RubyGems - girl - Versions diffs - 0.87.0 → 0.91.0 - Mend

girl 0.87.0 → 0.91.0

Potentially problematic release.

This version of girl might be problematic. Click here for more details.

Files changed (10) hide show

checksums.yaml +4 -4
data/lib/girl/head.rb +38 -29
data/lib/girl/proxy.rb +46 -92
data/lib/girl/proxy_worker.rb +940 -843
data/lib/girl/proxyd.rb +6 -25
data/lib/girl/proxyd_worker.rb +665 -607
data/lib/girl/udp.rb +37 -47
data/lib/girl/udpd.rb +26 -36
data/lib/girl/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 590ceead2e46e0803325aff199ec4fa4610a554f873ad58e91f83e8cba7bd4a9
-  data.tar.gz: 3034b02ee1ddf592a67446d82a3f974f2439aef9f380f20b39c96aa943a4a7ab
+  metadata.gz: 2314c2bce1ab734d24fa40a8709c61af56cb35558652a4d25ba958c71b3a3bf3
+  data.tar.gz: 964ca3642b80f790b444d55db3869109fbb1c746953d2b7777d87f8eb0e17ad0
 SHA512:
-  metadata.gz: 27d1dd5ef6d6f4d29c1916af5c10c8eb694e7cbf11f2f8518a6d4a3ebd0d368aa92518a9c5c0f91079f9291c67b1050be16db3f0154d7fb710f55d818ca75576
-  data.tar.gz: ae5ab8293caf167146784342a93e059ef03a201dbd1a1a3df6bbe206321f95b13526e78713ca77903e3be44873ce02474c4d3260187fcd85c993206401fef586
+  metadata.gz: db5de1552c3841bf2f34c47c58e0f2c9789a6ed4101e3733654b1da9c557fccd97af0fb2f5c83212c3aa06ffc34630d7ab9e7798a0ebc41c6e41d32c0d742977
+  data.tar.gz: 3ea63129204abcadec92f7d77c7fa7222f700a819a9602c0a03e93134fbb86d3716a24dfbe387bb3e4e2b400fcb80af4c3cd92693ecec07b047c95d402a92ac2

data/lib/girl/head.rb CHANGED

@@ -1,33 +1,32 @@
 module Girl
-  PACK_SIZE                  = 1328                 # 包大小 1400(console MTU) - 8(PPPoE header) - 40(IPv6 header) - 8(UDP header) - 8(pack id) - 8(src id) = 1328
-  READ_SIZE                  = PACK_SIZE * 100      # 一次读多少
-  WMEMS_LIMIT                = 100_000              # 写后上限，超过上限暂停读src/dst
-  RESUME_BELOW               = 50_000               # 降到多少以下恢复读
-  EXPIRE_NEW                 = 10                   # 创建之后多久没有流量进来，过期
-  EXPIRE_AFTER               = 300                  # 多久没有新流量，过期
-  CHECK_EXPIRE_INTERVAL      = 30                   # 检查过期间隔
-  CHECK_STATUS_INTERVAL      = 0.5                  # 发送状态间隔
-  SEND_STATUS_UNTIL          = 10                   # 持续的告之对面状态，直到没有流量往来，持续多少秒
-  MULTI_MISS_SIZE            = 80                   # 几个miss段打一个包
-  MISS_RANGE_LIMIT           = MULTI_MISS_SIZE * 10 # miss段上限，达到上限忽略要后面的段
-  CONFUSE_UNTIL              = 5                    # 混淆前几个包
-  RESOLV_CACHE_EXPIRE        = 300                  # dns查询结果缓存多久过期
-  TUND_PORT                  = 1
-  HEARTBEAT                  = 2
-  A_NEW_SOURCE               = 3
-  PAIRED                     = 4
-  DEST_STATUS                = 5
-  SOURCE_STATUS              = 6
-  MISS                       = 7
-  FIN1                       = 8
-  GOT_FIN1                   = 9
-  FIN2                       = 10
-  GOT_FIN2                   = 11
-  TUND_FIN                   = 12
-  TUN_FIN                    = 13
-  IP_CHANGED                 = 14
-  MULTI_MISS                 = 15
-  HTTP_OK                    = "HTTP/1.1 200 OK\r\n\r\n"
+  READ_SIZE             = 1024 * 1024       # 一次读多少
+  WBUFF_LIMIT           = 100 * 1024 * 1024 # 写前上限，超过上限暂停读
+  RESUME_BELOW          = WBUFF_LIMIT / 2   # 降到多少以下恢复读
+  SEND_HELLO_COUNT      = 10                # hello最多发几次
+  EXPIRE_AFTER          = 300               # 多久没有新流量，过期
+  CHECK_EXPIRE_INTERVAL = 30                # 检查过期间隔
+  CHECK_RESUME_INTERVAL = 1                 # 检查恢复读间隔
+  RESOLV_CACHE_EXPIRE   = 300               # dns查询结果缓存多久过期
+  TUND_PORT             = 1
+  HEARTBEAT             = 2
+  A_NEW_SOURCE          = 3
+  PAIRED                = 4
+  DEST_STATUS           = 5
+  SOURCE_STATUS         = 6
+  MISS                  = 7
+  FIN1                  = 8
+  GOT_FIN1              = 9
+  FIN2                  = 10
+  GOT_FIN2              = 11
+  TUND_FIN              = 12
+  TUN_FIN               = 13
+  IP_CHANGED            = 14
+  SINGLE_MISS           = 15
+  RANGE_MISS            = 16
+  CONTINUE              = 17
+  IS_RESEND_READY       = 18
+  RESEND_READY          = 19
+  HTTP_OK               = "HTTP/1.1 200 OK\r\n\r\n"
   # https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
   RESERVED_ROUTE = <<EOF
 0.0.0.0/8
@@ -38,4 +37,14 @@ module Girl
 192.168.0.0/16
 255.255.255.255/32
 EOF
+  CONSTS = %w[
+    READ_SIZE
+    WBUFF_LIMIT
+    RESUME_BELOW
+    SEND_HELLO_COUNT
+    EXPIRE_AFTER
+    CHECK_EXPIRE_INTERVAL
+    CHECK_RESUME_INTERVAL
+    RESOLV_CACHE_EXPIRE
+  ]
 end

data/lib/girl/proxy.rb CHANGED

@@ -7,67 +7,45 @@ require 'ipaddr'
 require 'json'
 require 'socket'
-##
+=begin
 # Girl::Proxy - 代理服务，近端。
-#
-# 包结构
-# ======
-#
-# tun-proxyd:
-#
-# hello
-#
-# proxyd-tun:
-#
-# Q>: 0 ctlmsg -> C: 1 tund port -> n: tund port
-#
-# tun-tund:
-#
-# Q>: 0 ctlmsg -> C: 2 heartbeat     -> C: random char
-#                    3 a new source  -> Q>: src id -> encoded destination address
-#                    4 paired        -> Q>: src id -> n: dst port
-#                    5 dest status   -> n: dst port -> Q>: biggest relayed dst pack id -> Q>: continue src pack id
-#                    6 source status -> Q>: src id -> Q>: biggest relayed src pack id -> Q>: continue dst pack id
-#                    7 miss          -> Q>/n: src id / dst port -> Q>: pack id begin -> Q>:  pack id end
-#                    8 fin1          -> Q>/n: src id / dst port -> Q>: biggest src pack id / biggest dst pack id -> Q>: continue dst pack id / continue src pack id
-#                    9 not use
-#                   10 fin2          -> Q>/n: src id / dst port
-#                   11 not use
-#                   12 tund fin
-#                   13 tun fin
-#                   14 tun ip changed
-#                   15 multi miss     -> Q>/n: src id / dst port -> Q>: pack id begin -> Q>: pack id end -> Q>*
-#
-# Q>: 1+ pack_id -> Q>/n: src id / dst port -> traffic
-#
-# close logic
-# ===========
-#
-# 1-1. after close src -> dst closed ? no -> send fin1
-# 1-2. tun recv fin2 -> del src ext
-#
-# 2-1. tun recv fin1 -> all traffic received ? -> close src after write
-# 2-2. tun recv traffic -> dst closed and all traffic received ? -> close src after write
-# 2-3. after close src -> dst closed ? yes -> del src ext -> send fin2
-#
-# 3-1. after close dst -> src closed ? no -> send fin1
-# 3-2. tund recv fin2 -> del dst ext
-#
-# 4-1. tund recv fin1 -> all traffic received ? -> close dst after write
-# 4-2. tund recv traffic -> src closed and all traffic received ? -> close dst after write
-# 4-3. after close dst -> src closed ? yes -> del dst ext -> send fin2
-#
+## 包结构
+tun-proxyd:
+hello
+proxyd-tun:
+Q>: 0 ctlmsg -> C: 1 tund port -> n: tund port -> n: tcpd port
+tun-tund:
+Q>: 0 ctlmsg -> C: 2 heartbeat       [not use]
+                   3 a new source    -> Q>: src id -> encoded destination address
+                   4 paired          -> Q>: src id -> n: dst id
+                   5 dest status     [not use]
+                   6 source status   [not use]
+                   7 miss            [not use]
+                   8 fin1            [not use]
+                   9 confirm fin1    [not use]
+                  10 fin2            [not use]
+                  11 confirm fin2    [not use]
+                  12 tund fin
+                  13 tun fin
+                  14 tun ip changed
+=end
 module Girl
   class Proxy
     def initialize( config_path = nil )
-      unless config_path
+      unless config_path then
         config_path = File.expand_path( '../girl.conf.json', __FILE__ )
       end
-      unless File.exist?( config_path )
-        raise "missing config file #{ config_path }"
-      end
+      raise "missing config file #{ config_path }" unless File.exist?( config_path )
       # {
       #     "proxy_port": 6666,                   // 代理服务，近端（本地）端口
@@ -87,45 +65,37 @@ module Girl
       im = conf[ :im ]
       worker_count = conf[ :worker_count ]
-      unless proxy_port
+      unless proxy_port then
         proxy_port = 6666
       end
-      unless proxyd_host
-        raise "missing proxyd host"
-      end
+      raise "missing proxyd host" unless proxyd_host
-      unless proxyd_port
+      unless proxyd_port then
         proxyd_port = 6060
       end
       directs = []
-      if direct_path
-        unless File.exist?( direct_path )
-          raise "not found direct file #{ direct_path }"
-        end
-        directs = ( RESERVED_ROUTE.split( "\n" ) + IO.binread( direct_path ).split( "\n" ) ).map { | line | IPAddr.new( line.strip ) }
+      if direct_path then
+        raise "not found direct file #{ direct_path }" unless File.exist?( direct_path )
+        directs = ( RESERVED_ROUTE.split( "\n" ) + IO.binread( direct_path ).split( "\n" ) ).map{ | line | IPAddr.new( line.strip ) }
       end
       remotes = []
-      if remote_path
-        unless File.exist?( remote_path )
-          raise "not found remote file #{ remote_path }"
-        end
-        remotes = IO.binread( remote_path ).split( "\n" ).map { | line | line.strip }
