Add OpenVPN, TrustTunnel, Sudoku, inbound managers. Fixes

2026-06-18 17:12:47 +03:00 · 2026-06-04 01:47:50 +03:00
parent 9b3da79c32
commit 195a33379d
164 changed files with 16665 additions and 1332 deletions
--- a/protocol/limiter/bandwidth/conn.go
+++ b/protocol/limiter/bandwidth/conn.go
@@ -3,15 +3,17 @@ package bandwidth
 import (
 	"context"
 	"net"
+
+	"github.com/sagernet/sing-box/common/onclose"
 )

 type connWithDownloadBandwidthLimiter struct {
 	net.Conn
 	ctx     context.Context
-	limiter Limiter
+	limiter BandwidthLimiter
 }

-func NewConnWithDownloadBandwidthLimiter(ctx context.Context, conn net.Conn, limiter Limiter) *connWithDownloadBandwidthLimiter {
+func NewConnWithDownloadBandwidthLimiter(ctx context.Context, conn net.Conn, limiter BandwidthLimiter) *connWithDownloadBandwidthLimiter {
 	return &connWithDownloadBandwidthLimiter{conn, ctx, limiter}
 }

@@ -26,10 +28,10 @@ func (conn *connWithDownloadBandwidthLimiter) Write(p []byte) (n int, err error)
 type connWithUploadBandwidthLimiter struct {
 	net.Conn
 	ctx     context.Context
-	limiter Limiter
+	limiter BandwidthLimiter
 }

-func NewConnWithUploadBandwidthLimiter(ctx context.Context, conn net.Conn, limiter Limiter) *connWithUploadBandwidthLimiter {
+func NewConnWithUploadBandwidthLimiter(ctx context.Context, conn net.Conn, limiter BandwidthLimiter) *connWithUploadBandwidthLimiter {
 	return &connWithUploadBandwidthLimiter{conn, ctx, limiter}
 }

@@ -47,10 +49,10 @@ func (conn *connWithUploadBandwidthLimiter) Read(p []byte) (n int, err error) {

 type connWithCloseHandler struct {
 	net.Conn
-	onClose CloseHandlerFunc
+	onClose onclose.CloseHandlerFunc
 }

-func NewConnWithCloseHandler(conn net.Conn, onClose CloseHandlerFunc) *connWithCloseHandler {
+func NewConnWithCloseHandler(conn net.Conn, onClose onclose.CloseHandlerFunc) *connWithCloseHandler {
 	return &connWithCloseHandler{conn, onClose}
 }

@@ -62,10 +64,10 @@ func (conn *connWithCloseHandler) Close() error {
 type packetConnWithDownloadBandwidthLimiter struct {
 	net.PacketConn
 	ctx     context.Context
-	limiter Limiter
+	limiter BandwidthLimiter
 }

-func NewPacketConnWithDownloadBandwidthLimiter(ctx context.Context, conn net.PacketConn, limiter Limiter) *packetConnWithDownloadBandwidthLimiter {
+func NewPacketConnWithDownloadBandwidthLimiter(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter) *packetConnWithDownloadBandwidthLimiter {
 	return &packetConnWithDownloadBandwidthLimiter{conn, ctx, limiter}
 }

@@ -80,10 +82,10 @@ func (conn *packetConnWithDownloadBandwidthLimiter) WriteTo(p []byte, addr net.A
 type packetConnWithUploadBandwidthLimiter struct {
 	net.PacketConn
 	ctx     context.Context
-	limiter Limiter
+	limiter BandwidthLimiter
 }

-func NewPacketConnWithUploadBandwidthLimiter(ctx context.Context, conn net.PacketConn, limiter Limiter) *packetConnWithUploadBandwidthLimiter {
+func NewPacketConnWithUploadBandwidthLimiter(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter) *packetConnWithUploadBandwidthLimiter {
 	return &packetConnWithUploadBandwidthLimiter{conn, ctx, limiter}
 }

