient()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/https.go

@@ -0,0 +1,90 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(httpsCmd)
+
+	httpsCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	httpsCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	httpsCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	httpsCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	httpsCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	httpsCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	httpsCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	httpsCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	httpsCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(httpsCmd)
+}
+
+var httpsCmd = &cobra.Command{
+	Use:   "https",
+	Short: "Run frpc with a single https proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.HTTPSProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.HTTPSProxy
+		cfg.LocalIP = localIP
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+		cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		cfg.BandwidthLimitMode = bandwidthLimitMode
+
+		err = cfg.ValidateForClient()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/nathole.go

@@ -0,0 +1,97 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/nathole"
+)
+
+var (
+	natHoleSTUNServer string
+	natHoleLocalAddr  string
+)
+
+func init() {
+	RegisterCommonFlags(natholeCmd)
+
+	rootCmd.AddCommand(natholeCmd)
+	natholeCmd.AddCommand(natholeDiscoveryCmd)
+
+	natholeCmd.PersistentFlags().StringVarP(&natHoleSTUNServer, "nat_hole_stun_server", "", "", "STUN server address for nathole")
+	natholeCmd.PersistentFlags().StringVarP(&natHoleLocalAddr, "nat_hole_local_addr", "l", "", "local address to connect STUN server")
+}
+
+var natholeCmd = &cobra.Command{
+	Use:   "nathole",
+	Short: "Actions about nathole",
+}
+
+var natholeDiscoveryCmd = &cobra.Command{
+	Use:   "discover",
+	Short: "Discover nathole information from stun server",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		// ignore error here, because we can use command line pameters
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
+		if err != nil {
+			cfg = config.GetDefaultClientConf()
+		}
+		if natHoleSTUNServer != "" {
+			cfg.NatHoleSTUNServer = natHoleSTUNServer
+		}
+
+		if err := validateForNatHoleDiscovery(cfg); err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		addrs, localAddr, err := nathole.Discover([]string{cfg.NatHoleSTUNServer}, natHoleLocalAddr)
+		if err != nil {
+			fmt.Println("discover error:", err)
+			os.Exit(1)
+		}
+		if len(addrs) < 2 {
+			fmt.Printf("discover error: can not get enough addresses, need 2, got: %v\n", addrs)
+			os.Exit(1)
+		}
+
+		localIPs, _ := nathole.ListLocalIPsForNatHole(10)
+
+		natFeature, err := nathole.ClassifyNATFeature(addrs, localIPs)
+		if err != nil {
+			fmt.Println("classify nat feature error:", err)
+			os.Exit(1)
+		}
+		fmt.Println("STUN server:", cfg.NatHoleSTUNServer)
+		fmt.Println("Your NAT type is:", natFeature.NatType)
+		fmt.Println("Behavior is:", natFeature.Behavior)
+		fmt.Println("External address is:", addrs)
+		fmt.Println("Local address is:", localAddr.String())
+		fmt.Println("Public Network:", natFeature.PublicNetwork)
+		return nil
+	},
+}
+
+func validateForNatHoleDiscovery(cfg config.ClientCommonConf) error {
+	if cfg.NatHoleSTUNServer == "" {
+		return fmt.Errorf("nat_hole_stun_server can not be empty")
+	}
+	return nil
+}

cmd/frpc/sub/reload.go

@@ -0,0 +1,84 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	rootCmd.AddCommand(reloadCmd)
+}
+
+var reloadCmd = &cobra.Command{
+	Use:   "reload",
+	Short: "Hot-Reload frpc configuration",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		err = reload(cfg)
+		if err != nil {
+			fmt.Printf("frpc reload error: %v\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("reload success\n")
+		return nil
+	},
+}
+
+func reload(clientCfg config.ClientCommonConf) error {
+	if clientCfg.AdminPort == 0 {
+		return fmt.Errorf("admin_port shoud be set if you want to use reload feature")
+	}
+
+	req, err := http.NewRequest("GET", "http://"+
+		clientCfg.AdminAddr+":"+fmt.Sprintf("%d", clientCfg.AdminPort)+"/api/reload", nil)
+	if err != nil {
+		return err
+	}
+
+	authStr := "Basic " + base64.StdEncoding.EncodeToString([]byte(clientCfg.AdminUser+":"+
+		clientCfg.AdminPwd))
+
+	req.Header.Add("Authorization", authStr)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == 200 {
+		return nil
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	return fmt.Errorf("code [%d], %s", resp.StatusCode, strings.TrimSpace(string(body)))
+}

cmd/frpc/sub/root.go

@@ -0,0 +1,238 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"io/fs"
+	"net"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"strconv"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/client"
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/util/log"
+	"github.com/fatedier/frp/pkg/util/version"
+)
+
+const (
+	CfgFileTypeIni = iota
+	CfgFileTypeCmd
+)
+
+var (
+	cfgFile     string
+	cfgDir      string
+	showVersion bool
+
+	serverAddr      string
+	user            string
+	protocol        string
+	token           string
+	logLevel        string
+	logFile         string
+	logMaxDays      int
+	disableLogColor bool
+	dnsServer       string
+
+	proxyName          string
+	localIP            string
+	localPort          int
+	remotePort         int
+	useEncryption      bool
+	useCompression     bool
+	bandwidthLimit     string
+	bandwidthLimitMode string
+	customDomains      string
+	subDomain          string
+	httpUser           string
+	httpPwd            string
+	locations          string
+	hostHeaderRewrite  string
+	role               string
+	sk                 string
+	multiplexer        string
+	serverName         string
+	bindAddr           string
+	bindPort           int
+
+	tlsEnable bool
+)
+
+func init() {
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "./frpc.ini", "config file of frpc")
+	rootCmd.PersistentFlags().StringVarP(&cfgDir, "config_dir", "", "", "config directory, run one frpc service for each file in config directory")
+	rootCmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "version of frpc")
+}
+
+func RegisterCommonFlags(cmd *cobra.Command) {
+	cmd.PersistentFlags().StringVarP(&serverAddr, "server_addr", "s", "127.0.0.1:7000", "frp server's address")
+	cmd.PersistentFlags().StringVarP(&user, "user", "u", "", "user")
+	cmd.PersistentFlags().StringVarP(&protocol, "protocol", "p", "tcp", "tcp or kcp or websocket")
+	cmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	cmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	cmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "console or file path")
+	cmd.PersistentFlags().IntVarP(&logMaxDays, "log_max_days", "", 3, "log file reversed days")
+	cmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+	cmd.PersistentFlags().BoolVarP(&tlsEnable, "tls_enable", "", true, "enable frpc tls")
+	cmd.PersistentFlags().StringVarP(&dnsServer, "dns_server", "", "", "specify dns server instead of using system default one")
+}
+
+var rootCmd = &cobra.Command{
+	Use:   "frpc",
+	Short: "frpc is the client of frp (https://github.com/fatedier/frp)",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if showVersion {
+			fmt.Println(version.Full())
+			return nil
+		}
+
+		// If cfgDir is not empty, run multiple frpc service for each config file in cfgDir.
+		// Note that it's only designed for testing. It's not guaranteed to be stable.
+		if cfgDir != "" {
+			_ = runMultipleClients(cfgDir)
+			return nil
+		}
+
+		// Do not show command usage here.
+		err := runClient(cfgFile)
+		if err != nil {
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func runMultipleClients(cfgDir string) error {
+	var wg sync.WaitGroup
+	err := filepath.WalkDir(cfgDir, func(path string, d fs.DirEntry, err error) error {
+		if err != nil || d.IsDir() {
+			return nil
+		}
+		wg.Add(1)
+		time.Sleep(time.Millisecond)
+		go func() {
+			defer wg.Done()
+			err := runClient(path)
+			if err != nil {
+				fmt.Printf("frpc service error for config file [%s]\n", path)
+			}
+		}()
+		return nil
+	})
+	wg.Wait()
+	return err
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func handleSignal(svr *client.Service, doneCh chan struct{}) {
+	ch := make(chan os.Signal, 1)
+	signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
+	<-ch
+	svr.GracefulClose(500 * time.Millisecond)
+	close(doneCh)
+}
+
+func parseClientCommonCfgFromCmd() (cfg config.ClientCommonConf, err error) {
+	cfg = config.GetDefaultClientConf()
+
+	ipStr, portStr, err := net.SplitHostPort(serverAddr)
+	if err != nil {
+		err = fmt.Errorf("invalid server_addr: %v", err)
+		return
+	}
+
+	cfg.ServerAddr = ipStr
+	cfg.ServerPort, err = strconv.Atoi(portStr)
+	if err != nil {
+		err = fmt.Errorf("invalid server_addr: %v", err)
+		return
+	}
+
+	cfg.User = user
+	cfg.Protocol = protocol
+	cfg.LogLevel = logLevel
+	cfg.LogFile = logFile
+	cfg.LogMaxDays = int64(logMaxDays)
+	cfg.DisableLogColor = disableLogColor
+	cfg.DNSServer = dnsServer
+
+	// Only token authentication is supported in cmd mode
+	cfg.ClientConfig = auth.GetDefaultClientConf()
+	cfg.Token = token
+	cfg.TLSEnable = tlsEnable
+
+	cfg.Complete()
+	if err = cfg.Validate(); err != nil {
+		err = fmt.Errorf("parse config error: %v", err)
+		return
+	}
+	return
+}
+
+func runClient(cfgFilePath string) error {
+	cfg, pxyCfgs, visitorCfgs, err := config.ParseClientConfig(cfgFilePath)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	return startService(cfg, pxyCfgs, visitorCfgs, cfgFilePath)
+}
+
+func startService(
+	cfg config.ClientCommonConf,
+	pxyCfgs map[string]config.ProxyConf,
+	visitorCfgs map[string]config.VisitorConf,
+	cfgFile string,
+) (err error) {
+	log.InitLog(cfg.LogWay, cfg.LogFile, cfg.LogLevel,
+		cfg.LogMaxDays, cfg.DisableLogColor)
+
+	if cfgFile != "" {
+		log.Info("start frpc service for config file [%s]", cfgFile)
+		defer log.Info("frpc service for config file [%s] stopped", cfgFile)
+	}
+	svr, errRet := client.NewService(cfg, pxyCfgs, visitorCfgs, cfgFile)
+	if errRet != nil {
+		err = errRet
+		return
+	}
+
+	closedDoneCh := make(chan struct{})
+	shouldGracefulClose := cfg.Protocol == "kcp" || cfg.Protocol == "quic"
+	// Capture the exit signal if we use kcp or quic.
+	if shouldGracefulClose {
+		go handleSignal(svr, closedDoneCh)
+	}
+
+	err = svr.Run()
+	if err == nil && shouldGracefulClose {
+		<-closedDoneCh
+	}
+	return
+}

cmd/frpc/sub/status.go

@@ -0,0 +1,107 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/rodaine/table"
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/client"
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	rootCmd.AddCommand(statusCmd)
+}
+
+var statusCmd = &cobra.Command{
+	Use:   "status",
+	Short: "Overview of all proxies status",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		cfg, _, _, err := config.ParseClientConfig(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		if err = status(cfg); err != nil {
+			fmt.Printf("frpc get status error: %v\n", err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func status(clientCfg config.ClientCommonConf) error {
+	if clientCfg.AdminPort == 0 {
+		return fmt.Errorf("admin_port shoud be set if you want to get proxy status")
+	}
+
+	req, err := http.NewRequest("GET", "http://"+
+		clientCfg.AdminAddr+":"+fmt.Sprintf("%d", clientCfg.AdminPort)+"/api/status", nil)
+	if err != nil {
+		return err
+	}
+
+	authStr := "Basic " + base64.StdEncoding.EncodeToString([]byte(clientCfg.AdminUser+":"+
+		clientCfg.AdminPwd))
+
+	req.Header.Add("Authorization", authStr)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return fmt.Errorf("admin api status code [%d]", resp.StatusCode)
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	res := make(client.StatusResp)
+	err = json.Unmarshal(body, &res)
+	if err != nil {
+		return fmt.Errorf("unmarshal http response error: %s", strings.TrimSpace(string(body)))
+	}
+
+	fmt.Println("Proxy Status...")
+	types := []string{"tcp", "udp", "tcpmux", "http", "https", "stcp", "sudp", "xtcp"}
+	for _, pxyType := range types {
+		arrs := res[pxyType]
+		if len(arrs) == 0 {
+			continue
+		}
+
+		fmt.Println(strings.ToUpper(pxyType))
+		tbl := table.New("Name", "Status", "LocalAddr", "Plugin", "RemoteAddr", "Error")
+		for _, ps := range arrs {
+			tbl.AddRow(ps.Name, ps.Status, ps.LocalAddr, ps.Plugin, ps.RemoteAddr, ps.Err)
+		}
+		tbl.Print()
+		fmt.Println("")
+	}
+	return nil
+}

cmd/frpc/sub/stcp.go

@@ -0,0 +1,116 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(stcpCmd)
+
+	stcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	stcpCmd.PersistentFlags().StringVarP(&role, "role", "", "server", "role")
+	stcpCmd.PersistentFlags().StringVarP(&sk, "sk", "", "", "secret key")
+	stcpCmd.PersistentFlags().StringVarP(&serverName, "server_name", "", "", "server name")
+	stcpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	stcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	stcpCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "", "bind addr")
+	stcpCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "", 0, "bind port")
+	stcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	stcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	stcpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	stcpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(stcpCmd)
+}
+
+var stcpCmd = &cobra.Command{
+	Use:   "stcp",
+	Short: "Run frpc with a single stcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := make(map[string]config.ProxyConf)
+		visitorConfs := make(map[string]config.VisitorConf)
+
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+
+		switch role {
+		case "server":
+			cfg := &config.STCPProxyConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.STCPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.LocalIP = localIP
+			cfg.LocalPort = localPort
+			cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			cfg.BandwidthLimitMode = bandwidthLimitMode
+			err = cfg.ValidateForClient()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			proxyConfs[cfg.ProxyName] = cfg
+		case "visitor":
+			cfg := &config.STCPVisitorConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.STCPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.ServerName = serverName
+			cfg.BindAddr = bindAddr
+			cfg.BindPort = bindPort
+			err = cfg.Validate()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			visitorConfs[cfg.ProxyName] = cfg
+		default:
+			fmt.Println("invalid role")
+			os.Exit(1)
+		}
+
+		err = startService(clientCfg, proxyConfs, visitorConfs, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/sudp.go

@@ -0,0 +1,115 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(sudpCmd)
+
+	sudpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	sudpCmd.PersistentFlags().StringVarP(&role, "role", "", "server", "role")
+	sudpCmd.PersistentFlags().StringVarP(&sk, "sk", "", "", "secret key")
+	sudpCmd.PersistentFlags().StringVarP(&serverName, "server_name", "", "", "server name")
+	sudpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	sudpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	sudpCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "", "bind addr")
+	sudpCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "", 0, "bind port")
+	sudpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	sudpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	sudpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	sudpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(sudpCmd)
+}
+
+var sudpCmd = &cobra.Command{
+	Use:   "sudp",
+	Short: "Run frpc with a single sudp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := make(map[string]config.ProxyConf)
+		visitorConfs := make(map[string]config.VisitorConf)
+
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+
+		switch role {
+		case "server":
+			cfg := &config.SUDPProxyConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.SUDPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.LocalIP = localIP
+			cfg.LocalPort = localPort
+			cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			cfg.BandwidthLimitMode = bandwidthLimitMode
+			err = cfg.ValidateForClient()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			proxyConfs[cfg.ProxyName] = cfg
+		case "visitor":
+			cfg := &config.SUDPVisitorConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.SUDPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.ServerName = serverName
+			cfg.BindAddr = bindAddr
+			cfg.BindPort = bindPort
+			err = cfg.Validate()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			visitorConfs[cfg.ProxyName] = cfg
+		default:
+			fmt.Println("invalid role")
+			os.Exit(1)
+		}
+
+		err = startService(clientCfg, proxyConfs, visitorConfs, "")
+		if err != nil {
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/tcp.go

@@ -0,0 +1,87 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(tcpCmd)
+
+	tcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	tcpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	tcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	tcpCmd.PersistentFlags().IntVarP(&remotePort, "remote_port", "r", 0, "remote port")
+	tcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	tcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	tcpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	tcpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(tcpCmd)
+}
+
+var tcpCmd = &cobra.Command{
+	Use:   "tcp",
+	Short: "Run frpc with a single tcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.TCPProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.TCPProxy
+		cfg.LocalIP = localIP
+		cfg.LocalPort = localPort
+		cfg.RemotePort = remotePort
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+		cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		cfg.BandwidthLimitMode = bandwidthLimitMode
+
+		err = cfg.ValidateForClient()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/tcpmux.go

@@ -0,0 +1,92 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(tcpMuxCmd)
+
+	tcpMuxCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	tcpMuxCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	tcpMuxCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	tcpMuxCmd.PersistentFlags().StringVarP(&customDomains, "custom_domain", "d", "", "custom domain")
+	tcpMuxCmd.PersistentFlags().StringVarP(&subDomain, "sd", "", "", "sub domain")
+	tcpMuxCmd.PersistentFlags().StringVarP(&multiplexer, "mux", "", "", "multiplexer")
+	tcpMuxCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	tcpMuxCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	tcpMuxCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	tcpMuxCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(tcpMuxCmd)
+}
+
+var tcpMuxCmd = &cobra.Command{
+	Use:   "tcpmux",
+	Short: "Run frpc with a single tcpmux proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.TCPMuxProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.TCPMuxProxy
+		cfg.LocalIP = localIP
+		cfg.LocalPort = localPort
+		cfg.CustomDomains = strings.Split(customDomains, ",")
+		cfg.SubDomain = subDomain
+		cfg.Multiplexer = multiplexer
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+		cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		cfg.BandwidthLimitMode = bandwidthLimitMode
+
+		err = cfg.ValidateForClient()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/udp.go

@@ -0,0 +1,87 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(udpCmd)
+
+	udpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	udpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	udpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	udpCmd.PersistentFlags().IntVarP(&remotePort, "remote_port", "r", 0, "remote port")
+	udpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	udpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	udpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	udpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(udpCmd)
+}
+
+var udpCmd = &cobra.Command{
+	Use:   "udp",
+	Short: "Run frpc with a single udp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		cfg := &config.UDPProxyConf{}
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+		cfg.ProxyName = prefix + proxyName
+		cfg.ProxyType = consts.UDPProxy
+		cfg.LocalIP = localIP
+		cfg.LocalPort = localPort
+		cfg.RemotePort = remotePort
+		cfg.UseEncryption = useEncryption
+		cfg.UseCompression = useCompression
+		cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		cfg.BandwidthLimitMode = bandwidthLimitMode
+
+		err = cfg.ValidateForClient()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := map[string]config.ProxyConf{
+			cfg.ProxyName: cfg,
+		}
+		err = startService(clientCfg, proxyConfs, nil, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frpc/sub/verify.go

