Skip to content

Bypass

Traffic Control — Bypass

Bypass (traffic diversion) means dividing traffic according to certain rules and then performing corresponding actions on the divided traffic to achieve a degree of traffic control.

For example, in a company with strict network管控, traffic can be categorized as:

  • Illegal traffic — disallowed traffic, such as services the company blocks access to.
  • Intranet traffic — traffic to internal company servers, which is only valid within the company network and should not be forwarded externally.
  • External traffic — traffic to external services, which may need to go through the company's proxy server.

GOST v3 Dynamic Bypass Implementation

Original post: https://groups.google.com/g/go-gost/c/b9Z0BcqUArw.

Bypass (traffic diversion) routes requests through a forwarding chain or bypasses it based on certain rules. In GOST v3, this is implemented via the bypass component.

GOST v3 introduced a recorder module, which is an alternative logging mechanism. Unlike general logging, the recorder can capture specific data, such as all client IPs accessing a service or all destination addresses being accessed.

Both bypass and recorder gained Redis support in v3. Bypass can dynamically load rules from Redis, while recorder can store data in Redis.

Using these features together, you can implement automatic bypass similar to COW. By default, requests do not use the forwarding chain, but when a direct connection fails, the chain is used instead.