@@ -101,10 +103,10 @@ func (conn *packetConnWithUploadBandwidthLimiter) ReadFrom(p []byte) (n int, add

 type packetConnWithCloseHandler struct {
 	net.PacketConn
-	onClose CloseHandlerFunc
+	onClose onclose.CloseHandlerFunc
 }

-func NewPacketConnWithCloseHandler(conn net.PacketConn, onClose CloseHandlerFunc) *packetConnWithCloseHandler {
+func NewPacketConnWithCloseHandler(conn net.PacketConn, onClose onclose.CloseHandlerFunc) *packetConnWithCloseHandler {
 	return &packetConnWithCloseHandler{conn, onClose}
 }

@@ -113,38 +115,38 @@ func (conn *packetConnWithCloseHandler) Close() error {
 	return conn.PacketConn.Close()
 }

-func connWithDownloadBandwidthWrapper(ctx context.Context, conn net.Conn, limiter Limiter, reverse bool) net.Conn {
+func connWithDownloadBandwidthWrapper(ctx context.Context, conn net.Conn, limiter BandwidthLimiter, reverse bool) net.Conn {
 	if reverse {
 		return NewConnWithUploadBandwidthLimiter(ctx, conn, limiter)
 	}
 	return NewConnWithDownloadBandwidthLimiter(ctx, conn, limiter)
 }

-func connWithUploadBandwidthWrapper(ctx context.Context, conn net.Conn, limiter Limiter, reverse bool) net.Conn {
+func connWithUploadBandwidthWrapper(ctx context.Context, conn net.Conn, limiter BandwidthLimiter, reverse bool) net.Conn {
 	if reverse {
 		return NewConnWithDownloadBandwidthLimiter(ctx, conn, limiter)
 	}
 	return NewConnWithUploadBandwidthLimiter(ctx, conn, limiter)
 }

-func connWithBidirectionalBandwidthWrapper(ctx context.Context, conn net.Conn, limiter Limiter, reverse bool) net.Conn {
+func connWithBidirectionalBandwidthWrapper(ctx context.Context, conn net.Conn, limiter BandwidthLimiter, reverse bool) net.Conn {
 	return NewConnWithUploadBandwidthLimiter(ctx, NewConnWithDownloadBandwidthLimiter(ctx, conn, limiter), limiter)
 }

-func packetConnWithDownloadBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter Limiter, reverse bool) net.PacketConn {
+func packetConnWithDownloadBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter, reverse bool) net.PacketConn {
 	if reverse {
 		return NewPacketConnWithUploadBandwidthLimiter(ctx, conn, limiter)
 	}
 	return NewPacketConnWithDownloadBandwidthLimiter(ctx, conn, limiter)
 }

-func packetConnWithUploadBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter Limiter, reverse bool) net.PacketConn {
+func packetConnWithUploadBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter, reverse bool) net.PacketConn {
 	if reverse {
 		return NewPacketConnWithDownloadBandwidthLimiter(ctx, conn, limiter)
 	}
 	return NewPacketConnWithUploadBandwidthLimiter(ctx, conn, limiter)
 }

-func packetConnWithBidirectionalBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter Limiter, reverse bool) net.PacketConn {
+func packetConnWithBidirectionalBandwidthWrapper(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter, reverse bool) net.PacketConn {
 	return NewPacketConnWithUploadBandwidthLimiter(ctx, NewPacketConnWithDownloadBandwidthLimiter(ctx, conn, limiter), limiter)
 }
--- a/protocol/limiter/bandwidth/limiter.go
+++ b/protocol/limiter/bandwidth/limiter.go
@@ -9,12 +9,13 @@ import (
 	"github.com/sagernet/sing-box/adapter"
 )

