Add hysteria2 protocol

Author: nekohasekai

constant/proxy.go

@@ -22,6 +22,7 @@ const (
 	TypeShadowsocksR = "shadowsocksr"
 	TypeVLESS        = "vless"
 	TypeTUIC         = "tuic"
+	TypeHysteria2    = "hysteria2"
 )
 
 const (
@@ -65,6 +66,8 @@ func ProxyDisplayName(proxyType string) string {
 		return "VLESS"
 	case TypeTUIC:
 		return "TUIC"
+	case TypeHysteria2:
+		return "Hysteria2"
 	case TypeSelector:
 		return "Selector"
 	case TypeURLTest:

go.mod

@@ -26,9 +26,9 @@ require (
 	github.com/sagernet/gvisor v0.0.0-20230627031050-1ab0276e0dd2
 	github.com/sagernet/quic-go v0.0.0-20230911082307-390b7c274032
 	github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691
-	github.com/sagernet/sing v0.2.10-0.20230912051334-9163f4486b0d
+	github.com/sagernet/sing v0.2.10-0.20230912050851-1453c7c8c20d
 	github.com/sagernet/sing-dns v0.1.9-0.20230911082806-425022bdc92b
-	github.com/sagernet/sing-mux v0.1.3-0.20230907005326-7befbadbf314
+	github.com/sagernet/sing-mux v0.1.3-0.20230908032617-759a1886a400
 	github.com/sagernet/sing-shadowsocks v0.2.5-0.20230907005610-126234728ca0
 	github.com/sagernet/sing-shadowsocks2 v0.1.4-0.20230907005906-5d2917b29248
 	github.com/sagernet/sing-shadowtls v0.1.4

go.sum

@@ -112,12 +112,12 @@ github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byL
 github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU=
 github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY=
 github.com/sagernet/sing v0.1.8/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk=
-github.com/sagernet/sing v0.2.10-0.20230912051334-9163f4486b0d h1:VUBu98Mrq1B0LMo4TXd4/wSFxxLn32ygDaDtoPxoyvM=
-github.com/sagernet/sing v0.2.10-0.20230912051334-9163f4486b0d/go.mod h1:9uOZwWkhT2Z2WldolLxX34s+1svAX4i4vvz5hy8u1MA=
+github.com/sagernet/sing v0.2.10-0.20230912050851-1453c7c8c20d h1:dWUNsHDX8EMeGj1XCnrVtydy5C+5D+Orc5JjZP7myHg=
+github.com/sagernet/sing v0.2.10-0.20230912050851-1453c7c8c20d/go.mod h1:9uOZwWkhT2Z2WldolLxX34s+1svAX4i4vvz5hy8u1MA=
 github.com/sagernet/sing-dns v0.1.9-0.20230911082806-425022bdc92b h1:m/UWg2voyb94YCWAMInMXIQ91qQGZ6utPAwKCYrlciI=
 github.com/sagernet/sing-dns v0.1.9-0.20230911082806-425022bdc92b/go.mod h1:Kg98PBJEg/08jsNFtmZWmPomhskn9Ausn50ecNm4M+8=
-github.com/sagernet/sing-mux v0.1.3-0.20230907005326-7befbadbf314 h1:P5+NZGMH8KSI3L8lKw1znxdRi0tIpWbGYjmv8GrFHrQ=
-github.com/sagernet/sing-mux v0.1.3-0.20230907005326-7befbadbf314/go.mod h1:TKxqIvfQQgd36jp2tzsPavGjYTVZilV+atip1cssjIY=
+github.com/sagernet/sing-mux v0.1.3-0.20230908032617-759a1886a400 h1:LtpYd5c5AJtUSxjyH4KjUS8HT+2XgilyozjbCq/x3EM=
+github.com/sagernet/sing-mux v0.1.3-0.20230908032617-759a1886a400/go.mod h1:TKxqIvfQQgd36jp2tzsPavGjYTVZilV+atip1cssjIY=
 github.com/sagernet/sing-shadowsocks v0.2.5-0.20230907005610-126234728ca0 h1:9wHYWxH+fcs01PM2+DylA8LNNY3ElnZykQo9rysng8U=
 github.com/sagernet/sing-shadowsocks v0.2.5-0.20230907005610-126234728ca0/go.mod h1:80fNKP0wnqlu85GZXV1H1vDPC/2t+dQbFggOw4XuFUM=
 github.com/sagernet/sing-shadowsocks2 v0.1.4-0.20230907005906-5d2917b29248 h1:JTFfy/LDmVFEK4KZJEujmC1iO8+aoF4unYhhZZRzRq4=

