Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ae0342d018 | |||
| 365981d9cf | |||
| 2cc0ff0030 | |||
| 72935e7ee0 | |||
| 61db285e04 | |||
| d165829022 | |||
| 5e6cf391ab | |||
| 2b1a21c599 | |||
| b8e1c9f3cf | |||
| c65369540c | |||
| 59e108edbd | |||
| 1e2ca68fc7 | |||
| 4c76a9f9f3 | |||
| 8e76c42cea | |||
| b1f4181139 | |||
| a1b8d40011 |
50
changelog.md
50
changelog.md
@@ -1,5 +1,55 @@
|
||||
# Changelog
|
||||
|
||||
## 2026-03-16 - 25.11.16 - fix(repo)
|
||||
no changes to commit
|
||||
|
||||
|
||||
## 2026-03-16 - 25.11.15 - fix(rustproxy-http)
|
||||
implement vectored write support for backend streams
|
||||
|
||||
- Add poll_write_vectored forwarding for both plain and TLS backend stream variants
|
||||
- Expose is_write_vectored so the proxy can correctly report vectored write capability
|
||||
|
||||
## 2026-03-16 - 25.11.14 - fix(rustproxy-http)
|
||||
forward vectored write support in ShutdownOnDrop AsyncWrite wrapper
|
||||
|
||||
- Implements poll_write_vectored by delegating to the wrapped writer
|
||||
- Exposes is_write_vectored so the wrapper preserves underlying AsyncWrite capabilities
|
||||
|
||||
## 2026-03-16 - 25.11.13 - fix(rustproxy-http)
|
||||
remove hot-path debug logging from HTTP/1 connection pool hits
|
||||
|
||||
- Stops emitting debug logs when reusing HTTP/1 idle connections in the connection pool.
|
||||
- Keeps pool hit behavior unchanged while reducing overhead on a frequently executed path.
|
||||
|
||||
## 2026-03-16 - 25.11.12 - fix(rustproxy-http)
|
||||
remove connection pool hit logging and keep logging limited to actual failures
|
||||
|
||||
- Removes debug and warning logs for HTTP/2 connection pool hits and age checks.
|
||||
- Keeps pool behavior unchanged while reducing noisy per-request logging in the Rust HTTP proxy layer.
|
||||
|
||||
## 2026-03-16 - 25.11.11 - fix(rustproxy-http)
|
||||
improve HTTP/2 proxy error logging with warning-level connection failures and debug error details
|
||||
|
||||
- Adds debug-formatted error fields to HTTP/2 handshake, retry, fallback, and request failure logs
|
||||
- Promotes upstream HTTP/2 connection error logs from debug to warn to improve operational visibility
|
||||
|
||||
## 2026-03-16 - 25.11.10 - fix(rustproxy-http)
|
||||
validate pooled HTTP/2 connections asynchronously before reuse and evict stale senders
|
||||
|
||||
- Add an async ready() check with a 500ms timeout before reusing pooled HTTP/2 senders to catch GOAWAY/RST states before forwarding requests
|
||||
- Return connection age from the HTTP/2 pool checkout path and log warnings for older pooled connections
|
||||
- Evict pooled HTTP/2 senders when they are closed, exceed max age, fail readiness validation, or time out during readiness checks
|
||||
|
||||
## 2026-03-16 - 25.11.9 - fix(rustproxy-routing)
|
||||
reduce hot-path allocations in routing, metrics, and proxy protocol handling
|
||||
|
||||
- skip HTTP header map construction unless a route on the current port uses header matching
|
||||
- reuse computed client IP strings during HTTP route matching to avoid redundant allocations
|
||||
- optimize per-route and per-IP metric updates with get-first lookups to avoid unnecessary String creation on existing entries
|
||||
- replace heap-allocated PROXY protocol peek and discard buffers with stack-allocated buffers in the TCP listener
|
||||
- improve domain matcher case-insensitive wildcard checks while preserving glob fallback behavior
|
||||
|
||||
## 2026-03-16 - 25.11.8 - fix(rustproxy-http)
|
||||
prevent premature idle timeouts during streamed HTTP responses and ensure TLS close_notify is sent on dropped connections
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@push.rocks/smartproxy",
|
||||
"version": "25.11.8",
|
||||
"version": "25.11.16",
|
||||
"private": false,
|
||||
"description": "A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.",
|
||||
"main": "dist_ts/index.js",
|
||||
|
||||
@@ -10,7 +10,7 @@ use bytes::Bytes;
|
||||
use dashmap::DashMap;
|
||||
use http_body_util::combinators::BoxBody;
|
||||
use hyper::client::conn::{http1, http2};
|
||||
use tracing::debug;
|
||||
// No per-request logging in the pool — only log on actual failures (in proxy_service.rs)
|
||||
|
||||
/// Maximum idle connections per backend key.
