1.4.2

support udp
1.2.0
2026-05-11 00:48:22 +08:00 · 2022-04-07 23:09:47 +08:00 · 2022-02-26 18:50:57 +08:00 · 2022-02-22 15:50:30 +08:00 · 2022-02-11 18:33:50 +08:00 · 2022-02-10 23:20:16 +08:00
42 changed files with 1347 additions and 789 deletions
--- a/README-ZH.md
+++ b/README-ZH.md
@@ -1,65 +1,80 @@
-[English](/README.md)|中文  
+# [English](/README.md)|中文  
 网站: [openp2p.cn](https://openp2p.cn)
 ## OpenP2P是什么
-它是一个开源、免费、轻量级的P2P共享网络。任何设备接入OpenP2P，随时随地访问它们。
+它是一个开源、免费、轻量级的P2P共享网络。你的设备将组成一个私有P2P网络，里面的设备可以直接访问其它成员，或者通过其它成员转发数据间接访问。如果私有网络无法完成通信，将会到公有P2P网络寻找共享节点协助通信。
 相比BT网络用来共享文件，OpenP2P网络用来共享带宽。
 我们的目标是：充分利用带宽，利用共享节点转发数据，建设一个远程连接的通用基础设施。
 ## 为什么选择OpenP2P
-### 免费
+### 1. 免费
-完全免费，满足大部分用户的核心白票需求。不像其它类似的产品，我们不需要有公网IP的服务器，不需要花钱买服务。了解它原理即可理解为什么能做到免费。
+完全免费，满足大部分用户的核心白票需求。不像其它类似的产品，OpenP2P不需要有公网IP的服务器，不需要花钱买服务。了解它原理即可理解为什么能做到免费。
-### 安全
+### 2. 共享
-代码开源，接受各位大佬检验。下面详细展开
+你的设备会形成一个私有P2P网络，它们之间共享带宽，提供网络数据转发服务。
-### 轻量
+当你的私有P2P网络下没有可以提供转发服务的节点时，会尝试在公共P2P网络寻找转发节点。
 默认会开启共享限速10mbps，只有你用户下提供了共享节点才能使用别人的共享节点。这非常公平，也是这个项目的初衷。
 我们建议你在带宽足够的地方（比如办公室，家里的百兆光纤）加入共享网络。
 如果你不想共享任何节点，或设置共享带宽，请查看[详细使用说明](/USAGE-ZH.md)
 ### 3. 安全
 代码开源，P2P隧道使用TLS1.3+AES双重加密，共享节点临时授权使用TOTP一次性密码
 [查看详细](#安全性)
 ### 4. 轻量
 文件大小2MB+，运行内存2MB+；全部在应用层实现，没有虚拟网卡，没有内核程序
-### 跨平台
+### 5. 跨平台
 因为轻量，所以很容易支持各个平台。支持主流的操作系统：Windows,Linux,MacOS；和主流的cpu架构：386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64
-### 高效
+### 6. 高效
 P2P直连可以让你的设备跑满带宽。不论你的设备在任何网络环境，无论NAT1-4（Cone或Symmetric），都支持。依靠Quic协议优秀的拥塞算法，能在糟糕的网络环境获得高带宽低延时。
-### 二次开发
+### 7. 二次开发
 基于OpenP2P只需数行代码，就能让原来只能局域网通信的程序，变成任何内网都能通信
 ## 快速入门
 仅需简单4步就能用起来。  
 下面是一个远程办公例子：在家里连入办公室Windows电脑。  
 ### 1.注册
 前往<https://console.openp2p.cn> 注册新用户，暂无需任何认证
-> :warning: 本文所有命令, Windows环境使用"openp2p.exe", Linux环境使用"./openp2p"
+   ![image](/doc/images/register.png)
 ### 2.安装
 分别在本地和远程电脑下载后双击运行，一键安装
-
+   ![image](/doc/images/install.png)
 以一个最常见的例子说明OpenP2P如何使用：远程办公，在家里连入办公室Windows电脑。  
 相信很多人在疫情下远程办公是刚需。
 1. 先确认办公室电脑已开启远程桌面功能（如何开启参考官方说明https://docs.microsoft.com/zh-cn/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access）
 2. 在办公室下载最新的[OpenP2P](https://gitee.com/tenderiron/openp2p/releases/),解压出来,在命令行执行
   ```
   openp2p.exe install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1  
   ```
-   > :warning: **切记将标记大写的参数改成自己的**
+Windows默认会阻止没有花钱买它家证书签名过的程序，选择“仍要运行”即可。
-   ![image](/doc/images/officelisten.png)
+   ![image](/doc/images/win10warn.png)
-3. 在家里下载最新的[OpenP2P](https://gitee.com/tenderiron/openp2p/releases/),解压出来,在命令行执行
+
-   ```
+   ![image](/doc/images/stillrun.png)
-   openp2p.exe -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 --peernode OFFICEPC1 --dstip 127.0.0.1 --dstport 3389 --srcport 23389 --protocol tcp
+### 3.新建P2P应用
-   ```
+
-   > :warning: **切记将标记大写的参数改成自己的**
+![image](/doc/images/devices.png)
 ![image](/doc/images/newapp.png)
 ![image](/doc/images/newappedit.png)
 ### 4.使用P2P应用
 在“MyHomePC”设备上能看到刚才创建的P2P应用，连接下图显示的“本地监听端口”即可。
 ![image](/doc/images/p2pappok.png)
 在家里Windows电脑，按Win+R输入mstsc打开远程桌面，输入127.0.0.1:23389 /admin  
   ![image](/doc/images/homeconnect.png)
   ![image](/doc/images/mem.png)
   `LISTEN ON PORT 23389 START` 看到这行日志表示P2PApp建立成功，监听23389端口。只需连接本机的127.0.0.1:23389就相当于连接公司Windows电脑的3389端口。
 4. 在家里Windows电脑，按Win+R输入mstsc打开远程桌面，输入127.0.0.1:23389 /admin  
   ![image](/doc/images/mstscconnect.png)
   ![image](/doc/images/afterconnect.png)
-## [详细使用说明](/USAGE-ZH.md)
+## 详细使用说明
 [这里](/USAGE-ZH.md)介绍如何手动运行
 ## 典型应用场景
 特别适合大流量的内网访问
-### 远程办公
+>*  远程办公: Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
-Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
+>*  远程访问内网ERP系统
-### 远程访问NAS
+>*  远程访问NAS: 管理大量视频、图片
-管理大量视频、图片
+>*  远程监控摄像头
-### 远程监控摄像头
+>*  远程刷机
-### 远程刷机
+>*  远程数据备份
 ### 远程数据备份
 ---
 ## 概要设计
 ### 原型
@@ -69,18 +84,14 @@ Windows MSTSC、VNC等远程桌面，SSH，内网各种ERP系统
 ### P2PApp
 它是项目里最重要的概念，一个P2PApp就是把远程的一个服务（mstsc/ssh等）通过P2P网络映射到本地监听。二次开发或者我们提供的Restful API，主要工作就是管理P2PApp
 ![image](/doc/images/appdetail.png)
 ## 共享
 默认会开启共享限速10mbps，只有你用户下提供了共享节点才能使用别人的共享节点。这非常公平，也是这个项目的初衷。
 我们建议你在带宽足够的地方（比如办公室，家里的百兆光纤）加入共享网络。
 如果你仍然不想共享任何节点，请查看运行参数
 ## 安全性
 加入OpenP2P共享网络的节点，只能凭授权访问。共享节点只会中转数据，别人无法访问内网任何资源。
-### TLS1.3+AES
+### 1. TLS1.3+AES
 两个节点间通信数据走业界最安全的TLS1.3通道。通信内容还会使用AES加密，双重安全，密钥是通过服务端作换。有效阻止中间人攻击
-### 共享的中转节点是否会获得我的数据
+### 2. 共享的中转节点是否会获得我的数据
 没错，中转节点天然就是一个中间人，所以才加上AES加密通信内容保证安全。中转节点是无法获取明文的
-### 中转节点是如何校验权限的
+### 3. 中转节点是如何校验权限的
 服务端有个调度模型，根据带宽、ping值、稳定性、服务时长，尽可能地使共享节点均匀地提供服务。连接共享节点使用TOTP密码，hmac-sha256算法校验，它是一次性密码，和我们平时使用的手机验证码或银行密码器一样的原理。
 ## 编译
@@ -114,8 +125,7 @@ go build
 ## 参与贡献
 TODO或ISSUE里如果有你擅长的领域，或者你有特别好的主意，可以加入OpenP2P项目，贡献你的代码。待项目茁壮成长后，你们就是知名开源项目的主要代码贡献者，岂不快哉。
-## 商业合作
+
 它是一个中国人发起的项目，更懂国内网络环境，更懂用户需求，更好的企业级支持
 ## 技术交流
 QQ群：16947733  
 邮箱：openp2p.cn@gmail.com tenderiron@139.com  
--- a/README.md
+++ b/README.md
@@ -1,84 +1,85 @@
-English|[中文](/README-ZH.md)  
+# English|[中文](/README-ZH.md)  
 Website: [openp2p.cn](https://openp2p.cn)
 ## What is OpenP2P
-It is an open source, free, and lightweight P2P sharing network. As long as any device joins in, you can access them anywhere.
+It is an open source, free, and lightweight P2P sharing network. Your devices will form a private P2P network, in which devices can directly access other members, or indirectly access through other members forwarding data.
 If the private network cannot complete the communication, it will go to the public P2P network to find a shared node to assist in the communication. Compared with the BT network used to share files, the OpenP2P network is used to share bandwidth.
 Our goal is to make full use of bandwidth, use shared nodes to relay data, and build a common infrastructure for remote connections.
 ## Why OpenP2P
-### Free
+### 1. Free
-Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, we don't need a server with public IP, and don't need to pay for services.By understanding its principle, you can understand why it can be done for free.
+Totaly free, fullfills most of users(especially free-rider). Unlike other similar products, OpenP2p doesn't need a server with public IP, and doesn't need to pay for services.By understanding its principle, you can understand why it can be done for free.
 ### 2. Share
 Your devices will form a private P2P network, share bandwidth between them, and provide network data forwarding services.
 When there is no node that can provide forwarding services in your private P2P network, you will try to find forwarding nodes in the public P2P network.
 10mbps is its default setting of share speed limit. Only when you have shared their nodes, you are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project.
 We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber).
 If you are not willing to contribute any node to the OpenP2P share network, please refer to the [usage](/USAGE.md) for your own setting.
 ### 3. Safe
 The code is open source, the P2P tunnel uses TLS1.3+AES double encryption, and the shared node temporarily authorizes the use of the TOTP one-time password
 [details](#Safety)
-### Safe
+### 4. Lightweight
 Open source, trustable(see details below)
 ### Lightweight
 2MB+ filesize, 2MB+ memory. It runs at appllication layer, no vitrual NIC, no kernel driver.
-### Cross-platform
+### 5. Cross-platform
 Benefit from lightweight, it easily supports most of major OS, like Windows, Linux, MacOS, also most of CPU architecture, like 386、amd64、arm、arm64、mipsle、mipsle64、mips、mips64.
-### Efficient
+### 6. Efficient
 P2P direct connection lets your devices make good use of bandwidth.  Your device can be connected in any network environments, even supports NAT1-4 (Cone or Symmetric). Relying on the excellent congestion algorithm of the Quic protocol, high bandwidth and low latency can be obtained in a bad network environment.
-### Integration
+### 7. Integration
 Your applicaiton can call OpenP2P with a few code to make any internal networks communicate with each other.
 ## Get Started
-A common scenario to introduce OpenP2P: remote work. At home connects to office's Linux PC .
+Just 4 simple steps to use.
-Under the outbreak of covid-19 pandemic, surely remote work becomes a fundamental demand.
+Here's an example of remote work: connecting to an office Windows computer at home.
 ### 1.Register
 Go to <https://console.openp2p.cn> register a new user
-> :warning: all commands in this doc, Windows env uses "openp2p.exe", Linux env uses "./openp2p"
+   ![image](/doc/images/register_en.png)
- 
+### 2.Install
 Download on local and remote computers and double-click to run, one-click installation
-1. Make sure your office device(Linux) has opened the access of ssh.
+   ![image](/doc/images/install_en.png)
   ```
   netstat -nl | grep 22
   ```
   Output sample
   ![image](/doc/images/officelisten_linux.png)
-2. Download the latest version of [OpenP2P](https://github.com/openp2p-cn/openp2p/releases),unzip the downloaded package, and execute below command line.
+By default, Windows will block programs that have not been signed by the Microsoft's certificate, and you can select "Run anyway".
   ```
   tar xvf openp2p0.95.3.linux-amd64.tar.gz
   ./openp2p install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1
   ```
-   > :warning: **Must change the parameters marked in uppercase to your own**
+   ![image](/doc/images/win10warn_en.png)
-   Output sample
+   ![image](/doc/images/stillrun_en.png)
   ![image](/doc/images/officeexecute_linux.png)
 3. Download the same package of [OpenP2P](https://github.com/openp2p-cn/openp2p/releases) on your home device，unzip and execute below command line.
   ```
   openp2p.exe -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 --peernode OFFICEPC1 --dstip 127.0.0.1 --dstport 22 --srcport 22022 --protocol tcp
   ```
-   > :warning: **Must change the parameters marked in uppercase to your own**
+### 3.New P2PApp
-   Output sample  
+![image](/doc/images/devices_en.png)
-   ![image](/doc/images/homeconnect_windows.png)  
+
-   The log of `LISTEN ON PORT 22022 START` indicates P2PApp runs successfully on your home device, listing port is 22022. Once connects to local ip:port,127.0.0.1:22022, it means the home device has conneccted to the office device's port, 22.  
+![image](/doc/images/newapp_en.png)
-   ![image](/doc/images/officelisten_2_linux.png)
+
 ![image](/doc/images/newappedit_en.png)
 ### 4.Use P2PApp
 You can see the P2P application you just created on the "MyHomePC" device, just connect to the "local listening port" shown in the figure below.
 ![image](/doc/images/p2pappok_en.png)
 On MyHomePC, press Win+R and enter MSTSC to open the remote desktop, input `127.0.0.1:23389 /admin`
   ![image](/doc/images/mstscconnect_en.png)
   ![image](/doc/images/afterconnect_en.png)
-4. Test the connection between office device and home device.In your home deivce, run SSH to login the office device. 
+## Usage
-   ```
+[Here](/USAGE.md) describes how to run manually
   ssh -p22022 root@127.0.0.1:22022
   ```
   ![image](/doc/images/sshconnect.png)
 ## [Usage](/USAGE.md)
 ## Scenarios 
 Especially suitable for large traffic intranet access.
-### Remote work
+>*  Remote work: Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
-Windows MSTSC, VNC and other remote desktops, SSH, various ERP systems in the intranet
+>*  Remote access ERP systems in the intranet
-
+>*  Remote access NAS: Manage a large number of videos and pictures
-### Remote Access NAS
+>*  Remote access camera
-Manage a large number of videos and pictures
+>*  Remote flashing phone
-### Remote Access Camera
+>*  Remotely data backup
 ### Remote Flashing Phone
 ### Remotely Data Backup
 ---
 ## Overview Design
 ### Prototype
@@ -89,19 +90,16 @@ Manage a large number of videos and pictures
 P2PAPP is the most import concept in this project, one P2PApp is able to map the remote service(mstsc/ssh) to the local listening. The main job of re-development or restful API we provide is to manage P2PApp.
 ![image](/doc/images/appdetail.png)
-## Share
+
 10mbps is its default setting of share speed limit. Only when your users have shared their nodes, they are allowed to use others' shared nodes. This is very fair, and it is also the original intention of this project.
 We recommend that you join a shared network in a place with sufficient bandwidth (such as an office or home with 100M optical fiber).
 If you are still not willing to contribute any node to the OpenP2P share network, please refer to the operating parameters for your own setting.
 ## Safety
 The nodes which have joined the OpenP2P share network can vist each other by authentications. Shared nodes will only relay data, and others cannot access any resources in the intranet.
-### TLS1.3+AES
+### 1. TLS1.3+AES
 The communication data between the two nodes uses the industry's most secure TLS1.3 channel. The communication content will also use AES encryption, double security, the key is exchanged through the server. Effectively prevent man-in-the-middle attacks.
-### Will the shared node capture my data?
+### 2. Will the shared node capture my data?
 That's right, the relay node is naturally an man-in-middle, so AES encryption is added to ensure the security of the communication content. The relay node cannot obtain the plaintext.
-### How does the shared relay node verify the authority?
+### 3. How does the shared relay node verify the authority?
 The server side has a scheduling model, which calculate  bandwith, ping value,stability and service duration to provide a well-proportioned service to every share node. It uses TOTP(Time-based One-time Password) with hmac-sha256 algorithem, its theory as same as the cellphone validation code or bank cipher coder.
