From 4a5c00286e2162b0d168494d2cb6402f16162eb4 Mon Sep 17 00:00:00 2001
From: fatedier <fatedier@gmail.com>
Date: Tue, 24 Apr 2018 01:26:05 +0800
Subject: [PATCH 1/2] doc: update
---
README.md | 16 ++++-----
README_zh.md | 15 +++-----
conf/frps_full.ini | 2 +-
models/config/server_common.go | 66 +++++++++++++++++-----------------
server/service.go | 4 +--
tests/conf/auto_test_frps.ini | 2 +-
tests/func_test.go | 2 +-
7 files changed, 49 insertions(+), 58 deletions(-)
diff --git a/README.md b/README.md
index 2ecdd253..ca1ed5ce 100644
--- a/README.md
+++ b/README.md
@@ -31,8 +31,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
* [Encryption and Compression](#encryption-and-compression)
* [Hot-Reload frpc configuration](#hot-reload-frpc-configuration)
* [Get proxy status from client](#get-proxy-status-from-client)
- * [Privilege Mode](#privilege-mode)
- * [Port White List](#port-white-list)
+ * [Port White List](#port-white-list)
* [TCP Stream Multiplexing](#tcp-stream-multiplexing)
* [Support KCP Protocol](#support-kcp-protocol)
* [Connection Pool](#connection-pool)
@@ -42,6 +41,7 @@ frp is a fast reverse proxy to help you expose a local server behind a NAT or fi
* [Custom subdomain names](#custom-subdomain-names)
* [URL routing](#url-routing)
* [Connect frps by HTTP PROXY](#connect-frps-by-http-proxy)
+ * [Range ports mapping](#range-ports-mapping)
* [Plugin](#plugin)
* [Development Plan](#development-plan)
* [Contributing](#contributing)
@@ -422,21 +422,17 @@ Then run command `frpc reload -c ./frpc.ini` and wait for about 10 seconds to le
Use `frpc status -c ./frpc.ini` to get status of all proxies. You need to set admin port in frpc's configure file.
-### Privilege Mode
+### Port White List
-Privilege mode is the default and only mode support in frp since v0.10.0. All proxy configurations are set in client.
-
-#### Port White List
-
-`privilege_allow_ports` in frps.ini is used for preventing abuse of ports:
+`allow_ports` in frps.ini is used for preventing abuse of ports:
```ini
# frps.ini
[common]
-privilege_allow_ports = 2000-3000,3001,3003,4000-50000
+allow_ports = 2000-3000,3001,3003,4000-50000
```
-`privilege_allow_ports` consists of a specific port or a range of ports divided by `,`.
+`allow_ports` consists of a specific port or a range of ports divided by `,`.
### TCP Stream Multiplexing
diff --git a/README_zh.md b/README_zh.md
index fe843548..ee11011f 100644
--- a/README_zh.md
+++ b/README_zh.md
@@ -29,8 +29,7 @@ frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp
* [加密与压缩](#加密与压缩)
* [客户端热加载配置文件](#客户端热加载配置文件)
* [客户端查看代理状态](#客户端查看代理状态)
- * [特权模式](#特权模式)
- * [端口白名单](#端口白名单)
+ * [端口白名单](#端口白名单)
* [TCP 多路复用](#tcp-多路复用)
* [底层通信可选 kcp 协议](#底层通信可选-kcp-协议)
* [连接池](#连接池)
@@ -450,21 +449,17 @@ admin_port = 7400
frpc 支持通过 `frpc status -c ./frpc.ini` 命令查看代理的状态信息,此功能需要在 frpc 中配置 admin 端口。
-### 特权模式
+### 端口白名单
-由于从 v0.10.0 版本开始,所有 proxy 都在客户端配置,原先的特权模式是目前唯一支持的模式。
-
-#### 端口白名单
-
-为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 privilege_allow_ports 来指定:
