add hysteria

misc
taamarin · Jun 21, 2024 · 3dfc40b · 3dfc40b
1 parent 36b3507
commit 3dfc40b
Show file tree

Hide file tree

Showing 7 changed files with 159 additions and 58 deletions.
diff --git a/box/hysteria/config.yaml b/box/hysteria/config.yaml
@@ -0,0 +1,22 @@
+server: your.domain.net:443
+auth: some_password
+tls:
+ sni: your.domain.net
+# insecure: false
+# pinSHA256: BA:88:45:17:A1...
+# ca: custom_ca.crt
+bandwidth:
+ up: 20 mbps
+ down: 100 mbps
+
+lazy: true
+
+socks5:
+ listen: 127.0.0.1:1080
+http:
+ listen: 127.0.0.1:7080
+
+tcpTProxy:
+ listen: :9898
+udpTProxy:
+ listen: :9898
diff --git a/box/scripts/box.iptables b/box/scripts/box.iptables
@@ -40,7 +40,7 @@ case "${bin_name}" in
  fake_ip_range=$(find ${box_dir}/sing-box/ -maxdepth 1 -type f -name "*.json" -exec busybox awk -F'"' '/inet4_range/ {print $4}' {} +)
  fake_ip6_range=$(find ${box_dir}/sing-box/ -maxdepth 1 -type f -name "*.json" -exec busybox awk -F'"' '/inet6_range/ {print $4}' {} +)
  ;;
- "xray" | "v2fly")
+ "xray" | "v2fly" | "hysteria" )
  if [[ "${network_mode}" != "tproxy" ]]; then
  log Error "$bin_name does not support network_mode: $network_mode"
  exit 1
@@ -177,6 +177,9 @@ intranet6+=($(ip -6 a | busybox awk '/inet6/ {print $2}' | busybox grep -vE "^fe
 forward() {
  ${iptables} $1 FORWARD -i "${tun_device}" -j ACCEPT
  ${iptables} $1 FORWARD -o "${tun_device}" -j ACCEPT
+
+ sysctl -w net.ipv4.conf.default.rp_filter=2
+ sysctl -w net.ipv4.conf.all.rp_filter=2
 } >> /dev/null 2>&1
 
 # box redirect
@@ -197,16 +200,7 @@ start_redirect() {
  # ${iptables} -t nat -A BOX_LOCAL -p udp --dport 53 -j REDIRECT --to-ports "${redir_port}"
  fi
 
- # Fix ICMP (ping)
- # This does not guarantee that the ping result is valid
- # Just that it returns a result
- # "--to-destination" can be set to a reachable address.
- # if [ -n "${fake_ip_range}" ]; then
- # ${iptables} -t nat -A BOX_EXTERNAL -d "${fake_ip_range}" -p icmp -j DNAT --to-destination 127.0.0.1
- # ${iptables} -t nat -A BOX_LOCAL -d "${fake_ip_range}" -p icmp -j DNAT --to-destination 127.0.0.1
- # fi
-
-# Allow access to intranet subnets
+ # Allow access to intranet subnets
  for subnet in "${intranet[@]}"; do
  ${iptables} -t nat -A BOX_EXTERNAL -d "${subnet}" -m comment --comment "Allow access to intranet subnet ${subnet}" -j RETURN
  ${iptables} -t nat -A BOX_LOCAL -d "${subnet}" -m comment --comment "Allow access to intranet subnet ${subnet}" -j RETURN
@@ -354,12 +348,14 @@ start_tproxy() {
 
  # Skip traffic already handled by TProxy
  # If the interface of the default route has a public IPv4 or IPv6 address assigned by the ISP, omitting these rules will result in abnormal proxy behavior for local traffic, which may cause the entire network to run slower
- # [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_EXTERNAL -p tcp -m socket --transparent -j MARK --set-mark ${fwmark}
- # ${iptables} -t mangle -A BOX_EXTERNAL -p udp -m socket --transparent -j MARK --set-mark ${fwmark}
- # ${iptables} -t mangle -A BOX_EXTERNAL -m socket -j RETURN
+ if [[ "${bin_name}" == @(xray|v2fly|clash|hysteria) ]]; then
+ [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_EXTERNAL -p tcp -m socket --transparent -j MARK --set-mark ${fwmark}
+ ${iptables} -t mangle -A BOX_EXTERNAL -p udp -m socket --transparent -j MARK --set-mark ${fwmark}
+ ${iptables} -t mangle -A BOX_EXTERNAL -m socket -j RETURN
+ fi
 
