CN-JS-HuiBai/Singbox-For-SBPanel
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First Commmit

Browse Source
This commit is contained in:
CN-JS-HuiBai
2026-04-14 22:41:14 +08:00
commit 9f867b19da
1086 changed files with 147554 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
protocol/naive/inbound.go Normal file
View File

@@ -0,0 +1,251 @@
package naive
import (
"context"
"errors"
"io"
"net"
"net/http"
"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/adapter/inbound"
"github.com/sagernet/sing-box/common/listener"
"github.com/sagernet/sing-box/common/tls"
"github.com/sagernet/sing-box/common/uot"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing-box/transport/v2rayhttp"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/auth"
E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
M "github.com/sagernet/sing/common/metadata"
N "github.com/sagernet/sing/common/network"
aTLS "github.com/sagernet/sing/common/tls"
sHttp "github.com/sagernet/sing/protocol/http"
"golang.org/x/net/http2"
"golang.org/x/net/http2/h2c"
)
var (
ConfigureHTTP3ListenerFunc func(ctx context.Context, logger logger.Logger, listener *listener.Listener, handler http.Handler, tlsConfig tls.ServerConfig, options option.NaiveInboundOptions) (io.Closer, error)
WrapError func(error) error
)
func RegisterInbound(registry *inbound.Registry) {
inbound.Register[option.NaiveInboundOptions](registry, C.TypeNaive, NewInbound)
}
type Inbound struct {
inbound.Adapter
ctx context.Context
router adapter.ConnectionRouterEx
logger logger.ContextLogger
options option.NaiveInboundOptions
listener *listener.Listener
network []string
networkIsDefault bool
authenticator *auth.Authenticator
tlsConfig tls.ServerConfig
httpServer *http.Server
h3Server io.Closer
}
func NewInbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.NaiveInboundOptions) (adapter.Inbound, error) {
inbound := &Inbound{
Adapter: inbound.NewAdapter(C.TypeNaive, tag),
ctx: ctx,
router: uot.NewRouter(router, logger),
logger: logger,
listener: listener.New(listener.Options{
Context: ctx,
Logger: logger,
Listen: options.ListenOptions,
}),
networkIsDefault: options.Network == "",
network: options.Network.Build(),
authenticator: auth.NewAuthenticator(options.Users),
}
if common.Contains(inbound.network, N.NetworkUDP) {
if options.TLS == nil || !options.TLS.Enabled {
return nil, E.New("TLS is required for QUIC server")
}
}
if len(options.Users) == 0 {
return nil, E.New("missing users")
}
if options.TLS != nil {
tlsConfig, err := tls.NewServer(ctx, logger, common.PtrValueOrDefault(options.TLS))
if err != nil {
return nil, err
}
inbound.tlsConfig = tlsConfig
}
return inbound, nil
}
func (n *Inbound) Start(stage adapter.StartStage) error {
if stage != adapter.StartStateStart {
return nil
}
if n.tlsConfig != nil {
err := n.tlsConfig.Start()
if err != nil {
return E.Cause(err, "create TLS config")
}
}
if common.Contains(n.network, N.NetworkTCP) {
tcpListener, err := n.listener.ListenTCP()
if err != nil {
return err
}
n.httpServer = &http.Server{
Handler: h2c.NewHandler(n, &http2.Server{}),
BaseContext: func(listener net.Listener) context.Context {
return n.ctx
},
}
go func() {
listener := net.Listener(tcpListener)
if n.tlsConfig != nil {
if len(n.tlsConfig.NextProtos()) == 0 {
n.tlsConfig.SetNextProtos([]string{http2.NextProtoTLS, "http/1.1"})
} else if !common.Contains(n.tlsConfig.NextProtos(), http2.NextProtoTLS) {
n.tlsConfig.SetNextProtos(append([]string{http2.NextProtoTLS}, n.tlsConfig.NextProtos()...))