inbound/builder.go

@@ -46,6 +46,8 @@ func New(ctx context.Context, router adapter.Router, logger log.ContextLogger, o
 		return NewVLESS(ctx, router, logger, options.Tag, options.VLESSOptions)
 	case C.TypeTUIC:
 		return NewTUIC(ctx, router, logger, options.Tag, options.TUICOptions)
+	case C.TypeHysteria2:
+		return NewHysteria2(ctx, router, logger, options.Tag, options.Hysteria2Options)
 	default:
 		return nil, E.New("unknown inbound type: ", options.Type)
 	}

inbound/hysteria2.go

@@ -0,0 +1,144 @@
+//go:build with_quic
+
+package inbound
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+
+	"github.com/sagernet/sing-box/adapter"
+	"github.com/sagernet/sing-box/common/tls"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/log"
+	"github.com/sagernet/sing-box/option"
+	"github.com/sagernet/sing-box/transport/hysteria2"
+	"github.com/sagernet/sing/common"
+	"github.com/sagernet/sing/common/auth"
+	E "github.com/sagernet/sing/common/exceptions"
+	N "github.com/sagernet/sing/common/network"
+)
+
+var _ adapter.Inbound = (*Hysteria2)(nil)
+
+type Hysteria2 struct {
+	myInboundAdapter
+	tlsConfig tls.ServerConfig
+	server    *hysteria2.Server
+}
+
+func NewHysteria2(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.Hysteria2InboundOptions) (*Hysteria2, error) {
+	if options.TLS == nil || !options.TLS.Enabled {
+		return nil, C.ErrTLSRequired
+	}
+	tlsConfig, err := tls.NewServer(ctx, logger, common.PtrValueOrDefault(options.TLS))
+	if err != nil {
+		return nil, err
+	}
+	var salamanderPassword string
+	if options.Obfs != nil {
+		if options.Obfs.Password == "" {
+			return nil, E.New("missing obfs password")
+		}
+		switch options.Obfs.Type {
+		case hysteria2.ObfsTypeSalamander:
+			salamanderPassword = options.Obfs.Password
+		default:
+			return nil, E.New("unknown obfs type: ", options.Obfs.Type)
+		}
+	}
+	var masqueradeHandler http.Handler
+	if options.Masquerade != "" {
+		masqueradeURL, err := url.Parse(options.Masquerade)
+		if err != nil {
+			return nil, E.Cause(err, "parse masquerade URL")
+		}
+		switch masqueradeURL.Scheme {
+		case "file":
+			masqueradeHandler = http.FileServer(http.Dir(masqueradeURL.Path))
+		case "http", "https":
+			masqueradeHandler = &httputil.ReverseProxy{
+				Rewrite: func(r *httputil.ProxyRequest) {
+					r.SetURL(masqueradeURL)
+					r.Out.Host = r.In.Host
+				},
+				ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
+					w.WriteHeader(http.StatusBadGateway)
+				},
+			}
+		default:
+			return nil, E.New("unknown masquerade URL scheme: ", masqueradeURL.Scheme)
+		}
+	}
+	inbound := &Hysteria2{
+		myInboundAdapter: myInboundAdapter{
+			protocol:      C.TypeHysteria2,
+			network:       []string{N.NetworkUDP},
+			ctx:           ctx,
+			router:        router,
+			logger:        logger,
+			tag:           tag,
+			listenOptions: options.ListenOptions,
+		},
+		tlsConfig: tlsConfig,
+	}
+	server, err := hysteria2.NewServer(hysteria2.ServerOptions{
+		Context:            ctx,
+		Logger:             logger,
+		SendBPS:            uint64(options.UpMbps * 1024 * 1024),
+		ReceiveBPS:         uint64(options.DownMbps * 1024 * 1024),
+		SalamanderPassword: salamanderPassword,
+		TLSConfig:          tlsConfig,
+		Users: common.Map(options.Users, func(it option.Hysteria2User) hysteria2.User {
+			return hysteria2.User(it)
+		}),
+		IgnoreClientBandwidth: options.IgnoreClientBandwidth,
+		Handler:               adapter.NewUpstreamHandler(adapter.InboundContext{}, inbound.newConnection, inbound.newPacketConnection, nil),
+		MasqueradeHandler:     masqueradeHandler,
+	})
+	if err != nil {
+		return nil, err
+	}
+	inbound.server = server
+	return inbound, nil
+}
+
+func (h *Hysteria2) newConnection(ctx context.Context, conn net.Conn, metadata adapter.InboundContext) error {
+	ctx = log.ContextWithNewID(ctx)
+	h.logger.InfoContext(ctx, "inbound connection to ", metadata.Destination)
+	metadata = h.createMetadata(conn, metadata)
+	metadata.User, _ = auth.UserFromContext[string](ctx)
+	return h.router.RouteConnection(ctx, conn, metadata)
+}
+
+func (h *Hysteria2) newPacketConnection(ctx context.Context, conn N.PacketConn, metadata adapter.InboundContext) error {
+	ctx = log.ContextWithNewID(ctx)
+	metadata = h.createPacketMetadata(conn, metadata)
+	metadata.User, _ = auth.UserFromContext[string](ctx)
+	h.logger.InfoContext(ctx, "inbound packet connection to ", metadata.Destination)
+	return h.router.RoutePacketConnection(ctx, conn, metadata)
+}
+
+func (h *Hysteria2) Start() error {
+	if h.tlsConfig != nil {
+		err := h.tlsConfig.Start()
+		if err != nil {
+			return err
+		}
+	}
+	packetConn, err := h.myInboundAdapter.ListenUDP()
+	if err != nil {
+		return err
+	}
+	return h.server.Start(packetConn)
+}
+
+func (h *Hysteria2) Close() error {
+	return common.Close(
+		&h.myInboundAdapter,
+		h.tlsConfig,
+		common.PtrOrNil(h.server),
+	)
+}

