feat. add uot for sudoku

adapter/outbound/sudoku.go

@@ -19,6 +19,7 @@ import (
 	N "github.com/metacubex/mihomo/common/net"
 	C "github.com/metacubex/mihomo/constant"
 	"github.com/metacubex/mihomo/log"
+	"github.com/metacubex/mihomo/transport/sudotun"
 )
 
 type Sudoku struct {
@@ -72,12 +73,45 @@ func (s *Sudoku) DialContext(ctx context.Context, metadata *C.Metadata) (_ C.Con
 
 // ListenPacketContext implements C.ProxyAdapter
 func (s *Sudoku) ListenPacketContext(ctx context.Context, metadata *C.Metadata) (C.PacketConn, error) {
-	return nil, C.ErrNotSupport
+	if err := s.ResolveUDP(ctx, metadata); err != nil {
+		return nil, err
+	}
+
+	cfg, err := s.buildConfig(metadata)
+	if err != nil {
+		return nil, err
+	}
+
+	c, err := s.dialer.DialContext(ctx, "tcp", s.addr)
+	if err != nil {
+		return nil, fmt.Errorf("%s connect error: %w", s.addr, err)
+	}
+
+	defer func() {
+		safeConnClose(c, err)
+	}()
+
+	if ctx.Done() != nil {
+		done := N.SetupContextForConn(ctx, c)
+		defer done(&err)
+	}
+
+	c, err = s.handshakeConn(c, cfg)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = sudotun.WritePreface(c); err != nil {
+		_ = c.Close()
+		return nil, fmt.Errorf("send uot preface failed: %w", err)
+	}
+
+	return newPacketConn(N.NewThreadSafePacketConn(sudotun.NewUoTPacketConn(c)), s), nil
 }
 
 // SupportUOT implements C.ProxyAdapter
 func (s *Sudoku) SupportUOT() bool {
-	return false // Sudoku protocol only supports TCP
+	return true
 }
 
 // ProxyInfo implements C.ProxyAdapter
@@ -101,7 +135,7 @@ func (s *Sudoku) buildConfig(metadata *C.Metadata) (*apis.ProtocolConfig, error)
 	return &cfg, nil
 }
 
-func (s *Sudoku) streamConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.Conn, err error) {
+func (s *Sudoku) handshakeConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.Conn, err error) {
 	if !cfg.DisableHTTPMask {
 		if err = httpmask.WriteRandomRequestHeader(rawConn, cfg.ServerAddress); err != nil {
 			return nil, fmt.Errorf("write http mask failed: %w", err)
@@ -120,6 +154,15 @@ func (s *Sudoku) streamConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.C
 		return nil, fmt.Errorf("send handshake failed: %w", err)
 	}
 
+	return cConn, nil
+}
+
+func (s *Sudoku) streamConn(rawConn net.Conn, cfg *apis.ProtocolConfig) (_ net.Conn, err error) {
+	cConn, err := s.handshakeConn(rawConn, cfg)
+	if err != nil {
+		return nil, err
+	}
+
 	if err = writeTargetAddress(cConn, cfg.TargetAddress); err != nil {
 		cConn.Close()
 		return nil, fmt.Errorf("send target address failed: %w", err)
@@ -191,7 +234,7 @@ func NewSudoku(option SudokuOption) (*Sudoku, error) {
 			name:   option.Name,
 			addr:   baseConf.ServerAddress,
 			tp:     C.Sudoku,
-			udp:    false,
+			udp:    true,
 			tfo:    option.TFO,
 			mpTcp:  option.MPTCP,
 			iface:  option.Interface,

go.mod

@@ -43,7 +43,7 @@ require (
 	github.com/mroth/weightedrand/v2 v2.1.0
 	github.com/openacid/low v0.1.21
 	github.com/oschwald/maxminddb-golang v1.12.0 // lastest version compatible with golang1.20
-	github.com/saba-futai/sudoku v0.0.1-g
+	github.com/saba-futai/sudoku v0.0.1-i
 	github.com/sagernet/cors v1.2.1
 	github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a
 	github.com/samber/lo v1.52.0

