2个稳定版本
| 1.1.0 | 2024年2月24日 |
|---|---|
| 1.0.0 | 2024年1月19日 |
#1475 in 网络编程
每月26次下载
700KB
15K SLoC
尘暴
尘暴是一个SOCKS5代理服务器,是TornadoProxy的精神继承者,用Rust编写,旨在学习该语言。该项目包括一个名为Sandstorm的基于TCP的自定义监控协议,允许实时管理和监控服务器。该协议在服务器中实现,并提供了相应的客户端应用程序,包括高级TUI(终端用户界面)。
尘暴具有以下功能
- 适用于Windows和Linux
- 支持IPv4和IPv6,适用于SOCKS5和Sandstorm连接
- 支持SOCKS5(RFC 1928)TCP连接(仅支持“连接”命令)
- 支持连接到IPv4/IPv6/域名。如果域名解析出多个地址,将按此顺序尝试连接到这些地址
- 支持“无需认证”和“用户名/密码”认证方法,并且可以随时开启或关闭这些方法
- 将用户持久化到文件(默认为
users.txt),格式为人类可读(不打算用于安全目的) - 可以选择任意数量的套接字(地址:端口)来监听SOCKS5或Sandstorm连接
- 可以选择用于SOCKS5连接的缓冲区大小(默认为8KB)
- 详细日志记录,默认输出到标准输出,但也可以输出到文件,以及指标收集(总连接数、发送或接收的字节数等)
- 通过自定义Sandstorm协议提供广泛的远程监控功能,包括
- 列出/注册/更新/删除用户
- 关闭服务器
- 列出/添加/删除监听套接字(适用于SOCKS5或Sandstorm)
- 列出/启用/禁用认证方法
- 获取/设置缓冲区大小
- 实时日志/事件和指标
沙尘暴协议
本协议部分定义在 sandstorm_protocol.txt(但大部分的结构序列化定义在 Rust 中定义在 Rust 中)。
dust-devil-core 库包含了这个协议的 Rust 实现,该实现同时被服务器和客户端使用。这个库也可以在 crates.io 中作为独立库使用,并且在 docs.rs 中有详细的文档。
Sandstorm 是一个基于 TCP 的协议,它是流水线请求-响应和异步流的混合。客户端向服务器发送请求并得到响应,但是请求不一定按照发送的顺序被服务器处理或回答。添加或删除用户的多重请求保证在它们之间同步,但是在这之间的打开套接字请求可能会首先、最后,或者在这些之间任何位置被回答。关于 Sandstorm 请求同步规则的更多信息,请查看 sandstorm_protocol.txt 的 "Pipelining" 部分。
除此之外,客户端可以启用 事件流,这会使服务器发送异步实时事件流,这些事件穿插在请求响应之间。这些事件不仅仅是带有日志输出的字符串(尽管这些事件在服务器内部也被用来生成日志),而是以二进制格式序列化,包含详细的信息。
注意:事件以高效的二进制格式序列化,但如果客户端与服务器之间的连接速度不足以处理事件生成的速率,客户端的连接将被突然终止。
安装和使用
最简单的方式是使用来自 crates.io 的 cargo 进行安装
cargo install dust-devil
或者直接从 GitHub 安装
cargo install --git https://github.com/ThomasMiz/dust-devil.git dust-devil
无论哪种方式都会下载和编译服务器的代码及其所有依赖。一旦完成,服务器的可执行文件将以 dust-devil 的名称可用。
监控客户端也可以这样安装
cargo install dust-devil-sandstorm
或者直接从 GitHub 安装
cargo install --git https://github.com/ThomasMiz/dust-devil.git sandstorm
无论哪种方式都会下载和编译客户端的代码及其所有依赖。一旦完成,客户端的可执行文件将以 sandstorm 的名称可用。
服务器使用
服务器可以不进行任何设置,使用默认配置直接运行,并立即将日志输出到标准输出
$ dust-devil
[2024-02-23 16:08:39] Loading users from file users.txt
[2024-02-23 16:08:39] Error while loading users from file users.txt: IO error: The system cannot find the file specified. (os error 2)
[2024-02-23 16:08:39] Starting up with single default user admin:admin
[2024-02-23 16:08:39] Listening for socks5 client connections at [::]:1080
[2024-02-23 16:08:39] Listening for socks5 client connections at 0.0.0.0:1080
[2024-02-23 16:08:39] Listening for Sandstorm connections at [::]:2222
[2024-02-23 16:08:39] Listening for Sandstorm connections at 0.0.0.0:2222
服务器使用在帮助菜单中有详细说明(dust-devil -help)
Usage: dust-devil [options...]
