v1.7.15: - Optimization: set correct default CA path if build using vendored openssl - Feature: allow no auth in socks5 proxy if anonymous user is enabled - Feature: add dns-over-quic support in trust-dns resolver - Compatibility: compile on MacOS / FreeBSD / NetBSD v1.7.14: - BUG FIX: fix the parse of ICAP OPTIONS response v1.7.13: - BUG FIX: fix the fetch of ICAP options - Feature: allow to set anonymous user in user group - Feature: allow to set retry in failover resolver if the first answer is empty v1.7.12: - Optimization: do batch tcp accept - Feature: try best to reserve the case of http header name - Removed: remove uri path match in http_rproxy server v1.7.11: - BUG FIX: fix reload of resolver with changed internal dependency - Feature: allow string value type for tls cert generator config - Feature: allow to output dependency graph in graphviz / mermaid / plantuml format - Feature: use metrics name for server/escaper/user-group/resolver/auditor name - Removed: drop support for http dynamic user source v1.7.10: - Feature: support happy-eyeballs for resolve redirected domain - Feature: allow to set resolve strategy at user-site level - Optimization: enable tcp_nodelay by default if needed v1.7.9: - BUG FIX: fix the parse of weighted upstream address - BUG FIX: fix the clean of offline servers - Optimization: listen in each worker when listen_in_worker is enabled - Feature: add new ctl command to force quit offline servers v1.7.8: - BUG FIX: fix the set of package version in deb package - Feature: allow to set multiple cert pairs in rustls server config - Feature: allow to listen in worker, and run tasks in unconstrained mode - Feature: allow to start listen instance according to available parallelism - Optimization: update the define of openssl tls client config - Compatibility: add g3-compat to allow compile on platforms with glibc < 2.27 - Compatibility: use vendored-openssl on platforms with libssl < 1.1.1 v1.7.7: - Feature: make libcurl as optional feature - Feature: add more config options to openssl tls client - Internal: move most of daemon control code to g3-daemon lib crate v1.7.6: - Feature: allow to config the max io events per tick value for tokio runtime - BUG FIX: fix the print of package version - Optimization: add yield size limit to http body transfer futures v1.7.5: - Optimization: use icap connection pool at auditor level instead of audit handle level - Feature: ignore Via header generated by ICAP server when sending request to upstream - BUG FIX: fix AsyncRead implementation of chunk decoder v1.7.4: - Feature: default to send client address and username to ICAP server - Feature: allow to respond shared names back to ICAP server - Feature: allow to set application audit ratio in auditor and user config v1.7.3: - Feature: allow to use icap_reqmod_service and icap_respmod_service in auditor - BUG FIX: make sure upstream response header is sent out in case the upstream close it's body io v1.7.2: - Feature: allow to send client_ip in route_query escaper - Optimization: various update to http parse code v1.7.1: - Feature: add --dot-graph command line option to draw internal dependency graph - BUG FIX: fix command line handling v1.7.0: - Feature: allow to set username for redis cluster config in ProxyFloat escaper - Feature: support custom config file extension - Feature: support round robin select policy in various escaper and server - Feature: add user_type tag to user and user site metrics - Feature: replace http_tproxy and sni_proxy with a new protocol inspection enabled sni_proxy - BUG FIX: fix spawn new reload of resolver v1.6.0: - Feature: forbid ipv6 discard-only address block by default - Optimization: use less mutex in openssl tls client session cache v1.5.6: - BUG FIX: do not consider c-ares NODATA as error - Optimization: ignore the first error in happy eyeballs resolver v1.5.5: - Feature: switch to use happy eyeballs resolve method in - RouteResolved escaper - udp connect method in DirectFixed escaper - resolver query ctl interface v1.5.4: - Feature: allow to set/unset hostname in syslog message header v1.5.3: - Feature: use happy eyeballs algorithm in Direct* and Proxy* escaper - Feature: enable ftp over http support in DirectFloat escaper - Feature: support multiple upstream addresses on TcpStream and TlsStream server v1.5.2: - BUG FIX: fix panic when parsing ipv6 socks requests - Optimization: socks: return error early for empty domains - Feature: drop local_match in route_upstream escaper v1.5.1: - BUG FIX: fix the build of deb package v1.5.0: - Feature: reintroduce the python dynamic user source and make it optional - Feature: keep ipv4 compatible address in ipv6 form - Feature: allow to log to fluentd by using it's Forward Protocol v1.4.2: - Feature: allow to specify