Merge pull request #87 from NodePassProject/main

Load Balancing Feature and Configuration, Codebase Enhancements, Documentation Updates

Author: 𝐘𝐨𝐬𝐞𝐛𝐲𝐭𝐞

README.md

@@ -90,6 +90,8 @@ Explore the complete documentation to learn more about NodePass:
 - [How It Works](/docs/en/how-it-works.md)
 - [Troubleshooting](/docs/en/troubleshooting.md)
 
+See also [DeepWiki](https://deepwiki.com/yosebyte/nodepass) for AI-powered documentation.
+
 ## 🌱 Ecosystem
 
 The [NodePassProject](https://github.com/NodePassProject) organization develops various frontend applications and auxiliary tools to enhance the NodePass experience:

README_zh.md

@@ -90,6 +90,8 @@ nodepass "master://:10101/api?log=debug&tls=1"
 - [工作原理](/docs/zh/how-it-works.md)
 - [故障排除](/docs/zh/troubleshooting.md)
 
+参阅 [DeepWiki](https://deepwiki.com/yosebyte/nodepass) 以获取 AI 驱动的文档。
+
 ## 🌱 生态系统
 
 [NodePassProject](https://github.com/NodePassProject) 组织开发了各种前端应用和辅助工具来增强 NodePass 体验：

docs/en/api.md

@@ -111,14 +111,16 @@ API Key authentication is enabled by default, automatically generated and saved
 
 - Server: `server://<bind_addr>:<bind_port>/<target_host>:<target_port>?<parameters>`
 - Client: `client://<server_host>:<server_port>/<local_host>:<local_port>?<parameters>`
-- Supported parameters: `log`, `tls`, `crt`, `key`, `dns`, `min`, `max`, `mode`, `type`, `dial`, `read`, `rate`, `slot`, `proxy`, `notcp`, `noudp`
+- Supported parameters: `log`, `tls`, `crt`, `key`, `dns`, `sni`, `lbs`, `min`, `max`, `mode`, `type`, `dial`, `read`, `rate`, `slot`, `proxy`, `notcp`, `noudp`
 
 ### URL Query Parameters
 
 - `log`: Log level (`none`, `debug`, `info`, `warn`, `error`, `event`)
 - `tls`: TLS encryption mode (`0`, `1`, `2`) - Server/Master mode only
 - `crt`/`key`: Certificate/key file paths (when `tls=2`)
 - `dns`: Custom DNS servers (comma-separated IP addresses, default: `1.1.1.1,8.8.8.8`) - Server/Client mode only
+- `sni`: Server Name Indication, specifies hostname for TLS handshake (default: `none`) - Client dual-end handshake mode only
+- `lbs`: Load balancing strategy (`0`=round-robin, `1`=sticky failover, default: `0`) - Controls target address selection for multi-target configurations
 - `min`/`max`: Connection pool capacity (`min` set by client, `max` set by server and passed to client during handshake)
 - `mode`: Runtime mode control (`0`, `1`, `2`) - Controls operation behavior
   - For server: `0`=auto, `1`=reverse mode, `2`=forward mode
@@ -1586,6 +1588,7 @@ Examples:
 | `key` | Private key path | File path | None | Server only |
 | `dns` | DNS cache duration | Time duration (e.g., `5m`, `30s`, `1h`) | `5m` | Both |
 | `sni` | Server Name Indication | Hostname | `none` | Client dual-end handshake mode only |
+| `lbs` | Load balancing strategy | `0`(round-robin), `1`(optimal-latency), `2`(primary-backup) | `0` | Both | 
 | `min` | Minimum pool capacity | Integer > 0 | `64` | Client dual-end handshake mode only |
 | `max` | Maximum pool capacity | Integer > 0 | `1024` | Dual-end handshake mode |
 | `mode` | Runtime mode control | `0`(auto), `1`(force mode 1), `2`(force mode 2) | `0` | Both |

docs/en/configuration.md

@@ -692,12 +692,47 @@ nodepass "client://127.0.0.1:1080/app1.local:8080,app2.local:8080?mode=1"
 
 ### Rotation Strategy
 
-NodePass employs a Round-Robin algorithm that combines failover and load balancing features:
+NodePass provides three load balancing strategies controlled by the `lbs` parameter:
 
+**Strategy 0 (Round-Robin):**
 - **Load Balancing**: After each successful connection establishment, automatically switches to the next target address for even traffic distribution
 - **Failover**: When a connection to an address fails, immediately tries the next address to ensure service availability
 - **Automatic Recovery**: Failed addresses are retried in subsequent rotation cycles and automatically resume receiving traffic after recovery
 
