mirror of https://github.com/ospab/ostp.git
Add DNS Tunneling example to client init config
This commit is contained in:
ospab
parent
76bf1c9a98
commit
b7a31af911
|
|
@ -388,6 +388,16 @@ version = "1.1.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9"
|
||||
|
||||
[[package]]
|
||||
name = "clipboard-win"
|
||||
version = "3.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9fdf5e01086b6be750428ba4a40619f847eb2e95756eee84b18e06e5f0b50342"
|
||||
dependencies = [
|
||||
"lazy-bytes-cast",
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "colorchoice"
|
||||
version = "1.0.5"
|
||||
|
|
@ -1252,6 +1262,12 @@ version = "0.2.2"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9dbbfed4e59ba9750e15ba154fdfd9329cee16ff3df539c2666b70f58cc32105"
|
||||
|
||||
[[package]]
|
||||
name = "lazy-bytes-cast"
|
||||
version = "5.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "10257499f089cd156ad82d0a9cd57d9501fa2c989068992a97eb3c27836f206b"
|
||||
|
||||
[[package]]
|
||||
name = "lazy_static"
|
||||
version = "1.5.0"
|
||||
|
|
@ -1436,11 +1452,13 @@ dependencies = [
|
|||
"anyhow",
|
||||
"base64",
|
||||
"clap",
|
||||
"clipboard-win",
|
||||
"colored",
|
||||
"json_comments",
|
||||
"ostp-client",
|
||||
"ostp-core",
|
||||
"ostp-server",
|
||||
"pico-args",
|
||||
"rand 0.8.5",
|
||||
"reqwest",
|
||||
"serde",
|
||||
|
|
@ -1594,6 +1612,12 @@ version = "2.3.2"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
|
||||
|
||||
[[package]]
|
||||
name = "pico-args"
|
||||
version = "0.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5be167a7af36ee22fe3115051bc51f6e6c7054c9348e28deb4f49bd6f705a315"
|
||||
|
||||
[[package]]
|
||||
name = "pin-project-lite"
|
||||
version = "0.2.17"
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ pub enum InboundConfig {
|
|||
protocol: String, // "socks" or "http"
|
||||
listen: String,
|
||||
port: u16,
|
||||
#[serde(default)]
|
||||
set_system_proxy: bool,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -172,18 +174,15 @@ impl ClientConfig {
|
|||
.with_context(|| format!("failed to parse JSON from {}", path.display()))?;
|
||||
|
||||
let (migrated_json, was_migrated) = Self::migrate_json(raw_json);
|
||||
|
||||
if was_migrated {
|
||||
tracing::info!("Config was migrated to v0.3.1. Saving to {}", path.display());
|
||||
let serialized = serde_json::to_string_pretty(&migrated_json)?;
|
||||
let header = "// OSTP Configuration v0.3.1\n// DO NOT EDIT THIS COMMENT - Migrator relies on it\n";
|
||||
let final_content = format!("{}{}", header, serialized);
|
||||
std::fs::write(&path, final_content)
|
||||
.with_context(|| format!("failed to save migrated config to {}", path.display()))?;
|
||||
tracing::warn!(
|
||||
"Config at {} is in an outdated format. Run 'ostp --migrate' to upgrade it.",
|
||||
path.display()
|
||||
);
|
||||
}
|
||||
|
||||
let config: ClientConfig = serde_json::from_value(migrated_json)
|
||||
.with_context(|| format!("failed to deserialize migrated config from {}", path.display()))?;
|
||||
.with_context(|| format!("failed to deserialize config from {}", path.display()))?;
|
||||
|
||||
Ok(config)
|
||||
}
|
||||
|
|
@ -191,8 +190,20 @@ impl ClientConfig {
|
|||
/// Migrates old monolithic JSON to the new modular format.
|
||||
/// Returns the migrated JSON value and a boolean indicating if a migration occurred.
|
||||
pub fn migrate_json(json: serde_json::Value) -> (serde_json::Value, bool) {
|
||||
let is_migrated = json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
|
||||
if is_migrated {
|
||||
// Consider the config already migrated if:
|
||||
// 1. Version matches exactly, OR
|
||||
// 2. The JSON already has the new modular format (inbounds + outbounds arrays)
|
||||
let has_version = json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
|
||||
let has_new_format = json.get("inbounds").and_then(|v| v.as_array()).is_some()
|
||||
&& json.get("outbounds").and_then(|v| v.as_array()).is_some();
|
||||
|
||||
if has_version || has_new_format {
|
||||
// If format is already new but version is old, just bump the version
|
||||
if has_new_format && !has_version {
|
||||
let mut updated = json.clone();
|
||||
updated["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
|
||||
return (updated, false);
|
||||
}
|
||||
return (json, false);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ impl Balancer {
|
|||
/// Fetches the config for a concrete outbound
|
||||
pub fn get_concrete_outbound(&self, tag: &str) -> Option<&OutboundConfig> {
|
||||
let resolved_tag = self.resolve_outbound(tag);
|
||||
tracing::debug!("Balancer: tag '{}' resolved to '{}'", tag, resolved_tag);
|
||||
self.outbounds.get(&resolved_tag)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,13 +14,20 @@ pub async fn run_socks_inbound(
|
|||
outbound_manager: Arc<OutboundManager>,
|
||||
mut shutdown: watch::Receiver<bool>,
|
||||
) -> Result<()> {
|
||||
let InboundConfig::LocalProxy { tag, protocol, listen, port } = inbound_config else {
|
||||
let InboundConfig::LocalProxy { tag, protocol, listen, port, set_system_proxy } = inbound_config else {
|
||||
return Err(anyhow!("Invalid config for LocalProxy inbound"));
|
||||
};
|
||||
|
||||
let bind_addr = format!("{}:{}", listen, port);
|
||||
tracing::info!("Starting {} proxy inbound on {} (tag: {})", protocol, bind_addr, tag);
|
||||
|
||||
let _proxy_guard = if set_system_proxy {
|
||||
let proxy_host = if listen == "0.0.0.0" { "127.0.0.1" } else { &listen };
|
||||
Some(crate::sysproxy::SystemProxyGuard::enable(&format!("{}:{}", proxy_host, port)))
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
let listener = TcpListener::bind(&bind_addr).await?;
|
||||
|
||||
loop {
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ impl OutboundManager {
|
|||
block::dial_tcp(target_host, target_port).await
|
||||
}
|
||||
OutboundConfig::Ostp { server, port, access_key, transport, multiplex, .. } => {
|
||||
ostp::dial_tcp(server, *port, access_key, transport, multiplex).await
|
||||
ostp::dial_tcp(target_host, target_port, server, *port, access_key, transport, multiplex).await
|
||||
}
|
||||
OutboundConfig::Socks { server, port, .. } => {
|
||||
socks::dial_tcp(target_host, target_port, server, *port).await
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ pub async fn dial_tcp(
|
|||
transport_cfg: &TransportConfig,
|
||||
_multiplex: &MultiplexConfig,
|
||||
) -> Result<TcpStream> {
|
||||
tracing::info!("Dialing OSTP server {}:{} for target {}:{}", server, port, target_host, target_port);
|
||||
let listener = tokio::net::TcpListener::bind("127.0.0.1:0").await?;
|
||||
let local_addr = listener.local_addr()?;
|
||||
let client_stream = tokio::net::TcpStream::connect(local_addr).await?;
|
||||
|
|
@ -124,6 +125,61 @@ pub async fn dial_tcp(
|
|||
handle_action(action, &transport, &mut server_stream).await;
|
||||
}
|
||||
|
||||
// ── Wait for ConnectOk before forwarding any data ─────────────────
|
||||
// This is critical: if we enter the data loop immediately, the TLS
|
||||
// ClientHello arrives at the server before it has established the
|
||||
// outbound TCP connection, causing it to drop the packet as
|
||||
// "Relay DATA for unknown stream".
