MCPcopy Index your code
hub / github.com/nadoo/glider

github.com/nadoo/glider @v0.16.4 sqlite

repository ↗ · DeepWiki ↗ · release v0.16.4 ↗
1,144 symbols 3,536 edges 135 files 617 documented · 54%
README

glider

Go Version Go Report Card GitHub release Actions Status DockerHub

glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).

we can set up local listeners as proxy servers, and forward requests to internet via forwarders.

                |Forwarder ----------------->|
   Listener --> |                            | Internet
                |Forwarder --> Forwarder->...|

Features

  • Act as both proxy client and proxy server(protocol converter)
  • Flexible proxy & protocol chains
  • Load balancing with the following scheduling algorithm:
  • rr: round robin
  • ha: high availability
  • lha: latency based high availability
  • dh: destination hashing
  • Rule & priority based forwarder choosing: Config Examples
  • DNS forwarding server:
  • dns over proxy
  • force upstream querying by tcp
  • association rules between dns and forwarder choosing
  • association rules between dns and ipset
  • dns cache support
  • custom dns record
  • IPSet management (linux kernel version >= 2.6.32):
  • add ip/cidrs from rule files on startup
  • add resolved ips for domains from rule files by dns forwarding server
  • Serve http and socks5 on the same port
  • Periodical availability checking for forwarders
  • Send requests from specific local ip/interface
  • Services:
  • dhcpd: a simple dhcp server that can run in failover mode

Protocols

click to see details

Protocol Listen/TCP Listen/UDP Forward/TCP Forward/UDP Description
Mixed http+socks5 server
HTTP client & server
SOCKS5 client & server
SS client & server
Trojan client & server
Trojanc trojan cleartext(without tls)
VLESS client & server
VMess client only
SSR client only
SSH client only
SOCKS4 client only
SOCKS4A client only
TCP tcp tunnel client & server
UDP udp tunnel client & server
TLS transport client & server
KCP transport client & server
Unix transport client & server
VSOCK transport client & server
Smux transport client & server
Websocket(WS) transport client & server
WS Secure websocket secure (wss)
Proxy Protocol version 1 server only
Simple-Obfs transport client only
Redir linux redirect proxy
Redir6 linux redirect proxy(ipv6)
TProxy linux tproxy(udp only)
Reject reject all requests

Install

  • Binary: https://github.com/nadoo/glider/releases
  • Docker: docker pull nadoo/glider
  • Manjaro: pamac install glider
  • ArchLinux: sudo pacman -S glider
  • Homebrew: brew install glider
  • MacPorts: sudo port install glider
  • Source: go install github.com/nadoo/glider@latest

Usage

Run

glider -verbose -listen :8443
# docker run --rm -it nadoo/glider -verbose -listen :8443

Help

glider -help

Usage: glider [-listen URL]... [-forward URL]... [OPTION]...

  e.g. glider -config /etc/glider/glider.conf
       glider -listen :8443 -forward socks5://serverA:1080 -forward socks5://serverB:1080 -verbose

OPTION:
  -check string
        check=tcp[://HOST:PORT]: tcp port connect check
        check=http://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE]
        check=https://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE]
        check=file://SCRIPT_PATH: run a check script, healthy when exitcode=0, env vars: FORWARDER_ADDR,FORWARDER_URL
        check=disable: disable health check (default "http://www.msftconnecttest.com/connecttest.txt#expect=200")
  -checkdisabledonly
        check disabled fowarders only
  -checkinterval int
        fowarder check interval(seconds) (default 30)
  -checklatencysamples int
        use the average latency of the latest N checks (default 10)
  -checktimeout int
        fowarder check timeout(seconds) (default 10)
  -checktolerance int
        fowarder check tolerance(ms), switch only when new_latency < old_latency - tolerance, only used in lha mode
  -config string
        config file path
  -dialtimeout int
        dial timeout(seconds) (default 3)
  -dns string
        local dns server listen address
  -dnsalwaystcp
        always use tcp to query upstream dns servers no matter there is a forwarder or not
  -dnscachelog
        show query log of dns cache
  -dnscachesize int
        max number of dns response in CACHE (default 4096)
  -dnsmaxttl int
        maximum TTL value for entries in the CACHE(seconds) (default 1800)
  -dnsminttl int
        minimum TTL value for entries in the CACHE(seconds)
  -dnsnoaaaa
        disable AAAA query
  -dnsrecord value
        custom dns record, format: domain/ip
  -dnsserver value
        remote dns server address
  -dnstimeout int
        timeout value used in multiple dnsservers switch(seconds) (default 3)
  -example
        show usage examples
  -forward value
        forward url, see the URL section below
  -include value
        include file
  -interface string
        source ip or source interface
  -listen value
        listen url, see the URL section below
  -logflags int
        do not change it if you do not know what it is, ref: https://pkg.go.dev/log#pkg-constants (default 19)
  -maxfailures int
        max failures to change forwarder status to disabled (default 3)
  -relaytimeout int
        relay timeout(seconds)
  -rulefile value
        rule file path
  -rules-dir string
        rule file folder
  -scheme string
        show help message of proxy scheme, use 'all' to see all schemes
  -service value
        run specified services, format: SERVICE_NAME[,SERVICE_CONFIG]
  -strategy string
        rr: Round Robin mode
        ha: High Availability mode
        lha: Latency based High Availability mode
        dh: Destination Hashing mode (default "rr")
  -tcpbufsize int
        tcp buffer size in Bytes (default 32768)
  -udpbufsize int
        udp buffer size in Bytes (default 2048)
  -verbose
        verbose mode

