Add MTProxy, MASQUE, VPN, Link parser. Update AmneziaWG. Remove Tunneling

2026-06-15 15:52:02 +03:00 · 2026-04-29 22:11:30 +03:00
parent 09f9f114aa
commit 04908a6a67
158 changed files with 7994 additions and 2277 deletions
--- a/protocol/vpn/client.go
+++ b/protocol/vpn/client.go
@@ -0,0 +1,160 @@
+package vpn
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"time"
+
+	"github.com/gofrs/uuid/v5"
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/adapter/endpoint"
+	"github.com/sagernet/sing-box/adapter/outbound"
+	sbUot "github.com/sagernet/sing-box/common/uot"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing/common"
+	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/logger"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/uot"
+	"github.com/sagernet/sing/service"
+)
+
+func RegisterClientEndpoint(registry *endpoint.Registry) {
+	endpoint.Register[option.VPNClientEndpointOptions](registry, C.TypeVPNClient, NewClientEndpoint)
+}
+
+type ClientEndpoint struct {
+	outbound.Adapter
+	ctx       context.Context
+	outbound  adapter.Outbound
+	router    adapter.ConnectionRouterEx
+	logger    logger.ContextLogger
+	address   IPv4
+	key       uuid.UUID
+	uotClient *uot.Client
+}
+
+func NewClientEndpoint(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.VPNClientEndpointOptions) (adapter.Endpoint, error) {
+	address := options.Address
+	if !address.Is4() {
+		return nil, E.New("invalid address: ", address)
+	}
+	key, err := uuid.FromString(options.Key)
+	if err != nil {
+		return nil, err
+	}
+	client := &ClientEndpoint{
+		Adapter: outbound.NewAdapter(C.TypeVPNClient, tag, []string{N.NetworkTCP, N.NetworkUDP}, []string{}),
+		ctx:     ctx,
+		router:  sbUot.NewRouter(router, logger),
+		logger:  logger,
+		address: address.As4(),
+		key:     key,
+	}
+	outboundRegistry := service.FromContext[adapter.OutboundRegistry](ctx)
+	outbound, err := outboundRegistry.CreateOutbound(ctx, router, logger, options.Outbound.Tag, options.Outbound.Type, options.Outbound.Options)
+	if err != nil {
+		return nil, err
+	}
+	client.outbound = outbound
+	client.uotClient = &uot.Client{
+		Dialer:  outbound,
+		Version: uot.Version,
+	}
+	return client, nil
+}
+
+func (c *ClientEndpoint) Start(stage adapter.StartStage) error {
+	if stage != adapter.StartStatePostStart {
+		return nil
+	}
+	for range 5 {
+		go func() {
+			for {
+				select {
+				case <-c.ctx.Done():
+					return
+				default:
+					err := c.startInboundConn()
+					if err != nil {
+						c.logger.ErrorContext(c.ctx, err)
+						time.Sleep(time.Second * 5)
+					}
+				}
+			}
+		}()
+	}
+	return nil
+}
+
+func (c *ClientEndpoint) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	if N.NetworkName(network) == N.NetworkUDP {
+		return c.uotClient.DialContext(ctx, network, destination)
+	}
+	if destination.Addr.Is4() && destination.Addr.As4() == c.address {
+		return nil, E.New("routing loop on ", destination.Addr)
+	}
+	conn, err := c.outbound.DialContext(ctx, N.NetworkTCP, Destination)
+	if err != nil {
+		return nil, err
+	}
+	gateway := Loopback.As4()
+	if metadata := adapter.ContextFrom(ctx); metadata != nil {
+		if metadata.Gateway != nil {
+			gateway = metadata.Gateway.As4()
+			if gateway == c.address {
+				return nil, E.New("routing loop on ", destination.Addr)
+			}
+		}
+	}
+	err = WriteClientRequest(
+		conn,
+		&ClientRequest{
+			Key:         c.key,
+			Command:     CommandTCP,
+			Gateway:     gateway,
+			Destination: destination,
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+	return conn, nil
+}
+
+func (c *ClientEndpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	return c.uotClient.ListenPacket(ctx, destination)
+}
+
+func (c *ClientEndpoint) Close() error {
+	return common.Close(c.outbound)
+}
+
+func (c *ClientEndpoint) startInboundConn() error {
+	conn, err := c.outbound.DialContext(c.ctx, N.NetworkTCP, Destination)
+	if err != nil {
+		return err
+	}
