feat: add bypass rules, weighted pool selection, integration tests

Per-listener bypass rules skip the chain for local/private destinations (CIDR, exact IP/hostname, domain suffix). Weighted multi-candidate pool selection biases toward pools with more alive proxies. End-to-end integration tests validate the full client->s5p->hop->target path using mock SOCKS5 proxies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 19:58:12 +01:00
parent ef0d8f347b
commit c191942712
11 changed files with 745 additions and 69 deletions
--- a/config/example.yaml
+++ b/config/example.yaml
@@ -91,13 +91,24 @@ chain:
 # at that hop position. Bare "pool" uses the listener's "pool:" default.
 # This lets a single listener mix pools in one chain.
 #
+# Multi-candidate hops: use a YAML list to randomly pick from a set of
+# pools at each hop. On each connection, one pool is chosen per hop.
+#
 # listeners:
 #   - listen: 0.0.0.0:1080
 #     pool: clean                        # default for bare "pool"
+#     bypass:                            # skip chain for these destinations
+#       - 127.0.0.0/8                    # loopback
+#       - 10.0.0.0/8                     # RFC 1918
+#       - 192.168.0.0/16                 # RFC 1918
+#       - 172.16.0.0/12                  # RFC 1918
+#       - fc00::/7                       # IPv6 ULA
+#       - localhost                      # exact hostname
+#       - .local                         # domain suffix
 #     chain:
 #       - socks5://127.0.0.1:9050
-#       - pool:clean                     # explicit: from clean pool
-#       - pool:mitm                      # explicit: from mitm pool
+#       - [pool:clean, pool:mitm]        # random choice per connection
+#       - [pool:clean, pool:mitm]        # independent random choice
 #
 #   - listen: 0.0.0.0:1081
 #     pool: clean