star/netforward/forward.go

package netforward

import (
	"b612.me/apps/b612/utils"
	"b612.me/stario"
	"b612.me/starlog"
	"b612.me/starmap"
	"b612.me/starnet"
	"context"
	"crypto/tls"
	"crypto/x509"
	"errors"
	"fmt"
	"io"
	"net"
	"os"
	"strconv"
	"strings"
	"sync"
	"sync/atomic"
	"syscall"
	"time"
)

type NetForward struct {
	LocalAddr   string
	LocalPort   int
	RemoteURI   string
	EnableTCP   bool
	EnableUDP   bool
	DelayMilSec int
	DelayToward int
	StdinMode   bool
	IgnoreEof   bool
	DialTimeout time.Duration
	UDPTimeout  time.Duration
	stopCtx     context.Context
	stopFn      context.CancelFunc
	running     int32
	UdpHooks    map[string]*starmap.StarStack

	KeepAlivePeriod int
	KeepAliveIdel   int
	KeepAliveCount  int
	UserTimeout     int
	UsingKeepAlive  bool
	Verbose         bool
	udpListener     *net.UDPConn

	inTls            bool     // 是否启用TLS
	outTls           bool     // 是否启用TLS
	inTlsCert        string   // TLS证书路径
	inTlsKey         string   // TLS密钥路径
	inTlsAutoGen     bool     // 是否自动生成TLS证书
	CaCerts          []string // TLS CA证书路径
	outTlsKey        string   // TLS密钥路径
	outTlsCert       string   // TLS证书路径
	inTlsSkipVerify  bool     // 是否跳过TLS验证
	outTlsSkipVerify bool     // 是否跳过TLS验证
	allowNoTls       bool     // 是否允许不使用TLS
	certCache        map[string]tls.Certificate
	toolCa           *x509.Certificate
	toolCaKey        any
	caPool           *x509.CertPool
	outTlsCertCache  tls.Certificate
}

func (n *NetForward) UdpListener() *net.UDPConn {
	return n.udpListener
}

func (n *NetForward) Close() {
	n.stopFn()
}

func (n *NetForward) Status() int32 {
	return atomic.LoadInt32(&n.running)
}

func (n *NetForward) Run() error {
	if n.running > 0 {
		starlog.Errorln("already running")
		return errors.New("already running")
	}
	n.stopCtx, n.stopFn = context.WithCancel(context.Background())
	if n.DialTimeout == 0 {
		n.DialTimeout = time.Second * 5
	}
	if n.StdinMode {
		go func() {
			for {
				cmd := strings.TrimSpace(stario.MessageBox("", "").MustString())
				for strings.Contains(cmd, "  ") {
					cmd = strings.Replace(cmd, "  ", " ", -1)
				}
				starlog.Debugf("Recv Command %s\n", cmd)
				cmds := strings.Split(cmd, " ")
				if len(cmds) < 3 {
					starlog.Errorln("Invalid Command", cmd)
					continue
				}
				switch cmds[0] + cmds[1] {
				case "setremote":
					n.RemoteURI = cmds[2]
					starlog.Noticef("Remote URI Set to %s\n", n.RemoteURI)
				case "setdelaytoward":
					tmp, err := strconv.Atoi(cmds[2])
					if err != nil {
						starlog.Errorln("Invalid Delay Toward Value", cmds[2])
						continue
					}
					n.DelayToward = tmp
					starlog.Noticef("Delay Toward Set to %d\n", n.DelayToward)
				case "setdelay":
					tmp, err := strconv.Atoi(cmds[2])
					if err != nil {
						starlog.Errorln("Invalid Delay Value", cmds[2])
						continue
					}
					n.DelayMilSec = tmp
					starlog.Noticef("Delay Set to %d\n", n.DelayMilSec)
				case "setdialtimeout":
					tmp, err := strconv.Atoi(cmds[2])
					if err != nil {
						starlog.Errorln("Invalid Dial Timeout Value", cmds[2])
						continue
					}
					n.DialTimeout = time.Millisecond * time.Duration(tmp)
					starlog.Noticef("Dial Timeout Set to %d\n", n.DialTimeout)
				case "setudptimeout":
					tmp, err := strconv.Atoi(cmds[2])
					if err != nil {
						starlog.Errorln("Invalid UDP Timeout Value", cmds[2])
						continue
					}
					n.UDPTimeout = time.Millisecond * time.Duration(tmp)
					starlog.Noticef("UDP Timeout Set to %d\n", n.UDPTimeout)
				case "setstdin":
					if cmds[2] == "off" {
						n.StdinMode = false
						starlog.Noticef("Stdin Mode Off\n")
						return
					}
				}
			}
		}()
	}
	if n.EnableTCP {
		go n.runTCP()
	}

