fix: ipv{4,6}-only listen on wildcard address

fix: #797 when listening on a wildcard address like "0.0.0.0" or "[::]", hysteria actually listened on both IPv4 and IPv6. this is a well-known bug of the golang net package. this commit introduces a fix for that, the intended behavior will be: 0.0.0.0:443 => listen on IPv4 only [::]:443 => listen on IPv6 only :443 => listen on both IPv4 and IPv6
2025-08-19 15:51:45 +00:00 · 2023-11-26 16:09:01 +08:00
parent f48a5edd39
commit e70838cd98
4 changed files with 108 additions and 8 deletions
--- a/extras/masq/server.go
+++ b/extras/masq/server.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"crypto/tls"
 	"fmt"
+	"github.com/apernet/hysteria/extras/correctnet"
 	"net"
 	"net/http"
 )
@@ -20,7 +21,7 @@ type MasqTCPServer struct {
 }

 func (s *MasqTCPServer) ListenAndServeHTTP(addr string) error {
-	return http.ListenAndServe(addr, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return correctnet.HTTPListenAndServe(addr, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if s.ForceHTTPS {
 			if s.HTTPSPort == 0 || s.HTTPSPort == 443 {
 				// Omit port if it's the default
@@ -42,7 +43,12 @@ func (s *MasqTCPServer) ListenAndServeHTTPS(addr string) error {
 		}),
 		TLSConfig: s.TLSConfig,
 	}
-	return server.ListenAndServeTLS("", "")
+	listener, err := correctnet.Listen("tcp", addr)
+	if err != nil {
+		return err
+	}
+	defer listener.Close()
+	return server.ServeTLS(listener, "", "")
 }

 var _ http.ResponseWriter = (*altSvcHijackResponseWriter)(nil)