diff --git a/docs/configuration/inbound/shadowtls.md b/docs/configuration/inbound/shadowtls.md index f989d319..01c3be24 100644 --- a/docs/configuration/inbound/shadowtls.md +++ b/docs/configuration/inbound/shadowtls.md @@ -9,11 +9,25 @@ "version": 3, "password": "fuck me till the daylight", + "users": [ + { + "name": "sekai", + "password": "8JCsPssfgS8tiRwiMlhARg==" + } + ], "handshake": { "server": "google.com", "server_port": 443, ... // Dial Fields + }, + "handshake_for_server_name": { + "example.com": { + "server": "example.com", + "server_port": 443, + + ... // Dial Fields + } } } ``` @@ -36,12 +50,25 @@ ShadowTLS protocol version. #### password -Set password. +ShadowTLS password. -Only available in the ShadowTLS v2/v3 protocol. +Only available in the ShadowTLS protocol 2. + + +#### users + +ShadowTLS users. + +Only available in the ShadowTLS protocol 3. #### handshake ==Required== -Handshake server address and [Dial options](/configuration/shared/dial). \ No newline at end of file +Handshake server address and [Dial options](/configuration/shared/dial). + +#### handshake + +Handshake server address and [Dial options](/configuration/shared/dial) for specific server name. + +Only available in the ShadowTLS protocol 2/3. diff --git a/docs/configuration/inbound/shadowtls.zh.md b/docs/configuration/inbound/shadowtls.zh.md index 356d0a1f..a3bdc9f2 100644 --- a/docs/configuration/inbound/shadowtls.zh.md +++ b/docs/configuration/inbound/shadowtls.zh.md @@ -9,11 +9,25 @@ "version": 3, "password": "fuck me till the daylight", + "users": [ + { + "name": "sekai", + "password": "8JCsPssfgS8tiRwiMlhARg==" + } + ], "handshake": { "server": "google.com", "server_port": 443, ... // 拨号字段 + }, + "handshake_for_server_name": { + "example.com": { + "server": "example.com", + "server_port": 443, + + ... // 拨号字段 + } } } ``` @@ -36,12 +50,26 @@ ShadowTLS 协议版本。 #### password -设置密码。 +ShadowTLS 密码。 -仅在 ShadowTLS v2/v3 协议中可用。 +仅在 ShadowTLS 协议版本 2 中可用。 + +#### users + +ShadowTLS 用户。 + +仅在 ShadowTLS 协议版本 3 中可用。 #### handshake ==必填== 握手服务器地址和 [拨号参数](/zh/configuration/shared/dial/)。 + +#### handshake + +==必填== + +对于特定服务器名称的握手服务器地址和 [拨号参数](/zh/configuration/shared/dial/)。 + +仅在 ShadowTLS 协议版本 2/3 中可用。 diff --git a/go.mod b/go.mod index 53617b54..d367ab8e 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b github.com/sagernet/sing-dns v0.1.4 github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9 - github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9 + github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260 github.com/sagernet/sing-tun v0.1.1 github.com/sagernet/sing-vmess v0.1.2 github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 diff --git a/go.sum b/go.sum index ad7216f0..7ad1e66b 100644 --- a/go.sum +++ b/go.sum @@ -133,8 +133,8 @@ github.com/sagernet/sing-dns v0.1.4 h1:7VxgeoSCiiazDSaXXQVcvrTBxFpOePPq/4XdgnUDN github.com/sagernet/sing-dns v0.1.4/go.mod h1:1+6pCa48B1AI78lD+/i/dLgpw4MwfnsSpZo0Ds8wzzk= github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9 h1:qS39eA4C7x+zhEkySbASrtmb6ebdy5v0y2M6mgkmSO0= github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= -github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9 h1:k1nXJL/00TSzlhFzTPpeo6VkbUyreIFVdGcd8pD7lrY= -github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc= +github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260 