|
||||
// The kernel will buffer incoming data from server_stream while we wait.
|
||||
let mut connect_ok = false;
|
||||
match tokio::time::timeout(
|
||||
std::time::Duration::from_secs(10),
|
||||
async {
|
||||
let mut wait_buf = [0u8; 8192];
|
||||
loop {
|
||||
tokio::select! {
|
||||
Ok(n) = transport.recv(&mut wait_buf) => {
|
||||
if let Ok(action) = machine.on_event(OstpEvent::Inbound(
|
||||
bytes::Bytes::copy_from_slice(&wait_buf[..n]),
|
||||
)) {
|
||||
// Check for ConnectOk or Error before dispatching
|
||||
let result = check_connect_result(&action);
|
||||
handle_action(action, &transport, &mut server_stream).await;
|
||||
match result {
|
||||
Some(true) => return true,
|
||||
Some(false) => return false,
|
||||
None => {}
|
||||
}
|
||||
}
|
||||
}
|
||||
_ = tokio::time::sleep(std::time::Duration::from_millis(10)) => {
|
||||
if let Ok(action) = machine.on_event(OstpEvent::Tick) {
|
||||
handle_action(action, &transport, &mut server_stream).await;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
)
|
||||
.await
|
||||
{
|
||||
Ok(true) => {
|
||||
tracing::debug!("ConnectOk received for {}:{}, starting data forwarding", target_host_str, target_port);
|
||||
connect_ok = true;
|
||||
}
|
||||
Ok(false) => {
|
||||
tracing::warn!("Server refused connection to {}:{}", target_host_str, target_port);
|
||||
}
|
||||
Err(_) => {
|
||||
tracing::warn!("ConnectOk timeout for {}:{}", target_host_str, target_port);
|
||||
}
|
||||
}
|
||||
|
||||
if !connect_ok {
|
||||
return;
|
||||
}
|
||||
|
||||
// ── Main bidirectional data forwarding loop ───────────────────────
|
||||
let mut buf = [0u8; 65535];
|
||||
let mut udp_buf = [0u8; 65535];
|
||||
|
||||
|
|
@ -151,6 +207,7 @@ pub async fn dial_tcp(
|
|||
}
|
||||
});
|
||||
|
||||
|
||||
Ok(client_stream)
|
||||
}
|
||||
|
||||
|
|
@ -305,3 +362,30 @@ async fn handle_action(action: ProtocolAction, transport: &crate::transport::Tra
|
|||
_ => {}
|
||||
}
|
||||
}
|
||||
|
||||
/// Inspect a ProtocolAction for ConnectOk / Error relay messages.
|
||||
/// Returns Some(true) on ConnectOk, Some(false) on Error, None if neither.
|
||||
/// Works recursively through Multiple actions.
|
||||
fn check_connect_result(action: &ProtocolAction) -> Option<bool> {
|
||||
match action {
|
||||
ProtocolAction::DeliverApp(_stream_id, payload) => {
|
||||
if let Ok(msg) = ostp_core::relay::RelayMessage::decode(payload) {
|
||||
match msg {
|
||||
ostp_core::relay::RelayMessage::ConnectOk => return Some(true),
|
||||
ostp_core::relay::RelayMessage::Error(_) => return Some(false),
|
||||
_ => {}
|
||||
}
|
||||
}
|
||||
None
|
||||
}
|
||||
ProtocolAction::Multiple(actions) => {
|
||||
for a in actions {
|
||||
if let Some(result) = check_connect_result(a) {
|
||||
return Some(result);
|
||||
}
|
||||
}
|
||||
None
|
||||
}
|
||||
_ => None,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -393,23 +393,9 @@ impl ProtocolMachine {
|
|||
} else {
|
||||
// Gap detected
|
||||
if self.reorder_buffer.len() >= self.max_reorder_buffer {
|
||||
tracing::warn!("Reorder buffer full ({}/{}), forcing gap recovery to prevent packet drops",
|
||||
self.reorder_buffer.len(), self.max_reorder_buffer
|
||||
tracing::warn!("Reorder buffer full ({}/{}), dropping new frame nonce={} to wait for recovery of nonce={}",
|
||||
self.reorder_buffer.len(), self.max_reorder_buffer, nonce, self.expected_recv_nonce
|
||||
);
|
||||
if let Some(&first_buffered) = self.reorder_buffer.keys().next() {
|
||||
let skipped = first_buffered.saturating_sub(self.expected_recv_nonce);
|
||||
self.expected_recv_nonce = first_buffered;
|
||||
self.last_recv_advance = Instant::now();
|
||||
|
||||
let mut delivered = 0u64;
|
||||
while let Some(buffered_action) = self.reorder_buffer.remove(&self.expected_recv_nonce) {
|
||||
app_actions.push(buffered_action);
|
||||
self.expected_recv_nonce = self.expected_recv_nonce.saturating_add(1);
|
||||
delivered += 1;
|
||||
}
|
||||
self.ack_pending = true;
|
||||
tracing::debug!("Forced Gap recovery: skipped {} lost frames, delivered {} buffered frames", skipped, delivered);
|
||||
}
|
||||
}
|
||||
|
||||
if nonce >= self.expected_recv_nonce {
|
||||
|
|
@ -533,32 +519,6 @@ impl ProtocolMachine {
|
|||
fn handle_tick(&mut self) -> Result<ProtocolAction, ProtocolError> {
|
||||
let mut actions = Vec::new();
|
||||
|
||||
// ── Gap Recovery ──────────────────────────────────────────────
|
||||
// If expected_recv_nonce hasn't advanced for 500ms+ and there
|
||||
// are buffered frames waiting, the sender likely evicted the lost
|
||||
// frame from sent_history. Skip the gap to restore data flow.
|
||||
// This trades a small amount of data loss for connection liveness.