-type Limiter interface {
+type BandwidthLimiter interface {
 	WaitN(ctx context.Context, n int) (err error)
+	SetSpeed(speed uint64)
 }

 type FlowKeysLimiter struct {
-	limiter      Limiter
+	limiter      BandwidthLimiter
 	connIDGetter ConnIDGetter

 	waits map[string][]*wait
@@ -25,7 +26,7 @@ type FlowKeysLimiter struct {
 	mtx sync.Mutex
 }

-func NewFlowKeysLimiter(connIDGetter ConnIDGetter, limiter Limiter) *FlowKeysLimiter {
+func NewFlowKeysLimiter(connIDGetter ConnIDGetter, limiter BandwidthLimiter) *FlowKeysLimiter {
 	return &FlowKeysLimiter{
 		limiter:      limiter,
 		connIDGetter: connIDGetter,
@@ -36,6 +37,10 @@ func NewFlowKeysLimiter(connIDGetter ConnIDGetter, limiter Limiter) *FlowKeysLim
 	}
 }

+func (l *FlowKeysLimiter) SetSpeed(speed uint64) {
+	l.limiter.SetSpeed(speed)
+}
+
 func (l *FlowKeysLimiter) WaitN(ctx context.Context, n int) error {
 	id, _ := l.connIDGetter(ctx, adapter.ContextFrom(ctx))
 	mainWait := &wait{ctx, make(chan struct{}), n}
--- a/protocol/limiter/bandwidth/strategy.go
+++ b/protocol/limiter/bandwidth/strategy.go
@@ -7,16 +7,16 @@ import (
 	"sync"

 	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/onclose"
 	"github.com/sagernet/sing-box/log"
 	E "github.com/sagernet/sing/common/exceptions"
 	"golang.org/x/time/rate"
 )

 type (
-	CloseHandlerFunc  = func()
 	ConnIDGetter      = func(context.Context, *adapter.InboundContext) (string, bool)
-	ConnWrapper       = func(ctx context.Context, conn net.Conn, limiter Limiter, reverse bool) net.Conn
-	PacketConnWrapper = func(ctx context.Context, conn net.PacketConn, limiter Limiter, reverse bool) net.PacketConn
+	ConnWrapper       = func(ctx context.Context, conn net.Conn, limiter BandwidthLimiter, reverse bool) net.Conn
+	PacketConnWrapper = func(ctx context.Context, conn net.PacketConn, limiter BandwidthLimiter, reverse bool) net.PacketConn
 )

 type BandwidthStrategy interface {
@@ -24,8 +24,12 @@ type BandwidthStrategy interface {
 	wrapPacketConn(ctx context.Context, conn net.PacketConn, metadata *adapter.InboundContext, reverse bool) (net.PacketConn, error)
 }

+type SpeedUpdater interface {
+	SetSpeed(speed uint64)
+}
+
 type BandwidthLimiterStrategy interface {
-	getLimiter(ctx context.Context, metadata *adapter.InboundContext) (Limiter, CloseHandlerFunc, error)
+	getLimiter(ctx context.Context, metadata *adapter.InboundContext) (BandwidthLimiter, onclose.CloseHandlerFunc, error)
 }

 type DefaultWrapStrategy struct {
@@ -54,8 +58,14 @@ func (s *DefaultWrapStrategy) wrapPacketConn(ctx context.Context, conn net.Packe
 	return NewPacketConnWithCloseHandler(s.packetConnWrapper(ctx, conn, limiter, reverse), onClose), nil
 }

+func (s *DefaultWrapStrategy) SetSpeed(speed uint64) {
+	if updater, ok := s.limiterStrategy.(SpeedUpdater); ok {
+		updater.SetSpeed(speed)
+	}
+}
+
 type GlobalBandwidthStrategy struct {
-	limiter Limiter
+	limiter BandwidthLimiter
 }

 func NewGlobalBandwidthStrategy(speed uint64, flowKeys []string) (*GlobalBandwidthStrategy, error) {
@@ -68,12 +78,16 @@ func NewGlobalBandwidthStrategy(speed uint64, flowKeys []string) (*GlobalBandwid
 	}, nil
 }

