Merge pull request #1332 from apernet/add-license

chore: add LICENSE to packages
2025-04-03 04:27:39 +03:00 · 2025-03-18 20:45:32 -07:00 · 2025-03-18 20:44:59 -07:00 · 2025-02-03 18:05:27 -08:00 · 2025-02-03 18:04:56 -08:00 · 2025-02-03 18:04:17 -08:00
27 changed files with 546 additions and 119 deletions
--- a/app/LICENSE.md
+++ b/app/LICENSE.md
@ -0,0 +1,7 @@
+Copyright 2023 Toby
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/app/cmd/root.go
+++ b/app/cmd/root.go
@ -45,7 +45,7 @@ var (
 		"CommitHash:\t%s\n"+
 		"Platform:\t%s\n"+
 		"Architecture:\t%s\n"+
-		"LibVersion:\t%s",
+		"Libraries:\tquic-go=%s",
 		appVersion, appDate, appType, appToolchain, appCommit, appPlatform, appArch, libVersion)

 	appAboutLong = fmt.Sprintf("%s\n%s\n%s\n\n%s", appLogo, appDesc, appAuthors, appVersionLong)
--- a/app/cmd/server.go
+++ b/app/cmd/server.go
@ -204,6 +204,7 @@ type serverConfigOutboundDirect struct {
 	BindIPv4   string `mapstructure:"bindIPv4"`
 	BindIPv6   string `mapstructure:"bindIPv6"`
 	BindDevice string `mapstructure:"bindDevice"`
+	FastOpen   bool   `mapstructure:"fastOpen"`
 }

 type serverConfigOutboundSOCKS5 struct {
@ -237,6 +238,7 @@ type serverConfigMasqueradeFile struct {
 type serverConfigMasqueradeProxy struct {
 	URL         string `mapstructure:"url"`
 	RewriteHost bool   `mapstructure:"rewriteHost"`
+	Insecure    bool   `mapstructure:"insecure"`
 }

 type serverConfigMasqueradeString struct {
@ -518,18 +520,18 @@ func (c *serverConfig) fillQUICConfig(hyConfig *server.Config) error {
 }

 func serverConfigOutboundDirectToOutbound(c serverConfigOutboundDirect) (outbounds.PluggableOutbound, error) {
-	var mode outbounds.DirectOutboundMode
+	opts := outbounds.DirectOutboundOptions{}
 	switch strings.ToLower(c.Mode) {
 	case "", "auto":
-		mode = outbounds.DirectOutboundModeAuto
+		opts.Mode = outbounds.DirectOutboundModeAuto
 	case "64":
-		mode = outbounds.DirectOutboundMode64
+		opts.Mode = outbounds.DirectOutboundMode64
 	case "46":
-		mode = outbounds.DirectOutboundMode46
+		opts.Mode = outbounds.DirectOutboundMode46
 	case "6":
-		mode = outbounds.DirectOutboundMode6
+		opts.Mode = outbounds.DirectOutboundMode6
 	case "4":
-		mode = outbounds.DirectOutboundMode4
+		opts.Mode = outbounds.DirectOutboundMode4
 	default:
 		return nil, configError{Field: "outbounds.direct.mode", Err: errors.New("unsupported mode")}
 	}
@ -546,12 +548,14 @@ func serverConfigOutboundDirectToOutbound(c serverConfigOutboundDirect) (outboun
 		if len(c.BindIPv6) > 0 && ip6 == nil {
 			return nil, configError{Field: "outbounds.direct.bindIPv6", Err: errors.New("invalid IPv6 address")}
 		}
-		return outbounds.NewDirectOutboundBindToIPs(mode, ip4, ip6)
+		opts.BindIP4 = ip4
+		opts.BindIP6 = ip6
 	}
 	if bindDevice {
-		return outbounds.NewDirectOutboundBindToDevice(mode, c.BindDevice)
+		opts.DeviceName = c.BindDevice
 	}
-	return outbounds.NewDirectOutboundSimple(mode), nil
+	opts.FastOpen = c.FastOpen
+	return outbounds.NewDirectOutboundWithOptions(opts)
 }