|
||||
if !self.reorder_buffer.is_empty()
|
||||
&& self.last_recv_advance.elapsed() > Duration::from_millis(500)
|
||||
{
|
||||
if let Some(&first_buffered) = self.reorder_buffer.keys().next() {
|
||||
let skipped = first_buffered.saturating_sub(self.expected_recv_nonce);
|
||||
self.expected_recv_nonce = first_buffered;
|
||||
self.last_recv_advance = Instant::now();
|
||||
|
||||
let mut delivered = 0u64;
|
||||
while let Some(buffered_action) = self.reorder_buffer.remove(&self.expected_recv_nonce) {
|
||||
actions.push(buffered_action);
|
||||
self.expected_recv_nonce = self.expected_recv_nonce.saturating_add(1);
|
||||
delivered += 1;
|
||||
}
|
||||
self.ack_pending = true;
|
||||
tracing::debug!("Gap recovery: skipped {} lost frames, delivered {} buffered frames (reorder_buf={})",
|
||||
skipped, delivered, self.reorder_buffer.len()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// ── Pending ACK flush ─────────────────────────────────────────
|
||||
if let Some(ack_frame) = self.build_ack_if_due()? {
|
||||
actions.push(ProtocolAction::SendDatagram(ack_frame));
|
||||
|
|
|
|||
|
|
@ -2665,7 +2665,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "ostp-client"
|
||||
version = "0.3.10"
|
||||
version = "0.3.12"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"base64 0.22.1",
|
||||
|
|
@ -2700,7 +2700,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "ostp-core"
|
||||
version = "0.3.10"
|
||||
version = "0.3.12"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"byteorder",
|
||||
|
|
@ -2742,7 +2742,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "ostp-tun"
|
||||
version = "0.3.10"
|
||||
version = "0.3.12"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"libc",
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@ struct LinuxRouteGuard {
|
|||
|
||||
impl Drop for LinuxRouteGuard {
|
||||
fn drop(&mut self) {
|
||||
let _ = Command::new("ip").args(["route", "del", "0.0.0.0/1", "dev", "ostp_tun"]).output();
|
||||
let _ = Command::new("ip").args(["route", "del", "128.0.0.0/1", "dev", "ostp_tun"]).output();
|
||||
let _ = Command::new("ip").args(["route", "del", "default", "dev", "ostp_tun"]).output();
|
||||
let _ = Command::new("ip").args(["route", "del", &format!("{}/32", self.server_ip)]).output();
|
||||
for route in &self.bypass_routes {
|
||||
|
|
@ -70,7 +72,9 @@ pub async fn create(opts: OstpTunOptions) -> Result<OstpTunInterface> {
|
|||
bypass_routes.push(route);
|
||||
}
|
||||
|
||||
let _ = Command::new("ip").args(["route", "add", "default", "dev", "ostp_tun"]).output();
|
||||
// Override default route gracefully by adding more specific /1 routes
|
||||
let _ = Command::new("ip").args(["route", "add", "0.0.0.0/1", "dev", "ostp_tun"]).output();
|
||||
let _ = Command::new("ip").args(["route", "add", "128.0.0.0/1", "dev", "ostp_tun"]).output();
|
||||
|
||||
if opts.kill_switch {
|
||||
tracing::info!("Kill Switch: deleting original default route to prevent leakage.");
|
||||
|
|
|
|||
|
|
@ -21,3 +21,9 @@ tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|||
ostp-core = { path = "../ostp-core" }
|
||||
colored = "2.1"
|
||||
reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls"] }
|
||||
pico-args = "0.5.0"
|
||||
clipboard-win = "3.1.1"
|
||||
|
||||
[[bin]]
|
||||
name = "test_parse"
|
||||
path = "../test_parse.rs"
|
||||
|
|
|
|||
710
ostp/src/main.rs
710
ostp/src/main.rs
|
|
@ -1129,18 +1129,7 @@ async fn run_app() -> Result<()> {
|
|||
return cmd_migrate(&args.config);
|
||||
}
|
||||
|
||||
if args.config.exists() && !args.uninstall && !args.update {
|
||||
if let Ok(config_content) = fs::read_to_string(&args.config) {
|
||||
let mut stripped = json_comments::StripComments::new(config_content.as_bytes());
|
||||
if let Ok(raw_json) = serde_json::from_reader::<_, serde_json::Value>(&mut stripped) {
|
||||
if raw_json.get("version").and_then(|v| v.as_str()) != Some(env!("CARGO_PKG_VERSION")) {
|
||||
println!("{} Outdated configuration format detected.", "[ostp]".yellow().bold());
|
||||
println!("{} Please run '{}' to update your configuration to the latest modular format.", "[ostp]".yellow().bold(), "ostp --migrate".green());
|
||||
std::process::exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// ── Setup wizard: explicit flag or first-time (no config) ────────
|
||||
if args.setup {
|
||||
|
|
@ -1551,6 +1540,25 @@ async fn run_app() -> Result<()> {
|
|||
"sessions": 1
|
||||
}}
|
||||
}},
|
||||
{{
|
||||
// DNS Tunneling connection to the remote OSTP server
|
||||
// NOTE: DNS Tunneling is very slow and should be used only when UDP/TCP are blocked.
|
||||
// Read the manual here: https://github.com/ospab/ostp/wiki/DNS-Tunneling
|
||||
"type": "ostp",
|
||||
"tag": "proxy-dns",
|
||||
"server": "1.1.1.1",
|
||||
"port": 53,
|
||||
"access_key": "{key}",
|
||||
"transport": {{
|
||||
"type": "dns",
|
||||
"domain": "tunnel.yourdomain.com",
|
||||
"pubkey": "SERVER_PUBLIC_KEY_HERE"
|
||||
}},
|
||||
"multiplex": {{
|
||||
"enabled": true,
|
||||
"sessions": 5
|
||||
}}
|
||||
}},
|
||||
{{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
|
|
@ -1635,29 +1643,28 @@ async fn run_app() -> Result<()> {
|
|||
let mut raw_json: serde_json::Value = serde_json::from_reader(&mut stripped)
|
||||
.map_err(|e| anyhow!("Failed to parse config as JSON: {}", e))?;
|
||||
|
||||
let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
|
||||
if !is_migrated {
|
||||
let is_server = raw_json.get("listen").is_some() || raw_json.get("access_keys").is_some();
|
||||
if is_server {
|
||||
raw_json["mode"] = serde_json::json!("server");
|
||||
raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
|
||||
if let Some(log) = raw_json.get("log_level") {
|
||||
raw_json["log"] = serde_json::json!({ "level": log.clone() });
|
||||
}
|
||||
} else {
|
||||
let (migrated, _) = ostp_client::config::ClientConfig::migrate_json(raw_json);
|
||||
raw_json = migrated;
|
||||
raw_json["mode"] = serde_json::json!("client");
|
||||
|
||||
// Hard stop if config is not in current format — user must run --migrate explicitly
|
||||
{
|
||||
let has_new_format = raw_json.get("inbounds").and_then(|v| v.as_array()).is_some()
|
||||
&& raw_json.get("outbounds").and_then(|v| v.as_array()).is_some();
|
||||
let version_ok = raw_json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
|
||||
if !has_new_format {
|
||||
eprintln!();
|
||||
eprintln!("{} Your configuration file is in an outdated format.", "[ostp]".yellow().bold());
|
||||