	if n.EnableUDP {
		go n.runUDP()
	}
	return nil
}

func (n *NetForward) TcpListener() (net.Listener, error) {
	if n.outTls && n.outTlsCert != "" && n.outTlsKey != "" {
		cert, err := tls.LoadX509KeyPair(n.outTlsCert, n.outTlsKey)
		if err != nil {
			starlog.Errorln("Load X509 Key Pair Failed:", err)
			return nil, err
		}
		n.outTlsCertCache = cert
	}
	cfg := net.ListenConfig{
		Control: func(network, address string, c syscall.RawConn) error {
			return c.Control(SetReUseAddr)
		},
	}
	listener, err := cfg.Listen(context.Background(), "tcp", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))
	if !n.inTls {
		return listener, err
	}
	var caPool *x509.CertPool
	if n.inTlsAutoGen {
		if n.toolCa == nil {
			n.toolCa, n.toolCaKey = utils.ToolCert("")
			if n.toolCa != nil {
				caPool = x509.NewCertPool()
				caPool.AddCert(n.toolCa)
			}
		}
	}
	if len(n.CaCerts) > 0 {
		if caPool == nil {
			caPool = x509.NewCertPool()
		}
		for _, ca := range n.CaCerts {
			data, err := os.ReadFile(ca)
			if err != nil {
				starlog.Errorln("Read CA Cert Failed:", err)
				listener.Close()
				return nil, err
			}
			if !caPool.AppendCertsFromPEM(data) {
				starlog.Errorln("Append CA Cert Failed:", ca)
				listener.Close()
				return nil, fmt.Errorf("append ca cert %s failed", ca)
			}
		}
		n.caPool = caPool
	}
	var tlsConfig = &tls.Config{
		Certificates:       nil,
		RootCAs:            caPool,
		InsecureSkipVerify: n.inTlsSkipVerify,
	}
	if !n.inTlsAutoGen && (n.inTlsCert != "" || n.inTlsKey != "") {
		cert, err := tls.LoadX509KeyPair(n.inTlsCert, n.inTlsKey)
		if err != nil {
			starlog.Errorln("Load X509 Key Pair Failed:", err)
			listener.Close()
			return nil, err
		}
		tlsConfig.Certificates = []tls.Certificate{cert}
	}
	if n.inTlsAutoGen {
		return starnet.ListenWithListener(listener, tlsConfig, n.autoGenCert, n.allowNoTls)
	}
	return starnet.ListenWithListener(listener, tlsConfig, nil, n.allowNoTls)
}

func (n *NetForward) autoGenCert(hostname string) *tls.Config {
	if cert, ok := n.certCache[hostname]; ok {
		return &tls.Config{Certificates: []tls.Certificate{cert}}
	}
	if n.toolCa == nil {
		n.toolCa, n.toolCaKey = utils.ToolCert("")
	}
	cert, err := utils.GenerateTlsCert(utils.GenerateCertParams{
		Country:          "CN",
		Organization:     "B612 HTTP SERVER",
		OrganizationUnit: "cert@b612.me",
		CommonName:       hostname,
		Dns:              []string{hostname},
		KeyUsage:         int(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign),
		ExtendedKeyUsage: []int{
			int(x509.ExtKeyUsageServerAuth),
			int(x509.ExtKeyUsageClientAuth),
		},
		IsCA:      false,
		StartDate: time.Now().Add(-24 * time.Hour),
		EndDate:   time.Now().AddDate(1, 0, 0),
		Type:      "RSA",
		Bits:      2048,
		CA:        n.toolCa,
		CAPriv:    n.toolCaKey,
	})
	if err != nil {
		return nil
	}
	n.certCache[hostname] = cert
	return &tls.Config{Certificates: []tls.Certificate{cert}}
}

func (n *NetForward) runTCP() error {
	atomic.AddInt32(&n.running, 1)
	defer atomic.AddInt32(&n.running, -1)
	listen, err := n.TcpListener()
	if err != nil {
		starlog.Errorln("Listening On Tcp Failed:", err)
		return err
	}
	go func() {
		<-n.stopCtx.Done()
		listen.Close()
	}()
	starlog.Infof("Listening TCP on %v\n", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))
	for {
		select {
		case <-n.stopCtx.Done():
			return nil
		default:
		}
		conn, err := listen.Accept()
		if err != nil {
			continue
		}
		log := starlog.Std.NewFlag()
		log.Infof("Accept New TCP Conn from %v\n", conn.RemoteAddr().String())
		if n.DelayMilSec > 0 && (n.DelayToward == 0 || n.DelayToward == 1) {
			log.Infof("Delay %d ms\n", n.DelayMilSec)
			time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))
		}
		switch c := conn.(type) {
		case *net.TCPConn:
			err = SetTcpInfo(c, n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)
		case *starnet.Conn:
			err = SetTcpInfo(c.Conn.(*net.TCPConn), n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)
		}

		if err != nil {
			log.Errorf("SetTcpInfo error for %s: %v\n", conn.RemoteAddr().String(), err)
			conn.Close()
			continue
		}
		go func(conn net.Conn) {
			rmt, err := net.DialTimeout("tcp", n.RemoteURI, n.DialTimeout)
			if err != nil {
				log.Errorf("TCP:Dial Remote %s Failed:%v\n", n.RemoteURI, err)
				conn.Close()
				return
			}
			err = SetTcpInfo(rmt.(*net.TCPConn), n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)
			if err != nil {
				log.Errorf("SetTcpInfo error for %s: %v\n", conn.RemoteAddr().String(), err)
				rmt.Close()
				return
			}
			log.Infof("TCP Connect %s <==> %s\n", conn.RemoteAddr().String(), rmt.RemoteAddr().String())
			if n.outTls {
				serverName, _, _ := net.SplitHostPort(n.RemoteURI)
				tlsConfig := &tls.Config{
					InsecureSkipVerify: n.outTlsSkipVerify,
					RootCAs:            n.caPool,
					ServerName:         serverName,
				}
				if n.outTlsCert != "" && n.outTlsKey != "" {
					tlsConfig.Certificates = []tls.Certificate{n.outTlsCertCache}
				}
				rmt = tls.Client(rmt, tlsConfig)
				if err := rmt.(*tls.Conn).Handshake(); err != nil {
					log.Errorf("TLS Handshake Failed: %v\n", err)
					conn.Close()
					rmt.Close()
					return
				}
			}
			n.copy(rmt, conn)
			log.Noticef("TCP Connection Closed  %s <==> %s\n", conn.RemoteAddr().String(), n.RemoteURI)
			conn.Close()
			rmt.Close()
		}(conn)
	}
}