|
||||
const MAX_IDLE_PER_KEY: usize = 16;
|
||||
@@ -82,7 +82,7 @@ impl ConnectionPool {
|
||||
while let Some(idle) = idles.pop() {
|
||||
// Check if the connection is still alive and ready
|
||||
if idle.idle_since.elapsed() < IDLE_TIMEOUT && idle.sender.is_ready() && !idle.sender.is_closed() {
|
||||
debug!("Pool hit (h1): {}:{}", key.host, key.port);
|
||||
// H1 pool hit — no logging on hot path
|
||||
return Some(idle.sender);
|
||||
}
|
||||
// Stale or closed — drop it
|
||||
@@ -115,20 +115,19 @@ impl ConnectionPool {
|
||||
|
||||
/// Try to get a cloned HTTP/2 sender for the given key.
|
||||
/// HTTP/2 senders are Clone-able (multiplexed), so we clone rather than remove.
|
||||
pub fn checkout_h2(&self, key: &PoolKey) -> Option<http2::SendRequest<BoxBody<Bytes, hyper::Error>>> {
|
||||
pub fn checkout_h2(&self, key: &PoolKey) -> Option<(http2::SendRequest<BoxBody<Bytes, hyper::Error>>, Duration)> {
|
||||
let entry = self.h2_pool.get(key)?;
|
||||
let pooled = entry.value();
|
||||
let age = pooled.created_at.elapsed();
|
||||
|
||||
// Check if the h2 connection is still alive and not too old
|
||||
if pooled.sender.is_closed() || pooled.created_at.elapsed() >= MAX_H2_AGE {
|
||||
if pooled.sender.is_closed() || age >= MAX_H2_AGE {
|
||||
drop(entry);
|
||||
self.h2_pool.remove(key);
|
||||
return None;
|
||||
}
|
||||
|
||||
if pooled.sender.is_ready() {
|
||||
debug!("Pool hit (h2): {}:{}", key.host, key.port);
|
||||
return Some(pooled.sender.clone());
|
||||
return Some((pooled.sender.clone(), age));
|
||||
}
|
||||
None
|
||||
}
|
||||
|
||||
@@ -109,6 +109,24 @@ impl tokio::io::AsyncWrite for BackendStream {
|
||||
}
|
||||
}
|
||||
|
||||
fn poll_write_vectored(
|
||||
self: Pin<&mut Self>,
|
||||
cx: &mut Context<'_>,
|
||||
bufs: &[std::io::IoSlice<'_>],
|
||||
) -> Poll<std::io::Result<usize>> {
|
||||
match self.get_mut() {
|
||||
BackendStream::Plain(s) => Pin::new(s).poll_write_vectored(cx, bufs),
|
||||
BackendStream::Tls(s) => Pin::new(s).poll_write_vectored(cx, bufs),
|
||||
}
|
||||
}
|
||||
|
||||
fn is_write_vectored(&self) -> bool {
|
||||
match self {
|
||||
BackendStream::Plain(s) => s.is_write_vectored(),
|
||||
BackendStream::Tls(s) => s.is_write_vectored(),
|
||||
}
|
||||
}
|
||||
|
||||
fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
|
||||
match self.get_mut() {
|
||||
BackendStream::Plain(s) => Pin::new(s).poll_flush(cx),
|
||||
@@ -399,11 +417,19 @@ impl HttpProxyService {
|
||||
let path = req.uri().path().to_string();
|
||||
let method = req.method().clone();
|
||||
|
||||
// Extract headers for matching
|
||||
let headers: HashMap<String, String> = req.headers()
|
||||
.iter()
|
||||
.map(|(k, v)| (k.to_string(), v.to_str().unwrap_or("").to_string()))
|
||||
.collect();
|
||||
// Extract headers for matching — only allocate the HashMap if any route
|
||||
// on this port actually uses header matching. Most deployments don't,
|
||||
// so this saves ~20-30 String allocations per request.
