- Implement client bandwidth limitation parameter --bandwidth, supporting 1M, 1MB, 1G and other formats
- Added parseBandwidth function to parse bandwidth values and verify them
- Added bandwidth limit option in HTTP, HTTPS, TCP commands
- Pass bandwidth configuration to the server through protocol
- Add relevant test cases to verify the bandwidth analysis function
feat(server): implements server-side bandwidth limitation function
- Add bandwidth limitation logic in connection processing, using token bucket algorithm
- Implement an effective rate limiting strategy that minimizes the bandwidth of the client and server
- Added QoS limiter and restricted connection wrapper
- Integrated bandwidth throttling in HTTP and WebSocket proxies
- Added global bandwidth limit and burst multiplier settings in server configuration
docs: Updated documentation to describe bandwidth limiting functionality
- Add 2025-02-14 version update instructions in README and README_CN
- Add bandwidth limit function description and usage examples
- Provide client and server configuration examples and parameter descriptions
- Add Bearer Token authentication, supporting tunnel access control via the --auth-bearer parameter
- Refactor large modules into smaller, more focused components to improve code maintainability
- Update dependency versions, including golang.org/x/crypto, golang.org/x/net, etc.
- Add SilenceUsage and SilenceErrors configuration for all CLI commands
- Modify connector configuration structure to support the new authentication method
- Update recent change log in README with new feature descriptions
BREAKING CHANGE: Authentication via Bearer Token is now supported, requiring the new --auth-bearer parameter
- Add serverDomain and tunnelDomain fields to the Handler struct to distinguish between service domain and tunnel domain
- Modify the NewHandler function signature to support passing two separate domain parameters
- Update the extractSubdomain method to return a subdomain result type with three states: home, found, notFound
- Add serveTunnelNotFound method to handle tunnel not found cases, returning a 404 page
- Add favicon support to display an icon on the page
- Adjust routing logic to display a dedicated 404 page when accessing a tunnel domain but the corresponding tunnel is not found
Added predefined tunnel functionality, allowing users to define multiple tunnels in the configuration file and start them by name, including the following improvements:
- Added --all flag to start all configured tunnels
- Added parameterless start command to list available tunnels
- Support configuration of multiple tunnel types (http, https, tcp)
- Support advanced configurations such as subdomains, transport protocols, and IP allowlists
refactor(deployments): Refactor Docker deployment configuration
Removed old Dockerfile and Compose configurations, added new deployment files:
- Removed .env.example and old Docker build files
- Added Caddy reverse proxy configuration file
- Added two deployment modes: standard and Caddy reverse proxy
- Added detailed server configuration example files
docs: Update documentation to include tunnel configuration and deployment guide
Updated Chinese and English README documents:
- Added usage instructions and configuration examples for predefined tunnels
- Expanded server deployment section to include direct TLS and reverse proxy modes
- Added server configuration reference table with detailed configuration item descriptions
- Added specific configuration methods for Caddy and Nginx reverse proxies
Added --transport parameter to allow users to select transport protocol type:
- auto: automatically choose based on server address (default)
- tcp: direct TLS 1.3 connection
- wss: WebSocket over TLS (CDN-friendly)
Also updated client connector to support WebSocket transport, and added server-side discovery endpoint to query supported transport protocols.
Add the --auth parameter to enable proxy authentication for HTTP and HTTPS tunnels, supporting password verification and session management.
- Add --auth flag in CLI to set proxy authentication password
- Implement server-side authentication handling and login page
- Support Cookie-based session management and validation
- Add protocol message definitions related to authentication
- Add Validate method to ServerConfig to validate port ranges, domain format, TCP port ranges, and other configuration items
- Add configuration validation logic in server.go to ensure valid configuration before server startup
- Improve channel naming in TCP connections for better code readability
- Enhance data copying mechanism with context cancellation support to avoid resource leaks
- Add private network definitions for secure validation of trusted proxy headers
fix(proxy): Strengthen client IP extraction security and fix error handling
- Trust X-Forwarded-For and X-Real-IP headers only when requests originate from private/loopback networks
- Define RFC 1918 and other private network ranges for proxy header validation
- Add JSON serialization error handling in TCP connections to prevent data loss
- Fix context handling logic in pipe callbacks
- Optimize error handling mechanism for data connection responses
refactor(config): Improve client configuration validation and error handling
- Add Validate method to ClientConfig to verify server address format and port validity
- Change configuration validation from simple checks to full validation function calls
- Provide more detailed error messages to help users correctly configure server address formats
- Implement IP whitelist/blacklist access control mechanism
- Add --allow-ip and --deny-ip command-line arguments to configure IP access rules
- Support CIDR format for IP range configuration
- Enable IP access control in HTTP, HTTPS, and TCP tunnels
- Add IP access check logic to server-side proxy handling
- Update documentation to explain how to use IP access control
- Add a new `server config` command to display server configuration.
