mirror of
https://github.com/bytedance/g3.git
synced 2026-04-28 03:30:31 +00:00
814 lines
33 KiB
Text
814 lines
33 KiB
Text
|
|
v1.7.10:
|
|
- Feature: support happy-eyeballs for resolve redirected domain
|
|
- Feature: allow to set resolve strategy at user-site level
|
|
- Optimization: enable tcp_nodelay by default if needed
|
|
|
|
v1.7.9:
|
|
- BUG FIX: fix the parse of weighted upstream address
|
|
- BUG FIX: fix the clean of offline servers
|
|
- Optimization: listen in each worker when listen_in_worker is enabled
|
|
- Feature: add new ctl command to force quit offline servers
|
|
|
|
v1.7.8:
|
|
- BUG FIX: fix the set of package version in deb package
|
|
- Feature: allow to set multiple cert pairs in rustls server config
|
|
- Feature: allow to listen in worker, and run tasks in unconstrained mode
|
|
- Feature: allow to start listen instance according to available parallelism
|
|
- Optimization: update the define of openssl tls client config
|
|
- Compatibility: add g3-compat to allow compile on platforms with glibc < 2.27
|
|
- Compatibility: use vendored-openssl on platforms with libssl < 1.1.1
|
|
|
|
v1.7.7:
|
|
- Feature: make libcurl as optional feature
|
|
- Feature: add more config options to openssl tls client
|
|
- Internal: move most of daemon control code to g3-daemon lib crate
|
|
|
|
v1.7.6:
|
|
- Feature: allow to config the max io events per tick value for tokio runtime
|
|
- BUG FIX: fix the print of package version
|
|
- Optimization: add yield size limit to http body transfer futures
|
|
|
|
v1.7.5:
|
|
- Optimization: use icap connection pool at auditor level instead of audit handle level
|
|
- Feature: ignore Via header generated by ICAP server when sending request to upstream
|
|
- BUG FIX: fix AsyncRead implementation of chunk decoder
|
|
|
|
v1.7.4:
|
|
- Feature: default to send client address and username to ICAP server
|
|
- Feature: allow to respond shared names back to ICAP server
|
|
- Feature: allow to set application audit ratio in auditor and user config
|
|
|
|
v1.7.3:
|
|
- Feature: allow to use icap_reqmod_service and icap_respmod_service in auditor
|
|
- BUG FIX: make sure upstream response header is sent out in case the upstream close it's body io
|
|
|
|
v1.7.2:
|
|
- Feature: allow to send client_ip in route_query escaper
|
|
- Optimization: various update to http parse code
|
|
|
|
v1.7.1:
|
|
- Feature: add --dot-graph command line option to draw internal dependency graph
|
|
- BUG FIX: fix command line handling
|
|
|
|
v1.7.0:
|
|
- Feature: allow to set username for redis cluster config in ProxyFloat escaper
|
|
- Feature: support custom config file extension
|
|
- Feature: support round robin select policy in various escaper and server
|
|
- Feature: add user_type tag to user and user site metrics
|
|
- Feature: replace http_tproxy and sni_proxy with a new protocol inspection enabled sni_proxy
|
|
- BUG FIX: fix spawn new reload of resolver
|
|
|
|
v1.6.0:
|
|
- Feature: forbid ipv6 discard-only address block by default
|
|
- Optimization: use less mutex in openssl tls client session cache
|
|
|
|
v1.5.6:
|
|
- BUG FIX: do not consider c-ares NODATA as error
|
|
- Optimization: ignore the first error in happy eyeballs resolver
|
|
|
|
v1.5.5:
|
|
- Feature: switch to use happy eyeballs resolve method in
|
|
- RouteResolved escaper
|
|
- udp connect method in DirectFixed escaper
|
|
- resolver query ctl interface
|
|
|
|
v1.5.4:
|
|
- Feature: allow to set/unset hostname in syslog message header
|
|
|
|
v1.5.3:
|
|
- Feature: use happy eyeballs algorithm in Direct* and Proxy* escaper
|
|
- Feature: enable ftp over http support in DirectFloat escaper
|
|
- Feature: support multiple upstream addresses on TcpStream and TlsStream server
|
|
|
|
v1.5.2:
|
|
- BUG FIX: fix panic when parsing ipv6 socks requests
|
|
- Optimization: socks: return error early for empty domains
|
|
- Feature: drop local_match in route_upstream escaper
|
|
|
|
v1.5.1:
|
|
- BUG FIX: fix the build of deb package
|
|
|
|
v1.5.0:
|
|
- Feature: reintroduce the python dynamic user source and make it optional
|
|
- Feature: keep ipv4 compatible address in ipv6 form
|
|
- Feature: allow to log to fluentd by using it's Forward Protocol
|
|
|
|
v1.4.2:
|
|
- Feature: allow to specify lua version via features, and default to lua5.1
|
|
- Feature: add g3proxy-lua to test the functionality of lua
