From 87bd263ebf242b78cc7d59e532b33acfa8ff9716 Mon Sep 17 00:00:00 2001 From: Chen Yufei Date: Mon, 4 Aug 2014 21:46:03 +0800 Subject: [PATCH 1/3] Allow @ and : inside password. --- config.go | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/config.go b/config.go index 5d5d4d17..22d74836 100644 --- a/config.go +++ b/config.go @@ -205,22 +205,21 @@ func (pp proxyParser) ProxyHttp(val string) { // Parse method:passwd@server:port func parseMethodPasswdServer(val string) (method, passwd, server string, err error) { - arr := strings.Split(val, "@") - if len(arr) < 2 { + // Use the right-most @ symbol to seperate method:passwd and server:port. + idx := strings.LastIndex(val, "@") + if idx == -1 { err = errors.New("requires both encrypt method and password") return - } else if len(arr) > 2 { - err = errors.New("contains too many @") - return } - methodPasswd := arr[0] - server = arr[1] + methodPasswd := val[:idx] + server = val[idx+1:] if err = checkServerAddr(server); err != nil { return } - arr = strings.Split(methodPasswd, ":") + // Password can have : inside, but I don't recommend this. + arr := strings.SplitN(methodPasswd, ":", 2) if len(arr) != 2 { err = errors.New("method and password should be separated by :") return @@ -242,25 +241,17 @@ func (pp proxyParser) ProxySs(val string) { } func (pp proxyParser) ProxyCow(val string) { - arr := strings.Split(val, "@") - if len(arr) < 2 { - Fatal("cow parent needs encrypt method and password") - } else if len(arr) > 2 { - Fatal("cow parent contains too many @") + method, passwd, server, err := parseMethodPasswdServer(val) + if err != nil { + Fatal("cow parent", err) } - methodPasswd := arr[0] - server := arr[1] if err := checkServerAddr(server); err != nil { Fatal("parent cow server", err) } - arr = strings.Split(methodPasswd, ":") - if len(arr) != 2 { - Fatal("cow parent method password should be separated by :") - } config.saveReqLine = true - parent := newCowParent(server, arr[0], arr[1]) + parent := newCowParent(server, method, passwd) parentProxy.add(parent) } From 47db041937f87668c60b781892277e35e475e575 Mon Sep 17 00:00:00 2001 From: Chen Yufei Date: Fri, 29 Aug 2014 22:58:01 +0800 Subject: [PATCH 2/3] Describe customized http error code in sample config. --- doc/sample-config/rc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/sample-config/rc b/doc/sample-config/rc index 4fcbc3cd..1fec7347 100644 --- a/doc/sample-config/rc +++ b/doc/sample-config/rc @@ -118,6 +118,9 @@ listen = http://127.0.0.1:7777 # 高级选项 ############################# +# 将指定的 HTTP error code 认为是被干扰,使用二级代理重试,默认为空 +#httpErrorCode = + # 最多允许使用多少个 CPU 核 #core = 2 From f5336dbba8e30b343c15892ab85c072ba8c01c0f Mon Sep 17 00:00:00 2001 From: Chen Yufei Date: Sat, 30 Aug 2014 13:01:06 +0800 Subject: [PATCH 3/3] Add English version of sample rc. --- README-en.md | 6 +- doc/sample-config/rc-en | 171 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+), 3 deletions(-) create mode 100644 doc/sample-config/rc-en diff --git a/README-en.md b/README-en.md index a0cacec2..bb1f61c8 100644 --- a/README-en.md +++ b/README-en.md @@ -25,9 +25,7 @@ Install: - **Windows:** [download](http://dl.chenyufei.info/cow/) - If you are familiar with Go, run `go get github.com/cyfdecyf/cow` to install from source. -Modify configuration file `~/.cow/rc` (Linux) or `rc.txt` (Windows). A simple example: - -Here's an example with the most important options: +Modify configuration file `~/.cow/rc` (OS X or Linux) or `rc.txt` (Windows). A simple example with the most important options: # Line starting with # is comment and will be ignored # Local proxy listen address @@ -43,6 +41,8 @@ Here's an example with the most important options: # cow parent proxy proxy = cow://aes-128-cfb:password@1.2.3.4:8388 +See [detailed configuration example](doc/sample-config/rc-en) for other features. + The PAC file can be accessed at `http:///pac`, for the above example: `http://127.0.0.1:7777/pac`. Command line options can override options in the configuration file For more details, see the output of `cow -h` diff --git a/doc/sample-config/rc-en b/doc/sample-config/rc-en new file mode 100644 index 00000000..a7315a87 --- /dev/null +++ b/doc/sample-config/rc-en @@ -0,0 +1,171 @@ +# Lines starting with "#" are comments. +# +# Listen address of the proxy server, repeat to specify multiple ones. +# Syntax: +# +# listen = protocol://[optional@]server_address:server_port +# +# Supported protocols: +# +# HTTP (provides http proxy): +# listen = http://127.0.0.1:7777 +# +# The generated PAC url in the above example is http://127.0.0.1:7777/pac +# +# cow (need two cow servers to use this protocol): +# listen = cow://encrypt_method:password@1.2.3.4:5678 +# +# Suppose 1.2.3.4:5678 is outside your country and the network is not +# disturbed, then COW running in your own country should configure it +# as parent proxy. The two COW servers will use encrypted connection to +# pass data. The