Add shadowtls (#49)

* Add shadowtls outbound * Add shadowtls inbound * Add shadowtls example * Add shadowtls documentation
2026-06-26 12:23:12 +03:00 · 2022-08-31 14:21:53 +08:00
parent 917c4f0e91
commit 73746383cc
19 changed files with 586 additions and 15 deletions
--- a/inbound/builder.go
+++ b/inbound/builder.go
@@ -39,6 +39,8 @@ func New(ctx context.Context, router adapter.Router, logger log.ContextLogger, o
 		return NewNaive(ctx, router, logger, options.Tag, options.NaiveOptions)
 	case C.TypeHysteria:
 		return NewHysteria(ctx, router, logger, options.Tag, options.HysteriaOptions)
+	case C.TypeShadowTLS:
+		return NewShadowTLS(ctx, router, logger, options.Tag, options.ShadowTLSOptions)
 	default:
 		return nil, E.New("unknown inbound type: ", options.Type)
 	}
--- a/inbound/shadowsocks.go
+++ b/inbound/shadowsocks.go
@@ -87,15 +87,3 @@ func (h *Shadowsocks) NewPacket(ctx context.Context, conn N.PacketConn, buffer *
 func (h *Shadowsocks) NewPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
 	return os.ErrInvalid
 }
-
-func (h *Shadowsocks) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
-	h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
-	return h.router.RouteConnection(ctx, conn, metadata)
-}
-
-func (h *Shadowsocks) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
-	ctx = log.ContextWithNewID(ctx)
-	h.logger.InfoContext(ctx, "inbound packet connection from ", metadata.Source)
-	h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
-	return h.router.RoutePacketConnection(ctx, conn, metadata)
-}
--- a/inbound/shadowtls.go
+++ b/inbound/shadowtls.go
@@ -0,0 +1,93 @@
+package inbound
+
+import (
+	"bytes"
+	"context"
+	"encoding/binary"
+	"io"
+	"net"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/dialer"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	E "github.com/sagernet/sing/common/exceptions"
+	M "github.com/sagernet/sing/common/metadata"
+	N "github.com/sagernet/sing/common/network"
+	"github.com/sagernet/sing/common/task"
+)
+
+type ShadowTLS struct {
+	myInboundAdapter
+	handshakeDialer N.Dialer
+	handshakeAddr   M.Socksaddr
+}
+
+func NewShadowTLS(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.ShadowTLSInboundOptions) (*ShadowTLS, error) {
+	inbound := &ShadowTLS{
+		myInboundAdapter: myInboundAdapter{
+			protocol:      C.TypeShadowTLS,
+			network:       []string{N.NetworkTCP},
+			ctx:           ctx,
+			router:        router,
+			logger:        logger,
+			tag:           tag,
+			listenOptions: options.ListenOptions,
+		},
+		handshakeDialer: dialer.New(router, options.Handshake.DialerOptions),
+		handshakeAddr:   options.Handshake.ServerOptions.Build(),
+	}
+	inbound.connHandler = inbound
+	return inbound, nil
+}
+
+func (s *ShadowTLS) NewConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	handshakeConn, err := s.handshakeDialer.DialContext(ctx, N.NetworkTCP, s.handshakeAddr)
+	if err != nil {
+		return err
+	}
+	var handshake task.Group
+	handshake.Append("client handshake", func(ctx context.Context) error {
+		return s.copyUntilHandshakeFinished(handshakeConn, conn)
+	})
+	handshake.Append("server handshake", func(ctx context.Context) error {
+		return s.copyUntilHandshakeFinished(conn, handshakeConn)
+	})
+	handshake.FastFail()
+	err = handshake.Run(ctx)
+	if err != nil {
+		return err
+	}
+	return s.newConnection(ctx, conn, metadata)
+}
+
+func (s *ShadowTLS) copyUntilHandshakeFinished(dst io.Writer, src io.Reader) error {
+	const handshake = 0x16
+	const changeCipherSpec = 0x14
+	var hasSeenChangeCipherSpec bool
+	var tlsHdr [5]byte
+	for {
+		_, err := io.ReadFull(src, tlsHdr[:])
+		if err != nil {
+			return err
+		}
+		length := binary.BigEndian.Uint16(tlsHdr[3:])
+		_, err = io.Copy(dst, io.MultiReader(bytes.NewReader(tlsHdr[:]), io.LimitReader(src, int64(length))))
+		if err != nil {
+			return err
+		}
+		if tlsHdr[0] != handshake {
+			if tlsHdr[0] != changeCipherSpec {
+				return E.New("unexpected tls frame type: ", tlsHdr[0])
+			}
+			if !hasSeenChangeCipherSpec {
+				hasSeenChangeCipherSpec = true
+				continue
+			}
+		}
+		if hasSeenChangeCipherSpec {
+			return nil
+		}
+	}
+}