feat(core): server RequestHook support

2025-07-28 15:58:33 +00:00 · 2024-06-15 14:15:56 -07:00
parent 4c2a905892
commit feacb1f85e
13 changed files with 416 additions and 19 deletions
--- a/core/server/config.go
+++ b/core/server/config.go
@@ -8,6 +8,7 @@ import (

 	"github.com/apernet/hysteria/core/v2/errors"
 	"github.com/apernet/hysteria/core/v2/internal/pmtud"
+	"github.com/apernet/quic-go"
 )

 const (
@@ -22,6 +23,7 @@ type Config struct {
 	TLSConfig             TLSConfig
 	QUICConfig            QUICConfig
 	Conn                  net.PacketConn
+	RequestHook           RequestHook
 	Outbound              Outbound
 	BandwidthConfig       BandwidthConfig
 	IgnoreClientBandwidth bool
@@ -110,6 +112,17 @@ type QUICConfig struct {
 	DisablePathMTUDiscovery        bool // The server may still override this to true on unsupported platforms.
 }

+// RequestHook allows filtering and modifying requests before the server connects to the remote.
+// The returned byte slice, if not empty, will be sent to the remote before proxying - this is
+// mainly for "putting back" the content read from the client for sniffing, etc.
+// Return a non-nil error to abort the connection.
+// Note that due to the current architectural limitations, it can only inspect the first packet
+// of a UDP connection. It also cannot put back any data as the first packet is always sent as-is.
+type RequestHook interface {
+	TCP(stream quic.Stream, reqAddr *string) ([]byte, error)
+	UDP(data []byte, reqAddr *string) error
+}
+
 // Outbound provides the implementation of how the server should connect to remote servers.
 // Although UDP includes a reqAddr, the implementation does not necessarily have to use it
 // to make a "connected" UDP connection that does not accept packets from other addresses.