type UDPConn struct {
	net.Conn
	listen     *net.UDPConn
	remoteAddr *net.UDPAddr
	lastbeat   int64
}

func (u *UDPConn) Write(p []byte) (n int, err error) {
	u.lastbeat = time.Now().Unix()
	return u.Conn.Write(p)
}

func (u *UDPConn) Read(p []byte) (n int, err error) {
	u.lastbeat = time.Now().Unix()
	return u.Conn.Read(p)
}

func (u *UDPConn) Work(delay int, verbose bool) {
	buf := make([]byte, 8192)
	for {
		if delay > 0 {
			time.Sleep(time.Millisecond * time.Duration(delay))
		}
		count, err := u.Read(buf)
		if err != nil {
			u.Close()
			u.lastbeat = 0
			return
		}
		if verbose {
			fmt.Printf("U %v Recv Data %s ==> %s %X\n", time.Now().Format("2006-01-02 15:04:05"), u.Conn.RemoteAddr().String(), u.remoteAddr.String(), buf[0:count])
		}
		_, err = u.listen.WriteTo(buf[0:count], u.remoteAddr)
		if err != nil {
			u.lastbeat = 0
			return
		}
	}
}

func (n *NetForward) runUDP() error {
	var mu sync.RWMutex
	atomic.AddInt32(&n.running, 1)
	defer atomic.AddInt32(&n.running, -1)
	udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%v", n.LocalAddr, n.LocalPort))
	if err != nil {
		return err
	}
	listen, err := net.ListenUDP("udp", udpAddr)
	if err != nil {
		return err
	}
	n.udpListener = listen
	starlog.Infof("Listening UDP on %v\n", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))
	go func() {
		<-n.stopCtx.Done()
		listen.Close()
	}()
	udpMap := make(map[string]*UDPConn)
	go func() {
		for {
			select {
			case <-n.stopCtx.Done():
				return
			case <-time.After(time.Second * 60):
				mu.Lock()
				for k, v := range udpMap {
					if time.Now().Unix() > int64(n.UDPTimeout.Seconds())+v.lastbeat {
						delete(udpMap, k)
						starlog.Noticef("UDP Connection Closed  %s <==> %s\n", v.remoteAddr.String(), n.RemoteURI)
					}
				}
				mu.Unlock()
			}
		}
	}()
	buf := make([]byte, 8192)
	for {
		select {
		case <-n.stopCtx.Done():
			return nil
		default:
		}
		count, rmt, err := listen.ReadFromUDP(buf)
		if err != nil || rmt.String() == n.RemoteURI {
			continue
		}
		{
			//hooks
			if n.UdpHooks != nil {
				if m, ok := n.UdpHooks[rmt.String()]; ok {
					if m.Free() > 0 {
						if n.Verbose {
							starlog.Noticef("Hooked UDP Data %s ==> %s %X\n", rmt.String(), n.RemoteURI, buf[0:count])
						} else {
							starlog.Noticef("Hooked UDP Data %s ==> %s\n", rmt.String(), n.RemoteURI)
						}
						m.Push(buf[0:count])
						continue
					}
				}
			}
		}
		go func(data []byte, rmt *net.UDPAddr) {
			log := starlog.Std.NewFlag()
			mu.Lock()
			addr, ok := udpMap[rmt.String()]
			if !ok {
				log.Infof("Accept New UDP Conn from %v\n", rmt.String())
				conn, err := net.Dial("udp", n.RemoteURI)
				if err != nil {
					log.Errorf("UDP:Dial Remote %s Failed:%v\n", n.RemoteURI, err)
					mu.Unlock()
					return
				}
				addr = &UDPConn{
					Conn:       conn,
					remoteAddr: rmt,
					listen:     listen,
					lastbeat:   time.Now().Unix(),
				}
				udpMap[rmt.String()] = addr
				go addr.Work(n.DelayMilSec, n.Verbose)
				log.Infof("UDP Connect %s <==> %s\n", rmt.String(), n.RemoteURI)
			}
			mu.Unlock()
			if n.DelayMilSec > 0 || (n.DelayToward == 0 || n.DelayToward == 1) {
				time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))
			}
			if n.Verbose {
				fmt.Printf("T %v Recv Data %s ==> %s %X\n", time.Now().Format("2006-01-02 15:04:05"), rmt.String(), n.RemoteURI, data)
			}
			_, err := addr.Write(data)
			if err != nil {
				mu.Lock()
				addr.Close()
				delete(udpMap, addr.remoteAddr.String())
				mu.Unlock()
				log.Noticef("UDP Connection Closed  %s <==> %s\n", rmt.String(), n.RemoteURI)
			}
		}(buf[0:count], rmt)
	}
}

func (n *NetForward) showVerbose(toward, src, dst string, data []byte) {
	if n.Verbose {
		fmt.Printf("%s %v Recv Data %s ==> %s %X\n", toward, time.Now().Format("2006-01-02 15:04:05"), src, dst, data)
	}
}