|
|
- BUG FIX: fix auth error reply in http_rproxy server
|
|
|
|
v1.4.1:
|
|
- Feature: allow to set report script for lua dynamic user source
|
|
- BUG FIX: fix the exact domain match for explicit user sites
|
|
|
|
v1.4.0:
|
|
- Feature: add user level layer 7 alive connection metrics
|
|
- Feature: add tcp_conn_rate_limit to user config
|
|
- Optimization: rename tcp and udp speed limit config options
|
|
|
|
v1.3.5:
|
|
- BUG FIX: cache dynamic users only if valid
|
|
- BUG FIX: revert to use mlua 0.7.4
|
|
|
|
v1.3.4:
|
|
- Feature: allow to set site config for each user
|
|
- Optimization: close http persistent connections early when server goes offline
|
|
|
|
v1.3.3:
|
|
- Feature: use clap to parse command line options
|
|
- BUG FIX: fix set of resolve strategy for g3proxy-ctl resolver query command
|
|
|
|
v1.3.2:
|
|
- Feature: support traditional private key PEM format
|
|
- Feature: add compile info to g3proxy
|
|
- Optimization: rename http_gateway server to http_rproxy
|
|
|
|
v1.3.1:
|
|
- Feature: allow to use unaided worker threads for tasks
|
|
- BUG FIX: fix reload all config
|
|
|
|
v1.3.0:
|
|
- Feature: add socks_use_udp_associate option to user config
|
|
- Optimization: use buffered metrics sink
|
|
- Optimization: switch to use std Mutex instead of parking_lot Mutex
|
|
- Optimization: rename some resolver ttl config options
|
|
|
|
v1.2.2:
|
|
- Feature: update openssl tls client config
|
|
|
|
v1.2.1:
|
|
- BUG FIX: fix deb package dependency
|
|
|
|
v1.2.0:
|
|
- Feature: switch to curl for simple http requests and add more config options:
|
|
- connect_timeout
|
|
- interface
|
|
- Feature: use distro default luajit
|
|
|
|
v1.1.5:
|
|
- BUG FIX: fix debian package file
|
|
|
|
v1.1.4:
|
|
- Feature: add back the simple 'http' dynamic user source
|
|
- Feature: add trust-dns resolver, which can also be configured to use DoT or DoH
|
|
- Feature: switch to use openssl tls client for outgoing tls connections
|
|
- Feature: allow to disable sni and session cache in rustls client config
|
|
|
|
v1.1.3:
|
|
- Feature: add 'lua' source for dynamic user fetching
|
|
- Feature: remove 'python' source for dynamic user fetching
|
|
- Feature: add 'route_client' escaper
|
|
|
|
v1.1.2:
|
|
- Import all bug fixes from v1.0.1 and update packages
|
|
|
|
v1.1.1:
|
|
- Feature: add new http_tproxy server
|
|
- Feature: rename server ppdp_tcp_port to intelli_proxy
|
|
|
|
v1.1.0:
|
|
- Feature: add 'python' source for dynamic user fetching
|
|
- Feature: remove 'http' source for dynamic user fetching
|
|
|
|
v1.0.1:
|
|
- BUG FIX: fix handle of 100-continue response after request body sent out
|
|
- BUG FIX: do not close the http connection if no body is expected in response
|
|
|
|
v1.0.0:
|
|
- First Long Term Support Branch
|
|
|
|
v0.9.10:
|
|
- BUG FIX: fix rfc5424 syslog timestamp format
|
|
|
|
v0.9.9:
|
|
- Feature: rename escaper route_dst_ip to route_resolved
|
|
- BUG FIX: fix update of resolve strategy based on ipv4_only/ipv6_only settings
|
|
- BUG FIX: avoid the panic caused by parsing float values as time duration
|
|
|
|
v0.9.8:
|
|
- BUG FIX: add '=' as KV delimiter to rfc3164 syslog
|
|
|
|
v0.9.7:
|
|
- BUG FIX: fix parse of msgpack string
|
|
- BUG FIX: close remote tcp sockets in time in proxy_socks5 escaper
|
|
- BUG FIX: really set ca certificate when build tls client config
|
|
|
|
v0.9.6:
|
|
- Feature: allow to display verbose ftp command message in g3proxy-ftp
|
|
- Feature: allow to change timezone via control commands
|
|
- Feature: allow to generate varies shell completion scripts for g3proxy-ctl and g3proxy-ftp
|
|
|
|
v0.9.5:
|
|
- Feature: add tls_stream server
|
|
- Feature: check time offset at start time, and make the explicit use of local time thread safe
|
|
|
|
v0.9.4:
|
|
- BUG FIX: drop cmake build dependency to build on old OS
|
|
|
|
v0.9.3:
|
|
- Feature: add blake3 to fast hashed passphrase and make all hashes optional
|
|
- Feature: allow to set negotiation timeout value for next proxy peers
|
|
- Feature: allow to set handshake timeout value for servers with tls enabled, and add listen.timeout metrics
|
|
- Feature: drop tls code in plain_tcp_port and add plain_tls_port
|
|
- Feature: move ingress network filter check to very early stage, which results to:
|
|
- rename metrics server.forbidden.src_blocked to listen.dropped