lua version via features, and default to lua5.1 - Feature: add g3proxy-lua to test the functionality of lua - BUG FIX: fix auth error reply in http_rproxy server v1.4.1: - Feature: allow to set report script for lua dynamic user source - BUG FIX: fix the exact domain match for explicit user sites v1.4.0: - Feature: add user level layer 7 alive connection metrics - Feature: add tcp_conn_rate_limit to user config - Optimization: rename tcp and udp speed limit config options v1.3.5: - BUG FIX: cache dynamic users only if valid - BUG FIX: revert to use mlua 0.7.4 v1.3.4: - Feature: allow to set site config for each user - Optimization: close http persistent connections early when server goes offline v1.3.3: - Feature: use clap to parse command line options - BUG FIX: fix set of resolve strategy for g3proxy-ctl resolver query command v1.3.2: - Feature: support traditional private key PEM format - Feature: add compile info to g3proxy - Optimization: rename http_gateway server to http_rproxy v1.3.1: - Feature: allow to use unaided worker threads for tasks - BUG FIX: fix reload all config v1.3.0: - Feature: add socks_use_udp_associate option to user config - Optimization: use buffered metrics sink - Optimization: switch to use std Mutex instead of parking_lot Mutex - Optimization: rename some resolver ttl config options v1.2.2: - Feature: update openssl tls client config v1.2.1: - BUG FIX: fix deb package dependency v1.2.0: - Feature: switch to curl for simple http requests and add more config options: - connect_timeout - interface - Feature: use distro default luajit v1.1.5: - BUG FIX: fix debian package file v1.1.4: - Feature: add back the simple 'http' dynamic user source - Feature: add trust-dns resolver, which can also be configured to use DoT or DoH - Feature: switch to use openssl tls client for outgoing tls connections - Feature: allow to disable sni and session cache in rustls client config v1.1.3: - Feature: add 'lua' source for dynamic user fetching - Feature: remove 'python' source for dynamic user fetching - Feature: add 'route_client' escaper v1.1.2: - Import all bug fixes from v1.0.1 and update packages v1.1.1: - Feature: add new http_tproxy server - Feature: rename server ppdp_tcp_port to intelli_proxy v1.1.0: - Feature: add 'python' source for dynamic user fetching - Feature: remove 'http' source for dynamic user fetching v1.0.1: - BUG FIX: fix handle of 100-continue response after request body sent out - BUG FIX: do not close the http connection if no body is expected in response v1.0.0: - First Long Term Support Branch v0.9.10: - BUG FIX: fix rfc5424 syslog timestamp format v0.9.9: - Feature: rename escaper route_dst_ip to route_resolved - BUG FIX: fix update of resolve strategy based on ipv4_only/ipv6_only settings - BUG FIX: avoid the panic caused by parsing float values as time duration v0.9.8: - BUG FIX: add '=' as KV delimiter to rfc3164 syslog v0.9.7: - BUG FIX: fix parse of msgpack string - BUG FIX: close remote tcp sockets in time in proxy_socks5 escaper - BUG FIX: really set ca certificate when build tls client config v0.9.6: - Feature: allow to display verbose ftp command message in g3proxy-ftp - Feature: allow to change timezone via control commands - Feature: allow to generate varies shell completion scripts for g3proxy-ctl and g3proxy-ftp v0.9.5: - Feature: add tls_stream server - Feature: check time offset at start time, and make the explicit use of local time thread safe v0.9.4: - BUG FIX: drop cmake build dependency to build on old OS v0.9.3: - Feature: add blake3 to fast hashed passphrase and make all hashes optional - Feature: allow to set negotiation timeout value for next proxy peers - Feature: allow to set handshake timeout value for servers with tls enabled, and add listen.timeout metrics - Feature: drop tls code in plain_tcp_port and add plain_tls_port - Feature: move ingress network filter check to very early stage, which results to: - rename metrics server.forbidden.src_blocked to listen.dropped - add ingress network filter config to plain_tcp_port / plain_tls_port / ppdp_tcp_port v0.9.2: - Feature: allow to add extra metrics tags to escaper metrics - Feature: delete useless tcp_copy_flush_interval server config option - Feature: add user level upstream traffic stats - BUG FIX: allow to use route escaper behind http gateway server v0.9.1: - Feature: add sni_proxy server v0.9.0: - Feature: add jump hash as a pick policy for SelectiveVec - Feature: remove deprecated escaper config options: - tcp_connect_max_retry - tcp_connect_each_timeout - Feature: allow to use the first Authorization for upstream ftp auth in http proxy server - Feature: add route_select escaper, and remove the old route_random escaper - Feature: add route_query escaper - Feature: allow to start tls at server