func (n *NetForward) copy(dst, src net.Conn) {
	var wg sync.WaitGroup
	wg.Add(2)
	go func() {
		defer wg.Done()
		bufsize := make([]byte, 32*1024)
		for {
			count, err := src.Read(bufsize)
			if err != nil {
				if n.IgnoreEof && err == io.EOF {
					continue
				}
				dst.Close()
				src.Close()
				return
			}
			n.showVerbose("T", src.RemoteAddr().String(), dst.RemoteAddr().String(), bufsize[:count])
			_, err = dst.Write(bufsize[:count])
			if err != nil {
				src.Close()
				dst.Close()
				return
			}
			if n.DelayMilSec > 0 && (n.DelayToward == 0 || n.DelayToward == 1) {
				time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))
			}
		}
	}()
	go func() {
		defer wg.Done()
		bufsize := make([]byte, 32*1024)
		for {
			count, err := dst.Read(bufsize)
			if err != nil {
				if n.IgnoreEof && err == io.EOF {
					continue
				}
				src.Close()
				dst.Close()
				return
			}
			n.showVerbose("U", dst.RemoteAddr().String(), src.RemoteAddr().String(), bufsize[:count])
			_, err = src.Write(bufsize[:count])
			if err != nil {
				src.Close()
				dst.Close()
				return
			}
			if n.DelayMilSec > 0 && (n.DelayToward == 0 || n.DelayToward == 2) {
				time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))
			}
		}
	}()
	wg.Wait()
}
update 2024-02-04 13:17:47 +08:00			`package netforward`
init 2023-04-04 14:11:09 +08:00
			`import (`
update 2025-06-17 13:10:35 +08:00			`"b612.me/apps/b612/utils"`
add hook for net forward 2024-03-22 14:37:42 +08:00			`"b612.me/stario"`
init 2023-04-04 14:11:09 +08:00			`"b612.me/starlog"`
update 2024-09-15 15:27:50 +08:00			`"b612.me/starmap"`
update 2025-06-17 13:10:35 +08:00			`"b612.me/starnet"`
init 2023-04-04 14:11:09 +08:00			`"context"`
update 2025-06-17 13:10:35 +08:00			`"crypto/tls"`
			`"crypto/x509"`
init 2023-04-04 14:11:09 +08:00			`"errors"`
			`"fmt"`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`"io"`
init 2023-04-04 14:11:09 +08:00			`"net"`
update 2025-06-17 13:10:35 +08:00			`"os"`
add hook for net forward 2024-03-22 14:37:42 +08:00			`"strconv"`
			`"strings"`
init 2023-04-04 14:11:09 +08:00			`"sync"`
			`"sync/atomic"`
add more nat func 2024-06-29 20:06:14 +08:00			`"syscall"`
init 2023-04-04 14:11:09 +08:00			`"time"`
			`)`

			`type NetForward struct {`
			`LocalAddr string`
			`LocalPort int`
			`RemoteURI string`
			`EnableTCP bool`
			`EnableUDP bool`
add hook for net forward 2024-03-22 14:37:42 +08:00			`DelayMilSec int`
add hook for net forward 2024-03-22 14:45:00 +08:00			`DelayToward int`
add hook for net forward 2024-03-22 14:37:42 +08:00			`StdinMode bool`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`IgnoreEof bool`
init 2023-04-04 14:11:09 +08:00			`DialTimeout time.Duration`
			`UDPTimeout time.Duration`
			`stopCtx context.Context`
			`stopFn context.CancelFunc`
			`running int32`
update 2024-09-15 15:27:50 +08:00			`UdpHooks map[string]*starmap.StarStack`
add tcp debug cmd 2024-04-28 08:37:32 +08:00
			`KeepAlivePeriod int`
			`KeepAliveIdel int`
			`KeepAliveCount int`
			`UserTimeout int`
			`UsingKeepAlive bool`
update 2024-09-15 15:27:50 +08:00			`Verbose bool`
			`udpListener *net.UDPConn`
update 2025-06-17 13:10:35 +08:00
			`inTls bool // 是否启用TLS`
			`outTls bool // 是否启用TLS`
			`inTlsCert string // TLS证书路径`
			`inTlsKey string // TLS密钥路径`
			`inTlsAutoGen bool // 是否自动生成TLS证书`
			`CaCerts []string // TLS CA证书路径`
			`outTlsKey string // TLS密钥路径`
			`outTlsCert string // TLS证书路径`
			`inTlsSkipVerify bool // 是否跳过TLS验证`
			`outTlsSkipVerify bool // 是否跳过TLS验证`
			`allowNoTls bool // 是否允许不使用TLS`
			`certCache map[string]tls.Certificate`
			`toolCa *x509.Certificate`
			`toolCaKey any`
			`caPool *x509.CertPool`
			`outTlsCertCache tls.Certificate`
update 2024-09-15 15:27:50 +08:00			`}`

			`func (n NetForward) UdpListener() net.UDPConn {`
			`return n.udpListener`
init 2023-04-04 14:11:09 +08:00			`}`

