Add ECH support for QUIC based protocols

inbound/hysteria.go

@@ -9,6 +9,7 @@ import (
 	"github.com/sagernet/quic-go"
 	"github.com/sagernet/quic-go/congestion"
 	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/qtls"
 	"github.com/sagernet/sing-box/common/tls"
 	C "github.com/sagernet/sing-box/constant"
 	"github.com/sagernet/sing-box/log"
@@ -35,7 +36,7 @@ type Hysteria struct {
 	xplusKey     []byte
 	sendBPS      uint64
 	recvBPS      uint64
-	listener     *quic.Listener
+	listener     qtls.QUICListener
 	udpAccess    sync.RWMutex
 	udpSessionId uint32
 	udpSessions  map[uint32]chan *hysteria.UDPMessage
@@ -147,11 +148,7 @@ func (h *Hysteria) Start() error {
 	if err != nil {
 		return err
 	}
-	rawConfig, err := h.tlsConfig.Config()
-	if err != nil {
-		return err
-	}
-	listener, err := quic.Listen(packetConn, rawConfig, h.quicConfig)
+	listener, err := qtls.Listen(packetConn, h.tlsConfig, h.quicConfig)
 	if err != nil {
 		return err
 	}
@@ -333,7 +330,7 @@ func (h *Hysteria) Close() error {
 	h.udpAccess.Unlock()
 	return common.Close(
 		&h.myInboundAdapter,
-		common.PtrOrNil(h.listener),
+		h.listener,
 		h.tlsConfig,
 	)
 }

inbound/naive_quic.go

@@ -3,28 +3,39 @@
 package inbound
 
 import (
+	"github.com/sagernet/quic-go"
 	"github.com/sagernet/quic-go/http3"
+	"github.com/sagernet/sing-box/common/qtls"
 	E "github.com/sagernet/sing/common/exceptions"
 )
 
 func (n *Naive) configureHTTP3Listener() error {
-	tlsConfig, err := n.tlsConfig.Config()
+	err := qtls.ConfigureHTTP3(n.tlsConfig)
 	if err != nil {
 		return err
 	}
-	h3Server := &http3.Server{
-		Port:      int(n.listenOptions.ListenPort),
-		TLSConfig: tlsConfig,
-		Handler:   n,
-	}
 
 	udpConn, err := n.ListenUDP()
 	if err != nil {
 		return err
 	}
 
+	quicListener, err := qtls.ListenEarly(udpConn, n.tlsConfig, &quic.Config{
+		MaxIncomingStreams: 1 << 60,
+		Allow0RTT:          true,
+	})
+	if err != nil {
+		udpConn.Close()
+		return err
+	}
+
+	h3Server := &http3.Server{
+		Port:    int(n.listenOptions.ListenPort),
+		Handler: n,
+	}
+
 	go func() {
-		sErr := h3Server.Serve(udpConn)
+		sErr := h3Server.ServeListener(quicListener)
 		udpConn.Close()
 		if sErr != nil && !E.IsClosedOrCanceled(sErr) {
 			n.logger.Error("http3 server serve error: ", sErr)

inbound/tuic.go

@@ -38,10 +38,6 @@ func NewTUIC(ctx context.Context, router adapter.Router, logger log.ContextLogge
 	if err != nil {
 		return nil, err
 	}
-	rawConfig, err := tlsConfig.Config()
-	if err != nil {
-		return nil, err
-	}
 	var users []tuic.User
 	for index, user := range options.Users {
 		if user.UUID == "" {
@@ -67,7 +63,7 @@ func NewTUIC(ctx context.Context, router adapter.Router, logger log.ContextLogge
 	server, err := tuic.NewServer(tuic.ServerOptions{
 		Context:           ctx,
 		Logger:            logger,
-		TLSConfig:         rawConfig,
+		TLSConfig:         tlsConfig,
 		Users:             users,
 		CongestionControl: options.CongestionControl,
 		AuthTimeout:       time.Duration(options.AuthTimeout),