+      if remote_path then
+        raise "not found remote file #{ remote_path }" unless File.exist?( remote_path )
+        remotes = IO.binread( remote_path ).split( "\n" ).map{ | line | line.strip }
       end
-      unless im
+      unless im then
         im = 'girl'
       end
       nprocessors = Etc.nprocessors
-      if worker_count.nil? || worker_count <= 0 || worker_count > nprocessors
+      if worker_count.nil? || worker_count <= 0 || worker_count > nprocessors then
         worker_count = nprocessors
       end
@@ -139,29 +109,13 @@ module Girl
       puts "im #{ im }"
       puts "worker count #{ worker_count }"
-      names = %w[
-        PACK_SIZE
-        READ_SIZE
-        WMEMS_LIMIT
-        RESUME_BELOW
-        EXPIRE_NEW
-        EXPIRE_AFTER
-        CHECK_EXPIRE_INTERVAL
-        CHECK_STATUS_INTERVAL
-        SEND_STATUS_UNTIL
-        MULTI_MISS_SIZE
-        MISS_RANGE_LIMIT
-        CONFUSE_UNTIL
-        RESOLV_CACHE_EXPIRE
-      ]
-      len = names.map{ | name | name.size }.max
-      names.each do | name |
+      len = CONSTS.map{ | name | name.size }.max
+      CONSTS.each do | name |
         puts "#{ name.gsub( '_', ' ' ).ljust( len ) } #{ Girl.const_get( name ) }"
       end
-      if RUBY_PLATFORM.include?( 'linux' )
+      if RUBY_PLATFORM.include?( 'linux' ) then
         $0 = title
         workers = []

data/lib/girl/proxy_worker.rb CHANGED

@@ -13,10 +13,10 @@ module Girl
       @mutex = Mutex.new
       @reads = []
       @writes = []
-      @pause_srcs = []
-      @roles = {}         # sock => :dotr / :proxy / :src / :dst / :tun
+      @roles = {}         # sock => :dotr / :proxy / :src / :dst / :tun / :stream
       @src_infos = {}     # src => {}
       @dst_infos = {}     # dst => {}
+      @stream_infos = {}  # stream => {}
       @resolv_caches = {} # domain => [ ip, created_at ]
       dotr, dotw = IO.pipe
@@ -31,36 +31,40 @@ module Girl
     def looping
       puts "p#{ Process.pid } #{ Time.new } looping"
       loop_check_expire
-      loop_check_status
+      loop_check_resume
       loop do
         rs, ws = IO.select( @reads, @writes )
         @mutex.synchronize do
-          # 先写，再读
-          ws.each do | sock |
-            case @roles[ sock ]
-            when :src
-              write_src( sock )
-            when :dst
-              write_dst( sock )
-            when :tun
-              write_tun( sock )
-            end
-          end
+          # 先读，再写，避免打上关闭标记后读到
           rs.each do | sock |
             case @roles[ sock ]
-            when :dotr
+            when :dotr then
               read_dotr( sock )
-            when :proxy
+            when :proxy then
               read_proxy( sock )
-            when :src
+            when :tun then
+              read_tun( sock )
+            when :src then
               read_src( sock )
-            when :dst
+            when :dst then
               read_dst( sock )
-            when :tun
-              read_tun( sock )
+            when :stream then
+              read_stream( sock )
+            end
+          end
+          ws.each do | sock |
+            case @roles[ sock ]
+            when :tun then
+              write_tun( sock )
+            when :src then
+              write_src( sock )
+            when :dst then
+              write_dst( sock )
+            when :stream then
+              write_stream( sock )
             end
           end
         end
@@ -74,7 +78,7 @@ module Girl
     # quit!
     #
     def quit!
-      if @tun && !@tun.closed? && @tun_info[ :tund_addr ]
+      if @tun && !@tun.closed? && @tun_info[ :tund_addr ] then
         # puts "debug1 send tun fin"
         data = [ 0, TUN_FIN ].pack( 'Q>C' )
         @tun.sendmsg( data, 0, @tun_info[ :tund_addr ] )
@@ -86,6 +90,276 @@ module Girl
     private
+    ##
+    # add ctlmsg
+    #
+    def add_ctlmsg( data, to_addr = nil )
+      unless to_addr then
+        to_addr = @tun_info[ :tund_addr ]
+      end
+      if to_addr then
+        @tun_info[ :ctlmsgs ] << [ data, to_addr ]
+        add_write( @tun )
+      end
+    end
+    ##
+    # add read
+    #
+    def add_read( sock, role = nil )
+      unless @reads.include?( sock ) then
+        @reads << sock
+        if role then
+          @roles[ sock ] = role
+        end
+      end
+    end
+    ##
+    # add src wbuff
+    #
+    def add_src_wbuff( src, data )
+      return if src.closed?
+      src_info = @src_infos[ src ]
+      src_info[ :wbuff ] << data
+      src_info[ :last_recv_at ] = Time.new
+      add_write( src )
+      if src_info[ :wbuff ].bytesize >= WBUFF_LIMIT then
+        dst = src_info[ :dst ]
+        if dst then
+          dst_info = @dst_infos[ dst ]
+          puts "p#{ Process.pid } #{ Time.new } pause dst #{ dst_info[ :domain ] }"
+          dst_info[ :paused ] = true
+          @reads.delete( dst )
+        else
+          stream = src_info[ :stream ]
+          if stream then
+            stream_info = @stream_infos[ stream ]
+            puts "p#{ Process.pid } #{ Time.new } pause stream #{ stream_info[ :domain ] }"
+            stream_info[ :paused ] = true
+            @reads.delete( stream )
+          end
+        end
+      end
+    end
+    ##
+    # add src wbuff socks5 conn reply
+    #
+    def add_src_wbuff_socks5_conn_reply( src )
+      # +----+-----+-------+------+----------+----------+
+      # |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
+      # +----+-----+-------+------+----------+----------+
+      # | 1  |  1  | X'00' |  1   | Variable |    2     |
+      # +----+-----+-------+------+----------+----------+
+      proxy_ip, proxy_port = @proxy_local_address.ip_unpack
+      data = [ [ 5, 0, 0, 1 ].pack( 'C4' ), IPAddr.new( proxy_ip ).hton, [ proxy_port ].pack( 'n' ) ].join
+      # puts "debug1 add src wbuff socks5 conn reply #{ data.inspect }"
+      add_src_wbuff( src, data )
+    end
+    ##
+    # add write
+    #
+    def add_write( sock )
+      unless @writes.include?( sock ) then
+        @writes << sock
+      end
+    end
+    ##
+    # close sock
+    #
+    def close_sock( sock )
+      sock.close
+      @reads.delete( sock )
+      @writes.delete( sock )
+      @roles.delete( sock )
+    end
+    ##
+    # close dst
+    #
+    def close_dst( dst )
+      # puts "debug1 close dst"
+      close_sock( dst )
+      @dst_infos.delete( dst )
+    end
+    ##
+    # close read src
+    #
+    def close_read_src( src )
+      return if src.closed?
+      # puts "debug1 close read src"
+      src.close_read
+      @reads.delete( src )
+      if src.closed? then
+        # puts "debug1 delete src info"
+        @roles.delete( src )
+        src_info = del_src_info( src )
+      else
+        src_info = @src_infos[ src ]
+      end
+      src_info[ :paused ] = false
+      src_info
+    end
+    ##
+    # close read dst
+    #
+    def close_read_dst( dst )
+      return if dst.closed?
+      # puts "debug1 close read dst"
+      dst.close_read
+      @reads.delete( dst )
+      if dst.closed? then
+        # puts "debug1 delete dst info"
+        @roles.delete( dst )
+        dst_info = @dst_infos.delete( dst )
+      else
+        dst_info = @dst_infos[ dst ]
+      end
+      dst_info
+    end
+    ##
+    # close read stream
+    #
+    def close_read_stream( stream )
+      return if stream.closed?
+      # puts "debug1 close read stream"
+      stream.close_read
+      @reads.delete( stream )
+      if stream.closed? then
+        # puts "debug1 delete stream info"
+        @roles.delete( stream )
+        stream_info = @stream_infos.delete( stream )
+      else
+        stream_info = @stream_infos[ stream ]
+      end
+      stream_info
+    end
+    ##
+    # close src
+    #
+    def close_src( src )
+      # puts "debug1 close src"
+      close_sock( src )
+      del_src_info( src )
+    end
+    ##
+    # close tun
+    #
+    def close_tun( tun )
+      # puts "debug1 close tun"
+      close_sock( tun )
+      @tun_info[ :srcs ].each{ | _, src | set_src_closing( src ) }
+    end
+    ##
+    # close write src
+    #
+    def close_write_src( src )
+      return if src.closed?
+      # puts "debug1 close write src"
+      src.close_write
+      @writes.delete( src )
+      if src.closed? then
+        # puts "debug1 delete src info"
+        @roles.delete( src )
+        src_info = del_src_info( src )
+      else
+        src_info = @src_infos[ src ]
+      end
+      src_info
+    end
+    ##
+    # close write dst
+    #
+    def close_write_dst( dst )
+      return if dst.closed?
+      # puts "debug1 close write dst"
+      dst.close_write
+      @writes.delete( dst )
+      if dst.closed? then
+        # puts "debug1 delete dst info"
+        @roles.delete( dst )
+        dst_info = @dst_infos.delete( dst )
+      else
+        dst_info = @dst_infos[ dst ]
+      end
+      dst_info
+    end
+    ##
+    # close write stream
+    #
+    def close_write_stream( stream )
+      return if stream.closed?
+      # puts "debug1 close write stream"
+      stream.close_write
+      @writes.delete( stream )
+      if stream.closed? then
+        # puts "debug1 delete stream info"
+        @roles.delete( stream )
+        stream_info = @stream_infos.delete( stream )
+      else
+        stream_info = @stream_infos[ stream ]
+      end
+      stream_info
+    end
+    ##
+    # deal with destination ip
+    #
+    def deal_with_destination_ip( src, ip_info )
+      src_info = @src_infos[ src ]
+      if ( @directs.any? { | direct | direct.include?( ip_info.ip_address ) } ) || ( ( src_info[ :destination_domain ] == @proxyd_host ) && ![ 80, 443 ].include?( src_info[ :destination_port ] ) ) then
+        # ip命中直连列表，或者访问远端非80/443端口，直连
+        # puts "debug1 #{ ip_info.inspect } hit directs"
+        new_a_dst( src, ip_info )
+      else
+        # 走远端
+        # puts "debug1 #{ ip_info.inspect } go tunnel"
+        set_src_proxy_type_tunnel( src )
+      end
+    end
+    ##
+    # del src info
+    #
+    def del_src_info( src )
+      src_info = @src_infos.delete( src )
+      if src_info[ :stream ] && @tun && !@tun.closed? then
+        @tun_info[ :srcs ].delete( src_info[ :id ] )
+      end
+      src_info
+    end
     ##
     # loop check expire
     #
@@ -95,127 +369,97 @@ module Girl
           sleep CHECK_EXPIRE_INTERVAL
           @mutex.synchronize do
-            need_trigger = false
+            trigger = false
             now = Time.new
-            if @tun && !@tun.closed?
-              is_expired = @tun_info[ :last_recv_at ] ? ( now - @tun_info[ :last_recv_at ] > EXPIRE_AFTER ) : ( now - @tun_info[ :created_at ] > EXPIRE_NEW )
+            if @tun && !@tun.closed? then
+              last_recv_at = @tun_info[ :last_recv_at ] || @tun_info[ :created_at ]
+              last_sent_at = @tun_info[ :last_sent_at ] || @tun_info[ :created_at ]
-              if is_expired
+              if @tun_info[ :srcs ].empty? && ( now - last_recv_at >= EXPIRE_AFTER ) && ( now - last_sent_at >= EXPIRE_AFTER ) then
                 puts "p#{ Process.pid } #{ Time.new } expire tun"
-                set_is_closing( @tun )
-                need_trigger = true
-              else
-                data = [ 0, HEARTBEAT, rand( 128 ) ].pack( 'Q>CC' )
-                # puts "debug1 #{ Time.new } heartbeat"
-                send_data( @tun, data, @tun_info[ :tund_addr ] )
-                del_src_ids = []
-                @tun_info[ :srcs ].each do | src_id, src |
-                  if src.closed?
-                    src_info = @src_infos[ src ]
-                    if src_info && ( now - src_info[ :last_continue_at ] > EXPIRE_AFTER )
-                      puts "p#{ Process.pid } #{ Time.new } expire src ext #{ src_info[ :destination_domain ] }"
-                      @tun_info[ :wmems ].delete_if { | src_id_and_pack_id, _ | src_id_and_pack_id.first == src_id }
-                      @tun_info[ :src_ids ].delete( src_info[ :dst_id ] )
-                      @src_infos.delete( src )
-                      del_src_ids << src_id
-                    end
-                  end
-                end
-                if del_src_ids.any?
-                  @tun_info[ :srcs ].delete_if { | src_id, _ | del_src_ids.include?( src_id ) }
-                end
+                set_tun_closing
+                trigger = true
               end
             end
             @src_infos.each do | src, src_info |
-              if now - src_info[ :last_continue_at ] > EXPIRE_AFTER
-                puts "p#{ Process.pid } #{ Time.new } expire src #{ src_info[ :destination_domain ] }"
-                set_is_closing( src )
-                need_trigger = true
-              end
-            end
+              last_recv_at = src_info[ :last_recv_at ] || src_info[ :created_at ]
+              last_sent_at = src_info[ :last_sent_at ] || src_info[ :created_at ]
-            @dst_infos.each do | dst, dst_info |
-              if now - dst_info[ :last_continue_at ] > EXPIRE_AFTER
-                puts "p#{ Process.pid } #{ Time.new } expire dst #{ dst_info[ :domain ] }"
-                set_is_closing( dst )
-                need_trigger = true
+              if ( now - last_recv_at >= EXPIRE_AFTER ) && ( now - last_sent_at >= EXPIRE_AFTER ) then
+                puts "p#{ Process.pid } #{ Time.new } expire src #{ src_info[ :destination_domain ] }"
+                set_src_closing( src )
+                trigger = true
               end
             end
-            if need_trigger
-              next_tick
-            end
+            next_tick if trigger
           end
         end
       end
     end
     ##
-    # loop check status
+    # loop check resume
     #
-    def loop_check_status
+    def loop_check_resume
       Thread.new do
         loop do
-          sleep CHECK_STATUS_INTERVAL
+          sleep CHECK_RESUME_INTERVAL
           @mutex.synchronize do
-            if @tun && !@tun.closed? && @tun_info[ :tund_addr ]
-              if @tun_info[ :srcs ].any?
-                now = Time.new
-                @tun_info[ :srcs ].each do | src_id, src |
-                  src_info = @src_infos[ src ]
+            trigger = false
-                  if src_info && src_info[ :dst_id ] && ( now - src_info[ :last_continue_at ] < SEND_STATUS_UNTIL )
-                    data = [ 0, SOURCE_STATUS, src_id, src_info[ :biggest_pack_id ], src_info[ :continue_dst_pack_id ] ].pack( 'Q>CQ>Q>Q>' )
-                    send_data( @tun, data, @tun_info[ :tund_addr ] )
-                  end
-                end
-              end
+            @src_infos.select{ | _, src_info | src_info[ :paused ] }.each do | src, src_info |
+              dst = src_info[ :dst ]
-              if @pause_srcs.any? && ( @tun_info[ :wmems ].size < RESUME_BELOW )
-                @pause_srcs.each do | src |
-                  src_info = @src_infos[ src ]
+              if dst then
+                dst_info = @dst_infos[ dst ]
-                  if src_info
-                    puts "p#{ Process.pid } #{ Time.new } resume src #{ src_info[ :destination_domain ] }"
-                    add_read( src )
-                  end
+                if dst_info[ :wbuff ].size < RESUME_BELOW then
+                  puts "p#{ Process.pid } #{ Time.new } dst.wbuff below #{ RESUME_BELOW }, resume src #{ src_info[ :destination_domain ] }"
+                  resume_src( src )
+                  trigger = true
                 end
+              else
+                stream = src_info[ :stream ]
+                stream_info = @stream_infos[ stream ]
-                @pause_srcs.clear
-                next_tick
+                if stream_info[ :wbuff ].size < RESUME_BELOW then
+                  puts "p#{ Process.pid } #{ Time.new } stream.wbuff below #{ RESUME_BELOW }, resume src #{ src_info[ :destination_domain ] }"
+                  resume_src( src )
+                  trigger = true
+                end
               end
             end
-          end
-        end
-      end
-    end
-    def loop_send_hello
-      data = @custom.hello
+            @dst_infos.select{ | _, dst_info | dst_info[ :paused ] }.each do | dst, dst_info |
+              src = dst_info[ :src ]
+              src_info = @src_infos[ src ]
-      Thread.new do
-        EXPIRE_NEW.times do | i |
-          if @tun.closed? || @tun_info[ :tund_addr ]
-            # puts "debug1 break loop send hello"
-            break
-          end
+              if src_info[ :wbuff ].size < RESUME_BELOW then
+                puts "p#{ Process.pid } #{ Time.new } src.wbuff below #{ RESUME_BELOW }, resume dst #{ dst_info[ :domain ] }"
+                dst_info[ :paused ] = false
+                add_read( dst )
+                trigger = true
+              end
+            end
-          @mutex.synchronize do
-            msg = i >= 1 ? "resend hello #{ i }" : "hello i'm tun"
-            puts "p#{ Process.pid } #{ Time.new } #{ msg }"
-            # puts "debug1 #{ data.inspect }"
+            @stream_infos.select{ | _, stream_info | stream_info[ :paused ] }.each do | stream, stream_info |
+              src = stream_info[ :src ]
+              src_info = @src_infos[ src ]
-            send_data( @tun, data, @proxyd_addr )
-          end
+              if src_info[ :wbuff ].size < RESUME_BELOW then
+                puts "p#{ Process.pid } #{ Time.new } src.wbuff below #{ RESUME_BELOW }, resume stream #{ stream_info[ :domain ] }"
+                stream_info[ :paused ] = false
+                add_read( stream )
+                trigger = true
+              end
+            end
-          sleep CHECK_STATUS_INTERVAL
+            next_tick if trigger
+          end
         end
       end
     end
@@ -226,98 +470,141 @@ module Girl
     def loop_send_a_new_source( src )
       src_info = @src_infos[ src ]
-      if src_info && @tun_info[ :tund_addr ]
+      if src_info then
         destination_domain = src_info[ :destination_domain ]
         destination_port = src_info[ :destination_port ]
         domain_port = [ destination_domain, destination_port ].join( ':' )
         data = [ [ 0, A_NEW_SOURCE, src_info[ :id ] ].pack( 'Q>CQ>' ), @custom.encode( domain_port ) ].join
         Thread.new do
-          EXPIRE_NEW.times do | i |
-            if src.closed? || src_info[ :dst_id ]
+          SEND_HELLO_COUNT.times do | i |
+            if @tun.nil? || @tun.closed? || src.closed? || src_info[ :stream ] then
               # puts "debug1 break loop send a new source #{ src_info[ :dst_port ] }"
               break
             end
             @mutex.synchronize do
-              if i >= 1
+              if i >= 1 then
                 puts "p#{ Process.pid } #{ Time.new } resend a new source #{ domain_port } #{ i }"
               end
-              send_data( @tun, data, @tun_info[ :tund_addr ] )
+              add_ctlmsg( data )
+              next_tick
             end
-            sleep CHECK_STATUS_INTERVAL
+            sleep 1
           end
         end
       end
     end
     ##
-    # resolve domain
+    # new a dst
     #
-    def resolve_domain( src, domain )
-      if @remotes.any? { | remote | ( domain.size >= remote.size ) && ( domain[ ( remote.size * -1 )..-1 ] == remote ) }
-        # puts "debug1 #{ domain } hit remotes"
-        new_a_src_ext( src )
+    def new_a_dst( src, ip_info )
+      src_info = @src_infos[ src ]
+      domain = src_info[ :destination_domain ]
+      destination_addr = Socket.sockaddr_in( src_info[ :destination_port ], ip_info.ip_address )
+      dst = Socket.new( ip_info.ipv4? ? Socket::AF_INET : Socket::AF_INET6, Socket::SOCK_STREAM, 0 )
+      dst.setsockopt( Socket::SOL_TCP, Socket::TCP_NODELAY, 1 ) if RUBY_PLATFORM.include?( 'linux' )
+      begin
+        dst.connect_nonblock( destination_addr )
+      rescue IO::WaitWritable
+        # connect nonblock 必抛 wait writable
+      rescue Exception => e
+        puts "p#{ Process.pid } #{ Time.new } dst connect destination #{ domain } #{ src_info[ :destination_port ] } #{ ip_info.ip_address } #{ e.class }, close src"
+        set_src_closing( src )
         return
       end
-      resolv_cache = @resolv_caches[ domain ]
+      # puts "debug1 a new dst #{ dst.local_address.inspect }"
+      local_port = dst.local_address.ip_port
+      dst_info = {
+        local_port: local_port, # 本地端口
+        src: src,               # 对应src
+        domain: domain,         # 目的地
+        wbuff: '',              # 写前，从src读到的流量
+        paused: false,          # 是否已暂停读
+        closing: false,         # 准备关闭
+        closing_read: false,    # 准备关闭读
+        closing_write: false    # 准备关闭写
+      }
-      if resolv_cache
-        ip_info, created_at = resolv_cache
+      @dst_infos[ dst ] = dst_info
+      add_read( dst, :dst )
+      src_info[ :proxy_type ] = :direct
+      src_info[ :dst ] = dst
-        if Time.new - created_at < RESOLV_CACHE_EXPIRE
-          # puts "debug1 #{ domain } hit resolv cache #{ ip_info.inspect }"
-          deal_with_destination_ip( src, ip_info )
-          return
+      if src_info[ :proxy_proto ] == :http then
+        if src_info[ :is_connect ] then
+          # puts "debug1 add src.wbuff http ok"
+          add_src_wbuff( src, HTTP_OK )
+        elsif src_info[ :rbuff ] then
+          # puts "debug1 move src.rbuff to dst.wbuff"
+          dst_info[ :wbuff ] << src_info[ :rbuff ]
+          add_write( dst )
         end
-        # puts "debug1 expire #{ domain } resolv cache"
-        @resolv_caches.delete( domain )
+      elsif src_info[ :proxy_proto ] == :socks5 then
+        add_src_wbuff_socks5_conn_reply( src )
       end
+    end
+    ##
+    # new a stream
+    #
+    def new_a_stream( src_id, dst_id )
+      src = @tun_info[ :srcs ][ src_id ]
+      return if src.nil? || src.closed?
       src_info = @src_infos[ src ]
-      src_info[ :proxy_type ] = :checking
+      return if src_info[ :dst_id ]
-      Thread.new do
-        begin
-          ip_info = Addrinfo.ip( domain )
-        rescue Exception => e
-          puts "p#{ Process.pid } #{ Time.new } resolv #{ domain } #{ e.class }"
-        end
+      if dst_id == 0 then
+        puts "p#{ Process.pid } #{ Time.new } remote dst already closed"
+        set_src_closing( src )
+        return
+      end
-        @mutex.synchronize do
-          if ip_info
-            @resolv_caches[ domain ] = [ ip_info, Time.new ]
+      stream = Socket.new( Socket::AF_INET, Socket::SOCK_STREAM, 0 )
+      stream.setsockopt( Socket::SOL_TCP, Socket::TCP_NODELAY, 1 ) if RUBY_PLATFORM.include?( 'linux' )
-            unless src.closed?
-              puts "p#{ Process.pid } #{ Time.new } resolved #{ domain } #{ ip_info.ip_address }"
-              deal_with_destination_ip( src, ip_info )
-            end
-          else
-            set_is_closing( src )
-          end
+      begin
+        stream.connect_nonblock( @tun_info[ :tcpd_addr ] )
+      rescue IO::WaitWritable
+      rescue Exception => e
+        puts "p#{ Process.pid } #{ Time.new } connect tcpd #{ e.class }"
+        return
+      end
-          next_tick
-        end
+      # puts "debug1 set stream.wbuff #{ dst_id }"
+      data = [ dst_id ].pack( 'n' )
+      unless src_info[ :rbuff ].empty? then
+        # puts "debug1 encode and move src.rbuff to stream.wbuff"
+        data << @custom.encode( src_info[ :rbuff ] )
       end
-    end
-    ##
-    # deal with destination ip
-    #
-    def deal_with_destination_ip( src, ip_info )
-      src_info = @src_infos[ src ]
+      domain = src_info[ :destination_domain ]
+      @stream_infos[ stream ] = {
+        src: src,       # 对应src
+        domain: domain, # 目的地
+        wbuff: data,    # 写前，写往远端streamd
+        paused: false   # 是否已暂停读
+      }
-      if ( @directs.any? { | direct | direct.include?( ip_info.ip_address ) } ) || ( ( src_info[ :destination_domain ] == @proxyd_host ) && ![ 80, 443 ].include?( src_info[ :destination_port ] ) )
-        # ip命中直连列表，或者访问远端非80/443端口，直连
-        # puts "debug1 #{ ip_info.inspect } hit directs"
-        new_a_dst( src, ip_info )
-      else
-        # 走远端
-        new_a_src_ext( src )
+      src_info[ :dst_id ] = dst_id
+      src_info[ :stream ] = stream
+      add_read( stream, :stream )
+      add_write( stream )
+      if src_info[ :proxy_proto ] == :http then
+        if src_info[ :is_connect ] then
+          # puts "debug1 add src.wbuff http ok"
+          add_src_wbuff( src, HTTP_OK )
+        end
+      elsif src_info[ :proxy_proto ] == :socks5 then
+        add_src_wbuff_socks5_conn_reply( src )
       end
     end
@@ -328,13 +615,13 @@ module Girl
       proxy = Socket.new( Socket::AF_INET, Socket::SOCK_STREAM, 0 )
       proxy.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEADDR, 1 )
-      if RUBY_PLATFORM.include?( 'linux' )
+      if RUBY_PLATFORM.include?( 'linux' ) then
         proxy.setsockopt( Socket::SOL_SOCKET, Socket::SO_REUSEPORT, 1 )
         proxy.setsockopt( Socket::SOL_TCP, Socket::TCP_NODELAY, 1 )
       end
       proxy.bind( Socket.sockaddr_in( proxy_port, '0.0.0.0' ) )
-      proxy.listen( 511 )
+      proxy.listen( 127 )
       puts "p#{ Process.pid } #{ Time.new } proxy listen on #{ proxy_port }"
       add_read( proxy, :proxy )
       @proxy_local_address = proxy.local_address
@@ -350,450 +637,221 @@ module Girl
       tun_info = {
         port: port,           # 端口
         pending_sources: [],  # 还没配上tund，暂存的src
-        wbuffs: [],           # 写前 [ src_id, pack_id, data ]
-        wmems: {},            # 写后 [ src_id, pack_id ] => data
+        ctlmsgs: [],          # [ ctlmsg, to_addr ]
         tund_addr: nil,       # tund地址
+        tcpd_addr: nil,       # tcpd地址
         srcs: {},             # src_id => src
-        src_ids: {},          # dst_id => src_id
-        paused: false,        # 是否暂停写
-        resendings: [],       # 重传队列 [ src_id, pack_id ]
         created_at: Time.new, # 创建时间
-        last_recv_at: nil,    # 上一次收到流量的时间，过期关闭
-        is_closing: false     # 是否准备关闭
+        last_recv_at: nil,    # 上一次收到流量的时间
+        last_sent_at: nil,    # 上一次发出流量的时间
+        closing: false        # 是否准备关闭
       }
       @tun = tun
       @tun_info = tun_info
       add_read( tun, :tun )
-      loop_send_hello
-    end
-    ##
-    # new a dst
-    #
-    def new_a_dst( src, ip_info )
-      src_info = @src_infos[ src ]
-      domain = src_info[ :destination_domain ]
-      destination_addr = Socket.sockaddr_in( src_info[ :destination_port ], ip_info.ip_address )
-      dst = Socket.new( ip_info.ipv4? ? Socket::AF_INET : Socket::AF_INET6, Socket::SOCK_STREAM, 0 )
-      if RUBY_PLATFORM.include?( 'linux' )
-        dst.setsockopt( Socket::SOL_TCP, Socket::TCP_NODELAY, 1 )
-      end
+      data = @custom.hello
-      begin
-        dst.connect_nonblock( destination_addr )
-      rescue IO::WaitWritable
-        # connect nonblock 必抛 wait writable，这里仅仅接一下，逻辑写外面，整齐
-      rescue Exception => e
-        puts "p#{ Process.pid } #{ Time.new } connect destination #{ e.class }, close src"
-        set_is_closing( src )
-        return
-      end
+      Thread.new do
+        SEND_HELLO_COUNT.times do | i |
+          if @tun.nil? || @tun.closed? || @tun_info[ :tund_addr ] then
+            # puts "debug1 break loop send hello"
+            break
+          end
-      # puts "debug1 a new dst #{ dst.local_address.inspect }"
-      local_port = dst.local_address.ip_port
-      @dst_infos[ dst ] = {
-        local_port: local_port,     # 本地端口
-        src: src,                   # 对应src
-        domain: domain,             # 域名
-        wbuff: '',                  # 写前
-        last_continue_at: Time.new, # 上一次发生流量的时间
-        is_closing: false           # 是否准备关闭
-      }
+          @mutex.synchronize do
+            msg = i >= 1 ? "resend hello #{ i }" : "hello i'm tun"
+            puts "p#{ Process.pid } #{ Time.new } #{ msg }"
+            # puts "debug1 #{ data.inspect }"
-      add_read( dst, :dst )
-      src_info[ :proxy_type ] = :direct
-      src_info[ :dst ] = dst
+            add_ctlmsg( data, @proxyd_addr )
+            next_tick
+          end
-      if src_info[ :proxy_proto ] == :http
-        if src_info[ :is_connect ]
-          # puts "debug1 add src wbuff http ok"
-          add_src_wbuff( src, HTTP_OK )
-        else
-          # puts "debug1 add src rbuff to dst wbuff"
-          add_dst_wbuff( dst, src_info[ :rbuff ] )
+          sleep 1
         end
-      elsif src_info[ :proxy_proto ] == :socks5
-        add_src_wbuff_socks5_conn_reply( src )
       end
     end
     ##
-    # new a src ext
-    #
-    def new_a_src_ext( src )
-      if @tun.nil? || @tun.closed?
-        new_a_tun
-      end
-      src_info = @src_infos[ src ]
-      src_info[ :proxy_type ] = :tunnel
-      src_id = src_info[ :id ]
-      @tun_info[ :srcs ][ src_id ] = src
-      if @tun_info[ :tund_addr ]
-        loop_send_a_new_source( src )
-      else
-        @tun_info[ :pending_sources ] << src
-      end
-    end
-    ##
-    # add src wbuff socks5 conn reply
-    #
-    def add_src_wbuff_socks5_conn_reply( src )
-      # +----+-----+-------+------+----------+----------+
-      # |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
-      # +----+-----+-------+------+----------+----------+
-      # | 1  |  1  | X'00' |  1   | Variable |    2     |
-      # +----+-----+-------+------+----------+----------+
-      proxy_ip, proxy_port = @proxy_local_address.ip_unpack
-      data = [ [ 5, 0, 0, 1 ].pack( 'C4' ), IPAddr.new( proxy_ip ).hton, [ proxy_port ].pack( 'n' ) ].join
-      # puts "debug1 add src wbuff socks5 conn reply #{ data.inspect }"
-      add_src_wbuff( src, data )
-    end
-    ##
-    # sub http request
-    #
-    def sub_http_request( data )
-      lines = data.split( "\r\n" )
-      if lines.empty?
-        return [ data, nil ]
-      end
-      method, url, proto = lines.first.split( ' ' )
-      if proto && url && proto[ 0, 4 ] == 'HTTP' && url[ 0, 7 ] == 'http://'
-        domain_and_port = url.split( '/' )[ 2 ]
-        data = data.sub( "http://#{ domain_and_port }", '' )
-        # puts "debug1 subed #{ data.inspect } #{ domain_and_port }"
-      end
-      [ data, domain_and_port ]
-    end
-    ##
-    # add src wbuff
-    #
-    def add_src_wbuff( src, data )
-      src_info = @src_infos[ src ]
-      src_info[ :wbuff ] << data
-      add_write( src )
-    end
-    ##
-    # add dst wbuff
-    #
-    def add_dst_wbuff( dst, data )
-      dst_info = @dst_infos[ dst ]
-      dst_info[ :wbuff ] << data
-      add_write( dst )
-    end
-    ##
-    # add read
+    # next tick
     #
-    def add_read( sock, role = nil )
-      if sock && !sock.closed? && !@reads.include?( sock )
-        @reads << sock
-        if role
-          @roles[ sock ] = role
-        end
-      end
+    def next_tick
+      @dotw.write( '.' )
     end
     ##
-    # add write
+    # resolve domain
     #
-    def add_write( sock )
-      if sock && !sock.closed? && !@writes.include?( sock )
-        @writes << sock
+    def resolve_domain( src, domain )
+      if @remotes.any? { | remote | ( domain.size >= remote.size ) && ( domain[ ( remote.size * -1 )..-1 ] == remote ) } then
+        # puts "debug1 #{ domain } hit remotes"
+        set_src_proxy_type_tunnel( src )
+        return
       end
-    end
-    ##
-    # add pause src
-    #
-    def add_pause_src( src )
-      @reads.delete( src )
+      resolv_cache = @resolv_caches[ domain ]
-      unless @pause_srcs.include?( src )
-        @pause_srcs << src
-      end
-    end
+      if resolv_cache then
+        ip_info, created_at = resolv_cache
-    ##
-    # set is closing
-    #
-    def set_is_closing( sock )
-      if sock && !sock.closed?
-        role = @roles[ sock ]
-        # puts "debug1 set #{ role.to_s } is closing"
-        case role
-        when :src
-          src_info = @src_infos[ sock ]
-          src_info[ :is_closing ] = true
-        when :dst
-          dst_info = @dst_infos[ sock ]
-          dst_info[ :is_closing ] = true
-        when :tun
-          @tun_info[ :is_closing ] = true
+        if Time.new - created_at < RESOLV_CACHE_EXPIRE then
+          # puts "debug1 #{ domain } hit resolv cache #{ ip_info.inspect }"
+          deal_with_destination_ip( src, ip_info )
+          return
         end
-        @reads.delete( sock )
-        add_write( sock )
+        # puts "debug1 expire #{ domain } resolv cache"
+        @resolv_caches.delete( domain )
       end
-    end
-    ##
-    # tunnel data
-    #
-    def tunnel_data( src, data )
       src_info = @src_infos[ src ]
-      src_id = src_info[ :id ]
-      now = Time.new
-      pack_id = src_info[ :biggest_pack_id ]
-      idx = 0
-      len = data.bytesize
-      while idx < len
-        chunk = data[ idx, PACK_SIZE ]
-        pack_id += 1
+      src_info[ :proxy_type ] = :checking
-        if pack_id <= CONFUSE_UNTIL
-          chunk = @custom.encode( chunk )
-          # puts "debug1 encoded chunk #{ pack_id }"
+      Thread.new do
+        begin
+          ip_info = Addrinfo.ip( domain )
+        rescue Exception => e
+          puts "p#{ Process.pid } #{ Time.new } resolv #{ domain } #{ e.class }"
         end
-        data2 = [ [ pack_id, src_id ].pack( 'Q>Q>' ), chunk ].join
-        sent = send_data( @tun, data2, @tun_info[ :tund_addr ] )
-        # puts "debug2 written pack #{ pack_id } #{ sent }"
-        @tun_info[ :wmems ][ [ src_id, pack_id ] ] = data2
-        src_info[ :send_ats ][ pack_id ] = now
-        idx += PACK_SIZE
-      end
-      src_info[ :biggest_pack_id ] = pack_id
-      src_info[ :last_continue_at ] = now
-      # 写后超过上限，暂停读src
-      if @tun_info[ :wmems ].size >= WMEMS_LIMIT
-        puts "p#{ Process.pid } #{ Time.new } pause src #{ src_id } #{ src_info[ :destination_domain ] } #{ src_info[ :biggest_pack_id ] }"
-        add_pause_src( src )
-      end
-    end
-    ##
-    # send data
-    #
-    def send_data( tun, data, to_addr )
-      unless to_addr
-        return false
-      end
-      begin
-        tun.sendmsg( data, 0, to_addr )
-      rescue IO::WaitWritable, Errno::EINTR
-        return false
-      rescue Errno::EHOSTUNREACH, Errno::ENETUNREACH, Errno::ENETDOWN => e
-        puts "#{ Time.new } #{ e.class }, close tun"
-        close_tun( tun )
-        return false
-      end
-      true
-    end
-    ##
-    # close src
-    #
-    def close_src( src )
-      # puts "debug1 close src"
-      close_sock( src )
-      @pause_srcs.delete( src )
-      src_info = @src_infos[ src ]
+        @mutex.synchronize do
+          if ip_info then
+            @resolv_caches[ domain ] = [ ip_info, Time.new ]
-      if src_info[ :proxy_type ] == :direct
-        @src_infos.delete( src )
+            unless src.closed? then
+              puts "p#{ Process.pid } #{ Time.new } resolved #{ domain } #{ ip_info.ip_address }"
+              deal_with_destination_ip( src, ip_info )
+            end
+          else
+            set_src_closing( src )
+          end
-        if src_info[ :dst ]
-          set_is_closing( src_info[ :dst ] )
+          next_tick
         end
-        return
-      end
-      if @tun.closed? || src_info[ :dst_id ].nil?
-        @src_infos.delete( src )
-        return
-      end
-      src_id = src_info[ :id ]
-      if src_info[ :is_dst_closed ]
-        # puts "debug1 2-3. after close src -> dst closed ? yes -> del src ext -> send fin2"
-        del_src_ext( src_id )
-        data = [ 0, FIN2, src_id ].pack( 'Q>CQ>' )
-      else
-        # puts "debug1 1-1. after close src -> dst closed ? no -> send fin1"
-        data = [ 0, FIN1, src_id, src_info[ :biggest_pack_id ], src_info[ :continue_dst_pack_id ] ].pack( 'Q>CQ>Q>Q>' )
       end
-      send_data( @tun, data, @tun_info[ :tund_addr ] )
-    end
-    ##
-    # close dst
-    #
-    def close_dst( dst )
-      # puts "debug1 close dst"
-      close_sock( dst )
-      dst_info = @dst_infos.delete( dst )
-      set_is_closing( dst_info[ :src ] )
     end
     ##
-    # close tun
+    # resume src
     #
-    def close_tun( tun )
-      # puts "debug1 close tun"
-      close_sock( tun )
-      @tun_info[ :srcs ].each{ | _, src | set_is_closing( src ) }
-    end
-    ##
-    # close sock
-    #
-    def close_sock( sock )
-      sock.close
-      @reads.delete( sock )
-      @writes.delete( sock )
-      @roles.delete( sock )
-    end
-    ##
-    # del src ext
-    #
-    def del_src_ext( src_id )
-      @tun_info[ :wmems ].delete_if { | src_id_and_pack_id, _ | src_id_and_pack_id.first == src_id }
-      src = @tun_info[ :srcs ].delete( src_id )
-      if src
-        src_info = @src_infos.delete( src )
-        if src_info
-          @tun_info[ :src_ids ].delete( src_info[ :dst_id ] )
-        end
-      end
+    def resume_src( src )
+      src_info = @src_infos[ src ]
+      src_info[ :paused ] = false
+      add_read( src )
     end
     ##
-    # release wmems
+    # set dst closing
     #
-    def release_wmems( src_info, completed_pack_id )
-      if completed_pack_id > src_info[ :completed_pack_id ]
-        # puts "debug2 update completed pack #{ completed_pack_id }"
-        pack_ids = src_info[ :send_ats ].keys.select { | pack_id | pack_id <= completed_pack_id }
-        pack_ids.each do | pack_id |
-          @tun_info[ :wmems ].delete( [ src_info[ :id ], pack_id ] )
-          src_info[ :send_ats ].delete( pack_id )
-        end
-        src_info[ :completed_pack_id ] = completed_pack_id
-      end
+    def set_dst_closing( dst )
+      return if dst.closed?
+      dst_info = @dst_infos[ dst ]
+      dst_info[ :closing ] = true
+      @reads.delete( dst )
+      add_write( dst )
     end
     ##
-    # next tick
+    # set dst closing write
     #
-    def next_tick
-      @dotw.write( '.' )
+    def set_dst_closing_write( dst )
+      return if dst.closed?
+      dst_info = @dst_infos[ dst ]
+      dst_info[ :closing_write ] = true
+      add_write( dst )
     end
-    ##
-    # write src
-    #
-    def write_src( src )
-      src_info = @src_infos[ src ]
-      if src_info[ :is_closing ]
-        close_src( src )
-        return
-      end
-      data = src_info[ :wbuff ]
-      if data.empty?
-        @writes.delete( src )
-        return
-      end
-      begin
-        written = src.write_nonblock( data )
-      rescue IO::WaitWritable, Errno::EINTR
-        return
-      rescue Exception => e
-        close_src( src )
-        return
-      end
-      # puts "debug2 write src #{ written }"
-      data = data[ written..-1 ]
-      src_info[ :wbuff ] = data
-      src_info[ :last_continue_at ] = Time.new
+    ##
+    # set src is closing
+    #
+    def set_src_closing( src )
+      return if src.closed?
+      @reads.delete( src )
+      src_info = @src_infos[ src ]
+      src_info[ :closing ] = true
+      add_write( src )
     end
     ##
-    # write dst
+    # set src closing write
     #
-    def write_dst( dst )
-      dst_info = @dst_infos[ dst ]
+    def set_src_closing_write( src )
+      return if src.closed?
+      src_info = @src_infos[ src ]
+      src_info[ :closing_write ] = true
+      add_write( src )
+    end
-      if dst_info[ :is_closing ]
-        close_dst( dst )
-        return
+    ##
+    # set src proxy type tunnel
+    #
+    def set_src_proxy_type_tunnel( src )
+      if @tun.nil? || @tun.closed? then
+        new_a_tun
       end
-      data = dst_info[ :wbuff ]
+      src_info = @src_infos[ src ]
+      src_info[ :proxy_type ] = :tunnel
+      src_id = src_info[ :id ]
+      @tun_info[ :srcs ][ src_id ] = src
-      if data.empty?
-        @writes.delete( dst )
-        return
+      if @tun_info[ :tund_addr ] then
+        loop_send_a_new_source( src )
+      else
+        @tun_info[ :pending_sources ] << src
       end
+    end
-      begin
-        written = dst.write_nonblock( data )
-      rescue IO::WaitWritable, Errno::EINTR
-        return
-      rescue Exception => e
-        # puts "debug1 write dst #{ e.class }"
-        close_dst( dst )
-        return
-      end
+    ##
+    # set stream closing
+    #
+    def set_stream_closing( stream )
+      return if stream.closed?
+      stream_info = @stream_infos[ stream ]
+      stream_info[ :closing ] = true
+      @reads.delete( stream )
+      add_write( stream )
+    end
-      # puts "debug2 write dst #{ written }"
-      data = data[ written..-1 ]
-      dst_info[ :wbuff ] = data
-      dst_info[ :last_continue_at ] = Time.new
+    ##
+    # set stream closing write
+    #
+    def set_stream_closing_write( stream )
+      return if stream.closed?
+      stream_info = @stream_infos[ stream ]
+      stream_info[ :closing_write ] = true
+      add_write( stream )
     end
     ##
-    # write tun
+    # set tun is closing
     #
-    def write_tun( tun )
-      if @tun_info[ :is_closing ]
-        close_tun( tun )
-        return
+    def set_tun_closing
+      return if @tun.closed?
+      @tun_info[ :closing ] = true
+      @reads.delete( @tun )
+      add_write( @tun )
+    end
+    ##
+    # sub http request
+    #
+    def sub_http_request( data )
+      lines = data.split( "\r\n" )
+      return [ data, nil ] if lines.empty?
+      method, url, proto = lines.first.split( ' ' )
+      if proto && url && proto[ 0, 4 ] == 'HTTP' && url[ 0, 7 ] == 'http://' then
+        domain_port = url.split( '/' )[ 2 ]
+        data = data.sub( "http://#{ domain_port }", '' )
+        # puts "debug1 subed #{ data.inspect } #{ domain_port }"
       end
-      @writes.delete( tun )
+      [ data, domain_port ]
     end
     ##
@@ -810,6 +868,7 @@ module Girl
       begin
         src, addrinfo = proxy.accept_nonblock
       rescue IO::WaitReadable, Errno::EINTR
+        print 'r'
         return
       end
@@ -817,30 +876,86 @@ module Girl
       # puts "debug1 accept a src #{ addrinfo.inspect } #{ src_id }"
       @src_infos[ src ] = {
-        id: src_id,                 # id
-        proxy_proto: :uncheck,      # :uncheck / :http / :socks5
-        proxy_type: :uncheck,       # :uncheck / :checking / :direct / :tunnel / :negotiation
-        dst: nil,                   # :direct的场合，对应的dst
-        destination_domain: nil,    # 目的地域名
-        destination_port: nil,      # 目的地端口
-        biggest_pack_id: 0,         # 最大包号码
-        is_connect: true,           # 代理协议是http的场合，是否是CONNECT
-        rbuff: '',                  # 非CONNECT，dst或者远端dst未准备好，暂存流量
-        wbuff: '',                  # 写前
-        dst_id: nil,                # 远端dst id
-        send_ats: {},               # 上一次发出时间 pack_id => send_at
-        continue_dst_pack_id: 0,    # 收到几
-        pieces: {},                 # 跳号包 dst_pack_id => data
-        is_dst_closed: false,       # dst是否已关闭
-        biggest_dst_pack_id: 0,     # dst最大包号码
-        completed_pack_id: 0,       # 完成到几（对面收到几）
-        last_continue_at: Time.new, # 上一次发生流量的时间
-        is_closing: false           # 是否准备关闭
+        id: src_id,              # id
+        proxy_proto: :uncheck,   # :uncheck / :http / :socks5
+        proxy_type: :uncheck,    # :uncheck / :checking / :direct / :tunnel / :negotiation
+        destination_domain: nil, # 目的地域名
+        destination_port: nil,   # 目的地端口
+        is_connect: true,        # 代理协议是http的场合，是否是CONNECT
+        rbuff: '',               # 读到的流量
+        dst: nil,                # :direct的场合，对应的dst
+        stream: nil,             # :tunnel的场合，对应的stream
+        dst_id: nil,             # 远端dst id
+        wbuff: '',               # 从dst/stream读到的流量
+        created_at: Time.new,    # 创建时间
+        last_recv_at: nil,       # 上一次收到新流量（由dst收到，或者由stream收到）的时间
+        last_sent_at: nil,       # 上一次发出流量（由dst发出，或者由stream发出）的时间
+        paused: false,           # 是否已暂停读
+        closing: false,          # 准备关闭
+        closing_read: false,     # 准备关闭读
+        closing_write: false     # 准备关闭写
       }
       add_read( src, :src )
     end
+    ##
+    # read tun
+    #
+    def read_tun( tun )
+      begin
+        data, addrinfo, rflags, *controls = tun.recvmsg_nonblock
+      rescue IO::WaitReadable, Errno::EINTR
+        print 'r'
+        return
+      end
+      from_addr = addrinfo.to_sockaddr
+      pack_id = data[ 0, 8 ].unpack( 'Q>' ).first
+      return if pack_id != 0
+      @tun_info[ :last_recv_at ] = Time.new
+      ctl_num = data[ 8 ].unpack( 'C' ).first
+      case ctl_num
+      when TUND_PORT then
+        return if ( from_addr != @proxyd_addr ) || @tun_info[ :tund_addr ]
+        tund_port, tcpd_port = data[ 9, 4 ].unpack( 'nn' )
+        puts "p#{ Process.pid } #{ Time.new } got tund port #{ tund_port }, #{ tcpd_port }"
+        @tun_info[ :tund_addr ] = Socket.sockaddr_in( tund_port, @proxyd_host )
+        @tun_info[ :tcpd_addr ] = Socket.sockaddr_in( tcpd_port, @proxyd_host )
+        if @tun_info[ :pending_sources ].any? then
+          puts "p#{ Process.pid } #{ Time.new } send pending sources"
+          @tun_info[ :pending_sources ].each do | src |
+            loop_send_a_new_source( src )
+          end
+          @tun_info[ :pending_sources ].clear
+        end
+      when PAIRED then
+        return if from_addr != @tun_info[ :tund_addr ]
+        src_id, dst_id = data[ 9, 10 ].unpack( 'Q>n' )
+        # puts "debug1 got paired #{ src_id } #{ dst_id }"
+        new_a_stream( src_id, dst_id )
+      when TUND_FIN then
+        return if from_addr != @tun_info[ :tund_addr ]
+        puts "p#{ Process.pid } #{ Time.new } recv tund fin"
+        set_tun_closing
+      when IP_CHANGED then
+        return if from_addr != @tun_info[ :tund_addr ]
+        puts "p#{ Process.pid } #{ Time.new } recv ip changed"
+        set_tun_closing
+      end
+    end
     ##
     # read src
     #
@@ -848,30 +963,38 @@ module Girl
       begin
         data = src.read_nonblock( READ_SIZE )
       rescue IO::WaitReadable, Errno::EINTR
+        print 'r'
         return
       rescue Exception => e
         # puts "debug1 read src #{ e.class }"
-        set_is_closing( src )
+        src_info = close_read_src( src )
+        dst = src_info[ :dst ]
+        if dst then
+          set_dst_closing_write( dst )
+        else
+          stream = src_info[ :stream ]
+          set_stream_closing_write( stream ) if stream
+        end
         return
       end
-      # puts "debug2 read src #{ data.inspect }"
       src_info = @src_infos[ src ]
-      src_info[ :last_continue_at ] = Time.new
       proxy_type = src_info[ :proxy_type ]
       case proxy_type
-      when :uncheck
-        if data[ 0, 7 ] == 'CONNECT'
+      when :uncheck then
+        if data[ 0, 7 ] == 'CONNECT' then
           # puts "debug1 CONNECT"
-          domain_and_port = data.split( "\r\n" )[ 0 ].split( ' ' )[ 1 ]
+          domain_port = data.split( "\r\n" )[ 0 ].split( ' ' )[ 1 ]
-          unless domain_and_port
+          unless domain_port then
             puts "p#{ Process.pid } #{ Time.new } CONNECT miss domain"
-            set_is_closing( src )
+            set_src_closing( src )
             return
           end
-        elsif data[ 0 ].unpack( 'C' ).first == 5
+        elsif data[ 0 ].unpack( 'C' ).first == 5 then
           # puts "debug1 socks5 #{ data.inspect }"
           # https://tools.ietf.org/html/rfc1928
@@ -884,9 +1007,9 @@ module Girl
           nmethods = data[ 1 ].unpack( 'C' ).first
           methods = data[ 2, nmethods ].unpack( 'C*' )
-          unless methods.include?( 0 )
+          unless methods.include?( 0 ) then
             puts "p#{ Process.pid } #{ Time.new } miss method 00"
-            set_is_closing( src )
+            set_src_closing( src )
             return
           end
@@ -897,30 +1020,28 @@ module Girl
           # +----+--------+
           data2 = [ 5, 0 ].pack( 'CC' )
           add_src_wbuff( src, data2 )
           src_info[ :proxy_proto ] = :socks5
           src_info[ :proxy_type ] = :negotiation
           return
         else
           # puts "debug1 not CONNECT #{ data.inspect }"
           host_line = data.split( "\r\n" ).find { | _line | _line[ 0, 6 ] == 'Host: ' }
-          unless host_line
+          unless host_line then
             # puts "debug1 not found host line"
-            set_is_closing( src )
+            set_src_closing( src )
             return
           end
-          data, domain_and_port = sub_http_request( data )
+          data, domain_port = sub_http_request( data )
-          unless domain_and_port
+          unless domain_port then
             # puts "debug1 not HTTP"
-            domain_and_port = host_line.split( ' ' )[ 1 ]
+            domain_port = host_line.split( ' ' )[ 1 ]
-            unless domain_and_port
+            unless domain_port then
               puts "p#{ Process.pid } #{ Time.new } Host line miss domain"
-              set_is_closing( src )
+              set_src_closing( src )
               return
             end
           end
@@ -929,7 +1050,7 @@ module Girl
           src_info[ :rbuff ] << data
         end
-        domain, port = domain_and_port.split( ':' )
+        domain, port = domain_port.split( ':' )
         port = port ? port.to_i : 80
         src_info[ :proxy_proto ] = :http
@@ -937,10 +1058,10 @@ module Girl
         src_info[ :destination_port ] = port
         resolve_domain( src, domain )
-      when :checking
-        # puts "debug1 add src rbuff while checking #{ data.inspect }"
+      when :checking then
+        # puts "debug1 add src rbuff before resolved #{ data.inspect }"
         src_info[ :rbuff ] << data
-      when :negotiation
+      when :negotiation then
         # +----+-----+-------+------+----------+----------+
         # |VER | CMD |  RSV  | ATYP | DST.ADDR | DST.PORT |
         # +----+-----+-------+------+----------+----------+
@@ -949,10 +1070,10 @@ module Girl
         # puts "debug1 negotiation #{ data.inspect }"
         ver, cmd, rsv, atyp = data[ 0, 4 ].unpack( 'C4' )
-        if cmd == 1
+        if cmd == 1 then
           # puts "debug1 socks5 CONNECT"
-          if atyp == 1
+          if atyp == 1 then
             destination_host, destination_port = data[ 4, 6 ].unpack( 'Nn' )
             destination_addr = Socket.sockaddr_in( destination_port, destination_host )
             destination_addrinfo = Addrinfo.new( destination_addr )
@@ -961,10 +1082,10 @@ module Girl
             src_info[ :destination_port ] = destination_port
             # puts "debug1 IP V4 address #{ destination_addrinfo.inspect }"
             deal_with_destination_ip( src, destination_addrinfo )
-          elsif atyp == 3
+          elsif atyp == 3 then
             domain_len = data[ 4 ].unpack( 'C' ).first
-            if ( domain_len + 7 ) == data.bytesize
+            if ( domain_len + 7 ) == data.bytesize then
               domain = data[ 5, domain_len ]
               port = data[ ( 5 + domain_len ), 2 ].unpack( 'n' ).first
               src_info[ :destination_domain ] = domain
@@ -976,41 +1097,64 @@ module Girl
         else
           puts "p#{ Process.pid } #{ Time.new } socks5 cmd #{ cmd } not implement"
         end
-      when :tunnel
-        if src_info[ :dst_id ]
-          if @tun.closed?