 ## Build
--- a/USAGE-ZH.md
+++ b/USAGE-ZH.md
@@ -1,37 +1,76 @@
-# 详细运行参数说明
+# 手动运行说明
 大部分情况通过<https://console.openp2p.cn> 操作即可。有些情况需要手动运行  
 > :warning: 本文所有命令, Windows环境使用"openp2p.exe", Linux环境使用"./openp2p"
 ## 安装和监听
 ```
-./openp2p install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1  
+./openp2p install -node OFFICEPC1 -token TOKEN  
 或
-./openp2p -d -node OFFICEPC1 -user USERNAME1 -password PASSWORD1  
+./openp2p -d -node OFFICEPC1 -token TOKEN  
 # 注意Windows系统把“./openp2p” 换成“openp2p.exe”
 ```
 >* install: 安装模式【推荐】，会安装成系统服务，这样它就能随系统自动启动
 >* -d: daemon模式。发现worker进程意外退出就会自动启动新的worker进程
 >* -node: 独一无二的节点名字，唯一标识
->* -user: 独一无二的用户名字，该节点属于这个user
+>* -token: 在<console.openp2p.cn>“我的”里面找到
->* -password: 密码
+>* -sharebandwidth: 作为共享节点时提供带宽，默认10mbps. 如果是光纤大带宽，设置越大效果越好. 0表示不共享，该节点只在私有的P2P网络使用。不加入共享的P2P网络，这样也意味着无法使用别人的共享节点
 >* -sharebandwidth: 作为共享节点时提供带宽，默认10mbps. 如果是光纤大带宽，设置越大效果越好
 >* -loglevel: 需要查看更多调试日志，设置0；默认是1
 >* -noshare: 不共享，该节点只在私有的P2P网络使用。不加入共享的P2P网络，这样也意味着无法使用别人的共享节点
 ### 在docker容器里运行openp2p
 我们暂时还没提供官方docker镜像，你可以在随便一个容器里运行
 ```
 nohup ./openp2p -d -node OFFICEPC1 -token TOKEN  &
 #这里由于一般的镜像都精简过，install系统服务会失败，所以使用直接daemon模式后台运行
 ```
 ## 连接
 ```
-./openp2p -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 -peernode OFFICEPC1 -dstip 127.0.0.1 -dstport 3389 -srcport 23389 -protocol tcp
+./openp2p -d -node HOMEPC123 -token TOKEN -appname OfficeWindowsRemote -peernode OFFICEPC1 -dstip 127.0.0.1 -dstport 3389 -srcport 23389
 使用配置文件，建立多个P2PApp
-./openp2p -d -f    
+./openp2p -d   
 ./openp2p -f 
 ```
 >* -appname: 这个P2P应用名字
 >* -peernode: 目标节点名字
 >* -dstip: 目标服务地址，默认本机127.0.0.1
 >* -dstport: 目标服务端口，常见的如windows远程桌面3389，Linux ssh 22
 >* -protocol: 目标服务协议 tcp、udp
->* -peeruser: 目标用户，如果是同一个用户下的节点，则无需设置
+
->* -peerpassword: 目标密码，如果是同一个用户下的节点，则无需设置
+## 配置文件
->* -f: 配置文件,如果希望配置多个P2PApp参考[config.json](/config.json)
+一般保存在当前目录，安装模式下会保存到 `C:\Program Files\OpenP2P\config.json` 或 `/usr/local/openp2p/config.json`
 希望修改参数，或者配置多个P2PApp可手动修改配置文件
 配置实例
 ```
 {
  "network": {
    "Node": "hhd1207-222",
    "Token": "TOKEN",
    "ShareBandwidth": 0,
    "ServerHost": "api.openp2p.cn",
    "ServerPort": 27183,
    "UDPPort1": 27182,
    "UDPPort2": 27183
  },
  "apps": [
    {
      "AppName": "OfficeWindowsPC",
      "Protocol": "tcp",
      "SrcPort": 23389,
      "PeerNode": "OFFICEPC1",
      "DstPort": 3389,
      "DstHost": "localhost",
    },
    {
      "AppName": "OfficeServerSSH",
      "Protocol": "tcp",
      "SrcPort": 22,
      "PeerNode": "OFFICEPC1",
      "DstPort": 22,
      "DstHost": "192.168.1.5",
    }
  ]
 }
 ```
 ## 升级客户端
 ```
--- a/USAGE.md
+++ b/USAGE.md
@@ -1,39 +1,79 @@
 # Parameters details
 # Parameters details
 In most cases, you can operate it through <https://console.openp2p.cn>. In some cases it is necessary to run manually
 > :warning: all commands in this doc, Windows env uses "openp2p.exe", Linux env uses "./openp2p" 
 ## Install and Listen
 ```
-./openp2p install -node OFFICEPC1 -user USERNAME1 -password PASSWORD1  
+./openp2p install -node OFFICEPC1 -token TOKEN  
 Or
-./openp2p -d -node OFFICEPC1 -user USERNAME1 -password PASSWORD1 
+./openp2p -d -node OFFICEPC1 -token TOKEN  
 ```
 >* install: [recommand] will install as system service. So it will autorun when system booting.
 >* -d: daemon mode run once. When the worker process is found to exit unexpectedly, a new worker process will be automatically started
 >* -node: Unique node name, unique identification
->* -user: Unique user name, the node belongs to this user
+>* -token: See <console.openp2p.cn> "Profile"
->* -password: Password
+>* -sharebandwidth: Provides bandwidth when used as a shared node, the default is 10mbps. If it is a large bandwidth of optical fiber, the larger the setting, the better the effect. 0 means not shared, the node is only used in a private P2P network. Do not join the shared P2P network, which also means that you CAN NOT use other people’s shared nodes
 >* -sharebandwidth: Provides bandwidth when used as a shared node, the default is 10mbps. If it is a large bandwidth of optical fiber, the larger the setting, the better the effect
 >* -loglevel: Need to view more debug logs, set 0; the default is 1
->* -noshare: Not shared, the node is only used in a private P2P network. Do not join the shared P2P network, which also means that you CAN NOT use other people’s shared nodes
+
 ### Run in Docker container
 We don't provide official docker image yet, you can run it in any container
 ```
 nohup ./openp2p -d -node OFFICEPC1 -token TOKEN  &
 # Since many docker images have been simplified, the install system service will fail, so the daemon mode is used to run in the background
 ```
 ## Connect
 ```
-./openp2p -d -node HOMEPC123 -user USERNAME1 -password PASSWORD1 -peernode OFFICEPC1 -dstip 127.0.0.1 -dstport 3389 -srcport 23389 -protocol tcp
+./openp2p -d -node HOMEPC123 -token TOKEN -appname OfficeWindowsRemote -peernode OFFICEPC1 -dstip 127.0.0.1 -dstport 3389 -srcport 23389
 Create multiple P2PApp by config file
-./openp2p -d -f    
+./openp2p -d    
 ./openp2p -f 
 ```
 >* -appname: This P2PApp name
 >* -peernode: Target node name
 >* -dstip: Target service address, default local 127.0.0.1
 >* -dstport: Target service port, such as windows remote desktop 3389, Linux ssh 22
 >* -protocol: Target service protocol tcp, udp
 >* -peeruser: The target user, if it is a node under the same user, no need to set
 >* -peerpassword: The target password, if it is a node under the same user, no need to set
 >* -f: Configuration file, if you want to configure multiple P2PApp refer to [config.json](/config.json)
 ## Config file
 Generally saved in the current directory, in installation mode it will be saved to `C:\Program Files\OpenP2P\config.json` or `/usr/local/openp2p/config.json`
 If you want to modify the parameters, or configure multiple P2PApps, you can manually modify the configuration file
 Configuration example
 ```
 {
  "network": {
    "Node": "hhd1207-222",
    "Token": "TOKEN",
    "ShareBandwidth": 0,
    "ServerHost": "api.openp2p.cn",
    "ServerPort": 27183,
    "UDPPort1": 27182,
    "UDPPort2": 27183
  },
  "apps": [
    {
      "AppName": "OfficeWindowsPC",
      "Protocol": "tcp",
      "SrcPort": 23389,
      "PeerNode": "OFFICEPC1",
      "DstPort": 3389,
      "DstHost": "localhost",
    },
    {
      "AppName": "OfficeServerSSH",
      "Protocol": "tcp",
      "SrcPort": 22,
      "PeerNode": "OFFICEPC1",
      "DstPort": 22,
      "DstHost": "192.168.1.5",
    }
  ]
 }
 ```
 ## Client update
 ```
 # update local client
--- a/bandwidthLimit.go
+++ b/bandwidthLimit.go
@@ -7,39 +7,39 @@ import (
 // BandwidthLimiter ...
 type BandwidthLimiter struct {
-	freeFlowTime time.Time
+	ts           time.Time
-	bandwidth    int // mbps
+	bw           int // mbps
-	freeFlow     int // bytes
+	freeBytes    int // bytes
-	maxFreeFlow  int // bytes
+	maxFreeBytes int // bytes
-	freeFlowMtx  sync.Mutex
+	mtx          sync.Mutex
 }
 // mbps
 func newBandwidthLimiter(bw int) *BandwidthLimiter {
 	return &BandwidthLimiter{
-		bandwidth:    bw,
+		bw:           bw,
-		freeFlowTime: time.Now(),
+		ts:           time.Now(),
-		maxFreeFlow:  bw * 1024 * 1024 / 8,
+		maxFreeBytes: bw * 1024 * 1024 / 8,
-		freeFlow:     bw * 1024 * 1024 / 8,
+		freeBytes:    bw * 1024 * 1024 / 8,
 	}
 }
 // Add ...
 func (bl *BandwidthLimiter) Add(bytes int) {
-	if bl.bandwidth <= 0 {
+	if bl.bw <= 0 {
 		return
 	}
-	bl.freeFlowMtx.Lock()
+	bl.mtx.Lock()
-	defer bl.freeFlowMtx.Unlock()
+	defer bl.mtx.Unlock()
 	// calc free flow 1000*1000/1024/1024=0.954; 1024*1024/1000/1000=1.048
-	bl.freeFlow += int(time.Now().Sub(bl.freeFlowTime) * time.Duration(bl.bandwidth) / 8 / 954)
+	bl.freeBytes += int(time.Since(bl.ts) * time.Duration(bl.bw) / 8 / 954)
-	if bl.freeFlow > bl.maxFreeFlow {
+	if bl.freeBytes > bl.maxFreeBytes {
-		bl.freeFlow = bl.maxFreeFlow
+		bl.freeBytes = bl.maxFreeBytes
 	}
-	bl.freeFlow -= bytes
+	bl.freeBytes -= bytes
-	bl.freeFlowTime = time.Now()
+	bl.ts = time.Now()
-	if bl.freeFlow < 0 {
+	if bl.freeBytes < 0 {
 		// sleep for the overflow
-		time.Sleep(time.Millisecond * time.Duration(-bl.freeFlow/(bl.bandwidth*1048/8)))
+		time.Sleep(time.Millisecond * time.Duration(-bl.freeBytes/(bl.bw*1048/8)))
 	}
 }
--- a/common.go
+++ b/common.go
@@ -7,8 +7,10 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"math/rand"
 	"net"
 	"net/http"
 	"os"
 	"os/exec"
 	"time"
 )
@@ -148,3 +150,11 @@ func execOutput(name string, args ...string) string {
 	cmdGetOsName.Run()
 	return cmdOut.String()
 }
 func defaultNodeName() string {
 	name, _ := os.Hostname()
 	for len(name) < 8 {
 		name = fmt.Sprintf("%s%d", name, rand.Int()%10)
 	}
 	return name
 }
--- a/config.go
+++ b/config.go
@@ -2,21 +2,26 @@ package main
 import (
 	"encoding/json"
 	"flag"
 	"io/ioutil"
 	"sync"
 	"time"
 )
 var gConf Config
 const IntValueNotSet int = -99999999
 type AppConfig struct {
 	// required
-	Protocol     string
+	AppName  string
-	SrcPort      int
+	Protocol string
-	PeerNode     string
+	SrcPort  int
-	DstPort      int
+	PeerNode string
-	DstHost      string
+	DstPort  int
-	PeerUser     string
+	DstHost  string
-	PeerPassword string
+	PeerUser string
 	Enabled  int // default:1
 	// runtime info
 	peerToken       uint64
 	peerNatType     int
@@ -24,37 +29,84 @@ type AppConfig struct {
 	peerConeNatPort int
 	retryNum        int
 	retryTime       time.Time
 	nextRetryTime   time.Time
 	shareBandwidth  int
 	errMsg          string
 	connectTime     time.Time
 }
 // TODO: add loglevel, maxlogfilesize
 type Config struct {
 	Network    NetworkConfig `json:"network"`
-	Apps       []AppConfig   `json:"apps"`
+	Apps       []*AppConfig  `json:"apps"`
 	LogLevel   int
 	daemonMode bool
 	mtx        sync.Mutex
 }
-func (c *Config) add(app AppConfig) {
+func (c *Config) switchApp(app AppConfig, enabled int) {
-	if app.SrcPort == 0 || app.DstPort == 0 {
+	c.mtx.Lock()
-		return
+	defer c.mtx.Unlock()
 	}
 	for i := 0; i < len(c.Apps); i++ {
 		if c.Apps[i].Protocol == app.Protocol && c.Apps[i].SrcPort == app.SrcPort {
 			c.Apps[i].Enabled = enabled
 			c.Apps[i].retryNum = 0
 			c.Apps[i].nextRetryTime = time.Now()
 			return
 		}
 	}
 }
 func (c *Config) add(app AppConfig, override bool) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	if app.SrcPort == 0 || app.DstPort == 0 {
 		gLog.Println(LevelERROR, "invalid app ", app)
 		return
 	}
 	if override {
 		for i := 0; i < len(c.Apps); i++ {
 			if c.Apps[i].Protocol == app.Protocol && c.Apps[i].SrcPort == app.SrcPort {
 				c.Apps[i] = &app // override it
 				return
 			}
 		}
 	}
 	c.Apps = append(c.Apps, &app)
 }
 func (c *Config) delete(app AppConfig) {
 	if app.SrcPort == 0 || app.DstPort == 0 {
 		return
 	}
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	for i := 0; i < len(c.Apps); i++ {
 		if c.Apps[i].Protocol == app.Protocol && c.Apps[i].SrcPort == app.SrcPort {
 			c.Apps = append(c.Apps[:i], c.Apps[i+1:]...)