@@ -0,0 +1,43 @@
+// Copyright 2021 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	rootCmd.AddCommand(verifyCmd)
+}
+
+var verifyCmd = &cobra.Command{
+	Use:   "verify",
+	Short: "Verify that the configures is valid",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		_, _, _, err := config.ParseClientConfig(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		fmt.Printf("frpc: the configuration file %s syntax is ok\n", cfgFile)
+		return nil
+	},
+}

cmd/frpc/sub/xtcp.go

@@ -0,0 +1,116 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sub
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+func init() {
+	RegisterCommonFlags(xtcpCmd)
+
+	xtcpCmd.PersistentFlags().StringVarP(&proxyName, "proxy_name", "n", "", "proxy name")
+	xtcpCmd.PersistentFlags().StringVarP(&role, "role", "", "server", "role")
+	xtcpCmd.PersistentFlags().StringVarP(&sk, "sk", "", "", "secret key")
+	xtcpCmd.PersistentFlags().StringVarP(&serverName, "server_name", "", "", "server name")
+	xtcpCmd.PersistentFlags().StringVarP(&localIP, "local_ip", "i", "127.0.0.1", "local ip")
+	xtcpCmd.PersistentFlags().IntVarP(&localPort, "local_port", "l", 0, "local port")
+	xtcpCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "", "bind addr")
+	xtcpCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "", 0, "bind port")
+	xtcpCmd.PersistentFlags().BoolVarP(&useEncryption, "ue", "", false, "use encryption")
+	xtcpCmd.PersistentFlags().BoolVarP(&useCompression, "uc", "", false, "use compression")
+	xtcpCmd.PersistentFlags().StringVarP(&bandwidthLimit, "bandwidth_limit", "", "", "bandwidth limit")
+	xtcpCmd.PersistentFlags().StringVarP(&bandwidthLimitMode, "bandwidth_limit_mode", "", config.BandwidthLimitModeClient, "bandwidth limit mode")
+
+	rootCmd.AddCommand(xtcpCmd)
+}
+
+var xtcpCmd = &cobra.Command{
+	Use:   "xtcp",
+	Short: "Run frpc with a single xtcp proxy",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		clientCfg, err := parseClientCommonCfgFromCmd()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		proxyConfs := make(map[string]config.ProxyConf)
+		visitorConfs := make(map[string]config.VisitorConf)
+
+		var prefix string
+		if user != "" {
+			prefix = user + "."
+		}
+
+		switch role {
+		case "server":
+			cfg := &config.XTCPProxyConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.XTCPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.LocalIP = localIP
+			cfg.LocalPort = localPort
+			cfg.BandwidthLimit, err = config.NewBandwidthQuantity(bandwidthLimit)
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			cfg.BandwidthLimitMode = bandwidthLimitMode
+			err = cfg.ValidateForClient()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			proxyConfs[cfg.ProxyName] = cfg
+		case "visitor":
+			cfg := &config.XTCPVisitorConf{}
+			cfg.ProxyName = prefix + proxyName
+			cfg.ProxyType = consts.XTCPProxy
+			cfg.UseEncryption = useEncryption
+			cfg.UseCompression = useCompression
+			cfg.Role = role
+			cfg.Sk = sk
+			cfg.ServerName = serverName
+			cfg.BindAddr = bindAddr
+			cfg.BindPort = bindPort
+			err = cfg.Validate()
+			if err != nil {
+				fmt.Println(err)
+				os.Exit(1)
+			}
+			visitorConfs[cfg.ProxyName] = cfg
+		default:
+			fmt.Println("invalid role")
+			os.Exit(1)
+		}
+
+		err = startService(clientCfg, proxyConfs, visitorConfs, "")
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}

cmd/frps/main.go

@@ -1,4 +1,4 @@
-// Copyright 2016 fatedier, fatedier@gmail.com
+// Copyright 2018 fatedier, fatedier@gmail.com
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,19 +12,22 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package config
+package main
 
-type BaseConf struct {
-	Name              string
-	AuthToken         string
-	Type              string
-	UseEncryption     bool
-	UseGzip           bool
-	PrivilegeMode     bool
-	PrivilegeToken    string
-	PoolCount         int64
-	HostHeaderRewrite string
-	HttpUserName      string
-	HttpPassWord      string
-	SubDomain         string
+import (
+	"math/rand"
+	"time"
+
+	"github.com/fatedier/golib/crypto"
+
+	_ "github.com/fatedier/frp/assets/frps"
+	_ "github.com/fatedier/frp/pkg/metrics"
+)
+
+func main() {
+	crypto.DefaultSalt = "frp"
+	// TODO: remove this when we drop support for go1.19
+	rand.Seed(time.Now().UnixNano())
+
+	Execute()
 }

cmd/frps/root.go

@@ -0,0 +1,215 @@
+// Copyright 2018 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/config"
+	"github.com/fatedier/frp/pkg/util/log"
+	"github.com/fatedier/frp/pkg/util/util"
+	"github.com/fatedier/frp/pkg/util/version"
+	"github.com/fatedier/frp/server"
+)
+
+const (
+	CfgFileTypeIni = iota
+	CfgFileTypeCmd
+)
+
+var (
+	cfgFile     string
+	showVersion bool
+
+	bindAddr             string
+	bindPort             int
+	kcpBindPort          int
+	proxyBindAddr        string
+	vhostHTTPPort        int
+	vhostHTTPSPort       int
+	vhostHTTPTimeout     int64
+	dashboardAddr        string
+	dashboardPort        int
+	dashboardUser        string
+	dashboardPwd         string
+	enablePrometheus     bool
+	logFile              string
+	logLevel             string
+	logMaxDays           int64
+	disableLogColor      bool
+	token                string
+	subDomainHost        string
+	allowPorts           string
+	maxPortsPerClient    int64
+	tlsOnly              bool
+	dashboardTLSMode     bool
+	dashboardTLSCertFile string
+	dashboardTLSKeyFile  string
+)
+
+func init() {
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "config file of frps")
+	rootCmd.PersistentFlags().BoolVarP(&showVersion, "version", "v", false, "version of frps")
+
+	rootCmd.PersistentFlags().StringVarP(&bindAddr, "bind_addr", "", "0.0.0.0", "bind address")
+	rootCmd.PersistentFlags().IntVarP(&bindPort, "bind_port", "p", 7000, "bind port")
+	rootCmd.PersistentFlags().IntVarP(&kcpBindPort, "kcp_bind_port", "", 0, "kcp bind udp port")
+	rootCmd.PersistentFlags().StringVarP(&proxyBindAddr, "proxy_bind_addr", "", "0.0.0.0", "proxy bind address")
+	rootCmd.PersistentFlags().IntVarP(&vhostHTTPPort, "vhost_http_port", "", 0, "vhost http port")
+	rootCmd.PersistentFlags().IntVarP(&vhostHTTPSPort, "vhost_https_port", "", 0, "vhost https port")
+	rootCmd.PersistentFlags().Int64VarP(&vhostHTTPTimeout, "vhost_http_timeout", "", 60, "vhost http response header timeout")
+	rootCmd.PersistentFlags().StringVarP(&dashboardAddr, "dashboard_addr", "", "0.0.0.0", "dashboard address")
+	rootCmd.PersistentFlags().IntVarP(&dashboardPort, "dashboard_port", "", 0, "dashboard port")
+	rootCmd.PersistentFlags().StringVarP(&dashboardUser, "dashboard_user", "", "admin", "dashboard user")
+	rootCmd.PersistentFlags().StringVarP(&dashboardPwd, "dashboard_pwd", "", "admin", "dashboard password")
+	rootCmd.PersistentFlags().BoolVarP(&enablePrometheus, "enable_prometheus", "", false, "enable prometheus dashboard")
+	rootCmd.PersistentFlags().StringVarP(&logFile, "log_file", "", "console", "log file")
+	rootCmd.PersistentFlags().StringVarP(&logLevel, "log_level", "", "info", "log level")
+	rootCmd.PersistentFlags().Int64VarP(&logMaxDays, "log_max_days", "", 3, "log max days")
+	rootCmd.PersistentFlags().BoolVarP(&disableLogColor, "disable_log_color", "", false, "disable log color in console")
+
+	rootCmd.PersistentFlags().StringVarP(&token, "token", "t", "", "auth token")
+	rootCmd.PersistentFlags().StringVarP(&subDomainHost, "subdomain_host", "", "", "subdomain host")
+	rootCmd.PersistentFlags().StringVarP(&allowPorts, "allow_ports", "", "", "allow ports")
+	rootCmd.PersistentFlags().Int64VarP(&maxPortsPerClient, "max_ports_per_client", "", 0, "max ports per client")
+	rootCmd.PersistentFlags().BoolVarP(&tlsOnly, "tls_only", "", false, "frps tls only")
+	rootCmd.PersistentFlags().BoolVarP(&dashboardTLSMode, "dashboard_tls_mode", "", false, "dashboard tls mode")
+	rootCmd.PersistentFlags().StringVarP(&dashboardTLSCertFile, "dashboard_tls_cert_file", "", "", "dashboard tls cert file")
+	rootCmd.PersistentFlags().StringVarP(&dashboardTLSKeyFile, "dashboard_tls_key_file", "", "", "dashboard tls key file")
+}
+
+var rootCmd = &cobra.Command{
+	Use:   "frps",
+	Short: "frps is the server of frp (https://github.com/fatedier/frp)",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if showVersion {
+			fmt.Println(version.Full())
+			return nil
+		}
+
+		var cfg config.ServerCommonConf
+		var err error
+		if cfgFile != "" {
+			var content []byte
+			content, err = config.GetRenderedConfFromFile(cfgFile)
+			if err != nil {
+				return err
+			}
+			cfg, err = parseServerCommonCfg(CfgFileTypeIni, content)
+		} else {
+			cfg, err = parseServerCommonCfg(CfgFileTypeCmd, nil)
+		}
+		if err != nil {
+			return err
+		}
+
+		err = runServer(cfg)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func parseServerCommonCfg(fileType int, source []byte) (cfg config.ServerCommonConf, err error) {
+	if fileType == CfgFileTypeIni {
+		cfg, err = config.UnmarshalServerConfFromIni(source)
+	} else if fileType == CfgFileTypeCmd {
+		cfg, err = parseServerCommonCfgFromCmd()
+	}
+	if err != nil {
+		return
+	}
+	cfg.Complete()
+	err = cfg.Validate()
+	if err != nil {
+		err = fmt.Errorf("parse config error: %v", err)
+		return
+	}
+	return
+}
+
+func parseServerCommonCfgFromCmd() (cfg config.ServerCommonConf, err error) {
+	cfg = config.GetDefaultServerConf()
+
+	cfg.BindAddr = bindAddr
+	cfg.BindPort = bindPort
+	cfg.KCPBindPort = kcpBindPort
+	cfg.ProxyBindAddr = proxyBindAddr
+	cfg.VhostHTTPPort = vhostHTTPPort
+	cfg.VhostHTTPSPort = vhostHTTPSPort
+	cfg.VhostHTTPTimeout = vhostHTTPTimeout
+	cfg.DashboardAddr = dashboardAddr
+	cfg.DashboardPort = dashboardPort
+	cfg.DashboardUser = dashboardUser
+	cfg.DashboardPwd = dashboardPwd
+	cfg.EnablePrometheus = enablePrometheus
+	cfg.DashboardTLSCertFile = dashboardTLSCertFile
+	cfg.DashboardTLSKeyFile = dashboardTLSKeyFile
+	cfg.DashboardTLSMode = dashboardTLSMode
+	cfg.LogFile = logFile
+	cfg.LogLevel = logLevel
+	cfg.LogMaxDays = logMaxDays
+	cfg.SubDomainHost = subDomainHost
+	cfg.TLSOnly = tlsOnly
+
+	// Only token authentication is supported in cmd mode
+	cfg.ServerConfig = auth.GetDefaultServerConf()
+	cfg.Token = token
+	if len(allowPorts) > 0 {
+		// e.g. 1000-2000,2001,2002,3000-4000
+		ports, errRet := util.ParseRangeNumbers(allowPorts)
+		if errRet != nil {
+			err = fmt.Errorf("parse conf error: allow_ports: %v", errRet)
+			return
+		}
+
+		for _, port := range ports {
+			cfg.AllowPorts[int(port)] = struct{}{}
+		}
+	}
+	cfg.MaxPortsPerClient = maxPortsPerClient
+	cfg.DisableLogColor = disableLogColor
+	return
+}
+
+func runServer(cfg config.ServerCommonConf) (err error) {
+	log.InitLog(cfg.LogWay, cfg.LogFile, cfg.LogLevel, cfg.LogMaxDays, cfg.DisableLogColor)
+
+	if cfgFile != "" {
+		log.Info("frps uses config file: %s", cfgFile)
+	} else {
+		log.Info("frps uses command line arguments for config")
+	}
+
+	svr, err := server.NewService(cfg)
+	if err != nil {
+		return err
+	}
+	log.Info("frps started successfully")
+	svr.Run()
+	return
+}

cmd/frps/verify.go

@@ -0,0 +1,53 @@
+// Copyright 2021 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	rootCmd.AddCommand(verifyCmd)
+}
+
+var verifyCmd = &cobra.Command{
+	Use:   "verify",
+	Short: "Verify that the configures is valid",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if cfgFile == "" {
+			fmt.Println("no config file is specified")
+			return nil
+		}
+		iniContent, err := config.GetRenderedConfFromFile(cfgFile)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		_, err = parseServerCommonCfg(CfgFileTypeIni, iniContent)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		fmt.Printf("frps: the configuration file %s syntax is ok\n", cfgFile)
+		return nil
+	},
+}

conf/frpc.ini

@@ -1,86 +1,9 @@
-# [common] is integral section
 [common]
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-server_addr = 0.0.0.0
+server_addr = 127.0.0.1
 server_port = 7000
 
-# if you want to connect frps by http proxy, you can set http_proxy here or in global environment variables
-# http_proxy = http://user:pwd@192.168.1.128:8080
-
-# console or real logFile path like ./frpc.log
-log_file = ./frpc.log
-
-# debug, info, warn, error
-log_level = info
-
-log_max_days = 3
-
-# for authentication
-auth_token = 123
-
-# for privilege mode
-privilege_token = 12345678
-
-# heartbeat configure, it's not recommended to modify the default value
-# the default value of heartbeat_interval is 10 and heartbeat_timeout is 30
-# heartbeat_interval = 10
-# heartbeat_timeout = 30
-
-# ssh is the proxy name same as server's configuration
 [ssh]
-# tcp | http, default is tcp
 type = tcp
 local_ip = 127.0.0.1
 local_port = 22
-# true or false, if true, messages between frps and frpc will be encrypted, default is false
-use_encryption = false
-# default is false
-use_gzip = false
-
-[dns]
-type = udp
-local_ip = 114.114.114.114
-local_port = 53
-
-# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02, the domains are set in frps.ini
-[web01]
-type = http
-local_ip = 127.0.0.1
-local_port = 80
-use_gzip = true
-# connections will be established in advance, default value is zero
-pool_count = 20
-# http username and password are safety certification for http protocol
-# if not set, you can access this custom_domains without certification
-http_user = admin
-http_pwd = admin
-# if domain for frps is frps.com, then you can access [web01] proxy by URL http://test.frps.com
-subdomain = test
-
-[web02]
-type = http
-local_ip = 127.0.0.1
-local_port = 8000
-
-[privilege_ssh]
-# if privilege_mode is enabled, this proxy will be created automatically
-privilege_mode = true
-type = tcp
-local_ip = 127.0.0.1
-local_port = 22
-use_encryption = true
-use_gzip = false
-remote_port = 6001
-
-[privilege_web]
-privilege_mode = true
-type = http
-local_ip = 127.0.0.1
-local_port = 80
-use_gzip = true
-custom_domains = web03.yourdomain.com
-# locations is only useful for http type
-locations = /,/pic
-host_header_rewrite = example.com
-subdomain = dev
+remote_port = 6000