|
|
- add ingress network filter config to plain_tcp_port / plain_tls_port / ppdp_tcp_port
|
|
|
|
v0.9.2:
|
|
- Feature: allow to add extra metrics tags to escaper metrics
|
|
- Feature: delete useless tcp_copy_flush_interval server config option
|
|
- Feature: add user level upstream traffic stats
|
|
- BUG FIX: allow to use route escaper behind http gateway server
|
|
|
|
v0.9.1:
|
|
- Feature: add sni_proxy server
|
|
|
|
v0.9.0:
|
|
- Feature: add jump hash as a pick policy for SelectiveVec
|
|
- Feature: remove deprecated escaper config options:
|
|
- tcp_connect_max_retry
|
|
- tcp_connect_each_timeout
|
|
- Feature: allow to use the first Authorization for upstream ftp auth in http proxy server
|
|
- Feature: add route_select escaper, and remove the old route_random escaper
|
|
- Feature: add route_query escaper
|
|
- Feature: allow to start tls at server level behind multiple plain tcp ports
|
|
- Feature: allow to set client side tcp socket options at user level
|
|
- Feature: use PKCS #8 format for private key
|
|
- Feature: delete append_forwarded_for config option from proxy_http(s) escaper
|
|
- Feature: delete remote_keepalive_eof_wait config option from http_proxy server
|
|
- Feature: add http_gateway server
|
|
|
|
v0.8.11:
|
|
- Feature: allow to set tcp and udp socket options at server side
|
|
|
|
v0.8.10:
|
|
- regenerate release tarball
|
|
|
|
v0.8.9:
|
|
- Feature: allow to set SO_MARK for tcp socket
|
|
- Feature: allow to set more udp socket options at user and escaper level:
|
|
- IP_TTL
|
|
- IP_TOS
|
|
- SO_MARK
|
|
|
|
v0.8.8:
|
|
- Feature: allow to set probe_interval and probe_count in tcp keepalive config
|
|
- Feature: allow to set more tcp socket options at user and escaper level:
|
|
- TCP_NODELAY
|
|
- TCP_MSS
|
|
- IP_TTL
|
|
- IP_TOS
|
|
|
|
v0.8.7:
|
|
- BUG FIX: fix resolve of dns name with '_' in it's CNAME
|
|
|
|
v0.8.6:
|
|
- Feature: add tcp_connect config option to user config
|
|
- Feature: add tcp_connect config option to escaper config, and deprecate the following:
|
|
- tcp_connect_max_retry
|
|
- tcp_connect_each_timeout
|
|
|
|
v0.8.5:
|
|
- Feature: add --version command line option
|
|
- Feature: add proxy_request_filter to user config
|
|
|
|
v0.8.4:
|
|
- Feature: allow to forward all ftp requests to next proxy
|
|
- Feature: enable https forward by default
|
|
|
|
v0.8.3:
|
|
- Feature: allow to add extra metrics tags in server and user metrics
|
|
- Feature: add server and server extra tags in user forbidden metrics
|
|
- Feature: add more detailed resolver error metrics
|
|
|
|
v0.8.2:
|
|
- Optimization: do eagerly flush in io copy
|
|
|
|
v0.8.1:
|
|
- Feature: allow pass userid to next proxy in proxy_http(s) escaper
|
|
- BUG FIX: fix leak of forwarded header to upstream in proxy_http(s) escaper
|
|
|
|
v0.8.0:
|
|
- Feature: support file upload and delete in ftp over http request
|
|
- Optimization: change default tcp copy flush interval to 200ms
|
|
- Optimization: explicit forbid empty upstream address
|
|
|
|
v0.7.27:
|
|
- Feature: support single range request in ftp over http request
|
|
- Feature: support tls server config in plain_tcp_port server
|
|
- Optimization: always ignore body related headers in 1xx and 204 http response as specified in rfc7230
|
|
|
|
v0.7.26:
|
|
- BUG FIX: fix panic in https_forward task if the upstream has no domain
|
|
- Feature: support tls offload in tcp stream
|
|
- Feature: set bind_address_no_port for udp connect socket
|
|
|
|
v0.7.25:
|
|
- BUG FIX: various fix for ftp over http
|
|
|
|
v0.7.24:
|
|
- Feature: support udp associate and udp connect on proxy_socks5 escaper
|
|
- Feature: restore support for domain as target address in udp associate task
|
|
- Feature: prefer to use mime type returned by ftp server
|
|
- Feature: do acl check in udp associate task
|
|
- Feature: force quit tasks during process shutdown
|
|
- BUG FIX: ftp: determine transfer size right after setting transfer type
|
|
|
|
v0.7.23:
|
|
- Feature: allow to set auto_reply_local_ip_map for socks_proxy server
|
|
- BUG FIX: fix limit for tcp copy config
|
|
|
|
v0.7.22:
|
|
- Feature: add default simplified udp connect mode for socks server
|
|
- Feature: do not require the same address family for tcp and udp if udp bind ip is set
|
|
- BUG FIX: fix subnet_match config in RouteUpstream escaper
|
|
|
|
v0.7.21:
|
|