 			return
 		}
 	}
 	c.Apps = append(c.Apps, app)
 }
 func (c *Config) save() {
-	data, _ := json.MarshalIndent(c, "", "")
+	c.mtx.Lock()
-	ioutil.WriteFile("config.json", data, 0644)
+	defer c.mtx.Unlock()
 	data, _ := json.MarshalIndent(c, "", "  ")
 	err := ioutil.WriteFile("config.json", data, 0644)
 	if err != nil {
 		gLog.Println(LevelERROR, "save config.json error:", err)
 	}
 }
 func (c *Config) load() error {
 	c.mtx.Lock()
 	c.LogLevel = IntValueNotSet
 	c.Network.ShareBandwidth = IntValueNotSet
 	defer c.mtx.Unlock()
 	data, err := ioutil.ReadFile("config.json")
 	if err != nil {
-		gLog.Println(LevelERROR, "read config.json error:", err)
+		// gLog.Println(LevelERROR, "read config.json error:", err)
 		return err
 	}
 	err = json.Unmarshal(data, &c)
@@ -64,23 +116,119 @@ func (c *Config) load() error {
 	return err
 }
 func (c *Config) setToken(token uint64) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	c.Network.Token = token
 }
 func (c *Config) setUser(user string) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	c.Network.User = user
 }
 func (c *Config) setNode(node string) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	c.Network.Node = node
 }
 func (c *Config) setShareBandwidth(bw int) {
 	c.mtx.Lock()
 	defer c.mtx.Unlock()
 	c.Network.ShareBandwidth = bw
 }
 type NetworkConfig struct {
 	// local info
 	Token          uint64
 	Node           string
 	User           string
 	Password       string
 	NoShare        bool
 	localIP        string
 	ipv6           string
 	hostName       string
 	mac            string
 	os             string
 	publicIP       string
 	natType        int
-	shareBandwidth int
+	ShareBandwidth int
 	// server info
 	ServerHost string
 	ServerPort int
 	UDPPort1   int
 	UDPPort2   int
 }
 func parseParams() {
 	serverHost := flag.String("serverhost", "api.openp2p.cn", "server host ")
 	// serverHost := flag.String("serverhost", "127.0.0.1", "server host ") // for debug
 	node := flag.String("node", "", "node name. 8-31 characters")
 	token := flag.Uint64("token", 0, "token")
 	peerNode := flag.String("peernode", "", "peer node name that you want to connect")
 	dstIP := flag.String("dstip", "127.0.0.1", "destination ip ")
 	dstPort := flag.Int("dstport", 0, "destination port ")
 	srcPort := flag.Int("srcport", 0, "source port ")
 	protocol := flag.String("protocol", "tcp", "tcp or udp")
 	appName := flag.String("appname", "", "app name")
 	shareBandwidth := flag.Int("sharebandwidth", 10, "N mbps share bandwidth limit, private network no limit")
 	daemonMode := flag.Bool("d", false, "daemonMode")
 	notVerbose := flag.Bool("nv", false, "not log console")
 	logLevel := flag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
 	flag.Parse()
 	config := AppConfig{Enabled: 1}
 	config.PeerNode = *peerNode
 	config.DstHost = *dstIP
 	config.DstPort = *dstPort
 	config.SrcPort = *srcPort
 	config.Protocol = *protocol
 	config.AppName = *appName
 	gConf.load()
 	if config.SrcPort != 0 {
 		gConf.add(config, true)
 	}
 	// gConf.mtx.Lock() // when calling this func it's single-thread no lock
 	gConf.daemonMode = *daemonMode
 	// spec paramters in commandline will always be used
 	flag.Visit(func(f *flag.Flag) {
 		if f.Name == "sharebandwidth" {
 			gConf.Network.ShareBandwidth = *shareBandwidth
 		}
 		if f.Name == "node" {
 			gConf.Network.Node = *node
 		}
 		if f.Name == "serverhost" {
 			gConf.Network.ServerHost = *serverHost
 		}
 		if f.Name == "loglevel" {
 			gConf.LogLevel = *logLevel
 		}
 	})
 	if gConf.Network.ServerHost == "" {
 		gConf.Network.ServerHost = *serverHost
 	}
 	if gConf.Network.Node == "" {
 		if *node == "" { // config and param's node both empty
 			hostname := defaultNodeName()
 			node = &hostname
 		}
 		gConf.Network.Node = *node
 	}
 	if *token != 0 {
 		gConf.Network.Token = *token
 	}
 	if gConf.LogLevel == IntValueNotSet {
 		gConf.LogLevel = *logLevel
 	}
 	if gConf.Network.ShareBandwidth == IntValueNotSet {
 		gConf.Network.ShareBandwidth = *shareBandwidth
 	}
 	gConf.Network.ServerPort = 27183
 	gConf.Network.UDPPort1 = 27182
 	gConf.Network.UDPPort2 = 27183
 	gLog.setLevel(LogLevel(gConf.LogLevel))
 	if *notVerbose {
 		gLog.setMode(LogFile)
 	}
 	// gConf.mtx.Unlock()
 	gConf.save()
 }
--- a/daemon.go
+++ b/daemon.go
@@ -5,7 +5,9 @@ import (
 	"fmt"
 	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"time"
 	"github.com/kardianos/service"
@@ -38,7 +40,6 @@ func (d *daemon) Stop(s service.Service) error {
 func (d *daemon) run() {
 	gLog.Println(LevelINFO, "daemon run start")
 	defer gLog.Println(LevelINFO, "daemon run end")
 	os.Chdir(filepath.Dir(os.Args[0])) // for system service
 	d.running = true
 	binPath, _ := os.Executable()
 	mydir, err := os.Getwd()
@@ -63,11 +64,18 @@ func (d *daemon) run() {
 			break
 		}
 	}
-	args = append(args, "-bydaemon")
+	args = append(args, "-nv")
 	for {
 		// start worker
-		gLog.Println(LevelINFO, "start worker process")
+		tmpDump := filepath.Join("log", "dump.log.tmp")
-		execSpec := &os.ProcAttr{Files: []*os.File{os.Stdin, os.Stdout, os.Stderr}}
+		dumpFile := filepath.Join("log", "dump.log")
 		f, err := os.Create(filepath.Join(tmpDump))
 		if err != nil {
 			gLog.Printf(LevelERROR, "start worker error:%s", err)
 			return
 		}
 		gLog.Println(LevelINFO, "start worker process, args:", args)
 		execSpec := &os.ProcAttr{Env: append(os.Environ(), "GOTRACEBACK=crash"), Files: []*os.File{os.Stdin, os.Stdout, f}}
 		p, err := os.StartProcess(binPath, args, execSpec)
 		if err != nil {
 			gLog.Printf(LevelERROR, "start worker error:%s", err)
@@ -75,6 +83,12 @@ func (d *daemon) run() {
 		}
 		d.proc = p
 		_, _ = p.Wait()
 		f.Close()
 		time.Sleep(time.Second)
 		err = os.Rename(tmpDump, dumpFile)
 		if err != nil {
 			gLog.Printf(LevelERROR, "rename dump error:%s", err)
 		}
 		if !d.running {
 			return
 		}
@@ -106,33 +120,78 @@ func (d *daemon) Control(ctrlComm string, exeAbsPath string, args []string) erro
 // examples:
 // listen:
-// ./openp2p install -node hhd1207-222 -user tenderiron -password 13760636579 -noshare
+// ./openp2p install -node hhd1207-222 -token YOUR-TOKEN -sharebandwidth 0
 // listen and build p2papp:
-// ./openp2p install -node hhd1207-222 -user tenderiron -password 13760636579 -noshare -peernode hhdhome-n1 -dstip 127.0.0.1 -dstport 50022 -protocol tcp -srcport 22
+// ./openp2p install -node hhd1207-222 -token YOUR-TOKEN -sharebandwidth 0 -peernode hhdhome-n1 -dstip 127.0.0.1 -dstport 50022 -protocol tcp -srcport 22
 func install() {
-	gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p-install", LevelDEBUG, 1024*1024, LogConsole)
+	gLog.Println(LevelINFO, "openp2p start. version: ", OpenP2PVersion)
 	gLog.Println(LevelINFO, "Contact: QQ Group: 16947733, Email: openp2p.cn@gmail.com")
 	gLog.Println(LevelINFO, "install start")
 	defer gLog.Println(LevelINFO, "install end")
 	// auto uninstall
 	err := os.MkdirAll(defaultInstallPath, 0775)
 	if err != nil {
 		gLog.Printf(LevelERROR, "MkdirAll %s error:%s", defaultInstallPath, err)
 		return
 	}
 	err = os.Chdir(defaultInstallPath)
 	if err != nil {
 		gLog.Println(LevelERROR, "cd error:", err)
 		return
 	}
 	uninstall()
 	// save config file
 	installFlag := flag.NewFlagSet("install", flag.ExitOnError)
 	serverHost := installFlag.String("serverhost", "api.openp2p.cn", "server host ")
 	// serverHost := flag.String("serverhost", "127.0.0.1", "server host ") // for debug
-	user := installFlag.String("user", "", "user name. 8-31 characters")
+	token := installFlag.Uint64("token", 0, "token")
-	node := installFlag.String("node", "", "node name. 8-31 characters")
+	node := installFlag.String("node", "", "node name. 8-31 characters. if not set, it will be hostname")
 	password := installFlag.String("password", "", "user password. 8-31 characters")
 	peerNode := installFlag.String("peernode", "", "peer node name that you want to connect")
 	peerUser := installFlag.String("peeruser", "", "peer node user (default peeruser=user)")
 	peerPassword := installFlag.String("peerpassword", "", "peer node password (default peerpassword=password)")
 	dstIP := installFlag.String("dstip", "127.0.0.1", "destination ip ")
 	dstPort := installFlag.Int("dstport", 0, "destination port ")
 	srcPort := installFlag.Int("srcport", 0, "source port ")
 	protocol := installFlag.String("protocol", "tcp", "tcp or udp")
-	noShare := installFlag.Bool("noshare", false, "disable using the huge numbers of shared nodes in OpenP2P network, your connectivity will be weak. also this node will not shared with others")
+	appName := flag.String("appname", "", "app name")
-	shareBandwidth := installFlag.Int("sharebandwidth", 10, "N mbps share bandwidth limit, private node no limit")
+	shareBandwidth := installFlag.Int("sharebandwidth", 10, "N mbps share bandwidth limit, private network no limit")
-	// logLevel := installFlag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
+	logLevel := installFlag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
 	installFlag.Parse(os.Args[2:])
-	// copy files
+	gConf.load() // load old config. otherwise will clear all apps
-	os.MkdirAll(defaultInstallPath, 0775)
+	gConf.LogLevel = *logLevel
 	gConf.Network.ServerHost = *serverHost
 	gConf.Network.Token = *token
 	if *node != "" {
 		if len(*node) < 8 {
 			gLog.Println(LevelERROR, ErrNodeTooShort)
 			os.Exit(9)
 		}
 		gConf.Network.Node = *node
 	} else {
 		if gConf.Network.Node == "" { // if node name not set. use os.Hostname
 			gConf.Network.Node = defaultNodeName()
 		}
 	}
 	gConf.Network.ServerPort = 27183
 	gConf.Network.UDPPort1 = 27182
 	gConf.Network.UDPPort2 = 27183
 	gConf.Network.ShareBandwidth = *shareBandwidth
 	config := AppConfig{Enabled: 1}
 	config.PeerNode = *peerNode
 	config.DstHost = *dstIP
 	config.DstPort = *dstPort
 	config.SrcPort = *srcPort
 	config.Protocol = *protocol
 	config.AppName = *appName
 	if config.SrcPort != 0 {
 		gConf.add(config, true)
 	}
 	gConf.save()
 	targetPath := filepath.Join(defaultInstallPath, defaultBinName)
 	d := daemon{}
 	// copy files
 	binPath, _ := os.Executable()
 	src, errFiles := os.Open(binPath) // can not use args[0], on Windows call openp2p is ok(=openp2p.exe)
 	if errFiles != nil {
@@ -153,41 +212,15 @@ func install() {
 	}
 	src.Close()
 	dst.Close()
 	gConf.Network.ServerHost = *serverHost
 	gConf.Network.User = *user
 	gConf.Network.Node = *node
 	gConf.Network.Password = *password
 	gConf.Network.ServerPort = 27182
 	gConf.Network.UDPPort1 = 27182
 	gConf.Network.UDPPort2 = 27183
 	gConf.Network.NoShare = *noShare
 	gConf.Network.shareBandwidth = *shareBandwidth
 	config := AppConfig{}
 	config.PeerNode = *peerNode
 	config.PeerUser = *peerUser
 	config.PeerPassword = *peerPassword
 	config.DstHost = *dstIP
 	config.DstPort = *dstPort
 	config.SrcPort = *srcPort
 	config.Protocol = *protocol
 	gConf.add(config)
 	// TODO other params
 	os.Chdir(defaultInstallPath)
 	gConf.save()
 	// install system service
 	d := daemon{}
 	// args := []string{""}
 	gLog.Println(LevelINFO, "targetPath:", targetPath)
-	err := d.Control("install", targetPath, []string{"-d", "-f"})
+	err = d.Control("install", targetPath, []string{"-d"})
-	if err != nil {
+	if err == nil {
 		gLog.Println(LevelERROR, "install system service error:", err)
 	} else {
 		gLog.Println(LevelINFO, "install system service ok.")
 	}
 	time.Sleep(time.Second * 2)
-	err = d.Control("start", targetPath, []string{"-d", "-f"})
+	err = d.Control("start", targetPath, []string{"-d"})
 	if err != nil {
 		gLog.Println(LevelERROR, "start openp2p service error:", err)
 	} else {
@@ -195,11 +228,45 @@ func install() {
 	}
 }
 func installByFilename() {
 	params := strings.Split(filepath.Base(os.Args[0]), "-")
 	if len(params) < 4 {
 		return
 	}
 	serverHost := params[1]
 	token := params[2]
 	gLog.Println(LevelINFO, "install start")
 	targetPath := os.Args[0]
 	args := []string{"install"}
 	args = append(args, "-serverhost")
 	args = append(args, serverHost)
 	args = append(args, "-token")
 	args = append(args, token)
 	env := os.Environ()
 	cmd := exec.Command(targetPath, args...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	cmd.Stdin = os.Stdin
 	cmd.Env = env
 	err := cmd.Run()
 	if err != nil {
 		gLog.Println(LevelERROR, "install by filename, start process error:", err)
 		return
 	}
 	gLog.Println(LevelINFO, "install end")
 	fmt.Println("Press the Any Key to exit")
 	fmt.Scanln()
 	os.Exit(0)
 }
 func uninstall() {
-	gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p-install", LevelDEBUG, 1024*1024, LogFileAndConsole)
+	gLog.Println(LevelINFO, "uninstall start")
 	defer gLog.Println(LevelINFO, "uninstall end")
 	d := daemon{}
-	d.Control("stop", "", nil)
+	err := d.Control("stop", "", nil)
-	err := d.Control("uninstall", "", nil)
+	if err != nil { // service maybe not install
 		return
 	}
 	err = d.Control("uninstall", "", nil)
 	if err != nil {
 		gLog.Println(LevelERROR, "uninstall system service error:", err)
 	} else {
@@ -207,6 +274,6 @@ func uninstall() {
 	}
 	binPath := filepath.Join(defaultInstallPath, defaultBinName)
 	os.Remove(binPath + "0")
-	os.Rename(binPath, binPath+"0")
+	os.Remove(binPath)
-	os.RemoveAll(defaultInstallPath)
+	// os.RemoveAll(defaultInstallPath)  // reserve config.json
 }
--- a/doc/images/afterconnect_en.png
+++ b/doc/images/afterconnect_en.png
--- a/doc/images/devices.png
+++ b/doc/images/devices.png
--- a/doc/images/devices_en.png
+++ b/doc/images/devices_en.png
--- a/doc/images/install.png
+++ b/doc/images/install.png
--- a/doc/images/install_en.png
+++ b/doc/images/install_en.png
--- a/doc/images/mstscconnect_en.png
+++ b/doc/images/mstscconnect_en.png
--- a/doc/images/newapp.png
+++ b/doc/images/newapp.png
--- a/doc/images/newapp_en.png
+++ b/doc/images/newapp_en.png
--- a/doc/images/newappedit.png
+++ b/doc/images/newappedit.png
--- a/doc/images/newappedit_en.png
+++ b/doc/images/newappedit_en.png
--- a/doc/images/p2pappok.png
+++ b/doc/images/p2pappok.png
--- a/doc/images/p2pappok_en.png
+++ b/doc/images/p2pappok_en.png
--- a/doc/images/prototype.png
+++ b/doc/images/prototype.png
--- a/doc/images/register.png
+++ b/doc/images/register.png
--- a/doc/images/register_en.png
+++ b/doc/images/register_en.png
--- a/doc/images/stillrun.png
+++ b/doc/images/stillrun.png
--- a/doc/images/stillrun_en.png
+++ b/doc/images/stillrun_en.png
--- a/doc/images/win10warn.png
+++ b/doc/images/win10warn.png
--- a/doc/images/win10warn_en.png
+++ b/doc/images/win10warn_en.png
--- a/errorcode.go
+++ b/errorcode.go
@@ -0,0 +1,16 @@
 package main
 import (
 	"errors"
 )
 // error message
 var (
 	// ErrorS2S string = "s2s is not supported"
 	// ErrorHandshake string = "handshake error"
 	ErrorS2S        = errors.New("s2s is not supported")
 	ErrorHandshake  = errors.New("handshake error")
 	ErrorNewUser    = errors.New("new user")
 	ErrorLogin      = errors.New("user or password not correct")
 	ErrNodeTooShort = errors.New("node name too short, it must >=8 charaters")
 )
--- a/handlepush.go
+++ b/handlepush.go
@@ -0,0 +1,212 @@
 package main
 import (
 	"bytes"
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"time"
 )
 func handlePush(pn *P2PNetwork, subType uint16, msg []byte) error {
 	pushHead := PushHeader{}
 	err := binary.Read(bytes.NewReader(msg[openP2PHeaderSize:openP2PHeaderSize+PushHeaderSize]), binary.LittleEndian, &pushHead)
 	if err != nil {
 		return err
 	}
 	gLog.Printf(LevelDEBUG, "handle push msg type:%d, push header:%+v", subType, pushHead)
 	switch subType {
 	case MsgPushConnectReq:
 		req := PushConnectReq{}
 		err := json.Unmarshal(msg[openP2PHeaderSize+PushHeaderSize:], &req)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong MsgPushConnectReq:%s", err)
 			return err
 		}
 		gLog.Printf(LevelINFO, "%s is connecting...", req.From)
 		gLog.Println(LevelDEBUG, "push connect response to ", req.From)
 		// verify totp token or token
 		if VerifyTOTP(req.Token, pn.config.Token, time.Now().Unix()+(pn.serverTs-pn.localTs)) || // localTs may behind, auto adjust ts
 			VerifyTOTP(req.Token, pn.config.Token, time.Now().Unix()) ||
 			(req.FromToken == pn.config.Token) {
 			gLog.Printf(LevelINFO, "Access Granted\n")
 			config := AppConfig{}
 			config.peerNatType = req.NatType
 			config.peerConeNatPort = req.ConeNatPort
 			config.peerIP = req.FromIP
 			config.PeerNode = req.From
 			// share relay node will limit bandwidth
 			if req.FromToken != pn.config.Token {
 				gLog.Printf(LevelINFO, "set share bandwidth %d mbps", pn.config.ShareBandwidth)
 				config.shareBandwidth = pn.config.ShareBandwidth
 			}
 			// go pn.AddTunnel(config, req.ID)
 			go pn.addDirectTunnel(config, req.ID)
 			break
 		}
 		gLog.Println(LevelERROR, "Access Denied:", req.From)
 		rsp := PushConnectRsp{
 			Error:  1,
 			Detail: fmt.Sprintf("connect to %s error: Access Denied", pn.config.Node),
 			To:     req.From,
 			From:   pn.config.Node,
 		}
 		pn.push(req.From, MsgPushConnectRsp, rsp)
 	case MsgPushRsp:
 		rsp := PushRsp{}
 		err := json.Unmarshal(msg[openP2PHeaderSize:], &rsp)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong pushRsp:%s", err)
 			return err
 		}
 		if rsp.Error == 0 {
 			gLog.Printf(LevelDEBUG, "push ok, detail:%s", rsp.Detail)
 		} else {
 			gLog.Printf(LevelERROR, "push error:%d, detail:%s", rsp.Error, rsp.Detail)
 		}
 	case MsgPushAddRelayTunnelReq:
 		req := AddRelayTunnelReq{}
 		err := json.Unmarshal(msg[openP2PHeaderSize+PushHeaderSize:], &req)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong RelayNodeRsp:%s", err)
 			return err
 		}
 		config := AppConfig{}
 		config.PeerNode = req.RelayName
 		config.peerToken = req.RelayToken
 		go func(r AddRelayTunnelReq) {
 			t, errDt := pn.addDirectTunnel(config, 0)
 			if errDt == nil {
 				// notify peer relay ready
 				msg := TunnelMsg{ID: t.id}
 				pn.push(r.From, MsgPushAddRelayTunnelRsp, msg)
 				SaveKey(req.AppID, req.AppKey)
 			}
 		}(req)
 	case MsgPushUpdate:
 		gLog.Println(LevelINFO, "MsgPushUpdate")
 		update() // download new version first, then exec ./openp2p update
 		targetPath := filepath.Join(defaultInstallPath, defaultBinName)
 		args := []string{"update"}
 		env := os.Environ()
 		cmd := exec.Command(targetPath, args...)