eprintln!("{} Run the following command to upgrade it:", "[ostp]".yellow().bold());
|
||||
eprintln!();
|
||||
eprintln!(" {}", "ostp --migrate".green().bold());
|
||||
eprintln!();
|
||||
std::process::exit(1);
|
||||
}
|
||||
if !version_ok {
|
||||
// New format but wrong version — silently fix just the version field in memory (no write)
|
||||
raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
|
||||
}
|
||||
|
||||
// Save migrated config back
|
||||
let serialized = serde_json::to_string_pretty(&raw_json)?;
|
||||
let header = "// OSTP Configuration v0.3.1\n// DO NOT EDIT THIS COMMENT - Migrator relies on it\n";
|
||||
let final_content = format!("{}{}", header, serialized);
|
||||
let _ = fs::write(&args.config, final_content);
|
||||
println!("{} Configuration automatically migrated to v0.3.1", "[ostp]".cyan().bold());
|
||||
}
|
||||
|
||||
|
||||
let config: UnifiedConfig = serde_json::from_value(raw_json)
|
||||
.map_err(|e| anyhow!("Failed to parse config: {}", e))?;
|
||||
|
||||
|
|
@ -1949,145 +1956,528 @@ fn cmd_migrate(config_path: &std::path::Path) -> Result<()> {
|
|||
|
||||
let config_content = fs::read_to_string(config_path)?;
|
||||
let mut stripped = json_comments::StripComments::new(config_content.as_bytes());
|
||||
let mut raw_json: serde_json::Value = serde_json::from_reader(&mut stripped)
|
||||
let old: serde_json::Value = serde_json::from_reader(&mut stripped)
|
||||
.map_err(|e| anyhow!("Failed to parse config as JSON: {}", e))?;
|
||||
|
||||
let is_migrated = raw_json.get("version").and_then(|v| v.as_str()) == Some(env!("CARGO_PKG_VERSION"));
|
||||
if is_migrated {
|
||||
println!("{} Configuration is already up to date (v0.3.5)", "[ostp]".cyan().bold());
|
||||
return Ok(());
|
||||
}
|
||||
// --- Determine config type ---
|
||||
let mode = old.get("mode").and_then(|m| m.as_str()).unwrap_or("");
|
||||
let is_server = mode == "server"
|
||||
|| old.get("listen").is_some()
|
||||
|| old.get("access_keys").is_some()
|
||||
|| old.get("inbounds").and_then(|v| v.as_array()).map(|arr| {
|
||||
arr.iter().any(|i| {
|
||||
i.get("protocol").and_then(|p| p.as_str()) == Some("ostp")
|
||||
|| i.get("type").and_then(|t| t.as_str()) == Some("ostp")
|
||||
})
|
||||
}).unwrap_or(false);
|
||||
let is_relay = mode == "relay" || old.get("upstream_tcp").is_some();
|
||||
let _is_client = !is_server && !is_relay;
|
||||
|
||||
// --- Helper: extract log level ---
|
||||
let log_level = old.get("log").and_then(|l| l.get("level")).and_then(|v| v.as_str())
|
||||
.or_else(|| old.get("log_level").and_then(|v| v.as_str()))
|
||||
.unwrap_or("info");
|
||||
|
||||
// --- Backup original ---
|
||||
let bak_path = config_path.with_extension("json.bak");
|
||||
fs::copy(config_path, &bak_path)?;
|
||||
println!("{} Original config backed up to {:?}", "[ostp]".cyan().bold(), bak_path);
|
||||
|
||||
let new_content: String;
|
||||
|
||||
let is_server = raw_json.get("listen").is_some() || raw_json.get("access_keys").is_some() || raw_json.get("mode").and_then(|m| m.as_str()) == Some("server");
|
||||
if is_server {
|
||||
raw_json["mode"] = serde_json::json!("server");
|
||||
raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
|
||||
if let Some(log) = raw_json.get("log_level") {
|
||||
raw_json["log"] = serde_json::json!({ "level": log.clone() });
|
||||
}
|
||||
|
||||
let mut inbounds = Vec::new();
|
||||
let mut outbounds = Vec::new();
|
||||
let mut routing = serde_json::json!({
|
||||
"rules": [],
|
||||
"default_outbound": "direct"
|
||||
});
|
||||
println!("{} Detected: Server configuration", "[ostp]".cyan().bold());
|
||||
|
||||
// Migrate Ostp inbound
|
||||
let listen = raw_json.get("listen").and_then(|l| l.as_str()).unwrap_or("0.0.0.0:50000");
|
||||
let parts: Vec<&str> = listen.split(':').collect();
|
||||
let host = parts.get(0).unwrap_or(&"0.0.0.0");
|
||||
let port: u16 = parts.get(1).and_then(|p| p.parse().ok()).unwrap_or(50000);
|
||||
|
||||
let mut users = Vec::new();
|
||||
if let Some(keys) = raw_json.get("access_keys").and_then(|a| a.as_array()) {
|
||||
for k in keys {
|
||||
users.push(serde_json::json!({
|
||||
"key": k.as_str().unwrap_or("")
|
||||
}));
|
||||
}
|
||||
}
|
||||
|
||||
let mut ostp_inbound = serde_json::json!({
|
||||
"protocol": "ostp",
|
||||
"tag": "ostp-in",
|
||||
"listen": host,
|
||||
"port": port,
|
||||
"users": users
|
||||
});
|
||||
|
||||
if let Some(fallback) = raw_json.get("fallback") {
|
||||
ostp_inbound["fallback"] = fallback.clone();
|
||||
}
|
||||
inbounds.push(ostp_inbound);
|
||||
// --- Extract server data ---
|
||||
// Listen host:port
|
||||
let (listen_host, listen_port) = extract_server_listen(&old);
|
||||
|
||||
// Migrate Api inbound
|
||||
if let Some(api) = raw_json.get("api") {
|
||||
let mut api_inbound = api.clone();
|
||||
api_inbound["protocol"] = serde_json::json!("api");
|
||||
api_inbound["tag"] = serde_json::json!("api-in");
|
||||
let bind = api.get("bind").and_then(|b| b.as_str()).unwrap_or("127.0.0.1:9090");
|
||||
let parts: Vec<&str> = bind.split(':').collect();
|
||||
api_inbound["listen"] = serde_json::json!(parts.get(0).unwrap_or(&"127.0.0.1"));
|
||||
api_inbound["port"] = serde_json::json!(parts.get(1).and_then(|p| p.parse::<u16>().ok()).unwrap_or(9090));
|
||||
inbounds.push(api_inbound);
|
||||
}
|
||||
// Access keys — support old flat list and new inbounds format
|
||||
let users_json = extract_server_users(&old);
|
||||
|
||||
// Migrate Outbound
|
||||
outbounds.push(serde_json::json!({
|
||||
"protocol": "direct",
|
||||
"tag": "direct"
|
||||
}));
|
||||
outbounds.push(serde_json::json!({
|
||||
"protocol": "block",
|
||||
"tag": "block"
|
||||
}));
|
||||
|
||||
if let Some(ob) = raw_json.get("outbound") {
|
||||
if ob.get("enabled").and_then(|e| e.as_bool()).unwrap_or(false) {
|
||||
let tag = "socks5-legacy";
|
||||
let socks = serde_json::json!({
|
||||
"protocol": "socks5",
|
||||
"tag": tag,
|
||||
"server": ob.get("address").and_then(|a| a.as_str()).unwrap_or("127.0.0.1"),
|
||||
"port": ob.get("port").and_then(|p| p.as_u64()).unwrap_or(9050)
|
||||
});
|
||||
outbounds.push(socks);
|
||||
|
||||
if let Some(rules) = ob.get("rules").and_then(|r| r.as_array()) {
|
||||
let mut new_rules = Vec::new();
|
||||
for rule in rules {
|
||||
let mut new_rule = rule.clone();
|
||||
new_rule["outbound"] = serde_json::json!(tag);
|
||||
new_rules.push(new_rule);
|
||||
}
|
||||
routing["rules"] = serde_json::json!(new_rules);
|
||||
}
|
||||
|
||||
