Rename denyIPs field to denyNets, supporting blacklist configuration with CIDR ranges. Now supports both individual IP addresses and CIDR subnet masks as deny rules, with IPv4 automatically converted to /32 and IPv6 to /128, using the Contains method for more flexible subnet matching.
- Add Validate method to ServerConfig to validate port ranges, domain format, TCP port ranges, and other configuration items
- Add configuration validation logic in server.go to ensure valid configuration before server startup
- Improve channel naming in TCP connections for better code readability
- Enhance data copying mechanism with context cancellation support to avoid resource leaks
- Add private network definitions for secure validation of trusted proxy headers
fix(proxy): Strengthen client IP extraction security and fix error handling
- Trust X-Forwarded-For and X-Real-IP headers only when requests originate from private/loopback networks
- Define RFC 1918 and other private network ranges for proxy header validation
- Add JSON serialization error handling in TCP connections to prevent data loss
- Fix context handling logic in pipe callbacks
- Optimize error handling mechanism for data connection responses
refactor(config): Improve client configuration validation and error handling
- Add Validate method to ClientConfig to verify server address format and port validity
- Change configuration validation from simple checks to full validation function calls
- Provide more detailed error messages to help users correctly configure server address formats
- Implement IP whitelist/blacklist access control mechanism
- Add --allow-ip and --deny-ip command-line arguments to configure IP access rules
- Support CIDR format for IP range configuration
- Enable IP access control in HTTP, HTTPS, and TCP tunnels
- Add IP access check logic to server-side proxy handling
- Update documentation to explain how to use IP access control
- Removed the manual performance optimization configuration in main.go and replaced it with a new tuning module.
- Add patterned GC tuning in server.go and tunnel_runner.go
- Updated yamux configuration to a unified optimized configuration to improve throughput.
- Implement connection pool preheating function to eliminate cold start delay.
- Optimize session selection using a min-heap, reducing the time complexity from O(n) to O(log n).
- Add a bufio.Reader pool and a buffer pool to reduce memory allocation.
- Implement a fragmented lock manager to improve performance under high concurrency.
- Adjust heartbeat and timeout configurations to suit high-throughput scenarios
BREAKING CHANGE: Manual GC tuning configuration has been removed; automatic tuning mode is now used.
- Introduce pooled tunnel sessions (TunnelID/DataConnect) on client/server
- Proxy HTTP/HTTPS via raw HTTP over yamux streams; pipe TCP streams directly
- Move UI/stats into internal/shared; refactor CLI tunnel helpers; drop msgpack/hpack legacy