 func serverConfigOutboundSOCKS5ToOutbound(c serverConfigOutboundSOCKS5) (outbounds.PluggableOutbound, error) {
@ -751,7 +755,7 @@ func (c *serverConfig) fillAuthenticator(hyConfig *server.Config) error {
 		if len(c.Auth.UserPass) == 0 {
 			return configError{Field: "auth.userpass", Err: errors.New("empty auth userpass")}
 		}
-		hyConfig.Authenticator = &auth.UserPassAuthenticator{Users: c.Auth.UserPass}
+		hyConfig.Authenticator = auth.NewUserPassAuthenticator(c.Auth.UserPass)
 		return nil
 	case "http", "https":
 		if c.Auth.HTTP.URL == "" {
@ -807,6 +811,25 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 		if u.Scheme != "http" && u.Scheme != "https" {
 			return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)}
 		}
+		transport := http.DefaultTransport
+		if c.Masquerade.Proxy.Insecure {
+			transport = &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+				// use default configs from http.DefaultTransport
+				Proxy: http.ProxyFromEnvironment,
+				DialContext: (&net.Dialer{
+					Timeout:   30 * time.Second,
+					KeepAlive: 30 * time.Second,
+				}).DialContext,
+				ForceAttemptHTTP2:     true,
+				MaxIdleConns:          100,
+				IdleConnTimeout:       90 * time.Second,
+				TLSHandshakeTimeout:   10 * time.Second,
+				ExpectContinueTimeout: 1 * time.Second,
+			}
+		}
 		handler = &httputil.ReverseProxy{
 			Rewrite: func(r *httputil.ProxyRequest) {
 				r.SetURL(u)
@ -816,6 +839,7 @@ func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
 					r.Out.Host = r.In.Host
 				}
 			},
+			Transport: transport,
 			ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
 				logger.Error("HTTP reverse proxy error", zap.Error(err))
 				w.WriteHeader(http.StatusBadGateway)
--- a/app/cmd/server_test.go
+++ b/app/cmd/server_test.go
@ -138,6 +138,7 @@ func TestServerConfig(t *testing.T) {
 					BindIPv4:   "2.4.6.8",
 					BindIPv6:   "0:0:0:0:0:ffff:0204:0608",
 					BindDevice: "eth233",
+					FastOpen:   true,
 				},
 			},
 			{
@ -170,6 +171,7 @@ func TestServerConfig(t *testing.T) {
 			Proxy: serverConfigMasqueradeProxy{
 				URL:         "https://some.site.net",
 				RewriteHost: true,
+				Insecure:    true,
 			},
 			String: serverConfigMasqueradeString{
 				Content: "aint nothin here",
--- a/app/cmd/server_test.yaml
+++ b/app/cmd/server_test.yaml
@ -108,6 +108,7 @@ outbounds:
      bindIPv4: 2.4.6.8
      bindIPv6: 0:0:0:0:0:ffff:0204:0608
      bindDevice: eth233
+      fastOpen: true
  - name: badstuff
    type: socks5
    socks5:
@ -131,6 +132,7 @@ masquerade:
  proxy:
    url: https://some.site.net
    rewriteHost: true
+    insecure: true
  string:
    content: aint nothin here
    headers:
--- a/app/go.mod
+++ b/app/go.mod
@ -25,14 +25,16 @@ require (
 	github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301
 	go.uber.org/zap v1.24.0
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
-	golang.org/x/sys v0.23.0
+	golang.org/x/sys v0.25.0
 )