conf/frpc_full.ini

@@ -0,0 +1,389 @@
+# [common] is integral section
+[common]
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single "server_addr" field, no need square brackets, like "server_addr = ::".
+server_addr = 0.0.0.0
+server_port = 7000
+
+# STUN server to help penetrate NAT hole.
+# nat_hole_stun_server = stun.easyvoip.com:3478
+
+# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
+# dial_server_timeout = 10
+
+# dial_server_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# dial_server_keepalive = 7200
+
+# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set http_proxy here or in global environment variables
+# it only works when protocol is tcp
+# http_proxy = http://user:passwd@192.168.1.128:8080
+# http_proxy = socks5://user:passwd@192.168.1.128:1080
+# http_proxy = ntlm://user:passwd@192.168.1.128:2080
+
+# console or real logFile path like ./frpc.log
+log_file = ./frpc.log
+
+# trace, debug, info, warn, error
+log_level = info
+
+log_max_days = 3
+
+# disable log colors when log_file is console, default is false
+disable_log_color = false
+
+# for authentication, should be same as your frps.ini
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+authenticate_heartbeats = false
+
+# authenticate_new_work_conns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
+authenticate_new_work_conns = false
+
+# auth token
+token = 12345678
+
+authentication_method = 
+
+# oidc_client_id specifies the client ID to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_id =
+
+# oidc_client_secret specifies the client secret to use to get a token in OIDC authentication if AuthenticationMethod == "oidc".
+# By default, this value is "".
+oidc_client_secret =
+
+# oidc_audience specifies the audience of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_audience =
+
+# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_scope =
+
+# oidc_token_endpoint_url specifies the URL which implements OIDC Token Endpoint.
+# It will be used to get an OIDC token if AuthenticationMethod == "oidc". By default, this value is "".
+oidc_token_endpoint_url =
+
+# oidc_additional_xxx specifies additional parameters to be sent to the OIDC Token Endpoint.
+# For example, if you want to specify the "audience" parameter, you can set as follow.
+# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
+# oidc_additional_audience = https://dev.auth.com/api/v2/
+# oidc_additional_var1 = foobar
+
+# set admin address for control frpc's action by http api such as reload
+admin_addr = 127.0.0.1
+admin_port = 7400
+admin_user = admin
+admin_pwd = admin
+# Admin assets directory. By default, these assets are bundled with frpc.
+# assets_dir = ./static
+
+# connections will be established in advance, default value is zero
+pool_count = 5
+
+# if tcp stream multiplexing is used, default is true, it must be same with frps
+# tcp_mux = true
+
+# specify keep alive interval for tcp mux.
+# only valid if tcp_mux is true.
+# tcp_mux_keepalive_interval = 60
+
+# your proxy name will be changed to {user}.{proxy}
+user = your_name
+
+# decide if exit program when first login failed, otherwise continuous relogin to frps
+# default is true
+login_fail_exit = true
+
+# communication protocol used to connect to server
+# supports tcp, kcp, quic and websocket now, default is tcp
+protocol = tcp
+
+# set client binding ip when connect server, default is empty.
+# only when protocol = tcp or websocket, the value will be used.
+connect_server_local_ip = 0.0.0.0
+
+# quic protocol options
+# quic_keepalive_period = 10
+# quic_max_idle_timeout = 30
+# quic_max_incoming_streams = 100000
+
+# If tls_enable is true, frpc will connect frps by tls.
+# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
+tls_enable = true
+
+# tls_cert_file = client.crt
+# tls_key_file = client.key
+# tls_trusted_ca_file = ca.crt
+# tls_server_name = example.com
+
+# specify a dns server, so frpc will use this instead of default one
+# dns_server = 8.8.8.8
+
+# proxy names you want to start separated by ','
+# default is empty, means all proxies
+# start = ssh,dns
+
+# heartbeat configure, it's not recommended to modify the default value
+# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
+# to disable it.
+# heartbeat_interval = 30
+# heartbeat_timeout = 90
+
+# additional meta info for client
+meta_var1 = 123
+meta_var2 = 234
+
+# specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udp_packet_size = 1500
+
+# include other config files for proxies.
+# includes = ./confd/*.ini
+
+# If the disable_custom_tls_first_byte is set to false, frpc will establish a connection with frps using the
+# first custom byte when tls is enabled.
+# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
+disable_custom_tls_first_byte = true
+
+# Enable golang pprof handlers in admin listener.
+# Admin port must be set first.
+pprof_enable = false
+
+# 'ssh' is the unique proxy name
+# if user in [common] section is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
+[ssh]
+# tcp | udp | http | https | stcp | xtcp, default is tcp
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+# limit bandwidth for this proxy, unit is KB and MB
+bandwidth_limit = 1MB
+# where to limit bandwidth, can be 'client' or 'server', default is 'client'
+bandwidth_limit_mode = client
+# true or false, if true, messages between frps and frpc will be encrypted, default is false
+use_encryption = false
+# if true, message will be compressed
+use_compression = false
+# remote port listen by frps
+remote_port = 6001
+# frps will load balancing connections for proxies in same group
+group = test_group
+# group should have same group key
+group_key = 123456
+# enable health check for the backend service, it support 'tcp' and 'http' now
+# frpc will connect local service's port to detect it's healthy status
+health_check_type = tcp
+# health check connection timeout
+health_check_timeout_s = 3
+# if continuous failed in 3 times, the proxy will be removed from frps
+health_check_max_failed = 3
+# every 10 seconds will do a health check
+health_check_interval_s = 10
+# additional meta info for each proxy
+meta_var1 = 123
+meta_var2 = 234
+
+[ssh_random]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 22
+# if remote_port is 0, frps will assign a random port for you
+remote_port = 0
+
+# if you want to expose multiple ports, add 'range:' prefix to the section name
+# frpc will generate multiple proxies such as 'tcp_port_6010', 'tcp_port_6011' and so on.
+[range:tcp_port]
+type = tcp
+local_ip = 127.0.0.1
+local_port = 6010-6020,6022,6024-6028
+remote_port = 6010-6020,6022,6024-6028
+use_encryption = false
+use_compression = false
+
+[dns]
+type = udp
+local_ip = 114.114.114.114
+local_port = 53
+remote_port = 6002
+use_encryption = false
+use_compression = false
+
+[range:udp_port]
+type = udp
+local_ip = 127.0.0.1
+local_port = 6010-6020
+remote_port = 6010-6020
+use_encryption = false
+use_compression = false
+
+# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
+[web01]
+type = http
+local_ip = 127.0.0.1
+local_port = 80
+use_encryption = false
+use_compression = true
+# http username and password are safety certification for http protocol
+# if not set, you can access this custom_domains without certification
+http_user = admin
+http_pwd = admin
+# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
+subdomain = web01
+custom_domains = web01.yourdomain.com
+# locations is only available for http type
+locations = /,/pic
+# route requests to this service if http basic auto user is abc
+# route_by_http_user = abc
+host_header_rewrite = example.com
+# params with prefix "header_" will be used to update http request headers
+header_X-From-Where = frp
+health_check_type = http
+# frpc will send a GET http request '/status' to local http service
+# http service is alive when it return 2xx http response code
+health_check_url = /status
+health_check_interval_s = 10
+health_check_max_failed = 3
+health_check_timeout_s = 3
+
+[web02]
+type = https
+local_ip = 127.0.0.1
+local_port = 8000
+use_encryption = false
+use_compression = false
+subdomain = web02
+custom_domains = web02.yourdomain.com
+# if not empty, frpc will use proxy protocol to transfer connection info to your local service
+# v1 or v2 or empty
+proxy_protocol_version = v2
+
+[plugin_unix_domain_socket]
+type = tcp
+remote_port = 6003
+# if plugin is defined, local_ip and local_port is useless
+# plugin will handle connections got from frps
+plugin = unix_domain_socket
+# params with prefix "plugin_" that plugin needed
+plugin_unix_path = /var/run/docker.sock
+
+[plugin_http_proxy]
+type = tcp
+remote_port = 6004
+plugin = http_proxy
+plugin_http_user = abc
+plugin_http_passwd = abc
+
+[plugin_socks5]
+type = tcp
+remote_port = 6005
+plugin = socks5
+plugin_user = abc
+plugin_passwd = abc
+
+[plugin_static_file]
+type = tcp
+remote_port = 6006
+plugin = static_file
+plugin_local_path = /var/www/blog
+plugin_strip_prefix = static
+plugin_http_user = abc
+plugin_http_passwd = abc
+
+[plugin_https2http]
+type = https
+custom_domains = test.yourdomain.com
+plugin = https2http
+plugin_local_addr = 127.0.0.1:80
+plugin_crt_path = ./server.crt
+plugin_key_path = ./server.key
+plugin_host_header_rewrite = 127.0.0.1
+plugin_header_X-From-Where = frp
+
+[plugin_https2https]
+type = https
+custom_domains = test.yourdomain.com
+plugin = https2https
+plugin_local_addr = 127.0.0.1:443
+plugin_crt_path = ./server.crt
+plugin_key_path = ./server.key
+plugin_host_header_rewrite = 127.0.0.1
+plugin_header_X-From-Where = frp
+
+[plugin_http2https]
+type = http
+custom_domains = test.yourdomain.com
+plugin = http2https
+plugin_local_addr = 127.0.0.1:443
+plugin_host_header_rewrite = 127.0.0.1
+plugin_header_X-From-Where = frp
+
+[secret_tcp]
+# If the type is secret tcp, remote_port is useless
+# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
+type = stcp
+# sk used for authentication for visitors
+sk = abcdefg
+local_ip = 127.0.0.1
+local_port = 22
+use_encryption = false
+use_compression = false
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allow_users = *
+
+# user of frpc should be same in both stcp server and stcp visitor
+[secret_tcp_visitor]
+# frpc role visitor -> frps -> frpc role server
+role = visitor
+type = stcp
+# the server name you want to visitor
+server_name = secret_tcp
+sk = abcdefg
+# connect this address to visitor stcp server
+bind_addr = 127.0.0.1
+# bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bind_port = 9000
+use_encryption = false
+use_compression = false
+
+[p2p_tcp]
+type = xtcp
+sk = abcdefg
+local_ip = 127.0.0.1
+local_port = 22
+use_encryption = false
+use_compression = false
+# If not empty, only visitors from specified users can connect.
+# Otherwise, visitors from same user can connect. '*' means allow all users.
+allow_users = user1, user2
+
+[p2p_tcp_visitor]
+role = visitor
+type = xtcp
+# if the server user is not set, it defaults to the current user
+server_user = user1
+server_name = p2p_tcp
+sk = abcdefg
+bind_addr = 127.0.0.1
+# bind_port can be less than 0, it means don't bind to the port and only receive connections redirected from
+# other visitors. (This is not supported for SUDP now)
+bind_port = 9001
+use_encryption = false
+use_compression = false
+# when automatic tunnel persistence is required, set it to true
+keep_tunnel_open = false
+# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
+max_retries_an_hour = 8
+min_retry_interval = 90
+# fallback_to = stcp_visitor
+# fallback_timeout_ms = 500
+
+[tcpmuxhttpconnect]
+type = tcpmux
+multiplexer = httpconnect
+local_ip = 127.0.0.1
+local_port = 10701
+custom_domains = tunnel1
+# route_by_http_user = user1

conf/frpc_min.ini

@@ -1,10 +0,0 @@
-[common]
-server_addr = 0.0.0.0
-server_port = 7000
-auth_token = 123
-privilege_token = 12345678
-
-[ssh]
-type = tcp
-local_ip = 127.0.0.1
-local_port = 22

conf/frps.ini

@@ -1,75 +1,2 @@
-# [common] is integral section
 [common]
-# A literal address or host name for IPv6 must be enclosed
-# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
-bind_addr = 0.0.0.0
 bind_port = 7000
-
-# if you want to support virtual host, you must set the http port for listening (optional)
-vhost_http_port = 80
-vhost_https_port = 443
-
-# if you want to configure or reload frps by dashboard, dashboard_port must be set
-dashboard_port = 7500
-
-# dashboard user and pwd for basic auth protect, if not set, both default value is admin
-dashboard_user = admin
-dashboard_pwd = admin
-
-# dashboard assets directory(only for debug mode)
-# assets_dir = ./static
-# console or real logFile path like ./frps.log
-log_file = ./frps.log
-
-# debug, info, warn, error
-log_level = info
-
-log_max_days = 3
-
-# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
-privilege_mode = true
-privilege_token = 12345678
-
-# heartbeat configure, it's not recommended to modify the default value
-# the default value of heartbeat_timeout is 30
-# heartbeat_timeout = 30
-
-# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
-privilege_allow_ports = 2000-3000,3001,3003,4000-50000
-
-# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
-max_pool_count = 100
-
-# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
-# if authentication_timeout is zero, the time is not verified, default is 900s
-authentication_timeout = 900
-
-# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
-# when subdomain is test, the host used by routing is test.frps.com
-subdomain_host = frps.com
-
-# ssh is the proxy name, client will use this name and auth_token to connect to server
-[ssh]
-type = tcp
-auth_token = 123
-bind_addr = 0.0.0.0
-listen_port = 6000
-
-[dns]
-type = udp
-auth_token = 123
-bind_addr = 0.0.0.0
-listen_port = 5353
-
-[web01]
-# if type equals http, vhost_http_port must be set
-type = http
-auth_token = 123
-# if proxy type equals http, custom_domains must be set separated by commas
-custom_domains = web01.yourdomain.com,web01.yourdomain2.com
-
-[web02]
-# if type equals https, vhost_https_port must be set
-type = https
-auth_token = 123
-custom_domains = web02.yourdomain.com

conf/frps_full.ini

@@ -0,0 +1,168 @@
+# [common] is integral section
+[common]
+# A literal address or host name for IPv6 must be enclosed
+# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
+# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
+bind_addr = 0.0.0.0
+bind_port = 7000
+
+# udp port used for kcp protocol, it can be same with 'bind_port'.
+# if not set, kcp is disabled in frps.
+kcp_bind_port = 7000
+
+# udp port used for quic protocol.
+# if not set, quic is disabled in frps.
+# quic_bind_port = 7002
+# quic protocol options
+# quic_keepalive_period = 10
+# quic_max_idle_timeout = 30
+# quic_max_incoming_streams = 100000
+
+# specify which address proxy will listen for, default value is same with bind_addr
+# proxy_bind_addr = 127.0.0.1
+
+# if you want to support virtual host, you must set the http port for listening (optional)
+# Note: http port and https port can be same with bind_port
+vhost_http_port = 80
+vhost_https_port = 443
+
+# response header timeout(seconds) for vhost http server, default is 60s
+# vhost_http_timeout = 60
+
+# tcpmux_httpconnect_port specifies the port that the server listens for TCP
+# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
+# requests on one single port. If it's not - it will listen on this value for
+# HTTP CONNECT requests. By default, this value is 0.
+# tcpmux_httpconnect_port = 1337
+
+# If tcpmux_passthrough is true, frps won't do any update on traffic.
+# tcpmux_passthrough = false
+
+# set dashboard_addr and dashboard_port to view dashboard of frps
+# dashboard_addr's default value is same with bind_addr
+# dashboard is available only if dashboard_port is set
+dashboard_addr = 0.0.0.0
+dashboard_port = 7500
+
+# dashboard user and passwd for basic auth protect
+dashboard_user = admin
+dashboard_pwd = admin
+
+# dashboard TLS mode
+dashboard_tls_mode = false
+# dashboard_tls_cert_file = server.crt
+# dashboard_tls_key_file = server.key
+
+# enable_prometheus will export prometheus metrics on {dashboard_addr}:{dashboard_port} in /metrics api.
+enable_prometheus = true
+
+# dashboard assets directory(only for debug mode)
+# assets_dir = ./static
+
+# console or real logFile path like ./frps.log
+log_file = ./frps.log
+
+# trace, debug, info, warn, error
+log_level = info
+
+log_max_days = 3
+
+# disable log colors when log_file is console, default is false
+disable_log_color = false
+
+# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
+detailed_errors_to_client = true
+
+# authentication_method specifies what authentication method to use authenticate frpc with frps.
+# If "token" is specified - token will be read into login message.
+# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
+authentication_method = token
+
+# authenticate_heartbeats specifies whether to include authentication token in heartbeats sent to frps. By default, this value is false.
+authenticate_heartbeats = false
+
+# AuthenticateNewWorkConns specifies whether to include authentication token in new work connections sent to frps. By default, this value is false.
+authenticate_new_work_conns = false
+
+# auth token
+token = 12345678
+
+# oidc_issuer specifies the issuer to verify OIDC tokens with.
+# By default, this value is "".
+oidc_issuer =
+
+# oidc_audience specifies the audience OIDC tokens should contain when validated.
+# By default, this value is "".
+oidc_audience =
+
+# oidc_skip_expiry_check specifies whether to skip checking if the OIDC token is expired.
+# By default, this value is false.
+oidc_skip_expiry_check = false
+
+# oidc_skip_issuer_check specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
+# By default, this value is false.
+oidc_skip_issuer_check = false
+
+# heartbeat configure, it's not recommended to modify the default value
+# the default value of heartbeat_timeout is 90. Set negative value to disable it.
+# heartbeat_timeout = 90
+
+# user_conn_timeout configure, it's not recommended to modify the default value
+# the default value of user_conn_timeout is 10
+# user_conn_timeout = 10
+
+# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
+allow_ports = 2000-3000,3001,3003,4000-50000
+
+# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
+max_pool_count = 5
+
+# max ports can be used for each client, default value is 0 means no limit
+max_ports_per_client = 0
+
+# tls_only specifies whether to only accept TLS-encrypted connections. By default, the value is false.
+tls_only = false
+
+# tls_cert_file = server.crt
+# tls_key_file = server.key
+# tls_trusted_ca_file = ca.crt
+
+# if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
+# when subdomain is test, the host used by routing is test.frps.com
+subdomain_host = frps.com
+
+# if tcp stream multiplexing is used, default is true
+# tcp_mux = true
+
+# specify keep alive interval for tcp mux.
+# only valid if tcp_mux is true.
+# tcp_mux_keepalive_interval = 60
+
+# tcp_keepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+# If negative, keep-alive probes are disabled.
+# tcp_keepalive = 7200
+
+# custom 404 page for HTTP requests
+# custom_404_page = /path/to/404.html
+
+# specify udp packet size, unit is byte. If not set, the default value is 1500.
+# This parameter should be same between client and server.
+# It affects the udp and sudp proxy.
+udp_packet_size = 1500
+
+# Enable golang pprof handlers in dashboard listener.
+# Dashboard port must be set first
+pprof_enable = false
+
+# Retention time for NAT hole punching strategy data.
+nat_hole_analysis_data_reserve_hours = 168
+
+[plugin.user-manager]
+addr = 127.0.0.1:9000
+path = /handler
+ops = Login
+
+[plugin.port-manager]
+addr = 127.0.0.1:9001
+path = /handler
+ops = NewProxy

conf/frps_min.ini

@@ -1,14 +0,0 @@
-[common]
-bind_addr = 0.0.0.0
-bind_port = 7000
-vhost_http_port = 80
-vhost_https_port = 443
-dashboard_port = 7500
-privilege_mode = true
-privilege_token = 12345678
-
-[ssh]
-type = tcp
-auth_token = 123
-bind_addr = 0.0.0.0
-listen_port = 6000

doc/quick_start_en.md

@@ -1,135 +0,0 @@
-# Quick Start
-
-frp is easier to use compared with other similar projects.
-
-We will use two simple demo to demonstrate how to use frp.
-
-1. How to create a connection to **server A**'s **ssh port** by **server B** with **public IP address** x.x.x.x(replace to the real IP address of your server).
-2. How to visit web service in **server A**'s **8000 port** and **8001 port** by **web01.yourdomain.com** and **web02.yourdomain.com** through **server B** with public ID address.
-
-### Download SourceCode
-
-`go get github.com/fatedier/frp` is recommended, then the code will be copied to the directory `$GOPATH/src/github.com/fatedier/frp`.
-
-Or you can use `git clone https://github.com/fatedier/frp.git $GOPATH/src/github.com/fatedier/frp`.
-
-If you want to try it quickly, download the compiled program and configuration files from [https://github.com/fatedier/frp/releases](https://github.com/fatedier/frp/releases).
-
-### Compile
-
-Enter the root directory and execute `make`, then wait until finished.
-
-**bin** include all executable programs when **conf** include corresponding configuration files.
-
-### Pre-requirement
-
-* Go environment. Version of go >= 1.4.
-* Godep (if not exist, `go get` will be executed to download godep when compiling)
-
-### Deploy
-
-1. Move `./bin/frps` and `./conf/frps.ini` to any directory of **server B**.
-2. Move `./bin/frpc` and `./conf/frpc.ini` to any directory of **server A**.
-3. Modify all configuration files, details in next paragraph.
-4. Execute `nohup ./frps &` or `nohup ./frps -c ./frps.ini &` in **server B**.
-5. Execute `nohup ./frpc &` or `nohup ./frpc -c ./frpc.ini &` in **server A**.
-6. Use `ssh -oPort=6000 {user}@x.x.x.x` to test if frp is work(replace {user} to real username in **server A**), or visit custom domains by browser.
-
-## Tcp port forwarding
-
-### Configuration files
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-# for accept connections from frpc
-bind_port = 7000
-log_file = ./frps.log
-log_level = info
-
-# ssh is the custom name of proxy and there can be many proxies with unique name in one configure file
-[ssh]
-auth_token = 123
-bind_addr = 0.0.0.0
-# finally we connect to server A by this port
-listen_port = 6000
-```
-
-#### frpc.ini
-
-```ini
-[common]
-# server address of frps
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-# for authentication
-auth_token = 123
-
-# ssh is proxy name same with configure in frps.ini
-[ssh]
-# local port which need to be transferred
-local_port = 22
-# if use_encryption equals true, messages between frpc and frps will be encrypted, default is false
-use_encryption = true
-```
-
-## Http port forwarding and Custom domains binding
-
-If you only want to forward port one by one, you just need refer to [Tcp port forwarding](/doc/quick_start_en.md#Tcp-port-forwarding).If you want to visit different web pages deployed in different web servers by **server B**'s **80 port**, you should specify the type as **http**.
-
-You also need to resolve your **A record** of your custom domain to [server_addr], or resolve your **CNAME record** to [server_addr] if [server_addr] is a domain.
-
-After that, you can visit your web pages in local server by custom domains.
-
-### Configuration files
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-bind_port = 7000
-# if you want to support vhost, specify one port for http services
-vhost_http_port = 80
-log_file = ./frps.log
-log_level = info
-
-[web01]
-type = http
-auth_token = 123
-# # if proxy type equals http, custom_domains must be set separated by commas
-custom_domains = web01.yourdomain.com
-
-[web02]
-type = http
-auth_token = 123
-custom_domains = web02.yourdomain.com
-```
-
-#### frpc.ini
-
-```ini
-[common]
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-auth_token = 123 
-
-# custom domains are set in frps.ini
-[web01]
-type = http
-local_ip = 127.0.0.1
-local_port = 8000
-# encryption is optional, default is false
-use_encryption = true
-
-[web02]
-type = http
-local_ip = 127.0.0.1
-local_port = 8001
-```

