sing-box/test/ech_test.go

288 lines
7.2 KiB
Go
Raw Permalink Normal View History

2023-08-29 11:28:26 +00:00
package main
import (
"net/netip"
"testing"
"github.com/sagernet/sing-box/common/tls"
C "github.com/sagernet/sing-box/constant"
"github.com/sagernet/sing-box/option"
"github.com/sagernet/sing/common"
2024-11-07 13:44:04 +00:00
"github.com/sagernet/sing/common/json/badoption"
"github.com/gofrs/uuid/v5"
2023-08-29 11:28:26 +00:00
)
func TestECH(t *testing.T) {
_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
echConfig, echKey := common.Must2(tls.ECHKeygenDefault("not.example.org", false))
2023-08-29 11:28:26 +00:00
startInstance(t, option.Options{
2024-11-07 13:44:04 +00:00
LegacyInbounds: []option.LegacyInbound{
2023-08-29 11:28:26 +00:00
{
Type: C.TypeMixed,
Tag: "mixed-in",
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
2023-08-29 11:28:26 +00:00
ListenPort: clientPort,
},
},
},
{
Type: C.TypeTrojan,
TrojanOptions: option.TrojanInboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
2023-08-29 11:28:26 +00:00
ListenPort: serverPort,
},
Users: []option.TrojanUser{
{
Name: "sekai",
Password: "password",
},
},
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
TLS: &option.InboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
KeyPath: keyPem,
ECH: &option.InboundECHOptions{
Enabled: true,
Key: []string{echKey},
},
2023-08-29 11:28:26 +00:00
},
},
},
},
},
2024-11-01 16:39:02 +00:00
LegacyOutbounds: []option.LegacyOutbound{
2023-08-29 11:28:26 +00:00
{
Type: C.TypeDirect,
},
{
Type: C.TypeTrojan,
Tag: "trojan-out",
TrojanOptions: option.TrojanOutboundOptions{
ServerOptions: option.ServerOptions{
Server: "127.0.0.1",
ServerPort: serverPort,
},
Password: "password",
OutboundTLSOptionsContainer: option.OutboundTLSOptionsContainer{
TLS: &option.OutboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
ECH: &option.OutboundECHOptions{
Enabled: true,
Config: []string{echConfig},
},
2023-08-29 11:28:26 +00:00
},
},
},
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{
{
2024-10-21 15:38:34 +00:00
Type: C.RuleTypeDefault,
2023-08-29 11:28:26 +00:00
DefaultOptions: option.DefaultRule{
2024-10-21 15:38:34 +00:00
RawDefaultRule: option.RawDefaultRule{
Inbound: []string{"mixed-in"},
},
RuleAction: option.RuleAction{
Action: C.RuleActionTypeRoute,
RouteOptions: option.RouteActionOptions{
Outbound: "trojan-out",
},
},
2023-08-29 11:28:26 +00:00
},
},
},
},
})
testSuit(t, clientPort, testPort)
}
func TestECHQUIC(t *testing.T) {
_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
echConfig, echKey := common.Must2(tls.ECHKeygenDefault("not.example.org", false))
startInstance(t, option.Options{
2024-11-07 13:44:04 +00:00
LegacyInbounds: []option.LegacyInbound{
{
Type: C.TypeMixed,
Tag: "mixed-in",
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
ListenPort: clientPort,
},
},
},
{
Type: C.TypeTUIC,
TUICOptions: option.TUICInboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
ListenPort: serverPort,
},
Users: []option.TUICUser{{
UUID: uuid.Nil.String(),
}},
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
TLS: &option.InboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
KeyPath: keyPem,
ECH: &option.InboundECHOptions{
Enabled: true,
Key: []string{echKey},
},
},
},
},
},
},
2024-11-01 16:39:02 +00:00
LegacyOutbounds: []option.LegacyOutbound{
{
Type: C.TypeDirect,
},
{
Type: C.TypeTUIC,
Tag: "tuic-out",
TUICOptions: option.TUICOutboundOptions{
ServerOptions: option.ServerOptions{
Server: "127.0.0.1",
ServerPort: serverPort,
},
UUID: uuid.Nil.String(),
OutboundTLSOptionsContainer: option.OutboundTLSOptionsContainer{
TLS: &option.OutboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
ECH: &option.OutboundECHOptions{
Enabled: true,
Config: []string{echConfig},
},
},
},
},
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{
{
2024-10-21 15:38:34 +00:00
Type: C.RuleTypeDefault,
DefaultOptions: option.DefaultRule{
2024-10-21 15:38:34 +00:00
RawDefaultRule: option.RawDefaultRule{
Inbound: []string{"mixed-in"},
},
RuleAction: option.RuleAction{
Action: C.RuleActionTypeRoute,
RouteOptions: option.RouteActionOptions{
Outbound: "tuic-out",
},
},
},
},
},
},
})
testSuitLargeUDP(t, clientPort, testPort)
}
2023-08-31 12:07:32 +00:00
func TestECHHysteria2(t *testing.T) {
_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
echConfig, echKey := common.Must2(tls.ECHKeygenDefault("not.example.org", false))
startInstance(t, option.Options{
2024-11-07 13:44:04 +00:00
LegacyInbounds: []option.LegacyInbound{
2023-08-31 12:07:32 +00:00
{
Type: C.TypeMixed,
Tag: "mixed-in",
MixedOptions: option.HTTPMixedInboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
2023-08-31 12:07:32 +00:00
ListenPort: clientPort,
},
},
},
{
Type: C.TypeHysteria2,
Hysteria2Options: option.Hysteria2InboundOptions{
ListenOptions: option.ListenOptions{
2024-11-07 13:44:04 +00:00
Listen: common.Ptr(badoption.Addr(netip.IPv4Unspecified())),
2023-08-31 12:07:32 +00:00
ListenPort: serverPort,
},
Users: []option.Hysteria2User{{
Password: "password",
}},
InboundTLSOptionsContainer: option.InboundTLSOptionsContainer{
TLS: &option.InboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
KeyPath: keyPem,
ECH: &option.InboundECHOptions{
Enabled: true,
Key: []string{echKey},
},
2023-08-31 12:07:32 +00:00
},
},
},
},
},
2024-11-01 16:39:02 +00:00
LegacyOutbounds: []option.LegacyOutbound{
2023-08-31 12:07:32 +00:00
{
Type: C.TypeDirect,
},
{
Type: C.TypeHysteria2,
Tag: "hy2-out",
Hysteria2Options: option.Hysteria2OutboundOptions{
ServerOptions: option.ServerOptions{
Server: "127.0.0.1",
ServerPort: serverPort,
},
Password: "password",
OutboundTLSOptionsContainer: option.OutboundTLSOptionsContainer{
TLS: &option.OutboundTLSOptions{
Enabled: true,
ServerName: "example.org",
CertificatePath: certPem,
ECH: &option.OutboundECHOptions{
Enabled: true,
Config: []string{echConfig},
},
2023-08-31 12:07:32 +00:00
},
},
},
},
},
Route: &option.RouteOptions{
Rules: []option.Rule{
{
Type: C.RuleTypeDefault,
DefaultOptions: option.DefaultRule{
2024-10-21 15:38:34 +00:00
RawDefaultRule: option.RawDefaultRule{
Inbound: []string{"mixed-in"},
},
RuleAction: option.RuleAction{
Action: C.RuleActionTypeRoute,
RouteOptions: option.RouteActionOptions{
Outbound: "hy2-out",
},
},
2023-08-31 12:07:32 +00:00
},
},
},
},
})
testSuitLargeUDP(t, clientPort, testPort)
}