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
 		cmd.Stdin = os.Stdin
 		cmd.Env = env
 		err := cmd.Run()
 		if err == nil {
 			os.Exit(0)
 		}
 		return err
 	case MsgPushRestart:
 		gLog.Println(LevelINFO, "MsgPushRestart")
 		os.Exit(0)
 		return err
 	case MsgPushReportApps:
 		gLog.Println(LevelINFO, "MsgPushReportApps")
 		req := ReportApps{}
 		gConf.mtx.Lock()
 		defer gConf.mtx.Unlock()
 		for _, config := range gConf.Apps {
 			appActive := 0
 			relayNode := ""
 			relayMode := ""
 			i, ok := pn.apps.Load(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
 			if ok {
 				app := i.(*p2pApp)
 				if app.isActive() {
 					appActive = 1
 				}
 				relayNode = app.relayNode
 				relayMode = app.relayMode
 			}
 			appInfo := AppInfo{
 				AppName:     config.AppName,
 				Error:       config.errMsg,
 				Protocol:    config.Protocol,
 				SrcPort:     config.SrcPort,
 				RelayNode:   relayNode,
 				RelayMode:   relayMode,
 				PeerNode:    config.PeerNode,
 				DstHost:     config.DstHost,
 				DstPort:     config.DstPort,
 				PeerUser:    config.PeerUser,
 				PeerIP:      config.peerIP,
 				PeerNatType: config.peerNatType,
 				RetryTime:   config.retryTime.Local().Format("2006-01-02T15:04:05-0700"),
 				ConnectTime: config.connectTime.Local().Format("2006-01-02T15:04:05-0700"),
 				IsActive:    appActive,
 				Enabled:     config.Enabled,
 			}
 			req.Apps = append(req.Apps, appInfo)
 		}
 		pn.write(MsgReport, MsgReportApps, &req)
 	case MsgPushEditApp:
 		gLog.Println(LevelINFO, "MsgPushEditApp")
 		newApp := AppInfo{}
 		err := json.Unmarshal(msg[openP2PHeaderSize:], &newApp)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong MsgPushEditApp:%s  %s", err, string(msg[openP2PHeaderSize:]))
 			return err
 		}
 		oldConf := AppConfig{Enabled: 1}
 		// protocol0+srcPort0 exist, delApp
 		oldConf.AppName = newApp.AppName
 		oldConf.Protocol = newApp.Protocol0
 		oldConf.SrcPort = newApp.SrcPort0
 		oldConf.PeerNode = newApp.PeerNode
 		oldConf.DstHost = newApp.DstHost
 		oldConf.DstPort = newApp.DstPort
 		gConf.delete(oldConf)
 		// AddApp
 		newConf := oldConf
 		newConf.Protocol = newApp.Protocol
 		newConf.SrcPort = newApp.SrcPort
 		gConf.add(newConf, false)
 		gConf.save()          // save quickly for the next request reportApplist
 		pn.DeleteApp(oldConf) // DeleteApp may cost some times, execute at the end
 		// autoReconnect will auto AddApp
 		// pn.AddApp(config)
 		// TODO: report result
 	case MsgPushEditNode:
 		gLog.Println(LevelINFO, "MsgPushEditNode")
 		req := EditNode{}
 		err := json.Unmarshal(msg[openP2PHeaderSize:], &req)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong MsgPushEditNode:%s  %s", err, string(msg[openP2PHeaderSize:]))
 			return err
 		}
 		gConf.setNode(req.NewName)
 		gConf.setShareBandwidth(req.Bandwidth)
 		gConf.save()
 		// TODO: hot reload
 		os.Exit(0)
 	case MsgPushSwitchApp:
 		gLog.Println(LevelINFO, "MsgPushSwitchApp")
 		app := AppInfo{}
 		err := json.Unmarshal(msg[openP2PHeaderSize:], &app)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong MsgPushSwitchApp:%s  %s", err, string(msg[openP2PHeaderSize:]))
 			return err
 		}
 		config := AppConfig{Enabled: app.Enabled, SrcPort: app.SrcPort, Protocol: app.Protocol}
 		gLog.Println(LevelINFO, app.AppName, " switch to ", app.Enabled)
 		gConf.switchApp(config, app.Enabled)
 		if app.Enabled == 0 {
 			// disable APP
 			pn.DeleteApp(config)
 		}
 	default:
 		pn.msgMapMtx.Lock()
 		ch := pn.msgMap[pushHead.From]
 		pn.msgMapMtx.Unlock()
 		ch <- msg
 	}
 	return nil
 }
--- a/log.go
+++ b/log.go
@@ -47,7 +47,7 @@ const (
 type V8log struct {
 	loggers    map[LogLevel]*log.Logger
 	files      map[LogLevel]*os.File
-	llevel     LogLevel
+	level      LogLevel
 	stopSig    chan bool
 	logDir     string
 	mtx        *sync.Mutex
@@ -92,17 +92,15 @@ func InitLogger(path string, filePrefix string, level LogLevel, maxLogSize int64
 	return pLog
 }
-// UninitLogger ...
+func (vl *V8log) setLevel(level LogLevel) {
-func (vl *V8log) UninitLogger() {
+	vl.mtx.Lock()
-	if !vl.stoped {
+	defer vl.mtx.Unlock()
-		vl.stoped = true
+	vl.level = level
-		close(vl.stopSig)
+}
-		for l := range logFileNames {
+func (vl *V8log) setMode(mode int) {
-			if l >= vl.llevel {
+	vl.mtx.Lock()
-				vl.files[l].Close()
+	defer vl.mtx.Unlock()
-			}
+	vl.mode = mode
 		}
 	}
 }
 func (vl *V8log) checkFile() {
@@ -117,10 +115,10 @@ func (vl *V8log) checkFile() {
 			for l, logFile := range vl.files {
 				f, e := logFile.Stat()
 				if e != nil {
-					break
+					continue
 				}
 				if f.Size() <= vl.maxLogSize {
-					break
+					continue
 				}
 				logFile.Close()
 				fname := f.Name()
@@ -150,7 +148,7 @@ func (vl *V8log) Printf(level LogLevel, format string, params ...interface{}) {
 	if vl.stoped {
 		return
 	}
-	if level < vl.llevel {
+	if level < vl.level {
 		return
 	}
 	pidAndLevel := []interface{}{vl.pid, loglevel[level]}
@@ -170,7 +168,7 @@ func (vl *V8log) Println(level LogLevel, params ...interface{}) {
 	if vl.stoped {
 		return
 	}
-	if level < vl.llevel {
+	if level < vl.level {
 		return
 	}
 	pidAndLevel := []interface{}{vl.pid, " ", loglevel[level], " "}
--- a/nat.go
+++ b/nat.go
@@ -43,7 +43,7 @@ func natTest(serverHost string, serverPort int, localPort int, echoPort int) (pu
 	// testing for public ip
 	if echoPort != 0 {
 		for {
-			gLog.Printf(LevelINFO, "public ip test start %s:%d", natRsp.IP, echoPort)
+			gLog.Printf(LevelDEBUG, "public ip test start %s:%d", natRsp.IP, echoPort)
 			conn, err := net.ListenUDP("udp", nil)
 			if err != nil {
 				break
@@ -60,10 +60,10 @@ func natTest(serverHost string, serverPort int, localPort int, echoPort int) (pu
 			conn.SetReadDeadline(time.Now().Add(PublicIPEchoTimeout))
 			_, _, err = conn.ReadFromUDP(buf)
 			if err == nil {
-				gLog.Println(LevelINFO, "public ip:YES")
+				gLog.Println(LevelDEBUG, "public ip:YES")
 				natRsp.IsPublicIP = 1
 			} else {
-				gLog.Println(LevelINFO, "public ip:NO")
+				gLog.Println(LevelDEBUG, "public ip:NO")
 			}
 			break
 		}
--- a/openp2p.go
+++ b/openp2p.go
@@ -1,7 +1,6 @@
 package main
 import (
 	"flag"
 	"fmt"
 	"math/rand"
 	"os"
@@ -11,9 +10,10 @@ import (
 func main() {
 	rand.Seed(time.Now().UnixNano())
-
+	binDir := filepath.Dir(os.Args[0])
 	os.Chdir(binDir) // for system service
 	gLog = InitLogger(binDir, "openp2p", LevelDEBUG, 1024*1024, LogFileAndConsole)
 	// TODO: install sub command, deamon process
 	// groups := flag.String("groups", "", "you could join in several groups. like: GroupName1:Password1;GroupName2:Password2; group name 8-31 characters")
 	if len(os.Args) > 1 {
 		switch os.Args[1] {
 		case "version", "-v", "--version":
@@ -21,7 +21,14 @@ func main() {
 			return
 		case "update":
 			gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p", LevelDEBUG, 1024*1024, LogFileAndConsole)
-			update()
+			targetPath := filepath.Join(defaultInstallPath, defaultBinName)
 			d := daemon{}
 			err := d.Control("restart", targetPath, nil)
 			if err != nil {
 				gLog.Println(LevelERROR, "restart service error:", err)
 			} else {
 				gLog.Println(LevelINFO, "restart service ok.")
 			}
 			return
 		case "install":
 			install()
@@ -30,134 +37,26 @@ func main() {
 			uninstall()
 			return
 		}
 	} else {
 		installByFilename()
 	}
-	serverHost := flag.String("serverhost", "api.openp2p.cn", "server host ")
+	parseParams()
 	// serverHost := flag.String("serverhost", "127.0.0.1", "server host ") // for debug
 	user := flag.String("user", "", "user name. 8-31 characters")
 	node := flag.String("node", "", "node name. 8-31 characters")
 	password := flag.String("password", "", "user password. 8-31 characters")
 	peerNode := flag.String("peernode", "", "peer node name that you want to connect")
 	peerUser := flag.String("peeruser", "", "peer node user (default peeruser=user)")
 	peerPassword := flag.String("peerpassword", "", "peer node password (default peerpassword=password)")
 	dstIP := flag.String("dstip", "127.0.0.1", "destination ip ")
 	dstPort := flag.Int("dstport", 0, "destination port ")
 	srcPort := flag.Int("srcport", 0, "source port ")
 	protocol := flag.String("protocol", "tcp", "tcp or udp")
 	noShare := flag.Bool("noshare", false, "disable using the huge numbers of shared nodes in OpenP2P network, your connectivity will be weak. also this node will not shared with others")
 	shareBandwidth := flag.Int("sharebandwidth", 10, "N mbps share bandwidth limit, private node no limit")
 	configFile := flag.Bool("f", false, "config file")
 	daemonMode := flag.Bool("d", false, "daemonMode")
 	byDaemon := flag.Bool("bydaemon", false, "start by daemon")
 	logLevel := flag.Int("loglevel", 1, "0:debug 1:info 2:warn 3:error")
 	flag.Parse()
 	gLog = InitLogger(filepath.Dir(os.Args[0]), "openp2p", LogLevel(*logLevel), 1024*1024, LogFileAndConsole)
 	gLog.Println(LevelINFO, "openp2p start. version: ", OpenP2PVersion)
-	if *daemonMode {
+	gLog.Println(LevelINFO, "Contact: QQ Group: 16947733, Email: openp2p.cn@gmail.com")
 	if gConf.daemonMode {
 		d := daemon{}
 		d.run()
 		return
 	}
 	if !*configFile {
 		// validate cmd params
 		if *node == "" {
 			gLog.Println(LevelERROR, "node name not set", os.Args, len(os.Args), os.Args[0])
 			return
 		}
 		if *user == "" {
 			gLog.Println(LevelERROR, "user name not set")
 			return
 		}
 		if *password == "" {
 			gLog.Println(LevelERROR, "password not set")
 			return
 		}
 		if *peerNode != "" {
 			if *dstPort == 0 {
 				gLog.Println(LevelERROR, "dstPort not set")
 				return
 			}
 			if *srcPort == 0 {
 				gLog.Println(LevelERROR, "srcPort not set")
 				return
 			}
 		}
 	}
-	config := AppConfig{}
+	gLog.Println(LevelINFO, &gConf)
 	config.PeerNode = *peerNode
 	config.PeerUser = *peerUser
 	config.PeerPassword = *peerPassword
 	config.DstHost = *dstIP
 	config.DstPort = *dstPort
 	config.SrcPort = *srcPort
 	config.Protocol = *protocol
 	gLog.Println(LevelINFO, config)
 	if *configFile {
 		if err := gConf.load(); err != nil {
 			gLog.Println(LevelERROR, "load config error. exit.")
 			return
 		}
 	} else {
 		gConf.add(config)
 		gConf.Network = NetworkConfig{
 			Node:           *node,
 			User:           *user,
 			Password:       *password,
 			NoShare:        *noShare,
 			ServerHost:     *serverHost,
 			ServerPort:     27182,
 			UDPPort1:       27182,
 			UDPPort2:       27183,
 			ipv6:           "240e:3b7:621:def0:fda4:dd7f:36a1:2803", // TODO: detect real ipv6
 			shareBandwidth: *shareBandwidth,
 		}
 	}
 	// gConf.save() // not change config file
 	gConf.daemonMode = *byDaemon
 	gLog.Println(LevelINFO, gConf)
 	setFirewall()
 	network := P2PNetworkInstance(&gConf.Network)
 	if ok := network.Connect(30000); !ok {
 		gLog.Println(LevelERROR, "P2PNetwork login error")
 		return
 	}
 	for _, app := range gConf.Apps {
 		// set default peer user password
 		if app.PeerPassword == "" {
 			app.PeerPassword = gConf.Network.Password
 		}
 		if app.PeerUser == "" {
 			app.PeerUser = gConf.Network.User
 		}
 		err := network.AddApp(app)
 		if err != nil {
 			gLog.Println(LevelERROR, "addTunnel error")
 		}
 	}
 	// test
 	// go func() {
 	// 	time.Sleep(time.Second * 30)
 	// 	config := AppConfig{}
 	// 	config.PeerNode = *peerNode
 	// 	config.PeerUser = *peerUser
 	// 	config.PeerPassword = *peerPassword
 	// 	config.DstHost = *dstIP
 	// 	config.DstPort = *dstPort
 	// 	config.SrcPort = 32
 	// 	config.Protocol = *protocol
 	// 	network.AddApp(config)
 	// 	// time.Sleep(time.Second * 30)
 	// 	// network.DeleteTunnel(config)
 	// 	// time.Sleep(time.Second * 30)
 	// 	// network.DeleteTunnel(config)
 	// }()
 	// // TODO: http api
 	// api := ClientAPI{}
 	// go api.run()
 	gLog.Println(LevelINFO, "waiting for connection...")
 	forever := make(chan bool)
 	<-forever
--- a/overlay.go
+++ b/overlay.go
@@ -0,0 +1,150 @@
 package main
 import (
 	"bytes"
 	"encoding/binary"
 	"errors"
 	"net"
 	"time"
 )
 var ErrDeadlineExceeded error = &DeadlineExceededError{}
 // DeadlineExceededError is returned for an expired deadline.
 type DeadlineExceededError struct{}
 // Implement the net.Error interface.
