Merge pull request #75 from NodePassProject/main

Add TCP support control, TLS certificate verification improvements, Connection pool and codebase refactoring

Author: yosebyte

docs/en/api.md

@@ -1582,4 +1582,5 @@ Examples:
 | `rate` | Bandwidth rate limit | Integer (Mbps), 0=unlimited | `0` | Both |
 | `slot` | Connection slot count | Integer (1-65536) | `65536` | Both |
 | `proxy` | PROXY protocol support | `0`(disabled), `1`(enabled) | `0` | Both |
+| `notcp` | TCP support control | `0`(enabled), `1`(disabled) | `0` | Both |
 | `noudp` | UDP support control | `0`(enabled), `1`(disabled) | `0` | Both |

docs/en/configuration.md

@@ -262,6 +262,43 @@ nodepass "server://0.0.0.0:10101/0.0.0.0:8080?log=info&tls=1&proxy=1&rate=100"
 - The header format follows the HAProxy PROXY protocol v1 specification
 - If the target service doesn't support PROXY protocol, connections may fail or behave unexpectedly
 
+## TCP Support Control
+
+NodePass supports TCP traffic tunneling by default. The `notcp` parameter allows you to disable TCP support when only UDP traffic needs to be handled, which can reduce resource usage and simplify configuration.
+
+- `notcp`: TCP support control (default: 0)
+  - Value 0: TCP support enabled - both TCP and UDP traffic will be tunneled
+  - Value 1: TCP support disabled - only UDP traffic will be tunneled, TCP connections are ignored
+  - Applies to both client and server modes
+  - When disabled, TCP-related resources (buffers, connections, sessions) are not allocated
+
+Example:
+```bash
+# Enable TCP support (default behavior)
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?notcp=0"
+
+# Disable TCP support for UDP-only scenarios
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?notcp=1"
+
+# Client with TCP disabled
+nodepass "client://server.example.com:10101/127.0.0.1:8080?notcp=1"
+
+# Combined with other parameters
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?log=info&tls=1&notcp=1"
+```
+
+**TCP Support Control Use Cases:**
+- **UDP-Only Services**: Disable TCP when tunneling only UDP-based applications
+- **Resource Optimization**: Reduce memory and CPU usage by avoiding TCP processing overhead
+- **Security**: Prevent TCP-based attacks or unwanted traffic in restricted environments
+- **Simplified Configuration**: Easier setup when TCP tunneling is not required
+- **Network Isolation**: Isolate TCP and UDP traffic handling for better control
+
+**Important Notes:**
+- When TCP is disabled, any TCP connections sent to the tunnel will be silently dropped
+- Existing TCP sessions will be terminated when switching to notcp=1
+- TCP buffer pools and session management are disabled when notcp=1
+
 ## UDP Support Control
 
 NodePass supports UDP traffic tunneling in addition to TCP. The `noudp` parameter allows you to disable UDP support when only TCP traffic needs to be handled, which can reduce resource usage and simplify configuration.
@@ -373,6 +410,7 @@ NodePass allows flexible configuration via URL query parameters. The following t
 | `rate`    | Bandwidth rate limit  | `0`     |   O    |   O    |   X    |
 | `slot`    | Maximum connection limit | `65536` |   O    |   O    |   X    |
 | `proxy`   | PROXY protocol support| `0`     |   O    |   O    |   X    |
+| `notcp`   | TCP support control    | `0`     |   O    |   O    |   X    |
 | `noudp`   | UDP support control    | `0`     |   O    |   O    |   X    |
 
 - O: Parameter is valid and recommended for configuration
@@ -383,6 +421,7 @@ NodePass allows flexible configuration via URL query parameters. The following t
 - For client/server dual-end handshake modes, adjust connection pool capacity (`min`, `max`) based on traffic and resource constraints for optimal performance.
 - Use run mode control (`mode`) when automatic detection doesn't match your deployment requirements or for consistent behavior across environments.
 - Configure rate limiting (`rate`) to control bandwidth usage and prevent network congestion in shared environments.
+- Set `notcp=1` when only UDP traffic needs to be tunneled to reduce resource usage and simplify configuration.
 - Set `noudp=1` when only TCP traffic needs to be tunneled to reduce resource usage and simplify configuration.
 - Log level (`log`) can be set in all modes for easier operations and troubleshooting.
 

