yanistyle/sing-box-extended
1
0
Fork 0
mirror of https://github.com/shtorm-7/sing-box-extended.git synced 2026-06-05 10:47:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add Mieru inbound, refactor sudoku. Fixes

Browse Source
This commit is contained in:
Shtorm
2026-06-04 07:54:26 +03:00
parent 195a33379d
commit e363c2ff78
30 changed files with 947 additions and 342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

340
protocol/mieru/inbound.go Normal file
View File

@@ -0,0 +1,340 @@
package mieru
import (
"context"
"fmt"
"io"
"net"
"net/netip"
"sync"
"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/adapter/inbound"
"github.com/sagernet/sing-box/common/listener"
"github.com/sagernet/sing-box/common/uot"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/buf"
E "github.com/sagernet/sing/common/exceptions"
M "github.com/sagernet/sing/common/metadata"
N "github.com/sagernet/sing/common/network"
mierucommon "github.com/enfein/mieru/v3/apis/common"
mieruconstant "github.com/enfein/mieru/v3/apis/constant"
mierumodel "github.com/enfein/mieru/v3/apis/model"
mieruserver "github.com/enfein/mieru/v3/apis/server"
mierutp "github.com/enfein/mieru/v3/apis/trafficpattern"
mierupb "github.com/enfein/mieru/v3/pkg/appctl/appctlpb"
"google.golang.org/protobuf/proto"
)
func RegisterInbound(registry *inbound.Registry) {
inbound.Register[option.MieruInboundOptions](registry, C.TypeMieru, NewInbound)
}
type Inbound struct {
inbound.Adapter
ctx context.Context
router adapter.ConnectionRouterEx
logger log.ContextLogger
listener *listener.Listener
server mieruserver.Server
userNames []string
mu sync.Mutex
}
func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.MieruInboundOptions) (adapter.Inbound, error) {
config, userNames, err := buildMieruServerConfig(ctx, options)
if err != nil {
return nil, fmt.Errorf("failed to build mieru server config: %w", err)
}
s := mieruserver.NewServer()
if err := s.Store(config); err != nil {
return nil, fmt.Errorf("failed to store mieru server config: %w", err)
}
inboundInstance := &Inbound{
Adapter: inbound.NewAdapter(C.TypeMieru, tag),
ctx: ctx,
router: uot.NewRouter(router, logger),
logger: logger,
server: s,
userNames: userNames,
}
inboundInstance.listener = listener.New(listener.Options{
Context: ctx,
Logger: logger,
Network: []string{N.NetworkTCP, N.NetworkUDP},
Listen: options.ListenOptions,
})
return inboundInstance, nil
}
func (h *Inbound) Start(stage adapter.StartStage) error {
if stage != adapter.StartStateStart {
return nil
}
h.mu.Lock()
defer h.mu.Unlock()
if err := h.server.Start(); err != nil {
return fmt.Errorf("failed to start mieru server: %w", err)
}
h.logger.Info("mieru server is started")
go h.acceptLoop()
return nil
}
func (h *Inbound) Close() error {
h.mu.Lock()
defer h.mu.Unlock()
if h.server.IsRunning() {
return h.server.Stop()
}
return nil
}
func (h *Inbound) acceptLoop() {
for {
conn, request, err := h.server.Accept()
if err != nil {
if !h.server.IsRunning() {
return
}
h.logger.Debug("failed to accept mieru connection: ", err)
continue
}
go h.handleConnection(conn, request)
}
}
func (h *Inbound) handleConnection(conn net.Conn, request *mierumodel.Request) {
ctx := log.ContextWithNewID(h.ctx)
// Send fake SOCKS5 response back to proxy client.
resp := &mierumodel.Response{
Reply: mieruconstant.Socks5ReplySuccess,
BindAddr: mierumodel.AddrSpec{
IP: net.IPv4zero,
Port: 0,
},
}
if err := resp.WriteToSocks5(conn); err != nil {
conn.Close()
h.logger.DebugContext(ctx, "failed to write mieru response: ", err)
return
}
// Build metadata.