+	err = WriteClientRequest(conn, &ClientRequest{Key: c.key, Command: CommandInbound, Destination: Destination})
+	if err != nil {
+		return err
+	}
+	request, err := ReadServerRequest(conn)
+	if err != nil {
+		return err
+	}
+	if request.Source == c.address {
+		return E.New("routing loop")
+	}
+	metadata := adapter.InboundContext{
+		Inbound:     c.Tag(),
+		Source:      M.Socksaddr{Addr: netip.AddrFrom4(request.Source)},
+		Destination: request.Destination,
+	}
+	go c.router.RouteConnectionEx(c.ctx, conn, metadata, func(it error) {})
+	return nil
+}
--- a/protocol/vpn/protocol.go
+++ b/protocol/vpn/protocol.go
@@ -0,0 +1,124 @@
+package vpn
+
+import (
+	"encoding/binary"
+	"io"
+	"net/netip"
+
+	"github.com/gofrs/uuid/v5"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/buf"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+)
+
+const (
+	Version = 0
+)
+
+const (
+	CommandInbound = 1
+	CommandTCP     = 2
+)
+
+type IPv4 [4]byte
+
+var Destination = M.Socksaddr{
+	Fqdn: "sp.vpn.sing-box.arpa",
+	Port: 444,
+}
+
+var Loopback = netip.AddrFrom4([4]byte{127, 0, 0, 1})
+
+var AddressSerializer = M.NewSerializer(
+	M.AddressFamilyByte(0x01, M.AddressFamilyIPv4),
+	M.AddressFamilyByte(0x03, M.AddressFamilyIPv6),
+	M.AddressFamilyByte(0x02, M.AddressFamilyFqdn),
+	M.PortThenAddress(),
+)
+
+type ClientRequest struct {
+	Key         uuid.UUID
+	Command     byte
+	Gateway     IPv4
+	Destination M.Socksaddr
+}
+
+func ReadClientRequest(reader io.Reader) (*ClientRequest, error) {
+	var request ClientRequest
+	var version uint8
+	err := binary.Read(reader, binary.BigEndian, &version)
+	if err != nil {
+		return nil, err
+	}
+	if version != Version {
+		return nil, E.New("unknown version: ", version)
+	}
+	_, err = io.ReadFull(reader, request.Key[:])
+	if err != nil {
+		return nil, err
+	}
+	err = binary.Read(reader, binary.BigEndian, &request.Command)
+	if err != nil {
+		return nil, err
+	}
+	_, err = io.ReadFull(reader, request.Gateway[:])
+	if err != nil {
+		return nil, err
+	}
+	request.Destination, err = AddressSerializer.ReadAddrPort(reader)
+	if err != nil {
+		return nil, err
+	}
+	return &request, nil
+}
+
+func WriteClientRequest(writer io.Writer, request *ClientRequest) error {
+	var requestLen int
+	requestLen += 1  // version
+	requestLen += 16 // key
+	requestLen += 1  // command
+	requestLen += 4  // gateway
+	requestLen += AddressSerializer.AddrPortLen(request.Destination)
+	buffer := buf.NewSize(requestLen)
+	defer buffer.Release()
+	common.Must(
+		buffer.WriteByte(Version),
+		common.Error(buffer.Write(request.Key[:])),
+		buffer.WriteByte(request.Command),
+		common.Error(buffer.Write(request.Gateway[:])),
+		AddressSerializer.WriteAddrPort(buffer, request.Destination),
+	)
+	return common.Error(writer.Write(buffer.Bytes()))
+}
+
+type ServerRequest struct {
+	Source      IPv4
+	Destination M.Socksaddr
+}
+
+func ReadServerRequest(reader io.Reader) (*ServerRequest, error) {
+	var request ServerRequest
+	_, err := io.ReadFull(reader, request.Source[:])
+	if err != nil {
+		return nil, err
+	}
+	request.Destination, err = AddressSerializer.ReadAddrPort(reader)
+	if err != nil {
+		return nil, err
+	}
+	return &request, nil
+}
+
+func WriteServerRequest(writer io.Writer, request *ServerRequest) error {
+	var requestLen int
+	requestLen += 4 // source
+	requestLen += AddressSerializer.AddrPortLen(request.Destination)
+	buffer := buf.NewSize(requestLen)
+	defer buffer.Release()
+	common.Must(
+		common.Error(buffer.Write(request.Source[:])),
+		AddressSerializer.WriteAddrPort(buffer, request.Destination),
+	)
+	return common.Error(writer.Write(buffer.Bytes()))
+}
--- a/protocol/vpn/router.go
+++ b/protocol/vpn/router.go
@@ -0,0 +1,55 @@
+package vpn
+
+import (
+	"context"
+	"net"
+	"os"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing/common/logger"
+	N "github.com/sagernet/sing/common/network"
+)
+
+type Router struct {
+	adapter.Router
+	logger  logger.ContextLogger
+	handler func(context.Context, net.Conn, adapter.InboundContext, N.CloseHandlerFunc) error