let default_action = ob.get("default_action").and_then(|a| a.as_str()).unwrap_or("proxy");
|
||||
if default_action == "proxy" {
|
||||
routing["default_outbound"] = serde_json::json!(tag);
|
||||
} else if default_action == "block" {
|
||||
routing["default_outbound"] = serde_json::json!("block");
|
||||
}
|
||||
}
|
||||
}
|
||||
// Fallback
|
||||
let (fallback_enabled, fallback_listen, fallback_target) = extract_server_fallback(&old);
|
||||
|
||||
// DNS migrate
|
||||
if let Some(dns) = raw_json.get("dns_transport") {
|
||||
let mut dns_inbound = dns.clone();
|
||||
dns_inbound["protocol"] = serde_json::json!("dns");
|
||||
dns_inbound["tag"] = serde_json::json!("dns-tunnel");
|
||||
inbounds.push(dns_inbound);
|
||||
}
|
||||
// API
|
||||
let (api_listen, api_port, api_token, api_webpath, api_username, api_pass_hash) =
|
||||
extract_server_api(&old);
|
||||
|
||||
// DNS transport
|
||||
let (dns_listen, dns_domain, dns_pubkey, dns_privkey) = extract_server_dns(&old);
|
||||
|
||||
// Routing rules (preserve if present)
|
||||
let routing_rules_str = extract_routing_rules_str(&old);
|
||||
let default_outbound = old.get("routing").and_then(|r| r.get("default_outbound"))
|
||||
.and_then(|v| v.as_str()).unwrap_or("direct");
|
||||
|
||||
let users_str = users_json.iter()
|
||||
.map(|k| format!(
|
||||
r#" {{
|
||||
"key": "{}"
|
||||
}}
|
||||
"#, k))
|
||||
.collect::<Vec<_>>()
|
||||
.join(",\n");
|
||||
let users_str = if users_str.is_empty() {
|
||||
format!(r#" {{
|
||||
"key": "{}"
|
||||
}}
|
||||
"#, generate_secure_key("hex"))
|
||||
} else { users_str };
|
||||
|
||||
new_content = format!(r#"{{
|
||||
// OSTP Server Configuration
|
||||
"version": "{ver}",
|
||||
"mode": "server",
|
||||
"log": {{
|
||||
// Log levels: trace, debug, info, warn, error
|
||||
"level": "{log_level}"
|
||||
}},
|
||||
"inbounds": [
|
||||
{{
|
||||
// Primary OSTP protocol listener
|
||||
"protocol": "ostp",
|
||||
"tag": "ostp-in",
|
||||
"listen": "{listen_host}",
|
||||
"port": {listen_port},
|
||||
"users": [
|
||||
{users_str} ],
|
||||
"fallback": {{
|
||||
// Fallback protection: redirects unauthorized probes to a real website
|
||||
"enabled": {fallback_enabled},
|
||||
"listen": "{fallback_listen}",
|
||||
"target": "{fallback_target}"
|
||||
}}
|
||||
}},
|
||||
{{
|
||||
// Web Administration API
|
||||
"protocol": "api",
|
||||
"tag": "api-in",
|
||||
"listen": "{api_listen}",
|
||||
"port": {api_port},
|
||||
"token": "{api_token}",
|
||||
"webpath": "{api_webpath}",
|
||||
"username": "{api_username}",
|
||||
"password_hash": "{api_pass_hash}"
|
||||
}},
|
||||
{{
|
||||
// DNS Tunnel Inbound
|
||||
// [WARNING] This is a last-resort transport via public DNS.
|
||||
// It requires a dedicated registered domain with NS records pointing to this server.
|
||||
// Full setup guide: https://github.com/ospab/ostp/wiki/DNS-Tunneling
|
||||
"protocol": "dns",
|
||||
"tag": "dns-tunnel",
|
||||
"listen": "{dns_listen}",
|
||||
"domain": "{dns_domain}",
|
||||
"pubkey": "{dns_pubkey}",
|
||||
"privkey": "{dns_privkey}"
|
||||
}}
|
||||
],
|
||||
"outbounds": [
|
||||
{{
|
||||
// Example local SOCKS5 proxy (e.g. for Tor network)
|
||||
"protocol": "socks5",
|
||||
"tag": "socks5-local",
|
||||
"server": "127.0.0.1",
|
||||
"port": 9050
|
||||
}},
|
||||
{{
|
||||
// Default direct internet access
|
||||
"protocol": "direct",
|
||||
"tag": "direct"
|
||||
}},
|
||||
{{
|
||||
// Blackhole for blocked connections
|
||||
"protocol": "block",
|
||||
"tag": "block"
|
||||
}}
|
||||
],
|
||||
"routing": {{
|
||||
// Rule-based routing of client traffic
|
||||
"rules": [{routing_rules}],
|
||||
// If no rules match, use the default outbound
|
||||
"default_outbound": "{default_outbound}"
|
||||
}},
|
||||
"debug": false
|
||||
}}
|
||||
"#,
|
||||
ver = env!("CARGO_PKG_VERSION"),
|
||||
log_level = log_level,
|
||||
listen_host = listen_host,
|
||||
listen_port = listen_port,
|
||||
users_str = users_str,
|
||||
fallback_enabled = fallback_enabled,
|
||||
fallback_listen = fallback_listen,
|
||||
fallback_target = fallback_target,
|
||||
api_listen = api_listen,
|
||||
api_port = api_port,
|
||||
api_token = api_token,
|
||||
api_webpath = api_webpath,
|
||||
api_username = api_username,
|
||||
api_pass_hash = api_pass_hash,
|
||||
dns_listen = dns_listen,
|
||||
dns_domain = dns_domain,
|
||||
dns_pubkey = dns_pubkey,
|
||||
dns_privkey = dns_privkey,
|
||||
routing_rules = routing_rules_str,
|
||||
default_outbound = default_outbound,
|
||||
);
|
||||
|
||||
} else if is_relay {
|
||||
println!("{} Detected: Relay configuration", "[ostp]".cyan().bold());
|
||||
|
||||
let upstream_tcp = old.get("upstream_tcp").and_then(|v| v.as_str()).unwrap_or("TARGET_SERVER_IP:50000");
|
||||
let upstream_udp = old.get("upstream_udp").and_then(|v| v.as_str()).unwrap_or(upstream_tcp);
|
||||
let api_url = old.get("upstream_api_url").and_then(|v| v.as_str()).unwrap_or("http://TARGET_SERVER_IP:9090");
|
||||
let api_token = old.get("upstream_api_token").and_then(|v| v.as_str()).unwrap_or("");
|
||||
let sync_interval = old.get("sync_interval_secs").and_then(|v| v.as_u64()).unwrap_or(30);
|
||||
let listen = old.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0:50000");
|
||||
|
||||
new_content = format!(r#"{{
|
||||
// OSTP Relay Configuration
|
||||
"version": "{ver}",
|
||||
"mode": "relay",
|
||||
"log": {{
|
||||
// Log levels: trace, debug, info, warn, error
|
||||
"level": "{log_level}"
|
||||
}},
|
||||
// Local port for the relay to listen on
|
||||
"listen": "{listen}",
|
||||
// Upstream server details
|
||||
"upstream_tcp": "{upstream_tcp}",
|
||||
"upstream_udp": "{upstream_udp}",
|
||||
// Upstream Control Panel API for automatic key synchronization
|
||||
"upstream_api_url": "{api_url}",
|
||||
"upstream_api_token": "{api_token}",
|
||||
"sync_interval_secs": {sync_interval},
|
||||
"debug": false
|
||||
}}
|
||||
"#,
|
||||
ver = env!("CARGO_PKG_VERSION"),
|
||||
log_level = log_level,
|
||||
listen = listen,
|
||||
upstream_tcp = upstream_tcp,
|
||||
upstream_udp = upstream_udp,
|
||||
api_url = api_url,
|
||||
api_token = api_token,
|
||||
sync_interval = sync_interval,
|
||||
);
|
||||
|
||||
raw_json["inbounds"] = serde_json::json!(inbounds);
|
||||
raw_json["outbounds"] = serde_json::json!(outbounds);
|
||||
raw_json["routing"] = routing;
|
||||
|
||||
// Remove legacy fields
|
||||
let obj = raw_json.as_object_mut().unwrap();
|
||||
obj.remove("listen");
|
||||
obj.remove("access_keys");