- Feature: refactor task idle check logic:
|
|
- remove 'task_idle_duration' config at server side
|
|
- add 'task_idle_check_duration' config at server side
|
|
- add 'task_idle_max_count' at server and user side
|
|
- Feature: add src denied stats to server forbidden stats
|
|
- Feature: add subnet_match to dst_host_filter_set acl rule set
|
|
- Feature: add subnet_match rule to RouteUpstream escaper
|
|
- BUG FIX: quote the realm value in response header
|
|
|
|
v0.7.20:
|
|
- Feature: add explicit flush interval for tcp copy
|
|
- Feature: default to always try epsv for ftp transfer
|
|
- Optimization: increase default http rsp header recv timeout to 60s
|
|
|
|
v0.7.19:
|
|
- Feature: drop escaper tag from user traffic metrics
|
|
- Feature: initial version with working ftp over http support
|
|
|
|
v0.7.18:
|
|
- BUG FIX: fix panic when handle empty Host http header value
|
|
|
|
v0.7.17:
|
|
- Feature: allow to set http forward capability for proxy_http(s) escapers
|
|
We can forward https and ftp requests to next http(s) proxies from now on
|
|
- Feature: add route metrics for route type escapers
|
|
- Feature: the request and traffic metrics are now correct set on the final escaper
|
|
- Feature: add g3proxy-ftp to test ftp functions
|
|
|
|
v0.7.16:
|
|
- BUG FIX: fix upstream addr parse error
|
|
- BUG FIX: fix set of `allow_custom_host` and `steal_forwarded_for` options for http_proxy server
|
|
- Feature: allow to set udp socket buffer size for socks_proxy server
|
|
|
|
v0.7.15:
|
|
- BUG FIX: fix miss action for ip hosts when only child and regex host rules set
|
|
- Feature: add options to control http forwarded headers
|
|
- http_proxy server: allow to delete forwarded headers in client requests
|
|
- proxy_http & proxy_https escaper: allow to append forwarded header in requests send out
|
|
- Feature: support haproxy PROXY protocol for proxy_http and proxy_https escapers
|
|
- Feature: support CEE log syntax in syslog
|
|
- Optimization: reply with http code 409 if host header doesn't match host in uri
|
|
|
|
v0.7.14:
|
|
- BUG FIX: support ipv6 address in squared bracket as http Host value
|
|
- BUG FIX: convert ipv6 mapped ipv4 address back to ipv4 address when parsing UpstreamAddr
|
|
- BUG FIX: fix server online status after reloading runtime
|
|
- Optimization: do not create default escaper in rpc commands
|
|
- Feature: add more servers
|
|
- plain_tcp_port: just listen to a tcp port and send connections to another server
|
|
- ppdp_tcp_port: detect the proxy protocol of the connection, and send to the corresponding next server,
|
|
the type of which could be either http_proxy or socks_proxy.
|
|
- dummy_close: just close the connection
|
|
|
|
v0.7.13:
|
|
- BUG FIX: fix handle of http url with ipv6 address as host field
|
|
- Feature: add listen stats for server
|
|
- Optimization: make `append_report_ts` syslog driver config option default to false
|
|
|
|
v0.7.12:
|
|
- BUG FIX: fix rfc5424 format for appended report_ts log field
|
|
|
|
v0.7.11:
|
|
- Feature: add udp_bind_port_range config option to socks_proxy server
|
|
- Feature: default to append `report_ts` to logs sendto syslogd
|
|
- add `append_report_ts` config option to syslog driver to control the behaviour
|
|
- Optimization: ignore optional fields with empty value in logs send to syslogd
|
|
|
|
v0.7.10:
|
|
- BUG FIX: fix counting of user level https forward io stats
|
|
- BUG FIX: fix X-BD-Upstream-Addr custom header
|
|
|
|
v0.7.9:
|
|
- Feature: http_proxy: close the connection if previous request is also auth failed
|
|
|
|
v0.7.8:
|
|
- Feature: use native async implementation from g3-syslog
|
|
- Feature: add metrics for loggers
|
|
- add logger.message.total
|
|
- add logger.message.pass
|
|
- add logger.traffic.pass
|
|
- add logger.message.drop
|
|
- Feature: sleep double emit_metrics interval time for metrics flushing in graceful shutdown mode
|
|
- Feature: add more resolver runtime config options
|
|
- graceful_stop_wait, which set the delay time after really stop the thread
|
|
- protective_query_timeout, which set the query timeout for queries sent to driver
|
|
- BUG FIX: fix http_proxy server config key name no_early_error_reply
|
|
- BUG FIX: shutdown the runtime thread for fail-over resolver
|
|
|
|
v0.7.7:
|
|
- Feature: change the default found action for user-agent acl rule to forbid.