h1:RKeyBMI5kRnno3/WGsW4HrGnZkhISQQrnRxAKXbf5Vg= +github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc= github.com/sagernet/sing-tun v0.1.1 h1:2Hg3GAyJWzQ7Ua1j74dE+mI06vaqSBO9yD4tkTjggn4= github.com/sagernet/sing-tun v0.1.1/go.mod h1:WzW/SkT+Nh9uJn/FIYUE2YJHYuPwfbh8sATOzU9QDGw= github.com/sagernet/sing-vmess v0.1.2 h1:RbOZNAId2LrCai8epMoQXlf0XTrou0bfcw08hNBg6lM= diff --git a/inbound/shadowtls.go b/inbound/shadowtls.go index edc1ae4c..9b78ed61 100644 --- a/inbound/shadowtls.go +++ b/inbound/shadowtls.go @@ -10,6 +10,7 @@ import ( "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" "github.com/sagernet/sing-shadowtls" + "github.com/sagernet/sing/common" N "github.com/sagernet/sing/common/network" ) @@ -31,13 +32,29 @@ func NewShadowTLS(ctx context.Context, router adapter.Router, logger log.Context }, } + var handshakeForServerName map[string]shadowtls.HandshakeConfig + if options.Version > 1 { + handshakeForServerName = make(map[string]shadowtls.HandshakeConfig) + for serverName, serverOptions := range options.HandshakeForServerName { + handshakeForServerName[serverName] = shadowtls.HandshakeConfig{ + Server: serverOptions.ServerOptions.Build(), + Dialer: dialer.New(router, serverOptions.DialerOptions), + } + } + } service, err := shadowtls.NewService(shadowtls.ServiceConfig{ - Version: options.Version, - Password: options.Password, - HandshakeServer: options.Handshake.ServerOptions.Build(), - HandshakeDialer: dialer.New(router, options.Handshake.DialerOptions), - Handler: inbound.upstreamContextHandler(), - Logger: logger, + Version: options.Version, + Password: options.Password, + Users: common.Map(options.Users, func(it option.ShadowTLSUser) shadowtls.User { + return (shadowtls.User)(it) + }), + Handshake: shadowtls.HandshakeConfig{ + Server: options.Handshake.ServerOptions.Build(), + Dialer: dialer.New(router, options.Handshake.DialerOptions), + }, + HandshakeForServerName: handshakeForServerName, + Handler: inbound.upstreamContextHandler(), + Logger: logger, }) if err != nil { return nil, err diff --git a/option/shadowtls.go b/option/shadowtls.go index bef655dd..c0911aa0 100644 --- a/option/shadowtls.go +++ b/option/shadowtls.go @@ -2,10 +2,16 @@ package option type ShadowTLSInboundOptions struct { ListenOptions - Version int `json:"version,omitempty"` - Password string `json:"password,omitempty"` - FallbackAfter *int `json:"fallback_after,omitempty"` - Handshake ShadowTLSHandshakeOptions `json:"handshake"` + Version int `json:"version,omitempty"` + Password string `json:"password,omitempty"` + Users []ShadowTLSUser `json:"users,omitempty"` + Handshake ShadowTLSHandshakeOptions `json:"handshake,omitempty"` + HandshakeForServerName map[string]ShadowTLSHandshakeOptions `json:"handshake_for_server_name,omitempty"` +} + +type ShadowTLSUser struct { + Name string `json:"name,omitempty"` + Password string `json:"password,omitempty"` } type ShadowTLSHandshakeOptions struct { diff --git a/test/go.mod b/test/go.mod index cef1acde..7f805c9f 100644 --- a/test/go.mod +++ b/test/go.mod @@ -10,8 +10,8 @@ require ( github.com/docker/docker v20.10.18+incompatible github.com/docker/go-connections v0.4.0 github.com/gofrs/uuid v4.4.0+incompatible - github.com/sagernet/sing v0.1.7 - github.com/sagernet/sing-shadowsocks v0.1.1 + github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b + github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9 github.com/spyzhov/ajson v0.7.1 github.com/stretchr/testify v1.8.1 go.uber.org/goleak v1.2.0 @@ -68,7 +68,7 @@ require ( github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 // indirect github.com/sagernet/sing-dns v0.1.4 // indirect - github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9 // indirect + github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260 // indirect github.com/sagernet/sing-tun v0.1.1 // indirect github.com/sagernet/sing-vmess v0.1.2 // indirect github.com/sagernet/smux v0.0.0-20220831015742-e0f1988e3195 // indirect diff --git a/test/go.sum b/test/go.sum index 06ec5eda..0f0493af 100644 --- a/test/go.sum +++ b/test/go.sum @@ -140,14 +140,14 @@ github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32 h1:tztuJB+giOWNRK github.com/sagernet/quic-go v0.0.0-20230202071646-a8c8afb18b32/go.mod h1:QMCkxXAC3CvBgDZVIJp43NWTuwGBScCzMLVLynjERL8= github.com/sagernet/sing v0.0.0-20220812082120-05f9836bff8f/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= github.com/sagernet/sing v0.0.0-20220817130738-ce854cda8522/go.mod h1:QVsS5L/ZA2Q5UhQwLrn0Trw+msNd/NPGEhBKR/ioWiY= -github.com/sagernet/sing v0.1.7 h1:g4vjr3q8SUlBZSx97Emz5OBfSMBxxW5Q8C2PfdoSo08= -github.com/sagernet/sing v0.1.7/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= +github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b h1:Ji2AfGlc4j9AitobOx4k3BCj7eS5nSxL1cgaL81zvlo= +github.com/sagernet/sing v0.1.8-0.20230221060643-3401d210384b/go.mod h1:jt1w2u7lJQFFSGLiRrRIs5YWmx4kAPfWuOejuDW9qMk= github.com/sagernet/sing-dns v0.1.4 h1:7VxgeoSCiiazDSaXXQVcvrTBxFpOePPq/4XdgnUDN+0= github.com/sagernet/sing-dns v0.1.4/go.mod h1:1+6pCa48B1AI78lD+/i/dLgpw4MwfnsSpZo0Ds8wzzk= -github.com/sagernet/sing-shadowsocks v0.1.1 h1:uFK2rlVeD/b1xhDwSMbUI2goWc6fOKxp+ZeKHZq6C9Q= -github.com/sagernet/sing-shadowsocks v0.1.1/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= -github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9 h1:k1nXJL/00TSzlhFzTPpeo6VkbUyreIFVdGcd8pD7lrY= -github.com/sagernet/sing-shadowtls v0.0.0-20230220055143-e986e9cd9eb9/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc= +github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9 h1:qS39eA4C7x+zhEkySbASrtmb6ebdy5v0y2M6mgkmSO0= +github.com/sagernet/sing-shadowsocks v0.1.2-0.20230221080503-769c01d6bba9/go.mod h1:f3mHTy5shnVM9l8UocMlJgC/1G/zdj5FuEuVXhDinGU= +github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260 h1:RKeyBMI5kRnno3/WGsW4HrGnZkhISQQrnRxAKXbf5Vg= +github.com/sagernet/sing-shadowtls v0.0.0-20230221075551-c5ad05179260/go.mod h1:Kn1VUIprdkwCgkS6SXYaLmIpKzQbqBIKJBMY+RvBhYc= github.com/sagernet/sing-tun v0.1.1 h1:2Hg3GAyJWzQ7Ua1j74dE+mI06vaqSBO9yD4tkTjggn4= github.com/sagernet/sing-tun v0.1.1/go.mod h1:WzW/SkT+Nh9uJn/FIYUE2YJHYuPwfbh8sATOzU9QDGw= github.com/sagernet/sing-vmess v0.1.2 h1:RbOZNAId2LrCai8epMoQXlf0XTrou0bfcw08hNBg6lM= diff --git a/test/shadowtls_test.go b/test/shadowtls_test.go index 15fa585a..0671b1af 100644 --- a/test/shadowtls_test.go +++ b/test/shadowtls_test.go @@ -64,6 +64,7 @@ func testShadowTLS(t *testing.T, version int, password string, utlsEanbled bool) }, Version: version, Password: password, + Users: []option.ShadowTLSUser{{Password: password}}, }, }, {