}
listener = aTLS.NewListener(tcpListener, n.tlsConfig)
}
sErr := n.httpServer.Serve(listener)
if sErr != nil && !errors.Is(sErr, http.ErrServerClosed) {
n.logger.Error("http server serve error: ", sErr)
}
}()
}
if common.Contains(n.network, N.NetworkUDP) {
http3Server, err := ConfigureHTTP3ListenerFunc(n.ctx, n.logger, n.listener, n, n.tlsConfig, n.options)
if err == nil {
n.h3Server = http3Server
} else if len(n.network) > 1 {
n.logger.Warn(E.Cause(err, "naive http3 disabled"))
} else {
return err
}
}
return nil
}
func (n *Inbound) Close() error {
return common.Close(
&n.listener,
common.PtrOrNil(n.httpServer),
n.h3Server,
n.tlsConfig,
)
}
func (n *Inbound) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
ctx := log.ContextWithNewID(request.Context())
if request.Method != "CONNECT" {
rejectHTTP(writer, http.StatusBadRequest)
n.badRequest(ctx, request, E.New("not CONNECT request"))
return
} else if request.Header.Get("Padding") == "" {
rejectHTTP(writer, http.StatusBadRequest)
n.badRequest(ctx, request, E.New("missing naive padding"))
return
}
userName, password, authOk := sHttp.ParseBasicAuth(request.Header.Get("Proxy-Authorization"))
if authOk {
authOk = n.authenticator.Verify(userName, password)
}
if !authOk {
rejectHTTP(writer, http.StatusProxyAuthRequired)
n.badRequest(ctx, request, E.New("authorization failed"))
return
}
writer.Header().Set("Padding", generatePaddingHeader())
writer.WriteHeader(http.StatusOK)
writer.(http.Flusher).Flush()
hostPort := request.Header.Get("-connect-authority")
if hostPort == "" {
hostPort = request.URL.Host
if hostPort == "" {
hostPort = request.Host
}
}
source := sHttp.SourceAddress(request)
destination := M.ParseSocksaddr(hostPort).Unwrap()
if hijacker, isHijacker := writer.(http.Hijacker); isHijacker {
conn, _, err := hijacker.Hijack()
if err != nil {
n.badRequest(ctx, request, E.New("hijack failed"))
return
}
n.newConnection(ctx, false, &naiveConn{Conn: conn}, userName, source, destination)
} else {
n.newConnection(ctx, true, &naiveH2Conn{
reader: request.Body,
writer: writer,
flusher: writer.(http.Flusher),
remoteAddress: source,
}, userName, source, destination)
}
}
func (n *Inbound) newConnection(ctx context.Context, waitForClose bool, conn net.Conn, userName string, source M.Socksaddr, destination M.Socksaddr) {
if userName != "" {
n.logger.InfoContext(ctx, "[", userName, "] inbound connection from ", source)
n.logger.InfoContext(ctx, "[", userName, "] inbound connection to ", destination)
} else {
n.logger.InfoContext(ctx, "inbound connection from ", source)
n.logger.InfoContext(ctx, "inbound connection to ", destination)
}
var metadata adapter.InboundContext
metadata.Inbound = n.Tag()
metadata.InboundType = n.Type()
//nolint:staticcheck
metadata.InboundDetour = n.listener.ListenOptions().Detour
//nolint:staticcheck
metadata.Source = source
metadata.Destination = destination
metadata.OriginDestination = M.SocksaddrFromNet(conn.LocalAddr()).Unwrap()
metadata.User = userName
if !waitForClose {
n.router.RouteConnectionEx(ctx, conn, metadata, nil)
} else {
done := make(chan struct{})
wrapper := v2rayhttp.NewHTTP2Wrapper(conn)
n.router.RouteConnectionEx(ctx, conn, metadata, N.OnceClose(func(it error) {
close(done)
}))
<-done
wrapper.CloseWrapper()
}
}
func (n *Inbound) badRequest(ctx context.Context, request *http.Request, err error) {
n.logger.ErrorContext(ctx, E.Cause(err, "process connection from ", request.RemoteAddr))
}
func rejectHTTP(writer http.ResponseWriter, statusCode int) {
hijacker, ok := writer.(http.Hijacker)
if !ok {