|
|
- Feature: make some restrictions on uri in log:
|
|
- limit the number of characters, and add corresponding config options
|
|
- replace password field with 'xyz'
|
|
- Feature: add `user_agent` to HttpForward Task log
|
|
- Feature: add stats about resolver internal hashtable memory usage
|
|
- Optimization: increase the default async log channel size from 1024 to 4096
|
|
|
|
v0.7.6:
|
|
- Feature: allow to drain body of http requests with no auth info
|
|
- add `untrusted_read_limit` option to http_proxy to enable it and set the read limit
|
|
- Feature: add user_blocked forbidden stats to server
|
|
- Feature: add untrusted task stats to server
|
|
- add server.task.untrusted_total
|
|
- add server.task.untrusted_alive
|
|
- add server.traffic.untrusted_in.bytes
|
|
|
|
v0.7.5:
|
|
- BUG FIX: limit the maximum dns cache ttl value to avoid panic
|
|
- Feature: add config option *max_cache_ttl* to resolvers
|
|
|
|
v0.7.4:
|
|
- BUG FIX: fix selection of udp bind ipv6 address
|
|
|
|
v0.7.3:
|
|
- BUG FIX: convert ipv4-mapped ip back to ipv4 format early
|
|
- Optimization: add content-type to http proxy error response
|
|
|
|
v0.7.2:
|
|
- Feature: add new no_early_error_reply config option to http_proxy server
|
|
- Feature: add capnp rpc command to list user group and users
|
|
- Optimization: do not add user level acl stats to server level
|
|
- Optimization: add more detailed reason to task logs
|
|
|
|
v0.7.1:
|
|
- Optimization: do more strict limitation on user max alive requests
|
|
- BUG FIX: http_proxy server: fix keepalive for http 407 response
|
|
- Feature: add layer-7 http User-Agent acl rule to user config
|
|
- Feature: add ua_blocked forbidden stats for user
|
|
|
|
v0.7.0:
|
|
- FEATURE: add fail_over resolver
|
|
|
|
v0.6.9:
|
|
- FEATURE: forbid unspecified egress target address by default
|
|
- FEATURE: allow to set bind ip addresses for socks5 udp associate client side ip selection
|
|
|
|
v0.6.8:
|
|
- BUG FIX: update tokio 1.1.1 memory leak fixed version
|
|
|
|
v0.6.7:
|
|
- FEATURE: add resolve redirection support at user and escaper level
|
|
- FEATURE: add alive requests stats at user level
|
|
- FEATURE: allow to limit total alive requests at user level
|
|
- FEATURE: also cancel tasks belong to blocked users in idle detection
|
|
- FEATURE: socks5 udp associate: dropped domain support for security reasons
|
|
- FEATURE: add child match rules to RouteUpstream escaper
|
|
- FEATURE: make sure cached data write flushed when the other end read closed in tcp connect tasks
|
|
- BUG FIX: do correct parent domain match in child match acl rule
|
|
|
|
v0.6.6:
|
|
- BUG FIX: add cached data in buf reader to io stats
|
|
- FEATURE: allow to set log rate limit at user level
|
|
- FEATURE: add stats about log skipped requests at user level
|
|
|
|
v0.6.5:
|
|
- BUG FIX: fix log_type for shared loggers
|
|
- FEATURE: make socks5 udp associate optional and disabled by default
|
|
|
|
v0.6.4:
|
|
- BUG FIX: fix check of body type for http 304 response
|
|
- FEATURE: add escaper level forbidden stats
|
|
- FEATURE: add server & escaper level forbidden stats to user forbidden stats when possible
|
|
|
|
v0.6.3:
|
|
- BUG FIX: fix user-group reload
|
|
- BUG FIX: fix normalization for socks_proxy config keys
|
|
|
|
v0.6.2:
|
|
- BUG FIX: do not exit after accept error
|
|
- Feature: allow to discard task / escaper / resolver logs, and make this the default
|
|
- Feature: allow to set socket buffer size for c-ares resolver
|
|
- Feature: allow to use shared logger thread for server and escaper
|
|
|
|
v0.6.1:
|
|
- BUG FIX: fix idle check
|
|
|
|
v0.6.0:
|
|
- Internal: port to tokio 1.0 version
|
|
- BUG FIX: only spawn long running tasks in main runtime
|
|
|
|
v0.5.10
|
|
- BUG FIX: fix index based path selection when index overflow
|
|
- BUG FIX: fix emit of user and server forbidden stats
|
|
|
|
v0.5.9
|
|
- Feature: add new TrickFloat escaper
|
|
- Feature: add new RouteMapping escaper
|
|
- Feature: add path selection to:
|
|
- HttpProxy server, disabled by default
|
|
- DirectFixed escaper, disabled by default
|
|
- RouteMapping escaper, always enabled, but only support index mapping
|
|
- Feature: add general http keepalive config:
|
|
- rename keepalive_eof_wait to remote_keepalive_eof_wait for HttpProxy server
|
|
- add http_forward_upstream_keepalive to HttpProxy server, remove keepalive_idle_expire
|
|
- add http_upstream_keepalive to user config, remove http_keepalive_idle
|
|
- rename tcp_keepalive to tcp_remote_keepalive for user
|
|
|
|
v0.5.8:
|
|
- Feature: add more options to control http keepalive:
|
|
- keepalive_eof_wait: set the time to wait when check eof of upstream connection
|
|
- keepalive_idle_expire: set the max idle time for the keep of upstream connection
|
|
- Feature: add http_keepalive_idle config to user config.
