feat: salamander obfs

2025-04-03 20:47:38 +03:00 · 2023-07-09 16:37:18 -07:00 · 2023-07-09 16:37:18 -07:00 · 4c24edaac1
commit 4c24edaac1
parent baee5689c1
12 changed files with 362 additions and 9 deletions
--- a/app/client.example.yaml
+++ b/app/client.example.yaml
@ -1,5 +1,10 @@
 server: example.com

+# obfs:
+#   type: salamander
+#   salamander:
+#     password: some_password
+
 auth: some_password

 # tls:
--- a/app/cmd/client.go
+++ b/app/cmd/client.go
@ -17,6 +17,7 @@ import (
 	"github.com/apernet/hysteria/app/internal/http"
 	"github.com/apernet/hysteria/app/internal/socks5"
 	"github.com/apernet/hysteria/core/client"
+	"github.com/apernet/hysteria/extras/obfs"
 )

 var clientCmd = &cobra.Command{
@ -32,7 +33,13 @@ func init() {
 type clientConfig struct {
 	Server string `mapstructure:"server"`
 	Auth   string `mapstructure:"auth"`
-	TLS    struct {
+	Obfs   struct {
+		Type       string `mapstructure:"type"`
+		Salamander struct {
+			Password string `mapstructure:"password"`
+		} `mapstructure:"salamander"`
+	} `mapstructure:"obfs"`
+	TLS struct {
 		SNI      string `mapstructure:"sni"`
 		Insecure bool   `mapstructure:"insecure"`
 		CA       string `mapstructure:"ca"`
@ -80,6 +87,24 @@ type forwardingEntry struct {
 // Config validates the fields and returns a ready-to-use Hysteria client config
 func (c *clientConfig) Config() (*client.Config, error) {
 	hyConfig := &client.Config{}
+	// ConnFactory
+	switch strings.ToLower(c.Obfs.Type) {
+	case "", "plain":
+		// Default, do nothing
+	case "salamander":
+		ob, err := obfs.NewSalamanderObfuscator([]byte(c.Obfs.Salamander.Password))
+		if err != nil {
+			return nil, configError{Field: "obfs.salamander.password", Err: err}
+		}
+		hyConfig.ConnFactory = &obfsConnFactory{
+			NewFunc: func(addr net.Addr) (net.PacketConn, error) {
+				return net.ListenUDP("udp", nil)
+			},
+			Obfuscator: ob,
+		}
+	default:
+		return nil, configError{Field: "obfs.type", Err: errors.New("unsupported obfuscation type")}
+	}
 	// ServerAddr
 	if c.Server == "" {
 		return nil, configError{Field: "server", Err: errors.New("server address is empty")}
@ -311,6 +336,20 @@ func parseServerAddrString(addrStr string) (host, hostPort string) {
 	return h, addrStr
 }

+// obfsConnFactory adds obfuscation to a function that creates net.PacketConn.
+type obfsConnFactory struct {
+	NewFunc    func(addr net.Addr) (net.PacketConn, error)
+	Obfuscator obfs.Obfuscator
+}
+
+func (f *obfsConnFactory) New(addr net.Addr) (net.PacketConn, error) {
+	conn, err := f.NewFunc(addr)
+	if err != nil {
+		return nil, err
+	}
+	return obfs.WrapPacketConn(conn, f.Obfuscator), nil
+}
+
 type socks5Logger struct{}

 func (l *socks5Logger) TCPRequest(addr net.Addr, reqAddr string) {
--- a/app/cmd/client_test.go
+++ b/app/cmd/client_test.go
@ -22,6 +22,19 @@ func TestClientConfig(t *testing.T) {
 	if !reflect.DeepEqual(config, clientConfig{
 		Server: "example.com",
 		Auth:   "weak_ahh_password",
+		Obfs: struct {
+			Type       string `mapstructure:"type"`
+			Salamander struct {
+				Password string `mapstructure:"password"`
+			} `mapstructure:"salamander"`
+		}{
+			Type: "salamander",
+			Salamander: struct {
+				Password string `mapstructure:"password"`
+			}{
+				Password: "cry_me_a_r1ver",
+			},
+		},
 		TLS: struct {
 			SNI      string `mapstructure:"sni"`
 			Insecure bool   `mapstructure:"insecure"`
--- a/app/cmd/client_test.yaml
+++ b/app/cmd/client_test.yaml
@ -2,6 +2,11 @@ server: example.com

 auth: weak_ahh_password

+obfs:
+  type: salamander
+  salamander:
+    password: cry_me_a_r1ver
+
 tls:
  sni: another.example.com
  insecure: true
--- a/app/cmd/server.go
+++ b/app/cmd/server.go
@ -11,13 +11,14 @@ import (
 	"strings"
 	"time"