var metadata adapter.InboundContext
metadata.Inbound = h.Tag()
metadata.InboundType = h.Type()
//nolint:staticcheck
metadata.InboundDetour = h.listener.ListenOptions().Detour
metadata.UDPDisableDomainUnmapping = h.listener.ListenOptions().UDPDisableDomainUnmapping
// Parse source address.
if remoteAddr := conn.RemoteAddr(); remoteAddr != nil {
metadata.Source = M.SocksaddrFromNet(remoteAddr)
}
// Parse destination from request.
if request.DstAddr.FQDN != "" {
metadata.Destination = M.Socksaddr{
Fqdn: request.DstAddr.FQDN,
Port: uint16(request.DstAddr.Port),
}
} else if request.DstAddr.IP != nil {
addr, _ := netip.AddrFromSlice(request.DstAddr.IP)
metadata.Destination = M.Socksaddr{
Addr: addr.Unmap(),
Port: uint16(request.DstAddr.Port),
}
}
// Get username from connection.
if userCtx, ok := conn.(mierucommon.UserContext); ok {
metadata.User = userCtx.UserName()
}
// Handle request.
switch request.Command {
case mieruconstant.Socks5ConnectCmd:
h.logger.InfoContext(ctx, "inbound TCP connection from ", metadata.Source, " to ", metadata.Destination)
if metadata.User != "" {
h.logger.InfoContext(ctx, "[", metadata.User, "] inbound TCP connection")
}
h.router.RouteConnectionEx(ctx, conn, metadata, nil)
case mieruconstant.Socks5UDPAssociateCmd:
h.logger.InfoContext(ctx, "inbound UDP connection from ", metadata.Source, " to ", metadata.Destination)
if metadata.User != "" {
h.logger.InfoContext(ctx, "[", metadata.User, "] inbound UDP connection")
}
h.handleUDP(ctx, conn, metadata)
default:
conn.Close()
h.logger.WarnContext(ctx, "unsupported mieru command: ", request.Command)
}
}
func (h *Inbound) handleUDP(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) {
pc := mierucommon.NewPacketOverStreamTunnel(conn)
packetConn := &mieruPacketConn{
PacketConn: pc,
destination: metadata.Destination,
}
h.router.RoutePacketConnectionEx(ctx, packetConn, metadata, nil)
}
// mieruPacketConn wraps mieru's PacketConn to implement N.PacketConn
type mieruPacketConn struct {
net.PacketConn
destination M.Socksaddr
}
var _ N.PacketConn = (*mieruPacketConn)(nil)
// ReadPacket parses the SOCKS5 UDP header and returns the destination address.
func (c *mieruPacketConn) ReadPacket(buffer *buf.Buffer) (destination M.Socksaddr, err error) {
n, _, err := c.PacketConn.ReadFrom(buffer.FreeBytes())
if err != nil {
return M.Socksaddr{}, err
}
buffer.Truncate(n)
if buffer.Len() < 3 {
return M.Socksaddr{}, io.ErrShortBuffer
}
// Skip RSV (2 bytes) and FRAG (1 byte).
buffer.Advance(3)
var addr mierumodel.AddrSpec
if err := addr.ReadFromSocks5(buffer); err != nil {
return M.Socksaddr{}, err
}
if addr.FQDN != "" {
destination = M.Socksaddr{
Fqdn: addr.FQDN,
Port: uint16(addr.Port),
}
} else if addr.IP != nil {
netAddr, _ := netip.AddrFromSlice(addr.IP)
destination = M.Socksaddr{
Addr: netAddr.Unmap(),
Port: uint16(addr.Port),
}
}
return destination, nil
}
// WritePacket writes the SOCKS5 UDP header and the payload.