  # Bypass intranet
- if [ "${bin_name}" = "clash" ] ; then
+ if [[ "${bin_name}" == @(clash|hysteria) ]]; then
  [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_EXTERNAL -p tcp --dport 53 -j RETURN
  ${iptables} -t mangle -A BOX_EXTERNAL -p udp --dport 53 -j RETURN
  else
@@ -415,7 +411,7 @@ start_tproxy() {
  fi
 
  # Bypass intranet Clash
- if [ "${bin_name}" = "clash" ]; then
+ if [[ "${bin_name}" == @(clash|hysteria) ]]; then
  [ ${network_mode} = "enhance" ] || ${iptables} -t mangle -A BOX_LOCAL -p tcp --dport 53 -j RETURN
  ${iptables} -t mangle -A BOX_LOCAL -p udp --dport 53 -j RETURN
  else
@@ -613,7 +609,7 @@ cleanup_iptables() {
  } >> /dev/null 2>&1
 
  if [ "${iptables}" = "$IP6V" ]; then
- ${iptables} -D OUTPUT -p udp --destination-port 53 -j DROP
+ ${iptables} -D OUTPUT -p udp --destination-port 53 -j DROP >> /dev/null 2>&1
  fi
  done
 }

diff --git a/box/scripts/box.service b/box/scripts/box.service
@@ -116,8 +116,8 @@ box_check_bin() {
  exit 1
  fi
  case "${bin_name}" in
- clash) version_output=$("${bin_path}" -v) >/dev/null 2>&1 || return 1 ;;
- *) version_output=$("${bin_path}" version) >/dev/null 2>&1 || return 1 ;;
+ clash) version_output=$("${bin_path}" -v) >/dev/null 2>&1 || return 1;;
+ *) version_output=$("${bin_path}" version) >/dev/null 2>&1 || return 1;;
  esac
  log Info "${version_output}"
 }
@@ -138,17 +138,17 @@ box_create_tun() {
 prepare_singbox() {
  # Check configuration file
  if ! [ -f "${sing_config}" ]; then
- log Error "configuration file ${sing_config} not found"
+ log Error "Configuration file ${sing_config} not found"
  exit 1
  else
- log Info "config ${sing_config}"
+ log Info "Config ${sing_config} found"
  fi
 
  # Check yq
  yq="yq"
  if ! command -v yq &>/dev/null; then
  if [ ! -e "${box_dir}/bin/yq" ]; then
- log Debug "yq file not found, start to download from github"
+ log Debug "yq file not found, starting download from GitHub"
  ${scripts_dir}/box.tool upyq
  fi
  yq="${box_dir}/bin/yq"
@@ -165,8 +165,23 @@ prepare_singbox() {
  # Check if "type" is "tun" in configuration
  if ! busybox grep -q '"type": "tun"' "${sing_config}"; then
  # Add "tun" configuration if missing
- ${yq} '.inbounds += [{"type": "tun","tag": "tun-in","interface_name": "utun","inet4_address": "172.19.0.1/30","inet6_address": "fdfe:dcba:9876::1/126","mtu": 9000,"stack": "system","auto_route": true,"strict_route": false,"inet4_route_exclude_address": ["192.168.0.0/16"],"inet6_route_exclude_address": ["fc00::/7"],"sniff": true,"sniff_override_destination": false,"include_android_user": [0,10],"include_package": [],"exclude_package": []}]' -i --output-format=json "${sing_config}"
- log Debug "[Tun] configuration has been added to ${sing_config}"
+ ${yq} '.inbounds += [{
+ "type": "tun",
+ "tag": "tun-in",
+ "interface_name": "utun",
+ "address": ["172.18.0.1/30","fdfe:dcba:9876::1/126"],
+ "mtu": 9000,
+ "stack": "system",
+ "auto_route": true,
+ "strict_route": false,
+ "route_exclude_address": ["192.168.0.0/16","fc00::/7"],
+ "sniff": true,
+ "sniff_override_destination": false,
+ "include_android_user": [0,10],
+ "include_package": [],
+ "exclude_package": []
+ }]' -i --output-format=json "${sing_config}"
+ log Debug "[Tun] configuration added to ${sing_config}"
  fi
  else
  # Set auto_route to false for non-"tun" network_mode
@@ -177,15 +192,24 @@ prepare_singbox() {
  # Check if "type" is "tproxy" in configuration
  if ! busybox grep -q '"type": "tproxy"' "${sing_config}"; then
  # Add "tproxy" configuration if missing
- ${yq} '.inbounds += [{"type": "tproxy", "tag": "tproxy-in", "listen": "::", "listen_port": '"${tproxy_port}"', "sniff": true, "sniff_override_destination": false}]' -i --output-format=json "${sing_config}"
- log Debug "[Tproxy] configuration has been added to ${sing_config}"
+ ${yq} '.inbounds += [{
+ "type": "tproxy",
+ "tag": "tproxy-in",
+ "listen": "::",
+ "listen_port": '"${tproxy_port}"',
+ "sniff": true,
+ "sniff_override_destination": false
+ }]' -i --output-format=json "${sing_config}"
+ log Debug "[Tproxy] configuration added to ${sing_config}"
  fi
 