docs/zh/api.md

@@ -1582,4 +1582,5 @@ client://<server_host>:<server_port>/<local_host>:<local_port>?<parameters>
 | `rate` | 带宽速率限制 | 整数 (Mbps), 0=无限制 | `0` | 两者 |
 | `slot` | 连接槽位数 | 整数 (1-65536) | `65536` | 两者 |
 | `proxy` | PROXY协议支持 | `0`(禁用), `1`(启用) | `0` | 两者 |
+| `notcp` | TCP支持控制 | `0`(启用), `1`(禁用) | `0` | 两者 |
 | `noudp` | UDP支持控制 | `0`(启用), `1`(禁用) | `0` | 两者 |

docs/zh/configuration.md

@@ -262,6 +262,43 @@ nodepass "server://0.0.0.0:10101/0.0.0.0:8080?log=info&tls=1&proxy=1&rate=100"
 - 头部格式遵循HAProxy PROXY协议v1规范
 - 如果目标服务不支持PROXY协议，将导致连接失败
 
+## TCP支持控制
+
+NodePass默认支持TCP流量隧道。`notcp`参数允许您在只需要处理UDP流量时禁用TCP支持，这样可以减少资源使用并简化配置。
+
+- `notcp`: TCP支持控制（默认: 0）
+  - 值为0：启用TCP支持 - TCP和UDP流量都将被隧道传输
+  - 值为1：禁用TCP支持 - 仅UDP流量将被隧道传输，TCP连接被忽略
+  - 适用于客户端和服务器模式
+  - 禁用时，不分配TCP相关资源（缓冲区、连接、会话）
+
+示例：
+```bash
+# 启用TCP支持（默认行为）
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?notcp=0"
+
+# 禁用TCP支持，仅处理UDP场景
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?notcp=1"
+
+# 客户端禁用TCP
+nodepass "client://server.example.com:10101/127.0.0.1:8080?notcp=1"
+
+# 与其他参数结合
+nodepass "server://0.0.0.0:10101/0.0.0.0:8080?log=info&tls=1&notcp=1"
+```
+
+**TCP支持控制使用场景：**
+- **仅UDP服务**：仅需要隧道传输UDP应用时禁用TCP
+- **资源优化**：通过避免TCP处理开销减少内存和CPU使用
+- **安全性**：防止受限环境中的TCP攻击或不需要的流量
+- **简化配置**：不需要TCP隧道时更容易设置
+- **网络隔离**：更好地控制TCP和UDP流量处理
+
+**重要说明：**
+- 禁用TCP时，发送到隧道的任何TCP连接将被静默丢弃
+- 切换到notcp=1时，现有的TCP会话将被终止
+- 当notcp=1时，TCP缓冲池和会话管理被禁用
+
 ## UDP支持控制
 
 除了TCP之外，NodePass还支持UDP流量隧道。`noudp`参数允许您在只需要处理TCP流量时禁用UDP支持，这样可以减少资源使用并简化配置。
@@ -373,6 +410,7 @@ NodePass支持通过URL查询参数进行灵活配置，不同参数在 server
 | `rate`    | 带宽速率限制         | `0`       |   O    |   O    |   X    |
 | `slot`    | 最大连接数限制       | `65536`   |   O    |   O    |   X    |
 | `proxy`   | PROXY协议支持        | `0`       |   O    |   O    |   X    |
+| `notcp`   | TCP支持控制          | `0`       |   O    |   O    |   X    |
 | `noudp`   | UDP支持控制          | `0`       |   O    |   O    |   X    |
 
