feat: Add support for hysteria2 dialer and protocol

[mnixry]

Background

ref: https://github.com/daeuniverse/outbound/pull/9

This PR is currently a draft and needs user feedback to move forward. Users interested in testing this feature are encouraged to use the GitHub Action build.

Checklist

• [ ] The Pull Request has been fully tested
• [ ] There's an entry in the CHANGELOGS
• [ ] There is a user-facing docs PR against https://github.com/daeuniverse/dae

Full Changelogs

• Implement Hysteria2 protocol support.

Issue Reference

Closes #48 Closes #450

Test Result

This feature should be tested by end user.

[douglarek]

This is a highly anticipated feature support, extremely impressive. It has passed the test on my Linux (kernel 6.9), although there seem to be some warning logs, I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

[xmapst]

This is a highly anticipated feature support, extremely impressive. It has passed the test on my Linux (kernel 6.9), although there seem to be some warning logs, I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

是的 在openwrt上运行也出现这种情况 但不影响正常使用

[mnixry]

I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

@douglarek @xmapst Thank you for your feedback. I plan to address this issue shortly, likely by Wednesday or Thursday. Should you encounter any additional problems during extended use, please don't hesitate to follow up.

During my personal usage, I've encountered a few issues:

• Subpar HTTP/3 performance is expected with UDP-over-TCP proxy methods; however, it shouldn't be the case for protocols like Hysteria2 that utilize QUIC and connection multiplexing. The source of this problem is unclear to me, and I lack the expertise to diagnose and debug it. (I'll later compare this with the official client to determine whether the issue is on our end or a more widespread problem.)

[Integral-Tech]

It works on Arch Linux, kernel 6.9.3-arch1-1.

[mzz2017]

@mnixry For the udp over tcp problem, could you please revert my patch on your local and test it again?

[douglarek]

This is a highly anticipated feature support, extremely impressive. It has passed the test on my Linux (kernel 6.9), although there seem to be some warning logs, I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

The current implementation has too high of a delay. The same server is simultaneously configured with tuic (sb implementation) and hy2 (original version). The udp4(DNS) delay results for dae, the former is between 1~4s, while tuic is around 200ms.

[mnixry]

For the udp over tcp problem, could you please revert my patch on your local and test it again?

@mzz2017 Reverting the patch did not resolve the issue for me. Further testing indicates that both the official client and the sing-box implementation exhibit similar problems, suggesting that the issue may not lie with the Hysteria2 dialer.

Here's my benchmarking method:

• Install a curl build with HTTP/3 support, such as the one available at https://github.com/stunnel/static-curl.
• Use the following command for benchmarking:

  ./curl -L4v --http3-only "https://h3.speed.cloudflare.com/__down?bytes=25000000" > /dev/null

• The following 4 benchmarks were conducted:
  1. Running on dae with the built-in Hysteria2 dialer provided in this PR. The download speed peaks at 30kB/s, then drops to 0b/s, and continues to fluctuate between 30kB/s and 0b/s.
  2. Running on dae with an external sing-box, connected via socks5 protocol. The behavior is the same as above.
  3. Running on dae with an external apernet/hysteria client, connected via socks5 protocol. The behavior is the same as above.
  4. Running on dae with an external apernet/hysteria client with bandwidth provided (i.e., enabling the brutal cc algorithm), the speed remains at 30kB/s without dropping or increasing.

Since curl does not support directly using a socks5 proxy with the HTTP/3 protocol, I am currently unable to provide examples without using dae. Additionally, testing under various network conditions is also needed.

[mzz2017]

@mnixry You can use curl -x http://YOUR_PROXY or curl -x socks5://YOUR_PROXY to achieve

[mnixry]

You can use curl -x http://YOUR_PROXY or curl -x socks5://YOUR_PROXY to achieve

@mzz2017 Sadly, this approach does not work for curl with HTTP/3 protocol.

$ ./curl -L4vx socks5://localhost:2080 --http3-only "https://h3.speed.cloudflare.com/__down?bytes=25000000" > /dev/null
* HTTP/3 is not supported over a SOCKS proxy
* Closing connection
curl: (3) HTTP/3 is not supported over a SOCKS proxy

I am also wondering if there is any networking tools like curl supports h3 over socks5 proxy.

ref: https://github.com/curl/curl/blob/267c3b31e911dc96c2445c0342bab7b827f9c0a8/lib/vquic/vquic.c#L653-L656

[mzz2017]

@mnixry What about sing-box tun inbound with auto-route?

[mnixry]

What about sing-box tun inbound with auto-route?

@mzz2017 The TUN mode in Sing-box appears to function well with HTTP/3 connections, progressively increasing speeds up to approximately 1 MB/s. Interestingly, even when using UDP-over-TCP proxy solutions, HTTP/3 downloads perform significantly faster than dae (also about 1 MB/s).

Could you reproduce these results on your end? Since this appears to be unrelated to the current pull request, we should probably open a new issue for tracking purposes.

[mnixry]

The current implementation has too high of a delay. The same server is simultaneously configured with tuic (sb implementation) and hy2 (original version). The udp4(DNS) delay results for dae, the former is between 1~4s, while tuic is around 200ms.

@douglarek Apologies for the delayed response. I'm unable to replicate the issue on my side; it might stem from network jitter or a delay due to initial protocol handshaking.

Could you try using tools such as 'dig' from BIND to assess any DNS resolution delays?

[mzz2017]

@mnixry I'll look into it as long as i'm free.

[mnixry]

I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

是的 在openwrt上运行也出现这种情况 但不影响正常使用

@douglarek @xmapst The issue has been fixed in https://github.com/daeuniverse/dae/pull/533/commits/f2d5302b336e2c93c5335c963808196087306f50. Could you check out the latest build and confirm whether the warning still persists?

[douglarek]

I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

是的 在openwrt上运行也出现这种情况 但不影响正常使用

@douglarek @xmapst The issue has been fixed in f2d5302. Could you check out the latest build and confirm whether the warning still persists?

It's indeed fixed, the warn log has disappeared. This is so awesome.

[xmapst]

I'm not sure if it matters: level=warning msg="handleConn: handleTCP relay error: deadline exceeded". However, it doesn't affect the basic proxy experience.

是的 在openwrt上运行也出现这种情况 但不影响正常使用

@douglarek @xmapst The issue has been fixed in f2d5302. Could you check out the latest build and confirm whether the warning still persists?

太棒了 确实修复了

[mzz2017]

The TUN mode in Sing-box appears to function well with HTTP/3 connections, progressively increasing speeds up to approximately 1 MB/s. Interestingly, even when using UDP-over-TCP proxy solutions, HTTP/3 downloads perform significantly faster than dae (also about 1 MB/s).

@mnixry I fixed a possibly related problem that caused download speed zeroing. The problem dies away on my local. Could you please try this PR? https://github.com/daeuniverse/dae/pull/539

[xmapst]

进展如何了? 大概什么时候合并?

[mnixry]

进展如何了? 大概什么时候合并?

@xmapst I believe there are two things blocking:

1. Wait for the merge of #539 to confirm that stateful UDP connections function properly.
2. Require more user testing. I'd like to wait ~1 week to ensure that this build operates without any additional issues.

However, members of the daeuniverse who determine if this PR will ultimately be merged may hold different opinions.

[xmapst]

进展如何了? 大概什么时候合并?

@xmapst I believe there are two things blocking:

1. Wait for the merge of fix: incidental packet drop and weird UDP state maintaining #539 to confirm that stateful UDP connections function properly.
2. Require more user testing. I'd like to wait ~1 week to ensure that this build operates without any additional issues.

However, members of the daeuniverse who determine if this PR will ultimately be merged may hold different opinions.

好的 感谢告知

[mzz2017]

@mnixry Here is my patch to fix this problem:

Could you please apply it?

0001-fix-update-submodule-outbound-to-cannot-parse-encode.patch

From bccc77902eab1a2520485e63ffd9f49e9ba6eaec Mon Sep 17 00:00:00 2001
From: mzz2017 <2017@duck.com>
Date: Sun, 16 Jun 2024 17:09:16 +0800
Subject: [PATCH] fix: update submodule outbound to cannot parse encoded auth

---
 cmd/run.go |  4 ++--
 go.mod     |  5 ++++-
 go.sum     | 14 ++++++++++++--
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/cmd/run.go b/cmd/run.go
index 633593f..23123c1 100644
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -9,6 +9,7 @@ import (
    "context"
    "errors"
    "fmt"
+   "math/rand/v2"
    "net"
    "net/http"
    "os"
@@ -21,7 +22,6 @@ import (
    "time"

    "github.com/daeuniverse/outbound/netproxy"
-   "github.com/daeuniverse/outbound/pkg/fastrand"
    "github.com/daeuniverse/outbound/protocol/direct"
    "gopkg.in/natefinch/lumberjack.v2"

@@ -60,7 +60,7 @@ func init() {
    runCmd.PersistentFlags().BoolVarP(&disableTimestamp, "disable-timestamp", "", false, "Disable timestamp.")
    runCmd.PersistentFlags().BoolVarP(&disablePidFile, "disable-pidfile", "", false, "Not generate /var/run/dae.pid.")

-   fastrand.Rand().Shuffle(len(CheckNetworkLinks), func(i, j int) {
+   rand.Shuffle(len(CheckNetworkLinks), func(i, j int) {
        CheckNetworkLinks[i], CheckNetworkLinks[j] = CheckNetworkLinks[j], CheckNetworkLinks[i]
    })
 }
diff --git a/go.mod b/go.mod
index 15975d6..7c25a8e 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
    github.com/bits-and-blooms/bloom/v3 v3.5.0
    github.com/cilium/ebpf v0.12.3
    github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d
-   github.com/daeuniverse/outbound v0.0.0-20240614055625-64f4b8c35aa6
+   github.com/daeuniverse/outbound v0.0.0-20240616090556-8df825695cc3
    github.com/fsnotify/fsnotify v1.7.0
    github.com/json-iterator/go v1.1.12
    github.com/miekg/dns v1.1.55
@@ -32,6 +32,9 @@ require (

 require (
    github.com/andybalholm/brotli v1.0.6 // indirect
+   github.com/awnumar/fastrand v0.0.0-20210315215012-30ee0990fa2d // indirect
+   github.com/awnumar/memcall v0.0.0-20190816154910-db5ea08008a3 // indirect
+   github.com/awnumar/memguard v0.19.1 // indirect
    github.com/cloudflare/circl v1.3.7 // indirect
    github.com/daeuniverse/quic-go v0.0.0-20240413031024-943f218e0810 // indirect
    github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
diff --git a/go.sum b/go.sum
index dce8ff3..46f3868 100644
--- a/go.sum
+++ b/go.sum
@@ -4,6 +4,13 @@ github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sx
 github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
+github.com/awnumar/fastrand v0.0.0-20210315215012-30ee0990fa2d h1:NkqtWyrOjr0QK1FSCmXS6Whbwh100Qt74SaRn92PemU=
+github.com/awnumar/fastrand v0.0.0-20210315215012-30ee0990fa2d/go.mod h1:TO59kqNCiDBKS0qjRYUI8qJtkFL6SkP2EKqeOQ6xg/o=
+github.com/awnumar/memcall v0.0.0-20190811121346-2affb857f00a/go.mod h1:sbEXyqNZZ3Cebk+6zOUmFNN8OuHHlugjiUmqn2tfiiM=
+github.com/awnumar/memcall v0.0.0-20190816154910-db5ea08008a3 h1:pq6ZBJsmKeTOUOgeX3Ed6Td4loLrca4xIq6lstFN7AI=
+github.com/awnumar/memcall v0.0.0-20190816154910-db5ea08008a3/go.mod h1:CszzLMKGwNr15cNA+0SuWkZLnPXGgUw+9kxRNbwUVnE=
+github.com/awnumar/memguard v0.19.1 h1:y9k2r1XKaBeLWvB3kyQPNyxD/+qxwDjeZwX+4VZXzUk=
+github.com/awnumar/memguard v0.19.1/go.mod h1:tewJ+MrJ12cFtR5gH5zNJs8A6BjBv8709binaV+1pws=
 github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
 github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/bits-and-blooms/bloom/v3 v3.5.0 h1:AKDvi1V3xJCmSR6QhcBfHbCN4Vf8FfxeWkMNQfmAGhY=
@@ -15,8 +22,8 @@ github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBS
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d h1:hnC39MjR7xt5kZjrKlef7DXKFDkiX8MIcDXYC/6Jf9Q=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d/go.mod h1:VGWGgv7pCP5WGyHGUyb9+nq/gW0yBm+i/GfCNATOJ1M=
-github.com/daeuniverse/outbound v0.0.0-20240614055625-64f4b8c35aa6 h1:EHB8QR2d+Lj7r96FjU1SVwYfirDsgFVOcTZ4mzT2c1o=
-github.com/daeuniverse/outbound v0.0.0-20240614055625-64f4b8c35aa6/go.mod h1:Fh8zTlJAsErrFBTXIH7DKVgU798WTywi23GybNSQkJo=
+github.com/daeuniverse/outbound v0.0.0-20240616090556-8df825695cc3 h1:yQiWsSV+6MRVTLiq9r1GX4Xz1O1xODoNCcgMzw8KAB4=
+github.com/daeuniverse/outbound v0.0.0-20240616090556-8df825695cc3/go.mod h1:z0vJ5ZlLErX8WTruVeOuGr+1KOhSFcaPzEhZMAYfPdA=
 github.com/daeuniverse/quic-go v0.0.0-20240413031024-943f218e0810 h1:YtEYouFaNrg9sV9vf3UabvKShKn6sD0QaCdOxCwaF3g=
 github.com/daeuniverse/quic-go v0.0.0-20240413031024-943f218e0810/go.mod h1:61o2uZUGLrlv1i+oO2rx9sVX0vbf8cHzdSHt7h6lMnM=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -163,6 +170,7 @@ gitlab.com/yawning/chacha20.git v0.0.0-20230427033715-7877545b1b37/go.mod h1:3x6
 go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
@@ -188,6 +196,8 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-- 
2.39.2