doc/quick_start_zh.md

@@ -1,137 +0,0 @@
-# frp 使用文档
-
-相比于其他项目而言 frp 更易于部署和使用，这里我们用两个简单的示例来演示 frp 的使用过程。
-
-1. 如何通过一台拥有公网IP地址的**服务器B**，访问处于公司内部网络环境中的**服务器A**的**ssh**端口，**服务器B**的IP地址为 x.x.x.x（测试时替换为真实的IP地址）。
-2. 如何利用一台拥有公网IP地址的**服务器B**，使通过 **web01.yourdomain.com** 可以访问内网环境中**服务器A**上**8000端口**的web服务，**web02.yourdomain.com** 可以访问**服务器A**上**8001端口**的web服务。
-
-### 下载源码
-
-推荐直接使用 `go get github.com/fatedier/frp` 下载源代码安装，执行命令后代码将会拷贝到 `$GOPATH/src/github.com/fatedier/frp` 目录下。
-
-或者可以使用 `git clone https://github.com/fatedier/frp.git $GOPATH/src/github.com/fatedier/frp` 拷贝到相应目录下。
-
-如果您想快速进行测试，也可以根据您服务器的操作系统及架构直接下载编译好的程序及示例配置文件，[https://github.com/fatedier/frp/releases](https://github.com/fatedier/frp/releases)。
-
-### 编译
-
-进入下载后的源码根目录，执行 `make` 命令，等待编译完成。
-
-编译完成后， **bin** 目录下是编译好的可执行文件，**conf** 目录下是示例配置文件。
-
-### 依赖
-
-* go 1.4 以上版本
-* godep （如果检查不存在，编译时会通过 `go get` 命令安装）
-
-### 部署
-
-1. 将 ./bin/frps 和 ./conf/frps.ini 拷贝至**服务器B**任意目录。
-2. 将 ./bin/frpc 和 ./conf/frpc.ini 拷贝至**服务器A**任意目录。
-3. 根据要实现的功能修改两边的配置文件，详细内容见后续章节说明。
-4. 在服务器B执行 `nohup ./frps &` 或者 `nohup ./frps -c ./frps.ini &`。
-5. 在服务器A执行 `nohup ./frpc &` 或者 `nohup ./frpc -c ./frpc.ini &`。
-6. 通过 `ssh -oPort=6000 {user}@x.x.x.x` 测试是否能够成功连接**服务器A**（{user}替换为**服务器A**上存在的真实用户），或通过浏览器访问自定义域名验证 http 服务是否转发成功。
-
-## tcp 端口转发
-
-转发 tcp 端口需要按照需求修改 frps 和 frpc 的配置文件。
-
-### 配置文件
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-# 用于接收 frpc 连接的端口
-bind_port = 7000
-log_file = ./frps.log
-log_level = info
-
-# ssh 为代理的自定义名称，可以有多个，不能重复，和frpc中名称对应
-[ssh]
-auth_token = 123 
-bind_addr = 0.0.0.0
-# 最后将通过此端口访问后端服务
-listen_port = 6000
-```
-
-#### frpc.ini
-
-```ini
-[common]
-# frps 所在服务器绑定的IP地址
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-# 用于身份验证
-auth_token = 123 
-
-# ssh 需要和 frps.ini 中配置一致
-[ssh]
-# 需要转发的本地端口
-local_port = 22
-# 启用加密，frpc与frps之间通信加密，默认为 false
-use_encryption = true
-```
-
-## http 端口转发，自定义域名绑定
-
-如果只需要一对一的转发，例如**服务器B**的**80端口**转发**服务器A**的**8000端口**，则只需要配置 [tcp 端口转发](/doc/quick_start_zh.md#tcp-端口转发) 即可，如果需要使**服务器B**的**80端口**可以转发至**多个**web服务端口，则需要指定代理的类型为 http，并且在 frps 的配置文件中配置用于提供 http 转发服务的端口。
-
-按照如下的内容修改配置文件后，需要将自定义域名的 **A 记录**解析到 [server_addr]，如果 [server_addr] 是域名也可以将自定义域名的 **CNAME 记录**解析到 [server_addr]。
-
-之后就可以通过自定义域名访问到本地的多个 web 服务。
-
-### 配置文件
-
-#### frps.ini
-
-```ini
-[common]
-bind_addr = 0.0.0.0
-bind_port = 7000
-# 如果需要支持http类型的代理则需要指定一个端口
-vhost_http_port = 80
-log_file = ./frps.log
-log_level = info
-
-[web01]
-# type 默认为 tcp，这里需要特别指定为 http
-type = http
-auth_token = 123
-# 自定义域名绑定，如果需要同时绑定多个以英文逗号分隔
-custom_domains = web01.yourdomain.com
-
-[web02]
-type = http
-auth_token = 123
-custom_domains = web02.yourdomain.com
-```
-
-#### frpc.ini
-
-```ini
-[common]
-server_addr = x.x.x.x
-server_port = 7000
-log_file = ./frpc.log
-log_level = info
-auth_token = 123 
-
-
-# 自定义域名在 frps.ini 中配置，方便做统一管理
-[web01]
-type = http
-local_ip = 127.0.0.1
-local_port = 8000
-# 可选是否加密
-use_encryption = true
-
-[web02]
-type = http
-local_ip = 127.0.0.1
-local_port = 8001
-```

doc/server_plugin.md

@@ -0,0 +1,264 @@
+### Server Plugin
+
+frp server plugin is aimed to extend frp's ability without modifying the Golang code.
+
+An external server should run in a different process receiving RPC calls from frps.
+Before frps is doing some operations, it will send RPC requests to notify the external RPC server and act according to its response.
+
+### RPC request
+
+RPC requests are based on JSON over HTTP.
+
+When a server plugin accepts an operation request, it can respond with three different responses:
+
+* Reject operation and return a reason.
+* Allow operation and keep original content.
+* Allow operation and return modified content.
+
+### Interface
+
+HTTP path can be configured for each manage plugin in frps. We'll assume for this example that it's `/handler`.
+
+A request to the RPC server will look like:
+
+```
+POST /handler?version=0.1.0&op=Login
+{
+    "version": "0.1.0",
+    "op": "Login",
+    "content": {
+        ... // Operation info
+    }
+}
+
+Request Header:
+X-Frp-Reqid: for tracing
+```
+
+The response can look like any of the following:
+
+* Non-200 HTTP response status code (this will automatically tell frps that the request should fail)
+
+* Reject operation:
+
+```
+{
+    "reject": true,
+    "reject_reason": "invalid user"
+}
+```
+
+* Allow operation and keep original content:
+
+```
+{
+    "reject": false,
+    "unchange": true
+}
+```
+
+* Allow operation and modify content
+
+```
+{
+    "unchange": "false",
+    "content": {
+        ... // Replaced content
+    }
+}
+```
+
+### Operation
+
+Currently `Login`, `NewProxy`, `CloseProxy`, `Ping`, `NewWorkConn` and `NewUserConn` operations are supported.
+
+#### Login
+
+Client login operation
+
+```
+{
+    "content": {
+        "version": <string>,
+        "hostname": <string>,
+        "os": <string>,
+        "arch": <string>,
+        "user": <string>,
+        "timestamp": <int64>,
+        "privilege_key": <string>,
+        "run_id": <string>,
+        "pool_count": <int>,
+        "metas": map<string>string,
+        "client_address": <string>
+    }
+}
+```
+
+#### NewProxy
+
+Create new proxy
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+            "run_id": <string>
+        },
+        "proxy_name": <string>,
+        "proxy_type": <string>,
+        "use_encryption": <bool>,
+        "use_compression": <bool>,
+        "bandwidth_limit": <string>,
+        "bandwidth_limit_mode": <string>,
+        "group": <string>,
+        "group_key": <string>,
+
+        // tcp and udp only
+        "remote_port": <int>,
+
+        // http and https only
+        "custom_domains": []<string>,
+        "subdomain": <string>,
+        "locations": <string>,
+        "http_user": <string>,
+        "http_pwd": <string>,
+        "host_header_rewrite": <string>,
+        "headers": map<string>string,
+
+        // stcp only
+        "sk": <string>,
+
+        // tcpmux only
+        "multiplexer": <string>
+
+        "metas": map<string>string
+    }
+}
+```
+
+#### CloseProxy
+
+A previously created proxy is closed.
+
+Please note that one request will be sent for every proxy that is closed, do **NOT** use this
+if you have too many proxies bound to a single client, as this may exhaust the server's resources.
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+            "run_id": <string>
+        },
+        "proxy_name": <string>
+    }
+}
+```
+
+#### Ping
+
+Heartbeat from frpc
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+            "run_id": <string>
+        },
+        "timestamp": <int64>,
+        "privilege_key": <string>
+    }
+}
+```
+
+#### NewWorkConn
+
+New work connection received from frpc (RPC sent after `run_id` is matched with an existing frp connection)
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+            "run_id": <string>
+        },
+        "run_id": <string>
+        "timestamp": <int64>,
+        "privilege_key": <string>
+    }
+}
+```
+
+#### NewUserConn
+
+New user connection received from proxy (support `tcp`, `stcp`, `https` and `tcpmux`) .
+
+```
+{
+    "content": {
+        "user": {
+            "user": <string>,
+            "metas": map<string>string
+            "run_id": <string>
+        },
+        "proxy_name": <string>,
+        "proxy_type": <string>,
+        "remote_addr": <string>
+    }
+}
+```
+
+### Server Plugin Configuration
+
+```ini
+# frps.ini
+[common]
+bind_port = 7000
+
+[plugin.user-manager]
+addr = 127.0.0.1:9000
+path = /handler
+ops = Login
+
+[plugin.port-manager]
+addr = 127.0.0.1:9001
+path = /handler
+ops = NewProxy
+```
+
+- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
+- path: http request url path for the POST request.
+- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
+
+### Metadata
+
+Metadata will be sent to the server plugin in each RPC request.
+
+There are 2 types of metadata entries - 1 under `[common]` and the other under each proxy configuration.
+Metadata entries under `[common]` will be sent in `Login` under the key `metas`, and in any other RPC request under `user.metas`.
+Metadata entries under each proxy configuration will be sent in `NewProxy` op only, under `metas`.
+
+Metadata entries start with `meta_`. This is an example of metadata entries in `[common]` and under the proxy named `[ssh]`:
+
+```
+# frpc.ini
+[common]
+server_addr = 127.0.0.1
+server_port = 7000
+user = fake
+meta_token = fake
+meta_version = 1.0.0
+
+[ssh]
+type = tcp
+local_port = 22
+remote_port = 6000
+meta_id = 123
+```

dockerfiles/Dockerfile-for-frpc

@@ -0,0 +1,12 @@
+FROM golang:1.20 AS building
+
+COPY . /building
+WORKDIR /building
+
+RUN make frpc
+
+FROM alpine:3
+
+COPY --from=building /building/bin/frpc /usr/bin/frpc
+
+ENTRYPOINT ["/usr/bin/frpc"]

dockerfiles/Dockerfile-for-frps

@@ -0,0 +1,12 @@
+FROM golang:1.20 AS building
+
+COPY . /building
+WORKDIR /building
+
+RUN make frps
+
+FROM alpine:3
+
+COPY --from=building /building/bin/frps /usr/bin/frps
+
+ENTRYPOINT ["/usr/bin/frps"]

go.mod

@@ -0,0 +1,77 @@
+module github.com/fatedier/frp
+
+go 1.20
+
+require (
+	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
+	github.com/coreos/go-oidc/v3 v3.4.0
+	github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb
+	github.com/fatedier/golib v0.1.1-0.20230320133937-a7edcc8c793d
+	github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible
+	github.com/go-playground/validator/v10 v10.11.0
+	github.com/google/uuid v1.3.0
+	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/websocket v1.5.0
+	github.com/hashicorp/yamux v0.1.1
+	github.com/onsi/ginkgo/v2 v2.8.3
+	github.com/onsi/gomega v1.27.0
+	github.com/pion/stun v0.4.0
+	github.com/pires/go-proxyproto v0.6.2
+	github.com/prometheus/client_golang v1.13.0
+	github.com/quic-go/quic-go v0.34.0
+	github.com/rodaine/table v1.0.1
+	github.com/samber/lo v1.38.1
+	github.com/spf13/cobra v1.1.3
+	github.com/stretchr/testify v1.8.1
+	golang.org/x/net v0.7.0
+	golang.org/x/oauth2 v0.3.0
+	golang.org/x/sync v0.1.0
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8
+	gopkg.in/ini.v1 v1.67.0
+	k8s.io/apimachinery v0.26.1
+	k8s.io/client-go v0.26.1
+)
+
+require (
+	github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.3 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.0.6 // indirect
+	github.com/klauspost/reedsolomon v1.9.15 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/pion/transport/v2 v2.0.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
+	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 // indirect
+	github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
+	golang.org/x/crypto v0.4.0 // indirect
+	golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect
+)

go.sum

@@ -0,0 +1,980 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
+cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A=
+cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow=
+cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM=
+cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M=
+cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
+cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
+cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-oidc/v3 v3.4.0 h1:xz7elHb/LDwm/ERpwHd+5nb7wFHL32rsr6bBOgaeu6g=
+github.com/coreos/go-oidc/v3 v3.4.0/go.mod h1:eHUXhZtXPQLgEaDrOVTgwbgmz1xGOkJNye6h3zkD2Pw=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb h1:wCrNShQidLmvVWn/0PikGmpdP0vtQmnvyRg3ZBEhczw=
+github.com/fatedier/beego v0.0.0-20171024143340-6c6a4f5bd5eb/go.mod h1:wx3gB6dbIfBRcucp94PI9Bt3I0F2c/MyNEWuhzpWiwk=
+github.com/fatedier/golib v0.1.1-0.20230320133937-a7edcc8c793d h1:/m9Atycn9uKRwwOkxv4c+zaugxRgkdSG/Eg3IJWOpNs=
+github.com/fatedier/golib v0.1.1-0.20230320133937-a7edcc8c793d/go.mod h1:Wdn1pJ0dHB1lah6FPYwt4AO9NEmWI0OzW13dpzC9g4E=
+github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible h1:ssXat9YXFvigNge/IkkZvFMn8yeYKFX+uI6wn2mLJ74=
+github.com/fatedier/kcp-go v2.0.4-0.20190803094908-fe8645b0a904+incompatible/go.mod h1:YpCOaxj7vvMThhIQ9AfTOPW2sfztQR5WDfs7AflSy4s=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
+github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM=
+github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM=
+github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
+github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
+github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
+github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid/v2 v2.0.6 h1:dQ5ueTiftKxp0gyjKSx5+8BtPWkyQbd95m8Gys/RarI=
+github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/reedsolomon v1.9.15 h1:g2erWKD2M6rgnPf89fCji6jNlhMKMdXcuNHMW1SYCIo=
+github.com/klauspost/reedsolomon v1.9.15/go.mod h1:eqPAcE7xar5CIzcdfwydOEdcmchAKAP/qs14y4GCBOk=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/onsi/ginkgo/v2 v2.8.3 h1:RpbK1G8nWPNaCVFBWsOGnEQQGgASi6b8fxcWBvDYjxQ=
+github.com/onsi/ginkgo/v2 v2.8.3/go.mod h1:6OaUA8BCi0aZfmzYT/q9AacwTzDpNbxILUT+TlBq6MY=
+github.com/onsi/gomega v1.27.0 h1:QLidEla4bXUuZVFa4KX6JHCsuGgbi85LC/pCHrt/O08=
+github.com/onsi/gomega v1.27.0/go.mod h1:i189pavgK95OSIipFBa74gC2V4qrQuvjuyGEr3GmbXA=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
+github.com/pion/stun v0.4.0 h1:vgRrbBE2htWHy7l3Zsxckk7rkjnjOsSM7PHZnBwo8rk=
+github.com/pion/stun v0.4.0/go.mod h1:QPsh1/SbXASntw3zkkrIk3ZJVKz4saBY2G7S10P3wCw=
+github.com/pion/transport/v2 v2.0.0 h1:bsMYyqHCbkvHwj+eNCFBuxtlKndKfyGI2vaQmM3fIE4=
+github.com/pion/transport/v2 v2.0.0/go.mod h1:HS2MEBJTwD+1ZI2eSXSvHJx/HnzQqRy2/LXxt6eVMHc=
+github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
+github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU=
+github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
+github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc86Z5U=
+github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
+github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
+github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
+github.com/quic-go/quic-go v0.34.0 h1:OvOJ9LFjTySgwOTYUZmNoq0FzVicP8YujpV0kB7m2lU=
+github.com/quic-go/quic-go v0.34.0/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g=
+github.com/rodaine/table v1.0.1 h1:U/VwCnUxlVYxw8+NJiLIuCxA/xa6jL38MY3FYysVWWQ=
+github.com/rodaine/table v1.0.1/go.mod h1:UVEtfBsflpeEcD56nF4F5AocNFta0ZuolpSVdPtlmP4=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=
+github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
+github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161 h1:89CEmDvlq/F7SJEOqkIdNDGJXrQIhuIx9D2DBXjavSU=
+github.com/templexxx/cpufeat v0.0.0-20180724012125-cef66df7f161/go.mod h1:wM7WEvslTq+iOEAMDLSzhVuOt5BRZ05WirO+b09GHQU=
+github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b h1:fj5tQ8acgNUr6O8LEplsxDhUIe2573iLkJc+PqnzZTI=
+github.com/templexxx/xor v0.0.0-20191217153810-f85b25db303b/go.mod h1:5XA7W9S6mni3h5uvOC75dA3m9CCCaS83lltmc0ukdi4=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xtaci/lossyconn v0.0.0-20200209145036-adba10fffc37 h1:EWU6Pktpas0n8lLQwDsRyZfmkPeRbdgPtW609es+/9E=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o=
+golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/oauth2 v0.3.0 h1:6l90koy8/LaBLmLu8jpHeHexzMwEita0zFfYlggy2F8=
+golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44=
+golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
+google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo=
+google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g=
+google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA=
+google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8=
+google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs=
+google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA=
+google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
+google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
+google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
+google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E=
+google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo=
+google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
+google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
+google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ=
+k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74=
+k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU=
+k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE=
+k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs=
+k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

hack/download.sh

@@ -0,0 +1,63 @@
+#!/bin/sh
+
+OS="$(go env GOOS)"
+ARCH="$(go env GOARCH)"
+
+if [ "${TARGET_OS}" ]; then
+  OS="${TARGET_OS}"
+fi
+if [ "${TARGET_ARCH}" ]; then
+  ARCH="${TARGET_ARCH}"
+fi
+
+# Determine the latest version by version number ignoring alpha, beta, and rc versions.
+if [ "${FRP_VERSION}" = "" ] ; then
+  FRP_VERSION="$(curl -sL https://github.com/fatedier/frp/releases | \
+                  grep -o 'releases/tag/v[0-9]*.[0-9]*.[0-9]*"' | sort -V | \
+                  tail -1 | awk -F'/' '{ print $3}')"
+  FRP_VERSION="${FRP_VERSION%?}"
+  FRP_VERSION="${FRP_VERSION#?}"
+fi
+
+if [ "${FRP_VERSION}" = "" ] ; then
+  printf "Unable to get latest frp version. Set FRP_VERSION env var and re-run. For example: export FRP_VERSION=1.0.0"
+  exit 1;
+fi
+
+SUFFIX=".tar.gz"
+if [ "${OS}" = "windows" ] ; then
+  SUFFIX=".zip"
+fi
+NAME="frp_${FRP_VERSION}_${OS}_${ARCH}${SUFFIX}"
+DIR_NAME="frp_${FRP_VERSION}_${OS}_${ARCH}"
+URL="https://github.com/fatedier/frp/releases/download/v${FRP_VERSION}/${NAME}"
+
+download_and_extract() {
+  printf "Downloading %s from %s ...\n" "$NAME" "${URL}"
+  if ! curl -o /dev/null -sIf "${URL}"; then
+    printf "\n%s is not found, please specify a valid FRP_VERSION\n" "${URL}"
+    exit 1
+  fi
+  curl -fsLO "${URL}"
+  filename=$NAME
+
+  if [ "${OS}" = "windows" ]; then
+    unzip "${filename}"
+  else
+    tar -xzf "${filename}"
+  fi
+  rm "${filename}"
+
+  if [ "${TARGET_DIRNAME}" ]; then
+    mv "${DIR_NAME}" "${TARGET_DIRNAME}"
+    DIR_NAME="${TARGET_DIRNAME}"
+  fi
+}
+
+download_and_extract
+
+printf ""
+printf "\nfrp %s Download Complete!\n" "$FRP_VERSION"
+printf "\n"
+printf "frp has been successfully downloaded into the %s folder on your system.\n" "$DIR_NAME"
+printf "\n"

hack/run-e2e.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+SCRIPT=$(readlink -f "$0")
+ROOT=$(unset CDPATH && cd "$(dirname "$SCRIPT")/.." && pwd)
+
+ginkgo_command=$(which ginkgo 2>/dev/null)
+if [ -z "$ginkgo_command" ]; then
+    echo "ginkgo not found, try to install..."
+    go install github.com/onsi/ginkgo/v2/ginkgo@v2.8.3
+fi
+
+debug=false
+if [ "x${DEBUG}" = "xtrue" ]; then
+    debug=true
+fi
+logLevel=debug
+if [ "${LOG_LEVEL}" ]; then
+    logLevel="${LOG_LEVEL}"
+fi
+
+frpcPath=${ROOT}/bin/frpc
+if [ "${FRPC_PATH}" ]; then
+    frpcPath="${FRPC_PATH}"
+fi
+frpsPath=${ROOT}/bin/frps
+if [ "${FRPS_PATH}" ]; then
+    frpsPath="${FRPS_PATH}"
+fi
+
+ginkgo -nodes=8 --poll-progress-after=60s ${ROOT}/test/e2e -- -frpc-path=${frpcPath} -frps-path=${frpsPath} -log-level=${logLevel} -debug=${debug}

package.sh

@@ -11,11 +11,13 @@ echo "build version: $frp_version"
 # cross_compiles
 make -f ./Makefile.cross-compiles
 