func (c *mieruPacketConn) WritePacket(buffer *buf.Buffer, destination M.Socksaddr) error {
header := buf.NewSize(3 + M.MaxSocksaddrLength)
defer header.Release()
// RSV (2 bytes) + FRAG (1 byte)
common.Must(header.WriteZeroN(3))
var addr mierumodel.AddrSpec
if destination.IsFqdn() {
addr.FQDN = destination.Fqdn
} else {
addr.IP = destination.Addr.AsSlice()
}
addr.Port = int(destination.Port)
if err := addr.WriteToSocks5(header); err != nil {
return err
}
packet := buf.NewSize(header.Len() + buffer.Len())
defer packet.Release()
common.Must1(packet.Write(header.Bytes()))
common.Must1(packet.Write(buffer.Bytes()))
_, err := c.PacketConn.WriteTo(packet.Bytes(), nil)
return err
}
func buildMieruServerConfig(_ context.Context, options option.MieruInboundOptions) (*mieruserver.ServerConfig, []string, error) {
if err := validateMieruInboundOptions(options); err != nil {
return nil, nil, fmt.Errorf("failed to validate mieru options: %w", err)
}
var transportProtocol *mierupb.TransportProtocol
switch options.Transport {
case "TCP":
transportProtocol = mierupb.TransportProtocol_TCP.Enum()
case "UDP":
transportProtocol = mierupb.TransportProtocol_UDP.Enum()
}
if options.ListenOptions.ListenPort == 0 {
return nil, nil, E.New("listen_port must be set")
}
portBindings := []*mierupb.PortBinding{
{
Port: proto.Int32(int32(options.ListenOptions.ListenPort)),
Protocol: transportProtocol,
},
}
var users []*mierupb.User
var userNames []string
for _, user := range options.Users {
users = append(users, &mierupb.User{
Name: proto.String(user.Name),
Password: proto.String(user.Password),
})
userNames = append(userNames, user.Name)
}
var trafficPattern *mierupb.TrafficPattern
trafficPattern, _ = mierutp.Decode(options.TrafficPattern)
var advancedSettings *mierupb.ServerAdvancedSettings
if options.UserHintIsMandatory {
advancedSettings = &mierupb.ServerAdvancedSettings{
UserHintIsMandatory: proto.Bool(true),
}
}
return &mieruserver.ServerConfig{
Config: &mierupb.ServerConfig{
PortBindings: portBindings,
Users: users,
TrafficPattern: trafficPattern,
AdvancedSettings: advancedSettings,
},
}, userNames, nil
}
func validateMieruInboundOptions(options option.MieruInboundOptions) error {
if options.Transport != "TCP" && options.Transport != "UDP" {
return E.New("transport must be TCP or UDP")
}
if len(options.Users) == 0 {
return E.New("users is empty")
}
for _, user := range options.Users {
if user.Name == "" {
return E.New("username is empty")
}
if user.Password == "" {
return E.New("password is empty")
}
}
if options.TrafficPattern != "" {
trafficPattern, err := mierutp.Decode(options.TrafficPattern)
if err != nil {
return fmt.Errorf("failed to decode traffic pattern %q: %w", options.TrafficPattern, err)
}
if err := mierutp.Validate(trafficPattern); err != nil {
return fmt.Errorf("invalid traffic pattern %q: %w", options.TrafficPattern, err)
}
}
return nil
}

44
protocol/mieru/outbound.go
View File

@@ -20,6 +20,7 @@ import (
mieruclient "github.com/enfein/mieru/v3/apis/client"
mierucommon "github.com/enfein/mieru/v3/apis/common"
mierumodel "github.com/enfein/mieru/v3/apis/model"
mierutp "github.com/enfein/mieru/v3/apis/trafficpattern"
mierupb "github.com/enfein/mieru/v3/pkg/appctl/appctlpb"
"google.golang.org/protobuf/proto"
)
@@ -36,7 +37,7 @@ func RegisterOutbound(registry *outbound.Registry) {
}
func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.MieruOutboundOptions) (adapter.Outbound, error) {
outboundDialer, err := dialer.New(ctx, options.DialerOptions, options.ServerIsDomain())
outboundDialer, err := dialer.New(ctx, options.DialerOptions, M.IsDomainName(options.Server))
if err != nil {
return nil, err
}
@@ -123,7 +124,15 @@ func (md mieruDialer) DialContext(ctx context.Context, network, address string)
return md.dialer.DialContext(ctx, network, addr)
}
var _ mierucommon.Dialer = (*mieruDialer)(nil)
func (md mieruDialer) ListenPacket(ctx context.Context, network, laddr, raddr string) (net.PacketConn, error) {
addr := M.ParseSocksaddr(raddr)
return md.dialer.ListenPacket(ctx, addr)
}
var (
_ mierucommon.Dialer = (*mieruDialer)(nil)
_ mierucommon.PacketDialer = (*mieruDialer)(nil)
)
// streamer converts a net.PacketConn to a net.Conn.