level behind multiple plain tcp ports - Feature: allow to set client side tcp socket options at user level - Feature: use PKCS #8 format for private key - Feature: delete append_forwarded_for config option from proxy_http(s) escaper - Feature: delete remote_keepalive_eof_wait config option from http_proxy server - Feature: add http_gateway server v0.8.11: - Feature: allow to set tcp and udp socket options at server side v0.8.10: - regenerate release tarball v0.8.9: - Feature: allow to set SO_MARK for tcp socket - Feature: allow to set more udp socket options at user and escaper level: - IP_TTL - IP_TOS - SO_MARK v0.8.8: - Feature: allow to set probe_interval and probe_count in tcp keepalive config - Feature: allow to set more tcp socket options at user and escaper level: - TCP_NODELAY - TCP_MSS - IP_TTL - IP_TOS v0.8.7: - BUG FIX: fix resolve of dns name with '_' in it's CNAME v0.8.6: - Feature: add tcp_connect config option to user config - Feature: add tcp_connect config option to escaper config, and deprecate the following: - tcp_connect_max_retry - tcp_connect_each_timeout v0.8.5: - Feature: add --version command line option - Feature: add proxy_request_filter to user config v0.8.4: - Feature: allow to forward all ftp requests to next proxy - Feature: enable https forward by default v0.8.3: - Feature: allow to add extra metrics tags in server and user metrics - Feature: add server and server extra tags in user forbidden metrics - Feature: add more detailed resolver error metrics v0.8.2: - Optimization: do eagerly flush in io copy v0.8.1: - Feature: allow pass userid to next proxy in proxy_http(s) escaper - BUG FIX: fix leak of forwarded header to upstream in proxy_http(s) escaper v0.8.0: - Feature: support file upload and delete in ftp over http request - Optimization: change default tcp copy flush interval to 200ms - Optimization: explicit forbid empty upstream address v0.7.27: - Feature: support single range request in ftp over http request - Feature: support tls server config in plain_tcp_port server - Optimization: always ignore body related headers in 1xx and 204 http response as specified in rfc7230 v0.7.26: - BUG FIX: fix panic in https_forward task if the upstream has no domain - Feature: support tls offload in tcp stream - Feature: set bind_address_no_port for udp connect socket v0.7.25: - BUG FIX: various fix for ftp over http v0.7.24: - Feature: support udp associate and udp connect on proxy_socks5 escaper - Feature: restore support for domain as target address in udp associate task - Feature: prefer to use mime type returned by ftp server - Feature: do acl check in udp associate task - Feature: force quit tasks during process shutdown - BUG FIX: ftp: determine transfer size right after setting transfer type v0.7.23: - Feature: allow to set auto_reply_local_ip_map for socks_proxy server - BUG FIX: fix limit for tcp copy config v0.7.22: - Feature: add default simplified udp connect mode for socks server - Feature: do not require the same address family for tcp and udp if udp bind ip is set - BUG FIX: fix subnet_match config in RouteUpstream escaper v0.7.21: - Feature: refactor task idle check logic: - remove 'task_idle_duration' config at server side - add 'task_idle_check_duration' config at server side - add 'task_idle_max_count' at server and user side - Feature: add src denied stats to server forbidden stats - Feature: add subnet_match to dst_host_filter_set acl rule set - Feature: add subnet_match rule to RouteUpstream escaper - BUG FIX: quote the realm value in response header v0.7.20: - Feature: add explicit flush interval for tcp copy - Feature: default to always try epsv for ftp transfer - Optimization: increase default http rsp header recv timeout to 60s v0.7.19: - Feature: drop escaper tag from user traffic metrics - Feature: initial version with working ftp over http support v0.7.18: - BUG FIX: fix panic when handle empty Host http header value v0.7.17: - Feature: allow to set http forward capability for proxy_http(s) escapers We can forward https and ftp requests to next http(s) proxies from now on - Feature: add route metrics for route type escapers - Feature: the request and traffic metrics are now correct set on the final escaper - Feature: add g3proxy-ftp to test ftp functions v0.7.16: - BUG FIX: fix upstream addr parse error - BUG FIX: fix set of `allow_custom_host` and `steal_forwarded_for` options for http_proxy server - Feature: allow to set udp socket buffer size for socks_proxy server v0.7.15: - BUG FIX: fix miss action for ip hosts when only child and regex host rules set - Feature: add options to control http forwarded headers - http_proxy server: allow to delete forwarded headers in client requests - proxy_http & proxy_https escaper: allow to append forwarded header in