|
||||
obj.remove("fallback");
|
||||
obj.remove("api");
|
||||
obj.remove("outbound");
|
||||
obj.remove("log_level");
|
||||
obj.remove("dns_transport");
|
||||
|
||||
println!("{} Detected Server configuration.", "[ostp]".cyan().bold());
|
||||
} else {
|
||||
println!("{} Detected Client configuration.", "[ostp]".cyan().bold());
|
||||
let (migrated, _) = ostp_client::config::ClientConfig::migrate_json(raw_json.clone());
|
||||
raw_json = migrated;
|
||||
raw_json["mode"] = serde_json::json!("client");
|
||||
raw_json["version"] = serde_json::json!(env!("CARGO_PKG_VERSION"));
|
||||
println!("{} Detected: Client configuration", "[ostp]".cyan().bold());
|
||||
|
||||
// Extract client data
|
||||
let (server_ip, server_port, access_key, transport_type) = extract_client_server(&old);
|
||||
let (socks_listen, socks_port) = extract_client_socks(&old);
|
||||
let tun_enabled = extract_client_tun(&old);
|
||||
let mux_enabled = old.get("mux").and_then(|m| m.get("enabled")).and_then(|v| v.as_bool())
|
||||
.or_else(|| old.get("outbounds").and_then(|o| o.as_array()).and_then(|arr| {
|
||||
arr.iter().find(|o| o.get("type").and_then(|t| t.as_str()) == Some("ostp"))
|
||||
.and_then(|o| o.get("multiplex")).and_then(|m| m.get("enabled")).and_then(|v| v.as_bool())
|
||||
}))
|
||||
.unwrap_or(false);
|
||||
let mux_sessions = old.get("mux").and_then(|m| m.get("sessions")).and_then(|v| v.as_u64())
|
||||
.or_else(|| old.get("outbounds").and_then(|o| o.as_array()).and_then(|arr| {
|
||||
arr.iter().find(|o| o.get("type").and_then(|t| t.as_str()) == Some("ostp"))
|
||||
.and_then(|o| o.get("multiplex")).and_then(|m| m.get("sessions")).and_then(|v| v.as_u64())
|
||||
}))
|
||||
.unwrap_or(1);
|
||||
let routing_rules_str = extract_routing_rules_str(&old);
|
||||
let default_outbound = old.get("routing").and_then(|r| r.get("default_outbound"))
|
||||
.and_then(|v| v.as_str()).unwrap_or("proxy");
|
||||
|
||||
let tun_block = if tun_enabled {
|
||||
r#" {{
|
||||
// Virtual network interface for transparent proxying
|
||||
"type": "tun",
|
||||
"tag": "tun-in",
|
||||
"auto_route": true,
|
||||
"mtu": 1140
|
||||
}},
|
||||
"#
|
||||
} else {
|
||||
r#" // Uncomment below to enable TUN (VPN) mode:
|
||||
// {{ "type": "tun", "tag": "tun-in", "auto_route": true, "mtu": 1140 }},
|
||||
"#
|
||||
};
|
||||
|
||||
new_content = format!(r#"{{
|
||||
// OSTP Client Configuration
|
||||
"version": "{ver}",
|
||||
"mode": "client",
|
||||
"log": {{
|
||||
"level": "{log_level}"
|
||||
}},
|
||||
"inbounds": [
|
||||
{tun_block} {{
|
||||
// Local SOCKS5 proxy server for browser configuration
|
||||
"type": "local_proxy",
|
||||
"tag": "socks-in",
|
||||
"protocol": "socks",
|
||||
"listen": "{socks_listen}",
|
||||
"port": {socks_port}
|
||||
}}
|
||||
],
|
||||
"outbounds": [
|
||||
{{
|
||||
// Connection to the remote OSTP server
|
||||
"type": "ostp",
|
||||
"tag": "proxy",
|
||||
"server": "{server_ip}",
|
||||
"port": {server_port},
|
||||
"access_key": "{access_key}",
|
||||
"transport": {{
|
||||
"type": "{transport_type}"
|
||||
}},
|
||||
"multiplex": {{
|
||||
"enabled": {mux_enabled},
|
||||
"sessions": {mux_sessions}
|
||||
}}
|
||||
}},
|
||||
{{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
}},
|
||||
{{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
}}
|
||||
],
|
||||
"routing": {{
|
||||
"rules": [{routing_rules}],
|
||||
"default_outbound": "{default_outbound}"
|
||||
}}
|
||||
}}
|
||||
"#,
|
||||
ver = env!("CARGO_PKG_VERSION"),
|
||||
log_level = log_level,
|
||||
tun_block = tun_block,
|
||||
socks_listen = socks_listen,
|
||||
socks_port = socks_port,
|
||||
server_ip = server_ip,
|
||||
server_port = server_port,
|
||||
access_key = access_key,
|
||||
transport_type = transport_type,
|
||||
mux_enabled = mux_enabled,
|
||||
mux_sessions = mux_sessions,
|
||||
routing_rules = routing_rules_str,
|
||||
default_outbound = default_outbound,
|
||||
);
|
||||
}
|
||||
|
||||
let serialized = serde_json::to_string_pretty(&raw_json)?;
|
||||
let final_content = format!("{}", serialized);
|
||||
fs::write(config_path, final_content)?;
|
||||
|
||||
println!("{} Successfully migrated configuration to v0.3.5!", "[ostp]".green().bold());
|
||||
fs::write(config_path, &new_content)?;
|
||||
println!("{} Configuration successfully migrated to v{}!", "[ostp]".green().bold(), env!("CARGO_PKG_VERSION"));
|
||||
println!("{} Backup saved at {:?}", "[ostp]".dimmed(), bak_path);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Migration helper extractors
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
/// Extract listen host and port for server from old or new format
|
||||
fn extract_server_listen(old: &serde_json::Value) -> (String, u16) {
|
||||
// New format: inbounds[type=ostp].listen + port
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let proto = inbound.get("protocol").or(inbound.get("type")).and_then(|v| v.as_str()).unwrap_or("");
|
||||
if proto == "ostp" {
|
||||
let h = inbound.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0").to_string();
|
||||
let p = inbound.get("port").and_then(|v| v.as_u64()).unwrap_or(50000) as u16;
|
||||
return (h, p);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old format: "listen": "0.0.0.0:50000"
|
||||
if let Some(s) = old.get("listen").and_then(|v| v.as_str()) {
|
||||
let parts: Vec<&str> = s.split(':').collect();
|
||||
let h = parts.get(0).unwrap_or(&"0.0.0.0").to_string();
|
||||
let p = parts.get(1).and_then(|x| x.parse().ok()).unwrap_or(50000);
|
||||
return (h, p);
|
||||
}
|
||||
("0.0.0.0".to_string(), 50000)
|
||||
}
|
||||
|
||||
/// Extract access keys as list of strings
|
||||
fn extract_server_users(old: &serde_json::Value) -> Vec<String> {
|
||||
// New format: inbounds[type=ostp].users[].key
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let proto = inbound.get("protocol").or(inbound.get("type")).and_then(|v| v.as_str()).unwrap_or("");
|
||||
if proto == "ostp" {
|
||||
if let Some(users) = inbound.get("users").and_then(|v| v.as_array()) {
|
||||
return users.iter().filter_map(|u| {
|
||||
u.get("key").and_then(|k| k.as_str()).map(|s| s.to_string())
|
||||
.or_else(|| u.as_str().map(|s| s.to_string()))
|
||||
}).collect();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format: "access_keys": ["key1", "key2"]
|
||||
if let Some(keys) = old.get("access_keys").and_then(|v| v.as_array()) {
|
||||
return keys.iter().filter_map(|k| k.as_str().map(|s| s.to_string())).collect();
|