-func (s *GlobalBandwidthStrategy) getLimiter(ctx context.Context, metadata *adapter.InboundContext) (Limiter, CloseHandlerFunc, error) {
+func (s *GlobalBandwidthStrategy) getLimiter(ctx context.Context, metadata *adapter.InboundContext) (BandwidthLimiter, onclose.CloseHandlerFunc, error) {
 	return s.limiter, func() {}, nil
 }

+func (s *GlobalBandwidthStrategy) SetSpeed(speed uint64) {
+	s.limiter.SetSpeed(speed)
+}
+
 type idBandwidthLimiter struct {
-	limiter Limiter
+	limiter BandwidthLimiter
 	handles uint32
 }

@@ -94,7 +108,7 @@ func NewConnectionBandwidthStrategy(connIDGetter ConnIDGetter, speed uint64, flo
 	}
 }

-func (s *ConnectionBandwidthStrategy) getLimiter(ctx context.Context, metadata *adapter.InboundContext) (Limiter, CloseHandlerFunc, error) {
+func (s *ConnectionBandwidthStrategy) getLimiter(ctx context.Context, metadata *adapter.InboundContext) (BandwidthLimiter, onclose.CloseHandlerFunc, error) {
 	s.mtx.Lock()
 	defer s.mtx.Unlock()
 	id, ok := s.connIDGetter(ctx, metadata)
@@ -126,6 +140,15 @@ func (s *ConnectionBandwidthStrategy) getLimiter(ctx context.Context, metadata *
 	}, nil
 }

+func (s *ConnectionBandwidthStrategy) SetSpeed(speed uint64) {
+	s.mtx.Lock()
+	defer s.mtx.Unlock()
+	s.speed = speed
+	for _, limiter := range s.limiters {
+		limiter.limiter.SetSpeed(speed)
+	}
+}
+
 type UsersBandwidthStrategy struct {
 	strategies map[string]BandwidthStrategy
 	mtx        sync.Mutex
@@ -167,20 +190,86 @@ func (s *UsersBandwidthStrategy) getStrategy(ctx context.Context, metadata *adap
 	return nil, E.New("user strategy not found: ", user)
 }

+type bwConnEntry struct {
+	conn net.Conn
+}
+
+
+
 type ManagerBandwidthStrategy struct {
-	*UsersBandwidthStrategy
+	strategies map[string]BandwidthStrategy
+	conns      map[string][]*bwConnEntry
+
+	mtx sync.Mutex
 }

 func NewManagerBandwidthStrategy() *ManagerBandwidthStrategy {
 	return &ManagerBandwidthStrategy{
-		UsersBandwidthStrategy: NewUsersBandwidthStrategy(map[string]BandwidthStrategy{}),
+		strategies: make(map[string]BandwidthStrategy),
+		conns:      make(map[string][]*bwConnEntry),
 	}
 }