 require (
 	github.com/andybalholm/brotli v1.1.0 // indirect
-	github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7 // indirect
+	github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 // indirect
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 // indirect
 	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a // indirect
+	github.com/database64128/tfo-go/v2 v2.2.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
@ -69,16 +71,16 @@ require (
 	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
 	github.com/vultr/govultr/v3 v3.6.4 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/mock v0.4.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
 	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
 	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/oauth2 v0.20.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/app/go.sum
+++ b/app/go.sum
@ -42,8 +42,8 @@ github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f h1:uVh0qpEslrWjgzx9vOcyCqsOY3c9kofDZ1n+qaw35ZY=
 github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f/go.mod h1:xkkq9D4ygcldQQhKS/w9CadiCKwCngU7K9E3DaKahpM=
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7 h1:zO38yBOvQ1dLHbSuaU5BFZ8zalnSDQslj+i/9AGOk9s=
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7/go.mod h1:LoSUY2chVqNQCDyi4IZGqPpXLy1FuCkE37PKwtJvNGg=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 h1:oc6//C91pY9gGOBioHeyJrmmpKv/nS8fvTeDpKNPLnI=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0/go.mod h1:/mMPNt1MHqduzaVB2qFHnJwam3BR5r5b35GvYouJs/o=
 github.com/apernet/sing-tun v0.2.6-0.20240323130332-b9f6511036ad h1:QzQ2sKpc9o42HNRR8ukM5uMC/RzR2HgZd/Nvaqol2C0=
 github.com/apernet/sing-tun v0.2.6-0.20240323130332-b9f6511036ad/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@ -63,6 +63,10 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a h1:t4SDi0pmNkryzKdM4QF3o5vqSP4GRjeZD/6j3nyxNP0=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a/go.mod h1:7K2NQKbabB5mBl41vF6YayYl5g7YpDwc4dQ5iMpP3Lg=
+github.com/database64128/tfo-go/v2 v2.2.2 h1:BxynF4qGF5ct3DpPLEG62uyJZ3LQhqaf0Ken+kyy7PM=
+github.com/database64128/tfo-go/v2 v2.2.2/go.mod h1:2IW8jppdBwdVMjA08uEyMNnqiAHKUlqAA+J8NrsfktY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -296,8 +300,8 @@ go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
-go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
@ -354,8 +358,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -463,8 +467,8 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -534,8 +538,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/app/internal/tun/check_ipv6_others.go
+++ b/app/internal/tun/check_ipv6_others.go
@ -0,0 +1,14 @@
+//go:build !unix && !windows
+
+package tun
+
+import "net"
+
+func isIPv6Supported() bool {
+	lis, err := net.ListenPacket("udp6", "[::1]:0")
+	if err != nil {
+		return false
+	}
+	_ = lis.Close()
+	return true
+}
--- a/app/internal/tun/check_ipv6_unix.go
+++ b/app/internal/tun/check_ipv6_unix.go
@ -0,0 +1,16 @@
+//go:build unix
+
+package tun
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+func isIPv6Supported() bool {
+	sock, err := unix.Socket(unix.AF_INET6, unix.SOCK_DGRAM, unix.IPPROTO_UDP)
+	if err != nil {
+		return false
+	}
+	_ = unix.Close(sock)
+	return true
+}
--- a/app/internal/tun/check_ipv6_windows.go
+++ b/app/internal/tun/check_ipv6_windows.go
@ -0,0 +1,24 @@
+//go:build windows
+
+package tun
+
+import (
+	"golang.org/x/sys/windows"
+)
+
+func isIPv6Supported() bool {
+	var wsaData windows.WSAData
+	err := windows.WSAStartup(uint32(0x202), &wsaData)
+	if err != nil {
+		// Failing silently: it is not our duty to report such errors
+		return true
+	}
+	defer windows.WSACleanup()
+
+	sock, err := windows.Socket(windows.AF_INET6, windows.SOCK_DGRAM, windows.IPPROTO_UDP)
+	if err != nil {
+		return false
+	}
+	_ = windows.Closesocket(sock)
+	return true
+}
--- a/app/internal/tun/server.go
+++ b/app/internal/tun/server.go
@ -49,6 +49,10 @@ type EventLogger interface {
 }

 func (s *Server) Serve() error {
+	if !isIPv6Supported() {
+		s.Logger.Warn("tun-pre-check", zap.String("msg", "IPv6 is not supported or enabled on this system, TUN device is created without IPv6 support."))
+		s.Inet6Address = nil
+	}
 	tunOpts := tun.Options{
 		Name:                     s.IfName,
 		Inet4Address:             s.Inet4Address,
--- a/core/LICENSE.md
+++ b/core/LICENSE.md
@ -0,0 +1,7 @@
+Copyright 2023 Toby
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/core/go.mod
+++ b/core/go.mod
@ -5,7 +5,7 @@ go 1.22
 toolchain go1.23.2

 require (
-	github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7
+	github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/goleak v1.2.1
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
@ -23,13 +23,14 @@ require (
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	go.uber.org/mock v0.4.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
 	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
 	golang.org/x/net v0.28.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
--- a/core/go.sum
+++ b/core/go.sum
@ -1,5 +1,5 @@
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7 h1:zO38yBOvQ1dLHbSuaU5BFZ8zalnSDQslj+i/9AGOk9s=
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7/go.mod h1:LoSUY2chVqNQCDyi4IZGqPpXLy1FuCkE37PKwtJvNGg=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 h1:oc6//C91pY9gGOBioHeyJrmmpKv/nS8fvTeDpKNPLnI=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0/go.mod h1:/mMPNt1MHqduzaVB2qFHnJwam3BR5r5b35GvYouJs/o=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@ -45,27 +45,27 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
-go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
--- a/extras/LICENSE.md
+++ b/extras/LICENSE.md
@ -0,0 +1,7 @@
+Copyright 2023 Toby
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/extras/auth/userpass.go
+++ b/extras/auth/userpass.go
@ -16,7 +16,17 @@ var _ server.Authenticator = &UserPassAuthenticator{}
 // UserPassAuthenticator checks the provided auth string against a map of username/password pairs.
 // The format of the auth string must be "username:password".
 type UserPassAuthenticator struct {
-	Users map[string]string
+	users map[string]string
+}
+
+func NewUserPassAuthenticator(users map[string]string) *UserPassAuthenticator {
+	// Usernames are case-insensitive, as they are already lowercased by viper.
+	// Lowercase it again on our own to make it explicit.
+	lcUsers := make(map[string]string, len(users))
+	for user, pass := range users {
+		lcUsers[strings.ToLower(user)] = pass
+	}
+	return &UserPassAuthenticator{users: lcUsers}
 }

