Add port hopping for hysteria2

docs/configuration/inbound/hysteria2.md

@@ -4,7 +4,8 @@ icon: material/alert-decagram
 
 !!! quote "Changes in sing-box 1.11.0"
 
-    :material-alert: [masquerade](#masquerade)
+    :material-alert: [masquerade](#masquerade)  
+    :material-alert: [ignore_client_bandwidth](#ignore_client_bandwidth)
 
 ### Structure
 
@@ -75,9 +76,13 @@ Authentication password
 
 #### ignore_client_bandwidth
 
-Commands the client to use the BBR flow control algorithm instead of Hysteria CC.
+*When `up_mbps` and `down_mbps` are not set*:
 
-Conflict with `up_mbps` and `down_mbps`.
+Commands clients to use the BBR CC instead of Hysteria CC.
+
+*When `up_mbps` and `down_mbps` are set*:
+
+Deny clients to use the BBR CC.
 
 #### tls
 

docs/configuration/inbound/hysteria2.zh.md

@@ -4,7 +4,8 @@ icon: material/alert-decagram
 
 !!! quote "sing-box 1.11.0 中的更改"
 
-    :material-alert: [masquerade](#masquerade)
+    :material-alert: [masquerade](#masquerade)  
+    :material-alert: [ignore_client_bandwidth](#ignore_client_bandwidth)
 
 ### 结构
 
@@ -72,9 +73,13 @@ Hysteria 用户
 
 #### ignore_client_bandwidth
 
+*当 `up_mbps` 和 `down_mbps` 未设定时*:
+
 命令客户端使用 BBR 拥塞控制算法而不是 Hysteria CC。
 
-与 `up_mbps` 和 `down_mbps` 冲突。
+*当 `up_mbps` 和 `down_mbps` 已设定时*:
+
+禁止客户端使用 BBR 拥塞控制算法。
 
 #### tls
 

docs/configuration/outbound/hysteria2.md

@@ -1,3 +1,12 @@
+---
+icon: material/new-box
+---
+
+!!! quote "Changes in sing-box 1.11.0"
+
+    :material-plus: [server_ports](#server_ports)  
+    :material-plus: [hop_interval](#hop_interval)
+
 ### Structure
 
 ```json
@@ -7,6 +16,10 @@
   
   "server": "127.0.0.1",
   "server_port": 1080,
+  "server_ports": [
+    "2080:3000"
+  ],
+  "hop_interval": "",
   "up_mbps": 100,
   "down_mbps": 100,
   "obfs": {
@@ -22,6 +35,10 @@
 }
 ```
 
+!!! note ""
+
+    You can ignore the JSON Array [] tag when the content is only one item
+
 !!! warning "Difference from official Hysteria2"
 
     The official Hysteria2 supports an authentication method called **userpass**,
@@ -44,6 +61,24 @@ The server address.
 
 The server port.
 
+Ignored if `server_ports` is set.
+
+#### server_ports
+
+!!! question "Since sing-box 1.11.0"
+
+Server port range list.
+
+Conflicts with `server_port`.
+
+#### hop_interval
+
+!!! question "Since sing-box 1.11.0"
+
+Port hopping interval.
+
+`30s` is used by default.
+
 #### up_mbps, down_mbps
 
 Max bandwidth, in Mbps.

docs/configuration/outbound/hysteria2.zh.md

@@ -1,3 +1,12 @@
+---
+icon: material/new-box
+---
+
+!!! quote "sing-box 1.11.0 中的更改"
+
+    :material-plus: [server_ports](#server_ports)  
+    :material-plus: [hop_interval](#hop_interval)
+
 ### 结构
 
 ```json
@@ -7,6 +16,10 @@
 
   "server": "127.0.0.1",
   "server_port": 1080,
+  "server_ports": [
+    "2080:3000"
+  ],
+  "hop_interval": "",
   "up_mbps": 100,
   "down_mbps": 100,
   "obfs": {
@@ -22,6 +35,10 @@
 }
 ```
 
+!!! note ""
+
+    当内容只有一项时，可以忽略 JSON 数组 [] 标签
+
 !!! warning "与官方 Hysteria2 的区别"
 
     官方程序支持一种名为 **userpass** 的验证方式，
@@ -42,6 +59,24 @@
 
 服务器端口。
 
+如果设置了 `server_ports`，则忽略此项。
+
+#### server_ports
+
+!!! question "自 sing-box 1.11.0 起"
+
+服务器端口范围列表。
+
+与 `server_port` 冲突。
+
+#### hop_interval
+
+!!! question "自 sing-box 1.11.0 起"
+
+端口跳跃间隔。
+
+默认使用 `30s`。
+
 #### up_mbps, down_mbps
 
