SagerNet/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2025-04-04 20:37:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Add shadowtls v2 support

Browse source
This commit is contained in:
世界 2022-10-06 22:47:11 +08:00
parent d135d0f287
commit b0ad9bb6f1
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
11 changed files with 473 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

201
test/shadowtls_test.go
View file

@ -1,6 +1,9 @@
package main
import (
"context"
"net"
"net/http"
"net/netip"
"testing"
@ -8,11 +11,22 @@ import (
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing-shadowsocks/shadowaead_2022"
F "github.com/sagernet/sing/common/format"
"github.com/stretchr/testify/require"
)
func TestShadowTLS(t *testing.T) {
t.Run("v1", func(t *testing.T) {
testShadowTLS(t, "")
})
t.Run("v2", func(t *testing.T) {
testShadowTLS(t, "hello")
})
}
func testShadowTLS(t *testing.T, password string) {
method := shadowaead_2022.List[0]
password := mkBase64(t, 16)
ssPassword := mkBase64(t, 16)
startInstance(t, option.Options{
Inbounds: []option.Inbound{
{
@ -39,6 +53,121 @@ func TestShadowTLS(t *testing.T) {
ServerPort: 443,
},
},
Password: password,
},
},
{
Type: C.TypeShadowsocks,
Tag: "detour",
ShadowsocksOptions: option.ShadowsocksInboundOptions{
ListenOptions: option.ListenOptions{
Listen: option.ListenAddress(netip.IPv4Unspecified()),
ListenPort: otherPort,
},
Method: method,
Password: ssPassword,
},
},
},
Outbounds: []option.Outbound{
{
Type: C.TypeShadowsocks,
ShadowsocksOptions: option.ShadowsocksOutboundOptions{
Method: method,
Password: ssPassword,
DialerOptions: option.DialerOptions{
Detour: "detour",
},
MultiplexOptions: &option.MultiplexOptions{
Enabled: true,
},
},
},
{
Type: C.TypeShadowTLS,
Tag: "detour",
ShadowTLSOptions: option.ShadowTLSOutboundOptions{
ServerOptions: option.ServerOptions{
Server: "127.0.0.1",
ServerPort: serverPort,
},
TLS: &option.OutboundTLSOptions{
Enabled: true,
ServerName: "google.com",
},
Password: password,
},
},
{
Type: C.TypeDirect,
Tag: "direct",
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{{
DefaultOptions: option.DefaultRule{
Inbound: []string{"detour"},
Outbound: "direct",
},
}},
},
})
testSuit(t, clientPort, testPort)
}
func TestShadowTLSv2Fallback(t *testing.T) {
startInstance(t, option.Options{
Inbounds: []option.Inbound{
{
Type: C.TypeShadowTLS,
ShadowTLSOptions: option.ShadowTLSInboundOptions{
ListenOptions: option.ListenOptions{
Listen: option.ListenAddress(netip.IPv4Unspecified()),
ListenPort: serverPort,
},
Handshake: option.ShadowTLSHandshakeOptions{
ServerOptions: option.ServerOptions{
Server: "google.com",
ServerPort: 443,
},
},
Password: "hello",
},
},
},
})
client := &http.Client{
Transport: &http.Transport{
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
var d net.Dialer
return d.DialContext(ctx, network, "127.0.0.1:"+F.ToString(serverPort))
},
},
}
response, err := client.Get("https://google.com")
require.NoError(t, err)
require.Equal(t, response.StatusCode, 200)
client.CloseIdleConnections()
}
func TestShadowTLSOutbound(t *testing.T) {
method := shadowaead_2022.List[0]
password := mkBase64(t, 16)
startDockerContainer(t, DockerOptions{
Image: ImageShadowTLS,
Ports: []uint16{serverPort, otherPort},
EntryPoint: "shadow-tls",
Cmd: []string{"--threads", "1", "server", "--listen", "0.0.0.0:" + F.ToString(serverPort), "--server", "127.0.0.1:" + F.ToString(otherPort), "--tls", "google.com:443", "--password", "hello"},
})
startInstance(t, option.Options{
Inbounds: []option.Inbound{
{
Type: C.TypeMixed,
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
Listen: option.ListenAddress(netip.IPv4Unspecified()),
ListenPort: clientPort,
},
},
},
{
@ -80,6 +209,7 @@ func TestShadowTLS(t *testing.T) {
Enabled: true,
ServerName: "google.com",
},
Password: "hello",
},
},
{
@ -98,72 +228,3 @@ func TestShadowTLS(t *testing.T) {
})
testSuit(t, clientPort, testPort)
}
func TestShadowTLSOutbound(t *testing.T) {
startDockerContainer(t, DockerOptions{
Image: ImageShadowTLS,
Ports: []uint16{serverPort, otherPort},
EntryPoint: "shadow-tls",
Cmd: []string{"--threads", "1", "server", "0.0.0.0:" + F.ToString(serverPort), "127.0.0.1:" + F.ToString(otherPort), "google.com:443"},
})
startInstance(t, option.Options{
Inbounds: []option.Inbound{
{
Type: C.TypeMixed,
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
Listen: option.ListenAddress(netip.IPv4Unspecified()),
ListenPort: clientPort,
},
},
},
{
Type: C.TypeMixed,
Tag: "detour",
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
Listen: option.ListenAddress(netip.IPv4Unspecified()),
ListenPort: otherPort,
},
},
},
},
Outbounds: []option.Outbound{
{
Type: C.TypeSocks,
SocksOptions: option.SocksOutboundOptions{
DialerOptions: option.DialerOptions{
Detour: "detour",
},
},
},
{
Type: C.TypeShadowTLS,
Tag: "detour",
ShadowTLSOptions: option.ShadowTLSOutboundOptions{
ServerOptions: option.ServerOptions{
Server: "127.0.0.1",
ServerPort: serverPort,
},
TLS: &option.OutboundTLSOptions{
Enabled: true,
ServerName: "google.com",
},
},
},
{
Type: C.TypeDirect,
Tag: "direct",
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{{
DefaultOptions: option.DefaultRule{
Inbound: []string{"detour"},
Outbound: "direct",
},
}},
},
})
testTCP(t, clientPort, testPort)
}