writer.WriteHeader(statusCode)
return
}
conn, _, err := hijacker.Hijack()
if err != nil {
writer.WriteHeader(statusCode)
return
}
if tcpConn, isTCP := common.Cast[*net.TCPConn](conn); isTCP {
tcpConn.SetLinger(0)
}
conn.Close()
}

257
protocol/naive/inbound_conn.go Normal file
View File

@@ -0,0 +1,257 @@
package naive
import (
"encoding/binary"
"io"
"math/rand"
"net"
"net/http"
"os"
"time"
"github.com/sagernet/sing/common"
"github.com/sagernet/sing/common/baderror"
"github.com/sagernet/sing/common/buf"
M "github.com/sagernet/sing/common/metadata"
"github.com/sagernet/sing/common/rw"
)
const paddingCount = 8
func generatePaddingHeader() string {
paddingLen := rand.Intn(32) + 30
padding := make([]byte, paddingLen)
bits := rand.Uint64()
for i := 0; i < 16; i++ {
padding[i] = "!#$()+<>?@[]^`{}"[bits&15]
bits >>= 4
}
for i := 16; i < paddingLen; i++ {
padding[i] = '~'
}
return string(padding)
}
type paddingConn struct {
readPadding int
writePadding int
readRemaining int
paddingRemaining int
}
func (p *paddingConn) readWithPadding(reader io.Reader, buffer []byte) (n int, err error) {
if p.readRemaining > 0 {
if len(buffer) > p.readRemaining {
buffer = buffer[:p.readRemaining]
}
n, err = reader.Read(buffer)
if err != nil {
return
}
p.readRemaining -= n
return
}
if p.paddingRemaining > 0 {
err = rw.SkipN(reader, p.paddingRemaining)
if err != nil {
return
}
p.paddingRemaining = 0
}
if p.readPadding < paddingCount {
var paddingHeader []byte
if len(buffer) >= 3 {
paddingHeader = buffer[:3]
} else {
paddingHeader = make([]byte, 3)
}
_, err = io.ReadFull(reader, paddingHeader)
if err != nil {
return
}
originalDataSize := int(binary.BigEndian.Uint16(paddingHeader[:2]))
paddingSize := int(paddingHeader[2])
if len(buffer) > originalDataSize {
buffer = buffer[:originalDataSize]
}
n, err = reader.Read(buffer)
if err != nil {
return
}
p.readPadding++
p.readRemaining = originalDataSize - n
p.paddingRemaining = paddingSize
return
}
return reader.Read(buffer)
}
func (p *paddingConn) writeWithPadding(writer io.Writer, data []byte) (n int, err error) {
if p.writePadding < paddingCount {
paddingSize := rand.Intn(256)
buffer := buf.NewSize(3 + len(data) + paddingSize)
defer buffer.Release()
header := buffer.Extend(3)
binary.BigEndian.PutUint16(header, uint16(len(data)))
header[2] = byte(paddingSize)
common.Must1(buffer.Write(data))
common.Must(buffer.WriteZeroN(paddingSize))
_, err = writer.Write(buffer.Bytes())
if err == nil {
n = len(data)
}
p.writePadding++
return
}
return writer.Write(data)
}
func (p *paddingConn) writeBufferWithPadding(writer io.Writer, buffer *buf.Buffer) error {
if p.writePadding < paddingCount {
bufferLen := buffer.Len()
if bufferLen > 65535 {
_, err := p.writeChunked(writer, buffer.Bytes())
return err
}
paddingSize := rand.Intn(256)
header := buffer.ExtendHeader(3)
binary.BigEndian.PutUint16(header, uint16(bufferLen))
header[2] = byte(paddingSize)
common.Must(buffer.WriteZeroN(paddingSize))
p.writePadding++
}
return common.Error(writer.Write(buffer.Bytes()))
}
func (p *paddingConn) writeChunked(writer io.Writer, data []byte) (n int, err error) {
for len(data) > 0 {
var chunk []byte
if len(data) > 65535 {
chunk = data[:65535]
data = data[65535:]
} else {
chunk = data
data = nil
}
var written int
written, err = p.writeWithPadding(writer, chunk)
n += written
if err != nil {
return
}
}
return
}
func (p *paddingConn) frontHeadroom() int {
if p.writePadding < paddingCount {
return 3
}
return 0
}
func (p *paddingConn) rearHeadroom() int {
if p.writePadding < paddingCount {
return 255
}
return 0
}
