feat: add bypass rules, weighted pool selection, integration tests

Per-listener bypass rules skip the chain for local/private destinations (CIDR, exact IP/hostname, domain suffix). Weighted multi-candidate pool selection biases toward pools with more alive proxies. End-to-end integration tests validate the full client->s5p->hop->target path using mock SOCKS5 proxies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 19:58:12 +01:00
parent ef0d8f347b
commit c191942712
11 changed files with 745 additions and 69 deletions
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -58,14 +58,37 @@ listeners:
    chain:
      - socks5://127.0.0.1:9050             # Tor only
  - listen: 0.0.0.0:1083
-    pool: clean
    chain:
      - socks5://127.0.0.1:9050
-      - pool                                 # bare = clean (default)
-      - pool:mitm                            # explicit = mitm
+      - [pool:clean, pool:mitm]              # random choice per connection
+      - [pool:clean, pool:mitm]              # independent random choice
 ```

-Per-hop pool: `pool` = listener default, `pool:name` = explicit pool.
+Per-hop pool: `pool` = listener default, `pool:name` = explicit pool,
+`[pool:a, pool:b]` = random choice from candidates.
+
+## Bypass Rules (config)
+
+```yaml
+listeners:
+  - listen: 0.0.0.0:1080
+    bypass:
+      - 127.0.0.0/8        # CIDR
+      - 10.0.0.0/8         # CIDR
+      - 192.168.0.0/16     # CIDR
+      - localhost           # exact hostname
+      - .local             # domain suffix
+    chain:
+      - socks5://127.0.0.1:9050
+      - pool
+```
+
+| Pattern | Type | Matches |
+|---------|------|---------|
+| `10.0.0.0/8` | CIDR | IPs in network |
+| `127.0.0.1` | Exact IP | That IP only |
+| `localhost` | Exact host | String equal |
+| `.local` | Suffix | `*.local` and `local` |

 ## Multi-Tor Round-Robin (config)