 最大带宽。

go.mod

@@ -29,7 +29,7 @@ require (
 	github.com/sagernet/sing v0.6.0-beta.9
 	github.com/sagernet/sing-dns v0.4.0-beta.1
 	github.com/sagernet/sing-mux v0.3.0-alpha.1
-	github.com/sagernet/sing-quic v0.4.0-alpha.4
+	github.com/sagernet/sing-quic v0.4.0-beta.3
 	github.com/sagernet/sing-shadowsocks v0.2.7
 	github.com/sagernet/sing-shadowsocks2 v0.2.0
 	github.com/sagernet/sing-shadowtls v0.2.0-alpha.2

go.sum

@@ -125,8 +125,8 @@ github.com/sagernet/sing-dns v0.4.0-beta.1 h1:W1XkdhigwxDOMgMDVB+9kdomCpb7ExsZfB
 github.com/sagernet/sing-dns v0.4.0-beta.1/go.mod h1:8wuFcoFkWM4vJuQyg8e97LyvDwe0/Vl7G839WLcKDs8=
 github.com/sagernet/sing-mux v0.3.0-alpha.1 h1:IgNX5bJBpL41gGbp05pdDOvh/b5eUQ6cv9240+Ngipg=
 github.com/sagernet/sing-mux v0.3.0-alpha.1/go.mod h1:FTcImmdfW38Lz7b+HQ+mxxOth1lz4ao8uEnz+MwIJQE=
-github.com/sagernet/sing-quic v0.4.0-alpha.4 h1:P9xAx3nIfcqb9M8jfgs0uLm+VxCcaY++FCqaBfHY3dQ=
-github.com/sagernet/sing-quic v0.4.0-alpha.4/go.mod h1:h5RkKTmUhudJKzK7c87FPXD5w1bJjVyxMN9+opZcctA=
+github.com/sagernet/sing-quic v0.4.0-beta.3 h1:cOBjlhVdRZmBm6hIw1GleERpnTSFdBB2htgx5kQ5uqg=
+github.com/sagernet/sing-quic v0.4.0-beta.3/go.mod h1:1UNObFodd8CnS3aCT53x9cigjPSCl3P//8dfBMCwBDM=
 github.com/sagernet/sing-shadowsocks v0.2.7 h1:zaopR1tbHEw5Nk6FAkM05wCslV6ahVegEZaKMv9ipx8=
 github.com/sagernet/sing-shadowsocks v0.2.7/go.mod h1:0rIKJZBR65Qi0zwdKezt4s57y/Tl1ofkaq6NlkzVuyE=
 github.com/sagernet/sing-shadowsocks2 v0.2.0 h1:wpZNs6wKnR7mh1wV9OHwOyUr21VkS3wKFHi+8XwgADg=

option/hysteria2.go

@@ -111,11 +111,13 @@ type Hysteria2MasqueradeString struct {
 type Hysteria2OutboundOptions struct {
 	DialerOptions
 	ServerOptions
-	UpMbps   int            `json:"up_mbps,omitempty"`
-	DownMbps int            `json:"down_mbps,omitempty"`
-	Obfs     *Hysteria2Obfs `json:"obfs,omitempty"`
-	Password string         `json:"password,omitempty"`
-	Network  NetworkList    `json:"network,omitempty"`
+	ServerPorts badoption.Listable[string] `json:"server_ports,omitempty"`
+	HopInterval badoption.Duration         `json:"hop_interval,omitempty"`
+	UpMbps      int                        `json:"up_mbps,omitempty"`
+	DownMbps    int                        `json:"down_mbps,omitempty"`
+	Obfs        *Hysteria2Obfs             `json:"obfs,omitempty"`
+	Password    string                     `json:"password,omitempty"`
+	Network     NetworkList                `json:"network,omitempty"`
 	OutboundTLSOptionsContainer
 	BrutalDebug bool `json:"brutal_debug,omitempty"`
 }

protocol/hysteria2/outbound.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net"
 	"os"
+	"time"
 
 	"github.com/sagernet/sing-box/adapter"
 	"github.com/sagernet/sing-box/adapter/outbound"
@@ -70,6 +71,8 @@ func NewOutbound(ctx context.Context, router adapter.Router, logger log.ContextL
 		Logger:             logger,
 		BrutalDebug:        options.BrutalDebug,
 		ServerAddress:      options.ServerOptions.Build(),
+		ServerPorts:        options.ServerPorts,
+		HopInterval:        time.Duration(options.HopInterval),
 		SendBPS:            uint64(options.UpMbps * hysteria.MbpsToBps),
 		ReceiveBPS:         uint64(options.DownMbps * hysteria.MbpsToBps),
 		SalamanderPassword: salamanderPassword,