diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3bb8a435..3c81e88f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -140,7 +140,7 @@ jobs: - name: Set build tags run: | set -xeuo pipefail - TAGS='with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_reality_server,with_acme,with_clash_api,with_tailscale' + TAGS='with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_acme,with_clash_api,with_tailscale' echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - name: Build if: matrix.os != 'android' diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 51292cee..2ff00cac 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -80,10 +80,7 @@ jobs: - name: Set build tags run: | set -xeuo pipefail - TAGS='with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_reality_server,with_acme,with_clash_api' - if [ ! '${{ matrix.legacy_go }}' = 'true' ]; then - TAGS="${TAGS},with_ech" - fi + TAGS='with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_acme,with_clash_api' echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - name: Build run: | diff --git a/.golangci.yml b/.golangci.yml index d212ebb2..8bfb72a5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -28,7 +28,6 @@ run: - with_dhcp - with_wireguard - with_utls - - with_reality_server - with_acme - with_clash_api diff --git a/.goreleaser.fury.yaml b/.goreleaser.fury.yaml index c149b1f4..4237b075 100644 --- a/.goreleaser.fury.yaml +++ b/.goreleaser.fury.yaml @@ -15,7 +15,6 @@ builds: - with_dhcp - with_wireguard - with_utls - - with_reality_server - with_acme - with_clash_api - with_tailscale diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 23e0771f..4c333d3b 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -17,7 +17,6 @@ builds: - with_dhcp - with_wireguard - with_utls - - with_reality_server - with_acme - with_clash_api - with_tailscale @@ -47,7 +46,6 @@ builds: - with_dhcp - with_wireguard - with_utls - - with_reality_server - with_acme - with_clash_api - with_tailscale diff --git a/Dockerfile b/Dockerfile index b2700b59..fecd98a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN set -ex \ && export COMMIT=$(git rev-parse --short HEAD) \ && export VERSION=$(go run ./cmd/internal/read_tag) \ && go build -v -trimpath -tags \ - "with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_reality_server,with_acme,with_clash_api,with_tailscale" \ + "with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_acme,with_clash_api,with_tailscale" \ -o /go/bin/sing-box \ -ldflags "-X \"github.com/sagernet/sing-box/constant.Version=$VERSION\" -s -w -buildid=" \ ./cmd/sing-box diff --git a/Makefile b/Makefile index 0de2c8f9..3c8ef641 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ NAME = sing-box COMMIT = $(shell git rev-parse --short HEAD) -TAGS ?= with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api,with_quic,with_utls,with_tailscale -TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_utls,with_reality_server +TAGS ?= with_gvisor,with_dhcp,with_wireguard,with_clash_api,with_quic,with_utls,with_tailscale +TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_utls GOHOSTOS = $(shell go env GOHOSTOS) GOHOSTARCH = $(shell go env GOHOSTARCH) diff --git a/common/badtls/read_wait_utls.go b/common/badtls/read_wait_utls.go index ebdb2251..bba016e4 100644 --- a/common/badtls/read_wait_utls.go +++ b/common/badtls/read_wait_utls.go @@ -7,7 +7,8 @@ import ( _ "unsafe" "github.com/sagernet/sing/common" - "github.com/sagernet/utls" + + "github.com/metacubex/utls" ) func init() { @@ -24,8 +25,8 @@ func init() { }) } -//go:linkname utlsReadRecord github.com/sagernet/utls.