Forwarding Chain¶
Dynamic configuration
Forwarding chain supports dynamic configuration via Web API.
Forwarding chain is a list of node groups formed by several nodes grouped according to a specific level. Each level of node group is a hop, and data is forwarded through each hop in turn. Forwarding chain is an important module in GOST, it is the link for establishing connections between services.
The nodes in the forwarding chain are independent of each other, and each node can use different data channels and data processing protocols independently.
All -F parameters on the command line form a forwarding chain, and all services use this forwarding chain.
services:
- name: service-0
addr: ":8080"
handler:
type: http
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: 192.168.1.1:8080
connector:
type: http
dialer:
type: tls
- name: hop-1
nodes:
- name: node-0
addr: 192.168.1.2:1080
connector:
type: socks5
dialer:
type: ws
chain property.
Node Group¶
Each hop level can add multiple nodes to form a node group.
services:
- name: service-0
addr: ":8080"
handler:
type: http
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: 192.168.1.1:8080
connector:
type: http
dialer:
type: tls
- name: node-1
addr: 192.168.1.1:8081
connector:
type: http
dialer:
type: tls
- name: node-2
addr: 192.168.1.2:8082
connector:
type: http
dialer:
type: tls
- name: hop-1
nodes:
- name: node-0
addr: 192.168.0.1:1080
connector:
type: socks5
dialer:
type: ws
- name: node-1
addr: 192.168.0.1:1081
connector:
type: socks5
dialer:
type: ws
- name: node-2
addr: 192.168.0.2:1082
connector:
type: socks5
dialer:
type: ws
There are three nodes in the first hop level (hop-0): 192.168.1.1:8080(node-0), 192.168.1.1:8081(node-1), 192.168.1.2:8082(node-2). They use the same node configuration.
There are three nodes in the second hop level (hop-1): 192.168.0.1:1080(node-0),192.168.0.1:1081(node-1),192.168.0.2:1082(node-2). They use the same node configuration.
If you need to configure each node freely, you can use the configuration file.
Multiple types
services:
- name: service-0
addr: ":8080"
handler:
type: http
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: 192.168.1.1:8080
connector:
type: http
dialer:
type: tls
- name: node-1
addr: 192.168.1.1:8081
connector:
type: socks5
dialer:
type: ws
- name: node-2
addr: 192.168.1.2:8082
connector:
type: relay
dialer:
type: tls
- name: hop-1
nodes:
- name: node-0
addr: 192.168.0.1:1080
connector:
type: socks5
dialer:
type: ws
- name: node-1
addr: 192.168.0.1:1081
connector:
type: relay
dialer:
type: tls
- name: node-2
addr: 192.168.0.2:1082
connector:
type: http
dialer:
type: h2
Multiple Forwarding Chains¶
Multiple forwarding chains can be set in the configuration file, and different services can use different forwarding chains according to the chain names.
Example
services:
- name: service-0
addr: ":8080"
handler:
type: http
chain: chain-0
listener:
type: tcp
- name: service-1
addr: ":1080"
handler:
type: socks5
chain: chain-1
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: 192.168.1.1:8080
connector:
type: http
dialer:
type: tls
- name: chain-1
hops:
- name: hop-0
nodes:
- name: node-0
addr: 192.168.1.2:8082
connector:
type: relay
dialer:
type: tls
- name: hop-1
nodes:
- name: node-0
addr: 192.168.0.1:1080
connector:
type: socks5
dialer:
type: ws
- name: node-1
addr: 192.168.0.1:1081
connector:
type: relay
dialer:
type: tls
The service service-0 uses the forwarding chain chain-0, and the service service-1 uses the forwarding chain chain-1.
Chain Group¶
Listener or handler of a service can also use the chainGroup parameter to specify a chain group to use multiple chains. You can also set a Selector to specify the usage of the chains, the default selector strategy is round-robin.
Chain Group
services:
- name: service-0
addr: ":8080"
handler:
type: http
chainGroup:
chains:
- chain-0
- chain-1
selector:
strategy: round
maxFails: 1
failTimeout: 10s
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: :8081
connector:
type: http
dialer:
type: tcp
- name: chain-1
hops:
- name: hop-0
nodes:
- name: node-0
addr: :8082
connector:
type: http
dialer:
type: tcp
The service service-0 uses two chains chain-0 and chain-1 in a round-robin manner.
Virtual Node¶
If the service does not need to use an upper-stream proxy, a special virtual node (connector.type and dialer.type are both virtual) can be used to directly connect to the target address, and the node does not require a corresponding server, so the addr parameter of the node is ignored.
services:
- name: service-0
addr: ":8080"
handler:
type: auto
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
interface: eth0
connector:
type: virtual
dialer:
type: virtual
- name: node-1
interface: eth1
connector:
type: virtual
# metadata:
# action: reject
dialer:
type: virtual
Here node-0 and node-1 are virtual nodes. When the host is [multi-homed] (../tutorials/multi-homed.md), you can specify different interfaces for each node through the interface parameter, so that achieve load balancing at the network egress level.
You can also reject all connections by setting connector.metadata.action to reject.
Limitation
If the data channel of the node uses the UDP protocol, such as QUIC, KCP, etc., this node can only be used for the first level of the forwarding chain.