diff --git a/common.go b/common.go index 83d7f31..8cbd657 100644 --- a/common.go +++ b/common.go @@ -556,12 +556,8 @@ type Config struct { MaxTimeDiff time.Duration ShortIds map[[8]byte]bool - LimitFbUploadRate float64 - LimitFbUploadBurst int64 - LimitFbUploadAfter int64 - LimitFbDownloadRate float64 - LimitFbDownloadBurst int64 - LimitFbDownloadAfter int64 + LimitFallbackUpload LimitFallback + LimitFallbackDownload LimitFallback // Rand provides the source of entropy for nonces and RSA blinding. // If Rand is nil, TLS uses the cryptographic random reader in package @@ -953,6 +949,12 @@ func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) { return key } +type LimitFallback struct { + BytesPerSec float64 + BurstBytesPerSec int64 + AfterBytes int64 +} + // maxSessionTicketLifetime is the maximum allowed lifetime of a TLS 1.3 session // ticket, and the lifetime we set for all tickets we send. const maxSessionTicketLifetime = 7 * 24 * time.Hour @@ -977,12 +979,8 @@ func (c *Config) Clone() *Config { MaxClientVer: c.MaxClientVer, MaxTimeDiff: c.MaxTimeDiff, ShortIds: c.ShortIds, - LimitFbUploadRate: c.LimitFbUploadRate, - LimitFbUploadBurst: c.LimitFbUploadBurst, - LimitFbUploadAfter: c.LimitFbUploadAfter, - LimitFbDownloadRate: c.LimitFbDownloadRate, - LimitFbDownloadBurst: c.LimitFbDownloadBurst, - LimitFbDownloadAfter: c.LimitFbDownloadAfter, + LimitFallbackUpload: c.LimitFallbackUpload, + LimitFallbackDownload: c.LimitFallbackDownload, Rand: c.Rand, Time: c.Time, Certificates: c.Certificates, diff --git a/tls.go b/tls.go index 886df16..a9b1d34 100644 --- a/tls.go +++ b/tls.go @@ -247,14 +247,14 @@ func Server(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) { if config.Show && hs.clientHello != nil { fmt.Printf("REALITY remoteAddr: %v\tforwarded SNI: %v\n", remoteAddr, hs.clientHello.serverName) } - if config.LimitFbUploadRate == 0 || config.LimitFbUploadBurst == 0 { + if config.LimitFallbackUpload.BytesPerSec == 0 || config.LimitFallbackUpload.BurstBytesPerSec == 0 { io.Copy(target, underlying) } else { // Limit upload speed for fallback connection io.Copy(target, &RatelimitedConn{ Conn: underlying, - Bucket: ratelimit.NewBucketWithRate(config.LimitFbUploadRate, config.LimitFbUploadBurst), - LimitAfter: config.LimitFbUploadAfter - config.LimitFbUploadBurst, + Bucket: ratelimit.NewBucketWithRate(config.LimitFallbackUpload.BytesPerSec, config.LimitFallbackUpload.BurstBytesPerSec), + LimitAfter: config.LimitFallbackUpload.AfterBytes - config.LimitFallbackUpload.BurstBytesPerSec, }) } } @@ -387,28 +387,28 @@ func Server(ctx context.Context, conn net.Conn, config *Config) (*Conn, error) { if hs.c.conn == conn { // if we processed the Client Hello successfully but the target did not waitGroup.Add(1) go func() { - if config.LimitFbUploadRate == 0 || config.LimitFbUploadBurst == 0 { + if config.LimitFallbackUpload.BytesPerSec == 0 || config.LimitFallbackUpload.BurstBytesPerSec == 0 { io.Copy(target, underlying) } else { // Limit upload speed for fallback connection (handshake ok but hello failed) io.Copy(target, &RatelimitedConn{ Conn: underlying, - Bucket: ratelimit.NewBucketWithRate(config.LimitFbUploadRate, config.LimitFbUploadBurst), - LimitAfter: config.LimitFbUploadAfter - config.LimitFbUploadBurst, + Bucket: ratelimit.NewBucketWithRate(config.LimitFallbackUpload.BytesPerSec, config.LimitFallbackUpload.BurstBytesPerSec), + LimitAfter: config.LimitFallbackUpload.AfterBytes - config.LimitFallbackUpload.BurstBytesPerSec, }) } waitGroup.Done() }() } conn.Write(s2cSaved) - if config.LimitFbDownloadRate == 0 || config.LimitFbDownloadBurst == 0 { + if config.LimitFallbackDownload.BytesPerSec == 0 || config.LimitFallbackDownload.BurstBytesPerSec == 0 { io.Copy(underlying, target) } else { // Limit download speed for fallback connection io.Copy(underlying, &RatelimitedConn{ Conn: target, - Bucket: ratelimit.NewBucketWithRate(config.LimitFbDownloadRate, config.LimitFbDownloadBurst), - LimitAfter: config.LimitFbDownloadAfter - config.LimitFbDownloadBurst, + Bucket: ratelimit.NewBucketWithRate(config.LimitFallbackDownload.BytesPerSec, config.LimitFallbackDownload.BurstBytesPerSec), + LimitAfter: config.LimitFallbackDownload.AfterBytes - config.LimitFallbackDownload.BurstBytesPerSec, }) } // Here is bidirectional direct forwarding: