A multi-protocol network relay

Related tags

Network programming midori
Overview

Midori

CI Codacy License Activity

Protocols

Usage

midori [OPTIONS] [SUBCOMMAND]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -c, --config <file>    specify a config file

Quick Start

Get started with a simple TCP relay(supports zero-copy on linux).

You need to create a config file and then specify the listen and remote address.

{
    "endpoints":[
        {
            "listen": "0.0.0.0:5000",
            "remote": "1.2.3.4:8080"
        },
        {
            "listen": "0.0.0.0:10000",
            "remote": "www.example.com:443"
        },
    ]
}

Launch these 2 endpoints:

midori -c config.json

Note: Almost all kinds of address are supported, including ipv4, ipv6, domain name and unix socket path.

Full Configuration

show example 

{
  "dns_mode": "ipv4_then_ipv6",
  "endpoints": [
    {
      "listen": {
        "addr": "0.0.0.0:5000",
        "net": "tcp",
        "trans": {
          "proto": "ws",
          "path": "/"
        },
        "tls": {
          "cert": "x.crt",
          "key": "x.pem",
          "versions": "tlsv1.3, tlsv1.2",
          "aplns": "http/1.1",
          "ocsp": "x.ocsp"
        }
      },
      "remote": {
        "addr": "www.example.com:443",
        "net": "tcp",
        "trans": {
          "proto": "h2",
          "path": "/",
          "server_push": false
        },
        "tls": {
          "roots": "firefox",
          "versions": "tlsv1.3, tlsv1.2",
          "sni": "www.example.com",
          "aplns": "h2",
          "skip_verify": false,
          "enable_sni": true
        }
      }
    }
  ]
}

Global

Currently, the configuration file only consists of 2 fields:

{
    "dns_mode": "", // and other global params
    "endpoints": []
}

DNS Mode

The trust-dns crate supports these strategies:

  • ipv4_only
  • ipv6_only
  • ipv4_then_ipv6 (default)
  • ipv6_then_ipv4
  • ipv4_and_ipv6

Endpoint(s)

Each endpoint contains an associated pair of listen and remote.

{
    "listen": "",
    "remote": ""
}

Below is the options of listen or remote. Each field has a default value except for addr.

Moreover, trans and tls also support more complicated params(e.g. path, sni, ocsp..). See Protocol Docs for more details.

{
    "addr": "",  // must
    "net": "",  // tcp(deafult), uds, udp
    "trans": "",  // plain(default), ws, h2..
    "tls": ""  // none(default)
}

Note that all the protocols can be applied to both sides of listen and remote. You could either use net directly or combine them with transport.

net tcp uds udp
tls O O
ws O O
h2 O O
grpc O O
quic O

License

The MIT License (MIT)

Comments
  • add new features: allow user to customize dns servers

    add new features: allow user to customize dns servers

    this pull request add new features which allow user to customize dns servers

    config example : { "dns_mode": "ipv6_then_ipv4", "dns_servers": [{ "addr": "114.114.114.114", "port": 53, "protocol": "udp", "trust_nx_responses": true },{ "addr": "223.5.5.5", "port": 53, "protocol": "udp", "trust_nx_responses": true },{ "addr": "202.101.172.35", "port": 53, "protocol": "udp", "trust_nx_responses": true } ], "endpoints": [{ "listen": { "addr": "0.0.0.0:80", "net": "tcp" }, "remote": { "addr": "iot.fotile.com:80", "net": "tcp" } } ] }

    If no dns server is specified, the default dns configuration is used

    opened by aa51513 3
  • Will you consider releasing a docker image?

    Will you consider releasing a docker image?

    Midori is a tool I love and it's so stable that I want to use it for my own services.

    Considering that my existing service is built on the docker platform, I need a midori docker image.

    But I couldn't find any official or unofficial midori images on docker.com,

    do you have any plans to release docker images in the future?

    opened by aa51513 3
  • Questions about dns in midori

    Questions about dns in midori

    Hi,there

    I've been using midori for a while now and I think it's a very useful tool and I really like it.

    During use, I encountered a small problem, to be precise, a small question: after configuring the domain name in endpoints.remote.addr, will the DNS resolution result be cached, and how long is the default cache time? I ask this question because I want to access a service whose IP changes frequently but the domain name remains the same through a fixed address (my local IP and port)

    Below is my config file content

    { "dns_mode": "ipv4_then_ipv6", "endpoints": [ { "listen": { "addr": "127.0.0.1:5000", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" } }, "remote": { "addr": "ip.myserver.com:443", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" }, "tls": { "roots": "firefox", "versions": "tlsv1.3", "sni": "api.myserver.com", "aplns": "http/1.1", "skip_verify": false, "enable_sni": true } } } ] }

    In my scenario, the IP addresses corresponding to domain ‘api.myserver.com’ and domain ‘ip.myserver.com’ are always the same,and change frequently

    opened by aa51513 2
  • Port range support

    Port range support

    Hi,

    Love your work!