(*Conn).readRecord +//go:linkname utlsReadRecord github.com/metacubex/utls.(*Conn).readRecord func utlsReadRecord(c *tls.Conn) error -//go:linkname utlsHandlePostHandshakeMessage github.com/sagernet/utls.(*Conn).handlePostHandshakeMessage +//go:linkname utlsHandlePostHandshakeMessage github.com/metacubex/utls.(*Conn).handlePostHandshakeMessage func utlsHandlePostHandshakeMessage(c *tls.Conn) error diff --git a/common/tls/config.go b/common/tls/config.go index 52d88af0..72bbd194 100644 --- a/common/tls/config.go +++ b/common/tls/config.go @@ -18,6 +18,7 @@ type ( STDConfig = tls.Config STDConn = tls.Conn ConnectionState = tls.ConnectionState + CurveID = tls.CurveID ) func ParseTLSVersion(version string) (uint16, error) { diff --git a/common/tls/ech_tag_stub.go b/common/tls/ech_tag_stub.go new file mode 100644 index 00000000..1a9cbd56 --- /dev/null +++ b/common/tls/ech_tag_stub.go @@ -0,0 +1,5 @@ +//go:build with_ech + +package tls + +var _ int = "Due to the migration to stdlib, the separate `with_ech` build tag has been deprecated and is no longer needed, please update your build configuration." diff --git a/common/tls/reality_client.go b/common/tls/reality_client.go index 748567b5..1f296b65 100644 --- a/common/tls/reality_client.go +++ b/common/tls/reality_client.go @@ -33,8 +33,8 @@ import ( E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/ntp" aTLS "github.com/sagernet/sing/common/tls" - utls "github.com/sagernet/utls" + utls "github.com/metacubex/utls" "golang.org/x/crypto/hkdf" "golang.org/x/net/http2" ) @@ -148,9 +148,13 @@ func (e *RealityClientConfig) ClientHandshake(ctx context.Context, conn net.Conn if err != nil { return nil, err } - ecdheKey := uConn.HandshakeState.State13.EcdheKey + keyShareKeys := uConn.HandshakeState.State13.KeyShareKeys + if keyShareKeys == nil { + return nil, E.New("nil KeyShareKeys") + } + ecdheKey := keyShareKeys.Ecdhe if ecdheKey == nil { - return nil, E.New("nil ecdhe_key") + return nil, E.New("nil ecdheKey") } authKey, err := ecdheKey.ECDH(publicKey) if err != nil { @@ -214,10 +218,6 @@ func realityClientFallback(ctx context.Context, uConn net.Conn, serverName strin response.Body.Close() } -func (e *RealityClientConfig) SetSessionIDGenerator(generator func(clientHello []byte, sessionID []byte) error) { - e.uClient.config.SessionIDGenerator = generator -} - func (e *RealityClientConfig) Clone() Config { return &RealityClientConfig{ e.ctx, diff --git a/common/tls/reality_server.go b/common/tls/reality_server.go index 84b0979d..3eff3146 100644 --- a/common/tls/reality_server.go +++ b/common/tls/reality_server.go @@ -1,4 +1,4 @@ -//go:build with_reality_server +//go:build with_utls package tls @@ -10,25 +10,25 @@ import ( "net" "time" - "github.com/sagernet/reality" "github.com/sagernet/sing-box/common/dialer" "github.com/sagernet/sing-box/log" "github.com/sagernet/sing-box/option" - "github.com/sagernet/sing/common/debug" E "github.com/sagernet/sing/common/exceptions" M "github.com/sagernet/sing/common/metadata" N "github.com/sagernet/sing/common/network" "github.com/sagernet/sing/common/ntp" + + utls "github.com/metacubex/utls" ) var _ ServerConfigCompat = (*RealityServerConfig)(nil) type RealityServerConfig struct { - config *reality.Config + config *utls.RealityConfig } func NewRealityServer(ctx context.Context, logger log.Logger, options option.InboundTLSOptions) (*RealityServerConfig, error) { - var tlsConfig reality.Config + var tlsConfig utls.RealityConfig if options.ACME != nil && len(options.ACME.Domain) > 