type streamer struct {
@@ -161,7 +170,13 @@ func buildMieruClientConfig(options option.MieruOutboundOptions, dialer mieruDia
return nil, fmt.Errorf("failed to validate mieru options: %w", err)
}
transportProtocol := mierupb.TransportProtocol_TCP.Enum()
var transportProtocol *mierupb.TransportProtocol
switch options.Transport {
case "TCP":
transportProtocol = mierupb.TransportProtocol_TCP.Enum()
case "UDP":
transportProtocol = mierupb.TransportProtocol_UDP.Enum()
}
server := &mierupb.ServerEndpoint{}
if options.ServerPort != 0 {
server.PortBindings = append(server.PortBindings, &mierupb.PortBinding{
@@ -189,13 +204,21 @@ func buildMieruClientConfig(options option.MieruOutboundOptions, dialer mieruDia
},
Servers: []*mierupb.ServerEndpoint{server},
},
Dialer: dialer,
Dialer: dialer,
PacketDialer: dialer,
DNSConfig: &mierucommon.ClientDNSConfig{
BypassDialerDNS: true,
},
}
if multiplexing, ok := mierupb.MultiplexingLevel_value[options.Multiplexing]; ok {
config.Profile.Multiplexing = &mierupb.MultiplexingConfig{
Level: mierupb.MultiplexingLevel(multiplexing).Enum(),
}
}
if options.TrafficPattern != "" {
trafficPattern, _ := mierutp.Decode(options.TrafficPattern)
config.Profile.TrafficPattern = trafficPattern
}
return config, nil
}
@@ -221,8 +244,8 @@ func validateMieruOptions(options option.MieruOutboundOptions) error {
return fmt.Errorf("begin port must be less than or equal to end port")
}
}
if options.Transport != "TCP" {
return fmt.Errorf("transport must be TCP")
if options.Transport != "TCP" && options.Transport != "UDP" {
return fmt.Errorf("transport must be TCP or UDP")
}
if options.UserName == "" {
return fmt.Errorf("username is empty")
@@ -235,6 +258,15 @@ func validateMieruOptions(options option.MieruOutboundOptions) error {
return fmt.Errorf("invalid multiplexing level: %s", options.Multiplexing)
}
}
if options.TrafficPattern != "" {
trafficPattern, err := mierutp.Decode(options.TrafficPattern)
if err != nil {
return fmt.Errorf("failed to decode traffic pattern %q: %w", options.TrafficPattern, err)
}
if err := mierutp.Validate(trafficPattern); err != nil {
return fmt.Errorf("invalid traffic pattern %q: %w", options.TrafficPattern, err)
}
}
return nil
}

15
protocol/sudoku/inbound.go
View File

@@ -67,27 +67,27 @@ func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLo
protoConf.AEADMethod = options.AEADMethod
}
in := &Inbound{
inbound := &Inbound{
Adapter: inbound.NewAdapter(C.TypeSudoku, tag),
router: router,
logger: logger,
protoConf: protoConf,
fallback: strings.TrimSpace(options.Fallback),
}
if in.fallback != "" {
in.tunnelSrv = sudoku.NewHTTPMaskTunnelServerWithFallback(&in.protoConf)
if inbound.fallback != "" {
inbound.tunnelSrv = sudoku.NewHTTPMaskTunnelServerWithFallback(&inbound.protoConf)
} else {
in.tunnelSrv = sudoku.NewHTTPMaskTunnelServer(&in.protoConf)
inbound.tunnelSrv = sudoku.NewHTTPMaskTunnelServer(&inbound.protoConf)
}
in.listener = listener.New(listener.Options{
inbound.listener = listener.New(listener.Options{
Context: ctx,
Logger: logger,
Network: []string{N.NetworkTCP},
Listen: options.ListenOptions,
ConnectionHandler: in,
ConnectionHandler: inbound,
