Merge pull request #3499 from fatedier/dev

release v0.50.0

.gitignore

@@ -29,6 +29,7 @@ packages/
 release/
 test/bin/
 vendor/
+lastversion/
 dist/
 .idea/
 .vscode/

Makefile

@@ -46,8 +46,23 @@ e2e:
 e2e-trace:
 	DEBUG=true LOG_LEVEL=trace ./hack/run-e2e.sh
 
+e2e-compatibility-last-frpc:
+	if [ ! -d "./lastversion" ]; then \
+		TARGET_DIRNAME=lastversion ./hack/download.sh; \
+	fi
+	FRPC_PATH="`pwd`/lastversion/frpc" ./hack/run-e2e.sh
+	rm -r ./lastversion
+
+e2e-compatibility-last-frps:
+	if [ ! -d "./lastversion" ]; then \
+		TARGET_DIRNAME=lastversion ./hack/download.sh; \
+	fi
+	FRPS_PATH="`pwd`/lastversion/frps" ./hack/run-e2e.sh
+	rm -r ./lastversion
+
 alltest: vet gotest e2e
 
 clean:
 	rm -f ./bin/frpc
 	rm -f ./bin/frps
+	rm -rf ./lastversion

README.md

@@ -562,11 +562,9 @@ use_compression = true
 
 #### TLS
 
-frp supports the TLS protocol between `frpc` and `frps` since v0.25.0.
+Since v0.50.0, the default value of `tls_enable` and `disable_custom_tls_first_byte` has been changed to true, and tls is enabled by default.
 
-For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection.
-
-Configure `tls_enable = true` in the `[common]` section to `frpc.ini` to enable this feature.
+For port multiplexing, frp sends a first byte `0x17` to dial a TLS connection. This only takes effect when you set `disable_custom_tls_first_byte` to false.
 
 To **enforce** `frps` to only accept TLS connections - configure `tls_only = true` in the `[common]` section in `frps.ini`. **This is optional.**
 