- # Sync tproxy port sing-box
+ # del tun
+ ${yq} 'del(.inbounds[] | select(.type == "tun"))' -i --output-format=json "${sing_config}"
+
+ # Sync tproxy port in sing-box configuration
  for file in "${box_dir}/sing-box/"*.json; do
- tproxy=$(sed -n 's/.*"type": "\(tproxy\)".*/\1/p' "${file}")
- if [ -n "${tproxy}" ]; then
- ${yq} -o=json "(.inbounds[]? | select(.type == \"tproxy\") | .listen_port) = ${tproxy_port}" -i --output-format=json "${file}"
+ if busybox grep -q '"type": "tproxy"' "${file}"; then
+ ${yq} '(.inbounds[] | select(.type == "tproxy") | .listen_port) = '"${tproxy_port}" -i --output-format=json "${file}"
  fi
  done
  fi
@@ -202,13 +226,27 @@ prepare_singbox() {
  if [[ "${network_mode}" == @(mixed|enhance|redirect) ]]; then
  if ! busybox grep -q '"type": "redirect"' "${sing_config}"; then
  # Add "redirect" configuration if missing
- ${yq} '.inbounds += [{"type": "redirect","tag": "redirect-in","listen": "::","listen_port": '"${redir_port}"',"sniff": true,"sniff_override_destination": false}]' -i --output-format=json "${sing_config}"
- log Debug "[Redirect] configuration has been added to ${sing_config}"
+ ${yq} '.inbounds += [{
+ "type": "redirect",
+ "tag": "redirect-in",
+ "listen": "::",
+ "listen_port": '"${redir_port}"',
+ "sniff": true,
+ "sniff_override_destination": false
+ }]' -i --output-format=json "${sing_config}"
+ log Debug "[Redirect] configuration added to ${sing_config}"
  fi
+
+ # Sync redir_port port in sing-box configuration
+ for file in "${box_dir}/sing-box/"*.json; do
+ if busybox grep -q '"type": "redirect"' "${file}"; then
+ ${yq} '(.inbounds[] | select(.type == "redirect") | .listen_port) = '"${redir_port}" -i --output-format=json "${file}"
+ fi
+ done
  fi
  else
  log Error "$(<"${box_run}/${bin_name}.log")"
- log Error "configuration failed. Please check the ${box_run}/${bin_name}.log file."
+ log Error "Configuration failed. Please check the ${box_run}/${bin_name}.log file."
  exit 1
  fi
 }
@@ -317,6 +355,16 @@ box_run_bin() {
  # Use ulimit to limit the memory usage of a process to 200MB
  # ulimit -v 200000 # Set the virtual memory limit in KB
  case "${bin_name}" in
+ hysteria)
+ # set network_mode variable value to "tproxy"
+ if [[ "${network_mode}" != "tproxy" ]]; then
+ sed -i 's/\(network_mode=\)\"[^\"]*\"/\1"tproxy"/g' ${settings}
+ fi
+ nohup busybox setuidgid ${box_user_group} ${bin_path} -c ${box_dir}/${bin_name}/config.yaml > "${bin_log}" 2>&1 &
+ PID=$!
+ echo -n $PID > "${box_pid}"
+ sleep 1
+ ;;
  sing-box)
  prepare_singbox
  if ${bin_path} check -D "${box_dir}/${bin_name}" -C "${box_dir}/${bin_name}" > "${box_run}/${bin_name}.log" 2>&1; then
@@ -553,7 +601,7 @@ start_box() {
 