    was testing your zero-copy supported forked of the realm, but it seems to have performance issues. Fortunately, midori has no issues with performance so far.

    any plans on supporting port range forwarding?

    opened by theBucky 1
  • use Domain in addr error

    use Domain in addr error

    Hi,

    I wanna try midori in my host(Debian 10), and I create a config file as following:

    {
  "dns_mode": "ipv4_only",
  "endpoints": [
      {
        "listen": {
          "addr": "0.0.0.0:30760"
        },
        "remote": {
          "addr": "us-test.example.com:12345",
          "trans": {
            "proto": "ws",
            "path": "/0c921660a10729a81048961df5b3a125"
          }
        }
      }
  ]
}

    But when I run /midori -c config.json, I got a error:

    PanicInfo { payload: Any { .. }, message: None, location: Location { file: "/cargo/registry/src/github.com-1ecc6299db9ec823/tokio-1.9.0/src/runtime/enter.rs", line: 39, col: 9 } }

    If I change the remote's addr to IP such as x.x.x.x, I can run the command successfully.

    opened by MikoyChinese 1
  • allow to configure custom dns server in config file

    allow to configure custom dns server in config file

    { "dns_mode": "ipv4_then_ipv6", "dns_servers": [{ "address": "1.1.1.1", "port": 53, "trust_nx_responses": true, "protocol": "udp", "tls_servername": "127.0.0.1" } ], "endpoints": [{ "listen": { "addr": "10.2.4.3:52443", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" } }, "remote": { "addr": "myserver.example.com:443", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" }, "tls": { "sni": "api.example.com", "skip_verify": false, "enable_early_data": true, "roots": "firefox" } } } ] }

    opened by aa51513 0
  • adapt to rustls>=0.20

    adapt to rustls>=0.20

    rustls has changed its APIs a lot from 0.19 to 0.20

    together with these dependencies:

    • webpki
    • webpki-roots
    • rustls-native-certs
    • tokio-rustls

    there's a lot of work to do.

    opened by zephyrchien 0
  • Is midori missing a server_name parameter similar to what's inside nginx?

    Is midori missing a server_name parameter similar to what's inside nginx?

    I am very lucky to have stumbled upon midori,which free me up from dnat and bring more new features like websocket/h2/quic relay to me

    During my use of midori, I encountered a little trouble

    I want to use midori to forward traffic to nginx on an intranet for debugging

    Because the nginx is configured with server_name, midori is denied when using IP and port access in remote below is my config file content: { "dns_mode": "ipv4_then_ipv6", "endpoints": [{ "listen": { "addr": "0.0.0.0:443", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" } }, "remote": { "addr": "10.49.2.67:443", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" }, "tls": { "sni": "my.server.com", "skip_verify": false, "enable_early_data": true, "roots":"firefox" } } } ] }

    I couldn't find something similar to the server_name parameter that can be configured in midori such as "remote": { "addr": "10.49.2.67:443", "server_name":"my.server.com", "net": "tcp", "trans": { "proto": "ws", "path": "/ws" }

    I tried to use the domain name in midori, and added the mapping entry between the domain name and the target intranet IP in the hosts file, and I was able to access it normally. Although this can temporarily solve some problems, it is always inconvenient and has some additional side effects

    Would you evaluate and consider adding a parameter similar to server_name in midori?

    enhancement 
    opened by xiangzha0 1
  • plan of kcp and will faketcp be supported?

    plan of kcp and will faketcp be supported?

    I like your work very much and look forward to the features of kcp being supported soon.

    Besides, The technology of multiple outsourcing is very effective in improving the experience of a weak network environment. Some tools (such as hysteria) have implemented this function by using faketcp to bypass the linux protocol stack, which has brought a huge user experience improvement. Is it possible for this technology to be absorbed into midori?

    feature request 
    opened by aa51513 1
  • A strange issue run in multi thread tcp connect

    A strange issue run in multi thread tcp connect

    Hi,

    I found a strange issue when I try to run demo in https://db.laomoe.com/ with midori. For me, I create a China mobile Nat in public and relay the tcp to US VPS. Here the config:

    # China Mobile Nat
{
  "dns_mode": "ipv4_then_ipv6",
  "endpoints": [
    {
      "listen": "[::]:12345",
      "remote": {
        "addr": "[2603:xxxx:c003:xxxx:xxxx:5063:xxxx:xxxx]:3456",
        "net": "tcp",
        "trans": {
          "proto": "ws",
          "path": "/7bba04c83b1b2486736d9b2"
        }
      }
    }
  ]
}

    # US VPS
{
  "dns_mode": "ipv4_then_ipv6",
  "endpoints": [
    {
      "remote": "127.0.0.1:443",
      "listen": {
        "addr": "[::]:3456",
        "net": "tcp",
        "trans": {
          "proto": "ws",
          "path": "/7bba04c83b1b2486736d9b2"
        }
      }
    }
  ]
}

