Simple and fast layer 4 proxy in Rust

Overview

Fourth

这一波在第四层。

CI

English

Fourth是一个Rust实现的Layer 4代理,用于监听指定端口TCP流量,并根据规则转发到指定目标。

功能

  • 监听指定端口代理到本地或远端指定端口
  • 监听指定端口,通过TLS ClientHello消息中的SNI进行分流

安装方法

为了确保获得您架构下的最佳性能,请考虑自行编译,首选需要确保您拥有Rust工具链

$ cd fourth
$ cargo build --release

将在target/release/fourth生成二进制文件,您也可以使用cargo install --path . 来安装二进制文件。

配置

Fourth使用yaml格式的配置文件,默认情况下会读取/etc/fourth/config.yaml,如下是一个示例配置。

version: 1
log: info

servers:
  example_server:
    listen:
      - "0.0.0.0:443"
      - "[::]:443"
    tls: true # 启动SNI分流,将根据TLS请求中的主机名分流
    sni:
      proxy.example.com: proxy
      www.example.com: nginx
    default: ban
  relay_server:
    listen:
      - "127.0.0.1:8081"
    default: remote

upstream:
  nginx: "127.0.0.1:8080"
  proxy: "127.0.0.1:1024"
  other: "www.remote.example.com:8082" # 代理到远端地址

内置两个的upstream:ban(立即中断连接)、echo(返回读到的数据)。

io_uring?

尽管经过了很多尝试,我们发现目前一些Rust下面的io_uring实现存在问题,我们使用的io_uring库实现尽管在吞吐量上可以做到单线程20Gbps(相比之下Tokio仅有8Gbps),但在QPS上存在性能损失较大的问题。因此在有成熟的io_uring实现之前,我们仍然选择epoll。之后我们会持续关注相关进展。

可能以后会为Linux高内核版本的用户提供可选的io_uring加速。

协议

Fourth以Apache-2.0协议开源。

You might also like...
Hopper - Fast, configurable, lightweight Reverse Proxy for Minecraft

Hopper Hopper is a lightweight reverse proxy for minecraft. It allows you to connect multiple servers under the same IP and port, with additional func

A proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio.rs

tokio-vmess an Asynchronous proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio Run example first, Fill out the

An End-to-End Privacy Computing Protocol on Layer 2

Eigen Network Eigen Network is an end-to-end privacy computation network for a better digital economy based on hybrid privacy computation protocols an

Layer 4 load balancer with dynamic configuration loading
Layer 4 load balancer with dynamic configuration loading

Convey Layer 4 load balancer with dynamic configuration loading featuring proxy, passthrough and direct server return modes Features Stats page (at /s

Final Project for
Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Final Project for "Computer Networking Security": A Layer-3 VPN implementation over TLS

Aggressively reliable delivery layer. Above UDP. Nothing else.
Aggressively reliable delivery layer. Above UDP. Nothing else.

Aggressively reliable delivery layer. Above UDP. Nothing else.

Reverse proxy for HTTP microservices and STDIO. Openfass watchdog which can run webassembly with wasmer-gpu written in rust.

The of-watchdog implements an HTTP server listening on port 8080, and acts as a reverse proxy for running functions and microservices. It can be used independently, or as the entrypoint for a container with OpenFaaS.

The true next-gen L7 minecraft proxy and load balancer. Built in Rust.

Lure The true next-gen L7 minecraft proxy and load balancer. Built in Rust, Tokio and Valence. Why? Rust is a powerful programming language and a grea

A versatile and efficient proxy framework with nice features suitable for various use cases.

A versatile and efficient proxy framework with nice features suitable for various use cases.

Releases(v0.1.5)
Owner
Rui Li
A beginner in programming, looking for internship opportunities. Email: lr_cn[at]outlook.com
Rui Li
Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Phantun A lightweight and fast UDP to TCP obfuscator. Table of Contents Phantun Latest release Overview Usage 1. Enable Kernel IP forwarding 2. Add re

Datong Sun 782 Dec 30, 2022
Shotover: L7 data-layer proxy

Shotover: L7 data-layer proxy

null 64 Dec 16, 2022
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

b23r0 10 Dec 18, 2022
Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Sentry Tunnel This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provide

Paul FLORENCE 14 Dec 20, 2022
Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

Jorge Alejandro Jimenez Luna 4 Apr 16, 2022
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 185 Dec 15, 2022
A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

A fast, stable, efficient, and lightweight intranet penetration, port forwarding tool supports multiple connections, cascading proxy, and transmission encryption

editso 1.3k Dec 30, 2022
A fast and stable reverse proxy for NAT traversal, written in Rust

rathole A fast and stable reverse proxy for NAT traversal, written in Rust rathole, like frp, can help to expose the service on the device behind the

Yujia Qiao 4.6k Dec 30, 2022
RCProxy - a lightweight, fast but powerful Redis Cluster Proxy written in Rust

RCProxy - a lightweight, fast but powerful Redis Cluster Proxy written in Rust

Cris Liao 16 Dec 4, 2022
♻ A simple and efficient Gemini-to-HTTP proxy written in Rust.

September A simple and efficient Gemini-to-HTTP proxy written in Rust. Usage Docker $ docker run -d [ -e ROOT="gemini://fuwn.me" ] [ -e PORT="8080"] [

GemRest 10 Jul 2, 2022