@@ -581,7 +579,6 @@ tls_trusted_ca_file = ca.crt
 **`frps` TLS settings (under the `[common]` section):**
 ```ini
 tls_only = true
-tls_enable = true
 tls_cert_file = certificate.crt
 tls_key_file = certificate.key
 tls_trusted_ca_file = ca.crt

Release.md

@@ -1,19 +1,18 @@
 ## Notes
 
-We have thoroughly refactored xtcp in this version to improve its penetration rate and stability.
+**For enhanced security, the default values for `tls_enable` and `disable_custom_tls_first_byte` have been set to true.**
 
-In this version, different penetration strategies can be attempted by retrying connections multiple times. Once a hole is successfully punched, the strategy will be recorded in the server cache for future reuse. When new users connect, the successfully penetrated tunnel can be reused instead of punching a new hole.
+If you wish to revert to the previous default values, you need to manually set the values of these two parameters to false.
 
-**Due to a significant refactor of xtcp, this version is not compatible with previous versions of xtcp.**
+### Features
 
-**To use features related to xtcp, both frpc and frps need to be updated to the latest version.**
+* Added support for `allow_users` in stcp, sudp, xtcp. By default, only the same user is allowed to access. Use `*` to allow access from any user. The visitor configuration now supports `server_user` to connect to proxies of other users.
+* Added fallback support to a specified alternative visitor when xtcp connection fails.
 
-### New
+### Improvements
 
-* The frpc has added the `nathole discover` command for testing the NAT type of the current network.
-* `XTCP` has been refactored, resulting in a significant improvement in the success rate of penetration.
-* When verifying passwords, use `subtle.ConstantTimeCompare` and introduce a certain delay when the password is incorrect.
+* Increased the default value of `MaxStreamWindowSize` for yamux to 6MB, improving traffic forwarding rate in high-latency scenarios.
 
-### Fix
+### Fixes
 
-* Fix the problem of lagging when opening multiple table entries in the frps dashboard.
+* Fixed an issue where having proxies with the same name would cause previously working proxies to become ineffective in `xtcp`.

assets/frps/static/index.html

@@ -4,7 +4,7 @@
 <head>
     <meta charset="utf-8">
     <title>frps dashboard</title>
-  <script type="module" crossorigin src="./index-93e38bbf.js"></script>
+  <script type="module" crossorigin src="./index-ea3edf22.js"></script>
   <link rel="stylesheet" href="./index-1e0c7400.css">
 </head>
 

client/admin.go

@@ -23,7 +23,7 @@ import (
 	"github.com/gorilla/mux"
 
 	"github.com/fatedier/frp/assets"
-	frpNet "github.com/fatedier/frp/pkg/util/net"
+	utilnet "github.com/fatedier/frp/pkg/util/net"
 )
 
 var (
@@ -48,7 +48,7 @@ func (svr *Service) RunAdminServer(address string) (err error) {
 
 	subRouter := router.NewRoute().Subrouter()
 	user, passwd := svr.cfg.AdminUser, svr.cfg.AdminPwd
-	subRouter.Use(frpNet.NewHTTPAuthMiddleware(user, passwd).SetAuthFailDelay(200 * time.Millisecond).Middleware)
+	subRouter.Use(utilnet.NewHTTPAuthMiddleware(user, passwd).SetAuthFailDelay(200 * time.Millisecond).Middleware)
 
 	// api, see admin_api.go
 	subRouter.HandleFunc("/api/reload", svr.apiReload).Methods("GET")
@@ -58,7 +58,7 @@ func (svr *Service) RunAdminServer(address string) (err error) {
 
 	// view
 	subRouter.Handle("/favicon.ico", http.FileServer(assets.FileSystem)).Methods("GET")
-	subRouter.PathPrefix("/static/").Handler(frpNet.MakeHTTPGzipHandler(http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))).Methods("GET")
+	subRouter.PathPrefix("/static/").Handler(utilnet.MakeHTTPGzipHandler(http.StripPrefix("/static/", http.FileServer(assets.FileSystem)))).Methods("GET")
 	subRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/static/", http.StatusMovedPermanently)
 	})

client/admin_api.go

@@ -91,7 +91,7 @@ func NewProxyStatusResp(status *proxy.WorkingStatus, serverAddr string) ProxySta
 		Status: status.Phase,
 		Err:    status.Err,
 	}
-	baseCfg := status.Cfg.GetBaseInfo()
+	baseCfg := status.Cfg.GetBaseConfig()
 	if baseCfg.LocalPort != 0 {
 		psr.LocalAddr = net.JoinHostPort(baseCfg.LocalIP, strconv.Itoa(baseCfg.LocalPort))
 	}

client/control.go

@@ -109,7 +109,7 @@ func NewControl(
 	ctl.msgTransporter = transport.NewMessageTransporter(ctl.sendCh)
 	ctl.pm = proxy.NewManager(ctl.ctx, clientCfg, ctl.msgTransporter)
 
-	ctl.vm = visitor.NewManager(ctl.ctx, ctl.clientCfg, ctl.connectServer, ctl.msgTransporter)
+	ctl.vm = visitor.NewManager(ctl.ctx, ctl.runID, ctl.clientCfg, ctl.connectServer, ctl.msgTransporter)
 	ctl.vm.Reload(visitorCfgs)
 	return ctl
 }

client/proxy/general_tcp.go

@@ -0,0 +1,47 @@
+// Copyright 2023 The frp Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package proxy
+
+import (
+	"reflect"
+
+	"github.com/fatedier/frp/pkg/config"
+)
+
+func init() {
+	pxyConfs := []config.ProxyConf{
+		&config.TCPProxyConf{},
+		&config.HTTPProxyConf{},
+		&config.HTTPSProxyConf{},
+		&config.STCPProxyConf{},
+		&config.TCPMuxProxyConf{},
+	}
+	for _, cfg := range pxyConfs {
+		RegisterProxyFactory(reflect.TypeOf(cfg), NewGeneralTCPProxy)
+	}
+}
+
+// GeneralTCPProxy is a general implementation of Proxy interface for TCP protocol.
+// If the default GeneralTCPProxy cannot meet the requirements, you can customize
+// the implementation of the Proxy interface.
+type GeneralTCPProxy struct {
+	*BaseProxy
+}
+
+func NewGeneralTCPProxy(baseProxy *BaseProxy, cfg config.ProxyConf) Proxy {
+	return &GeneralTCPProxy{
+		BaseProxy: baseProxy,
+	}
+}