 // The string is "i/o timeout" because that is what was returned
 // by earlier Go versions. Changing it may break programs that
 // match on error strings.
 func (e *DeadlineExceededError) Error() string   { return "i/o timeout" }
 func (e *DeadlineExceededError) Timeout() bool   { return true }
 func (e *DeadlineExceededError) Temporary() bool { return true }
 // implement io.Writer
 type overlayConn struct {
 	tunnel      *P2PTunnel
 	connTCP     net.Conn
 	id          uint64
 	rtid        uint64
 	running     bool
 	isClient    bool
 	appID       uint64
 	appKey      uint64
 	appKeyBytes []byte
 	// for udp
 	connUDP       *net.UDPConn
 	remoteAddr    net.Addr
 	udpRelayData  chan []byte
 	lastReadUDPTs time.Time
 }
 func (oConn *overlayConn) run() {
 	gLog.Printf(LevelDEBUG, "%d overlayConn run start", oConn.id)
 	defer gLog.Printf(LevelDEBUG, "%d overlayConn run end", oConn.id)
 	oConn.running = true
 	oConn.lastReadUDPTs = time.Now()
 	buffer := make([]byte, ReadBuffLen+PaddingSize)
 	readBuf := buffer[:ReadBuffLen]
 	encryptData := make([]byte, ReadBuffLen+PaddingSize) // 16 bytes for padding
 	tunnelHead := new(bytes.Buffer)
 	relayHead := new(bytes.Buffer)
 	binary.Write(relayHead, binary.LittleEndian, oConn.rtid)
 	binary.Write(tunnelHead, binary.LittleEndian, oConn.id)
 	for oConn.running && oConn.tunnel.isRuning() {
 		buff, dataLen, err := oConn.Read(readBuf)
 		if err != nil {
 			if ne, ok := err.(net.Error); ok && ne.Timeout() {
 				continue
 			}
 			// overlay tcp connection normal close, debug log
 			gLog.Printf(LevelDEBUG, "overlayConn %d read error:%s,close it", oConn.id, err)
 			break
 		}
 		payload := buff[:dataLen]
 		if oConn.appKey != 0 {
 			payload, _ = encryptBytes(oConn.appKeyBytes, encryptData, buffer[:dataLen], dataLen)
 		}
 		writeBytes := append(tunnelHead.Bytes(), payload...)
 		if oConn.rtid == 0 {
 			oConn.tunnel.conn.WriteBytes(MsgP2P, MsgOverlayData, writeBytes)
 			gLog.Printf(LevelDEBUG, "write overlay data to %d:%d bodylen=%d", oConn.rtid, oConn.id, len(writeBytes))
 		} else {
 			// write raley data
 			all := append(relayHead.Bytes(), encodeHeader(MsgP2P, MsgOverlayData, uint32(len(writeBytes)))...)
 			all = append(all, writeBytes...)
 			oConn.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, all)
 			gLog.Printf(LevelDEBUG, "write relay data to %d:%d bodylen=%d", oConn.rtid, oConn.id, len(writeBytes))
 		}
 	}
 	if oConn.connTCP != nil {
 		oConn.connTCP.Close()
 	}
 	if oConn.connUDP != nil {
 		oConn.connUDP.Close()
 	}
 	oConn.tunnel.overlayConns.Delete(oConn.id)
 	// notify peer disconnect
 	if oConn.isClient {
 		req := OverlayDisconnectReq{ID: oConn.id}
 		if oConn.rtid == 0 {
 			oConn.tunnel.conn.WriteMessage(MsgP2P, MsgOverlayDisconnectReq, &req)
 		} else {
 			// write relay data
 			msg, _ := newMessage(MsgP2P, MsgOverlayDisconnectReq, &req)
 			msgWithHead := append(relayHead.Bytes(), msg...)
 			oConn.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, msgWithHead)
 		}
 	}
 }
 func (oConn *overlayConn) Read(reuseBuff []byte) (buff []byte, n int, err error) {
 	if oConn.connUDP != nil {
 		if time.Now().After(oConn.lastReadUDPTs.Add(time.Minute * 5)) {
 			err = errors.New("udp close")
 			return
 		}
 		if oConn.remoteAddr != nil { // as server
 			select {
 			case buff = <-oConn.udpRelayData:
 				n = len(buff)
 				oConn.lastReadUDPTs = time.Now()
 			case <-time.After(time.Second * 10):
 				err = ErrDeadlineExceeded
 			}
 		} else { // as client
 			oConn.connUDP.SetReadDeadline(time.Now().Add(5 * time.Second))
 			n, _, err = oConn.connUDP.ReadFrom(reuseBuff)
 			if err == nil {
 				oConn.lastReadUDPTs = time.Now()
 			}
 			buff = reuseBuff
 		}
 		return
 	}
 	oConn.connTCP.SetReadDeadline(time.Now().Add(time.Second * 5))
 	n, err = oConn.connTCP.Read(reuseBuff)
 	buff = reuseBuff
 	return
 }
 // calling by p2pTunnel
 func (oConn *overlayConn) Write(buff []byte) (n int, err error) {
 	// add mutex when multi-thread calling
 	if oConn.connUDP != nil {
 		if oConn.remoteAddr == nil {
 			n, err = oConn.connUDP.Write(buff)
 		} else {
 			n, err = oConn.connUDP.WriteTo(buff, oConn.remoteAddr)
 		}
 		if err != nil {
 			oConn.running = false
 		}
 		return
 	}
 	n, err = oConn.connTCP.Write(buff)
 	if err != nil {
 		oConn.running = false
 	}
 	return
 }
--- a/overlaytcp.go
+++ b/overlaytcp.go
@@ -1,85 +0,0 @@
 package main
 import (
 	"bytes"
 	"encoding/binary"
 	"net"
 	"time"
 )
 // implement io.Writer
 type overlayTCP struct {
 	tunnel      *P2PTunnel
 	conn        net.Conn
 	id          uint64
 	rtid        uint64
 	running     bool
 	isClient    bool
 	appID       uint64
 	appKey      uint64
 	appKeyBytes []byte
 }
 func (otcp *overlayTCP) run() {
 	gLog.Printf(LevelINFO, "%d overlayTCP run start", otcp.id)
 	defer gLog.Printf(LevelINFO, "%d overlayTCP run end", otcp.id)
 	otcp.running = true
 	buffer := make([]byte, ReadBuffLen+PaddingSize)
 	readBuf := buffer[:ReadBuffLen]
 	encryptData := make([]byte, ReadBuffLen+PaddingSize) // 16 bytes for padding
 	tunnelHead := new(bytes.Buffer)
 	relayHead := new(bytes.Buffer)
 	binary.Write(relayHead, binary.LittleEndian, otcp.rtid)
 	binary.Write(tunnelHead, binary.LittleEndian, otcp.id)
 	for otcp.running && otcp.tunnel.isRuning() {
 		otcp.conn.SetReadDeadline(time.Now().Add(time.Second * 5))
 		dataLen, err := otcp.conn.Read(readBuf)
 		if err != nil {
 			if ne, ok := err.(net.Error); ok && ne.Timeout() {
 				continue
 			}
 			// overlay tcp connection normal close, debug log
 			gLog.Printf(LevelDEBUG, "overlayTCP %d read error:%s,close it", otcp.id, err)
 			break
 		} else {
 			payload := readBuf[:dataLen]
 			if otcp.appKey != 0 {
 				payload, _ = encryptBytes(otcp.appKeyBytes, encryptData, buffer[:dataLen], dataLen)
 			}
 			writeBytes := append(tunnelHead.Bytes(), payload...)
 			if otcp.rtid == 0 {
 				otcp.tunnel.conn.WriteBytes(MsgP2P, MsgOverlayData, writeBytes)
 			} else {
 				// write raley data
 				all := append(relayHead.Bytes(), encodeHeader(MsgP2P, MsgOverlayData, uint32(len(writeBytes)))...)
 				all = append(all, writeBytes...)
 				otcp.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, all)
 				gLog.Printf(LevelDEBUG, "write relay data to %d:%d bodylen=%d", otcp.rtid, otcp.id, len(writeBytes))
 			}
 		}
 	}
 	otcp.conn.Close()
 	otcp.tunnel.overlayConns.Delete(otcp.id)
 	// notify peer disconnect
 	if otcp.isClient {
 		req := OverlayDisconnectReq{ID: otcp.id}
 		if otcp.rtid == 0 {
 			otcp.tunnel.conn.WriteMessage(MsgP2P, MsgOverlayDisconnectReq, &req)
 		} else {
 			// write relay data
 			msg, _ := newMessage(MsgP2P, MsgOverlayDisconnectReq, &req)
 			msgWithHead := append(relayHead.Bytes(), msg...)
 			otcp.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, msgWithHead)
 		}
 	}
 }
 // calling by p2pTunnel
 func (otcp *overlayTCP) Write(buff []byte) (n int, err error) {
 	// add mutex when multi-thread calling
 	n, err = otcp.conn.Write(buff)
 	if err != nil {
 		otcp.tunnel.overlayConns.Delete(otcp.id)
 	}
 	return
 }
--- a/p2papp.go
+++ b/p2papp.go
@@ -6,21 +6,26 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
 	"strconv"
 	"strings"
 	"sync"
 	"time"
 )
 type p2pApp struct {
-	config   AppConfig
+	config      AppConfig
-	listener net.Listener
+	listener    net.Listener
-	tunnel   *P2PTunnel
+	listenerUDP *net.UDPConn
-	rtid     uint64
+	tunnel      *P2PTunnel
-	hbTime   time.Time
+	rtid        uint64
-	hbMtx    sync.Mutex
+	relayNode   string
-	running  bool
+	relayMode   string
-	id       uint64
+	hbTime      time.Time
-	key      uint64
+	hbMtx       sync.Mutex
-	wg       sync.WaitGroup
+	running     bool
 	id          uint64
 	key         uint64
 	wg          sync.WaitGroup
 }
 func (app *p2pApp) isActive() bool {
@@ -43,40 +48,43 @@ func (app *p2pApp) updateHeartbeat() {
 }
 func (app *p2pApp) listenTCP() error {
 	gLog.Printf(LevelDEBUG, "tcp accept on port %d start", app.config.SrcPort)
 	defer gLog.Printf(LevelDEBUG, "tcp accept on port %d end", app.config.SrcPort)
 	var err error
 	app.listener, err = net.Listen("tcp4", fmt.Sprintf("0.0.0.0:%d", app.config.SrcPort))
 	if err != nil {
 		gLog.Printf(LevelERROR, "listen error:%s", err)
 		return err
 	}
-	for {
+	for app.running {
 		conn, err := app.listener.Accept()
 		if err != nil {
-			gLog.Printf(LevelERROR, "%d accept error:%s", app.tunnel.id, err)
+			if app.running {
 				gLog.Printf(LevelERROR, "%d accept error:%s", app.tunnel.id, err)
 			}
 			break
 		}
-		otcp := overlayTCP{
+		oConn := overlayConn{
 			tunnel:   app.tunnel,
-			conn:     conn,
+			connTCP:  conn,
 			id:       rand.Uint64(),
 			isClient: true,
 			rtid:     app.rtid,
 			appID:    app.id,
 			appKey:   app.key,
 		}
-		// calc key bytes for encrypt
+		// pre-calc key bytes for encrypt
-		if otcp.appKey != 0 {
+		if oConn.appKey != 0 {
 			encryptKey := make([]byte, AESKeySize)
-			binary.LittleEndian.PutUint64(encryptKey, otcp.appKey)
+			binary.LittleEndian.PutUint64(encryptKey, oConn.appKey)
-			binary.LittleEndian.PutUint64(encryptKey[8:], otcp.appKey)
+			binary.LittleEndian.PutUint64(encryptKey[8:], oConn.appKey)
-			otcp.appKeyBytes = encryptKey
+			oConn.appKeyBytes = encryptKey
 		}
-		app.tunnel.overlayConns.Store(otcp.id, &otcp)
+		app.tunnel.overlayConns.Store(oConn.id, &oConn)
-		gLog.Printf(LevelINFO, "Accept overlayID:%d", otcp.id)
+		gLog.Printf(LevelDEBUG, "Accept TCP overlayID:%d", oConn.id)
 		// tell peer connect
-		req := OverlayConnectReq{ID: otcp.id,
+		req := OverlayConnectReq{ID: oConn.id,
-			User:     app.config.PeerUser,
+			Token:    app.tunnel.pn.config.Token,
 			Password: app.config.PeerPassword,
 			DstIP:    app.config.DstHost,
 			DstPort:  app.config.DstPort,
 			Protocol: app.config.Protocol,
@@ -92,27 +100,117 @@ func (app *p2pApp) listenTCP() error {
 			msgWithHead := append(relayHead.Bytes(), msg...)
 			app.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, msgWithHead)
 		}
 		go oConn.run()
 	}
 	return nil
 }
-		go otcp.run()
+func (app *p2pApp) listenUDP() error {
 	gLog.Printf(LevelDEBUG, "udp accept on port %d start", app.config.SrcPort)
 	defer gLog.Printf(LevelDEBUG, "udp accept on port %d end", app.config.SrcPort)
 	var err error
 	app.listenerUDP, err = net.ListenUDP("udp", &net.UDPAddr{IP: net.IPv4zero, Port: app.config.SrcPort})
 	if err != nil {
 		gLog.Printf(LevelERROR, "listen error:%s", err)
 		return err
 	}
 	buffer := make([]byte, 64*1024)
 	udpID := make([]byte, 8)
 	for {
 		app.listenerUDP.SetReadDeadline(time.Now().Add(time.Second * 10))
 		len, remoteAddr, err := app.listenerUDP.ReadFrom(buffer)
 		if err != nil {
 			if ne, ok := err.(net.Error); ok && ne.Timeout() {
 				continue
 			} else {
 				gLog.Printf(LevelERROR, "udp read failed:%s", err)
 				break
 			}
 		} else {
 			b := bytes.Buffer{}
 			b.Write(buffer[:len])
 			// load from app.tunnel.overlayConns by remoteAddr error, new udp connection
 			remoteIP := strings.Split(remoteAddr.String(), ":")[0]
 			port, _ := strconv.Atoi(strings.Split(remoteAddr.String(), ":")[1])
 			a := net.ParseIP(remoteIP)
 			udpID[0] = a[0]
 			udpID[1] = a[1]
 			udpID[2] = a[2]
 			udpID[3] = a[3]
 			udpID[4] = byte(port)
 			udpID[5] = byte(port >> 8)
 			id := binary.LittleEndian.Uint64(udpID)
 			s, ok := app.tunnel.overlayConns.Load(id)
 			if !ok {
 				oConn := overlayConn{
 					tunnel:       app.tunnel,
 					connUDP:      app.listenerUDP,
 					remoteAddr:   remoteAddr,
 					udpRelayData: make(chan []byte, 1000),
 					id:           id,
 					isClient:     true,
 					rtid:         app.rtid,
 					appID:        app.id,
 					appKey:       app.key,
 				}
 				// calc key bytes for encrypt
 				if oConn.appKey != 0 {
 					encryptKey := make([]byte, AESKeySize)
 					binary.LittleEndian.PutUint64(encryptKey, oConn.appKey)
 					binary.LittleEndian.PutUint64(encryptKey[8:], oConn.appKey)
 					oConn.appKeyBytes = encryptKey
 				}
 				app.tunnel.overlayConns.Store(oConn.id, &oConn)
 				gLog.Printf(LevelDEBUG, "Accept UDP overlayID:%d", oConn.id)
 				// tell peer connect
 				req := OverlayConnectReq{ID: oConn.id,
 					Token:    app.tunnel.pn.config.Token,
 					DstIP:    app.config.DstHost,
 					DstPort:  app.config.DstPort,
 					Protocol: app.config.Protocol,
 					AppID:    app.id,
 				}
 				if app.rtid == 0 {
 					app.tunnel.conn.WriteMessage(MsgP2P, MsgOverlayConnectReq, &req)
 				} else {
 					req.RelayTunnelID = app.tunnel.id
 					relayHead := new(bytes.Buffer)
 					binary.Write(relayHead, binary.LittleEndian, app.rtid)
 					msg, _ := newMessage(MsgP2P, MsgOverlayConnectReq, &req)
 					msgWithHead := append(relayHead.Bytes(), msg...)