URL:
   proxy: SCHEME://[USER:PASS@][HOST]:PORT
   chain: proxy,proxy[,proxy]...

    e.g. -listen socks5://:1080
         -listen tls://:443?cert=crtFilePath&key=keyFilePath,http://    (protocol chain)

    e.g. -forward socks5://server:1080
         -forward tls://server.com:443,http://                          (protocol chain)
         -forward socks5://serverA:1080,socks5://serverB:1080           (proxy chain)

SCHEME:
   listen : http kcp mixed pxyproto redir redir6 smux sni socks5 ss tcp tls tproxy trojan trojanc udp unix vless vsock ws wss
   forward: direct http kcp reject simple-obfs smux socks4 socks4a socks5 ss ssh ssr tcp tls trojan trojanc udp unix vless vmess vsock ws wss

   Note: use 'glider -scheme all' or 'glider -scheme SCHEME' to see help info for the scheme.

--
Forwarder Options: FORWARD_URL#OPTIONS
   priority : the priority of that forwarder, the larger the higher, default: 0
   interface: the local interface or ip address used to connect remote server.

   e.g. -forward socks5://server:1080#priority=100
        -forward socks5://server:1080#interface=eth0
        -forward socks5://server:1080#priority=100&interface=192.168.1.99

Services:
   dhcpd: service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
          service=dhcpd-failover,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
     e.g. service=dhcpd,eth1,192.168.1.100,192.168.1.199,720

--
Help:
   glider -help
   glider -scheme all
   glider -example

see README.md and glider.conf.example for more details.
--
glider 0.16.4, https://github.com/nadoo/glider (glider.proxy@gmail.com)

Schemes

glider -scheme all

Direct scheme:
  direct://

Only needed when you want to specify the outgoing interface:
  glider -verbose -listen :8443 -forward direct://#interface=eth0

Or load balance multiple interfaces directly:
  glider -verbose -listen :8443 -forward direct://#interface=eth0 -forward direct://#interface=eth1 -strategy rr

Or you can use the high availability mode:
  glider -verbose -listen :8443 -forward direct://#interface=eth0&priority=100 -forward direct://#interface=eth1&priority=200 -strategy ha

--
Http scheme:
  http://[user:pass@]host:port

--
KCP scheme:
  kcp://CRYPT:KEY@host:port[?dataShards=NUM&parityShards=NUM&mode=MODE]

Available crypt types for KCP:
  none, sm4, tea, xor, aes, aes-128, aes-192, blowfish, twofish, cast5, 3des, xtea, salsa20

Available modes for KCP:
  fast, fast2, fast3, normal, default: fast

--
Simple-Obfs scheme:
  simple-obfs://host:port[?type=TYPE&host=HOST&uri=URI&ua=UA]

Available types for simple-obfs:
  http, tls

--
Reject scheme:
  reject://

--
Smux scheme:
  smux://host:port

--
Socks4 scheme:
  socks4://host:port

--
Socks5 scheme:
  socks5://[user:pass@]host:port

--
SS scheme:
  ss://method:pass@host:port

  Available methods for ss:
    AEAD Ciphers:
      AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305
    Stream Ciphers:
      AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5
    Alias:
          chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
    Plain: NONE

--
SSH scheme:
  ssh://user[:pass]@host:port[?key=keypath&timeout=SECONDS]
    timeout: timeout of ssh handshake and channel operation, default: 5

--
SSR scheme:
  ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz

--
TLS client scheme:
  tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2]

Proxy over tls client:
  tls://host:port[?skipVerify=true][&serverName=SERVERNAME],scheme://
  tls://host:port[?skipVerify=true],http://[user:pass@]
  tls://host:port[?skipVerify=true],socks5://[user:pass@]
  tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num

TLS server scheme:
  tls://host:port?cert=PATH&key=PATH[&alpn=proto1][&alpn=proto2]

Proxy over tls server:
  tls://host:port?cert=PATH&key=PATH,scheme://
  tls://host:port?cert=PATH&key=PATH,http://
  tls://host:port?cert=PATH&key=PATH,socks5://
  tls://host:port?cert=PATH&key=PATH,ss://method:pass@

--
Trojan client scheme:
  trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH]
  trojanc://pass@host:port     (cleartext, without TLS)

Trojan server scheme:
  trojan://pass@host:port?cert=PATH&key=PATH[&fallback=127.0.0.1]
  trojanc://pass@host:port[?fallback=127.0.0.1]     (cleartext, without TLS)