-            # puts "debug1 tun closed, close src"
-            set_is_closing( src )
-            return
-          end
+      when :tunnel then
+        stream = src_info[ :stream ]
-          unless src_info[ :is_connect ]
-            data, _ = sub_http_request( data )
-          end
+        if stream then
+          unless stream.closed? then
+            unless src_info[ :is_connect ] then
+              data, _ = sub_http_request( data )
+            end
-          tunnel_data( src, data )
+            stream_info = @stream_infos[ stream ]
+            data = @custom.encode( data )
+            # puts "debug2 add stream.wbuff encoded #{ data.bytesize }"
+            stream_info[ :wbuff ] << data
+            add_write( stream )
+            if stream_info[ :wbuff ].bytesize >= WBUFF_LIMIT then
+              puts "p#{ Process.pid } #{ Time.new } pause tunnel src #{ src_info[ :destination_domain ] }"
+              src_info[ :paused ] = true
+              @reads.delete( src )
+            end
+          end
         else
-          # puts "debug1 remote dst not ready, save data to src rbuff"
+          # puts "debug1 stream not ready, save data to src.rbuff"
           src_info[ :rbuff ] << data
+          if src_info[ :rbuff ].bytesize >= WBUFF_LIMIT then
+            # puts "debug1 tunnel src.rbuff full"
+            set_src_closing( src )
+          end
         end
-      when :direct
+      when :direct then
         dst = src_info[ :dst ]
-        if dst
-          if dst.closed?
-            # puts "debug1 dst closed, close src"
-            set_is_closing( src )
-            return
-          end
+        if dst then
+          unless dst.closed? then
+            unless src_info[ :is_connect ] then
+              data, _ = sub_http_request( data )
+            end
-          unless src_info[ :is_connect ]
-            data, _ = sub_http_request( data )
-          end
+            dst_info = @dst_infos[ dst ]
+            # puts "debug2 add dst.wbuff #{ data.bytesize }"
+            dst_info[ :wbuff ] << data
+            add_write( dst )
-          add_dst_wbuff( dst, data )
+            if dst_info[ :wbuff ].bytesize >= WBUFF_LIMIT then
+              puts "p#{ Process.pid } #{ Time.new } pause direct src #{ src_info[ :destination_domain ] }"
+              src_info[ :paused ] = true
+              @reads.delete( src )
+            end
+          end
         else
-          # puts "debug1 dst not ready, save data to src rbuff"
+          # puts "debug1 dst not ready, save data to src.rbuff"
           src_info[ :rbuff ] << data
+          if src_info[ :rbuff ].bytesize >= WBUFF_LIMIT then
+            # puts "debug1 direct src.rbuff full"
+            set_src_closing( src )
+          end
         end
       end
     end
@@ -1022,297 +1166,250 @@ module Girl
       begin
         data = dst.read_nonblock( READ_SIZE )
       rescue IO::WaitReadable, Errno::EINTR
+        print 'r'
         return
       rescue Exception => e
         # puts "debug1 read dst #{ e.class }"
-        set_is_closing( dst )
+        dst_info = close_read_dst( dst )
+        src = dst_info[ :src ]
+        set_src_closing_write( src )
         return
       end
-      # puts "debug2 read dst #{ data.inspect }"
       dst_info = @dst_infos[ dst ]
-      dst_info[ :last_continue_at ] = Time.new
       src = dst_info[ :src ]
+      add_src_wbuff( src, data )
+    end
-      if src.closed?
-        puts "p#{ Process.pid } #{ Time.new } src closed, close dst"
-        set_is_closing( dst )
+    ##
+    # read stream
+    #
+    def read_stream( stream )
+      begin
+        data = stream.read_nonblock( READ_SIZE )
+      rescue IO::WaitReadable, Errno::EINTR
+        print 'r'
+        return
+      rescue Exception => e
+        # puts "debug1 read stream #{ e.class }"
+        stream_info = close_read_stream( stream )
+        src = stream_info[ :src ]
+        set_src_closing_write( src )
         return
       end
+      stream_info = @stream_infos[ stream ]
+      src = stream_info[ :src ]
+      data = @custom.decode( data )
+      # puts "debug2 add src.wbuff decoded #{ data.bytesize }"
       add_src_wbuff( src, data )
     end
     ##
-    # read tun
+    # write tun
     #
-    def read_tun( tun )
-      data, addrinfo, rflags, *controls = tun.recvmsg
-      from_addr = addrinfo.to_sockaddr
-      now = Time.new
-      @tun_info[ :last_recv_at ] = now
-      pack_id = data[ 0, 8 ].unpack( 'Q>' ).first
-      if pack_id == 0
-        ctl_num = data[ 8 ].unpack( 'C' ).first
-        case ctl_num
-        when TUND_PORT
-          return if ( from_addr != @proxyd_addr ) || @tun_info[ :tund_addr ]
-          tund_port = data[ 9, 2 ].unpack( 'n' ).first
-          puts "p#{ Process.pid } #{ Time.new } got tund port #{ tund_port }"
-          tund_addr = Socket.sockaddr_in( tund_port, @proxyd_host )
-          @tun_info[ :tund_addr ] = tund_addr
-          if @tun_info[ :pending_sources ].any?
-            puts "p#{ Process.pid } #{ Time.new } send pending sources"
-            @tun_info[ :pending_sources ].each do | src |
-              loop_send_a_new_source( src )
-            end
-            @tun_info[ :pending_sources ].clear
-          end
-        when PAIRED
-          return if from_addr != @tun_info[ :tund_addr ]
-          src_id, dst_id = data[ 9, 10 ].unpack( 'Q>n' )
-          src = @tun_info[ :srcs ][ src_id ]
-          return if src.closed?
-          src_info = @src_infos[ src ]
-          return if src_info[ :dst_id ]
-          # puts "debug1 got paired #{ src_id } #{ dst_id }"
-          if dst_id == 0
-            set_is_closing( src )
-            return
-          end
-          src_info[ :dst_id ] = dst_id
-          @tun_info[ :src_ids ][ dst_id ] = src_id
-          if src_info[ :proxy_proto ] == :http
-            if src_info[ :is_connect ]
-              # puts "debug1 add src wbuff http ok"
-              add_src_wbuff( src, HTTP_OK )
-            else
-              # puts "debug1 send src rbuff to tund"
-              tunnel_data( src, src_info[ :rbuff ] )
-            end
-          elsif src_info[ :proxy_proto ] == :socks5
-            add_src_wbuff_socks5_conn_reply( src )
-          end
-        when DEST_STATUS
-          return if from_addr != @tun_info[ :tund_addr ]
-          dst_id, relay_dst_pack_id, continue_src_pack_id = data[ 9, 18 ].unpack( 'nQ>Q>' )
-          src_id = @tun_info[ :src_ids ][ dst_id ]
-          return unless src_id
-          src = @tun_info[ :srcs ][ src_id ]
-          return unless src
-          src_info = @src_infos[ src ]
-          return unless src_info
-          # puts "debug2 got dest status #{ Time.new }"
-          # 消写后
-          release_wmems( src_info, continue_src_pack_id )
-          # 发miss
-          if !src.closed? && ( src_info[ :continue_dst_pack_id ] < relay_dst_pack_id )
-            ranges = []
-            ignored = false
-            curr_pack_id = src_info[ :continue_dst_pack_id ] + 1
-            src_info[ :pieces ].keys.sort.each do | pack_id |
-              if pack_id > curr_pack_id
-                ranges << [ curr_pack_id, pack_id - 1 ]
-                if ranges.size >= MISS_RANGE_LIMIT
-                  puts "p#{ Process.pid } #{ Time.new } break add miss range at #{ pack_id }"
-                  ignored = true
-                  break
-                end
-              end
-              curr_pack_id = pack_id + 1
-            end
-            if !ignored && ( curr_pack_id <= relay_dst_pack_id )
-              ranges << [ curr_pack_id, relay_dst_pack_id ]
-            end
-            # puts "debug1 continue/relay #{ src_info[ :continue_dst_pack_id ] }/#{ relay_dst_pack_id } send MISS #{ ranges.size }"
-            idx = 0
-            ranges = ranges.map{ | pack_id_begin, pack_id_end | [ pack_id_begin, pack_id_end ].pack( 'Q>Q>' ) }
-            while idx < ranges.size
-              chunk = ranges[ idx, MULTI_MISS_SIZE ].join
-              data2 = [ [ 0, MULTI_MISS, dst_id ].pack( 'Q>Cn' ), chunk ].join
-              send_data( tun, data2, @tun_info[ :tund_addr ] )
-              idx += MULTI_MISS_SIZE
-            end
-          end
-        when MULTI_MISS
-          src_id, *ranges = data[ 9..-1 ].unpack( 'Q>Q>*' )
-          src = @tun_info[ :srcs ][ src_id ]
-          return unless src
+    def write_tun( tun )
+      # 处理关闭
+      if @tun_info[ :closing ] then
+        close_tun( tun )
+        return
+      end
-          src_info = @src_infos[ src ]
-          return unless src_info
+      now = Time.new
-          return if ranges.empty? || ( ranges.size % 2 != 0 )
+      # 发ctlmsg
+      while @tun_info[ :ctlmsgs ].any? do
+        data, to_addr = @tun_info[ :ctlmsgs ].first
-          # puts "debug1 got multi miss #{ src_id } #{ ranges.size }"
+        begin
+          @tun.sendmsg_nonblock( data, 0, to_addr )
+        rescue IO::WaitWritable, Errno::EINTR
+          puts "p#{ Process.pid } #{ Time.new } wait send ctlmsg, left #{ @tun_info[ :ctlmsgs ].size }"
+          @tun_info[ :last_sent_at ] = now
+          return
+        rescue Errno::EHOSTUNREACH, Errno::ENETUNREACH, Errno::ENETDOWN => e
+          puts "p#{ Process.pid } #{ Time.new } sendmsg #{ e.class }, close tun"
+          close_tun( tun )
+          return
+        end
-          idx = 0
+        @tun_info[ :ctlmsgs ].shift
+      end
-          while idx < ranges.size
-            pack_id_begin, pack_id_end = ranges[ idx ], ranges[ idx + 1 ]
+      @tun_info[ :last_sent_at ] = now
+      @writes.delete( tun )
+    end
-            ( pack_id_begin..pack_id_end ).each do | pack_id |
-              send_at = src_info[ :send_ats ][ pack_id ]
+    ##
+    # write src
+    #
+    def write_src( src )
+      return if src.closed?