go.sum

@@ -171,8 +171,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/saba-futai/sudoku v0.0.1-g h1:4q6OuAA6COaRW+CgoQtdim5AUPzzm0uOkvbYpJnOaBE=
+github.com/saba-futai/sudoku v0.0.1-i h1:t6H875LSceXaEEwho84GU9OoLa4ieoBo3v+dxpFf4wc=
-github.com/saba-futai/sudoku v0.0.1-g/go.mod h1:2ZRzRwz93cS2K/o2yOG4CPJEltcvk5y6vbvUmjftGU0=
+github.com/saba-futai/sudoku v0.0.1-i/go.mod h1:FNtEAA44TSMvHI94o1kri/itbjvSMm1qCrbd0e6MTZY=
 github.com/sagernet/cors v1.2.1 h1:Cv5Z8y9YSD6Gm+qSpNrL3LO4lD3eQVvbFYJSG7JCMHQ=
 github.com/sagernet/cors v1.2.1/go.mod h1:O64VyOjjhrkLmQIjF4KGRrJO/5dVXFdpEmCW/eISRAI=
 github.com/sagernet/netlink v0.0.0-20240612041022-b9a21c07ac6a h1:ObwtHN2VpqE0ZNjr6sGeT00J8uU7JF4cNUdb44/Duis=

listener/sudoku/server.go

@@ -1,6 +1,8 @@
 package sudoku
 
 import (
+	"errors"
+	"io"
 	"net"
 	"strings"
 
@@ -10,7 +12,9 @@ import (
 	"github.com/metacubex/mihomo/adapter/inbound"
 	C "github.com/metacubex/mihomo/constant"
 	LC "github.com/metacubex/mihomo/listener/config"
+	"github.com/metacubex/mihomo/log"
 	"github.com/metacubex/mihomo/transport/socks5"
+	"github.com/metacubex/mihomo/transport/sudotun"
 )
 
 type Listener struct {
@@ -43,19 +47,74 @@ func (l *Listener) Close() error {
 }
 
 func (l *Listener) handleConn(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
-	tunnelConn, target, err := apis.ServerHandshake(conn, &l.protoConf)
+	session, err := sudotun.ServerHandshake(conn, &l.protoConf)
 	if err != nil {
 		_ = conn.Close()
 		return
 	}
 
-	targetAddr := socks5.ParseAddr(target)
+	switch session.Type {
-	if targetAddr == nil {
+	case sudotun.SessionTypeUoT:
-		_ = tunnelConn.Close()
+		l.handleUoTSession(session.Conn, tunnel, additions...)
-		return
+	default:
+		targetAddr := socks5.ParseAddr(session.Target)
+		if targetAddr == nil {
+			_ = session.Conn.Close()
+			return
+		}
+		tunnel.HandleTCPConn(inbound.NewSocket(targetAddr, session.Conn, C.SUDOKU, additions...))
 	}
+}
 
-	tunnel.HandleTCPConn(inbound.NewSocket(targetAddr, tunnelConn, C.SUDOKU, additions...))
+func (l *Listener) handleUoTSession(conn net.Conn, tunnel C.Tunnel, additions ...inbound.Addition) {
+	writer := sudotun.NewUoTPacketConn(conn)
+	remoteAddr := conn.RemoteAddr()
+
+	for {
+		addrStr, payload, err := sudotun.ReadDatagram(conn)
+		if err != nil {
+			if !errors.Is(err, io.EOF) {
+				log.Debugln("[Sudoku][UoT] session closed: %v", err)
+			}
+			_ = conn.Close()
+			return
+		}
+
+		target := socks5.ParseAddr(addrStr)
+		if target == nil {
+			log.Debugln("[Sudoku][UoT] drop invalid target: %s", addrStr)
+			continue
+		}
+
+		packet := &uotPacket{
+			payload: payload,
+			writer:  writer,
+			rAddr:   remoteAddr,
+		}
+		tunnel.HandleUDPPacket(inbound.NewPacket(target, packet, C.SUDOKU, additions...))
+	}
+}
+
+type uotPacket struct {
+	payload []byte
+	writer  *sudotun.UoTPacketConn
+	rAddr   net.Addr
+}
+
+func (p *uotPacket) Data() []byte {
+	return p.payload
+}
+
+func (p *uotPacket) WriteBack(b []byte, addr net.Addr) (int, error) {
+	return p.writer.WriteTo(b, addr)
+}
+
+func (p *uotPacket) Drop() {
+	p.payload = nil
+}
+
+func (p *uotPacket) LocalAddr() net.Addr {
+	return p.rAddr
 }
 
 func New(config LC.SudokuServer, tunnel C.Tunnel, additions ...inbound.Addition) (*Listener, error) {