- Supports displaying the full token via the --full flag.
- Add the metrics-token configuration option for monitoring access control.
- Integrate Prometheus metrics monitoring system
- Add the /metrics endpoint to provide monitoring data in Prometheus format.
- Add detailed metric collection for tunnels, connections, traffic, etc.
- Add a link to the metrics endpoint on the homepage
refactor: Refactor the token display logic to support full display options.
- Refactor the token mask logic in the configuration display
- Supports controlling the token display method via the configFull flag.
build: Update dependency versions
- Updated github.com/spf13/cobra from v1.10.1 to v1.10.2
- Updated golang.org/x/crypto from v0.45.0 to v0.46.0
- Updated golang.org/x/net from v0.47.0 to v0.48.0
- Update golang.org/x/sys from v0.38.0 to v0.39.0
- Added several new indirect dependency packages, including Prometheus-related components.
- Update the versions of several existing dependency packages.
- Removed the manual performance optimization configuration in main.go and replaced it with a new tuning module.
- Add patterned GC tuning in server.go and tunnel_runner.go
- Updated yamux configuration to a unified optimized configuration to improve throughput.
- Implement connection pool preheating function to eliminate cold start delay.
- Optimize session selection using a min-heap, reducing the time complexity from O(n) to O(log n).
- Add a bufio.Reader pool and a buffer pool to reduce memory allocation.
- Implement a fragmented lock manager to improve performance under high concurrency.
- Adjust heartbeat and timeout configurations to suit high-throughput scenarios
BREAKING CHANGE: Manual GC tuning configuration has been removed; automatic tuning mode is now used.
Persist the assigned subdomain after first connect so reconnects reuse it.
Allow reserving a specific TCP port when the subdomain is tcp-<port> to prevent port drift.
- Added support for parsing the --address/-a and --server/-s parameters.
- At startup, attempt to load the server address from the configuration file.
- Wait and retrieve runtime information for the daemon (such as the URL).
- Optimized UI display: Shows forwarding address, server address, and access link.
- Supports centering the generated tunnel URL information in the terminal.
- Added the utility functions parseFlagValue and waitForDaemonInfo for parameter parsing and status waiting.
- Introduce pooled tunnel sessions (TunnelID/DataConnect) on client/server
- Proxy HTTP/HTTPS via raw HTTP over yamux streams; pipe TCP streams directly
- Move UI/stats into internal/shared; refactor CLI tunnel helpers; drop msgpack/hpack legacy
A new FlowControl frame type has been added for backpressure control between the client and server, and SafeFrame has been introduced.
Frame resource management has been encapsulated to ensure that frame data is correctly returned to the memory pool after use. The frame processing logic has also been optimized.
The way frame.Release() is called improves code security and maintainability.
feat(client): Implements queue pressure monitoring and flow control signal sending functions.
Add the `monitorQueuePressure` method to periodically check the length of the `dataFrameQueue`, and trigger an alarm when the queue usage exceeds a threshold.
Automatically send flow control commands to the server to pause or resume writing, preventing data backlog and connection interruptions caused by slow consumption speed.
feat(server): Supports receiving and responding to flow control requests from clients.
The `handleFlowControl` and `sendWithBackpressure` methods have been added to enable backpressure control of received data frames on the server side.
By blocking the sending process using a condition variable until the client releases the pause state, connection stability is ensured under high load.
refactor(client): Reduces redundant resource release operations during frame processing.
