feat: hysteria draft

[eauxxs]

🤔 This is a ...

• New feature

🔗 Related issue link

💡 Background and solution

📝 Changelog

☑️ Self-Check before Merge

⚠️ Please check all items below before requesting a reviewing. ⚠️

• Doc is updated/provided or not needed
• Changelog is provided or not needed

[ibigbug]

you can put this under clash_lib/src/proxy/converters

[eauxxs]

ok

[eauxxs]

At present, hysteria2 can already perform tcp proxy, mainly udp proxy, brutal congestion, ports hopping has not been implemented, port hopping may be just a small problem.
In the process of implementing salamander, I encountered a very confusing problem. The obfuscation can be correctly encrypted and decrypted by both parties, and the quic connection can be established. But when sending h3 authentication, an error will occur. I don’t know if it’s a problem with the h3 library or the obfuscation algorithm itself or something else. I don’t know if you know more about quic and if you have any ideas.
@ibigbug @greenhat616 @xmh0511

[greenhat616]

I'm busy these days. while I am spare, I could take a look.

[eauxxs]

I'm busy these days. while I am spare, I could take a look.

thanks, salamander obfs have been fixed, it work now

[ibigbug]

Hey thank you guys.

I see that you've fixed the problem, is there anything left to be done for this PR?

[ibigbug]

@eauxxs the build is failed on Windows

[ibigbug]

Suggested change

	- MATCH, ss-01
	- MATCH, ss

[ibigbug]

Suggested change

	type: Hysteria2
	type: hysteria2

[ibigbug]

Suggested change

use tracing::Level;

[ibigbug]

you can do something like this to enable the level RUST_LOG=h2=trace,clash=debug

[ibigbug]

Suggested change

	Hysteria2(OutboundHysteria2),
	#[serde(rename = "hysteria2")]
	Hysteria2(OutboundHysteria2),

[ibigbug]

could you please add a short description for this struct, such as what part it plays in the protocol

[eauxxs]

https://v2.hysteria.network/docs/advanced/Port-Hopping/

[ibigbug]

Suggested change

// std::thread::sleep(std::time::Duration::from_secs(100000));

[ibigbug]

would be great if you can convert these into the standard doc comment https://doc.rust-lang.org/rust-by-example/meta/doc.html

so that we might use them in future to generate the API references

[ibigbug]

is this used any where?

[ibigbug]

is this file used at all?

[eauxxs]

The current protocol still needs to implement the congestion algorithm and udp proxy. I will fix this part of the code next week.

[captainnx]

can not wait it

[eauxxs]

can not wait it

哥们尽快吧，主要是最近比较忙，还生病了。
另外rust的quinn拥塞算法接口和go的那边还不一样，go这边有现成的，rust没有，工作还比较多。

[ibigbug]

身体要紧。
如果有什么问题可以分享出来大家一起看。

[eauxxs]

谢谢关心。目前就是拥塞算法，对照着go版本hysteria的brutal拥塞算法，它那里是计算丢包个数再进行调整发送速率，quinn接口只有丢包字节数，我问一下这个issue，目前还在看，不知道是否有更好的方法

[ibigbug]

我看有回复，如果他的说法可行，提个PR？

[ghost]

can not wait it

[eauxxs]

@eauxxs the build is failed on Windows

It looks like the problem is with borrowing-ssl, can we remove deps directory, and use boring crate directly, why it is necessary?

[ibigbug]

@eauxxs the build is failed on Windows

It looks like the problem is with borrowing-ssl, can we remove deps directory, and use boring crate directly, why it is necessary?

the forked boring added aes and this #240 removes it

[ibigbug]

@eauxxs Any blockers for this ?

[eauxxs]

@ibigbug I'm very sorry that I just saw this news now. One is the problem of my work, and the other is the congestion control algorithm of quic. The other aspects of the protocol have been implemented. . . Regarding congestion control, I can only refer to the implementation of go, but I still don't know how to implement it. If you only use bbr, you can use it directly.

[ibigbug]

No worries. Thanks for the update. I might be able to take it over when I get some time.

[eauxxs]

I'm very sorry for taking so long. It's okay, I will rebase to the latest branch first. Then try to make a usable version. I like this project very much. . . I will give you feedback in time if I encounter any problems later.

[ibigbug]

Much appreciated!

[lmmqxyx404]

6e4b2a8 这个分支的代码我在我本地 ubuntu22.04 机器上跑了下 hysteria2 代理，发现建立连接时就报错。
通过 wireshaek 抓包后发现，
Initial 连接时的 Crypto Frame 包含了 handshake 握手信息， 其中 Extension::signature_algorithms 为空，导致 client 发出的信息不正常。 分析了代码后，我发现可能是 tls_config 这个变量初始化有问题。
在我改了supported_verify_schemes 这个函数后。客户端发出的 handshake 正常，但是服务端的响应，客户端无法正常解析。
[Failed to create decryption context: Secrets are not available]

---

I ran the hysteria2 proxy on my local Ubuntu 22.04 machine using the code from branch 6e4b2a8, and encountered an error when establishing a connection.

After capturing packets, I found that during the initial connection, the Crypto frame contained handshake information, but the Extension::signature_algorithms field was empty. This caused the client to send abnormal information. After analyzing the code, I found that the issue might be with the initialization of the tls_config variable.

After modifying the supported_verify_schemes function, the handshake sent by the client became normal, but the server’s response could not be correctly parsed by the client. The error message is:

[Failed to create decryption context: Secrets are not available]

[eauxxs]

@lmmqxyx404 谢谢你的review。目前这个最新的提交只是基于最新的分支进行rebase。因为rustls，h3-quinn，quinn版本的更新，所以以前的代码也不可用了。这次pr也更新到了相关依赖的最新版本，而且有些方法重写了，但是我还没有时间来得及测试，如果你那边发现了问题，可以在这个分支上提交，一起工作。也可以另开一个分支，重用一些这个pr的代码，如果能用的到的话。

[lmmqxyx404]

@eauxxs 我倒是挺想把这个功能实现的，不过主要是我能力有限。不知道改的方向，只好做一些琐碎的工作。

如果大哥有什么好的思路，就在这一起讨论下吧，万望不吝赐教。

[lmmqxyx404]

我对于服务端的响应理解有误，原始go实现的 hysteria2 服务端响应被抓包后，也是一样会报错。这个问题还需要继续分析

[lmmqxyx404]

@eauxxs @ibigbug 我这边修改代码已经让hysteria2 协议跑起来了
总的来说只要改动两处代码。

1. supported_verify_schemes 前面已经说过了

let any = session
           .congestion_state()
           .into_any()
           .downcast::<DynController>()
           .unwrap();
       any.set_controller(Box::new(Burtal::new(0, session.clone())));

改为

match session
            .congestion_state()
            .into_any()
            .downcast::<DynController>()
        {
            Ok(any) => {
                any.set_controller(Box::new(Burtal::new(0, session.clone())));
            }
            Err(err) => {
                tracing::error!("Failed to downcast congestion controller");
            }
        }

[ibigbug]

@eauxxs 看看？

[eauxxs]

@lmmqxyx404 @ibigbug 这些都是些小问题，主要的问题是拥塞控制，还有一个问题是端口跳跃的问题。目前拥塞控制需要帮助。。

[lmmqxyx404]

@lmmqxyx404 @ibigbug 这些都是些小问题，主要的问题是拥塞控制，还有一个问题是端口跳跃的问题。目前拥塞控制需要帮助。。

具体是什么问题呢？能不能具体说说，如果容易解决，我最近有空，可以再试着去解决下。