0 { return nil, E.New("acme is unavailable in reality") @@ -113,10 +113,6 @@ func NewRealityServer(ctx context.Context, logger log.Logger, options option.Inb return handshakeDialer.DialContext(ctx, network, M.ParseSocksaddr(addr)) } - if debug.Enabled { - tlsConfig.Show = true - } - return &RealityServerConfig{&tlsConfig}, nil } @@ -157,7 +153,7 @@ func (c *RealityServerConfig) Server(conn net.Conn) (Conn, error) { } func (c *RealityServerConfig) ServerHandshake(ctx context.Context, conn net.Conn) (Conn, error) { - tlsConn, err := reality.Server(ctx, conn, c.config) + tlsConn, err := utls.RealityServer(ctx, conn, c.config) if err != nil { return nil, err } @@ -173,7 +169,7 @@ func (c *RealityServerConfig) Clone() Config { var _ Conn = (*realityConnWrapper)(nil) type realityConnWrapper struct { - *reality.Conn + *utls.Conn } func (c *realityConnWrapper) ConnectionState() ConnectionState { diff --git a/common/tls/reality_stub.go b/common/tls/reality_stub.go index 8d394f7b..0feb2aac 100644 --- a/common/tls/reality_stub.go +++ b/common/tls/reality_stub.go @@ -1,15 +1,5 @@ -//go:build !with_reality_server +//go:build with_reality_server package tls -import ( - "context" - - "github.com/sagernet/sing-box/log" - "github.com/sagernet/sing-box/option" - E "github.com/sagernet/sing/common/exceptions" -) - -func NewRealityServer(ctx context.Context, logger log.Logger, options option.InboundTLSOptions) (ServerConfig, error) { - return nil, E.New(`reality server is not included in this build, rebuild with -tags with_reality_server`) -} +var _ int = "The separate `with_reality_server` build tag has been merged into `with_utls` and is no longer needed, please update your build configuration." diff --git a/common/tls/utls_client.go b/common/tls/utls_client.go index fe8e4296..5c0de6ad 100644 --- a/common/tls/utls_client.go +++ b/common/tls/utls_client.go @@ -16,8 +16,8 @@ import ( "github.com/sagernet/sing-box/option" E "github.com/sagernet/sing/common/exceptions" "github.com/sagernet/sing/common/ntp" - utls "github.com/sagernet/utls" + utls "github.com/metacubex/utls" "golang.org/x/net/http2" ) diff --git a/common/tls/utls_stub.go b/common/tls/utls_stub.go index d015611a..e5a84d9c 100644 --- a/common/tls/utls_stub.go +++ b/common/tls/utls_stub.go @@ -14,5 +14,9 @@ func NewUTLSClient(ctx context.Context, serverAddress string, options option.Out } func NewRealityClient(ctx context.Context, serverAddress string, options option.OutboundTLSOptions) (Config, error) { - return nil, E.New(`uTLS, which is required by reality client is not included in this build, rebuild with -tags with_utls`) + return nil, E.New(`uTLS, which is required by reality is not included in this build, rebuild with -tags with_utls`) +} + +func NewRealityServer(ctx context.Context, logger log.Logger, options option.InboundTLSOptions) (ServerConfig, error) { + return nil, E.New(`uTLS, which is required by reality is not included in this build, rebuild with -tags with_utls`) } diff --git a/docs/installation/build-from-source.md b/docs/installation/build-from-source.md index c286c366..1f13e814 100644 --- a/docs/installation/build-from-source.md +++ b/docs/installation/build-from-source.md @@ -52,7 +52,6 @@ go build -tags "tag_a tag_b" ./cmd/sing-box | `with_dhcp` | :material-check: | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server/). | | `with_wireguard` | :material-check: | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard/). | | `with_utls` | :material-check: | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | -| `with_reality_server` | :material-check: | Build with reality TLS server support, see [TLS](/configuration/shared/tls/). | | `with_acme` | :material-check: | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls/). | | `with_clash_api` | :material-check: | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | | `with_v2ray_api` | :material-close:️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | diff --git a/docs/installation/build-from-source.zh.md b/docs/installation/build-from-source.zh.md index c0222929..512d2e24 100644 --- a/docs/installation/build-from-source.zh.md +++ b/docs/installation/build-from-source.zh.md @@ -56,7 +56,6 @@ go build -tags "tag_a tag_b" ./cmd/sing-box | `with_dhcp` | :material-check: | Build with DHCP support, see [DHCP DNS transport](/configuration/dns/server/). | | `with_wireguard` | :material-check: | Build with WireGuard support, see [WireGuard outbound](/configuration/outbound/wireguard/). | | `with_utls` | :material-check: | Build with [uTLS](https://github.com/refraction-networking/utls) support for TLS outbound, see [TLS](/configuration/shared/tls#utls). | -| `with_reality_server` | :material-check: | Build with reality TLS server support, see [TLS](/configuration/shared/tls/). | | `with_acme` | :material-check: | Build with ACME TLS certificate issuer support, see [TLS](/configuration/shared/tls/). | | `with_clash_api` | :material-check: | Build with Clash API support, see [Experimental](/configuration/experimental#clash-api-fields). | | `with_v2ray_api` | :material-close:️ | Build with V2Ray API support, see [Experimental](/configuration/experimental#v2ray-api-fields). | diff --git a/go.mod b/go.mod index fb86631b..e86a865b 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/libdns/cloudflare v0.1.1 github.com/logrusorgru/aurora v2.0.3+incompatible github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 + github.com/metacubex/utls v1.7.0-alpha.2 github.com/mholt/acmez/v3 v3.0.1 github.com/miekg/dns v1.1.63 github.com/oschwald/maxminddb-golang v1.13.1 @@ -25,18 +26,16 @@ require ( github.com/sagernet/gomobile v0.1.4 github.com/sagernet/gvisor v0.0.0-20250325023245-7a9c0f5725fb github.com/sagernet/quic-go v0.49.0-beta.1 - github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 github.com/sagernet/sing v0.6.8-0.20250429124449-59dfe1dbfdbf github.com/sagernet/sing-mux v0.3.2 github.com/sagernet/sing-quic v0.4.1-0.20250423030647-0eb05f373a76 github.com/sagernet/sing-shadowsocks v0.2.7 github.com/sagernet/sing-shadowsocks2 v0.2.0 - github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056 + github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210 - github.com/sagernet/sing-vmess v0.2.1 + github.com/sagernet/sing-vmess v0.2.2-0.20250503051933-9b4cf17393f8 github.com/sagernet/smux v1.5.34-mod.1 github.com/sagernet/tailscale v1.80.3-mod.4 - github.com/sagernet/utls v1.6.7 github.com/sagernet/wireguard-go v0.0.1-beta.7 github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 github.com/spf13/cobra v1.8.1 diff --git a/go.sum b/go.sum index 97af3ce5..550cbc8c 100644 --- a/go.sum +++ b/go.sum @@ -130,6 +130,8 @@ github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ= github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422 h1:zGeQt3UyNydIVrMRB97AA5WsYEau/TyCnRtTf1yUmJY= github.com/metacubex/tfo-go v0.0.0-20241231083714-66613d49c422/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw= +github.com/metacubex/utls v1.7.0-alpha.2 h1:kLRg6zDV12R1uclL5qW9Tx4RD6ztGIIrTZWY5zrJXCg= +github.com/metacubex/utls v1.7.0-alpha.2/go.mod