encryption method used is the same as shadowsocks. +# +# Note: +# - If server_address is 0.0.0.0, listen all IP addresses on the system. +# - The following syntax can specify the proxy address in the generated PAC. +# (Use this if you are using port forwarding to provide COW to external network.) +# +# listen = http://127.0.0.1:7777 1.2.3.4:5678 +# +listen = http://127.0.0.1:7777 + +# Log file path, defaults to stdout +#logFile = + +# By default, COW only uses parent proxy if the site is blocked. +# If the following option is true, COW will use parent proxy for all sites. +#alwaysProxy = false + +# With multiple parent proxies, COW can employ one of the load balancing +# strategies: +# +# backup: default policy, use the first prarent proxy in config, +# the others are just backup +# hash: hash to a specific parent proxy according to host name +# latency: use the parent proxy with lowest connection latency +# +# When one parent proxy fails to connect, COW will try other parent proxies +# in order. +# Failed parent proxy will be tried with some probability, so they will be +# used again after recovery. +#loadBalance = backup + +############################# +# Specify parent proxy +############################# + +# Parent proxies are specified with a generic syntax (following RFC 3986): +# +# proxy = protocol://[authinfo@]server:port +# +# Repeat to specify multiple parent proxies. Backup load balancing will use +# them in order if one fails to connect. +# +# Supported parent proxies and config example: +# +# SOCKS5: +# proxy = socks5://127.0.0.1:1080 +# +# HTTP: +# proxy = http://127.0.0.1:8080 +# proxy = http://user:password@127.0.0.1:8080 +# +# authinfo is optional +# +# shadowsocks: +# proxy = ss://encrypt_method:password@1.2.3.4:8388 +# +# authinfo specifies encryption method and password. +# Here are the supported encryption methods: +# +# aes-128-cfb, aes-192-cfb, aes-256-cfb, +# bf-cfb, cast5-cfb, des-cfb, table, rc4 +# +# aes-128-cfb is recommended. +# +# cow: +# proxy = cow://method:passwd@1.2.3.4:4321 +# +# authinfo is the same as shadowsocks parent proxy + + +############################# +# Run ssh command to create SOCKS5 parent proxy +############################# + +# Note: shadowsocks is better, use it if you can. + +# The following option lets COW execute ssh command to create local +# SOCKS5 proxy and automatically re-execute if ssh connection is closed. +# The created SOCKS5 proxy will be used as a parent proxy. +# The option can be repeated to create multiple SOCKS5 proxies. +# +# Note: requires ssh command and must use ssh public key authentication. +# +# COW will execute the following command if the option is given: +# +# ssh -n -N -D -p +# +# server_ssh_port defaults to 22 +# Please modify ~/.ssh/config to specify other ssh options +#sshServer = user@server:local_socks_port[:server_ssh_port] + +############################# +# Authentication +############################# + +# Specify allowed IP address (IPv4 and IPv6) or sub-network (only IPv4). +# Don't forget to specify 127.0.0.1 with this option. +#allowedClient = 127.0.0.1, 192.168.1.0/24, 10.0.0.0/8 + +# Require username and password authentication. COW always check IP in +# allowedClient first, then ask for username authentication. +#userPasswd = username:password + +# To specify multiple username and password, list all those in a file with +# content like this: +# +# username:password[:port] +# +# port is optional, user can only connect from the specific port if specified. +# COW will report error and exit if there's duplicated user. +#userPasswdFile = /path/to/file + +# Time interval to keep authentication information. +# Syntax: 2h3m4s means 2 hours 3 minutes 4 seconds +#authTimeout = 2h + +############################# +# Advanced options +############################# + +# Take a specific HTTP error code as blocked and use parent proxy to retry. +#httpErrorCode = + +# Maximum CPU core to use. +#core = 2 + +# Ports allowed to create tunnel (HTTP CONNECT method), comma separated list +# or repeat to append more ports. +# Ports for the following service are allowed by default: +# +# ssh, http, https, rsync, imap, pop, jabber, cvs, git, svn +# +# Limiting ports for tunneling prevents exposing internal services to outside. +#tunnelAllowedPort = 80, 443 + +# GFW may timeout DNS query, or return wrong server address which can connect +# but blocks on read forever. +# Decrease the following timeout values can speed up detecting blocked sites, +# but may mistake normal sites as blocked. + +# DNS and connection timeout (same syntax with authTimeout). +#dialTimeout = 5s +# Read from server timeout. +#readTimeout = 5s + +# Detect SSL error based on client close connection speed, only effective for +# Chrome. +# This detection is no reliable, may mistaken normal sites as blocked. +# Only consider this option when GFW is making middle man attack. +#detectSSLErr = false