func (p *paddingConn) writerMTU() int {
if p.writePadding < paddingCount {
return 65535
}
return 0
}
func (p *paddingConn) readerReplaceable() bool {
return p.readPadding == paddingCount
}
func (p *paddingConn) writerReplaceable() bool {
return p.writePadding == paddingCount
}
type naiveConn struct {
net.Conn
paddingConn
}
func (c *naiveConn) Read(p []byte) (n int, err error) {
n, err = c.readWithPadding(c.Conn, p)
return n, wrapError(err)
}
func (c *naiveConn) Write(p []byte) (n int, err error) {
n, err = c.writeChunked(c.Conn, p)
return n, wrapError(err)
}
func (c *naiveConn) WriteBuffer(buffer *buf.Buffer) error {
defer buffer.Release()
err := c.writeBufferWithPadding(c.Conn, buffer)
return wrapError(err)
}
func (c *naiveConn) FrontHeadroom() int { return c.frontHeadroom() }
func (c *naiveConn) RearHeadroom() int { return c.rearHeadroom() }
func (c *naiveConn) WriterMTU() int { return c.writerMTU() }
func (c *naiveConn) Upstream() any { return c.Conn }
func (c *naiveConn) ReaderReplaceable() bool { return c.readerReplaceable() }
func (c *naiveConn) WriterReplaceable() bool { return c.writerReplaceable() }
type naiveH2Conn struct {
reader io.Reader
writer io.Writer
flusher http.Flusher
remoteAddress net.Addr
paddingConn
}
func (c *naiveH2Conn) Read(p []byte) (n int, err error) {
n, err = c.readWithPadding(c.reader, p)
return n, wrapError(err)
}
func (c *naiveH2Conn) Write(p []byte) (n int, err error) {
n, err = c.writeChunked(c.writer, p)
if err == nil {
c.flusher.Flush()
}
return n, wrapError(err)
}
func (c *naiveH2Conn) WriteBuffer(buffer *buf.Buffer) error {
defer buffer.Release()
err := c.writeBufferWithPadding(c.writer, buffer)
if err == nil {
c.flusher.Flush()
}
return wrapError(err)
}
func wrapError(err error) error {
err = baderror.WrapH2(err)
if WrapError != nil {
err = WrapError(err)
}
return err
}
func (c *naiveH2Conn) Close() error {
return common.Close(c.reader, c.writer)
}
func (c *naiveH2Conn) LocalAddr() net.Addr { return M.Socksaddr{} }
func (c *naiveH2Conn) RemoteAddr() net.Addr { return c.remoteAddress }
func (c *naiveH2Conn) SetDeadline(t time.Time) error { return os.ErrInvalid }
func (c *naiveH2Conn) SetReadDeadline(t time.Time) error { return os.ErrInvalid }
func (c *naiveH2Conn) SetWriteDeadline(t time.Time) error { return os.ErrInvalid }
func (c *naiveH2Conn) NeedAdditionalReadDeadline() bool { return true }
func (c *naiveH2Conn) UpstreamReader() any { return c.reader }
func (c *naiveH2Conn) UpstreamWriter() any { return c.writer }
func (c *naiveH2Conn) FrontHeadroom() int { return c.frontHeadroom() }
func (c *naiveH2Conn) RearHeadroom() int { return c.rearHeadroom() }
func (c *naiveH2Conn) WriterMTU() int { return c.writerMTU() }
func (c *naiveH2Conn) ReaderReplaceable() bool { return c.readerReplaceable() }
func (c *naiveH2Conn) WriterReplaceable() bool { return c.writerReplaceable() }

275
protocol/naive/outbound.go Normal file
View File

@@ -0,0 +1,275 @@
//go:build with_naive_outbound
package naive
import (
"context"
"encoding/pem"
"net"
"os"
"strings"
"github.com/sagernet/cronet-go"
_ "github.com/sagernet/cronet-go/all"
"github.com/sagernet/sing-box/adapter"
"github.com/sagernet/sing-box/adapter/outbound"
"github.com/sagernet/sing-box/common/dialer"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/dns"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing/common"
E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
M "github.com/sagernet/sing/common/metadata"
N "github.com/sagernet/sing/common/network"
"github.com/sagernet/sing/common/uot"
"github.com/sagernet/sing/service"