			`func (n *NetForward) Close() {`
			`n.stopFn()`
			`}`
update 2024-02-04 13:17:47 +08:00
			`func (n *NetForward) Status() int32 {`
add hook for net forward 2024-03-22 15:16:14 +08:00			`return atomic.LoadInt32(&n.running)`
update 2024-02-04 13:17:47 +08:00			`}`

init 2023-04-04 14:11:09 +08:00			`func (n *NetForward) Run() error {`
update 2024-02-04 13:17:47 +08:00			`if n.running > 0 {`
			`starlog.Errorln("already running")`
init 2023-04-04 14:11:09 +08:00			`return errors.New("already running")`
			`}`
			`n.stopCtx, n.stopFn = context.WithCancel(context.Background())`
			`if n.DialTimeout == 0 {`
update 2024-02-04 13:17:47 +08:00			`n.DialTimeout = time.Second * 5`
init 2023-04-04 14:11:09 +08:00			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if n.StdinMode {`
add hook for net forward 2024-03-22 15:16:14 +08:00			`go func() {`
			`for {`
			`cmd := strings.TrimSpace(stario.MessageBox("", "").MustString())`
			`for strings.Contains(cmd, " ") {`
			`cmd = strings.Replace(cmd, " ", " ", -1)`
add hook for net forward 2024-03-22 14:37:42 +08:00			`}`
add hook for net forward 2024-03-22 15:16:14 +08:00			`starlog.Debugf("Recv Command %s\n", cmd)`
			`cmds := strings.Split(cmd, " ")`
			`if len(cmds) < 3 {`
			`starlog.Errorln("Invalid Command", cmd)`
add hook for net forward 2024-03-22 14:37:42 +08:00			`continue`
			`}`
add hook for net forward 2024-03-22 15:16:14 +08:00			`switch cmds[0] + cmds[1] {`
			`case "setremote":`
			`n.RemoteURI = cmds[2]`
			`starlog.Noticef("Remote URI Set to %s\n", n.RemoteURI)`
			`case "setdelaytoward":`
			`tmp, err := strconv.Atoi(cmds[2])`
			`if err != nil {`
			`starlog.Errorln("Invalid Delay Toward Value", cmds[2])`
			`continue`
			`}`
			`n.DelayToward = tmp`
			`starlog.Noticef("Delay Toward Set to %d\n", n.DelayToward)`
			`case "setdelay":`
			`tmp, err := strconv.Atoi(cmds[2])`
			`if err != nil {`
			`starlog.Errorln("Invalid Delay Value", cmds[2])`
			`continue`
			`}`
			`n.DelayMilSec = tmp`
			`starlog.Noticef("Delay Set to %d\n", n.DelayMilSec)`
			`case "setdialtimeout":`
			`tmp, err := strconv.Atoi(cmds[2])`
			`if err != nil {`
			`starlog.Errorln("Invalid Dial Timeout Value", cmds[2])`
			`continue`
			`}`
			`n.DialTimeout = time.Millisecond * time.Duration(tmp)`
			`starlog.Noticef("Dial Timeout Set to %d\n", n.DialTimeout)`
			`case "setudptimeout":`
			`tmp, err := strconv.Atoi(cmds[2])`
			`if err != nil {`
			`starlog.Errorln("Invalid UDP Timeout Value", cmds[2])`
			`continue`
			`}`
			`n.UDPTimeout = time.Millisecond * time.Duration(tmp)`
			`starlog.Noticef("UDP Timeout Set to %d\n", n.UDPTimeout)`
			`case "setstdin":`
			`if cmds[2] == "off" {`
			`n.StdinMode = false`
			`starlog.Noticef("Stdin Mode Off\n")`
			`return`
			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`}`
			`}`
add hook for net forward 2024-03-22 15:16:14 +08:00			`}()`
add hook for net forward 2024-03-22 14:37:42 +08:00			`}`
init 2023-04-04 14:11:09 +08:00			`if n.EnableTCP {`
update 2024-02-04 13:17:47 +08:00			`go n.runTCP()`
init 2023-04-04 14:11:09 +08:00			`}`

			`if n.EnableUDP {`
update 2024-02-04 13:17:47 +08:00			`go n.runUDP()`
init 2023-04-04 14:11:09 +08:00			`}`
			`return nil`
			`}`

update 2025-06-17 13:10:35 +08:00			`func (n *NetForward) TcpListener() (net.Listener, error) {`
			`if n.outTls && n.outTlsCert != "" && n.outTlsKey != "" {`
			`cert, err := tls.LoadX509KeyPair(n.outTlsCert, n.outTlsKey)`
			`if err != nil {`
			`starlog.Errorln("Load X509 Key Pair Failed:", err)`
			`return nil, err`
			`}`
			`n.outTlsCertCache = cert`
			`}`
add more nat func 2024-06-29 20:06:14 +08:00			`cfg := net.ListenConfig{`
			`Control: func(network, address string, c syscall.RawConn) error {`
			`return c.Control(SetReUseAddr)`
			`},`
			`}`
update 2025-06-17 13:10:35 +08:00			`listener, err := cfg.Listen(context.Background(), "tcp", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))`
			`if !n.inTls {`
			`return listener, err`
			`}`
			`var caPool *x509.CertPool`
			`if n.inTlsAutoGen {`
			`if n.toolCa == nil {`
			`n.toolCa, n.toolCaKey = utils.ToolCert("")`
			`if n.toolCa != nil {`
			`caPool = x509.NewCertPool()`
			`caPool.AddCert(n.toolCa)`
			`}`
			`}`
			`}`
			`if len(n.CaCerts) > 0 {`
			`if caPool == nil {`
			`caPool = x509.NewCertPool()`
			`}`
			`for _, ca := range n.CaCerts {`
			`data, err := os.ReadFile(ca)`
			`if err != nil {`
			`starlog.Errorln("Read CA Cert Failed:", err)`
			`listener.Close()`
			`return nil, err`
			`}`
			`if !caPool.AppendCertsFromPEM(data) {`
			`starlog.Errorln("Append CA Cert Failed:", ca)`
			`listener.Close()`
			`return nil, fmt.Errorf("append ca cert %s failed", ca)`
			`}`
			`}`
			`n.caPool = caPool`
			`}`
			`var tlsConfig = &tls.Config{`
			`Certificates: nil,`
			`RootCAs: caPool,`
			`InsecureSkipVerify: n.inTlsSkipVerify,`
			`}`
			`if !n.inTlsAutoGen && (n.inTlsCert != "" \|\| n.inTlsKey != "") {`
			`cert, err := tls.LoadX509KeyPair(n.inTlsCert, n.inTlsKey)`
			`if err != nil {`
			`starlog.Errorln("Load X509 Key Pair Failed:", err)`
			`listener.Close()`
			`return nil, err`
			`}`
			`tlsConfig.Certificates = []tls.Certificate{cert}`
			`}`
			`if n.inTlsAutoGen {`
			`return starnet.ListenWithListener(listener, tlsConfig, n.autoGenCert, n.allowNoTls)`
			`}`
			`return starnet.ListenWithListener(listener, tlsConfig, nil, n.allowNoTls)`
			`}`