})
return in, nil
return inbound, nil
}
func (h *Inbound) Start(stage adapter.StartStage) error {
@@ -173,6 +173,7 @@ func (h *Inbound) routeTCP(ctx context.Context, conn net.Conn, target string, me
}
func (h *Inbound) handleUoT(ctx context.Context, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) {
h.logger.InfoContext(ctx, "inbound packet connection")
packetConn := sudoku.NewUoTPacketConn(conn)
h.router.RoutePacketConnectionEx(ctx, bufio.NewPacketConn(packetConn), metadata, onClose)
}

289
protocol/sudoku/outbound.go
View File

@@ -2,10 +2,8 @@ package sudoku
import (
"context"
"fmt"
"net"
"strings"
"sync"
"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/adapter/outbound"
@@ -15,7 +13,6 @@ import (
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing-box/transport/sudoku"
"github.com/sagernet/sing-box/transport/sudoku/obfs/httpmask"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/bufio"
E "github.com/sagernet/sing/common/exceptions"
@@ -31,16 +28,8 @@ func RegisterOutbound(registry *outbound.Registry) {
type Outbound struct {
outbound.Adapter
logger logger.ContextLogger
dialer N.Dialer
client *sudoku.Client
tlsConfig tls.Config
baseConf sudoku.ProtocolConfig
muxMu sync.Mutex
muxClient *sudoku.MultiplexClient
httpMaskMu sync.Mutex
httpMaskClient *httpmask.TunnelClient
httpMaskKey string
}
func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.SudokuOutboundOptions) (adapter.Outbound, error) {
@@ -105,33 +94,31 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
baseConf.Tables = tables
}
out := &Outbound{
Adapter: outbound.NewAdapterWithDialerOptions(C.TypeSudoku, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
logger: logger,
dialer: outboundDialer,
baseConf: baseConf,
}
var tlsConfig tls.Config
if hm := options.HTTPMask; !disableHTTPMask && hm != nil && hm.TLS != nil && hm.TLS.Enabled {
tlsOptions := option.OutboundTLSOptions{
Enabled: true,
ServerName: options.Server,
Fragment: hm.TLS.Fragment,
FragmentFallbackDelay: hm.TLS.FragmentFallbackDelay,
RecordFragment: hm.TLS.RecordFragment,
KernelTx: hm.TLS.KernelTx,
KernelRx: hm.TLS.KernelRx,
}
out.tlsConfig, err = tls.NewClientWithOptions(tls.ClientOptions{
tlsConfig, err = tls.NewClientWithOptions(tls.ClientOptions{
Context: ctx,
Logger: logger,
ServerAddress: options.Server,
Options: tlsOptions,
Options: *hm.TLS,
})
if err != nil {
return nil, err
}
}
return out, nil
client := sudoku.NewClient(sudoku.ClientOptions{
Dialer: outboundDialer,
TLSConfig: tlsConfig,
Config: baseConf,
})
return &Outbound{
Adapter: outbound.NewAdapterWithDialerOptions(C.TypeSudoku, tag, []string{N.NetworkTCP, N.NetworkUDP}, options.DialerOptions),
logger: logger,
client: client,
tlsConfig: tlsConfig,
}, nil
}
func (h *Outbound) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
@@ -144,35 +131,7 @@ func (h *Outbound) DialContext(ctx context.Context, network string, destination
ctx, metadata := adapter.ExtendContext(ctx)
metadata.Outbound = h.Tag()
metadata.Destination = destination
cfg := h.baseConf
cfg.TargetAddress = destination.String()
muxMode := normalizeHTTPMaskMultiplex(cfg.HTTPMaskMultiplex)