|
||||
let current_rm = self.route_manager.load();
|
||||
let needs_headers = current_rm.any_route_has_headers(port);
|
||||
let headers: Option<HashMap<String, String>> = if needs_headers {
|
||||
Some(req.headers()
|
||||
.iter()
|
||||
.map(|(k, v)| (k.to_string(), v.to_str().unwrap_or("").to_string()))
|
||||
.collect())
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
debug!("HTTP {} {} (host: {:?}) from {}", method, path, host, peer_addr);
|
||||
|
||||
@@ -414,19 +440,19 @@ impl HttpProxyService {
|
||||
}
|
||||
}
|
||||
|
||||
// Match route
|
||||
// Match route (current_rm already loaded above for headers check)
|
||||
let ip_string = peer_addr.ip().to_string();
|
||||
let ctx = rustproxy_routing::MatchContext {
|
||||
port,
|
||||
domain: host.as_deref(),
|
||||
path: Some(&path),
|
||||
client_ip: Some(&peer_addr.ip().to_string()),
|
||||
client_ip: Some(&ip_string),
|
||||
tls_version: None,
|
||||
headers: Some(&headers),
|
||||
headers: headers.as_ref(),
|
||||
is_tls: false,
|
||||
protocol: Some("http"),
|
||||
};
|
||||
|
||||
let current_rm = self.route_manager.load();
|
||||
let route_match = match current_rm.find_route(&ctx) {
|
||||
Some(rm) => rm,
|
||||
None => {
|
||||
@@ -436,7 +462,7 @@ impl HttpProxyService {
|
||||
};
|
||||
|
||||
let route_id = route_match.route.id.as_deref();
|
||||
let ip_str = peer_addr.ip().to_string();
|
||||
let ip_str = ip_string; // reuse from above (avoid redundant to_string())
|
||||
self.metrics.record_http_request();
|
||||
|
||||
// Apply request filters (IP check, rate limiting, auth)
|
||||
@@ -651,17 +677,40 @@ impl HttpProxyService {
|
||||
h2: use_h2,
|
||||
};
|
||||
|
||||
// H2 pool checkout (H2 senders are Clone and multiplexed)
|
||||
// H2 pool checkout with async readiness validation.
|
||||
// checkout_h2 does synchronous is_closed()/is_ready() checks, but these
|
||||
// reflect cached state — the H2 connection driver (a separate tokio task)
|
||||
// may not have processed a pending GOAWAY/RST yet. The ready().await
|
||||
// forces the runtime to yield, giving the driver a chance to detect failures.