  # Checks if bin_name is defined
  case "${bin_name}" in
- clash|xray|sing-box|v2fly)
+ clash|xray|sing-box|v2fly|hysteria)
  log Info "Good day"
  [ "${bin_name}" = "clash" ] && {
  xclash || exit 1

diff --git a/box/scripts/box.tool b/box/scripts/box.tool
@@ -43,7 +43,7 @@ upfile() {
 # Restart the binary, after stopping and running again
 restart_box() {
  "${scripts_dir}/box.service" restart
- # PIDS=("clash" "xray" "sing-box" "v2fly")
+ # PIDS=("clash" "xray" "sing-box" "v2fly" "hysteria")
  PIDS=(${bin_name})
  PID=""
  i=0
@@ -98,6 +98,9 @@ check() {
  log Error "$(<"${box_run}/${bin_name}_report.log")" >&2
  fi
  ;;
+ hysteria)
+ true
+ ;;
  *)
  log Error "<${bin_name}> unknown binary."
  exit 1
@@ -145,7 +148,7 @@ reload() {
  return 1
  fi
  ;;
- "xray"|"v2fly")
+ "xray"|"v2fly"|"hysteria")
  if [ -f "${box_pid}" ]; then
  if kill -0 "$(<"${box_pid}" 2>/dev/null)"; then
  restart_box
@@ -315,7 +318,7 @@ upsubs() {
  return 0
  fi
  ;;
- "xray"|"v2fly"|"sing-box")
+ "xray"|"v2fly"|"sing-box"|"hysteria")
  log Warning "${bin_name} does not support subscriptions.."
  return 1
  ;;
@@ -396,7 +399,10 @@ upkernel() {
  download_link="https://github.com/$(if [ "${bin_name}" = "xray" ]; then echo "XTLS/Xray-core/releases"; else echo "v2fly/v2ray-core/releases"; fi)"
  log Debug "Downloading ${download_link}/download/${latest_version}/${download_file}"
  upfile "${box_dir}/${file_kernel}.zip" "${download_link}/download/${latest_version}/${download_file}" && xkernel
- ;;
+ ;;
+ "hysteria")
+ true
+ ;;
  *)
  log Error "<${bin_name}> unknown binary."
  exit 1
@@ -471,6 +477,9 @@ xkernel() {
  fi
  rm -rf "${bin_dir}/update"
  ;;
+ "hysteria")
+ true
+ ;;
  *)
  log Error "<${bin_name}> unknown binary."
  exit 1
@@ -672,16 +681,40 @@ touch -n > $path_webroot
  fi
 }
 
-bond1() {
- su -mm -c "cmd wifi force-low-latency-mode enabled"
- su -mm -c "sysctl -w net.ipv4.tcp_low_latency=1"
- su -mm -c "ip link set dev wlan0 txqueuelen 4000"
+bond0() {
+ # Menonaktifkan mode low latency untuk TCP
+ sysctl -w net.ipv4.tcp_low_latency=0 >/dev/null 2>&1
+ log Debug "tcp low latency: 0"
+
+ # Mengatur panjang antrian transmisi (txqueuelen) menjadi 3000 untuk semua interface wireless (wlan*)
+ for dev in /sys/class/net/wlan*; do ip link set dev $(basename $dev) txqueuelen 3000; done
+ log Debug "wlan* txqueuelen: 3000"
+
+ # Mengatur panjang antrian transmisi (txqueuelen) menjadi 1000 untuk semua interface rmnet_data*
+ for txqueuelen in /sys/class/net/rmnet_data*; do txqueuelen_name=$(basename $txqueuelen); ip link set dev $txqueuelen_name txqueuelen 1000; done
+ log Debug "rmnet_data* txqueuelen: 1000"
+
+ # Mengatur MTU (Maximum Transmission Unit) menjadi 1500 untuk semua interface rmnet_data*
+ for mtu in /sys/class/net/rmnet_data*; do mtu_name=$(basename $mtu); ip link set dev $mtu_name mtu 1500; done
+ log Debug "rmnet_data* mtu: 1500"
 }
 