Use SafeFrame to manage frame lifecycles uniformly, replacing manual frame.Release() with defer sf.Close() in multiple frame handlers.
This avoids the risk of memory leaks caused by unreleased abnormal paths.
perf(client): Shorten the shutdown timeout to speed up resource reclamation.
The forced shutdown wait time in the tunnel runner and connector has been adjusted from 5 seconds and 3 seconds to 2 seconds to improve the program exit response speed.
- Adjust the delayed formatting function to prioritize checking if the delay is 0 to avoid displaying errors.
- When the delay is less than 1 millisecond, it is displayed in microseconds to improve the precision of the expression.
feat (constants): Shorten heart rate intervals and timeouts to improve response speed.
- Adjust HeartbeatInterval from 5 seconds to 2 seconds
- Adjust HeartbeatTimeout from 15 seconds to 6 seconds
- Improve the sensitivity of heartbeat detection between the client and the server
- Added support for HTTPS tunnel types to the `drip stop` command and updated the example documentation.
- Optimized token display logic to adapt to token formats of different lengths.
- Adjust the alignment of FrameHandler buffer read/write and timeout configuration formats.
- Move the error handling logic location to ensure data read integrity.
- Introducing context to control request lifecycle and supporting cancel transfer in proxy handlers
- The hop-by-hop header judgment format in the unified response header filtering rules
- Add a context-aware streaming request cancellation mechanism and extend the channel cleanup timeout.
- Add a context control field to the TCP connection structure to support connection lifecycle management.
- Format the httpResponseWriter field comments
- Explicitly included golang.org/x/sys v0.38.0 in go.mod and removed indirect references
- Optimized process liveness detection logic on Windows platforms using the golang.org/x/sys/windows package
- Used OpenProcess and GetExitCodeProcess instead of Signal detection methods to improve accuracy
- Updated command-line output and added an ASCII banner to improve user experience
- Added blank lines to the github.com/spf13/cobra package to standardize import format
Added the `--short` flag to the `version` command for printing version information without styles.
In this mode, only the version, Git commit hash, and build time in plain text format will be output, facilitating script parsing.
Optimized Windows process detection logic to improve runtime accuracy.
Removed redundant comments and simplified signal checking methods, making the code clearer and easier to maintain.
refactor(protocol): Replaced string matching of data frame types with enumeration types.
Unified the representation of data frame types in the protocol, using the `DataType` enumeration to improve performance and readability.
Introduced a pooled buffer mechanism to improve memory efficiency in high-load scenarios.
refactor(ui): Adjusted style definitions, removing hard-coded color values.
Removed fixed color settings from some lipgloss styles, providing flexibility for future theme customization.
``` docs(install): Improved the version extraction function in the installation script.
Added the `get_version_from_binary` function to enhance version identification capabilities, prioritizing plain mode output, ensuring accurate version number acquisition for the drip client or server across different terminal environments.
perf(tcp): Improved TCP processing performance and connection management capabilities.
Adjusted HTTP client transmission parameter configuration, increasing the maximum number of idle connections to accommodate higher concurrent requests.
Improved error handling logic, adding special checks for common cases such as closing network connections to avoid log pollution.
chore(writer): Expanded the FrameWriter queue length to improve batch write stability.
Increased the FrameWriter queue size from 1024 to 2048, and released pooled resources after flushing, better handling sudden traffic spikes and reducing memory usage fluctuations.
Added a heartbeatControl channel to support dynamic start/stop of the heartbeat function and optimized related resource management logic,
ensuring that the heartbeat ticker can be correctly stopped and rebuilt. Also adjusted the field initialization order to ensure concurrency safety.
fix(ui): Improved the tunnel connection status display style
Updated the URL line display content, added the "(forwarded link)" prompt text; adjusted the style layout of the local forwarding address and prompt information,
making the interface clearer and easier to read.
- Optimized terminal output style and configuration management using libraries such as `lipgloss` and `go-json`
- Introduced the `ui` package to unify the display logic of colors, tables, and prompts
- Updated the README document structure and installation script links to improve readability and internationalization support
- Improved the interaction flow and log display effects of the daemon startup and attach commands
- Fixed some command parameter parsing issues, improving program robustness and user onboarding experience
