quic example

qwj · qwj · commit dc5a0eee2982 · 2021-02-18T16:22:41.000+08:00
diff --git a/README.rst b/README.rst
@@ -73,7 +73,7 @@ Features
 - Proxy client/server for TCP/UDP.
 - Schedule (load balance) among remote servers.
 - Incoming traffic auto-detect.
-- Tunnel/relay/backward-relay support.
+- Tunnel/jump/backward-jump support.
 - Unix domain socket support.
 - User/password authentication support.
 - Filter/block hostname by regex patterns.
@@ -116,6 +116,8 @@ Protocols
 +-------------------+------------+------------+------------+------------+--------------+
 | ssh tunnel | | ✔ | | | ssh:// |
 +-------------------+------------+------------+------------+------------+--------------+
+| quic | ✔ | ✔ | | | http+quic:// |
++-------------------+------------+------------+------------+------------+--------------+
 | iptables nat | ✔ | | | | redir:// |
 +-------------------+------------+------------+------------+------------+--------------+
 | pfctl nat (macos) | ✔ | | | | pf:// |
@@ -366,7 +368,7 @@ URI Syntax
 
 - The username, colon ':', and the password
 
-URIs can be joined by "__" to indicate tunneling by relay. For example, ss://1.2.3.4:1324__http://4.5.6.7:4321 make remote connection to the first shadowsocks proxy server, and then tunnel to the second http proxy server.
+URIs can be joined by "__" to indicate tunneling by jump. For example, ss://1.2.3.4:1324__http://4.5.6.7:4321 make remote connection to the first shadowsocks proxy server, and then jump to the second http proxy server.
 
 .. _AEAD: http://shadowsocks.org/en/spec/AEAD-Ciphers.html
 
@@ -559,9 +561,7 @@ Examples
 
 Make sure **pproxy** runs in root mode (sudo), otherwise it cannot redirect pf packet.
 
-- Relay tunnel
-
- Relay tunnel example:
+- Multiple jumps example
 
 .. code:: rst
 
@@ -659,6 +659,12 @@ Examples
 
 Server connects to client_ip:8081 and waits for client proxy requests. The protocol http specified is just an example. It can be any protocol and cipher **pproxy** supports. The scheme "**in**" should exist in URI to inform **pproxy** that it is a backward proxy.
 
+ .. code:: rst
+
+ $ pproxy -l http+in://jumpserver__http://client_ip:8081
+
+ It is a complicated example. Server connects to client_ip:8081 by jump http://jumpserver. The backward proxy works through jumps.
+
 - SSH client tunnel
 
 SSH client tunnel support is enabled by installing additional library asyncssh_. After "pip3 install asyncssh", you can specify "**ssh**" as scheme to proxy via ssh client tunnel.
@@ -675,6 +681,30 @@ Examples
 
 SSH connection known_hosts feature is disabled by default.
 
+- SSH jump
+
+ SSH jump is supported by using "__" concatenation
+
+ .. code:: rst
+
+ $ pproxy -r ssh://server1__ssh://server2__ssh://server3
+
+ First connection to server1 is made. Second, ssh connection to server2 is made from server1. Finally, connect to server3, and use server3 for proxying traffic.
+
+- SSH remote forward
+
+ .. code:: rst
+
+ $ pproxy -l ssh://server__tunnel://0.0.0.0:1234 -r tunnel://127.0.0.1:1234
+
+ TCP :1234 on remote server is forwarded to 127.0.0.1:1234 on local server
+
+ .. code:: rst
+
+ $ pproxy -l ssh://server1__ssh://server2__ss://0.0.0.0:1234 -r ss://server3:1234
+
+ It is a complicated example. SSH server2 is jumped from SSH server1, and ss://0.0.0.0:1234 on server2 is listened. Traffic is forwarded to ss://server3:1234.
+
 - Trojan protocol example
 
 Normally trojan:// should be used together with ssl://. You should specify the SSL crt/key file for ssl usage. A typical trojan server would be:
@@ -685,6 +715,21 @@ Examples
 
 If trojan password doesn't match, the tunnal{localhost:80} will be switched to. It looks exactly the same as a common HTTPS website.
 
+- QUIC protocol example
+
+ QUIC is a UDP stream protocol in HTTP/3. Library **aioquic** is required if you want to proxy via QUIC.
+
+ .. code:: rst
+
+ $ pip3 install aioquic
+ $ pproxy --ssl ssl.crt,ssl.key -l quic://:1234
+
+ On the client:
+
+ $ pproxy -r quic://server:1234
+
+ QUIC protocol can transfer a lot of TCP streams on one single UDP stream. If the connection number is hugh, QUIC can benefit by reducing TCP handshake time.
+
 - VPN Server Example
 
 You can run VPN server simply by installing pvpn (python vpn), a lightweight VPN server with pproxy tunnel feature.
diff --git a/pproxy/server.py b/pproxy/server.py
@@ -413,6 +413,8 @@ async def wait_open_connection(self, host, port, local_addr, family, tunnel=None
 reader, writer = self.patch_stream(reader, writer, host, port)
 return reader, writer
 async def start_server(self, args, stream_handler=stream_handler, tunnel=None):
+ if type(self.jump) is ProxyDirect:
+ raise Exception('ssh server mode unsupported')
 await self.wait_ssh_connection(tunnel=tunnel)
 conn = self.sshconn.result()
 if isinstance(self.jump, ProxySSH):

-Original file line number
+Diff line change
 reader, writer=self.patch_stream(reader, writer, host, port)
 returnreader, writer
 asyncdefstart_server(self, args, stream_handler=stream_handler, tunnel=None):
 +iftype(self.jump) isProxyDirect:
 +raiseException('ssh server mode unsupported')
 awaitself.wait_ssh_connection(tunnel=tunnel)
 conn=self.sshconn.result()
 ifisinstance(self.jump, ProxySSH):