|
|
|
|
v0.5.7:
|
|
- Feature: allow user to specify custom resolve strategy
|
|
- Feature: add 525 reply code to http proxy
|
|
- Feature: add -t flag to g3proxy to test the format of config file
|
|
- BUG FIX: also check upstream read close while sending new requests on reused connection
|
|
- Feature: only wait for 100-continue response before request body send out
|
|
- Feature: add tcp_keepalive setting to user config
|
|
- Feature: add tcp_keepalive setting to escaper config, and deprecate old tcp_keepalive_idle config
|
|
- Feature: change default resolve pick strategy to Random instead of First.
|
|
|
|
v0.5.6
|
|
- Feature: allow to block user and set a delay before sending auth error response
|
|
- Feature: add user and server level forbidden stats
|
|
- BUG FIX: fix http forward Connection check
|
|
|
|
v0.5.5:
|
|
- Optimization: use native tls certs for local generated http request
|
|
- Feature: allow to auth user with traditional unix crypt
|
|
- Feature: allow to set source of proxy_float escaper to passive
|
|
|
|
v0.5.4:
|
|
- BUG FIX: fix user http_forward io stats
|
|
- BUG FIX: fix escaper http forward task count
|
|
|
|
v0.5.3
|
|
- BUG FIX: fix default stats emit duration
|
|
- BUG FIX: fix emit of user stats
|
|
|
|
v0.5.2
|
|
- Feature: add egress info to direct_float escaper
|
|
|
|
v0.5.1
|
|
- Feature: add resolver stats
|
|
- Optimization: allow more ascii chars in domain
|
|
- Optimization: add server & escaper tags to user stats
|
|
|
|
v0.5.0:
|
|
- Feature: add 'allow_custom_host' to http_proxy server
|
|
- Feature: support output of server / escaper / user stats
|
|
- added 'stat' root config
|
|
- support output to statsd
|
|
|
|
v0.4.23:
|
|
- Optimization: g3proxy-clt can detect default runtime dir now
|
|
- Optimization: default to create non-existed cache file
|
|
- Optimization: setup process logger early, so warning in config parse code can be emitted
|
|
- Optimization: resolver pick policy now apply to get_all_addrs
|
|
- Optimization: add more tcp_connect info to escape and task log:
|
|
- tcp_connect_tries: show how many times we have tried to connect
|
|
- tcp_connect_spend: show the total time we have spent on tcp connect for all tries
|
|
|
|
v0.4.22:
|
|
- Feature: rename proxy_dynamic escaper to proxy_float, and add options to set local cache
|
|
- Feature: add local cache for dynamic users
|
|
- Feature: allow to publish peers to proxy_float escaper
|
|
- Feature: add direct_float escaper
|
|
|
|
v0.4.21:
|
|
- Feature: add yield out to tcp copy and udp relay task
|
|
- Feature: add the following config to server:
|
|
- tcp_copy_yield_size
|
|
- udp_relay_packet_size
|
|
- udp_relay_yield_size
|
|
- Feature: support capnproto rpc on local controller, and add g3proxy-ctl command
|
|
|
|
v0.4.20:
|
|
- Optimization: allow to set protective_cache_ttl for error / empty resolver records
|
|
- Optimization: add 'duration' and 'source' to c-ares resolver error log
|
|
|
|
v0.4.19:
|
|
- BUG FIX: always return all resolver error for all queries.
|
|
This fix the regression introduced in v0.4.18
|
|
|
|
v0.4.18:
|
|
- Optimization: report misc server error in cares resolver
|
|
- Optimization: log query type in cares resolver error log
|
|
- Optimization: return early when resolve error for *First strategies
|
|
- BUG FIX: fix the number of running listen instances during reload of server
|
|
|
|
v0.4.17:
|
|
- Feature: cares resolver: allow to set bind ip for each family:
|
|
- deprecate 'bind' config option
|
|
- add 'bind_ipv4' config option
|
|
- add 'bind_ipv6' config option
|
|
- Feature: proxy escapers: allow to set bind ip for each family:
|
|
- deprecate 'bind_ip' config option
|
|
- add 'bind_ipv4' config option
|
|
- add 'bind_ipv6' config option
|
|
|
|
v0.4.16:
|
|
- Feature: add expire to user config.
|
|
- Feature: allow to builtin webpki-roots ca certs for rustls client config.