 - O：参数有效，推荐根据实际场景配置
@@ -383,6 +421,7 @@ NodePass支持通过URL查询参数进行灵活配置，不同参数在 server
 - client/server 双端握手模式建议根据流量和资源情况调整连接池容量（min/max），优化性能。
 - 当自动检测不符合部署需求时或需要跨环境一致行为时，使用运行模式控制（mode）。
 - 配置速率限制（rate）以控制带宽使用，防止共享环境中的网络拥塞。
+- 仅需要隧道传输UDP流量时设置`notcp=1`，以减少资源使用并简化配置。
 - 仅需要隧道传输TCP流量时设置`noudp=1`，以减少资源使用并简化配置。
 - 日志级别（log）可在所有模式下灵活调整，便于运维和排查。
 

go.mod

@@ -6,5 +6,5 @@ require (
 	github.com/NodePassProject/cert v1.0.1
 	github.com/NodePassProject/conn v1.0.16
 	github.com/NodePassProject/logs v1.0.3
-	github.com/NodePassProject/pool v1.0.48
+	github.com/NodePassProject/pool v1.0.49
 )

go.sum

@@ -4,5 +4,5 @@ github.com/NodePassProject/conn v1.0.16 h1:ojHfyBveZMcyOikdUs1SOW4yKp92NOBnNhfNe
 github.com/NodePassProject/conn v1.0.16/go.mod h1:xfQ7ZLUxrtdLsljGHYYCToW+Hdg6DAbmL1Cs94n5h6E=
 github.com/NodePassProject/logs v1.0.3 h1:CDUZVQ477vmmFQHazrQCWM0gJPNINm0C2N3FzC4jVyw=
 github.com/NodePassProject/logs v1.0.3/go.mod h1:TwtPXOzLtb8iH+fdduQjEEywICXivsM39cy9AinMSks=
-github.com/NodePassProject/pool v1.0.48 h1:99pCHQYtmH5sVIB0vY+KbV4zyWSH6ptHgkKtxDnjpqQ=
-github.com/NodePassProject/pool v1.0.48/go.mod h1:joQFk1oocg56QpJ1QK/2g5Jv/AyqYUQgPXMG1gWe8iA=
+github.com/NodePassProject/pool v1.0.49 h1:gktVmE+GsQ0/C0MF8qgRraR7eS3na4k0QrQfR6o4fkM=
+github.com/NodePassProject/pool v1.0.49/go.mod h1:joQFk1oocg56QpJ1QK/2g5Jv/AyqYUQgPXMG1gWe8iA=

internal/client.go

@@ -45,7 +45,6 @@ func NewClient(parsedURL *url.URL, logger *logs.Logger) (*Client, error) {
 					return &buf
 				},
 			},
-			cleanURL: &url.URL{Scheme: "np", Fragment: "c"},
 			flushURL: &url.URL{Scheme: "np", Fragment: "f"},
 			pingURL:  &url.URL{Scheme: "np", Fragment: "i"},
 			pongURL:  &url.URL{Scheme: "np", Fragment: "o"},
@@ -62,9 +61,9 @@ func NewClient(parsedURL *url.URL, logger *logs.Logger) (*Client, error) {
 // Run 管理客户端生命周期
 func (c *Client) Run() {
 	logInfo := func(prefix string) {
-		c.logger.Info("%v: client://%v@%v/%v?min=%v&mode=%v&read=%v&rate=%v&slot=%v&proxy=%v&noudp=%v",
+		c.logger.Info("%v: client://%v@%v/%v?min=%v&mode=%v&read=%v&rate=%v&slot=%v&proxy=%v&notcp=%v&noudp=%v",
 			prefix, c.tunnelKey, c.tunnelTCPAddr, c.getTargetAddrsString(),
-			c.minPoolCapacity, c.runMode, c.readTimeout, c.rateLimit/125000, c.slotLimit, c.proxyProtocol, c.disableUDP)
+			c.minPoolCapacity, c.runMode, c.readTimeout, c.rateLimit/125000, c.slotLimit, c.proxyProtocol, c.disableTCP, c.disableUDP)
 	}
 	logInfo("Client started")
 
@@ -157,13 +156,15 @@ func (c *Client) commonStart() error {
 		})
 	go c.tunnelPool.ClientManager()
 
+	// 判断数据流向
 	if c.dataFlow == "+" {
-		// 初始化目标监听器
 		if err := c.initTargetListener(); err != nil {
 			return fmt.Errorf("commonStart: initTargetListener failed: %w", err)
 		}
 		go c.commonLoop()
 	}
+
+	// 启动共用控制
 	if err := c.commonControl(); err != nil {
 		return fmt.Errorf("commonStart: commonControl failed: %w", err)
 	}