if muxMode == "on" && !cfg.DisableHTTPMask && httpTunnelModeEnabled(cfg.HTTPMaskMode) {
stream, err := h.dialMultiplex(ctx, cfg.TargetAddress)
if err == nil {
return stream, nil
}
return nil, err
}
c, err := h.dialAndHandshake(ctx, &cfg)
if err != nil {
return nil, err
}
addrBuf, err := sudoku.EncodeAddress(cfg.TargetAddress)
if err != nil {
c.Close()
return nil, E.Cause(err, "encode target address")
}
if err = sudoku.WriteKIPMessage(c, sudoku.KIPTypeOpenTCP, addrBuf); err != nil {
c.Close()
return nil, E.Cause(err, "send target address")
}
return c, nil
return h.client.DialContext(ctx, network, destination)
}
func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
@@ -180,222 +139,18 @@ func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (n
ctx, metadata := adapter.ExtendContext(ctx)
metadata.Outbound = h.Tag()
metadata.Destination = destination
cfg := h.baseConf
cfg.TargetAddress = destination.String()
c, err := h.dialAndHandshake(ctx, &cfg)
conn, err := h.client.DialContext(ctx, N.NetworkUDP, destination)
if err != nil {
return nil, err
}
if err = sudoku.WriteKIPMessage(c, sudoku.KIPTypeStartUoT, nil); err != nil {
c.Close()
return nil, E.Cause(err, "start uot")
}
return bufio.NewBindPacketConn(sudoku.NewUoTPacketConn(c), destination), nil
return bufio.NewBindPacketConn(sudoku.NewUoTPacketConn(conn), destination), nil
}
func (h *Outbound) Close() error {
h.resetMuxClient()
h.resetHTTPMaskClient()
h.client.Close()
return common.Close(h.tlsConfig)
}
func (h *Outbound) InterfaceUpdated() {
h.resetMuxClient()
h.resetHTTPMaskClient()
}
func (h *Outbound) dialAndHandshake(ctx context.Context, cfg *sudoku.ProtocolConfig) (net.Conn, error) {
handshakeCfg := *cfg
if !handshakeCfg.DisableHTTPMask && httpTunnelModeEnabled(handshakeCfg.HTTPMaskMode) {
handshakeCfg.DisableHTTPMask = true
}
upgrade := func(raw net.Conn) (net.Conn, error) {
return sudoku.ClientHandshake(raw, &handshakeCfg)
}
var c net.Conn
var err error
var handshakeDone bool
if !cfg.DisableHTTPMask && httpTunnelModeEnabled(cfg.HTTPMaskMode) {
muxMode := normalizeHTTPMaskMultiplex(cfg.HTTPMaskMultiplex)
if muxMode == "auto" && strings.ToLower(strings.TrimSpace(cfg.HTTPMaskMode)) != "ws" {
if client, cerr := h.getOrCreateHTTPMaskClient(cfg); cerr == nil && client != nil {
c, err = client.DialTunnel(ctx, httpmask.TunnelDialOptions{
Mode: cfg.HTTPMaskMode,
TLSConfig: h.httpMaskTLSConfig(),
HostOverride: cfg.HTTPMaskHost,
PathRoot: cfg.HTTPMaskPathRoot,
AuthKey: sudoku.ClientAEADSeed(cfg.Key),
Upgrade: upgrade,
Multiplex: cfg.HTTPMaskMultiplex,
DialContext: h.dialRaw,
})
if err != nil {
h.resetHTTPMaskClient()
}
}
}
if c == nil && err == nil {
c, err = sudoku.DialHTTPMaskTunnel(ctx, cfg.ServerAddress, cfg, h.dialRaw, upgrade)
}
if err == nil && c != nil {
handshakeDone = true
}
}
if c == nil && err == nil {
c, err = h.dialer.DialContext(ctx, N.NetworkTCP, M.ParseSocksaddr(cfg.ServerAddress))
}
if err != nil {
return nil, E.Cause(err, "connect to ", cfg.ServerAddress)
}
if !handshakeDone {
c, err = sudoku.ClientHandshake(c, &handshakeCfg)
if err != nil {
common.Close(c)
return nil, err
}
}
return c, nil
}
func (h *Outbound) dialRaw(ctx context.Context, network, addr string) (net.Conn, error) {