+**Strategy 1 (Optimal-Latency):**
+- **Intelligent Routing**: Periodically probes targets and automatically selects the one with the lowest latency for connections.
+- **Sticky Selection**: Once the optimal target is chosen, subsequent connections within the cycle preferentially use that target.
+- **Automatic Filtering**: Unhealthy targets are automatically excluded from routing and re-evaluated only after recovery.
+- **Failover**: If the optimal target fails, other targets are tried in order to ensure successful connections.
+
+**Strategy 2 (Primary-Backup):**
+- **Priority-Based**: Always attempts to connect to the first address (primary); only uses backups when primary fails
+- **Failover**: On primary failure, switches to the next available backup address
+- **Scheduled Fallback**: Automatically attempts to return to primary address at fixed intervals
+- **Intelligent Degradation**: On fallback failure, automatically uses the highest available priority address
+
+Example configurations:
+
+```bash
+# Round-robin (lbs=0, cycles through targets on each connection)
+nodepass "server://0.0.0.0:10101/backend1:8080,backend2:8080,backend3:8080?lbs=0"
+
+# Optimal-latency (lbs=1, automatically routes to fastest target)
+nodepass "server://0.0.0.0:10101/backend1:8080,backend2:8080,backend3:8080?lbs=1"
+
+# Primary-backup (lbs=2, primary priority and scheduled fallback)
+nodepass "server://0.0.0.0:10101/primary:8080,backup1:8080,backup2:8080?lbs=2"
+
+# Custom fallback interval of 2 minutes
+export NP_FALLBACK_INTERVAL=2m
+nodepass "server://0.0.0.0:10101/main.com:443,spare1.com:443,spare2.com:443?lbs=2"
+```
+
+Choose the appropriate strategy based on your needs:
+- **Use lbs=0** for even load distribution across all backends
+- **Use lbs=1** for intelligent routing to the lowest latency target
+- **Use lbs=2** for primary-backup scenarios with automatic failback
+
 ### Use Cases
 
 Target address groups are suitable for the following scenarios:
@@ -743,6 +778,7 @@ NodePass allows flexible configuration via URL query parameters. The following t
 | `key` | Custom key path | N/A | File path | O | X | O |
 | `dns` | DNS cache TTL | `5m` | `30s`/`5m`/`1h` etc. | O | O | X |
 | `sni` | Server Name Indication | `none` | Hostname | X | O | X |
+| `lbs` | Load balancing strategy | `0` | `0`/`1`/`2` | O | O | X |
 | `min` | Minimum pool capacity | `64` | Positive integer | X | O | X |
 | `max` | Maximum pool capacity | `1024` | Positive integer | O | X | X |
 | `mode` | Run mode control | `0` | `0`/`1`/`2` | O | O | X |
@@ -787,6 +823,7 @@ NodePass behavior can be fine-tuned using environment variables. Below is the co
 | `NP_MIN_POOL_INTERVAL` | Minimum interval between connection creations | 100ms | `export NP_MIN_POOL_INTERVAL=200ms` |
 | `NP_MAX_POOL_INTERVAL` | Maximum interval between connection creations | 1s | `export NP_MAX_POOL_INTERVAL=3s` |
 | `NP_REPORT_INTERVAL` | Interval for health check reports | 5s | `export NP_REPORT_INTERVAL=10s` |
+| `NP_FALLBACK_INTERVAL` | Primary-backup fallback interval | 5m | `export NP_FALLBACK_INTERVAL=2m` |
 | `NP_SERVICE_COOLDOWN` | Cooldown period before restart attempts | 3s | `export NP_SERVICE_COOLDOWN=5s` |
 | `NP_SHUTDOWN_TIMEOUT` | Timeout for graceful shutdown | 5s | `export NP_SHUTDOWN_TIMEOUT=10s` |
 | `NP_RELOAD_INTERVAL` | Interval for cert reload/state backup | 1h | `export NP_RELOAD_INTERVAL=30m` |

docs/zh/api.md

@@ -111,14 +111,16 @@ API Key 认证默认启用，首次启动自动生成并保存在 `nodepass.gob`
 
 - 服务端：`server://<bind_addr>:<bind_port>/<target_host>:<target_port>?<参数>`
 - 客户端：`client://<server_host>:<server_port>/<local_host>:<local_port>?<参数>`
-- 支持参数：`log`、`tls`、`crt`、`key`、`dns`、`min`、`max`、`mode`、`type`、`dial`、`read`、`rate`、`slot`、`proxy`、`notcp`、`noudp`
+- 支持参数：`log`、`tls`、`crt`、`key`、`dns`、`sni`、`lbs`、`min`、`max`、`mode`、`type`、`dial`、`read`、`rate`、`slot`、`proxy`、`notcp`、`noudp`
 
 ### URL 查询参数
 
 - `log`：日志级别（`none`、`debug`、`info`、`warn`、`error`、`event`）
 - `tls`：TLS加密模式（`0`、`1`、`2`）- 仅服务端/主控模式
 - `crt`/`key`：证书/密钥文件路径（当`tls=2`时）
 - `dns`：自定义DNS服务器（逗号分隔的IP地址，默认：`1.1.1.1,8.8.8.8`）- 仅服务端/客户端模式
+- `sni`：服务器名称指示（Server Name Indication），用于TLS握手时指定主机名（默认：`none`）- 仅客户端双端握手模式
+- `lbs`：负载均衡策略（`0`=轮询，`1`=粘性故障转移，默认：`0`）- 控制多目标配置时的目标地址选择方式
 - `min`/`max`：连接池容量（`min`由客户端设置，`max`由服务端设置并在握手时传递给客户端）
 - `mode`：运行模式控制（`0`、`1`、`2`）- 控制操作行为
   - 对于服务端：`0`=自动，`1`=反向模式，`2`=正向模式
@@ -1586,6 +1588,7 @@ client://<server_host>:<server_port>/<local_host>:<local_port>?<parameters>
 | `key` | 私钥路径 | 文件路径 | 无 | 仅服务端 |
 | `dns` | DNS缓存时间 | 时间长度 (如 `10m`, `30s`, `1h`) | `5m` | 两者 |
 | `sni` | 主机名指示 | 主机名 | `none` | 仅客户端双端握手模式 |
+| `lbs` | 负载均衡策略 | `0`(轮询转移), `1`(最优延迟), `2`(主备回落) | `0` | 两者 |
 | `min` | 最小连接池容量 | 整数 > 0 | `64` | 仅客户端双端握手模式 |
 | `max` | 最大连接池容量 | 整数 > 0 | `1024` | 双端握手模式 |
 | `mode` | 运行模式控制 | `0`(自动), `1`(强制模式1), `2`(强制模式2) | `0` | 两者 |

docs/zh/configuration.md

@@ -692,12 +692,47 @@ nodepass "client://127.0.0.1:1080/app1.local:8080,app2.local:8080?mode=1"
 
 ### 轮询策略
 
-NodePass采用轮询（Round-Robin）算法，结合故障转移和负载均衡特性：
+NodePass提供三种负载均衡策略，通过 `lbs` 参数控制：
 
+**策略0（轮询转移）：**
 - **负载均衡**：每次成功建立连接后，自动切换到下一个目标地址，实现流量均匀分布
 - **故障转移**：当某个地址连接失败时，立即尝试下一个地址，确保服务高可用
 - **自动恢复**：失败的地址会在轮询周期中重新尝试，故障恢复后自动接入流量
 
+**策略1（最优延迟）：**
+- **智能路由**：周期性探测，自动选择延迟最低的目标进行连接
+- **粘性选择**：最优目标选择后，周期内后续连接优先使用该目标
+- **自动筛选**：失效目标自动排除，不参与路由，直至恢复后再评估
+- **故障转移**：最优目标失败时按顺序尝试其他目标，确保连接成功
+
+**策略2（主备回落）：**
+- **主备优先**：首个目标地址主用，后续目标地址备用，按顺序优先级递减
+- **故障转移**：主目标地址失败时按顺序尝试备用地址，成功后保持粘性
+- **定时回落**：每隔固定时间自动尝试回落到主用目标地址
+- **智能降级**：回落失败时自动选择可用的最高优先级备用目标地址
+
+配置示例：
+
+```bash
+# 轮询转移（lbs=0，每次连接切换目标）
+nodepass "server://0.0.0.0:10101/backend1:8080,backend2:8080,backend3:8080?lbs=0"
+
+# 最优延迟（lbs=1，自动路由到最快目标）
+nodepass "server://0.0.0.0:10101/backend1:8080,backend2:8080,backend3:8080?lbs=1"
+
+# 主备回落（lbs=2，首目标优先且定时回落）
+nodepass "server://0.0.0.0:10101/primary:8080,backup1:8080,backup2:8080?lbs=2"
+
+# 自定义回落间隔为2分钟
+export NP_FALLBACK_INTERVAL=2m
+nodepass "server://0.0.0.0:10101/main.com:443,spare1.com:443,spare2.com:443?lbs=2"
+```
+
+根据实际需求选择合适的策略：
+- **使用 lbs=0** 实现所有后端的均匀负载分布
+- **使用 lbs=1** 智能路由到延迟最低目标地址
+- **使用 lbs=2** 主备模式，故障消除自动回切
+
 ### 使用场景
 
 目标地址组适用于以下场景：
@@ -743,6 +778,7 @@ NodePass支持通过URL查询参数进行灵活配置,不同参数在 server、c
 | `key` | 自定义密钥路径 | N/A | 文件路径 | O | X | O |
 | `dns` | DNS缓存TTL | `5m` | `30s`/`5m`/`1h`等 | O | O | X |
 | `sni` | 主机名指示 | `none` | 主机名 | X | O | X |
+| `lbs` | 负载均衡策略 | `0` | `0`/`1`/`2` | O | O | X |
 | `min` | 最小连接池容量 | `64` | 正整数 | X | O | X |
 | `max` | 最大连接池容量 | `1024` | 正整数 | O | X | X |
 | `mode` | 运行模式控制 | `0` | `0`/`1`/`2` | O | O | X |
@@ -787,6 +823,7 @@ NodePass支持通过URL查询参数进行灵活配置,不同参数在 server、c
 | `NP_MIN_POOL_INTERVAL` | 连接创建之间的最小间隔 | 100ms | `export NP_MIN_POOL_INTERVAL=200ms` |
 | `NP_MAX_POOL_INTERVAL` | 连接创建之间的最大间隔 | 1s | `export NP_MAX_POOL_INTERVAL=3s` |
 | `NP_REPORT_INTERVAL` | 健康检查报告间隔 | 5s | `export NP_REPORT_INTERVAL=10s` |
+| `NP_FALLBACK_INTERVAL` | 回落故障转移间隔 | 5m | `export NP_FALLBACK_INTERVAL=2m` |
 | `NP_SERVICE_COOLDOWN` | 重启尝试前的冷却期 | 3s | `export NP_SERVICE_COOLDOWN=5s` |
 | `NP_SHUTDOWN_TIMEOUT` | 优雅关闭超时 | 5s | `export NP_SHUTDOWN_TIMEOUT=10s` |
 | `NP_RELOAD_INTERVAL` | 证书重载/状态备份间隔 | 1h | `export NP_RELOAD_INTERVAL=30m` |

go.mod

@@ -14,9 +14,9 @@ require (
 
 require (
 	github.com/coder/websocket v1.8.14 // indirect
-	github.com/quic-go/quic-go v0.58.0 // indirect
-	golang.org/x/crypto v0.46.0 // indirect
-	golang.org/x/net v0.48.0 // indirect
-	golang.org/x/sys v0.39.0 // indirect
-	golang.org/x/text v0.32.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
 )

go.sum

@@ -18,19 +18,19 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=
-github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
+github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
+github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
 go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
-golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
-golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
-golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
-golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
-golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/client.go

@@ -58,8 +58,8 @@ func NewClient(parsedURL *url.URL, logger *logs.Logger) (*Client, error) {
 // Run 管理客户端生命周期
 func (c *Client) Run() {
 	logInfo := func(prefix string) {
-		c.logger.Info("%v: client://%v@%v/%v?dns=%v&sni=%v&min=%v&mode=%v&dial=%v&read=%v&rate=%v&slot=%v&proxy=%v&block=%v&notcp=%v&noudp=%v",
-			prefix, c.tunnelKey, c.tunnelTCPAddr, c.getTargetAddrsString(), c.dnsCacheTTL, c.serverName, c.minPoolCapacity,
+		c.logger.Info("%v: client://%v@%v/%v?dns=%v&sni=%v&lbs=%v&min=%v&mode=%v&dial=%v&read=%v&rate=%v&slot=%v&proxy=%v&block=%v&notcp=%v&noudp=%v",
+			prefix, c.tunnelKey, c.tunnelTCPAddr, c.getTargetAddrsString(), c.dnsCacheTTL, c.serverName, c.lbStrategy, c.minPoolCapacity,
 			c.runMode, c.dialerIP, c.readTimeout, c.rateLimit/125000, c.slotLimit,
 			c.proxyProtocol, c.blockProtocol, c.disableTCP, c.disableUDP)
 	}