transport/sudotun/handshake.go

@@ -0,0 +1,147 @@
+package sudotun
+
+import (
+	"bufio"
+	"encoding/binary"
+	"fmt"
+	"io"
+	"net"
+	"time"
+
+	"github.com/saba-futai/sudoku/apis"
+	"github.com/saba-futai/sudoku/pkg/crypto"
+	"github.com/saba-futai/sudoku/pkg/obfs/httpmask"
+	"github.com/saba-futai/sudoku/pkg/obfs/sudoku"
+
+	"github.com/metacubex/mihomo/log"
+)
+
+type SessionType int
+
+const (
+	SessionTypeTCP SessionType = iota
+	SessionTypeUoT
+)
+
+type ServerSession struct {
+	Conn   net.Conn
+	Type   SessionType
+	Target string
+}
+
+type bufferedConn struct {
+	net.Conn
+	r *bufio.Reader
+}
+
+func (bc *bufferedConn) Read(p []byte) (int, error) {
+	return bc.r.Read(p)
+}
+
+type preBufferedConn struct {
+	net.Conn
+	buf []byte
+}
+
+func (p *preBufferedConn) Read(b []byte) (int, error) {
+	if len(p.buf) > 0 {
+		n := copy(b, p.buf)
+		p.buf = p.buf[n:]
+		return n, nil
+	}
+	if p.Conn == nil {
+		return 0, io.EOF
+	}
+	return p.Conn.Read(b)
+}
+
+func absInt64(v int64) int64 {
+	if v < 0 {
+		return -v
+	}
+	return v
+}
+
+// ServerHandshake performs Sudoku server-side handshake and detects UoT preface.
+func ServerHandshake(rawConn net.Conn, cfg *apis.ProtocolConfig) (*ServerSession, error) {
+	if cfg == nil {
+		return nil, fmt.Errorf("config is required")
+	}
+	if err := cfg.Validate(); err != nil {
+		return nil, fmt.Errorf("invalid config: %w", err)
+	}
+
+	handshakeTimeout := time.Duration(cfg.HandshakeTimeoutSeconds) * time.Second
+	if handshakeTimeout <= 0 {
+		handshakeTimeout = 5 * time.Second
+	}
+
+	bufReader := bufio.NewReader(rawConn)
+	if !cfg.DisableHTTPMask {
+		if peek, _ := bufReader.Peek(4); len(peek) == 4 && string(peek) == "POST" {
+			if _, err := httpmask.ConsumeHeader(bufReader); err != nil {
+				return nil, fmt.Errorf("invalid http header: %w", err)
+			}
+		}
+	}
+
+	rawConn.SetReadDeadline(time.Now().Add(handshakeTimeout))
+	bConn := &bufferedConn{
+		Conn: rawConn,
+		r:    bufReader,
+	}
+	sConn := sudoku.NewConn(bConn, cfg.Table, cfg.PaddingMin, cfg.PaddingMax, true)
+	cConn, err := crypto.NewAEADConn(sConn, cfg.Key, cfg.AEADMethod)
+	if err != nil {
+		return nil, fmt.Errorf("crypto setup failed: %w", err)
+	}
+
+	var handshakeBuf [16]byte
+	if _, err := io.ReadFull(cConn, handshakeBuf[:]); err != nil {
+		cConn.Close()
+		return nil, fmt.Errorf("read handshake failed: %w", err)
+	}
+
+	ts := int64(binary.BigEndian.Uint64(handshakeBuf[:8]))
+	if absInt64(time.Now().Unix()-ts) > 60 {
+		cConn.Close()
+		return nil, fmt.Errorf("timestamp skew detected")
+	}
+
+	sConn.StopRecording()
+
+	firstByte := make([]byte, 1)
+	if _, err := io.ReadFull(cConn, firstByte); err != nil {
+		cConn.Close()
+		return nil, fmt.Errorf("read first byte failed: %w", err)
+	}
+
+	if firstByte[0] == UoTMagicByte {
+		version := make([]byte, 1)
+		if _, err := io.ReadFull(cConn, version); err != nil {
+			cConn.Close()
+			return nil, fmt.Errorf("read uot version failed: %w", err)
+		}
+		if version[0] != uotVersion {
+			cConn.Close()
+			return nil, fmt.Errorf("unsupported uot version: %d", version[0])
+		}
+		rawConn.SetReadDeadline(time.Time{})
+		return &ServerSession{Conn: cConn, Type: SessionTypeUoT}, nil
+	}
+
+	prefixed := &preBufferedConn{Conn: cConn, buf: firstByte}
+	target, err := decodeAddress(prefixed)
+	if err != nil {
+		cConn.Close()
+		return nil, fmt.Errorf("read target address failed: %w", err)
+	}
+
+	rawConn.SetReadDeadline(time.Time{})
+	log.Debugln("[Sudoku] incoming TCP session target: %s", target)
+	return &ServerSession{
+		Conn:   prefixed,
+		Type:   SessionTypeTCP,
+		Target: target,
+	}, nil
+}