+      src_info = @src_infos[ src ]
+      dst = src_info[ :dst ]
-              if send_at
-                break if now - send_at < CHECK_STATUS_INTERVAL
-                data2 = @tun_info[ :wmems ][ [ src_id, pack_id ] ]
+      # 处理关闭
+      if src_info[ :closing ] then
+        close_src( src )
-                if data2
-                  if send_data( tun, data2, @tun_info[ :tund_addr ] )
-                    src_info[ :last_continue_at ] = now
-                  end
-                end
-              end
-            end
+        if dst then
+          close_read_dst( dst )
+          set_dst_closing_write( dst )
+        else
+          stream = src_info[ :stream ]
-            idx += 2
+          if stream then
+            close_read_stream( stream )
+            set_stream_closing_write( stream )
           end
-        when MISS
-          return if from_addr != @tun_info[ :tund_addr ]
-          src_id, pack_id_begin, pack_id_end = data[ 9, 24 ].unpack( 'Q>Q>Q>' )
-          src = @tun_info[ :srcs ][ src_id ]
-          return unless src
-          src_info = @src_infos[ src ]
-          return unless src_info
+        end
-          ( pack_id_begin..pack_id_end ).each do | pack_id |
-            send_at = src_info[ :send_ats ][ pack_id ]
+        return
+      end
-            if send_at
-              break if now - send_at < CHECK_STATUS_INTERVAL
-              data2 = @tun_info[ :wmems ][ [ src_id, pack_id ] ]
+      # 处理wbuff
+      data = src_info[ :wbuff ]
-              if data2
-                if send_data( tun, data2, @tun_info[ :tund_addr ] )
-                  src_info[ :last_continue_at ] = now
-                end
-              end
-            end
-          end
-        when FIN1
-          return if from_addr != @tun_info[ :tund_addr ]
+      # 写前为空，处理关闭写
+      if data.empty? then
+        if src_info[ :closing_write ] then
+          close_write_src( src )
+        else
+          @writes.delete( src )
+        end
-          dst_id, biggest_dst_pack_id, continue_src_pack_id = data[ 9, 18 ].unpack( 'nQ>Q>' )
+        return
+      end
-          src_id = @tun_info[ :src_ids ][ dst_id ]
-          return unless src_id
+      # 写入
+      begin
+        written = src.write_nonblock( data )
+      rescue IO::WaitWritable, Errno::EINTR
+        print 'w'
+        return
+      rescue Exception => e
+        # puts "debug1 write src #{ e.class }"
+        close_write_src( src )
-          src = @tun_info[ :srcs ][ src_id ]
-          return unless src
+        if dst then
+          close_read_dst( dst )
+        else
+          stream = src_info[ :stream ]
+          close_read_stream( stream ) if stream
+        end
-          src_info = @src_infos[ src ]
-          return unless src_info
+        return
+      end
-          # puts "debug1 got fin1 #{ dst_id } biggest dst pack #{ biggest_dst_pack_id } completed src pack #{ continue_src_pack_id }"
-          src_info[ :is_dst_closed ] = true
-          src_info[ :biggest_dst_pack_id ] = biggest_dst_pack_id
-          release_wmems( src_info, continue_src_pack_id )
+      # puts "debug2 written src #{ written }"
+      data = data[ written..-1 ]
+      src_info[ :wbuff ] = data
+    end
-          if ( biggest_dst_pack_id == src_info[ :continue_dst_pack_id ] )
-            # puts "debug1 2-1. tun recv fin1 -> all traffic received ? -> close src after write"
-            set_is_closing( src )
-          end
-        when FIN2
-          return if from_addr != @tun_info[ :tund_addr ]
+    ##
+    # write dst
+    #
+    def write_dst( dst )
+      return if dst.closed?
+      dst_info = @dst_infos[ dst ]
+      src = dst_info[ :src ]
-          dst_id = data[ 9, 2 ].unpack( 'n' ).first
+      # 处理关闭
+      if dst_info[ :closing ] then
+        close_dst( dst )
-          src_id = @tun_info[ :src_ids ][ dst_id ]
-          return unless src_id
+        if src then
+          close_read_src( src )
+          set_src_closing_write( src )
+        end
-          # puts "debug1 1-2. tun recv fin2 -> del src ext"
-          del_src_ext( src_id )
-        when TUND_FIN
-          return if from_addr != @tun_info[ :tund_addr ]
+        return
+      end
-          puts "p#{ Process.pid } #{ Time.new } recv tund fin"
-          set_is_closing( tun )
-        when IP_CHANGED
-          return if from_addr != @tun_info[ :tund_addr ]
+      data = dst_info[ :wbuff ]
-          puts "p#{ Process.pid } #{ Time.new } recv ip changed"
-          set_is_closing( tun )
+      # 写前为空，处理关闭写
+      if data.empty? then
+        if dst_info[ :closing_write ] then
+          close_write_dst( dst )
+        else
+          @writes.delete( dst )
         end
         return
       end
-      return if from_addr != @tun_info[ :tund_addr ]
-      dst_id = data[ 8, 2 ].unpack( 'n' ).first
+      # 写入
+      begin
+        written = dst.write_nonblock( data )
+      rescue IO::WaitWritable, Errno::EINTR
+        print 'w'
+        return
+      rescue Exception => e
+        # puts "debug1 write dst #{ e.class }"
+        close_write_dst( dst )
+        close_read_src( src )
+        return
+      end
-      src_id = @tun_info[ :src_ids ][ dst_id ]
-      return unless src_id
+      data = data[ written..-1 ]
+      dst_info[ :wbuff ] = data
-      src = @tun_info[ :srcs ][ src_id ]
-      return unless src
+      unless src.closed? then
+        src_info = @src_infos[ src ]
+        src_info[ :last_sent_at ] = Time.new
+      end
+    end
-      src_info = @src_infos[ src ]
-      return unless src_info
+    ##
+    # write stream
+    #
+    def write_stream( stream )
+      return if stream.closed?
+      stream_info = @stream_infos[ stream ]
+      src = stream_info[ :src ]
+      # 处理关闭
+      if stream_info[ :closing ] then
+        close_stream( stream )
+        close_read_src( src )
+        set_src_closing_write( src )
+        return
+      end
-      return if ( pack_id <= src_info[ :continue_dst_pack_id ] ) || src_info[ :pieces ].include?( pack_id )
+      data = stream_info[ :wbuff ]
-      data = data[ 10..-1 ]
-      # puts "debug2 got pack #{ pack_id }"
+      # 写前为空，处理关闭写
+      if data.empty? then
+        if stream_info[ :closing_write ] then
+          close_write_stream( stream )
+        else
+          @writes.delete( stream )
+        end
-      if pack_id <= CONFUSE_UNTIL
-        # puts "debug2 #{ data.inspect }"
-        data = @custom.decode( data )
-        # puts "debug1 decoded pack #{ pack_id }"
+        return
       end
-      # 放进写前，跳号放碎片缓存
-      if pack_id - src_info[ :continue_dst_pack_id ] == 1
-        while src_info[ :pieces ].include?( pack_id + 1 )
-          data << src_info[ :pieces ].delete( pack_id + 1 )
-          pack_id += 1
-        end
+      # 写入
+      begin
+        written = stream.write_nonblock( data )
+      rescue IO::WaitWritable, Errno::EINTR
+        print 'w'
+        return
+      rescue Exception => e
+        # puts "debug1 write stream #{ e.class }"
+        close_write_stream( stream )
+        close_read_src( src )
+        return
+      end
-        src_info[ :continue_dst_pack_id ] = pack_id
-        src_info[ :last_continue_at ] = now
-        add_src_wbuff( src, data )
-        # puts "debug2 update continue dst pack #{ pack_id }"
+      # puts "debug2 written stream #{ written }"
+      data = data[ written..-1 ]
+      stream_info[ :wbuff ] = data
-        # 若对面已关闭，且流量正好收全，关闭src
-        if src_info[ :is_dst_closed ] && ( pack_id == src_info[ :biggest_dst_pack_id ] )
-          # puts "debug1 2-2. tun recv traffic -> dst closed and all traffic received ? -> close src after write"
-          set_is_closing( src )
-        end
-      elsif !src_info[ :pieces ].include?( pack_id )
-        src_info[ :pieces ][ pack_id ] = data
-        src_info[ :last_continue_at ] = now
+      unless src.closed? then
+        src_info = @src_infos[ src ]
+        src_info[ :last_sent_at ] = Time.new
       end
     end