 func (a *UserPassAuthenticator) Authenticate(addr net.Addr, auth string, tx uint64) (ok bool, id string) {
@ -24,7 +34,7 @@ func (a *UserPassAuthenticator) Authenticate(addr net.Addr, auth string, tx uint
 	if !ok {
 		return false, ""
 	}
-	rp, ok := a.Users[u]
+	rp, ok := a.users[u]
 	if !ok || rp != p {
 		return false, ""
 	}
@ -36,5 +46,6 @@ func splitUserPass(auth string) (user, pass string, ok bool) {
 	if len(rs) != 2 {
 		return "", "", false
 	}
-	return rs[0], rs[1], true
+	// Usernames are case-insensitive
+	return strings.ToLower(rs[0]), rs[1], true
 }
--- a/extras/auth/userpass_test.go
+++ b/extras/auth/userpass_test.go
@ -85,12 +85,26 @@ func TestUserPassAuthenticator(t *testing.T) {
 			wantOk: false,
 			wantId: "",
 		},
+		{
+			name: "case insensitive username",
+			fields: fields{
+				Users: map[string]string{
+					"gawR":   "gura",
+					"fubuki": "shirakami",
+				},
+			},
+			args: args{
+				addr: nil,
+				auth: "Gawr:gura",
+				tx:   0,
+			},
+			wantOk: true,
+			wantId: "gawr",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a := &UserPassAuthenticator{
-				Users: tt.fields.Users,
-			}
+			a := NewUserPassAuthenticator(tt.fields.Users)
 			gotOk, gotId := a.Authenticate(tt.args.addr, tt.args.auth, tt.args.tx)
 			if gotOk != tt.wantOk {
 				t.Errorf("Authenticate() gotOk = %v, want %v", gotOk, tt.wantOk)
--- a/extras/go.mod
+++ b/extras/go.mod
@ -6,8 +6,9 @@ toolchain go1.23.2

 require (
 	github.com/apernet/hysteria/core/v2 v2.0.0-00010101000000-000000000000
-	github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7
+	github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
+	github.com/database64128/tfo-go/v2 v2.2.2
 	github.com/hashicorp/golang-lru/v2 v2.0.5
 	github.com/miekg/dns v1.1.59
 	github.com/refraction-networking/utls v1.6.6
@ -21,6 +22,7 @@ require (
 require (
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
@ -32,13 +34,13 @@ require (
 	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect
-	go.uber.org/mock v0.4.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/tools v0.22.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