|
||||
if use_h2 {
|
||||
if let Some(sender) = self.connection_pool.checkout_h2(&pool_key) {
|
||||
self.metrics.backend_pool_hit(&upstream_key);
|
||||
self.metrics.set_backend_protocol(&upstream_key, "h2");
|
||||
let result = self.forward_h2_pooled(
|
||||
sender, parts, body, upstream_headers, &upstream_path,
|
||||
route_match.route, route_id, &ip_str, &pool_key, domain_str, &conn_activity,
|
||||
).await;
|
||||
self.upstream_selector.connection_ended(&upstream_key);
|
||||
return result;
|
||||
if let Some((mut sender, age)) = self.connection_pool.checkout_h2(&pool_key) {
|
||||
match tokio::time::timeout(
|
||||
std::time::Duration::from_millis(500),
|
||||
sender.ready(),
|
||||
).await {
|
||||
Ok(Ok(())) => {
|
||||
self.metrics.backend_pool_hit(&upstream_key);
|
||||
self.metrics.set_backend_protocol(&upstream_key, "h2");
|
||||
let result = self.forward_h2_pooled(
|
||||
sender, parts, body, upstream_headers, &upstream_path,
|
||||
route_match.route, route_id, &ip_str, &pool_key, domain_str, &conn_activity,
|
||||
).await;
|
||||
self.upstream_selector.connection_ended(&upstream_key);
|
||||
return result;
|
||||
}
|
||||
Ok(Err(e)) => {
|
||||
warn!(backend = %upstream_key, age_secs = age.as_secs(),
|
||||
"Pooled H2 sender failed ready check (GOAWAY/RST): {}, evicting", e);
|
||||
self.connection_pool.remove_h2(&pool_key);
|
||||
// Fall through to fresh connection
|
||||
}
|
||||
Err(_) => {
|
||||
warn!(backend = %upstream_key, age_secs = age.as_secs(),
|
||||
"Pooled H2 sender ready check timed out (500ms), evicting");
|
||||
self.connection_pool.remove_h2(&pool_key);
|
||||
// Fall through to fresh connection
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -959,7 +1008,7 @@ impl HttpProxyService {
|
||||
) = match tokio::time::timeout(self.connect_timeout, h2_builder.handshake(io)).await {
|
||||
Ok(Ok(h)) => h,
|
||||
Ok(Err(e)) => {
|
||||
error!(backend = %backend_key, domain = %domain, error = %e, "Backend H2 handshake failed");
|
||||
error!(backend = %backend_key, domain = %domain, error = %e, error_debug = ?e, "Backend H2 handshake failed");
|
||||
self.metrics.backend_handshake_error(&backend_key);
|
||||
return Ok(error_response(StatusCode::BAD_GATEWAY, "Backend H2 handshake failed"));
|
||||
}
|
||||
@@ -977,7 +1026,7 @@ impl HttpProxyService {
|
||||
let key = pool_key.clone();
|
||||
tokio::spawn(async move {
|
||||
if let Err(e) = conn.await {
|
||||
debug!("HTTP/2 upstream connection error: {}", e);
|
||||
warn!("HTTP/2 upstream connection error: {} ({:?})", e, e);
|
||||
}
|
||||
pool.remove_h2(&key);
|
||||
});
|
||||
@@ -1109,7 +1158,7 @@ impl HttpProxyService {
|
||||
) = match tokio::time::timeout(self.connect_timeout, h2_builder.handshake(io)).await {
|
||||
Ok(Ok(h)) => h,
|
||||
Ok(Err(e)) => {
|
||||
error!(backend = %backend_key, domain = %domain, error = %e, "H2 retry: handshake failed");
|
||||
error!(backend = %backend_key, domain = %domain, error = %e, error_debug = ?e, "H2 retry: handshake failed");
