libraries
diff --git a/‎README.md‎
Lines changed: 43 additions & 77 deletions b/‎README.md‎
Lines changed: 43 additions & 77 deletions
diff --git a/‎cmd/daze/main.go‎
Lines changed: 50 additions & 6 deletions b/‎cmd/daze/main.go‎
Lines changed: 50 additions & 6 deletions
@@ -2,7 +2,7 @@
 
 Daze is a software that helps you pass through firewalls, in other words, a proxy. It uses a simple yet efficient protocol, ensuring that you never get detected or blocked.
 
-# Getting Started
+## Introduction
 
 Daze is designed as a single-file application. First, compile or [download](https://github.com/mohanson/daze/releases) daze:
 
@@ -16,7 +16,7 @@ $ cmd/develop.sh
 $ cmd/develop.ps1
 ```
 
-The build results will be saved in the bin directory. You can keep this directory, and all other files are not required.
+The build results will be saved in the `bin` directory. You can keep this directory, and all other files are not required.
 
 Daze is dead simple to use:
 
@@ -29,84 +29,35 @@ $ daze server -l 0.0.0.0:1081 -k $PASSWORD
 # Use the following command to link your server(replace $SERVER with your server IP):
 $ daze client -s $SERVER:1081 -k $PASSWORD
 # Now, you are free to visit the Internet
-$ curl -x socks5://127.0.0.1:1080 google.com
-```
-
-Daze is still under development. You should make sure that the server and client have the same version number (check with the `daze ver` command) or commit hash.
-
-# Using Daze for Different Platforms
-
-Daze is implemented in pure Go language, so it can run on almost any operating system. The following are some of the browsers/operating systems commonly used by me:
-
-## Android
-
-0. Cross-compile daze for Android: `GOOS=android GOARCH=arm64 go build -o daze github.com/mohanson/daze/cmd/daze`
-0. Push the compiled file to the phone. You can use [adb](https://developer.android.com/studio/command-line/adb) or create an HTTP server and download daze with `wget` in [termux](https://play.google.com/store/apps/details?id=com.termux&hl=en).
-0. Run `daze client -l 127.0.0.1:1080 ...` in the termux.
-0. Set the proxy for phone: WLAN -> Settings -> Proxy -> Fill in `127.0.0.1:1080`
-
-## Chrome
-
-Chrome does not support setting proxies, so a third-party plugin must be used. [Proxy SwitchyOmega](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en) works very well.
-
-## Firefox
-
-Firefox can configure a proxy in `Connection Settings` -> `Manual proxy configuration` -> `SOCKSv5 Host=127.0.0.1` and `Port=1080`. If you see an option `Use remote DNS` on the page, check it.
-
-# Network Model And Concepts
-
-Daze's network model consists of 7 components:
-
-```text
-+-------------+        +-------------+        +----------+        +-------------+        +-----------+
-| Destination | <----> | Daze server | <----> | Firewall | <----> | Daze client | <----> |    User   |
-+-------------+        +------+------+        +----------+        +-------------+        +-----------+
-                              |                                          |                     |
-                              +------------- Middle Protocol ------------+-- Client Protocol --+
-```
-
-- Destination: The destination is an internet service provider, for example, google.com.
-- Daze Server: A daze server is an instance that runs using the command `daze server`.
-- Firewall: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on pre-determined security rules.
-- Daze Client: A daze client is an instance that runs using the command `daze client`.
-- User: A user is a browser or any other application attempting to access the destination.
-- Middle Protocol: The middle protocol is the communication protocol between the daze server and daze client. Data is encrypted and obfuscated to bypass firewalls.
-- Client Protocol: The client protocol is the communication protocol between the daze client and the user.
-
-# Protocols
-
-## Client Protocols
-
-The daze client implements 6 different proxy protocols in one port. These protocols are http proxy, https tunnel, socks4, socks4a, socks5 and socks5h.
-
-```sh
-# Protocol http proxy
 $ curl -x http://127.0.0.1:1080    http://google.com
-# Protocol https tunnel
 $ curl -x http://127.0.0.1:1080    https://google.com
-# Protocol socks4
 $ curl -x socks4://127.0.0.1:1080  https://google.com
-# Protocol socks4a
 $ curl -x socks4a://127.0.0.1:1080 https://google.com
-# Protocol socks5
 $ curl -x socks5://127.0.0.1:1080  https://google.com
-# Protocol socks5h
 $ curl -x socks5h://127.0.0.1:1080 https://google.com
 ```
 