--- a/extras/go.sum
+++ b/extras/go.sum
@ -1,7 +1,7 @@
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7 h1:zO38yBOvQ1dLHbSuaU5BFZ8zalnSDQslj+i/9AGOk9s=
-github.com/apernet/quic-go v0.48.2-0.20241104191913-cb103fcecfe7/go.mod h1:LoSUY2chVqNQCDyi4IZGqPpXLy1FuCkE37PKwtJvNGg=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 h1:oc6//C91pY9gGOBioHeyJrmmpKv/nS8fvTeDpKNPLnI=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0/go.mod h1:/mMPNt1MHqduzaVB2qFHnJwam3BR5r5b35GvYouJs/o=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@ -10,6 +10,10 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
 github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
 github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a h1:t4SDi0pmNkryzKdM4QF3o5vqSP4GRjeZD/6j3nyxNP0=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a/go.mod h1:7K2NQKbabB5mBl41vF6YayYl5g7YpDwc4dQ5iMpP3Lg=
+github.com/database64128/tfo-go/v2 v2.2.2 h1:BxynF4qGF5ct3DpPLEG62uyJZ3LQhqaf0Ken+kyy7PM=
+github.com/database64128/tfo-go/v2 v2.2.2/go.mod h1:2IW8jppdBwdVMjA08uEyMNnqiAHKUlqAA+J8NrsfktY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -62,8 +66,8 @@ github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
-go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
@ -72,8 +76,8 @@ golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJ
 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@ -92,8 +96,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
@ -109,8 +113,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
--- a/extras/outbounds/fastopen.go
+++ b/extras/outbounds/fastopen.go
@ -0,0 +1,229 @@
+package outbounds
+
+import (
+	"net"
+	"sync"
+	"time"
+
+	"github.com/database64128/tfo-go/v2"
+)
+
+type fastOpenDialer struct {
+	dialer *tfo.Dialer
+}
+
+func newFastOpenDialer(netDialer *net.Dialer) *fastOpenDialer {
+	return &fastOpenDialer{
+		dialer: &tfo.Dialer{
+			Dialer: *netDialer,
+		},
+	}
+}
+
+// Dial returns immediately without actually establishing a connection.
+// The connection will be established by the first Write() call.
+func (d *fastOpenDialer) Dial(network, address string) (net.Conn, error) {
+	return &fastOpenConn{
+		dialer:    d.dialer,
+		network:   network,
+		address:   address,
+		readyChan: make(chan struct{}),
+	}, nil
+}
+
+type fastOpenConn struct {
+	dialer  *tfo.Dialer
+	network string
+	address string
+
+	conn      net.Conn
+	connLock  sync.RWMutex
+	readyChan chan struct{}
+
+	// States before connection ready
+	deadline      *time.Time
+	readDeadline  *time.Time
+	writeDeadline *time.Time
+}
+
+func (c *fastOpenConn) Read(b []byte) (n int, err error) {
+	c.connLock.RLock()
+	conn := c.conn
+	c.connLock.RUnlock()
+
+	if conn != nil {
+		return conn.Read(b)
+	}
+
+	// Wait until the connection is ready or closed
+	<-c.readyChan
+
+	if c.conn == nil {
+		// This is equivalent to isClosedBeforeReady() == true
+		return 0, net.ErrClosed
+	}
+
+	return c.conn.Read(b)
+}
+
+func (c *fastOpenConn) Write(b []byte) (n int, err error) {
+	c.connLock.RLock()
+	conn := c.conn
+	c.connLock.RUnlock()
+
+	if conn != nil {
+		return conn.Write(b)
+	}
+
+	c.connLock.RLock()
+	closed := c.isClosedBeforeReady()
+	c.connLock.RUnlock()
+
+	if closed {
+		return 0, net.ErrClosed
+	}
+
+	c.connLock.Lock()
+	defer c.connLock.Unlock()
+
+	if c.isClosedBeforeReady() {
+		// Closed by other goroutine
+		return 0, net.ErrClosed
+	}
+
+	conn = c.conn
+	if conn != nil {
+		// Established by other goroutine
+		return conn.Write(b)
+	}
+
+	conn, err = c.dialer.Dial(c.network, c.address, b)
+	if err != nil {
+		close(c.readyChan)
+		return 0, err
+	}
+
+	// Apply pre-set states
+	if c.deadline != nil {
+		_ = conn.SetDeadline(*c.deadline)
+	}
+	if c.readDeadline != nil {
+		_ = conn.SetReadDeadline(*c.readDeadline)
+	}
+	if c.writeDeadline != nil {
+		_ = conn.SetWriteDeadline(*c.writeDeadline)
+	}
+
+	c.conn = conn
+	close(c.readyChan)
+	return len(b), nil
+}
+
+func (c *fastOpenConn) Close() error {
+	c.connLock.RLock()
+	defer c.connLock.RUnlock()
+
+	if c.isClosedBeforeReady() {
+		return net.ErrClosed
+	}
+
+	if c.conn != nil {
+		return c.conn.Close()
+	}
+
+	close(c.readyChan)
+	return nil
+}
+
+// isClosedBeforeReady returns true if the connection is closed before the real connection is established.
+// This function should be called with connLock.RLock().
+func (c *fastOpenConn) isClosedBeforeReady() bool {
+	select {
+	case <-c.readyChan:
+		if c.conn == nil {
+			return true
+		}
+	default:
+	}
+	return false
+}
+
+func (c *fastOpenConn) LocalAddr() net.Addr {
+	c.connLock.RLock()
+	defer c.connLock.RUnlock()
+
+	if c.conn != nil {
+		return c.conn.LocalAddr()
+	}
+
+	return nil
+}
+
+func (c *fastOpenConn) RemoteAddr() net.Addr {
+	c.connLock.RLock()
+	conn := c.conn
+	c.connLock.RUnlock()
+
+	if conn != nil {
+		return conn.RemoteAddr()
+	}
+
+	addr, err := net.ResolveTCPAddr(c.network, c.address)
+	if err != nil {
+		return nil
+	}
+	return addr
+}
+
+func (c *fastOpenConn) SetDeadline(t time.Time) error {
+	c.connLock.RLock()
+	defer c.connLock.RUnlock()
+
+	c.deadline = &t
+
+	if c.conn != nil {
+		return c.conn.SetDeadline(t)
+	}
+
+	if c.isClosedBeforeReady() {
+		return net.ErrClosed
+	}
+
+	return nil
+}
+
+func (c *fastOpenConn) SetReadDeadline(t time.Time) error {
+	c.connLock.RLock()
+	defer c.connLock.RUnlock()
+
+	c.readDeadline = &t
+
+	if c.conn != nil {
+		return c.conn.SetReadDeadline(t)
+	}
+
+	if c.isClosedBeforeReady() {
+		return net.ErrClosed
+	}
+
+	return nil
+}
+
+func (c *fastOpenConn) SetWriteDeadline(t time.Time) error {
+	c.connLock.RLock()
+	defer c.connLock.RUnlock()
+
+	c.writeDeadline = &t
+
+	if c.conn != nil {
+		return c.conn.SetWriteDeadline(t)
+	}
+
+	if c.isClosedBeforeReady() {
+		return net.ErrClosed
+	}
+
+	return nil
+}
+
+var _ net.Conn = (*fastOpenConn)(nil)
--- a/extras/outbounds/ob_direct.go
+++ b/extras/outbounds/ob_direct.go
@ -35,8 +35,8 @@ type directOutbound struct {
 	Mode DirectOutboundMode