|
||||
self.metrics.backend_handshake_error(&backend_key);
|
||||
self.metrics.backend_connection_closed(&backend_key);
|
||||
return Ok(error_response(StatusCode::BAD_GATEWAY, "Backend H2 retry handshake failed"));
|
||||
@@ -1128,7 +1177,7 @@ impl HttpProxyService {
|
||||
let key = pool_key.clone();
|
||||
tokio::spawn(async move {
|
||||
if let Err(e) = conn.await {
|
||||
debug!("H2 retry: upstream connection error: {}", e);
|
||||
warn!("H2 retry: upstream connection error: {} ({:?})", e, e);
|
||||
}
|
||||
pool.remove_h2(&key);
|
||||
});
|
||||
@@ -1257,7 +1306,7 @@ impl HttpProxyService {
|
||||
let key = pool_key.clone();
|
||||
tokio::spawn(async move {
|
||||
if let Err(e) = conn.await {
|
||||
debug!("HTTP/2 upstream connection error: {}", e);
|
||||
warn!("HTTP/2 upstream connection error: {} ({:?})", e, e);
|
||||
}
|
||||
pool.remove_h2(&key);
|
||||
});
|
||||
@@ -1312,6 +1361,7 @@ impl HttpProxyService {
|
||||
backend = %bk,
|
||||
domain = %domain,
|
||||
error = %e,
|
||||
error_debug = ?e,
|
||||
"Auto-detect: H2 request failed, falling back to H1"
|
||||
);
|
||||
self.metrics.backend_h2_failure(&bk);
|
||||
@@ -1569,11 +1619,11 @@ impl HttpProxyService {
|
||||
// Evict the dead sender so subsequent requests get fresh connections
|
||||
if let Some(key) = pool_key {
|
||||
let bk = format!("{}:{}", key.host, key.port);
|
||||
error!(backend = %bk, domain = %domain, error = %e, "Backend H2 request failed");
|
||||
error!(backend = %bk, domain = %domain, error = %e, error_debug = ?e, "Backend H2 request failed");
|
||||
self.metrics.backend_request_error(&bk);
|
||||
self.connection_pool.remove_h2(key);
|
||||
} else {
|
||||
error!(domain = %domain, error = %e, "Backend H2 request failed");
|
||||
error!(domain = %domain, error = %e, error_debug = ?e, "Backend H2 request failed");
|
||||
}
|
||||
return Ok(error_response(StatusCode::BAD_GATEWAY, "Backend H2 request failed"));
|
||||
}
|
||||
|
||||
@@ -50,6 +50,18 @@ impl<S: AsyncRead + AsyncWrite + Unpin + Send + 'static> AsyncWrite for Shutdown
|
||||
Pin::new(self.get_mut().inner.as_mut().unwrap()).poll_write(cx, buf)
|
||||
}
|
||||
|
||||
fn poll_write_vectored(
|
||||
self: Pin<&mut Self>,
|
||||
cx: &mut Context<'_>,
|
||||
bufs: &[io::IoSlice<'_>],
|
||||
) -> Poll<io::Result<usize>> {
|
||||
Pin::new(self.get_mut().inner.as_mut().unwrap()).poll_write_vectored(cx, bufs)
|
||||
}
|
||||
|
||||
fn is_write_vectored(&self) -> bool {
|
||||
self.inner.as_ref().unwrap().is_write_vectored()
|
||||
}
|
||||
|
||||
fn poll_flush(
|
||||
self: Pin<&mut Self>,
|
||||
cx: &mut Context<'_>,
|
||||
|
||||
@@ -266,44 +266,67 @@ impl MetricsCollector {
|
||||
self.global_pending_tp_in.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
self.global_pending_tp_out.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
|
||||
// Per-route tracking: use get() first (zero-alloc fast path for existing entries),
|
||||
// fall back to entry() with to_string() only on the rare first-chunk miss.