-Why can one port support so many protocols? Because it's magic!
+Daze is still under development. You should make sure that the server and client have the same version number (check with the `daze ver` command) or commit hash.
+
+## Deployment
+
+Daze is implemented in pure Go language, so it can run on almost any operating system. The following are some of the browsers/operating systems commonly used by me:
 
-## Middle Protocols
+0. Android. Cross-compile daze for android: `GOOS=android GOARCH=arm64 go build -o daze github.com/mohanson/daze/cmd/daze`. Push the compiled file to the phone, You can use [adb](https://developer.android.com/studio/command-line/adb) or create an http server and download daze with `wget` in [termux](https://play.google.com/store/apps/details?id=com.termux&hl=en). Run `daze client -l 127.0.0.1:1080 ...` in the termux. Set the proxy for phone: WLAN -> Settings -> Proxy -> Fill in `127.0.0.1:1080`
+0. Chrome. Chrome does not support setting proxies, so a third-party plugin must be used. [Proxy SwitchyOmega](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif?hl=en) works very well.
+0. Firefox can configure a proxy in `Connection Settings` -> `Manual proxy configuration` -> `SOCKSv5 Host=127.0.0.1` and `Port=1080`. If you see an option `Use remote DNS` on the page, check it.
 
-Daze currently has 4 middle protocols.
+## Configuration: Protocols
 
-### Ashe
+Daze currently has 4 protocols.
+
+**Ashe**
 
 The default protocol used by daze is called ashe. Ashe is a TCP-based cryptographic proxy protocol designed to bypass firewalls while providing a good user experience.
 
-Please note that **it is the user's responsibility to ensure that the date and time on both the server and client are consistent**. The ashe protocol allows for a deviation of up to two minutes.
+Please note that it is the user's responsibility to ensure that the date and time on both the server and client are consistent. The ashe protocol allows for a deviation of up to two minutes.
 
-### Baboon
+**Baboon**
 
 Protocol baboon is a variant of the ashe protocol that operates over HTTP. In this protocol, the daze server masquerades as an HTTP service and requires the user to provide the correct password in order to gain access to the proxy service. If the password is not provided, the daze server will behave as a normal HTTP service. To use the baboon protocol, you must specify the protocol name and a fake site:
 
@@ -115,7 +66,7 @@ $ daze server ... -p baboon -e https://github.com
 $ daze client ... -p baboon
 ```
 
-### Czar
+**Czar**
 
 Protocol czar is an implementation of the ashe protocol based on TCP multiplexing. Multiplexing involves reusing a single TCP connection for multiple ashe protocols, which saves time on the TCP three-way handshake. However, this may result in a slight decrease in data transfer rate (approximately 0.19%). In most cases, using Protocol czar provides a better user experience compared to using the ashe protocol directly.
 
@@ -124,7 +75,7 @@ $ daze server ... -p czar
 $ daze client ... -p czar
 ```
 
-### Dahlia
+**Dahlia**
 
 Dahlia is a protocol used for encrypted port forwarding. Unlike many common port forwarding tools, it requires both a server and a client to be configured. Communication between the server and client is encrypted in order to bypass detection by firewalls.
 
@@ -136,42 +87,57 @@ $ daze client -l :20002 -s 127.0.0.1:20001 -p dahlia
 
 Reminder again: Dahlia is not a proxy protocol but a port forwarding protocol.
 
