Merge branch 'develop', add English sample rc.

README-en.md

@@ -25,9 +25,7 @@ Install:
 - **Windows:** [download](http://dl.chenyufei.info/cow/)
 - If you are familiar with Go, run `go get github.com/cyfdecyf/cow` to install from source.
 
-Modify configuration file `~/.cow/rc` (Linux) or `rc.txt` (Windows). A simple example:
-
-Here's an example with the most important options:
+Modify configuration file `~/.cow/rc` (OS X or Linux) or `rc.txt` (Windows). A simple example with the most important options:
 
     # Line starting with # is comment and will be ignored
     # Local proxy listen address
@@ -43,6 +41,8 @@ Here's an example with the most important options:
     # cow parent proxy
     proxy = cow://aes-128-cfb:[email protected]:8388
 
+See [detailed configuration example](doc/sample-config/rc-en) for other features.
+
 The PAC file can be accessed at `http://<listen>/pac`, for the above example: `http://127.0.0.1:7777/pac`.
 
 Command line options can override options in the configuration file For more details, see the output of `cow -h`

config.go

@@ -205,22 +205,21 @@ func (pp proxyParser) ProxyHttp(val string) {
 
 // Parse method:passwd@server:port
 func parseMethodPasswdServer(val string) (method, passwd, server string, err error) {
-	arr := strings.Split(val, "@")
-	if len(arr) < 2 {
+	// Use the right-most @ symbol to seperate method:passwd and server:port.
+	idx := strings.LastIndex(val, "@")
+	if idx == -1 {
 		err = errors.New("requires both encrypt method and password")
 		return
-	} else if len(arr) > 2 {
-		err = errors.New("contains too many @")
-		return
 	}
 
-	methodPasswd := arr[0]
-	server = arr[1]
+	methodPasswd := val[:idx]
+	server = val[idx+1:]
 	if err = checkServerAddr(server); err != nil {
 		return
 	}
 
-	arr = strings.Split(methodPasswd, ":")
+	// Password can have : inside, but I don't recommend this.
+	arr := strings.SplitN(methodPasswd, ":", 2)
 	if len(arr) != 2 {
 		err = errors.New("method and password should be separated by :")
 		return
@@ -242,25 +241,17 @@ func (pp proxyParser) ProxySs(val string) {
 }
 
 func (pp proxyParser) ProxyCow(val string) {
-	arr := strings.Split(val, "@")
-	if len(arr) < 2 {
-		Fatal("cow parent needs encrypt method and password")
-	} else if len(arr) > 2 {
-		Fatal("cow parent contains too many @")
+	method, passwd, server, err := parseMethodPasswdServer(val)
+	if err != nil {
+		Fatal("cow parent", err)
 	}
 
-	methodPasswd := arr[0]
-	server := arr[1]
 	if err := checkServerAddr(server); err != nil {
 		Fatal("parent cow server", err)
 	}
 
-	arr = strings.Split(methodPasswd, ":")
-	if len(arr) != 2 {
-		Fatal("cow parent method password should be separated by :")
-	}
 	config.saveReqLine = true
-	parent := newCowParent(server, arr[0], arr[1])
+	parent := newCowParent(server, method, passwd)
 	parentProxy.add(parent)
 }
 

doc/sample-config/rc

@@ -118,6 +118,9 @@ listen = http://127.0.0.1:7777
 # 高级选项
 #############################
 
+# 将指定的 HTTP error code 认为是被干扰，使用二级代理重试，默认为空
+#httpErrorCode =
+
 # 最多允许使用多少个 CPU 核
 #core = 2
 