 	// Dialer4 and Dialer6 are used for IPv4 and IPv6 TCP connections respectively.
-	Dialer4 *net.Dialer
-	Dialer6 *net.Dialer
+	DialFunc4 func(network, address string) (net.Conn, error)
+	DialFunc6 func(network, address string) (net.Conn, error)

 	// DeviceName & BindIPs are for UDP connections. They don't use dialers, so we
 	// need to bind them when creating the connection.
@ -45,6 +45,16 @@ type directOutbound struct {
 	BindIP6    net.IP
 }

+type DirectOutboundOptions struct {
+	Mode DirectOutboundMode
+
+	DeviceName string
+	BindIP4    net.IP
+	BindIP6    net.IP
+
+	FastOpen bool
+}
+
 type noAddressError struct {
 	IPv4 bool
 	IPv6 bool
@ -84,6 +94,57 @@ func (e resolveError) Unwrap() error {
 	return e.Err
 }

+func NewDirectOutboundWithOptions(opts DirectOutboundOptions) (PluggableOutbound, error) {
+	dialer4 := &net.Dialer{
+		Timeout: defaultDialerTimeout,
+	}
+	if opts.BindIP4 != nil {
+		if opts.BindIP4.To4() == nil {
+			return nil, errors.New("BindIP4 must be an IPv4 address")
+		}
+		dialer4.LocalAddr = &net.TCPAddr{
+			IP: opts.BindIP4,
+		}
+	}
+	dialer6 := &net.Dialer{
+		Timeout: defaultDialerTimeout,
+	}
+	if opts.BindIP6 != nil {
+		if opts.BindIP6.To4() != nil {
+			return nil, errors.New("BindIP6 must be an IPv6 address")
+		}
+		dialer6.LocalAddr = &net.TCPAddr{
+			IP: opts.BindIP6,
+		}
+	}
+	if opts.DeviceName != "" {
+		err := dialerBindToDevice(dialer4, opts.DeviceName)
+		if err != nil {
+			return nil, err
+		}
+		err = dialerBindToDevice(dialer6, opts.DeviceName)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	dialFunc4 := dialer4.Dial
+	dialFunc6 := dialer6.Dial
+	if opts.FastOpen {
+		dialFunc4 = newFastOpenDialer(dialer4).Dial
+		dialFunc6 = newFastOpenDialer(dialer6).Dial
+	}
+
+	return &directOutbound{
+		Mode:       opts.Mode,
+		DialFunc4:  dialFunc4,
+		DialFunc6:  dialFunc6,
+		DeviceName: opts.DeviceName,
+		BindIP4:    opts.BindIP4,
+		BindIP6:    opts.BindIP6,
+	}, nil
+}
+
 // NewDirectOutboundSimple creates a new directOutbound with the given mode,
 // without binding to a specific device. Works on all platforms.
 func NewDirectOutboundSimple(mode DirectOutboundMode) PluggableOutbound {
@ -91,9 +152,9 @@ func NewDirectOutboundSimple(mode DirectOutboundMode) PluggableOutbound {
 		Timeout: defaultDialerTimeout,
 	}
 	return &directOutbound{
-		Mode:    mode,
-		Dialer4: d,
-		Dialer6: d,
+		Mode:      mode,
+		DialFunc4: d.Dial,
+		DialFunc6: d.Dial,
 	}
 }