|
|
- Feature: add dynamic users to user group, the source currently supported are:
|
|
- file: sync from a local file
|
|
- http: sync through an http GET request
|
|
|
|
v0.4.15:
|
|
- Feature: add more acl rule to server and user config:
|
|
- dst_host_filter_set: limit the upstream host
|
|
- dst_port_filter: limit the upstream port
|
|
- Feature: add 'wait_time' to task log:
|
|
- wait_time is the time after we recv the first byte and before create the task
|
|
- ready_time and total_time doesn't include wait_time
|
|
- Feature: add tls handshake in escape log.
|
|
- Optimization: allow to set a list of tls certificate file.
|
|
- BUG FIX: fix reload of server if tls / acl config changed.
|
|
|
|
v0.4.14:
|
|
- Feature: support https forward on all escapers.
|
|
- Feature: add ProxyHttps escaper.
|
|
- Feature: support https proxy peer on ProxyFloat escaper.
|
|
- Optimization: add options to set internal copy buffer size.
|
|
- BUG FIX: fix domain prefix match in route-upstream escaper.
|
|
|
|
v0.4.13:
|
|
- Optimization: add more fields such like io stats to task log
|
|
- BUG FIX: fix handle of response to http HEAD request
|
|
|
|
v0.4.12:
|
|
- Feature: add log config in main conf, which sets initial config for loggers
|
|
- Feature: allow to send log to syslogd through unix and udp sockets
|
|
- Optimization: move tcp_connect and udp_relay log to a new escape logger
|
|
|
|
v0.4.11:
|
|
- Feature: enable request recv timeout check on http proxy server
|
|
- Optimization: use separate resolve logger for each resolver
|
|
- Optimization: limit client address at socket level for udp client sockets
|
|
- Optimization: use more thread local buffer
|
|
|
|
v0.4.10:
|
|
- Feature: enable keepalive by default on dynamic escapers
|
|
- Feature: enable task idle check on servers
|
|
- BUG FIX: do strict check on limit read
|
|
|
|
v0.4.9:
|
|
- Feature: add instance count config field to server listen config
|
|
- Feature: add 0x09 as connection timed out socks5 reply code, as it's added in socks6 draft
|
|
- Feature: reflect peer timeout in response to client for proxy escapers
|
|
- use 504 for http server response
|
|
- use 0x09 for socks5 reply
|
|
- Feature: support ingress_network_filter for servers
|
|
- Feature: support egress_network_filter in direct fixed escaper
|
|
- Feature: add response header X-BD-Dynamic-Egress-Info for dynamic escapers, it will be set
|
|
if server_id in config is set.
|
|
- Feature: let socks5 dynamic peer return early if expired when sending request on an alive connection
|
|
- Optimization: use different task log threads for each server
|
|
- Optimization: increase the default backlog value to 4096
|
|
- Optimization: always use socket address in listen config, drop separate port config
|
|
- BUG FIX: use real expire time in http response
|
|
- BUG FIX: make sure close the remote connection if http forward task should close
|
|
|
|
v0.4.8:
|
|
- BUG FIX: fix format of http response header Proxy-Authenticate
|
|
|
|
v0.4.7:
|
|
- Optimization: use askama instead of handlebars to generate error html page
|
|
- Optimization: support systemd version 23x and python version 3.5.x
|
|
- Optimization: switch expire_guard_seconds option to expire_guard_duration for proxy_float escaper
|
|
- Optimization: rename main conf key for auth to 'user_group'
|
|
|
|
v0.4.6:
|
|
- BUG FIX: fix http CONNECT 200 response when any custom header enabled
|
|
|
|
v0.4.5:
|
|
- Optimization: do not count in target port in rendezvous selection for proxy escapers.
|
|
- Optimization: adjust custom headers and settings for http_proxy server:
|
|
- add header X-BD-Remote-Connection-Info, which will be set if server_id in config is set.
|
|
- remove header X-BD-Remote-Connection-Expire, as it contains in X-BD-Remote-Connection-Info.
|
|
- remove option http_forward_upstream_id, add option http_forward_mark_upstream instead,
|
|
which requires server_id to be set. The value for header X-BD-Upstream-Id will be server_id.
|
|
- Optimization: change some fields in tcp connect logs:
|
|
- add "next-bind-ip" to record the bind ip we selected before the connection.
|
|
- rename "tcp-expire" to "next-expire", this is the peer expire time, not only the connection.
|
|
- rename "next-bind" to "next-bound-addr", this is the local addr from which we connect to remote.
|
|
- rename "next-peer" to "next-peer-addr", which is the remote socket address.
|
|
- Optimization: use parking_lot::Mutex for short non-async operations.
|
|
- BUG FIX: fix peer update for proxy_float escaper.
|
|
- BUG FIX: use only ICANN domains in psl data file.