mDNS "github.com/miekg/dns"
)
func RegisterOutbound(registry *outbound.Registry) {
outbound.Register[option.NaiveOutboundOptions](registry, C.TypeNaive, NewOutbound)
}
type Outbound struct {
outbound.Adapter
ctx context.Context
logger logger.ContextLogger
client *cronet.NaiveClient
uotClient *uot.Client
}
func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextLogger, tag string, options option.NaiveOutboundOptions) (adapter.Outbound, error) {
if options.TLS == nil || !options.TLS.Enabled {
return nil, C.ErrTLSRequired
}
if options.TLS.DisableSNI {
return nil, E.New("disable_sni is not supported on naive outbound")
}
if options.TLS.Insecure {
return nil, E.New("insecure is not supported on naive outbound")
}
if len(options.TLS.ALPN) > 0 {
return nil, E.New("alpn is not supported on naive outbound")
}
if options.TLS.MinVersion != "" {
return nil, E.New("min_version is not supported on naive outbound")
}
if options.TLS.MaxVersion != "" {
return nil, E.New("max_version is not supported on naive outbound")
}
if len(options.TLS.CipherSuites) > 0 {
return nil, E.New("cipher_suites is not supported on naive outbound")
}
if len(options.TLS.CurvePreferences) > 0 {
return nil, E.New("curve_preferences is not supported on naive outbound")
}
if len(options.TLS.ClientCertificate) > 0 || options.TLS.ClientCertificatePath != "" {
return nil, E.New("client_certificate is not supported on naive outbound")
}
if len(options.TLS.ClientKey) > 0 || options.TLS.ClientKeyPath != "" {
return nil, E.New("client_key is not supported on naive outbound")
}
if options.TLS.Fragment || options.TLS.RecordFragment {
return nil, E.New("fragment is not supported on naive outbound")
}
if options.TLS.KernelTx || options.TLS.KernelRx {
return nil, E.New("kernel TLS is not supported on naive outbound")
}
if options.TLS.UTLS != nil && options.TLS.UTLS.Enabled {
return nil, E.New("uTLS is not supported on naive outbound")
}
if options.TLS.Reality != nil && options.TLS.Reality.Enabled {
return nil, E.New("reality is not supported on naive outbound")
}
serverAddress := options.ServerOptions.Build()
var serverName string
if options.TLS.ServerName != "" {
serverName = options.TLS.ServerName
} else {
serverName = serverAddress.AddrString()
}
outboundDialer, err := dialer.NewWithOptions(dialer.Options{
Context: ctx,
Options: options.DialerOptions,
RemoteIsDomain: true,
ResolverOnDetour: true,
NewDialer: true,
})
if err != nil {
return nil, err
}
var trustedRootCertificates string
if len(options.TLS.Certificate) > 0 {
trustedRootCertificates = strings.Join(options.TLS.Certificate, "\n")
} else if options.TLS.CertificatePath != "" {
content, err := os.ReadFile(options.TLS.CertificatePath)
if err != nil {
return nil, E.Cause(err, "read certificate")
}
trustedRootCertificates = string(content)
}
extraHeaders := make(map[string]string)
for key, values := range options.ExtraHeaders.Build() {
if len(values) > 0 {
extraHeaders[key] = values[0]
}
}
dnsRouter := service.FromContext[adapter.DNSRouter](ctx)
var dnsResolver cronet.DNSResolverFunc
if dnsRouter != nil {
dnsResolver = func(dnsContext context.Context, request *mDNS.Msg) *mDNS.Msg {
response, err := dnsRouter.Exchange(dnsContext, request, outboundDialer.(dialer.ResolveDialer).QueryOptions())
if err != nil {
logger.Error("DNS exchange failed: ", err)
return dns.FixedResponseStatus(request, mDNS.RcodeServerFailure)
}
return response
}
}
var echEnabled bool
var echConfigList []byte
var echQueryServerName string
if options.TLS.ECH != nil && options.TLS.ECH.Enabled {
echEnabled = true