 					app.tunnel.conn.WriteBytes(MsgP2P, MsgRelayData, msgWithHead)
 				}
 				go oConn.run()
 				oConn.udpRelayData <- b.Bytes()
 			}
 			// load from app.tunnel.overlayConns by remoteAddr ok, write relay data
 			overlayConn, ok := s.(*overlayConn)
 			if !ok {
 				continue
 			}
 			overlayConn.udpRelayData <- b.Bytes()
 		}
 	}
 	return nil
 }
 func (app *p2pApp) listen() error {
-	gLog.Printf(LevelINFO, "LISTEN ON PORT %d START", app.config.SrcPort)
+	gLog.Printf(LevelINFO, "LISTEN ON PORT %s:%d START", app.config.Protocol, app.config.SrcPort)
-	defer gLog.Printf(LevelINFO, "LISTEN ON PORT %d START", app.config.SrcPort)
+	defer gLog.Printf(LevelINFO, "LISTEN ON PORT %s:%d END", app.config.Protocol, app.config.SrcPort)
 	app.wg.Add(1)
 	defer app.wg.Done()
 	app.running = true
 	if app.rtid != 0 {
 		go app.relayHeartbeatLoop()
 	}
-	for app.running {
+	for app.tunnel.isRuning() && app.running {
-		if app.config.Protocol == "tcp" {
+		if app.config.Protocol == "udp" {
 			app.listenUDP()
 		} else {
 			app.listenTCP()
 		}
-		time.Sleep(time.Second * 5)
+		time.Sleep(time.Second * 10)
 		// TODO: listen UDP
 	}
 	return nil
 }
@@ -122,6 +220,9 @@ func (app *p2pApp) close() {
 	if app.listener != nil {
 		app.listener.Close()
 	}
 	if app.listenerUDP != nil {
 		app.listenerUDP.Close()
 	}
 	if app.tunnel != nil {
 		app.tunnel.closeOverlayConns(app.id)
 	}
--- a/p2pnetwork.go
+++ b/p2pnetwork.go
@@ -7,10 +7,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"math"
 	"math/rand"
 	"net"
 	"net/url"
 	"os"
 	"strings"
 	"sync"
 	"time"
@@ -30,13 +30,14 @@ type P2PNetwork struct {
 	restartCh chan bool
 	wg        sync.WaitGroup
 	writeMtx  sync.Mutex
-	serverTs  uint64
+	serverTs  int64
 	localTs   int64
 	// msgMap    sync.Map
 	msgMap     map[uint64]chan []byte //key: nodeID
 	msgMapMtx  sync.Mutex
 	config     NetworkConfig
 	allTunnels sync.Map
-	apps       sync.Map
+	apps       sync.Map //key: protocol+srcport; value: p2pApp
 	limiter    *BandwidthLimiter
 }
@@ -48,7 +49,7 @@ func P2PNetworkInstance(config *NetworkConfig) *P2PNetwork {
 				online:    false,
 				running:   true,
 				msgMap:    make(map[uint64]chan []byte),
-				limiter:   newBandwidthLimiter(config.shareBandwidth),
+				limiter:   newBandwidthLimiter(config.ShareBandwidth),
 			}
 			instance.msgMap[0] = make(chan []byte) // for gateway
 			if config != nil {
@@ -62,7 +63,7 @@ func P2PNetworkInstance(config *NetworkConfig) *P2PNetwork {
 }
 func (pn *P2PNetwork) run() {
-	go pn.autoReconnectApp()
+	go pn.autorunApp()
 	heartbeatTimer := time.NewTicker(NetworkHeartbeatTime)
 	for pn.running {
 		select {
@@ -92,74 +93,87 @@ func (pn *P2PNetwork) Connect(timeout int) bool {
 	return false
 }
-func (pn *P2PNetwork) autoReconnectApp() {
+func (pn *P2PNetwork) runAll() {
-	gLog.Println(LevelINFO, "autoReconnectApp start")
+	gConf.mtx.Lock() // lock for copy gConf.Apps and the modification of config(it's pointer)
-	retryApps := make([]AppConfig, 0)
+	defer gConf.mtx.Unlock()
 	allApps := gConf.Apps // read a copy, other thread will modify the gConf.Apps
 	for _, config := range allApps {
 		if config.nextRetryTime.After(time.Now()) {
 			continue
 		}
 		if config.Enabled == 0 {
 			continue
 		}
 		if config.AppName == "" {
 			config.AppName = fmt.Sprintf("%s%d", config.Protocol, config.SrcPort)
 		}
 		appExist := false
 		var appID uint64
 		i, ok := pn.apps.Load(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
 		if ok {
 			app := i.(*p2pApp)
 			appExist = true
 			appID = app.id
 			if app.isActive() {
 				continue
 			}
 		}
 		if appExist {
 			pn.DeleteApp(*config)
 		}
 		if config.retryNum > 0 {
 			gLog.Printf(LevelINFO, "detect app %s(%d) disconnect, reconnecting the %d times...", config.AppName, appID, config.retryNum)
 			if time.Now().Add(-time.Minute * 15).After(config.retryTime) { // normal lasts 15min
 				config.retryNum = 0
 			}
 		}
 		config.retryNum++
 		config.retryTime = time.Now()
 		increase := math.Pow(1.3, float64(config.retryNum))
 		if increase > 900 {
 			increase = 900
 		}
 		config.nextRetryTime = time.Now().Add(time.Second * time.Duration(increase)) // exponential increase retry time. 1.3^x
 		config.connectTime = time.Now()
 		gConf.mtx.Unlock() // AddApp will take a period of time
 		err := pn.AddApp(*config)
 		gConf.mtx.Lock()
 		if err != nil {
 			config.errMsg = err.Error()
 		}
 	}
 }
 func (pn *P2PNetwork) autorunApp() {
 	gLog.Println(LevelINFO, "autorunApp start")
 	for pn.running {
 		time.Sleep(time.Second)
 		if !pn.online {
 			continue
 		}
-		if len(retryApps) > 0 {
+		pn.runAll()
-			gLog.Printf(LevelINFO, "retryApps len=%d", len(retryApps))
+		time.Sleep(time.Second * 10)
 			thisRound := make([]AppConfig, 0)
 			for i := 0; i < len(retryApps); i++ {
 				// reset retryNum when running 15min continuously
 				if retryApps[i].retryTime.Add(time.Minute * 15).Before(time.Now()) {
 					retryApps[i].retryNum = 0
 				}
 				retryApps[i].retryNum++
 				retryApps[i].retryTime = time.Now()
 				if retryApps[i].retryNum > MaxRetry {
 					gLog.Printf(LevelERROR, "app %s%d retry more than %d times, exit.", retryApps[i].Protocol, retryApps[i].SrcPort, MaxRetry)
 					continue
 				}
 				pn.DeleteApp(retryApps[i])
 				if err := pn.AddApp(retryApps[i]); err != nil {
 					gLog.Printf(LevelERROR, "AddApp %s%d error:%s", retryApps[i].Protocol, retryApps[i].SrcPort, err)
 					thisRound = append(thisRound, retryApps[i])
 					time.Sleep(RetryInterval)
 				}
 			}
 			retryApps = thisRound
 		}
 		pn.apps.Range(func(_, i interface{}) bool {
 			app := i.(*p2pApp)
 			if app.isActive() {
 				return true
 			}
 			gLog.Printf(LevelINFO, "detect app %s%d disconnect,last hb %s reconnecting...", app.config.Protocol, app.config.SrcPort, app.hbTime)
 			config := app.config
 			// clear peerinfo
 			config.peerConeNatPort = 0
 			config.peerIP = ""
 			config.peerNatType = 0
 			config.peerToken = 0
 			pn.DeleteApp(config)
 			retryApps = append(retryApps, config)
 			return true
 		})
 	}
-	gLog.Println(LevelINFO, "autoReconnectApp end")
+	gLog.Println(LevelINFO, "autorunApp end")
 }
-func (pn *P2PNetwork) addRelayTunnel(config AppConfig, appid uint64, appkey uint64) (*P2PTunnel, uint64, error) {
+func (pn *P2PNetwork) addRelayTunnel(config AppConfig, appid uint64, appkey uint64) (*P2PTunnel, uint64, string, error) {
 	gLog.Printf(LevelINFO, "addRelayTunnel to %s start", config.PeerNode)
 	defer gLog.Printf(LevelINFO, "addRelayTunnel to %s end", config.PeerNode)
 	pn.write(MsgRelay, MsgRelayNodeReq, &RelayNodeReq{config.PeerNode})
 	head, body := pn.read("", MsgRelay, MsgRelayNodeRsp, time.Second*10)
 	if head == nil {
-		return nil, 0, errors.New("read MsgRelayNodeRsp error")
+		return nil, 0, "", errors.New("read MsgRelayNodeRsp error")
 	}
 	rsp := RelayNodeRsp{}
 	err := json.Unmarshal(body, &rsp)
 	if err != nil {
 		gLog.Printf(LevelERROR, "wrong RelayNodeRsp:%s", err)
-		return nil, 0, errors.New("unmarshal MsgRelayNodeRsp error")
+		return nil, 0, "", errors.New("unmarshal MsgRelayNodeRsp error")
 	}
 	if rsp.RelayName == "" || rsp.RelayToken == 0 {
 		gLog.Printf(LevelERROR, "MsgRelayNodeReq error")
-		return nil, 0, errors.New("MsgRelayNodeReq error")
+		return nil, 0, "", errors.New("MsgRelayNodeReq error")
 	}
 	gLog.Printf(LevelINFO, "got relay node:%s", rsp.RelayName)
 	relayConfig := config
@@ -168,7 +182,7 @@ func (pn *P2PNetwork) addRelayTunnel(config AppConfig, appid uint64, appkey uint
 	t, err := pn.addDirectTunnel(relayConfig, 0)
 	if err != nil {
 		gLog.Println(LevelERROR, "direct connect error:", err)
-		return nil, 0, err
+		return nil, 0, "", err
 	}
 	// notify peer addRelayTunnel
 	req := AddRelayTunnelReq{
@@ -185,56 +199,55 @@ func (pn *P2PNetwork) addRelayTunnel(config AppConfig, appid uint64, appkey uint
 	head, body = pn.read(config.PeerNode, MsgPush, MsgPushAddRelayTunnelRsp, PeerAddRelayTimeount) // TODO: const value
 	if head == nil {
 		gLog.Printf(LevelERROR, "read MsgPushAddRelayTunnelRsp error")
-		return nil, 0, errors.New("read MsgPushAddRelayTunnelRsp error")
+		return nil, 0, "", errors.New("read MsgPushAddRelayTunnelRsp error")
 	}
 	rspID := TunnelMsg{}
 	err = json.Unmarshal(body, &rspID)
 	if err != nil {
 		gLog.Printf(LevelERROR, "wrong RelayNodeRsp:%s", err)
-		return nil, 0, errors.New("unmarshal MsgRelayNodeRsp error")
+		return nil, 0, "", errors.New("unmarshal MsgRelayNodeRsp error")
 	}
-	return t, rspID.ID, err
+	return t, rspID.ID, rsp.Mode, err
 }
 // use *AppConfig to save status
 func (pn *P2PNetwork) AddApp(config AppConfig) error {
-	gLog.Printf(LevelINFO, "addApp %s%d to %s:%s:%d start", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
+	gLog.Printf(LevelINFO, "addApp %s to %s:%s:%d start", config.AppName, config.PeerNode, config.DstHost, config.DstPort)
-	defer gLog.Printf(LevelINFO, "addApp %s%d to %s:%s:%d end", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
+	defer gLog.Printf(LevelINFO, "addApp %s to %s:%s:%d end", config.AppName, config.PeerNode, config.DstHost, config.DstPort)
 	if !pn.online {
 		return errors.New("P2PNetwork offline")
 	}
 	// check if app already exist?
 	appExist := false
-	pn.apps.Range(func(_, i interface{}) bool {
+	_, ok := pn.apps.Load(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
-		app := i.(*p2pApp)
+	if ok {
-		if app.config.Protocol == config.Protocol && app.config.SrcPort == config.SrcPort {
+		appExist = true
-			appExist = true
+	}
 			return false
 		}
 		return true
 	})
 	if appExist {
 		return errors.New("P2PApp already exist")
 	}
 	appID := rand.Uint64()
 	appKey := uint64(0)
 	t, err := pn.addDirectTunnel(config, 0)
 	var rtid uint64
 	relayNode := ""
-	peerNatType := 100
+	relayMode := ""
 	peerNatType := NATUnknown
 	peerIP := ""
 	errMsg := ""
-	if err != nil && err == ErrorHandshake {
+	t, err := pn.addDirectTunnel(config, 0)
 		gLog.Println(LevelERROR, "direct connect failed, try to relay")
 		appKey = rand.Uint64()
 		t, rtid, err = pn.addRelayTunnel(config, appID, appKey)
 		if t != nil {
 			relayNode = t.config.PeerNode
 		}
 	}
 	if t != nil {
 		peerNatType = t.config.peerNatType
 		peerIP = t.config.peerIP
 	}
 	if err != nil && err == ErrorHandshake {
 		gLog.Println(LevelERROR, "direct connect failed, try to relay")
 		appKey = rand.Uint64()
 		t, rtid, relayMode, err = pn.addRelayTunnel(config, appID, appKey)
 		if t != nil {
 			relayNode = t.config.PeerNode
 		}
 	}
 	if err != nil {
 		errMsg = err.Error()
 	}
@@ -246,23 +259,26 @@ func (pn *P2PNetwork) AddApp(config AppConfig) error {
 		PeerNode:       config.PeerNode,
 		DstPort:        config.DstPort,
 		DstHost:        config.DstHost,
 		PeerUser:       config.PeerUser,
 		PeerNatType:    peerNatType,
 		PeerIP:         peerIP,
-		ShareBandwidth: pn.config.shareBandwidth,
+		ShareBandwidth: pn.config.ShareBandwidth,
 		RelayNode:      relayNode,
 		Version:        OpenP2PVersion,
 	}
 	pn.write(MsgReport, MsgReportConnect, &req)
-
+	if err != nil {
 		return err
 	}
 	app := p2pApp{
-		id:     appID,
+		id:        appID,
-		key:    appKey,
+		key:       appKey,
-		tunnel: t,
+		tunnel:    t,
-		config: config,
+		config:    config,
-		rtid:   rtid,
+		rtid:      rtid,
-		hbTime: time.Now()}
+		relayNode: relayNode,
-	pn.apps.Store(appID, &app)
+		relayMode: relayMode,
 		hbTime:    time.Now()}
 	pn.apps.Store(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort), &app)
 	if err == nil {
 		go app.listen()
 	}
@@ -273,22 +289,18 @@ func (pn *P2PNetwork) DeleteApp(config AppConfig) {
 	gLog.Printf(LevelINFO, "DeleteApp %s%d start", config.Protocol, config.SrcPort)
 	defer gLog.Printf(LevelINFO, "DeleteApp %s%d end", config.Protocol, config.SrcPort)
 	// close the apps of this config
-	pn.apps.Range(func(_, i interface{}) bool {
+	i, ok := pn.apps.Load(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
 	if ok {
 		app := i.(*p2pApp)
-		if app.config.Protocol == config.Protocol && app.config.SrcPort == config.SrcPort {
+		gLog.Printf(LevelINFO, "app %s exist, delete it", fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
-			gLog.Printf(LevelINFO, "app %s exist, delete it", fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
+		app.close()
-			app := i.(*p2pApp)
+		pn.apps.Delete(fmt.Sprintf("%s%d", config.Protocol, config.SrcPort))
-			app.close()
+	}
 			pn.apps.Delete(app.id)
 			return false
 		}
 		return true
 	})
 }
 func (pn *P2PNetwork) addDirectTunnel(config AppConfig, tid uint64) (*P2PTunnel, error) {
-	gLog.Printf(LevelINFO, "addDirectTunnel %s%d to %s:%s:%d start", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
+	gLog.Printf(LevelDEBUG, "addDirectTunnel %s%d to %s:%s:%d start", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
-	defer gLog.Printf(LevelINFO, "addDirectTunnel %s%d to %s:%s:%d end", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
+	defer gLog.Printf(LevelDEBUG, "addDirectTunnel %s%d to %s:%s:%d end", config.Protocol, config.SrcPort, config.PeerNode, config.DstHost, config.DstPort)
 	isClient := false
 	// client side tid=0, assign random uint64
 	if tid == 0 {
@@ -364,11 +376,6 @@ func (pn *P2PNetwork) init() error {