-# Proxy Control
+## Configuration: Proxy Control
 
 Proxy control is a rule that determines whether network requests (TCP and UDP) go directly to the destination or are forwarded to the daze server. Use the `-f` option in the daze client to adjust the proxy configuration.
 
 - Use local network for all requests.
 - Use remote server for all requests.
-- Use both local and remote server (default).
+- Use both local and remote server (default). In this case, the following two configuration files are enabled:
 
-## File rule.ls
+**rule.ls**
 
-Daze uses a "rule.ls" file to customize your own rules(optional). "rule.ls" has the highest priority in routers so you should carefully maintain it. The "rule.ls" is located on the "rule.ls" by default, or you can use `daze client -r path/to/rule.ls` to apply it.
+Daze uses a "rule.ls" file to customize your own rules. File "rule.ls" has the highest priority in routers so you should carefully maintain it. The "rule.ls" is located on the "rule.ls" by default, or you can use `daze client -r path/to/rule.ls` to apply it. Its syntax is very simple:
 
 ```text
 L a.com
 R b.com
 B c.com
 ```
 
-- L(ocale) means using local network
-- R(emote) means using proxy
-- B(anned) means to block it, often used to block ads
+- L(ocale) means using local network.
+- R(emote) means using proxy.
+- B(anned) means to block it, often used to block ads.
 
 Glob is supported, such as `R *.google.com`.
 
-## File rule.cidr
+**rule.cidr**
 
 Daze also uses a CIDR(Classless Inter-Domain Routing) file to route addresses. The CIDR file is located at "rule.cidr", and has a lower priority than "rule.ls".
 
 By default, daze has configured rule.cidr for China's mainland. You can update it manually via `daze gen cn`, this will pull the latest data from [http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest](http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest).
 
-# DNS resolver
+## Configuration: DNS
 
 The DNS server and DNS protocol used by daze can be specified through command line parameters.
 
 - `DNS: daze ... -dns 1.1.1.1:53`
 - `DoT: daze ... -dns 1.1.1.1:853`
 - `DoH: daze ... -dns https://1.1.1.1/dns-query`
 