doc/sample-config/rc-en

@@ -0,0 +1,171 @@
+# Lines starting with "#" are comments.
+#
+# Listen address of the proxy server, repeat to specify multiple ones.
+# Syntax:
+#
+#   listen = protocol://[optional@]server_address:server_port
+#
+# Supported protocols:
+#
+# HTTP (provides http proxy):
+#   listen = http://127.0.0.1:7777
+#
+#   The generated PAC url in the above example is http://127.0.0.1:7777/pac
+#
+# cow (need two cow servers to use this protocol):
+#   listen = cow://encrypt_method:[email protected]:5678
+#
+# 	Suppose 1.2.3.4:5678 is outside your country and the network is not
+#   disturbed, then COW running in your own country should configure it
+#   as parent proxy. The two COW servers will use encrypted connection to
+# 	pass data. The encryption method used is the same as shadowsocks.
+#
+# Note:
+# - If server_address is 0.0.0.0, listen all IP addresses on the system.
+# - The following syntax can specify the proxy address in the generated PAC.
+#	(Use this if you are using port forwarding to provide COW to external network.)
+#
+#       listen = http://127.0.0.1:7777 1.2.3.4:5678
+#
+listen = http://127.0.0.1:7777
+
+# Log file path, defaults to stdout
+#logFile =
+
+# By default, COW only uses parent proxy if the site is blocked.
+# If the following option is true, COW will use parent proxy for all sites.
+#alwaysProxy = false
+
+# With multiple parent proxies, COW can employ one of the load balancing
+# strategies:
+#
+#   backup:  default policy, use the first prarent proxy in config,
+#            the others are just backup
+#   hash:    hash to a specific parent proxy according to host name
+#   latency: use the parent proxy with lowest connection latency
+#
+# When one parent proxy fails to connect, COW will try other parent proxies
+# in order.
+# Failed parent proxy will be tried with some probability, so they will be
+# used again after recovery.
+#loadBalance = backup
+
+#############################
+# Specify parent proxy
+#############################
+
+# Parent proxies are specified with a generic syntax (following RFC 3986):
+#
+#   proxy = protocol://[authinfo@]server:port
+#
+# Repeat to specify multiple parent proxies. Backup load balancing will use
+# them in order if one fails to connect.
+#
+# Supported parent proxies and config example:
+#
+# SOCKS5:
+#   proxy = socks5://127.0.0.1:1080
+#
+# HTTP:
+#   proxy = http://127.0.0.1:8080
+#   proxy = http://user:[email protected]:8080
+#
+# 	authinfo is optional
+#
+# shadowsocks:
+#   proxy = ss://encrypt_method:[email protected]:8388
+#
+#   authinfo specifies encryption method and password.
+#   Here are the supported encryption methods:
+#
+#     aes-128-cfb, aes-192-cfb, aes-256-cfb,
+#     bf-cfb, cast5-cfb, des-cfb, table, rc4
+#
+#   aes-128-cfb is recommended.
+#
+# cow:
+#   proxy = cow://method:[email protected]:4321
+#
+#   authinfo is the same as shadowsocks parent proxy
+
+
+#############################
+# Run ssh command to create SOCKS5 parent proxy
+#############################
+
+# Note: shadowsocks is better, use it if you can.
+
+# The following option lets COW execute ssh command to create local
+# SOCKS5 proxy and automatically re-execute if ssh connection is closed.
+# The created SOCKS5 proxy will be used as a parent proxy.
+# The option can be repeated to create multiple SOCKS5 proxies.
+#
+# Note: requires ssh command and must use ssh public key authentication.
+#
+# COW will execute the following command if the option is given:
+#
+#     ssh -n -N -D <local_socks_port> -p <server_ssh_port> <user@server>
+#
+# server_ssh_port defaults to 22
+# Please modify ~/.ssh/config to specify other ssh options
+#sshServer = user@server:local_socks_port[:server_ssh_port]
+
+#############################
+# Authentication
+#############################
+
+# Specify allowed IP address (IPv4 and IPv6) or sub-network (only IPv4).
+# Don't forget to specify 127.0.0.1 with this option.
+#allowedClient = 127.0.0.1, 192.168.1.0/24, 10.0.0.0/8
+
+# Require username and password authentication. COW always check IP in
+# allowedClient first, then ask for username authentication.
+#userPasswd = username:password
+
+# To specify multiple username and password, list all those in a file with
+# content like this:
+#
+#   username:password[:port]
+#
+# port is optional, user can only connect from the specific port if specified.
+# COW will report error and exit if there's duplicated user.
+#userPasswdFile = /path/to/file
+
+# Time interval to keep authentication information.
+# Syntax: 2h3m4s means 2 hours 3 minutes 4 seconds
+#authTimeout = 2h
+
+#############################
+# Advanced options
+#############################
+
+# Take a specific HTTP error code as blocked and use parent proxy to retry.
+#httpErrorCode =
+
+# Maximum CPU core to use.
+#core = 2
+
+# Ports allowed to create tunnel (HTTP CONNECT method), comma separated list
+# or repeat to append more ports.
+# Ports for the following service are allowed by default:
+#
+#     ssh, http, https, rsync, imap, pop, jabber, cvs, git, svn
+#
+# Limiting ports for tunneling prevents exposing internal services to outside.
+#tunnelAllowedPort = 80, 443
+
+# GFW may timeout DNS query, or return wrong server address which can connect
+# but blocks on read forever.
+# Decrease the following timeout values can speed up detecting blocked sites,
+# but may mistake normal sites as blocked.
+
+# DNS and connection timeout (same syntax with authTimeout).
+#dialTimeout = 5s
+# Read from server timeout.
+#readTimeout = 5s
+
+# Detect SSL error based on client close connection speed, only effective for
+# Chrome.
+# This detection is no reliable, may mistaken normal sites as blocked.
+# Only consider this option when GFW is making middle man attack.
+#detectSSLErr = false