|
||||
if let Some(route_id) = route_id {
|
||||
self.route_bytes_in
|
||||
.entry(route_id.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
self.route_bytes_out
|
||||
.entry(route_id.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
if let Some(counter) = self.route_bytes_in.get(route_id) {
|
||||
counter.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
} else {
|
||||
self.route_bytes_in.entry(route_id.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
}
|
||||
if let Some(counter) = self.route_bytes_out.get(route_id) {
|
||||
counter.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
} else {
|
||||
self.route_bytes_out.entry(route_id.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
}
|
||||
|
||||
// Accumulate into per-route pending throughput counters (lock-free)
|
||||
let entry = self.route_pending_tp
|
||||
.entry(route_id.to_string())
|
||||
.or_insert_with(|| (AtomicU64::new(0), AtomicU64::new(0)));
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
if let Some(entry) = self.route_pending_tp.get(route_id) {
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
} else {
|
||||
let entry = self.route_pending_tp.entry(route_id.to_string())
|
||||
.or_insert_with(|| (AtomicU64::new(0), AtomicU64::new(0)));
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
}
|
||||
}
|
||||
|
||||
// Per-IP tracking: same get()-first pattern to avoid String allocation on hot path.
|
||||
if let Some(ip) = source_ip {
|
||||
// Only record per-IP stats if the IP still has active connections.
|
||||
// This prevents orphaned entries when record_bytes races with
|
||||
// connection_closed (which evicts all per-IP data on last close).
|
||||
if self.ip_connections.contains_key(ip) {
|
||||
self.ip_bytes_in
|
||||
.entry(ip.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
self.ip_bytes_out
|
||||
.entry(ip.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
if let Some(counter) = self.ip_bytes_in.get(ip) {
|
||||
counter.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
} else {
|
||||
self.ip_bytes_in.entry(ip.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
}
|
||||
if let Some(counter) = self.ip_bytes_out.get(ip) {
|
||||
counter.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
} else {
|
||||
self.ip_bytes_out.entry(ip.to_string())
|
||||
.or_insert_with(|| AtomicU64::new(0))
|
||||
.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
}
|
||||
|
||||
// Accumulate into per-IP pending throughput counters (lock-free)
|
||||
let entry = self.ip_pending_tp
|
||||
.entry(ip.to_string())
|
||||
.or_insert_with(|| (AtomicU64::new(0), AtomicU64::new(0)));
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
if let Some(entry) = self.ip_pending_tp.get(ip) {
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
} else {
|
||||
let entry = self.ip_pending_tp.entry(ip.to_string())
|
||||
.or_insert_with(|| (AtomicU64::new(0), AtomicU64::new(0)));
|
||||
entry.0.fetch_add(bytes_in, Ordering::Relaxed);
|
||||
entry.1.fetch_add(bytes_out, Ordering::Relaxed);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -561,8 +561,9 @@ impl TcpListenerManager {
|
||||
// Non-proxy connections skip the peek entirely (no latency cost).
|
||||
let mut effective_peer_addr = peer_addr;
|
||||
if !conn_config.proxy_ips.is_empty() && conn_config.proxy_ips.contains(&peer_addr.ip()) {
|
||||
// Trusted proxy IP — peek for PROXY protocol header
|
||||
let mut proxy_peek = vec![0u8; 256];
|
||||
// Trusted proxy IP — peek for PROXY protocol header.
|
||||
// Use stack-allocated buffers (PROXY v1 headers are max ~108 bytes).