+}
+
+func NewRouter(router adapter.Router, logger logger.ContextLogger, handler func(context.Context, net.Conn, adapter.InboundContext, N.CloseHandlerFunc) error) *Router {
+	return &Router{Router: router, logger: logger, handler: handler}
+}
+
+func (r *Router) RouteConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	if metadata.Destination != Destination {
+		return r.Router.RouteConnection(ctx, conn, metadata)
+	}
+	return r.handler(ctx, conn, metadata, func(error) {})
+}
+
+func (r *Router) RoutePacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	if metadata.Destination != Destination {
+		return r.Router.RoutePacketConnection(ctx, conn, metadata)
+	}
+	return os.ErrInvalid
+}
+
+func (r *Router) RouteConnectionEx(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+	if metadata.Destination != Destination {
+		r.Router.RouteConnectionEx(ctx, conn, metadata, onClose)
+		return
+	}
+	if err := r.handler(ctx, conn, metadata, onClose); err != nil {
+		r.logger.ErrorContext(ctx, err)
+		N.CloseOnHandshakeFailure(conn, onClose, err)
+	}
+}
+
+func (r *Router) RoutePacketConnectionEx(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
+	if metadata.Destination != Destination {
+		r.Router.RoutePacketConnectionEx(ctx, conn, metadata, onClose)
+		return
+	}
+	r.logger.ErrorContext(ctx, os.ErrInvalid)
+	N.CloseOnHandshakeFailure(conn, onClose, os.ErrInvalid)
+}
--- a/protocol/vpn/server.go
+++ b/protocol/vpn/server.go
@@ -0,0 +1,235 @@
+package vpn
+
+import (
+	"context"
+	"errors"
+	"net"
+	"net/netip"
+	"time"
+
+	"github.com/gofrs/uuid/v5"
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/adapter/endpoint"
+	"github.com/sagernet/sing-box/adapter/outbound"
+	sbUot "github.com/sagernet/sing-box/common/uot"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	E "github.com/sagernet/sing/common/exceptions"
+	"github.com/sagernet/sing/common/logger"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/uot"
+	"github.com/sagernet/sing/service"
+)
+
+func RegisterServerEndpoint(registry *endpoint.Registry) {
+	endpoint.Register[option.VPNServerEndpointOptions](registry, C.TypeVPNServer, NewServerEndpoint)
+}
+
+type ServerEndpoint struct {
+	outbound.Adapter
+	logger    logger.ContextLogger
+	inbounds  []adapter.Inbound
+	router    adapter.ConnectionRouterEx
+	address   IPv4
+	addresses map[uuid.UUID]IPv4
+	keys      map[IPv4]uuid.UUID
+	conns     map[IPv4]chan net.Conn
+	timeout   time.Duration
+	uotClient *uot.Client
+}
+
+func NewServerEndpoint(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.VPNServerEndpointOptions) (adapter.Endpoint, error) {
+	address := options.Address
+	if !address.Is4() {
+		return nil, E.New("invalid address: ", address)
+	}
+	server := &ServerEndpoint{
+		Adapter: outbound.NewAdapter(C.TypeVPNServer, tag, []string{N.NetworkTCP, N.NetworkUDP}, []string{}),
+		logger:  logger,
+		router:  sbUot.NewRouter(router, logger),
+		address: address.As4(),
+	}
+	router = NewRouter(router, logger, server.connHandler)
+	inboundRegistry := service.FromContext[adapter.InboundRegistry](ctx)
+	inbounds := make([]adapter.Inbound, len(options.Inbounds))
+	for i, inboundOptions := range options.Inbounds {
+		inbound, err := inboundRegistry.Create(ctx, router, logger, inboundOptions.Tag, inboundOptions.Type, inboundOptions.Options)
+		if err != nil {
+			return nil, err
+		}
+		inbounds[i] = inbound
+	}
+	server.inbounds = inbounds
+	server.addresses = make(map[uuid.UUID]IPv4, len(options.Users))
+	server.keys = make(map[IPv4]uuid.UUID, len(options.Users))
+	server.conns = make(map[IPv4]chan net.Conn)
+	for _, user := range options.Users {
+		key, err := uuid.FromString(user.Key)
+		if err != nil {
+			return nil, err
+		}
+		if !user.Address.Is4() {
+			return nil, E.New("invalid address: ", user.Address)
+		}
+		address := user.Address.As4()
+		server.addresses[key] = address
+		server.keys[address] = key
+		server.conns[address] = make(chan net.Conn, 10)