return h.dialer.DialContext(ctx, network, M.ParseSocksaddr(addr))
}
func (h *Outbound) httpMaskTLSConfig() httpmask.TLSClientConfig {
if h.tlsConfig == nil {
return nil
}
return tlsConfigAdapter{h.tlsConfig}
}
type tlsConfigAdapter struct {
config tls.Config
}
func (a tlsConfigAdapter) Client(conn net.Conn) (net.Conn, error) {
return a.config.Client(conn)
}
func (h *Outbound) dialMultiplex(ctx context.Context, targetAddress string) (net.Conn, error) {
for attempt := 0; attempt < 2; attempt++ {
client, err := h.getOrCreateMuxClient(ctx)
if err != nil {
return nil, err
}
stream, err := client.Dial(ctx, targetAddress)
if err != nil {
h.resetMuxClient()
continue
}
return stream, nil
}
return nil, fmt.Errorf("multiplex open stream failed")
}
func (h *Outbound) getOrCreateMuxClient(ctx context.Context) (*sudoku.MultiplexClient, error) {
h.muxMu.Lock()
defer h.muxMu.Unlock()
if h.muxClient != nil && !h.muxClient.IsClosed() {
return h.muxClient, nil
}
baseCfg := h.baseConf
baseConn, err := h.dialAndHandshake(ctx, &baseCfg)
if err != nil {
return nil, err
}
client, err := sudoku.StartMultiplexClient(baseConn)
if err != nil {
baseConn.Close()
return nil, err
}
h.muxClient = client
return client, nil
}
func (h *Outbound) resetMuxClient() {
h.muxMu.Lock()
defer h.muxMu.Unlock()
if h.muxClient != nil {
h.muxClient.Close()
h.muxClient = nil
}
}
func (h *Outbound) getOrCreateHTTPMaskClient(cfg *sudoku.ProtocolConfig) (*httpmask.TunnelClient, error) {
key := cfg.ServerAddress + "|" + fmt.Sprint(h.tlsConfig != nil) + "|" + strings.TrimSpace(cfg.HTTPMaskHost)
h.httpMaskMu.Lock()
if h.httpMaskClient != nil && h.httpMaskKey == key {
client := h.httpMaskClient
h.httpMaskMu.Unlock()
return client, nil
}
h.httpMaskMu.Unlock()
client, err := httpmask.NewTunnelClient(cfg.ServerAddress, httpmask.TunnelClientOptions{
TLSConfig: h.httpMaskTLSConfig(),
HostOverride: cfg.HTTPMaskHost,
DialContext: h.dialRaw,
MaxIdleConns: 32,
})
if err != nil {
return nil, err
}
h.httpMaskMu.Lock()
defer h.httpMaskMu.Unlock()
if h.httpMaskClient != nil && h.httpMaskKey == key {
client.CloseIdleConnections()
return h.httpMaskClient, nil
}
if h.httpMaskClient != nil {
h.httpMaskClient.CloseIdleConnections()
}
h.httpMaskClient = client
h.httpMaskKey = key
return client, nil
}
func (h *Outbound) resetHTTPMaskClient() {
h.httpMaskMu.Lock()
defer h.httpMaskMu.Unlock()
if h.httpMaskClient != nil {
h.httpMaskClient.CloseIdleConnections()
h.httpMaskClient = nil
h.httpMaskKey = ""
}
}
func normalizeHTTPMaskMultiplex(mode string) string {
switch strings.ToLower(strings.TrimSpace(mode)) {
case "", "off":
return "off"
case "auto":
return "auto"
case "on":
return "on"
default:
return "off"
}
}
func httpTunnelModeEnabled(mode string) bool {
switch strings.ToLower(strings.TrimSpace(mode)) {
case "stream", "poll", "auto", "ws":
return true
default:
return false
}
h.client.Close()
}

2
protocol/trusttunnel/inbound.go
View File

@@ -138,7 +138,7 @@ func (h *Inbound) Close() error {
return common.Close(
h.listener,
common.PtrOrNil(h.httpServer),
h.quicService,
common.PtrOrNil(h.quicService),
h.tlsConfig,
)
}