-	"github.com/apernet/hysteria/core/server"
-	"github.com/apernet/hysteria/extras/auth"
-
 	"github.com/caddyserver/certmagic"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
+
+	"github.com/apernet/hysteria/core/server"
+	"github.com/apernet/hysteria/extras/auth"
+	"github.com/apernet/hysteria/extras/obfs"
 )

 var serverCmd = &cobra.Command{
@ -31,10 +32,16 @@ func init() {
 }

 type serverConfig struct {
-	Listen string            `mapstructure:"listen"`
-	TLS    *serverConfigTLS  `mapstructure:"tls"`
-	ACME   *serverConfigACME `mapstructure:"acme"`
-	QUIC   struct {
+	Listen string `mapstructure:"listen"`
+	Obfs   struct {
+		Type       string `mapstructure:"type"`
+		Salamander struct {
+			Password string `mapstructure:"password"`
+		} `mapstructure:"salamander"`
+	} `mapstructure:"obfs"`
+	TLS  *serverConfigTLS  `mapstructure:"tls"`
+	ACME *serverConfigACME `mapstructure:"acme"`
+	QUIC struct {
 		InitStreamReceiveWindow     uint64        `mapstructure:"initStreamReceiveWindow"`
 		MaxStreamReceiveWindow      uint64        `mapstructure:"maxStreamReceiveWindow"`
 		InitConnectionReceiveWindow uint64        `mapstructure:"initConnReceiveWindow"`
@ -92,10 +99,22 @@ func (c *serverConfig) Config() (*server.Config, error) {
 	if err != nil {
 		return nil, configError{Field: "listen", Err: err}
 	}
-	hyConfig.Conn, err = net.ListenUDP("udp", uAddr)
+	conn, err := net.ListenUDP("udp", uAddr)
 	if err != nil {
 		return nil, configError{Field: "listen", Err: err}
 	}
+	switch strings.ToLower(c.Obfs.Type) {
+	case "", "plain":
+		hyConfig.Conn = conn
+	case "salamander":
+		ob, err := obfs.NewSalamanderObfuscator([]byte(c.Obfs.Salamander.Password))
+		if err != nil {
+			return nil, configError{Field: "obfs.salamander.password", Err: err}
+		}
+		hyConfig.Conn = obfs.WrapPacketConn(conn, ob)
+	default:
+		return nil, configError{Field: "obfs.type", Err: errors.New("unsupported obfuscation type")}
+	}
 	// TLSConfig
 	if c.TLS == nil && c.ACME == nil {
 		return nil, configError{Field: "tls", Err: errors.New("must set either tls or acme")}
--- a/app/cmd/server_test.go
+++ b/app/cmd/server_test.go
@ -21,6 +21,19 @@ func TestServerConfig(t *testing.T) {
 	}
 	if !reflect.DeepEqual(config, serverConfig{
 		Listen: ":8443",
+		Obfs: struct {
+			Type       string `mapstructure:"type"`
+			Salamander struct {
+				Password string `mapstructure:"password"`
+			} `mapstructure:"salamander"`
+		}{
+			Type: "salamander",
+			Salamander: struct {
+				Password string `mapstructure:"password"`
+			}{
+				Password: "cry_me_a_r1ver",
+			},
+		},
 		TLS: &serverConfigTLS{
 			Cert: "some.crt",
 			Key:  "some.key",
--- a/app/cmd/server_test.yaml
+++ b/app/cmd/server_test.yaml
@ -1,5 +1,10 @@
 listen: :8443

+obfs:
+  type: salamander
+  salamander:
+    password: cry_me_a_r1ver
+
 tls:
  cert: some.crt
  key: some.key
--- a/app/internal/http/server.go
+++ b/app/internal/http/server.go
@ -159,6 +159,7 @@ func (s *Server) handleConnect(conn net.Conn, req *http.Request) {
 	rConn, err := s.HyClient.DialTCP(reqAddr)
 	if err != nil {
 		_ = sendSimpleResponse(conn, req, http.StatusBadGateway)
+		closeErr = err
 		return
 	}
 	defer rConn.Close()
--- a/app/server.example.yaml
+++ b/app/server.example.yaml
@ -1,5 +1,10 @@
 listen: :443

+# obfs:
+#   type: salamander
+#   salamander:
+#     password: some_password
+
 # tls:
 #   cert: my.crt
 #   key: my.key