Options:
-h, --help Display this help menu and exit
-V, --version Display the version number and exit
-v, --verbose Display additional information while running
-s, --silent Do not print logs to stdout
-d, --disable-events Disables events, logs, and all data collection
-o, --log-file <path> Append logs to the specified file
-l, --listen <address> Specify a socket address to listen for incoming SOCKS5 clients
-m, --management <address> Specify a socket address to listen for incoming Sandstorm clients
-U, --users-file <path> Load and save users to/from this file
-u, --user <user> Adds a new user
-A, --auth-enable <auth_type> Enables an authentication method
-a, --auth-disable <auth_type> Disables an authentication method
-b, --buffer-size <size> Sets the size of the buffer for client connections
By default, the server will print logs to stdout, but not to any file. Logging may be enabled to
both stdout and to file at the same time. If a log sink is not fast enough to keep up the pace with
the server, then messages on said sink may be lost, indicated by an error message printed only to
said sink.
Socket addresses may be specified as an IPv4 or IPv6 address, or a domainname, and may include a
port number. The -l/--listen and -m/--management parameter may be specified multiple times to
listen on many addresses. If no port is specified, then the default port of 1080 will be used for
socks5 and 2222 for Sandstorm. If no --listen parameter is specified, then [::]:1080 and
0.0.0.0:1080 will be used, and if no Sandstorm sockets are specified, then [::]:2222 and
0.0.0.0:2222 will be used.
Users are specified in the same format as each line on the users file, but for regular users you
may drop the role character. For example, -u "pedro:1234" would have the same effect as --user
"#pedro:1234", and admins may be added with, for example "@admin:secret".
For enabling or disabling authentication, the available authentication types are "noauth" and
"userpass". All authentication methods are enabled by default.
The default buffer size is 8KBs. Buffer sizes may be specified in bytes ('-b 8192'), kilobytes
('-b 8K'), megabytes ('-b 1M') or gigabytes ('-b 1G' if you respect your computer, please don't)
but may not be equal to nor larger than 4GBs.
Examples:
Starts the server listening for SOCKS5 clients on all IPv4 addresses on port 1080 and Sandstorm
clients on all IPv6 addresses on port 2222 (the ports are implicit), writing logs to a logs.txt
file and creating a new admin user called "pedro" with password "1234":
dust-devil -o logs.txt -l 0.0.0.0 -m [::] -u @pedro:1234
Starts the server with the default sockets listening for incoming SOCKS5 clients, but only allows
incoming management connections from localhost:3443. The buffer size for clients is set to 4096
bytes, logging and metrics are disabled:
dust-devil -m localhost:3443 -b 4k -d -s
Starts the server with the default listening sockets, diasbles "noauth" authentication (to force
clients to authenticate with a username and password), and creates three users: Admin user
'Nicolás' with password '#nicorules', regular user 'Greg:orio with password 'holus', and regular
user '#tade0' with password 'tadaa':
dust-devil -a noauth -u @Nicolás:#nicorules -u Greg\:orio::holus: -u ##tade0:tadaa
客户端使用
监控客户端至少需要指定凭证参数(因为监控客户端必须作为管理员用户对服务器进行身份验证)。凭证可以通过参数或通过 SANDSTORM_USER 环境变量指定。除非指定了 <地址>,否则客户端连接到服务器的地址为 localhost:2222。
客户端使用在帮助菜单中有详细说明(sandstorm -help)
Usage: sandstorm [options...]