transport/sudotun/uot.go

@@ -0,0 +1,235 @@
+package sudotun
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+	"time"
+
+	"github.com/metacubex/mihomo/log"
+)
+
+const (
+	UoTMagicByte  byte = 0xEE
+	uotVersion         = 0x01
+	maxUoTPayload      = 64 * 1024
+)
+
+// WritePreface writes the UDP-over-TCP marker and version.
+func WritePreface(w io.Writer) error {
+	_, err := w.Write([]byte{UoTMagicByte, uotVersion})
+	return err
+}
+
+func encodeAddress(rawAddr string) ([]byte, error) {
+	host, portStr, err := net.SplitHostPort(rawAddr)
+	if err != nil {
+		return nil, err
+	}
+
+	portInt, err := net.LookupPort("udp", portStr)
+	if err != nil {
+		return nil, err
+	}
+
+	var buf []byte
+	if ip := net.ParseIP(host); ip != nil {
+		if ip4 := ip.To4(); ip4 != nil {
+			buf = append(buf, 0x01) // IPv4
+			buf = append(buf, ip4...)
+		} else {
+			buf = append(buf, 0x04) // IPv6
+			buf = append(buf, ip...)
+		}
+	} else {
+		if len(host) > 255 {
+			return nil, fmt.Errorf("domain too long")
+		}
+		buf = append(buf, 0x03) // domain
+		buf = append(buf, byte(len(host)))
+		buf = append(buf, host...)
+	}
+
+	var portBytes [2]byte
+	binary.BigEndian.PutUint16(portBytes[:], uint16(portInt))
+	buf = append(buf, portBytes[:]...)
+	return buf, nil
+}
+
+func decodeAddress(r io.Reader) (string, error) {
+	var atyp [1]byte
+	if _, err := io.ReadFull(r, atyp[:]); err != nil {
+		return "", err
+	}
+
+	switch atyp[0] {
+	case 0x01: // IPv4
+		var ipBuf [net.IPv4len]byte
+		if _, err := io.ReadFull(r, ipBuf[:]); err != nil {
+			return "", err
+		}
+		var portBuf [2]byte
+		if _, err := io.ReadFull(r, portBuf[:]); err != nil {
+			return "", err
+		}
+		return net.JoinHostPort(net.IP(ipBuf[:]).String(), fmt.Sprint(binary.BigEndian.Uint16(portBuf[:]))), nil
+	case 0x04: // IPv6
+		var ipBuf [net.IPv6len]byte
+		if _, err := io.ReadFull(r, ipBuf[:]); err != nil {
+			return "", err
+		}
+		var portBuf [2]byte
+		if _, err := io.ReadFull(r, portBuf[:]); err != nil {
+			return "", err
+		}
+		return net.JoinHostPort(net.IP(ipBuf[:]).String(), fmt.Sprint(binary.BigEndian.Uint16(portBuf[:]))), nil
+	case 0x03: // domain
+		var lengthBuf [1]byte
+		if _, err := io.ReadFull(r, lengthBuf[:]); err != nil {
+			return "", err
+		}
+		l := int(lengthBuf[0])
+		hostBuf := make([]byte, l)
+		if _, err := io.ReadFull(r, hostBuf); err != nil {
+			return "", err
+		}
+		var portBuf [2]byte
+		if _, err := io.ReadFull(r, portBuf[:]); err != nil {
+			return "", err
+		}
+		return net.JoinHostPort(string(hostBuf), fmt.Sprint(binary.BigEndian.Uint16(portBuf[:]))), nil
+	default:
+		return "", fmt.Errorf("unknown address type: %d", atyp[0])
+	}
+}
+
+// WriteDatagram sends a single UDP datagram frame over a reliable stream.
+func WriteDatagram(w io.Writer, addr string, payload []byte) error {
+	addrBuf, err := encodeAddress(addr)
+	if err != nil {
+		return fmt.Errorf("encode address: %w", err)
+	}
+
+	if addrLen := len(addrBuf); addrLen == 0 || addrLen > maxUoTPayload {