 	gLog.Println(LevelINFO, "init start")
 	var err error
 	for {
 		pn.config.hostName, err = os.Hostname()
 		if err != nil {
 			break
 		}
 		// detect nat type
 		pn.config.publicIP, pn.config.natType, err = getNATType(pn.config.ServerHost, pn.config.UDPPort1, pn.config.UDPPort2)
 		// TODO rm test s2s
@@ -376,10 +383,10 @@ func (pn *P2PNetwork) init() error {
 			pn.config.natType = NATSymmetric
 		}
 		if err != nil {
-			gLog.Println(LevelINFO, "detect NAT type error:", err)
+			gLog.Println(LevelDEBUG, "detect NAT type error:", err)
 			break
 		}
-		gLog.Println(LevelINFO, "detect NAT type:", pn.config.natType, " publicIP:", pn.config.publicIP)
+		gLog.Println(LevelDEBUG, "detect NAT type:", pn.config.natType, " publicIP:", pn.config.publicIP)
 		gatewayURL := fmt.Sprintf("%s:%d", pn.config.ServerHost, pn.config.ServerPort)
 		forwardPath := "/openp2p/v1/login"
 		config := tls.Config{InsecureSkipVerify: true} // let's encrypt root cert "DST Root CA X3" expired at 2021/09/29. many old system(windows server 2008 etc) will not trust our cert
@@ -387,17 +394,10 @@ func (pn *P2PNetwork) init() error {
 		u := url.URL{Scheme: "wss", Host: gatewayURL, Path: forwardPath}
 		q := u.Query()
 		q.Add("node", pn.config.Node)
-		q.Add("user", pn.config.User)
+		q.Add("token", fmt.Sprintf("%d", pn.config.Token))
 		q.Add("password", pn.config.Password)
 		q.Add("version", OpenP2PVersion)
 		q.Add("nattype", fmt.Sprintf("%d", pn.config.natType))
-		q.Add("timestamp", fmt.Sprintf("%d", time.Now().Unix()))
+		q.Add("sharebandwidth", fmt.Sprintf("%d", pn.config.ShareBandwidth))
 		noShareStr := "false"
 		if pn.config.NoShare {
 			noShareStr = "true"
 		}
 		q.Add("noshare", noShareStr)
 		u.RawQuery = q.Encode()
 		var ws *websocket.Conn
 		ws, _, err = websocket.DefaultDialer.Dial(u.String(), nil)
@@ -425,7 +425,7 @@ func (pn *P2PNetwork) init() error {
 			Version: OpenP2PVersion,
 		}
 		rsp := netInfo()
-		gLog.Println(LevelINFO, rsp)
+		gLog.Println(LevelDEBUG, "netinfo:", rsp)
 		if rsp != nil && rsp.Country != "" {
 			if len(rsp.IP) == net.IPv6len {
 				pn.config.ipv6 = rsp.IP.String()
@@ -434,7 +434,7 @@ func (pn *P2PNetwork) init() error {
 			req.NetInfo = *rsp
 		}
 		pn.write(MsgReport, MsgReportBasic, &req)
-		gLog.Println(LevelINFO, "P2PNetwork init ok")
+		gLog.Println(LevelDEBUG, "P2PNetwork init ok")
 		break
 	}
 	if err != nil {
@@ -465,13 +465,19 @@ func (pn *P2PNetwork) handleMessage(t int, msg []byte) {
 			gLog.Printf(LevelERROR, "login error:%d, detail:%s", rsp.Error, rsp.Detail)
 			pn.running = false
 		} else {
 			gLog.Printf(LevelINFO, "login ok. Server ts=%d, local ts=%d", rsp.Ts, time.Now().Unix())
 			pn.serverTs = rsp.Ts
 			pn.config.Token = rsp.Token
 			pn.config.User = rsp.User
 			gConf.setToken(rsp.Token)
 			gConf.setUser(rsp.User)
 			gConf.save()
 			pn.localTs = time.Now().Unix()
 			gLog.Printf(LevelINFO, "login ok. user=%s,Server ts=%d, local ts=%d", rsp.User, rsp.Ts, pn.localTs)
 		}
 	case MsgHeartbeat:
 		gLog.Printf(LevelDEBUG, "P2PNetwork heartbeat ok")
 	case MsgPush:
-		pn.handlePush(head.SubType, msg)
+		handlePush(pn, head.SubType, msg)
 	default:
 		pn.msgMapMtx.Lock()
 		ch := pn.msgMap[0]
@@ -482,7 +488,7 @@ func (pn *P2PNetwork) handleMessage(t int, msg []byte) {
 }
 func (pn *P2PNetwork) readLoop() {
-	gLog.Printf(LevelINFO, "P2PNetwork readLoop start")
+	gLog.Printf(LevelDEBUG, "P2PNetwork readLoop start")
 	pn.wg.Add(1)
 	defer pn.wg.Done()
 	for pn.running {
@@ -496,7 +502,7 @@ func (pn *P2PNetwork) readLoop() {
 		}
 		pn.handleMessage(t, msg)
 	}
-	gLog.Printf(LevelINFO, "P2PNetwork readLoop end")
+	gLog.Printf(LevelDEBUG, "P2PNetwork readLoop end")
 }
 func (pn *P2PNetwork) write(mainType uint16, subType uint16, packet interface{}) error {
@@ -566,12 +572,15 @@ func (pn *P2PNetwork) read(node string, mainType uint16, subType uint16, timeout
 	} else {
 		nodeID = nodeNameToID(node)
 	}
 	pn.msgMapMtx.Lock()
 	ch := pn.msgMap[nodeID]
 	pn.msgMapMtx.Unlock()
 	for {
 		select {
 		case <-time.After(timeout):
 			gLog.Printf(LevelERROR, "wait msg%d:%d timeout", mainType, subType)
 			return
-		case msg := <-pn.msgMap[nodeID]:
+		case msg := <-ch:
 			head = &openP2PHeader{}
 			err := binary.Read(bytes.NewReader(msg[:openP2PHeaderSize]), binary.LittleEndian, head)
 			if err != nil {
@@ -591,104 +600,12 @@ func (pn *P2PNetwork) read(node string, mainType uint16, subType uint16, timeout
 	}
 }
 func (pn *P2PNetwork) handlePush(subType uint16, msg []byte) error {
 	pushHead := PushHeader{}
 	err := binary.Read(bytes.NewReader(msg[openP2PHeaderSize:openP2PHeaderSize+PushHeaderSize]), binary.LittleEndian, &pushHead)
 	if err != nil {
 		return err
 	}
 	gLog.Printf(LevelDEBUG, "handle push msg type:%d, push header:%+v", subType, pushHead)
 	switch subType {
 	case MsgPushConnectReq:
 		req := PushConnectReq{}
 		err := json.Unmarshal(msg[openP2PHeaderSize+PushHeaderSize:], &req)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong MsgPushConnectReq:%s", err)
 			return err
 		}
 		gLog.Printf(LevelINFO, "%s is connecting...", req.From)
 		gLog.Println(LevelDEBUG, "push connect response to ", req.From)
 		// verify token or name&password
 		if VerifyTOTP(req.Token, pn.config.User, pn.config.Password, time.Now().Unix()) || (req.User == pn.config.User && req.Password == pn.config.Password) {
 			gLog.Printf(LevelINFO, "Access Granted\n")
 			config := AppConfig{}
 			config.peerNatType = req.NatType
 			config.peerConeNatPort = req.ConeNatPort
 			config.peerIP = req.FromIP
 			config.PeerNode = req.From
 			// share relay node will limit bandwidth
 			if req.User != pn.config.User || req.Password != pn.config.Password {
 				gLog.Printf(LevelINFO, "set share bandwidth %d mbps", pn.config.shareBandwidth)
 				config.shareBandwidth = pn.config.shareBandwidth
 			}
 			// go pn.AddTunnel(config, req.ID)
 			go pn.addDirectTunnel(config, req.ID)
 			break
 		}
 		gLog.Println(LevelERROR, "Access Denied:", req.From)
 		rsp := PushConnectRsp{
 			Error:  1,
 			Detail: fmt.Sprintf("connect to %s error: Access Denied", pn.config.Node),
 			To:     req.From,
 			From:   pn.config.Node,
 		}
 		pn.push(req.From, MsgPushConnectRsp, rsp)
 	case MsgPushRsp:
 		rsp := PushRsp{}
 		err := json.Unmarshal(msg[openP2PHeaderSize:], &rsp)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong pushRsp:%s", err)
 			return err
 		}
 		if rsp.Error == 0 {
 			gLog.Printf(LevelDEBUG, "push ok, detail:%s", rsp.Detail)
 		} else {
 			gLog.Printf(LevelERROR, "push error:%d, detail:%s", rsp.Error, rsp.Detail)
 		}
 	case MsgPushAddRelayTunnelReq:
 		req := AddRelayTunnelReq{}
 		err := json.Unmarshal(msg[openP2PHeaderSize+PushHeaderSize:], &req)
 		if err != nil {
 			gLog.Printf(LevelERROR, "wrong RelayNodeRsp:%s", err)
 			return err
 		}
 		config := AppConfig{}
 		config.PeerNode = req.RelayName
 		config.peerToken = req.RelayToken
 		// set user password, maybe the relay node is your private node
 		config.PeerUser = pn.config.User
 		config.PeerPassword = pn.config.Password
 		go func(r AddRelayTunnelReq) {
 			t, errDt := pn.addDirectTunnel(config, 0)
 			if errDt == nil {
 				// notify peer relay ready
 				msg := TunnelMsg{ID: t.id}
 				pn.push(r.From, MsgPushAddRelayTunnelRsp, msg)
 				SaveKey(req.AppID, req.AppKey)
 			}
 		}(req)
 	case MsgPushUpdate:
 		update()
 		if gConf.daemonMode {
 			os.Exit(0)
 		}
 	default:
 		pn.msgMapMtx.Lock()
 		ch := pn.msgMap[pushHead.From]
 		pn.msgMapMtx.Unlock()
 		ch <- msg
 	}
 	return nil
 }
 func (pn *P2PNetwork) updateAppHeartbeat(appID uint64) {
 	pn.apps.Range(func(id, i interface{}) bool {
-		key := id.(uint64)
+		app := i.(*p2pApp)
-		if key != appID {
+		if app.id != appID {
 			return true
 		}
 		app := i.(*p2pApp)
 		app.updateHeartbeat()
 		return false
 	})
--- a/p2ptunnel.go
+++ b/p2ptunnel.go
@@ -52,13 +52,12 @@ func (t *P2PTunnel) init() {
 }
 func (t *P2PTunnel) connect() error {
-	gLog.Printf(LevelINFO, "start p2pTunnel to %s ", t.config.PeerNode)
+	gLog.Printf(LevelDEBUG, "start p2pTunnel to %s ", t.config.PeerNode)
 	t.isServer = false
 	req := PushConnectReq{
 		User:        t.config.PeerUser,
 		Password:    t.config.PeerPassword,
 		Token:       t.config.peerToken,
 		From:        t.pn.config.Node,
 		FromToken:   t.pn.config.Token,
 		FromIP:      t.pn.config.publicIP,
 		ConeNatPort: t.coneNatPort,
 		NatType:     t.pn.config.natType,
@@ -144,7 +143,7 @@ func (t *P2PTunnel) handshake() error {
 			return err
 		}
 	}
-	gLog.Println(LevelINFO, "handshake to ", t.config.PeerNode)
+	gLog.Println(LevelDEBUG, "handshake to ", t.config.PeerNode)
 	var err error
 	// TODO: handle NATNone, nodes with public ip has no punching
 	if (t.pn.config.natType == NATCone && t.config.peerNatType == NATCone) || (t.pn.config.natType == NATNone || t.config.peerNatType == NATNone) {
@@ -163,7 +162,7 @@ func (t *P2PTunnel) handshake() error {
 		gLog.Println(LevelERROR, "punch handshake error:", err)
 		return err
 	}
-	gLog.Printf(LevelINFO, "handshake to %s ok", t.config.PeerNode)
+	gLog.Printf(LevelDEBUG, "handshake to %s ok", t.config.PeerNode)
 	err = t.run()
 	if err != nil {
 		gLog.Println(LevelERROR, err)
@@ -198,7 +197,7 @@ func (t *P2PTunnel) run() error {
 			gLog.Println(LevelDEBUG, string(buff))
 		}
 		qConn.WriteBytes(MsgP2P, MsgTunnelHandshakeAck, []byte("OpenP2P,hello2"))
-		gLog.Println(LevelINFO, "quic connection ok")
+		gLog.Println(LevelDEBUG, "quic connection ok")
 		t.conn = qConn
 		t.setRun(true)
 		go t.readLoop()
@@ -216,7 +215,7 @@ func (t *P2PTunnel) run() error {
 		}
 	}
 	t.pn.read(t.config.PeerNode, MsgPush, MsgPushQuicConnect, time.Second*5)
-	gLog.Println(LevelINFO, "quic dial to ", t.ra.String())
+	gLog.Println(LevelDEBUG, "quic dial to ", t.ra.String())
 	qConn, e := dialQuic(conn, t.ra, TunnelIdleTimeout)
 	if e != nil {
 		return fmt.Errorf("quic dial to %s error:%s", t.ra.String(), e)
@@ -233,7 +232,7 @@ func (t *P2PTunnel) run() error {
 	}
 	gLog.Println(LevelINFO, "rtt=", time.Since(handshakeBegin))
-	gLog.Println(LevelINFO, "quic connection ok")
+	gLog.Println(LevelDEBUG, "quic connection ok")
 	t.conn = qConn
 	t.setRun(true)
 	go t.readLoop()
@@ -243,7 +242,7 @@ func (t *P2PTunnel) run() error {
 func (t *P2PTunnel) readLoop() {
 	decryptData := make([]byte, ReadBuffLen+PaddingSize) // 16 bytes for padding
-	gLog.Printf(LevelINFO, "%d tunnel readloop start", t.id)
+	gLog.Printf(LevelDEBUG, "%d tunnel readloop start", t.id)
 	for t.isRuning() {
 		t.conn.SetReadDeadline(time.Now().Add(TunnelIdleTimeout))
 		head, body, err := t.conn.ReadMessage()
@@ -277,7 +276,7 @@ func (t *P2PTunnel) readLoop() {
 				gLog.Printf(LevelDEBUG, "%d tunnel not found overlay connection %d", t.id, overlayID)
 				continue
 			}
-			overlayConn, ok := s.(*overlayTCP)
+			overlayConn, ok := s.(*overlayConn)
 			if !ok {
 				continue
 			}
@@ -326,40 +325,42 @@ func (t *P2PTunnel) readLoop() {
 				gLog.Printf(LevelERROR, "wrong MsgOverlayConnectReq:%s", err)
 				continue
 			}
-			// app connect only accept user/password, avoid someone using the share relay node's token
+			// app connect only accept token(not relay totp token), avoid someone using the share relay node's token
-			if req.User != t.pn.config.User || req.Password != t.pn.config.Password {
+			if req.Token != t.pn.config.Token {
-				gLog.Println(LevelERROR, "Access Denied:", req.User)
+				gLog.Println(LevelERROR, "Access Denied:", req.Token)
 				continue
 			}
 			overlayID := req.ID
-			gLog.Printf(LevelINFO, "App:%d overlayID:%d connect %+v", req.AppID, overlayID, req)
+			gLog.Printf(LevelDEBUG, "App:%d overlayID:%d connect %+v", req.AppID, overlayID, req)
-			if req.Protocol == "tcp" {
+			oConn := overlayConn{
-				conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", req.DstIP, req.DstPort), time.Second*5)
+				tunnel:   t,
-				if err != nil {
+				id:       overlayID,
-					gLog.Println(LevelERROR, err)
+				isClient: false,
-					continue
+				rtid:     req.RelayTunnelID,
-				}
+				appID:    req.AppID,
-				otcp := overlayTCP{
+				appKey:   GetKey(req.AppID),
 					tunnel:   t,
 					conn:     conn,
 					id:       overlayID,
 					isClient: false,
 					rtid:     req.RelayTunnelID,
 					appID:    req.AppID,
 					appKey:   GetKey(req.AppID),
 				}
 				// calc key bytes for encrypt
 				if otcp.appKey != 0 {
 					encryptKey := make([]byte, 16)
 					binary.LittleEndian.PutUint64(encryptKey, otcp.appKey)
 					binary.LittleEndian.PutUint64(encryptKey[8:], otcp.appKey)
 					otcp.appKeyBytes = encryptKey
 				}
 				t.overlayConns.Store(otcp.id, &otcp)
 				go otcp.run()
 			}
 			if req.Protocol == "udp" {
 				oConn.connUDP, err = net.DialUDP("udp", nil, &net.UDPAddr{IP: net.ParseIP(req.DstIP), Port: req.DstPort})
 			} else {
 				oConn.connTCP, err = net.DialTimeout("tcp", fmt.Sprintf("%s:%d", req.DstIP, req.DstPort), time.Second*5)
 			}
 			if err != nil {
 				gLog.Println(LevelERROR, err)
 				continue
 			}
 			// calc key bytes for encrypt
 			if oConn.appKey != 0 {
 				encryptKey := make([]byte, 16)
 				binary.LittleEndian.PutUint64(encryptKey, oConn.appKey)
 				binary.LittleEndian.PutUint64(encryptKey[8:], oConn.appKey)