requests send out - Feature: support haproxy PROXY protocol for proxy_http and proxy_https escapers - Feature: support CEE log syntax in syslog - Optimization: reply with http code 409 if host header doesn't match host in uri v0.7.14: - BUG FIX: support ipv6 address in squared bracket as http Host value - BUG FIX: convert ipv6 mapped ipv4 address back to ipv4 address when parsing UpstreamAddr - BUG FIX: fix server online status after reloading runtime - Optimization: do not create default escaper in rpc commands - Feature: add more servers - plain_tcp_port: just listen to a tcp port and send connections to another server - ppdp_tcp_port: detect the proxy protocol of the connection, and send to the corresponding next server, the type of which could be either http_proxy or socks_proxy. - dummy_close: just close the connection v0.7.13: - BUG FIX: fix handle of http url with ipv6 address as host field - Feature: add listen stats for server - Optimization: make `append_report_ts` syslog driver config option default to false v0.7.12: - BUG FIX: fix rfc5424 format for appended report_ts log field v0.7.11: - Feature: add udp_bind_port_range config option to socks_proxy server - Feature: default to append `report_ts` to logs sendto syslogd - add `append_report_ts` config option to syslog driver to control the behaviour - Optimization: ignore optional fields with empty value in logs send to syslogd v0.7.10: - BUG FIX: fix counting of user level https forward io stats - BUG FIX: fix X-BD-Upstream-Addr custom header v0.7.9: - Feature: http_proxy: close the connection if previous request is also auth failed v0.7.8: - Feature: use native async implementation from g3-syslog - Feature: add metrics for loggers - add logger.message.total - add logger.message.pass - add logger.traffic.pass - add logger.message.drop - Feature: sleep double emit_metrics interval time for metrics flushing in graceful shutdown mode - Feature: add more resolver runtime config options - graceful_stop_wait, which set the delay time after really stop the thread - protective_query_timeout, which set the query timeout for queries sent to driver - BUG FIX: fix http_proxy server config key name no_early_error_reply - BUG FIX: shutdown the runtime thread for fail-over resolver v0.7.7: - Feature: change the default found action for user-agent acl rule to forbid. - Feature: make some restrictions on uri in log: - limit the number of characters, and add corresponding config options - replace password field with 'xyz' - Feature: add `user_agent` to HttpForward Task log - Feature: add stats about resolver internal hashtable memory usage - Optimization: increase the default async log channel size from 1024 to 4096 v0.7.6: - Feature: allow to drain body of http requests with no auth info - add `untrusted_read_limit` option to http_proxy to enable it and set the read limit - Feature: add user_blocked forbidden stats to server - Feature: add untrusted task stats to server - add server.task.untrusted_total - add server.task.untrusted_alive - add server.traffic.untrusted_in.bytes v0.7.5: - BUG FIX: limit the maximum dns cache ttl value to avoid panic - Feature: add config option *max_cache_ttl* to resolvers v0.7.4: - BUG FIX: fix selection of udp bind ipv6 address v0.7.3: - BUG FIX: convert ipv4-mapped ip back to ipv4 format early - Optimization: add content-type to http proxy error response v0.7.2: - Feature: add new no_early_error_reply config option to http_proxy server - Feature: add capnp rpc command to list user group and users - Optimization: do not add user level acl stats to server level - Optimization: add more detailed reason to task logs v0.7.1: - Optimization: do more strict limitation on user max alive requests - BUG FIX: http_proxy server: fix keepalive for http 407 response - Feature: add layer-7 http User-Agent acl rule to user config - Feature: add ua_blocked forbidden stats for user v0.7.0: - FEATURE: add fail_over resolver v0.6.9: - FEATURE: forbid unspecified egress target address by default - FEATURE: allow to set bind ip addresses for socks5 udp associate client side ip selection v0.6.8: - BUG FIX: update tokio 1.1.1 memory leak fixed version v0.6.7: - FEATURE: add resolve redirection support at user and escaper level - FEATURE: add alive requests stats at user level - FEATURE: allow to limit total alive requests at user level - FEATURE: also cancel tasks belong to blocked users in idle detection - FEATURE: socks5 udp associate: dropped domain support for security reasons - FEATURE: add child match rules to RouteUpstream escaper - FEATURE: make sure cached data write flushed when the other end read closed in tcp connect tasks - BUG FIX: do correct parent domain match in child match acl rule v0.6.6: - BUG FIX: add cached data in buf reader to io