-This [article](https://www.cloudflare.com/learning/dns/dns-over-tls/) briefly describes the difference between them. I know many people don't like to read articles, so I just suggest that add `-dns 1.1.1.1:853` in daze.
+This [article](https://www.cloudflare.com/learning/dns/dns-over-tls/) briefly describes the difference between them.
+
+## Configuration: Bandwidth Limiter
+
+You can limit the maximum bandwidth used by daze. Generally speaking, for daze server, it is recommended to set the bandwidth to a value slightly smaller than the physical bandwidth.
+
+```sh
+# For daze server, set -b 320k if your physical bandwidth is 3M, where 320 = 3 * 1024 / 8 - 64.
+$ daze server ... -b 320k
+# For daze client, in most cases no configuration is necessary.
+$ daze client ...
+```
+
+## License
+
+MIT.
@@ -4,6 +4,7 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"math"
 	"net"
 	"net/http"
 	"net/http/pprof"
@@ -14,6 +15,7 @@ import (
 	"github.com/mohanson/daze"
 	"github.com/mohanson/daze/lib/doa"
 	"github.com/mohanson/daze/lib/gracefulexit"
+	"github.com/mohanson/daze/lib/rate"
 	"github.com/mohanson/daze/protocol/ashe"
 	"github.com/mohanson/daze/protocol/baboon"
 	"github.com/mohanson/daze/protocol/czar"
@@ -65,10 +67,11 @@ func main() {
 	switch subCommand {
 	case "server":
 		var (
+			flCipher = flag.String("k", "daze", "password, should be same with the one specified by client")
 			flDnserv = flag.String("dns", "", "specifies the DNS, DoT or DoH server")
 			flExtend = flag.String("e", "", "extend data for different protocols")
 			flGpprof = flag.String("g", "", "specify an address to enable net/http/pprof")
-			flCipher = flag.String("k", "daze", "password, should be same with the one specified by client")
+			flLimits = flag.String("b", "", "set the maximum bandwidth in bytes per second, for example, 128k or 1.5m")
 			flListen = flag.String("l", "0.0.0.0:1081", "listen address")
 			flProtoc = flag.String("p", "ashe", "protocol {ashe, baboon, czar, dahlia}")
 		)
@@ -89,21 +92,41 @@ func main() {
 		switch *flProtoc {
 		case "ashe":
 			server := ashe.NewServer(*flListen, *flCipher)
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				server.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer server.Close()
 			doa.Nil(server.Run())
 		case "baboon":
 			server := baboon.NewServer(*flListen, *flCipher)
 			if *flExtend != "" {
 				server.Masker = *flExtend
 			}
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				server.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer server.Close()
 			doa.Nil(server.Run())
 		case "czar":
 			server := czar.NewServer(*flListen, *flCipher)
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				server.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer server.Close()
 			doa.Nil(server.Run())
 		case "dahlia":
 			server := dahlia.NewServer(*flListen, *flExtend, *flCipher)
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				server.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer server.Close()
 			doa.Nil(server.Run())
 		}
@@ -117,11 +140,12 @@ func main() {
 		log.Println("main: exit")
 	case "client":
 		var (
-			flCIDRls = flag.String("c", filepath.Join(resExec, Conf.PathCIDR), "cidr path")
+			flCidrls = flag.String("c", filepath.Join(resExec, Conf.PathCIDR), "cidr path")
+			flCipher = flag.String("k", "daze", "password, should be same with the one specified by server")
 			flDnserv = flag.String("dns", "", "specifies the DNS, DoT or DoH server")
 			flFilter = flag.String("f", "rule", "filter {rule, remote, locale}")
 			flGpprof = flag.String("g", "", "specify an address to enable net/http/pprof")
-			flCipher = flag.String("k", "daze", "password, should be same with the one specified by server")
+			flLimits = flag.String("b", "", "set the maximum bandwidth in bytes per second, for example, 128k or 1.5m")
 			flListen = flag.String("l", "127.0.0.1:1080", "listen address")
 			flProtoc = flag.String("p", "ashe", "protocol {ashe, baboon, czar, dahlia}")
 			flRulels = flag.String("r", filepath.Join(resExec, Conf.PathRule), "rule path")
@@ -148,17 +172,27 @@ func main() {
 			locale := daze.NewLocale(*flListen, daze.NewAimbot(client, &daze.AimbotOption{
 				Type: *flFilter,
 				Rule: *flRulels,
-				Cidr: *flCIDRls,
+				Cidr: *flCidrls,
 			}))
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				locale.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer locale.Close()
 			doa.Nil(locale.Run())
 		case "baboon":
 			client := baboon.NewClient(*flServer, *flCipher)
 			locale := daze.NewLocale(*flListen, daze.NewAimbot(client, &daze.AimbotOption{
 				Type: *flFilter,
 				Rule: *flRulels,
-				Cidr: *flCIDRls,
+				Cidr: *flCidrls,
 			}))
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				locale.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer locale.Close()
 			doa.Nil(locale.Run())
 		case "czar":
@@ -167,12 +201,22 @@ func main() {
 			locale := daze.NewLocale(*flListen, daze.NewAimbot(client, &daze.AimbotOption{
 				Type: *flFilter,
 				Rule: *flRulels,
-				Cidr: *flCIDRls,
+				Cidr: *flCidrls,
 			}))
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				locale.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer locale.Close()
 			doa.Nil(locale.Run())
 		case "dahlia":
 			client := dahlia.NewClient(*flListen, *flServer, *flCipher)
+			if *flLimits != "" {
+				n := daze.SizeParser(*flLimits)
+				doa.Doa(n <= math.MaxInt)
+				client.Limits = rate.NewLimiter(rate.Limit(n), int(n))
+			}
 			defer client.Close()
 			doa.Nil(client.Run())
 		}