-rm -rf ./packages
-mkdir ./packages
+rm -rf ./release/packages
+mkdir -p ./release/packages
 
-os_all='linux windows darwin'
-arch_all='386 amd64 arm mips64 mips64le'
+os_all='linux windows darwin freebsd'
+arch_all='386 amd64 arm arm64 mips64 mips64le mips mipsle riscv64'
+
+cd ./release
 
 for os in $os_all; do
     for arch in $arch_all; do
@@ -43,8 +45,8 @@ for os in $os_all; do
             mv ./frpc_${os}_${arch} ${frp_path}/frpc
             mv ./frps_${os}_${arch} ${frp_path}/frps
         fi  
-        cp ./LICENSE ${frp_path}
-        cp ./conf/* ${frp_path}
+        cp ../LICENSE ${frp_path}
+        cp -rf ../conf/* ${frp_path}
 
         # packages
         cd ./packages
@@ -57,3 +59,5 @@ for os in $os_all; do
         rm -rf ${frp_path}
     done
 done
+
+cd -

pkg/auth/auth.go

@@ -0,0 +1,108 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"fmt"
+
+	"github.com/fatedier/frp/pkg/consts"
+	"github.com/fatedier/frp/pkg/msg"
+)
+
+type BaseConfig struct {
+	// AuthenticationMethod specifies what authentication method to use to
+	// authenticate frpc with frps. If "token" is specified - token will be
+	// read into login message. If "oidc" is specified - OIDC (Open ID Connect)
+	// token will be issued using OIDC settings. By default, this value is "token".
+	AuthenticationMethod string `ini:"authentication_method" json:"authentication_method"`
+	// AuthenticateHeartBeats specifies whether to include authentication token in
+	// heartbeats sent to frps. By default, this value is false.
+	AuthenticateHeartBeats bool `ini:"authenticate_heartbeats" json:"authenticate_heartbeats"`
+	// AuthenticateNewWorkConns specifies whether to include authentication token in
+	// new work connections sent to frps. By default, this value is false.
+	AuthenticateNewWorkConns bool `ini:"authenticate_new_work_conns" json:"authenticate_new_work_conns"`
+}
+
+func getDefaultBaseConf() BaseConfig {
+	return BaseConfig{
+		AuthenticationMethod:     "token",
+		AuthenticateHeartBeats:   false,
+		AuthenticateNewWorkConns: false,
+	}
+}
+
+type ClientConfig struct {
+	BaseConfig       `ini:",extends"`
+	OidcClientConfig `ini:",extends"`
+	TokenConfig      `ini:",extends"`
+}
+
+func GetDefaultClientConf() ClientConfig {
+	return ClientConfig{
+		BaseConfig:       getDefaultBaseConf(),
+		OidcClientConfig: getDefaultOidcClientConf(),
+		TokenConfig:      getDefaultTokenConf(),
+	}
+}
+
+type ServerConfig struct {
+	BaseConfig       `ini:",extends"`
+	OidcServerConfig `ini:",extends"`
+	TokenConfig      `ini:",extends"`
+}
+
+func GetDefaultServerConf() ServerConfig {
+	return ServerConfig{
+		BaseConfig:       getDefaultBaseConf(),
+		OidcServerConfig: getDefaultOidcServerConf(),
+		TokenConfig:      getDefaultTokenConf(),
+	}
+}
+
+type Setter interface {
+	SetLogin(*msg.Login) error
+	SetPing(*msg.Ping) error
+	SetNewWorkConn(*msg.NewWorkConn) error
+}
+
+func NewAuthSetter(cfg ClientConfig) (authProvider Setter) {
+	switch cfg.AuthenticationMethod {
+	case consts.TokenAuthMethod:
+		authProvider = NewTokenAuth(cfg.BaseConfig, cfg.TokenConfig)
+	case consts.OidcAuthMethod:
+		authProvider = NewOidcAuthSetter(cfg.BaseConfig, cfg.OidcClientConfig)
+	default:
+		panic(fmt.Sprintf("wrong authentication method: '%s'", cfg.AuthenticationMethod))
+	}
+
+	return authProvider
+}
+
+type Verifier interface {
+	VerifyLogin(*msg.Login) error
+	VerifyPing(*msg.Ping) error
+	VerifyNewWorkConn(*msg.NewWorkConn) error
+}
+
+func NewAuthVerifier(cfg ServerConfig) (authVerifier Verifier) {
+	switch cfg.AuthenticationMethod {
+	case consts.TokenAuthMethod:
+		authVerifier = NewTokenAuth(cfg.BaseConfig, cfg.TokenConfig)
+	case consts.OidcAuthMethod:
+		authVerifier = NewOidcAuthVerifier(cfg.BaseConfig, cfg.OidcServerConfig)
+	}
+
+	return authVerifier
+}

pkg/auth/oidc.go

@@ -0,0 +1,216 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"golang.org/x/oauth2/clientcredentials"
+
+	"github.com/fatedier/frp/pkg/msg"
+)
+
+type OidcClientConfig struct {
+	// OidcClientID specifies the client ID to use to get a token in OIDC
+	// authentication if AuthenticationMethod == "oidc". By default, this value
+	// is "".
+	OidcClientID string `ini:"oidc_client_id" json:"oidc_client_id"`
+	// OidcClientSecret specifies the client secret to use to get a token in OIDC
+	// authentication if AuthenticationMethod == "oidc". By default, this value
+	// is "".
+	OidcClientSecret string `ini:"oidc_client_secret" json:"oidc_client_secret"`
+	// OidcAudience specifies the audience of the token in OIDC authentication
+	// if AuthenticationMethod == "oidc". By default, this value is "".
+	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
+	// OidcScope specifies the scope of the token in OIDC authentication
+	// if AuthenticationMethod == "oidc". By default, this value is "".
+	OidcScope string `ini:"oidc_scope" json:"oidc_scope"`
+	// OidcTokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
+	// It will be used to get an OIDC token if AuthenticationMethod == "oidc".
+	// By default, this value is "".
+	OidcTokenEndpointURL string `ini:"oidc_token_endpoint_url" json:"oidc_token_endpoint_url"`
+
+	// OidcAdditionalEndpointParams specifies additional parameters to be sent
+	// this field will be transfer to map[string][]string in OIDC token generator
+	// The field will be set by prefix "oidc_additional_"
+	OidcAdditionalEndpointParams map[string]string `ini:"-" json:"oidc_additional_endpoint_params"`
+}
+
+func getDefaultOidcClientConf() OidcClientConfig {
+	return OidcClientConfig{
+		OidcClientID:                 "",
+		OidcClientSecret:             "",
+		OidcAudience:                 "",
+		OidcScope:                    "",
+		OidcTokenEndpointURL:         "",
+		OidcAdditionalEndpointParams: make(map[string]string),
+	}
+}
+
+type OidcServerConfig struct {
+	// OidcIssuer specifies the issuer to verify OIDC tokens with. This issuer
+	// will be used to load public keys to verify signature and will be compared
+	// with the issuer claim in the OIDC token. It will be used if
+	// AuthenticationMethod == "oidc". By default, this value is "".
+	OidcIssuer string `ini:"oidc_issuer" json:"oidc_issuer"`
+	// OidcAudience specifies the audience OIDC tokens should contain when validated.
+	// If this value is empty, audience ("client ID") verification will be skipped.
+	// It will be used when AuthenticationMethod == "oidc". By default, this
+	// value is "".
+	OidcAudience string `ini:"oidc_audience" json:"oidc_audience"`
+	// OidcSkipExpiryCheck specifies whether to skip checking if the OIDC token is
+	// expired. It will be used when AuthenticationMethod == "oidc". By default, this
+	// value is false.
+	OidcSkipExpiryCheck bool `ini:"oidc_skip_expiry_check" json:"oidc_skip_expiry_check"`
+	// OidcSkipIssuerCheck specifies whether to skip checking if the OIDC token's
+	// issuer claim matches the issuer specified in OidcIssuer. It will be used when
+	// AuthenticationMethod == "oidc". By default, this value is false.
+	OidcSkipIssuerCheck bool `ini:"oidc_skip_issuer_check" json:"oidc_skip_issuer_check"`
+}
+
+func getDefaultOidcServerConf() OidcServerConfig {
+	return OidcServerConfig{
+		OidcIssuer:          "",
+		OidcAudience:        "",
+		OidcSkipExpiryCheck: false,
+		OidcSkipIssuerCheck: false,
+	}
+}
+
+type OidcAuthProvider struct {
+	BaseConfig
+
+	tokenGenerator *clientcredentials.Config
+}
+
+func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvider {
+	eps := make(map[string][]string)
+	for k, v := range cfg.OidcAdditionalEndpointParams {
+		eps[k] = []string{v}
+	}
+
+	if cfg.OidcAudience != "" {
+		eps["audience"] = []string{cfg.OidcAudience}
+	}
+
+	tokenGenerator := &clientcredentials.Config{
+		ClientID:       cfg.OidcClientID,
+		ClientSecret:   cfg.OidcClientSecret,
+		Scopes:         []string{cfg.OidcScope},
+		TokenURL:       cfg.OidcTokenEndpointURL,
+		EndpointParams: eps,
+	}
+
+	return &OidcAuthProvider{
+		BaseConfig:     baseCfg,
+		tokenGenerator: tokenGenerator,
+	}
+}
+
+func (auth *OidcAuthProvider) generateAccessToken() (accessToken string, err error) {
+	tokenObj, err := auth.tokenGenerator.Token(context.Background())
+	if err != nil {
+		return "", fmt.Errorf("couldn't generate OIDC token for login: %v", err)
+	}
+	return tokenObj.AccessToken, nil
+}
+
+func (auth *OidcAuthProvider) SetLogin(loginMsg *msg.Login) (err error) {
+	loginMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+func (auth *OidcAuthProvider) SetPing(pingMsg *msg.Ping) (err error) {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	pingMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+func (auth *OidcAuthProvider) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (err error) {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	newWorkConnMsg.PrivilegeKey, err = auth.generateAccessToken()
+	return err
+}
+
+type OidcAuthConsumer struct {
+	BaseConfig
+
+	verifier         *oidc.IDTokenVerifier
+	subjectFromLogin string
+}
+
+func NewOidcAuthVerifier(baseCfg BaseConfig, cfg OidcServerConfig) *OidcAuthConsumer {
+	provider, err := oidc.NewProvider(context.Background(), cfg.OidcIssuer)
+	if err != nil {
+		panic(err)
+	}
+	verifierConf := oidc.Config{
+		ClientID:          cfg.OidcAudience,
+		SkipClientIDCheck: cfg.OidcAudience == "",
+		SkipExpiryCheck:   cfg.OidcSkipExpiryCheck,
+		SkipIssuerCheck:   cfg.OidcSkipIssuerCheck,
+	}
+	return &OidcAuthConsumer{
+		BaseConfig: baseCfg,
+		verifier:   provider.Verifier(&verifierConf),
+	}
+}
+
+func (auth *OidcAuthConsumer) VerifyLogin(loginMsg *msg.Login) (err error) {
+	token, err := auth.verifier.Verify(context.Background(), loginMsg.PrivilegeKey)
+	if err != nil {
+		return fmt.Errorf("invalid OIDC token in login: %v", err)
+	}
+	auth.subjectFromLogin = token.Subject
+	return nil
+}
+
+func (auth *OidcAuthConsumer) verifyPostLoginToken(privilegeKey string) (err error) {
+	token, err := auth.verifier.Verify(context.Background(), privilegeKey)
+	if err != nil {
+		return fmt.Errorf("invalid OIDC token in ping: %v", err)
+	}
+	if token.Subject != auth.subjectFromLogin {
+		return fmt.Errorf("received different OIDC subject in login and ping. "+
+			"original subject: %s, "+
+			"new subject: %s",
+			auth.subjectFromLogin, token.Subject)
+	}
+	return nil
+}
+
+func (auth *OidcAuthConsumer) VerifyPing(pingMsg *msg.Ping) (err error) {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	return auth.verifyPostLoginToken(pingMsg.PrivilegeKey)
+}
+
+func (auth *OidcAuthConsumer) VerifyNewWorkConn(newWorkConnMsg *msg.NewWorkConn) (err error) {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	return auth.verifyPostLoginToken(newWorkConnMsg.PrivilegeKey)
+}

pkg/auth/token.go

@@ -0,0 +1,103 @@
+// Copyright 2020 guylewin, guy@lewin.co.il
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/fatedier/frp/pkg/msg"
+	"github.com/fatedier/frp/pkg/util/util"
+)
+
+type TokenConfig struct {
+	// Token specifies the authorization token used to create keys to be sent
+	// to the server. The server must have a matching token for authorization
+	// to succeed.  By default, this value is "".
+	Token string `ini:"token" json:"token"`
+}
+
+func getDefaultTokenConf() TokenConfig {
+	return TokenConfig{
+		Token: "",
+	}
+}
+
+type TokenAuthSetterVerifier struct {
+	BaseConfig
+
+	token string
+}
+
+func NewTokenAuth(baseCfg BaseConfig, cfg TokenConfig) *TokenAuthSetterVerifier {
+	return &TokenAuthSetterVerifier{
+		BaseConfig: baseCfg,
+		token:      cfg.Token,
+	}
+}
+
+func (auth *TokenAuthSetterVerifier) SetLogin(loginMsg *msg.Login) (err error) {
+	loginMsg.PrivilegeKey = util.GetAuthKey(auth.token, loginMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) SetPing(pingMsg *msg.Ping) error {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	pingMsg.Timestamp = time.Now().Unix()
+	pingMsg.PrivilegeKey = util.GetAuthKey(auth.token, pingMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	newWorkConnMsg.Timestamp = time.Now().Unix()
+	newWorkConnMsg.PrivilegeKey = util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp)
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyLogin(m *msg.Login) error {
+	if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
+		return fmt.Errorf("token in login doesn't match token from configuration")
+	}
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyPing(m *msg.Ping) error {
+	if !auth.AuthenticateHeartBeats {
+		return nil
+	}
+
+	if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
+		return fmt.Errorf("token in heartbeat doesn't match token from configuration")
+	}
+	return nil
+}
+
+func (auth *TokenAuthSetterVerifier) VerifyNewWorkConn(m *msg.NewWorkConn) error {
+	if !auth.AuthenticateNewWorkConns {
+		return nil
+	}
+
+	if !util.ConstantTimeEqString(util.GetAuthKey(auth.token, m.Timestamp), m.PrivilegeKey) {
+		return fmt.Errorf("token in NewWorkConn doesn't match token from configuration")
+	}
+	return nil
+}

pkg/config/README.md

@@ -0,0 +1,12 @@
+So far, there is no mature Go project that does well in parsing `*.ini` files. 
+
+By comparison, we have selected an open source project: `https://github.com/go-ini/ini`.
+
+This library helped us solve most of the key-value matching, but there are still some problems, such as not supporting parsing `map`.
+
+We add our own logic on the basis of this library. In the current situationwhich, we need to complete the entire `Unmarshal` in two steps:
+
+* Step#1, use `go-ini` to complete the basic parameter matching;
+* Step#2, parse our custom parameters to realize parsing special structure, like `map`, `array`.
+
+Some of the keywords in `tag`(like inline, extends, etc.) may be different from standard libraries such as `json` and `protobuf` in Go. For details, please refer to the library documentation: https://ini.unknwon.io/docs/intro.