||||
}
|
||||
vec![]
|
||||
}
|
||||
|
||||
/// Extract fallback config
|
||||
fn extract_server_fallback(old: &serde_json::Value) -> (bool, String, String) {
|
||||
// New format: inbounds[type=ostp].fallback
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let proto = inbound.get("protocol").or(inbound.get("type")).and_then(|v| v.as_str()).unwrap_or("");
|
||||
if proto == "ostp" {
|
||||
if let Some(fb) = inbound.get("fallback") {
|
||||
let enabled = fb.get("enabled").and_then(|v| v.as_bool()).unwrap_or(false);
|
||||
let listen = fb.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0:443").to_string();
|
||||
let target = fb.get("target").and_then(|v| v.as_str()).unwrap_or("127.0.0.1:8080").to_string();
|
||||
return (enabled, listen, target);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format
|
||||
if let Some(fb) = old.get("fallback") {
|
||||
let enabled = fb.get("enabled").and_then(|v| v.as_bool()).unwrap_or(false);
|
||||
let listen = fb.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0:443").to_string();
|
||||
let target = fb.get("target").and_then(|v| v.as_str()).unwrap_or("127.0.0.1:8080").to_string();
|
||||
return (enabled, listen, target);
|
||||
}
|
||||
(false, "0.0.0.0:443".to_string(), "127.0.0.1:8080".to_string())
|
||||
}
|
||||
|
||||
/// Extract API config
|
||||
fn extract_server_api(old: &serde_json::Value) -> (String, u16, String, String, String, String) {
|
||||
let default_hash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855".to_string();
|
||||
// New format: inbounds[protocol=api]
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let proto = inbound.get("protocol").or(inbound.get("type")).and_then(|v| v.as_str()).unwrap_or("");
|
||||
if proto == "api" {
|
||||
let listen = inbound.get("listen").and_then(|v| v.as_str()).unwrap_or("127.0.0.1").to_string();
|
||||
let port = inbound.get("port").and_then(|v| v.as_u64()).unwrap_or(9090) as u16;
|
||||
let token = inbound.get("token").and_then(|v| v.as_str()).unwrap_or("YOUR_SECRET_TOKEN").to_string();
|
||||
let webpath = inbound.get("webpath").and_then(|v| v.as_str()).unwrap_or("/admin").to_string();
|
||||
let username = inbound.get("username").and_then(|v| v.as_str()).unwrap_or("admin").to_string();
|
||||
let pass = inbound.get("password_hash").and_then(|v| v.as_str()).unwrap_or(&default_hash).to_string();
|
||||
return (listen, port, token, webpath, username, pass);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old format: "api": { "bind": "127.0.0.1:9090", ... }
|
||||
if let Some(api) = old.get("api") {
|
||||
let bind = api.get("bind").and_then(|v| v.as_str()).unwrap_or("127.0.0.1:9090");
|
||||
let parts: Vec<&str> = bind.split(':').collect();
|
||||
let listen = parts.get(0).unwrap_or(&"127.0.0.1").to_string();
|
||||
let port = parts.get(1).and_then(|p| p.parse().ok()).unwrap_or(9090);
|
||||
let token = api.get("token").and_then(|v| v.as_str()).unwrap_or("YOUR_SECRET_TOKEN").to_string();
|
||||
let webpath = api.get("webpath").and_then(|v| v.as_str()).unwrap_or("/admin").to_string();
|
||||
let username = api.get("username").and_then(|v| v.as_str()).unwrap_or("admin").to_string();
|
||||
let pass = api.get("password_hash").and_then(|v| v.as_str()).unwrap_or(&default_hash).to_string();
|
||||
return (listen, port, token, webpath, username, pass);
|
||||
}
|
||||
("127.0.0.1".to_string(), 9090, "YOUR_SECRET_TOKEN".to_string(), "/admin".to_string(), "admin".to_string(), default_hash)
|
||||
}
|
||||
|
||||
/// Extract DNS transport config
|
||||
fn extract_server_dns(old: &serde_json::Value) -> (String, String, String, String) {
|
||||
// New format: inbounds[protocol=dns]
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let proto = inbound.get("protocol").or(inbound.get("type")).and_then(|v| v.as_str()).unwrap_or("");
|
||||
if proto == "dns" {
|
||||
let listen = inbound.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0:53").to_string();
|
||||
let domain = inbound.get("domain").and_then(|v| v.as_str()).unwrap_or("tunnel.example.com").to_string();
|
||||
let pubkey = inbound.get("pubkey").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
let privkey = inbound.get("privkey").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
return (listen, domain, pubkey, privkey);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format: "dns_transport": {...}
|
||||
if let Some(dns) = old.get("dns_transport") {
|
||||
let listen = dns.get("listen").and_then(|v| v.as_str()).unwrap_or("0.0.0.0:53").to_string();
|
||||
let domain = dns.get("domain").and_then(|v| v.as_str()).unwrap_or("tunnel.example.com").to_string();
|
||||
let pubkey = dns.get("pubkey").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
let privkey = dns.get("privkey").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
return (listen, domain, pubkey, privkey);
|
||||
}
|
||||
let new_pub = generate_secure_key("base64");
|
||||
let new_priv = generate_secure_key("base64");
|
||||
("0.0.0.0:53".to_string(), "tunnel.example.com".to_string(), new_pub, new_priv)
|
||||
}
|
||||
|
||||
/// Extract routing rules as a formatted JSON string for embedding in template
|
||||
fn extract_routing_rules_str(old: &serde_json::Value) -> String {
|
||||
if let Some(rules) = old.get("routing").and_then(|r| r.get("rules")).and_then(|v| v.as_array()) {
|
||||
if !rules.is_empty() {
|
||||
let parts: Vec<String> = rules.iter()
|
||||
.filter_map(|r| serde_json::to_string_pretty(r).ok())
|
||||
.collect();
|
||||
return format!("\n {}\n ", parts.join(",\n "));
|
||||
}
|
||||
}
|
||||
String::new()
|
||||
}
|
||||
|
||||
/// Extract client server address, port, key, transport
|
||||
fn extract_client_server(old: &serde_json::Value) -> (String, u16, String, String) {
|
||||
// New format: outbounds[type=ostp]
|
||||
if let Some(arr) = old.get("outbounds").and_then(|v| v.as_array()) {
|
||||
for ob in arr {
|
||||
let t = ob.get("type").and_then(|v| v.as_str()).unwrap_or("");
|
||||
if t == "ostp" {
|
||||
let server = ob.get("server").and_then(|v| v.as_str()).unwrap_or("YOUR_SERVER_IP").to_string();
|
||||
let port = ob.get("port").and_then(|v| v.as_u64()).unwrap_or(50000) as u16;
|
||||
let key = ob.get("access_key").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
let transport = ob.get("transport").and_then(|t| t.get("type")).and_then(|v| v.as_str()).unwrap_or("udp").to_string();
|
||||
return (server, port, key, transport);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format
|
||||