Options:
-h, --help Display this help menu and exit
-V, --version Display the version number and exit
-v, --verbose Display additional information while running
-s, --silent Do not print to stdout
-x, --host <address> Specify the server to connect to
-c, --credentials <creds> Specify the user to log in as, in user:password format
-S, --shutdown Requests the server to shut down
-l, --list-socks5 Requests the server sends a list of socks5 sockets
-k, --add-socks5 <address> Requests the server opens a new socks5 socket
-r, --remove-socks5 <address> Requests the server removes an existing socks5 socket
-L, --list-sandstr Requests the server sends a list of Sandstorm sockets
-K, --add-sandstr <address> Requests the server opens a new Sandstorm socket
-R, --remove-sandstr <address> Requests the server removes an existing Sandstorm socket
-t, --list-users Requests the server adds a new user
-u, --add-user <user> Requests the server adds a new user
-p, --update-user <updt_user> Requests the server updates an existing user
-d, --delete-user <username> Requests the server deletes an existing user
-z, --list-auth Requests the server sends a list of auth methods
-A, --auth-enable <auth_type> Requests the server enables an authentication method
-a, --auth-disable <auth_type> Requests the server disables an authentication method
-m, --get-metrics Requests the server sends the current metrics
-B, --get-buffer-size Requests the server sends the current buffer size
-b, --set-buffer-size <size> Requests the server changes its buffer size
-w, --meow Requests a meow ping to the server
-o, --output-logs Remain open and print the server's logs to stdout
-i, --interactive Remains open with an advanced terminal UI interface
Socket addresses may be specified as an IPv4 or IPv6 address, or a domainname, and may include a
port number. If no port is specified, then the appropriate default will be used (1080 for Socks5
and 2222 for Sandstorm). If no -x/--host parameter is specified, then localhost:2222 will be used.
Credentials may be specified with the -c/--credentials argument, in username:password format. If no
credentials argument is specified, then the credentials will be taken from the SANDSTORM_USER
environment variable, which must follow the same format.
When adding a user, it is specified in the (role)?user:password format. For example, "#carlos:1234"
represents a regular user with username "carlos" and password "1234", and "@josé:4:4:4" represents
an admin user with username "josé" and password "4:4:4". If the role char is omitted, then a
regular user is assumed. Updating an existing user work much the same way, but the role char or
password may be omitted. Only the fields present will be updated, those omitted will not be
modified. To specify an username that contains a ':' character, you may escape it like so:
"#chi\:chí:4:3:2:1" (this produces a regular user "chi:chí" with password "4:3:2:1"). When deleting
an user, no escaping is necessary, as only the username is specified.
For enabling or disabling authentication, the available authentication types are "noauth" and
"userpass".
Buffer sizes may be specified in bytes ('-b 8192'), kilobytes ('-b 8K'), megabytes ('-b 1M') or
gigabytes ('-b 1G' if you respect your computer, please don't) but may not be equal to nor larger
than 4GBs.
The requests are done in the order in which they're specified and their results printed to stdout
(unless -s/--silent is specified). Pipelining will be used, so the requests are not guaranteed to
come back in the same order. The only ordering guarantees are those defined in the Sandstorm
protocol (so, for example, list/add/remove socks5 sockets operations are guaranteed to be handled
in order and answered in order, but an add user request in the middle of all that may not come back
in the same order).
The -o/--output-logs and -i/--interactive modes are mutually exclusive, only one may be enabled.
Examples:
Connects to the server at 192.168.1.1:2222 (the port is implicit), logs in with user 'admin'
password 'admin', and requests three consecutive meow pings:
sandstorm -x 192.168.1.1 -c admin:admin -w -w -w
Connects to the server at 10.4.20.1:8900, logs in with user 'pedro' password '1234', then requests
adding the admin user 'pedro' with password '1234', updates the role of user 'marcos' to regular
(the password is not changed), deletes the user 'josé', and finally lists all the users:
sandstorm -x 10.4.2.1:8900 -c pedro:1234 -u @pedro:1234 -p #marcos -d josé -t
Connects to the server at localhost:2222 (implicit) with user 'admin' and requests the current
buffer size and metrics:
sandstorm -c admin:admin -B -m
Connects to the server at localhost:2222 (implicit) with user 'admin' and shuts down the server:
sandstorm -c admin:admin -S
Connects to the server at localhost:2222 (implicit) with user 'admin', requests the list of
listening SOCKS5 sockets, and then leaves the connection open streaming server events and printing
them to stdout until manually closed (with Ctrl-C):
sandstorm -c admin:admin -l -o
Connects to the server at localhost:2222 (implicit) with user 'admin', sends three meow pings and
then opens the interactive TUI (Terminal User Interface)
sandstorm -c admin:admin -w -w -w -i
监控 TUI
前面提到的监控客户端提供了一种 "交互式" 模式,在这种模式下,应用程序会手动控制终端并打开一个高级界面。
此监控客户端提供了更友好的界面,同时仍然具有完整的功能,用于监控服务器,显示实时指标、事件和用法历史图表。
图库
依赖项
~9–22MB
~241K SLoC