+为了防止端口被滥用,可以手动指定允许哪些端口被使用,在 frps.ini 中通过 `allow_ports` 来指定:
```ini
# frps.ini
[common]
-privilege_allow_ports = 2000-3000,3001,3003,4000-50000
+allow_ports = 2000-3000,3001,3003,4000-50000
```
-privilege_allow_ports 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。
+`allow_ports` 可以配置允许使用的某个指定端口或者是一个范围内的所有端口,以 `,` 分隔,指定的范围以 `-` 分隔。
### TCP 多路复用
diff --git a/conf/frps_full.ini b/conf/frps_full.ini
index a808cc36..34a48db5 100644
--- a/conf/frps_full.ini
+++ b/conf/frps_full.ini
@@ -47,7 +47,7 @@ token = 12345678
# heartbeat_timeout = 90
# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
-privilege_allow_ports = 2000-3000,3001,3003,4000-50000
+allow_ports = 2000-3000,3001,3003,4000-50000
# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5
diff --git a/models/config/server_common.go b/models/config/server_common.go
index 20b37d8a..19e1a1d2 100644
--- a/models/config/server_common.go
+++ b/models/config/server_common.go
@@ -68,40 +68,40 @@ type ServerCommonConf struct {
SubDomainHost string `json:"subdomain_host"`
TcpMux bool `json:"tcp_mux"`
- PrivilegeAllowPorts map[int]struct{}
- MaxPoolCount int64 `json:"max_pool_count"`
- MaxPortsPerClient int64 `json:"max_ports_per_client"`
- HeartBeatTimeout int64 `json:"heart_beat_timeout"`
- UserConnTimeout int64 `json:"user_conn_timeout"`
+ AllowPorts map[int]struct{}
+ MaxPoolCount int64 `json:"max_pool_count"`
+ MaxPortsPerClient int64 `json:"max_ports_per_client"`
+ HeartBeatTimeout int64 `json:"heart_beat_timeout"`
+ UserConnTimeout int64 `json:"user_conn_timeout"`
}
func GetDefaultServerConf() *ServerCommonConf {
return &ServerCommonConf{
- BindAddr: "0.0.0.0",
- BindPort: 7000,
- BindUdpPort: 0,
- KcpBindPort: 0,
- ProxyBindAddr: "0.0.0.0",
- VhostHttpPort: 0,
- VhostHttpsPort: 0,
- DashboardAddr: "0.0.0.0",
- DashboardPort: 0,
- DashboardUser: "admin",
- DashboardPwd: "admin",
- AssetsDir: "",
- LogFile: "console",
- LogWay: "console",
- LogLevel: "info",
- LogMaxDays: 3,
- Token: "",
- AuthTimeout: 900,
- SubDomainHost: "",
- TcpMux: true,
- PrivilegeAllowPorts: make(map[int]struct{}),
- MaxPoolCount: 5,
- MaxPortsPerClient: 0,
- HeartBeatTimeout: 90,
- UserConnTimeout: 10,
+ BindAddr: "0.0.0.0",
+ BindPort: 7000,
+ BindUdpPort: 0,
+ KcpBindPort: 0,
+ ProxyBindAddr: "0.0.0.0",
+ VhostHttpPort: 0,
+ VhostHttpsPort: 0,
+ DashboardAddr: "0.0.0.0",
+ DashboardPort: 0,
+ DashboardUser: "admin",
+ DashboardPwd: "admin",
+ AssetsDir: "",
+ LogFile: "console",
+ LogWay: "console",
+ LogLevel: "info",
+ LogMaxDays: 3,
+ Token: "",
+ AuthTimeout: 900,
+ SubDomainHost: "",
+ TcpMux: true,
+ AllowPorts: make(map[int]struct{}),
+ MaxPoolCount: 5,
+ MaxPortsPerClient: 0,
+ HeartBeatTimeout: 90,
+ UserConnTimeout: 10,
}
}
@@ -232,16 +232,16 @@ func UnmarshalServerConfFromIni(defaultCfg *ServerCommonConf, content string) (c
cfg.Token, _ = conf.Get("common", "token")
- if allowPortsStr, ok := conf.Get("common", "privilege_allow_ports"); ok {
+ if allowPortsStr, ok := conf.Get("common", "allow_ports"); ok {