    And for iperf3, I can relay normally, but for multi thread connect in https://db.laomoe.com/, I can not use bandwidth fully and it just has a random range bandwith(about 5%~50% Normal Bandwidth). But for gost, it run no problem.

    performance 
    opened by MikoyChinese 4
Releases(v0.6.3)
Owner
zephyr
student, code for fun
zephyr
GitHub
A Rust library for parsing the SOME/IP network protocol (without payload interpretation).

someip_parse A Rust library for parsing the SOME/IP network protocol (without payload interpretation). Usage Add the following to your Cargo.toml: [de

Julian Schmid 18 Oct 31, 2022
Shade Protocol is an array of connected privacy-preserving dApps built on Secret Network

Shade Protocol Core Contracts Contract Reference Description mint doc Handles asset burning and silk minting oracle doc Handles asset price queries tr

Secure Secrets 58 Nov 15, 2022
A minimalistic encryption protocol for rust async streams/packets, based on noise protocol and snow.

Snowstorm A minimalistic encryption protocol for rust async streams / packets, based on noise protocol and snow. Quickstart Snowstorm allows you to se

Black Binary 19 Nov 22, 2022
An end-to-end encrypted, anonymous IP-hiding, decentralized, audio/video/file sharing/offline messaging multi-device platform built for both communications and application security and performance.

An end-to-end encrypted, anonymous IP-hiding, decentralized, audio/video/file sharing/offline messaging multi-device platform built for both communications and application security and performance.

null 2 Apr 27, 2022
A set of cryptographic primitives for building a multi-hop Proxy Re-encryption scheme, known as Transform Encryption.

recrypt A pure-Rust library that implements a set of cryptographic primitives for building a multi-hop Proxy Re-encryption scheme, known as Transform

IronCore Labs 122 Dec 30, 2022
A tool for defining and running multi-container Docker applications

Ikki Ikki is a tool for defining and running multi-container Docker applications. It is similar to Docker Compose but comes with some differences. Goa

Kirill Vasiltsov 39 Dec 21, 2022
A multi-connection TCP reverse proxy server and client.

tprox A multi-connection TCP reverse proxy. The tprox server is able to proxy multiple incoming connections to the tprox client over a single TCP conn

Mohammed Ajmal Siddiqui 4 Sep 21, 2022
A multi-functional lightweight BitTorrent Tracker

Torrust-Axum Tracker Project Description Torrust-Axum Tracker is a lightweight but incredibly powerful and feature-rich BitTorrent Tracker made using

Jasper 55 Apr 21, 2023
A multi-targets ping tool and library, which supports 10,000 packets/second, accurate latency

mping-rs a multi-targets ping tool, which supports 10,000 packets/second, accurate latency. 一个高频ping工具,支持多个目标。 正常的ping一般用来做探测工具,mping还可以用来做压测工具。 Go版本:

smallnest 25 Oct 29, 2023
Network simulation in Rust

netsim - A Rust library for network simulation and testing (currently linux-only). netsim is a crate for simulating networks for the sake of testing n

Andrew Cann 115 Dec 15, 2022
A private network system that uses WireGuard under the hood.

innernet A private network system that uses WireGuard under the hood. See the announcement blog post for a longer-winded explanation. innernet is simi

Tonari, Inc 4.1k Dec 29, 2022
A Curve-like AMM for Secret Network

A Curve-like AMM for Secret Network. Supports a varibale number of tokens with the same underlying value.

Enigma 16 Dec 11, 2022
Computational Component of Polkadot Network

Gear is a new Polkadot/Kusama parachain and most advanced L2 smart-contract engine allowing anyone to launch any dApp for networks with untrusted code.

null 145 Dec 19, 2022
Fullstack development framework for UTXO-based dapps on Nervos Network

Trampoline-rs The framework for building powerful dApps on the number one UTXO chain, Nervos Network CKB. This is an early-stage, currently very incom

TannrA 2 Mar 25, 2022
Official Implementation of Findora Network.

Findora Platform Wiki Contribution Guide Licensing The primary license for Platform is the Business Source License 1.1 (BUSL-1.1), see LICENSE. Except

Findora Foundation 61 Dec 9, 2022
Simple in-network file transfer with barely any overhead.

fftp fftp is the "Fast File Transport Protocol". It transfers files quickly between computers on a network with low overhead. Motivation FTP uses two

leo 4 May 12, 2022
netavark: A container network stack

netavark: A container network stack Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also applic

Containers 230 Jan 2, 2023
A cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Cross-platform, user-space WireGuard port-forwarder that requires no system network configurations.

Aram Peres 629 Jan 4, 2023
An implementation of the CESS network supported by CESS LAB.

--------- ?? ---------An infrastructure of decentralized cloud data network built with Substrate-------- ?? -------- ---------------- ?? -------------

Cess Project 249 Dec 26, 2022