inbound/hysteria_stub.go

@@ -14,3 +14,7 @@ import (
 func NewHysteria(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.HysteriaInboundOptions) (adapter.Inbound, error) {
 	return nil, C.ErrQUICNotIncluded
 }
+
+func NewHysteria2(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.Hysteria2InboundOptions) (adapter.Inbound, error) {
+	return nil, C.ErrQUICNotIncluded
+}

option/hysteria2.go

@@ -0,0 +1,33 @@
+package option
+
+type Hysteria2InboundOptions struct {
+	ListenOptions
+	UpMbps                int                `json:"up_mbps,omitempty"`
+	DownMbps              int                `json:"down_mbps,omitempty"`
+	Obfs                  *Hysteria2Obfs     `json:"obfs,omitempty"`
+	Users                 []Hysteria2User    `json:"users,omitempty"`
+	IgnoreClientBandwidth bool               `json:"ignore_client_bandwidth,omitempty"`
+	TLS                   *InboundTLSOptions `json:"tls,omitempty"`
+	Masquerade            string             `json:"masquerade,omitempty"`
+}
+
+type Hysteria2Obfs struct {
+	Type     string `json:"type,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+type Hysteria2User struct {
+	Name     string `json:"name,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+type Hysteria2OutboundOptions struct {
+	DialerOptions
+	ServerOptions
+	UpMbps   int                 `json:"up_mbps,omitempty"`
+	DownMbps int                 `json:"down_mbps,omitempty"`
+	Obfs     *Hysteria2Obfs      `json:"obfs,omitempty"`
+	Password string              `json:"password,omitempty"`
+	Network  NetworkList         `json:"network,omitempty"`
+	TLS      *OutboundTLSOptions `json:"tls,omitempty"`
+}

option/inbound.go

@@ -24,6 +24,7 @@ type _Inbound struct {
 	ShadowTLSOptions   ShadowTLSInboundOptions   `json:"-"`
 	VLESSOptions       VLESSInboundOptions       `json:"-"`
 	TUICOptions        TUICInboundOptions        `json:"-"`
+	Hysteria2Options   Hysteria2InboundOptions   `json:"-"`
 }
 
 type Inbound _Inbound
@@ -61,6 +62,8 @@ func (h Inbound) MarshalJSON() ([]byte, error) {
 		v = h.VLESSOptions
 	case C.TypeTUIC:
 		v = h.TUICOptions
+	case C.TypeHysteria2:
+		v = h.Hysteria2Options
 	default:
 		return nil, E.New("unknown inbound type: ", h.Type)
 	}
@@ -104,6 +107,8 @@ func (h *Inbound) UnmarshalJSON(bytes []byte) error {
 		v = &h.VLESSOptions
 	case C.TypeTUIC:
 		v = &h.TUICOptions
+	case C.TypeHysteria2:
+		v = &h.Hysteria2Options
 	default:
 		return E.New("unknown inbound type: ", h.Type)
 	}