echQueryServerName = options.TLS.ECH.QueryServerName
var echConfig []byte
if len(options.TLS.ECH.Config) > 0 {
echConfig = []byte(strings.Join(options.TLS.ECH.Config, "\n"))
} else if options.TLS.ECH.ConfigPath != "" {
content, err := os.ReadFile(options.TLS.ECH.ConfigPath)
if err != nil {
return nil, E.Cause(err, "read ECH config")
}
echConfig = content
}
if len(echConfig) > 0 {
block, rest := pem.Decode(echConfig)
if block == nil || block.Type != "ECH CONFIGS" || len(rest) > 0 {
return nil, E.New("invalid ECH configs pem")
}
echConfigList = block.Bytes
}
}
var quicCongestionControl cronet.QUICCongestionControl
switch options.QUICCongestionControl {
case "":
quicCongestionControl = cronet.QUICCongestionControlDefault
case "bbr":
quicCongestionControl = cronet.QUICCongestionControlBBR
case "bbr2":
quicCongestionControl = cronet.QUICCongestionControlBBRv2
case "cubic":
quicCongestionControl = cronet.QUICCongestionControlCubic
case "reno":
quicCongestionControl = cronet.QUICCongestionControlReno
default:
return nil, E.New("unknown quic congestion control: ", options.QUICCongestionControl)
}
client, err := cronet.NewNaiveClient(cronet.NaiveClientOptions{
Context: ctx,
Logger: logger,
ServerAddress: serverAddress,
ServerName: serverName,
Username: options.Username,
Password: options.Password,
InsecureConcurrency: options.InsecureConcurrency,
ExtraHeaders: extraHeaders,
TrustedRootCertificates: trustedRootCertificates,
Dialer: outboundDialer,
DNSResolver: dnsResolver,
ECHEnabled: echEnabled,
ECHConfigList: echConfigList,
ECHQueryServerName: echQueryServerName,
QUIC: options.QUIC,
QUICCongestionControl: quicCongestionControl,
})
if err != nil {
return nil, err
}
var uotClient *uot.Client
uotOptions := common.PtrValueOrDefault(options.UDPOverTCP)
if uotOptions.Enabled {
uotClient = &uot.Client{
Dialer: &naiveDialer{client},
Version: uotOptions.Version,
}
}
var networks []string
if uotClient != nil {
networks = []string{N.NetworkTCP, N.NetworkUDP}
} else {
networks = []string{N.NetworkTCP}
}
return &Outbound{
Adapter: outbound.NewAdapterWithDialerOptions(C.TypeNaive, tag, networks, options.DialerOptions),
ctx: ctx,
logger: logger,
client: client,
uotClient: uotClient,
}, nil
}
func (h *Outbound) Start(stage adapter.StartStage) error {
if stage != adapter.StartStateStart {
return nil
}
err := h.client.Start()
if err != nil {
return err
}
h.logger.Info("NaiveProxy started, version: ", h.client.Engine().Version())
return nil
}
func (h *Outbound) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
switch N.NetworkName(network) {
case N.NetworkTCP:
h.logger.InfoContext(ctx, "outbound connection to ", destination)
return h.client.DialEarly(ctx, destination)
case N.NetworkUDP:
if h.uotClient == nil {
return nil, E.New("UDP is not supported unless UDP over TCP is enabled")
}
h.logger.InfoContext(ctx, "outbound UoT packet connection to ", destination)
return h.uotClient.DialContext(ctx, network, destination)
default:
return nil, E.Extend(N.ErrUnknownNetwork, network)
}
}
func (h *Outbound) ListenPacket(ctx context.Context, destination M.Socksaddr) (net.PacketConn, error) {
if h.uotClient == nil {
return nil, E.New("UDP is not supported unless UDP over TCP is enabled")
}
return h.uotClient.ListenPacket(ctx, destination)
}
func (h *Outbound) InterfaceUpdated() {
h.client.Engine().CloseAllConnections()
}
func (h *Outbound) Close() error {
return h.client.Close()
}
func (h *Outbound) Client() *cronet.NaiveClient {
return h.client
}
type naiveDialer struct {
*cronet.NaiveClient
}