@ -102,34 +163,20 @@ func NewDirectOutboundSimple(mode DirectOutboundMode) PluggableOutbound {
 // can be nil, in which case the directOutbound will not bind to a specific address
 // for that family.
 func NewDirectOutboundBindToIPs(mode DirectOutboundMode, bindIP4, bindIP6 net.IP) (PluggableOutbound, error) {
-	if bindIP4 != nil && bindIP4.To4() == nil {
-		return nil, errors.New("bindIP4 must be an IPv4 address")
-	}
-	if bindIP6 != nil && bindIP6.To4() != nil {
-		return nil, errors.New("bindIP6 must be an IPv6 address")
-	}
-	ob := &directOutbound{
-		Mode: mode,
-		Dialer4: &net.Dialer{
-			Timeout: defaultDialerTimeout,
-		},
-		Dialer6: &net.Dialer{
-			Timeout: defaultDialerTimeout,
-		},
+	return NewDirectOutboundWithOptions(DirectOutboundOptions{
+		Mode:    mode,
 		BindIP4: bindIP4,
 		BindIP6: bindIP6,
-	}
-	if bindIP4 != nil {
-		ob.Dialer4.LocalAddr = &net.TCPAddr{
-			IP: bindIP4,
-		}
-	}
-	if bindIP6 != nil {
-		ob.Dialer6.LocalAddr = &net.TCPAddr{
-			IP: bindIP6,
-		}
-	}
-	return ob, nil
+	})
+}
+
+// NewDirectOutboundBindToDevice creates a new directOutbound with the given mode,
+// and binds to the given device. Only works on Linux.
+func NewDirectOutboundBindToDevice(mode DirectOutboundMode, deviceName string) (PluggableOutbound, error) {
+	return NewDirectOutboundWithOptions(DirectOutboundOptions{
+		Mode:       mode,
+		DeviceName: deviceName,
+	})
 }

 // resolve is our built-in DNS resolver for handling the case when
@ -201,9 +248,9 @@ func (d *directOutbound) TCP(reqAddr *AddrEx) (net.Conn, error) {

 func (d *directOutbound) dialTCP(ip net.IP, port uint16) (net.Conn, error) {
 	if ip.To4() != nil {
-		return d.Dialer4.Dial("tcp4", net.JoinHostPort(ip.String(), strconv.Itoa(int(port))))
+		return d.DialFunc4("tcp4", net.JoinHostPort(ip.String(), strconv.Itoa(int(port))))
 	} else {
-		return d.Dialer6.Dial("tcp6", net.JoinHostPort(ip.String(), strconv.Itoa(int(port))))
+		return d.DialFunc6("tcp6", net.JoinHostPort(ip.String(), strconv.Itoa(int(port))))
 	}
 }

--- a/extras/outbounds/ob_direct_linux.go
+++ b/extras/outbounds/ob_direct_linux.go
@ -6,31 +6,31 @@ import (
 	"syscall"
 )

-// NewDirectOutboundBindToDevice creates a new directOutbound with the given mode,
-// and binds to the given device. Only works on Linux.
-func NewDirectOutboundBindToDevice(mode DirectOutboundMode, deviceName string) (PluggableOutbound, error) {
+func dialerBindToDevice(dialer *net.Dialer, deviceName string) error {
 	if err := verifyDeviceName(deviceName); err != nil {
-		return nil, err
+		return err
 	}
-	d := &net.Dialer{
-		Timeout: defaultDialerTimeout,
-		Control: func(network, address string, c syscall.RawConn) error {
-			var errBind error
-			err := c.Control(func(fd uintptr) {
-				errBind = syscall.BindToDevice(int(fd), deviceName)
-			})
+
+	originControl := dialer.Control
+	dialer.Control = func(network, address string, c syscall.RawConn) error {
+		if originControl != nil {
+			// Chaining other control function
+			err := originControl(network, address, c)
 			if err != nil {
 				return err
 			}
-			return errBind
-		},
+		}
+
+		var errBind error
+		err := c.Control(func(fd uintptr) {
+			errBind = syscall.BindToDevice(int(fd), deviceName)
+		})
+		if err != nil {
+			return err
+		}
+		return errBind
 	}
-	return &directOutbound{
-		Mode:       mode,
-		Dialer4:    d,
-		Dialer6:    d,
-		DeviceName: deviceName,
-	}, nil
+	return nil
 }

 func verifyDeviceName(deviceName string) error {
--- a/extras/outbounds/ob_direct_others.go
+++ b/extras/outbounds/ob_direct_others.go
@ -7,11 +7,8 @@ import (
 	"net"
 )

-// NewDirectOutboundBindToDevice creates a new directOutbound with the given mode,
-// and binds to the given device. This doesn't work on non-Linux platforms, so this
-// is just a stub function that always returns an error.
-func NewDirectOutboundBindToDevice(mode DirectOutboundMode, deviceName string) (PluggableOutbound, error) {
-	return nil, errors.New("binding to device is not supported on this platform")
+func dialerBindToDevice(dialer *net.Dialer, deviceName string) error {
+	return errors.New("binding to device is not supported on this platform")
 }

 func udpConnBindToDevice(conn *net.UDPConn, deviceName string) error {
--- a/go.work.sum
+++ b/go.work.sum
@ -312,6 +312,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
+golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457 h1:zf5N6UOrA487eEFacMePxjXAJctxKmyjKUsjA11Uzuk=
+golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
--- a/hyperbole.py
+++ b/hyperbole.py
@ -74,6 +74,9 @@ ARCH_ALIASES = {
        "GOARCH": "amd64",
        "GOAMD64": "v3",
    },
+    "loong64": {
+        "GOARCH": "loong64",
+    },
 }


--- a/platforms.txt
+++ b/platforms.txt
@ -22,6 +22,7 @@ linux/s390x
 linux/mipsle
 linux/mipsle-sf
 linux/riscv64
+linux/loong64

 # Android
 android/386
--- a/scripts/install_server.sh
+++ b/scripts/install_server.sh
@ -436,6 +436,9 @@ check_environment_architecture() {
    's390x')
      ARCHITECTURE='s390x'
      ;;
+    'loongarch64')
+      ARCHITECTURE='loong64'
+      ;;
    *)
      error "The architecture '$(uname -a)' is not supported."
      note "Specify ARCHITECTURE=<architecture> to bypass this check and force this script to run on this $(uname -m)."
Author	SHA1	Message	Date
Toby	245c6e9bd1	Merge pull request #1332 from apernet/add-license chore: add LICENSE to packages	2025-03-18 20:45:32 -07:00
Toby	ffab01730a	chore: add LICENSE to packages	2025-03-18 20:44:59 -07:00
Toby	401ed5245d	Merge pull request #1306 from apernet/wip-userpass-ignore-case Make username of userpass case insensitive	2025-02-03 18:05:27 -08:00
Toby	9466bc4e2f	Merge pull request #1307 from apernet/bump-quic feat: quic-go v0.49.0	2025-02-03 18:04:56 -08:00
Toby	e11ad2b93b	feat: quic-go v0.49.0	2025-02-03 18:04:17 -08:00
Haruue	7652ddcd99	chore: unexport UserPassAuthenticator.Users	2025-02-03 12:39:52 +09:00
Haruue	e1df8aa4e2	chore: make username of userpass case insensitive close: #1297 Just a workaround for "uppercase usernames do not work". Usernames in different cases (like "Gawr" and "gawR") will now conflict.	2025-02-03 12:34:01 +09:00
Toby	8c05217590	Merge pull request #1293 from zyppe/master Add support for loongarch64	2025-01-12 19:57:53 -08:00
Haruue	d86aa0b4e2	chore(scripts): detect arch for loong64	2025-01-08 14:57:02 +09:00
Haruue	537e8144ea	ci: add linux/loong64 to platforms.txt	2025-01-08 14:56:15 +09:00
zyppe	817d6c9a2d	Add support for loongarch64 Test on Loongson 3A5000	2025-01-04 22:45:11 +08:00
Toby	5520bcc405	Merge pull request #1287 from apernet/fix-tun-ipv6-disable fix: tun failed on linux when ipv6.disable=1	2025-01-03 20:50:10 -08:00
Toby	9e90d7d155	Merge pull request #1288 from apernet/wip-masq-insecure-upstream feat: allow skip cert verify in masquerade.proxy	2024-12-29 11:25:38 -08:00
Toby	8aa80c233e	fix: rename insecureSkipVerify to insecure for consistency	2024-12-29 11:25:08 -08:00
Haruue	2bdaf7b46a	feat: allow skip cert verify in masquerade.proxy close: #1278 masquerade.proxy.insecureSkipVerify	2024-12-29 13:58:12 +09:00
Haruue	53a4ce2598	fix: tun failed on linux when ipv6.disable=1 close: #1285	2024-12-29 13:33:32 +09:00
Toby	cd396eea60	Merge pull request #1272 from apernet/wip-rename-libversion chore(version): rename LibVersion to Libraries	2024-12-12 18:40:49 -08:00
Haruue	400fed3bd6	chore(version): rename LibVersion to Libraries close: #1271 A key that also contains "Version" broke the version parsing of some third-party clients.	2024-12-11 18:08:54 +09:00
Toby	6655d2a78d	Merge pull request #1258 from apernet/wip-server-fastopen feat(server): tcp fast open on direct outbounds	2024-12-10 23:03:52 -08:00
Toby	5e11ea18fb	chore: update core/go.mod	2024-12-10 22:42:25 -08:00
Haruue	d8c61c59d7	chore: disable fallback mode of tfo dialer tfo-go caches the "unsupported" status when fallback mode is enabled. In other words, if the hysteria server is started with net.ipv4.tcp_fastopen=0 and it fails once, the tfo will not be enabled until it is restarted, even if the user later sets sysctl net.ipv4.tcp_fastopen=3.	2024-11-23 22:31:14 +09:00
Haruue	16c964b3e1	feat(server): tcp fast open on direct outbounds	2024-11-23 21:37:18 +09:00