|
||||
let mut proxy_peek = [0u8; 256];
|
||||
let pn = match tokio::time::timeout(
|
||||
std::time::Duration::from_millis(conn_config.initial_data_timeout_ms),
|
||||
stream.peek(&mut proxy_peek),
|
||||
@@ -577,9 +578,9 @@ impl TcpListenerManager {
|
||||
Ok((header, consumed)) => {
|
||||
debug!("PROXY protocol: real client {} -> {}", header.source_addr, header.dest_addr);
|
||||
effective_peer_addr = header.source_addr;
|
||||
// Consume the proxy protocol header bytes
|
||||
let mut discard = vec![0u8; consumed];
|
||||
stream.read_exact(&mut discard).await?;
|
||||
// Consume the proxy protocol header bytes (stack buffer, max 108 bytes)
|
||||
let mut discard = [0u8; 128];
|
||||
stream.read_exact(&mut discard[..consumed]).await?;
|
||||
}
|
||||
Err(e) => {
|
||||
debug!("Failed to parse PROXY protocol header: {}", e);
|
||||
|
||||
@@ -6,25 +6,28 @@
|
||||
/// - `example.com` exact match
|
||||
/// - `**.example.com` matches any depth of subdomain
|
||||
pub fn domain_matches(pattern: &str, domain: &str) -> bool {
|
||||
let pattern = pattern.trim().to_lowercase();
|
||||
let domain = domain.trim().to_lowercase();
|
||||
let pattern = pattern.trim();
|
||||
let domain = domain.trim();
|
||||
|
||||
if pattern == "*" {
|
||||
return true;
|
||||
}
|
||||
|
||||
if pattern == domain {
|
||||
if pattern.eq_ignore_ascii_case(domain) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Wildcard patterns
|
||||
if pattern.starts_with("*.") {
|
||||
if pattern.starts_with("*.") || pattern.starts_with("*.") {
|
||||
let suffix = &pattern[2..]; // e.g., "example.com"
|
||||
// Match exact parent or any single-level subdomain
|
||||
if domain == suffix {
|
||||
if domain.eq_ignore_ascii_case(suffix) {
|
||||
return true;
|
||||
}
|
||||
if domain.ends_with(&format!(".{}", suffix)) {
|
||||
if domain.len() > suffix.len() + 1
|
||||
&& domain.as_bytes()[domain.len() - suffix.len() - 1] == b'.'
|
||||
&& domain[domain.len() - suffix.len()..].eq_ignore_ascii_case(suffix)
|
||||
{
|
||||
// Check it's a single level subdomain for `*.`
|
||||
let prefix = &domain[..domain.len() - suffix.len() - 1];
|
||||
return !prefix.contains('.');
|
||||
@@ -35,11 +38,22 @@ pub fn domain_matches(pattern: &str, domain: &str) -> bool {
|
||||
if pattern.starts_with("**.") {
|
||||
let suffix = &pattern[3..];
|
||||
// Match exact parent or any depth of subdomain
|
||||
return domain == suffix || domain.ends_with(&format!(".{}", suffix));
|
||||
if domain.eq_ignore_ascii_case(suffix) {
|
||||
return true;
|
||||
}
|
||||
if domain.len() > suffix.len() + 1
|
||||
&& domain.as_bytes()[domain.len() - suffix.len() - 1] == b'.'
|
||||
&& domain[domain.len() - suffix.len()..].eq_ignore_ascii_case(suffix)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// Use glob-match for more complex patterns
|
||||
glob_match::glob_match(&pattern, &domain)
|
||||
// Use glob-match for more complex patterns (case-insensitive via lowercasing)
|
||||
let pattern_lower = pattern.to_lowercase();
|
||||
let domain_lower = domain.to_lowercase();
|
||||
glob_match::glob_match(&pattern_lower, &domain_lower)
|
||||
}
|
||||
|
||||
/// Check if a domain matches any of the given patterns.
|
||||
|
||||
@@ -60,6 +60,16 @@ impl RouteManager {
|
||||
manager
|
||||
}
|
||||
|
||||
/// Check if any route on the given port uses header matching.
|
||||
/// Used to skip expensive header HashMap construction when no route needs it.
|
||||
pub fn any_route_has_headers(&self, port: u16) -> bool {
|
||||
if let Some(indices) = self.port_index.get(&port) {
|
||||
indices.iter().any(|&idx| self.routes[idx].route_match.headers.is_some())
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
/// Find the best matching route for the given context.
|
||||
pub fn find_route<'a>(&'a self, ctx: &MatchContext<'_>) -> Option<RouteMatchResult<'a>> {
|
||||
// Get routes for this port
|
||||
|
||||
@@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@push.rocks/smartproxy',
|
||||
version: '25.11.8',
|
||||
version: '25.11.16',
|
||||
description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user