			`func (n NetForward) autoGenCert(hostname string) tls.Config {`
			`if cert, ok := n.certCache[hostname]; ok {`
			`return &tls.Config{Certificates: []tls.Certificate{cert}}`
			`}`
			`if n.toolCa == nil {`
			`n.toolCa, n.toolCaKey = utils.ToolCert("")`
			`}`
			`cert, err := utils.GenerateTlsCert(utils.GenerateCertParams{`
			`Country: "CN",`
			`Organization: "B612 HTTP SERVER",`
			`OrganizationUnit: "cert@b612.me",`
			`CommonName: hostname,`
			`Dns: []string{hostname},`
			`KeyUsage: int(x509.KeyUsageDigitalSignature \| x509.KeyUsageKeyEncipherment \| x509.KeyUsageCertSign),`
			`ExtendedKeyUsage: []int{`
			`int(x509.ExtKeyUsageServerAuth),`
			`int(x509.ExtKeyUsageClientAuth),`
			`},`
			`IsCA: false,`
			`StartDate: time.Now().Add(-24 * time.Hour),`
			`EndDate: time.Now().AddDate(1, 0, 0),`
			`Type: "RSA",`
			`Bits: 2048,`
			`CA: n.toolCa,`
			`CAPriv: n.toolCaKey,`
			`})`
			`if err != nil {`
			`return nil`
			`}`
			`n.certCache[hostname] = cert`
			`return &tls.Config{Certificates: []tls.Certificate{cert}}`
			`}`

			`func (n *NetForward) runTCP() error {`
			`atomic.AddInt32(&n.running, 1)`
			`defer atomic.AddInt32(&n.running, -1)`
			`listen, err := n.TcpListener()`
init 2023-04-04 14:11:09 +08:00			`if err != nil {`
			`starlog.Errorln("Listening On Tcp Failed:", err)`
			`return err`
			`}`
			`go func() {`
			`<-n.stopCtx.Done()`
			`listen.Close()`
			`}()`
			`starlog.Infof("Listening TCP on %v\n", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))`
			`for {`
update 2024-02-04 13:17:47 +08:00			`select {`
			`case <-n.stopCtx.Done():`
			`return nil`
			`default:`
			`}`
init 2023-04-04 14:11:09 +08:00			`conn, err := listen.Accept()`
			`if err != nil {`
			`continue`
			`}`
			`log := starlog.Std.NewFlag()`
			`log.Infof("Accept New TCP Conn from %v\n", conn.RemoteAddr().String())`
update 2024-03-25 09:43:07 +08:00			`if n.DelayMilSec > 0 && (n.DelayToward == 0 \|\| n.DelayToward == 1) {`
			`log.Infof("Delay %d ms\n", n.DelayMilSec)`
			`time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))`
			`}`
update 2025-06-17 13:10:35 +08:00			`switch c := conn.(type) {`
			`case *net.TCPConn:`
			`err = SetTcpInfo(c, n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)`
			`case *starnet.Conn:`
			`err = SetTcpInfo(c.Conn.(*net.TCPConn), n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)`
			`}`

add tcp debug cmd 2024-04-28 08:37:32 +08:00			`if err != nil {`
			`log.Errorf("SetTcpInfo error for %s: %v\n", conn.RemoteAddr().String(), err)`
			`conn.Close()`
			`continue`
			`}`
init 2023-04-04 14:11:09 +08:00			`go func(conn net.Conn) {`
			`rmt, err := net.DialTimeout("tcp", n.RemoteURI, n.DialTimeout)`
			`if err != nil {`
update 2024-02-04 13:17:47 +08:00			`log.Errorf("TCP:Dial Remote %s Failed:%v\n", n.RemoteURI, err)`
init 2023-04-04 14:11:09 +08:00			`conn.Close()`
			`return`
			`}`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`err = SetTcpInfo(rmt.(*net.TCPConn), n.UsingKeepAlive, n.KeepAliveIdel, n.KeepAlivePeriod, n.KeepAliveCount, n.UserTimeout)`
			`if err != nil {`
			`log.Errorf("SetTcpInfo error for %s: %v\n", conn.RemoteAddr().String(), err)`
			`rmt.Close()`
			`return`
			`}`
update 2024-02-04 13:17:47 +08:00			`log.Infof("TCP Connect %s <==> %s\n", conn.RemoteAddr().String(), rmt.RemoteAddr().String())`
update 2025-06-17 13:10:35 +08:00			`if n.outTls {`
			`serverName, _, _ := net.SplitHostPort(n.RemoteURI)`
			`tlsConfig := &tls.Config{`
			`InsecureSkipVerify: n.outTlsSkipVerify,`
			`RootCAs: n.caPool,`
			`ServerName: serverName,`
			`}`
			`if n.outTlsCert != "" && n.outTlsKey != "" {`
			`tlsConfig.Certificates = []tls.Certificate{n.outTlsCertCache}`
			`}`
			`rmt = tls.Client(rmt, tlsConfig)`
			`if err := rmt.(*tls.Conn).Handshake(); err != nil {`
			`log.Errorf("TLS Handshake Failed: %v\n", err)`
			`conn.Close()`
			`rmt.Close()`
			`return`
			`}`
			`}`
add hook for net forward 2024-03-22 14:45:00 +08:00			`n.copy(rmt, conn)`
add hook for net forward 2024-03-22 15:16:14 +08:00			`log.Noticef("TCP Connection Closed %s <==> %s\n", conn.RemoteAddr().String(), n.RemoteURI)`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`conn.Close()`
			`rmt.Close()`
init 2023-04-04 14:11:09 +08:00			`}(conn)`
			`}`
			`}`