func (d *naiveDialer) DialContext(ctx context.Context, network string, destination M.Socksaddr) (net.Conn, error) {
return d.NaiveClient.DialEarly(ctx, destination)
}

128
protocol/naive/quic/inbound_init.go Normal file
View File

@@ -0,0 +1,128 @@
package quic
import (
"context"
"io"
"net/http"
"time"
"github.com/sagernet/quic-go"
"github.com/sagernet/quic-go/congestion"
"github.com/sagernet/quic-go/http3"
"github.com/sagernet/sing-box/common/listener"
"github.com/sagernet/sing-box/common/tls"
"github.com/sagernet/sing-box/log"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing-box/protocol/naive"
"github.com/sagernet/sing-quic"
"github.com/sagernet/sing-quic/congestion_bbr1"
"github.com/sagernet/sing-quic/congestion_bbr2"
congestion_meta1 "github.com/sagernet/sing-quic/congestion_meta1"
congestion_meta2 "github.com/sagernet/sing-quic/congestion_meta2"
E "github.com/sagernet/sing/common/exceptions"
"github.com/sagernet/sing/common/logger"
"github.com/sagernet/sing/common/ntp"
)
func init() {
naive.ConfigureHTTP3ListenerFunc = func(ctx context.Context, logger logger.Logger, listener *listener.Listener, handler http.Handler, tlsConfig tls.ServerConfig, options option.NaiveInboundOptions) (io.Closer, error) {
err := qtls.ConfigureHTTP3(tlsConfig)
if err != nil {
return nil, err
}
udpConn, err := listener.ListenUDP()
if err != nil {
return nil, err
}
var congestionControl func(conn *quic.Conn) congestion.CongestionControl
timeFunc := ntp.TimeFuncFromContext(ctx)
if timeFunc == nil {
timeFunc = time.Now
}
switch options.QUICCongestionControl {
case "", "bbr":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_meta2.NewBbrSender(
congestion_meta2.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
congestion.ByteCount(congestion_meta1.InitialCongestionWindow),
)
}
case "bbr_standard":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_bbr1.NewBbrSender(
congestion_bbr1.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
congestion_bbr1.InitialCongestionWindowPackets,
congestion_bbr1.MaxCongestionWindowPackets,
)
}
case "bbr2":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_bbr2.NewBBR2Sender(
congestion_bbr2.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
0,
false,
)
}
case "bbr2_variant":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_bbr2.NewBBR2Sender(
congestion_bbr2.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
32*congestion.ByteCount(conn.Config().InitialPacketSize),
true,
)
}
case "cubic":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_meta1.NewCubicSender(
congestion_meta1.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
false,
)
}
case "reno":
congestionControl = func(conn *quic.Conn) congestion.CongestionControl {
return congestion_meta1.NewCubicSender(
congestion_meta1.DefaultClock{TimeFunc: timeFunc},
congestion.ByteCount(conn.Config().InitialPacketSize),
true,
)
}
default:
return nil, E.New("unknown quic congestion control: ", options.QUICCongestionControl)
}
quicListener, err := qtls.ListenEarly(udpConn, tlsConfig, &quic.Config{
MaxIncomingStreams: 1 << 60,
Allow0RTT: true,
})
if err != nil {
udpConn.Close()
return nil, err
}
h3Server := &http3.Server{
Handler: handler,
ConnContext: func(ctx context.Context, conn *quic.Conn) context.Context {
conn.SetCongestionControl(congestionControl(conn))
return log.ContextWithNewID(ctx)
},
}
go func() {
sErr := h3Server.ServeListener(quicListener)
udpConn.Close()
if sErr != nil && !E.IsClosedOrCanceled(sErr) {
logger.Error("http3 server closed: ", sErr)
}
}()
return quicListener, nil
}
naive.WrapError = qtls.WrapError
}