 				oConn.appKeyBytes = encryptKey
 			}
 			t.overlayConns.Store(oConn.id, &oConn)
 			go oConn.run()
 		case MsgOverlayDisconnectReq:
 			req := OverlayDisconnectReq{}
 			err := json.Unmarshal(body, &req)
@@ -368,24 +369,24 @@ func (t *P2PTunnel) readLoop() {
 				continue
 			}
 			overlayID := req.ID
-			gLog.Printf(LevelINFO, "%d disconnect overlay connection %d", t.id, overlayID)
+			gLog.Printf(LevelDEBUG, "%d disconnect overlay connection %d", t.id, overlayID)
 			i, ok := t.overlayConns.Load(overlayID)
 			if ok {
-				otcp := i.(*overlayTCP)
+				oConn := i.(*overlayConn)
-				otcp.running = false
+				oConn.running = false
 			}
 		default:
 		}
 	}
 	t.setRun(false)
 	t.conn.Close()
-	gLog.Printf(LevelINFO, "%d tunnel readloop end", t.id)
+	gLog.Printf(LevelDEBUG, "%d tunnel readloop end", t.id)
 }
 func (t *P2PTunnel) writeLoop() {
 	tc := time.NewTicker(TunnelHeartbeatTime)
 	defer tc.Stop()
-	defer gLog.Printf(LevelINFO, "%d tunnel writeloop end", t.id)
+	defer gLog.Printf(LevelDEBUG, "%d tunnel writeloop end", t.id)
 	for t.isRuning() {
 		select {
 		case <-tc.C:
@@ -402,16 +403,23 @@ func (t *P2PTunnel) writeLoop() {
 }
 func (t *P2PTunnel) listen() error {
-	gLog.Printf(LevelINFO, "p2ptunnel wait for connecting")
+	gLog.Printf(LevelDEBUG, "p2ptunnel wait for connecting")
 	t.isServer = true
 	return t.handshake()
 }
 func (t *P2PTunnel) closeOverlayConns(appID uint64) {
 	t.overlayConns.Range(func(_, i interface{}) bool {
-		otcp := i.(*overlayTCP)
+		oConn := i.(*overlayConn)
-		if otcp.appID == appID {
+		if oConn.appID == appID {
-			otcp.conn.Close()
+			if oConn.connTCP != nil {
 				oConn.connTCP.Close()
 				oConn.connTCP = nil
 			}
 			if oConn.connUDP != nil {
 				oConn.connUDP.Close()
 				oConn.connUDP = nil
 			}
 		}
 		return true
 	})
--- a/protocol.go
+++ b/protocol.go
@@ -4,14 +4,13 @@ import (
 	"bytes"
 	"encoding/binary"
 	"encoding/json"
 	"errors"
 	"hash/crc64"
 	"math/big"
 	"net"
 	"time"
 )
-const OpenP2PVersion = "0.96.1"
+const OpenP2PVersion = "1.4.2"
 const ProducnName string = "openp2p"
 type openP2PHeader struct {
@@ -80,6 +79,10 @@ const (
 	MsgPushUpdate            = 6
 	MsgPushReportApps        = 7
 	MsgPushQuicConnect       = 8
 	MsgPushEditApp           = 9
 	MsgPushSwitchApp         = 10
 	MsgPushRestart           = 11
 	MsgPushEditNode          = 12
 )
 // MsgP2P sub type message
@@ -110,10 +113,11 @@ const (
 	MsgReportBasic = iota
 	MsgReportQuery
 	MsgReportConnect
 	MsgReportApps
 )
 const (
-	ReadBuffLen           = 1024
+	ReadBuffLen           = 4096             // for UDP maybe not enough
 	NetworkHeartbeatTime  = time.Second * 30 // TODO: server no response hb, save flow
 	TunnelHeartbeatTime   = time.Second * 15
 	TunnelIdleTimeout     = time.Minute
@@ -129,14 +133,8 @@ const (
 	RetryInterval                = time.Second * 30
 	PublicIPEchoTimeout          = time.Second * 3
 	NatTestTimeout               = time.Second * 10
-)
+	ClientAPITimeout             = time.Second * 10
-
+	MaxDirectTry                 = 5
 // error message
 var (
 	// ErrorS2S string = "s2s is not supported"
 	// ErrorHandshake string = "handshake error"
 	ErrorS2S       = errors.New("s2s is not supported")
 	ErrorHandshake = errors.New("handshake error")
 )
 // NATNone has public ip
@@ -144,6 +142,7 @@ const (
 	NATNone      = 0
 	NATCone      = 1
 	NATSymmetric = 2
 	NATUnknown   = 314
 )
 func newMessage(mainType uint16, subType uint16, packet interface{}) ([]byte, error) {
@@ -172,9 +171,8 @@ func nodeNameToID(name string) uint64 {
 type PushConnectReq struct {
 	From        string `json:"from,omitempty"`
-	User        string `json:"user,omitempty"`
+	FromToken   uint64 `json:"fromToken,omitempty"` //my token
-	Password    string `json:"password,omitempty"`
+	Token       uint64 `json:"token,omitempty"`     // totp token
 	Token       uint64 `json:"token,omitempty"`
 	ConeNatPort int    `json:"coneNatPort,omitempty"`
 	NatType     int    `json:"natType,omitempty"`
 	FromIP      string `json:"fromIP,omitempty"`
@@ -198,7 +196,9 @@ type PushRsp struct {
 type LoginRsp struct {
 	Error  int    `json:"error,omitempty"`
 	Detail string `json:"detail,omitempty"`
-	Ts     uint64 `json:"ts,omitempty"`
+	User   string `json:"user,omitempty"`
 	Token  uint64 `json:"token,omitempty"`
 	Ts     int64  `json:"ts,omitempty"`
 }
 type NatDetectReq struct {
@@ -218,8 +218,7 @@ type P2PHandshakeReq struct {
 type OverlayConnectReq struct {
 	ID            uint64 `json:"id,omitempty"`
-	User          string `json:"user,omitempty"`
+	Token         uint64 `json:"token,omitempty"` // not totp token
 	Password      string `json:"password,omitempty"`
 	DstIP         string `json:"dstIP,omitempty"`
 	DstPort       int    `json:"dstPort,omitempty"`
 	Protocol      string `json:"protocol,omitempty"`
@@ -238,6 +237,7 @@ type RelayNodeReq struct {
 }
 type RelayNodeRsp struct {
 	Mode       string `json:"mode,omitempty"` // private,public
 	RelayName  string `json:"relayName,omitempty"`
 	RelayToken uint64 `json:"relayToken,omitempty"`
 }
@@ -271,7 +271,7 @@ type ReportConnect struct {
 	NatType        int    `json:"natType,omitempty"`
 	PeerNode       string `json:"peerNode,omitempty"`
 	DstPort        int    `json:"dstPort,omitempty"`
-	DstHost        string `json:"dsdtHost,omitempty"`
+	DstHost        string `json:"dstHost,omitempty"`
 	PeerUser       string `json:"peerUser,omitempty"`
 	PeerNatType    int    `json:"peerNatType,omitempty"`
 	PeerIP         string `json:"peerIP,omitempty"`
@@ -280,6 +280,34 @@ type ReportConnect struct {
 	Version        string `json:"version,omitempty"`
 }
 type AppInfo struct {
 	AppName        string `json:"appName,omitempty"`
 	Error          string `json:"error,omitempty"`
 	Protocol       string `json:"protocol,omitempty"`
 	SrcPort        int    `json:"srcPort,omitempty"`
 	Protocol0      string `json:"protocol0,omitempty"`
 	SrcPort0       int    `json:"srcPort0,omitempty"`
 	NatType        int    `json:"natType,omitempty"`
 	PeerNode       string `json:"peerNode,omitempty"`
 	DstPort        int    `json:"dstPort,omitempty"`
 	DstHost        string `json:"dstHost,omitempty"`
 	PeerUser       string `json:"peerUser,omitempty"`
 	PeerNatType    int    `json:"peerNatType,omitempty"`
 	PeerIP         string `json:"peerIP,omitempty"`
 	ShareBandwidth int    `json:"shareBandWidth,omitempty"`
 	RelayNode      string `json:"relayNode,omitempty"`
 	RelayMode      string `json:"relayMode,omitempty"`
 	Version        string `json:"version,omitempty"`
 	RetryTime      string `json:"retryTime,omitempty"`
 	ConnectTime    string `json:"connectTime,omitempty"`
 	IsActive       int    `json:"isActive,omitempty"`
 	Enabled        int    `json:"enabled,omitempty"`
 }
 type ReportApps struct {
 	Apps []AppInfo
 }
 type UpdateInfo struct {
 	Error       int    `json:"error,omitempty"`
 	ErrorDetail string `json:"errorDetail,omitempty"`
@@ -304,3 +332,17 @@ type NetInfo struct {
 	ASNOrg     string   `json:"asn_org,omitempty"`
 	Hostname   string   `json:"hostname,omitempty"`
 }
 type ProfileInfo struct {
 	User     string `json:"user,omitempty"`
 	Password string `json:"password,omitempty"`
 	Email    string `json:"email,omitempty"`
 	Phone    string `json:"phone,omitempty"`
 	Token    string `json:"token,omitempty"`
 	Addtime  string `json:"addtime,omitempty"`
 }
 type EditNode struct {
 	NewName   string `json:"newName,omitempty"`
 	Bandwidth int    `json:"bandwidth,omitempty"`
 }
--- a/quic.go
+++ b/quic.go
@@ -99,7 +99,7 @@ func (conn *quicConn) Accept() error {
 }
 func listenQuic(addr string, idleTimeout time.Duration) (*quicConn, error) {
-	gLog.Println(LevelINFO, "quic listen on ", addr)
+	gLog.Println(LevelDEBUG, "quic listen on ", addr)
 	listener, err := quic.ListenAddr(addr, generateTLSConfig(),
 		&quic.Config{Versions: quicVersion, MaxIdleTimeout: idleTimeout, DisablePathMTUDiscovery: true})
 	if err != nil {
--- a/totp.go
+++ b/totp.go
@@ -8,9 +8,11 @@ import (
 )
 const TOTPStep = 30 // 30s
-func GenTOTP(user string, password string, ts int64) uint64 {
+func GenTOTP(token uint64, ts int64) uint64 {
 	step := ts / TOTPStep
-	mac := hmac.New(sha256.New, []byte(user+password))
+	tbuff := make([]byte, 8)
 	binary.LittleEndian.PutUint64(tbuff, token)
 	mac := hmac.New(sha256.New, tbuff)
 	b := make([]byte, 8)
 	binary.LittleEndian.PutUint64(b, uint64(step))
 	mac.Write(b)
@@ -19,11 +21,11 @@ func GenTOTP(user string, password string, ts int64) uint64 {
 	return num
 }
-func VerifyTOTP(code uint64, user string, password string, ts int64) bool {
+func VerifyTOTP(code uint64, token uint64, ts int64) bool {
 	if code == 0 {
 		return false
 	}
-	if code == GenTOTP(user, password, ts) || code == GenTOTP(user, password, ts-TOTPStep) || code == GenTOTP(user, password, ts+TOTPStep) {
+	if code == GenTOTP(token, ts) || code == GenTOTP(token, ts-TOTPStep) || code == GenTOTP(token, ts+TOTPStep) {
 		return true
 	}
 	return false
--- a/totp_test.go
+++ b/totp_test.go
@@ -9,24 +9,24 @@ import (
 func TestTOTP(t *testing.T) {
 	for i := 0; i < 20; i++ {
 		ts := time.Now().Unix()
-		code := GenTOTP("testuser1", "testpassword1", ts)
+		code := GenTOTP(13666999958022769123, ts)
 		t.Log(code)
-		if !VerifyTOTP(code, "testuser1", "testpassword1", ts) {
+		if !VerifyTOTP(code, 13666999958022769123, ts) {
 			t.Error("TOTP error")
 		}
-		if !VerifyTOTP(code, "testuser1", "testpassword1", ts-10) {
+		if !VerifyTOTP(code, 13666999958022769123, ts-10) {
 			t.Error("TOTP error")
 		}
-		if !VerifyTOTP(code, "testuser1", "testpassword1", ts+10) {
+		if !VerifyTOTP(code, 13666999958022769123, ts+10) {
 			t.Error("TOTP error")
 		}
-		if VerifyTOTP(code, "testuser1", "testpassword1", ts+60) {
+		if VerifyTOTP(code, 13666999958022769123, ts+60) {
 			t.Error("TOTP error")
 		}
-		if VerifyTOTP(code, "testuser2", "testpassword1", ts+1) {
+		if VerifyTOTP(code, 13666999958022769124, ts+1) {
 			t.Error("TOTP error")
 		}
-		if VerifyTOTP(code, "testuser1", "testpassword2", ts+1) {
+		if VerifyTOTP(code, 13666999958022769125, ts+1) {
 			t.Error("TOTP error")
 		}
 		time.Sleep(time.Second)
--- a/update.go
+++ b/update.go
@@ -16,18 +16,9 @@ import (
 	"time"
 )
 // type updateFileInfo struct {
 // 	Name         string `json:"name,omitempty"`
 // 	RelativePath string `json:"relativePath,omitempty"`
 // 	Length       int64  `json:"length,omitempty"`
 // 	URL          string `json:"url,omitempty"`
 // 	Hash         string `json:"hash,omitempty"`
 // }
 func update() {
 	gLog.Println(LevelINFO, "update start")
 	defer gLog.Println(LevelINFO, "update end")
 	// TODO: download from gitee. save flow
 	c := http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
@@ -36,7 +27,7 @@ func update() {
 	}
 	goos := runtime.GOOS
 	goarch := runtime.GOARCH
-	rsp, err := c.Get(fmt.Sprintf("https://openp2p.cn:27182/api/v1/update?fromver=%s&os=%s&arch=%s", OpenP2PVersion, goos, goarch))
+	rsp, err := c.Get(fmt.Sprintf("https://openp2p.cn:27183/api/v1/update?fromver=%s&os=%s&arch=%s", OpenP2PVersion, goos, goarch))
 	if err != nil {
 		gLog.Println(LevelERROR, "update:query update list failed:", err)
 		return
@@ -61,7 +52,6 @@ func update() {
 		gLog.Println(LevelERROR, "update error:", updateInfo.Error, updateInfo.ErrorDetail)
 		return
 	}
 	os.MkdirAll("download", 0666)
 	err = updateFile(updateInfo.Url, "", "openp2p")
 	if err != nil {
 		gLog.Println(LevelERROR, "update: download failed:", err)
@@ -112,6 +102,7 @@ func updateFile(url string, checksum string, dst string) error {
 		os.Rename(os.Args[0]+"0", os.Args[0])
 		return err
 	}
 	os.Remove(tmpFile)
 	return nil
 }
@@ -133,11 +124,6 @@ func unzip(dst, src string) (err error) {
 	for _, f := range archive.File {
 		filePath := filepath.Join(dst, f.Name)
 		fmt.Println("unzipping file ", filePath)
 		// if !strings.HasPrefix(filePath, filepath.Clean(dst)+string(os.PathSeparator)) {
 		// 	fmt.Println("invalid file path")
 		// 	return
 		// }
 		if f.FileInfo().IsDir() {
 			fmt.Println("creating directory...")
 			os.MkdirAll(filePath, os.ModePerm)
Author	SHA1	Message	Date
TenderIronh	6b8d3f7d47	1.4.2	2022-04-07 23:09:47 +08:00
TenderIronh	26e0fdf605	support udp	2022-02-26 18:50:57 +08:00
TenderIronh	3653ec19cd	1.2.0	2022-02-22 15:50:30 +08:00
TenderIronh	c733a2a4a1	doc	2022-02-11 18:33:50 +08:00
TenderIronh	b54fa2c6be	doc	2022-02-10 23:20:16 +08:00
TenderIronh	133fe046f8	doc	2022-02-03 23:51:58 +08:00
TenderIronh	95b46f51d0	web console	2022-02-03 23:43:28 +08:00
TenderIronh	7686af39e0	Improve update mechanism	2022-01-04 15:34:29 +08:00
TenderIronh	16b937ebd7	config doc	2021-12-30 15:14:07 +08:00
TenderIronh	ac454ec694	fix parameters default value	2021-12-30 14:54:45 +08:00
TenderIronh	029d69869f	refactor autorunApp and add api for web	2021-12-30 11:18:05 +08:00
TenderIronh	a528441342	install error	2021-12-21 14:41:07 +08:00
TenderIronh	2d6521be43	update readme	2021-12-15 15:42:27 +08:00
TenderIronh	2223634c83	update readme	2021-12-15 15:41:39 +08:00
TenderIronh	6c1551d951	auto adjust server and local timestamp for totp	2021-12-14 15:25:38 +08:00
TenderIronh	dd3d87c3d2	update doc	2021-12-13 18:31:31 +08:00