stats - FEATURE: allow to set log rate limit at user level - FEATURE: add stats about log skipped requests at user level v0.6.5: - BUG FIX: fix log_type for shared loggers - FEATURE: make socks5 udp associate optional and disabled by default v0.6.4: - BUG FIX: fix check of body type for http 304 response - FEATURE: add escaper level forbidden stats - FEATURE: add server & escaper level forbidden stats to user forbidden stats when possible v0.6.3: - BUG FIX: fix user-group reload - BUG FIX: fix normalization for socks_proxy config keys v0.6.2: - BUG FIX: do not exit after accept error - Feature: allow to discard task / escaper / resolver logs, and make this the default - Feature: allow to set socket buffer size for c-ares resolver - Feature: allow to use shared logger thread for server and escaper v0.6.1: - BUG FIX: fix idle check v0.6.0: - Internal: port to tokio 1.0 version - BUG FIX: only spawn long running tasks in main runtime v0.5.10 - BUG FIX: fix index based path selection when index overflow - BUG FIX: fix emit of user and server forbidden stats v0.5.9 - Feature: add new TrickFloat escaper - Feature: add new RouteMapping escaper - Feature: add path selection to: - HttpProxy server, disabled by default - DirectFixed escaper, disabled by default - RouteMapping escaper, always enabled, but only support index mapping - Feature: add general http keepalive config: - rename keepalive_eof_wait to remote_keepalive_eof_wait for HttpProxy server - add http_forward_upstream_keepalive to HttpProxy server, remove keepalive_idle_expire - add http_upstream_keepalive to user config, remove http_keepalive_idle - rename tcp_keepalive to tcp_remote_keepalive for user v0.5.8: - Feature: add more options to control http keepalive: - keepalive_eof_wait: set the time to wait when check eof of upstream connection - keepalive_idle_expire: set the max idle time for the keep of upstream connection - Feature: add http_keepalive_idle config to user config. v0.5.7: - Feature: allow user to specify custom resolve strategy - Feature: add 525 reply code to http proxy - Feature: add -t flag to g3proxy to test the format of config file - BUG FIX: also check upstream read close while sending new requests on reused connection - Feature: only wait for 100-continue response before request body send out - Feature: add tcp_keepalive setting to user config - Feature: add tcp_keepalive setting to escaper config, and deprecate old tcp_keepalive_idle config - Feature: change default resolve pick strategy to Random instead of First. v0.5.6 - Feature: allow to block user and set a delay before sending auth error response - Feature: add user and server level forbidden stats - BUG FIX: fix http forward Connection check v0.5.5: - Optimization: use native tls certs for local generated http request - Feature: allow to auth user with traditional unix crypt - Feature: allow to set source of proxy_float escaper to passive v0.5.4: - BUG FIX: fix user http_forward io stats - BUG FIX: fix escaper http forward task count v0.5.3 - BUG FIX: fix default stats emit duration - BUG FIX: fix emit of user stats v0.5.2 - Feature: add egress info to direct_float escaper v0.5.1 - Feature: add resolver stats - Optimization: allow more ascii chars in domain - Optimization: add server & escaper tags to user stats v0.5.0: - Feature: add 'allow_custom_host' to http_proxy server - Feature: support output of server / escaper / user stats - added 'stat' root config - support output to statsd v0.4.23: - Optimization: g3proxy-clt can detect default runtime dir now - Optimization: default to create non-existed cache file - Optimization: setup process logger early, so warning in config parse code can be emitted - Optimization: resolver pick policy now apply to get_all_addrs - Optimization: add more tcp_connect info to escape and task log: - tcp_connect_tries: show how many times we have tried to connect - tcp_connect_spend: show the total time we have spent on tcp connect for all tries v0.4.22: - Feature: rename proxy_dynamic escaper to proxy_float, and add options to set local cache - Feature: add local cache for dynamic users - Feature: allow to publish peers to proxy_float escaper - Feature: add direct_float escaper v0.4.21: - Feature: add yield out to tcp copy and udp relay task - Feature: add the following config to server: - tcp_copy_yield_size - udp_relay_packet_size - udp_relay_yield_size - Feature: support capnproto rpc on local controller, and add g3proxy-ctl command v0.4.20: - Optimization: allow to set protective_cache_ttl for error / empty resolver records - Optimization: add 'duration' and 'source' to c-ares resolver error log v0.4.19: - BUG FIX: always return all resolver error for all queries. This fix the regression introduced in v0.4.18 v0.4.18: - Optimization: report misc server error in cares resolver - Optimization: log query type in cares resolver error log - Optimization: return early when resolve error for *First strategies - BUG FIX: fix the number of running listen instances during reload of server v0.4.17: - Feature: cares resolver: allow to set bind ip for each family: - deprecate 'bind' config option - add 'bind_ipv4' config option - add 'bind_ipv6' config option - Feature: proxy escapers: allow to set bind ip for each family: - deprecate 'bind_ip' config option - add 'bind_ipv4' config option - add 'bind_ipv6' config option v0.4.16: - Feature: add expire to user config. - Feature: allow to builtin webpki-roots ca certs for rustls client config. - Feature: add dynamic users to user group, the source currently supported are: - file: sync from a local file - http: sync through an http GET request v0.4.15: - Feature: add more acl rule to server and user config: - dst_host_filter_set: limit the upstream host - dst_port_filter: limit the upstream port - Feature: add 'wait_time' to task log: - wait_time is the time after we recv the first byte and before create the task - ready_time and total_time doesn't include wait_time - Feature: add tls handshake in escape log. - Optimization: allow to set a list of tls certificate file. - BUG FIX: fix reload of server if tls / acl config changed. v0.4.14: - Feature: support https forward on all escapers. - Feature: add ProxyHttps escaper. - Feature: support https proxy peer on ProxyFloat escaper. - Optimization: add options to set internal copy buffer size. - BUG FIX: fix domain prefix match in route-upstream escaper. v0.4.13: - Optimization: add more fields such like io stats to task log - BUG FIX: fix handle of response to http HEAD request v0.4.12: - Feature: add log config in main conf, which sets initial config for loggers - Feature: allow to send log to syslogd through unix and udp sockets - Optimization: move tcp_connect and udp_relay log to a new escape logger v0.4.11: - Feature: enable request recv timeout check on http proxy server - Optimization: use separate resolve logger for each resolver - Optimization: limit client address at socket level for udp client sockets - Optimization: use more thread local buffer v0.4.10: - Feature: enable keepalive by default on dynamic escapers - Feature: enable task idle check on servers - BUG FIX: do strict check on limit read v0.4.9: - Feature: add instance count config field to server listen config - Feature: add 0x09 as connection timed out socks5 reply code, as it's added in socks6 draft - Feature: reflect peer timeout in response to client for proxy escapers - use 504 for http server response - use 0x09 for socks5 reply - Feature: support ingress_network_filter for servers - Feature: support egress_network_filter in direct fixed escaper - Feature: add response header X-BD-Dynamic-Egress-Info for dynamic escapers, it will be set if server_id in config is set. - Feature: let socks5 dynamic peer return early if expired when sending request on an alive connection - Optimization: use different task log threads for each server - Optimization: increase the default backlog value to 4096 - Optimization: always use socket address in listen config, drop separate port config - BUG FIX: use real expire time in http response - BUG FIX: make sure close the remote connection if http forward task should close v0.4.8: - BUG FIX: fix format of http response header Proxy-Authenticate v0.4.7: - Optimization: use askama instead of handlebars to generate error html page - Optimization: support systemd version 23x and python version 3.5.x - Optimization: switch expire_guard_seconds option to expire_guard_duration for proxy_float escaper - Optimization: rename main conf key for auth to 'user_group' v0.4.6: - BUG FIX: fix http CONNECT 200 response when any custom header enabled v0.4.5: - Optimization: do not count in target port in rendezvous selection for proxy escapers. - Optimization: adjust custom headers and settings for http_proxy server: - add header X-BD-Remote-Connection-Info, which will be set if server_id in config is set. - remove header X-BD-Remote-Connection-Expire, as it contains in X-BD-Remote-Connection-Info. - remove option http_forward_upstream_id, add option http_forward_mark_upstream instead, which requires server_id to be set. The value for header X-BD-Upstream-Id will be server_id. - Optimization: change some fields in tcp connect logs: - add "next-bind-ip" to record the bind ip we selected before the connection. - rename "tcp-expire" to "next-expire", this is the peer expire time, not only the connection. - rename "next-bind" to "next-bound-addr", this is the local addr from which we connect to remote. - rename "next-peer" to "next-peer-addr", which is the remote socket