+func (s *ManagerBandwidthStrategy) wrapConn(ctx context.Context, conn net.Conn, metadata *adapter.InboundContext, reverse bool) (net.Conn, error) {
+	s.mtx.Lock()
+	var user string
+	if metadata != nil {
+		user = metadata.User
+	}
+	strategy, ok := s.strategies[user]
+	s.mtx.Unlock()
+	if !ok {
+		return nil, E.New("user strategy not found: ", user)
+	}
+	wrapped, err := strategy.wrapConn(ctx, conn, metadata, reverse)
+	if err != nil {
+		return nil, err
+	}
+	entry := &bwConnEntry{conn: conn}
+	s.mtx.Lock()
+	s.conns[user] = append(s.conns[user], entry)
+	s.mtx.Unlock()
+	return onclose.NewConn(wrapped, func() {
+		s.mtx.Lock()
+		entries := s.conns[user]
+		for i, e := range entries {
+			if e == entry {
+				s.conns[user] = append(entries[:i], entries[i+1:]...)
+				break
+			}
+		}
+		s.mtx.Unlock()
+	}), nil
+}
+
+func (s *ManagerBandwidthStrategy) wrapPacketConn(ctx context.Context, conn net.PacketConn, metadata *adapter.InboundContext, reverse bool) (net.PacketConn, error) {
+	s.mtx.Lock()
+	var user string
+	if metadata != nil {
+		user = metadata.User
+	}
+	strategy, ok := s.strategies[user]
+	s.mtx.Unlock()
+	if !ok {
+		return nil, E.New("user strategy not found: ", user)
+	}
+	return strategy.wrapPacketConn(ctx, conn, metadata, reverse)
+}
+
 func (s *ManagerBandwidthStrategy) UpdateStrategies(strategies map[string]BandwidthStrategy) {
 	s.mtx.Lock()
-	defer s.mtx.Unlock()
+	var closedEntries []*bwConnEntry
+	for user, entries := range s.conns {
+		if _, exists := strategies[user]; !exists {
+			closedEntries = append(closedEntries, entries...)
+			delete(s.conns, user)
+		}
+	}
 	s.strategies = strategies
+	s.mtx.Unlock()
+	for _, entry := range closedEntries {
+		entry.conn.Close()
+	}
 }

 type BypassBandwidthStrategy struct{}
@@ -263,8 +352,8 @@ func CreateStrategy(strategy string, mode string, connectionType string, speed u
 	return NewDefaultWrapStrategy(limiterStrategy, connWrapper, packetConnWrapper), nil
 }

-func createSpeedLimiter(speed uint64, flowKeys []string) (Limiter, error) {
-	var limiter Limiter = rate.NewLimiter(rate.Limit(float64(speed)), 65536)
+func createSpeedLimiter(speed uint64, flowKeys []string) (BandwidthLimiter, error) {
+	var limiter BandwidthLimiter = &speedLimiter{limiter: rate.NewLimiter(rate.Limit(float64(speed)), 65536)}
 	for i := len(flowKeys) - 1; i >= 0; i-- {
 		getter, err := flowKeysConnIDGetter(flowKeys[i])
 		if err != nil {
@@ -275,16 +364,24 @@ func createSpeedLimiter(speed uint64, flowKeys []string) (Limiter, error) {
 	return limiter, nil
 }

+type speedLimiter struct {
+	limiter *rate.Limiter
+}
+
+func (r *speedLimiter) WaitN(ctx context.Context, n int) error {
+	return r.limiter.WaitN(ctx, n)
+}
+
+func (r *speedLimiter) SetSpeed(speed uint64) {
+	r.limiter.SetLimit(rate.Limit(float64(speed)))
+}
+
 func flowKeysConnIDGetter(name string) (ConnIDGetter, error) {
 	switch name {
 	case "user":
 		return func(ctx context.Context, metadata *adapter.InboundContext) (string, bool) {
 			return metadata.User, true
 		}, nil
-	case "destination":
-		return func(ctx context.Context, metadata *adapter.InboundContext) (string, bool) {
-			return metadata.Destination.String(), true
-		}, nil
 	case "source_ip":
 		return func(ctx context.Context, metadata *adapter.InboundContext) (string, bool) {
 			return metadata.Source.IPAddr().String(), true
@@ -302,6 +399,14 @@ func flowKeysConnIDGetter(name string) (ConnIDGetter, error) {
 			}
 			return strconv.FormatUint(uint64(id.ID), 10), ok
 		}, nil
+	case "protocol":
+		return func(ctx context.Context, metadata *adapter.InboundContext) (string, bool) {
+			return metadata.Protocol, metadata.Protocol != ""
+		}, nil
+	case "destination":
+		return func(ctx context.Context, metadata *adapter.InboundContext) (string, bool) {
+			return metadata.Destination.String(), true
+		}, nil
 	default:
 		return nil, E.New("flow key not found: ", name)
 	}