pkg/config/client.go

@@ -0,0 +1,422 @@
+// Copyright 2020 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"gopkg.in/ini.v1"
+
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/util/util"
+)
+
+// ClientCommonConf contains information for a client service. It is
+// recommended to use GetDefaultClientConf instead of creating this object
+// directly, so that all unspecified fields have reasonable default values.
+type ClientCommonConf struct {
+	auth.ClientConfig `ini:",extends"`
+
+	// ServerAddr specifies the address of the server to connect to. By
+	// default, this value is "0.0.0.0".
+	ServerAddr string `ini:"server_addr" json:"server_addr"`
+	// ServerPort specifies the port to connect to the server on. By default,
+	// this value is 7000.
+	ServerPort int `ini:"server_port" json:"server_port"`
+	// STUN server to help penetrate NAT hole.
+	NatHoleSTUNServer string `ini:"nat_hole_stun_server" json:"nat_hole_stun_server"`
+	// The maximum amount of time a dial to server will wait for a connect to complete.
+	DialServerTimeout int64 `ini:"dial_server_timeout" json:"dial_server_timeout"`
+	// DialServerKeepAlive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
+	// If negative, keep-alive probes are disabled.
+	DialServerKeepAlive int64 `ini:"dial_server_keepalive" json:"dial_server_keepalive"`
+	// ConnectServerLocalIP specifies the address of the client bind when it connect to server.
+	// By default, this value is empty.
+	// this value only use in TCP/Websocket protocol. Not support in KCP protocol.
+	ConnectServerLocalIP string `ini:"connect_server_local_ip" json:"connect_server_local_ip"`
+	// HTTPProxy specifies a proxy address to connect to the server through. If
+	// this value is "", the server will be connected to directly. By default,
+	// this value is read from the "http_proxy" environment variable.
+	HTTPProxy string `ini:"http_proxy" json:"http_proxy"`
+	// LogFile specifies a file where logs will be written to. This value will
+	// only be used if LogWay is set appropriately. By default, this value is
+	// "console".
+	LogFile string `ini:"log_file" json:"log_file"`
+	// LogWay specifies the way logging is managed. Valid values are "console"
+	// or "file". If "console" is used, logs will be printed to stdout. If
+	// "file" is used, logs will be printed to LogFile. By default, this value
+	// is "console".
+	LogWay string `ini:"log_way" json:"log_way"`
+	// LogLevel specifies the minimum log level. Valid values are "trace",
+	// "debug", "info", "warn", and "error". By default, this value is "info".
+	LogLevel string `ini:"log_level" json:"log_level"`
+	// LogMaxDays specifies the maximum number of days to store log information
+	// before deletion. This is only used if LogWay == "file". By default, this
+	// value is 0.
+	LogMaxDays int64 `ini:"log_max_days" json:"log_max_days"`
+	// DisableLogColor disables log colors when LogWay == "console" when set to
+	// true. By default, this value is false.
+	DisableLogColor bool `ini:"disable_log_color" json:"disable_log_color"`
+	// AdminAddr specifies the address that the admin server binds to. By
+	// default, this value is "127.0.0.1".
+	AdminAddr string `ini:"admin_addr" json:"admin_addr"`
+	// AdminPort specifies the port for the admin server to listen on. If this
+	// value is 0, the admin server will not be started. By default, this value
+	// is 0.
+	AdminPort int `ini:"admin_port" json:"admin_port"`
+	// AdminUser specifies the username that the admin server will use for
+	// login.
+	AdminUser string `ini:"admin_user" json:"admin_user"`
+	// AdminPwd specifies the password that the admin server will use for
+	// login.
+	AdminPwd string `ini:"admin_pwd" json:"admin_pwd"`
+	// AssetsDir specifies the local directory that the admin server will load
+	// resources from. If this value is "", assets will be loaded from the
+	// bundled executable using statik. By default, this value is "".
+	AssetsDir string `ini:"assets_dir" json:"assets_dir"`
+	// PoolCount specifies the number of connections the client will make to
+	// the server in advance. By default, this value is 0.
+	PoolCount int `ini:"pool_count" json:"pool_count"`
+	// TCPMux toggles TCP stream multiplexing. This allows multiple requests
+	// from a client to share a single TCP connection. If this value is true,
+	// the server must have TCP multiplexing enabled as well. By default, this
+	// value is true.
+	TCPMux bool `ini:"tcp_mux" json:"tcp_mux"`
+	// TCPMuxKeepaliveInterval specifies the keep alive interval for TCP stream multipler.
+	// If TCPMux is true, heartbeat of application layer is unnecessary because it can only rely on heartbeat in TCPMux.
+	TCPMuxKeepaliveInterval int64 `ini:"tcp_mux_keepalive_interval" json:"tcp_mux_keepalive_interval"`
+	// User specifies a prefix for proxy names to distinguish them from other
+	// clients. If this value is not "", proxy names will automatically be
+	// changed to "{user}.{proxy_name}". By default, this value is "".
+	User string `ini:"user" json:"user"`
+	// DNSServer specifies a DNS server address for FRPC to use. If this value
+	// is "", the default DNS will be used. By default, this value is "".
+	DNSServer string `ini:"dns_server" json:"dns_server"`
+	// LoginFailExit controls whether or not the client should exit after a
+	// failed login attempt. If false, the client will retry until a login
+	// attempt succeeds. By default, this value is true.
+	LoginFailExit bool `ini:"login_fail_exit" json:"login_fail_exit"`
+	// Start specifies a set of enabled proxies by name. If this set is empty,
+	// all supplied proxies are enabled. By default, this value is an empty
+	// set.
+	Start []string `ini:"start" json:"start"`
+	// Start map[string]struct{} `json:"start"`
+	// Protocol specifies the protocol to use when interacting with the server.
+	// Valid values are "tcp", "kcp", "quic" and "websocket". By default, this value
+	// is "tcp".
+	Protocol string `ini:"protocol" json:"protocol"`
+	// QUIC protocol options
+	QUICKeepalivePeriod    int `ini:"quic_keepalive_period" json:"quic_keepalive_period" validate:"gte=0"`
+	QUICMaxIdleTimeout     int `ini:"quic_max_idle_timeout" json:"quic_max_idle_timeout" validate:"gte=0"`
+	QUICMaxIncomingStreams int `ini:"quic_max_incoming_streams" json:"quic_max_incoming_streams" validate:"gte=0"`
+	// TLSEnable specifies whether or not TLS should be used when communicating
+	// with the server. If "tls_cert_file" and "tls_key_file" are valid,
+	// client will load the supplied tls configuration.
+	// Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
+	TLSEnable bool `ini:"tls_enable" json:"tls_enable"`
+	// TLSCertPath specifies the path of the cert file that client will
+	// load. It only works when "tls_enable" is true and "tls_key_file" is valid.
+	TLSCertFile string `ini:"tls_cert_file" json:"tls_cert_file"`
+	// TLSKeyPath specifies the path of the secret key file that client
+	// will load. It only works when "tls_enable" is true and "tls_cert_file"
+	// are valid.
+	TLSKeyFile string `ini:"tls_key_file" json:"tls_key_file"`
+	// TLSTrustedCaFile specifies the path of the trusted ca file that will load.
+	// It only works when "tls_enable" is valid and tls configuration of server
+	// has been specified.
+	TLSTrustedCaFile string `ini:"tls_trusted_ca_file" json:"tls_trusted_ca_file"`
+	// TLSServerName specifies the custom server name of tls certificate. By
+	// default, server name if same to ServerAddr.
+	TLSServerName string `ini:"tls_server_name" json:"tls_server_name"`
+	// If the disable_custom_tls_first_byte is set to false, frpc will establish a connection with frps using the
+	// first custom byte when tls is enabled.
+	// Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
+	DisableCustomTLSFirstByte bool `ini:"disable_custom_tls_first_byte" json:"disable_custom_tls_first_byte"`
+	// HeartBeatInterval specifies at what interval heartbeats are sent to the
+	// server, in seconds. It is not recommended to change this value. By
+	// default, this value is 30. Set negative value to disable it.
+	HeartbeatInterval int64 `ini:"heartbeat_interval" json:"heartbeat_interval"`
+	// HeartBeatTimeout specifies the maximum allowed heartbeat response delay
+	// before the connection is terminated, in seconds. It is not recommended
+	// to change this value. By default, this value is 90. Set negative value to disable it.
+	HeartbeatTimeout int64 `ini:"heartbeat_timeout" json:"heartbeat_timeout"`
+	// Client meta info
+	Metas map[string]string `ini:"-" json:"metas"`
+	// UDPPacketSize specifies the udp packet size
+	// By default, this value is 1500
+	UDPPacketSize int64 `ini:"udp_packet_size" json:"udp_packet_size"`
+	// Include other config files for proxies.
+	IncludeConfigFiles []string `ini:"includes" json:"includes"`
+	// Enable golang pprof handlers in admin listener.
+	// Admin port must be set first.
+	PprofEnable bool `ini:"pprof_enable" json:"pprof_enable"`
+}
+
+// GetDefaultClientConf returns a client configuration with default values.
+func GetDefaultClientConf() ClientCommonConf {
+	return ClientCommonConf{
+		ClientConfig:              auth.GetDefaultClientConf(),
+		ServerAddr:                "0.0.0.0",
+		ServerPort:                7000,
+		NatHoleSTUNServer:         "stun.easyvoip.com:3478",
+		DialServerTimeout:         10,
+		DialServerKeepAlive:       7200,
+		HTTPProxy:                 os.Getenv("http_proxy"),
+		LogFile:                   "console",
+		LogWay:                    "console",
+		LogLevel:                  "info",
+		LogMaxDays:                3,
+		AdminAddr:                 "127.0.0.1",
+		PoolCount:                 1,
+		TCPMux:                    true,
+		TCPMuxKeepaliveInterval:   60,
+		LoginFailExit:             true,
+		Start:                     make([]string, 0),
+		Protocol:                  "tcp",
+		QUICKeepalivePeriod:       10,
+		QUICMaxIdleTimeout:        30,
+		QUICMaxIncomingStreams:    100000,
+		TLSEnable:                 true,
+		DisableCustomTLSFirstByte: true,
+		HeartbeatInterval:         30,
+		HeartbeatTimeout:          90,
+		Metas:                     make(map[string]string),
+		UDPPacketSize:             1500,
+		IncludeConfigFiles:        make([]string, 0),
+	}
+}
+
+func (cfg *ClientCommonConf) Complete() {
+	if cfg.LogFile == "console" {
+		cfg.LogWay = "console"
+	} else {
+		cfg.LogWay = "file"
+	}
+}
+
+func (cfg *ClientCommonConf) Validate() error {
+	if cfg.HeartbeatTimeout > 0 && cfg.HeartbeatInterval > 0 {
+		if cfg.HeartbeatTimeout < cfg.HeartbeatInterval {
+			return fmt.Errorf("invalid heartbeat_timeout, heartbeat_timeout is less than heartbeat_interval")
+		}
+	}
+
+	if !cfg.TLSEnable {
+		if cfg.TLSCertFile != "" {
+			fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
+		}
+
+		if cfg.TLSKeyFile != "" {
+			fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
+		}
+
+		if cfg.TLSTrustedCaFile != "" {
+			fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
+		}
+	}
+
+	if cfg.Protocol != "tcp" && cfg.Protocol != "kcp" && cfg.Protocol != "websocket" && cfg.Protocol != "quic" {
+		return fmt.Errorf("invalid protocol")
+	}
+
+	for _, f := range cfg.IncludeConfigFiles {
+		absDir, err := filepath.Abs(filepath.Dir(f))
+		if err != nil {
+			return fmt.Errorf("include: parse directory of %s failed: %v", f, absDir)
+		}
+		if _, err := os.Stat(absDir); os.IsNotExist(err) {
+			return fmt.Errorf("include: directory of %s not exist", f)
+		}
+	}
+	return nil
+}
+
+// Supported sources including: string(file path), []byte, Reader interface.
+func UnmarshalClientConfFromIni(source interface{}) (ClientCommonConf, error) {
+	f, err := ini.LoadSources(ini.LoadOptions{
+		Insensitive:         false,
+		InsensitiveSections: false,
+		InsensitiveKeys:     false,
+		IgnoreInlineComment: true,
+		AllowBooleanKeys:    true,
+	}, source)
+	if err != nil {
+		return ClientCommonConf{}, err
+	}
+
+	s, err := f.GetSection("common")
+	if err != nil {
+		return ClientCommonConf{}, fmt.Errorf("invalid configuration file, not found [common] section")
+	}
+
+	common := GetDefaultClientConf()
+	err = s.MapTo(&common)
+	if err != nil {
+		return ClientCommonConf{}, err
+	}
+
+	common.Metas = GetMapWithoutPrefix(s.KeysHash(), "meta_")
+	common.ClientConfig.OidcAdditionalEndpointParams = GetMapWithoutPrefix(s.KeysHash(), "oidc_additional_")
+
+	return common, nil
+}
+
+// if len(startProxy) is 0, start all
+// otherwise just start proxies in startProxy map
+func LoadAllProxyConfsFromIni(
+	prefix string,
+	source interface{},
+	start []string,
+) (map[string]ProxyConf, map[string]VisitorConf, error) {
+	f, err := ini.LoadSources(ini.LoadOptions{
+		Insensitive:         false,
+		InsensitiveSections: false,
+		InsensitiveKeys:     false,
+		IgnoreInlineComment: true,
+		AllowBooleanKeys:    true,
+	}, source)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	proxyConfs := make(map[string]ProxyConf)
+	visitorConfs := make(map[string]VisitorConf)
+
+	if prefix != "" {
+		prefix += "."
+	}
+
+	startProxy := make(map[string]struct{})
+	for _, s := range start {
+		startProxy[s] = struct{}{}
+	}
+
+	startAll := true
+	if len(startProxy) > 0 {
+		startAll = false
+	}
+
+	// Build template sections from range section And append to ini.File.
+	rangeSections := make([]*ini.Section, 0)
+	for _, section := range f.Sections() {
+
+		if !strings.HasPrefix(section.Name(), "range:") {
+			continue
+		}
+
+		rangeSections = append(rangeSections, section)
+	}
+
+	for _, section := range rangeSections {
+		err = renderRangeProxyTemplates(f, section)
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to render template for proxy %s: %v", section.Name(), err)
+		}
+	}
+
+	for _, section := range f.Sections() {
+		name := section.Name()
+
+		if name == ini.DefaultSection || name == "common" || strings.HasPrefix(name, "range:") {
+			continue
+		}
+
+		_, shouldStart := startProxy[name]
+		if !startAll && !shouldStart {
+			continue
+		}
+
+		roleType := section.Key("role").String()
+		if roleType == "" {
+			roleType = "server"
+		}
+
+		switch roleType {
+		case "server":
+			newConf, newErr := NewProxyConfFromIni(prefix, name, section)
+			if newErr != nil {
+				return nil, nil, fmt.Errorf("failed to parse proxy %s, err: %v", name, newErr)
+			}
+			proxyConfs[prefix+name] = newConf
+		case "visitor":
+			newConf, newErr := NewVisitorConfFromIni(prefix, name, section)
+			if newErr != nil {
+				return nil, nil, fmt.Errorf("failed to parse visitor %s, err: %v", name, newErr)
+			}
+			visitorConfs[prefix+name] = newConf
+		default:
+			return nil, nil, fmt.Errorf("proxy %s role should be 'server' or 'visitor'", name)
+		}
+	}
+	return proxyConfs, visitorConfs, nil
+}
+
+func renderRangeProxyTemplates(f *ini.File, section *ini.Section) error {
+	// Validation
+	localPortStr := section.Key("local_port").String()
+	remotePortStr := section.Key("remote_port").String()
+	if localPortStr == "" || remotePortStr == "" {
+		return fmt.Errorf("local_port or remote_port is empty")
+	}
+
+	localPorts, err := util.ParseRangeNumbers(localPortStr)
+	if err != nil {
+		return err
+	}
+
+	remotePorts, err := util.ParseRangeNumbers(remotePortStr)
+	if err != nil {
+		return err
+	}
+
+	if len(localPorts) != len(remotePorts) {
+		return fmt.Errorf("local ports number should be same with remote ports number")
+	}
+
+	if len(localPorts) == 0 {
+		return fmt.Errorf("local_port and remote_port is necessary")
+	}
+
+	// Templates
+	prefix := strings.TrimSpace(strings.TrimPrefix(section.Name(), "range:"))
+
+	for i := range localPorts {
+		tmpname := fmt.Sprintf("%s_%d", prefix, i)
+
+		tmpsection, err := f.NewSection(tmpname)
+		if err != nil {
+			return err
+		}
+
+		copySection(section, tmpsection)
+		if _, err := tmpsection.NewKey("local_port", fmt.Sprintf("%d", localPorts[i])); err != nil {
+			return fmt.Errorf("local_port new key in section error: %v", err)
+		}
+		if _, err := tmpsection.NewKey("remote_port", fmt.Sprintf("%d", remotePorts[i])); err != nil {
+			return fmt.Errorf("remote_port new key in section error: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func copySection(source, target *ini.Section) {
+	for key, value := range source.KeysHash() {
+		_, _ = target.NewKey(key, value)
+	}
+}