let server_full = old.get("server").and_then(|v| v.as_str()).unwrap_or("YOUR_SERVER_IP:50000");
|
||||
let parts: Vec<&str> = server_full.split(':').collect();
|
||||
let server = parts.get(0).unwrap_or(&"YOUR_SERVER_IP").to_string();
|
||||
let port = parts.get(1).and_then(|p| p.parse().ok()).unwrap_or(50000);
|
||||
let key = old.get("access_key").and_then(|v| v.as_str()).unwrap_or("").to_string();
|
||||
let transport = old.get("transport").and_then(|t| t.get("mode").or(t.get("type"))).and_then(|v| v.as_str()).unwrap_or("udp").to_string();
|
||||
(server, port, key, transport)
|
||||
}
|
||||
|
||||
/// Extract client SOCKS listen address and port
|
||||
fn extract_client_socks(old: &serde_json::Value) -> (String, u16) {
|
||||
// New format: inbounds[type=local_proxy]
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let t = inbound.get("type").and_then(|v| v.as_str()).unwrap_or("");
|
||||
if t == "local_proxy" {
|
||||
let listen = inbound.get("listen").and_then(|v| v.as_str()).unwrap_or("127.0.0.1").to_string();
|
||||
let port = inbound.get("port").and_then(|v| v.as_u64()).unwrap_or(1088) as u16;
|
||||
return (listen, port);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format
|
||||
let bind = old.get("socks5_bind").and_then(|v| v.as_str()).unwrap_or("127.0.0.1:1088");
|
||||
let parts: Vec<&str> = bind.split(':').collect();
|
||||
let listen = parts.get(0).unwrap_or(&"127.0.0.1").to_string();
|
||||
let port = parts.get(1).and_then(|p| p.parse().ok()).unwrap_or(1088);
|
||||
(listen, port)
|
||||
}
|
||||
|
||||
/// Check if TUN is enabled in old config
|
||||
fn extract_client_tun(old: &serde_json::Value) -> bool {
|
||||
// New format: inbounds[type=tun]
|
||||
if let Some(arr) = old.get("inbounds").and_then(|v| v.as_array()) {
|
||||
for inbound in arr {
|
||||
let t = inbound.get("type").and_then(|v| v.as_str()).unwrap_or("");
|
||||
if t == "tun" {
|
||||
return inbound.get("auto_route").and_then(|v| v.as_bool()).unwrap_or(true);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Old flat format
|
||||
old.get("tun").and_then(|t| t.get("enable")).and_then(|v| v.as_bool()).unwrap_or(false)
|
||||
}
|
||||
|
|
|
|||
62
server.json
62
server.json
|
|
@ -1,62 +0,0 @@
|
|||
{
|
||||
// OSTP Server Configuration
|
||||
"mode": "server",
|
||||
"log_level": "info",
|
||||
|
||||
// The address and port the server listens on for incoming OSTP connections.
|
||||
"listen": "0.0.0.0:50000",
|
||||
|
||||
// List of valid keys. Clients must use one of these to connect.
|
||||
"access_keys": [
|
||||
"a1d8795a93553c08b4e89b017a16ca52"
|
||||
],
|
||||
|
||||
// Optional proxy for outbound traffic.
|
||||
"outbound": {
|
||||
"enabled": false,
|
||||
"protocol": "socks5",
|
||||
"address": "127.0.0.1",
|
||||
"port": 9050,
|
||||
// default_action: 'proxy' (all through proxy) or 'direct' (bypass proxy by default).
|
||||
"default_action": "proxy",
|
||||
"rules": [
|
||||
{
|
||||
"domain_suffix": [".onion"],
|
||||
"action": "proxy"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
// Web control panel & Management API
|
||||
"api": {
|
||||
"enabled": false,
|
||||
"bind": "0.0.0.0:9090",
|
||||
// Static API token for Relay servers (optional)
|
||||
"token": "",
|
||||
// Secret URL path to hide panel from scanners (e.g. "mySecret123")
|
||||
"webpath": "",
|
||||
// Login credentials for web panel (password stored as SHA256 hash)
|
||||
"username": "",
|
||||
"password_hash": ""
|
||||
},
|
||||
|
||||
// Fallback TCP proxy: unrecognized connections are proxied to a web server (anti-DPI).
|
||||
"fallback": {
|
||||
"enabled": false,
|
||||
"listen": "0.0.0.0:443",
|
||||
// Target web server (e.g., local nginx or caddy)
|
||||
"target": "127.0.0.1:8080"
|
||||
},
|
||||
|
||||
// Reality (XTLS) / UoT Masquerade parameters
|
||||
"reality": {
|
||||
"enabled": false,
|
||||
"dest": "www.microsoft.com:443",
|
||||
"private_key": "6FVg53jUBTt-dJ52F1Zu1RBCcW1gr9K84WdynBb7i80",
|
||||
"pbk": "c9QjERoaqFGoKBd-9ZpNzj51E8B93fcnEQT_cohEk2E",
|
||||
"sid": "960223edfa174fc5",
|
||||
"sni_list": ["www.microsoft.com"]
|
||||
},
|
||||
"debug": false,
|
||||
|
||||
}
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
{
|
||||
// OSTP Configuration v0.3.1
|
||||
// DO NOT EDIT THIS COMMENT - Migrator relies on it
|
||||
"version": "0.3.1",
|
||||
"mode": "client",
|
||||
"log": {
|
||||
"level": "info"
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"type": "tun",
|
||||
"tag": "tun-in",
|
||||
"auto_route": true,
|
||||
"mtu": 1140
|
||||
},
|
||||
{
|
||||
"type": "local_proxy",
|
||||
"tag": "socks-in",
|
||||
"protocol": "socks",
|
||||
"listen": "127.0.0.1",
|
||||
"port": 1088
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"type": "ostp",
|
||||
"tag": "proxy",
|
||||
"server": "YOUR_SERVER_IP",
|
||||
"port": 50000,
|
||||
"access_key": "170756347f1562a4b260f8f4b419009a",
|
||||
"transport": {
|
||||
"type": "udp"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "direct",
|
||||
"tag": "direct"
|
||||
},
|
||||
{
|
||||
"type": "block",
|
||||
"tag": "block"
|
||||
}
|
||||
],
|
||||
"routing": {
|
||||
"rules": [
|
||||
{
|
||||
"domain_suffix": ["localhost"],
|
||||
"outbound": "direct"
|
||||
}
|
||||
],
|
||||
"default_outbound": "proxy"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
{
|
||||
// OSTP Configuration v0.3.1
|
||||
// DO NOT EDIT THIS COMMENT - Migrator relies on it
|
||||
"version": "0.3.1",
|
||||
"mode": "server",
|
||||
"log": {
|
||||
"level": "info"
|
||||
},
|
||||
|
||||
// The address and port the server listens on for incoming OSTP connections.
|
||||
"listen": "0.0.0.0:50000",
|
||||
|
||||
// List of valid keys. Clients must use one of these to connect.
|
||||
"access_keys": [
|
||||
"1369293f64ed6382d96cd2c1fa2ee4ee"
|
||||
],
|
||||
|
||||
// Optional proxy for outbound traffic.
|
||||
"outbound": {
|
||||
"enabled": false,
|
||||
"protocol": "socks5",
|
||||
"address": "127.0.0.1",
|
||||
"port": 9050,
|
||||
"default_action": "proxy",
|
||||
"rules": [
|
||||
{
|
||||
"domain_suffix": [".onion"],
|
||||
"action": "proxy"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
// Fallback TCP proxy: unrecognized connections are proxied to a web server (anti-DPI).
|
||||
"fallback": {
|
||||
"enabled": false,
|
||||
"listen": "0.0.0.0:443",
|
||||
// Target web server (e.g., local nginx or caddy)
|
||||
"target": "127.0.0.1:8080"
|
||||
},
|
||||
|
||||
"debug": false
|
||||
}
|
||||
Loading…
Reference in New Issue