-bond0() {
- su -mm -c "cmd wifi force-low-latency-mode disabled"
- su -mm -c "sysctl -w net.ipv4.tcp_low_latency=0"
- su -mm -c "ip link set dev wlan0 txqueuelen 3000"
+bond1() {
+ # Mengaktifkan mode low latency untuk TCP
+ sysctl -w net.ipv4.tcp_low_latency=1 >/dev/null 2>&1
+ log Debug "tcp low latency: 1"
+
+ # Mengatur panjang antrian transmisi (txqueuelen) menjadi 4000 untuk semua interface wireless (wlan*)
+ for dev in /sys/class/net/wlan*; do ip link set dev $(basename $dev) txqueuelen 4000; done
+ log Debug "wlan* txqueuelen: 4000"
+
+ # Mengatur panjang antrian transmisi (txqueuelen) menjadi 2000 untuk semua interface rmnet_data*
+ for txqueuelen in /sys/class/net/rmnet_data*; do txqueuelen_name=$(basename $txqueuelen); ip link set dev $txqueuelen_name txqueuelen 2000; done
+ log Debug "rmnet_data* txqueuelen: 2000"
+
+ # Mengatur MTU (Maximum Transmission Unit) menjadi 9000 untuk semua interface rmnet_data*
+ for mtu in /sys/class/net/rmnet_data*; do mtu_name=$(basename $mtu); ip link set dev $mtu_name mtu 9000; done
+ log Debug "rmnet_data* mtu: 9000"
 }
 
 case "$1" in

diff --git a/box/settings.ini b/box/settings.ini
@@ -21,7 +21,7 @@ port_detect="false"
 ipv6="false"
 
 # list of available kernel binaries
-bin_list=( "clash" "sing-box" "xray" "v2fly" )
+bin_list=( "clash" "sing-box" "xray" "v2fly" "hysteria" )
 
 # for run and download premium or mihomo
 # put kernel premium and mihomo into /data/adb/box/bin directory
@@ -49,9 +49,9 @@ packages_list=()
 # The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command
 gid_list=()
 
-# Display AP info by typing "ifconfig" in terminal
+# Display AP info by typing "su -c ifconfig" in terminal "swlan+" "wlan+" "rndis+"
 ap_list=( "ap+" "wlan+" "rndis+" "swlan+" )
-# Ignore AP in the out list
+# Ignore AP in the out list, doesn't work in fake-ip mode
 ignore_out_list=()
 
 # Set cgroup to limit memory usage
@@ -119,11 +119,11 @@ blue="\033[1;34m"
 
 # eg: notify $title $content
 notify() {
-  # using Xposed edge app toast
-  am start -a android.intent.action.VIEW -n com.jozein.xedgepro/.ui.ActivityPerformAction --ei __0 111 --es __1 "$2" >/dev/null 2>&1
- 
-  # using system notification
-  # su -lp "2000" -c "cmd notification post -S messaging --conversation '$1' --message '$1':'$2' 'Tag' '$(echo $RANDOM)' " >/dev/null 2>&1
+ # using Xposed edge app toast
+ am start -a android.intent.action.VIEW -n com.jozein.xedgepro/.ui.ActivityPerformAction --ei __0 111 --es __1 "$2" >/dev/null 2>&1
+
+ # using system notification
+ # su -lp "2000" -c "cmd notification post -S messaging --conversation '$1' --message '$1':'$2' 'Tag' '$(echo $RANDOM)' " >/dev/null 2>&1
 }
 
 log() {