pkg/config/client_test.go

@@ -0,0 +1,680 @@
+// Copyright 2020 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/fatedier/frp/pkg/auth"
+	"github.com/fatedier/frp/pkg/consts"
+)
+
+const (
+	testUser = "test"
+)
+
+var testClientBytesWithFull = []byte(`
+		# [common] is integral section
+		[common]
+		server_addr = 0.0.0.9
+		server_port = 7009
+		http_proxy = http://user:passwd@192.168.1.128:8080
+		log_file = ./frpc.log9
+		log_way = file
+		log_level = info9
+		log_max_days = 39
+		disable_log_color = false
+		authenticate_heartbeats = false
+		authenticate_new_work_conns = false
+		token = 12345678
+		oidc_client_id = client-id
+		oidc_client_secret = client-secret
+		oidc_audience = audience
+		oidc_token_endpoint_url = endpoint_url
+		admin_addr = 127.0.0.9
+		admin_port = 7409
+		admin_user = admin9
+		admin_pwd = admin9
+		assets_dir = ./static9
+		pool_count = 59
+		tcp_mux
+		user = your_name
+		login_fail_exit
+		protocol = tcp
+		tls_enable = true
+		tls_cert_file = client.crt
+		tls_key_file = client.key
+		tls_trusted_ca_file = ca.crt
+		tls_server_name = example.com
+		dns_server = 8.8.8.9
+		start = ssh,dns
+		heartbeat_interval = 39
+		heartbeat_timeout = 99
+		meta_var1 = 123
+		meta_var2 = 234
+		udp_packet_size = 1509
+		
+		# all proxy
+		[ssh]
+		type = tcp
+		local_ip = 127.0.0.9
+		local_port = 29
+		bandwidth_limit = 19MB
+		bandwidth_limit_mode = server
+		use_encryption
+		use_compression
+		remote_port = 6009
+		group = test_group
+		group_key = 123456
+		health_check_type = tcp
+		health_check_timeout_s = 3
+		health_check_max_failed = 3
+		health_check_interval_s = 19
+		meta_var1 = 123
+		meta_var2 = 234
+		
+		[ssh_random]
+		type = tcp
+		local_ip = 127.0.0.9
+		local_port = 29
+		remote_port = 9
+		
+		[range:tcp_port]
+		type = tcp
+		local_ip = 127.0.0.9
+		local_port = 6010-6011,6019
+		remote_port = 6010-6011,6019
+		use_encryption = false
+		use_compression = false
+		
+		[dns]
+		type = udp
+		local_ip = 114.114.114.114
+		local_port = 59
+		remote_port = 6009
+		use_encryption
+		use_compression
+		
+		[range:udp_port]
+		type = udp
+		local_ip = 114.114.114.114
+		local_port = 6000,6010-6011
+		remote_port = 6000,6010-6011
+		use_encryption
+		use_compression
+		
+		[web01]
+		type = http
+		local_ip = 127.0.0.9
+		local_port = 89
+		use_encryption
+		use_compression
+		http_user = admin
+		http_pwd = admin
+		subdomain = web01
+		custom_domains = web02.yourdomain.com
+		locations = /,/pic
+		host_header_rewrite = example.com
+		header_X-From-Where = frp
+		health_check_type = http
+		health_check_url = /status
+		health_check_interval_s = 19
+		health_check_max_failed = 3
+		health_check_timeout_s = 3
+		
+		[web02]
+		type = https
+		local_ip = 127.0.0.9
+		local_port = 8009
+		use_encryption
+		use_compression
+		subdomain = web01
+		custom_domains = web02.yourdomain.com
+		proxy_protocol_version = v2
+		
+		[secret_tcp]
+		type = stcp
+		sk = abcdefg
+		local_ip = 127.0.0.1
+		local_port = 22
+		use_encryption = false
+		use_compression = false
+		
+		[p2p_tcp]
+		type = xtcp
+		sk = abcdefg
+		local_ip = 127.0.0.1
+		local_port = 22
+		use_encryption = false
+		use_compression = false
+		
+		[tcpmuxhttpconnect]
+		type = tcpmux
+		multiplexer = httpconnect
+		local_ip = 127.0.0.1
+		local_port = 10701
+		custom_domains = tunnel1
+		
+		[plugin_unix_domain_socket]
+		type = tcp
+		remote_port = 6003
+		plugin = unix_domain_socket
+		plugin_unix_path = /var/run/docker.sock
+		
+		[plugin_http_proxy]
+		type = tcp
+		remote_port = 6004
+		plugin = http_proxy
+		plugin_http_user = abc
+		plugin_http_passwd = abc
+		
+		[plugin_socks5]
+		type = tcp
+		remote_port = 6005
+		plugin = socks5
+		plugin_user = abc
+		plugin_passwd = abc
+		
+		[plugin_static_file]
+		type = tcp
+		remote_port = 6006
+		plugin = static_file
+		plugin_local_path = /var/www/blog
+		plugin_strip_prefix = static
+		plugin_http_user = abc
+		plugin_http_passwd = abc
+		
+		[plugin_https2http]
+		type = https
+		custom_domains = test.yourdomain.com
+		plugin = https2http
+		plugin_local_addr = 127.0.0.1:80
+		plugin_crt_path = ./server.crt
+		plugin_key_path = ./server.key
+		plugin_host_header_rewrite = 127.0.0.1
+		plugin_header_X-From-Where = frp
+		
+		[plugin_http2https]
+		type = http
+		custom_domains = test.yourdomain.com
+		plugin = http2https
+		plugin_local_addr = 127.0.0.1:443
+		plugin_host_header_rewrite = 127.0.0.1
+		plugin_header_X-From-Where = frp
+		
+		# visitor
+		[secret_tcp_visitor]
+		role = visitor
+		type = stcp
+		server_name = secret_tcp
+		sk = abcdefg
+		bind_addr = 127.0.0.1
+		bind_port = 9000
+		use_encryption = false
+		use_compression = false
+		
+		[p2p_tcp_visitor]
+		role = visitor
+		type = xtcp
+		server_name = p2p_tcp
+		sk = abcdefg
+		bind_addr = 127.0.0.1
+		bind_port = 9001
+		use_encryption = false
+		use_compression = false
+	`)
+
+func Test_LoadClientCommonConf(t *testing.T) {
+	assert := assert.New(t)
+
+	expected := ClientCommonConf{
+		ClientConfig: auth.ClientConfig{
+			BaseConfig: auth.BaseConfig{
+				AuthenticationMethod:     "token",
+				AuthenticateHeartBeats:   false,
+				AuthenticateNewWorkConns: false,
+			},
+			TokenConfig: auth.TokenConfig{
+				Token: "12345678",
+			},
+			OidcClientConfig: auth.OidcClientConfig{
+				OidcClientID:         "client-id",
+				OidcClientSecret:     "client-secret",
+				OidcAudience:         "audience",
+				OidcTokenEndpointURL: "endpoint_url",
+			},
+		},
+		ServerAddr:                "0.0.0.9",
+		ServerPort:                7009,
+		NatHoleSTUNServer:         "stun.easyvoip.com:3478",
+		DialServerTimeout:         10,
+		DialServerKeepAlive:       7200,
+		HTTPProxy:                 "http://user:passwd@192.168.1.128:8080",
+		LogFile:                   "./frpc.log9",
+		LogWay:                    "file",
+		LogLevel:                  "info9",
+		LogMaxDays:                39,
+		DisableLogColor:           false,
+		AdminAddr:                 "127.0.0.9",
+		AdminPort:                 7409,
+		AdminUser:                 "admin9",
+		AdminPwd:                  "admin9",
+		AssetsDir:                 "./static9",
+		PoolCount:                 59,
+		TCPMux:                    true,
+		TCPMuxKeepaliveInterval:   60,
+		User:                      "your_name",
+		LoginFailExit:             true,
+		Protocol:                  "tcp",
+		QUICKeepalivePeriod:       10,
+		QUICMaxIdleTimeout:        30,
+		QUICMaxIncomingStreams:    100000,
+		TLSEnable:                 true,
+		TLSCertFile:               "client.crt",
+		TLSKeyFile:                "client.key",
+		TLSTrustedCaFile:          "ca.crt",
+		TLSServerName:             "example.com",
+		DisableCustomTLSFirstByte: true,
+		DNSServer:                 "8.8.8.9",
+		Start:                     []string{"ssh", "dns"},
+		HeartbeatInterval:         39,
+		HeartbeatTimeout:          99,
+		Metas: map[string]string{
+			"var1": "123",
+			"var2": "234",
+		},
+		UDPPacketSize:      1509,
+		IncludeConfigFiles: []string{},
+	}
+
+	common, err := UnmarshalClientConfFromIni(testClientBytesWithFull)
+	assert.NoError(err)
+	assert.EqualValues(expected, common)
+}
+
+func Test_LoadClientBasicConf(t *testing.T) {
+	assert := assert.New(t)
+
+	proxyExpected := map[string]ProxyConf{
+		testUser + ".ssh": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:          testUser + ".ssh",
+				ProxyType:          consts.TCPProxy,
+				UseCompression:     true,
+				UseEncryption:      true,
+				Group:              "test_group",
+				GroupKey:           "123456",
+				BandwidthLimit:     MustBandwidthQuantity("19MB"),
+				BandwidthLimitMode: BandwidthLimitModeServer,
+				Metas: map[string]string{
+					"var1": "123",
+					"var2": "234",
+				},
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 29,
+				},
+				HealthCheckConf: HealthCheckConf{
+					HealthCheckType:      consts.TCPProxy,
+					HealthCheckTimeoutS:  3,
+					HealthCheckMaxFailed: 3,
+					HealthCheckIntervalS: 19,
+					HealthCheckAddr:      "127.0.0.9:29",
+				},
+			},
+			RemotePort: 6009,
+		},
+		testUser + ".ssh_random": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".ssh_random",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 29,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 9,
+		},
+		testUser + ".tcp_port_0": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".tcp_port_0",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 6010,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6010,
+		},
+		testUser + ".tcp_port_1": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".tcp_port_1",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 6011,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6011,
+		},
+		testUser + ".tcp_port_2": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".tcp_port_2",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 6019,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6019,
+		},
+		testUser + ".dns": &UDPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".dns",
+				ProxyType:      consts.UDPProxy,
+				UseEncryption:  true,
+				UseCompression: true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "114.114.114.114",
+					LocalPort: 59,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6009,
+		},
+		testUser + ".udp_port_0": &UDPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".udp_port_0",
+				ProxyType:      consts.UDPProxy,
+				UseEncryption:  true,
+				UseCompression: true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "114.114.114.114",
+					LocalPort: 6000,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6000,
+		},
+		testUser + ".udp_port_1": &UDPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".udp_port_1",
+				ProxyType:      consts.UDPProxy,
+				UseEncryption:  true,
+				UseCompression: true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "114.114.114.114",
+					LocalPort: 6010,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6010,
+		},
+		testUser + ".udp_port_2": &UDPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".udp_port_2",
+				ProxyType:      consts.UDPProxy,
+				UseEncryption:  true,
+				UseCompression: true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "114.114.114.114",
+					LocalPort: 6011,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6011,
+		},
+		testUser + ".web01": &HTTPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".web01",
+				ProxyType:      consts.HTTPProxy,
+				UseCompression: true,
+				UseEncryption:  true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 89,
+				},
+				HealthCheckConf: HealthCheckConf{
+					HealthCheckType:      consts.HTTPProxy,
+					HealthCheckTimeoutS:  3,
+					HealthCheckMaxFailed: 3,
+					HealthCheckIntervalS: 19,
+					HealthCheckURL:       "http://127.0.0.9:89/status",
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			DomainConf: DomainConf{
+				CustomDomains: []string{"web02.yourdomain.com"},
+				SubDomain:     "web01",
+			},
+			Locations:         []string{"/", "/pic"},
+			HTTPUser:          "admin",
+			HTTPPwd:           "admin",
+			HostHeaderRewrite: "example.com",
+			Headers: map[string]string{
+				"X-From-Where": "frp",
+			},
+		},
+		testUser + ".web02": &HTTPSProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName:      testUser + ".web02",
+				ProxyType:      consts.HTTPSProxy,
+				UseCompression: true,
+				UseEncryption:  true,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.9",
+					LocalPort: 8009,
+				},
+				ProxyProtocolVersion: "v2",
+				BandwidthLimitMode:   BandwidthLimitModeClient,
+			},
+			DomainConf: DomainConf{
+				CustomDomains: []string{"web02.yourdomain.com"},
+				SubDomain:     "web01",
+			},
+		},
+		testUser + ".secret_tcp": &STCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".secret_tcp",
+				ProxyType: consts.STCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.1",
+					LocalPort: 22,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RoleServerCommonConf: RoleServerCommonConf{
+				Role: "server",
+				Sk:   "abcdefg",
+			},
+		},
+		testUser + ".p2p_tcp": &XTCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".p2p_tcp",
+				ProxyType: consts.XTCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.1",
+					LocalPort: 22,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RoleServerCommonConf: RoleServerCommonConf{
+				Role: "server",
+				Sk:   "abcdefg",
+			},
+		},
+		testUser + ".tcpmuxhttpconnect": &TCPMuxProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".tcpmuxhttpconnect",
+				ProxyType: consts.TCPMuxProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP:   "127.0.0.1",
+					LocalPort: 10701,
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			DomainConf: DomainConf{
+				CustomDomains: []string{"tunnel1"},
+				SubDomain:     "",
+			},
+			Multiplexer: "httpconnect",
+		},
+		testUser + ".plugin_unix_domain_socket": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_unix_domain_socket",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "unix_domain_socket",
+					PluginParams: map[string]string{
+						"plugin_unix_path": "/var/run/docker.sock",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6003,
+		},
+		testUser + ".plugin_http_proxy": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_http_proxy",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "http_proxy",
+					PluginParams: map[string]string{
+						"plugin_http_user":   "abc",
+						"plugin_http_passwd": "abc",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6004,
+		},
+		testUser + ".plugin_socks5": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_socks5",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "socks5",
+					PluginParams: map[string]string{
+						"plugin_user":   "abc",
+						"plugin_passwd": "abc",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6005,
+		},
+		testUser + ".plugin_static_file": &TCPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_static_file",
+				ProxyType: consts.TCPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "static_file",
+					PluginParams: map[string]string{
+						"plugin_local_path":   "/var/www/blog",
+						"plugin_strip_prefix": "static",
+						"plugin_http_user":    "abc",
+						"plugin_http_passwd":  "abc",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			RemotePort: 6006,
+		},
+		testUser + ".plugin_https2http": &HTTPSProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_https2http",
+				ProxyType: consts.HTTPSProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "https2http",
+					PluginParams: map[string]string{
+						"plugin_local_addr":          "127.0.0.1:80",
+						"plugin_crt_path":            "./server.crt",
+						"plugin_key_path":            "./server.key",
+						"plugin_host_header_rewrite": "127.0.0.1",
+						"plugin_header_X-From-Where": "frp",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			DomainConf: DomainConf{
+				CustomDomains: []string{"test.yourdomain.com"},
+			},
+		},
+		testUser + ".plugin_http2https": &HTTPProxyConf{
+			BaseProxyConf: BaseProxyConf{
+				ProxyName: testUser + ".plugin_http2https",
+				ProxyType: consts.HTTPProxy,
+				LocalSvrConf: LocalSvrConf{
+					LocalIP: "127.0.0.1",
+					Plugin:  "http2https",
+					PluginParams: map[string]string{
+						"plugin_local_addr":          "127.0.0.1:443",
+						"plugin_host_header_rewrite": "127.0.0.1",
+						"plugin_header_X-From-Where": "frp",
+					},
+				},
+				BandwidthLimitMode: BandwidthLimitModeClient,
+			},
+			DomainConf: DomainConf{
+				CustomDomains: []string{"test.yourdomain.com"},
+			},
+		},
+	}
+
+	visitorExpected := map[string]VisitorConf{
+		testUser + ".secret_tcp_visitor": &STCPVisitorConf{
+			BaseVisitorConf: BaseVisitorConf{
+				ProxyName:  testUser + ".secret_tcp_visitor",
+				ProxyType:  consts.STCPProxy,
+				Role:       "visitor",
+				Sk:         "abcdefg",
+				ServerName: testVisitorPrefix + "secret_tcp",
+				BindAddr:   "127.0.0.1",
+				BindPort:   9000,
+			},
+		},
+		testUser + ".p2p_tcp_visitor": &XTCPVisitorConf{
+			BaseVisitorConf: BaseVisitorConf{
+				ProxyName:  testUser + ".p2p_tcp_visitor",
+				ProxyType:  consts.XTCPProxy,
+				Role:       "visitor",
+				Sk:         "abcdefg",
+				ServerName: testProxyPrefix + "p2p_tcp",
+				BindAddr:   "127.0.0.1",
+				BindPort:   9001,
+			},
+			Protocol:          "quic",
+			MaxRetriesAnHour:  8,
+			MinRetryInterval:  90,
+			FallbackTimeoutMs: 1000,
+		},
+	}
+
+	proxyActual, visitorActual, err := LoadAllProxyConfsFromIni(testUser, testClientBytesWithFull, nil)
+	assert.NoError(err)
+	assert.Equal(proxyExpected, proxyActual)
+	assert.Equal(visitorExpected, visitorActual)
+}

pkg/config/parse.go

@@ -0,0 +1,99 @@
+// Copyright 2021 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+func ParseClientConfig(filePath string) (
+	cfg ClientCommonConf,
+	pxyCfgs map[string]ProxyConf,
+	visitorCfgs map[string]VisitorConf,
+	err error,
+) {
+	var content []byte
+	content, err = GetRenderedConfFromFile(filePath)
+	if err != nil {
+		return
+	}
+	configBuffer := bytes.NewBuffer(nil)
+	configBuffer.Write(content)
+
+	// Parse common section.
+	cfg, err = UnmarshalClientConfFromIni(content)
+	if err != nil {
+		return
+	}
+	cfg.Complete()
+	if err = cfg.Validate(); err != nil {
+		err = fmt.Errorf("parse config error: %v", err)
+		return
+	}
+
+	// Aggregate proxy configs from include files.
+	var buf []byte
+	buf, err = getIncludeContents(cfg.IncludeConfigFiles)
+	if err != nil {
+		err = fmt.Errorf("getIncludeContents error: %v", err)
+		return
+	}
+	configBuffer.WriteString("\n")
+	configBuffer.Write(buf)
+
+	// Parse all proxy and visitor configs.
+	pxyCfgs, visitorCfgs, err = LoadAllProxyConfsFromIni(cfg.User, configBuffer.Bytes(), cfg.Start)
+	if err != nil {
+		return
+	}
+	return
+}
+
+// getIncludeContents renders all configs from paths.
+// files format can be a single file path or directory or regex path.
+func getIncludeContents(paths []string) ([]byte, error) {
+	out := bytes.NewBuffer(nil)
+	for _, path := range paths {
+		absDir, err := filepath.Abs(filepath.Dir(path))
+		if err != nil {
+			return nil, err
+		}
+		if _, err := os.Stat(absDir); os.IsNotExist(err) {
+			return nil, err
+		}
+		files, err := os.ReadDir(absDir)
+		if err != nil {
+			return nil, err
+		}
+		for _, fi := range files {
+			if fi.IsDir() {
+				continue
+			}
+			absFile := filepath.Join(absDir, fi.Name())
+			if matched, _ := filepath.Match(filepath.Join(absDir, filepath.Base(path)), absFile); matched {
+				tmpContent, err := GetRenderedConfFromFile(absFile)
+				if err != nil {
+					return nil, fmt.Errorf("render extra config %s error: %v", absFile, err)
+				}
+				out.Write(tmpContent)
+				out.WriteString("\n")
+			}
+		}
+	}
+	return out.Bytes(), nil
+}