address. - Optimization: use parking_lot::Mutex for short non-async operations. - BUG FIX: fix peer update for proxy_float escaper. - BUG FIX: use only ICANN domains in psl data file. v0.4.4: - Feature: support non-blocking redis-cluster dynamic peer update - Feature: introduce selective vector and use it in proxy escapers The nodes can be weighted, and we support random/sequence/rendezvous pick policies - Feature: support redis 6 AUTH with username - Feature: add user stats, including connection/request/traffic stats - Optimization: use ahash instead of std hash for better performance v0.4.3: - BUG FIX: resolver: fix empty records with Ipv4First policy if ipv6 resolver return empty first v0.4.2: - Feature: allow to set request limit at user level v0.4.1: - Feature: add user group reload action in daemon helper script - Feature: allow to set rate limit at user level at the server side - Feature: respect expire value in proxy_float escaper, the following options are added: - expire_guard_seconds This will set some buffer time between the time we make the selection and the time we make the real connection - Feature: allow http dynamic peer to append extra headers via "extra_append_headers" - BUG FIX: fix handling of multiple http headers v0.4.0: - Feature: add proxy_float escaper - Feature: add proxy_socks5 escaper - Feature: add some custom response headers for http_proxy server - X-BD-Upstream-Id For http forward protocol. It means that the response comes from remote side if this header is present, at least the remote side of the proxy which has been set with the same 'upstream id' value. - X-BD-Remote-Connection-Expire May be present in all http responses. If the value is a valid rfc3339 datetime string, the remote connection will expire after this time, and the pending data may be failed to transfer. New requests should not be affected if the connection to the proxy is keep-alive and clean. If there are multiple chained proxies on the path, the nearest value from now will be kept. - X-BD-Upstream-Addr If enabled, it contains the upstream addr we attempted to connect to. If there are multiple chained proxies on the path, the result from the nearest one to upstream will be used. Note not all proxies support such info. It depends on the real topology to decide whether it's value is meaningful. - X-BD-Outgoing-IP If enabled, it will contain the far most ip address we used to connect to upstream. If there are multiple chained proxies on the path, the result from the nearest one to upstream will be used. Note not all proxies support such info and the ip address may still behind NAT. It depends on the real topology to decide whether it's value is meaningful. - Feature: allow to enable tls for http_proxy server - BUG FIX: fix encoding of username and password when used in HTTP contexts, now we can support all UTF-8 chars in username and password. - BUG FIX: fix the meaning of various stats - server stats: count in all data in proxy protocol layer to client, including negotiation - escaper stats: count in all data in proxy protocol layer to upstream, including negotiation - task stats: only count in real user data both to client and to upstream, excluding negotiation - tls is considered as a layer between transport and application, which won't be count in v0.3.5: - BUG FIX: fix install of systemd unit file in deb package v0.3.4: - BUG FIX: fix building of deb package v0.3.3 - Feature: allow to set multiple proxy addresses in proxy_http escaper - Feature: use the official way to build deb packages v0.3.2 - Feature: add json-rpc protocol to local controller - Feature: add g3proxy-daemon-helper script for reload and offline actions - Feature: add more tcp and http related config options - BUG FIX: fix dead lock when reloading route type escapers v0.3.1 - Feature: add basic auth to proxy_http escaper - Feature: add local_match and radix_match rules to route_upstream escaper - BUG FIX: make router in proxy_http escaper really optional v0.3.0 - Feature: add sphinx doc for all configurations - Feature: add error response body for http_proxy server - Feature: add some 'route' type escapers The 'route' escapers are used to select next escapers, so now escapers can depend on others, but cycle is not allowed in the final dependency graph. The following 'route' escapers are added: - route_random - route_upstream - route_dst_ip - Feature: add script to generate release tarball - Tweak: rename not_existed escaper to dummy_deny - Tweak: log optimization v0.2.2 - Feature: make systemd service restart graceful, though not perfect - Feature: add proxy_http escaper v0.2.1 - Optimization: use buffer writer when sending response to client - BUG FIX: close connection if remote response is read to end v0.2.0 - Initial release with a CHANGELOG.