--
Unix domain socket scheme:
  unix://path

--
VLESS scheme:
  vless://uuid@host:port[?fallback=127.0.0.1:80]

--
VMess scheme:
  vmess://[security:]uuid@host:port[?alterID=num]
    if alterID=0 or not set, VMessAEAD will be enabled

  Available security for vmess:
    zero, none, aes-128-gcm, chacha20-poly1305

--
Websocket client scheme:
  ws://host:port[/path][?host=HOST][&origin=ORIGIN]
  wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&host=HOST][&origin=ORIGIN]

Websocket server scheme:
  ws://:port[/path][?host=HOST]
  wss://:port[/path]?cert=PATH&key=PATH[?host=HOST]

Websocket with a specified proxy protocol:
  ws://host:port[/path][?host=HOST],scheme://
  ws://host:port[/path][?host=HOST],http://[user:pass@]
  ws://host:port[/path][?host=HOST],socks5://[user:pass@]

TLS and Websocket with a specified proxy protocol:
  tls://host:port[?skipVerify=true][&serverName=SERVERNAME],ws://[@/path[?host=HOST]],scheme://
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],http://[user:pass@]
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],socks5://[user:pass@]
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],vmess://[security:]uuid@?alterID=num

--
VM socket scheme(linux only):
  vsock://[CID]:port

  if you want to listen on any address, just set CID to 4294967295.

Examples

glider -example

```bash Examples: glider -config glider.conf -run glider with specified config file.

glider -listen :8443 -verbose -listen on :8443, serve as http/socks5 proxy on the same port, in verbose mode.

glider -listen socks5://:1080 -listen http://:8080 -verbose -multiple listeners: listen on :1080 as socks5 proxy server, and on :8080 as http proxy server.

glider -listen :8443 -forward direct://#interface=eth0 -forward direct://#interface=eth1 -multiple forwarders: listen on 8443 and forward requests via interface eth0 and eth1 in round robin mode.

glider -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose -protocol chain: listen on :443 as a https(http over tls) proxy server.

glid

Extension points exported contracts — how you extend this code

Server (Interface)
Server interface. [17 implementers]
proxy/server.go
TCPDialer (Interface)
TCPDialer is used to create tcp connection. [21 implementers]
proxy/dialer.go
Checker (Interface)
Checker is a forwarder health checker. [5 implementers]
rule/check.go
IProtocol (Interface)
(no doc) [5 implementers]
proxy/ssr/internal/protocol/base.go
StreamConnCipher (Interface)
StreamConnCipher is the stream connection cipher. [3 implementers]
proxy/ss/cipher/cipher.go
Service (Interface)
Service is a server that can be run. [1 implementers]
service/service.go
Proxy (Interface)
Proxy is a dialer manager. [1 implementers]
proxy/proxy.go
Conn (Interface)
Conn is a vsock connection which supports half-close. [1 implementers]
proxy/vsock/socket.go

Core symbols most depended-on inside this repo

F
called by 234
pkg/log/log.go
Addr
called by 98
proxy/dialer.go
Close
called by 63
pkg/smux/stream.go
Dial
called by 57
proxy/proxy.go
RemoteAddr
called by 57
proxy/vsock/socket.go
PutBuffer
called by 55
pkg/pool/buffer.go
GetBuffer
called by 48
pkg/pool/buffer.go
Write
called by 45
proxy/vmess/client.go

Shape

Method 567
Function 395
Struct 131
TypeAlias 22
Interface 18
FuncType 11

Languages

Go100%

Modules by API surface

proxy/ssr/internal/cipher/cipher.go41 symbols
pkg/smux/session_test.go38 symbols
proxy/ss/cipher/shadowstream/cipher.go36 symbols
proxy/vsock/socket.go30 symbols
pkg/smux/session.go28 symbols
dns/message.go27 symbols
pkg/smux/stream.go25 symbols
rule/group.go21 symbols
rule/forward.go21 symbols
proxy/ssr/internal/protocol/auth_chain_a.go17 symbols
proxy/ssr/internal/obfs/tls12_ticket_auth.go17 symbols
proxy/ss/cipher/shadowaead/cipher.go17 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

Dependencies from manifests, versioned

github.com/aead/chacha20v0.0.0-2018070915024 · 1×
github.com/dgryski/go-camelliav0.0.0-2019111904342 · 1×
github.com/dgryski/go-ideav0.0.0-2017030609122 · 1×
github.com/dgryski/go-rc2v0.0.0-2015062109533 · 1×
github.com/ebfe/rc2v0.0.0-2013101116574 · 1×
github.com/insomniacslk/dhcpv0.0.0-2024081212392 · 1×
github.com/josharian/nativev1.1.0 · 1×
github.com/klauspost/cpuid/v2v2.2.8 · 1×
github.com/klauspost/reedsolomonv1.12.3 · 1×
github.com/nadoo/conflagv0.3.1 · 1×
github.com/nadoo/ipsetv0.5.0 · 1×
github.com/pierrec/lz4/v4v4.1.21 · 1×

For agents

$ claude mcp add glider \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact