Spaces:

tester1hf
/

hv

Paused

App Files Files Community

tester1hf commited on Feb 19, 2025

Commit

7259a41

verified ·

1 Parent(s): fae9803

Upload 256 files

Browse files

This view is limited to 50 files because it contains too many changes. See raw diff

Files changed (50) hide show

.gitattributes +2 -0
.github/FUNDING.yml +1 -0
.github/ISSUE_TEMPLATE/bug_report.md +26 -0
.github/ISSUE_TEMPLATE/bug_report.zh.md +26 -0
.github/ISSUE_TEMPLATE/feature_request.md +20 -0
.github/ISSUE_TEMPLATE/feature_request.zh.md +20 -0
.github/dependabot.yml +10 -0
.github/workflows/autotag.yaml +104 -0
.github/workflows/docker.yml +44 -0
.github/workflows/master.yml +52 -0
.github/workflows/release.yml +71 -0
.github/workflows/scripts.yml +29 -0
.gitignore +470 -0
CHANGELOG.md +3 -0
Dockerfile +39 -0
LICENSE.md +7 -0
PROTOCOL.md +153 -0
app/cmd/client.go +1031 -0
app/cmd/client_test.go +204 -0
app/cmd/client_test.yaml +85 -0
app/cmd/errors.go +18 -0
app/cmd/ping.go +63 -0
app/cmd/root.go +176 -0
app/cmd/server.go +1051 -0
app/cmd/server_test.go +189 -0
app/cmd/server_test.yaml +144 -0
app/cmd/share.go +55 -0
app/cmd/speedtest.go +178 -0
app/cmd/update.go +88 -0
app/cmd/version.go +23 -0
app/go.mod +92 -0
app/go.sum +661 -0
app/internal/forwarding/tcp.go +62 -0
app/internal/forwarding/tcp_test.go +39 -0
app/internal/forwarding/udp.go +180 -0
app/internal/forwarding/udp_test.go +39 -0
app/internal/http/server.go +301 -0
app/internal/http/server_test.go +59 -0
app/internal/http/server_test.py +24 -0
app/internal/http/test.crt +23 -0
app/internal/http/test.key +27 -0
app/internal/proxymux/.mockery.yaml +12 -0
app/internal/proxymux/internal/mocks/mock_Conn.go +427 -0
app/internal/proxymux/internal/mocks/mock_Listener.go +185 -0
app/internal/proxymux/manager.go +72 -0
app/internal/proxymux/manager_test.go +110 -0
app/internal/proxymux/mux.go +320 -0
app/internal/proxymux/mux_test.go +154 -0
app/internal/redirect/getsockopt_linux.go +17 -0
app/internal/redirect/getsockopt_linux_386.go +23 -0

.gitattributes CHANGED Viewed

@@ -33,3 +33,5 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text

 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+extras/outbounds/acl/v2geo/geoip.dat filter=lfs diff=lfs merge=lfs -text
+extras/outbounds/acl/v2geo/geosite.dat filter=lfs diff=lfs merge=lfs -text

.github/FUNDING.yml ADDED Viewed

	@@ -0,0 +1 @@


1	+ custom: [ 'https://v2.hysteria.network/docs/Donation/' ]

.github/ISSUE_TEMPLATE/bug_report.md ADDED Viewed

	@@ -0,0 +1,26 @@

+---
+name: Bug report
+about: Report anything you think is a bug and needs to be fixed.
+title: ''
+labels: bug
+assignees: ''
+---
+**Describe the bug**
+A clear and concise description of what the bug is.
+**To Reproduce**
+Steps to reproduce the behavior.
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+**Logs**
+Attach logs from the client/server when the error occurs.
+**Device and Operating System**
+What are you using it on.
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/bug_report.zh.md ADDED Viewed

	@@ -0,0 +1,26 @@

+---
+name: Bug 反馈
+about: 反馈任何你认为是 bug 需要修复的问题。
+title: ''
+labels: bug
+assignees: ''
+---
+**描述问题**
+请尽量清晰精准地描述你遇到的问题。
+**如何复现**
+复现问题的步骤。
+**预期行为**
+你认为修复后的行为应该是怎样的。
+**日志**
+附上客户端/服务器端在错误发生前后的日志。
+**设备和操作系统**
+你在用什么设备和操作系统。
+**额外信息**
+其他你认为有助于解决问题的信息。

.github/ISSUE_TEMPLATE/feature_request.md ADDED Viewed

	@@ -0,0 +1,20 @@

+---
+name: Feature request
+about: Suggest an idea for this project.
+title: ''
+labels: enhancement
+assignees: ''
+---
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/feature_request.zh.md ADDED Viewed

	@@ -0,0 +1,20 @@

+---
+name: 功能请求
+about: 为这个项目提出改进意见。
+title: ''
+labels: enhancement
+assignees: ''
+---
+**你的功能请求是否与某个问题有关？**
+请尽量清晰精准地描述你遇到的问题。例如：我家运营商限制 UDP 协议速度，导致 Hysteria 很慢，希望增加 FakeTCP 支持。
+**描述你希望的解决方案**
+请尽量清晰精准地描述你希望的解决方案。
+**有没有其他替代方案**
+请尽量清晰精准地描述你认为可能的替代方案。
+**额外信息**
+其他你认为有助于开发者了解你需求的信息。

.github/dependabot.yml ADDED Viewed

	@@ -0,0 +1,10 @@

+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/autotag.yaml ADDED Viewed

	@@ -0,0 +1,104 @@

+name: "Create release tags for nested modules"
+on:
+  push:
+    tags:
+      - app/v*.*.*
+permissions:
+  contents: write
+jobs:
+  tag:
+    name: "Create tags"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Extract tagbase"
+        id: extract_tagbase
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const ref = context.ref;
+            core.info(`context.ref: ${ref}`);
+            const refPrefix = 'refs/tags/app/';
+            if (!ref.startsWith(refPrefix)) {
+              core.setFailed(`context.ref does not start with ${refPrefix}: ${ref}`);
+              return;
+            }
+            const tagbase = ref.slice(refPrefix.length);
+            core.info(`tagbase: ${tagbase}`);
+            core.setOutput('tagbase', tagbase);
+      - name: "Tagging core/*"
+        uses: actions/github-script@v7
+        env:
+          INPUT_TAGPREFIX: "core/"
+          INPUT_TAGBASE: ${{ steps.extract_tagbase.outputs.tagbase }}
+        with:
+          script: |
+            const tagbase = core.getInput('tagbase', { required: true });
+            const tagprefix = core.getInput('tagprefix', { required: true });
+            const refname = `tags/${tagprefix}${tagbase}`;
+            core.info(`creating ref ${refname}`);
+            try {
+              await github.rest.git.createRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: `refs/${refname}`,
+                sha: context.sha
+              });
+              core.info(`created ref ${refname}`);
+              return;
+            } catch (error) {
+              core.info(`failed to create ref ${refname}: ${error}`);
+            }
+            core.info(`updating ref ${refname}`)
+            try {
+              await github.rest.git.updateRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: refname,
+                sha: context.sha
+              });
+              core.info(`updated ref ${refname}`);
+              return;
+            } catch (error) {
+              core.setFailed(`failed to update ref ${refname}: ${error}`);
+            }
+      - name: "Tagging extras/*"
+        uses: actions/github-script@v7
+        env:
+          INPUT_TAGPREFIX: "extras/"
+          INPUT_TAGBASE: ${{ steps.extract_tagbase.outputs.tagbase }}
+        with:
+          script: |
+            const tagbase = core.getInput('tagbase', { required: true });
+            const tagprefix = core.getInput('tagprefix', { required: true });
+            const refname = `tags/${tagprefix}${tagbase}`;
+            core.info(`creating ref ${refname}`);
+            try {
+              await github.rest.git.createRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: `refs/${refname}`,
+                sha: context.sha
+              });
+              core.info(`created ref ${refname}`);
+              return;
+            } catch (error) {
+              core.info(`failed to create ref ${refname}: ${error}`);
+            }
+            core.info(`updating ref ${refname}`)
+            try {
+              await github.rest.git.updateRef({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                ref: refname,
+                sha: context.sha
+              });
+              core.info(`updated ref ${refname}`);
+              return;
+            } catch (error) {
+              core.setFailed(`failed to update ref ${refname}: ${error}`);
+            }

.github/workflows/docker.yml ADDED Viewed

	@@ -0,0 +1,44 @@

+name: "Build Docker Image"
+on:
+  push:
+    tags:
+      - app/v*.*.*
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Get version
+        id: get_version
+        run: echo "version=$(git describe --tags --always --match 'app/v*' | sed -n 's|app/\([^/-]*\)\(-.*\)\{0,1\}|\1|p')" >> $GITHUB_OUTPUT
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: tobyxdd/hysteria:latest,tobyxdd/hysteria:v2,tobyxdd/hysteria:${{ steps.get_version.outputs.version }}
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/master.yml ADDED Viewed

	@@ -0,0 +1,52 @@

+name: "Build master branch"
+on:
+  push:
+    branches:
+      - master
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+      - name: Setup Python # This is for the build script
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - uses: nttld/setup-ndk@v1
+        id: setup-ndk
+        with:
+          ndk-version: r26b
+          add-to-path: false
+      - name: Run build script
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+        run: |
+          export HY_APP_PLATFORMS=$(sed 's/\r$//' platforms.txt | awk '!/^#/ && !/^$/' | paste -sd ",")
+          python hyperbole.py build -r
+      - name: Generate hashes
+        run: |
+          for file in build/*; do
+            sha256sum $file >> build/hashes.txt
+          done
+      - name: Archive
+        uses: actions/upload-artifact@v4
+        with:
+          name: hysteria-master-${{ github.sha }}
+          path: build

.github/workflows/release.yml ADDED Viewed

	@@ -0,0 +1,71 @@

+name: "Build release"
+on:
+  push:
+    tags:
+      - app/v*.*.*
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      ACTIONS_ALLOW_UNSECURE_COMMANDS: true
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Get version
+        id: get_version
+        run: echo "version=$(git describe --tags --always --match 'app/v*' | sed -n 's|app/\([^/-]*\)\(-.*\)\{0,1\}|\1|p')" >> $GITHUB_OUTPUT
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+      - name: Setup Python # This is for the build script
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - uses: nttld/setup-ndk@v1
+        id: setup-ndk
+        with:
+          ndk-version: r26b
+          add-to-path: false
+      - name: Run build script
+        env:
+          ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
+        run: |
+          export HY_APP_PLATFORMS=$(sed 's/\r$//' platforms.txt | awk '!/^#/ && !/^$/' | paste -sd ",")
+          python hyperbole.py build -r
+      - name: Generate hashes
+        run: |
+          for file in build/*; do
+            sha256sum $file >> build/hashes.txt
+          done
+      - name: Upload GitHub
+        uses: softprops/action-gh-release@v2
+        with:
+          files: build/*
+      - name: Upload CF bucket
+        uses: shallwefootball/upload-s3-action@v1.3.3
+        with:
+          aws_key_id: ${{ secrets.CF_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.CF_KEY }}
+          aws_bucket: "hydownload"
+          endpoint: "https://bea223c61d5a41250d127bd67f51dfec.r2.cloudflarestorage.com/"
+          source_dir: "build"
+          destination_dir: "app/${{ steps.get_version.outputs.version }}"
+      - name: Publish to API
+        run: |
+          export HY_API_POST_KEY=${{ secrets.HY2_API_POST_KEY }}
+          pip install requests
+          python hyperbole.py publish

.github/workflows/scripts.yml ADDED Viewed

	@@ -0,0 +1,29 @@

+name: "Publish scripts"
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - scripts/**
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      deployments: write
+    name: Publish scripts to Cloudflare Pages
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+      - name: Publish to Cloudflare Pages
+        uses: cloudflare/pages-action@v1
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: hy2scripts
+          directory: scripts
+          gitHubToken: ${{ secrets.GITHUB_TOKEN }}
+          branch: main

.gitignore ADDED Viewed

	@@ -0,0 +1,470 @@

+# Created by https://www.toptal.com/developers/gitignore/api/goland+all,intellij+all,go,windows,linux,macos,python,pycharm+all
+# Edit at https://www.toptal.com/developers/gitignore?templates=goland+all,intellij+all,go,windows,linux,macos,python,pycharm+all
+### Go ###
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+# Test binary, built with `go test -c`
+*.test
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+# Dependency directories (remove the comment below to include it)
+# vendor/
+# Go workspace file
+go.work
+### GoLand+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+# AWS User-specific
+.idea/**/aws.xml
+# Generated files
+.idea/**/contentModel.xml
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+# CMake
+cmake-build-*/
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+# File-based project format
+*.iws
+# IntelliJ
+out/
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+# JIRA plugin
+atlassian-ide-plugin.xml
+# Cursive Clojure plugin
+.idea/replstate.xml
+# SonarLint plugin
+.idea/sonarlint/
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+# Editor-based Rest Client
+.idea/httpRequests
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+### GoLand+all Patch ###
+# Ignore everything but code style settings and run configurations
+# that are supposed to be shared within teams.
+.idea/*
+!.idea/codeStyles
+!.idea/runConfigurations
+### Intellij+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+# User-specific stuff
+# AWS User-specific
+# Generated files
+# Sensitive or high-churn files
+# Gradle
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+# CMake
+# Mongo Explorer plugin
+# File-based project format
+# IntelliJ
+# mpeltonen/sbt-idea plugin
+# JIRA plugin
+# Cursive Clojure plugin
+# SonarLint plugin
+# Crashlytics plugin (for Android Studio and IntelliJ)
+# Editor-based Rest Client
+# Android studio 3.1+ serialized cache file
+### Intellij+all Patch ###
+# Ignore everything but code style settings and run configurations
+# that are supposed to be shared within teams.
+### Linux ###
+*~
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+# KDE directory preferences
+.directory
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+# Icon must end with two \r
+Icon
+# Thumbnails
+._*
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+### PyCharm+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+# User-specific stuff
+# AWS User-specific
+# Generated files
+# Sensitive or high-churn files
+# Gradle
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+# CMake
+# Mongo Explorer plugin
+# File-based project format
+# IntelliJ
+# mpeltonen/sbt-idea plugin
+# JIRA plugin
+# Cursive Clojure plugin
+# SonarLint plugin
+# Crashlytics plugin (for Android Studio and IntelliJ)
+# Editor-based Rest Client
+# Android studio 3.1+ serialized cache file
+### PyCharm+all Patch ###
+# Ignore everything but code style settings and run configurations
+# that are supposed to be shared within teams.
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+# C extensions
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+# Translations
+*.mo
+*.pot
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+# Flask stuff:
+instance/
+.webassets-cache
+# Scrapy stuff:
+.scrapy
+# Sphinx documentation
+docs/_build/
+# PyBuilder
+.pybuilder/
+target/
+# Jupyter Notebook
+.ipynb_checkpoints
+# IPython
+profile_default/
+ipython_config.py
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+# SageMath parsed files
+*.sage.py
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+# Spyder project settings
+.spyderproject
+.spyproject
+# Rope project settings
+.ropeproject
+# mkdocs documentation
+/site
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+# Pyre type checker
+.pyre/
+# pytype static type analyzer
+.pytype/
+# Cython debug symbols
+cython_debug/
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+### Python Patch ###
+# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration
+poetry.toml
+# ruff
+.ruff_cache/
+# LSP config files
+pyrightconfig.json
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+# Dump file
+*.stackdump
+# Folder config file
+[Dd]esktop.ini
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+# Windows shortcuts
+*.lnk
+# End of https://www.toptal.com/developers/gitignore/api/goland+all,intellij+all,go,windows,linux,macos,python,pycharm+all

CHANGELOG.md ADDED Viewed

	@@ -0,0 +1,3 @@


1	+ # Changelog
2	+
3	+ https://v2.hysteria.network/docs/Changelog/

Dockerfile ADDED Viewed

	@@ -0,0 +1,39 @@

+FROM golang:1-alpine AS builder
+# GOPROXY is disabled by default, use:
+# docker build --build-arg GOPROXY="https://goproxy.io" ...
+# to enable GOPROXY.
+ARG GOPROXY=""
+ENV GOPROXY ${GOPROXY}
+COPY . /go/src/github.com/apernet/hysteria
+WORKDIR /go/src/github.com/apernet/hysteria
+RUN set -ex \
+    && apk add git build-base bash python3 \
+    && python hyperbole.py build -r \
+    && mv ./build/hysteria-* /go/bin/hysteria
+# multi-stage builds to create the final image
+FROM alpine AS dist
+# set up nsswitch.conf for Go's "netgo" implementation
+# - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
+# - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
+RUN if [ ! -e /etc/nsswitch.conf ]; then echo 'hosts: files dns' > /etc/nsswitch.conf; fi
+# bash is used for debugging, tzdata is used to add timezone information.
+# Install ca-certificates to ensure no CA certificate errors.
+#
+# Do not try to add the "--no-cache" option when there are multiple "apk"
+# commands, this will cause the build process to become very slow.
+RUN set -ex \
+    && apk upgrade \
+    && apk add bash tzdata ca-certificates \
+    && rm -rf /var/cache/apk/*
+COPY --from=builder /go/bin/hysteria /usr/local/bin/hysteria
+ENTRYPOINT ["hysteria"]

LICENSE.md ADDED Viewed

	@@ -0,0 +1,7 @@

+Copyright 2023 Toby
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

PROTOCOL.md ADDED Viewed

	@@ -0,0 +1,153 @@

+# Hysteria 2 Protocol Specification
+Hysteria is a TCP & UDP proxy based on QUIC, designed for speed, security and censorship resistance. This document describes the protocol used by Hysteria starting with version 2.0.0, sometimes internally referred to as the "v4" protocol. From here on, we will call it "the protocol" or "the Hysteria protocol".
+## Requirements Language
+The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119).
+## Underlying Protocol & Wire Format
+The Hysteria protocol MUST be implemented on top of the standard QUIC transport protocol [RFC 9000](https://datatracker.ietf.org/doc/html/rfc9000) with [Unreliable Datagram Extension](https://datatracker.ietf.org/doc/rfc9221/).
+All multibyte numbers use Big Endian format.
+All variable-length integers ("varints") are encoded/decoded as defined in QUIC (RFC 9000).
+## Authentication & HTTP/3 masquerading
+One of the key features of the Hysteria protocol is that to a third party without proper authentication credentials (whether it's a middleman or an active prober), a Hysteria proxy server behaves just like a standard HTTP/3 web server. Additionally, the encrypted traffic between the client and the server appears indistinguishable from normal HTTP/3 traffic.
+Therefore, a Hysteria server MUST implement an HTTP/3 server (as defined by [RFC 9114](https://datatracker.ietf.org/doc/rfc9114/)) and handle HTTP requests as any standard web server would. To prevent active probers from detecting common response patterns in Hysteria servers, implementations SHOULD advise users to either host actual content or set it up as a reverse proxy for other sites.
+An actual Hysteria client, upon connection, MUST send the following HTTP/3 request to the server:
+```
+:method: POST
+:path: /auth
+:host: hysteria
+Hysteria-Auth: [string]
+Hysteria-CC-RX: [uint]
+Hysteria-Padding: [string]
+```
+`Hysteria-Auth`: Authentication credentials.
+`Hysteria-CC-RX`: Client's maximum receive rate in bytes per second. A value of 0 indicates unknown.
+`Hysteria-Padding`: A random padding string of variable length.
+The Hysteria server MUST identify this special request, and, instead of attempting to serve content or forwarding it to an upstream site, it MUST authenticate the client using the provided information. If authentication is successful, the server MUST send the following response (HTTP status code 233):
+```
+:status: 233 HyOK
+Hysteria-UDP: [true/false]
+Hysteria-CC-RX: [uint/"auto"]
+Hysteria-Padding: [string]
+```
+`Hysteria-UDP`: Whether the server supports UDP relay.
+`Hysteria-CC-RX`: Server's maximum receive rate in bytes per second. A value of 0 indicates unlimited; "auto" indicates the server refuses to provide a value and ask the client to use congestion control to determine the rate on its own.
+`Hysteria-Padding`: A random padding string of variable length.
+See the Congestion Control section for more information on how to use the `Hysteria-CC-RX` values.
+`Hysteria-Padding` is optional and is only intended to obfuscate the request/response pattern. It SHOULD be ignored by both sides.
+If authentication fails, the server MUST either act like a standard web server that does not understand the request, or in the case of being a reverse proxy, forward the request to the upstream site and return the response to the client.
+The client MUST check the status code to determine if the authentication was successful. If the status code is anything other than 233, the client MUST consider authentication to have failed and disconnect from the server.
+After (and only after) a client passes authentication, the server MUST consider this QUIC connection to be a Hysteria proxy connection. It MUST then start processing proxy requests from the client as described in the next section.
+## Proxy Requests
+### TCP
+For each TCP connection, the client MUST create a new QUIC bidirectional stream and send the following TCPRequest message:
+```
+[varint] 0x401 (TCPRequest ID)
+[varint] Address length
+[bytes] Address string (host:port)
+[varint] Padding length
+[bytes] Random padding
+```
+The server MUST respond with a TCPResponse message:
+```
+[uint8] Status (0x00 = OK, 0x01 = Error)
+[varint] Message length
+[bytes] Message string
+[varint] Padding length
+[bytes] Random padding
+```
+If the status is OK, the server MUST then begin forwarding data between the client and the specified TCP address until either side closes the connection. If the status is Error, the server MUST close the QUIC stream.
+### UDP
+UDP packets MUST be encapsulated in the following UDPMessage format and sent over QUIC's unreliable datagram (for both client-to-server and server-to-client):
+```
+[uint32] Session ID
+[uint16] Packet ID
+[uint8] Fragment ID
+[uint8] Fragment count
+[varint] Address length
+[bytes] Address string (host:port)
+[bytes] Payload
+```
+The client MUST use a unique Session ID for each UDP session. The server SHOULD assign a unique UDP port to each Session ID, unless it has another mechanism to differentiate packets from different sessions (e.g., symmetric NAT, varying outbound IP addresses, etc.).
+The protocol does not provide an explicit way to close a UDP session. While a client can retain and reuse a Session ID indefinitely, the server SHOULD release and reassign the port associated with the Session ID after a period of inactivity or some other criteria. If the client sends a UDP packet to a Session ID that is no longer recognized by the server, the server MUST treat it as a new session and assign a new port.
+If a server does not support UDP relay, it SHOULD silently discard all UDP messages received from the client.
+#### Fragmentation
+Due to the limit imposed by QUIC's unreliable datagram channel, any UDP packet that exceeds QUIC's maximum datagram size MUST either be fragmented or discarded.
+For fragmented packets, each fragment MUST carry the same unique Packet ID. The Fragment ID, starting from 0, indicates the index out of the total Fragment Count. Both the server and client MUST wait for all fragments of a fragmented packet to arrive before processing them. If one or more fragments of a packet are lost, the entire packet MUST be discarded.
+For packets that are not fragmented, the Fragment Count MUST be set to 1. In this case, the values of Packet ID and Fragment ID are irrelevant.
+## Congestion Control
+A unique feature of Hysteria is the ability to set the tx/rx (upload/download) rate on the client side. During authentication, the client sends its rx rate to the server via the `Hysteria-CC-RX` header. The server can use this to determine its transmission rate to the client, and vice versa by returning its rx rate to the client through the same header.
+Three special cases are:
+- If the client sends 0, it doesn't know its own rx rate. The server MUST use a congestion control algorithm (e.g., BBR, Cubic) to adjust its transmission rate.
+- If the server responds with 0, it has no bandwidth limit. The client MAY transmit at any rate it wants.
+- If the server responds with "auto", it chooses not to specify a rate. The client MUST use a congestion control algorithm to adjust its transmission rate.
+## "Salamander" Obfuscation
+The Hysteria protocol supports an optional obfuscation layer codenamed "Salamander".
+"Salamander" encapsulates all QUIC packets in the following format:
+```
+[8 bytes] Salt
+[bytes] Payload
+```
+For each QUIC packet, the obfuscator MUST calculate the BLAKE2b-256 hash of a randomly generated 8-byte salt appended to a user-provided pre-shared key.
+```
+hash = BLAKE2b-256(key + salt)
+```
+The hash is then used to obfuscate the payload using the following algorithm:
+```
+for i in range(0, len(payload)):
+    payload[i] ^= hash[i % 32]
+```
+The deobfuscator MUST use the same algorithms to calculate the salted hash and deobfuscate the payload. Any invalid packet MUST be discarded.

app/cmd/client.go ADDED Viewed

	@@ -0,0 +1,1031 @@

+package cmd
+import (
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"net"
+	"net/netip"
+	"os"
+	"os/signal"
+	"runtime"
+	"slices"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"github.com/apernet/hysteria/app/v2/internal/forwarding"
+	"github.com/apernet/hysteria/app/v2/internal/http"
+	"github.com/apernet/hysteria/app/v2/internal/proxymux"
+	"github.com/apernet/hysteria/app/v2/internal/redirect"
+	"github.com/apernet/hysteria/app/v2/internal/sockopts"
+	"github.com/apernet/hysteria/app/v2/internal/socks5"
+	"github.com/apernet/hysteria/app/v2/internal/tproxy"
+	"github.com/apernet/hysteria/app/v2/internal/tun"
+	"github.com/apernet/hysteria/app/v2/internal/url"
+	"github.com/apernet/hysteria/app/v2/internal/utils"
+	"github.com/apernet/hysteria/core/v2/client"
+	"github.com/apernet/hysteria/extras/v2/correctnet"
+	"github.com/apernet/hysteria/extras/v2/obfs"
+	"github.com/apernet/hysteria/extras/v2/transport/udphop"
+)
+// Client flags
+var (
+	showQR bool
+)
+var clientCmd = &cobra.Command{
+	Use:   "client",
+	Short: "Client mode",
+	Run:   runClient,
+}
+func init() {
+	initClientFlags()
+	rootCmd.AddCommand(clientCmd)
+}
+func initClientFlags() {
+	clientCmd.Flags().BoolVar(&showQR, "qr", false, "show QR code for server config sharing")
+}
+type clientConfig struct {
+	Server        string                `mapstructure:"server"`
+	Auth          string                `mapstructure:"auth"`
+	Transport     clientConfigTransport `mapstructure:"transport"`
+	Obfs          clientConfigObfs      `mapstructure:"obfs"`
+	TLS           clientConfigTLS       `mapstructure:"tls"`
+	QUIC          clientConfigQUIC      `mapstructure:"quic"`
+	Bandwidth     clientConfigBandwidth `mapstructure:"bandwidth"`
+	FastOpen      bool                  `mapstructure:"fastOpen"`
+	Lazy          bool                  `mapstructure:"lazy"`
+	SOCKS5        *socks5Config         `mapstructure:"socks5"`
+	HTTP          *httpConfig           `mapstructure:"http"`
+	TCPForwarding []tcpForwardingEntry  `mapstructure:"tcpForwarding"`
+	UDPForwarding []udpForwardingEntry  `mapstructure:"udpForwarding"`
+	TCPTProxy     *tcpTProxyConfig      `mapstructure:"tcpTProxy"`
+	UDPTProxy     *udpTProxyConfig      `mapstructure:"udpTProxy"`
+	TCPRedirect   *tcpRedirectConfig    `mapstructure:"tcpRedirect"`
+	TUN           *tunConfig            `mapstructure:"tun"`
+}
+type clientConfigTransportUDP struct {
+	HopInterval time.Duration `mapstructure:"hopInterval"`
+}
+type clientConfigTransport struct {
+	Type string                   `mapstructure:"type"`
+	UDP  clientConfigTransportUDP `mapstructure:"udp"`
+}
+type clientConfigObfsSalamander struct {
+	Password string `mapstructure:"password"`
+}
+type clientConfigObfs struct {
+	Type       string                     `mapstructure:"type"`
+	Salamander clientConfigObfsSalamander `mapstructure:"salamander"`
+}
+type clientConfigTLS struct {
+	SNI       string `mapstructure:"sni"`
+	Insecure  bool   `mapstructure:"insecure"`
+	PinSHA256 string `mapstructure:"pinSHA256"`
+	CA        string `mapstructure:"ca"`
+}
+type clientConfigQUIC struct {
+	InitStreamReceiveWindow     uint64                   `mapstructure:"initStreamReceiveWindow"`
+	MaxStreamReceiveWindow      uint64                   `mapstructure:"maxStreamReceiveWindow"`
+	InitConnectionReceiveWindow uint64                   `mapstructure:"initConnReceiveWindow"`
+	MaxConnectionReceiveWindow  uint64                   `mapstructure:"maxConnReceiveWindow"`
+	MaxIdleTimeout              time.Duration            `mapstructure:"maxIdleTimeout"`
+	KeepAlivePeriod             time.Duration            `mapstructure:"keepAlivePeriod"`
+	DisablePathMTUDiscovery     bool                     `mapstructure:"disablePathMTUDiscovery"`
+	Sockopts                    clientConfigQUICSockopts `mapstructure:"sockopts"`
+}
+type clientConfigQUICSockopts struct {
+	BindInterface       *string `mapstructure:"bindInterface"`
+	FirewallMark        *uint32 `mapstructure:"fwmark"`
+	FdControlUnixSocket *string `mapstructure:"fdControlUnixSocket"`
+}
+type clientConfigBandwidth struct {
+	Up   string `mapstructure:"up"`
+	Down string `mapstructure:"down"`
+}
+type socks5Config struct {
+	Listen     string `mapstructure:"listen"`
+	Username   string `mapstructure:"username"`
+	Password   string `mapstructure:"password"`
+	DisableUDP bool   `mapstructure:"disableUDP"`
+}
+type httpConfig struct {
+	Listen   string `mapstructure:"listen"`
+	Username string `mapstructure:"username"`
+	Password string `mapstructure:"password"`
+	Realm    string `mapstructure:"realm"`
+}
+type tcpForwardingEntry struct {
+	Listen string `mapstructure:"listen"`
+	Remote string `mapstructure:"remote"`
+}
+type udpForwardingEntry struct {
+	Listen  string        `mapstructure:"listen"`
+	Remote  string        `mapstructure:"remote"`
+	Timeout time.Duration `mapstructure:"timeout"`
+}
+type tcpTProxyConfig struct {
+	Listen string `mapstructure:"listen"`
+}
+type udpTProxyConfig struct {
+	Listen  string        `mapstructure:"listen"`
+	Timeout time.Duration `mapstructure:"timeout"`
+}
+type tcpRedirectConfig struct {
+	Listen string `mapstructure:"listen"`
+}
+type tunConfig struct {
+	Name    string        `mapstructure:"name"`
+	MTU     uint32        `mapstructure:"mtu"`
+	Timeout time.Duration `mapstructure:"timeout"`
+	Address struct {
+		IPv4 string `mapstructure:"ipv4"`
+		IPv6 string `mapstructure:"ipv6"`
+	} `mapstructure:"address"`
+	Route *struct {
+		Strict      bool     `mapstructure:"strict"`
+		IPv4        []string `mapstructure:"ipv4"`
+		IPv6        []string `mapstructure:"ipv6"`
+		IPv4Exclude []string `mapstructure:"ipv4Exclude"`
+		IPv6Exclude []string `mapstructure:"ipv6Exclude"`
+	} `mapstructure:"route"`
+}
+func (c *clientConfig) fillServerAddr(hyConfig *client.Config) error {
+	if c.Server == "" {
+		return configError{Field: "server", Err: errors.New("server address is empty")}
+	}
+	var addr net.Addr
+	var err error
+	host, port, hostPort := parseServerAddrString(c.Server)
+	if !isPortHoppingPort(port) {
+		addr, err = net.ResolveUDPAddr("udp", hostPort)
+	} else {
+		addr, err = udphop.ResolveUDPHopAddr(hostPort)
+	}
+	if err != nil {
+		return configError{Field: "server", Err: err}
+	}
+	hyConfig.ServerAddr = addr
+	// Special handling for SNI
+	if c.TLS.SNI == "" {
+		// Use server hostname as SNI
+		hyConfig.TLSConfig.ServerName = host
+	}
+	return nil
+}
+// fillConnFactory must be called after fillServerAddr, as we have different logic
+// for ConnFactory depending on whether we have a port hopping address.
+func (c *clientConfig) fillConnFactory(hyConfig *client.Config) error {
+	so := &sockopts.SocketOptions{
+		BindInterface:       c.QUIC.Sockopts.BindInterface,
+		FirewallMark:        c.QUIC.Sockopts.FirewallMark,
+		FdControlUnixSocket: c.QUIC.Sockopts.FdControlUnixSocket,
+	}
+	if err := so.CheckSupported(); err != nil {
+		var unsupportedErr *sockopts.UnsupportedError
+		if errors.As(err, &unsupportedErr) {
+			return configError{
+				Field: "quic.sockopts." + unsupportedErr.Field,
+				Err:   errors.New("unsupported on this platform"),
+			}
+		}
+		return configError{Field: "quic.sockopts", Err: err}
+	}
+	// Inner PacketConn
+	var newFunc func(addr net.Addr) (net.PacketConn, error)
+	switch strings.ToLower(c.Transport.Type) {
+	case "", "udp":
+		if hyConfig.ServerAddr.Network() == "udphop" {
+			hopAddr := hyConfig.ServerAddr.(*udphop.UDPHopAddr)
+			newFunc = func(addr net.Addr) (net.PacketConn, error) {
+				return udphop.NewUDPHopPacketConn(hopAddr, c.Transport.UDP.HopInterval, so.ListenUDP)
+			}
+		} else {
+			newFunc = func(addr net.Addr) (net.PacketConn, error) {
+				return so.ListenUDP()
+			}
+		}
+	default:
+		return configError{Field: "transport.type", Err: errors.New("unsupported transport type")}
+	}
+	// Obfuscation
+	var ob obfs.Obfuscator
+	var err error
+	switch strings.ToLower(c.Obfs.Type) {
+	case "", "plain":
+		// Keep it nil
+	case "salamander":
+		ob, err = obfs.NewSalamanderObfuscator([]byte(c.Obfs.Salamander.Password))
+		if err != nil {
+			return configError{Field: "obfs.salamander.password", Err: err}
+		}
+	default:
+		return configError{Field: "obfs.type", Err: errors.New("unsupported obfuscation type")}
+	}
+	hyConfig.ConnFactory = &adaptiveConnFactory{
+		NewFunc:    newFunc,
+		Obfuscator: ob,
+	}
+	return nil
+}
+func (c *clientConfig) fillAuth(hyConfig *client.Config) error {
+	hyConfig.Auth = c.Auth
+	return nil
+}
+func (c *clientConfig) fillTLSConfig(hyConfig *client.Config) error {
+	if c.TLS.SNI != "" {
+		hyConfig.TLSConfig.ServerName = c.TLS.SNI
+	}
+	hyConfig.TLSConfig.InsecureSkipVerify = c.TLS.Insecure
+	if c.TLS.PinSHA256 != "" {
+		nHash := normalizeCertHash(c.TLS.PinSHA256)
+		hyConfig.TLSConfig.VerifyPeerCertificate = func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
+			for _, cert := range rawCerts {
+				hash := sha256.Sum256(cert)
+				hashHex := hex.EncodeToString(hash[:])
+				if hashHex == nHash {
+					return nil
+				}
+			}
+			// No match
+			return errors.New("no certificate matches the pinned hash")
+		}
+	}
+	if c.TLS.CA != "" {
+		ca, err := os.ReadFile(c.TLS.CA)
+		if err != nil {
+			return configError{Field: "tls.ca", Err: err}
+		}
+		cPool := x509.NewCertPool()
+		if !cPool.AppendCertsFromPEM(ca) {
+			return configError{Field: "tls.ca", Err: errors.New("failed to parse CA certificate")}
+		}
+		hyConfig.TLSConfig.RootCAs = cPool
+	}
+	return nil
+}
+func (c *clientConfig) fillQUICConfig(hyConfig *client.Config) error {
+	hyConfig.QUICConfig = client.QUICConfig{
+		InitialStreamReceiveWindow:     c.QUIC.InitStreamReceiveWindow,
+		MaxStreamReceiveWindow:         c.QUIC.MaxStreamReceiveWindow,
+		InitialConnectionReceiveWindow: c.QUIC.InitConnectionReceiveWindow,
+		MaxConnectionReceiveWindow:     c.QUIC.MaxConnectionReceiveWindow,
+		MaxIdleTimeout:                 c.QUIC.MaxIdleTimeout,
+		KeepAlivePeriod:                c.QUIC.KeepAlivePeriod,
+		DisablePathMTUDiscovery:        c.QUIC.DisablePathMTUDiscovery,
+	}
+	return nil
+}
+func (c *clientConfig) fillBandwidthConfig(hyConfig *client.Config) error {
+	// New core now allows users to omit bandwidth values and use built-in congestion control
+	var err error
+	if c.Bandwidth.Up != "" {
+		hyConfig.BandwidthConfig.MaxTx, err = utils.ConvBandwidth(c.Bandwidth.Up)
+		if err != nil {
+			return configError{Field: "bandwidth.up", Err: err}
+		}
+	}
+	if c.Bandwidth.Down != "" {
+		hyConfig.BandwidthConfig.MaxRx, err = utils.ConvBandwidth(c.Bandwidth.Down)
+		if err != nil {
+			return configError{Field: "bandwidth.down", Err: err}
+		}
+	}
+	return nil
+}
+func (c *clientConfig) fillFastOpen(hyConfig *client.Config) error {
+	hyConfig.FastOpen = c.FastOpen
+	return nil
+}
+// URI generates a URI for sharing the config with others.
+// Note that only the bare minimum of information required to
+// connect to the server is included in the URI, specifically:
+// - server address
+// - authentication
+// - obfuscation type
+// - obfuscation password
+// - TLS SNI
+// - TLS insecure
+// - TLS pinned SHA256 hash (normalized)
+func (c *clientConfig) URI() string {
+	q := url.Values{}
+	switch strings.ToLower(c.Obfs.Type) {
+	case "salamander":
+		q.Set("obfs", "salamander")
+		q.Set("obfs-password", c.Obfs.Salamander.Password)
+	}
+	if c.TLS.SNI != "" {
+		q.Set("sni", c.TLS.SNI)
+	}
+	if c.TLS.Insecure {
+		q.Set("insecure", "1")
+	}
+	if c.TLS.PinSHA256 != "" {
+		q.Set("pinSHA256", normalizeCertHash(c.TLS.PinSHA256))
+	}
+	var user *url.Userinfo
+	if c.Auth != "" {
+		// We need to handle the special case of user:pass pairs
+		rs := strings.SplitN(c.Auth, ":", 2)
+		if len(rs) == 2 {
+			user = url.UserPassword(rs[0], rs[1])
+		} else {
+			user = url.User(c.Auth)
+		}
+	}
+	u := url.URL{
+		Scheme:   "hysteria2",
+		User:     user,
+		Host:     c.Server,
+		Path:     "/",
+		RawQuery: q.Encode(),
+	}
+	return u.String()
+}
+// parseURI tries to parse the server address field as a URI,
+// and fills the config with the information contained in the URI.
+// Returns whether the server address field is a valid URI.
+// This allows a user to use put a URI as the server address and
+// omit the fields that are already contained in the URI.
+func (c *clientConfig) parseURI() bool {
+	u, err := url.Parse(c.Server)
+	if err != nil {
+		return false
+	}
+	if u.Scheme != "hysteria2" && u.Scheme != "hy2" {
+		return false
+	}
+	if u.User != nil {
+		auth, err := url.QueryUnescape(u.User.String())
+		if err != nil {
+			return false
+		}
+		c.Auth = auth
+	}
+	c.Server = u.Host
+	q := u.Query()
+	if obfsType := q.Get("obfs"); obfsType != "" {
+		c.Obfs.Type = obfsType
+		switch strings.ToLower(obfsType) {
+		case "salamander":
+			c.Obfs.Salamander.Password = q.Get("obfs-password")
+		}
+	}
+	if sni := q.Get("sni"); sni != "" {
+		c.TLS.SNI = sni
+	}
+	if insecure, err := strconv.ParseBool(q.Get("insecure")); err == nil {
+		c.TLS.Insecure = insecure
+	}
+	if pinSHA256 := q.Get("pinSHA256"); pinSHA256 != "" {
+		c.TLS.PinSHA256 = pinSHA256
+	}
+	return true
+}
+// Config validates the fields and returns a ready-to-use Hysteria client config
+func (c *clientConfig) Config() (*client.Config, error) {
+	c.parseURI()
+	hyConfig := &client.Config{}
+	fillers := []func(*client.Config) error{
+		c.fillServerAddr,
+		c.fillConnFactory,
+		c.fillAuth,
+		c.fillTLSConfig,
+		c.fillQUICConfig,
+		c.fillBandwidthConfig,
+		c.fillFastOpen,
+	}
+	for _, f := range fillers {
+		if err := f(hyConfig); err != nil {
+			return nil, err
+		}
+	}
+	return hyConfig, nil
+}
+func runClient(cmd *cobra.Command, args []string) {
+	logger.Info("client mode")
+	if err := viper.ReadInConfig(); err != nil {
+		logger.Fatal("failed to read client config", zap.Error(err))
+	}
+	var config clientConfig
+	if err := viper.Unmarshal(&config); err != nil {
+		logger.Fatal("failed to parse client config", zap.Error(err))
+	}
+	c, err := client.NewReconnectableClient(
+		config.Config,
+		func(c client.Client, info *client.HandshakeInfo, count int) {
+			connectLog(info, count)
+			// On the client side, we start checking for updates after we successfully connect
+			// to the server, which, depending on whether lazy mode is enabled, may or may not
+			// be immediately after the client starts. We don't want the update check request
+			// to interfere with the lazy mode option.
+			if count == 1 && !disableUpdateCheck {
+				go runCheckUpdateClient(c)
+			}
+		}, config.Lazy)
+	if err != nil {
+		logger.Fatal("failed to initialize client", zap.Error(err))
+	}
+	defer c.Close()
+	uri := config.URI()
+	logger.Info("use this URI to share your server", zap.String("uri", uri))
+	if showQR {
+		utils.PrintQR(uri)
+	}
+	// Register modes
+	var runner clientModeRunner
+	if config.SOCKS5 != nil {
+		runner.Add("SOCKS5 server", func() error {
+			return clientSOCKS5(*config.SOCKS5, c)
+		})
+	}
+	if config.HTTP != nil {
+		runner.Add("HTTP proxy server", func() error {
+			return clientHTTP(*config.HTTP, c)
+		})
+	}
+	if len(config.TCPForwarding) > 0 {
+		runner.Add("TCP forwarding", func() error {
+			return clientTCPForwarding(config.TCPForwarding, c)
+		})
+	}
+	if len(config.UDPForwarding) > 0 {
+		runner.Add("UDP forwarding", func() error {
+			return clientUDPForwarding(config.UDPForwarding, c)
+		})
+	}
+	if config.TCPTProxy != nil {
+		runner.Add("TCP transparent proxy", func() error {
+			return clientTCPTProxy(*config.TCPTProxy, c)
+		})
+	}
+	if config.UDPTProxy != nil {
+		runner.Add("UDP transparent proxy", func() error {
+			return clientUDPTProxy(*config.UDPTProxy, c)
+		})
+	}
+	if config.TCPRedirect != nil {
+		runner.Add("TCP redirect", func() error {
+			return clientTCPRedirect(*config.TCPRedirect, c)
+		})
+	}
+	if config.TUN != nil {
+		runner.Add("TUN", func() error {
+			return clientTUN(*config.TUN, c)
+		})
+	}
+	signalChan := make(chan os.Signal, 1)
+	signal.Notify(signalChan, os.Interrupt, syscall.SIGTERM)
+	defer signal.Stop(signalChan)
+	runnerChan := make(chan clientModeRunnerResult, 1)
+	go func() {
+		runnerChan <- runner.Run()
+	}()
+	select {
+	case <-signalChan:
+		logger.Info("received signal, shutting down gracefully")
+	case r := <-runnerChan:
+		if r.OK {
+			logger.Info(r.Msg)
+		} else {
+			_ = c.Close() // Close the client here as Fatal will exit the program without running defer
+			if r.Err != nil {
+				logger.Fatal(r.Msg, zap.Error(r.Err))
+			} else {
+				logger.Fatal(r.Msg)
+			}
+		}
+	}
+}
+type clientModeRunner struct {
+	ModeMap map[string]func() error
+}
+type clientModeRunnerResult struct {
+	OK  bool
+	Msg string
+	Err error
+}
+func (r *clientModeRunner) Add(name string, f func() error) {
+	if r.ModeMap == nil {
+		r.ModeMap = make(map[string]func() error)
+	}
+	r.ModeMap[name] = f
+}
+func (r *clientModeRunner) Run() clientModeRunnerResult {
+	if len(r.ModeMap) == 0 {
+		return clientModeRunnerResult{OK: false, Msg: "no mode specified"}
+	}
+	type modeError struct {
+		Name string
+		Err  error
+	}
+	errChan := make(chan modeError, len(r.ModeMap))
+	for name, f := range r.ModeMap {
+		go func(name string, f func() error) {
+			err := f()
+			errChan <- modeError{name, err}
+		}(name, f)
+	}
+	// Fatal if any one of the modes fails
+	for i := 0; i < len(r.ModeMap); i++ {
+		e := <-errChan
+		if e.Err != nil {
+			return clientModeRunnerResult{OK: false, Msg: "failed to run " + e.Name, Err: e.Err}
+		}
+	}
+	// We don't really have any such cases, as currently none of our modes would stop on themselves without error.
+	// But we leave the possibility here for future expansion.
+	return clientModeRunnerResult{OK: true, Msg: "finished without error"}
+}
+func clientSOCKS5(config socks5Config, c client.Client) error {
+	if config.Listen == "" {
+		return configError{Field: "listen", Err: errors.New("listen address is empty")}
+	}
+	l, err := proxymux.ListenSOCKS(config.Listen)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	var authFunc func(username, password string) bool
+	username, password := config.Username, config.Password
+	if username != "" && password != "" {
+		authFunc = func(u, p string) bool {
+			return u == username && p == password
+		}
+	}
+	s := socks5.Server{
+		HyClient:    c,
+		AuthFunc:    authFunc,
+		DisableUDP:  config.DisableUDP,
+		EventLogger: &socks5Logger{},
+	}
+	logger.Info("SOCKS5 server listening", zap.String("addr", config.Listen))
+	return s.Serve(l)
+}
+func clientHTTP(config httpConfig, c client.Client) error {
+	if config.Listen == "" {
+		return configError{Field: "listen", Err: errors.New("listen address is empty")}
+	}
+	l, err := proxymux.ListenHTTP(config.Listen)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	var authFunc func(username, password string) bool
+	username, password := config.Username, config.Password
+	if username != "" && password != "" {
+		authFunc = func(u, p string) bool {
+			return u == username && p == password
+		}
+	}
+	if config.Realm == "" {
+		config.Realm = "Hysteria"
+	}
+	h := http.Server{
+		HyClient:    c,
+		AuthFunc:    authFunc,
+		AuthRealm:   config.Realm,
+		EventLogger: &httpLogger{},
+	}
+	logger.Info("HTTP proxy server listening", zap.String("addr", config.Listen))
+	return h.Serve(l)
+}
+func clientTCPForwarding(entries []tcpForwardingEntry, c client.Client) error {
+	errChan := make(chan error, len(entries))
+	for _, e := range entries {
+		if e.Listen == "" {
+			return configError{Field: "listen", Err: errors.New("listen address is empty")}
+		}
+		if e.Remote == "" {
+			return configError{Field: "remote", Err: errors.New("remote address is empty")}
+		}
+		l, err := correctnet.Listen("tcp", e.Listen)
+		if err != nil {
+			return configError{Field: "listen", Err: err}
+		}
+		logger.Info("TCP forwarding listening", zap.String("addr", e.Listen), zap.String("remote", e.Remote))
+		go func(remote string) {
+			t := &forwarding.TCPTunnel{
+				HyClient:    c,
+				Remote:      remote,
+				EventLogger: &tcpLogger{},
+			}
+			errChan <- t.Serve(l)
+		}(e.Remote)
+	}
+	// Return if any one of the forwarding fails
+	return <-errChan
+}
+func clientUDPForwarding(entries []udpForwardingEntry, c client.Client) error {
+	errChan := make(chan error, len(entries))
+	for _, e := range entries {
+		if e.Listen == "" {
+			return configError{Field: "listen", Err: errors.New("listen address is empty")}
+		}
+		if e.Remote == "" {
+			return configError{Field: "remote", Err: errors.New("remote address is empty")}
+		}
+		l, err := correctnet.ListenPacket("udp", e.Listen)
+		if err != nil {
+			return configError{Field: "listen", Err: err}
+		}
+		logger.Info("UDP forwarding listening", zap.String("addr", e.Listen), zap.String("remote", e.Remote))
+		go func(remote string, timeout time.Duration) {
+			u := &forwarding.UDPTunnel{
+				HyClient:    c,
+				Remote:      remote,
+				Timeout:     timeout,
+				EventLogger: &udpLogger{},
+			}
+			errChan <- u.Serve(l)
+		}(e.Remote, e.Timeout)
+	}
+	// Return if any one of the forwarding fails
+	return <-errChan
+}
+func clientTCPTProxy(config tcpTProxyConfig, c client.Client) error {
+	if config.Listen == "" {
+		return configError{Field: "listen", Err: errors.New("listen address is empty")}
+	}
+	laddr, err := net.ResolveTCPAddr("tcp", config.Listen)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	p := &tproxy.TCPTProxy{
+		HyClient:    c,
+		EventLogger: &tcpTProxyLogger{},
+	}
+	logger.Info("TCP transparent proxy listening", zap.String("addr", config.Listen))
+	return p.ListenAndServe(laddr)
+}
+func clientUDPTProxy(config udpTProxyConfig, c client.Client) error {
+	if config.Listen == "" {
+		return configError{Field: "listen", Err: errors.New("listen address is empty")}
+	}
+	laddr, err := net.ResolveUDPAddr("udp", config.Listen)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	p := &tproxy.UDPTProxy{
+		HyClient:    c,
+		Timeout:     config.Timeout,
+		EventLogger: &udpTProxyLogger{},
+	}
+	logger.Info("UDP transparent proxy listening", zap.String("addr", config.Listen))
+	return p.ListenAndServe(laddr)
+}
+func clientTCPRedirect(config tcpRedirectConfig, c client.Client) error {
+	if config.Listen == "" {
+		return configError{Field: "listen", Err: errors.New("listen address is empty")}
+	}
+	laddr, err := net.ResolveTCPAddr("tcp", config.Listen)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	p := &redirect.TCPRedirect{
+		HyClient:    c,
+		EventLogger: &tcpRedirectLogger{},
+	}
+	logger.Info("TCP redirect listening", zap.String("addr", config.Listen))
+	return p.ListenAndServe(laddr)
+}
+func clientTUN(config tunConfig, c client.Client) error {
+	supportedPlatforms := []string{"linux", "darwin", "windows", "android"}
+	if !slices.Contains(supportedPlatforms, runtime.GOOS) {
+		logger.Error("TUN is not supported on this platform", zap.String("platform", runtime.GOOS))
+	}
+	if config.Name == "" {
+		return configError{Field: "name", Err: errors.New("name is empty")}
+	}
+	if config.MTU == 0 {
+		config.MTU = 1500
+	}
+	timeout := int64(config.Timeout.Seconds())
+	if timeout == 0 {
+		timeout = 300
+	}
+	if config.Address.IPv4 == "" {
+		config.Address.IPv4 = "100.100.100.101/30"
+	}
+	prefix4, err := netip.ParsePrefix(config.Address.IPv4)
+	if err != nil {
+		return configError{Field: "address.ipv4", Err: err}
+	}
+	if config.Address.IPv6 == "" {
+		config.Address.IPv6 = "2001::ffff:ffff:ffff:fff1/126"
+	}
+	prefix6, err := netip.ParsePrefix(config.Address.IPv6)
+	if err != nil {
+		return configError{Field: "address.ipv6", Err: err}
+	}
+	server := &tun.Server{
+		HyClient:     c,
+		EventLogger:  &tunLogger{},
+		Logger:       logger,
+		IfName:       config.Name,
+		MTU:          config.MTU,
+		Timeout:      timeout,
+		Inet4Address: []netip.Prefix{prefix4},
+		Inet6Address: []netip.Prefix{prefix6},
+	}
+	if config.Route != nil {
+		server.AutoRoute = true
+		server.StructRoute = config.Route.Strict
+		parsePrefixes := func(field string, ss []string) ([]netip.Prefix, error) {
+			var prefixes []netip.Prefix
+			for i, s := range ss {
+				var p netip.Prefix
+				if strings.Contains(s, "/") {
+					var err error
+					p, err = netip.ParsePrefix(s)
+					if err != nil {
+						return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+					}
+				} else {
+					pa, err := netip.ParseAddr(s)
+					if err != nil {
+						return nil, configError{Field: fmt.Sprintf("%s[%d]", field, i), Err: err}
+					}
+					p = netip.PrefixFrom(pa, pa.BitLen())
+				}
+				prefixes = append(prefixes, p)
+			}
+			return prefixes, nil
+		}
+		server.Inet4RouteAddress, err = parsePrefixes("route.ipv4", config.Route.IPv4)
+		if err != nil {
+			return err
+		}
+		server.Inet6RouteAddress, err = parsePrefixes("route.ipv6", config.Route.IPv6)
+		if err != nil {
+			return err
+		}
+		server.Inet4RouteExcludeAddress, err = parsePrefixes("route.ipv4Exclude", config.Route.IPv4Exclude)
+		if err != nil {
+			return err
+		}
+		server.Inet6RouteExcludeAddress, err = parsePrefixes("route.ipv6Exclude", config.Route.IPv6Exclude)
+		if err != nil {
+			return err
+		}
+	}
+	logger.Info("TUN listening", zap.String("interface", config.Name))
+	return server.Serve()
+}
+// parseServerAddrString parses server address string.
+// Server address can be in either "host:port" or "host" format (in which case we assume port 443).
+func parseServerAddrString(addrStr string) (host, port, hostPort string) {
+	h, p, err := net.SplitHostPort(addrStr)
+	if err != nil {
+		return addrStr, "443", net.JoinHostPort(addrStr, "443")
+	}
+	return h, p, addrStr
+}
+// isPortHoppingPort returns whether the port string is a port hopping port.
+// We consider a port string to be a port hopping port if it contains "-" or ",".
+func isPortHoppingPort(port string) bool {
+	return strings.Contains(port, "-") || strings.Contains(port, ",")
+}
+// normalizeCertHash normalizes a certificate hash string.
+// It converts all characters to lowercase and removes possible separators such as ":" and "-".
+func normalizeCertHash(hash string) string {
+	r := strings.ToLower(hash)
+	r = strings.ReplaceAll(r, ":", "")
+	r = strings.ReplaceAll(r, "-", "")
+	return r
+}
+type adaptiveConnFactory struct {
+	NewFunc    func(addr net.Addr) (net.PacketConn, error)
+	Obfuscator obfs.Obfuscator // nil if no obfuscation
+}
+func (f *adaptiveConnFactory) New(addr net.Addr) (net.PacketConn, error) {
+	if f.Obfuscator == nil {
+		return f.NewFunc(addr)
+	} else {
+		conn, err := f.NewFunc(addr)
+		if err != nil {
+			return nil, err
+		}
+		return obfs.WrapPacketConn(conn, f.Obfuscator), nil
+	}
+}
+func connectLog(info *client.HandshakeInfo, count int) {
+	logger.Info("connected to server",
+		zap.Bool("udpEnabled", info.UDPEnabled),
+		zap.Uint64("tx", info.Tx),
+		zap.Int("count", count))
+}
+type socks5Logger struct{}
+func (l *socks5Logger) TCPRequest(addr net.Addr, reqAddr string) {
+	logger.Debug("SOCKS5 TCP request", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr))
+}
+func (l *socks5Logger) TCPError(addr net.Addr, reqAddr string, err error) {
+	if err == nil {
+		logger.Debug("SOCKS5 TCP closed", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr))
+	} else {
+		logger.Warn("SOCKS5 TCP error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr), zap.Error(err))
+	}
+}
+func (l *socks5Logger) UDPRequest(addr net.Addr) {
+	logger.Debug("SOCKS5 UDP request", zap.String("addr", addr.String()))
+}
+func (l *socks5Logger) UDPError(addr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("SOCKS5 UDP closed", zap.String("addr", addr.String()))
+	} else {
+		logger.Warn("SOCKS5 UDP error", zap.String("addr", addr.String()), zap.Error(err))
+	}
+}
+type httpLogger struct{}
+func (l *httpLogger) ConnectRequest(addr net.Addr, reqAddr string) {
+	logger.Debug("HTTP CONNECT request", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr))
+}
+func (l *httpLogger) ConnectError(addr net.Addr, reqAddr string, err error) {
+	if err == nil {
+		logger.Debug("HTTP CONNECT closed", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr))
+	} else {
+		logger.Warn("HTTP CONNECT error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr), zap.Error(err))
+	}
+}
+func (l *httpLogger) HTTPRequest(addr net.Addr, reqURL string) {
+	logger.Debug("HTTP request", zap.String("addr", addr.String()), zap.String("reqURL", reqURL))
+}
+func (l *httpLogger) HTTPError(addr net.Addr, reqURL string, err error) {
+	if err == nil {
+		logger.Debug("HTTP closed", zap.String("addr", addr.String()), zap.String("reqURL", reqURL))
+	} else {
+		logger.Warn("HTTP error", zap.String("addr", addr.String()), zap.String("reqURL", reqURL), zap.Error(err))
+	}
+}
+type tcpLogger struct{}
+func (l *tcpLogger) Connect(addr net.Addr) {
+	logger.Debug("TCP forwarding connect", zap.String("addr", addr.String()))
+}
+func (l *tcpLogger) Error(addr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("TCP forwarding closed", zap.String("addr", addr.String()))
+	} else {
+		logger.Warn("TCP forwarding error", zap.String("addr", addr.String()), zap.Error(err))
+	}
+}
+type udpLogger struct{}
+func (l *udpLogger) Connect(addr net.Addr) {
+	logger.Debug("UDP forwarding connect", zap.String("addr", addr.String()))
+}
+func (l *udpLogger) Error(addr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("UDP forwarding closed", zap.String("addr", addr.String()))
+	} else {
+		logger.Warn("UDP forwarding error", zap.String("addr", addr.String()), zap.Error(err))
+	}
+}
+type tcpTProxyLogger struct{}
+func (l *tcpTProxyLogger) Connect(addr, reqAddr net.Addr) {
+	logger.Debug("TCP transparent proxy connect", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+}
+func (l *tcpTProxyLogger) Error(addr, reqAddr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("TCP transparent proxy closed", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+	} else {
+		logger.Warn("TCP transparent proxy error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()), zap.Error(err))
+	}
+}
+type udpTProxyLogger struct{}
+func (l *udpTProxyLogger) Connect(addr, reqAddr net.Addr) {
+	logger.Debug("UDP transparent proxy connect", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+}
+func (l *udpTProxyLogger) Error(addr, reqAddr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("UDP transparent proxy closed", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+	} else {
+		logger.Warn("UDP transparent proxy error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()), zap.Error(err))
+	}
+}
+type tcpRedirectLogger struct{}
+func (l *tcpRedirectLogger) Connect(addr, reqAddr net.Addr) {
+	logger.Debug("TCP redirect connect", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+}
+func (l *tcpRedirectLogger) Error(addr, reqAddr net.Addr, err error) {
+	if err == nil {
+		logger.Debug("TCP redirect closed", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()))
+	} else {
+		logger.Warn("TCP redirect error", zap.String("addr", addr.String()), zap.String("reqAddr", reqAddr.String()), zap.Error(err))
+	}
+}
+type tunLogger struct{}
+func (l *tunLogger) TCPRequest(addr, reqAddr string) {
+	logger.Debug("TUN TCP request", zap.String("addr", addr), zap.String("reqAddr", reqAddr))
+}
+func (l *tunLogger) TCPError(addr, reqAddr string, err error) {
+	if err == nil {
+		logger.Debug("TUN TCP closed", zap.String("addr", addr), zap.String("reqAddr", reqAddr))
+	} else {
+		logger.Warn("TUN TCP error", zap.String("addr", addr), zap.String("reqAddr", reqAddr), zap.Error(err))
+	}
+}
+func (l *tunLogger) UDPRequest(addr string) {
+	logger.Debug("TUN UDP request", zap.String("addr", addr))
+}
+func (l *tunLogger) UDPError(addr string, err error) {
+	if err == nil {
+		logger.Debug("TUN UDP closed", zap.String("addr", addr))
+	} else {
+		logger.Warn("TUN UDP error", zap.String("addr", addr), zap.Error(err))
+	}
+}

app/cmd/client_test.go ADDED Viewed

	@@ -0,0 +1,204 @@

+package cmd
+import (
+	"testing"
+	"time"
+	"github.com/stretchr/testify/assert"
+	"github.com/spf13/viper"
+)
+// TestClientConfig tests the parsing of the client config
+func TestClientConfig(t *testing.T) {
+	viper.SetConfigFile("client_test.yaml")
+	err := viper.ReadInConfig()
+	assert.NoError(t, err)
+	var config clientConfig
+	err = viper.Unmarshal(&config)
+	assert.NoError(t, err)
+	assert.Equal(t, config, clientConfig{
+		Server: "example.com",
+		Auth:   "weak_ahh_password",
+		Transport: clientConfigTransport{
+			Type: "udp",
+			UDP: clientConfigTransportUDP{
+				HopInterval: 30 * time.Second,
+			},
+		},
+		Obfs: clientConfigObfs{
+			Type: "salamander",
+			Salamander: clientConfigObfsSalamander{
+				Password: "cry_me_a_r1ver",
+			},
+		},
+		TLS: clientConfigTLS{
+			SNI:       "another.example.com",
+			Insecure:  true,
+			PinSHA256: "114515DEADBEEF",
+			CA:        "custom_ca.crt",
+		},
+		QUIC: clientConfigQUIC{
+			InitStreamReceiveWindow:     1145141,
+			MaxStreamReceiveWindow:      1145142,
+			InitConnectionReceiveWindow: 1145143,
+			MaxConnectionReceiveWindow:  1145144,
+			MaxIdleTimeout:              10 * time.Second,
+			KeepAlivePeriod:             4 * time.Second,
+			DisablePathMTUDiscovery:     true,
+			Sockopts: clientConfigQUICSockopts{
+				BindInterface:       stringRef("eth0"),
+				FirewallMark:        uint32Ref(1234),
+				FdControlUnixSocket: stringRef("test.sock"),
+			},
+		},
+		Bandwidth: clientConfigBandwidth{
+			Up:   "200 mbps",
+			Down: "1 gbps",
+		},
+		FastOpen: true,
+		Lazy:     true,
+		SOCKS5: &socks5Config{
+			Listen:     "127.0.0.1:1080",
+			Username:   "anon",
+			Password:   "bro",
+			DisableUDP: true,
+		},
+		HTTP: &httpConfig{
+			Listen:   "127.0.0.1:8080",
+			Username: "qqq",
+			Password: "bruh",
+			Realm:    "martian",
+		},
+		TCPForwarding: []tcpForwardingEntry{
+			{
+				Listen: "127.0.0.1:8088",
+				Remote: "internal.example.com:80",
+			},
+		},
+		UDPForwarding: []udpForwardingEntry{
+			{
+				Listen:  "127.0.0.1:5353",
+				Remote:  "internal.example.com:53",
+				Timeout: 50 * time.Second,
+			},
+		},
+		TCPTProxy: &tcpTProxyConfig{
+			Listen: "127.0.0.1:2500",
+		},
+		UDPTProxy: &udpTProxyConfig{
+			Listen:  "127.0.0.1:2501",
+			Timeout: 20 * time.Second,
+		},
+		TCPRedirect: &tcpRedirectConfig{
+			Listen: "127.0.0.1:3500",
+		},
+		TUN: &tunConfig{
+			Name:    "hytun",
+			MTU:     1500,
+			Timeout: 60 * time.Second,
+			Address: struct {
+				IPv4 string `mapstructure:"ipv4"`
+				IPv6 string `mapstructure:"ipv6"`
+			}{IPv4: "100.100.100.101/30", IPv6: "2001::ffff:ffff:ffff:fff1/126"},
+			Route: &struct {
+				Strict      bool     `mapstructure:"strict"`
+				IPv4        []string `mapstructure:"ipv4"`
+				IPv6        []string `mapstructure:"ipv6"`
+				IPv4Exclude []string `mapstructure:"ipv4Exclude"`
+				IPv6Exclude []string `mapstructure:"ipv6Exclude"`
+			}{
+				Strict:      true,
+				IPv4:        []string{"0.0.0.0/0"},
+				IPv6:        []string{"2000::/3"},
+				IPv4Exclude: []string{"192.0.2.1/32"},
+				IPv6Exclude: []string{"2001:db8::1/128"},
+			},
+		},
+	})
+}
+// TestClientConfigURI tests URI-related functions of clientConfig
+func TestClientConfigURI(t *testing.T) {
+	tests := []struct {
+		uri    string
+		uriOK  bool
+		config *clientConfig
+	}{
+		{
+			uri:   "hysteria2://god@zilla.jp/",
+			uriOK: true,
+			config: &clientConfig{
+				Server: "zilla.jp",
+				Auth:   "god",
+			},
+		},
+		{
+			uri:   "hysteria2://john:wick@continental.org:4443/",
+			uriOK: true,
+			config: &clientConfig{
+				Server: "continental.org:4443",
+				Auth:   "john:wick",
+			},
+		},
+		{
+			uri:   "hysteria2://saul@better.call:7000-10000,20000/",
+			uriOK: true,
+			config: &clientConfig{
+				Server: "better.call:7000-10000,20000",
+				Auth:   "saul",
+			},
+		},
+		{
+			uri:   "hysteria2://noauth.com/?insecure=1&obfs=salamander&obfs-password=66ccff&pinSHA256=deadbeef&sni=crap.cc",
+			uriOK: true,
+			config: &clientConfig{
+				Server: "noauth.com",
+				Auth:   "",
+				Obfs: clientConfigObfs{
+					Type: "salamander",
+					Salamander: clientConfigObfsSalamander{
+						Password: "66ccff",
+					},
+				},
+				TLS: clientConfigTLS{
+					SNI:       "crap.cc",
+					Insecure:  true,
+					PinSHA256: "deadbeef",
+				},
+			},
+		},
+		{
+			uri:    "invalid.bs",
+			uriOK:  false,
+			config: nil,
+		},
+		{
+			uri:    "https://www.google.com/search?q=test",
+			uriOK:  false,
+			config: nil,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.uri, func(t *testing.T) {
+			// Test parseURI
+			nc := &clientConfig{Server: test.uri}
+			assert.Equal(t, nc.parseURI(), test.uriOK)
+			if test.uriOK {
+				assert.Equal(t, nc, test.config)
+			}
+			// Test URI generation
+			if test.config != nil {
+				assert.Equal(t, test.config.URI(), test.uri)
+			}
+		})
+	}
+}
+func stringRef(s string) *string {
+	return &s
+}
+func uint32Ref(i uint32) *uint32 {
+	return &i
+}

app/cmd/client_test.yaml ADDED Viewed

	@@ -0,0 +1,85 @@

+server: example.com
+auth: weak_ahh_password
+transport:
+  type: udp
+  udp:
+    hopInterval: 30s
+obfs:
+  type: salamander
+  salamander:
+    password: cry_me_a_r1ver
+tls:
+  sni: another.example.com
+  insecure: true
+  pinSHA256: 114515DEADBEEF
+  ca: custom_ca.crt
+quic:
+  initStreamReceiveWindow: 1145141
+  maxStreamReceiveWindow: 1145142
+  initConnReceiveWindow: 1145143
+  maxConnReceiveWindow: 1145144
+  maxIdleTimeout: 10s
+  keepAlivePeriod: 4s
+  disablePathMTUDiscovery: true
+  sockopts:
+    bindInterface: eth0
+    fwmark: 1234
+    fdControlUnixSocket: test.sock
+bandwidth:
+  up: 200 mbps
+  down: 1 gbps
+fastOpen: true
+lazy: true
+socks5:
+  listen: 127.0.0.1:1080
+  username: anon
+  password: bro
+  disableUDP: true
+http:
+  listen: 127.0.0.1:8080
+  username: qqq
+  password: bruh
+  realm: martian
+tcpForwarding:
+  - listen: 127.0.0.1:8088
+    remote: internal.example.com:80
+udpForwarding:
+  - listen: 127.0.0.1:5353
+    remote: internal.example.com:53
+    timeout: 50s
+tcpTProxy:
+  listen: 127.0.0.1:2500
+udpTProxy:
+  listen: 127.0.0.1:2501
+  timeout: 20s
+tcpRedirect:
+  listen: 127.0.0.1:3500
+tun:
+  name: "hytun"
+  mtu: 1500
+  timeout: 1m
+  address:
+    ipv4: 100.100.100.101/30
+    ipv6: 2001::ffff:ffff:ffff:fff1/126
+  route:
+    strict: true
+    ipv4: [ 0.0.0.0/0 ]
+    ipv6: [ "2000::/3" ]
+    ipv4Exclude: [ 192.0.2.1/32 ]
+    ipv6Exclude: [ "2001:db8::1/128" ]

app/cmd/errors.go ADDED Viewed

	@@ -0,0 +1,18 @@

+package cmd
+import (
+	"fmt"
+)
+type configError struct {
+	Field string
+	Err   error
+}
+func (e configError) Error() string {
+	return fmt.Sprintf("invalid config: %s: %s", e.Field, e.Err)
+}
+func (e configError) Unwrap() error {
+	return e.Err
+}

app/cmd/ping.go ADDED Viewed

	@@ -0,0 +1,63 @@

+package cmd
+import (
+	"time"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+// pingCmd represents the ping command
+var pingCmd = &cobra.Command{
+	Use:   "ping address",
+	Short: "Ping mode",
+	Long:  "Perform a TCP ping to a specified remote address through the proxy server. Can be used as a simple connectivity test.",
+	Run:   runPing,
+}
+func init() {
+	rootCmd.AddCommand(pingCmd)
+}
+func runPing(cmd *cobra.Command, args []string) {
+	logger.Info("ping mode")
+	if len(args) != 1 {
+		logger.Fatal("must specify one and only one address")
+	}
+	addr := args[0]
+	if err := viper.ReadInConfig(); err != nil {
+		logger.Fatal("failed to read client config", zap.Error(err))
+	}
+	var config clientConfig
+	if err := viper.Unmarshal(&config); err != nil {
+		logger.Fatal("failed to parse client config", zap.Error(err))
+	}
+	hyConfig, err := config.Config()
+	if err != nil {
+		logger.Fatal("failed to load client config", zap.Error(err))
+	}
+	c, info, err := client.NewClient(hyConfig)
+	if err != nil {
+		logger.Fatal("failed to initialize client", zap.Error(err))
+	}
+	defer c.Close()
+	logger.Info("connected to server",
+		zap.Bool("udpEnabled", info.UDPEnabled),
+		zap.Uint64("tx", info.Tx))
+	logger.Info("connecting", zap.String("addr", addr))
+	start := time.Now()
+	conn, err := c.TCP(addr)
+	if err != nil {
+		logger.Fatal("failed to connect", zap.Error(err), zap.String("time", time.Since(start).String()))
+	}
+	defer conn.Close()
+	logger.Info("connected", zap.String("time", time.Since(start).String()))
+}

app/cmd/root.go ADDED Viewed

	@@ -0,0 +1,176 @@

+package cmd
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+const (
+	appLogo = `
+░█░█░█░█░█▀▀░▀█▀░█▀▀░█▀▄░▀█▀░█▀█░░░▀▀▄
+░█▀█░░█░░▀▀█░░█░░█▀▀░█▀▄░░█░░█▀█░░░▄▀░
+░▀░▀░░▀░░▀▀▀░░▀░░▀▀▀░▀░▀░▀▀▀░▀░▀░░░▀▀▀
+`
+	appDesc    = "a powerful, lightning fast and censorship resistant proxy"
+	appAuthors = "Aperture Internet Laboratory <https://github.com/apernet>"
+	appLogLevelEnv           = "HYSTERIA_LOG_LEVEL"
+	appLogFormatEnv          = "HYSTERIA_LOG_FORMAT"
+	appDisableUpdateCheckEnv = "HYSTERIA_DISABLE_UPDATE_CHECK"
+	appACMEDirEnv            = "HYSTERIA_ACME_DIR"
+)
+var (
+	// These values will be injected by the build system
+	appVersion   = "Unknown"
+	appDate      = "Unknown"
+	appType      = "Unknown" // aka channel
+	appToolchain = "Unknown"
+	appCommit    = "Unknown"
+	appPlatform  = "Unknown"
+	appArch      = "Unknown"
+	libVersion   = "Unknown"
+	appVersionLong = fmt.Sprintf("Version:\t%s\n"+
+		"BuildDate:\t%s\n"+
+		"BuildType:\t%s\n"+
+		"Toolchain:\t%s\n"+
+		"CommitHash:\t%s\n"+
+		"Platform:\t%s\n"+
+		"Architecture:\t%s\n"+
+		"Libraries:\tquic-go=%s",
+		appVersion, appDate, appType, appToolchain, appCommit, appPlatform, appArch, libVersion)
+	appAboutLong = fmt.Sprintf("%s\n%s\n%s\n\n%s", appLogo, appDesc, appAuthors, appVersionLong)
+)
+var logger *zap.Logger
+// Flags
+var (
+	cfgFile            string
+	logLevel           string
+	logFormat          string
+	disableUpdateCheck bool
+)
+var rootCmd = &cobra.Command{
+	Use:   "hysteria",
+	Short: appDesc,
+	Long:  appAboutLong,
+	Run:   runClient, // Default to client mode
+}
+var logLevelMap = map[string]zapcore.Level{
+	"debug": zapcore.DebugLevel,
+	"info":  zapcore.InfoLevel,
+	"warn":  zapcore.WarnLevel,
+	"error": zapcore.ErrorLevel,
+}
+var logFormatMap = map[string]zapcore.EncoderConfig{
+	"console": {
+		TimeKey:        "time",
+		LevelKey:       "level",
+		NameKey:        "logger",
+		MessageKey:     "msg",
+		LineEnding:     zapcore.DefaultLineEnding,
+		EncodeLevel:    zapcore.CapitalColorLevelEncoder,
+		EncodeTime:     zapcore.RFC3339TimeEncoder,
+		EncodeDuration: zapcore.SecondsDurationEncoder,
+	},
+	"json": {
+		TimeKey:        "time",
+		LevelKey:       "level",
+		NameKey:        "logger",
+		MessageKey:     "msg",
+		LineEnding:     zapcore.DefaultLineEnding,
+		EncodeLevel:    zapcore.LowercaseLevelEncoder,
+		EncodeTime:     zapcore.EpochMillisTimeEncoder,
+		EncodeDuration: zapcore.SecondsDurationEncoder,
+	},
+}
+func Execute() {
+	err := rootCmd.Execute()
+	if err != nil {
+		os.Exit(1)
+	}
+}
+func init() {
+	initFlags()
+	cobra.MousetrapHelpText = "" // Disable the mousetrap so Windows users can run the exe directly by double-clicking
+	cobra.OnInitialize(initConfig)
+	cobra.OnInitialize(initLogger) // initLogger must come after initConfig as it depends on config
+}
+func initFlags() {
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "config file")
+	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", envOrDefaultString(appLogLevelEnv, "info"), "log level")
+	rootCmd.PersistentFlags().StringVarP(&logFormat, "log-format", "f", envOrDefaultString(appLogFormatEnv, "console"), "log format")
+	rootCmd.PersistentFlags().BoolVar(&disableUpdateCheck, "disable-update-check", envOrDefaultBool(appDisableUpdateCheckEnv, false), "disable update check")
+}
+func initConfig() {
+	if cfgFile != "" {
+		viper.SetConfigFile(cfgFile)
+	} else {
+		viper.SetConfigName("config")
+		viper.SetConfigType("yaml")
+		viper.SupportedExts = append([]string{"yaml", "yml"}, viper.SupportedExts...)
+		viper.AddConfigPath(".")
+		viper.AddConfigPath("$HOME/.hysteria")
+		viper.AddConfigPath("/etc/hysteria/")
+	}
+}
+func initLogger() {
+	level, ok := logLevelMap[strings.ToLower(logLevel)]
+	if !ok {
+		fmt.Printf("unsupported log level: %s\n", logLevel)
+		os.Exit(1)
+	}
+	enc, ok := logFormatMap[strings.ToLower(logFormat)]
+	if !ok {
+		fmt.Printf("unsupported log format: %s\n", logFormat)
+		os.Exit(1)
+	}
+	c := zap.Config{
+		Level:             zap.NewAtomicLevelAt(level),
+		DisableCaller:     true,
+		DisableStacktrace: true,
+		Encoding:          strings.ToLower(logFormat),
+		EncoderConfig:     enc,
+		OutputPaths:       []string{"stderr"},
+		ErrorOutputPaths:  []string{"stderr"},
+	}
+	var err error
+	logger, err = c.Build()
+	if err != nil {
+		fmt.Printf("failed to initialize logger: %s\n", err)
+		os.Exit(1)
+	}
+}
+func envOrDefaultString(key, def string) string {
+	if v := os.Getenv(key); v != "" {
+		return v
+	}
+	return def
+}
+func envOrDefaultBool(key string, def bool) bool {
+	if v := os.Getenv(key); v != "" {
+		b, _ := strconv.ParseBool(v)
+		return b
+	}
+	return def
+}

app/cmd/server.go ADDED Viewed

	@@ -0,0 +1,1051 @@

+package cmd
+import (
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+	"github.com/caddyserver/certmagic"
+	"github.com/libdns/cloudflare"
+	"github.com/libdns/duckdns"
+	"github.com/libdns/gandi"
+	"github.com/libdns/godaddy"
+	"github.com/libdns/namedotcom"
+	"github.com/libdns/vultr"
+	"github.com/mholt/acmez/acme"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"github.com/apernet/hysteria/app/v2/internal/utils"
+	"github.com/apernet/hysteria/core/v2/server"
+	"github.com/apernet/hysteria/extras/v2/auth"
+	"github.com/apernet/hysteria/extras/v2/correctnet"
+	"github.com/apernet/hysteria/extras/v2/masq"
+	"github.com/apernet/hysteria/extras/v2/obfs"
+	"github.com/apernet/hysteria/extras/v2/outbounds"
+	"github.com/apernet/hysteria/extras/v2/sniff"
+	"github.com/apernet/hysteria/extras/v2/trafficlogger"
+	eUtils "github.com/apernet/hysteria/extras/v2/utils"
+)
+const (
+	defaultListenAddr = ":443"
+)
+var serverCmd = &cobra.Command{
+	Use:   "server",
+	Short: "Server mode",
+	Run:   runServer,
+}
+func init() {
+	rootCmd.AddCommand(serverCmd)
+}
+type serverConfig struct {
+	Listen                string                      `mapstructure:"listen"`
+	Obfs                  serverConfigObfs            `mapstructure:"obfs"`
+	TLS                   *serverConfigTLS            `mapstructure:"tls"`
+	ACME                  *serverConfigACME           `mapstructure:"acme"`
+	QUIC                  serverConfigQUIC            `mapstructure:"quic"`
+	Bandwidth             serverConfigBandwidth       `mapstructure:"bandwidth"`
+	IgnoreClientBandwidth bool                        `mapstructure:"ignoreClientBandwidth"`
+	SpeedTest             bool                        `mapstructure:"speedTest"`
+	DisableUDP            bool                        `mapstructure:"disableUDP"`
+	UDPIdleTimeout        time.Duration               `mapstructure:"udpIdleTimeout"`
+	Auth                  serverConfigAuth            `mapstructure:"auth"`
+	Resolver              serverConfigResolver        `mapstructure:"resolver"`
+	Sniff                 serverConfigSniff           `mapstructure:"sniff"`
+	ACL                   serverConfigACL             `mapstructure:"acl"`
+	Outbounds             []serverConfigOutboundEntry `mapstructure:"outbounds"`
+	TrafficStats          serverConfigTrafficStats    `mapstructure:"trafficStats"`
+	Masquerade            serverConfigMasquerade      `mapstructure:"masquerade"`
+}
+type serverConfigObfsSalamander struct {
+	Password string `mapstructure:"password"`
+}
+type serverConfigObfs struct {
+	Type       string                     `mapstructure:"type"`
+	Salamander serverConfigObfsSalamander `mapstructure:"salamander"`
+}
+type serverConfigTLS struct {
+	Cert     string `mapstructure:"cert"`
+	Key      string `mapstructure:"key"`
+	SNIGuard string `mapstructure:"sniGuard"` // "disable", "dns-san", "strict"
+}
+type serverConfigACME struct {
+	// Common fields
+	Domains    []string `mapstructure:"domains"`
+	Email      string   `mapstructure:"email"`
+	CA         string   `mapstructure:"ca"`
+	ListenHost string   `mapstructure:"listenHost"`
+	Dir        string   `mapstructure:"dir"`
+	// Type selection
+	Type string               `mapstructure:"type"`
+	HTTP serverConfigACMEHTTP `mapstructure:"http"`
+	TLS  serverConfigACMETLS  `mapstructure:"tls"`
+	DNS  serverConfigACMEDNS  `mapstructure:"dns"`
+	// Legacy fields for backwards compatibility
+	// Only applicable when Type is empty
+	DisableHTTP    bool `mapstructure:"disableHTTP"`
+	DisableTLSALPN bool `mapstructure:"disableTLSALPN"`
+	AltHTTPPort    int  `mapstructure:"altHTTPPort"`
+	AltTLSALPNPort int  `mapstructure:"altTLSALPNPort"`
+}
+type serverConfigACMEHTTP struct {
+	AltPort int `mapstructure:"altPort"`
+}
+type serverConfigACMETLS struct {
+	AltPort int `mapstructure:"altPort"`
+}
+type serverConfigACMEDNS struct {
+	Name   string            `mapstructure:"name"`
+	Config map[string]string `mapstructure:"config"`
+}
+type serverConfigQUIC struct {
+	InitStreamReceiveWindow     uint64        `mapstructure:"initStreamReceiveWindow"`
+	MaxStreamReceiveWindow      uint64        `mapstructure:"maxStreamReceiveWindow"`
+	InitConnectionReceiveWindow uint64        `mapstructure:"initConnReceiveWindow"`
+	MaxConnectionReceiveWindow  uint64        `mapstructure:"maxConnReceiveWindow"`
+	MaxIdleTimeout              time.Duration `mapstructure:"maxIdleTimeout"`
+	MaxIncomingStreams          int64         `mapstructure:"maxIncomingStreams"`
+	DisablePathMTUDiscovery     bool          `mapstructure:"disablePathMTUDiscovery"`
+}
+type serverConfigBandwidth struct {
+	Up   string `mapstructure:"up"`
+	Down string `mapstructure:"down"`
+}
+type serverConfigAuthHTTP struct {
+	URL      string `mapstructure:"url"`
+	Insecure bool   `mapstructure:"insecure"`
+}
+type serverConfigAuth struct {
+	Type     string               `mapstructure:"type"`
+	Password string               `mapstructure:"password"`
+	UserPass map[string]string    `mapstructure:"userpass"`
+	HTTP     serverConfigAuthHTTP `mapstructure:"http"`
+	Command  string               `mapstructure:"command"`
+}
+type serverConfigResolverTCP struct {
+	Addr    string        `mapstructure:"addr"`
+	Timeout time.Duration `mapstructure:"timeout"`
+}
+type serverConfigResolverUDP struct {
+	Addr    string        `mapstructure:"addr"`
+	Timeout time.Duration `mapstructure:"timeout"`
+}
+type serverConfigResolverTLS struct {
+	Addr     string        `mapstructure:"addr"`
+	Timeout  time.Duration `mapstructure:"timeout"`
+	SNI      string        `mapstructure:"sni"`
+	Insecure bool          `mapstructure:"insecure"`
+}
+type serverConfigResolverHTTPS struct {
+	Addr     string        `mapstructure:"addr"`
+	Timeout  time.Duration `mapstructure:"timeout"`
+	SNI      string        `mapstructure:"sni"`
+	Insecure bool          `mapstructure:"insecure"`
+}
+type serverConfigResolver struct {
+	Type  string                    `mapstructure:"type"`
+	TCP   serverConfigResolverTCP   `mapstructure:"tcp"`
+	UDP   serverConfigResolverUDP   `mapstructure:"udp"`
+	TLS   serverConfigResolverTLS   `mapstructure:"tls"`
+	HTTPS serverConfigResolverHTTPS `mapstructure:"https"`
+}
+type serverConfigSniff struct {
+	Enable        bool          `mapstructure:"enable"`
+	Timeout       time.Duration `mapstructure:"timeout"`
+	RewriteDomain bool          `mapstructure:"rewriteDomain"`
+	TCPPorts      string        `mapstructure:"tcpPorts"`
+	UDPPorts      string        `mapstructure:"udpPorts"`
+}
+type serverConfigACL struct {
+	File              string        `mapstructure:"file"`
+	Inline            []string      `mapstructure:"inline"`
+	GeoIP             string        `mapstructure:"geoip"`
+	GeoSite           string        `mapstructure:"geosite"`
+	GeoUpdateInterval time.Duration `mapstructure:"geoUpdateInterval"`
+}
+type serverConfigOutboundDirect struct {
+	Mode       string `mapstructure:"mode"`
+	BindIPv4   string `mapstructure:"bindIPv4"`
+	BindIPv6   string `mapstructure:"bindIPv6"`
+	BindDevice string `mapstructure:"bindDevice"`
+	FastOpen   bool   `mapstructure:"fastOpen"`
+}
+type serverConfigOutboundSOCKS5 struct {
+	Addr     string `mapstructure:"addr"`
+	Username string `mapstructure:"username"`
+	Password string `mapstructure:"password"`
+}
+type serverConfigOutboundHTTP struct {
+	URL      string `mapstructure:"url"`
+	Insecure bool   `mapstructure:"insecure"`
+}
+type serverConfigOutboundEntry struct {
+	Name   string                     `mapstructure:"name"`
+	Type   string                     `mapstructure:"type"`
+	Direct serverConfigOutboundDirect `mapstructure:"direct"`
+	SOCKS5 serverConfigOutboundSOCKS5 `mapstructure:"socks5"`
+	HTTP   serverConfigOutboundHTTP   `mapstructure:"http"`
+}
+type serverConfigTrafficStats struct {
+	Listen string `mapstructure:"listen"`
+	Secret string `mapstructure:"secret"`
+}
+type serverConfigMasqueradeFile struct {
+	Dir string `mapstructure:"dir"`
+}
+type serverConfigMasqueradeProxy struct {
+	URL         string `mapstructure:"url"`
+	RewriteHost bool   `mapstructure:"rewriteHost"`
+	Insecure    bool   `mapstructure:"insecure"`
+}
+type serverConfigMasqueradeString struct {
+	Content    string            `mapstructure:"content"`
+	Headers    map[string]string `mapstructure:"headers"`
+	StatusCode int               `mapstructure:"statusCode"`
+}
+type serverConfigMasquerade struct {
+	Type        string                       `mapstructure:"type"`
+	File        serverConfigMasqueradeFile   `mapstructure:"file"`
+	Proxy       serverConfigMasqueradeProxy  `mapstructure:"proxy"`
+	String      serverConfigMasqueradeString `mapstructure:"string"`
+	ListenHTTP  string                       `mapstructure:"listenHTTP"`
+	ListenHTTPS string                       `mapstructure:"listenHTTPS"`
+	ForceHTTPS  bool                         `mapstructure:"forceHTTPS"`
+}
+func (c *serverConfig) fillConn(hyConfig *server.Config) error {
+	listenAddr := c.Listen
+	if listenAddr == "" {
+		listenAddr = defaultListenAddr
+	}
+	uAddr, err := net.ResolveUDPAddr("udp", listenAddr)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	conn, err := correctnet.ListenUDP("udp", uAddr)
+	if err != nil {
+		return configError{Field: "listen", Err: err}
+	}
+	switch strings.ToLower(c.Obfs.Type) {
+	case "", "plain":
+		hyConfig.Conn = conn
+		return nil
+	case "salamander":
+		ob, err := obfs.NewSalamanderObfuscator([]byte(c.Obfs.Salamander.Password))
+		if err != nil {
+			return configError{Field: "obfs.salamander.password", Err: err}
+		}
+		hyConfig.Conn = obfs.WrapPacketConn(conn, ob)
+		return nil
+	default:
+		return configError{Field: "obfs.type", Err: errors.New("unsupported obfuscation type")}
+	}
+}
+func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
+	if c.TLS == nil && c.ACME == nil {
+		return configError{Field: "tls", Err: errors.New("must set either tls or acme")}
+	}
+	if c.TLS != nil && c.ACME != nil {
+		return configError{Field: "tls", Err: errors.New("cannot set both tls and acme")}
+	}
+	if c.TLS != nil {
+		// SNI guard
+		var sniGuard utils.SNIGuardFunc
+		switch strings.ToLower(c.TLS.SNIGuard) {
+		case "", "dns-san":
+			sniGuard = utils.SNIGuardDNSSAN
+		case "strict":
+			sniGuard = utils.SNIGuardStrict
+		case "disable":
+			sniGuard = nil
+		default:
+			return configError{Field: "tls.sniGuard", Err: errors.New("unsupported SNI guard")}
+		}
+		// Local TLS cert
+		if c.TLS.Cert == "" || c.TLS.Key == "" {
+			return configError{Field: "tls", Err: errors.New("empty cert or key path")}
+		}
+		certLoader := &utils.LocalCertificateLoader{
+			CertFile: c.TLS.Cert,
+			KeyFile:  c.TLS.Key,
+			SNIGuard: sniGuard,
+		}
+		// Try loading the cert-key pair here to catch errors early
+		// (e.g. invalid files or insufficient permissions)
+		err := certLoader.InitializeCache()
+		if err != nil {
+			var pathErr *os.PathError
+			if errors.As(err, &pathErr) {
+				if pathErr.Path == c.TLS.Cert {
+					return configError{Field: "tls.cert", Err: pathErr}
+				}
+				if pathErr.Path == c.TLS.Key {
+					return configError{Field: "tls.key", Err: pathErr}
+				}
+			}
+			return configError{Field: "tls", Err: err}
+		}
+		// Use GetCertificate instead of Certificates so that
+		// users can update the cert without restarting the server.
+		hyConfig.TLSConfig.GetCertificate = certLoader.GetCertificate
+	} else {
+		// ACME
+		dataDir := c.ACME.Dir
+		if dataDir == "" {
+			// If not specified in the config, check the environment variable
+			// before resorting to the default "acme" value. The main reason
+			// we have this is so that our setup script can set it to the
+			// user's home directory.
+			dataDir = envOrDefaultString(appACMEDirEnv, "acme")
+		}
+		cmCfg := &certmagic.Config{
+			RenewalWindowRatio: certmagic.DefaultRenewalWindowRatio,
+			KeySource:          certmagic.DefaultKeyGenerator,
+			Storage:            &certmagic.FileStorage{Path: dataDir},
+			Logger:             logger,
+		}
+		cmIssuer := certmagic.NewACMEIssuer(cmCfg, certmagic.ACMEIssuer{
+			Email:      c.ACME.Email,
+			Agreed:     true,
+			ListenHost: c.ACME.ListenHost,
+			Logger:     logger,
+		})
+		switch strings.ToLower(c.ACME.CA) {
+		case "letsencrypt", "le", "":
+			// Default to Let's Encrypt
+			cmIssuer.CA = certmagic.LetsEncryptProductionCA
+		case "zerossl", "zero":
+			cmIssuer.CA = certmagic.ZeroSSLProductionCA
+			eab, err := genZeroSSLEAB(c.ACME.Email)
+			if err != nil {
+				return configError{Field: "acme.ca", Err: err}
+			}
+			cmIssuer.ExternalAccount = eab
+		default:
+			return configError{Field: "acme.ca", Err: errors.New("unsupported CA")}
+		}
+		switch strings.ToLower(c.ACME.Type) {
+		case "http":
+			cmIssuer.DisableHTTPChallenge = false
+			cmIssuer.DisableTLSALPNChallenge = true
+			cmIssuer.DNS01Solver = nil
+			cmIssuer.AltHTTPPort = c.ACME.HTTP.AltPort
+		case "tls":
+			cmIssuer.DisableHTTPChallenge = true
+			cmIssuer.DisableTLSALPNChallenge = false
+			cmIssuer.DNS01Solver = nil
+			cmIssuer.AltTLSALPNPort = c.ACME.TLS.AltPort
+		case "dns":
+			cmIssuer.DisableHTTPChallenge = true
+			cmIssuer.DisableTLSALPNChallenge = true
+			if c.ACME.DNS.Name == "" {
+				return configError{Field: "acme.dns.name", Err: errors.New("empty DNS provider name")}
+			}
+			if c.ACME.DNS.Config == nil {
+				return configError{Field: "acme.dns.config", Err: errors.New("empty DNS provider config")}
+			}
+			switch strings.ToLower(c.ACME.DNS.Name) {
+			case "cloudflare":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &cloudflare.Provider{
+						APIToken: c.ACME.DNS.Config["cloudflare_api_token"],
+					},
+				}
+			case "duckdns":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &duckdns.Provider{
+						APIToken:       c.ACME.DNS.Config["duckdns_api_token"],
+						OverrideDomain: c.ACME.DNS.Config["duckdns_override_domain"],
+					},
+				}
+			case "gandi":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &gandi.Provider{
+						BearerToken: c.ACME.DNS.Config["gandi_api_token"],
+					},
+				}
+			case "godaddy":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &godaddy.Provider{
+						APIToken: c.ACME.DNS.Config["godaddy_api_token"],
+					},
+				}
+			case "namedotcom":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &namedotcom.Provider{
+						Token:  c.ACME.DNS.Config["namedotcom_token"],
+						User:   c.ACME.DNS.Config["namedotcom_user"],
+						Server: c.ACME.DNS.Config["namedotcom_server"],
+					},
+				}
+			case "vultr":
+				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
+					DNSProvider: &vultr.Provider{
+						APIToken: c.ACME.DNS.Config["vultr_api_token"],
+					},
+				}
+			default:
+				return configError{Field: "acme.dns.name", Err: errors.New("unsupported DNS provider")}
+			}
+		case "":
+			// Legacy compatibility mode
+			cmIssuer.DisableHTTPChallenge = c.ACME.DisableHTTP
+			cmIssuer.DisableTLSALPNChallenge = c.ACME.DisableTLSALPN
+			cmIssuer.AltHTTPPort = c.ACME.AltHTTPPort
+			cmIssuer.AltTLSALPNPort = c.ACME.AltTLSALPNPort
+		default:
+			return configError{Field: "acme.type", Err: errors.New("unsupported ACME type")}
+		}
+		cmCfg.Issuers = []certmagic.Issuer{cmIssuer}
+		cmCache := certmagic.NewCache(certmagic.CacheOptions{
+			GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) {
+				return cmCfg, nil
+			},
+			Logger: logger,
+		})
+		cmCfg = certmagic.New(cmCache, *cmCfg)
+		if len(c.ACME.Domains) == 0 {
+			return configError{Field: "acme.domains", Err: errors.New("empty domains")}
+		}
+		err := cmCfg.ManageSync(context.Background(), c.ACME.Domains)
+		if err != nil {
+			return configError{Field: "acme.domains", Err: err}
+		}
+		hyConfig.TLSConfig.GetCertificate = cmCfg.GetCertificate
+	}
+	return nil
+}
+func genZeroSSLEAB(email string) (*acme.EAB, error) {
+	req, err := http.NewRequest(
+		http.MethodPost,
+		"https://api.zerossl.com/acme/eab-credentials-email",
+		strings.NewReader(url.Values{"email": []string{email}}.Encode()),
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to creare ZeroSSL EAB request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("User-Agent", certmagic.UserAgent)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to send ZeroSSL EAB request: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+	var result struct {
+		Success bool `json:"success"`
+		Error   struct {
+			Code int    `json:"code"`
+			Type string `json:"type"`
+		} `json:"error"`
+		EABKID     string `json:"eab_kid"`
+		EABHMACKey string `json:"eab_hmac_key"`
+	}
+	if err = json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return nil, fmt.Errorf("failed decoding ZeroSSL EAB API response: %w", err)
+	}
+	if result.Error.Code != 0 {
+		return nil, fmt.Errorf("failed getting ZeroSSL EAB credentials: HTTP %d: %s (code %d)", resp.StatusCode, result.Error.Type, result.Error.Code)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode)
+	}
+	return &acme.EAB{
+		KeyID:  result.EABKID,
+		MACKey: result.EABHMACKey,
+	}, nil
+}
+func (c *serverConfig) fillQUICConfig(hyConfig *server.Config) error {
+	hyConfig.QUICConfig = server.QUICConfig{
+		InitialStreamReceiveWindow:     c.QUIC.InitStreamReceiveWindow,
+		MaxStreamReceiveWindow:         c.QUIC.MaxStreamReceiveWindow,
+		InitialConnectionReceiveWindow: c.QUIC.InitConnectionReceiveWindow,
+		MaxConnectionReceiveWindow:     c.QUIC.MaxConnectionReceiveWindow,
+		MaxIdleTimeout:                 c.QUIC.MaxIdleTimeout,
+		MaxIncomingStreams:             c.QUIC.MaxIncomingStreams,
+		DisablePathMTUDiscovery:        c.QUIC.DisablePathMTUDiscovery,
+	}
+	return nil
+}
+func serverConfigOutboundDirectToOutbound(c serverConfigOutboundDirect) (outbounds.PluggableOutbound, error) {
+	opts := outbounds.DirectOutboundOptions{}
+	switch strings.ToLower(c.Mode) {
+	case "", "auto":
+		opts.Mode = outbounds.DirectOutboundModeAuto
+	case "64":
+		opts.Mode = outbounds.DirectOutboundMode64
+	case "46":
+		opts.Mode = outbounds.DirectOutboundMode46
+	case "6":
+		opts.Mode = outbounds.DirectOutboundMode6
+	case "4":
+		opts.Mode = outbounds.DirectOutboundMode4
+	default:
+		return nil, configError{Field: "outbounds.direct.mode", Err: errors.New("unsupported mode")}
+	}
+	bindIP := len(c.BindIPv4) > 0 || len(c.BindIPv6) > 0
+	bindDevice := len(c.BindDevice) > 0
+	if bindIP && bindDevice {
+		return nil, configError{Field: "outbounds.direct", Err: errors.New("cannot bind both IP and device")}
+	}
+	if bindIP {
+		ip4, ip6 := net.ParseIP(c.BindIPv4), net.ParseIP(c.BindIPv6)
+		if len(c.BindIPv4) > 0 && ip4 == nil {
+			return nil, configError{Field: "outbounds.direct.bindIPv4", Err: errors.New("invalid IPv4 address")}
+		}
+		if len(c.BindIPv6) > 0 && ip6 == nil {
+			return nil, configError{Field: "outbounds.direct.bindIPv6", Err: errors.New("invalid IPv6 address")}
+		}
+		opts.BindIP4 = ip4
+		opts.BindIP6 = ip6
+	}
+	if bindDevice {
+		opts.DeviceName = c.BindDevice
+	}
+	opts.FastOpen = c.FastOpen
+	return outbounds.NewDirectOutboundWithOptions(opts)
+}
+func serverConfigOutboundSOCKS5ToOutbound(c serverConfigOutboundSOCKS5) (outbounds.PluggableOutbound, error) {
+	if c.Addr == "" {
+		return nil, configError{Field: "outbounds.socks5.addr", Err: errors.New("empty socks5 address")}
+	}
+	return outbounds.NewSOCKS5Outbound(c.Addr, c.Username, c.Password), nil
+}
+func serverConfigOutboundHTTPToOutbound(c serverConfigOutboundHTTP) (outbounds.PluggableOutbound, error) {
+	if c.URL == "" {
+		return nil, configError{Field: "outbounds.http.url", Err: errors.New("empty http address")}
+	}
+	return outbounds.NewHTTPOutbound(c.URL, c.Insecure)
+}
+func (c *serverConfig) fillRequestHook(hyConfig *server.Config) error {
+	if c.Sniff.Enable {
+		s := &sniff.Sniffer{
+			Timeout:       c.Sniff.Timeout,
+			RewriteDomain: c.Sniff.RewriteDomain,
+		}
+		if c.Sniff.TCPPorts != "" {
+			s.TCPPorts = eUtils.ParsePortUnion(c.Sniff.TCPPorts)
+			if s.TCPPorts == nil {
+				return configError{Field: "sniff.tcpPorts", Err: errors.New("invalid port union")}
+			}
+		}
+		if c.Sniff.UDPPorts != "" {
+			s.UDPPorts = eUtils.ParsePortUnion(c.Sniff.UDPPorts)
+			if s.UDPPorts == nil {
+				return configError{Field: "sniff.udpPorts", Err: errors.New("invalid port union")}
+			}
+		}
+		hyConfig.RequestHook = s
+	}
+	return nil
+}
+func (c *serverConfig) fillOutboundConfig(hyConfig *server.Config) error {
+	// Resolver, ACL, actual outbound are all implemented through the Outbound interface.
+	// Depending on the config, we build a chain like this:
+	// Resolver(ACL(Outbounds...))
+	// Outbounds
+	var obs []outbounds.OutboundEntry
+	if len(c.Outbounds) == 0 {
+		// Guarantee we have at least one outbound
+		obs = []outbounds.OutboundEntry{{
+			Name:     "default",
+			Outbound: outbounds.NewDirectOutboundSimple(outbounds.DirectOutboundModeAuto),
+		}}
+	} else {
+		obs = make([]outbounds.OutboundEntry, len(c.Outbounds))
+		for i, entry := range c.Outbounds {
+			if entry.Name == "" {
+				return configError{Field: "outbounds.name", Err: errors.New("empty outbound name")}
+			}
+			var ob outbounds.PluggableOutbound
+			var err error
+			switch strings.ToLower(entry.Type) {
+			case "direct":
+				ob, err = serverConfigOutboundDirectToOutbound(entry.Direct)
+			case "socks5":
+				ob, err = serverConfigOutboundSOCKS5ToOutbound(entry.SOCKS5)
+			case "http":
+				ob, err = serverConfigOutboundHTTPToOutbound(entry.HTTP)
+			default:
+				err = configError{Field: "outbounds.type", Err: errors.New("unsupported outbound type")}
+			}
+			if err != nil {
+				return err
+			}
+			obs[i] = outbounds.OutboundEntry{Name: entry.Name, Outbound: ob}
+		}
+	}
+	var uOb outbounds.PluggableOutbound // "unified" outbound
+	// ACL
+	hasACL := false
+	if c.ACL.File != "" && len(c.ACL.Inline) > 0 {
+		return configError{Field: "acl", Err: errors.New("cannot set both acl.file and acl.inline")}
+	}
+	gLoader := &utils.GeoLoader{
+		GeoIPFilename:   c.ACL.GeoIP,
+		GeoSiteFilename: c.ACL.GeoSite,
+		UpdateInterval:  c.ACL.GeoUpdateInterval,
+		DownloadFunc:    geoDownloadFunc,
+		DownloadErrFunc: geoDownloadErrFunc,
+	}
+	if c.ACL.File != "" {
+		hasACL = true
+		acl, err := outbounds.NewACLEngineFromFile(c.ACL.File, obs, gLoader)
+		if err != nil {
+			return configError{Field: "acl.file", Err: err}
+		}
+		uOb = acl
+	} else if len(c.ACL.Inline) > 0 {
+		hasACL = true
+		acl, err := outbounds.NewACLEngineFromString(strings.Join(c.ACL.Inline, "\n"), obs, gLoader)
+		if err != nil {
+			return configError{Field: "acl.inline", Err: err}
+		}
+		uOb = acl
+	} else {
+		// No ACL, use the first outbound
+		uOb = obs[0].Outbound
+	}
+	// Resolver
+	switch strings.ToLower(c.Resolver.Type) {
+	case "", "system":
+		if hasACL {
+			// If the user uses ACL, we must put a resolver in front of it,
+			// for IP rules to work on domain requests.
+			uOb = outbounds.NewSystemResolver(uOb)
+		}
+		// Otherwise we can just rely on outbound handling on its own.
+	case "tcp":
+		if c.Resolver.TCP.Addr == "" {
+			return configError{Field: "resolver.tcp.addr", Err: errors.New("empty resolver address")}
+		}
+		uOb = outbounds.NewStandardResolverTCP(c.Resolver.TCP.Addr, c.Resolver.TCP.Timeout, uOb)
+	case "udp":
+		if c.Resolver.UDP.Addr == "" {
+			return configError{Field: "resolver.udp.addr", Err: errors.New("empty resolver address")}
+		}
+		uOb = outbounds.NewStandardResolverUDP(c.Resolver.UDP.Addr, c.Resolver.UDP.Timeout, uOb)
+	case "tls", "tcp-tls":
+		if c.Resolver.TLS.Addr == "" {
+			return configError{Field: "resolver.tls.addr", Err: errors.New("empty resolver address")}
+		}
+		uOb = outbounds.NewStandardResolverTLS(c.Resolver.TLS.Addr, c.Resolver.TLS.Timeout, c.Resolver.TLS.SNI, c.Resolver.TLS.Insecure, uOb)
+	case "https", "http":
+		if c.Resolver.HTTPS.Addr == "" {
+			return configError{Field: "resolver.https.addr", Err: errors.New("empty resolver address")}
+		}
+		uOb = outbounds.NewDoHResolver(c.Resolver.HTTPS.Addr, c.Resolver.HTTPS.Timeout, c.Resolver.HTTPS.SNI, c.Resolver.HTTPS.Insecure, uOb)
+	default:
+		return configError{Field: "resolver.type", Err: errors.New("unsupported resolver type")}
+	}
+	// Speed test
+	if c.SpeedTest {
+		uOb = outbounds.NewSpeedtestHandler(uOb)
+	}
+	hyConfig.Outbound = &outbounds.PluggableOutboundAdapter{PluggableOutbound: uOb}
+	return nil
+}
+func (c *serverConfig) fillBandwidthConfig(hyConfig *server.Config) error {
+	var err error
+	if c.Bandwidth.Up != "" {
+		hyConfig.BandwidthConfig.MaxTx, err = utils.ConvBandwidth(c.Bandwidth.Up)
+		if err != nil {
+			return configError{Field: "bandwidth.up", Err: err}
+		}
+	}
+	if c.Bandwidth.Down != "" {
+		hyConfig.BandwidthConfig.MaxRx, err = utils.ConvBandwidth(c.Bandwidth.Down)
+		if err != nil {
+			return configError{Field: "bandwidth.down", Err: err}
+		}
+	}
+	return nil
+}
+func (c *serverConfig) fillIgnoreClientBandwidth(hyConfig *server.Config) error {
+	hyConfig.IgnoreClientBandwidth = c.IgnoreClientBandwidth
+	return nil
+}
+func (c *serverConfig) fillDisableUDP(hyConfig *server.Config) error {
+	hyConfig.DisableUDP = c.DisableUDP
+	return nil
+}
+func (c *serverConfig) fillUDPIdleTimeout(hyConfig *server.Config) error {
+	hyConfig.UDPIdleTimeout = c.UDPIdleTimeout
+	return nil
+}
+func (c *serverConfig) fillAuthenticator(hyConfig *server.Config) error {
+	if c.Auth.Type == "" {
+		return configError{Field: "auth.type", Err: errors.New("empty auth type")}
+	}
+	switch strings.ToLower(c.Auth.Type) {
+	case "password":
+		if c.Auth.Password == "" {
+			return configError{Field: "auth.password", Err: errors.New("empty auth password")}
+		}
+		hyConfig.Authenticator = &auth.PasswordAuthenticator{Password: c.Auth.Password}
+		return nil
+	case "userpass":
+		if len(c.Auth.UserPass) == 0 {
+			return configError{Field: "auth.userpass", Err: errors.New("empty auth userpass")}
+		}
+		hyConfig.Authenticator = auth.NewUserPassAuthenticator(c.Auth.UserPass)
+		return nil
+	case "http", "https":
+		if c.Auth.HTTP.URL == "" {
+			return configError{Field: "auth.http.url", Err: errors.New("empty auth http url")}
+		}
+		hyConfig.Authenticator = auth.NewHTTPAuthenticator(c.Auth.HTTP.URL, c.Auth.HTTP.Insecure)
+		return nil
+	case "command", "cmd":
+		if c.Auth.Command == "" {
+			return configError{Field: "auth.command", Err: errors.New("empty auth command")}
+		}
+		hyConfig.Authenticator = &auth.CommandAuthenticator{Cmd: c.Auth.Command}
+		return nil
+	default:
+		return configError{Field: "auth.type", Err: errors.New("unsupported auth type")}
+	}
+}
+func (c *serverConfig) fillEventLogger(hyConfig *server.Config) error {
+	hyConfig.EventLogger = &serverLogger{}
+	return nil
+}
+func (c *serverConfig) fillTrafficLogger(hyConfig *server.Config) error {
+	if c.TrafficStats.Listen != "" {
+		tss := trafficlogger.NewTrafficStatsServer(c.TrafficStats.Secret)
+		hyConfig.TrafficLogger = tss
+		go runTrafficStatsServer(c.TrafficStats.Listen, tss)
+	}
+	return nil
+}
+// fillMasqHandler must be called after fillConn, as we may need to extract the QUIC
+// port number from Conn for MasqTCPServer.
+func (c *serverConfig) fillMasqHandler(hyConfig *server.Config) error {
+	var handler http.Handler
+	switch strings.ToLower(c.Masquerade.Type) {
+	case "", "404":
+		handler = http.NotFoundHandler()
+	case "file":
+		if c.Masquerade.File.Dir == "" {
+			return configError{Field: "masquerade.file.dir", Err: errors.New("empty file directory")}
+		}
+		handler = http.FileServer(http.Dir(c.Masquerade.File.Dir))
+	case "proxy":
+		if c.Masquerade.Proxy.URL == "" {
+			return configError{Field: "masquerade.proxy.url", Err: errors.New("empty proxy url")}
+		}
+		u, err := url.Parse(c.Masquerade.Proxy.URL)
+		if err != nil {
+			return configError{Field: "masquerade.proxy.url", Err: err}
+		}
+		if u.Scheme != "http" && u.Scheme != "https" {
+			return configError{Field: "masquerade.proxy.url", Err: fmt.Errorf("unsupported protocol scheme \"%s\"", u.Scheme)}
+		}
+		transport := http.DefaultTransport
+		if c.Masquerade.Proxy.Insecure {
+			transport = &http.Transport{
+				TLSClientConfig: &tls.Config{
+					InsecureSkipVerify: true,
+				},
+				// use default configs from http.DefaultTransport
+				Proxy: http.ProxyFromEnvironment,
+				DialContext: (&net.Dialer{
+					Timeout:   30 * time.Second,
+					KeepAlive: 30 * time.Second,
+				}).DialContext,
+				ForceAttemptHTTP2:     true,
+				MaxIdleConns:          100,
+				IdleConnTimeout:       90 * time.Second,
+				TLSHandshakeTimeout:   10 * time.Second,
+				ExpectContinueTimeout: 1 * time.Second,
+			}
+		}
+		handler = &httputil.ReverseProxy{
+			Rewrite: func(r *httputil.ProxyRequest) {
+				r.SetURL(u)
+				// SetURL rewrites the Host header,
+				// but we don't want that if rewriteHost is false
+				if !c.Masquerade.Proxy.RewriteHost {
+					r.Out.Host = r.In.Host
+				}
+			},
+			Transport: transport,
+			ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
+				logger.Error("HTTP reverse proxy error", zap.Error(err))
+				w.WriteHeader(http.StatusBadGateway)
+			},
+		}
+	case "string":
+		if c.Masquerade.String.Content == "" {
+			return configError{Field: "masquerade.string.content", Err: errors.New("empty string content")}
+		}
+		if c.Masquerade.String.StatusCode != 0 &&
+			(c.Masquerade.String.StatusCode < 200 ||
+				c.Masquerade.String.StatusCode > 599 ||
+				c.Masquerade.String.StatusCode == 233) {
+			// 233 is reserved for Hysteria authentication
+			return configError{Field: "masquerade.string.statusCode", Err: errors.New("invalid status code (must be 200-599, except 233)")}
+		}
+		handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			for k, v := range c.Masquerade.String.Headers {
+				w.Header().Set(k, v)
+			}
+			if c.Masquerade.String.StatusCode != 0 {
+				w.WriteHeader(c.Masquerade.String.StatusCode)
+			} else {
+				w.WriteHeader(http.StatusOK) // Use 200 OK by default
+			}
+			_, _ = w.Write([]byte(c.Masquerade.String.Content))
+		})
+	default:
+		return configError{Field: "masquerade.type", Err: errors.New("unsupported masquerade type")}
+	}
+	hyConfig.MasqHandler = &masqHandlerLogWrapper{H: handler, QUIC: true}
+	if c.Masquerade.ListenHTTP != "" || c.Masquerade.ListenHTTPS != "" {
+		if c.Masquerade.ListenHTTP != "" && c.Masquerade.ListenHTTPS == "" {
+			return configError{Field: "masquerade.listenHTTPS", Err: errors.New("having only HTTP server without HTTPS is not supported")}
+		}
+		s := masq.MasqTCPServer{
+			QUICPort:  extractPortFromAddr(hyConfig.Conn.LocalAddr().String()),
+			HTTPSPort: extractPortFromAddr(c.Masquerade.ListenHTTPS),
+			Handler:   &masqHandlerLogWrapper{H: handler, QUIC: false},
+			TLSConfig: &tls.Config{
+				Certificates:   hyConfig.TLSConfig.Certificates,
+				GetCertificate: hyConfig.TLSConfig.GetCertificate,
+			},
+			ForceHTTPS: c.Masquerade.ForceHTTPS,
+		}
+		go runMasqTCPServer(&s, c.Masquerade.ListenHTTP, c.Masquerade.ListenHTTPS)
+	}
+	return nil
+}
+// Config validates the fields and returns a ready-to-use Hysteria server config
+func (c *serverConfig) Config() (*server.Config, error) {
+	hyConfig := &server.Config{}
+	fillers := []func(*server.Config) error{
+		c.fillConn,
+		c.fillTLSConfig,
+		c.fillQUICConfig,
+		c.fillRequestHook,
+		c.fillOutboundConfig,
+		c.fillBandwidthConfig,
+		c.fillIgnoreClientBandwidth,
+		c.fillDisableUDP,
+		c.fillUDPIdleTimeout,
+		c.fillAuthenticator,
+		c.fillEventLogger,
+		c.fillTrafficLogger,
+		c.fillMasqHandler,
+	}
+	for _, f := range fillers {
+		if err := f(hyConfig); err != nil {
+			return nil, err
+		}
+	}
+	return hyConfig, nil
+}
+func runServer(cmd *cobra.Command, args []string) {
+	logger.Info("server mode")
+	if err := viper.ReadInConfig(); err != nil {
+		logger.Fatal("failed to read server config", zap.Error(err))
+	}
+	var config serverConfig
+	if err := viper.Unmarshal(&config); err != nil {
+		logger.Fatal("failed to parse server config", zap.Error(err))
+	}
+	hyConfig, err := config.Config()
+	if err != nil {
+		logger.Fatal("failed to load server config", zap.Error(err))
+	}
+	s, err := server.NewServer(hyConfig)
+	if err != nil {
+		logger.Fatal("failed to initialize server", zap.Error(err))
+	}
+	if config.Listen != "" {
+		logger.Info("server up and running", zap.String("listen", config.Listen))
+	} else {
+		logger.Info("server up and running", zap.String("listen", defaultListenAddr))
+	}
+	if !disableUpdateCheck {
+		go runCheckUpdateServer()
+	}
+	if err := s.Serve(); err != nil {
+		logger.Fatal("failed to serve", zap.Error(err))
+	}
+}
+func runTrafficStatsServer(listen string, handler http.Handler) {
+	logger.Info("traffic stats server up and running", zap.String("listen", listen))
+	if err := correctnet.HTTPListenAndServe(listen, handler); err != nil {
+		logger.Fatal("failed to serve traffic stats", zap.Error(err))
+	}
+}
+func runMasqTCPServer(s *masq.MasqTCPServer, httpAddr, httpsAddr string) {
+	errChan := make(chan error, 2)
+	if httpAddr != "" {
+		go func() {
+			logger.Info("masquerade HTTP server up and running", zap.String("listen", httpAddr))
+			errChan <- s.ListenAndServeHTTP(httpAddr)
+		}()
+	}
+	if httpsAddr != "" {
+		go func() {
+			logger.Info("masquerade HTTPS server up and running", zap.String("listen", httpsAddr))
+			errChan <- s.ListenAndServeHTTPS(httpsAddr)
+		}()
+	}
+	err := <-errChan
+	if err != nil {
+		logger.Fatal("failed to serve masquerade HTTP(S)", zap.Error(err))
+	}
+}
+func geoDownloadFunc(filename, url string) {
+	logger.Info("downloading database", zap.String("filename", filename), zap.String("url", url))
+}
+func geoDownloadErrFunc(err error) {
+	if err != nil {
+		logger.Error("failed to download database", zap.Error(err))
+	}
+}
+type serverLogger struct{}
+func (l *serverLogger) Connect(addr net.Addr, id string, tx uint64) {
+	logger.Info("client connected", zap.String("addr", addr.String()), zap.String("id", id), zap.Uint64("tx", tx))
+}
+func (l *serverLogger) Disconnect(addr net.Addr, id string, err error) {
+	logger.Info("client disconnected", zap.String("addr", addr.String()), zap.String("id", id), zap.Error(err))
+}
+func (l *serverLogger) TCPRequest(addr net.Addr, id, reqAddr string) {
+	logger.Debug("TCP request", zap.String("addr", addr.String()), zap.String("id", id), zap.String("reqAddr", reqAddr))
+}
+func (l *serverLogger) TCPError(addr net.Addr, id, reqAddr string, err error) {
+	if err == nil {
+		logger.Debug("TCP closed", zap.String("addr", addr.String()), zap.String("id", id), zap.String("reqAddr", reqAddr))
+	} else {
+		logger.Warn("TCP error", zap.String("addr", addr.String()), zap.String("id", id), zap.String("reqAddr", reqAddr), zap.Error(err))
+	}
+}
+func (l *serverLogger) UDPRequest(addr net.Addr, id string, sessionID uint32, reqAddr string) {
+	logger.Debug("UDP request", zap.String("addr", addr.String()), zap.String("id", id), zap.Uint32("sessionID", sessionID), zap.String("reqAddr", reqAddr))
+}
+func (l *serverLogger) UDPError(addr net.Addr, id string, sessionID uint32, err error) {
+	if err == nil {
+		logger.Debug("UDP closed", zap.String("addr", addr.String()), zap.String("id", id), zap.Uint32("sessionID", sessionID))
+	} else {
+		logger.Warn("UDP error", zap.String("addr", addr.String()), zap.String("id", id), zap.Uint32("sessionID", sessionID), zap.Error(err))
+	}
+}
+type masqHandlerLogWrapper struct {
+	H    http.Handler
+	QUIC bool
+}
+func (m *masqHandlerLogWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	logger.Debug("masquerade request",
+		zap.String("addr", r.RemoteAddr),
+		zap.String("method", r.Method),
+		zap.String("host", r.Host),
+		zap.String("url", r.URL.String()),
+		zap.Bool("quic", m.QUIC))
+	m.H.ServeHTTP(w, r)
+}
+func extractPortFromAddr(addr string) int {
+	_, portStr, err := net.SplitHostPort(addr)
+	if err != nil {
+		return 0
+	}
+	port, err := strconv.Atoi(portStr)
+	if err != nil {
+		return 0
+	}
+	return port
+}

app/cmd/server_test.go ADDED Viewed

	@@ -0,0 +1,189 @@

+package cmd
+import (
+	"testing"
+	"time"
+	"github.com/stretchr/testify/assert"
+	"github.com/spf13/viper"
+)
+// TestServerConfig tests the parsing of the server config
+func TestServerConfig(t *testing.T) {
+	viper.SetConfigFile("server_test.yaml")
+	err := viper.ReadInConfig()
+	assert.NoError(t, err)
+	var config serverConfig
+	err = viper.Unmarshal(&config)
+	assert.NoError(t, err)
+	assert.Equal(t, config, serverConfig{
+		Listen: ":8443",
+		Obfs: serverConfigObfs{
+			Type: "salamander",
+			Salamander: serverConfigObfsSalamander{
+				Password: "cry_me_a_r1ver",
+			},
+		},
+		TLS: &serverConfigTLS{
+			Cert:     "some.crt",
+			Key:      "some.key",
+			SNIGuard: "strict",
+		},
+		ACME: &serverConfigACME{
+			Domains: []string{
+				"sub1.example.com",
+				"sub2.example.com",
+			},
+			Email:      "haha@cringe.net",
+			CA:         "zero",
+			ListenHost: "127.0.0.9",
+			Dir:        "random_dir",
+			Type:       "dns",
+			HTTP: serverConfigACMEHTTP{
+				AltPort: 8888,
+			},
+			TLS: serverConfigACMETLS{
+				AltPort: 44333,
+			},
+			DNS: serverConfigACMEDNS{
+				Name: "gomommy",
+				Config: map[string]string{
+					"key1": "value1",
+					"key2": "value2",
+				},
+			},
+			DisableHTTP:    true,
+			DisableTLSALPN: true,
+			AltHTTPPort:    8080,
+			AltTLSALPNPort: 4433,
+		},
+		QUIC: serverConfigQUIC{
+			InitStreamReceiveWindow:     77881,
+			MaxStreamReceiveWindow:      77882,
+			InitConnectionReceiveWindow: 77883,
+			MaxConnectionReceiveWindow:  77884,
+			MaxIdleTimeout:              999 * time.Second,
+			MaxIncomingStreams:          256,
+			DisablePathMTUDiscovery:     true,
+		},
+		Bandwidth: serverConfigBandwidth{
+			Up:   "500 mbps",
+			Down: "100 mbps",
+		},
+		IgnoreClientBandwidth: true,
+		SpeedTest:             true,
+		DisableUDP:            true,
+		UDPIdleTimeout:        120 * time.Second,
+		Auth: serverConfigAuth{
+			Type:     "password",
+			Password: "goofy_ahh_password",
+			UserPass: map[string]string{
+				"yolo": "swag",
+				"lol":  "kek",
+				"foo":  "bar",
+			},
+			HTTP: serverConfigAuthHTTP{
+				URL:      "http://127.0.0.1:5000/auth",
+				Insecure: true,
+			},
+			Command: "/etc/some_command",
+		},
+		Resolver: serverConfigResolver{
+			Type: "udp",
+			TCP: serverConfigResolverTCP{
+				Addr:    "123.123.123.123:5353",
+				Timeout: 4 * time.Second,
+			},
+			UDP: serverConfigResolverUDP{
+				Addr:    "4.6.8.0:53",
+				Timeout: 2 * time.Second,
+			},
+			TLS: serverConfigResolverTLS{
+				Addr:     "dot.yolo.com:8853",
+				Timeout:  10 * time.Second,
+				SNI:      "server1.yolo.net",
+				Insecure: true,
+			},
+			HTTPS: serverConfigResolverHTTPS{
+				Addr:     "cringe.ahh.cc",
+				Timeout:  5 * time.Second,
+				SNI:      "real.stuff.net",
+				Insecure: true,
+			},
+		},
+		Sniff: serverConfigSniff{
+			Enable:        true,
+			Timeout:       1 * time.Second,
+			RewriteDomain: true,
+			TCPPorts:      "80,443,1000-2000",
+			UDPPorts:      "443",
+		},
+		ACL: serverConfigACL{
+			File: "chnroute.txt",
+			Inline: []string{
+				"lmao(ok)",
+				"kek(cringe,boba,tea)",
+			},
+			GeoIP:             "some.dat",
+			GeoSite:           "some_site.dat",
+			GeoUpdateInterval: 168 * time.Hour,
+		},
+		Outbounds: []serverConfigOutboundEntry{
+			{
+				Name: "goodstuff",
+				Type: "direct",
+				Direct: serverConfigOutboundDirect{
+					Mode:       "64",
+					BindIPv4:   "2.4.6.8",
+					BindIPv6:   "0:0:0:0:0:ffff:0204:0608",
+					BindDevice: "eth233",
+					FastOpen:   true,
+				},
+			},
+			{
+				Name: "badstuff",
+				Type: "socks5",
+				SOCKS5: serverConfigOutboundSOCKS5{
+					Addr:     "shady.proxy.ru:1080",
+					Username: "hackerman",
+					Password: "Elliot Alderson",
+				},
+			},
+			{
+				Name: "weirdstuff",
+				Type: "http",
+				HTTP: serverConfigOutboundHTTP{
+					URL:      "https://eyy.lmao:4443/goofy",
+					Insecure: true,
+				},
+			},
+		},
+		TrafficStats: serverConfigTrafficStats{
+			Listen: ":9999",
+			Secret: "its_me_mario",
+		},
+		Masquerade: serverConfigMasquerade{
+			Type: "proxy",
+			File: serverConfigMasqueradeFile{
+				Dir: "/www/masq",
+			},
+			Proxy: serverConfigMasqueradeProxy{
+				URL:         "https://some.site.net",
+				RewriteHost: true,
+				Insecure:    true,
+			},
+			String: serverConfigMasqueradeString{
+				Content: "aint nothin here",
+				Headers: map[string]string{
+					"content-type": "text/plain",
+					"custom-haha":  "lol",
+				},
+				StatusCode: 418,
+			},
+			ListenHTTP:  ":80",
+			ListenHTTPS: ":443",
+			ForceHTTPS:  true,
+		},
+	})
+}

app/cmd/server_test.yaml ADDED Viewed

	@@ -0,0 +1,144 @@

+listen: :8443
+obfs:
+  type: salamander
+  salamander:
+    password: cry_me_a_r1ver
+tls:
+  cert: some.crt
+  key: some.key
+  sniGuard: strict
+acme:
+  domains:
+    - sub1.example.com
+    - sub2.example.com
+  email: haha@cringe.net
+  ca: zero
+  listenHost: 127.0.0.9
+  dir: random_dir
+  type: dns
+  http:
+    altPort: 8888
+  tls:
+    altPort: 44333
+  dns:
+    name: gomommy
+    config:
+      key1: value1
+      key2: value2
+  disableHTTP: true
+  disableTLSALPN: true
+  altHTTPPort: 8080
+  altTLSALPNPort: 4433
+quic:
+  initStreamReceiveWindow: 77881
+  maxStreamReceiveWindow: 77882
+  initConnReceiveWindow: 77883
+  maxConnReceiveWindow: 77884
+  maxIdleTimeout: 999s
+  maxIncomingStreams: 256
+  disablePathMTUDiscovery: true
+bandwidth:
+  up: 500 mbps
+  down: 100 mbps
+ignoreClientBandwidth: true
+speedTest: true
+disableUDP: true
+udpIdleTimeout: 120s
+auth:
+  type: password
+  password: goofy_ahh_password
+  userpass:
+    yolo: swag
+    lol: kek
+    foo: bar
+  http:
+    url: http://127.0.0.1:5000/auth
+    insecure: true
+  command: /etc/some_command
+resolver:
+  type: udp
+  tcp:
+    addr: 123.123.123.123:5353
+    timeout: 4s
+  udp:
+    addr: 4.6.8.0:53
+    timeout: 2s
+  tls:
+    addr: dot.yolo.com:8853
+    timeout: 10s
+    sni: server1.yolo.net
+    insecure: true
+  https:
+    addr: cringe.ahh.cc
+    timeout: 5s
+    sni: real.stuff.net
+    insecure: true
+sniff:
+  enable: true
+  timeout: 1s
+  rewriteDomain: true
+  tcpPorts: 80,443,1000-2000
+  udpPorts: 443
+acl:
+  file: chnroute.txt
+  inline:
+    - lmao(ok)
+    - kek(cringe,boba,tea)
+  geoip: some.dat
+  geosite: some_site.dat
+  geoUpdateInterval: 168h
+outbounds:
+  - name: goodstuff
+    type: direct
+    direct:
+      mode: 64
+      bindIPv4: 2.4.6.8
+      bindIPv6: 0:0:0:0:0:ffff:0204:0608
+      bindDevice: eth233
+      fastOpen: true
+  - name: badstuff
+    type: socks5
+    socks5:
+      addr: shady.proxy.ru:1080
+      username: hackerman
+      password: Elliot Alderson
+  - name: weirdstuff
+    type: http
+    http:
+      url: https://eyy.lmao:4443/goofy
+      insecure: true
+trafficStats:
+  listen: :9999
+  secret: its_me_mario
+masquerade:
+  type: proxy
+  file:
+    dir: /www/masq
+  proxy:
+    url: https://some.site.net
+    rewriteHost: true
+    insecure: true
+  string:
+    content: aint nothin here
+    headers:
+      content-type: text/plain
+      custom-haha: lol
+    statusCode: 418
+  listenHTTP: :80
+  listenHTTPS: :443
+  forceHTTPS: true

app/cmd/share.go ADDED Viewed

	@@ -0,0 +1,55 @@

+package cmd
+import (
+	"fmt"
+	"github.com/apernet/hysteria/app/v2/internal/utils"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+)
+var (
+	noText bool
+	withQR bool
+)
+// shareCmd represents the share command
+var shareCmd = &cobra.Command{
+	Use:   "share",
+	Short: "Generate share URI",
+	Long:  "Generate a hysteria2:// URI from a client config for sharing",
+	Run:   runShare,
+}
+func init() {
+	initShareFlags()
+	rootCmd.AddCommand(shareCmd)
+}
+func initShareFlags() {
+	shareCmd.Flags().BoolVar(&noText, "notext", false, "do not show URI as text")
+	shareCmd.Flags().BoolVar(&withQR, "qr", false, "show URI as QR code")
+}
+func runShare(cmd *cobra.Command, args []string) {
+	if err := viper.ReadInConfig(); err != nil {
+		logger.Fatal("failed to read client config", zap.Error(err))
+	}
+	var config clientConfig
+	if err := viper.Unmarshal(&config); err != nil {
+		logger.Fatal("failed to parse client config", zap.Error(err))
+	}
+	if _, err := config.Config(); err != nil {
+		logger.Fatal("failed to load client config", zap.Error(err))
+	}
+	u := config.URI()
+	if !noText {
+		fmt.Println(u)
+	}
+	if withQR {
+		utils.PrintQR(u)
+	}
+}

app/cmd/speedtest.go ADDED Viewed

	@@ -0,0 +1,178 @@

+package cmd
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"github.com/apernet/hysteria/core/v2/client"
+	hyErrors "github.com/apernet/hysteria/core/v2/errors"
+	"github.com/apernet/hysteria/extras/v2/outbounds"
+	"github.com/apernet/hysteria/extras/v2/outbounds/speedtest"
+)
+var (
+	skipDownload bool
+	skipUpload   bool
+	dataSize     uint32
+	useBytes     bool
+	speedtestAddr = fmt.Sprintf("%s:%d", outbounds.SpeedtestDest, 0)
+)
+// speedtestCmd represents the speedtest command
+var speedtestCmd = &cobra.Command{
+	Use:   "speedtest",
+	Short: "Speed test mode",
+	Long:  "Perform a speed test through the proxy server. The server must have speed test support enabled.",
+	Run:   runSpeedtest,
+}
+func init() {
+	initSpeedtestFlags()
+	rootCmd.AddCommand(speedtestCmd)
+}
+func initSpeedtestFlags() {
+	speedtestCmd.Flags().BoolVar(&skipDownload, "skip-download", false, "Skip download test")
+	speedtestCmd.Flags().BoolVar(&skipUpload, "skip-upload", false, "Skip upload test")
+	speedtestCmd.Flags().Uint32Var(&dataSize, "data-size", 1024*1024*100, "Data size for download and upload tests")
+	speedtestCmd.Flags().BoolVar(&useBytes, "use-bytes", false, "Use bytes per second instead of bits per second")
+}
+func runSpeedtest(cmd *cobra.Command, args []string) {
+	logger.Info("speed test mode")
+	if err := viper.ReadInConfig(); err != nil {
+		logger.Fatal("failed to read client config", zap.Error(err))
+	}
+	var config clientConfig
+	if err := viper.Unmarshal(&config); err != nil {
+		logger.Fatal("failed to parse client config", zap.Error(err))
+	}
+	hyConfig, err := config.Config()
+	if err != nil {
+		logger.Fatal("failed to load client config", zap.Error(err))
+	}
+	c, info, err := client.NewClient(hyConfig)
+	if err != nil {
+		logger.Fatal("failed to initialize client", zap.Error(err))
+	}
+	defer c.Close()
+	logger.Info("connected to server",
+		zap.Bool("udpEnabled", info.UDPEnabled),
+		zap.Uint64("tx", info.Tx))
+	signalChan := make(chan os.Signal, 1)
+	signal.Notify(signalChan, os.Interrupt, syscall.SIGTERM)
+	defer signal.Stop(signalChan)
+	runChan := make(chan struct{}, 1)
+	go func() {
+		if !skipDownload {
+			runDownloadTest(c)
+		}
+		if !skipUpload {
+			runUploadTest(c)
+		}
+		runChan <- struct{}{}
+	}()
+	select {
+	case <-signalChan:
+		logger.Info("received signal, shutting down gracefully")
+	case <-runChan:
+		logger.Info("speed test complete")
+	}
+}
+func runDownloadTest(c client.Client) {
+	logger.Info("performing download test")
+	downConn, err := c.TCP(speedtestAddr)
+	if err != nil {
+		if errors.As(err, &hyErrors.DialError{}) {
+			logger.Fatal("failed to connect (server may not support speed test)", zap.Error(err))
+		} else {
+			logger.Fatal("failed to connect", zap.Error(err))
+		}
+	}
+	defer downConn.Close()
+	downClient := &speedtest.Client{Conn: downConn}
+	currentTotal := uint32(0)
+	err = downClient.Download(dataSize, func(d time.Duration, b uint32, done bool) {
+		if !done {
+			currentTotal += b
+			logger.Info("downloading",
+				zap.Uint32("bytes", b),
+				zap.String("progress", fmt.Sprintf("%.2f%%", float64(currentTotal)/float64(dataSize)*100)),
+				zap.String("speed", formatSpeed(b, d, useBytes)))
+		} else {
+			logger.Info("download complete",
+				zap.Uint32("bytes", b),
+				zap.String("speed", formatSpeed(b, d, useBytes)))
+		}
+	})
+	if err != nil {
+		logger.Fatal("download test failed", zap.Error(err))
+	}
+	logger.Info("download test complete")
+}
+func runUploadTest(c client.Client) {
+	logger.Info("performing upload test")
+	upConn, err := c.TCP(speedtestAddr)
+	if err != nil {
+		if errors.As(err, &hyErrors.DialError{}) {
+			logger.Fatal("failed to connect (server may not support speed test)", zap.Error(err))
+		} else {
+			logger.Fatal("failed to connect", zap.Error(err))
+		}
+	}
+	defer upConn.Close()
+	upClient := &speedtest.Client{Conn: upConn}
+	currentTotal := uint32(0)
+	err = upClient.Upload(dataSize, func(d time.Duration, b uint32, done bool) {
+		if !done {
+			currentTotal += b
+			logger.Info("uploading",
+				zap.Uint32("bytes", b),
+				zap.String("progress", fmt.Sprintf("%.2f%%", float64(currentTotal)/float64(dataSize)*100)),
+				zap.String("speed", formatSpeed(b, d, useBytes)))
+		} else {
+			logger.Info("upload complete",
+				zap.Uint32("bytes", b),
+				zap.String("speed", formatSpeed(b, d, useBytes)))
+		}
+	})
+	if err != nil {
+		logger.Fatal("upload test failed", zap.Error(err))
+	}
+	logger.Info("upload test complete")
+}
+func formatSpeed(bytes uint32, duration time.Duration, useBytes bool) string {
+	speed := float64(bytes) / duration.Seconds()
+	var units []string
+	if useBytes {
+		units = []string{"B/s", "KB/s", "MB/s", "GB/s"}
+	} else {
+		units = []string{"bps", "Kbps", "Mbps", "Gbps"}
+		speed *= 8
+	}
+	unitIndex := 0
+	for speed > 1000 && unitIndex < len(units)-1 {
+		speed /= 1000
+		unitIndex++
+	}
+	return fmt.Sprintf("%.2f %s", speed, units[unitIndex])
+}

app/cmd/update.go ADDED Viewed

	@@ -0,0 +1,88 @@

+package cmd
+import (
+	"time"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+	"github.com/apernet/hysteria/app/v2/internal/utils"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+const (
+	updateCheckInterval = 24 * time.Hour
+)
+// checkUpdateCmd represents the checkUpdate command
+var checkUpdateCmd = &cobra.Command{
+	Use:   "check-update",
+	Short: "Check for updates",
+	Long:  "Check for updates.",
+	Run:   runCheckUpdate,
+}
+func init() {
+	rootCmd.AddCommand(checkUpdateCmd)
+}
+func runCheckUpdate(cmd *cobra.Command, args []string) {
+	logger.Info("checking for updates",
+		zap.String("version", appVersion),
+		zap.String("platform", appPlatform),
+		zap.String("arch", appArch),
+		zap.String("channel", appType),
+	)
+	checker := utils.NewServerUpdateChecker(appVersion, appPlatform, appArch, appType)
+	resp, err := checker.Check()
+	if err != nil {
+		logger.Fatal("failed to check for updates", zap.Error(err))
+	}
+	if resp.HasUpdate {
+		logger.Info("update available",
+			zap.String("version", resp.LatestVersion),
+			zap.String("url", resp.URL),
+			zap.Bool("urgent", resp.Urgent),
+		)
+	} else {
+		logger.Info("no update available")
+	}
+}
+// runCheckUpdateServer is the background update checking routine for server mode
+func runCheckUpdateServer() {
+	checker := utils.NewServerUpdateChecker(appVersion, appPlatform, appArch, appType)
+	checkUpdateRoutine(checker)
+}
+// runCheckUpdateClient is the background update checking routine for client mode
+func runCheckUpdateClient(hyClient client.Client) {
+	checker := utils.NewClientUpdateChecker(appVersion, appPlatform, appArch, appType, hyClient)
+	checkUpdateRoutine(checker)
+}
+func checkUpdateRoutine(checker *utils.UpdateChecker) {
+	ticker := time.NewTicker(updateCheckInterval)
+	for {
+		logger.Debug("checking for updates",
+			zap.String("version", appVersion),
+			zap.String("platform", appPlatform),
+			zap.String("arch", appArch),
+			zap.String("channel", appType),
+		)
+		resp, err := checker.Check()
+		if err != nil {
+			logger.Debug("failed to check for updates", zap.Error(err))
+		} else if resp.HasUpdate {
+			logger.Info("update available",
+				zap.String("version", resp.LatestVersion),
+				zap.String("url", resp.URL),
+				zap.Bool("urgent", resp.Urgent),
+			)
+		} else {
+			logger.Debug("no update available")
+		}
+		<-ticker.C
+	}
+}

app/cmd/version.go ADDED Viewed

	@@ -0,0 +1,23 @@

+package cmd
+import (
+	"fmt"
+	"github.com/spf13/cobra"
+)
+// versionCmd represents the version command
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Show version",
+	Long:  "Show version.",
+	Run:   runVersion,
+}
+func init() {
+	rootCmd.AddCommand(versionCmd)
+}
+func runVersion(cmd *cobra.Command, args []string) {
+	fmt.Println(appAboutLong)
+}

app/go.mod ADDED Viewed

	@@ -0,0 +1,92 @@

+module github.com/apernet/hysteria/app/v2
+go 1.22
+toolchain go1.23.2
+require (
+	github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f
+	github.com/apernet/hysteria/core/v2 v2.0.0-00010101000000-000000000000
+	github.com/apernet/hysteria/extras/v2 v2.0.0-00010101000000-000000000000
+	github.com/apernet/sing-tun v0.2.6-0.20240323130332-b9f6511036ad
+	github.com/caddyserver/certmagic v0.17.2
+	github.com/libdns/cloudflare v0.1.1
+	github.com/libdns/duckdns v0.2.0
+	github.com/libdns/gandi v1.0.3
+	github.com/libdns/godaddy v1.0.3
+	github.com/libdns/namedotcom v0.3.3
+	github.com/libdns/vultr v1.0.0
+	github.com/mdp/qrterminal/v3 v3.1.1
+	github.com/mholt/acmez v1.0.4
+	github.com/sagernet/sing v0.3.2
+	github.com/spf13/cobra v1.7.0
+	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.9.0
+	github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301
+	go.uber.org/zap v1.24.0
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
+	golang.org/x/sys v0.25.0
+)
+require (
+	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 // indirect
+	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 // indirect
+	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a // indirect
+	github.com/database64128/tfo-go/v2 v2.2.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.6 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.1.1 // indirect
+	github.com/libdns/libdns v0.2.2 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/miekg/dns v1.1.59 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
+	github.com/refraction-networking/utls v1.6.6 // indirect
+	github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 // indirect
+	github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf // indirect
+	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
+	github.com/vultr/govultr/v3 v3.6.4 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/oauth2 v0.20.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/tools v0.22.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	rsc.io/qr v0.2.0 // indirect
+)
+replace github.com/apernet/hysteria/core/v2 => ../core
+replace github.com/apernet/hysteria/extras/v2 => ../extras

app/go.sum ADDED Viewed

	@@ -0,0 +1,661 @@

+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
+github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
+github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f h1:uVh0qpEslrWjgzx9vOcyCqsOY3c9kofDZ1n+qaw35ZY=
+github.com/apernet/go-tproxy v0.0.0-20230809025308-8f4723fd742f/go.mod h1:xkkq9D4ygcldQQhKS/w9CadiCKwCngU7K9E3DaKahpM=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0 h1:oc6//C91pY9gGOBioHeyJrmmpKv/nS8fvTeDpKNPLnI=
+github.com/apernet/quic-go v0.49.1-0.20250204013113-43c72b1281a0/go.mod h1:/mMPNt1MHqduzaVB2qFHnJwam3BR5r5b35GvYouJs/o=
+github.com/apernet/sing-tun v0.2.6-0.20240323130332-b9f6511036ad h1:QzQ2sKpc9o42HNRR8ukM5uMC/RzR2HgZd/Nvaqol2C0=
+github.com/apernet/sing-tun v0.2.6-0.20240323130332-b9f6511036ad/go.mod h1:S5IydyLSN/QAfvY+r2GoomPJ6hidtXWm/Ad18sJVssk=
+github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
+github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/caddyserver/certmagic v0.17.2 h1:o30seC1T/dBqBCNNGNHWwj2i5/I/FMjBbTAhjADP3nE=
+github.com/caddyserver/certmagic v0.17.2/go.mod h1:ouWUuC490GOLJzkyN35eXfV8bSbwMwSf4bdhkIxtdQE=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
+github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a h1:t4SDi0pmNkryzKdM4QF3o5vqSP4GRjeZD/6j3nyxNP0=
+github.com/database64128/netx-go v0.0.0-20240905055117-62795b8b054a/go.mod h1:7K2NQKbabB5mBl41vF6YayYl5g7YpDwc4dQ5iMpP3Lg=
+github.com/database64128/tfo-go/v2 v2.2.2 h1:BxynF4qGF5ct3DpPLEG62uyJZ3LQhqaf0Ken+kyy7PM=
+github.com/database64128/tfo-go/v2 v2.2.2/go.mod h1:2IW8jppdBwdVMjA08uEyMNnqiAHKUlqAA+J8NrsfktY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM=
+github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4=
+github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/cpuid/v2 v2.1.1 h1:t0wUqjowdm8ezddV5k0tLWVklVuvLJpoHeb4WBdydm0=
+github.com/klauspost/cpuid/v2 v2.1.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/libdns/cloudflare v0.1.1 h1:FVPfWwP8zZCqj268LZjmkDleXlHPlFU9KC4OJ3yn054=
+github.com/libdns/cloudflare v0.1.1/go.mod h1:9VK91idpOjg6v7/WbjkEW49bSCxj00ALesIFDhJ8PBU=
+github.com/libdns/duckdns v0.2.0 h1:vd3pE09G2qTx1Zh1o3LmrivWSByD3Z5FbL7csX5vDgE=
+github.com/libdns/duckdns v0.2.0/go.mod h1:jCQ/7+qvhLK39+28qXvKEYGBBvmHBCmIwNqdJTCUmVs=
+github.com/libdns/gandi v1.0.3 h1:FIvipWOg/O4zi75fPRmtcolRKqI6MgrbpFy2p5KYdUk=
+github.com/libdns/gandi v1.0.3/go.mod h1:G6dw58Xnji2xX+lb+uZxGbtmfxKllm1CGHE2bOPG3WA=
+github.com/libdns/godaddy v1.0.3 h1:PX1FOYDQ1HGQzz8mVOmtwm3aa6Sv5MwCkNzivUUTA44=
+github.com/libdns/godaddy v1.0.3/go.mod h1:vuKWUXnvblDvcaiRwutOoLl7DuB21x8tI06owsF/JTM=
+github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
+github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s=
+github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
+github.com/libdns/namedotcom v0.3.3 h1:R10C7+IqQGVeC4opHHMiFNBxdNBg1bi65ZwqLESl+jE=
+github.com/libdns/namedotcom v0.3.3/go.mod h1:GbYzsAF2yRUpI0WgIK5fs5UX+kDVUPaYCFLpTnKQm0s=
+github.com/libdns/vultr v1.0.0 h1:W8B4+k2bm9ro3bZLSZV9hMOQI+uO6Svu+GmD+Olz7ZI=
+github.com/libdns/vultr v1.0.0/go.mod h1:8K1HJExcbeHS4YPkFHRZpqpXZzZ+DZAA0m0VikJgEqk=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mdp/qrterminal/v3 v3.1.1 h1:cIPwg3QU0OIm9+ce/lRfWXhPwEjOSKwk3HBwL3HBTyc=
+github.com/mdp/qrterminal/v3 v3.1.1/go.mod h1:5lJlXe7Jdr8wlPDdcsJttv1/knsRgzXASyr4dcGZqNU=
+github.com/mholt/acmez v1.0.4 h1:N3cE4Pek+dSolbsofIkAYz6H1d3pE+2G0os7QHslf80=
+github.com/mholt/acmez v1.0.4/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY=
+github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.51/go.mod h1:2Z9d3CP1LQWihRZUf29mQ19yDThaI4DAYzte2CaQW5c=
+github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
+github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
+github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
+github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
+github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig=
+github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97 h1:iL5gZI3uFp0X6EslacyapiRz7LLSJyr4RajF/BhMVyE=
+github.com/sagernet/netlink v0.0.0-20220905062125-8043b4a9aa97/go.mod h1:xLnfdiJbSp8rNqYEdIW/6eDO4mVoogml14Bh2hSiFpM=
+github.com/sagernet/sing v0.3.2 h1:CwWcxUBPkMvwgfe2/zUgY5oHG9qOL8Aob/evIFYK9jo=
+github.com/sagernet/sing v0.3.2/go.mod h1:qHySJ7u8po9DABtMYEkNBcOumx7ZZJf/fbv2sfTkNHE=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9 h1:rc/CcqLH3lh8n+csdOuDfP+NuykE0U6AeYSJJHKDgSg=
+github.com/scjalliance/comshim v0.0.0-20230315213746-5e51f40bd3b9/go.mod h1:a/83NAfUXvEuLpmxDssAXxgUgrEy12MId3Wd7OTs76s=
+github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
+github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
+github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
+github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
+github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0=
+github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf/go.mod h1:CLUSJbazqETbaR+i0YAhXBICV9TrKH93pziccMhmhpM=
+github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301 h1:d/Wr/Vl/wiJHc3AHYbYs5I3PucJvRuw3SvbmlIRf+oM=
+github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301/go.mod h1:ntmMHL/xPq1WLeKiw8p/eRATaae6PiVRNipHFJxI8PM=
+github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
+github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vultr/govultr/v3 v3.6.4 h1:unvY9eXlBw667ECQZDbBDOIaWB8wkk6Bx+yB0IMKXJ4=
+github.com/vultr/govultr/v3 v3.6.4/go.mod h1:rt9v2x114jZmmLAE/h5N5jnxTmsK9ewwS2oQZ0UBQzM=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
+go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/qr v0.2.0 h1:6vBLea5/NRMVTz8V66gipeLycZMl/+UlFmk8DvqQ6WY=
+rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

app/internal/forwarding/tcp.go ADDED Viewed

	@@ -0,0 +1,62 @@

+package forwarding
+import (
+	"io"
+	"net"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+type TCPTunnel struct {
+	HyClient    client.Client
+	Remote      string
+	EventLogger TCPEventLogger
+}
+type TCPEventLogger interface {
+	Connect(addr net.Addr)
+	Error(addr net.Addr, err error)
+}
+func (t *TCPTunnel) Serve(listener net.Listener) error {
+	for {
+		conn, err := listener.Accept()
+		if err != nil {
+			return err
+		}
+		go t.handle(conn)
+	}
+}
+func (t *TCPTunnel) handle(conn net.Conn) {
+	defer conn.Close()
+	if t.EventLogger != nil {
+		t.EventLogger.Connect(conn.RemoteAddr())
+	}
+	var closeErr error
+	defer func() {
+		if t.EventLogger != nil {
+			t.EventLogger.Error(conn.RemoteAddr(), closeErr)
+		}
+	}()
+	rc, err := t.HyClient.TCP(t.Remote)
+	if err != nil {
+		closeErr = err
+		return
+	}
+	defer rc.Close()
+	// Start forwarding
+	copyErrChan := make(chan error, 2)
+	go func() {
+		_, copyErr := io.Copy(rc, conn)
+		copyErrChan <- copyErr
+	}()
+	go func() {
+		_, copyErr := io.Copy(conn, rc)
+		copyErrChan <- copyErr
+	}()
+	closeErr = <-copyErrChan
+}

app/internal/forwarding/tcp_test.go ADDED Viewed

	@@ -0,0 +1,39 @@

+package forwarding
+import (
+	"crypto/rand"
+	"net"
+	"testing"
+	"github.com/stretchr/testify/assert"
+	"github.com/apernet/hysteria/app/v2/internal/utils_test"
+)
+func TestTCPTunnel(t *testing.T) {
+	// Start the tunnel
+	l, err := net.Listen("tcp", "127.0.0.1:34567")
+	assert.NoError(t, err)
+	defer l.Close()
+	tunnel := &TCPTunnel{
+		HyClient: &utils_test.MockEchoHyClient{},
+	}
+	go tunnel.Serve(l)
+	for i := 0; i < 10; i++ {
+		conn, err := net.Dial("tcp", "127.0.0.1:34567")
+		assert.NoError(t, err)
+		data := make([]byte, 1024)
+		_, _ = rand.Read(data)
+		_, err = conn.Write(data)
+		assert.NoError(t, err)
+		recv := make([]byte, 1024)
+		_, err = conn.Read(recv)
+		assert.NoError(t, err)
+		assert.Equal(t, data, recv)
+		_ = conn.Close()
+	}
+}

app/internal/forwarding/udp.go ADDED Viewed

	@@ -0,0 +1,180 @@

+package forwarding
+import (
+	"net"
+	"sync"
+	"sync/atomic"
+	"time"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+const (
+	udpBufferSize = 4096
+	defaultTimeout      = 60 * time.Second
+	idleCleanupInterval = 1 * time.Second
+)
+type atomicTime struct {
+	v atomic.Value
+}
+func newAtomicTime(t time.Time) *atomicTime {
+	a := &atomicTime{}
+	a.Set(t)
+	return a
+}
+func (t *atomicTime) Set(new time.Time) {
+	t.v.Store(new)
+}
+func (t *atomicTime) Get() time.Time {
+	return t.v.Load().(time.Time)
+}
+type sessionEntry struct {
+	HyConn  client.HyUDPConn
+	Last    *atomicTime
+	Timeout bool // true if the session is closed due to timeout
+}
+func (e *sessionEntry) Feed(data []byte, addr string) error {
+	e.Last.Set(time.Now())
+	return e.HyConn.Send(data, addr)
+}
+func (e *sessionEntry) ReceiveLoop(pc net.PacketConn, addr net.Addr) error {
+	for {
+		data, _, err := e.HyConn.Receive()
+		if err != nil {
+			return err
+		}
+		_, err = pc.WriteTo(data, addr)
+		if err != nil {
+			return err
+		}
+		e.Last.Set(time.Now())
+	}
+}
+type UDPTunnel struct {
+	HyClient    client.Client
+	Remote      string
+	Timeout     time.Duration
+	EventLogger UDPEventLogger
+	m     map[string]*sessionEntry // addr -> HyConn
+	mutex sync.RWMutex
+}
+type UDPEventLogger interface {
+	Connect(addr net.Addr)
+	Error(addr net.Addr, err error)
+}
+func (t *UDPTunnel) Serve(pc net.PacketConn) error {
+	t.m = make(map[string]*sessionEntry)
+	stopCh := make(chan struct{})
+	go t.idleCleanupLoop(stopCh)
+	defer close(stopCh)
+	defer t.cleanup(false)
+	buf := make([]byte, udpBufferSize)
+	for {
+		n, addr, err := pc.ReadFrom(buf)
+		if err != nil {
+			return err
+		}
+		t.feed(pc, addr, buf[:n])
+	}
+}
+func (t *UDPTunnel) idleCleanupLoop(stopCh <-chan struct{}) {
+	ticker := time.NewTicker(idleCleanupInterval)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ticker.C:
+			t.cleanup(true)
+		case <-stopCh:
+			return
+		}
+	}
+}
+func (t *UDPTunnel) cleanup(idleOnly bool) {
+	// We use RLock here as we are only scanning the map, not deleting from it.
+	t.mutex.RLock()
+	defer t.mutex.RUnlock()
+	timeout := t.Timeout
+	if timeout == 0 {
+		timeout = defaultTimeout
+	}
+	now := time.Now()
+	for _, entry := range t.m {
+		if !idleOnly || now.Sub(entry.Last.Get()) > timeout {
+			entry.Timeout = true
+			_ = entry.HyConn.Close()
+			// Closing the connection here will cause the ReceiveLoop to exit,
+			// and the session will be removed from the map there.
+		}
+	}
+}
+func (t *UDPTunnel) feed(pc net.PacketConn, addr net.Addr, data []byte) {
+	t.mutex.RLock()
+	entry := t.m[addr.String()]
+	t.mutex.RUnlock()
+	// Create a new session if not exists
+	if entry == nil {
+		if t.EventLogger != nil {
+			t.EventLogger.Connect(addr)
+		}
+		hyConn, err := t.HyClient.UDP()
+		if err != nil {
+			if t.EventLogger != nil {
+				t.EventLogger.Error(addr, err)
+			}
+			return
+		}
+		entry = &sessionEntry{
+			HyConn: hyConn,
+			Last:   newAtomicTime(time.Now()),
+		}
+		// Start the receive loop for this session
+		// Local <- Remote
+		go func() {
+			err := entry.ReceiveLoop(pc, addr)
+			if !entry.Timeout {
+				_ = hyConn.Close()
+				if t.EventLogger != nil {
+					t.EventLogger.Error(addr, err)
+				}
+			} else {
+				// Connection already closed by timeout cleanup,
+				// no need to close again here.
+				// Use nil error to indicate timeout.
+				if t.EventLogger != nil {
+					t.EventLogger.Error(addr, nil)
+				}
+			}
+			// Remove the session from the map
+			t.mutex.Lock()
+			delete(t.m, addr.String())
+			t.mutex.Unlock()
+		}()
+		// Insert the session into the map
+		t.mutex.Lock()
+		t.m[addr.String()] = entry
+		t.mutex.Unlock()
+	}
+	// Feed the message to the session
+	_ = entry.Feed(data, t.Remote)
+}

app/internal/forwarding/udp_test.go ADDED Viewed

	@@ -0,0 +1,39 @@

+package forwarding
+import (
+	"crypto/rand"
+	"net"
+	"testing"
+	"github.com/stretchr/testify/assert"
+	"github.com/apernet/hysteria/app/v2/internal/utils_test"
+)
+func TestUDPTunnel(t *testing.T) {
+	// Start the tunnel
+	l, err := net.ListenPacket("udp", "127.0.0.1:34567")
+	assert.NoError(t, err)
+	defer l.Close()
+	tunnel := &UDPTunnel{
+		HyClient: &utils_test.MockEchoHyClient{},
+	}
+	go tunnel.Serve(l)
+	for i := 0; i < 10; i++ {
+		conn, err := net.Dial("udp", "127.0.0.1:34567")
+		assert.NoError(t, err)
+		data := make([]byte, 1024)
+		_, _ = rand.Read(data)
+		_, err = conn.Write(data)
+		assert.NoError(t, err)
+		recv := make([]byte, 1024)
+		_, err = conn.Read(recv)
+		assert.NoError(t, err)
+		assert.Equal(t, data, recv)
+		_ = conn.Close()
+	}
+}

app/internal/http/server.go ADDED Viewed

	@@ -0,0 +1,301 @@

+package http
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+const (
+	httpClientTimeout = 10 * time.Second
+)
+// Server is an HTTP server using a Hysteria client as outbound.
+type Server struct {
+	HyClient    client.Client
+	AuthFunc    func(username, password string) bool // nil = no authentication
+	AuthRealm   string
+	EventLogger EventLogger
+	httpClient *http.Client
+}
+type EventLogger interface {
+	ConnectRequest(addr net.Addr, reqAddr string)
+	ConnectError(addr net.Addr, reqAddr string, err error)
+	HTTPRequest(addr net.Addr, reqURL string)
+	HTTPError(addr net.Addr, reqURL string, err error)
+}
+func (s *Server) Serve(listener net.Listener) error {
+	for {
+		conn, err := listener.Accept()
+		if err != nil {
+			return err
+		}
+		go s.dispatch(conn)
+	}
+}
+func (s *Server) dispatch(conn net.Conn) {
+	bufReader := bufio.NewReader(conn)
+	for {
+		req, err := http.ReadRequest(bufReader)
+		if err != nil {
+			// Connection error or invalid request
+			_ = conn.Close()
+			return
+		}
+		if s.AuthFunc != nil {
+			authOK := false
+			// Check the Proxy-Authorization header
+			pAuth := req.Header.Get("Proxy-Authorization")
+			if strings.HasPrefix(pAuth, "Basic ") {
+				userPass, err := base64.URLEncoding.DecodeString(pAuth[6:])
+				if err == nil {
+					userPassParts := strings.SplitN(string(userPass), ":", 2)
+					if len(userPassParts) == 2 {
+						authOK = s.AuthFunc(userPassParts[0], userPassParts[1])
+					}
+				}
+			}
+			if !authOK {
+				// Proxy authentication required
+				_ = sendProxyAuthRequired(conn, req, s.AuthRealm)
+				_ = conn.Close()
+				return
+			}
+		}
+		if req.Method == http.MethodConnect {
+			if bufReader.Buffered() > 0 {
+				// There is still data in the buffered reader.
+				// We need to get it out and put it into a cachedConn,
+				// so that handleConnect can read it.
+				data := make([]byte, bufReader.Buffered())
+				_, err := io.ReadFull(bufReader, data)
+				if err != nil {
+					// Read from buffer failed, is this possible?
+					_ = conn.Close()
+					return
+				}
+				cachedConn := &cachedConn{
+					Conn:   conn,
+					Buffer: *bytes.NewBuffer(data),
+				}
+				s.handleConnect(cachedConn, req)
+			} else {
+				// No data in the buffered reader, we can just pass the original connection.
+				s.handleConnect(conn, req)
+			}
+			// handleConnect will take over the connection,
+			// i.e. it will not return until the connection is closed.
+			// When it returns, there will be no more requests from this connection,
+			// so we simply exit the loop.
+			return
+		} else {
+			// handleRequest on the other hand handles one request at a time,
+			// and returns when the request is done. It returns a bool indicating
+			// whether the connection should be kept alive, but itself never closes
+			// the connection.
+			keepAlive := s.handleRequest(conn, req)
+			if !keepAlive {
+				_ = conn.Close()
+				return
+			}
+		}
+	}
+}
+// cachedConn is a net.Conn wrapper that first Read()s from a buffer,
+// and then from the underlying net.Conn when the buffer is drained.
+type cachedConn struct {
+	net.Conn
+	Buffer bytes.Buffer
+}
+func (c *cachedConn) Read(b []byte) (int, error) {
+	if c.Buffer.Len() > 0 {
+		n, err := c.Buffer.Read(b)
+		if err == io.EOF {
+			// Buffer is drained, hide it from the caller
+			err = nil
+		}
+		return n, err
+	}
+	return c.Conn.Read(b)
+}
+func (s *Server) handleConnect(conn net.Conn, req *http.Request) {
+	defer conn.Close()
+	port := req.URL.Port()
+	if port == "" {
+		// HTTP defaults to port 80
+		port = "80"
+	}
+	reqAddr := net.JoinHostPort(req.URL.Hostname(), port)
+	// Connect request & error log
+	if s.EventLogger != nil {
+		s.EventLogger.ConnectRequest(conn.RemoteAddr(), reqAddr)
+	}
+	var closeErr error
+	defer func() {
+		if s.EventLogger != nil {
+			s.EventLogger.ConnectError(conn.RemoteAddr(), reqAddr, closeErr)
+		}
+	}()
+	// Dial
+	rConn, err := s.HyClient.TCP(reqAddr)
+	if err != nil {
+		_ = sendSimpleResponse(conn, req, http.StatusBadGateway)
+		closeErr = err
+		return
+	}
+	defer rConn.Close()
+	// Send 200 OK response and start relaying
+	_ = sendSimpleResponse(conn, req, http.StatusOK)
+	copyErrChan := make(chan error, 2)
+	go func() {
+		_, err := io.Copy(rConn, conn)
+		copyErrChan <- err
+	}()
+	go func() {
+		_, err := io.Copy(conn, rConn)
+		copyErrChan <- err
+	}()
+	closeErr = <-copyErrChan
+}
+func (s *Server) handleRequest(conn net.Conn, req *http.Request) bool {
+	// Some clients use Connection, some use Proxy-Connection
+	// https://www.oreilly.com/library/view/http-the-definitive/1565925092/re40.html
+	keepAlive := req.ProtoAtLeast(1, 1) &&
+		(strings.ToLower(req.Header.Get("Proxy-Connection")) == "keep-alive" ||
+			strings.ToLower(req.Header.Get("Connection")) == "keep-alive")
+	req.RequestURI = "" // Outgoing request should not have RequestURI
+	removeHopByHopHeaders(req.Header)
+	removeExtraHTTPHostPort(req)
+	if req.URL.Scheme == "" || req.URL.Host == "" {
+		_ = sendSimpleResponse(conn, req, http.StatusBadRequest)
+		return false
+	}
+	// Request & error log
+	if s.EventLogger != nil {
+		s.EventLogger.HTTPRequest(conn.RemoteAddr(), req.URL.String())
+	}
+	var closeErr error
+	defer func() {
+		if s.EventLogger != nil {
+			s.EventLogger.HTTPError(conn.RemoteAddr(), req.URL.String(), closeErr)
+		}
+	}()
+	if s.httpClient == nil {
+		s.initHTTPClient()
+	}
+	// Do the request and send the response back
+	resp, err := s.httpClient.Do(req)
+	if err != nil {
+		closeErr = err
+		_ = sendSimpleResponse(conn, req, http.StatusBadGateway)
+		return false
+	}
+	removeHopByHopHeaders(resp.Header)
+	if keepAlive {
+		resp.Header.Set("Connection", "keep-alive")
+		resp.Header.Set("Proxy-Connection", "keep-alive")
+		resp.Header.Set("Keep-Alive", "timeout=60")
+	}
+	closeErr = resp.Write(conn)
+	return closeErr == nil && keepAlive
+}
+func (s *Server) initHTTPClient() {
+	s.httpClient = &http.Client{
+		Transport: &http.Transport{
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				// HyClient doesn't support context for now
+				return s.HyClient.TCP(addr)
+			},
+		},
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
+		Timeout: httpClientTimeout,
+	}
+}
+func removeHopByHopHeaders(header http.Header) {
+	header.Del("Proxy-Connection") // Not in RFC but common
+	// https://www.ietf.org/rfc/rfc2616.txt
+	header.Del("Connection")
+	header.Del("Keep-Alive")
+	header.Del("Proxy-Authenticate")
+	header.Del("Proxy-Authorization")
+	header.Del("TE")
+	header.Del("Trailers")
+	header.Del("Transfer-Encoding")
+	header.Del("Upgrade")
+}
+func removeExtraHTTPHostPort(req *http.Request) {
+	host := req.Host
+	if host == "" {
+		host = req.URL.Host
+	}
+	if pHost, port, err := net.SplitHostPort(host); err == nil && port == "80" {
+		host = pHost
+	}
+	req.Host = host
+	req.URL.Host = host
+}
+// sendSimpleResponse sends a simple HTTP response with the given status code.
+func sendSimpleResponse(conn net.Conn, req *http.Request, statusCode int) error {
+	resp := &http.Response{
+		StatusCode: statusCode,
+		Status:     http.StatusText(statusCode),
+		Proto:      req.Proto,
+		ProtoMajor: req.ProtoMajor,
+		ProtoMinor: req.ProtoMinor,
+		Header:     http.Header{},
+	}
+	// Remove the "Content-Length: 0" header, some clients (e.g. ffmpeg) may not like it.
+	resp.ContentLength = -1
+	// Also, prevent the "Connection: close" header.
+	resp.Close = false
+	resp.Uncompressed = true
+	return resp.Write(conn)
+}
+// sendProxyAuthRequired sends a 407 Proxy Authentication Required response.
+func sendProxyAuthRequired(conn net.Conn, req *http.Request, realm string) error {
+	resp := &http.Response{
+		StatusCode: http.StatusProxyAuthRequired,
+		Status:     http.StatusText(http.StatusProxyAuthRequired),
+		Proto:      req.Proto,
+		ProtoMajor: req.ProtoMajor,
+		ProtoMinor: req.ProtoMinor,
+		Header:     http.Header{},
+	}
+	resp.Header.Set("Proxy-Authenticate", fmt.Sprintf("Basic realm=%q", realm))
+	return resp.Write(conn)
+}

app/internal/http/server_test.go ADDED Viewed

	@@ -0,0 +1,59 @@

+package http
+import (
+	"errors"
+	"net"
+	"net/http"
+	"os/exec"
+	"strings"
+	"testing"
+	"github.com/stretchr/testify/assert"
+	"github.com/apernet/hysteria/core/v2/client"
+)
+const (
+	testCertFile = "test.crt"
+	testKeyFile  = "test.key"
+)
+type mockHyClient struct{}
+func (c *mockHyClient) TCP(addr string) (net.Conn, error) {
+	return net.Dial("tcp", addr)
+}
+func (c *mockHyClient) UDP() (client.HyUDPConn, error) {
+	return nil, errors.New("not implemented")
+}
+func (c *mockHyClient) Close() error {
+	return nil
+}
+func TestServer(t *testing.T) {
+	// Start the server
+	l, err := net.Listen("tcp", "127.0.0.1:18080")
+	assert.NoError(t, err)
+	defer l.Close()
+	s := &Server{
+		HyClient: &mockHyClient{},
+	}
+	go s.Serve(l)
+	// Start a test HTTP & HTTPS server
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("control is an illusion"))
+	})
+	go http.ListenAndServe("127.0.0.1:18081", nil)
+	go http.ListenAndServeTLS("127.0.0.1:18082", testCertFile, testKeyFile, nil)
+	// Run the Python test script
+	cmd := exec.Command("python", "server_test.py")
+	// Suppress HTTPS warning text from Python
+	cmd.Env = append(cmd.Env, "PYTHONWARNINGS=ignore:Unverified HTTPS request")
+	out, err := cmd.CombinedOutput()
+	assert.NoError(t, err)
+	assert.Equal(t, "OK", strings.TrimSpace(string(out)))
+}

app/internal/http/server_test.py ADDED Viewed

	@@ -0,0 +1,24 @@

+import requests
+proxies = {
+    "http": "http://127.0.0.1:18080",
+    "https": "http://127.0.0.1:18080",
+}
+def test_http(it):
+    for i in range(it):
+        r = requests.get("http://127.0.0.1:18081", proxies=proxies)
+        assert r.status_code == 200 and r.text == "control is an illusion"
+def test_https(it):
+    for i in range(it):
+        r = requests.get("https://127.0.0.1:18082", proxies=proxies, verify=False)
+        assert r.status_code == 200 and r.text == "control is an illusion"
+if __name__ == "__main__":
+    test_http(10)
+    test_https(10)
+    print("OK")

app/internal/http/test.crt ADDED Viewed

	@@ -0,0 +1,23 @@

+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIUMeefneiCXWS2ovxNN+fJcdrOIfAwDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCVFcxEzARBgNVBAgMClNvbWUtU3RhdGUxGTAXBgNVBAoM
+EFJhbmRvbSBTdHVmZiBMTEMxEjAQBgNVBAMMCWxvY2FsaG9zdDEdMBsGCSqGSIb3
+DQEJARYOcG9vcGVyQHNoaXQuY2MwHhcNMjMwNDI3MDAyMDQ1WhcNMzMwNDI0MDAy
+MDQ1WjBwMQswCQYDVQQGEwJUVzETMBEGA1UECAwKU29tZS1TdGF0ZTEZMBcGA1UE
+CgwQUmFuZG9tIFN0dWZmIExMQzESMBAGA1UEAwwJbG9jYWxob3N0MR0wGwYJKoZI
+hvcNAQkBFg5wb29wZXJAc2hpdC5jYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOU9/4AT/6fDKyEyZMMLFzUEVC8ZDJHoKZ+3g65ZFQLxRKqlEdhvOwq4
+ZsxYF0sceUPDAsdrT+km0l1jAvq6u82n6xQQ60HpKe6hOvDX7KS0dPcKa+nfEa0W
+DKamBB+TzxB2dBfBNS1oUU74nBb7ttpJiKnOpRJ0/J+CwslvhJzq04AUXC/W1CtW
+CbZBg1JjY0fCN+Oy1WjEqMtRSB6k5Ipk40a8NcsqReBOMZChR8elruZ09sIlA6tf
+jICOKToDVBmkjJ8m/GnxfV8MeLoK83M2VA73njsS6q9qe9KDVgIVQmifwi6JUb7N
+o0A6f2Z47AWJmvq4goHJtnQ3fyoeIsMCAwEAAaNTMFEwHQYDVR0OBBYEFPrBsm6v
+M29fKA3is22tK8yHYQaDMB8GA1UdIwQYMBaAFPrBsm6vM29fKA3is22tK8yHYQaD
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJvOwj0Tf8l9AWvf
+1ZLyW0K3m5oJAoUayjlLP9q7KHgJHWd4QXxg4ApUDo523m4Own3FwtN06KCMqlxc
+luDJi27ghRzZ8bpB9fUujikC1rs1oWYRz/K+JSO1VItan+azm9AQRj+nNepjUiT4
+FjvRif+inC4392tcKuwrqiUFmLIggtFZdsLeKUL+hRGCRjY4BZw0d1sjjPtyVNUD
+UMVO8pxlCV0NU4Nmt3vulD4YshAXM+Y8yX/vPRnaNGoRrbRgCg2VORRGaZVjQMHD
+OLMvqM7pFKnVg0uiSbQ3xbQJ8WeX620zKI0So2+kZt9HoI+46gd7BdNfl7mmd6K7
+ydYKuI8=
+-----END CERTIFICATE-----

app/internal/http/test.key ADDED Viewed

	@@ -0,0 +1,27 @@

+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA5T3/gBP/p8MrITJkwwsXNQRULxkMkegpn7eDrlkVAvFEqqUR
+2G87CrhmzFgXSxx5Q8MCx2tP6SbSXWMC+rq7zafrFBDrQekp7qE68NfspLR09wpr
+6d8RrRYMpqYEH5PPEHZ0F8E1LWhRTvicFvu22kmIqc6lEnT8n4LCyW+EnOrTgBRc
+L9bUK1YJtkGDUmNjR8I347LVaMSoy1FIHqTkimTjRrw1yypF4E4xkKFHx6Wu5nT2
+wiUDq1+MgI4pOgNUGaSMnyb8afF9Xwx4ugrzczZUDveeOxLqr2p70oNWAhVCaJ/C
+LolRvs2jQDp/ZnjsBYma+riCgcm2dDd/Kh4iwwIDAQABAoIBABjiU/vJL/U8AFCI
+MdviNlCw+ZprM6wa8Xm+5/JjBR7epb+IT5mY6WXOgoon/c9PdfJfFswi3/fFGQy+
+FLK21nAKjEAPXho3fy/CHK3MIon2dMPkQ7aNWlPZkuH8H3J2DwIQeaWieW1GZ50U
+64yrIjwrw0P7hHuua0W9YfuPuWt29YpW5g6ilSRE0kdTzoB6TgMzlVRj6RWbxWLX
+erwYFesSpLPiQrozK2yywlQsvRV2AxTlf5woJyRTyCqcao5jNZOJJl0mqeGKNKbu
+1iYGtZl9aj1XIRxUt+JB2IMKNJasygIp+GRLUDCHKh8RVFwRlVaSNcWbfLDuyNWW
+T3lUEjECgYEA84mrs4TLuPfklsQM4WPBdN/2Ud1r0Zn/W8icHcVc/DCFXbcV4aPA
+g4yyyyEkyTac2RSbSp+rfUk/pJcG6CVjwaiRIPehdtcLIUP34EdIrwPrPT7/uWVA
+o/Hp1ANSILecknQXeE1qDlHVeGAq2k3vAQH2J0m7lMfar7QCBTMTMHcCgYEA8PkO
+Uj9+/LoHod2eb4raH29wntis31X5FX/C/8HlmFmQplxfMxpRckzDYQELdHvDggNY
+ZQo6pdE22MjCu2bk9AHa2ukMyieWm/mPe46Upr1YV2o5cWnfFFNa/LP2Ii/dWY5V
+rFNsHFnrnwcWymX7OKo0Xb8xYnKhKZJAFwSpXxUCgYBPMjXj6wtU20g6vwZxRT9k
+AnDXrmmhf7LK5jHefJAAcsbr8t3qwpWYMejypZSQ2nGnJkxZuBLMa0WHAJX+aCpI
+j8iiL+USAFxeNPwmswev4lZdVF9Uqtiad9DSYUIT4aHI/nejZ4lVnscMnjlRRIa0
+jS6/F/soJtW2zZLangFfgQKBgCOSAAUwDkSsCThhiGOasXv2bT9laI9HF4+O3m/2
+ZTfJ8Mo91GesuN0Qa77D8rbtFfz5FXFEw0d6zIfPir8y/xTtuSqbQCIPGfJIMl/g
+uhyq0oGE0pnlMOLFMyceQXTmb9wqYIchgVHmDBvbZgfWafEBXt1/vYB0v0ltpzw+
+menJAoGBAI0hx3+mrFgA+xJBEk4oexAlro1qbNWoR7BCmLQtd49jG3eZQu4JxWH2
+kh58AIXzLl0X9t4pfMYasYL6jBGvw+AqNdo2krpiL7MWEE8w8FP/wibzqmuloziB
+T7BZuCZjpcAM0IxLmQeeUK0LF0mihcqvssxveaet46mj7QoA7bGQ
+-----END RSA PRIVATE KEY-----

app/internal/proxymux/.mockery.yaml ADDED Viewed

	@@ -0,0 +1,12 @@

+with-expecter: true
+dir: internal/mocks
+outpkg: mocks
+packages:
+  net:
+    interfaces:
+      Listener:
+        config:
+          mockname: MockListener
+      Conn:
+        config:
+          mockname: MockConn

app/internal/proxymux/internal/mocks/mock_Conn.go ADDED Viewed

	@@ -0,0 +1,427 @@

+// Code generated by mockery v2.43.0. DO NOT EDIT.
+package mocks
+import (
+	net "net"
+	mock "github.com/stretchr/testify/mock"
+	time "time"
+)
+// MockConn is an autogenerated mock type for the Conn type
+type MockConn struct {
+	mock.Mock
+}
+type MockConn_Expecter struct {
+	mock *mock.Mock
+}
+func (_m *MockConn) EXPECT() *MockConn_Expecter {
+	return &MockConn_Expecter{mock: &_m.Mock}
+}
+// Close provides a mock function with given fields:
+func (_m *MockConn) Close() error {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for Close")
+	}
+	var r0 error
+	if rf, ok := ret.Get(0).(func() error); ok {
+		r0 = rf()
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+// MockConn_Close_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Close'
+type MockConn_Close_Call struct {
+	*mock.Call
+}
+// Close is a helper method to define mock.On call
+func (_e *MockConn_Expecter) Close() *MockConn_Close_Call {
+	return &MockConn_Close_Call{Call: _e.mock.On("Close")}
+}
+func (_c *MockConn_Close_Call) Run(run func()) *MockConn_Close_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockConn_Close_Call) Return(_a0 error) *MockConn_Close_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_Close_Call) RunAndReturn(run func() error) *MockConn_Close_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// LocalAddr provides a mock function with given fields:
+func (_m *MockConn) LocalAddr() net.Addr {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for LocalAddr")
+	}
+	var r0 net.Addr
+	if rf, ok := ret.Get(0).(func() net.Addr); ok {
+		r0 = rf()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(net.Addr)
+		}
+	}
+	return r0
+}
+// MockConn_LocalAddr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'LocalAddr'
+type MockConn_LocalAddr_Call struct {
+	*mock.Call
+}
+// LocalAddr is a helper method to define mock.On call
+func (_e *MockConn_Expecter) LocalAddr() *MockConn_LocalAddr_Call {
+	return &MockConn_LocalAddr_Call{Call: _e.mock.On("LocalAddr")}
+}
+func (_c *MockConn_LocalAddr_Call) Run(run func()) *MockConn_LocalAddr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockConn_LocalAddr_Call) Return(_a0 net.Addr) *MockConn_LocalAddr_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_LocalAddr_Call) RunAndReturn(run func() net.Addr) *MockConn_LocalAddr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// Read provides a mock function with given fields: b
+func (_m *MockConn) Read(b []byte) (int, error) {
+	ret := _m.Called(b)
+	if len(ret) == 0 {
+		panic("no return value specified for Read")
+	}
+	var r0 int
+	var r1 error
+	if rf, ok := ret.Get(0).(func([]byte) (int, error)); ok {
+		return rf(b)
+	}
+	if rf, ok := ret.Get(0).(func([]byte) int); ok {
+		r0 = rf(b)
+	} else {
+		r0 = ret.Get(0).(int)
+	}
+	if rf, ok := ret.Get(1).(func([]byte) error); ok {
+		r1 = rf(b)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+// MockConn_Read_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Read'
+type MockConn_Read_Call struct {
+	*mock.Call
+}
+// Read is a helper method to define mock.On call
+//   - b []byte
+func (_e *MockConn_Expecter) Read(b interface{}) *MockConn_Read_Call {
+	return &MockConn_Read_Call{Call: _e.mock.On("Read", b)}
+}
+func (_c *MockConn_Read_Call) Run(run func(b []byte)) *MockConn_Read_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run(args[0].([]byte))
+	})
+	return _c
+}
+func (_c *MockConn_Read_Call) Return(n int, err error) *MockConn_Read_Call {
+	_c.Call.Return(n, err)
+	return _c
+}
+func (_c *MockConn_Read_Call) RunAndReturn(run func([]byte) (int, error)) *MockConn_Read_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// RemoteAddr provides a mock function with given fields:
+func (_m *MockConn) RemoteAddr() net.Addr {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for RemoteAddr")
+	}
+	var r0 net.Addr
+	if rf, ok := ret.Get(0).(func() net.Addr); ok {
+		r0 = rf()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(net.Addr)
+		}
+	}
+	return r0
+}
+// MockConn_RemoteAddr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoteAddr'
+type MockConn_RemoteAddr_Call struct {
+	*mock.Call
+}
+// RemoteAddr is a helper method to define mock.On call
+func (_e *MockConn_Expecter) RemoteAddr() *MockConn_RemoteAddr_Call {
+	return &MockConn_RemoteAddr_Call{Call: _e.mock.On("RemoteAddr")}
+}
+func (_c *MockConn_RemoteAddr_Call) Run(run func()) *MockConn_RemoteAddr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockConn_RemoteAddr_Call) Return(_a0 net.Addr) *MockConn_RemoteAddr_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_RemoteAddr_Call) RunAndReturn(run func() net.Addr) *MockConn_RemoteAddr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// SetDeadline provides a mock function with given fields: t
+func (_m *MockConn) SetDeadline(t time.Time) error {
+	ret := _m.Called(t)
+	if len(ret) == 0 {
+		panic("no return value specified for SetDeadline")
+	}
+	var r0 error
+	if rf, ok := ret.Get(0).(func(time.Time) error); ok {
+		r0 = rf(t)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+// MockConn_SetDeadline_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetDeadline'
+type MockConn_SetDeadline_Call struct {
+	*mock.Call
+}
+// SetDeadline is a helper method to define mock.On call
+//   - t time.Time
+func (_e *MockConn_Expecter) SetDeadline(t interface{}) *MockConn_SetDeadline_Call {
+	return &MockConn_SetDeadline_Call{Call: _e.mock.On("SetDeadline", t)}
+}
+func (_c *MockConn_SetDeadline_Call) Run(run func(t time.Time)) *MockConn_SetDeadline_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run(args[0].(time.Time))
+	})
+	return _c
+}
+func (_c *MockConn_SetDeadline_Call) Return(_a0 error) *MockConn_SetDeadline_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_SetDeadline_Call) RunAndReturn(run func(time.Time) error) *MockConn_SetDeadline_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// SetReadDeadline provides a mock function with given fields: t
+func (_m *MockConn) SetReadDeadline(t time.Time) error {
+	ret := _m.Called(t)
+	if len(ret) == 0 {
+		panic("no return value specified for SetReadDeadline")
+	}
+	var r0 error
+	if rf, ok := ret.Get(0).(func(time.Time) error); ok {
+		r0 = rf(t)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+// MockConn_SetReadDeadline_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetReadDeadline'
+type MockConn_SetReadDeadline_Call struct {
+	*mock.Call
+}
+// SetReadDeadline is a helper method to define mock.On call
+//   - t time.Time
+func (_e *MockConn_Expecter) SetReadDeadline(t interface{}) *MockConn_SetReadDeadline_Call {
+	return &MockConn_SetReadDeadline_Call{Call: _e.mock.On("SetReadDeadline", t)}
+}
+func (_c *MockConn_SetReadDeadline_Call) Run(run func(t time.Time)) *MockConn_SetReadDeadline_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run(args[0].(time.Time))
+	})
+	return _c
+}
+func (_c *MockConn_SetReadDeadline_Call) Return(_a0 error) *MockConn_SetReadDeadline_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_SetReadDeadline_Call) RunAndReturn(run func(time.Time) error) *MockConn_SetReadDeadline_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// SetWriteDeadline provides a mock function with given fields: t
+func (_m *MockConn) SetWriteDeadline(t time.Time) error {
+	ret := _m.Called(t)
+	if len(ret) == 0 {
+		panic("no return value specified for SetWriteDeadline")
+	}
+	var r0 error
+	if rf, ok := ret.Get(0).(func(time.Time) error); ok {
+		r0 = rf(t)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+// MockConn_SetWriteDeadline_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetWriteDeadline'
+type MockConn_SetWriteDeadline_Call struct {
+	*mock.Call
+}
+// SetWriteDeadline is a helper method to define mock.On call
+//   - t time.Time
+func (_e *MockConn_Expecter) SetWriteDeadline(t interface{}) *MockConn_SetWriteDeadline_Call {
+	return &MockConn_SetWriteDeadline_Call{Call: _e.mock.On("SetWriteDeadline", t)}
+}
+func (_c *MockConn_SetWriteDeadline_Call) Run(run func(t time.Time)) *MockConn_SetWriteDeadline_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run(args[0].(time.Time))
+	})
+	return _c
+}
+func (_c *MockConn_SetWriteDeadline_Call) Return(_a0 error) *MockConn_SetWriteDeadline_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockConn_SetWriteDeadline_Call) RunAndReturn(run func(time.Time) error) *MockConn_SetWriteDeadline_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// Write provides a mock function with given fields: b
+func (_m *MockConn) Write(b []byte) (int, error) {
+	ret := _m.Called(b)
+	if len(ret) == 0 {
+		panic("no return value specified for Write")
+	}
+	var r0 int
+	var r1 error
+	if rf, ok := ret.Get(0).(func([]byte) (int, error)); ok {
+		return rf(b)
+	}
+	if rf, ok := ret.Get(0).(func([]byte) int); ok {
+		r0 = rf(b)
+	} else {
+		r0 = ret.Get(0).(int)
+	}
+	if rf, ok := ret.Get(1).(func([]byte) error); ok {
+		r1 = rf(b)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+// MockConn_Write_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Write'
+type MockConn_Write_Call struct {
+	*mock.Call
+}
+// Write is a helper method to define mock.On call
+//   - b []byte
+func (_e *MockConn_Expecter) Write(b interface{}) *MockConn_Write_Call {
+	return &MockConn_Write_Call{Call: _e.mock.On("Write", b)}
+}
+func (_c *MockConn_Write_Call) Run(run func(b []byte)) *MockConn_Write_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run(args[0].([]byte))
+	})
+	return _c
+}
+func (_c *MockConn_Write_Call) Return(n int, err error) *MockConn_Write_Call {
+	_c.Call.Return(n, err)
+	return _c
+}
+func (_c *MockConn_Write_Call) RunAndReturn(run func([]byte) (int, error)) *MockConn_Write_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// NewMockConn creates a new instance of MockConn. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockConn(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *MockConn {
+	mock := &MockConn{}
+	mock.Mock.Test(t)
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+	return mock
+}

app/internal/proxymux/internal/mocks/mock_Listener.go ADDED Viewed

	@@ -0,0 +1,185 @@

+// Code generated by mockery v2.43.0. DO NOT EDIT.
+package mocks
+import (
+	net "net"
+	mock "github.com/stretchr/testify/mock"
+)
+// MockListener is an autogenerated mock type for the Listener type
+type MockListener struct {
+	mock.Mock
+}
+type MockListener_Expecter struct {
+	mock *mock.Mock
+}
+func (_m *MockListener) EXPECT() *MockListener_Expecter {
+	return &MockListener_Expecter{mock: &_m.Mock}
+}
+// Accept provides a mock function with given fields:
+func (_m *MockListener) Accept() (net.Conn, error) {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for Accept")
+	}
+	var r0 net.Conn
+	var r1 error
+	if rf, ok := ret.Get(0).(func() (net.Conn, error)); ok {
+		return rf()
+	}
+	if rf, ok := ret.Get(0).(func() net.Conn); ok {
+		r0 = rf()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(net.Conn)
+		}
+	}
+	if rf, ok := ret.Get(1).(func() error); ok {
+		r1 = rf()
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+// MockListener_Accept_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Accept'
+type MockListener_Accept_Call struct {
+	*mock.Call
+}
+// Accept is a helper method to define mock.On call
+func (_e *MockListener_Expecter) Accept() *MockListener_Accept_Call {
+	return &MockListener_Accept_Call{Call: _e.mock.On("Accept")}
+}
+func (_c *MockListener_Accept_Call) Run(run func()) *MockListener_Accept_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockListener_Accept_Call) Return(_a0 net.Conn, _a1 error) *MockListener_Accept_Call {
+	_c.Call.Return(_a0, _a1)
+	return _c
+}
+func (_c *MockListener_Accept_Call) RunAndReturn(run func() (net.Conn, error)) *MockListener_Accept_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// Addr provides a mock function with given fields:
+func (_m *MockListener) Addr() net.Addr {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for Addr")
+	}
+	var r0 net.Addr
+	if rf, ok := ret.Get(0).(func() net.Addr); ok {
+		r0 = rf()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(net.Addr)
+		}
+	}
+	return r0
+}
+// MockListener_Addr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Addr'
+type MockListener_Addr_Call struct {
+	*mock.Call
+}
+// Addr is a helper method to define mock.On call
+func (_e *MockListener_Expecter) Addr() *MockListener_Addr_Call {
+	return &MockListener_Addr_Call{Call: _e.mock.On("Addr")}
+}
+func (_c *MockListener_Addr_Call) Run(run func()) *MockListener_Addr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockListener_Addr_Call) Return(_a0 net.Addr) *MockListener_Addr_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockListener_Addr_Call) RunAndReturn(run func() net.Addr) *MockListener_Addr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// Close provides a mock function with given fields:
+func (_m *MockListener) Close() error {
+	ret := _m.Called()
+	if len(ret) == 0 {
+		panic("no return value specified for Close")
+	}
+	var r0 error
+	if rf, ok := ret.Get(0).(func() error); ok {
+		r0 = rf()
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+// MockListener_Close_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Close'
+type MockListener_Close_Call struct {
+	*mock.Call
+}
+// Close is a helper method to define mock.On call
+func (_e *MockListener_Expecter) Close() *MockListener_Close_Call {
+	return &MockListener_Close_Call{Call: _e.mock.On("Close")}
+}
+func (_c *MockListener_Close_Call) Run(run func()) *MockListener_Close_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+func (_c *MockListener_Close_Call) Return(_a0 error) *MockListener_Close_Call {
+	_c.Call.Return(_a0)
+	return _c
+}
+func (_c *MockListener_Close_Call) RunAndReturn(run func() error) *MockListener_Close_Call {
+	_c.Call.Return(run)
+	return _c
+}
+// NewMockListener creates a new instance of MockListener. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockListener(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *MockListener {
+	mock := &MockListener{}
+	mock.Mock.Test(t)
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+	return mock
+}

app/internal/proxymux/manager.go ADDED Viewed

	@@ -0,0 +1,72 @@

+package proxymux
+import (
+	"net"
+	"sync"
+	"github.com/apernet/hysteria/extras/v2/correctnet"
+)
+type muxManager struct {
+	listeners map[string]*muxListener
+	lock      sync.Mutex
+}
+var globalMuxManager *muxManager
+func init() {
+	globalMuxManager = &muxManager{
+		listeners: make(map[string]*muxListener),
+	}
+}
+func (m *muxManager) GetOrCreate(address string) (*muxListener, error) {
+	key, err := m.canonicalizeAddrPort(address)
+	if err != nil {
+		return nil, err
+	}
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	if ml, ok := m.listeners[key]; ok {
+		return ml, nil
+	}
+	listener, err := correctnet.Listen("tcp", key)
+	if err != nil {
+		return nil, err
+	}
+	ml := newMuxListener(listener, func() {
+		m.lock.Lock()
+		defer m.lock.Unlock()
+		delete(m.listeners, key)
+	})
+	m.listeners[key] = ml
+	return ml, nil
+}
+func (m *muxManager) canonicalizeAddrPort(address string) (string, error) {
+	taddr, err := net.ResolveTCPAddr("tcp", address)
+	if err != nil {
+		return "", err
+	}
+	return taddr.String(), nil
+}
+func ListenHTTP(address string) (net.Listener, error) {
+	ml, err := globalMuxManager.GetOrCreate(address)
+	if err != nil {
+		return nil, err
+	}
+	return ml.ListenHTTP()
+}
+func ListenSOCKS(address string) (net.Listener, error) {
+	ml, err := globalMuxManager.GetOrCreate(address)
+	if err != nil {
+		return nil, err
+	}
+	return ml.ListenSOCKS()
+}

app/internal/proxymux/manager_test.go ADDED Viewed

	@@ -0,0 +1,110 @@

+package proxymux
+import (
+	"net"
+	"testing"
+	"time"
+	"github.com/stretchr/testify/assert"
+)
+func TestListenSOCKS(t *testing.T) {
+	address := "127.2.39.129:11081"
+	sl, err := ListenSOCKS(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	defer func() {
+		sl.Close()
+	}()
+	hl, err := ListenHTTP(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	defer hl.Close()
+	_, err = ListenSOCKS(address)
+	if !assert.ErrorIs(t, err, ErrProtocolInUse) {
+		return
+	}
+	sl.Close()
+	sl, err = ListenSOCKS(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+}
+func TestListenHTTP(t *testing.T) {
+	address := "127.2.39.129:11082"
+	hl, err := ListenHTTP(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	defer func() {
+		hl.Close()
+	}()
+	sl, err := ListenSOCKS(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	defer sl.Close()
+	_, err = ListenHTTP(address)
+	if !assert.ErrorIs(t, err, ErrProtocolInUse) {
+		return
+	}
+	hl.Close()
+	hl, err = ListenHTTP(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+}
+func TestRelease(t *testing.T) {
+	address := "127.2.39.129:11083"
+	hl, err := ListenHTTP(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	sl, err := ListenSOCKS(address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	if !assert.True(t, globalMuxManager.testAddressExists(address)) {
+		return
+	}
+	_, err = net.Listen("tcp", address)
+	if !assert.Error(t, err) {
+		return
+	}
+	hl.Close()
+	sl.Close()
+	// Wait for muxListener released
+	time.Sleep(time.Second)
+	if !assert.False(t, globalMuxManager.testAddressExists(address)) {
+		return
+	}
+	lis, err := net.Listen("tcp", address)
+	if !assert.NoError(t, err) {
+		return
+	}
+	defer lis.Close()
+}
+func (m *muxManager) testAddressExists(address string) bool {
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	_, ok := m.listeners[address]
+	return ok
+}

app/internal/proxymux/mux.go ADDED Viewed

	@@ -0,0 +1,320 @@

+package proxymux
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"sync"
+)
+func newMuxListener(listener net.Listener, deleteFunc func()) *muxListener {
+	l := &muxListener{
+		base:       listener,
+		acceptChan: make(chan net.Conn),
+		closeChan:  make(chan struct{}),
+		deleteFunc: deleteFunc,
+	}
+	go l.acceptLoop()
+	go l.mainLoop()
+	return l
+}
+type muxListener struct {
+	lock      sync.Mutex
+	base      net.Listener
+	acceptErr error
+	acceptChan chan net.Conn
+	closeChan  chan struct{}
+	socksListener *subListener
+	httpListener  *subListener
+	deleteFunc func()
+}
+func (l *muxListener) acceptLoop() {
+	defer close(l.acceptChan)
+	for {
+		conn, err := l.base.Accept()
+		if err != nil {
+			l.lock.Lock()
+			l.acceptErr = err
+			l.lock.Unlock()
+			return
+		}
+		select {
+		case <-l.closeChan:
+			return
+		case l.acceptChan <- conn:
+		}
+	}
+}
+func (l *muxListener) mainLoop() {
+	defer func() {
+		l.deleteFunc()
+		l.base.Close()
+		close(l.closeChan)
+		l.lock.Lock()
+		defer l.lock.Unlock()
+		if sl := l.httpListener; sl != nil {
+			close(sl.acceptChan)
+			l.httpListener = nil
+		}
+		if sl := l.socksListener; sl != nil {
+			close(sl.acceptChan)
+			l.socksListener = nil
+		}
+	}()
+	for {
+		var socksCloseChan, httpCloseChan chan struct{}
+		if l.httpListener != nil {
+			httpCloseChan = l.httpListener.closeChan
+		}
+		if l.socksListener != nil {
+			socksCloseChan = l.socksListener.closeChan
+		}
+		select {
+		case <-l.closeChan:
+			return
+		case conn, ok := <-l.acceptChan:
+			if !ok {
+				return
+			}
+			go l.dispatch(conn)
+		case <-socksCloseChan:
+			l.lock.Lock()
+			if socksCloseChan == l.socksListener.closeChan {
+				// not replaced by another ListenSOCKS()
+				l.socksListener = nil
+			}
+			l.lock.Unlock()
+			if l.checkIdle() {
+				return
+			}
+		case <-httpCloseChan:
+			l.lock.Lock()
+			if httpCloseChan == l.httpListener.closeChan {
+				// not replaced by another ListenHTTP()
+				l.httpListener = nil
+			}
+			l.lock.Unlock()
+			if l.checkIdle() {
+				return
+			}
+		}
+	}
+}
+func (l *muxListener) dispatch(conn net.Conn) {
+	var b [1]byte
+	if _, err := io.ReadFull(conn, b[:]); err != nil {
+		conn.Close()
+		return
+	}
+	l.lock.Lock()
+	var target *subListener
+	if b[0] == 5 {
+		target = l.socksListener
+	} else {
+		target = l.httpListener
+	}
+	l.lock.Unlock()
+	if target == nil {
+		conn.Close()
+		return
+	}
+	wconn := &connWithOneByte{Conn: conn, b: b[0]}
+	select {
+	case <-target.closeChan:
+	case target.acceptChan <- wconn:
+	}
+}
+func (l *muxListener) checkIdle() bool {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	return l.httpListener == nil && l.socksListener == nil
+}
+func (l *muxListener) getAndClearAcceptError() error {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	if l.acceptErr == nil {
+		return nil
+	}
+	err := l.acceptErr
+	l.acceptErr = nil
+	return err
+}
+func (l *muxListener) ListenHTTP() (net.Listener, error) {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	if l.httpListener != nil {
+		subListenerPendingClosed := false
+		select {
+		case <-l.httpListener.closeChan:
+			subListenerPendingClosed = true
+		default:
+		}
+		if !subListenerPendingClosed {
+			return nil, OpErr{
+				Addr:     l.base.Addr(),
+				Protocol: "http",
+				Op:       "bind-protocol",
+				Err:      ErrProtocolInUse,
+			}
+		}
+		l.httpListener = nil
+	}
+	select {
+	case <-l.closeChan:
+		return nil, net.ErrClosed
+	default:
+	}
+	sl := newSubListener(l.getAndClearAcceptError, l.base.Addr)
+	l.httpListener = sl
+	return sl, nil
+}
+func (l *muxListener) ListenSOCKS() (net.Listener, error) {
+	l.lock.Lock()
+	defer l.lock.Unlock()
+	if l.socksListener != nil {
+		subListenerPendingClosed := false
+		select {
+		case <-l.socksListener.closeChan:
+			subListenerPendingClosed = true
+		default:
+		}
+		if !subListenerPendingClosed {
+			return nil, OpErr{
+				Addr:     l.base.Addr(),
+				Protocol: "socks",
+				Op:       "bind-protocol",
+				Err:      ErrProtocolInUse,
+			}
+		}
+		l.socksListener = nil
+	}
+	select {
+	case <-l.closeChan:
+		return nil, net.ErrClosed
+	default:
+	}
+	sl := newSubListener(l.getAndClearAcceptError, l.base.Addr)
+	l.socksListener = sl
+	return sl, nil
+}
+func newSubListener(acceptErrorFunc func() error, addrFunc func() net.Addr) *subListener {
+	return &subListener{
+		acceptChan:      make(chan net.Conn),
+		acceptErrorFunc: acceptErrorFunc,
+		closeChan:       make(chan struct{}),
+		addrFunc:        addrFunc,
+	}
+}
+type subListener struct {
+	// receive connections or closure from upstream
+	acceptChan chan net.Conn
+	// get an error of Accept() from upstream
+	acceptErrorFunc func() error
+	// notify upstream that we are closed
+	closeChan chan struct{}
+	// Listener.Addr() implementation of base listener
+	addrFunc func() net.Addr
+}
+func (l *subListener) Accept() (net.Conn, error) {
+	select {
+	case <-l.closeChan:
+		// closed by ourselves
+		return nil, net.ErrClosed
+	case conn, ok := <-l.acceptChan:
+		if !ok {
+			// closed by upstream
+			if acceptErr := l.acceptErrorFunc(); acceptErr != nil {
+				return nil, acceptErr
+			}
+			return nil, net.ErrClosed
+		}
+		return conn, nil
+	}
+}
+func (l *subListener) Addr() net.Addr {
+	return l.addrFunc()
+}
+// Close implements net.Listener.Close.
+// Upstream should use close(l.acceptChan) instead.
+func (l *subListener) Close() error {
+	select {
+	case <-l.closeChan:
+		return nil
+	default:
+	}
+	close(l.closeChan)
+	return nil
+}
+// connWithOneByte is a net.Conn that returns b for the first read
+// request, then forwards everything else to Conn.
+type connWithOneByte struct {
+	net.Conn
+	b     byte
+	bRead bool
+}
+func (c *connWithOneByte) Read(bs []byte) (int, error) {
+	if c.bRead {
+		return c.Conn.Read(bs)
+	}
+	if len(bs) == 0 {
+		return 0, nil
+	}
+	c.bRead = true
+	bs[0] = c.b
+	return 1, nil
+}
+type OpErr struct {
+	Addr     net.Addr
+	Protocol string
+	Op       string
+	Err      error
+}
+func (m OpErr) Error() string {
+	return fmt.Sprintf("mux-listen: %s[%s]: %s: %v", m.Addr, m.Protocol, m.Op, m.Err)
+}
+func (m OpErr) Unwrap() error {
+	return m.Err
+}
+var ErrProtocolInUse = errors.New("protocol already in use")

app/internal/proxymux/mux_test.go ADDED Viewed

	@@ -0,0 +1,154 @@

+package proxymux
+import (
+	"bytes"
+	"net"
+	"sync"
+	"testing"
+	"time"
+	"github.com/apernet/hysteria/app/v2/internal/proxymux/internal/mocks"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+//go:generate mockery
+func testMockListener(t *testing.T, connChan <-chan net.Conn) net.Listener {
+	closedChan := make(chan struct{})
+	mockListener := mocks.NewMockListener(t)
+	mockListener.EXPECT().Accept().RunAndReturn(func() (net.Conn, error) {
+		select {
+		case <-closedChan:
+			return nil, net.ErrClosed
+		case conn, ok := <-connChan:
+			if !ok {
+				panic("unexpected closed channel (connChan)")
+			}
+			return conn, nil
+		}
+	})
+	mockListener.EXPECT().Close().RunAndReturn(func() error {
+		select {
+		case <-closedChan:
+		default:
+			close(closedChan)
+		}
+		return nil
+	})
+	return mockListener
+}
+func testMockConn(t *testing.T, b []byte) net.Conn {
+	buf := bytes.NewReader(b)
+	isClosed := false
+	mockConn := mocks.NewMockConn(t)
+	mockConn.EXPECT().Read(mock.Anything).RunAndReturn(func(b []byte) (int, error) {
+		if isClosed {
+			return 0, net.ErrClosed
+		}
+		return buf.Read(b)
+	})
+	mockConn.EXPECT().Close().RunAndReturn(func() error {
+		isClosed = true
+		return nil
+	})
+	return mockConn
+}
+func TestMuxHTTP(t *testing.T) {
+	connChan := make(chan net.Conn)
+	mockListener := testMockListener(t, connChan)
+	mockConn := testMockConn(t, []byte("CONNECT example.com:443 HTTP/1.1\r\n\r\n"))
+	mux := newMuxListener(mockListener, func() {})
+	hl, err := mux.ListenHTTP()
+	if !assert.NoError(t, err) {
+		return
+	}
+	sl, err := mux.ListenSOCKS()
+	if !assert.NoError(t, err) {
+		return
+	}
+	connChan <- mockConn
+	var socksConn, httpConn net.Conn
+	var socksErr, httpErr error
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		socksConn, socksErr = sl.Accept()
+		wg.Done()
+	}()
+	go func() {
+		httpConn, httpErr = hl.Accept()
+		wg.Done()
+	}()
+	time.Sleep(time.Second)
+	sl.Close()
+	hl.Close()
+	wg.Wait()
+	assert.Nil(t, socksConn)
+	assert.ErrorIs(t, socksErr, net.ErrClosed)
+	assert.NotNil(t, httpConn)
+	httpConn.Close()
+	assert.NoError(t, httpErr)
+	// Wait for muxListener released
+	<-mux.acceptChan
+}
+func TestMuxSOCKS(t *testing.T) {
+	connChan := make(chan net.Conn)
+	mockListener := testMockListener(t, connChan)
+	mockConn := testMockConn(t, []byte{0x05, 0x02, 0x00, 0x01}) // SOCKS5 Connect Request: NOAUTH+GSSAPI
+	mux := newMuxListener(mockListener, func() {})
+	hl, err := mux.ListenHTTP()
+	if !assert.NoError(t, err) {
+		return
+	}
+	sl, err := mux.ListenSOCKS()
+	if !assert.NoError(t, err) {
+		return
+	}
+	connChan <- mockConn
+	var socksConn, httpConn net.Conn
+	var socksErr, httpErr error
+	var wg sync.WaitGroup
+	wg.Add(2)
+	go func() {
+		socksConn, socksErr = sl.Accept()
+		wg.Done()
+	}()
+	go func() {
+		httpConn, httpErr = hl.Accept()
+		wg.Done()
+	}()
+	time.Sleep(time.Second)
+	sl.Close()
+	hl.Close()
+	wg.Wait()
+	assert.NotNil(t, socksConn)
+	socksConn.Close()
+	assert.NoError(t, socksErr)
+	assert.Nil(t, httpConn)
+	assert.ErrorIs(t, httpErr, net.ErrClosed)
+	// Wait for muxListener released
+	<-mux.acceptChan
+}

app/internal/redirect/getsockopt_linux.go ADDED Viewed

	@@ -0,0 +1,17 @@

+//go:build !386
+// +build !386
+package redirect
+import (
+	"syscall"
+	"unsafe"
+)
+func getsockopt(s, level, name uintptr, val unsafe.Pointer, vallen *uint32) (err error) {
+	_, _, e := syscall.Syscall6(syscall.SYS_GETSOCKOPT, s, level, name, uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}

app/internal/redirect/getsockopt_linux_386.go ADDED Viewed

	@@ -0,0 +1,23 @@

+package redirect
+import (
+	"syscall"
+	"unsafe"
+)
+const (
+	sysGetsockopt = 15
+)
+// On 386 we cannot call socketcall with syscall.Syscall6, as it always fails with EFAULT.
+// Use our own syscall.socketcall hack instead.
+func syscall_socketcall(call int, a0, a1, a2, a3, a4, a5 uintptr) (n int, err syscall.Errno)
+func getsockopt(s, level, name uintptr, val unsafe.Pointer, vallen *uint32) (err error) {
+	_, e := syscall_socketcall(sysGetsockopt, s, level, name, uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+	if e != 0 {
+		err = e
+	}
+	return
+}