			`type UDPConn struct {`
			`net.Conn`
			`listen *net.UDPConn`
			`remoteAddr *net.UDPAddr`
			`lastbeat int64`
			`}`

update 2024-09-15 15:27:50 +08:00			`func (u *UDPConn) Write(p []byte) (n int, err error) {`
init 2023-04-04 14:11:09 +08:00			`u.lastbeat = time.Now().Unix()`
			`return u.Conn.Write(p)`
			`}`

update 2024-09-15 15:27:50 +08:00			`func (u *UDPConn) Read(p []byte) (n int, err error) {`
init 2023-04-04 14:11:09 +08:00			`u.lastbeat = time.Now().Unix()`
			`return u.Conn.Read(p)`
			`}`

update 2024-09-15 15:27:50 +08:00			`func (u *UDPConn) Work(delay int, verbose bool) {`
init 2023-04-04 14:11:09 +08:00			`buf := make([]byte, 8192)`
			`for {`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if delay > 0 {`
			`time.Sleep(time.Millisecond * time.Duration(delay))`
			`}`
init 2023-04-04 14:11:09 +08:00			`count, err := u.Read(buf)`
			`if err != nil {`
			`u.Close()`
			`u.lastbeat = 0`
			`return`
			`}`
update 2024-09-15 15:27:50 +08:00			`if verbose {`
			`fmt.Printf("U %v Recv Data %s ==> %s %X\n", time.Now().Format("2006-01-02 15:04:05"), u.Conn.RemoteAddr().String(), u.remoteAddr.String(), buf[0:count])`
			`}`
			`_, err = u.listen.WriteTo(buf[0:count], u.remoteAddr)`
init 2023-04-04 14:11:09 +08:00			`if err != nil {`
			`u.lastbeat = 0`
			`return`
			`}`
			`}`
			`}`

			`func (n *NetForward) runUDP() error {`
			`var mu sync.RWMutex`
update 2024-02-04 13:17:47 +08:00			`atomic.AddInt32(&n.running, 1)`
			`defer atomic.AddInt32(&n.running, -1)`
init 2023-04-04 14:11:09 +08:00			`udpAddr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%v", n.LocalAddr, n.LocalPort))`
			`if err != nil {`
			`return err`
			`}`
			`listen, err := net.ListenUDP("udp", udpAddr)`
			`if err != nil {`
			`return err`
			`}`
update 2024-09-15 15:27:50 +08:00			`n.udpListener = listen`
init 2023-04-04 14:11:09 +08:00			`starlog.Infof("Listening UDP on %v\n", fmt.Sprintf("%s:%d", n.LocalAddr, n.LocalPort))`
			`go func() {`
			`<-n.stopCtx.Done()`
			`listen.Close()`
			`}()`
update 2024-09-15 15:27:50 +08:00			`udpMap := make(map[string]*UDPConn)`
init 2023-04-04 14:11:09 +08:00			`go func() {`
			`for {`
			`select {`
			`case <-n.stopCtx.Done():`
			`return`
			`case <-time.After(time.Second * 60):`
			`mu.Lock()`
			`for k, v := range udpMap {`
			`if time.Now().Unix() > int64(n.UDPTimeout.Seconds())+v.lastbeat {`
			`delete(udpMap, k)`
update 2024-02-04 13:17:47 +08:00			`starlog.Noticef("UDP Connection Closed %s <==> %s\n", v.remoteAddr.String(), n.RemoteURI)`
init 2023-04-04 14:11:09 +08:00			`}`
			`}`
			`mu.Unlock()`
			`}`
			`}`
			`}()`
			`buf := make([]byte, 8192)`
			`for {`
update 2024-02-04 13:17:47 +08:00			`select {`
			`case <-n.stopCtx.Done():`
			`return nil`
			`default:`
			`}`
init 2023-04-04 14:11:09 +08:00			`count, rmt, err := listen.ReadFromUDP(buf)`
			`if err != nil \|\| rmt.String() == n.RemoteURI {`
			`continue`
			`}`
update 2024-09-15 15:27:50 +08:00			`{`
			`//hooks`
			`if n.UdpHooks != nil {`
			`if m, ok := n.UdpHooks[rmt.String()]; ok {`
			`if m.Free() > 0 {`
			`if n.Verbose {`
			`starlog.Noticef("Hooked UDP Data %s ==> %s %X\n", rmt.String(), n.RemoteURI, buf[0:count])`
			`} else {`
			`starlog.Noticef("Hooked UDP Data %s ==> %s\n", rmt.String(), n.RemoteURI)`
			`}`
			`m.Push(buf[0:count])`
			`continue`
			`}`
			`}`
			`}`
			`}`
init 2023-04-04 14:11:09 +08:00			`go func(data []byte, rmt *net.UDPAddr) {`
			`log := starlog.Std.NewFlag()`
			`mu.Lock()`
			`addr, ok := udpMap[rmt.String()]`
			`if !ok {`
			`log.Infof("Accept New UDP Conn from %v\n", rmt.String())`
			`conn, err := net.Dial("udp", n.RemoteURI)`
			`if err != nil {`
update 2024-02-04 13:17:47 +08:00			`log.Errorf("UDP:Dial Remote %s Failed:%v\n", n.RemoteURI, err)`
init 2023-04-04 14:11:09 +08:00			`mu.Unlock()`
			`return`
			`}`
update 2024-09-15 15:27:50 +08:00			`addr = &UDPConn{`
init 2023-04-04 14:11:09 +08:00			`Conn: conn,`
			`remoteAddr: rmt,`
			`listen: listen,`
			`lastbeat: time.Now().Unix(),`
			`}`
			`udpMap[rmt.String()] = addr`
update 2024-09-15 15:27:50 +08:00			`go addr.Work(n.DelayMilSec, n.Verbose)`
update 2024-02-04 13:17:47 +08:00			`log.Infof("UDP Connect %s <==> %s\n", rmt.String(), n.RemoteURI)`
init 2023-04-04 14:11:09 +08:00			`}`
			`mu.Unlock()`
add hook for net forward 2024-03-22 14:45:00 +08:00			`if n.DelayMilSec > 0 \|\| (n.DelayToward == 0 \|\| n.DelayToward == 1) {`
add hook for net forward 2024-03-22 14:37:42 +08:00			`time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))`
			`}`
update 2024-09-15 15:27:50 +08:00			`if n.Verbose {`
			`fmt.Printf("T %v Recv Data %s ==> %s %X\n", time.Now().Format("2006-01-02 15:04:05"), rmt.String(), n.RemoteURI, data)`
			`}`
init 2023-04-04 14:11:09 +08:00			`_, err := addr.Write(data)`
			`if err != nil {`
			`mu.Lock()`
			`addr.Close()`
			`delete(udpMap, addr.remoteAddr.String())`
			`mu.Unlock()`
update 2024-02-04 13:17:47 +08:00			`log.Noticef("UDP Connection Closed %s <==> %s\n", rmt.String(), n.RemoteURI)`
init 2023-04-04 14:11:09 +08:00			`}`
			`}(buf[0:count], rmt)`
			`}`
			`}`