+	}
+	if options.ConnectTimeout != 0 {
+		server.timeout = time.Duration(options.ConnectTimeout)
+	} else {
+		server.timeout = C.TCPConnectTimeout
+	}
+	server.uotClient = &uot.Client{
+		Dialer:  server,
+		Version: uot.Version,
+	}
+	return server, nil
+}
+
+func (s *ServerEndpoint) Start(stage adapter.StartStage) error {
+	for _, inbound := range s.inbounds {
+		err := inbound.Start(stage)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (s *ServerEndpoint) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
+	if N.NetworkName(network) == N.NetworkUDP {
+		return s.uotClient.DialContext(ctx, network, destination)
+	}
+	source := s.address
+	var gateway *netip.Addr
+	if metadata := adapter.ContextFrom(ctx); metadata != nil {
+		if metadata.Source.IsIPv4() {
+			address := metadata.Source.Addr.As4()
+			if _, ok := s.conns[address]; ok {
+				source = address
+			}
+		}
+		if metadata.Gateway != nil {
+			gateway = metadata.Gateway
+		}
+	}
+	if gateway == nil {
+		if destination.IsIPv4() {
+			gateway = &destination.Addr
+			destination = M.Socksaddr{
+				Addr: Loopback,
+				Port: destination.Port,
+			}
+		} else {
+			return nil, E.New("missing gateway")
+		}
+	} else if destination.Addr.Compare(*gateway) == 0 {
+		destination = M.Socksaddr{
+			Addr: Loopback,
+			Port: destination.Port,
+		}
+	}
+	if gateway.Compare(Loopback) == 0 {
+		return nil, E.New("invalid gateway")
+	}
+	ch, ok := s.conns[gateway.As4()]
+	if !ok {
+		return nil, E.New("user with address ", gateway, " not found")
+	}
+	ctx, cancel := context.WithTimeout(ctx, s.timeout)
+	defer cancel()
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+		select {
+		case conn := <-ch:
+			err := WriteServerRequest(conn, &ServerRequest{Source: source, Destination: destination})
+			if err != nil {
+				conn.Close()
+				s.logger.ErrorContext(ctx, err)
+				continue
+			}
+			return conn, nil
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		}
+	}
+}
+
+func (s *ServerEndpoint) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
+	return s.uotClient.ListenPacket(ctx, destination)
+}
+
+func (s *ServerEndpoint) Close() error {
+	errs := make([]error, 0)
+	for _, inbound := range s.inbounds {
+		err := inbound.Close()
+		if err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) != 0 {
+		return errors.Join(errs...)
+	}
+	return nil
+}
+
+func (s *ServerEndpoint) connHandler(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) error {
+	if metadata.Destination != Destination {
+		s.router.RouteConnectionEx(ctx, conn, metadata, onClose)
+		return nil
+	}
+	request, err := ReadClientRequest(conn)
+	if err != nil {
+		return err
+	}
+	if request.Command == CommandInbound {
+		address, ok := s.addresses[request.Key]
+		if !ok {
+			return E.New("key ", request.Key.String(), " not found")
+		}
+		ch := s.conns[address]
+		select {
+		case ch <- conn:
+		default:
+			oldConn := <-ch
+			oldConn.Close()
+			ch <- conn
+		}
+		return nil
+	}
+	if request.Command == CommandTCP {
+		source, ok := s.addresses[request.Key]
+		if !ok {
+			return E.New("key ", request.Key, " not found")
+		}
+		if request.Destination.Addr.Is4() && source == request.Destination.Addr.As4() {
+			return E.New("routing loop on ", request.Destination)
+		}
+		metadata.Inbound = s.Tag()
+		metadata.InboundType = C.TypeVPNServer
+		metadata.Source = M.Socksaddr{Addr: netip.AddrFrom4(source)}
+		if request.Destination.Addr.Is4() && request.Destination.Addr.As4() == s.address {
+			metadata.Destination = M.Socksaddr{
+				Addr: Loopback,
+				Port: request.Destination.Port,
+			}
+		} else {
+			metadata.Destination = request.Destination
+			if request.Gateway != s.address && request.Gateway != Loopback.As4() {
+				addr := netip.AddrFrom4(request.Gateway)
+				metadata.Gateway = &addr
+			}
+		}
+		s.router.RouteConnectionEx(ctx, conn, metadata, onClose)
+		return nil
+	}
+	return E.New("command ", request.Command, " not found")
+}