// e.g. 1000-2000,2001,2002,3000-4000
ports, errRet := util.ParseRangeNumbers(allowPortsStr)
if errRet != nil {
- err = fmt.Errorf("Parse conf error: privilege_allow_ports: %v", errRet)
+ err = fmt.Errorf("Parse conf error: allow_ports: %v", errRet)
return
}
for _, port := range ports {
- cfg.PrivilegeAllowPorts[int(port)] = struct{}{}
+ cfg.AllowPorts[int(port)] = struct{}{}
}
}
diff --git a/server/service.go b/server/service.go
index 82b1a35b..48f49e07 100644
--- a/server/service.go
+++ b/server/service.go
@@ -76,8 +76,8 @@ func NewService() (svr *Service, err error) {
ctlManager: NewControlManager(),
pxyManager: NewProxyManager(),
visitorManager: NewVisitorManager(),
- tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts),
- udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.PrivilegeAllowPorts),
+ tcpPortManager: NewPortManager("tcp", cfg.ProxyBindAddr, cfg.AllowPorts),
+ udpPortManager: NewPortManager("udp", cfg.ProxyBindAddr, cfg.AllowPorts),
}
// Init assets.
diff --git a/tests/conf/auto_test_frps.ini b/tests/conf/auto_test_frps.ini
index 193a1087..fc62c39b 100644
--- a/tests/conf/auto_test_frps.ini
+++ b/tests/conf/auto_test_frps.ini
@@ -5,5 +5,5 @@ vhost_http_port = 10804
log_file = ./frps.log
log_level = debug
token = 123456
-privilege_allow_ports = 10000-20000,20002,30000-50000
+allow_ports = 10000-20000,20002,30000-50000
subdomain_host = sub.com
diff --git a/tests/func_test.go b/tests/func_test.go
index 4da74168..94b1d040 100644
--- a/tests/func_test.go
+++ b/tests/func_test.go
@@ -209,7 +209,7 @@ func TestWebSocket(t *testing.T) {
assert.Equal(TEST_HTTP_NORMAL_STR, string(msg))
}
-func TestPrivilegeAllowPorts(t *testing.T) {
+func TestAllowPorts(t *testing.T) {
assert := assert.New(t)
// Port not allowed
status, err := getProxyStatus(ProxyTcpPortNotAllowed)
From 9abbe3379033dc07c71d85209587b701951d1018 Mon Sep 17 00:00:00 2001
From: fatedier <fatedier@gmail.com>
Date: Tue, 24 Apr 2018 01:51:52 +0800
Subject: [PATCH 2/2] typo
---
cmd/frpc/sub/stcp.go | 4 ++--
cmd/frpc/sub/xtcp.go | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/cmd/frpc/sub/stcp.go b/cmd/frpc/sub/stcp.go
index 66585ad3..45229a0e 100644
--- a/cmd/frpc/sub/stcp.go
+++ b/cmd/frpc/sub/stcp.go
@@ -47,8 +47,8 @@ func init() {
}
var stcpCmd = &cobra.Command{
- Use: "http",
- Short: "Run frpc with a single http proxy",
+ Use: "stcp",
+ Short: "Run frpc with a single stcp proxy",
RunE: func(cmd *cobra.Command, args []string) error {
err := parseClientCommonCfg(CfgFileTypeCmd, "")
if err != nil {
diff --git a/cmd/frpc/sub/xtcp.go b/cmd/frpc/sub/xtcp.go
index 53bd1374..09ea8921 100644
--- a/cmd/frpc/sub/xtcp.go
+++ b/cmd/frpc/sub/xtcp.go
@@ -47,8 +47,8 @@ func init() {
}
var xtcpCmd = &cobra.Command{
- Use: "http",
- Short: "Run frpc with a single http proxy",
+ Use: "xtcp",
+ Short: "Run frpc with a single xtcp proxy",
RunE: func(cmd *cobra.Command, args []string) error {
err := parseClientCommonCfg(CfgFileTypeCmd, "")
if err != nil {