update 2024-09-15 15:27:50 +08:00			`func (n *NetForward) showVerbose(toward, src, dst string, data []byte) {`
			`if n.Verbose {`
			`fmt.Printf("%s %v Recv Data %s ==> %s %X\n", toward, time.Now().Format("2006-01-02 15:04:05"), src, dst, data)`
			`}`
			`}`

add hook for net forward 2024-03-22 14:45:00 +08:00			`func (n *NetForward) copy(dst, src net.Conn) {`
init 2023-04-04 14:11:09 +08:00			`var wg sync.WaitGroup`
			`wg.Add(2)`
			`go func() {`
			`defer wg.Done()`
add hook for net forward 2024-03-22 14:37:42 +08:00			`bufsize := make([]byte, 32*1024)`
			`for {`
update 2024-03-25 09:43:07 +08:00			`count, err := src.Read(bufsize)`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if err != nil {`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`if n.IgnoreEof && err == io.EOF {`
			`continue`
			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`dst.Close()`
			`src.Close()`
			`return`
			`}`
update 2024-09-15 15:27:50 +08:00			`n.showVerbose("T", src.RemoteAddr().String(), dst.RemoteAddr().String(), bufsize[:count])`
update 2024-03-25 09:43:07 +08:00			`_, err = dst.Write(bufsize[:count])`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if err != nil {`
			`src.Close()`
			`dst.Close()`
			`return`
			`}`
update 2024-03-25 09:43:07 +08:00			`if n.DelayMilSec > 0 && (n.DelayToward == 0 \|\| n.DelayToward == 1) {`
			`time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))`
			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`}`
init 2023-04-04 14:11:09 +08:00			`}()`
			`go func() {`
			`defer wg.Done()`
add hook for net forward 2024-03-22 14:37:42 +08:00			`bufsize := make([]byte, 32*1024)`
			`for {`
update 2024-03-25 09:43:07 +08:00			`count, err := dst.Read(bufsize)`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if err != nil {`
add tcp debug cmd 2024-04-28 08:37:32 +08:00			`if n.IgnoreEof && err == io.EOF {`
			`continue`
			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`src.Close()`
			`dst.Close()`
			`return`
			`}`
update 2024-09-15 15:27:50 +08:00			`n.showVerbose("U", dst.RemoteAddr().String(), src.RemoteAddr().String(), bufsize[:count])`
update 2024-03-25 09:43:07 +08:00			`_, err = src.Write(bufsize[:count])`
add hook for net forward 2024-03-22 14:37:42 +08:00			`if err != nil {`
			`src.Close()`
			`dst.Close()`
			`return`
			`}`
update 2024-03-25 09:43:07 +08:00			`if n.DelayMilSec > 0 && (n.DelayToward == 0 \|\| n.DelayToward == 2) {`
			`time.Sleep(time.Millisecond * time.Duration(n.DelayMilSec))`
			`}`
add hook for net forward 2024-03-22 14:37:42 +08:00			`}`
init 2023-04-04 14:11:09 +08:00			`}()`
			`wg.Wait()`
			`}`