h1:oknYT0qTOwE4hjPmZOEpzVdefnW7bAdGLvZcqmk4TLU= github.com/mholt/acmez/v3 v3.0.1 h1:4PcjKjaySlgXK857aTfDuRbmnM5gb3Ruz3tvoSJAUp8= github.com/mholt/acmez/v3 v3.0.1/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ= github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY= @@ -176,8 +178,6 @@ github.com/sagernet/nftables v0.3.0-beta.4 h1:kbULlAwAC3jvdGAC1P5Fa3GSxVwQJibNen github.com/sagernet/nftables v0.3.0-beta.4/go.mod h1:OQXAjvjNGGFxaTgVCSTRIhYB5/llyVDeapVoENYBDS8= github.com/sagernet/quic-go v0.49.0-beta.1 h1:3LdoCzVVfYRibZns1tYWSIoB65fpTmrwy+yfK8DQ8Jk= github.com/sagernet/quic-go v0.49.0-beta.1/go.mod h1:uesWD1Ihrldq1M3XtjuEvIUqi8WHNsRs71b3Lt1+p/U= -github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691 h1:5Th31OC6yj8byLGkEnIYp6grlXfo1QYUfiYFGjewIdc= -github.com/sagernet/reality v0.0.0-20230406110435-ee17307e7691/go.mod h1:B8lp4WkQ1PwNnrVMM6KyuFR20pU8jYBD+A4EhJovEXU= github.com/sagernet/sing v0.6.7/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak= github.com/sagernet/sing v0.6.8-0.20250429124449-59dfe1dbfdbf h1:WLlIJ2+Z4ZjQQAJlxYvASMIopFFk5aQBbq7fwIPS3u0= github.com/sagernet/sing v0.6.8-0.20250429124449-59dfe1dbfdbf/go.mod h1:ARkL0gM13/Iv5VCZmci/NuoOlePoIsW0m7BWfln/Hak= @@ -189,18 +189,16 @@ github.com/sagernet/sing-shadowsocks v0.2.7 h1:zaopR1tbHEw5Nk6FAkM05wCslV6ahVegE github.com/sagernet/sing-shadowsocks v0.2.7/go.mod h1:0rIKJZBR65Qi0zwdKezt4s57y/Tl1ofkaq6NlkzVuyE= github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wKFHi+8XwgADg= github.com/sagernet/sing-shadowsocks2 v0.2.0/go.mod h1:RnXS0lExcDAovvDeniJ4IKa2IuChrdipolPYWBv9hWQ= -github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056 h1:GFNJQAHhSXqAfxAw1wDG/QWbdpGH5Na3k8qUynqWnEA= -github.com/sagernet/sing-shadowtls v0.2.1-0.20250316154757-6f9e732e5056/go.mod h1:HyacBPIFiKihJQR8LQp56FM4hBtd/7MZXnRxxQIOPsc= +github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11 h1:tK+75l64tm9WvEFrYRE1t0YxoFdWQqw/h7Uhzj0vJ+w= +github.com/sagernet/sing-shadowtls v0.2.1-0.20250503051639-fcd445d33c11/go.mod h1:sWqKnGlMipCHaGsw1sTTlimyUpgzP4WP3pjhCsYt9oA= github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210 h1:6H4BZaTqKI3YcDMyTV3E576LuJM4S4wY99xoq2T1ECw= github.com/sagernet/sing-tun v0.6.6-0.20250428031943-0686f8c4f210/go.mod h1:fisFCbC4Vfb6HqQNcwPJi2CDK2bf0Xapyz3j3t4cnHE= -github.com/sagernet/sing-vmess v0.2.1 h1:6izHC2+B68aQCxTagki6eZZc+g5eh4dYwxOV5a2Lhug= -github.com/sagernet/sing-vmess v0.2.1/go.mod h1:jDAZ0A0St1zVRkyvhAPRySOFfhC+4SQtO5VYyeFotgA= +github.com/sagernet/sing-vmess v0.2.2-0.20250503051933-9b4cf17393f8 h1:zW+zAOCxUIqBCgnZiPovt1uQ3S+zBS+w0NGp+1zITGA= +github.com/sagernet/sing-vmess v0.2.2-0.20250503051933-9b4cf17393f8/go.mod h1:IL8Rr+EGwuqijszZkNrEFTQDKhilEpkqFqOlvdpS6/w= github.com/sagernet/smux v1.5.34-mod.1 h1:xZljMK3fVOX4HC+ND1N7eOiweqEa9bxRTKlliqe9DJE= github.com/sagernet/smux v1.5.34-mod.1/go.mod h1:qI3fpNiLZmwrh83DmbJHX7sAsc2R/gbqdWw0/WzciU0= github.com/sagernet/tailscale v1.80.3-mod.4 h1:9UgYq8m9mwX5dbTbueVxbRh+bq7AayxemJGM2PkJQnE= github.com/sagernet/tailscale v1.80.3-mod.4/go.mod h1:EBxXsWu4OH2ELbQLq32WoBeIubG8KgDrg4/Oaxjs6lI= -github.com/sagernet/utls v1.6.7 h1:Ep3+aJ8FUGGta+II2IEVNUc3EDhaRCZINWkj/LloIA8= -github.com/sagernet/utls v1.6.7/go.mod h1:Uua1TKO/FFuAhLr9rkaVnnrTmmiItzDjv1BUb2+ERwM= github.com/sagernet/wireguard-go v0.0.1-beta.7 h1:ltgBwYHfr+9Wz1eG59NiWnHrYEkDKHG7otNZvu85DXI= github.com/sagernet/wireguard-go v0.0.1-beta.7/go.mod h1:jGXij2Gn2wbrWuYNUmmNhf1dwcZtvyAvQoe8Xd8MbUo= github.com/sagernet/ws v0.0.0-20231204124109-acfe8907c854 h1:6uUiZcDRnZSAegryaUGwPC/Fj13JSHwiTftrXhMmYOc=