+		return fmt.Errorf("address too long: %d", len(addrBuf))
+	}
+	if payloadLen := len(payload); payloadLen > maxUoTPayload {
+		return fmt.Errorf("payload too large: %d", payloadLen)
+	}
+
+	var header [4]byte
+	binary.BigEndian.PutUint16(header[:2], uint16(len(addrBuf)))
+	binary.BigEndian.PutUint16(header[2:], uint16(len(payload)))
+
+	if _, err := w.Write(header[:]); err != nil {
+		return err
+	}
+	if _, err := w.Write(addrBuf); err != nil {
+		return err
+	}
+	_, err = w.Write(payload)
+	return err
+}
+
+// ReadDatagram parses a single UDP datagram frame from the reliable stream.
+func ReadDatagram(r io.Reader) (string, []byte, error) {
+	var header [4]byte
+	if _, err := io.ReadFull(r, header[:]); err != nil {
+		return "", nil, err
+	}
+
+	addrLen := int(binary.BigEndian.Uint16(header[:2]))
+	payloadLen := int(binary.BigEndian.Uint16(header[2:]))
+
+	if addrLen <= 0 || addrLen > maxUoTPayload {
+		return "", nil, fmt.Errorf("invalid address length: %d", addrLen)
+	}
+	if payloadLen < 0 || payloadLen > maxUoTPayload {
+		return "", nil, fmt.Errorf("invalid payload length: %d", payloadLen)
+	}
+
+	addrBuf := make([]byte, addrLen)
+	if _, err := io.ReadFull(r, addrBuf); err != nil {
+		return "", nil, err
+	}
+
+	addr, err := decodeAddress(bytes.NewReader(addrBuf))
+	if err != nil {
+		return "", nil, fmt.Errorf("decode address: %w", err)
+	}
+
+	payload := make([]byte, payloadLen)
+	if _, err := io.ReadFull(r, payload); err != nil {
+		return "", nil, err
+	}
+
+	return addr, payload, nil
+}
+
+// UoTPacketConn adapts a net.Conn with the Sudoku UoT framing to net.PacketConn.
+type UoTPacketConn struct {
+	conn    net.Conn
+	writeMu sync.Mutex
+}
+
+func NewUoTPacketConn(conn net.Conn) *UoTPacketConn {
+	return &UoTPacketConn{conn: conn}
+}
+
+func (c *UoTPacketConn) ReadFrom(p []byte) (int, net.Addr, error) {
+	for {
+		addrStr, payload, err := ReadDatagram(c.conn)
+		if err != nil {
+			return 0, nil, err
+		}
+
+		if len(payload) > len(p) {
+			return 0, nil, io.ErrShortBuffer
+		}
+
+		udpAddr, err := net.ResolveUDPAddr("udp", addrStr)
+		if err != nil {
+			log.Debugln("[Sudoku][UoT] discard datagram with invalid address %s: %v", addrStr, err)
+			continue
+		}
+
+		copy(p, payload)
+		return len(payload), udpAddr, nil
+	}
+}
+
+func (c *UoTPacketConn) WriteTo(p []byte, addr net.Addr) (int, error) {
+	if addr == nil {
+		return 0, errors.New("address is nil")
+	}
+	c.writeMu.Lock()
+	defer c.writeMu.Unlock()
+	if err := WriteDatagram(c.conn, addr.String(), p); err != nil {
+		return 0, err
+	}
+	return len(p), nil
+}
+
+func (c *UoTPacketConn) Close() error {
+	return c.conn.Close()
+}
+
+func (c *UoTPacketConn) LocalAddr() net.Addr {
+	return c.conn.LocalAddr()
+}
+
+func (c *UoTPacketConn) SetDeadline(t time.Time) error {
+	return c.conn.SetDeadline(t)
+}
+
+func (c *UoTPacketConn) SetReadDeadline(t time.Time) error {
+	return c.conn.SetReadDeadline(t)
+}
+
+func (c *UoTPacketConn) SetWriteDeadline(t time.Time) error {
+	return c.conn.SetWriteDeadline(t)
+}