|
|
|
|
v0.4.4:
|
|
- Feature: support non-blocking redis-cluster dynamic peer update
|
|
- Feature: introduce selective vector and use it in proxy escapers
|
|
The nodes can be weighted, and we support random/sequence/rendezvous pick policies
|
|
- Feature: support redis 6 AUTH with username
|
|
- Feature: add user stats, including connection/request/traffic stats
|
|
- Optimization: use ahash instead of std hash for better performance
|
|
|
|
v0.4.3:
|
|
- BUG FIX: resolver: fix empty records with Ipv4First policy if ipv6 resolver return empty first
|
|
|
|
v0.4.2:
|
|
- Feature: allow to set request limit at user level
|
|
|
|
v0.4.1:
|
|
- Feature: add user group reload action in daemon helper script
|
|
- Feature: allow to set rate limit at user level at the server side
|
|
- Feature: respect expire value in proxy_float escaper, the following options are added:
|
|
- expire_guard_seconds
|
|
This will set some buffer time between the time we make the selection and
|
|
the time we make the real connection
|
|
- Feature: allow http dynamic peer to append extra headers via "extra_append_headers"
|
|
- BUG FIX: fix handling of multiple http headers
|
|
|
|
v0.4.0:
|
|
- Feature: add proxy_float escaper
|
|
- Feature: add proxy_socks5 escaper
|
|
- Feature: add some custom response headers for http_proxy server
|
|
- X-BD-Upstream-Id
|
|
For http forward protocol. It means that the response comes from remote side
|
|
if this header is present, at least the remote side of the proxy which has
|
|
been set with the same 'upstream id' value.
|
|
- X-BD-Remote-Connection-Expire
|
|
May be present in all http responses. If the value is a valid rfc3339 datetime
|
|
string, the remote connection will expire after this time, and the pending data
|
|
may be failed to transfer. New requests should not be affected if the connection
|
|
to the proxy is keep-alive and clean. If there are multiple chained proxies on the
|
|
path, the nearest value from now will be kept.
|
|
- X-BD-Upstream-Addr
|
|
If enabled, it contains the upstream addr we attempted to connect to. If there are
|
|
multiple chained proxies on the path, the result from the nearest one to upstream
|
|
will be used. Note not all proxies support such info. It depends on the real
|
|
topology to decide whether it's value is meaningful.
|
|
- X-BD-Outgoing-IP
|
|
If enabled, it will contain the far most ip address we used to connect to upstream.
|
|
If there are multiple chained proxies on the path, the result from the nearest one
|
|
to upstream will be used. Note not all proxies support such info and the ip address
|
|
may still behind NAT. It depends on the real topology to decide whether it's value
|
|
is meaningful.
|
|
- Feature: allow to enable tls for http_proxy server
|
|
- BUG FIX: fix encoding of username and password when used in HTTP contexts,
|
|
now we can support all UTF-8 chars in username and password.
|
|
- BUG FIX: fix the meaning of various stats
|
|
- server stats: count in all data in proxy protocol layer to client, including negotiation
|
|
- escaper stats: count in all data in proxy protocol layer to upstream, including negotiation
|
|
- task stats: only count in real user data both to client and to upstream, excluding negotiation
|
|
- tls is considered as a layer between transport and application, which won't be count in
|
|
|
|
v0.3.5:
|
|
- BUG FIX: fix install of systemd unit file in deb package
|
|
|
|
v0.3.4:
|
|
- BUG FIX: fix building of deb package
|
|
|
|
v0.3.3
|
|
- Feature: allow to set multiple proxy addresses in proxy_http escaper
|
|
- Feature: use the official way to build deb packages
|
|
|
|
v0.3.2
|
|
- Feature: add json-rpc protocol to local controller
|
|
- Feature: add g3proxy-daemon-helper script for reload and offline actions
|
|
- Feature: add more tcp and http related config options
|
|
- BUG FIX: fix dead lock when reloading route type escapers
|
|
|
|
v0.3.1
|
|
- Feature: add basic auth to proxy_http escaper
|
|
- Feature: add local_match and radix_match rules to route_upstream escaper
|
|
- BUG FIX: make router in proxy_http escaper really optional
|
|
|
|
v0.3.0
|
|
- Feature: add sphinx doc for all configurations
|
|
- Feature: add error response body for http_proxy server
|
|
- Feature: add some 'route' type escapers
|
|
The 'route' escapers are used to select next escapers,
|
|
so now escapers can depend on others, but cycle is not allowed in the final dependency graph.
|
|
The following 'route' escapers are added:
|
|
- route_random
|
|
- route_upstream
|
|
- route_dst_ip
|
|
- Feature: add script to generate release tarball
|
|
- Tweak: rename not_existed escaper to dummy_deny
|
|
- Tweak: log optimization
|
|
|
|
v0.2.2
|
|
- Feature: make systemd service restart graceful, though not perfect
|
|
- Feature: add proxy_http escaper
|
|
|
|
v0.2.1
|
|
- Optimization: use buffer writer when sending response to client
|
|
- BUG FIX: close connection if remote response is read to end
|
|
|
|
v0.2.0
|
|
- Initial release with a CHANGELOG.
|
|
|