option/outbound.go

@@ -24,6 +24,7 @@ type _Outbound struct {
 	ShadowsocksROptions ShadowsocksROutboundOptions `json:"-"`
 	VLESSOptions        VLESSOutboundOptions        `json:"-"`
 	TUICOptions         TUICOutboundOptions         `json:"-"`
+	Hysteria2Options    Hysteria2OutboundOptions    `json:"-"`
 	SelectorOptions     SelectorOutboundOptions     `json:"-"`
 	URLTestOptions      URLTestOutboundOptions      `json:"-"`
 }
@@ -63,6 +64,8 @@ func (h Outbound) MarshalJSON() ([]byte, error) {
 		v = h.VLESSOptions
 	case C.TypeTUIC:
 		v = h.TUICOptions
+	case C.TypeHysteria2:
+		v = h.Hysteria2Options
 	case C.TypeSelector:
 		v = h.SelectorOptions
 	case C.TypeURLTest:
@@ -110,6 +113,8 @@ func (h *Outbound) UnmarshalJSON(bytes []byte) error {
 		v = &h.VLESSOptions
 	case C.TypeTUIC:
 		v = &h.TUICOptions
+	case C.TypeHysteria2:
+		v = &h.Hysteria2Options
 	case C.TypeSelector:
 		v = &h.SelectorOptions
 	case C.TypeURLTest:

outbound/builder.go

@@ -53,6 +53,8 @@ func New(ctx context.Context, router adapter.Router, logger log.ContextLogger, t
 		return NewVLESS(ctx, router, logger, tag, options.VLESSOptions)
 	case C.TypeTUIC:
 		return NewTUIC(ctx, router, logger, tag, options.TUICOptions)
+	case C.TypeHysteria2:
+		return NewHysteria2(ctx, router, logger, tag, options.Hysteria2Options)
 	case C.TypeSelector:
 		return NewSelector(router, logger, tag, options.SelectorOptions)
 	case C.TypeURLTest:

outbound/default.go

@@ -65,7 +65,11 @@ func NewConnection(ctx context.Context, this N.Dialer, conn net.Conn, metadata a
 		outConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
 	}
 	if err != nil {
-		return N.HandshakeFailure(conn, err)
+		return N.ReportHandshakeFailure(conn, err)
+	}
+	err = N.ReportHandshakeSuccess(conn)
+	if err != nil {
+		return err
 	}
 	return CopyEarlyConn(ctx, conn, outConn)
 }
@@ -80,14 +84,18 @@ func NewDirectConnection(ctx context.Context, router adapter.Router, this N.Dial
 		var destinationAddresses []netip.Addr
 		destinationAddresses, err = router.LookupDefault(ctx, metadata.Destination.Fqdn)
 		if err != nil {
-			return N.HandshakeFailure(conn, err)
+			return N.ReportHandshakeFailure(conn, err)
 		}
 		outConn, err = N.DialSerial(ctx, this, N.NetworkTCP, metadata.Destination, destinationAddresses)
 	} else {
 		outConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
 	}
 	if err != nil {
-		return N.HandshakeFailure(conn, err)
+		return N.ReportHandshakeFailure(conn, err)
+	}
+	err = N.ReportHandshakeSuccess(conn)
+	if err != nil {
+		return err
 	}
 	return CopyEarlyConn(ctx, conn, outConn)
 }
@@ -103,7 +111,11 @@ func NewPacketConnection(ctx context.Context, this N.Dialer, conn N.PacketConn,
 		outConn, err = this.ListenPacket(ctx, metadata.Destination)
 	}
 	if err != nil {
-		return N.HandshakeFailure(conn, err)
+		return N.ReportHandshakeFailure(conn, err)
+	}
+	err = N.ReportHandshakeSuccess(conn)
+	if err != nil {
+		return err
 	}
 	if destinationAddress.IsValid() {
 		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
@@ -132,14 +144,18 @@ func NewDirectPacketConnection(ctx context.Context, router adapter.Router, this
 		var destinationAddresses []netip.Addr
 		destinationAddresses, err = router.LookupDefault(ctx, metadata.Destination.Fqdn)
 		if err != nil {
-			return N.HandshakeFailure(conn, err)
+			return N.ReportHandshakeFailure(conn, err)
 		}
 		outConn, destinationAddress, err = N.ListenSerial(ctx, this, metadata.Destination, destinationAddresses)
 	} else {
 		outConn, err = this.ListenPacket(ctx, metadata.Destination)
 	}
 	if err != nil {
-		return N.HandshakeFailure(conn, err)
+		return N.ReportHandshakeFailure(conn, err)
+	}
+	err = N.ReportHandshakeSuccess(conn)
+	if err != nil {
+		return err
 	}
 	if destinationAddress.IsValid() {
 		if natConn, loaded := common.Cast[bufio.NATPacketConn](conn); loaded {
@@ -187,7 +203,7 @@ func CopyEarlyConn(ctx context.Context, conn net.Conn, serverConn net.Conn) erro
 		}
 		_, err = serverConn.Write(payload.Bytes())
 		if err != nil {
-			return N.HandshakeFailure(conn, err)
+			return N.ReportHandshakeFailure(conn, err)
 		}
 		payload.Release()
 	}