pkg/config/proxy.go

@@ -0,0 +1,936 @@
+// Copyright 2016 fatedier, fatedier@gmail.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package config
+
+import (
+	"fmt"
+	"net"
+	"reflect"
+	"strconv"
+	"strings"
+
+	"gopkg.in/ini.v1"
+
+	"github.com/fatedier/frp/pkg/consts"
+	"github.com/fatedier/frp/pkg/msg"
+)
+
+// Proxy
+var (
+	proxyConfTypeMap = map[string]reflect.Type{
+		consts.TCPProxy:    reflect.TypeOf(TCPProxyConf{}),
+		consts.TCPMuxProxy: reflect.TypeOf(TCPMuxProxyConf{}),
+		consts.UDPProxy:    reflect.TypeOf(UDPProxyConf{}),
+		consts.HTTPProxy:   reflect.TypeOf(HTTPProxyConf{}),
+		consts.HTTPSProxy:  reflect.TypeOf(HTTPSProxyConf{}),
+		consts.STCPProxy:   reflect.TypeOf(STCPProxyConf{}),
+		consts.XTCPProxy:   reflect.TypeOf(XTCPProxyConf{}),
+		consts.SUDPProxy:   reflect.TypeOf(SUDPProxyConf{}),
+	}
+)
+
+func NewConfByType(proxyType string) ProxyConf {
+	v, ok := proxyConfTypeMap[proxyType]
+	if !ok {
+		return nil
+	}
+	cfg := reflect.New(v).Interface().(ProxyConf)
+	return cfg
+}
+
+type ProxyConf interface {
+	// GetBaseConfig returns the BaseProxyConf for this config.
+	GetBaseConfig() *BaseProxyConf
+	// SetDefaultValues sets the default values for this config.
+	SetDefaultValues()
+	// UnmarshalFromMsg unmarshals a msg.NewProxy message into this config.
+	// This function will be called on the frps side.
+	UnmarshalFromMsg(*msg.NewProxy)
+	// UnmarshalFromIni unmarshals a ini.Section into this config. This function
+	// will be called on the frpc side.
+	UnmarshalFromIni(string, string, *ini.Section) error
+	// MarshalToMsg marshals this config into a msg.NewProxy message. This
+	// function will be called on the frpc side.
+	MarshalToMsg(*msg.NewProxy)
+	// ValidateForClient checks that the config is valid for the frpc side.
+	ValidateForClient() error
+	// ValidateForServer checks that the config is valid for the frps side.
+	ValidateForServer(ServerCommonConf) error
+}
+
+// LocalSvrConf configures what location the client will to, or what
+// plugin will be used.
+type LocalSvrConf struct {
+	// LocalIP specifies the IP address or host name to to.
+	LocalIP string `ini:"local_ip" json:"local_ip"`
+	// LocalPort specifies the port to to.
+	LocalPort int `ini:"local_port" json:"local_port"`
+
+	// Plugin specifies what plugin should be used for ng. If this value
+	// is set, the LocalIp and LocalPort values will be ignored. By default,
+	// this value is "".
+	Plugin string `ini:"plugin" json:"plugin"`
+	// PluginParams specify parameters to be passed to the plugin, if one is
+	// being used. By default, this value is an empty map.
+	PluginParams map[string]string `ini:"-"`
+}
+
+// HealthCheckConf configures health checking. This can be useful for load
+// balancing purposes to detect and remove proxies to failing services.
+type HealthCheckConf struct {
+	// HealthCheckType specifies what protocol to use for health checking.
+	// Valid values include "tcp", "http", and "". If this value is "", health
+	// checking will not be performed. By default, this value is "".
+	//
+	// If the type is "tcp", a connection will be attempted to the target
+	// server. If a connection cannot be established, the health check fails.
+	//
+	// If the type is "http", a GET request will be made to the endpoint
+	// specified by HealthCheckURL. If the response is not a 200, the health
+	// check fails.
+	HealthCheckType string `ini:"health_check_type" json:"health_check_type"` // tcp | http
+	// HealthCheckTimeoutS specifies the number of seconds to wait for a health
+	// check attempt to connect. If the timeout is reached, this counts as a
+	// health check failure. By default, this value is 3.
+	HealthCheckTimeoutS int `ini:"health_check_timeout_s" json:"health_check_timeout_s"`
+	// HealthCheckMaxFailed specifies the number of allowed failures before the
+	// is stopped. By default, this value is 1.
+	HealthCheckMaxFailed int `ini:"health_check_max_failed" json:"health_check_max_failed"`
+	// HealthCheckIntervalS specifies the time in seconds between health
+	// checks. By default, this value is 10.
+	HealthCheckIntervalS int `ini:"health_check_interval_s" json:"health_check_interval_s"`
+	// HealthCheckURL specifies the address to send health checks to if the
+	// health check type is "http".
+	HealthCheckURL string `ini:"health_check_url" json:"health_check_url"`
+	// HealthCheckAddr specifies the address to connect to if the health check
+	// type is "tcp".
+	HealthCheckAddr string `ini:"-"`
+}
+
+// BaseProxyConf provides configuration info that is common to all types.
+type BaseProxyConf struct {
+	// ProxyName is the name of this
+	ProxyName string `ini:"name" json:"name"`
+	// ProxyType specifies the type of this  Valid values include "tcp",
+	// "udp", "http", "https", "stcp", and "xtcp". By default, this value is
+	// "tcp".
+	ProxyType string `ini:"type" json:"type"`
+
+	// UseEncryption controls whether or not communication with the server will
+	// be encrypted. Encryption is done using the tokens supplied in the server
+	// and client configuration. By default, this value is false.
+	UseEncryption bool `ini:"use_encryption" json:"use_encryption"`
+	// UseCompression controls whether or not communication with the server
+	// will be compressed. By default, this value is false.
+	UseCompression bool `ini:"use_compression" json:"use_compression"`
+	// Group specifies which group the is a part of. The server will use
+	// this information to load balance proxies in the same group. If the value
+	// is "", this will not be in a group. By default, this value is "".
+	Group string `ini:"group" json:"group"`
+	// GroupKey specifies a group key, which should be the same among proxies
+	// of the same group. By default, this value is "".
+	GroupKey string `ini:"group_key" json:"group_key"`
+
+	// ProxyProtocolVersion specifies which protocol version to use. Valid
+	// values include "v1", "v2", and "". If the value is "", a protocol
+	// version will be automatically selected. By default, this value is "".
+	ProxyProtocolVersion string `ini:"proxy_protocol_version" json:"proxy_protocol_version"`
+
+	// BandwidthLimit limit the bandwidth
+	// 0 means no limit
+	BandwidthLimit BandwidthQuantity `ini:"bandwidth_limit" json:"bandwidth_limit"`
+	// BandwidthLimitMode specifies whether to limit the bandwidth on the
+	// client or server side. Valid values include "client" and "server".
+	// By default, this value is "client".
+	BandwidthLimitMode string `ini:"bandwidth_limit_mode" json:"bandwidth_limit_mode"`
+
+	// meta info for each proxy
+	Metas map[string]string `ini:"-" json:"metas"`
+
+	LocalSvrConf    `ini:",extends"`
+	HealthCheckConf `ini:",extends"`
+}
+
+type DomainConf struct {
+	CustomDomains []string `ini:"custom_domains" json:"custom_domains"`
+	SubDomain     string   `ini:"subdomain" json:"subdomain"`
+}
+
+type RoleServerCommonConf struct {
+	Role       string   `ini:"role" json:"role"`
+	Sk         string   `ini:"sk" json:"sk"`
+	AllowUsers []string `ini:"allow_users" json:"allow_users"`
+}
+
+func (cfg *RoleServerCommonConf) setDefaultValues() {
+	cfg.Role = "server"
+}
+
+func (cfg *RoleServerCommonConf) marshalToMsg(m *msg.NewProxy) {
+	m.Sk = cfg.Sk
+	m.AllowUsers = cfg.AllowUsers
+}
+
+func (cfg *RoleServerCommonConf) unmarshalFromMsg(m *msg.NewProxy) {
+	cfg.Sk = m.Sk
+	cfg.AllowUsers = m.AllowUsers
+}
+
+// HTTP
+type HTTPProxyConf struct {
+	BaseProxyConf `ini:",extends"`
+	DomainConf    `ini:",extends"`
+
+	Locations         []string          `ini:"locations" json:"locations"`
+	HTTPUser          string            `ini:"http_user" json:"http_user"`
+	HTTPPwd           string            `ini:"http_pwd" json:"http_pwd"`
+	HostHeaderRewrite string            `ini:"host_header_rewrite" json:"host_header_rewrite"`
+	Headers           map[string]string `ini:"-" json:"headers"`
+	RouteByHTTPUser   string            `ini:"route_by_http_user" json:"route_by_http_user"`
+}
+
+// HTTPS
+type HTTPSProxyConf struct {
+	BaseProxyConf `ini:",extends"`
+	DomainConf    `ini:",extends"`
+}
+
+// TCP
+type TCPProxyConf struct {
+	BaseProxyConf `ini:",extends"`
+	RemotePort    int `ini:"remote_port" json:"remote_port"`
+}
+
+// UDP
+type UDPProxyConf struct {
+	BaseProxyConf `ini:",extends"`
+
+	RemotePort int `ini:"remote_port" json:"remote_port"`
+}
+
+// TCPMux
+type TCPMuxProxyConf struct {
+	BaseProxyConf   `ini:",extends"`
+	DomainConf      `ini:",extends"`
+	HTTPUser        string `ini:"http_user" json:"http_user,omitempty"`
+	HTTPPwd         string `ini:"http_pwd" json:"http_pwd,omitempty"`
+	RouteByHTTPUser string `ini:"route_by_http_user" json:"route_by_http_user"`
+
+	Multiplexer string `ini:"multiplexer"`
+}
+
+// STCP
+type STCPProxyConf struct {
+	BaseProxyConf        `ini:",extends"`
+	RoleServerCommonConf `ini:",extends"`
+}
+
+// XTCP
+type XTCPProxyConf struct {
+	BaseProxyConf        `ini:",extends"`
+	RoleServerCommonConf `ini:",extends"`
+}
+
+// SUDP
+type SUDPProxyConf struct {
+	BaseProxyConf        `ini:",extends"`
+	RoleServerCommonConf `ini:",extends"`
+}
+
+// Proxy Conf Loader
+// DefaultProxyConf creates a empty ProxyConf object by proxyType.
+// If proxyType doesn't exist, return nil.
+func DefaultProxyConf(proxyType string) ProxyConf {
+	conf := NewConfByType(proxyType)
+	if conf != nil {
+		conf.SetDefaultValues()
+	}
+	return conf
+}
+
+// Proxy loaded from ini
+func NewProxyConfFromIni(prefix, name string, section *ini.Section) (ProxyConf, error) {
+	// section.Key: if key not exists, section will set it with default value.
+	proxyType := section.Key("type").String()
+	if proxyType == "" {
+		proxyType = consts.TCPProxy
+	}
+
+	conf := DefaultProxyConf(proxyType)
+	if conf == nil {
+		return nil, fmt.Errorf("invalid type [%s]", proxyType)
+	}
+
+	if err := conf.UnmarshalFromIni(prefix, name, section); err != nil {
+		return nil, err
+	}
+
+	if err := conf.ValidateForClient(); err != nil {
+		return nil, err
+	}
+	return conf, nil
+}
+
+// Proxy loaded from msg
+func NewProxyConfFromMsg(m *msg.NewProxy, serverCfg ServerCommonConf) (ProxyConf, error) {
+	if m.ProxyType == "" {
+		m.ProxyType = consts.TCPProxy
+	}
+
+	conf := DefaultProxyConf(m.ProxyType)
+	if conf == nil {
+		return nil, fmt.Errorf("proxy [%s] type [%s] error", m.ProxyName, m.ProxyType)
+	}
+
+	conf.UnmarshalFromMsg(m)
+
+	err := conf.ValidateForServer(serverCfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return conf, nil
+}
+
+// Base
+func (cfg *BaseProxyConf) GetBaseConfig() *BaseProxyConf {
+	return cfg
+}
+
+func (cfg *BaseProxyConf) SetDefaultValues() {
+	cfg.LocalSvrConf = LocalSvrConf{
+		LocalIP: "127.0.0.1",
+	}
+	cfg.BandwidthLimitMode = BandwidthLimitModeClient
+}
+
+// BaseProxyConf apply custom logic changes.
+func (cfg *BaseProxyConf) decorate(prefix string, name string, section *ini.Section) error {
+	// proxy_name
+	cfg.ProxyName = prefix + name
+
+	// metas_xxx
+	cfg.Metas = GetMapWithoutPrefix(section.KeysHash(), "meta_")
+
+	// bandwidth_limit
+	if bandwidth, err := section.GetKey("bandwidth_limit"); err == nil {
+		cfg.BandwidthLimit, err = NewBandwidthQuantity(bandwidth.String())
+		if err != nil {
+			return err
+		}
+	}
+
+	// plugin_xxx
+	cfg.LocalSvrConf.PluginParams = GetMapByPrefix(section.KeysHash(), "plugin_")
+
+	// custom logic code
+	if cfg.HealthCheckType == "tcp" && cfg.Plugin == "" {
+		cfg.HealthCheckAddr = cfg.LocalIP + fmt.Sprintf(":%d", cfg.LocalPort)
+	}
+
+	if cfg.HealthCheckType == "http" && cfg.Plugin == "" && cfg.HealthCheckURL != "" {
+		s := "http://" + net.JoinHostPort(cfg.LocalIP, strconv.Itoa(cfg.LocalPort))
+		if !strings.HasPrefix(cfg.HealthCheckURL, "/") {
+			s += "/"
+		}
+		cfg.HealthCheckURL = s + cfg.HealthCheckURL
+	}
+
+	return nil
+}
+
+func (cfg *BaseProxyConf) marshalToMsg(m *msg.NewProxy) {
+	m.ProxyName = cfg.ProxyName
+	m.ProxyType = cfg.ProxyType
+	m.UseEncryption = cfg.UseEncryption
+	m.UseCompression = cfg.UseCompression
+	m.BandwidthLimit = cfg.BandwidthLimit.String()
+	// leave it empty for default value to reduce traffic
+	if cfg.BandwidthLimitMode != "client" {
+		m.BandwidthLimitMode = cfg.BandwidthLimitMode
+	}
+	m.Group = cfg.Group
+	m.GroupKey = cfg.GroupKey
+	m.Metas = cfg.Metas
+}
+
+func (cfg *BaseProxyConf) unmarshalFromMsg(m *msg.NewProxy) {
+	cfg.ProxyName = m.ProxyName
+	cfg.ProxyType = m.ProxyType
+	cfg.UseEncryption = m.UseEncryption
+	cfg.UseCompression = m.UseCompression
+	if m.BandwidthLimit != "" {
+		cfg.BandwidthLimit, _ = NewBandwidthQuantity(m.BandwidthLimit)
+	}
+	if m.BandwidthLimitMode != "" {
+		cfg.BandwidthLimitMode = m.BandwidthLimitMode
+	}
+	cfg.Group = m.Group
+	cfg.GroupKey = m.GroupKey
+	cfg.Metas = m.Metas
+}
+
+func (cfg *BaseProxyConf) validateForClient() (err error) {
+	if cfg.ProxyProtocolVersion != "" {
+		if cfg.ProxyProtocolVersion != "v1" && cfg.ProxyProtocolVersion != "v2" {
+			return fmt.Errorf("no support proxy protocol version: %s", cfg.ProxyProtocolVersion)
+		}
+	}
+
+	if cfg.BandwidthLimitMode != "client" && cfg.BandwidthLimitMode != "server" {
+		return fmt.Errorf("bandwidth_limit_mode should be client or server")
+	}
+
+	if err = cfg.LocalSvrConf.validateForClient(); err != nil {
+		return
+	}
+	if err = cfg.HealthCheckConf.validateForClient(); err != nil {
+		return
+	}
+	return nil
+}
+
+func (cfg *BaseProxyConf) validateForServer() (err error) {
+	if cfg.BandwidthLimitMode != "client" && cfg.BandwidthLimitMode != "server" {
+		return fmt.Errorf("bandwidth_limit_mode should be client or server")
+	}
+	return nil
+}
+
+// DomainConf
+func (cfg *DomainConf) check() (err error) {
+	if len(cfg.CustomDomains) == 0 && cfg.SubDomain == "" {
+		err = fmt.Errorf("custom_domains and subdomain should set at least one of them")
+		return
+	}
+	return
+}
+
+func (cfg *DomainConf) validateForClient() (err error) {
+	if err = cfg.check(); err != nil {
+		return
+	}
+	return
+}
+
+func (cfg *DomainConf) validateForServer(serverCfg ServerCommonConf) (err error) {
+	if err = cfg.check(); err != nil {
+		return
+	}
+
+	for _, domain := range cfg.CustomDomains {
+		if serverCfg.SubDomainHost != "" && len(strings.Split(serverCfg.SubDomainHost, ".")) < len(strings.Split(domain, ".")) {
+			if strings.Contains(domain, serverCfg.SubDomainHost) {
+				return fmt.Errorf("custom domain [%s] should not belong to subdomain_host [%s]", domain, serverCfg.SubDomainHost)
+			}
+		}
+	}
+
+	if cfg.SubDomain != "" {
+		if serverCfg.SubDomainHost == "" {
+			return fmt.Errorf("subdomain is not supported because this feature is not enabled in remote frps")
+		}
+		if strings.Contains(cfg.SubDomain, ".") || strings.Contains(cfg.SubDomain, "*") {
+			return fmt.Errorf("'.' and '*' is not supported in subdomain")
+		}
+	}
+	return nil
+}
+
+// LocalSvrConf
+func (cfg *LocalSvrConf) validateForClient() (err error) {
+	if cfg.Plugin == "" {
+		if cfg.LocalIP == "" {
+			err = fmt.Errorf("local ip or plugin is required")
+			return
+		}
+		if cfg.LocalPort <= 0 {
+			err = fmt.Errorf("error local_port")
+			return
+		}
+	}
+	return
+}
+
+// HealthCheckConf
+func (cfg *HealthCheckConf) validateForClient() error {
+	if cfg.HealthCheckType != "" && cfg.HealthCheckType != "tcp" && cfg.HealthCheckType != "http" {
+		return fmt.Errorf("unsupport health check type")
+	}
+	if cfg.HealthCheckType != "" {
+		if cfg.HealthCheckType == "http" && cfg.HealthCheckURL == "" {
+			return fmt.Errorf("health_check_url is required for health check type 'http'")
+		}
+	}
+	return nil
+}
+
+func preUnmarshalFromIni(cfg ProxyConf, prefix string, name string, section *ini.Section) error {
+	err := section.MapTo(cfg)
+	if err != nil {
+		return err
+	}
+
+	err = cfg.GetBaseConfig().decorate(prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// TCP
+func (cfg *TCPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.RemotePort = m.RemotePort
+}
+
+func (cfg *TCPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+
+	return nil
+}
+
+func (cfg *TCPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	m.RemotePort = cfg.RemotePort
+}
+
+func (cfg *TCPProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+
+	return
+}
+
+func (cfg *TCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// TCPMux
+func (cfg *TCPMuxProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+
+	return nil
+}
+
+func (cfg *TCPMuxProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.CustomDomains = m.CustomDomains
+	cfg.SubDomain = m.SubDomain
+	cfg.Multiplexer = m.Multiplexer
+	cfg.HTTPUser = m.HTTPUser
+	cfg.HTTPPwd = m.HTTPPwd
+	cfg.RouteByHTTPUser = m.RouteByHTTPUser
+}
+
+func (cfg *TCPMuxProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	m.CustomDomains = cfg.CustomDomains
+	m.SubDomain = cfg.SubDomain
+	m.Multiplexer = cfg.Multiplexer
+	m.HTTPUser = cfg.HTTPUser
+	m.HTTPPwd = cfg.HTTPPwd
+	m.RouteByHTTPUser = cfg.RouteByHTTPUser
+}
+
+func (cfg *TCPMuxProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+	if err = cfg.DomainConf.validateForClient(); err != nil {
+		return
+	}
+
+	if cfg.Multiplexer != consts.HTTPConnectTCPMultiplexer {
+		return fmt.Errorf("parse conf error: incorrect multiplexer [%s]", cfg.Multiplexer)
+	}
+
+	return
+}
+
+func (cfg *TCPMuxProxyConf) ValidateForServer(serverCfg ServerCommonConf) (err error) {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+
+	if cfg.Multiplexer != consts.HTTPConnectTCPMultiplexer {
+		return fmt.Errorf("proxy [%s] incorrect multiplexer [%s]", cfg.ProxyName, cfg.Multiplexer)
+	}
+
+	if cfg.Multiplexer == consts.HTTPConnectTCPMultiplexer && serverCfg.TCPMuxHTTPConnectPort == 0 {
+		return fmt.Errorf("proxy [%s] type [tcpmux] with multiplexer [httpconnect] requires tcpmux_httpconnect_port configuration", cfg.ProxyName)
+	}
+
+	if err = cfg.DomainConf.validateForServer(serverCfg); err != nil {
+		err = fmt.Errorf("proxy [%s] domain conf check error: %v", cfg.ProxyName, err)
+		return
+	}
+
+	return
+}
+
+// UDP
+func (cfg *UDPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+
+	return nil
+}
+
+func (cfg *UDPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.RemotePort = m.RemotePort
+}
+
+func (cfg *UDPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	m.RemotePort = cfg.RemotePort
+}
+
+func (cfg *UDPProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+
+	return
+}
+
+func (cfg *UDPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// HTTP
+func (cfg *HTTPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+	cfg.Headers = GetMapWithoutPrefix(section.KeysHash(), "header_")
+	return nil
+}
+
+func (cfg *HTTPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.CustomDomains = m.CustomDomains
+	cfg.SubDomain = m.SubDomain
+	cfg.Locations = m.Locations
+	cfg.HostHeaderRewrite = m.HostHeaderRewrite
+	cfg.HTTPUser = m.HTTPUser
+	cfg.HTTPPwd = m.HTTPPwd
+	cfg.Headers = m.Headers
+	cfg.RouteByHTTPUser = m.RouteByHTTPUser
+}
+
+func (cfg *HTTPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	m.CustomDomains = cfg.CustomDomains
+	m.SubDomain = cfg.SubDomain
+	m.Locations = cfg.Locations
+	m.HostHeaderRewrite = cfg.HostHeaderRewrite
+	m.HTTPUser = cfg.HTTPUser
+	m.HTTPPwd = cfg.HTTPPwd
+	m.Headers = cfg.Headers
+	m.RouteByHTTPUser = cfg.RouteByHTTPUser
+}
+
+func (cfg *HTTPProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+	if err = cfg.DomainConf.validateForClient(); err != nil {
+		return
+	}
+
+	return
+}
+
+func (cfg *HTTPProxyConf) ValidateForServer(serverCfg ServerCommonConf) (err error) {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+
+	if serverCfg.VhostHTTPPort == 0 {
+		return fmt.Errorf("type [http] not support when vhost_http_port is not set")
+	}
+
+	if err = cfg.DomainConf.validateForServer(serverCfg); err != nil {
+		err = fmt.Errorf("proxy [%s] domain conf check error: %v", cfg.ProxyName, err)
+		return
+	}
+
+	return
+}
+
+// HTTPS
+func (cfg *HTTPSProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+	return nil
+}
+
+func (cfg *HTTPSProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.CustomDomains = m.CustomDomains
+	cfg.SubDomain = m.SubDomain
+}
+
+func (cfg *HTTPSProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	m.CustomDomains = cfg.CustomDomains
+	m.SubDomain = cfg.SubDomain
+}
+
+func (cfg *HTTPSProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+	if err = cfg.DomainConf.validateForClient(); err != nil {
+		return
+	}
+	return
+}
+
+func (cfg *HTTPSProxyConf) ValidateForServer(serverCfg ServerCommonConf) (err error) {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+
+	if serverCfg.VhostHTTPSPort == 0 {
+		return fmt.Errorf("type [https] not support when vhost_https_port is not set")
+	}
+
+	if err = cfg.DomainConf.validateForServer(serverCfg); err != nil {
+		err = fmt.Errorf("proxy [%s] domain conf check error: %v", cfg.ProxyName, err)
+		return
+	}
+
+	return
+}
+
+// SUDP
+func (cfg *SUDPProxyConf) SetDefaultValues() {
+	cfg.BaseProxyConf.SetDefaultValues()
+	cfg.RoleServerCommonConf.setDefaultValues()
+}
+
+func (cfg *SUDPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+	return nil
+}
+
+// Only for role server.
+func (cfg *SUDPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.RoleServerCommonConf.unmarshalFromMsg(m)
+}
+
+func (cfg *SUDPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	cfg.RoleServerCommonConf.marshalToMsg(m)
+}
+
+func (cfg *SUDPProxyConf) ValidateForClient() (err error) {
+	if err := cfg.BaseProxyConf.validateForClient(); err != nil {
+		return err
+	}
+
+	// Add custom logic check if exists
+	if cfg.Role != "server" {
+		return fmt.Errorf("role should be 'server'")
+	}
+
+	return nil
+}
+
+func (cfg *SUDPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// STCP
+func (cfg *STCPProxyConf) SetDefaultValues() {
+	cfg.BaseProxyConf.SetDefaultValues()
+	cfg.RoleServerCommonConf.setDefaultValues()
+}
+
+func (cfg *STCPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+	if cfg.Role == "" {
+		cfg.Role = "server"
+	}
+	return nil
+}
+
+// Only for role server.
+func (cfg *STCPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.RoleServerCommonConf.unmarshalFromMsg(m)
+}
+
+func (cfg *STCPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	cfg.RoleServerCommonConf.marshalToMsg(m)
+}
+
+func (cfg *STCPProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+	if cfg.Role != "server" {
+		return fmt.Errorf("role should be 'server'")
+	}
+
+	return
+}
+
+func (cfg *STCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+	return nil
+}
+
+// XTCP
+func (cfg *XTCPProxyConf) SetDefaultValues() {
+	cfg.BaseProxyConf.SetDefaultValues()
+	cfg.RoleServerCommonConf.setDefaultValues()
+}
+
+func (cfg *XTCPProxyConf) UnmarshalFromIni(prefix string, name string, section *ini.Section) error {
+	err := preUnmarshalFromIni(cfg, prefix, name, section)
+	if err != nil {
+		return err
+	}
+
+	// Add custom logic unmarshal if exists
+	if cfg.Role == "" {
+		cfg.Role = "server"
+	}
+	return nil
+}
+
+// Only for role server.
+func (cfg *XTCPProxyConf) UnmarshalFromMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.unmarshalFromMsg(m)
+
+	// Add custom logic unmarshal if exists
+	cfg.RoleServerCommonConf.unmarshalFromMsg(m)
+}
+
+func (cfg *XTCPProxyConf) MarshalToMsg(m *msg.NewProxy) {
+	cfg.BaseProxyConf.marshalToMsg(m)
+
+	// Add custom logic marshal if exists
+	cfg.RoleServerCommonConf.marshalToMsg(m)
+}
+
+func (cfg *XTCPProxyConf) ValidateForClient() (err error) {
+	if err = cfg.BaseProxyConf.validateForClient(); err != nil {
+		return
+	}
+
+	// Add custom logic check if exists
+	if cfg.Role != "server" {
+		return fmt.Errorf("role should be 'server'")
+	}
+	return
+}
+
+func (cfg *XTCPProxyConf) ValidateForServer(serverCfg ServerCommonConf) error {
+	if err := cfg.BaseProxyConf.validateForServer(); err != nil {
+		return err
+	}
+	return nil
+}